feat(core): wire seed, cancel_token, tool validator, PII redactor into Agent.chat (Phase A) by MervinPraison · Pull Request #1617 · MervinPraison/PraisonAI

MervinPraison · 2026-05-05T10:21:30Z

Phase A: wire seed, cancel_token, tool validator, and PII redactor into Agent.chat

Four small wire-ups identified by the core-features gap analysis. Every
change is opt-in and zero-overhead when unused — existing agents
behave identically unless new kwargs/APIs are actively used.

What ships

Gap	API	Where
C1 Deterministic seed	`Agent.chat(..., seed=42)`	`agent/chat_mixin.py`
C2 Cooperative cancel	`Agent.chat(..., cancel_token=InterruptController())`	`agent/chat_mixin.py`
C4 Tool-arg validator	`agent._tool_validator = MyValidator()`	`agent/tool_execution.py`
C7 PII redactor	`from praisonaiagents.trace import enable_pii_redaction; enable_pii_redaction()`	`trace/redact.py`

Why these four

Each has a protocol/class already defined in the codebase but never
wired into the Agent.chat() path. This PR does the last-mile wiring —
no new architecture, no surface bloat.

C2 — InterruptController existed in agent/interrupt.py but was
only checked inside run_autonomous(), not plain chat().
C4 — ToolValidatorProtocol + ValidationResult + NoopToolValidator
existed in tools/validators.py but nothing consumed them.
C7 — trace/redact.py had 40+ secret keys but only scrubbed trace
output, never LLM egress.
C1 — LLM._build_completion_params already accepts seed via
override_params; Agent.chat() just never threaded it through.

Implementation sketch

# C1/C2 — chat_mixin.py (line 1152)
def chat(self, prompt, ..., seed=None, cancel_token=None):
    _cancel = cancel_token or getattr(self, "interrupt_controller", None)
    if _cancel and _cancel.is_set():
        raise InterruptedError(...)
    ...
    if seed is not None:
        llm_kwargs['seed'] = seed
    ...

# C4 — tool_execution.py (after BEFORE_TOOL hook)
_validator = getattr(self, '_tool_validator', None)
if _validator is not None:
    _vres = _validator.validate_args(function_name, arguments)
    if _vres and not _vres.valid:
        return f"Tool arguments rejected: {...}"

# C7 — trace/redact.py
def enable_pii_redaction() -> str:
    # idempotent — registers BEFORE_LLM hook that rewrites message content
    ...

Plus one correctness fix along the way: chat_mixin._chat_impl now
reads back before_llm_input.messages after BEFORE_LLM runs so hooks
that mutate messages (like the new PII redactor) actually take effect.

Tests

tests/unit/agent/test_core_phase_a.py — 9 TDD tests covering
signature changes, behaviour, protocol adherence, and hook idempotency.
tests/smoke_core_phase_a_real.py — real Claude Haiku 4.5 run
exercising all four features together.

Real agentic test output

Model: anthropic/claude-haiku-4-5

[prompt raw] My api_key=sk-XYZSECRET12345 — please answer: what is 2 + 2? ...
[reply]       4

PASS C1 — seed threaded and LLM returned a valid reply
PASS C7 — PII redactor hook active during LLM call
PASS C2 — cancel_token honoured without tripping
SKIP C4 — LLM chose not to call a tool this run (non-fatal)

Regression sweep

4616 unit tests pass, 0 new failures
6 pre-existing test-pollution failures (plugins/permissions/thread_safety) unchanged and confirmed present on main before this PR

Docs

Single new Mintlify page: docs/features/core-controls.mdx (added in
a sibling PR on PraisonAIDocs) — beginner-friendly, all four features
on one page with CardGroup, Steps, Tabs, CodeGroup, mermaid.

Branch

analysis/core-features-gaps — see commit de38cb3b for the full
diff, which is intentionally small (4 files touched in core, 2 test
files added).

Summary by CodeRabbit

New Features
- Chat API accepts per-call seed and cancellation tokens for reproducible outputs and cooperative cancellation.
- Optional tool-argument validation can reject invalid tool invocations before execution.
- Opt-in PII/secret redaction utilities to scrub sensitive data from LLM traces (enable/disable + scrub).
Tests
- Added smoke and unit tests covering seed/cancel behavior, tool validation, and PII redaction.

…o Agent.chat (Phase A) Four gap-closures identified in the core-features analysis. Every change is opt-in and zero-overhead when unused — existing agents behave identically unless the new kwargs or APIs are actively used. C1 — Deterministic seed Agent.chat(..., seed=42) is now threaded into the LLM payload via llm_kwargs['seed']. Overrides any seed set on the LLM instance for this call only. (chat_mixin.py) C2 — Cooperative cancellation Agent.chat(..., cancel_token=InterruptController()) is checked at agent start and right before the LLM call. A tripped token raises InterruptedError instead of hitting the network. Falls back to self.interrupt_controller when no per-call token is supplied. (chat_mixin.py) C4 — Tool-argument validator _execute_tool_with_context now consults agent._tool_validator (any ToolValidatorProtocol impl) after BEFORE_TOOL hooks. Invalid args short-circuit to an error string; the tool function is never called. Validator exceptions are swallowed so a buggy validator can never break tool execution. (tool_execution.py) C7 — PII redactor for LLM egress trace/redact.py gains scrub_pii_text(), enable_pii_redaction(), and disable_pii_redaction(). enable_pii_redaction() registers an idempotent BEFORE_LLM hook that rewrites message content with REDACT_KEYS + value-pattern rules (OpenAI keys, SSN, CC, email). chat_mixin now reads back before_llm_input.messages after the hook runs so modified_input actually reaches the LLM. (trace/redact.py, trace/__init__.py, chat_mixin.py) Tests tests/unit/agent/test_core_phase_a.py — 9 TDD tests (all passing) tests/smoke_core_phase_a_real.py — real Claude Haiku 4.5 run, exercises all four features together Regression sweep: 4616 unit tests pass, 0 new failures. Pre-existing test-pollution failures (plugins/permissions/thread_safety) unchanged.

qodo-code-review · 2026-05-05T10:21:35Z

ⓘ You've reached your Qodo monthly free-tier limit. Reviews pause until next month — upgrade your plan to continue now, or link your paid account if you already have one.

coderabbitai · 2026-05-05T10:22:01Z

📝 Walkthrough

Walkthrough

This PR adds per-call seed and cooperative cancel_token handling to chat/achat flows, honors BEFORE_LLM hook mutations for outgoing messages, adds optional tool-argument validation before tool execution, introduces opt-in PII/secret scrubbing middleware and exports, and adds unit and smoke tests covering these behaviors.

Changes

Phase A Core Features (Seed, Cancellation, Tool Validation, PII Redaction)

Layer / File(s)	Summary
PII redaction implementation `src/praisonai-agents/praisonaiagents/trace/redact.py`	Adds `_VALUE_PATTERNS`, `scrub_pii_text()`, `_pii_before_llm_hook()`, and idempotent `enable_pii_redaction()`/`disable_pii_redaction()` with thread-safe hook lifecycle.
Trace exports & lazy load `src/praisonai-agents/praisonaiagents/trace/__init__.py`	Exports `scrub_pii_text`, `enable_pii_redaction`, and `disable_pii_redaction` and lazily import them from `.redact` via `__getattr__`.
Hook message mutation `src/praisonai-agents/praisonaiagents/agent/chat_mixin.py`	After `BEFORE_LLM` hook runs, outgoing `messages` is replaced with `before_llm_input.messages` so hook-driven mutations are used for the LLM request.
Public API / Call-site wiring `src/praisonai-agents/praisonaiagents/agent/chat_mixin.py`	`chat()` and `achat()` signatures accept `seed` and `cancel_token`; they perform early cooperative-cancellation checks and forward resolved cancel controller and `seed` into `_chat_impl`/`_achat_impl`.
Core LLM invocation (sync/async) `src/praisonai-agents/praisonaiagents/agent/chat_mixin.py`	`_chat_impl`/`_achat_impl` accept `seed` and `cancel_token`; in custom-LLM path they inject `seed` into `llm_kwargs` and perform a last-chance cancellation check before calling `get_response`/`get_response_async`.
Tool execution validation `src/praisonai-agents/praisonaiagents/agent/tool_execution.py`	`_execute_tool_with_context` optionally calls `agent._tool_validator.validate_args(name, args)` and short-circuits tool execution returning an error string when validation returns `valid=False`; validator exceptions are caught/logged and ignored.
Unit tests `src/praisonai-agents/tests/unit/agent/test_core_phase_a.py`	New tests: seed passthrough, pre-request cancellation abort, tool validator rejection behavior, PII redaction idempotency and redaction correctness.
Integration smoke test `src/praisonai-agents/tests/smoke_core_phase_a_real.py`	End-to-end smoke that runs a live LLM with `seed=42`, checks cancellation token, wires a logging validator, enables PII redaction for the run, and validates outputs and hook registration.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant Agent as Agent.chat/achat
    participant Hooks as BEFORE_LLM Hook
    participant LLM as LLM Provider
    participant ToolExec as Tool Executor
    participant Validator as Tool Validator

    User->>Agent: chat(prompt, seed, cancel_token)
    Agent->>Agent: early cancel check (raise InterruptedError if set)
    Agent->>Hooks: emit BEFORE_LLM(event_data)
    Hooks->>Hooks: PII hook may scrub/mutate messages
    Hooks-->>Agent: return possibly-mutated messages
    Agent->>LLM: call get_response / get_response_async (llm_kwargs includes seed)
    LLM-->>Agent: response
    Agent->>ToolExec: execute tool if invoked
    ToolExec->>Validator: validate_args(name, args) (if present)
    alt valid
        ToolExec->>ToolExec: run tool function
        ToolExec-->>Agent: tool result
    else invalid
        ToolExec-->>Agent: return rejection error message
    end
    Agent-->>User: final reply

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

MervinPraison/PraisonAI#1572: Both PRs modify ChatMixin._chat_completion (main PR adds honoring BEFORE_LLM hook mutations and seed/cancel_token plumbing, retrieved PR adds retry-depth limits and structured LLMError handling).
MervinPraison/PraisonAI#765: Both PRs change the Agent chat flow (modifying _chat_completion / chat / achat behavior and message/tool handling).
MervinPraison/PraisonAI#1308: Both PRs modify the agent chat flow in src/praisonai-agents/praisonaiagents/agent/chat_mixin.py (updating _chat/_achat logic and public chat/achat signatures/behaviour).

Suggested labels

Review effort 4/5

Poem

🐰 Seeds sown in neat array,
Hooks tidy secrets away,
Tokens pause the hurried race,
Validators check each case,
Phase A hops on—soft and brave.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 67.65% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the four main changes: seed, cancel_token, tool validator, and PII redactor wired into Agent.chat for Phase A.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch analysis/core-features-gaps

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

MervinPraison · 2026-05-05T10:22:11Z

@copilot Do a thorough review of this PR. Read ALL existing reviewer comments above from Qodo, Coderabbit, and Gemini first — incorporate their findings.

Review areas:

Bloat check: Are changes minimal and focused? Any unnecessary code or scope creep?
Security: Any hardcoded secrets, unsafe eval/exec, missing input validation?
Performance: Any module-level heavy imports? Hot-path regressions?
Tests: Are tests included? Do they cover the changes adequately?
Backward compat: Any public API changes without deprecation?
Code quality: DRY violations, naming conventions, error handling?
Address reviewer feedback: If Qodo, Coderabbit, or Gemini flagged valid issues, include them in your review
Suggest specific improvements with code examples where possible

gemini-code-assist

Code Review

This pull request introduces several core feature enhancements, including deterministic output via a seed parameter, cooperative cancellation using a cancel_token, optional tool argument validation, and an opt-in PII redaction system for LLM egress. Feedback highlights that the seed and cancel_token parameters are currently missing from the asynchronous achat method and the standard OpenAI execution path. Additionally, the PII redaction hook is not yet integrated into the custom LLM path, and the redaction logic should be expanded to handle multimodal content and use more precise regex patterns for credit card detection.

gemini-code-assist · 2026-05-05T10:24:00Z

+        # C7 — honour any BEFORE_LLM hook that mutated the message stream
+        # (e.g. PII redactor). The runner applies modified_input in-place on
+        # before_llm_input.messages; adopt that value for the actual LLM call.
+        messages = before_llm_input.messages


This logic correctly adopts mutated messages from hooks for the LLM call. However, this BEFORE_LLM hook execution is only present in _chat_completion, which is not called by the custom LLM path in _chat_impl. Consequently, PII redaction (C7) will not function when using custom LLM providers. Consider moving the hook execution to a shared location or adding it to the custom LLM path in _chat_impl.

gemini-code-assist · 2026-05-05T10:24:00Z

            _trace_emitter.agent_end(self.name)

-    def _chat_impl(self, prompt, temperature, tools, output_json, output_pydantic, reasoning_steps, stream, task_name, task_description, task_id, config, force_retrieval, skip_retrieval, attachments, _trace_emitter, tool_choice=None):
+    def _chat_impl(self, prompt, temperature, tools, output_json, output_pydantic, reasoning_steps, stream, task_name, task_description, task_id, config, force_retrieval, skip_retrieval, attachments, _trace_emitter, tool_choice=None, seed=None, cancel_token=None):


The seed and cancel_token parameters added here are currently only utilized within the if self._using_custom_llm: block of this method. They are ignored in the standard OpenAI path (which calls _chat_completion), leading to inconsistent behavior across different LLM providers. Ensure these parameters are passed down through the _chat_completion and unified dispatcher chain.

gemini-code-assist · 2026-05-05T10:24:01Z

        return rendered

-    def chat(self, prompt: str, temperature: float = 1.0, tools: Optional[List[Any]] = None, output_json: Optional[Any] = None, output_pydantic: Optional[Any] = None, reasoning_steps: bool = False, stream: Optional[bool] = None, task_name: Optional[str] = None, task_description: Optional[str] = None, task_id: Optional[str] = None, config: Optional[Dict[str, Any]] = None, force_retrieval: bool = False, skip_retrieval: bool = False, attachments: Optional[List[str]] = None, tool_choice: Optional[str] = None) -> Optional[str]:
+    def chat(self, prompt: str, temperature: float = 1.0, tools: Optional[List[Any]] = None, output_json: Optional[Any] = None, output_pydantic: Optional[Any] = None, reasoning_steps: bool = False, stream: Optional[bool] = None, task_name: Optional[str] = None, task_description: Optional[str] = None, task_id: Optional[str] = None, config: Optional[Dict[str, Any]] = None, force_retrieval: bool = False, skip_retrieval: bool = False, attachments: Optional[List[str]] = None, tool_choice: Optional[str] = None, seed: Optional[int] = None, cancel_token: Optional[Any] = None) -> Optional[str]:


The seed and cancel_token parameters should also be added to the achat method to maintain parity between the synchronous and asynchronous chat interfaces.

gemini-code-assist · 2026-05-05T10:24:01Z

+    # US SSN
+    (re.compile(r"\b\d{3}-\d{2}-\d{4}\b"), "[REDACTED-SSN]"),
+    # Credit card (13-19 digits, loose)
+    (re.compile(r"\b(?:\d[ -]?){13,19}\b"), "[REDACTED-CC]"),


The credit card regex \b(?:\d[ -]?){13,19}\b is quite broad and may cause false positives by matching other long sequences of digits, such as phone numbers or internal identifiers. Consider using a more specific pattern or implementing a Luhn algorithm check to improve accuracy.

gemini-code-assist · 2026-05-05T10:24:01Z

+def _pii_before_llm_hook(event_data):
+    """BEFORE_LLM hook that scrubs every message's content in-place."""
+    try:
+        messages = getattr(event_data, "messages", None) or []
+        modified = []
+        for m in messages:
+            if isinstance(m, dict) and isinstance(m.get("content"), str):
+                m = {**m, "content": scrub_pii_text(m["content"])}
+            modified.append(m)
+        # Import locally to avoid module-level hooks dep (keeps redact.py lightweight)
+        from ..hooks.types import HookResult
+        return HookResult(decision="allow", modified_input={"messages": modified})
+    except Exception:
+        # Never block the LLM call on a scrubber bug
+        from ..hooks.types import HookResult
+        return HookResult(decision="allow")


The _pii_before_llm_hook currently only redacts messages where the content is a string. It should be updated to handle multimodal content (where content is a list of parts) to ensure PII is redacted from text parts in complex prompts.

def _pii_before_llm_hook(event_data): """BEFORE_LLM hook that scrubs every message's content in-place.""" try: messages = getattr(event_data, "messages", None) or [] modified = [] for m in messages: if isinstance(m, dict): content = m.get("content") if isinstance(content, str): m = {**m, "content": scrub_pii_text(content)} elif isinstance(content, list): new_content = [] for part in content: if isinstance(part, dict) and part.get("type") == "text" and isinstance(part.get("text"), str): part = {**part, "text": scrub_pii_text(part["text"])} new_content.append(part) m = {**m, "content": new_content} modified.append(m) # Import locally to avoid module-level hooks dep (keeps redact.py lightweight) from ..hooks.types import HookResult return HookResult(decision="allow", modified_input={"messages": modified}) except Exception: # Never block the LLM call on a scrubber bug from ..hooks.types import HookResult return HookResult(decision="allow")

greptile-apps · 2026-05-05T10:26:11Z

Greptile Summary

This PR wires four previously-defined but unused primitives — deterministic seed, cooperative cancellation token, tool-argument validator, and PII redactor — into the Agent.chat() / Agent.achat() call paths. All additions are opt-in and zero-overhead when unused.

C1/C2: seed and cancel_token are threaded through chat() → _chat_impl() and the async equivalents; the cancel check is correctly placed inside the try/finally so agent_end trace events are always paired.
C4: _tool_validator is called after the BEFORE_TOOL hook modifies arguments, with a broad except that prevents a broken validator from disrupting tool execution.
C7: enable_pii_redaction() registers a BEFORE_LLM hook using a threading lock for idempotency; disable_pii_redaction() does not hold that same lock, leaving a race between concurrent enable/disable callers.

Confidence Score: 4/5

Safe to merge with one fix: disable_pii_redaction() does not hold the module-level lock, leaving a read-clear race with concurrent enable/disable callers.

The four wiring changes are well-isolated and backward-compatible. The only real gap is in trace/redact.py: enable_pii_redaction() was correctly updated to hold _PII_HOOK_LOCK, but disable_pii_redaction() reads and clears _PII_HOOK_ID outside the lock. Two threads calling disable concurrently can both pass the is None guard and attempt to unregister the same hook ID; a concurrent enable+disable pair can leave _PII_HOOK_ID cleared while the hook is still active. Everything else — seed passthrough, cancel checks, tool validator, trace readback — is straightforward and correct.

src/praisonai-agents/praisonaiagents/trace/redact.py — disable_pii_redaction() needs the same lock guard applied to enable_pii_redaction().

Important Files Changed

Filename	Overview
src/praisonai-agents/praisonaiagents/trace/redact.py	Adds PII-redaction middleware: scrub_pii_text(), enable_pii_redaction(), and disable_pii_redaction(). enable_pii_redaction() correctly uses _PII_HOOK_LOCK for idempotent registration; disable_pii_redaction() does not hold the lock, leaving a read-clear race against concurrent enable/disable calls.
src/praisonai-agents/praisonaiagents/agent/chat_mixin.py	Adds seed and cancel_token params to chat(), achat(), and their _impl counterparts. Cancel check correctly placed inside the try block so agent_end trace is always emitted. Seed is conditionally injected into llm_kwargs. The messages = before_llm_input.messages read-back for BEFORE_LLM hook mutations is a clean correctness fix.
src/praisonai-agents/praisonaiagents/agent/tool_execution.py	Adds optional _tool_validator check after BEFORE_TOOL hook output, gated behind getattr with a broad exception catch so a buggy validator never breaks tool execution. Straightforward and zero overhead when unused.
src/praisonai-agents/praisonaiagents/trace/init.py	Re-exports scrub_pii_text, enable_pii_redaction, and disable_pii_redaction via lazy getattr. Clean addition with no issues.
src/praisonai-agents/tests/unit/agent/test_core_phase_a.py	Nine unit tests covering signature checks, LLM-kwarg propagation, early cancellation, tool validator rejection, and PII hook idempotency. Tests are well-structured and use monkeypatching to avoid network calls.
src/praisonai-agents/tests/smoke_core_phase_a_real.py	Live E2E smoke test hitting a real LLM. Model selection adapts to available API keys. Properly cleans up via disable_pii_redaction() at the end.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant Agent as Agent.chat()
    participant Impl as _chat_impl()
    participant HookRunner as Hook Runner
    participant PIIHook as PII Redactor Hook
    participant Validator as _tool_validator
    participant LLM as LLM

    Caller->>Agent: chat(prompt, seed, cancel_token)
    Agent->>Agent: resolve cancel token
    Agent->>Agent: early cancel check
    Agent->>Impl: _chat_impl(seed, cancel_token)
    Impl->>HookRunner: execute_sync BEFORE_LLM
    HookRunner->>PIIHook: pii_before_llm_hook
    PIIHook-->>HookRunner: HookResult with scrubbed messages
    HookRunner-->>Impl: before_llm_input.messages updated
    Impl->>Impl: read back mutated messages
    Impl->>Impl: last-chance cancel check
    Impl->>LLM: get_response with seed forwarded
    LLM-->>Impl: response_text
    Impl->>Validator: validate_args if validator set
    Validator-->>Impl: ValidationResult
    Impl-->>Agent: result
    Agent-->>Caller: result

_{Reviews (3): Last reviewed commit: "fix(pii): remove false-positive \d{16} C..." | Re-trigger Greptile}

MervinPraison · 2026-05-05T10:32:01Z

@claude You are the FINAL architecture reviewer. If the branch is under MervinPraison/PraisonAI (not a fork), you are able to make modifications to this branch and push directly. SCOPE: Focus ONLY on Python packages (praisonaiagents, praisonai). Do NOT modify praisonai-rust or praisonai-ts. Read ALL comments above from Gemini, Qodo, CodeRabbit, and Copilot carefully before responding.

Phase 1: Review per AGENTS.md

Protocol-driven: check heavy implementations vs core SDK
Backward compatible: ensure zero feature regressions
Performance: no hot-path regressions

Phase 2: FIX Valid Issues
4. For any VALID bugs or architectural flaws found by Gemini, CodeRabbit, Qodo, Copilot, or any other reviewer: implement the fix
5. Push all code fixes directly to THIS branch (do NOT create a new PR)
6. Comment a summary of exact files modified and what you skipped

Phase 3: Final Verdict
7. If all issues are resolved, approve the PR / close the Issue
8. If blocking issues remain, request changes / leave clear action items

praisonai-triage-agent · 2026-05-05T10:32:28Z

coderabbitai

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

src/praisonai-agents/praisonaiagents/agent/chat_mixin.py (2)
1174-1192: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Backend delegation skips the cancel check and silently drops seed

The _delegate_to_backend call at line 1192 returns before the cooperative-cancellation guard at lines 1199–1203 and before _chat_impl which injects seed. Consequently:

A pre-set cancel_token does not abort the call when a backend is configured.

seed=42 (or any per-call seed) is silently ignored.

The delegation_kwargs dict (lines 1176–1191) should include seed and cancel_token, and the cancel check should be hoisted before the backend branch:
🔧 Proposed fix
+        # C2 — cooperative cancellation (must run before any delegation)
+        _cancel = cancel_token if cancel_token is not None else getattr(self, "interrupt_controller", None)
+        if _cancel is not None and getattr(_cancel, "is_set", lambda: False)():
+            reason = getattr(_cancel, "reason", None) or "cancelled before LLM call"
+            raise InterruptedError(f"Agent chat cancelled: {reason}")
+
         if hasattr(self, 'backend') and self.backend is not None:
             delegation_kwargs = {
                 ...
                 'tool_choice': tool_choice,
+                'seed': seed,
+                'cancel_token': cancel_token,
             }
             return self._delegate_to_backend(prompt, **delegation_kwargs)

-        ...
-        # C2 — cooperative cancellation: abort early if a pre-set token is given
-        _cancel = cancel_token if cancel_token is not None else getattr(self, "interrupt_controller", None)
-        if _cancel is not None and getattr(_cancel, "is_set", lambda: False)():
-            reason = getattr(_cancel, "reason", None) or "cancelled before LLM call"
-            raise InterruptedError(f"Agent chat cancelled: {reason}")
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/agent/chat_mixin.py` around lines 1174 -
1192, The backend delegation path in chat_mixin.py bypasses the
cooperative-cancellation guard and drops per-call seeds: move the cancel-token
check (the cooperative-cancellation guard that checks cancel_token) to occur
before the branch that uses self._delegate_to_backend, and include both
cancel_token and seed in the delegation_kwargs passed to
self._delegate_to_backend; specifically update the dict built for
delegation_kwargs in the method that calls self._delegate_to_backend to add
'seed' and 'cancel_token', and ensure the cancel check is executed (same logic
used before calling _chat_impl) prior to delegating to _delegate_to_backend so
cancellation and per-call seeds behave identically for backend-delegated calls.
1736-1762: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

achat() is missing seed and cancel_token — async/sync parity gap

chat() exposes both seed and cancel_token, but the async counterpart achat() accepts neither, so users of the async path cannot request determinism or cooperative cancellation. As per coding guidelines, "All I/O operations must have both sync and async variants."

The fix mirrors what was done for chat(): add both parameters to achat()'s signature, pass an early cancel check before delegating, and thread seed into the relevant async LLM kwargs in _achat_impl.

As per coding guidelines: "All I/O operations must have both sync and async variants; never block the event loop with sync I/O in async context."

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/praisonai-agents/praisonaiagents/agent/chat_mixin.py`:
- Around line 1436-1439: The InterruptedError raised in the last-chance cancel
check (the cancel_token check that raises InterruptedError) is being swallowed
by the broad except Exception as e handler; modify the exception handling around
the LLM call so that InterruptedError is re-raised immediately (e.g. add an
early "if isinstance(e, InterruptedError): raise" in the except block or add a
separate "except InterruptedError: raise" before the generic except) to avoid
rolling back history/logging and returning None for cancelled operations;
reference the cancel_token check, InterruptedError, and the existing "except
Exception as e:" handler to locate where to add the re-raise.

In `@src/praisonai-agents/praisonaiagents/agent/tool_execution.py`:
- Around line 197-210: When the tool validator rejects args in the block using
_validator.validate_args(function_name, arguments) you currently return early
and skip emitting the matching trace and stream events; before returning on
rejection, call _trace_emitter.tool_call_end(...) with the same call_id and
relevant metadata, emit the TOOL_CALL_RESULT stream event on _stream with the
rejection message/details (matching the shape sent for successful results), and
invoke the AFTER_TOOL hook on _hooks (or call the same helper used later for
successful completion) so every tool_call_start has a corresponding end and
result emission; update the rejection branch around the _validator.validate_args
handling to perform those three emissions using the existing symbols
_trace_emitter, call_id, _stream and TOOL_CALL_RESULT and _hooks/AFTER_TOOL
prior to returning the rejection string.

In `@src/praisonai-agents/praisonaiagents/trace/redact.py`:
- Around line 133-134: The current credit-card regex tuple in redact.py (the
pattern tuple matching r"\b(?:\d[ -]?){13,19}\b") is too broad and causes false
positives; update the rule to either (a) replace that tuple with a stricter
groups-of-4 pattern that only matches common card formatting (e.g. r"\b(?:\d{4}[
-]){3}\d{4}\b" or similar) and optionally add an inline Luhn validation step in
the redaction flow (the function that applies these patterns) to confirm matches
before replacing with "[REDACTED-CC]", or (b) remove this loose 13–19 digit rule
from the default patterns list and move it behind a feature-flag/opt-in path so
it is not applied to all egress messages; reference the tuple containing
r"\b(?:\d[ -]?){13,19}\b" and the redaction application code in redact.py when
making the change.
- Around line 193-200: The PII redaction hook (_pii_before_llm_hook) is being
registered in parallel via get_default_registry().register_function(...) so its
modified_input={"messages": modified} is not applied; change the registration
call for _PII_HOOK_ID by adding sequential=True to
get_default_registry().register_function(event=HookEvent.BEFORE_LLM,
func=_pii_before_llm_hook, name="praisonaiagents.pii_redactor", sequential=True)
so the registry runs the hook via _execute_sequential() and the redacted
messages are written back to the shared input_data.

In `@src/praisonai-agents/tests/unit/agent/test_core_phase_a.py`:
- Around line 160-168: The current test test_pii_scrubber_scrubs_api_keys uses a
too-short token so it doesn't exercise the naked-token regex; add a new unit
test (or extend this one) that calls scrub_pii_text with a bare OpenAI-style key
like "sk-ABCDEFGHIJKLMNOPQRSTUVWXYZ" (≥12 chars after "sk-") — not as
"api_key=..." — and assert the raw token is not present in the output and that
"[REDACTED]" appears; this will ensure the naked-token pattern in
redact.redact_string / _VALUE_PATTERNS[0] is actually exercised.

---

Outside diff comments:
In `@src/praisonai-agents/praisonaiagents/agent/chat_mixin.py`:
- Around line 1174-1192: The backend delegation path in chat_mixin.py bypasses
the cooperative-cancellation guard and drops per-call seeds: move the
cancel-token check (the cooperative-cancellation guard that checks cancel_token)
to occur before the branch that uses self._delegate_to_backend, and include both
cancel_token and seed in the delegation_kwargs passed to
self._delegate_to_backend; specifically update the dict built for
delegation_kwargs in the method that calls self._delegate_to_backend to add
'seed' and 'cancel_token', and ensure the cancel check is executed (same logic
used before calling _chat_impl) prior to delegating to _delegate_to_backend so
cancellation and per-call seeds behave identically for backend-delegated calls.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 68f71715-914b-4244-9d43-cf05bb86d4d0

📥 Commits

Reviewing files that changed from the base of the PR and between e33b4b4 and de38cb3.

📒 Files selected for processing (6)

src/praisonai-agents/praisonaiagents/agent/chat_mixin.py
src/praisonai-agents/praisonaiagents/agent/tool_execution.py
src/praisonai-agents/praisonaiagents/trace/__init__.py
src/praisonai-agents/praisonaiagents/trace/redact.py
src/praisonai-agents/tests/smoke_core_phase_a_real.py
src/praisonai-agents/tests/unit/agent/test_core_phase_a.py

coderabbitai · 2026-05-05T10:35:27Z

+            # C4 — optional tool-argument validation via ToolValidatorProtocol.
+            # Zero overhead when not set. Users wire via `agent._tool_validator = MyValidator()`.
+            _validator = getattr(self, '_tool_validator', None)
+            if _validator is not None:
+                try:
+                    _vres = _validator.validate_args(function_name, arguments)
+                    if _vres is not None and not getattr(_vres, 'valid', True):
+                        _errs = "; ".join(getattr(_vres, 'errors', []) or ["validation failed"])
+                        logging.warning(
+                            f"Tool {function_name} args rejected by validator: {_errs}"
+                        )
+                        return f"Tool arguments rejected: {_errs}"
+                except Exception as _ve:  # noqa: BLE001 — never break tool exec on validator bug
+                    logging.debug(f"Tool validator raised; skipping validation: {_ve}")


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Missing tool_call_end trace event and stream result event on validation rejection

tool_call_start is emitted at line 157 unconditionally, but when the validator rejects (line 208), the function returns before line 274's _trace_emitter.tool_call_end(...), the TOOL_CALL_RESULT stream event (lines 281-292), and the AFTER_TOOL hook (lines 295-307). Every tool_call_start must have a matching tool_call_end; otherwise trace/telemetry consumers accumulate unclosed spans and observability data is corrupted.

🔧 Proposed fix — emit end events before returning on rejection

_errs = "; ".join(getattr(_vres, 'errors', []) or ["validation failed"]) logging.warning( f"Tool {function_name} args rejected by validator: {_errs}" ) - return f"Tool arguments rejected: {_errs}" + _rejection_msg = f"Tool arguments rejected: {_errs}" + _duration_ms = (_time.time() - _tool_start_time) * 1000 + _trace_emitter.tool_call_end( + self.name, function_name, _rejection_msg, _duration_ms + ) + if (hasattr(self, '_Agent__stream_emitter') + and getattr(self, '_Agent__stream_emitter', None) is not None + and getattr(self, '_Agent__stream_emitter', None).has_callbacks): + from ..streaming.events import StreamEvent, StreamEventType + getattr(self, '_Agent__stream_emitter', None).emit(StreamEvent( + type=StreamEventType.TOOL_CALL_RESULT, + timestamp=_time.perf_counter(), + tool_call={ + "name": function_name, + "arguments": arguments, + "result": _rejection_msg, + "id": tool_call_id, + }, + agent_id=self.name, + metadata={"duration_ms": _duration_ms, "rejected": True}, + )) + return _rejection_msg

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/praisonai-agents/praisonaiagents/agent/tool_execution.py` around lines 197 - 210, When the tool validator rejects args in the block using _validator.validate_args(function_name, arguments) you currently return early and skip emitting the matching trace and stream events; before returning on rejection, call _trace_emitter.tool_call_end(...) with the same call_id and relevant metadata, emit the TOOL_CALL_RESULT stream event on _stream with the rejection message/details (matching the shape sent for successful results), and invoke the AFTER_TOOL hook on _hooks (or call the same helper used later for successful completion) so every tool_call_start has a corresponding end and result emission; update the rejection branch around the _validator.validate_args handling to perform those three emissions using the existing symbols _trace_emitter, call_id, _stream and TOOL_CALL_RESULT and _hooks/AFTER_TOOL prior to returning the rejection string.

coderabbitai · 2026-05-05T10:35:27Z

+    from ..hooks.registry import get_default_registry
+    from ..hooks.types import HookEvent
+    reg = get_default_registry()
+    _PII_HOOK_ID = reg.register_function(
+        event=HookEvent.BEFORE_LLM,
+        func=_pii_before_llm_hook,
+        name="praisonaiagents.pii_redactor",
+    )


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Verify whether register_function accepts a `sequential` parameter and what _execute_parallel does with modified_input rg -n "def register_function" --type py -A 15 rg -n "_execute_parallel" --type py -A 30

Repository: MervinPraison/PraisonAI

Length of output: 33761

🏁 Script executed:

#!/bin/bash # Check _execute_single implementation and how modifications are applied rg -n "_execute_single" --type py -A 20 "src/praisonai-agents/praisonaiagents/hooks/runner.py" # Check how hook results are consumed in the hooks module rg -n "modified_input" --type py -B 2 -A 2 "src/praisonai-agents/praisonaiagents/hooks/" # Check chat_mixin.py line 566 and surrounding context fd -e py -p "chat_mixin" "src/praisonai-agents/" | head -1 | xargs cat | head -600 | tail -100

Repository: MervinPraison/PraisonAI

Length of output: 9307

🏁 Script executed:

#!/bin/bash # Check execute_sync implementation - the sync wrapper called from chat_mixin rg -n "def execute_sync" --type py -A 40 "src/praisonai-agents/praisonaiagents/hooks/runner.py" # Search for any code that applies modifications from parallel execution results rg -n "apply.*modif|setattr.*modif" --type py "src/praisonai-agents/praisonaiagents/hooks/" # Check if there's any post-processing of parallel results rg -n "_execute_parallel" --type py -B 3 -A 10 "src/praisonai-agents/praisonaiagents/hooks/runner.py"

Repository: MervinPraison/PraisonAI

Length of output: 2651

🏁 Script executed:

#!/bin/bash # Check the _pii_before_llm_hook function to confirm it returns modified_input rg -n "_pii_before_llm_hook" --type py -A 30 "src/praisonai-agents/praisonaiagents/trace/redact.py"

Repository: MervinPraison/PraisonAI

Length of output: 2369

PII hook registered as parallel — redacted messages are discarded

The hook _pii_before_llm_hook correctly returns modified_input={"messages": modified} with redacted content, but register_function() is called without sequential=True, defaulting to parallel execution. In _execute_parallel(), hooks run via asyncio.gather() and modifications are never applied back to the shared input_data object. Only _execute_sequential() applies modifications via setattr(). Consequently, chat_mixin.py line 566 receives the original unredacted messages, silently defeating PII scrubbing.

Add sequential=True to the registration call to ensure modifications are threaded through:

Fix

_PII_HOOK_ID = reg.register_function( event=HookEvent.BEFORE_LLM, func=_pii_before_llm_hook, name="praisonaiagents.pii_redactor", + sequential=True, )

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/praisonai-agents/praisonaiagents/trace/redact.py` around lines 193 - 200, The PII redaction hook (_pii_before_llm_hook) is being registered in parallel via get_default_registry().register_function(...) so its modified_input={"messages": modified} is not applied; change the registration call for _PII_HOOK_ID by adding sequential=True to get_default_registry().register_function(event=HookEvent.BEFORE_LLM, func=_pii_before_llm_hook, name="praisonaiagents.pii_redactor", sequential=True) so the registry runs the hook via _execute_sequential() and the redacted messages are written back to the shared input_data.

coderabbitai · 2026-05-05T10:35:27Z

+    def test_pii_scrubber_scrubs_api_keys(self):
+        """The scrubber function must redact API-key-shaped strings."""
+        from praisonaiagents.trace.redact import scrub_pii_text
+
+        raw = "my api_key=sk-ABCDEF12345 and password=hunter2"
+        scrubbed = scrub_pii_text(raw)
+        assert "sk-ABCDEF12345" not in scrubbed
+        assert "hunter2" not in scrubbed
+        assert "[REDACTED]" in scrubbed


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

sk-ABCDEF12345 is too short to trigger the naked-token regex — the pattern goes untested

The value pattern for OpenAI-style keys is sk-[A-Za-z0-9]{12,} (12 or more chars after sk-). ABCDEF12345 is only 11 chars, so this key is caught by the key=value branch in redact_string (because of api_key=) rather than _VALUE_PATTERNS[0]. The assertion passes, but it gives false confidence that the naked-token pattern works.

Add a test with a bare token (no surrounding key name) that is ≥ 12 chars after sk-:

💡 Suggested test addition

raw = "my api_key=sk-ABCDEF12345 and password=hunter2" scrubbed = scrub_pii_text(raw) assert "sk-ABCDEF12345" not in scrubbed assert "hunter2" not in scrubbed assert "[REDACTED]" in scrubbed + + def test_pii_scrubber_scrubs_naked_token(self): + """Naked OpenAI-style token (no key= context) must be caught by _VALUE_PATTERNS.""" + from praisonaiagents.trace.redact import scrub_pii_text + + raw = "The token is sk-ABCDEFGHIJ1234567890 — store it safely." + scrubbed = scrub_pii_text(raw) + assert "sk-ABCDEFGHIJ1234567890" not in scrubbed, ( + "naked sk-... token not redacted by _VALUE_PATTERNS" + )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

def test_pii_scrubber_scrubs_api_keys(self):

"""The scrubber function must redact API-key-shaped strings."""

from praisonaiagents.trace.redact import scrub_pii_text

raw = "my api_key=sk-ABCDEF12345 and password=hunter2"

scrubbed = scrub_pii_text(raw)

assert "sk-ABCDEF12345" not in scrubbed

assert "hunter2" not in scrubbed

assert "[REDACTED]" in scrubbed

def test_pii_scrubber_scrubs_api_keys(self):

"""The scrubber function must redact API-key-shaped strings."""

from praisonaiagents.trace.redact import scrub_pii_text

raw = "my api_key=sk-ABCDEF12345 and password=hunter2"

scrubbed = scrub_pii_text(raw)

assert "sk-ABCDEF12345" not in scrubbed

assert "hunter2" not in scrubbed

assert "[REDACTED]" in scrubbed

def test_pii_scrubber_scrubs_naked_token(self):

"""Naked OpenAI-style token (no key= context) must be caught by _VALUE_PATTERNS."""

from praisonaiagents.trace.redact import scrub_pii_text

raw = "The token is sk-ABCDEFGHIJ1234567890 — store it safely."

scrubbed = scrub_pii_text(raw)

assert "sk-ABCDEFGHIJ1234567890" not in scrubbed, (

"naked sk-... token not redacted by _VALUE_PATTERNS"

)

🧰 Tools

🪛 Betterleaks (1.1.2)

[high] 164-164: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/praisonai-agents/tests/unit/agent/test_core_phase_a.py` around lines 160 - 168, The current test test_pii_scrubber_scrubs_api_keys uses a too-short token so it doesn't exercise the naked-token regex; add a new unit test (or extend this one) that calls scrub_pii_text with a bare OpenAI-style key like "sk-ABCDEFGHIJKLMNOPQRSTUVWXYZ" (≥12 chars after "sk-") — not as "api_key=..." — and assert the raw token is not present in the output and that "[REDACTED]" appears; this will ensure the naked-token pattern in redact.redact_string / _VALUE_PATTERNS[0] is actually exercised.

- Fix agent_end trace never emitted on cancellation by moving cancel check inside try block - Fix credit card regex too broad by restricting to canonical 4-group or 16-digit patterns - Add thread safety to PII redaction with mutex lock - Add missing seed and cancel_token parameters to achat method for API parity - Forward seed and cancel_token properly in async LLM calls Co-authored-by: Mervin Praison <MervinPraison@users.noreply.github.com>

bastizol-wq · 2026-05-05T10:38:26Z

Re: “feat(core): wire seed, cancel_token, tool validator, PII redactor into Agent.chat (Phase…”. When agents call tools, the brittle part is usually the tool boundary (auth/hosts/inputs).

A quick pre-flight checklist: enforce HTTPS, allowlist hosts, require auth where expected, flag destructive ops, and emit a structured receipt.

ATCP sits in front of tool execution: evaluate first, then decide whether the agent can call.

Curious what you’re using today for tool allowlists / safety receipts — happy to compare notes.

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

coderabbitai

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

src/praisonai-agents/praisonaiagents/agent/chat_mixin.py (2)

1174-1192: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

seed and cancel_token are silently dropped when delegating to a backend

delegation_kwargs does not include seed or cancel_token, so callers who set either on a backend-configured agent get no-op behavior with no warning.

🔧 Proposed fix

             delegation_kwargs = {
                 'temperature': temperature,
                 'tools': tools,
                 ...
                 'attachments': attachments,
                 'tool_choice': tool_choice
             }
+            if seed is not None:
+                delegation_kwargs['seed'] = seed
+            if cancel_token is not None:
+                delegation_kwargs['cancel_token'] = cancel_token

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/agent/chat_mixin.py` around lines 1174 -
1192, The delegation code for agents with a backend is dropping important
parameters: add the missing seed and cancel_token keys to the delegation_kwargs
dict so they are forwarded when calling self._delegate_to_backend; update the
dict construction near the backend check in chat_mixin.py (the delegation_kwargs
block) to include 'seed': seed and 'cancel_token': cancel_token before returning
self._delegate_to_backend(prompt, **delegation_kwargs) so backend-configured
agents receive these values.

1927-1957: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

InterruptedError from the last-chance cancel check is also swallowed in the async path

The same pattern from the sync path exists in _achat_impl(): the InterruptedError raised at line 1929 is immediately caught by except Exception as e: at line 1950, rolled back, and returns None. Async callers cannot detect cancellation.

🔧 Proposed fix

+                except InterruptedError:
+                    raise  # propagate cancellation to the caller
                 except Exception as e:
                     # Rollback chat history if LLM call fails
                     self._truncate_chat_history(chat_history_length)
                     _get_display_functions()['display_error'](f"Error in LLM chat: {e}")
                     ...
                     return None

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/agent/chat_mixin.py` around lines 1927 -
1957, The InterruptedError raised in _achat_impl's last-chance cancel check is
being caught by the broad except Exception handlers (both the guardrail block
and the outer LLM call block), which swallows cancellations; update the
exception handling in _achat_impl so that any caught exception that is an
instance of InterruptedError is re-raised immediately (e.g., in the guardrail
try/except and the outer except Exception as e: block check isinstance(e,
InterruptedError) and raise), and only handle/rollback (call
_truncate_chat_history and display error) for non-InterruptedError exceptions;
this preserves the rollback behavior for real errors while allowing async
callers to detect cancellation.

♻️ Duplicate comments (2)

src/praisonai-agents/praisonaiagents/trace/redact.py (1)
199-203: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

PII hook still registered without sequential=True — redacted messages are discarded

_pii_before_llm_hook returns modified_input={"messages": modified}, but without sequential=True the registry runs it in parallel mode (asyncio.gather()). The parallel runner collects results but never writes modified_input back to before_llm_input. Consequently, line 566 of chat_mixin.py (messages = before_llm_input.messages) reads the original unredacted messages. PII scrubbing is silently a no-op.
🔧 Proposed fix
         _PII_HOOK_ID = reg.register_function(
             event=HookEvent.BEFORE_LLM,
             func=_pii_before_llm_hook,
             name="praisonaiagents.pii_redactor",
+            sequential=True,
         )
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/trace/redact.py` around lines 199 - 203,
The PII hook is registered to run in parallel so its returned modified_input is
never applied; update the reg.register_function call that registers
_pii_before_llm_hook (event=HookEvent.BEFORE_LLM,
name="praisonaiagents.pii_redactor") to pass sequential=True so the hook runs
sequentially and its modified_input (modified messages) is written back to
before_llm_input (so chat_mixin.py's before_llm_input.messages will reflect
redactions).
src/praisonai-agents/praisonaiagents/agent/chat_mixin.py (1)
1436-1467: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

InterruptedError from the last-chance cancel check is swallowed (sync path)

InterruptedError is a subclass of OSError, which is a subclass of Exception, so the InterruptedError raised at line 1439 is caught by the except Exception as e: handler at line 1463. The cancellation signal is converted into a history rollback, an error display, and return None — the caller cannot distinguish a cancelled call from an LLM failure.
🔧 Proposed fix
+                except InterruptedError:
+                    raise  # propagate cancellation to the caller
                 except Exception as e:
                     # Rollback chat history if LLM call fails
                     self._truncate_chat_history(chat_history_length)
                     _get_display_functions()['display_error'](f"Error in LLM chat: {e}")
                     return None
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/agent/chat_mixin.py` around lines 1436 -
1467, The InterruptedError raised by the last-chance cancel check
(cancel_token.is_set()) is being swallowed by the broad except Exception handler
in the chat flow; update the exception handling in the Agent chat path so
InterruptedError is not caught: add a specific except InterruptedError (or check
and re-raise InterruptedError) before the general except Exception block in the
method that contains cancel_token, get_response, _apply_guardrail_with_retry and
_truncate_chat_history so cancellation propagates to the caller instead of being
converted into a rollback/error display; keep existing cleanup (e.g.,
_truncate_chat_history) where appropriate but re-raise InterruptedError
immediately after cleanup (or avoid cleanup on cancellation) so the caller can
detect cancellation.

🧹 Nitpick comments (1)

src/praisonai-agents/praisonaiagents/trace/redact.py (1)

176-181: 💤 Low value

Duplicate HookResult import and broad except Exception (Ruff BLE001)

HookResult is imported twice — once on the success path and once inside the except block. Import it once at the top of the function. The broad catch is defensible here (scrubber must not break LLM calls), but at a minimum logging the exception at DEBUG level would aid diagnostics.

♻️ Proposed refactor

 def _pii_before_llm_hook(event_data):
     """BEFORE_LLM hook that scrubs every message's content in-place."""
+    from ..hooks.types import HookResult
     try:
         messages = getattr(event_data, "messages", None) or []
         modified = []
         for m in messages:
             if isinstance(m, dict) and isinstance(m.get("content"), str):
                 m = {**m, "content": scrub_pii_text(m["content"])}
             modified.append(m)
-        # Import locally to avoid module-level hooks dep (keeps redact.py lightweight)
-        from ..hooks.types import HookResult
         return HookResult(decision="allow", modified_input={"messages": modified})
-    except Exception:
+    except Exception as exc:  # noqa: BLE001 — scrubber must never block LLM
         # Never block the LLM call on a scrubber bug
-        from ..hooks.types import HookResult
+        logging.debug("PII scrubber failed (non-fatal): %s", exc)
         return HookResult(decision="allow")

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/trace/redact.py` around lines 176 - 181,
Remove the duplicate inline import of HookResult (currently imported both before
the success return and again inside the except block); import HookResult once at
the top of the function (or module) and use that single reference for both
return paths, and in the except block replace the silent broad except with
logging of the caught exception at DEBUG level (e.g., log.exception or
logging.debug with the exception) before returning HookResult(decision="allow")
so scrubber errors are recorded for diagnostics; ensure you keep the broad
except semantics to avoid blocking LLM calls and reference the existing
HookResult return usage and the except block surrounding the modified variable
handling.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/praisonai-agents/praisonaiagents/trace/redact.py`:
- Line 135: The current redaction rule tuple that uses re.compile(r"\b(?:\d{4}[
-]){3}\d{4}\b|\b\d{16}\b") should be changed to remove the unspaced fallback
\b\d{16}\b so only grouped-of-4 credit-card formats are matched; locate the
regex entry in redact.py (the tuple with re.compile(r"\b(?:\d{4}[
-]){3}\d{4}\b|\b\d{16}\b") and its replacement "[REDACTED-CC]") and replace it
with a pattern that only matches the canonical grouped form (e.g., the existing
(?:\d{4}[ -]){3}\d{4} variant) so ISINs/IMEIs/16-digit non-CC values are no
longer redacted.
- Around line 207-218: disable_pii_redaction() races with enable_pii_redaction()
because it reads and clears _PII_HOOK_ID without holding _PII_HOOK_LOCK; fix by
taking _PII_HOOK_LOCK while checking and clearing the global: acquire
_PII_HOOK_LOCK, if _PII_HOOK_ID is None return False, otherwise copy
_PII_HOOK_ID to a local (e.g. old_id) and set _PII_HOOK_ID = None while still
holding the lock, release the lock, then call get_default_registry() and
reg.unregister(old_id) (preserving current behavior of returning True); this
ensures the hook id cannot be lost by a concurrent enable_pii_redaction() and
makes disable_pii_redaction() thread-safe.

---

Outside diff comments:
In `@src/praisonai-agents/praisonaiagents/agent/chat_mixin.py`:
- Around line 1174-1192: The delegation code for agents with a backend is
dropping important parameters: add the missing seed and cancel_token keys to the
delegation_kwargs dict so they are forwarded when calling
self._delegate_to_backend; update the dict construction near the backend check
in chat_mixin.py (the delegation_kwargs block) to include 'seed': seed and
'cancel_token': cancel_token before returning self._delegate_to_backend(prompt,
**delegation_kwargs) so backend-configured agents receive these values.
- Around line 1927-1957: The InterruptedError raised in _achat_impl's
last-chance cancel check is being caught by the broad except Exception handlers
(both the guardrail block and the outer LLM call block), which swallows
cancellations; update the exception handling in _achat_impl so that any caught
exception that is an instance of InterruptedError is re-raised immediately
(e.g., in the guardrail try/except and the outer except Exception as e: block
check isinstance(e, InterruptedError) and raise), and only handle/rollback (call
_truncate_chat_history and display error) for non-InterruptedError exceptions;
this preserves the rollback behavior for real errors while allowing async
callers to detect cancellation.

---

Duplicate comments:
In `@src/praisonai-agents/praisonaiagents/agent/chat_mixin.py`:
- Around line 1436-1467: The InterruptedError raised by the last-chance cancel
check (cancel_token.is_set()) is being swallowed by the broad except Exception
handler in the chat flow; update the exception handling in the Agent chat path
so InterruptedError is not caught: add a specific except InterruptedError (or
check and re-raise InterruptedError) before the general except Exception block
in the method that contains cancel_token, get_response,
_apply_guardrail_with_retry and _truncate_chat_history so cancellation
propagates to the caller instead of being converted into a rollback/error
display; keep existing cleanup (e.g., _truncate_chat_history) where appropriate
but re-raise InterruptedError immediately after cleanup (or avoid cleanup on
cancellation) so the caller can detect cancellation.

In `@src/praisonai-agents/praisonaiagents/trace/redact.py`:
- Around line 199-203: The PII hook is registered to run in parallel so its
returned modified_input is never applied; update the reg.register_function call
that registers _pii_before_llm_hook (event=HookEvent.BEFORE_LLM,
name="praisonaiagents.pii_redactor") to pass sequential=True so the hook runs
sequentially and its modified_input (modified messages) is written back to
before_llm_input (so chat_mixin.py's before_llm_input.messages will reflect
redactions).

---

Nitpick comments:
In `@src/praisonai-agents/praisonaiagents/trace/redact.py`:
- Around line 176-181: Remove the duplicate inline import of HookResult
(currently imported both before the success return and again inside the except
block); import HookResult once at the top of the function (or module) and use
that single reference for both return paths, and in the except block replace the
silent broad except with logging of the caught exception at DEBUG level (e.g.,
log.exception or logging.debug with the exception) before returning
HookResult(decision="allow") so scrubber errors are recorded for diagnostics;
ensure you keep the broad except semantics to avoid blocking LLM calls and
reference the existing HookResult return usage and the except block surrounding
the modified variable handling.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f66595ce-ebce-43e2-ad7a-9e988f7d5692

📥 Commits

Reviewing files that changed from the base of the PR and between de38cb3 and d2c8922.

📒 Files selected for processing (2)

src/praisonai-agents/praisonaiagents/agent/chat_mixin.py
src/praisonai-agents/praisonaiagents/trace/redact.py

coderabbitai · 2026-05-05T10:43:36Z

+                    # C1 — per-call seed overrides llm_instance.seed for determinism
+                    if seed is not None:
+                        llm_kwargs['seed'] = seed


⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

seed is silently dropped for the standard OpenAI/unified-dispatcher path

seed is only injected into llm_kwargs in the if self._using_custom_llm: branch (lines 1432–1434). In the else-branch (line 1471+), _chat_completion() is called without seed, and _chat_completion → _execute_unified_chat_completion → dispatcher.chat_completion have no seed parameter. The same gap exists in _achat_impl(). For any agent backed by the standard OpenAI/LiteLLM path — likely the majority of users — agent.chat(seed=42) is a silent no-op.

The fix requires threading seed through _chat_completion() → _execute_unified_chat_completion() → dispatcher.chat_completion() (and async equivalents), or at minimum logging a warning when seed is provided but cannot be forwarded.

Also applies to: 1471-1547

coderabbitai · 2026-05-05T10:43:37Z

+def disable_pii_redaction() -> bool:
+    """Unregister the PII-redaction hook. No-op if never enabled."""
+    global _PII_HOOK_ID
+    if _PII_HOOK_ID is None:
+        return False
+    from ..hooks.registry import get_default_registry
+    reg = get_default_registry()
+    try:
+        reg.unregister(_PII_HOOK_ID)
+    finally:
+        _PII_HOOK_ID = None
+    return True


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

disable_pii_redaction() is not thread-safe — races with enable_pii_redaction()

enable_pii_redaction() holds _PII_HOOK_LOCK during its check-and-set, but disable_pii_redaction() reads and clears _PII_HOOK_ID entirely outside the lock. A concurrent enable + disable can leave the hook registered with _PII_HOOK_ID = None, making the registered hook impossible to unregister and breaking idempotency for the next enable_pii_redaction() call.

🔒 Proposed fix

def disable_pii_redaction() -> bool: """Unregister the PII-redaction hook. No-op if never enabled.""" global _PII_HOOK_ID - if _PII_HOOK_ID is None: - return False - from ..hooks.registry import get_default_registry - reg = get_default_registry() - try: - reg.unregister(_PII_HOOK_ID) - finally: - _PII_HOOK_ID = None - return True + with _PII_HOOK_LOCK: + if _PII_HOOK_ID is None: + return False + from ..hooks.registry import get_default_registry + reg = get_default_registry() + hook_id = _PII_HOOK_ID + try: + reg.unregister(hook_id) + finally: + _PII_HOOK_ID = None + return True

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/praisonai-agents/praisonaiagents/trace/redact.py` around lines 207 - 218, disable_pii_redaction() races with enable_pii_redaction() because it reads and clears _PII_HOOK_ID without holding _PII_HOOK_LOCK; fix by taking _PII_HOOK_LOCK while checking and clearing the global: acquire _PII_HOOK_LOCK, if _PII_HOOK_ID is None return False, otherwise copy _PII_HOOK_ID to a local (e.g. old_id) and set _PII_HOOK_ID = None while still holding the lock, release the lock, then call get_default_registry() and reg.unregister(old_id) (preserving current behavior of returning True); this ensures the hook id cannot be lost by a concurrent enable_pii_redaction() and makes disable_pii_redaction() thread-safe.

MervinPraison · 2026-05-08T08:26:36Z

✅ LGTM with two issues

What's good:

C1 (seed): Per-call seed correctly overrides instance seed — clean and deterministic.
C2 (_cancel): Token check is placed immediately before the LLM call — correct placement to avoid orphaned in-flight requests.
C4 (_tool_validator): Zero-overhead when not set (duck-typed, uses getattr). The except Exception safety net prevents a broken validator from crashing tool execution — correct.
C7 (PII redaction): Value-pattern rules cover the most common categories. The scrub_pii_text function is correctly stdlib-only. The BEFORE_LLM hook approach is the right integration point.

🔴 Issue 1: `_pii_before_llm_hook` modifies the message list in-place via dict spread, but `event_data.messages` is mutated if it's the same list object

In redact.py:

modified = []
for m in messages:
    if isinstance(m, dict) and isinstance(m.get("content"), str):
        m = {**m, "content": scrub_pii_text(m["content"])}
    modified.append(m)

The {**m, ...} spread correctly creates a new dict for modified messages, but unmodified messages are appended by reference — so if a caller mutates an unmodified message after the hook returns, both the original and the modified list are affected. Given hooks are called in-sequence and the original list is the same object, this is safe in current usage, but is subtle. Add a comment noting that messages without PII are passed through by reference intentionally for performance.

🔴 Issue 2: `_VALUE_PATTERNS` 16-digit credit card regex matches timestamps and IDs

(re.compile(r"\b(?:\d{4}[ -]){3}\d{4}\b|\b\d{16}\b"), "[REDACTED-CC]"),

The \b\d{16}\b branch will match any 16-digit sequence: UNIX timestamps in microseconds (e.g. 1747123456789012), trace IDs, order numbers, phone numbers. This will cause false-positive redactions in tool outputs and LLM responses. Remove the \b\d{16}\b branch — the 4-group pattern (?:\d{4}[ -]){3}\d{4} is sufficient for canonically-formatted cards and has a much lower false-positive rate.

🟡 Minor: Email redaction is aggressive by default

Emails are often safe context (user's name, sender address in tool results). Redacting by default will break RAG tool outputs. Consider making email redaction opt-in via a parameter to enable_pii_redaction() or a separate scrub_email flag.

Fix the 16-digit regex false-positive (Issue 2) before merge.

MervinPraison · 2026-05-08T08:55:40Z

✅ Fix applied — branch `fix/pr-1617-pii-regex`

The 16-digit CC regex false-positive issue has been fixed:

# Before — matches ANY 16-digit sequence (timestamps, trace IDs, order numbers)
(re.compile(r"\b(?:\d{4}[ -]){3}\d{4}\b|\b\d{16}\b"), "[REDACTED-CC]"),

# After — canonical 4-group format only, near-zero false-positive rate
(re.compile(r"\b(?:\d{4}[ -]){3}\d{4}\b"), "[REDACTED-CC]"),

The bare \b\d{16}\b branch was removed. Examples of what it incorrectly redacted before:

1747123456789012 (UNIX microsecond timestamp → tool output)
trace_id=4831569274830192 (distributed trace ID)
Any 16-digit order/invoice number from a search tool result

The 4-group pattern (?:\d{4}[ -]){3}\d{4} covers real-world card numbers (4111 1111 1111 1111, 4111-1111-1111-1111) with full context comment explaining the decision.

@claude — fix in branch fix/pr-1617-pii-regex, commit ec243875.

praisonai-triage-agent · 2026-05-08T08:55:58Z

Claude finished @MervinPraison's task —— View job

I'll analyze this and get back to you.

@claude

…trace IDs @claude: The bare \b\d{16}\b branch matched ANY 16-digit sequence (UNIX microsecond timestamps, distributed trace IDs, order/invoice numbers) causing false-positive redactions in LLM tool outputs and RAG results. Removed — the canonical 4-group pattern (?:\d{4}[ -]){3}\d{4} covers real-world formatted cards with near-zero FP rate.

greptile-apps · 2026-05-08T09:18:17Z

+def disable_pii_redaction() -> bool:
+    """Unregister the PII-redaction hook. No-op if never enabled."""
+    global _PII_HOOK_ID
+    if _PII_HOOK_ID is None:
+        return False
+    from ..hooks.registry import get_default_registry
+    reg = get_default_registry()
+    try:
+        reg.unregister(_PII_HOOK_ID)
+    finally:
+        _PII_HOOK_ID = None
+    return True


disable_pii_redaction() does not hold _PII_HOOK_LOCK while reading and clearing _PII_HOOK_ID. The previous round of feedback got the lock added to enable_pii_redaction(), but disable_pii_redaction() still mutates the shared global without it. A thread calling enable_pii_redaction() that has already passed the _PII_HOOK_ID is not None check inside the lock will return the stale ID after disable_pii_redaction() clears it underneath — leaving the hook unregistered while callers believe it is active. Concurrent calls to disable_pii_redaction() itself can also both pass the is None guard, then both attempt reg.unregister() on the same ID.

Suggested change

def disable_pii_redaction() -> bool:

"""Unregister the PII-redaction hook. No-op if never enabled."""

global _PII_HOOK_ID

if _PII_HOOK_ID is None:

return False

from ..hooks.registry import get_default_registry

reg = get_default_registry()

try:

reg.unregister(_PII_HOOK_ID)

finally:

_PII_HOOK_ID = None

return True

def disable_pii_redaction() -> bool:

"""Unregister the PII-redaction hook. No-op if never enabled."""

global _PII_HOOK_ID

with _PII_HOOK_LOCK:

if _PII_HOOK_ID is None:

return False

hook_id = _PII_HOOK_ID

_PII_HOOK_ID = None

from ..hooks.registry import get_default_registry

reg = get_default_registry()

try:

reg.unregister(hook_id)

except Exception:

pass

return True

coderabbitai

♻️ Duplicate comments (2)

src/praisonai-agents/praisonaiagents/trace/redact.py (2)
204-208: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

PII hook registered in parallel mode — redacted messages are silently discarded.

register_function() is called without sequential=True, so the hook runs via _execute_parallel(). Per the prior analysis (confirmed by shell-script inspection of hooks/runner.py in a previous review), only _execute_sequential() applies modified_input back via setattr(); _execute_parallel() via asyncio.gather() never writes modifications back to the shared input_data. As a result, chat_mixin.py receives the original unredacted messages from before_llm_input.messages, making PII scrubbing completely non-functional despite appearing to work.
🔒 Fix — add sequential=True
         _PII_HOOK_ID = reg.register_function(
             event=HookEvent.BEFORE_LLM,
             func=_pii_before_llm_hook,
             name="praisonaiagents.pii_redactor",
+            sequential=True,
         )
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/trace/redact.py` around lines 204 - 208,
The PII redaction hook is registered to run in parallel so its modified_input is
never written back, causing unredacted messages to be used; update the
register_function call that assigns _PII_HOOK_ID (the call registering
HookEvent.BEFORE_LLM with func=_pii_before_llm_hook and
name="praisonaiagents.pii_redactor") to pass sequential=True so the hook runs
via _execute_sequential() and its modified_input is applied back to input_data.
212-223: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

disable_pii_redaction() is not thread-safe — races with enable_pii_redaction().

Lines 215 and 222 read and clear _PII_HOOK_ID entirely outside _PII_HOOK_LOCK. A concurrent enable_pii_redaction() (which holds the lock during its check-and-set) racing with disable_pii_redaction() can leave the hook registered with _PII_HOOK_ID = None, making the dangling hook impossible to unregister and breaking idempotency on the next enable_pii_redaction() call.
🔒 Proposed fix — wrap body with _PII_HOOK_LOCK
 def disable_pii_redaction() -> bool:
     """Unregister the PII-redaction hook. No-op if never enabled."""
     global _PII_HOOK_ID
-    if _PII_HOOK_ID is None:
-        return False
-    from ..hooks.registry import get_default_registry
-    reg = get_default_registry()
-    try:
-        reg.unregister(_PII_HOOK_ID)
-    finally:
-        _PII_HOOK_ID = None
-    return True
+    with _PII_HOOK_LOCK:
+        if _PII_HOOK_ID is None:
+            return False
+        hook_id = _PII_HOOK_ID
+        _PII_HOOK_ID = None
+    from ..hooks.registry import get_default_registry
+    reg = get_default_registry()
+    reg.unregister(hook_id)
+    return True
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/trace/redact.py` around lines 212 - 223,
disable_pii_redaction() currently reads and clears the global _PII_HOOK_ID
outside of _PII_HOOK_LOCK allowing a race with enable_pii_redaction() that can
leave the hook registered but _PII_HOOK_ID set to None; fix by acquiring
_PII_HOOK_LOCK around the critical section in disable_pii_redaction() so the
check `if _PII_HOOK_ID is None`, the call to
get_default_registry().unregister(_PII_HOOK_ID), and clearing `_PII_HOOK_ID =
None` all execute while holding the lock (matching the locking behavior in
enable_pii_redaction()), ensuring atomic check-and-unregister semantics and
preventing a dangling registered hook.

🧹 Nitpick comments (2)

src/praisonai-agents/praisonaiagents/trace/redact.py (2)
171-186: ⚡ Quick win

Swallowed scrubber exceptions are invisible without logging.

The bare except Exception block (Ruff BLE001) intentionally prevents blocking the LLM call — that design is sound. However, silently discarding the exception means PII scrubbing failures are completely invisible in production, violating the structured-logging/observability expectation. A single logging.warning(...) in the except path would expose these failures without breaking anything.
✏️ Suggested addition
+import logging
+_logger = logging.getLogger(__name__)

 def _pii_before_llm_hook(event_data):
-    """BEFORE_LLM hook that scrubs every message's content in-place."""
+    """BEFORE_LLM hook that scrubs every message's content."""
     try:
         ...
     except Exception:  # noqa: BLE001
         # Never block the LLM call on a scrubber bug
+        _logger.warning("PII scrubber raised an exception; messages sent unredacted", exc_info=True)
         from ..hooks.types import HookResult
         return HookResult(decision="allow")
As per coding guidelines: "All key operations must emit events via EventBus; implement trace protocols for external observability integration; use structured logging with correlation IDs."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/trace/redact.py` around lines 171 - 186,
The except block in _pii_before_llm_hook currently swallows scrubber exceptions;
update it to log a structured warning (use the module logger) including the
exception details (stack trace) and any correlation id/context available on
event_data before returning HookResult(decision="allow"), so failures are
observable without changing behavior; reference _pii_before_llm_hook,
scrub_pii_text and HookResult when making the change and emit the log at warning
level with structured fields (e.g., error, hook="pii_before_llm",
correlation_id).
131-131: ⚡ Quick win

Extend API key pattern to cover sk-proj-, sk-svcacct-, and sk-None- prefixes.

The pattern \bsk-[A-Za-z0-9]{12,}\b won't match modern OpenAI API key formats. Since 2024, OpenAI issues keys with prefixes like sk-proj- (project keys), sk-svcacct- (service accounts), and sk-None- (user keys). The current pattern requires 12+ consecutive alphanumeric characters immediately after sk-, but sk-proj-TOKEN has only proj (4 chars) before the next -, causing the pattern to fail.
Proposed fix — support sub-prefixed key formats
-    (re.compile(r"\bsk-[A-Za-z0-9]{12,}\b"), "[REDACTED]"),
+    # Covers sk-<TOKEN>, sk-proj-<TOKEN>, sk-None-<TOKEN>, sk-svcacct-<TOKEN>, etc.
+    (re.compile(r"\bsk-(?:[A-Za-z0-9]+-)*[A-Za-z0-9]{12,}\b"), "[REDACTED]"),
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai-agents/praisonaiagents/trace/redact.py` at line 131, Replace
the existing regex tuple (re.compile(r"\bsk-[A-Za-z0-9]{12,}\b"), "[REDACTED]")
with a pattern that also matches the newer sub-prefixed keys; update the
compiled regex to something like
re.compile(r"\b(?:sk-(?:proj|svcacct|None)-[A-Za-z0-9\-_]+|sk-[A-Za-z0-9]{12,})\b")
so it continues to catch legacy sk-<12+> keys and also covers sk-proj-,
sk-svcacct- and sk-None- formats; ensure you update the same tuple in the list
of redaction patterns so the replacement value "[REDACTED]" is applied.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@src/praisonai-agents/praisonaiagents/trace/redact.py`:
- Around line 204-208: The PII redaction hook is registered to run in parallel
so its modified_input is never written back, causing unredacted messages to be
used; update the register_function call that assigns _PII_HOOK_ID (the call
registering HookEvent.BEFORE_LLM with func=_pii_before_llm_hook and
name="praisonaiagents.pii_redactor") to pass sequential=True so the hook runs
via _execute_sequential() and its modified_input is applied back to input_data.
- Around line 212-223: disable_pii_redaction() currently reads and clears the
global _PII_HOOK_ID outside of _PII_HOOK_LOCK allowing a race with
enable_pii_redaction() that can leave the hook registered but _PII_HOOK_ID set
to None; fix by acquiring _PII_HOOK_LOCK around the critical section in
disable_pii_redaction() so the check `if _PII_HOOK_ID is None`, the call to
get_default_registry().unregister(_PII_HOOK_ID), and clearing `_PII_HOOK_ID =
None` all execute while holding the lock (matching the locking behavior in
enable_pii_redaction()), ensuring atomic check-and-unregister semantics and
preventing a dangling registered hook.

---

Nitpick comments:
In `@src/praisonai-agents/praisonaiagents/trace/redact.py`:
- Around line 171-186: The except block in _pii_before_llm_hook currently
swallows scrubber exceptions; update it to log a structured warning (use the
module logger) including the exception details (stack trace) and any correlation
id/context available on event_data before returning
HookResult(decision="allow"), so failures are observable without changing
behavior; reference _pii_before_llm_hook, scrub_pii_text and HookResult when
making the change and emit the log at warning level with structured fields
(e.g., error, hook="pii_before_llm", correlation_id).
- Line 131: Replace the existing regex tuple
(re.compile(r"\bsk-[A-Za-z0-9]{12,}\b"), "[REDACTED]") with a pattern that also
matches the newer sub-prefixed keys; update the compiled regex to something like
re.compile(r"\b(?:sk-(?:proj|svcacct|None)-[A-Za-z0-9\-_]+|sk-[A-Za-z0-9]{12,})\b")
so it continues to catch legacy sk-<12+> keys and also covers sk-proj-,
sk-svcacct- and sk-None- formats; ensure you update the same tuple in the list
of redaction patterns so the replacement value "[REDACTED]" is applied.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 09b101a1-385d-4f1f-b461-80f8efbc7716

📥 Commits

Reviewing files that changed from the base of the PR and between d2c8922 and 9378452.

📒 Files selected for processing (1)

src/praisonai-agents/praisonaiagents/trace/redact.py

Copilot AI review requested due to automatic review settings May 5, 2026 10:21

Copilot started reviewing on behalf of MervinPraison May 5, 2026 10:22 View session

Copilot started work on behalf of MervinPraison May 5, 2026 10:22 View session

gemini-code-assist Bot reviewed May 5, 2026

View reviewed changes

greptile-apps Bot reviewed May 5, 2026

View reviewed changes

coderabbitai Bot reviewed May 5, 2026

View reviewed changes

Copilot AI reviewed May 5, 2026

View reviewed changes

coderabbitai Bot reviewed May 5, 2026

View reviewed changes

MervinPraison mentioned this pull request May 5, 2026

Subscription-token auth for bots/gateway: use Claude Pro / ChatGPT Plus / Gemini CLI / Qwen CLI subscriptions (Hermes-style) #1618

Closed

11 tasks

greptile-apps Bot reviewed May 8, 2026

View reviewed changes

coderabbitai Bot reviewed May 8, 2026

View reviewed changes

MervinPraison merged commit e20e426 into main May 8, 2026
23 checks passed

MervinPraison mentioned this pull request May 8, 2026

docs(features/core-controls): align with AGENTS.md — Quick Start, per-concept diagrams, decision flow, Best Practices, Related MervinPraison/PraisonAIDocs#313

Open

14 tasks

Uh oh!

Conversation

MervinPraison commented May 5, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Phase A: wire seed, cancel_token, tool validator, and PII redactor into Agent.chat

What ships

Why these four

Implementation sketch

Tests

Real agentic test output

Regression sweep

Docs

Branch

Summary by CodeRabbit

Uh oh!

qodo-code-review Bot commented May 5, 2026

Uh oh!

coderabbitai Bot commented May 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

Possibly related PRs

Suggested labels

Poem

❌ Failed checks (1 warning)

Uh oh!

MervinPraison commented May 5, 2026

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

gemini-code-assist Bot May 5, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot May 5, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot May 5, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot May 5, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot May 5, 2026

Choose a reason for hiding this comment

Uh oh!

greptile-apps Bot commented May 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Greptile Summary

Confidence Score: 4/5

Important Files Changed

Sequence Diagram

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

MervinPraison commented May 5, 2026

Uh oh!

praisonai-triage-agent Bot commented May 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Architecture Review and Fix Implementation ✅

Todo List

Architecture Review Summary (Per AGENTS.md)

Issues Fixed

✅ P1 Critical Issues (Resolved)

✅ P2 Issues (Resolved)

✅ Integration Gaps (Resolved)

Files Modified

Final Verdict: ✅ APPROVED

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot May 5, 2026

Choose a reason for hiding this comment

MervinPraison commented May 5, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 5, 2026 •

edited

Loading

greptile-apps Bot commented May 5, 2026 •

edited

Loading

praisonai-triage-agent Bot commented May 5, 2026 •

edited

Loading

🔴 Issue 1: `_pii_before_llm_hook` modifies the message list in-place via dict spread, but `event_data.messages` is mutated if it's the same list object

🔴 Issue 2: `_VALUE_PATTERNS` 16-digit credit card regex matches timestamps and IDs

✅ Fix applied — branch `fix/pr-1617-pii-regex`

praisonai-triage-agent Bot commented May 8, 2026 •

edited

Loading