@link-assistant/agent 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/provider/provider.ts +7 -7
- package/src/tool/read.ts +118 -0
package/package.json
CHANGED
package/src/provider/provider.ts
CHANGED
|
@@ -599,14 +599,14 @@ export namespace Provider {
|
|
|
599
599
|
// load env
|
|
600
600
|
for (const [providerID, provider] of Object.entries(database)) {
|
|
601
601
|
if (disabled.has(providerID)) continue;
|
|
602
|
-
|
|
602
|
+
// Find the first truthy env var (supports multiple env var options like Google's
|
|
603
|
+
// GOOGLE_GENERATIVE_AI_API_KEY and GEMINI_API_KEY)
|
|
604
|
+
const apiKey = provider.env
|
|
605
|
+
.map((item) => process.env[item])
|
|
606
|
+
.find(Boolean);
|
|
603
607
|
if (!apiKey) continue;
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
// only include apiKey if there's only one potential option
|
|
607
|
-
provider.env.length === 1 ? { apiKey } : {},
|
|
608
|
-
'env'
|
|
609
|
-
);
|
|
608
|
+
// Always pass the API key - the provider SDK needs it for authentication
|
|
609
|
+
mergeProvider(providerID, { apiKey }, 'env');
|
|
610
610
|
}
|
|
611
611
|
|
|
612
612
|
// load apikeys
|
package/src/tool/read.ts
CHANGED
|
@@ -75,6 +75,27 @@ export const ReadTool = Tool.define('read', {
|
|
|
75
75
|
`Failed to read image: ${filepath}, model may not be able to read images`
|
|
76
76
|
);
|
|
77
77
|
}
|
|
78
|
+
|
|
79
|
+
// Image format validation (can be disabled via environment variable)
|
|
80
|
+
const verifyImages = process.env.VERIFY_IMAGES_AT_READ_TOOL !== 'false';
|
|
81
|
+
if (verifyImages) {
|
|
82
|
+
const bytes = new Uint8Array(await file.arrayBuffer());
|
|
83
|
+
|
|
84
|
+
// Validate image format matches file extension
|
|
85
|
+
if (!validateImageFormat(bytes, isImage)) {
|
|
86
|
+
throw new Error(
|
|
87
|
+
`Image validation failed: ${filepath} has image extension but does not contain valid ${isImage} data.\n` +
|
|
88
|
+
`The file may be corrupted, misnamed, or contain non-image content (e.g., HTML error page).\n` +
|
|
89
|
+
`First ${Math.min(bytes.length, 50)} bytes: ${Array.from(
|
|
90
|
+
bytes.slice(0, 50)
|
|
91
|
+
)
|
|
92
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
93
|
+
.join(' ')}\n` +
|
|
94
|
+
`To disable image validation, set environment variable: VERIFY_IMAGES_AT_READ_TOOL=false`
|
|
95
|
+
);
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
|
|
78
99
|
const mime = file.type;
|
|
79
100
|
const msg = 'Image read successfully';
|
|
80
101
|
return {
|
|
@@ -153,11 +174,108 @@ function isImageFile(filePath: string): string | false {
|
|
|
153
174
|
return 'BMP';
|
|
154
175
|
case '.webp':
|
|
155
176
|
return 'WebP';
|
|
177
|
+
case '.tiff':
|
|
178
|
+
case '.tif':
|
|
179
|
+
return 'TIFF';
|
|
180
|
+
case '.svg':
|
|
181
|
+
return 'SVG';
|
|
182
|
+
case '.ico':
|
|
183
|
+
return 'ICO';
|
|
184
|
+
case '.avif':
|
|
185
|
+
return 'AVIF';
|
|
156
186
|
default:
|
|
157
187
|
return false;
|
|
158
188
|
}
|
|
159
189
|
}
|
|
160
190
|
|
|
191
|
+
/**
|
|
192
|
+
* Validates that file content matches expected image format by checking magic bytes/file signatures.
|
|
193
|
+
* This prevents sending invalid data to the Claude API which would cause non-recoverable errors.
|
|
194
|
+
*
|
|
195
|
+
* @param bytes - File content as Uint8Array
|
|
196
|
+
* @param expectedFormat - Expected image format ('PNG', 'JPEG', 'GIF', 'BMP', 'WebP', 'TIFF', 'SVG', 'ICO', 'AVIF')
|
|
197
|
+
* @returns true if file signature matches expected format, false otherwise
|
|
198
|
+
*/
|
|
199
|
+
function validateImageFormat(
|
|
200
|
+
bytes: Uint8Array,
|
|
201
|
+
expectedFormat: string
|
|
202
|
+
): boolean {
|
|
203
|
+
// Need at least 8 bytes for reliable detection (except SVG which needs more for text check)
|
|
204
|
+
if (bytes.length < 8 && expectedFormat !== 'SVG') {
|
|
205
|
+
return false;
|
|
206
|
+
}
|
|
207
|
+
|
|
208
|
+
// File signatures (magic bytes) for supported image formats
|
|
209
|
+
// Reference: https://en.wikipedia.org/wiki/List_of_file_signatures
|
|
210
|
+
const signatures: Record<string, number[]> = {
|
|
211
|
+
PNG: [0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a],
|
|
212
|
+
JPEG: [0xff, 0xd8, 0xff],
|
|
213
|
+
GIF: [0x47, 0x49, 0x46, 0x38], // GIF8 (GIF87a or GIF89a)
|
|
214
|
+
BMP: [0x42, 0x4d], // BM
|
|
215
|
+
WebP: [0x52, 0x49, 0x46, 0x46], // RIFF (need additional check at offset 8)
|
|
216
|
+
TIFF: [0x49, 0x49, 0x2a, 0x00], // Little-endian TIFF, also check big-endian below
|
|
217
|
+
ICO: [0x00, 0x00, 0x01, 0x00], // ICO format
|
|
218
|
+
};
|
|
219
|
+
|
|
220
|
+
const sig = signatures[expectedFormat];
|
|
221
|
+
|
|
222
|
+
// Special handling for formats with multiple possible signatures
|
|
223
|
+
if (expectedFormat === 'TIFF') {
|
|
224
|
+
// TIFF can be little-endian (II) or big-endian (MM)
|
|
225
|
+
const littleEndian = [0x49, 0x49, 0x2a, 0x00];
|
|
226
|
+
const bigEndian = [0x4d, 0x4d, 0x00, 0x2a];
|
|
227
|
+
const matchesLE = littleEndian.every((byte, i) => bytes[i] === byte);
|
|
228
|
+
const matchesBE = bigEndian.every((byte, i) => bytes[i] === byte);
|
|
229
|
+
return matchesLE || matchesBE;
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
if (expectedFormat === 'SVG') {
|
|
233
|
+
// SVG is XML-based, check for common SVG patterns
|
|
234
|
+
const text = new TextDecoder('utf-8', { fatal: false }).decode(
|
|
235
|
+
bytes.slice(0, Math.min(1000, bytes.length))
|
|
236
|
+
);
|
|
237
|
+
return text.includes('<svg') || text.includes('<?xml');
|
|
238
|
+
}
|
|
239
|
+
|
|
240
|
+
if (expectedFormat === 'AVIF') {
|
|
241
|
+
// AVIF uses ISOBMFF container with 'ftyp' box
|
|
242
|
+
// Signature: offset 4-7 should be 'ftyp', and offset 8-11 should contain 'avif' or 'avis'
|
|
243
|
+
if (bytes.length < 12) return false;
|
|
244
|
+
const ftyp = [0x66, 0x74, 0x79, 0x70]; // 'ftyp'
|
|
245
|
+
const hasFtyp = ftyp.every((byte, i) => bytes[4 + i] === byte);
|
|
246
|
+
if (!hasFtyp) return false;
|
|
247
|
+
|
|
248
|
+
// Check for avif/avis brand
|
|
249
|
+
const brand = String.fromCharCode(...bytes.slice(8, 12));
|
|
250
|
+
return brand === 'avif' || brand === 'avis';
|
|
251
|
+
}
|
|
252
|
+
|
|
253
|
+
if (!sig) {
|
|
254
|
+
// Unknown format, skip validation
|
|
255
|
+
return true;
|
|
256
|
+
}
|
|
257
|
+
|
|
258
|
+
// Check if file starts with expected signature
|
|
259
|
+
for (let i = 0; i < sig.length; i++) {
|
|
260
|
+
if (bytes[i] !== sig[i]) {
|
|
261
|
+
return false;
|
|
262
|
+
}
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
// Special case for WebP: also check for WEBP at offset 8
|
|
266
|
+
if (expectedFormat === 'WebP') {
|
|
267
|
+
const webpSig = [0x57, 0x45, 0x42, 0x50]; // WEBP
|
|
268
|
+
if (bytes.length < 12) return false;
|
|
269
|
+
for (let i = 0; i < webpSig.length; i++) {
|
|
270
|
+
if (bytes[8 + i] !== webpSig[i]) {
|
|
271
|
+
return false;
|
|
272
|
+
}
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
|
|
276
|
+
return true;
|
|
277
|
+
}
|
|
278
|
+
|
|
161
279
|
async function isBinaryFile(
|
|
162
280
|
filepath: string,
|
|
163
281
|
file: Bun.BunFile
|