fix(plugins): wrap malformed node proxy payloads

2026-05-18 19:14:44 +00:00 · 2026-05-14 17:40:38 +08:00
parent 6b3998aa40
commit c70adb8528
5 changed files with 84 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,6 +33,7 @@ Docs: https://docs.openclaw.ai
 - ClickClack: skip malformed realtime websocket frames instead of stopping the channel monitor on a single bad JSON event.
 - Browser tool: treat malformed node proxy `payloadJSON` responses as browser proxy failures instead of leaking raw JSON parser errors.
 - Gateway HTTP: match models, session kill, and session history route paths without trusting malformed Host headers, avoiding pre-auth 500s on those endpoints.
+- Google Meet/Codex: report malformed node proxy `payloadJSON` responses with plugin-owned errors instead of leaking raw JSON parser failures.
 - Models config/auth: stop inferring provider env-var markers from broad `^[A-Z_][A-Z0-9_]*$` strings, and resolve config-backed provider `apiKey` values only through structured env SecretRefs (`secrets.providers[id]` / `secrets.defaults`), so unrelated env vars cannot accidentally become provider credentials. Thanks @sallyom.
 - Media fetch: skip allocating and buffering the response body for bodyless media responses (HEAD probes and 204-style empty bodies), avoiding wasted heap on streams that carry no payload. Thanks @shakkernerd.
 - CLI/onboarding: forward provider-specific auth flags (e.g. `--openai-api-key`) through the onboarding wizard so they reach provider auth methods via `ctx.opts`, letting `--openai-api-key "$OPENAI_API_KEY"` skip the redundant "use existing env var?" prompt in non-interactive harnesses. (#81669) Thanks @sjf.
--- a/extensions/codex/src/node-cli-sessions.test.ts
+++ b/extensions/codex/src/node-cli-sessions.test.ts
@@ -2,10 +2,12 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import process from "node:process";
-import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import type { PluginRuntime } from "openclaw/plugin-sdk/plugin-runtime";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import {
  CODEX_CLI_SESSIONS_LIST_COMMAND,
  createCodexCliSessionNodeHostCommands,
+  listCodexCliSessionsOnNode,
  resolveCodexCliResumeSpawnInvocation,
 } from "./node-cli-sessions.js";

@@ -148,4 +150,31 @@ describe("codex cli node sessions", () => {
      windowsHide: true,
    });
  });
+
+  it("reports malformed node session payloadJSON with an owned error", async () => {
+    const runtime = {
+      nodes: {
+        list: vi.fn(async () => ({
+          nodes: [
+            {
+              nodeId: "node-1",
+              connected: true,
+              commands: [CODEX_CLI_SESSIONS_LIST_COMMAND],
+            },
+          ],
+        })),
+        invoke: vi.fn(async () => ({
+          ok: true,
+          payloadJSON: "{not json",
+        })),
+      },
+    } as unknown as PluginRuntime;
+
+    await expect(
+      listCodexCliSessionsOnNode({
+        runtime,
+        requestedNode: "node-1",
+      }),
+    ).rejects.toThrow("Codex CLI node command returned malformed payloadJSON.");
+  });
 });
--- a/extensions/codex/src/node-cli-sessions.ts
+++ b/extensions/codex/src/node-cli-sessions.ts
@@ -624,7 +624,13 @@ function parseCodexCliSessionsListResult(raw: unknown): CodexCliSessionsListResu
 function unwrapNodeInvokePayload(raw: unknown): unknown {
  const record = isRecord(raw) ? raw : {};
  if (typeof record.payloadJSON === "string" && record.payloadJSON.trim()) {
-    return JSON.parse(record.payloadJSON) as unknown;
+    try {
+      return JSON.parse(record.payloadJSON) as unknown;
+    } catch (error) {
+      throw new Error("Codex CLI node command returned malformed payloadJSON.", {
+        cause: error,
+      });
+    }
  }
  if ("payload" in record) {
    return record.payload;
--- a/extensions/google-meet/src/transports/chrome-browser-proxy.test.ts
+++ b/extensions/google-meet/src/transports/chrome-browser-proxy.test.ts
@@ -0,0 +1,39 @@
+import type { PluginRuntime } from "openclaw/plugin-sdk/plugin-runtime";
+import { describe, expect, it, vi } from "vitest";
+import { callBrowserProxyOnNode } from "./chrome-browser-proxy.js";
+
+describe("Google Meet Chrome browser proxy", () => {
+  it("reports malformed node proxy payloadJSON with an owned error", async () => {
+    const invoke = vi.fn(async () => ({
+      ok: true,
+      payloadJSON: "{not json",
+    }));
+    const runtime = {
+      nodes: {
+        invoke,
+      },
+    } as unknown as PluginRuntime;
+
+    await expect(
+      callBrowserProxyOnNode({
+        runtime,
+        nodeId: "node-1",
+        method: "GET",
+        path: "/tabs",
+        timeoutMs: 100,
+      }),
+    ).rejects.toThrow("Google Meet browser proxy returned malformed payloadJSON.");
+
+    expect(invoke).toHaveBeenCalledWith({
+      nodeId: "node-1",
+      command: "browser.proxy",
+      params: {
+        method: "GET",
+        path: "/tabs",
+        body: undefined,
+        timeoutMs: 100,
+      },
+      timeoutMs: 5_100,
+    });
+  });
+});
--- a/extensions/google-meet/src/transports/chrome-browser-proxy.ts
+++ b/extensions/google-meet/src/transports/chrome-browser-proxy.ts
@@ -148,7 +148,13 @@ export async function resolveChromeNode(params: {
 function unwrapNodeInvokePayload(raw: unknown): unknown {
  const record = raw && typeof raw === "object" ? (raw as Record<string, unknown>) : {};
  if (typeof record.payloadJSON === "string" && record.payloadJSON.trim()) {
-    return JSON.parse(record.payloadJSON);
+    try {
+      return JSON.parse(record.payloadJSON);
+    } catch (error) {
+      throw new Error("Google Meet browser proxy returned malformed payloadJSON.", {
+        cause: error,
+      });
+    }
  }
  if ("payload" in record) {
    return record.payload;