Skip to content

feat(core): normalize tool and attachment images at settlement#37141

Merged
rekram1-node merged 4 commits into
v2from
tool-image-resize
Jul 16, 2026
Merged

feat(core): normalize tool and attachment images at settlement#37141
rekram1-node merged 4 commits into
v2from
tool-image-resize

Conversation

@rekram1-node

@rekram1-node rekram1-node commented Jul 15, 2026

Copy link
Copy Markdown
Collaborator

Problem

Image resizing in V2 ran only inside the read tool. Any other tool returning media (plugin tools, MCP, codemode) persisted unresized inline base64 that is re-sent in every provider request body, and user prompt attachments were never resized at all. Unbounded inline media is how sessions grow past provider/gateway body limits (#36552, related #35013).

Changes

  • ToolRegistry.settleTool normalizes image file content generically at the settlement boundary — the single Image.normalize call site for tool output. It runs once per tool call, before ToolOutputStore.bound and before the message row is persisted; per-request lowering replays the persisted content, so the resize never re-runs per request. Semantics mirror the V1 processor:
    • resizer unavailable → keep the original image
    • undecodable or unresizable image → drop it and append a per-reason note: [N images omitted: could not be decoded.] / [N images omitted: could not be resized below the image size limit.]
  • Tool progress content runs through the same normalization before the durable Tool.Progress publish — progress is persisted and lowered to providers when a call errors mid-progress, so it needs the same bounding.
  • The data-URI match accepts RFC 2397 parameters between the mime and the ;base64 marker.
  • read no longer calls Image.normalize at all. Its structured output is slimmed via toStructuredOutput (Schema.toEncoded) so the original unresized base64 is never persisted twice — the image reaches the model through content items only. An unresizable image read now drops with the omission note instead of failing the tool, consistent with every other tool.
  • SessionV2.prompt normalizes image attachments at admission (V1 prompt-time parity). The Location-scoped Image service is resolved lazily so text-only prompt admission does not boot location services; an unresizable attachment fails the prompt with AttachmentError.

Known limitations

  • MCP structuredContent is opaque JSON passed through verbatim; base64 embedded inside it is not normalized.
  • Non-image inline media (PDF/audio) is not bounded — same exposure class, separate scope.

Tests

  • Registry tests covering normalization, per-reason drop notes, and progress-path normalization.
  • read tests updated to the drop-at-settlement semantics; structured slimming pinned.
  • Test-only Image passthrough mock wired into suites that build ToolRegistry.node in isolation.
  • packages/core: 1308 pass / 0 fail; typecheck clean.

Image resizing previously ran only inside the read tool, so plugin, MCP,
and codemode tools could persist unbounded inline base64 images that grow
every provider request body (see #36552).

- ToolRegistry.settleTool now normalizes image file content generically:
  a missing resizer keeps the original, an unresizable image is dropped
  and replaced with an omission note, mirroring V1 processor behavior.
- SessionV2.prompt normalizes image attachments at admission, resolving
  the Location-scoped Image service lazily so text-only prompts do not
  boot location services.
- read keeps its internal normalize call to bound the image persisted in
  its structured output.
Settlement normalization in ToolRegistry is now the single resize call
site. read no longer depends on Image; its structured output is slimmed
via toStructuredOutput (Schema.toEncoded) so the original unresized
base64 is never persisted in the message row. Unresizable images read
by the tool are now dropped with an omission note at settlement instead
of failing the tool, consistent with every other tool.
Tool progress content is published durably and lowered to providers when
a call errors mid-progress, so it now runs through the same settlement
image normalization as final output. Dropped images are reported in
per-reason notes (could not be decoded vs. could not be resized) instead
of one misleading resize message, and the data-URI match accepts RFC 2397
parameters between the mime and base64 marker.
@rekram1-node rekram1-node merged commit 2ad6c42 into v2 Jul 16, 2026
7 checks passed
@rekram1-node rekram1-node deleted the tool-image-resize branch July 16, 2026 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant