drupal/ai_recipe_validations_image_safety

Blocks image uploads to Media: Image that contain nudity, sexually suggestive content, gore, graphic violence, or graphic medical imagery. Uses AI Validations and any vision-capable AI provider.

Maintainers

Package info

git.drupalcode.org/project/ai_recipe_validations_image_safety.git

Homepage

Type:drupal-recipe

pkg:composer/drupal/ai_recipe_validations_image_safety

Statistics

Installs: 5

Dependents: 0

Suggesters: 0

Security

Advisories: 0

Aikido package health analysis

1.0.x-dev 2026-06-12 14:15 UTC

Requires

  • drupal/ai: ^1.4
  • drupal/ai_validations: ^1.3
  • drupal/core: ^10.3 || ^11
  • drupal/field_validation: ^3.0

GPL-2.0-or-later 8a2aede194a980d0f6aee29154dde2b0d92d2486

This package is auto-updated.

Last update: 2026-06-12 18:16:34 UTC

README

Blocks image uploads to the Media: Image bundle that contain nudity, sexually suggestive content, gore, graphic violence, or graphic medical imagery. Uses AI Validations with any vision-capable AI provider.

Requirements

  • Drupal 10.3+ or 11
  • AI module 1.4 or newer (provides the verifySetupAi config action and the ai_provider_configuration form element)
  • AI Validations (standalone) 1.3 or newer — the shipped rule stores an empty provider, which this version resolves to the site default both in the rule form ("Default" option) and at validation time (see #3586397). Until a 1.3.x release is tagged, install it with composer require drupal/ai_validations:1.3.x-dev.
  • A configured default provider for the chat_with_image_vision operation type (OpenAI GPT-4o, Anthropic Claude 3.5 Sonnet, Google Gemini 1.5 Pro, etc.) at /admin/config/ai/settings → Default Providers

Note: the AI module still bundles a deprecated copy of ai_validations. When the standalone package is installed, Drupal's extension discovery automatically prefers it (shallower path wins) — no uninstall/reinstall is needed on existing sites, just a cache rebuild. Without the standalone package, the deprecated copy treats the recipe's empty provider as an error and blocks every upload with "No AI provider specified to do validation".

Apply

composer require drupal/ai_recipe_validations_image_safety
php core/scripts/drupal recipe ../recipes/ai_recipe_validations_image_safety
drush cache:rebuild

If chat_with_image_vision has no default model configured, the recipe apply will abort and roll back with a message from the AI module's verifySetupAi action. Configure a default model and re-run.

What it does

  • Applies core's image_media_type recipe first (creates the Media: Image bundle if it does not exist).
  • Installs ai, ai_validations, and field_validation.
  • Creates a field validation rule set media_image attached to the Media: Image bundle's field_media_image field.
  • Runs the AI image constraint on the target_id column in entity validation mode — catches UI uploads, JSON:API posts, and programmatic saves alike.

Adjusting the threshold

Default behavior blocks anything outside the "Safe" tier (Flickr-style classification). To allow "Moderate" content and block only "Restricted":

  1. Go to Structure → Field Validation → AI image safety (Media: Image)
  2. Edit the Block unsafe imagery rule
  3. Replace the === DECISION === block of the prompt with:
    - If the image is SAFE or MODERATE, respond with: XTRUE
- If the image is RESTRICTED, respond with: XFALSE

Cost note

Every image upload triggers one vision-model API call. Bulk migrations, imports, or high-volume user upload flows will incur proportional cost. Test with your provider's pricing before rolling out to production.

Issue queue

Bugs and feature requests: https://www.drupal.org/project/issues/ai_recipe_validations_image_safety