Problem
waitForExternalEvent() and sendEvent() in RuntimeOrchestrationContext do not validate that event names are non-empty. This is inconsistent with raiseOrchestrationEvent() in the client, which properly validates:
// client.ts line 407-409 — validates correctly
if (!eventName) {
throw new Error("raiseOrchestrationEvent: 'eventName' is required and cannot be empty.");
}Calling waitForExternalEvent("") creates a CompletableTask stored in _pendingEvents[""]. However, when the matching EventRaised event arrives, handleEventRaised uses a truthy check (if (eventName)) that treats empty string as falsy:
// orchestration-executor.ts line 415-417
if (eventName) { // "" is falsy — lookup is skipped
taskList = ctx._pendingEvents[eventName];
}The pending task is never looked up, so the orchestration hangs forever.
Similarly, sendEvent("", ...) accepts an empty event name without error but produces an action that cannot be matched by the receiving orchestration.
Affected files:
packages/durabletask-js/src/worker/runtime-orchestration-context.ts — waitForExternalEvent() (line 362) and sendEvent() (line 441)
Root Cause
Missing input validation in orchestration context methods. The client-side raiseOrchestrationEvent() already has this validation, but the orchestration context counterparts were not guarded.
Proposed Fix
Add input validation to waitForExternalEvent() and sendEvent() to throw on empty event names (and empty instanceId for sendEvent), consistent with the client-side validation pattern.
Impact
Severity: Medium — passing an empty event name creates an orchestration that silently hangs forever with no error.
Affected scenarios: Any orchestration that accidentally passes an empty string to waitForExternalEvent() or sendEvent() would hang indefinitely instead of receiving a clear error message.
Problem
waitForExternalEvent()andsendEvent()inRuntimeOrchestrationContextdo not validate that event names are non-empty. This is inconsistent withraiseOrchestrationEvent()in the client, which properly validates:Calling
waitForExternalEvent("")creates aCompletableTaskstored in_pendingEvents[""]. However, when the matchingEventRaisedevent arrives,handleEventRaiseduses a truthy check (if (eventName)) that treats empty string as falsy:The pending task is never looked up, so the orchestration hangs forever.
Similarly,
sendEvent("", ...)accepts an empty event name without error but produces an action that cannot be matched by the receiving orchestration.Affected files:
packages/durabletask-js/src/worker/runtime-orchestration-context.ts—waitForExternalEvent()(line 362) andsendEvent()(line 441)Root Cause
Missing input validation in orchestration context methods. The client-side
raiseOrchestrationEvent()already has this validation, but the orchestration context counterparts were not guarded.Proposed Fix
Add input validation to
waitForExternalEvent()andsendEvent()to throw on empty event names (and empty instanceId forsendEvent), consistent with the client-side validation pattern.Impact
Severity: Medium — passing an empty event name creates an orchestration that silently hangs forever with no error.
Affected scenarios: Any orchestration that accidentally passes an empty string to
waitForExternalEvent()orsendEvent()would hang indefinitely instead of receiving a clear error message.