fix: guard against empty/filtered LLM responses in core LLM paths

[qizwiz]

What

Adds null checks before accessing choices[0].message in four files:

• src/praisonai-agents/praisonaiagents/llm/openai_client.py — sync tool-call path, async tool-call path, responses-API path (3 locations)
• src/praisonai/praisonai/capabilities/guardrails.py — check() and aguard() result extraction (2 locations)
• src/praisonai/praisonai/capabilities/rag.py — query_rag() and aquery_rag() answer extraction (2 locations)
• src/praisonai-agents/praisonaiagents/agent/code_agent.py — generate/review/explain/refactor/fix methods (6 locations)

Why

The OpenAI SDK can return two silent failure modes that crash silently at these lines:

1. IndexError — choices is an empty list ([]) when the provider returns no completions
2. AttributeError — choices[0].message is None when content is filtered (e.g. Gemini returns HTTP 200 with PROHIBITED_CONTENT finish reason). Any or "" fallback never fires because the crash occurs on .content first.

Fix pattern

For raise-on-failure (agent methods):

if not response.choices or response.choices[0].message is None:
    raise ValueError("LLM returned empty or filtered response")

For return-empty (RAG queries):

answer = response.choices[0].message.content if response.choices and response.choices[0].message is not None else ""

Detected by pact static analysis.

Summary by CodeRabbit

• Bug Fixes
  • Enhanced validation of language model responses across agent processing, API operations, content safety, and information retrieval systems. Improved error handling for edge cases where responses may be empty or incomplete, ensuring graceful system behavior and stability.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e07a17bd-7db2-410b-af15-81a11543fd05

📥 Commits

Reviewing files that changed from the base of the PR and between 9264451 and 4e1c36c.

📒 Files selected for processing (4)

• src/praisonai-agents/praisonaiagents/agent/code_agent.py
• src/praisonai-agents/praisonaiagents/llm/openai_client.py
• src/praisonai/praisonai/capabilities/guardrails.py
• src/praisonai/praisonai/capabilities/rag.py

---

📝 Walkthrough

Walkthrough

This PR adds systematic validation of LLM responses across four core modules: CodeAgent, OpenAI client, Guardrails, and RAG. Each module now detects empty or filtered responses before accessing message content, either by raising ValueError or returning safe defaults.

Changes

LLM Response Validation Hardening

Layer / File(s)	Summary
CodeAgent LLM response validation src/praisonai-agents/praisonaiagents/agent/code_agent.py	Six agent methods (generate, agenerate, review, explain, refactor, fix) each add a guard clause to detect empty/filtered LLM responses and raise ValueError("LLM returned empty or filtered response") before accessing message content.
OpenAI client response validation src/praisonai-agents/praisonaiagents/llm/openai_client.py	Five code paths harden response validation: Responses API sync/async paths raise ValueError to trigger Chat Completions streaming fallback; tool execution sync/async/streaming paths raise ValueError immediately when final_response.choices or choices[0].message is missing.
Guardrails response validation src/praisonai/praisonai/capabilities/guardrails.py	Both apply_guardrail and aapply_guardrail validate LiteLLM responses before JSON parsing, raising ValueError when choices is missing/empty or first message is None, triggering exception handling to return a fail-safe GuardrailResult.
RAG answer extraction safety src/praisonai/praisonai/capabilities/rag.py	Both rag_query and arag_query now return an empty string when response.choices is empty or choices[0].message is None, replacing prior logic that only checked choices and assumed message was present.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• MervinPraison/PraisonAI#771: The validation guards in openai_client.py modify the same streaming and tool completion pathways (process_stream_response*, chat_completion_with_tools*) introduced in this PR.
• MervinPraison/PraisonAI#766: Related restructuring of OpenAI request/response handling in the llm/openai_client.py module where validation checks are now added.

Suggested labels

robustness, llm-integration, error-handling

Poem

🐰 Responses once slipped through unfilled,
Now guards stand watch where choices are nil,
Empty messages caught with care,
Safe defaults returned, crisis debunked—
Validation hops through code with flair! 🎯

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main objective of the PR: adding validation to guard against empty/filtered LLM responses across core LLM paths. It is concise, clear, and reflects the primary intent of the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[MervinPraison]

@copilot Do a thorough review of this PR. Read ALL existing reviewer comments above from Qodo, Coderabbit, and Gemini first — incorporate their findings.

Review areas:

1. Bloat check: Are changes minimal and focused? Any unnecessary code or scope creep?
2. Security: Any hardcoded secrets, unsafe eval/exec, missing input validation?
3. Performance: Any module-level heavy imports? Hot-path regressions?
4. Tests: Are tests included? Do they cover the changes adequately?
5. Backward compat: Any public API changes without deprecation?
6. Code quality: DRY violations, naming conventions, error handling?
7. Address reviewer feedback: If Qodo, Coderabbit, or Gemini flagged valid issues, include them in your review
8. Suggest specific improvements with code examples where possible

[gemini-code-assist]

Code Review

This pull request introduces robust error handling for LLM responses across several modules, including code generation, OpenAI client interactions, guardrails, and RAG queries. The changes primarily add checks to ensure that response.choices and response.choices[0].message are present before accessing their attributes, raising a ValueError if the response is empty or filtered. The review feedback correctly identifies that these checks should be further extended to verify that message.content is not None. This is critical to prevent TypeError during JSON parsing in the guardrails module and to ensure compliance with string return type hints in the agent and RAG modules.

[gemini-code-assist]

If response.choices[0].message.content is None, json.loads(result_text) will raise a TypeError. The guardrail check should ensure that the content is present before attempting to parse it as JSON.

Suggested change

	if not response.choices or response.choices[0].message is None:
	raise ValueError("LLM returned empty or filtered response")
	if not response.choices or response.choices[0].message is None or response.choices[0].message.content is None:
	raise ValueError("LLM returned empty or filtered response")

[gemini-code-assist]

If response.choices[0].message.content is None, json.loads(result_text) will raise a TypeError. The guardrail check should ensure that the content is present before attempting to parse it as JSON.

Suggested change

	if not response.choices or response.choices[0].message is None:
	raise ValueError("LLM returned empty or filtered response")
	if not response.choices or response.choices[0].message is None or response.choices[0].message.content is None:
	raise ValueError("LLM returned empty or filtered response")

[gemini-code-assist]

The check should also include a check for response.choices[0].message.content being None. If content is None, the subsequent line will assign None to code, which violates the str return type hint of the method and may cause issues downstream.

Suggested change

	if not response.choices or response.choices[0].message is None:
	raise ValueError("LLM returned empty or filtered response")
	if not response.choices or response.choices[0].message is None or response.choices[0].message.content is None:
	raise ValueError("LLM returned empty or filtered response")

[gemini-code-assist]

The check should also include a check for response.choices[0].message.content being None. If content is None, the subsequent line will assign None to code, which violates the str return type hint of the method and may cause issues downstream.

Suggested change

	if not response.choices or response.choices[0].message is None:
	raise ValueError("LLM returned empty or filtered response")
	if not response.choices or response.choices[0].message is None or response.choices[0].message.content is None:
	raise ValueError("LLM returned empty or filtered response")

[gemini-code-assist]

The check should also include a check for response.choices[0].message.content being None. If content is None, the subsequent line will assign None to review, which violates the str return type hint of the method and may cause issues downstream.

Suggested change

	if not response.choices or response.choices[0].message is None:
	raise ValueError("LLM returned empty or filtered response")
	if not response.choices or response.choices[0].message is None or response.choices[0].message.content is None:
	raise ValueError("LLM returned empty or filtered response")

[gemini-code-assist]

The check should also include a check for response.choices[0].message.content being None. If content is None, the subsequent line will assign None to explanation, which violates the str return type hint of the method and may cause issues downstream.

Suggested change

	if not response.choices or response.choices[0].message is None:
	raise ValueError("LLM returned empty or filtered response")
	if not response.choices or response.choices[0].message is None or response.choices[0].message.content is None:
	raise ValueError("LLM returned empty or filtered response")

[gemini-code-assist]

The check should also include a check for response.choices[0].message.content being None. If content is None, the subsequent line will assign None to refactored, which violates the str return type hint of the method and may cause issues downstream.

Suggested change

	if not response.choices or response.choices[0].message is None:
	raise ValueError("LLM returned empty or filtered response")
	if not response.choices or response.choices[0].message is None or response.choices[0].message.content is None:
	raise ValueError("LLM returned empty or filtered response")

[gemini-code-assist]

The check should also include a check for response.choices[0].message.content being None. If content is None, the subsequent line will assign None to fixed, which violates the str return type hint of the method and may cause issues downstream.

Suggested change

	if not response.choices or response.choices[0].message is None:
	raise ValueError("LLM returned empty or filtered response")
	if not response.choices or response.choices[0].message is None or response.choices[0].message.content is None:
	raise ValueError("LLM returned empty or filtered response")

[gemini-code-assist]

If response.choices[0].message.content is None, answer will be assigned None. Since RAGResult expects a string for the answer field, it's safer to default to an empty string.

Suggested change

	answer = response.choices[0].message.content if response.choices and response.choices[0].message is not None else ""
	answer = (response.choices[0].message.content if response.choices and response.choices[0].message is not None else "") or ""

[gemini-code-assist]

If response.choices[0].message.content is None, answer will be assigned None. Since RAGResult expects a string for the answer field, it's safer to default to an empty string.

Suggested change

	answer = response.choices[0].message.content if response.choices and response.choices[0].message is not None else ""
	answer = (response.choices[0].message.content if response.choices and response.choices[0].message is not None else "") or ""

[greptile-apps]

Greptile Summary

This PR adds null/empty guards before choices[0].message accesses across four files to prevent IndexError and AttributeError crashes when an LLM returns no completions or filtered content. The guards in code_agent.py and rag.py are correct, but two of the four files have guards that are defeated by enclosing exception handlers.

• code_agent.py (6 locations) and rag.py (2 locations): guards are placed correctly and behave as intended.
• openai_client.py (2 Responses API locations): guards raise ValueError inside try blocks whose except Exception handler swallows the error and falls back to Chat Completions, so the guard never reaches the caller.
• guardrails.py (2 locations): guards raise ValueError inside a try block whose except Exception handler converts every exception to GuardrailResult(passed=True), meaning filtered content silently passes the guardrail — the same outcome as before the fix.

Confidence Score: 3/5

Half of the new guards are defeated by existing exception handlers and do not protect the paths they target; merging as-is leaves guardrails and the Responses API path with the same exposure they had before.

The guards in code_agent.py and rag.py are straightforward and correct. However, in guardrails.py both new checks raise ValueError inside a try/except that converts any exception to a passing guardrail result — filtered content still passes unchanged, which is the wrong outcome for a safety component. In openai_client.py the two Responses-API guards raise ValueError inside a try/except that logs a warning and falls through to Chat Completions, so the caller never sees the error. Two of the four targeted files end up no safer than before.

openai_client.py (Responses API try/except blocks swallow the new ValueError) and guardrails.py (fail-safe except handler converts the new ValueError to a passing guardrail result).

Important Files Changed

Filename	Overview
src/praisonai-agents/praisonaiagents/llm/openai_client.py	Adds five guards for empty/filtered responses; two guards in Responses API paths are inside try/except blocks that swallow the ValueError and fall back to Chat Completions instead of raising to the caller — the guards do not protect these code paths as intended.
src/praisonai/praisonai/capabilities/guardrails.py	Adds empty-response guards in check() and aguard(); both guards raise ValueError inside a try block whose except handler converts any exception to GuardrailResult(passed=True), making the guard a semantic no-op — filtered content still passes the guardrail.
src/praisonai-agents/praisonaiagents/agent/code_agent.py	Adds six correct pre-access guards (generate, generate_tests, review, explain, refactor, fix); guards are not inside swallowing try/except blocks so ValueError propagates correctly.
src/praisonai/praisonai/capabilities/rag.py	Extends existing empty-choices guard to also check message is not None in rag_query() and arag_query(); clean fix that returns empty string on both failure modes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[LLM call returns response] --> B{choices empty or message is None?}
    B -- No --> C[Access choices0.message - OK]
    B -- Yes via code_agent.py --> D[raise ValueError - propagates to caller - CORRECT]
    B -- Yes via rag.py --> E[return empty string - CORRECT]
    B -- Yes via openai_client.py Responses API --> F[raise ValueError]
    F --> G[Caught by except Exception in Responses API try block]
    G --> H[Logs warning, falls back to Chat Completions - Error never reaches caller - BUG]
    B -- Yes via guardrails.py --> I[raise ValueError]
    I --> J[Caught by except Exception fail-safe handler]
    J --> K[Returns GuardrailResult passed=True - Filtered content silently passes - BUG]

Loading

_{Reviews (1): Last reviewed commit: "fix: guard against empty/filtered LLM re..." | Re-trigger Greptile}

[greptile-apps]

Guard silently swallowed by enclosing try/except

Both new guards in the Responses API path (sync at line 910 and async at line 1172) sit inside a try block whose except Exception as e: handler at line 935 (and 1202 async) catches all exceptions, logs a warning, and falls through to the Chat Completions path. When the LLM returns empty/filtered choices, raise ValueError(...) is immediately caught, the fallback kicks in, and the caller never sees the error — the exact opposite of the intended behavior.

The same handler was originally meant to recover from network/API failures in the Responses API, not from empty responses. The guard should either be placed after the try/except block (on final_response after it has been returned), or the except handler should re-raise on ValueError.

[greptile-apps]

Guard is a no-op — ValueError immediately caught and converted to "passed=True"

The new check raises ValueError inside the try block at line 77. The broad except Exception as e: at line 102 (and its async counterpart) catches it and returns GuardrailResult(passed=True, ...) — the "fail safe" path. When the LLM returns filtered or empty content, the guardrail silently passes the input through unchanged, which is the wrong behavior for a safety guard. The fix doesn't alter the observable outcome at all compared to the pre-existing IndexError/AttributeError being caught there. To actually block on empty/filtered responses, the check needs to return GuardrailResult(passed=False, violations=["LLM returned empty or filtered response"], ...) directly rather than relying on raise.

[MervinPraison]

@claude You are the FINAL architecture reviewer. If the branch is under MervinPraison/PraisonAI (not a fork), you are able to make modifications to this branch and push directly. SCOPE: Focus ONLY on Python packages (praisonaiagents, praisonai). Do NOT modify praisonai-rust or praisonai-ts. Read ALL comments above from Gemini, Qodo, CodeRabbit, and Copilot carefully before responding.

Phase 1: Review per AGENTS.md

1. Protocol-driven: check heavy implementations vs core SDK
2. Backward compatible: ensure zero feature regressions
3. Performance: no hot-path regressions

Phase 2: FIX Valid Issues
4. For any VALID bugs or architectural flaws found by Gemini, CodeRabbit, Qodo, Copilot, or any other reviewer: implement the fix
5. Push all code fixes directly to THIS branch (do NOT create a new PR)
6. Comment a summary of exact files modified and what you skipped

Phase 3: Final Verdict
7. If all issues are resolved, approve the PR / close the Issue
8. If blocking issues remain, request changes / leave clear action items

[praisonai-triage-agent]

Claude finished @MervinPraison's task —— View job

---

Architecture Review & Fix Implementation ✅

Todo List:

• Read AGENTS.md for architecture guidelines
• Review Phase 1: Protocol-driven, backward compatibility, performance
• Fix Phase 2: Address critical issues from Greptile and Gemini reviews
• Test Phase: Ensure no regressions
• Push fixes to branch
• Final Phase 3: Provide verdict

---

Phase 1: Architecture Review ✅

Protocol-driven: ✅ Changes are in implementation files, not core protocols
Backward compatible: ✅ No API changes, only defensive guards added
Performance: ✅ No hot-path regressions, guards are minimal checks

---

Phase 2: Critical Issues Fixed ✅

🔧 Architectural Flaws Fixed (Greptile P1)

Problem: Guards were defeated by exception handlers, making them no-ops

1. openai_client.py (lines 910,1172): Guards raised ValueError inside try blocks that caught all exceptions and fell back to Chat Completions

   • Fix: Modified exception handlers to re-raise ValueError for empty/filtered responses
   • Result: Guards now properly propagate to callers instead of falling back

2. guardrails.py (lines 90,166): Guards raised ValueError inside try blocks caught by fail-safe handler returning passed=True

   • Fix: Return GuardrailResult(passed=False) directly instead of raising
   • Result: Filtered content now properly fails the guardrail instead of passing through

🔧 Content Validation Enhanced (Gemini High/Medium Priority)

Problem: Missing checks for message.content is None causing TypeError/AttributeError

1. code_agent.py (6 locations): Added message.content is None checks to prevent TypeError and maintain str return type contract
2. rag.py (2 locations): Enhanced content extraction to handle None content gracefully, ensuring RAGResult always gets a string
3. openai_client.py (2 locations): Added content validation to prevent accessing None content
4. guardrails.py (2 locations): Added content validation to prevent JSON parsing errors on None

---

Phase 3: Final Verdict ✅

✅ APPROVED - All Critical Issues Resolved

Summary of Changes Made:

• 4 files modified with architectural improvements
• 2 critical architectural flaws fixed per Greptile review
• 8 content validation gaps closed per Gemini review
• 0 breaking changes - fully backward compatible
• Syntax verified - all files compile without errors
• Fix tested - custom test confirms correct behavior

What Was Fixed:

1. Guards in openai_client.py now properly raise errors instead of falling back
2. Guards in guardrails.py now properly block filtered content instead of passing it
3. All 8 locations now handle message.content is None gracefully
4. RAG queries return empty strings instead of crashing on filtered responses
5. Code agent methods maintain their str return type contracts

Architecture Compliance:

• ✅ Follows protocol-driven design (no core protocol changes)
• ✅ Maintains backward compatibility (no API changes)
• ✅ No performance regressions (minimal guard overhead)
• ✅ Proper error handling with clear failure modes

The PR is now architecturally sound and ready for merge.

---