>>> [!note] Migrated issue <!-- Drupal.org comment --> <!-- Migrated from issue #3572774. --> Reported by: [abhisekmazumdar](https://www.drupal.org/user/3557964) Related to !73 >>> <h3 id="summary-problem-motivation">Problem/Motivation</h3> <p>The Tool API enables to be invoked by AI agents, which may include operations on files. We need to research how Tools should accept and process file inputs securely.</p> <p><em>This is a PoC and research work</em></p> <p>This means that after the research and proof of concept work, a few decisions will be made. All the required issue will be created, which may be included in this module or another one.</p> <h4>Key research areas include</h4> <ul> <li>Input formats</li> <li>File loading</li> <li>Normalization and schema</li> <li>Security considerations</li> </ul> <p>This issue will collect findings and outline a recommended approach. The outcome should be a clear design for how the Tool API will accept file inputs (URIs, paths, or URLs), how it converts them to actual files, and how it enforces Drupal&rsquo;s file access rules. Ensuring normalized input handling and strict permission checks will be key to secure file processing in AI-powered tools</p> <p><em>Disclaimer: I shared my high-level thoughts to Claude and the current capabilities of the tools module in context. I received a few suggestions regarding this issue from there. So yes, AI has been used to draft this issue.</em></p>