feat(look-at): add multi-file support for look_at tool#3094
feat(look-at): add multi-file support for look_at tool#3094sjawhar wants to merge 1 commit intocode-yeongyu:devfrom
Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 6 files
Confidence score: 3/5
- There is a concrete user-impacting risk in
src/tools/look-at/tools.ts:filePart.filenameis not sanitized before being inserted into the prompt, so crafted filenames could inject instructions and alter multimodal agent behavior. - Given the medium severity (6/10) and high confidence (8/10) on a prompt-injection path, this carries more than minor risk and is worth addressing before or immediately with merge.
- A lower-severity maintainability concern exists in
src/tools/look-at/tools.test.ts, where duplicatedcreateToolContextfixtures can drift over time and make test updates less reliable. - Pay close attention to
src/tools/look-at/tools.tsandsrc/tools/look-at/tools.test.ts- prompt-construction safety should be hardened, and duplicated fixtures should be consolidated to reduce future regression risk.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="src/tools/look-at/tools.ts">
<violation number="1" location="src/tools/look-at/tools.ts:126">
P2: Sanitize `filePart.filename` before adding it to the prompt. A crafted filename can inject extra prompt text and change how the multimodal agent interprets the request.</violation>
</file>
<file name="src/tools/look-at/tools.test.ts">
<violation number="1" location="src/tools/look-at/tools.test.ts:22">
P2: Duplicate `createToolContext` fixtures in the same test file introduce maintainability drift risk.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| } | ||
| } | ||
|
|
||
| function createToolContext(): ToolContext { |
There was a problem hiding this comment.
P2: Duplicate createToolContext fixtures in the same test file introduce maintainability drift risk.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/tools/look-at/tools.test.ts, line 22:
<comment>Duplicate `createToolContext` fixtures in the same test file introduce maintainability drift risk.</comment>
<file context>
@@ -3,6 +3,66 @@ import type { ToolContext } from "@opencode-ai/plugin/tool"
+ }
+}
+
+function createToolContext(): ToolContext {
+ return {
+ sessionID: "parent-session",
</file context>
Add file_paths and image_data_list array parameters to the look_at tool, allowing agents to compare multiple images/files in a single call. Updates validation, tool handler, and multimodal-looker agent prompt.
sjawhar
force-pushed
the
feat/look-at-multi-file
branch
from
2394f59 to
199c2be
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 199c2be54c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| url: pathToFileURL(actualFilePath).href, | ||
| filename: basename(actualFilePath), | ||
| }, |
There was a problem hiding this comment.
When an input file needs conversion (needsConversion), actualFilePath is replaced with a temp output path before filename is set, so converted files are labeled as the temp name (typically converted.jpg) instead of the original source name. In multi-file mode this makes prompt labels ambiguous (for example, two HEIC files both appear as converted.jpg), which can cause the multimodal agent to misattribute comparisons or fail to map results back to the user’s files.
Useful? React with 👍 / 👎.
1 participant
Summary
file_pathsandimage_data_listarray parameters to thelook_attool, enabling agents to compare multiple images/documents in a single callfile_path/image_dataparameters still work unchangedChanges
Tool Schema (
src/tools/look-at/tools.ts)file_paths: string[](optional) andimage_data_list: string[](optional) to tool args[text, ...fileParts]to agentprepareFilePart()helper for single-file-to-part conversion (file path or base64)Validation (
src/tools/look-at/look-at-arguments.ts)normalizeArgs()converts singular params to arrays for downstream consumptionvalidateArgs()accepts singular OR array per field (not both), allows mixed file_paths + image_data_listAgent Prompt (
src/agents/multimodal-looker.ts)Tests
look-at-arguments.test.ts: 12 tests covering backward compat, multi-file, mixed types, rejection casestools.test.ts: Extended with multi-file processing, plural/singular prompt, file labelsMotivation
Agents frequently need to compare screenshots, documents, or diagrams side-by-side. Previously this required multiple sequential
look_atcalls with no cross-file context. Multi-file support lets agents send all files at once, enabling the multimodal-looker to analyze them together.Summary by cubic
Add multi-file support to
look_atso agents can analyze and compare several files/images in one call, combining local paths and Base64. Backward-compatible and updates prompts for clearer side-by-side comparison.New Features
file_pathsandimage_data_list;file_path/image_datastill work and can be mixed in one call.file_paths+image_data_listorfile_path+image_data).Refactors
prepareFilePart()and a unified prompt builder for single/multi flows; builds one file part per input and cleans up temp conversions.Written for commit 199c2be. Summary will update on new commits.