fix(agents): coerce non-text/image MCP tool-result blocks to text (fixes #90710)

849261680 · 849261680 · commit f70dccf33ed1 · 2026-06-06T01:45:54.000+08:00
MCP CallToolResult.content can include resource_link, resource, and audio
blocks, but toAgentToolResult cast them straight into AgentToolResult, which
only carries text/image. Downstream the Anthropic provider/transport image
branch then built an image block with undefined data/media_type, Anthropic
returned 400, and because the bad block stayed in history every later turn
400d too -&gt; permanently poisoned session.

Normalize MCP content at the materialize boundary so the text/image contract
stays honest: pass through valid images, coerce resource_link/resource/audio
and malformed images to text. Fixes all providers, not just Anthropic.
diff --git a/src/agents/agent-bundle-mcp-materialize.ts b/src/agents/agent-bundle-mcp-materialize.ts
@@ -1,5 +1,5 @@
 import crypto from "node:crypto";
-import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+import type { CallToolResult, ContentBlock } from "@modelcontextprotocol/sdk/types.js";
 import { normalizeLowercaseStringOrEmpty } from "@openclaw/normalization-core/string-coerce";
 import type { OpenClawConfig } from "../config/types.openclaw.js";
 import { logWarn } from "../logger.js";
@@ -19,13 +19,49 @@ import { normalizeToolParameterSchema } from "./agent-tools-parameter-schema.js"
 import type { AgentToolResult } from "./runtime/index.js";
 import type { AnyAgentTool } from "./tools/common.js";
 
+type ToolResultContentBlock = AgentToolResult<unknown>["content"][number];
+
+// AgentToolResult only carries text/image, but an MCP CallToolResult can also
+// return resource_link, resource, and audio blocks (MCP SDK ContentBlock union).
+// Coercing those into the text/image contract here keeps the boundary honest so
+// downstream provider converters never build an image block with undefined
+// data/media_type, which makes Anthropic 400 and poisons the whole session
+// history (every later turn replays the bad block and 400s too). See #90710.
+function mcpContentBlockToToolResult(block: ContentBlock): ToolResultContentBlock {
+  switch (block.type) {
+    case "text":
+      return { type: "text", text: block.text };
+    case "image":
+      // Only emit an image when the base64 source is actually present.
+      if (block.data && block.mimeType) {
+        return { type: "image", data: block.data, mimeType: block.mimeType };
+      }
+      return { type: "text", text: JSON.stringify(block) };
+    case "audio":
+      return { type: "text", text: `[audio ${block.mimeType}]` };
+    case "resource_link": {
+      const label = block.title ?? block.name;
+      return { type: "text", text: label ? `[${label}] ${block.uri}` : block.uri };
+    }
+    case "resource": {
+      const resource = block.resource;
+      const text = "text" in resource ? resource.text : undefined;
+      return { type: "text", text: text ?? resource.uri };
+    }
+    default:
+      // Forward-compat / untrusted-server guard: stringify any block type the
+      // installed MCP SDK union does not cover instead of dropping it.
+      return { type: "text", text: JSON.stringify(block) };
+  }
+}
+
 function toAgentToolResult(params: {
   serverName: string;
   toolName: string;
   result: CallToolResult;
 }): AgentToolResult<unknown> {
-  const content = Array.isArray(params.result.content)
-    ? (params.result.content as AgentToolResult<unknown>["content"])
+  const content: AgentToolResult<unknown>["content"] = Array.isArray(params.result.content)
+    ? params.result.content.map(mcpContentBlockToToolResult)
     : [];
   const structuredContentBlock =
     params.result.structuredContent !== undefined
diff --git a/src/agents/agent-bundle-mcp-tools.materialize.test.ts b/src/agents/agent-bundle-mcp-tools.materialize.test.ts
@@ -155,6 +155,72 @@ describe("createBundleMcpToolRuntime", () => {
     });
   });
 
+  it("coerces non-text/image MCP tool-result blocks to text (resource_link/resource/audio)", async () => {
+    // resource_link/resource/audio blocks have no base64 image source; if they
+    // leaked into the provider image branch Anthropic would 400 on an image with
+    // undefined data/media_type and poison the whole session history (#90710).
+    const runtime = await materializeBundleMcpToolsForRun({
+      runtime: makeToolRuntime({
+        result: {
+          content: [
+            { type: "text", text: "intro" },
+            {
+              type: "resource_link",
+              uri: "https://example.com/a.docx",
+              name: "a.docx",
+              title: "Quarterly report",
+            },
+            {
+              type: "resource_link",
+              uri: "https://example.com/bare",
+              name: "",
+            },
+            {
+              type: "resource",
+              resource: { uri: "memo://one", text: "memo body" },
+            },
+            {
+              type: "resource",
+              resource: { uri: "blob://two", blob: "AAAA", mimeType: "application/pdf" },
+            },
+            { type: "audio", data: "AAAA", mimeType: "audio/mpeg" },
+            { type: "image", data: "iVBOR", mimeType: "image/png" },
+          ],
+          isError: false,
+        } as CallToolResult,
+      }),
+    });
+
+    const result = await runtime.tools[0].execute("call-bundle-probe", {}, undefined, undefined);
+
+    expect(result.content).toEqual([
+      { type: "text", text: "intro" },
+      { type: "text", text: "[Quarterly report] https://example.com/a.docx" },
+      { type: "text", text: "https://example.com/bare" },
+      { type: "text", text: "memo body" },
+      { type: "text", text: "blob://two" },
+      { type: "text", text: "[audio audio/mpeg]" },
+      { type: "image", data: "iVBOR", mimeType: "image/png" },
+    ]);
+  });
+
+  it("coerces a malformed image block (missing base64 source) to text", async () => {
+    // A real-world poison case: image block with undefined data/media_type.
+    const runtime = await materializeBundleMcpToolsForRun({
+      runtime: makeToolRuntime({
+        result: {
+          content: [{ type: "image" } as unknown as CallToolResult["content"][number]],
+          isError: false,
+        } as CallToolResult,
+      }),
+    });
+
+    const result = await runtime.tools[0].execute("call-bundle-probe", {}, undefined, undefined);
+
+    expect(result.content).toHaveLength(1);
+    expect(result.content[0]).toEqual({ type: "text", text: JSON.stringify({ type: "image" }) });
+  });
+
   it("disambiguates bundle MCP tools that collide with existing tool names", async () => {
     const runtime = await materializeBundleMcpToolsForRun({
       runtime: makeToolRuntime(),
