Fix image file name not in AI issue

[vizsatiz]

Summary by CodeRabbit

• New Features

  • Images now retain and display original filenames throughout the inference and chat flows, improving traceability and context for image-based interactions.

• Behavior Change

  • When agents return list-style outputs, only the final list item is presented as the reply (empty lists produce no reply), reducing redundant or verbose list serialization.

• Misc

  • Package version updated.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0d0d086c-1604-4e83-a1cd-f123a5a896e6

📥 Commits

Reviewing files that changed from the base of the PR and between 206430c and 1f70f29.

⛔ Files ignored due to path filters (1)

• wavefront/server/uv.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• flo_ai/pyproject.toml
• flo_ai/setup.py
• wavefront/server/modules/agents_module/pyproject.toml
• wavefront/server/modules/knowledge_base_module/pyproject.toml
• wavefront/server/modules/tools_module/pyproject.toml

✅ Files skipped from review due to trivial changes (5)

• wavefront/server/modules/tools_module/pyproject.toml
• wavefront/server/modules/knowledge_base_module/pyproject.toml
• flo_ai/pyproject.toml
• wavefront/server/modules/agents_module/pyproject.toml
• flo_ai/setup.py

---

📝 Walkthrough

Walkthrough

Propagates original image filenames from client uploads through message types and server input processing, and adjusts backend output serialization to return only the last element for list outputs.

Changes

Cohort / File(s)	Summary
Client types wavefront/client/src/types/chat-message.ts	Add optional file_name?: string to ImageContent.
Client UI / payloads wavefront/client/src/components/InferencePopup.tsx, wavefront/client/src/pages/apps/[appId]/agents/[id].tsx, wavefront/client/src/pages/apps/[appId]/workflows/[id].tsx	Include originating image filename (image.file.name or uploadedImage.file?.name) in image message content and in chat history/payloads sent for inference.
Server input processing wavefront/server/modules/agents_module/agents_module/utils/input_processing_utils.py	When file_name is present for a user image input, insert an extra text UserMessage announcing the original filename immediately before the processed image message.
Backend serialization flo_ai/flo_ai/arium/arium.py	Change _serialize_node_output list handling to serialize only the last list element (treating it as the latest reply); empty lists yield None.
Version bumps / deps flo_ai/pyproject.toml, flo_ai/setup.py, wavefront/server/modules/*/pyproject.toml	Bump flo-ai package version metadata from 1.1.5/1.1.3 → 1.1.6 and update module dependency pins accordingly.

Sequence Diagram(s)

sequenceDiagram
  participant Client as Client (UI)
  participant Frontend as Frontend Logic
  participant Server as Server Input Processor
  participant Agent as Agent Runtime
  participant Arium as Arium Serializer

  Client->>Frontend: user uploads image (file + base64)
  Frontend->>Frontend: construct imageMessage including file_name
  Frontend->>Server: send conversationInputs (includes imageMessage)
  Server->>Server: detect file_name -> insert text UserMessage + image doc
  Server->>Agent: deliver processed messages to agent runtime
  Agent->>Arium: produce node outputs (may be list)
  Arium->>Agent: serialize node output (pick last element for lists)
  Agent-->>Server: return serialized reply
  Server-->>Frontend: return agent response to UI

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feature for agent outputs in events & streaming fixes #280: Modifies flo_ai/flo_ai/arium/arium.py list serialization behavior—directly related change.
• Release flo-ai 1.1.1 #237: Updates package/version metadata for flo_ai across project files—related to version bumps in this PR.

Suggested reviewers

• vishnurk6247

Poem

🐇 I hopped a filename from screen to core,

From client field to server door,
Each message now remembers its name,
The agents parse it all the same,
Hooray — the pipeline knows whence it came! 📸✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main fix: adding image file name support that was previously missing in AI processing.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/image_file_name

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

wavefront/client/src/pages/apps/[appId]/workflows/[id].tsx (1)

377-387: Nit: unnecessary optional chaining on uploadedImage.file?.name.

Per the uploadedImage state type (lines 34-38), file: File is required, so uploadedImage.file?.name can be simplified to uploadedImage.file.name for consistency with the multi-image path on line 372. No functional impact — file_name is optional in ImageContent.

-          file_name: uploadedImage.file?.name,
+          file_name: uploadedImage.file.name,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@wavefront/client/src/pages/apps/`[appId]/workflows/[id].tsx around lines 377
- 387, The optional chaining on uploadedImage.file?.name is unnecessary because
uploadedImage.file is required by its state type; update the imageMessage
construction in the uploadedImage fallback branch to use uploadedImage.file.name
(mirror the multi-image path usage) and ensure setChatHistory and messageInputs
continue to receive the same imageMessage shape.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@wavefront/server/modules/agents_module/agents_module/utils/input_processing_utils.py`:
- Around line 46-56: Sanitize the user-controlled file_name before embedding it
into the UserMessage: implement a helper like _sanitize_file_name(name,
max_len=256) that returns None for non-strings/empty values, strips control
chars and newlines (keep only printable chars and truncate to max_len), then use
its result instead of raw file_name when creating the TextMessageContent in the
block that appends to resolved_inputs; apply the same helper when handling the
document path elsewhere to close the similar injection vector.

---

Nitpick comments:
In `@wavefront/client/src/pages/apps/`[appId]/workflows/[id].tsx:
- Around line 377-387: The optional chaining on uploadedImage.file?.name is
unnecessary because uploadedImage.file is required by its state type; update the
imageMessage construction in the uploadedImage fallback branch to use
uploadedImage.file.name (mirror the multi-image path usage) and ensure
setChatHistory and messageInputs continue to receive the same imageMessage
shape.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0b242003-e733-48e4-bcbe-6ffe88368e85

📥 Commits

Reviewing files that changed from the base of the PR and between 1cad5e0 and 206430c.

📒 Files selected for processing (6)

• flo_ai/flo_ai/arium/arium.py
• wavefront/client/src/components/InferencePopup.tsx
• wavefront/client/src/pages/apps/[appId]/agents/[id].tsx
• wavefront/client/src/pages/apps/[appId]/workflows/[id].tsx
• wavefront/client/src/types/chat-message.ts
• wavefront/server/modules/agents_module/agents_module/utils/input_processing_utils.py

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Minor: sanitize user-controlled file_name before embedding it in the prompt.

file_name flows from the browser File.name with no server-side sanitization, so an attacker (or a user with a crafty filename) can inject newlines/instructions into the prompt, e.g. photo.jpg\n\nIgnore previous instructions and .... This widens the existing prompt-injection surface that the document-filename injection (lines 89-99) already has. At a minimum, strip control characters/newlines and quote the value; ideally, bound the length too.

🛡️ Suggested hardening

                 if is_image_message(input_content):
                     # Inject filename as a text message before the image so
                     # agents can reference the original file name in their output.
-                    file_name = input_content.get('file_name')
+                    file_name = _sanitize_file_name(input_content.get('file_name'))
                     if file_name:
                         resolved_inputs.append(
                             UserMessage(
                                 content=TextMessageContent(
-                                    text=f'The original filename of this image is: {file_name}'
+                                    text=f'The original filename of this image is: "{file_name}"'
                                 )
                             )
                         )

And a small helper (apply similarly on the document path to fix the pre-existing equivalent issue):

def _sanitize_file_name(name: Any, max_len: int = 256) -> str | None:
    if not isinstance(name, str) or not name:
        return None
    # Drop control chars/newlines; keep it on a single line.
    cleaned = ''.join(ch for ch in name if ch.isprintable() and ch not in '\r\n')
    return cleaned[:max_len] or None

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@wavefront/server/modules/agents_module/agents_module/utils/input_processing_utils.py`
around lines 46 - 56, Sanitize the user-controlled file_name before embedding it
into the UserMessage: implement a helper like _sanitize_file_name(name,
max_len=256) that returns None for non-strings/empty values, strips control
chars and newlines (keep only printable chars and truncate to max_len), then use
its result instead of raw file_name when creating the TextMessageContent in the
block that appends to resolved_inputs; apply the same helper when handling the
document path elsewhere to close the similar injection vector.