fix(guardrails): handle stdin EPIPE in PII python spawns

Attach an 'error' listener to the child's stdin in both runPythonScript (the
batch masking hot path) and executePythonPIIDetection. A 256KB chunk can exceed
the OS pipe buffer, so if the Python process exits mid-read (OOM/kill) the EPIPE
emitted on stdin was unhandled and would crash the Node process. Funnel it into
the promise rejection so the fail-safe scrub path handles it gracefully.

Author: TheodoreSpeaks

apps/sim/lib/guardrails/validate_pii.ts

@@ -150,6 +150,14 @@ function runPythonScript<T>(payload: Record<string, unknown>): Promise<T> {
       reject(new Error('PII processing timeout'))
     }, DEFAULT_TIMEOUT)
 
+    // stdin errors (e.g. EPIPE when the child exits before draining the payload —
+    // chunks can exceed the OS pipe buffer) emit on stdin, not the process. Without
+    // a listener Node throws an unhandled 'error' and crashes; funnel it into the
+    // promise so the caller's fail-safe scrub path handles it.
+    python.stdin.on('error', (error: Error) => {
+      clearTimeout(timeout)
+      reject(new Error(`PII script stdin error: ${error.message}`))
+    })
     python.stdin.write(JSON.stringify(payload))
     python.stdin.end()
     python.stdout.on('data', (data) => {
@@ -226,6 +234,12 @@ async function executePythonPIIDetection(
       mode,
       language,
     })
+    // See runPythonScript: stdin errors (EPIPE on early child exit) must be
+    // caught here or Node throws an unhandled 'error' and crashes the process.
+    python.stdin.on('error', (error: Error) => {
+      clearTimeout(timeout)
+      reject(new Error(`Failed to write to Python: ${error.message}`))
+    })
     python.stdin.write(inputData)
     python.stdin.end()