docs: validate message shape on Ask AI route (400, not 500)

ouiliame · claude · ouiliame · commit 55c6b0ef452d · 2026-06-22T16:33:29.000-07:00
A message that's a valid JSON array element but missing parts/role would throw
in userInputChars and surface as a 500. Reject malformed messages with a 400.

Co-Authored-By: Claude Opus 4.8 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/apps/docs/app/api/chat/route.ts b/apps/docs/app/api/chat/route.ts
@@ -49,6 +49,16 @@ const MAX_STEPS = 6
 /** Backstop on the whole serialized payload — blocks stuffing assistant/tool parts past the user-text cap. */
 const MAX_TOTAL_CHARS = 1_000_000
 
+/** A structurally valid UI message: has a role and a parts array. */
+function isValidMessage(message: unknown): message is UIMessage {
+  return (
+    typeof message === 'object' &&
+    message !== null &&
+    typeof (message as { role?: unknown }).role === 'string' &&
+    Array.isArray((message as { parts?: unknown }).parts)
+  )
+}
+
 /** Total length of user-authored text across the conversation. */
 function userInputChars(messages: UIMessage[]): number {
   let total = 0
@@ -148,6 +158,9 @@ export async function POST(req: Request) {
   if (!Array.isArray(messages) || messages.length === 0 || messages.length > MAX_MESSAGES) {
     return new Response('Invalid request', { status: 400 })
   }
+  if (!messages.every(isValidMessage)) {
+    return new Response('Invalid request', { status: 400 })
+  }
   if (userInputChars(messages) > MAX_USER_INPUT_CHARS) {
     return new Response('Request too large', { status: 413 })
   }
