[copilot-finds] Bug: Entity StateShim.setState() corrupts cache on serialization failure

Copilot · Copilot · commit 078c05d614bf · 2026-03-06T00:49:12.000Z
Fix cache corruption in entity-executor.ts StateShim.setState() where
cachedValue was set before JSON.stringify(), causing getState() to return
the invalid value instead of the last valid state when serialization fails
and entity code catches the error.

Changes:
- Move cachedValue assignment after serialization succeeds
- Invalidate cache in catch block so getState() re-parses last valid state
- Preserve original error cause with { cause: e }
- Add 3 unit tests for cache preservation, recovery, and error cause

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/packages/durabletask-js/src/worker/entity-executor.ts b/packages/durabletask-js/src/worker/entity-executor.ts
@@ -87,15 +87,19 @@ class StateShim implements TaskEntityState {
   }
 
   setState(state: unknown): void {
-    this.cachedValue = state;
     try {
       this.serializedValue =
         state != null ? JSON.stringify(state) : undefined;
 
+      this.cachedValue = state;
       this.cacheValid = true;
     } catch (e) {
+      // Invalidate cache so getState() re-parses from the last valid serializedValue
+      this.cacheValid = false;
+      this.cachedValue = undefined;
       throw new Error(
         `Entity state is not JSON-serializable: ${e instanceof Error ? e.message : String(e)}`,
+        { cause: e },
       );
     }
   }
diff --git a/packages/durabletask-js/test/entity-executor.spec.ts b/packages/durabletask-js/test/entity-executor.spec.ts
@@ -3,6 +3,8 @@
 
 import { TaskEntityShim } from "../src/worker/entity-executor";
 import { TaskEntity } from "../src/entities/task-entity";
+import { ITaskEntity } from "../src/entities/task-entity";
+import { TaskEntityOperation } from "../src/entities/task-entity-operation";
 import { EntityInstanceId } from "../src/entities/entity-instance-id";
 import * as pb from "../src/proto/orchestrator_service_pb";
 import { StringValue } from "google-protobuf/google/protobuf/wrappers_pb";
@@ -433,6 +435,121 @@ describe("TaskEntityShim", () => {
         "Entity state is not JSON-serializable",
       );
     });
+
+    it("should preserve previous valid state after failed setState", async () => {
+      // Entity that reads state via operation.state directly, attempts to set
+      // non-serializable state, catches the error, then reads state again.
+      // This tests that the StateShim cache is not corrupted by a failed setState.
+      class RecoveringEntity implements ITaskEntity {
+        run(operation: TaskEntityOperation): unknown {
+          // First read populates the cache (cacheValid = true)
+          const initialState = operation.state.getState<{ count: number }>();
+          const initialCount = initialState?.count;
+
+          try {
+            const circular: Record<string, unknown> = {};
+            circular.self = circular;
+            operation.state.setState(circular); // Should throw
+          } catch {
+            // After failed setState, getState should return the previous valid state
+          }
+
+          const recoveredState = operation.state.getState<{ count: number }>();
+          return { initialCount, recoveredCount: recoveredState?.count };
+        }
+      }
+
+      const entity = new RecoveringEntity();
+      const shim = new TaskEntityShim(entity, entityId);
+      const request = createBatchRequest(
+        entityId.toString(),
+        [{ name: "recover" }],
+        { count: 42 },
+      );
+
+      const result = await shim.executeAsync(request);
+
+      const opResult = result.getResultsList()[0];
+      expect(opResult.hasSuccess()).toBe(true);
+
+      const output = JSON.parse(opResult.getSuccess()!.getResult()!.getValue());
+      expect(output.initialCount).toBe(42);
+      // After failed setState, getState should return 42 (not the circular object)
+      expect(output.recoveredCount).toBe(42);
+    });
+
+    it("should allow valid setState after a failed setState", async () => {
+      // Entity that fails a setState call, then successfully sets valid state
+      class SetAfterFailEntity implements ITaskEntity {
+        run(operation: TaskEntityOperation): unknown {
+          // Read state to populate cache
+          operation.state.getState();
+
+          try {
+            const circular: Record<string, unknown> = {};
+            circular.self = circular;
+            operation.state.setState(circular);
+          } catch {
+            // Expected - now set valid state
+            operation.state.setState({ count: 99 });
+          }
+
+          return operation.state.getState<{ count: number }>()?.count;
+        }
+      }
+
+      const entity = new SetAfterFailEntity();
+      const shim = new TaskEntityShim(entity, entityId);
+      const request = createBatchRequest(
+        entityId.toString(),
+        [{ name: "setAfterFail" }],
+        { count: 10 },
+      );
+
+      const result = await shim.executeAsync(request);
+
+      const opResult = result.getResultsList()[0];
+      expect(opResult.hasSuccess()).toBe(true);
+      expect(JSON.parse(opResult.getSuccess()!.getResult()!.getValue())).toBe(99);
+
+      // Final state should be the recovered value
+      const finalState = result.getEntitystate()?.getValue();
+      expect(finalState).toBeDefined();
+      expect(JSON.parse(finalState!)).toEqual({ count: 99 });
+    });
+
+    it("should preserve error cause in setState error", async () => {
+      // Verify the error wrapping preserves the original cause
+      class CauseCheckEntity implements ITaskEntity {
+        caughtCause: unknown = undefined;
+
+        run(operation: TaskEntityOperation): unknown {
+          try {
+            const circular: Record<string, unknown> = {};
+            circular.self = circular;
+            operation.state.setState(circular);
+          } catch (e) {
+            this.caughtCause = e instanceof Error ? e.cause : undefined;
+            throw e; // Re-throw to record failure
+          }
+          return undefined;
+        }
+      }
+
+      const entity = new CauseCheckEntity();
+      const shim = new TaskEntityShim(entity, entityId);
+      const request = createBatchRequest(
+        entityId.toString(),
+        [{ name: "checkCause" }],
+        {},
+      );
+
+      await shim.executeAsync(request);
+
+      // The wrapped error should preserve the original TypeError cause
+      expect(entity.caughtCause).toBeDefined();
+      expect(entity.caughtCause).toBeInstanceOf(TypeError);
+    });
   });
 
   describe("invalid operation input", () => {

Original file line number	Diff line number	Diff line change
`@@ -87,15 +87,19 @@ class StateShim implements TaskEntityState {`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`setState(state: unknown): void {`
`90`		`- this.cachedValue = state;`
`91`	`90`	`try {`
`92`	`91`	`this.serializedValue =`
`93`	`92`	`state != null ? JSON.stringify(state) : undefined;`
`94`	`93`
	`94`	`+ this.cachedValue = state;`
`95`	`95`	`this.cacheValid = true;`
`96`	`96`	`} catch (e) {`
	`97`	`+ // Invalidate cache so getState() re-parses from the last valid serializedValue`
	`98`	`+ this.cacheValid = false;`
	`99`	`+ this.cachedValue = undefined;`
`97`	`100`	`throw new Error(`
`98`	`101`	`Entity state is not JSON-serializable: ${e instanceof Error ? e.message : String(e)}`,
	`102`	`+ { cause: e },`
`99`	`103`	`);`
`100`	`104`	`}`
`101`	`105`	`}`