Skip to content

fix(opencode): sanitize Bedrock document names from file attachments#37535

Draft
IbrahimKhan12 wants to merge 1 commit into
anomalyco:devfrom
IbrahimKhan12:bedrock-document-name
Draft

fix(opencode): sanitize Bedrock document names from file attachments#37535
IbrahimKhan12 wants to merge 1 commit into
anomalyco:devfrom
IbrahimKhan12:bedrock-document-name

Conversation

@IbrahimKhan12

Copy link
Copy Markdown

Issue for this PR

Closes #37191

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

Bedrock's Converse API rejects a document name that contains anything outside [alphanumeric, whitespace, hyphen, parentheses, square brackets] (or more than one consecutive whitespace), returning ValidationException and failing every subsequent request in the session.

opencode hands the AI SDK a file part whose filename becomes that document name (the @ai-sdk/amazon-bedrock SDK only strips the extension). Two sources produce invalid names:

  • MCP tool binary attachments (this issue). Bedrock doesn't accept PDFs in tool results (supportsMediaInToolResult in session/message-v2.ts), so the attachment is re-injected as a user file part carrying its synthetic URI, e.g. slack-file://F0XXXXXXX — the : and / are rejected.
  • Direct file uploads whose full filesystem path is used as the name (same root cause as File Upload: Full path is being passed as the document name to the AP #36113), e.g. /Users/.../SOP.pdf.

Fix: sanitize file-part filenames in the Bedrock branch of ProviderTransform.message (the single place both the v1 and v2 request paths funnel through). Disallowed characters are mapped to a space and collapsed; if nothing valid remains the filename is dropped so the SDK falls back to its own generated document-N name. Scoped to @ai-sdk/amazon-bedrock since the restriction is Bedrock-specific; other providers are untouched.

How did you verify your code works?

Added bun test coverage in packages/opencode/test/provider/transform.test.ts that drives the real ProviderTransform.message for a Bedrock model and asserts the synthetic-URI and absolute-path cases produce a Bedrock-valid name, the empty case drops the filename, and non-Bedrock providers are unchanged. Confirmed the tests fail on dev without the change and pass with it.

  • bun test test/provider/transform.test.ts — 349 pass, 0 fail
  • bun typecheck — clean
  • oxlint + prettier --check on the changed files — clean

Screenshots / recordings

N/A — no UI change.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

Bedrock's Converse API rejects document names containing characters
outside [alphanumeric, whitespace, hyphen, parentheses, square brackets].
File parts can carry a filesystem path or a synthetic URI (e.g. an MCP
"slack-file://..." attachment, which surfaces because Bedrock does not
accept PDFs in tool results, so opencode re-injects them as a user file
part). The AI SDK passes that filename through verbatim as the Converse
document name, so once such an attachment lands in history every
subsequent request in the session fails with a ValidationException.

Sanitize file-part filenames in the Bedrock branch of
ProviderTransform.message (shared by the v1 and v2 request paths),
mapping disallowed characters to a space and collapsing runs; drop the
name entirely when nothing valid remains so the SDK generates one.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Bug: MCP tool binary attachment triggers Bedrock document name ValidationException (variant of #36113)

1 participant