Skip to content

Add null check for Z.ai API response choices#7

Merged
tarmojussila merged 1 commit intomainfrom
bugfix/zai-api-response-null-check
Feb 22, 2026
Merged

Add null check for Z.ai API response choices#7
tarmojussila merged 1 commit intomainfrom
bugfix/zai-api-response-null-check

Conversation

@tarmojussila
Copy link
Owner

@tarmojussila tarmojussila commented Feb 22, 2026

Prevents crash when API returns empty or malformed choices array.

@tarmojussila @claude
Add null check for Z.ai API response choices
6e0fe54 
Prevents crash when API returns empty or malformed choices array.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions
Copy link

github-actions bot commented Feb 22, 2026

Z.ai Code Review

Here is the review of the changes:

1. Security: Potential Data Leak in Error Messages

Severity: Medium
Including the raw data variable in the error rejection (...: ${data}) poses a security risk. Many AI APIs include the user's prompt in the response object (or echo inputs). If this error is logged to an external logging service or console, it may leak sensitive user data or API keys contained in the request/response history.

Recommendation:
Sanitize the data or exclude it from the error message. If the data is needed for debugging, ensure logs are stripped of PII, or limit the log length.

reject(new Error('Z.ai API returned an empty or unexpected response structure'));

2. Logic: Distinguishing "Empty" from "Malformed"

Severity: Low
The current logic treats a missing structure (e.g., parsed.choices is undefined) and an empty content string ("") identically.
If the API returns valid JSON but lacks the expected choices array (e.g., a different API schema or a proxy error returning a 200 OK with a generic JSON body), the error message "returned an empty response" is misleading.

Recommendation:
Add a check to ensure the structure exists before accessing content, providing a more specific error message for malformed data.

if (!parsed.choices || !parsed.choices.length) {
  reject(new Error('Z.ai API response missing choices array'));
}
const content = parsed.choices[0].message?.content;
// ... proceed to check if content is empty string

3. Behavior: Strict Empty String Handling

Severity: Info
The check if (!content) will reject the promise if the API successfully returns a 200 OK but the content is an empty string "".
While unlikely, some models may return an empty string as a valid refusal or stop sequence. Ensure the downstream application handles a rejection gracefully in this specific edge case.

4. Robustness: JSON Parsing Safety

Severity: Minor
While JSON.parse(data) is inside a Promise executor (where thrown errors are automatically caught/rejected), relying on this implicit behavior can make debugging difficult if the API returns invalid JSON (e.g., a 5xx HTML page treated as 200).

Recommendation:
Explicitly wrap the parsing in a try/catch block to throw a more descriptive error (e.g., "Invalid JSON response from Z.ai") rather than a generic SyntaxError.

@tarmojussila tarmojussila merged commit c0a6f1c into main Feb 22, 2026
1 check passed
@tarmojussila tarmojussila deleted the bugfix/zai-api-response-null-check branch February 22, 2026 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tarmojussila