Skip to content

[copilot-finds] Bug: Activity input JSON.parse error bypasses activityFailed logging #169

New issue
New issue
Open
#181
Open
[copilot-finds] Bug: Activity input JSON.parse error bypasses activityFailed logging#169
#181
Labels
copilot-findsFindings from daily automated code review agent
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 13, 2026

Problem

In packages/durabletask-js/src/worker/activity-executor.ts, the JSON.parse() call that deserializes activity input (previously line 35) is positioned outside the try-catch block (lines 38-58). When encodedInput contains malformed JSON:

  1. A SyntaxError is thrown before the try-catch
  2. The activityFailed structured log (EventId 605) is never emitted
  3. The error propagates to _executeActivityInternal() in task-hub-grpc-worker.ts where it is caught — no worker crash occurs
  4. However, the error lacks activity context (name, orchestrationId) and skips the proper failure logging path

This is inconsistent with output serialization (JSON.stringify on line 47) which is inside the try-catch and correctly triggers the activityFailed log on failure.

Root Cause

The JSON.parse(encodedInput) and ActivityContext construction were placed before the try-catch block rather than inside it. This appears to be an oversight — there is no reason for input deserialization to bypass the error handling path that all other activity execution failures use.

Proposed Fix

Move the JSON.parse() call inside the existing try-catch block. This ensures:

  • activityFailed log (EventId 605) is properly emitted for malformed input
  • The error is wrapped with activity context (name, orchestrationId) before re-throw
  • All activity execution failures go through the same error handling path
  • Input deserialization errors are handled symmetrically with output serialization errors

Impact

Severity: Medium — No worker crash (the higher-level catch prevents that), but:

  • Observability gap: Malformed activity input failures are invisible to structured logging consumers that rely on EventId 605
  • Debugging difficulty: Without the activity name and orchestrationId in the error path, diagnosing input deserialization failures in production requires correlating raw stack traces
  • Affected scenarios: Any case where the sidecar delivers corrupted or incorrectly encoded activity input data

Metadata

Metadata

Assignees

No one assigned

    Labels

    copilot-findsFindings from daily automated code review agent

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions