feat: add safe RPC decoding/parsing in handleDeeplink and DeeplinkProtocolService

[devin-ai-integration]

Summary

Adds defensive error handling around base64 decoding and JSON parsing of RPC messages in the SDK deeplink flow. Previously, malformed rpc parameters (invalid base64 or invalid JSON) would throw unhandled exceptions. Now:

1. safeDecodeRpc helper (new, in handleDeeplink.ts): Wraps Buffer.from(rpc, 'base64') and JSON.parse(decoded) in separate try-catch blocks with descriptive error messages. Used in the new-connection branch.

2. Existing-connection branch (channelExists): JSON.parse(clearRPC) is now wrapped in a local try-catch that calls Logger.error and returns early on malformed JSON.

3. DeeplinkProtocolService.ts: JSON.parse(decodedOriginatorInfo) at line 439 is now guarded with a try-catch, logging the error and returning early.

4. New test cases in handleDeeplink.test.ts:

   • Invalid base64 input → error is caught, handleConnectionMessage is not called
   • Valid base64 but invalid JSON → error is caught, handleConnectionMessage is not called
   • Malformed JSON in decrypted RPC on existing connection → Logger.error is called with descriptive message, early return

Review & Testing Checklist for Human

• Verify the safeDecodeRpc helper correctly throws descriptive errors for both base64 decode failures and JSON parse failures
• Verify the existing-connection branch try-catch around JSON.parse(clearRPC) logs via Logger.error and returns early without calling handleConnectionMessage
• Verify the DeeplinkProtocolService.ts guard around JSON.parse(decodedOriginatorInfo) logs and returns early
• Run the test suite: yarn test:unit -- app/core/SDKConnect/handlers/handleDeeplink.test.ts
• Test with an actual malformed deeplink on a device/simulator to confirm the error is caught gracefully

Notes

• yarn install fails locally due to a missing GitHub archive (react-native-tcp), so tests could not be run in this session. CI should validate the tests.
• The outer try-catch in handleDeeplink (line 224) catches errors thrown by safeDecodeRpc in the new-connection branch, so those are logged via Logger.error with 'Failed to connect to channel'.

Link to Devin session: https://app.devin.ai/sessions/ccd663a8dc23460eaa8a6e02b2bd69d5
Requested by: @abhay-codeium

---

[staging-devin-ai-integration]

Devin Review

Status	Commit
⚪ Not started	—

💡 Connect your GitHub account to enable automatic code reviews.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 5 additional findings.