feat(samples): add TrustBoost PII sanitization sample for AP2 + x402 …#267
Conversation
…autonomous payments
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a Python sample demonstrating PII sanitization via the TrustBoost API and the x402 protocol. The review feedback suggests refactoring the sanitization flow to eliminate redundant network requests and prevent potential index errors. Additionally, it recommends using safer dictionary access to avoid key errors and catching specific exceptions rather than a broad exception class for better error handling.
| # x402 flow: call without payment -> HTTP 402 -> pay -> retry | ||
| probe = requests.post(f"{TRUSTBOOST_URL}/sanitize", json={"text": text}, timeout=10) | ||
| if probe.status_code == 402: | ||
| x402 = probe.json().get("x402", {}) | ||
| accepts = x402.get("accepts", [{}])[0] | ||
| print(f"[x402] HTTP 402 - {accepts.get('amount')} {accepts.get('currency')} on {accepts.get('network')}") | ||
| print(f"[x402] Paying autonomously with tx_hash={TX_HASH}") | ||
|
|
||
| r = requests.post( | ||
| f"{TRUSTBOOST_URL}/sanitize", | ||
| json={"text": text, "tx_hash": TX_HASH, "wallet_address": WALLET, "context": context}, | ||
| timeout=30 | ||
| ) |
There was a problem hiding this comment.
The current implementation always performs a second POST request even if the first one succeeds (e.g., in trial mode). Additionally, the first request is missing the context parameter, and there is a risk of an IndexError if the accepts list is empty. Refactoring the logic to reuse the first response and ensuring the context is sent initially improves efficiency and robustness.
# x402 flow: call without payment -> HTTP 402 -> pay -> retry
payload = {"text": text, "context": context}
r = requests.post(f"{TRUSTBOOST_URL}/sanitize", json=payload, timeout=10)
if r.status_code == 402:
x402 = r.json().get("x402", {})
accepts_list = x402.get("accepts", [])
if accepts_list:
acc = accepts_list[0]
print(f"[x402] HTTP 402 - {acc.get('amount')} {acc.get('currency')} on {acc.get('network')}")
print(f"[x402] Paying autonomously with tx_hash={TX_HASH}")
payload.update({"tx_hash": TX_HASH, "wallet_address": WALLET})
r = requests.post(f"{TRUSTBOOST_URL}/sanitize", json=payload, timeout=30)| print(f"[TrustBoost] {card['name']} v{card['version']}") | ||
| print(f"[TrustBoost] Languages: {card['languages']}") | ||
| print(f"[TrustBoost] Compliance: {card['compliance']}") |
There was a problem hiding this comment.
Accessing dictionary keys directly can raise a KeyError if the API response is missing expected fields. Using .get() provides a safer way to handle potentially missing data in this sample.
| print(f"[TrustBoost] {card['name']} v{card['version']}") | |
| print(f"[TrustBoost] Languages: {card['languages']}") | |
| print(f"[TrustBoost] Compliance: {card['compliance']}") | |
| print(f"[TrustBoost] {card.get('name', 'Unknown')} v{card.get('version', '?')}") | |
| print(f"[TrustBoost] Languages: {card.get('languages', [])}") | |
| print(f"[TrustBoost] Compliance: {card.get('compliance', [])}") |
| print(f"\n[{t['lang']}] {t['text']}") | ||
| try: | ||
| sanitize_pii(t["text"], t["ctx"]) | ||
| except Exception as e: |
There was a problem hiding this comment.
Catching the broad Exception class is generally discouraged as it can hide unexpected bugs. It is better to catch specific exceptions like requests.exceptions.RequestException to handle expected network or API errors.
| except Exception as e: | |
| except requests.exceptions.RequestException as e: |
…eption, efficient x402 flow
|
Note for reviewers — BIOME_LINT failure is pre-existing. All lint errors are in code/web-client/src/ — TypeScript/React This PR only adds Python files: Checks directly related to this PR: The BIOME_LINT errors are pre-existing in the repository |
1 participant
Description
Adds a Python sample showing how an autonomous AI agent sanitizes PII
with TrustBoost before completing an AP2 + x402 payment on Solana —
no human intervention required.
AP2 defines how agents pay. TrustBoost defines how agents protect the
payload before the LLM sees it. Together they complete the privacy +
payment stack for autonomous agents.
8 languages: EN, ES-LATAM, PT-BR, DE, JA, FR, IT, KO
LATAM identifiers (RFC, CPF, CUIT) not covered by standard regex tools.
Health check: curl https://api.trustboost.dev/health
→ {"status":"ok","version":"2.6.0"}
Fixes #N/A — new sample addition