Component: finbot/agents/chat.py → VendorChatAssistant._call_get_vendor_details (line 660)
Root cause:
# chat.py line 660-661
async def _call_get_vendor_details(self, vendor_id: int) -> str:
result = await get_vendor_details(vendor_id, self.session_context)vendor_id is forwarded directly to get_vendor_details with no None check.
When the LLM passes null for the field, vendor_id=None reaches the DB layer.
The DB driver raises TypeError (or a SQLAlchemy error), which propagates uncaught
out of the agent method — no error JSON is returned.
Steps to reproduce:
- Mock
get_vendor_details to raise TypeError when called with None.
- Call
agent._call_get_vendor_details(vendor_id=None).
Expected: {"error": "vendor_id is required"} — clean error JSON
Actual: TypeError propagates uncaught
How to execute:
pytest tests/unit/agents/test_chat_assistant.py::TestBoundaryAndTypeValues::test_chat_boundary_014_get_vendor_details_vendor_id_none_propagates -v
Proposed fix:
async def _call_get_vendor_details(self, vendor_id: int) -> str:
if vendor_id is None:
return json.dumps({"error": "vendor_id is required"})
result = await get_vendor_details(vendor_id, self.session_context)
...Impact: A vendor-facing chat session that triggers this path receives a 500-class
error instead of a structured message. The same pattern (no None guard before the DB
call) likely applies to _call_get_invoice_details, _call_get_vendor_invoices,
_call_get_vendor_payment_summary, and _call_get_vendor_contact_info — all of which
forward their vendor_id or invoice_id parameter directly.
Acceptance criteria:
test_chat_boundary_014_get_vendor_details_vendor_id_none_propagates updated to assert error JSON_call_get_vendor_details returns {"error": ...} when vendor_id is None- Audit
_call_get_invoice_details, _call_get_vendor_invoices, _call_get_vendor_payment_summary, _call_get_vendor_contact_info for the same gap
Component: finbot/agents/chat.py → VendorChatAssistant._call_get_vendor_details (line 660)
Root cause:
vendor_idis forwarded directly toget_vendor_detailswith no None check.When the LLM passes
nullfor the field,vendor_id=Nonereaches the DB layer.The DB driver raises
TypeError(or a SQLAlchemy error), which propagates uncaughtout of the agent method — no error JSON is returned.
Steps to reproduce:
get_vendor_detailsto raiseTypeErrorwhen called withNone.agent._call_get_vendor_details(vendor_id=None).Expected:
{"error": "vendor_id is required"}— clean error JSONActual:
TypeErrorpropagates uncaughtHow to execute:
Proposed fix:
Impact: A vendor-facing chat session that triggers this path receives a 500-class
error instead of a structured message. The same pattern (no None guard before the DB
call) likely applies to
_call_get_invoice_details,_call_get_vendor_invoices,_call_get_vendor_payment_summary, and_call_get_vendor_contact_info— all of whichforward their
vendor_idorinvoice_idparameter directly.Acceptance criteria:
test_chat_boundary_014_get_vendor_details_vendor_id_none_propagatesupdated to assert error JSON_call_get_vendor_detailsreturns{"error": ...}whenvendor_id is None_call_get_invoice_details,_call_get_vendor_invoices,_call_get_vendor_payment_summary,_call_get_vendor_contact_infofor the same gap