[copilot-finds] Bug: Entity getState() produces unhelpful SyntaxError for corrupted state

[github-actions]

Problem

StateShim.getState() in packages/durabletask-js/src/worker/entity-executor.ts (line 82) calls JSON.parse(this.serializedValue) without error handling. When entity state from the sidecar is corrupted (e.g., data corruption, encoding issues, version mismatch), this produces a raw SyntaxError like:

SyntaxError: Unexpected token n in JSON at position 0

This is inconsistent with setState() (line 90-104 in the same file), which properly wraps JSON.stringify errors with a descriptive message:

Error: Entity state is not JSON-serializable: Converting circular structure to JSON

Root Cause

The serializedValue stored in StateShim can come from two sources:

1. setState() — always valid JSON since JSON.stringify produced it
2. setSerializedState() — raw string from the protobuf EntityBatchRequest, which could theoretically be corrupted

Path 2 passes the raw string from the sidecar directly into serializedValue without validation. When getState() attempts to parse this corrupted data, the JSON.parse error propagates as a raw SyntaxError without any context about what went wrong or why.

Proposed Fix

Add a try-catch to getState() that wraps JSON.parse errors with context and preserves the cause, matching the pattern used in setState():

try {
  this.cachedValue = this.serializedValue !== undefined ? JSON.parse(this.serializedValue) : undefined;
} catch (e) {
  throw new Error(
    `Entity state contains invalid JSON: ${e instanceof Error ? e.message : String(e)}`,
    { cause: e },
  );
}

Impact

• Severity: Low-Medium — the error IS caught by executeOperation()'s outer try-catch, so entity processing doesn't crash. However, the error message is unhelpful for diagnosing state corruption issues.
• Affected scenarios: Entity operations when the sidecar sends corrupted/malformed state data (data corruption, encoding mismatches, incompatible state schema changes).