Skip to content

fix: validate deserialized API messages at boundary to prevent crashes #10956

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
roomote wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

fix: validate deserialized API messages at boundary to prevent crashes #10956

roomote wants to merge 1 commit into from

Conversation

@roomote
Copy link
Contributor

@roomote roomote bot commented Jan 25, 2026
edited by ellipsis-dev bot
Loading

Fixes the "Cannot read properties of undefined (reading 'filter')" error reported in Reddit.

Root Cause Analysis

The error occurred in filterNonAnthropicBlocks() when it tried to call .filter() on message.content that was undefined, null, or not an array.

However, the type system guarantees content is string | ContentBlock[], so receiving undefined means we have a type safety violation at the deserialization boundary.

The Real Problem

In readApiMessages(), we deserialize JSON with zero validation:

const parsedData = JSON.parse(fileContent)
return parsedData  // No validation - assumes data is valid

This allows corrupted or legacy data from disk to bypass TypeScript's type safety, creating messages with undefined content that violate the Anthropic.MessageParam contract.

Evidence this is a known issue:

Solution

Add validation at the deserialization boundary in readApiMessages() to sanitize data before it enters the type system:

Changes Made

  1. Added validateApiMessage() function that:

    • Validates message structure (must be object with valid role)
    • Fixes undefined/null/non-array content by converting to empty array
    • Filters out invalid content blocks (missing type field)
    • Logs warnings about corrupted data for debugging

  2. Updated readApiMessages() to validate each deserialized message

  3. Added 12 comprehensive tests covering:

    • Undefined/null content
    • Non-array, non-string content
    • Invalid roles
    • Malformed messages (non-objects)
    • Invalid content blocks
    • Legacy format compatibility

Testing

All 12 new tests pass, ensuring the validation properly handles:

  • ✅ Valid messages (pass through unchanged)
  • ✅ Undefined content (fixed to empty array)
  • ✅ Null content (fixed to empty array)
  • ✅ Invalid content types (fixed to empty array)
  • ✅ Invalid roles (filtered out)
  • ✅ Malformed messages (filtered out)
  • ✅ Invalid content blocks (filtered out)
  • ✅ Metadata preservation (ts, isSummary, etc.)

Impact

This fix prevents crashes when loading historical tasks with corrupted data, while maintaining backward compatibility with valid historical data. Users will no longer encounter the "Cannot read properties of undefined" error when using Anthropic models.

Related

View task on Roo Code Cloud

Important

Adds validation to deserialized API messages in readApiMessages() to prevent crashes from malformed data.

  • Behavior:
    • Adds validateApiMessage() in apiMessages.ts to validate deserialized messages, fixing undefined/null/non-array content and filtering invalid messages.
    • Updates readApiMessages() to use validateApiMessage() for each message, ensuring only valid messages are processed.
  • Testing:
    • Adds 12 tests in apiMessages.spec.ts to cover various cases including undefined/null content, invalid roles, malformed messages, and metadata preservation.
  • Misc:
    • Logs warnings and errors for invalid messages and parsing issues in apiMessages.ts.

This description was created by Ellipsis for bbdcab3. You can customize this summary. It will automatically update as commits are pushed.

@roomote
fix: validate deserialized API messages to prevent undefined content …
bbdcab3 
…errors

Root cause: JSON.parse() in readApiMessages() deserializes data with zero validation,
allowing corrupted or legacy data to violate type contracts (e.g., undefined content).

This causes downstream crashes in functions like filterNonAnthropicBlocks() that assume
message.content is always string | ContentBlock[] per the type system, but receive
undefined/null values from corrupted historical data.

Solution:
- Add validateApiMessage() to sanitize deserialized messages at the boundary
- Fix undefined/null/non-array content by converting to empty array
- Filter out malformed messages with invalid roles or non-object structure
- Filter out invalid content blocks missing the required type field
- Add comprehensive test coverage (12 tests covering all edge cases)

Fixes: https://www.reddit.com/r/RooCode/s/yUXVFMYu3P
Related to closed PR #10954 (which treated symptom, not cause)
@roomote
Copy link
Contributor Author

roomote bot commented Jan 25, 2026
edited
Loading

Rooviewer Clock   See task on Roo Cloud

Review completed. No issues found.

This PR correctly fixes the root cause of the "Cannot read properties of undefined (reading 'filter')" crash by adding validation at the deserialization boundary in readApiMessages(). The implementation:

  • Validates message structure and role
  • Fixes undefined/null/invalid content by converting to empty array
  • Filters invalid content blocks missing the required type field
  • Has comprehensive test coverage (12 tests covering all edge cases)

Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrubens mrubens Awaiting requested review from mrubens mrubens will be requested when the pull request is marked ready for review mrubens is a code owner

@cte cte Awaiting requested review from cte cte will be requested when the pull request is marked ready for review cte is a code owner

@jr jr Awaiting requested review from jr jr will be requested when the pull request is marked ready for review jr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Roo Code Roadmap
Status: Triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@roomote