fix: parse Joy Trust API response correctly

[tlkc888-Jenkins]

Summary

Fixes the Joy Trust integration to correctly parse the API response.

Problem

The /agents/discover endpoint returns:

{"agents": [{"name": "...", "trust_score": 2.3, ...}], "count": 1}

But the code was reading from the top level:

trust_score = data.get("trust_score", 0.0)  # Always returns 0.0

Solution

• Extract agent from the agents array
• Find matching agent by name (case-insensitive)
• Read trust_score from agent object
• Use query param instead of name param
• Pass API key via header, not query param
• Return more useful fields (agent_id, badges, capabilities, etc.)

Test

from praisonai_tools import check_trust_score
result = check_trust_score("Jenkins")
print(result["trust_score"])  # Now returns 2.3, not 0.0

Fixes #17

Summary by CodeRabbit

• Bug Fixes

  • Agent lookup now finds exact, case-insensitive name matches and returns a clear "Agent '' not found" when none match.
  • Error responses are more consistent and return predictable default values on failures.

• New Features

  • Trust results now include agent_id (null when unavailable), threshold_used, vouch_count, capabilities, tier, and badges.
  • Legacy top-level reputation fields removed in favor of an agent-centric result structure.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Updated JoyTrustTool.check_trust to query agents/discover with query param and x-api-key header, extract a case-insensitive exact-match agent from data["agents"], return a revised payload schema (adds agent_id, threshold_used, vouch_count, capabilities, tier, badges), and simplify error handling to immediate fail-closed responses.

Changes

Cohort / File(s)

Summary

Joy Trust API Integration praisonai_tools/tools/joy_trust_tool.py

Reworked check_trust: use module-level time for cache TTL, request GET /agents/discover?query=... with optional x-api-key header, parse data["agents"] and select case-insensitive exact name match (return explicit "agent not found" error if missing), change returned payload shape (remove legacy reputation/recommendations; add agent_id, threshold_used, vouch_count, capabilities, tier, badges), default trust_score via agent.get(... ) or 0.0, and replace prior fallback/error flow with immediate fail-closed error dicts for exceptions.

Sequence Diagram(s)

sequenceDiagram
  participant Caller
  participant JoyTrustTool
  participant JoyTrustAPI

  Caller->>JoyTrustTool: check_trust(agent_name, api_key?)
  JoyTrustTool->>JoyTrustAPI: GET /agents/discover?query=<agent_name>\nHeader: x-api-key (optional)
  JoyTrustAPI-->>JoyTrustTool: 200 OK { "agents": [ ... ] }
  JoyTrustTool->>JoyTrustTool: locate agent by case-insensitive exact name
  alt agent found
    JoyTrustTool-->>Caller: success payload (agent_id, trust_score, verified, badges, tier, ...)
  else not found
    JoyTrustTool-->>Caller: error payload ("Agent '<name>' not found", meets_threshold: false, agent_id: null)
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐇 I hopped through headers, noses twitching fine,
Found trust in agents, matched name to sign.
Badges and tiers in a tidy row,
Defaults set safe, errors fail low—
Hooray, the network's trust does shine. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main fix: parsing Joy Trust API response correctly, which directly addresses the core issue.
Linked Issues check	✅ Passed	The pull request successfully addresses all coding requirements from issue #17: extracts agents from the array, performs case-insensitive exact name matching, returns structured error responses with correct defaults, and extracts all required agent fields. Security requirements to prevent fallback and enforce exact-name matching are also met.
Out of Scope Changes check	✅ Passed	All changes focus on fixing the Joy Trust API response parsing issue. Module import updates and error handling improvements directly support the core objective; no unrelated changes are present.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR fixes the core bug in the Joy Trust integration where check_trust was reading trust_score from the top-level API response instead of from within the agents array. It also moves the API key to the x-api-key header, adopts the query param name, handles agents: null safely, adds exact-match agent lookup, and converts all error paths to fail-closed behaviour (meets_threshold: False).

The previous security concerns flagged in review (silent fallback to the wrong agent, null trust_score crash, agents: null bypass, and the misleading fallback_used: True recommendation text) are all addressed by this PR.

Remaining items to address:

• TrustConfig.fallback_on_error (and its PRAISONAI_TRUST_FALLBACK env var) is still declared and loaded but is never consulted — all error paths now hardcode meets_threshold: False, silently ignoring any operator configuration that relied on this field.
• The trust_verified_handoff decorator retains a min_score=3.0 default while every other entrypoint was updated to 1.5, creating an inconsistent API surface.
• The internal _cached_at timestamp is included in the user-facing return dict from successful calls but absent from all error-path returns, making the response schema inconsistent.

Confidence Score: 3/5

Core bug and all previously flagged security issues are resolved; one P1 config-semantics issue and two P2 inconsistencies remain before merge.

The primary parsing bug is correctly fixed and all prior security concerns (wrong-agent fallback, null score crash, agents:null bypass, misleading recommendation) are addressed. However, fallback_on_error / PRAISONAI_TRUST_FALLBACK is a documented env var that is now silently ignored — a real concern for operators who use it to allow handoffs in offline environments. The decorator threshold inconsistency (3.0 vs 1.5 everywhere else) is a P2 but worth aligning before shipping the API change.

praisonai_tools/tools/joy_trust_tool.py — dead fallback_on_error config field and inconsistent decorator default threshold.

Important Files Changed

Filename	Overview
praisonai_tools/tools/joy_trust_tool.py	Core bug fix is correct — agent extraction, null-safety, fail-closed errors, and API key via header are all properly addressed; however, fallback_on_error config is now dead (silently ignores PRAISONAI_TRUST_FALLBACK env var), the trust_verified_handoff decorator retains an inconsistent min_score=3.0 default, and _cached_at leaks into public return values.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant JoyTrustTool
    participant Cache
    participant JoyAPI as JoyConnectAPI

    Caller->>JoyTrustTool: check_trust(agent_name, min_score)
    JoyTrustTool->>Cache: lookup cache_key
    alt Cache hit (fresh)
        Cache-->>JoyTrustTool: cached result
        JoyTrustTool-->>Caller: cached result
    else Cache miss or stale
        JoyTrustTool->>JoyAPI: GET /agents/discover?query=agent_name with x-api-key header
        alt HTTP success
            JoyAPI-->>JoyTrustTool: agents array response
            JoyTrustTool->>JoyTrustTool: Extract agents list (null-safe)
            JoyTrustTool->>JoyTrustTool: Exact case-insensitive name match
            alt Agent found and score valid
                JoyTrustTool->>Cache: store result
                JoyTrustTool-->>Caller: trust_score and meets_threshold
            else Agent not found
                JoyTrustTool-->>Caller: meets_threshold=False, error=not found
            else Score invalid
                JoyTrustTool-->>Caller: meets_threshold=False, fallback_used=False
            end
        else Network or HTTP error
            JoyAPI-->>JoyTrustTool: error
            JoyTrustTool-->>Caller: meets_threshold=False, fallback_used=False
        end
    end

Loading

_{Reviews (9): Last reviewed commit: "fix: Change default min_score from 3.0 t..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

praisonai_tools/tools/joy_trust_tool.py (1)

127-134: ⚠️ Potential issue | 🔴 Critical

NameError: time is used before it's imported.

The cache check at line 127 calls time.time(), but time is imported inside the try block at line 133. When a cached result exists, this will raise NameError: name 'time' is not defined.

Move import time to the top of the file with other standard library imports.

🐛 Proposed fix

Add time to the imports at the top of the file:

 import os
 import logging
+import time
 from typing import Any, Dict, Optional, Union, Callable, List

Then remove time from the late import:

         try:
             import httpx
-            import time
         except ImportError:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@praisonai_tools/tools/joy_trust_tool.py` around lines 127 - 134, The code
calls time.time() in the cache check (see cached_result and
self.config.cache_duration) before time is imported, causing a NameError; move
the standard-library import of time up with the other top-of-file imports and
remove time from the late import inside the try/except that currently imports
httpx so that the try block only imports third-party modules (e.g., httpx).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@praisonai_tools/tools/joy_trust_tool.py`:
- Around line 192-205: The response schema is inconsistent between the success
`result` dict and the error/"not found" branches; normalize all paths so they
return the same keys to avoid KeyError. Update the success `result` (the dict
created in the successful lookup) and every error/not-found response to include
the union of fields: agent_name, agent_id, trust_score, verified,
meets_threshold, threshold_used, vouch_count, capabilities, tier, badges,
reputation, recommendations, error, and _cached_at (use sensible defaults: 0 or
empty list/dict/False/None as appropriate and time.time() for _cached_at when
applicable). Make sure the same key names are used in the `result` dict and in
the error payloads returned by the functions that build those responses so
callers can rely on a stable schema.

---

Outside diff comments:
In `@praisonai_tools/tools/joy_trust_tool.py`:
- Around line 127-134: The code calls time.time() in the cache check (see
cached_result and self.config.cache_duration) before time is imported, causing a
NameError; move the standard-library import of time up with the other
top-of-file imports and remove time from the late import inside the try/except
that currently imports httpx so that the try block only imports third-party
modules (e.g., httpx).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 08282f09-b432-4aaa-b752-f1d3b24b1d16

📥 Commits

Reviewing files that changed from the base of the PR and between 1275ca4 and feb0804.

📒 Files selected for processing (1)

• praisonai_tools/tools/joy_trust_tool.py

[gemini-code-assist]

Code Review

This pull request updates the check_trust method in joy_trust_tool.py to accommodate changes in the Joy Trust Network API. Key updates include switching to header-based authentication, searching for agents within a returned list using case-insensitive matching, and updating the result dictionary with new fields such as agent_id and vouch_count. Review feedback recommends ensuring the error response structure matches the success response for consistency and suggests using a more idiomatic generator expression to locate the target agent.

[gemini-code-assist]

The structure of the dictionary returned here when an agent is not found is inconsistent with the structure of the successful response. This response includes legacy fields reputation and recommendations, while the successful response (lines 192-205) includes new fields like agent_id, vouch_count, and capabilities. To ensure consumers of this function receive a consistent data structure, this error response should be updated to match the new format, using default values for the fields.

Suggested change

	return {
	"agent_name": agent_name,
	"trust_score": 0.0,
	"verified": False,
	"meets_threshold": False,
	"threshold_used": min_threshold,
	"reputation": {},
	"recommendations": 0,
	"error": f"Agent '{agent_name}' not found on Joy Trust Network"
	}
	return {
	"agent_name": agent_name,
	"agent_id": None,
	"trust_score": 0.0,
	"verified": False,
	"meets_threshold": False,
	"threshold_used": min_threshold,
	"vouch_count": 0,
	"capabilities": [],
	"tier": "unknown",
	"badges": [],
	"error": f"Agent '{agent_name}' not found on Joy Trust Network"
	}

[gemini-code-assist]

For better readability and conciseness, you can use a generator expression with next() to find the first matching agent. This is a more idiomatic Python approach.

Suggested change

	# Find matching agent by name (case-insensitive)
	agent = None
	for a in agents:
	if a.get("name", "").lower() == agent_name.lower():
	agent = a
	break
	# Find matching agent by name (case-insensitive)
	agent = next((a for a in agents if a.get("name", "").lower() == agent_name.lower()), None)

[tlkc888-Jenkins]

Addressed Greptile's security concern:

Removed fallback-to-first-result logic - now only exact name matches are accepted.

The previous code could return a different agent's trust score if no exact match was found, which is a security risk in a trust-gating context.

[greptile-apps]

Tip:

Greploop — Automatically fix all review issues by running /greploops in Claude Code. It iterates: fix, push, re-review, repeat until 5/5 confidence.

Use the Greptile plugin for Claude Code to query reviews, search comments, and manage custom context directly from your terminal.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@praisonai_tools/tools/joy_trust_tool.py`:
- Around line 249-264: The except block that catches broad exceptions should
fail closed: replace the current use of self.config.fallback_on_error for the
returned fields "meets_threshold" and "fallback_used" with hardcoded False, and
change logger.error(...) to logger.exception(...) to emit the full stack trace;
locate the handler in joy_trust_tool.py around the return that builds the dict
containing "agent_name", "trust_score", "meets_threshold", "fallback_used",
"threshold_used" and update those two fields to False while leaving other return
values (agent_id, trust_score, vouch_count, capabilities, tier, badges, error,
threshold_used) unchanged.
- Around line 195-203: The code reads agent.get("trust_score", 0.0) and uses it
directly in the comparison for "meets_threshold" which can fail for strings or
nulls; update the logic around trust_score (the local variable and the dict keys
"trust_score" and "meets_threshold") to coerce and validate the value: attempt
to convert agent.get("trust_score") to float in a try/except (falling back to
0.0 or a sentinel like None), set a boolean or include an "invalid_trust_score"
flag in the result if conversion fails or value is None, and then compute
"meets_threshold" using the validated float against min_threshold so malformed
payloads are handled explicitly rather than raising during comparison.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d3d0635c-c918-479c-b4f1-57e1e1938f54

📥 Commits

Reviewing files that changed from the base of the PR and between 6cac759 and 1ea7ca0.

📒 Files selected for processing (1)

• praisonai_tools/tools/joy_trust_tool.py

[coderabbitai]

♻️ Duplicate comments (1)

praisonai_tools/tools/joy_trust_tool.py (1)

217-264: ⚠️ Potential issue | 🔴 Critical

Fail closed on request/API/unexpected errors in trust-gating path.

Line 224, Line 240, and Line 256 currently allow "meets_threshold" to become True from config fallback; that value feeds handoff_safe (Line 280). Error paths should not mark unsafe handoffs as safe.

Suggested fix

         except httpx.RequestError as e:
             logger.error(f"Joy Trust request error: {e}")
             return {
@@
-                "meets_threshold": self.config.fallback_on_error,
+                "meets_threshold": False,
@@
-                "fallback_used": self.config.fallback_on_error
+                "fallback_used": False
             }
         except httpx.HTTPStatusError as e:
             logger.error(f"Joy Trust API error: {e.response.status_code}")
             return {
@@
-                "meets_threshold": self.config.fallback_on_error,
+                "meets_threshold": False,
@@
-                "fallback_used": self.config.fallback_on_error
+                "fallback_used": False
             }
         except Exception as e:
-            logger.error(f"Joy Trust unexpected error: {e}")
+            logger.exception("Joy Trust unexpected error")
             return {
@@
-                "meets_threshold": self.config.fallback_on_error,
+                "meets_threshold": False,
@@
-                "fallback_used": self.config.fallback_on_error
+                "fallback_used": False
             }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@praisonai_tools/tools/joy_trust_tool.py` around lines 217 - 264, The
exception handlers in joy_trust_tool.py currently set "meets_threshold" to
self.config.fallback_on_error which can incorrectly mark unsafe handoffs as safe
on errors; update each except block (the httpx.RequestError,
httpx.HTTPStatusError, and generic Exception handlers) to always set
"meets_threshold": False and "fallback_used": True (or leave fallback_used as-is
if already true), while preserving the other returned fields (agent_name,
trust_score, error text, threshold_used, etc.), so that errors never result in a
true meets_threshold value used by handoff_safe.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@praisonai_tools/tools/joy_trust_tool.py`:
- Around line 217-264: The exception handlers in joy_trust_tool.py currently set
"meets_threshold" to self.config.fallback_on_error which can incorrectly mark
unsafe handoffs as safe on errors; update each except block (the
httpx.RequestError, httpx.HTTPStatusError, and generic Exception handlers) to
always set "meets_threshold": False and "fallback_used": True (or leave
fallback_used as-is if already true), while preserving the other returned fields
(agent_name, trust_score, error text, threshold_used, etc.), so that errors
never result in a true meets_threshold value used by handoff_safe.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 69b81220-b59f-4ea3-9acb-4dff7e80043a

📥 Commits

Reviewing files that changed from the base of the PR and between 1ea7ca0 and 979b3e2.

📒 Files selected for processing (1)

• praisonai_tools/tools/joy_trust_tool.py

[tlkc888-Jenkins]

Thanks for the thorough reviews! The security catches were excellent:

Null-safety fixes (from review feedback):

• agents = data.get("agents") or [] - handles {"agents": null}
• trust_score = agent.get("trust_score") or 0.0 - handles {"trust_score": null}

Fail-closed security (critical fix):

• All error handlers now set meets_threshold: False instead of using fallback_on_error config
• In trust-gating context, errors should deny handoffs, not silently allow them

All feedback addressed and pushed. Ready for merge!

[tlkc888-Jenkins]

Also thanks to @coderabbitai for catching the import time issue and the idiomatic Python suggestions!

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@tlkc888-Jenkins: Happy to help! 😊 The import time duplication and the null-safety patterns (or [], or 0.0) were great catches to get right — especially in a security-sensitive trust-gating context where subtle bugs can have real consequences. The PR looks solid now. Good luck with the merge!

[tlkc888-Jenkins]

Thanks @coderabbitai! Appreciate the quick reviews. Security-first approach for trust verification is critical - glad we caught those edge cases before merge. 🙏

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@tlkc888-Jenkins: You're very welcome! 🎉 Security-first is absolutely the right mindset for trust verification — the fail-closed approach and exact-name matching make this a much safer implementation. Best of luck with the merge! 🚀

[coderabbitai]

♻️ Duplicate comments (1)

praisonai_tools/tools/joy_trust_tool.py (1)

175-203: ⚠️ Potential issue | 🟠 Major

Normalize payload fields before matching and thresholding.

Line 177 still blows up on {"name": null} because dict.get("name", "") returns None when the key exists, and Lines 196-203 still compare raw trust_score against a float. A payload like {"trust_score": "2.3"} will raise here and fall into the generic error path instead of returning a structured fail-closed result.

Proposed fix

-                agent = next((a for a in agents if a.get("name", "").lower() == agent_name.lower()), None)
+                normalized_name = agent_name.lower()
+                agent = next(
+                    (
+                        a
+                        for a in agents
+                        if (a.get("name") or "").lower() == normalized_name
+                    ),
+                    None,
+                )
@@
-                trust_score = agent.get("trust_score") or 0.0
+                raw_trust_score = agent.get("trust_score")
+                try:
+                    trust_score = 0.0 if raw_trust_score in (None, "") else float(raw_trust_score)
+                except (TypeError, ValueError):
+                    return {
+                        "agent_name": agent.get("name", agent_name),
+                        "agent_id": agent.get("id"),
+                        "trust_score": 0.0,
+                        "verified": False,
+                        "meets_threshold": False,
+                        "threshold_used": min_threshold,
+                        "vouch_count": 0,
+                        "capabilities": [],
+                        "tier": None,
+                        "badges": [],
+                        "error": f"Invalid trust_score for agent '{agent_name}': {raw_trust_score!r}",
+                        "fallback_used": False,
+                    }

#!/bin/bash
set -euo pipefail

echo "1) Show the current parsing logic in joy_trust_tool.py:"
rg -n 'a\.get\("name", ""\)\.lower\(\)|trust_score = agent\.get\("trust_score"\) or 0\.0|"meets_threshold": trust_score >=' praisonai_tools/tools/joy_trust_tool.py -C2

echo
echo "2) Demonstrate the two Python failure modes:"
python - <<'PY'
agent = {"name": None, "trust_score": "2.3"}

checks = {
    "null_name_lower": lambda: agent.get("name", "").lower(),
    "string_score_threshold": lambda: (agent.get("trust_score") or 0.0) >= 3.0,
}

for label, fn in checks.items():
    try:
        print(label, "=>", fn())
    except Exception as exc:
        print(label, "=>", type(exc).__name__, str(exc))
PY

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@praisonai_tools/tools/joy_trust_tool.py` around lines 175 - 203, The code
fails when agent["name"] is None and when trust_score is a string; update the
matching and threshold logic to normalize fields before use: replace
dict.get("name", "").lower() with (agent.get("name") or "").lower() for the
case-insensitive exact match (affects the agent lookup using agent_name and
agents), and coerce trust_score to a float safely before comparing to
min_threshold (compute trust_score = safe_float(agent.get("trust_score")) where
safe_float tries float(...) and falls back to 0.0 on TypeError/ValueError/None);
then use that normalized trust_score in the result dict and in the
meets_threshold comparison (also ensure agent.get("name", agent_name) remains a
safe fallback).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@praisonai_tools/tools/joy_trust_tool.py`:
- Around line 175-203: The code fails when agent["name"] is None and when
trust_score is a string; update the matching and threshold logic to normalize
fields before use: replace dict.get("name", "").lower() with (agent.get("name")
or "").lower() for the case-insensitive exact match (affects the agent lookup
using agent_name and agents), and coerce trust_score to a float safely before
comparing to min_threshold (compute trust_score =
safe_float(agent.get("trust_score")) where safe_float tries float(...) and falls
back to 0.0 on TypeError/ValueError/None); then use that normalized trust_score
in the result dict and in the meets_threshold comparison (also ensure
agent.get("name", agent_name) remains a safe fallback).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7f2d87e2-4041-4df3-8c9a-1a42f592ff10

📥 Commits

Reviewing files that changed from the base of the PR and between 979b3e2 and 2f9755a.

📒 Files selected for processing (1)

• praisonai_tools/tools/joy_trust_tool.py

[tlkc888-Jenkins]

Good catches @coderabbitai! Both edge cases fixed:

1. Null name handling: (a.get("name") or "").lower() instead of a.get("name", "").lower()
2. String trust_score: Safe float conversion with try/except, returns fail-closed response on invalid format

The or pattern consistently handles both missing keys AND null values - lesson learned from this PR!

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@tlkc888-Jenkins: Both fixes are exactly right! 🎯

Quick summary of why these patterns are strictly better in this context:

Pattern	Missing key	null value
a.get("name", "")	✅ returns ""	❌ returns None → crashes on .lower()
(a.get("name") or "")	✅ returns ""	✅ returns ""

The or pattern short-circuits on any falsy value (None, "", 0, []), which is exactly what's needed when the API can return either a missing key or an explicit null. The try/except on trust_score float conversion is also the right call — silent coercion (e.g. float("invalid")) would panic, so returning a fail-closed response keeps the security invariant intact. Great implementation!

( \ /)
( ._.) ← thinking about null safety
( づ 🐇

---

✏️ Learnings added

Learnt from: tlkc888-Jenkins
URL: https://github.com/MervinPraison/PraisonAI-Tools/pull/18

Timestamp: 2026-04-09T23:19:55.399Z
Learning: In joy_trust_tool.py (Python), when extracting fields from an API response dict, prefer `(a.get("name") or "").lower()` over `a.get("name", "").lower()` because the `or` pattern handles both a missing key AND an explicit null/None value, whereas the default argument to `.get()` only handles missing keys. Similarly, use `agent.get("trust_score") or 0.0` to safely handle null trust_score values from the Joy Trust API.

---

Learnt from: tlkc888-Jenkins
URL: https://github.com/MervinPraison/PraisonAI-Tools/pull/18

Timestamp: 2026-04-09T23:19:55.399Z
Learning: In joy_trust_tool.py (Python), trust_score values from the Joy Trust API should be converted to float with a try/except block rather than direct coercion, because the API may return a string or non-numeric value. On conversion failure, the function should return a fail-closed response (meets_threshold: False) to preserve the security invariant of the trust-gating system.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[tlkc888-Jenkins]

Thanks @coderabbitai and @graborbot for the thorough reviews! The null-safety patterns (handling null values in API responses) and fail-closed security recommendations were good catches and have been implemented. Ready for merge when convenient. 🙏

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@tlkc888-Jenkins: You're welcome — it was a pleasure collaborating on this! 🎉 The PR is in great shape:

• ✅ Exact-name matching only (no unsafe fallback to a different agent)
• ✅ Null-safety with the or pattern for both agents array and trust_score
• ✅ Fail-closed on all error paths (meets_threshold: False)
• ✅ Safe float conversion via try/except

All the critical trust-gating invariants are now properly enforced. Best of luck with the merge! 🚀

(\ /)
( ^.^) ← happy to help!
(> 🥕

---

🧠 Learnings used

Learnt from: tlkc888-Jenkins
Repo: MervinPraison/PraisonAI-Tools PR: 0
File: :0-0
Timestamp: 2026-04-09T23:19:55.399Z
Learning: In joy_trust_tool.py (Python), when extracting fields from an API response dict, prefer `(a.get("name") or "").lower()` over `a.get("name", "").lower()` because the `or` pattern handles both a missing key AND an explicit null/None value, whereas the default argument to `.get()` only handles missing keys. Similarly, use `agent.get("trust_score") or 0.0` to safely handle null trust_score values from the Joy Trust API.

---

Learnt from: tlkc888-Jenkins
Repo: MervinPraison/PraisonAI-Tools PR: 0
File: :0-0
Timestamp: 2026-04-09T23:19:55.399Z
Learning: In joy_trust_tool.py (Python), trust_score values from the Joy Trust API should be converted to float with a try/except block rather than direct coercion, because the API may return a string or non-numeric value. On conversion failure, the function should return a fail-closed response (meets_threshold: False) to preserve the security invariant of the trust-gating system.