fix: Gemini vision verdict authoritative, add AI manipulation detection

app/agent.py

@@ -91,19 +91,32 @@ def run_text_agent(text: str, url_flags: dict) -> AnalysisResult:
 
 def run_image_agent(gemini_result: dict, fc_result: dict | None = None) -> AnalysisResult:
     gemini_score = gemini_result.get("risk_score", 0.0)
+    is_manipulated = gemini_result.get("is_manipulated", False)
     threat_types = gemini_result.get("threat_types", [])
     explanation = f"Gemini vision analysis: {gemini_result.get('explanation', '')}"
-    
-    base = AnalysisResult(
+
+    # Visual verdict is authoritative — fact-check cannot override it
+    if is_manipulated or gemini_score >= 0.7:
+        verdict = "FAKE"
+    elif gemini_score <= 0.2:
+        verdict = "REAL"
+    else:
+        verdict = "UNVERIFIABLE"
+
+    tool_outputs: dict = {"gemini_vision": gemini_result}
+    if fc_result:
+        tool_outputs["fact_check"] = fc_result
+
+    return AnalysisResult(
         risk_score=gemini_score,
         risk_level=_risk_level(gemini_score),
+        verdict=verdict,
+        content_type="unknown",
         threat_types=threat_types,
         explanation=explanation,
-        tool_outputs={"gemini_vision": gemini_result},
+        simplified_explanation=gemini_result.get("explanation", ""),
+        tool_outputs=tool_outputs,
     )
-    if fc_result:
-        return _merge_factcheck(base, fc_result)
-    return base
 
 
 def run_video_agent(gemini_result: dict, frame_scores: list[float]) -> AnalysisResult:

app/tools/image_tools.py

@@ -88,12 +88,22 @@ def gemini_extract_image_text(image_bytes: bytes, mime_type: str = "image/jpeg")
 def gemini_analyze_image(image_bytes: bytes, mime_type: str = "image/jpeg") -> dict:
     b64 = base64.b64encode(image_bytes).decode()
     system = (
-        "You are an automated cybersecurity image analyst API. Examine the image for: "
-        "fake login pages, phishing screenshots, fake documents, impersonated brands, "
-        "deepfake or AI-generated faces/content. "
-        "Use the Google Search tool to verify any claims, news, or context if needed. "
-        "You MUST return your analysis strictly as a JSON object and absolutely nothing else. "
-        '{"risk_score": <float 0-1>, "threat_types": [<strings>], "explanation": <string>}'
+        "You are a forensic image authenticity expert and cybersecurity analyst. "
+        "Your PRIMARY job is to detect whether this image has been artificially altered, manipulated, or generated. "
+        "Ignore watermarks, logos, and brand names when judging authenticity — focus only on the PIXELS and CONTENT. "
+        "\n\nExamine closely for:"
+        "\n- Face swaps: a face that looks pasted, skin tone mismatch, edge artifacts around the face/hairline"
+        "\n- AI-generated faces: overly smooth skin, symmetrical imperfections, glassy eyes, blurred ear/hair detail"
+        "\n- Photoshop/edit artifacts: inconsistent lighting/shadows, copy-paste regions, clone-stamp patterns, unnatural blurs"
+        "\n- Composite images: mismatched camera perspectives, different image qualities in same frame"
+        "\n- Fake documents: ID cards where the embedded photo doesn't match the person wearing it"
+        "\n- Deepfake video frames: temporal inconsistencies, boundary blending around faces"
+        "\n\nScoring rules:"
+        "\n- If ANY manipulation is detected → risk_score >= 0.7, verdict = FAKE"
+        "\n- If the image looks 100% authentic with no manipulation → risk_score <= 0.2"
+        "\n- Be skeptical. If uncertain, lean towards higher risk_score."
+        "\n\nYou MUST return ONLY valid JSON, nothing else: "
+        '{"risk_score": <float 0-1>, "is_manipulated": <bool>, "threat_types": [<strings>], "explanation": <string>}'
     )
     message = HumanMessage(
         content=[
@@ -102,25 +112,23 @@ def gemini_analyze_image(image_bytes: bytes, mime_type: str = "image/jpeg") -> d
         ]
     )
     from app.tools.retry_utils import execute_with_retry
-    from google.genai import types
-    search_tool = types.Tool(google_search=types.GoogleSearch())
-    
+
     for model in [GEMINI_MODEL] + GEMINI_MODEL_FALLBACKS:
         try:
             resp = execute_with_retry(
                 lambda m=model: ChatGoogleGenerativeAI(
-                    model=m, 
-                    google_api_key=GEMINI_API_KEY, 
+                    model=m,
+                    google_api_key=GEMINI_API_KEY,
                     temperature=0.1
-                ).invoke([message], tools=[search_tool])
+                ).invoke([message])
             )
             raw = resp.content
             if not isinstance(raw, str):
                 raw = str(raw)
-                
             raw = raw.strip().strip("```json").strip("```").strip()
             return json.loads(raw)
         except Exception as e:
             if "429" not in str(e) and "RESOURCE_EXHAUSTED" not in str(e):
                 raise
-    return {"risk_score": 0.0, "threat_types": [], "explanation": "Gemini quota exhausted for all models"}
+    return {"risk_score": 0.0, "is_manipulated": False, "threat_types": [], "explanation": "Gemini quota exhausted for all models"}
+