feat(crewai-tools): add ChronoVerify image verification tool#6445
feat(crewai-tools): add ChronoVerify image verification tool#6445beeswaxpat wants to merge 1 commit into
Conversation
Adds ChronoVerifyImageVerificationTool, which verifies a photo's capture time and provenance via the ChronoVerify API: EXIF and XMP metadata, C2PA Content Credentials validation against the official trust lists, and pixel forensics, returning a typed verdict with confidence. Works keyless (rate limited per IP) or with an optional CHRONOVERIFY_API_KEY. Uses only existing runtime dependencies (requests). Includes tool README, mocked tests, and a regenerated tool.specs.json (the auto-regen workflow does not run on fork PRs). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
📝 WalkthroughWalkthroughAdds a new ChangesChronoVerify Image Verification Tool
Sequence Diagram(s)sequenceDiagram
participant Agent
participant ChronoVerifyImageVerificationTool
participant ChronoVerifyAPI
Agent->>ChronoVerifyImageVerificationTool: run(image_path or image_url)
ChronoVerifyImageVerificationTool->>ChronoVerifyImageVerificationTool: validate exactly one input provided
ChronoVerifyImageVerificationTool->>ChronoVerifyImageVerificationTool: build headers (optional API key)
ChronoVerifyImageVerificationTool->>ChronoVerifyAPI: POST /v1/verify (multipart file or url data)
alt success
ChronoVerifyAPI-->>ChronoVerifyImageVerificationTool: JSON verdict, confidence, details
ChronoVerifyImageVerificationTool-->>Agent: formatted JSON text
else failure
ChronoVerifyAPI-->>ChronoVerifyImageVerificationTool: HTTP error or connection error
ChronoVerifyImageVerificationTool-->>Agent: formatted error string
end
Related issues: None specified. 🐇 A new tool hops into the pack, 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (3)
lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py (2)
107-110: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueConsider schema-level validation for mutual exclusivity.
The
image_path/image_urlmutual-exclusivity check is done manually in_runrather than via a Pydantic validator onChronoVerifyImageVerificationToolSchema. Amodel_validatorwould surface the error earlier (at argument validation time) and keep the constraint co-located with the schema definition.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py` around lines 107 - 110, The mutual-exclusivity check for image_path and image_url is currently enforced in ChronoVerifyImageVerificationTool._run instead of at schema validation time. Move this constraint into ChronoVerifyImageVerificationToolSchema using a model_validator so invalid combinations are rejected during argument parsing, and remove the manual branching from _run to keep validation co-located with the schema.
115-125: 🚀 Performance & Scalability | 🔵 Trivial | 💤 Low valueNo upload size guard for local files.
Large local files are read and sent via multipart upload with no size check beforehand.
requestsbuilds the multipart body in memory, so very large files could cause high memory usage before the request is even sent. Consider adding a configurable max-file-size check (or streaming withrequests-toolbelt) if large uploads are a realistic scenario.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py` around lines 115 - 125, The local file upload path in chronoverify_image_verification_tool’s image verification flow has no size guard before multipart upload, so large files can consume excessive memory. Update the branch in the image upload logic that uses Path, path.open, and requests.post to check the file size first against a configurable max size and return an error before building the request body; if large uploads must be supported, switch this upload path to a streaming approach instead of buffering the multipart payload in memory.lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py (1)
49-60: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winMissing coverage for
request_timeoutforwarding.No test asserts that the
request_timeoutconstructor option is actually passed torequests.postastimeout=..., even though it's a documented configuration option.✅ Suggested addition
`@patch`(REQUESTS_POST) def test_request_timeout_is_forwarded(mock_post, mock_verify_response): mock_post.return_value = _mock_response(mock_verify_response) tool = ChronoVerifyImageVerificationTool(request_timeout=5) tool._run(image_url="https://example.com/photo.jpg") _, kwargs = mock_post.call_args assert kwargs["timeout"] == 5Also applies to: 140-147
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py` around lines 49 - 60, The ChronoVerify image verification tests do not cover forwarding of the request_timeout configuration, so add an assertion in the relevant _run-based tests (such as test_verify_by_url and the matching cases around the other verify paths) that requests.post receives timeout set from the tool’s constructor option. Use the existing tool fixture and mock_post call inspection to verify the timeout kwarg alongside the current url/data assertions.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In
`@lib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.py`:
- Around line 107-110: The mutual-exclusivity check for image_path and image_url
is currently enforced in ChronoVerifyImageVerificationTool._run instead of at
schema validation time. Move this constraint into
ChronoVerifyImageVerificationToolSchema using a model_validator so invalid
combinations are rejected during argument parsing, and remove the manual
branching from _run to keep validation co-located with the schema.
- Around line 115-125: The local file upload path in
chronoverify_image_verification_tool’s image verification flow has no size guard
before multipart upload, so large files can consume excessive memory. Update the
branch in the image upload logic that uses Path, path.open, and requests.post to
check the file size first against a configurable max size and return an error
before building the request body; if large uploads must be supported, switch
this upload path to a streaming approach instead of buffering the multipart
payload in memory.
In `@lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py`:
- Around line 49-60: The ChronoVerify image verification tests do not cover
forwarding of the request_timeout configuration, so add an assertion in the
relevant _run-based tests (such as test_verify_by_url and the matching cases
around the other verify paths) that requests.post receives timeout set from the
tool’s constructor option. Use the existing tool fixture and mock_post call
inspection to verify the timeout kwarg alongside the current url/data
assertions.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: f903ab67-f9e5-4e8e-a916-0174c4146b4c
📒 Files selected for processing (7)
lib/crewai-tools/src/crewai_tools/__init__.pylib/crewai-tools/src/crewai_tools/tools/__init__.pylib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/README.mdlib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/__init__.pylib/crewai-tools/src/crewai_tools/tools/chronoverify_image_verification_tool/chronoverify_image_verification_tool.pylib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.pylib/crewai-tools/tool.specs.json
Adds
ChronoVerifyImageVerificationTool, a wrapper for the ChronoVerify image verification API (https://chronoverify.com).The tool verifies when a photo was taken and its provenance: EXIF and XMP metadata, cryptographic C2PA Content Credentials validation against the official trust lists, and pixel forensics, fused into one typed verdict (
provenance_confirmed,consistent,inconclusive,metadata_anomaly,manipulation_indicated) with a 0 to 100 confidence, plus extracted capture time, capture device, and capture location. It is not a deepfake or AI-generation detector; verdicts are investigative triage to support human review, not proof.CHRONOVERIFY_API_KEYdeclared viaEnvVar(required=False)requests); no new packagestool.specs.jsonregenerated, since the auto-regen workflow does not run on fork PRsChecks run locally:
ruff check,ruff format --check,mypy(strict, clean for the new files),pytest lib/crewai-tools/tests/tools/chronoverify_image_verification_tool_test.py(12 passed).This PR is LLM-assisted (per CONTRIBUTING.md, please apply the
llm-generatedlabel if I lack permission to set it).🤖 Generated with Claude Code