2025-10-01 23:29:25 +00:00
#!/usr/bin/env python3
"""
Vision Tools Module
This module provides vision analysis tools that work with image URLs .
2026-03-14 21:14:20 -07:00
Uses the centralized auxiliary vision router , which can select OpenRouter ,
Nous , Codex , native Anthropic , or a custom OpenAI - compatible endpoint .
2025-10-01 23:29:25 +00:00
Available tools :
- vision_analyze_tool : Analyze images from URLs with custom prompts
Features :
2025-10-08 02:38:04 +00:00
- Downloads images from URLs and converts to base64 for API compatibility
2025-10-01 23:29:25 +00:00
- Comprehensive image description
- Context - aware analysis based on user queries
2025-10-08 02:38:04 +00:00
- Automatic temporary file cleanup
2025-10-01 23:29:25 +00:00
- Proper error handling and validation
- Debug logging support
Usage :
from vision_tools import vision_analyze_tool
import asyncio
# Analyze an image
result = await vision_analyze_tool (
image_url = " https://example.com/image.jpg " ,
user_prompt = " What architectural style is this building? "
)
"""
2026-03-05 16:11:59 +03:00
import base64
2025-10-01 23:29:25 +00:00
import json
2026-02-21 03:11:11 -08:00
import logging
2025-10-01 23:29:25 +00:00
import os
import uuid
from pathlib import Path
2026-03-05 16:11:59 +03:00
from typing import Any , Awaitable , Dict , Optional
from urllib . parse import urlparse
2026-02-20 23:23:32 -08:00
import httpx
2026-03-27 15:28:19 -07:00
from agent . auxiliary_client import async_call_llm , extract_content_or_reasoning
2026-02-21 03:53:24 -08:00
from tools . debug_helpers import DebugSession
2026-03-29 20:55:04 -07:00
from tools . website_policy import check_website_access
2025-10-01 23:29:25 +00:00
2026-02-21 03:11:11 -08:00
logger = logging . getLogger ( __name__ )
2026-02-21 03:53:24 -08:00
_debug = DebugSession ( " vision_tools " , env_var = " VISION_TOOLS_DEBUG " )
2025-10-01 23:29:25 +00:00
2026-03-30 02:59:39 -07:00
# Configurable HTTP download timeout for _download_image().
# Separate from auxiliary.vision.timeout which governs the LLM API call.
# Resolution: config.yaml auxiliary.vision.download_timeout → env var → 30s default.
def _resolve_download_timeout ( ) - > float :
env_val = os . getenv ( " HERMES_VISION_DOWNLOAD_TIMEOUT " , " " ) . strip ( )
if env_val :
try :
return float ( env_val )
except ValueError :
pass
try :
from hermes_cli . config import load_config
cfg = load_config ( )
val = cfg . get ( " auxiliary " , { } ) . get ( " vision " , { } ) . get ( " download_timeout " )
if val is not None :
return float ( val )
except Exception :
pass
return 30.0
_VISION_DOWNLOAD_TIMEOUT = _resolve_download_timeout ( )
2026-04-10 12:13:42 +08:00
# Hard cap on downloaded image file size (50 MB). Prevents OOM from
# attacker-hosted multi-gigabyte files or decompression bombs.
_VISION_MAX_DOWNLOAD_BYTES = 50 * 1024 * 1024
2025-10-01 23:29:25 +00:00
def _validate_image_url ( url : str ) - > bool :
"""
Basic validation of image URL format .
Args :
url ( str ) : The URL to validate
Returns :
bool : True if URL appears to be valid , False otherwise
"""
if not url or not isinstance ( url , str ) :
return False
2026-03-05 16:11:59 +03:00
# Basic HTTP/HTTPS URL check
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
Comprehensive cleanup across 80 files based on automated (ruff, pyflakes, vulture)
and manual analysis of the entire codebase.
Changes by category:
Unused imports removed (~95 across 55 files):
- Removed genuinely unused imports from all major subsystems
- agent/, hermes_cli/, tools/, gateway/, plugins/, cron/
- Includes imports in try/except blocks that were truly unused
(vs availability checks which were left alone)
Unused variables removed (~25):
- Removed dead variables: connected, inner, channels, last_exc,
source, new_server_names, verify, pconfig, default_terminal,
result, pending_handled, temperature, loop
- Dropped unused argparse subparser assignments in hermes_cli/main.py
(12 instances of add_parser() where result was never used)
Dead code removed:
- run_agent.py: Removed dead ternary (None if False else None) and
surrounding unreachable branch in identity fallback
- run_agent.py: Removed write-only attribute _last_reported_tool
- hermes_cli/providers.py: Removed dead @property decorator on
module-level function (decorator has no effect outside a class)
- gateway/run.py: Removed unused MCP config load before reconnect
- gateway/platforms/slack.py: Removed dead SessionSource construction
Undefined name bugs fixed (would cause NameError at runtime):
- batch_runner.py: Added missing logger = logging.getLogger(__name__)
- tools/environments/daytona.py: Added missing Dict and Path imports
Unnecessary global statements removed (14):
- tools/terminal_tool.py: 5 functions declared global for dicts
they only mutated via .pop()/[key]=value (no rebinding)
- tools/browser_tool.py: cleanup thread loop only reads flag
- tools/rl_training_tool.py: 4 functions only do dict mutations
- tools/mcp_oauth.py: only reads the global
- hermes_time.py: only reads cached values
Inefficient patterns fixed:
- startswith/endswith tuple form: 15 instances of
x.startswith('a') or x.startswith('b') consolidated to
x.startswith(('a', 'b'))
- len(x)==0 / len(x)>0: 13 instances replaced with pythonic
truthiness checks (not x / bool(x))
- in dict.keys(): 5 instances simplified to in dict
- Redefined unused name: removed duplicate _strip_mdv2 import in
send_message_tool.py
Other fixes:
- hermes_cli/doctor.py: Replaced undefined logger.debug() with pass
- hermes_cli/config.py: Consolidated chained .endswith() calls
Test results: 3934 passed, 17 failed (all pre-existing on main),
19 skipped. Zero regressions.
2026-04-07 10:25:31 -07:00
if not url . startswith ( ( " http:// " , " https:// " ) ) :
2025-10-01 23:29:25 +00:00
return False
2026-03-05 16:11:59 +03:00
# Parse to ensure we at least have a network location; still allow URLs
# without file extensions (e.g. CDN endpoints that redirect to images).
parsed = urlparse ( url )
if not parsed . netloc :
return False
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
* fix(security): add SSRF protection to vision_tools and web_tools
Both vision_analyze and web_extract/web_crawl accept arbitrary URLs
without checking if they target private/internal network addresses.
A prompt-injected or malicious skill could use this to access cloud
metadata endpoints (169.254.169.254), localhost services, or private
network hosts.
Adds a shared url_safety.is_safe_url() that resolves hostnames and
blocks private, loopback, link-local, and reserved IP ranges. Also
blocks known internal hostnames (metadata.google.internal).
Integrated at the URL validation layer in vision_tools and before
each website_policy check in web_tools (extract, crawl).
* test(vision): update localhost test to reflect SSRF protection
The existing test_valid_url_with_port asserted localhost URLs pass
validation. With SSRF protection, localhost is now correctly blocked.
Update the test to verify the block, and add a separate test for
valid URLs with ports using a public hostname.
* fix(security): harden SSRF protection — fail-closed, CGNAT, multicast, redirect guard
Follow-up hardening on top of dieutx's SSRF protection (PR #2630):
- Change fail-open to fail-closed: DNS errors and unexpected exceptions
now block the request instead of allowing it (OWASP best practice)
- Block CGNAT range (100.64.0.0/10): Python's ipaddress.is_private
does NOT cover this range (returns False for both is_private and
is_global). Used by Tailscale/WireGuard and carrier infrastructure.
- Add is_multicast and is_unspecified checks: multicast (224.0.0.0/4)
and unspecified (0.0.0.0) addresses were not caught by the original
four-check chain
- Add redirect guard for vision_tools: httpx event hook re-validates
each redirect target against SSRF checks, preventing the classic
redirect-based SSRF bypass (302 to internal IP)
- Move SSRF filtering before backend dispatch in web_extract: now
covers Parallel and Tavily backends, not just Firecrawl
- Extract _is_blocked_ip() helper for cleaner IP range checking
- Add 24 new tests (CGNAT, multicast, IPv4-mapped IPv6, fail-closed
behavior, parametrized blocked/allowed IP lists)
- Fix existing tests to mock DNS resolution for test hostnames
---------
Co-authored-by: dieutx <dangtc94@gmail.com>
2026-03-23 15:40:42 -07:00
# Block private/internal addresses to prevent SSRF
from tools . url_safety import is_safe_url
if not is_safe_url ( url ) :
return False
return True
2025-10-01 23:29:25 +00:00
2026-03-29 20:55:04 -07:00
def _detect_image_mime_type ( image_path : Path ) - > Optional [ str ] :
""" Return a MIME type when the file looks like a supported image. """
with image_path . open ( " rb " ) as f :
header = f . read ( 64 )
if header . startswith ( b " \x89 PNG \r \n \x1a \n " ) :
return " image/png "
if header . startswith ( b " \xff \xd8 \xff " ) :
return " image/jpeg "
if header . startswith ( ( b " GIF87a " , b " GIF89a " ) ) :
return " image/gif "
if header . startswith ( b " BM " ) :
return " image/bmp "
if len ( header ) > = 12 and header [ : 4 ] == b " RIFF " and header [ 8 : 12 ] == b " WEBP " :
return " image/webp "
if image_path . suffix . lower ( ) == " .svg " :
head = image_path . read_text ( encoding = " utf-8 " , errors = " ignore " ) [ : 4096 ] . lower ( )
if " <svg " in head :
return " image/svg+xml "
return None
2026-01-18 10:11:59 +00:00
async def _download_image ( image_url : str , destination : Path , max_retries : int = 3 ) - > Path :
2025-10-08 02:38:04 +00:00
"""
2026-01-18 10:11:59 +00:00
Download an image from a URL to a local destination ( async ) with retry logic .
2025-10-08 02:38:04 +00:00
Args :
image_url ( str ) : The URL of the image to download
destination ( Path ) : The path where the image should be saved
2026-01-18 10:11:59 +00:00
max_retries ( int ) : Maximum number of retry attempts ( default : 3 )
2025-10-08 02:38:04 +00:00
Returns :
Path : The path to the downloaded image
Raises :
2026-01-18 10:11:59 +00:00
Exception : If download fails after all retries
2025-10-08 02:38:04 +00:00
"""
2026-01-18 10:11:59 +00:00
import asyncio
2025-10-08 02:38:04 +00:00
# Create parent directories if they don't exist
destination . parent . mkdir ( parents = True , exist_ok = True )
2026-03-23 15:44:52 -07:00
async def _ssrf_redirect_guard ( response ) :
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
* fix(security): add SSRF protection to vision_tools and web_tools
Both vision_analyze and web_extract/web_crawl accept arbitrary URLs
without checking if they target private/internal network addresses.
A prompt-injected or malicious skill could use this to access cloud
metadata endpoints (169.254.169.254), localhost services, or private
network hosts.
Adds a shared url_safety.is_safe_url() that resolves hostnames and
blocks private, loopback, link-local, and reserved IP ranges. Also
blocks known internal hostnames (metadata.google.internal).
Integrated at the URL validation layer in vision_tools and before
each website_policy check in web_tools (extract, crawl).
* test(vision): update localhost test to reflect SSRF protection
The existing test_valid_url_with_port asserted localhost URLs pass
validation. With SSRF protection, localhost is now correctly blocked.
Update the test to verify the block, and add a separate test for
valid URLs with ports using a public hostname.
* fix(security): harden SSRF protection — fail-closed, CGNAT, multicast, redirect guard
Follow-up hardening on top of dieutx's SSRF protection (PR #2630):
- Change fail-open to fail-closed: DNS errors and unexpected exceptions
now block the request instead of allowing it (OWASP best practice)
- Block CGNAT range (100.64.0.0/10): Python's ipaddress.is_private
does NOT cover this range (returns False for both is_private and
is_global). Used by Tailscale/WireGuard and carrier infrastructure.
- Add is_multicast and is_unspecified checks: multicast (224.0.0.0/4)
and unspecified (0.0.0.0) addresses were not caught by the original
four-check chain
- Add redirect guard for vision_tools: httpx event hook re-validates
each redirect target against SSRF checks, preventing the classic
redirect-based SSRF bypass (302 to internal IP)
- Move SSRF filtering before backend dispatch in web_extract: now
covers Parallel and Tavily backends, not just Firecrawl
- Extract _is_blocked_ip() helper for cleaner IP range checking
- Add 24 new tests (CGNAT, multicast, IPv4-mapped IPv6, fail-closed
behavior, parametrized blocked/allowed IP lists)
- Fix existing tests to mock DNS resolution for test hostnames
---------
Co-authored-by: dieutx <dangtc94@gmail.com>
2026-03-23 15:40:42 -07:00
""" Re-validate each redirect target to prevent redirect-based SSRF.
Without this , an attacker can host a public URL that 302 - redirects
to http : / / 169.254 .169 .254 / and bypass the pre - flight is_safe_url check .
2026-03-23 15:44:52 -07:00
Must be async because httpx . AsyncClient awaits event hooks .
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
* fix(security): add SSRF protection to vision_tools and web_tools
Both vision_analyze and web_extract/web_crawl accept arbitrary URLs
without checking if they target private/internal network addresses.
A prompt-injected or malicious skill could use this to access cloud
metadata endpoints (169.254.169.254), localhost services, or private
network hosts.
Adds a shared url_safety.is_safe_url() that resolves hostnames and
blocks private, loopback, link-local, and reserved IP ranges. Also
blocks known internal hostnames (metadata.google.internal).
Integrated at the URL validation layer in vision_tools and before
each website_policy check in web_tools (extract, crawl).
* test(vision): update localhost test to reflect SSRF protection
The existing test_valid_url_with_port asserted localhost URLs pass
validation. With SSRF protection, localhost is now correctly blocked.
Update the test to verify the block, and add a separate test for
valid URLs with ports using a public hostname.
* fix(security): harden SSRF protection — fail-closed, CGNAT, multicast, redirect guard
Follow-up hardening on top of dieutx's SSRF protection (PR #2630):
- Change fail-open to fail-closed: DNS errors and unexpected exceptions
now block the request instead of allowing it (OWASP best practice)
- Block CGNAT range (100.64.0.0/10): Python's ipaddress.is_private
does NOT cover this range (returns False for both is_private and
is_global). Used by Tailscale/WireGuard and carrier infrastructure.
- Add is_multicast and is_unspecified checks: multicast (224.0.0.0/4)
and unspecified (0.0.0.0) addresses were not caught by the original
four-check chain
- Add redirect guard for vision_tools: httpx event hook re-validates
each redirect target against SSRF checks, preventing the classic
redirect-based SSRF bypass (302 to internal IP)
- Move SSRF filtering before backend dispatch in web_extract: now
covers Parallel and Tavily backends, not just Firecrawl
- Extract _is_blocked_ip() helper for cleaner IP range checking
- Add 24 new tests (CGNAT, multicast, IPv4-mapped IPv6, fail-closed
behavior, parametrized blocked/allowed IP lists)
- Fix existing tests to mock DNS resolution for test hostnames
---------
Co-authored-by: dieutx <dangtc94@gmail.com>
2026-03-23 15:40:42 -07:00
"""
if response . is_redirect and response . next_request :
redirect_url = str ( response . next_request . url )
from tools . url_safety import is_safe_url
if not is_safe_url ( redirect_url ) :
raise ValueError (
f " Blocked redirect to private/internal address: { redirect_url } "
)
2026-01-18 10:11:59 +00:00
last_error = None
for attempt in range ( max_retries ) :
try :
2026-03-29 20:55:04 -07:00
blocked = check_website_access ( image_url )
if blocked :
raise PermissionError ( blocked [ " message " ] )
2026-01-18 10:11:59 +00:00
# Download the image with appropriate headers using async httpx
2026-01-29 06:10:24 +00:00
# Enable follow_redirects to handle image CDNs that redirect (e.g., Imgur, Picsum)
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
* fix(security): add SSRF protection to vision_tools and web_tools
Both vision_analyze and web_extract/web_crawl accept arbitrary URLs
without checking if they target private/internal network addresses.
A prompt-injected or malicious skill could use this to access cloud
metadata endpoints (169.254.169.254), localhost services, or private
network hosts.
Adds a shared url_safety.is_safe_url() that resolves hostnames and
blocks private, loopback, link-local, and reserved IP ranges. Also
blocks known internal hostnames (metadata.google.internal).
Integrated at the URL validation layer in vision_tools and before
each website_policy check in web_tools (extract, crawl).
* test(vision): update localhost test to reflect SSRF protection
The existing test_valid_url_with_port asserted localhost URLs pass
validation. With SSRF protection, localhost is now correctly blocked.
Update the test to verify the block, and add a separate test for
valid URLs with ports using a public hostname.
* fix(security): harden SSRF protection — fail-closed, CGNAT, multicast, redirect guard
Follow-up hardening on top of dieutx's SSRF protection (PR #2630):
- Change fail-open to fail-closed: DNS errors and unexpected exceptions
now block the request instead of allowing it (OWASP best practice)
- Block CGNAT range (100.64.0.0/10): Python's ipaddress.is_private
does NOT cover this range (returns False for both is_private and
is_global). Used by Tailscale/WireGuard and carrier infrastructure.
- Add is_multicast and is_unspecified checks: multicast (224.0.0.0/4)
and unspecified (0.0.0.0) addresses were not caught by the original
four-check chain
- Add redirect guard for vision_tools: httpx event hook re-validates
each redirect target against SSRF checks, preventing the classic
redirect-based SSRF bypass (302 to internal IP)
- Move SSRF filtering before backend dispatch in web_extract: now
covers Parallel and Tavily backends, not just Firecrawl
- Extract _is_blocked_ip() helper for cleaner IP range checking
- Add 24 new tests (CGNAT, multicast, IPv4-mapped IPv6, fail-closed
behavior, parametrized blocked/allowed IP lists)
- Fix existing tests to mock DNS resolution for test hostnames
---------
Co-authored-by: dieutx <dangtc94@gmail.com>
2026-03-23 15:40:42 -07:00
# SSRF: event_hooks validates each redirect target against private IP ranges
async with httpx . AsyncClient (
2026-03-30 02:59:39 -07:00
timeout = _VISION_DOWNLOAD_TIMEOUT ,
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
* fix(security): add SSRF protection to vision_tools and web_tools
Both vision_analyze and web_extract/web_crawl accept arbitrary URLs
without checking if they target private/internal network addresses.
A prompt-injected or malicious skill could use this to access cloud
metadata endpoints (169.254.169.254), localhost services, or private
network hosts.
Adds a shared url_safety.is_safe_url() that resolves hostnames and
blocks private, loopback, link-local, and reserved IP ranges. Also
blocks known internal hostnames (metadata.google.internal).
Integrated at the URL validation layer in vision_tools and before
each website_policy check in web_tools (extract, crawl).
* test(vision): update localhost test to reflect SSRF protection
The existing test_valid_url_with_port asserted localhost URLs pass
validation. With SSRF protection, localhost is now correctly blocked.
Update the test to verify the block, and add a separate test for
valid URLs with ports using a public hostname.
* fix(security): harden SSRF protection — fail-closed, CGNAT, multicast, redirect guard
Follow-up hardening on top of dieutx's SSRF protection (PR #2630):
- Change fail-open to fail-closed: DNS errors and unexpected exceptions
now block the request instead of allowing it (OWASP best practice)
- Block CGNAT range (100.64.0.0/10): Python's ipaddress.is_private
does NOT cover this range (returns False for both is_private and
is_global). Used by Tailscale/WireGuard and carrier infrastructure.
- Add is_multicast and is_unspecified checks: multicast (224.0.0.0/4)
and unspecified (0.0.0.0) addresses were not caught by the original
four-check chain
- Add redirect guard for vision_tools: httpx event hook re-validates
each redirect target against SSRF checks, preventing the classic
redirect-based SSRF bypass (302 to internal IP)
- Move SSRF filtering before backend dispatch in web_extract: now
covers Parallel and Tavily backends, not just Firecrawl
- Extract _is_blocked_ip() helper for cleaner IP range checking
- Add 24 new tests (CGNAT, multicast, IPv4-mapped IPv6, fail-closed
behavior, parametrized blocked/allowed IP lists)
- Fix existing tests to mock DNS resolution for test hostnames
---------
Co-authored-by: dieutx <dangtc94@gmail.com>
2026-03-23 15:40:42 -07:00
follow_redirects = True ,
event_hooks = { " response " : [ _ssrf_redirect_guard ] } ,
) as client :
2026-01-18 10:11:59 +00:00
response = await client . get (
image_url ,
2026-01-29 06:10:24 +00:00
headers = {
" User-Agent " : " Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 " ,
" Accept " : " image/*,*/*;q=0.8 " ,
} ,
2026-01-18 10:11:59 +00:00
)
response . raise_for_status ( )
2026-03-29 20:55:04 -07:00
2026-04-10 12:13:42 +08:00
# Reject overly large images early via Content-Length header.
cl = response . headers . get ( " content-length " )
if cl and int ( cl ) > _VISION_MAX_DOWNLOAD_BYTES :
raise ValueError (
f " Image too large ( { int ( cl ) } bytes, max { _VISION_MAX_DOWNLOAD_BYTES } ) "
)
2026-03-29 20:55:04 -07:00
final_url = str ( response . url )
blocked = check_website_access ( final_url )
if blocked :
raise PermissionError ( blocked [ " message " ] )
2026-01-18 10:11:59 +00:00
2026-04-10 12:13:42 +08:00
# Save the image content (double-check actual size)
body = response . content
if len ( body ) > _VISION_MAX_DOWNLOAD_BYTES :
raise ValueError (
f " Image too large ( { len ( body ) } bytes, max { _VISION_MAX_DOWNLOAD_BYTES } ) "
)
destination . write_bytes ( body )
2026-01-18 10:11:59 +00:00
return destination
except Exception as e :
last_error = e
if attempt < max_retries - 1 :
wait_time = 2 * * ( attempt + 1 ) # 2s, 4s, 8s
2026-02-21 03:11:11 -08:00
logger . warning ( " Image download failed (attempt %s / %s ): %s " , attempt + 1 , max_retries , str ( e ) [ : 50 ] )
logger . warning ( " Retrying in %s s... " , wait_time )
2026-01-18 10:11:59 +00:00
await asyncio . sleep ( wait_time )
else :
2026-03-05 16:11:59 +03:00
logger . error (
" Image download failed after %s attempts: %s " ,
max_retries ,
str ( e ) [ : 100 ] ,
exc_info = True ,
)
2025-10-08 02:38:04 +00:00
2026-03-30 02:59:39 -07:00
if last_error is None :
raise RuntimeError (
f " _download_image exited retry loop without attempting (max_retries= { max_retries } ) "
)
2026-01-18 10:11:59 +00:00
raise last_error
2025-10-08 02:38:04 +00:00
def _determine_mime_type ( image_path : Path ) - > str :
"""
Determine the MIME type of an image based on its file extension .
Args :
image_path ( Path ) : Path to the image file
Returns :
str : The MIME type ( defaults to image / jpeg if unknown )
"""
extension = image_path . suffix . lower ( )
mime_types = {
' .jpg ' : ' image/jpeg ' ,
' .jpeg ' : ' image/jpeg ' ,
' .png ' : ' image/png ' ,
' .gif ' : ' image/gif ' ,
' .bmp ' : ' image/bmp ' ,
' .webp ' : ' image/webp ' ,
' .svg ' : ' image/svg+xml '
}
return mime_types . get ( extension , ' image/jpeg ' )
def _image_to_base64_data_url ( image_path : Path , mime_type : Optional [ str ] = None ) - > str :
"""
Convert an image file to a base64 - encoded data URL .
Args :
image_path ( Path ) : Path to the image file
mime_type ( Optional [ str ] ) : MIME type of the image ( auto - detected if None )
Returns :
str : Base64 - encoded data URL ( e . g . , " data:image/jpeg;base64,... " )
"""
# Read the image as bytes
data = image_path . read_bytes ( )
# Encode to base64
encoded = base64 . b64encode ( data ) . decode ( " ascii " )
# Determine MIME type
mime = mime_type or _determine_mime_type ( image_path )
# Create data URL
data_url = f " data: { mime } ;base64, { encoded } "
return data_url
2026-04-11 11:07:18 -07:00
# Hard limit for vision API payloads (20 MB) — matches the most restrictive
# major provider (Gemini inline data limit). Images above this are rejected.
_MAX_BASE64_BYTES = 20 * 1024 * 1024
# Target size when auto-resizing on API failure (5 MB). After a provider
# rejects an image, we downscale to this target and retry once.
_RESIZE_TARGET_BYTES = 5 * 1024 * 1024
def _is_image_size_error ( error : Exception ) - > bool :
""" Detect if an API error is related to image or payload size. """
err_str = str ( error ) . lower ( )
return any ( hint in err_str for hint in (
" too large " , " payload " , " 413 " , " content_too_large " ,
" request_too_large " , " image_url " , " invalid_request " ,
" exceeds " , " size limit " ,
) )
def _resize_image_for_vision ( image_path : Path , mime_type : Optional [ str ] = None ,
max_base64_bytes : int = _RESIZE_TARGET_BYTES ) - > str :
""" Convert an image to a base64 data URL, auto-resizing if too large.
Tries Pillow first to progressively downscale oversized images . If Pillow
is not installed or resizing still exceeds the limit , falls back to the raw
bytes and lets the caller handle the size check .
Returns the base64 data URL string .
"""
# Quick file-size estimate: base64 expands by ~4/3, plus data URL header.
# Skip the expensive full-read + encode if Pillow can resize directly.
file_size = image_path . stat ( ) . st_size
estimated_b64 = ( file_size * 4 ) / / 3 + 100 # ~header overhead
if estimated_b64 < = max_base64_bytes :
# Small enough — just encode directly.
data_url = _image_to_base64_data_url ( image_path , mime_type = mime_type )
if len ( data_url ) < = max_base64_bytes :
return data_url
else :
data_url = None # defer full encode; try Pillow resize first
# Attempt auto-resize with Pillow (soft dependency)
try :
from PIL import Image
import io as _io
except ImportError :
logger . info ( " Pillow not installed — cannot auto-resize oversized image " )
if data_url is None :
data_url = _image_to_base64_data_url ( image_path , mime_type = mime_type )
return data_url # caller will raise the size error
logger . info ( " Image file is %.1f MB (estimated base64 %.1f MB, limit %.1f MB), auto-resizing... " ,
file_size / ( 1024 * 1024 ) , estimated_b64 / ( 1024 * 1024 ) ,
max_base64_bytes / ( 1024 * 1024 ) )
mime = mime_type or _determine_mime_type ( image_path )
# Choose output format: JPEG for photos (smaller), PNG for transparency
pil_format = " PNG " if mime == " image/png " else " JPEG "
out_mime = " image/png " if pil_format == " PNG " else " image/jpeg "
try :
img = Image . open ( image_path )
except Exception as exc :
logger . info ( " Pillow cannot open image for resizing: %s " , exc )
if data_url is None :
data_url = _image_to_base64_data_url ( image_path , mime_type = mime_type )
return data_url # fall through to size-check in caller
# Convert RGBA to RGB for JPEG output
if pil_format == " JPEG " and img . mode in ( " RGBA " , " P " ) :
img = img . convert ( " RGB " )
# Strategy: halve dimensions until base64 fits, up to 4 rounds.
# For JPEG, also try reducing quality at each size step.
# For PNG, quality is irrelevant — only dimension reduction helps.
quality_steps = ( 85 , 70 , 50 ) if pil_format == " JPEG " else ( None , )
prev_dims = ( img . width , img . height )
candidate = None # will be set on first loop iteration
for attempt in range ( 5 ) :
if attempt > 0 :
2026-04-11 21:42:47 +03:00
# Proportional scaling: halve the longer side and scale the
# shorter side to preserve aspect ratio (min dimension 64).
scale = 0.5
new_w = max ( int ( img . width * scale ) , 64 )
new_h = max ( int ( img . height * scale ) , 64 )
# Re-derive the scale from whichever dimension hit the floor
# so both axes shrink by the same factor.
if new_w == 64 and img . width > 0 :
effective_scale = 64 / img . width
new_h = max ( int ( img . height * effective_scale ) , 64 )
elif new_h == 64 and img . height > 0 :
effective_scale = 64 / img . height
new_w = max ( int ( img . width * effective_scale ) , 64 )
2026-04-11 11:07:18 -07:00
# Stop if dimensions can't shrink further
if ( new_w , new_h ) == prev_dims :
break
img = img . resize ( ( new_w , new_h ) , Image . LANCZOS )
prev_dims = ( new_w , new_h )
logger . info ( " Resized to %d x %d (attempt %d ) " , new_w , new_h , attempt )
for q in quality_steps :
buf = _io . BytesIO ( )
save_kwargs = { " format " : pil_format }
if q is not None :
save_kwargs [ " quality " ] = q
img . save ( buf , * * save_kwargs )
encoded = base64 . b64encode ( buf . getvalue ( ) ) . decode ( " ascii " )
candidate = f " data: { out_mime } ;base64, { encoded } "
if len ( candidate ) < = max_base64_bytes :
logger . info ( " Auto-resized image fits: %.1f MB (quality= %s , %d x %d ) " ,
len ( candidate ) / ( 1024 * 1024 ) , q ,
img . width , img . height )
return candidate
# If we still can't get it small enough, return the best attempt
# and let the caller decide
if candidate is not None :
logger . warning ( " Auto-resize could not fit image under %.1f MB (best: %.1f MB) " ,
max_base64_bytes / ( 1024 * 1024 ) , len ( candidate ) / ( 1024 * 1024 ) )
return candidate
# Shouldn't reach here, but fall back to full encode
return data_url or _image_to_base64_data_url ( image_path , mime_type = mime_type )
2025-10-01 23:29:25 +00:00
async def vision_analyze_tool (
image_url : str ,
user_prompt : str ,
2026-03-11 20:52:19 -07:00
model : str = None ,
2025-10-01 23:29:25 +00:00
) - > str :
"""
2026-02-15 16:10:50 -08:00
Analyze an image from a URL or local file path using vision AI .
2025-10-01 23:29:25 +00:00
2026-02-15 16:10:50 -08:00
This tool accepts either an HTTP / HTTPS URL or a local file path . For URLs ,
it downloads the image first . In both cases , the image is converted to base64
and processed using Gemini 3 Flash Preview via OpenRouter API .
2025-10-08 02:38:04 +00:00
2025-10-01 23:29:25 +00:00
The user_prompt parameter is expected to be pre - formatted by the calling
function ( typically model_tools . py ) to include both full description
requests and specific questions .
Args :
2026-02-15 16:10:50 -08:00
image_url ( str ) : The URL or local file path of the image to analyze .
Accepts http : / / , https : / / URLs or absolute / relative file paths .
2025-10-01 23:29:25 +00:00
user_prompt ( str ) : The pre - formatted prompt for the vision model
2026-01-14 13:40:10 +00:00
model ( str ) : The vision model to use ( default : google / gemini - 3 - flash - preview )
2025-10-01 23:29:25 +00:00
Returns :
str : JSON string containing the analysis results with the following structure :
{
" success " : bool ,
" analysis " : str ( defaults to error message if None )
}
Raises :
2025-10-08 02:38:04 +00:00
Exception : If download fails , analysis fails , or API key is not set
Note :
2026-02-15 16:10:50 -08:00
- For URLs , temporary images are stored in . / temp_vision_images / and cleaned up
- For local file paths , the file is used directly and NOT deleted
2025-10-08 02:38:04 +00:00
- Supports common image formats ( JPEG , PNG , GIF , WebP , etc . )
2025-10-01 23:29:25 +00:00
"""
debug_call_data = {
" parameters " : {
" image_url " : image_url ,
2025-10-15 18:07:06 +00:00
" user_prompt " : user_prompt [ : 200 ] + " ... " if len ( user_prompt ) > 200 else user_prompt ,
2025-10-01 23:29:25 +00:00
" model " : model
} ,
" error " : None ,
" success " : False ,
" analysis_length " : 0 ,
2025-10-15 18:07:06 +00:00
" model_used " : model ,
" image_size_bytes " : 0
2025-10-01 23:29:25 +00:00
}
2025-10-08 02:38:04 +00:00
temp_image_path = None
2026-02-15 16:10:50 -08:00
# Track whether we should clean up the file after processing.
# Local files (e.g. from the image cache) should NOT be deleted.
should_cleanup = True
2026-03-29 20:55:04 -07:00
detected_mime_type = None
2025-10-08 02:38:04 +00:00
2025-10-01 23:29:25 +00:00
try :
2026-02-23 02:11:33 -08:00
from tools . interrupt import is_interrupted
if is_interrupted ( ) :
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
Add three reusable helpers to eliminate pervasive boilerplate:
tools/registry.py — tool_error() and tool_result():
Every tool handler returns JSON strings. The pattern
json.dumps({"error": msg}, ensure_ascii=False) appeared 106 times,
and json.dumps({"success": False, "error": msg}, ...) another 23.
Now: tool_error(msg) or tool_error(msg, success=False).
tool_result() handles arbitrary result dicts:
tool_result(success=True, data=payload) or tool_result(some_dict).
hermes_cli/config.py — read_raw_config():
Lightweight YAML reader that returns the raw config dict without
load_config()'s deep-merge + migration overhead. Available for
callsites that just need a single config value.
Migration (129 callsites across 32 files):
- tools/: browser_camofox (18), file_tools (10), homeassistant (8),
web_tools (7), skill_manager (7), cronjob (11), code_execution (4),
delegate (5), send_message (4), tts (4), memory (7), session_search (3),
mcp (2), clarify (2), skills_tool (3), todo (1), vision (1),
browser (1), process_registry (2), image_gen (1)
- plugins/memory/: honcho (9), supermemory (9), hindsight (8),
holographic (7), openviking (7), mem0 (7), byterover (6), retaindb (2)
- agent/: memory_manager (2), builtin_memory_provider (1)
2026-04-07 13:36:20 -07:00
return tool_error ( " Interrupted " , success = False )
2026-02-23 02:11:33 -08:00
2026-02-21 03:11:11 -08:00
logger . info ( " Analyzing image: %s " , image_url [ : 60 ] )
logger . info ( " User prompt: %s " , user_prompt [ : 100 ] )
2025-10-01 23:29:25 +00:00
2026-02-15 16:10:50 -08:00
# Determine if this is a local file path or a remote URL
2026-04-10 15:11:14 +10:00
# Strip file:// scheme so file URIs resolve as local paths.
resolved_url = image_url
if resolved_url . startswith ( " file:// " ) :
resolved_url = resolved_url [ len ( " file:// " ) : ]
local_path = Path ( os . path . expanduser ( resolved_url ) )
2026-02-15 16:10:50 -08:00
if local_path . is_file ( ) :
# Local file path (e.g. from platform image cache) -- skip download
2026-02-21 03:11:11 -08:00
logger . info ( " Using local image file: %s " , image_url )
2026-02-15 16:10:50 -08:00
temp_image_path = local_path
should_cleanup = False # Don't delete cached/local files
elif _validate_image_url ( image_url ) :
# Remote URL -- download to a temporary location
2026-03-29 20:55:04 -07:00
blocked = check_website_access ( image_url )
if blocked :
raise PermissionError ( blocked [ " message " ] )
2026-02-21 03:11:11 -08:00
logger . info ( " Downloading image from URL... " )
2026-02-15 16:10:50 -08:00
temp_dir = Path ( " ./temp_vision_images " )
temp_image_path = temp_dir / f " temp_image_ { uuid . uuid4 ( ) } .jpg "
await _download_image ( image_url , temp_image_path )
should_cleanup = True
else :
raise ValueError (
" Invalid image source. Provide an HTTP/HTTPS URL or a valid local file path. "
)
2025-10-15 18:07:06 +00:00
# Get image file size for logging
image_size_bytes = temp_image_path . stat ( ) . st_size
image_size_kb = image_size_bytes / 1024
2026-02-21 03:11:11 -08:00
logger . info ( " Image ready ( %.1f KB) " , image_size_kb )
2026-03-29 20:55:04 -07:00
detected_mime_type = _detect_image_mime_type ( temp_image_path )
if not detected_mime_type :
raise ValueError ( " Only real image files are supported for vision analysis. " )
2025-10-08 02:38:04 +00:00
2026-04-11 11:07:18 -07:00
# Convert image to base64 — send at full resolution first.
# If the provider rejects it as too large, we auto-resize and retry.
2026-02-21 03:11:11 -08:00
logger . info ( " Converting image to base64... " )
2026-03-29 20:55:04 -07:00
image_data_url = _image_to_base64_data_url ( temp_image_path , mime_type = detected_mime_type )
2025-10-15 18:07:06 +00:00
data_size_kb = len ( image_data_url ) / 1024
2026-02-21 03:11:11 -08:00
logger . info ( " Image converted to base64 ( %.1f KB) " , data_size_kb )
2026-04-10 15:11:14 +10:00
2026-04-11 11:07:18 -07:00
# Hard limit (20 MB) — no provider accepts payloads this large.
2026-04-10 15:11:14 +10:00
if len ( image_data_url ) > _MAX_BASE64_BYTES :
2026-04-11 11:07:18 -07:00
# Try to resize down to 5 MB before giving up.
image_data_url = _resize_image_for_vision (
temp_image_path , mime_type = detected_mime_type )
if len ( image_data_url ) > _MAX_BASE64_BYTES :
raise ValueError (
f " Image too large for vision API: base64 payload is "
f " { len ( image_data_url ) / ( 1024 * 1024 ) : .1f } MB "
f " (limit { _MAX_BASE64_BYTES / ( 1024 * 1024 ) : .0f } MB) "
f " even after resizing. "
f " Install Pillow (`pip install Pillow`) for better auto-resize, "
f " or compress the image manually. "
)
2026-04-10 15:11:14 +10:00
2025-10-15 18:07:06 +00:00
debug_call_data [ " image_size_bytes " ] = image_size_bytes
2025-10-08 02:38:04 +00:00
2025-10-01 23:29:25 +00:00
# Use the prompt as provided (model_tools.py now handles full description formatting)
comprehensive_prompt = user_prompt
2025-10-08 02:38:04 +00:00
# Prepare the message with base64-encoded image
2025-10-01 23:29:25 +00:00
messages = [
{
" role " : " user " ,
" content " : [
{
" type " : " text " ,
" text " : comprehensive_prompt
} ,
{
" type " : " image_url " ,
" image_url " : {
2025-10-08 02:38:04 +00:00
" url " : image_data_url
2025-10-01 23:29:25 +00:00
}
}
]
}
]
2026-03-11 20:52:19 -07:00
logger . info ( " Processing image with vision model... " )
2025-10-01 23:29:25 +00:00
2026-03-22 05:28:24 -07:00
# Call the vision API via centralized router.
fix: browser_vision ignores auxiliary.vision.timeout config (#2901)
* docs: unify hooks documentation — add plugin hooks to hooks page, add session:end event
The hooks page only documented gateway event hooks (HOOK.yaml system).
The plugins page listed plugin hooks (pre_tool_call, etc.) that weren't
referenced from the hooks page, which was confusing.
Changes:
- hooks.md: Add overview table showing both hook systems
- hooks.md: Add Plugin Hooks section with available hooks, callback
signatures, and example
- hooks.md: Add missing session:end gateway event (emitted but undocumented)
- hooks.md: Mark pre_llm_call, post_llm_call, on_session_start,
on_session_end as planned (defined in VALID_HOOKS but not yet invoked)
- hooks.md: Update info box to cross-reference plugin hooks
- hooks.md: Fix heading hierarchy (gateway content as subsections)
- plugins.md: Add cross-reference to hooks page for full details
- plugins.md: Mark planned hooks as (planned)
* fix: browser_vision ignores auxiliary.vision.timeout config
browser_vision called call_llm() without passing a timeout parameter,
so it always used the 30-second default in auxiliary_client.py. This
made vision analysis with local models (llama.cpp, ollama) impossible
since they typically need more than 30s for screenshot analysis.
Now browser_vision reads auxiliary.vision.timeout from config.yaml
(same config key that vision_analyze already uses) and passes it
through to call_llm().
Also bumped the default vision timeout from 30s to 120s in both
browser_vision and vision_analyze — 30s is too aggressive for local
models and the previous default silently failed for anyone running
vision locally.
Fixes user report from GamerGB1988.
2026-03-24 19:10:12 -07:00
# Read timeout from config.yaml (auxiliary.vision.timeout), default 120s.
# Local vision models (llama.cpp, ollama) can take well over 30s.
vision_timeout = 120.0
2026-04-04 11:14:53 +05:30
vision_temperature = 0.1
2026-03-22 05:28:24 -07:00
try :
from hermes_cli . config import load_config
_cfg = load_config ( )
2026-04-04 11:14:53 +05:30
_vision_cfg = _cfg . get ( " auxiliary " , { } ) . get ( " vision " , { } )
_vt = _vision_cfg . get ( " timeout " )
2026-03-22 05:28:24 -07:00
if _vt is not None :
vision_timeout = float ( _vt )
2026-04-04 11:14:53 +05:30
_vtemp = _vision_cfg . get ( " temperature " )
if _vtemp is not None :
vision_temperature = float ( _vtemp )
2026-03-22 05:28:24 -07:00
except Exception :
pass
2026-03-11 20:52:19 -07:00
call_kwargs = {
" task " : " vision " ,
" messages " : messages ,
2026-04-04 11:14:53 +05:30
" temperature " : vision_temperature ,
2026-03-11 20:52:19 -07:00
" max_tokens " : 2000 ,
2026-03-22 05:28:24 -07:00
" timeout " : vision_timeout ,
2026-03-11 20:52:19 -07:00
}
if model :
call_kwargs [ " model " ] = model
2026-04-11 11:07:18 -07:00
# Try full-size image first; on size-related rejection, downscale and retry.
try :
response = await async_call_llm ( * * call_kwargs )
except Exception as _api_err :
if ( _is_image_size_error ( _api_err )
and len ( image_data_url ) > _RESIZE_TARGET_BYTES ) :
logger . info (
" API rejected image ( %.1f MB, likely too large); "
" auto-resizing to ~ %.0f MB and retrying... " ,
len ( image_data_url ) / ( 1024 * 1024 ) ,
_RESIZE_TARGET_BYTES / ( 1024 * 1024 ) ,
)
image_data_url = _resize_image_for_vision (
temp_image_path , mime_type = detected_mime_type )
messages [ 0 ] [ " content " ] [ 1 ] [ " image_url " ] [ " url " ] = image_data_url
response = await async_call_llm ( * * call_kwargs )
else :
raise
2025-10-01 23:29:25 +00:00
2026-03-27 15:28:19 -07:00
# Extract the analysis — fall back to reasoning if content is empty
analysis = extract_content_or_reasoning ( response )
# Retry once on empty content (reasoning-only response)
if not analysis :
logger . warning ( " Vision LLM returned empty content, retrying once " )
response = await async_call_llm ( * * call_kwargs )
analysis = extract_content_or_reasoning ( response )
2025-10-01 23:29:25 +00:00
analysis_length = len ( analysis )
2026-02-21 03:11:11 -08:00
logger . info ( " Image analysis completed ( %s characters) " , analysis_length )
2025-10-01 23:29:25 +00:00
# Prepare successful response
result = {
" success " : True ,
" analysis " : analysis or " There was a problem with the request and the image could not be analyzed. "
}
debug_call_data [ " success " ] = True
debug_call_data [ " analysis_length " ] = analysis_length
# Log debug information
2026-02-21 03:53:24 -08:00
_debug . log_call ( " vision_analyze_tool " , debug_call_data )
_debug . save ( )
2025-10-01 23:29:25 +00:00
2025-11-05 03:47:17 +00:00
return json . dumps ( result , indent = 2 , ensure_ascii = False )
2025-10-01 23:29:25 +00:00
except Exception as e :
error_msg = f " Error analyzing image: { str ( e ) } "
2026-03-05 16:11:59 +03:00
logger . error ( " %s " , error_msg , exc_info = True )
2025-10-01 23:29:25 +00:00
feat: centralized provider router + fix Codex vision bypass + vision error handling
Three interconnected fixes for auxiliary client infrastructure:
1. CENTRALIZED PROVIDER ROUTER (auxiliary_client.py)
Add resolve_provider_client(provider, model, async_mode) — a single
entry point for creating properly configured clients. Given a provider
name and optional model, it handles auth lookup (env vars, OAuth
tokens, auth.json), base URL resolution, provider-specific headers,
and API format differences (Chat Completions vs Responses API for
Codex). All auxiliary consumers should route through this instead of
ad-hoc env var lookups.
Refactored get_text_auxiliary_client, get_async_text_auxiliary_client,
and get_vision_auxiliary_client to use the router internally.
2. FIX CODEX VISION BYPASS (vision_tools.py)
vision_tools.py was constructing a raw AsyncOpenAI client from the
sync vision client's api_key/base_url, completely bypassing the Codex
Responses API adapter. When the vision provider resolved to Codex,
the raw client would hit chatgpt.com/backend-api/codex with
chat.completions.create() which only supports the Responses API.
Fix: Added get_async_vision_auxiliary_client() which properly wraps
Codex into AsyncCodexAuxiliaryClient. vision_tools.py now uses this
instead of manual client construction.
3. FIX COMPRESSION FALLBACK + VISION ERROR HANDLING
- context_compressor.py: Removed _get_fallback_client() which blindly
looked for OPENAI_API_KEY + OPENAI_BASE_URL (fails for Codex OAuth,
API-key providers, users without OPENAI_BASE_URL set). Replaced
with fallback loop through resolve_provider_client() for each
known provider, with same-provider dedup.
- vision_tools.py: Added error detection for vision capability
failures. Returns clear message to the model when the configured
model doesn't support vision, instead of a generic error.
Addresses #886
2026-03-11 19:46:47 -07:00
# Detect vision capability errors — give the model a clear message
# so it can inform the user instead of a cryptic API error.
err_str = str ( e ) . lower ( )
if any ( hint in err_str for hint in (
2026-03-24 07:23:07 -07:00
" 402 " , " insufficient " , " payment required " , " credits " , " billing " ,
) ) :
analysis = (
" Insufficient credits or payment required. Please top up your "
f " API provider account and try again. Error: { e } "
)
elif any ( hint in err_str for hint in (
2026-04-10 15:11:14 +10:00
" does not support " , " not support image " ,
" content_policy " , " multimodal " ,
feat: centralized provider router + fix Codex vision bypass + vision error handling
Three interconnected fixes for auxiliary client infrastructure:
1. CENTRALIZED PROVIDER ROUTER (auxiliary_client.py)
Add resolve_provider_client(provider, model, async_mode) — a single
entry point for creating properly configured clients. Given a provider
name and optional model, it handles auth lookup (env vars, OAuth
tokens, auth.json), base URL resolution, provider-specific headers,
and API format differences (Chat Completions vs Responses API for
Codex). All auxiliary consumers should route through this instead of
ad-hoc env var lookups.
Refactored get_text_auxiliary_client, get_async_text_auxiliary_client,
and get_vision_auxiliary_client to use the router internally.
2. FIX CODEX VISION BYPASS (vision_tools.py)
vision_tools.py was constructing a raw AsyncOpenAI client from the
sync vision client's api_key/base_url, completely bypassing the Codex
Responses API adapter. When the vision provider resolved to Codex,
the raw client would hit chatgpt.com/backend-api/codex with
chat.completions.create() which only supports the Responses API.
Fix: Added get_async_vision_auxiliary_client() which properly wraps
Codex into AsyncCodexAuxiliaryClient. vision_tools.py now uses this
instead of manual client construction.
3. FIX COMPRESSION FALLBACK + VISION ERROR HANDLING
- context_compressor.py: Removed _get_fallback_client() which blindly
looked for OPENAI_API_KEY + OPENAI_BASE_URL (fails for Codex OAuth,
API-key providers, users without OPENAI_BASE_URL set). Replaced
with fallback loop through resolve_provider_client() for each
known provider, with same-provider dedup.
- vision_tools.py: Added error detection for vision capability
failures. Returns clear message to the model when the configured
model doesn't support vision, instead of a generic error.
Addresses #886
2026-03-11 19:46:47 -07:00
" unrecognized request argument " , " image input " ,
) ) :
analysis = (
f " { model } does not support vision or our request was not "
f " accepted by the server. Error: { e } "
)
2026-04-10 15:11:14 +10:00
elif " invalid_request " in err_str or " image_url " in err_str :
analysis = (
" The vision API rejected the image. This can happen when the "
2026-04-11 11:07:18 -07:00
" image is in an unsupported format, corrupted, or still too "
" large after auto-resize. Try a smaller JPEG/PNG and retry. "
2026-04-10 15:11:14 +10:00
f " Error: { e } "
)
feat: centralized provider router + fix Codex vision bypass + vision error handling
Three interconnected fixes for auxiliary client infrastructure:
1. CENTRALIZED PROVIDER ROUTER (auxiliary_client.py)
Add resolve_provider_client(provider, model, async_mode) — a single
entry point for creating properly configured clients. Given a provider
name and optional model, it handles auth lookup (env vars, OAuth
tokens, auth.json), base URL resolution, provider-specific headers,
and API format differences (Chat Completions vs Responses API for
Codex). All auxiliary consumers should route through this instead of
ad-hoc env var lookups.
Refactored get_text_auxiliary_client, get_async_text_auxiliary_client,
and get_vision_auxiliary_client to use the router internally.
2. FIX CODEX VISION BYPASS (vision_tools.py)
vision_tools.py was constructing a raw AsyncOpenAI client from the
sync vision client's api_key/base_url, completely bypassing the Codex
Responses API adapter. When the vision provider resolved to Codex,
the raw client would hit chatgpt.com/backend-api/codex with
chat.completions.create() which only supports the Responses API.
Fix: Added get_async_vision_auxiliary_client() which properly wraps
Codex into AsyncCodexAuxiliaryClient. vision_tools.py now uses this
instead of manual client construction.
3. FIX COMPRESSION FALLBACK + VISION ERROR HANDLING
- context_compressor.py: Removed _get_fallback_client() which blindly
looked for OPENAI_API_KEY + OPENAI_BASE_URL (fails for Codex OAuth,
API-key providers, users without OPENAI_BASE_URL set). Replaced
with fallback loop through resolve_provider_client() for each
known provider, with same-provider dedup.
- vision_tools.py: Added error detection for vision capability
failures. Returns clear message to the model when the configured
model doesn't support vision, instead of a generic error.
Addresses #886
2026-03-11 19:46:47 -07:00
else :
analysis = (
" There was a problem with the request and the image could not "
f " be analyzed. Error: { e } "
)
2025-10-01 23:29:25 +00:00
# Prepare error response
result = {
" success " : False ,
2026-03-12 13:25:09 +01:00
" error " : error_msg ,
feat: centralized provider router + fix Codex vision bypass + vision error handling
Three interconnected fixes for auxiliary client infrastructure:
1. CENTRALIZED PROVIDER ROUTER (auxiliary_client.py)
Add resolve_provider_client(provider, model, async_mode) — a single
entry point for creating properly configured clients. Given a provider
name and optional model, it handles auth lookup (env vars, OAuth
tokens, auth.json), base URL resolution, provider-specific headers,
and API format differences (Chat Completions vs Responses API for
Codex). All auxiliary consumers should route through this instead of
ad-hoc env var lookups.
Refactored get_text_auxiliary_client, get_async_text_auxiliary_client,
and get_vision_auxiliary_client to use the router internally.
2. FIX CODEX VISION BYPASS (vision_tools.py)
vision_tools.py was constructing a raw AsyncOpenAI client from the
sync vision client's api_key/base_url, completely bypassing the Codex
Responses API adapter. When the vision provider resolved to Codex,
the raw client would hit chatgpt.com/backend-api/codex with
chat.completions.create() which only supports the Responses API.
Fix: Added get_async_vision_auxiliary_client() which properly wraps
Codex into AsyncCodexAuxiliaryClient. vision_tools.py now uses this
instead of manual client construction.
3. FIX COMPRESSION FALLBACK + VISION ERROR HANDLING
- context_compressor.py: Removed _get_fallback_client() which blindly
looked for OPENAI_API_KEY + OPENAI_BASE_URL (fails for Codex OAuth,
API-key providers, users without OPENAI_BASE_URL set). Replaced
with fallback loop through resolve_provider_client() for each
known provider, with same-provider dedup.
- vision_tools.py: Added error detection for vision capability
failures. Returns clear message to the model when the configured
model doesn't support vision, instead of a generic error.
Addresses #886
2026-03-11 19:46:47 -07:00
" analysis " : analysis ,
2025-10-01 23:29:25 +00:00
}
debug_call_data [ " error " ] = error_msg
2026-02-21 03:53:24 -08:00
_debug . log_call ( " vision_analyze_tool " , debug_call_data )
_debug . save ( )
2025-10-01 23:29:25 +00:00
2025-11-05 03:47:17 +00:00
return json . dumps ( result , indent = 2 , ensure_ascii = False )
2025-10-08 02:38:04 +00:00
finally :
2026-02-15 16:10:50 -08:00
# Clean up temporary image file (but NOT local/cached files)
if should_cleanup and temp_image_path and temp_image_path . exists ( ) :
2025-10-08 02:38:04 +00:00
try :
temp_image_path . unlink ( )
2026-02-21 03:11:11 -08:00
logger . debug ( " Cleaned up temporary image file " )
2025-10-08 02:38:04 +00:00
except Exception as cleanup_error :
2026-03-05 16:11:59 +03:00
logger . warning (
" Could not delete temporary file: %s " , cleanup_error , exc_info = True
)
2025-10-01 23:29:25 +00:00
def check_vision_requirements ( ) - > bool :
2026-03-14 20:22:13 -07:00
""" Check if the configured runtime vision path can resolve a client. """
2026-03-11 20:52:19 -07:00
try :
2026-03-14 20:22:13 -07:00
from agent . auxiliary_client import resolve_vision_provider_client
_provider , client , _model = resolve_vision_provider_client ( )
2026-03-11 20:52:19 -07:00
return client is not None
except Exception :
return False
2025-10-01 23:29:25 +00:00
if __name__ == " __main__ " :
"""
Simple test / demo when run directly
"""
print ( " 👁️ Vision Tools Module " )
print ( " = " * 40 )
2026-02-22 02:16:11 -08:00
# Check if vision model is available
api_available = check_vision_requirements ( )
2025-10-01 23:29:25 +00:00
if not api_available :
2026-02-22 02:16:11 -08:00
print ( " ❌ No auxiliary vision model available " )
2026-03-14 21:14:20 -07:00
print ( " Configure a supported multimodal backend (OpenRouter, Nous, Codex, Anthropic, or a custom OpenAI-compatible endpoint). " )
2025-10-01 23:29:25 +00:00
exit ( 1 )
else :
2026-03-11 20:52:19 -07:00
print ( " ✅ Vision model available " )
2025-10-01 23:29:25 +00:00
print ( " 🛠️ Vision tools ready for use! " )
# Show debug mode status
2026-02-21 03:53:24 -08:00
if _debug . active :
print ( f " 🐛 Debug mode ENABLED - Session ID: { _debug . session_id } " )
print ( f " Debug logs will be saved to: ./logs/vision_tools_debug_ { _debug . session_id } .json " )
2025-10-01 23:29:25 +00:00
else :
print ( " 🐛 Debug mode disabled (set VISION_TOOLS_DEBUG=true to enable) " )
print ( " \n Basic usage: " )
print ( " from vision_tools import vision_analyze_tool " )
print ( " import asyncio " )
print ( " " )
print ( " async def main(): " )
print ( " result = await vision_analyze_tool( " )
print ( " image_url= ' https://example.com/image.jpg ' , " )
print ( " user_prompt= ' What do you see in this image? ' " )
print ( " ) " )
print ( " print(result) " )
print ( " asyncio.run(main()) " )
print ( " \n Example prompts: " )
print ( " - ' What architectural style is this building? ' " )
print ( " - ' Describe the emotions and mood in this image ' " )
print ( " - ' What text can you read in this image? ' " )
print ( " - ' Identify any safety hazards visible ' " )
print ( " - ' What products or brands are shown? ' " )
print ( " \n Debug mode: " )
print ( " # Enable debug logging " )
print ( " export VISION_TOOLS_DEBUG=true " )
print ( " # Debug logs capture all vision analysis calls and results " )
print ( " # Logs saved to: ./logs/vision_tools_debug_UUID.json " )
2026-02-21 20:22:33 -08:00
# ---------------------------------------------------------------------------
# Registry
# ---------------------------------------------------------------------------
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
Add three reusable helpers to eliminate pervasive boilerplate:
tools/registry.py — tool_error() and tool_result():
Every tool handler returns JSON strings. The pattern
json.dumps({"error": msg}, ensure_ascii=False) appeared 106 times,
and json.dumps({"success": False, "error": msg}, ...) another 23.
Now: tool_error(msg) or tool_error(msg, success=False).
tool_result() handles arbitrary result dicts:
tool_result(success=True, data=payload) or tool_result(some_dict).
hermes_cli/config.py — read_raw_config():
Lightweight YAML reader that returns the raw config dict without
load_config()'s deep-merge + migration overhead. Available for
callsites that just need a single config value.
Migration (129 callsites across 32 files):
- tools/: browser_camofox (18), file_tools (10), homeassistant (8),
web_tools (7), skill_manager (7), cronjob (11), code_execution (4),
delegate (5), send_message (4), tts (4), memory (7), session_search (3),
mcp (2), clarify (2), skills_tool (3), todo (1), vision (1),
browser (1), process_registry (2), image_gen (1)
- plugins/memory/: honcho (9), supermemory (9), hindsight (8),
holographic (7), openviking (7), mem0 (7), byterover (6), retaindb (2)
- agent/: memory_manager (2), builtin_memory_provider (1)
2026-04-07 13:36:20 -07:00
from tools . registry import registry , tool_error
2026-02-21 20:22:33 -08:00
VISION_ANALYZE_SCHEMA = {
" name " : " vision_analyze " ,
feat(image-input): native multimodal routing based on model vision capability (#16506)
* feat(image-input): native multimodal routing based on model vision capability
Attach user-sent images as OpenAI-style content parts on the user turn when
the active model supports native vision, so vision-capable models see real
pixels instead of a lossy text description from vision_analyze.
Routing decision (agent/image_routing.py::decide_image_input_mode):
agent.image_input_mode = auto | native | text (default: auto)
In auto mode:
- If auxiliary.vision.provider/model is explicitly configured, keep the
text pipeline (user paid for a dedicated vision backend).
- Else if models.dev reports supports_vision=True for the active
provider/model, attach natively.
- Else fall back to text (current behaviour).
Call sites updated: gateway/run.py (all messaging platforms), tui_gateway
(dashboard/Ink), cli.py (interactive /attach + drag-drop).
run_agent.py changes:
- _prepare_anthropic_messages_for_api now passes image parts through
unchanged when the model supports vision — the Anthropic adapter
translates them to native image blocks. Previous behaviour
(vision_analyze → text) only runs for non-vision Anthropic models.
- New _prepare_messages_for_non_vision_model mirrors the same contract
for chat.completions and codex_responses paths, so non-vision models
on any provider get text-fallback instead of failing at the provider.
- New _model_supports_vision() helper reads models.dev caps.
vision_analyze description rewritten: positions it as a tool for images
NOT already visible in the conversation (URLs, tool output, deeper
inspection). Prevents the model from redundantly calling it on images
already attached natively.
Config default: agent.image_input_mode = auto.
Tests: 35 new (test_image_routing.py + test_vision_aware_preprocessing.py),
all existing tests that reference _prepare_anthropic_messages_for_api
still pass (198 targeted + new tests green).
* feat(image-input): size-cap + resize oversized images, charge image tokens in compressor
Two follow-ups that make the native image routing safer for long / heavy
sessions:
1) Oversize handling in build_native_content_parts:
- 20 MB ceiling per image (matches vision_tools._MAX_BASE64_BYTES,
the most restrictive provider — Gemini inline data).
- Delegates to vision_tools._resize_image_for_vision (Pillow-based,
already battle-tested) to downscale to 5 MB first-try.
- If Pillow is missing or resize still overshoots, the image is
dropped and reported back in skipped[]; caller falls back to text
enrichment for that image.
2) Image-token accounting in context_compressor:
- New _IMAGE_TOKEN_ESTIMATE = 1600 (matches Claude Code's constant;
within the realistic range for Anthropic/GPT-4o/Gemini billing).
- _content_length_for_budget() helper: sums text-part lengths and
charges _IMAGE_CHAR_EQUIVALENT (1600 * 4 chars) per image/image_url/
input_image part. Base64 payload inside image_url is NOT counted
as chars — dimensions don't matter, only image-presence.
- Both tail-cut sites (_prune_old_tool_results L527 and
_find_tail_cut_by_tokens L1126) now call the helper so multi-image
conversations don't slip past compression budget.
Tests: 9 new in test_image_routing.py (oversize triggers resize,
resize-fails-returns-None, oversize-skipped-reported), 11 new in
test_compressor_image_tokens.py (flat charge per image, multiple images,
Responses-API / Anthropic-native / OpenAI-chat shapes, no-inflation on
raw base64, bounds-check on the constant, integration test that an
image-heavy tail actually gets trimmed).
* fix(image-input): replace blanket 20MB ceiling with empirically-verified per-provider limits
The previous commit imposed a hardcoded 20 MB base64 ceiling on all
providers, triggering auto-resize on anything larger. This was wrong in
both directions:
* Too loose for Anthropic — actual limit is 5 MB (returns HTTP 400
'image exceeds 5 MB maximum' above that).
* Too strict for OpenAI / Codex / OpenRouter — accept 49 MB+ without
complaint (empirically verified April 2026 with progressive PNG
sizes).
New behaviour:
* _PROVIDER_BASE64_CEILING table: only anthropic and bedrock have a
ceiling (5 MB, since bedrock-on-Claude shares Anthropic's decoder).
* Providers NOT in the table get no ceiling — images attach at native
size and we trust the provider to return its own error if it
disagrees. A provider-specific 400 message is clearer than us
guessing wrong and silently degrading image quality.
* build_native_content_parts() gains a keyword-only provider arg;
gateway/CLI/TUI pass the active provider so Anthropic users get
auto-resize protection while OpenAI users don't pay it.
* Resize target dropped from 5 MB to 4 MB to slide safely under
Anthropic's boundary with header overhead.
Empirical measurements (direct API, no Hermes in the loop):
image b64 anthropic openrouter/gpt5.5 codex-oauth/gpt5.5
0.19 MB ✓ ✓ ✓
12.37 MB ✗ 400 5MB ✓ ✓
23.85 MB ✗ 400 5MB ✓ ✓
49.46 MB ✗ 413 ✓ ✓
Tests: rewrote TestOversizeHandling (5 tests): no-ceiling pass-through,
Anthropic resize fires, Anthropic skip on resize-fail, build_native_parts
routes ceiling by provider, unknown provider gets no ceiling. All 52
targeted tests pass.
* refactor(image-input): attempt native, shrink-and-retry on provider reject
Replace proactive per-provider size ceilings with a reactive shrink path
on the provider's actual rejection. All providers now attempt native
full-size attachment first; if the provider returns an image-too-large
error, the agent silently shrinks and retries once.
Why the previous design was wrong: hardcoding provider ceilings
(anthropic=5MB, others=unlimited) meant OpenAI users on a 10MB image
paid no tax, but Anthropic users lost quality on anything >5MB even
though the empirical behaviour at provider-reject time is the same
(shrink + retry). Baking the table into the routing layer also
requires updating Hermes every time a provider's limit changes.
Reactive design:
- image_routing.py: _file_to_data_url encodes native size, no ceiling.
build_native_content_parts drops its provider kwarg.
- error_classifier.py: new FailoverReason.image_too_large + pattern
match ("image exceeds", "image too large", etc.) checked BEFORE
context_overflow so Anthropic's 5MB rejection lands in the right
bucket.
- run_agent.py: new _try_shrink_image_parts_in_messages walks api
messages in-place, re-encodes oversized data: URL image parts
through vision_tools._resize_image_for_vision to fit under 4MB,
handles both chat.completions (dict image_url) and Responses
(string image_url) shapes, ignores http URLs (provider-fetched).
New image_shrink_retry_attempted flag in the retry loop fires the
shrink exactly once per turn after credential-pool recovery but
before auth retries.
E2E verified live against Anthropic claude-sonnet-4-6:
- 17.9MB PNG (23.9MB b64) attached at native size
- Anthropic returns 400 "image exceeds 5 MB maximum"
- Agent logs '📐 Image(s) exceeded provider size limit — shrank and
retrying...'
- Retry succeeds, correct response delivered in 6.8s total.
Tests: 12 new (8 shrink-helper shapes + 4 classifier signals),
replaces 5 proactive-ceiling tests with 3 simpler 'native attach works'
tests. 181 targeted tests pass. test_enum_members_exist in
test_error_classifier.py updated for the new enum value.
2026-04-27 06:27:59 -07:00
" description " : (
" Inspect an image from a URL, file path, or tool output when you need "
" closer detail than what ' s visible in the conversation. If the user ' s "
" image is already attached to the conversation and you can see it, "
" just answer directly — only call this tool for images referenced by "
" URL/path, images returned inside other tool results (browser "
" screenshots, search thumbnails), or when you need a deeper look at "
" a specific region the main model ' s vision may have missed. "
) ,
2026-02-21 20:22:33 -08:00
" parameters " : {
" type " : " object " ,
" properties " : {
" image_url " : {
" type " : " string " ,
" description " : " Image URL (http/https) or local file path to analyze. "
} ,
" question " : {
" type " : " string " ,
" description " : " Your specific question or request about the image to resolve. The AI will automatically provide a complete image description AND answer your specific question. "
}
} ,
" required " : [ " image_url " , " question " ]
}
}
2026-03-05 16:11:59 +03:00
def _handle_vision_analyze ( args : Dict [ str , Any ] , * * kw : Any ) - > Awaitable [ str ] :
2026-02-21 20:22:33 -08:00
image_url = args . get ( " image_url " , " " )
question = args . get ( " question " , " " )
2026-03-05 16:11:59 +03:00
full_prompt = (
" Fully describe and explain everything about this image, then answer the "
f " following question: \n \n { question } "
)
2026-03-11 20:52:19 -07:00
model = os . getenv ( " AUXILIARY_VISION_MODEL " , " " ) . strip ( ) or None
2026-02-22 02:16:11 -08:00
return vision_analyze_tool ( image_url , full_prompt , model )
2026-02-21 20:22:33 -08:00
registry . register (
name = " vision_analyze " ,
toolset = " vision " ,
schema = VISION_ANALYZE_SCHEMA ,
handler = _handle_vision_analyze ,
check_fn = check_vision_requirements ,
is_async = True ,
2026-03-15 20:21:21 -07:00
emoji = " 👁️ " ,
2026-02-21 20:22:33 -08:00
)
