Skip to content

feat(crewai-tools): add ChronoVerify image verification tool#6445

Open
beeswaxpat wants to merge 1 commit into
crewAIInc:mainfrom
beeswaxpat:add-chronoverify-tool
Open

feat(crewai-tools): add ChronoVerify image verification tool#6445
beeswaxpat wants to merge 1 commit into
crewAIInc:mainfrom
beeswaxpat:add-chronoverify-tool

Conversation

@beeswaxpat

Copy link
Copy Markdown

Adds ChronoVerifyImageVerificationTool, a wrapper for the ChronoVerify image verification API (https://chronoverify.com).

The tool verifies when a photo was taken and its provenance: EXIF and XMP metadata, cryptographic C2PA Content Credentials validation against the official trust lists, and pixel forensics, fused into one typed verdict (provenance_confirmed, consistent, inconclusive, metadata_anomaly, manipulation_indicated) with a 0 to 100 confidence, plus extracted capture time, capture device, and capture location. It is not a deepfake or AI-generation detector; verdicts are investigative triage to support human review, not proof.

  • Works with no credentials on the free keyless path (rate limited per IP); optional CHRONOVERIFY_API_KEY declared via EnvVar(required=False)
  • Uses only existing runtime dependencies (requests); no new packages
  • Tests mock all HTTP calls
  • tool.specs.json regenerated, since the auto-regen workflow does not run on fork PRs

Checks run locally: ruff check, ruff format --check, mypy (strict, clean for the new files), pytest lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py (12 passed).

This PR is LLM-assisted (per CONTRIBUTING.md, please apply the llm-generated label if I lack permission to set it).

🤖 Generated with Claude Code

Adds ChronoVerifyImageVerificationTool, which verifies a photo's capture
time and provenance via the ChronoVerify API: EXIF and XMP metadata,
C2PA Content Credentials validation against the official trust lists,
and pixel forensics, returning a typed verdict with confidence.

Works keyless (rate limited per IP) or with an optional
CHRONOVERIFY_API_KEY. Uses only existing runtime dependencies
(requests). Includes tool README, mocked tests, and a regenerated
tool.specs.json (the auto-regen workflow does not run on fork PRs).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Adds a new ChronoVerifyImageVerificationTool to crewai-tools, which verifies image provenance via a ChronoVerify API using EXIF/XMP metadata, C2PA trust checks, and pixel forensics. Includes the tool implementation, Pydantic schema, package exports, README, tool spec entry, and tests.

Changes

ChronoVerify Image Verification Tool

Layer / File(s) Summary
Tool schema and core implementation
lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py
Adds ChronoVerifyImageVerificationToolSchema (optional image_path/image_url) and ChronoVerifyImageVerificationTool class with _request_headers() for optional bearer auth and _run() handling input validation, multipart/URL POST to /v1/verify, and error/response formatting.
Package exports and spec registration
.../chronoverify_image_verification_tool/__init__.py, crewai_tools/tools/__init__.py, crewai_tools/__init__.py, tool.specs.json
Exposes the new tool via package __all__ lists and registers it in tool.specs.json with env var and init/run param schemas.
README documentation
.../chronoverify_image_verification_tool/README.md
Documents tool purpose, verdict types, installation, optional API key auth, a usage example, and argument reference.
Test suite
lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py
Adds tests for URL/file requests, auth headers, input validation, HTTP/network errors, custom base URL, and .run() behavior.

Sequence Diagram(s)

sequenceDiagram
  participant Agent
  participant ChronoVerifyImageVerificationTool
  participant ChronoVerifyAPI

  Agent->>ChronoVerifyImageVerificationTool: run(image_path or image_url)
  ChronoVerifyImageVerificationTool->>ChronoVerifyImageVerificationTool: validate exactly one input provided
  ChronoVerifyImageVerificationTool->>ChronoVerifyImageVerificationTool: build headers (optional API key)
  ChronoVerifyImageVerificationTool->>ChronoVerifyAPI: POST /v1/verify (multipart file or url data)
  alt success
    ChronoVerifyAPI-->>ChronoVerifyImageVerificationTool: JSON verdict, confidence, details
    ChronoVerifyImageVerificationTool-->>Agent: formatted JSON text
  else failure
    ChronoVerifyAPI-->>ChronoVerifyImageVerificationTool: HTTP error or connection error
    ChronoVerifyImageVerificationTool-->>Agent: formatted error string
  end
Loading

Related issues: None specified.
Related PRs: None specified.
Suggested labels: enhancement, new-tool
Suggested reviewers: None specified.

🐇 A new tool hops into the pack,
checking pixels for a fact-check track,
EXIF, C2PA, forensics in tow,
verdicts and confidence, ready to go!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main change: adding the ChronoVerify image verification tool.
Description check ✅ Passed The description is directly related to the changeset and summarizes the new tool, tests, and spec updates.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (3)
lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py (2)

107-110: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Consider schema-level validation for mutual exclusivity.

The image_path/image_url mutual-exclusivity check is done manually in _run rather than via a Pydantic validator on ChronoVerifyImageVerificationToolSchema. A model_validator would surface the error earlier (at argument validation time) and keep the constraint co-located with the schema definition.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py`
around lines 107 - 110, The mutual-exclusivity check for image_path and
image_url is currently enforced in ChronoVerifyImageVerificationTool._run
instead of at schema validation time. Move this constraint into
ChronoVerifyImageVerificationToolSchema using a model_validator so invalid
combinations are rejected during argument parsing, and remove the manual
branching from _run to keep validation co-located with the schema.

115-125: 🚀 Performance & Scalability | 🔵 Trivial | 💤 Low value

No upload size guard for local files.

Large local files are read and sent via multipart upload with no size check beforehand. requests builds the multipart body in memory, so very large files could cause high memory usage before the request is even sent. Consider adding a configurable max-file-size check (or streaming with requests-toolbelt) if large uploads are a realistic scenario.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py`
around lines 115 - 125, The local file upload path in
chronoverify_image_verification_tool’s image verification flow has no size guard
before multipart upload, so large files can consume excessive memory. Update the
branch in the image upload logic that uses Path, path.open, and requests.post to
check the file size first against a configurable max size and return an error
before building the request body; if large uploads must be supported, switch
this upload path to a streaming approach instead of buffering the multipart
payload in memory.
lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py (1)

49-60: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Missing coverage for request_timeout forwarding.

No test asserts that the request_timeout constructor option is actually passed to requests.post as timeout=..., even though it's a documented configuration option.

✅ Suggested addition
`@patch`(REQUESTS_POST)
def test_request_timeout_is_forwarded(mock_post, mock_verify_response):
    mock_post.return_value = _mock_response(mock_verify_response)
    tool = ChronoVerifyImageVerificationTool(request_timeout=5)

    tool._run(image_url="https://example.com/photo.jpg")

    _, kwargs = mock_post.call_args
    assert kwargs["timeout"] == 5

Also applies to: 140-147

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py`
around lines 49 - 60, The ChronoVerify image verification tests do not cover
forwarding of the request_timeout configuration, so add an assertion in the
relevant _run-based tests (such as test_verify_by_url and the matching cases
around the other verify paths) that requests.post receives timeout set from the
tool’s constructor option. Use the existing tool fixture and mock_post call
inspection to verify the timeout kwarg alongside the current url/data
assertions.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py`:
- Around line 107-110: The mutual-exclusivity check for image_path and image_url
is currently enforced in ChronoVerifyImageVerificationTool._run instead of at
schema validation time. Move this constraint into
ChronoVerifyImageVerificationToolSchema using a model_validator so invalid
combinations are rejected during argument parsing, and remove the manual
branching from _run to keep validation co-located with the schema.
- Around line 115-125: The local file upload path in
chronoverify_image_verification_tool’s image verification flow has no size guard
before multipart upload, so large files can consume excessive memory. Update the
branch in the image upload logic that uses Path, path.open, and requests.post to
check the file size first against a configurable max size and return an error
before building the request body; if large uploads must be supported, switch
this upload path to a streaming approach instead of buffering the multipart
payload in memory.

In `@lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py`:
- Around line 49-60: The ChronoVerify image verification tests do not cover
forwarding of the request_timeout configuration, so add an assertion in the
relevant _run-based tests (such as test_verify_by_url and the matching cases
around the other verify paths) that requests.post receives timeout set from the
tool’s constructor option. Use the existing tool fixture and mock_post call
inspection to verify the timeout kwarg alongside the current url/data
assertions.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: f903ab67-f9e5-4e8e-a916-0174c4146b4c

📥 Commits

Reviewing files that changed from the base of the PR and between 2b90117 and c33c7d4.

📒 Files selected for processing (7)
  • lib/crewai-tools/src/crewai_tools/__init__.py
  • lib/crewai-tools/src/crewai_tools/tools/__init__.py
  • lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/README.md
  • lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/__init__.py
  • lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py
  • lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py
  • lib/crewai-tools/tool.specs.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant