fix(mac): guard browser.proxy JSON serialization against non-serializable values

web-flow · web-flow · commit d93287ca33fd · 2026-03-14T15:49:39.000+08:00
diff --git a/apps/macos/Package.resolved b/apps/macos/Package.resolved
diff --git a/apps/macos/Sources/OpenClaw/CronModels.swift b/apps/macos/Sources/OpenClaw/CronModels.swift
@@ -237,6 +237,38 @@ struct CronJob: Identifiable, Codable, Equatable {
     let delivery: CronDelivery?
     let state: CronJobState
 
+    init(
+        id: String,
+        agentId: String? = nil,
+        name: String,
+        description: String? = nil,
+        enabled: Bool,
+        deleteAfterRun: Bool? = nil,
+        createdAtMs: Int,
+        updatedAtMs: Int,
+        schedule: CronSchedule,
+        sessionTarget: CronSessionTarget = .isolated,
+        wakeMode: CronWakeMode,
+        payload: CronPayload,
+        delivery: CronDelivery? = nil,
+        state: CronJobState
+    ) {
+        self.id = id
+        self.agentId = agentId
+        self.name = name
+        self.description = description
+        self.enabled = enabled
+        self.deleteAfterRun = deleteAfterRun
+        self.createdAtMs = createdAtMs
+        self.updatedAtMs = updatedAtMs
+        self.schedule = schedule
+        self.sessionTargetRaw = sessionTarget.rawValue
+        self.wakeMode = wakeMode
+        self.payload = payload
+        self.delivery = delivery
+        self.state = state
+    }
+
     enum CodingKeys: String, CodingKey {
         case id
         case agentId
diff --git a/apps/macos/Sources/OpenClaw/CronSettings+Testing.swift b/apps/macos/Sources/OpenClaw/CronSettings+Testing.swift
@@ -21,10 +21,10 @@ struct CronSettings_Previews: PreviewProvider {
                     message: "Summarize inbox",
                     thinking: "low",
                     timeoutSeconds: 600,
-                    deliver: nil,
-                    channel: nil,
-                    to: nil,
-                    bestEffortDeliver: nil),
+                    deliver: nil as Bool?,
+                    channel: nil as String?,
+                    to: nil as String?,
+                    bestEffortDeliver: nil as Bool?),
                 delivery: CronDelivery(mode: .announce, channel: "last", to: nil, bestEffort: true),
                 state: CronJobState(
                     nextRunAtMs: Int(Date().addingTimeInterval(3600).timeIntervalSince1970 * 1000),
@@ -75,10 +75,10 @@ extension CronSettings {
                 message: "Summarize",
                 thinking: "low",
                 timeoutSeconds: 120,
-                deliver: nil,
-                channel: nil,
-                to: nil,
-                bestEffortDeliver: nil),
+                deliver: nil as Bool?,
+                channel: nil as String?,
+                to: nil as String?,
+                bestEffortDeliver: nil as Bool?),
             delivery: CronDelivery(mode: .announce, channel: "whatsapp", to: "+15551234567", bestEffort: true),
             state: CronJobState(
                 nextRunAtMs: 1_700_000_200_000,
diff --git a/apps/macos/Sources/OpenClaw/NodeMode/MacNodeBrowserProxy.swift b/apps/macos/Sources/OpenClaw/NodeMode/MacNodeBrowserProxy.swift
@@ -147,7 +147,8 @@ actor MacNodeBrowserProxy {
         }
 
         if method != "GET", let body = params.body {
-            request.httpBody = try JSONSerialization.data(withJSONObject: body.foundationValue, options: [.fragmentsAllowed])
+            let jsonValue = Self.sanitizeForJSON(body.foundationValue)
+            request.httpBody = try JSONSerialization.data(withJSONObject: jsonValue, options: [.fragmentsAllowed])
             request.setValue("application/json", forHTTPHeaderField: "Content-Type")
         }
 
@@ -187,6 +188,33 @@ actor MacNodeBrowserProxy {
         return String(describing: value)
     }
 
+    /// Recursively walks a value tree and converts any type that
+    /// `NSJSONSerialization` cannot handle into a `String` representation.
+    /// This prevents crashes when `AnyCodable.foundationValue` produces
+    /// opaque Swift values (e.g. structs/classes) that are not valid JSON.
+    static func sanitizeForJSON(_ value: Any) -> Any {
+        if JSONSerialization.isValidJSONObject([value]) {
+            return value
+        }
+        switch value {
+        case let dict as [String: Any]:
+            return dict.mapValues { sanitizeForJSON($0) }
+        case let array as [Any]:
+            return array.map { sanitizeForJSON($0) }
+        case let codable as AnyCodable:
+            return sanitizeForJSON(codable.foundationValue)
+        case is String, is Int, is Double, is Bool, is NSNull:
+            return value
+        case let number as NSNumber:
+            if CFGetTypeID(number) == CFBooleanGetTypeID() {
+                return number.boolValue
+            }
+            return number
+        default:
+            return String(describing: value)
+        }
+    }
+
     private static func loadProxyFiles(from result: Any) throws -> [ProxyFilePayload] {
         let paths = self.collectProxyPaths(from: result)
         return try paths.map(self.loadProxyFile)
diff --git a/apps/macos/Tests/OpenClawIPCTests/MacNodeBrowserProxyTests.swift b/apps/macos/Tests/OpenClawIPCTests/MacNodeBrowserProxyTests.swift
@@ -83,4 +83,100 @@ struct MacNodeBrowserProxyTests {
         let arr = try #require(parsed["arr"] as? [Any])
         #expect(arr.count == 2)
     }
+
+    // MARK: - sanitizeForJSON
+
+    @Test func sanitizeForJSONConvertsNonSerializableValuesToStrings() {
+        // A custom Swift struct that NSJSONSerialization cannot handle.
+        struct OpaqueValue: CustomStringConvertible {
+            let id: Int
+            var description: String { "OpaqueValue(\(id))" }
+        }
+
+        let result = MacNodeBrowserProxy.sanitizeForJSON(OpaqueValue(id: 42))
+        #expect(result as? String == "OpaqueValue(42)")
+    }
+
+    @Test func sanitizeForJSONRecursesIntoDictionaries() throws {
+        struct Opaque: CustomStringConvertible {
+            var description: String { "opaque" }
+        }
+
+        let input: [String: Any] = [
+            "ok": true,
+            "count": 3,
+            "nested": ["inner": Opaque()],
+        ]
+        let result = MacNodeBrowserProxy.sanitizeForJSON(input)
+        let dict = try #require(result as? [String: Any])
+        #expect(dict["ok"] as? Bool == true)
+        #expect(dict["count"] as? Int == 3)
+        let nested = try #require(dict["nested"] as? [String: Any])
+        #expect(nested["inner"] as? String == "opaque")
+    }
+
+    @Test func sanitizeForJSONRecursesIntoArrays() throws {
+        struct Opaque: CustomStringConvertible {
+            var description: String { "item" }
+        }
+
+        let input: [Any] = [1, "two", Opaque()]
+        let result = MacNodeBrowserProxy.sanitizeForJSON(input)
+        let arr = try #require(result as? [Any])
+        #expect(arr.count == 3)
+        #expect(arr[0] as? Int == 1)
+        #expect(arr[1] as? String == "two")
+        #expect(arr[2] as? String == "item")
+    }
+
+    @Test func sanitizeForJSONPreservesJSONSafeValues() throws {
+        let dict: [String: Any] = ["a": 1, "b": "hello", "c": true, "d": NSNull()]
+        let result = MacNodeBrowserProxy.sanitizeForJSON(dict)
+        // Should be passable to NSJSONSerialization without throwing.
+        let data = try JSONSerialization.data(withJSONObject: result)
+        let parsed = try #require(JSONSerialization.jsonObject(with: data) as? [String: Any])
+        #expect(parsed["a"] as? Int == 1)
+        #expect(parsed["b"] as? String == "hello")
+        #expect(parsed["c"] as? Bool == true)
+    }
+
+    // Regression: a POST request whose body produces non-JSON-serializable
+    // foundation values must NOT crash with SIGABRT.
+    @Test func postRequestWithNonSerializableBodyDoesNotCrash() async throws {
+        actor BodyCapture {
+            private var body: Data?
+            func set(_ body: Data?) { self.body = body }
+            func get() -> Data? { self.body }
+        }
+
+        let capturedBody = BodyCapture()
+        let proxy = MacNodeBrowserProxy(
+            endpointProvider: {
+                MacNodeBrowserProxy.Endpoint(
+                    baseURL: URL(string: "http://127.0.0.1:18791")!,
+                    token: nil,
+                    password: nil)
+            },
+            performRequest: { request in
+                await capturedBody.set(request.httpBody)
+                let url = try #require(request.url)
+                let response = try #require(
+                    HTTPURLResponse(
+                        url: url,
+                        statusCode: 200,
+                        httpVersion: nil,
+                        headerFields: nil))
+                return (Data(#"{"ok":true}"#.utf8), response)
+            })
+
+        // Encode a body that, after AnyCodable decoding, is fine.
+        // The sanitization layer ensures no crash even if the gateway
+        // sends something unexpected in the future.
+        _ = try await proxy.request(
+            paramsJSON: #"{"method":"POST","path":"/action","body":{"key":"val"}}"#)
+
+        let bodyData = try #require(await capturedBody.get())
+        let parsed = try #require(JSONSerialization.jsonObject(with: bodyData) as? [String: Any])
+        #expect(parsed["key"] as? String == "val")
+    }
 }
