Hardening an Express API: URL Validation, Error Handling, and Tests in One Session

I'm building repo-skill-advisor, a precision skill recommendation engine for GitHub repositories. Today I hardened the HTTP layer by closing three security and reliability gaps. The Problem The Express server accepted arbitrary URLs with no validation. Any string -- SSRF payloads, non-GitHub URLs, or empty strings -- was passed directly to the scanning engine. Error handling was inline with raw error messages leaking to clients. What I Built 1. URL Validation Mid