html2pptx-local-mcp 1.1.24 → 1.1.26

package/cli/dist/dist/commands/edit.js

@@ -1,801 +0,0 @@
-import { createHash, randomBytes, timingSafeEqual } from "node:crypto";
-import { spawn } from "node:child_process";
-import { createServer } from "node:http";
-import { platform } from "node:os";
-import { mkdir, readdir, readFile, realpath, stat, writeFile, } from "node:fs/promises";
-import { dirname, extname, join, relative, resolve, sep, } from "node:path";
-import * as p from "@clack/prompts";
-import pc from "picocolors";
-const AUTO_PORT = 0;
-const MAX_WRITE_BYTES = 5 * 1024 * 1024;
-const MAX_ASSET_BYTES = 8 * 1024 * 1024;
-const ALLOWED_EXTENSIONS = [".html", ".htm"];
-const ALLOWED_EXT = new Set(ALLOWED_EXTENSIONS);
-const ASSET_IMAGE_EXTENSIONS = [".png", ".jpg", ".jpeg", ".gif", ".webp", ".svg", ".avif"];
-const ASSET_IMAGE_EXT = new Set(ASSET_IMAGE_EXTENSIONS);
-const ASSET_CONTENT_TYPES = {
-    ".png": "image/png",
-    ".jpg": "image/jpeg",
-    ".jpeg": "image/jpeg",
-    ".gif": "image/gif",
-    ".webp": "image/webp",
-    ".svg": "image/svg+xml",
-    ".avif": "image/avif",
-};
-const ASSET_CONTENT_TYPE_EXT = {
-    "image/png": ".png",
-    "image/jpeg": ".jpg",
-    "image/gif": ".gif",
-    "image/webp": ".webp",
-    "image/svg+xml": ".svg",
-    "image/avif": ".avif",
-};
-const DISALLOWED_TOP_DIRECTORIES = [
-    "public",
-    ".next",
-    ".git",
-    "node_modules",
-    "app",
-    "pages",
-    "components",
-    "lib",
-    "convex",
-    "scripts",
-    "mcp",
-    "worker",
-    "src",
-];
-const DISALLOWED_TOP_DIRS = new Set(DISALLOWED_TOP_DIRECTORIES);
-const EDITOR_SERVER_STATE_FILE = ".html2pptx/edit-slide/editor-server.json";
-const LEGACY_EDITOR_SERVER_STATE_FILE = ".open-slide/editor-server.json";
-const EDITOR_BASE_URL_EXAMPLE = "http://localhost:<port>";
-function sha256(content) {
-    return createHash("sha256").update(content).digest("hex");
-}
-function sha256Buffer(buf) {
-    return createHash("sha256").update(buf).digest("hex");
-}
-function generateSessionToken() {
-    return randomBytes(32).toString("base64url");
-}
-function toPosixPath(filePath) {
-    return filePath.split(sep).join("/");
-}
-function relativeToRoot(root, abs) {
-    return toPosixPath(relative(root, abs));
-}
-function isLoopbackHostname(hostname) {
-    const host = hostname.replace(/^\[|\]$/g, "").toLowerCase();
-    return (host === "localhost" ||
-        host === "::1" ||
-        host === "0:0:0:0:0:0:0:1" ||
-        /^127(?:\.\d{1,3}){3}$/.test(host));
-}
-function isLoopbackHostHeader(host) {
-    if (!host)
-        return false;
-    try {
-        return isLoopbackHostname(new URL(`http://${host}`).hostname);
-    }
-    catch {
-        return false;
-    }
-}
-function parsePort(value) {
-    if (!value)
-        return AUTO_PORT;
-    const port = Number.parseInt(value, 10);
-    if (!Number.isInteger(port) || port < 0 || port > 65535) {
-        throw new Error("port must be an integer from 0 to 65535");
-    }
-    return port;
-}
-function isAllowedEditorBaseUrl(url) {
-    if (!["http:", "https:"].includes(url.protocol))
-        return false;
-    return isLoopbackHostname(url.hostname);
-}
-function normalizeBaseUrl(raw) {
-    const base = new URL(raw);
-    base.hash = "";
-    base.search = "";
-    if (!isAllowedEditorBaseUrl(base)) {
-        throw new Error(`baseUrl for local file editing must be a loopback http(s) origin such as ${EDITOR_BASE_URL_EXAMPLE}. Hosted editor URLs are not allowed.`);
-    }
-    return base;
-}
-async function readRegisteredEditorBaseUrl(root) {
-    for (const stateFile of [EDITOR_SERVER_STATE_FILE, LEGACY_EDITOR_SERVER_STATE_FILE]) {
-        try {
-            const raw = await readFile(join(root, stateFile), "utf8");
-            const state = JSON.parse(raw);
-            if (typeof state.baseUrl === "string")
-                return state.baseUrl;
-        }
-        catch {
-            // Try the next known state location.
-        }
-    }
-    return null;
-}
-async function resolveEditorBaseUrl(root, explicitBaseUrl) {
-    const raw = explicitBaseUrl || await readRegisteredEditorBaseUrl(root);
-    if (!raw) {
-        throw new Error("Local editor UI is not registered. Start it with `node scripts/dev-studio.mjs`, then rerun `html2pptx edit`, or pass --base-url http://localhost:<port>.");
-    }
-    const baseUrl = normalizeBaseUrl(raw);
-    if (!(await isEditorBaseReachable(baseUrl))) {
-        throw new Error(`Local editor UI is not reachable at ${baseUrl.origin}. Start it with \`node scripts/dev-studio.mjs\`, then rerun \`html2pptx edit\`, or pass the active --base-url.`);
-    }
-    return baseUrl;
-}
-async function isEditorBaseReachable(baseUrl) {
-    const probeUrl = new URL("/api/edit-slide/local-health", baseUrl);
-    const controller = new AbortController();
-    const timer = setTimeout(() => controller.abort(), 7000);
-    try {
-        const response = await fetch(probeUrl, {
-            headers: { accept: "application/json" },
-            signal: controller.signal,
-        });
-        if (!response.ok)
-            return false;
-        const payload = (await response.json());
-        return payload.app === "html2pptx-local-editor" && payload.ok === true;
-    }
-    catch {
-        return false;
-    }
-    finally {
-        clearTimeout(timer);
-    }
-}
-function buildEditorUrl(baseUrl, rel, bridgeUrl, sessionToken) {
-    const editorUrl = new URL("/edit-slide", baseUrl);
-    editorUrl.searchParams.set("file", rel);
-    editorUrl.searchParams.set("bridge", bridgeUrl);
-    editorUrl.hash = new URLSearchParams({ bridgeToken: sessionToken }).toString();
-    return editorUrl;
-}
-function allowedOrigin(origin, editorOrigin) {
-    if (!origin)
-        return true;
-    try {
-        const url = new URL(origin);
-        return url.origin === editorOrigin || isLoopbackHostname(url.hostname);
-    }
-    catch {
-        return false;
-    }
-}
-function applyCors(req, res, editorOrigin) {
-    const origin = req.headers.origin;
-    if (typeof origin === "string" && !allowedOrigin(origin, editorOrigin)) {
-        sendJson(res, 403, { error: "forbidden origin" });
-        return false;
-    }
-    res.setHeader("Vary", "Origin, Access-Control-Request-Headers, Access-Control-Request-Method");
-    res.setHeader("Access-Control-Allow-Origin", typeof origin === "string" ? origin : editorOrigin);
-    res.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "content-type,x-edit-slide-local,x-open-slide-local,x-edit-slide-token");
-    res.setHeader("Access-Control-Allow-Private-Network", "true");
-    return true;
-}
-function sendJson(res, status, payload) {
-    res.statusCode = status;
-    res.setHeader("content-type", "application/json; charset=utf-8");
-    res.end(JSON.stringify(payload));
-}
-async function readExisting(abs) {
-    try {
-        return await readFile(abs, "utf8");
-    }
-    catch (error) {
-        if (error?.code === "ENOENT")
-            return null;
-        throw error;
-    }
-}
-async function resolveReal(abs) {
-    try {
-        return await realpath(abs);
-    }
-    catch {
-        let parent = dirname(abs);
-        while (parent !== dirname(parent)) {
-            try {
-                const realParent = await realpath(parent);
-                return join(realParent, relative(parent, abs));
-            }
-            catch {
-                parent = dirname(parent);
-            }
-        }
-        return abs;
-    }
-}
-async function safePath(ctx, rel) {
-    if (typeof rel !== "string" || !rel) {
-        throw new Error("missing path");
-    }
-    const normalized = rel.replace(/^\/+/, "");
-    const abs = resolve(ctx.root, normalized);
-    if (abs !== ctx.root && !abs.startsWith(ctx.root + sep)) {
-        throw new Error("path escape");
-    }
-    const ext = extname(abs).toLowerCase();
-    if (!ALLOWED_EXT.has(ext)) {
-        throw new Error("only .html/.htm files are allowed");
-    }
-    const real = await resolveReal(abs);
-    if (real !== ctx.root && !real.startsWith(ctx.root + sep)) {
-        throw new Error("path escape via symlink");
-    }
-    for (const candidate of [relative(ctx.root, abs), relative(ctx.root, real)]) {
-        const first = candidate.split(sep)[0];
-        if (DISALLOWED_TOP_DIRS.has(first)) {
-            throw new Error(`writes under ${first}/ are not allowed`);
-        }
-    }
-    return real;
-}
-function buildPolicy(ctx) {
-    return {
-        enabled: true,
-        root: ctx.root,
-        sessionTokenRequired: true,
-        allowedExtensions: ALLOWED_EXTENSIONS,
-        disallowedTopDirectories: DISALLOWED_TOP_DIRECTORIES,
-        stateDirectory: relativeToRoot(ctx.root, ctx.localStateDir),
-        historyEnabled: false,
-        maxWriteBytes: MAX_WRITE_BYTES,
-        requestGuards: [
-            "127.0.0.1 listener only",
-            "matching editor Origin",
-            "per-session bridge token required for reads and writes",
-            "X-Edit-Slide-Local: 1 required for writes",
-            "path traversal and symlink escape checks",
-            "optimistic hash check before writes",
-        ],
-    };
-}
-function tokensMatch(actual, expected) {
-    if (!actual || !expected)
-        return false;
-    const actualBuf = Buffer.from(actual);
-    const expectedBuf = Buffer.from(expected);
-    if (actualBuf.length !== expectedBuf.length)
-        return false;
-    return timingSafeEqual(actualBuf, expectedBuf);
-}
-function requestToken(req, reqUrl) {
-    const headerToken = req.headers["x-edit-slide-token"];
-    if (typeof headerToken === "string" && headerToken)
-        return headerToken;
-    return reqUrl.searchParams.get("token") || "";
-}
-function validateBridgeRequest(req, ctx, reqUrl) {
-    if (!isLoopbackHostHeader(req.headers.host)) {
-        return false;
-    }
-    if (!allowedOrigin(typeof req.headers.origin === "string" ? req.headers.origin : undefined, ctx.editorOrigin)) {
-        return false;
-    }
-    return tokensMatch(requestToken(req, reqUrl), ctx.sessionToken);
-}
-async function readFileMeta(ctx, abs) {
-    const content = await readFile(abs, "utf8");
-    const fileStat = await stat(abs);
-    return {
-        path: relativeToRoot(ctx.root, abs),
-        size: content.length,
-        bytes: Buffer.byteLength(content, "utf8"),
-        sha256: sha256(content),
-        mtimeMs: fileStat.mtimeMs,
-    };
-}
-function validateWriteRequest(req, ctx, reqUrl) {
-    if (!validateBridgeRequest(req, ctx, reqUrl)) {
-        return false;
-    }
-    return (req.headers["x-edit-slide-local"] === "1" ||
-        req.headers["x-open-slide-local"] === "1");
-}
-async function readBody(req, maxBytes = MAX_WRITE_BYTES) {
-    const chunks = [];
-    let total = 0;
-    for await (const chunk of req) {
-        const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
-        total += buf.length;
-        if (total > maxBytes + 1024 * 1024) {
-            throw new Error("request body too large");
-        }
-        chunks.push(buf);
-    }
-    return Buffer.concat(chunks).toString("utf8");
-}
-async function handleGet(ctx, req, reqUrl, res) {
-    if (!validateBridgeRequest(req, ctx, reqUrl)) {
-        sendJson(res, 403, { error: "forbidden" });
-        return;
-    }
-    if (reqUrl.searchParams.get("policy") === "1") {
-        sendJson(res, 200, { policy: buildPolicy(ctx) });
-        return;
-    }
-    const rel = reqUrl.searchParams.get("path");
-    try {
-        const abs = await safePath(ctx, rel || "");
-        if (reqUrl.searchParams.get("versions") === "1") {
-            sendJson(res, 200, {
-                path: relativeToRoot(ctx.root, abs),
-                current: await readFileMeta(ctx, abs),
-                versions: [],
-                policy: buildPolicy(ctx),
-            });
-            return;
-        }
-        const versionId = reqUrl.searchParams.get("version");
-        if (versionId) {
-            sendJson(res, 410, { error: "version history disabled" });
-            return;
-        }
-        if (reqUrl.searchParams.get("meta") === "1") {
-            sendJson(res, 200, {
-                ...(await readFileMeta(ctx, abs)),
-                policy: buildPolicy(ctx),
-            });
-            return;
-        }
-        const content = await readFile(abs, "utf8");
-        const fileStat = await stat(abs);
-        const contentHash = sha256(content);
-        sendJson(res, 200, {
-            path: relativeToRoot(ctx.root, abs),
-            content,
-            size: content.length,
-            bytes: Buffer.byteLength(content, "utf8"),
-            sha256: contentHash,
-            mtimeMs: fileStat.mtimeMs,
-            policy: buildPolicy(ctx),
-        });
-    }
-    catch (error) {
-        const message = error?.message || "read failed";
-        const status = error?.status || (message.includes("ENOENT") ? 404 : 400);
-        sendJson(res, status, { error: message });
-    }
-}
-async function handlePost(ctx, req, res) {
-    const reqUrl = new URL(req.url || "/", `http://${req.headers.host || "127.0.0.1"}`);
-    if (!validateWriteRequest(req, ctx, reqUrl)) {
-        sendJson(res, 403, { error: "forbidden" });
-        return;
-    }
-    let body;
-    try {
-        body = JSON.parse(await readBody(req));
-    }
-    catch (error) {
-        sendJson(res, 400, { error: error?.message || "invalid json" });
-        return;
-    }
-    const { path: rel, content, baseHash, restoreVersion } = body || {};
-    if (typeof restoreVersion === "string" && restoreVersion) {
-        sendJson(res, 410, { error: "version history disabled" });
-        return;
-    }
-    if (typeof content !== "string") {
-        sendJson(res, 400, { error: "missing content" });
-        return;
-    }
-    if (Buffer.byteLength(content, "utf8") > MAX_WRITE_BYTES) {
-        sendJson(res, 413, { error: "content too large (>5MB)" });
-        return;
-    }
-    try {
-        const abs = await safePath(ctx, rel || "");
-        const before = await readExisting(abs);
-        const beforeHash = before == null ? null : sha256(before);
-        if (beforeHash !== null && typeof baseHash !== "string") {
-            sendJson(res, 428, { error: "missing baseHash for existing file", currentHash: beforeHash });
-            return;
-        }
-        if (beforeHash === null && baseHash != null) {
-            sendJson(res, 409, { error: "baseHash supplied for a new file", currentHash: null });
-            return;
-        }
-        if (beforeHash !== null && baseHash !== beforeHash) {
-            sendJson(res, 409, {
-                error: "file changed on disk; reload before saving",
-                conflict: true,
-                path: relativeToRoot(ctx.root, abs),
-                expectedHash: baseHash,
-                currentHash: beforeHash,
-                policy: buildPolicy(ctx),
-            });
-            return;
-        }
-        const afterHash = sha256(content);
-        if (beforeHash === afterHash) {
-            const fileStat = await stat(abs);
-            sendJson(res, 200, {
-                ok: true,
-                path: relativeToRoot(ctx.root, abs),
-                bytes: Buffer.byteLength(content, "utf8"),
-                sha256: afterHash,
-                beforeHash,
-                backupPath: null,
-                mtimeMs: fileStat.mtimeMs,
-                policy: buildPolicy(ctx),
-            });
-            return;
-        }
-        await mkdir(dirname(abs), { recursive: true });
-        await writeFile(abs, content, "utf8");
-        const fileStat = await stat(abs);
-        const bytes = Buffer.byteLength(content, "utf8");
-        sendJson(res, 200, {
-            ok: true,
-            path: relativeToRoot(ctx.root, abs),
-            bytes,
-            sha256: afterHash,
-            beforeHash,
-            backupPath: null,
-            mtimeMs: fileStat.mtimeMs,
-            policy: buildPolicy(ctx),
-        });
-    }
-    catch (error) {
-        sendJson(res, 400, { error: error?.message || "write failed" });
-    }
-}
-async function safeAssetPath(ctx, rel) {
-    if (typeof rel !== "string" || !rel) {
-        throw new Error("missing path");
-    }
-    const normalized = rel.replace(/^\/+/, "");
-    const abs = resolve(ctx.root, normalized);
-    if (abs !== ctx.root && !abs.startsWith(ctx.root + sep)) {
-        throw new Error("path escape");
-    }
-    const ext = extname(abs).toLowerCase();
-    if (!ASSET_IMAGE_EXT.has(ext)) {
-        throw new Error("only image files are allowed");
-    }
-    const real = await resolveReal(abs);
-    if (real !== ctx.root && !real.startsWith(ctx.root + sep)) {
-        throw new Error("path escape via symlink");
-    }
-    for (const candidate of [relative(ctx.root, abs), relative(ctx.root, real)]) {
-        const first = candidate.split(sep)[0];
-        if (DISALLOWED_TOP_DIRS.has(first)) {
-            throw new Error(`assets under ${first}/ are not allowed`);
-        }
-    }
-    return real;
-}
-function assetExt(name, contentType) {
-    const fromName = extname(String(name || "")).toLowerCase();
-    if (ASSET_IMAGE_EXT.has(fromName))
-        return fromName;
-    return ASSET_CONTENT_TYPE_EXT[String(contentType || "").toLowerCase()] || "";
-}
-function assetSlug(name) {
-    const base = String(name || "image").replace(/\.[^.]+$/, "");
-    const slug = base
-        .normalize("NFKD")
-        .replace(/[^\w.-]+/g, "-")
-        .replace(/^[-.]+|[-.]+$/g, "")
-        .toLowerCase();
-    return slug || "image";
-}
-function assetDirRel(scope, htmlDirRel) {
-    if (scope === "global")
-        return "assets";
-    return htmlDirRel ? join(htmlDirRel, "assets") : "assets";
-}
-async function readBytesOrNull(abs) {
-    try {
-        return await readFile(abs);
-    }
-    catch (error) {
-        if (error?.code === "ENOENT")
-            return null;
-        throw error;
-    }
-}
-function sendBinary(res, status, contentType, buf) {
-    res.statusCode = status;
-    res.setHeader("content-type", contentType);
-    res.setHeader("cache-control", "no-store");
-    res.setHeader("x-content-type-options", "nosniff");
-    res.setHeader("content-security-policy", "sandbox; default-src 'none'; style-src 'unsafe-inline'");
-    res.end(buf);
-}
-async function handleAssetGet(ctx, req, reqUrl, res) {
-    if (!validateBridgeRequest(req, ctx, reqUrl)) {
-        sendJson(res, 403, { error: "forbidden" });
-        return;
-    }
-    const file = reqUrl.searchParams.get("file") || "";
-    const htmlDirRel = file ? dirname(file) : "";
-    if (reqUrl.searchParams.get("list") === "1") {
-        const scope = reqUrl.searchParams.get("scope") === "global" ? "global" : "project";
-        const dirRel = assetDirRel(scope, htmlDirRel);
-        const absDir = resolve(ctx.root, dirRel);
-        const htmlDirAbs = resolve(ctx.root, htmlDirRel || ".");
-        let assets = [];
-        try {
-            if (absDir === ctx.root || absDir.startsWith(ctx.root + sep)) {
-                const names = await readdir(absDir);
-                assets = names
-                    .filter((name) => ASSET_IMAGE_EXT.has(extname(name).toLowerCase()))
-                    .map((name) => ({
-                    name,
-                    src: toPosixPath(relative(htmlDirAbs, join(absDir, name))),
-                }));
-            }
-        }
-        catch {
-            assets = [];
-        }
-        sendJson(res, 200, { assets, policy: buildPolicy(ctx) });
-        return;
-    }
-    const src = reqUrl.searchParams.get("src") || "";
-    if (!src) {
-        sendJson(res, 400, { error: "missing src" });
-        return;
-    }
-    try {
-        const abs = await safeAssetPath(ctx, join(htmlDirRel, src));
-        const buf = await readFile(abs);
-        const ext = extname(abs).toLowerCase();
-        sendBinary(res, 200, ASSET_CONTENT_TYPES[ext] || "application/octet-stream", buf);
-    }
-    catch (error) {
-        const message = error?.message || "read failed";
-        const status = message.includes("ENOENT") ? 404 : 400;
-        sendJson(res, status, { error: message });
-    }
-}
-async function handleAssetPost(ctx, req, res) {
-    const reqUrl = new URL(req.url || "/", `http://${req.headers.host || "127.0.0.1"}`);
-    if (!validateWriteRequest(req, ctx, reqUrl)) {
-        sendJson(res, 403, { error: "forbidden" });
-        return;
-    }
-    let body;
-    try {
-        body = JSON.parse(await readBody(req, MAX_ASSET_BYTES * 2));
-    }
-    catch (error) {
-        sendJson(res, 400, { error: error?.message || "invalid json" });
-        return;
-    }
-    const { file, scope: rawScope, name, contentType, dataBase64 } = body || {};
-    if (typeof dataBase64 !== "string" || !dataBase64) {
-        sendJson(res, 400, { error: "missing image data" });
-        return;
-    }
-    const buf = Buffer.from(dataBase64, "base64");
-    if (!buf.length) {
-        sendJson(res, 400, { error: "empty image data" });
-        return;
-    }
-    if (buf.length > MAX_ASSET_BYTES) {
-        sendJson(res, 413, { error: "image too large (>8MB)" });
-        return;
-    }
-    const ext = assetExt(name, contentType);
-    if (!ASSET_IMAGE_EXT.has(ext)) {
-        sendJson(res, 400, { error: "unsupported image type" });
-        return;
-    }
-    const scope = rawScope === "global" ? "global" : "project";
-    const htmlDirRel = typeof file === "string" && file ? dirname(file) : "";
-    const htmlDirAbs = resolve(ctx.root, htmlDirRel || ".");
-    const dirRel = assetDirRel(scope, htmlDirRel);
-    const slug = assetSlug(name);
-    try {
-        let fileName = `${slug}${ext}`;
-        let absTarget = await safeAssetPath(ctx, join(dirRel, fileName));
-        const existing = await readBytesOrNull(absTarget);
-        if (existing && !existing.equals(buf)) {
-            fileName = `${slug}-${sha256Buffer(buf).slice(0, 8)}${ext}`;
-            absTarget = await safeAssetPath(ctx, join(dirRel, fileName));
-        }
-        const alreadyIdentical = Boolean(existing && existing.equals(buf));
-        if (!alreadyIdentical) {
-            await mkdir(dirname(absTarget), { recursive: true });
-            await writeFile(absTarget, buf);
-        }
-        sendJson(res, 200, {
-            ok: true,
-            scope,
-            name: fileName,
-            path: toPosixPath(relative(ctx.root, absTarget)),
-            src: toPosixPath(relative(htmlDirAbs, absTarget)),
-            bytes: buf.length,
-            reused: alreadyIdentical,
-            policy: buildPolicy(ctx),
-        });
-    }
-    catch (error) {
-        sendJson(res, 400, { error: error?.message || "asset write failed" });
-    }
-}
-function createBridgeServer(ctx) {
-    return createServer(async (req, res) => {
-        if (!applyCors(req, res, ctx.editorOrigin))
-            return;
-        if (req.method === "OPTIONS") {
-            res.statusCode = 204;
-            res.end();
-            return;
-        }
-        if (!isLoopbackHostHeader(req.headers.host)) {
-            sendJson(res, 403, { error: "forbidden host" });
-            return;
-        }
-        const reqUrl = new URL(req.url || "/", `http://${req.headers.host || "127.0.0.1"}`);
-        if (reqUrl.pathname === "/") {
-            sendJson(res, 200, { ok: true, service: "html2pptx edit bridge", root: ctx.root });
-            return;
-        }
-        if (reqUrl.pathname === "/api/edit-slide/asset") {
-            if (req.method === "GET") {
-                await handleAssetGet(ctx, req, reqUrl, res);
-                return;
-            }
-            if (req.method === "POST") {
-                await handleAssetPost(ctx, req, res);
-                return;
-            }
-            sendJson(res, 405, { error: "method not allowed" });
-            return;
-        }
-        if (reqUrl.pathname !== "/api/edit-slide/file") {
-            sendJson(res, 404, { error: "not found" });
-            return;
-        }
-        if (req.method === "GET") {
-            await handleGet(ctx, req, reqUrl, res);
-            return;
-        }
-        if (req.method === "POST") {
-            await handlePost(ctx, req, res);
-            return;
-        }
-        sendJson(res, 405, { error: "method not allowed" });
-    });
-}
-function listen(server, requestedPort) {
-    return new Promise((resolveListen, rejectListen) => {
-        const onError = (error) => {
-            server.off("listening", onListening);
-            rejectListen(error);
-        };
-        const onListening = () => {
-            server.off("error", onError);
-            const address = server.address();
-            if (!address || typeof address === "string") {
-                rejectListen(new Error("failed to read bridge port"));
-                return;
-            }
-            resolveListen(address.port);
-        };
-        server.once("error", onError);
-        server.once("listening", onListening);
-        server.listen(requestedPort, "127.0.0.1");
-    });
-}
-function openUrl(url) {
-    const os = platform();
-    const child = os === "darwin"
-        ? spawn("open", [url], { detached: true, stdio: "ignore" })
-        : os === "win32"
-            ? spawn("cmd", ["/c", "start", "", url], { detached: true, stdio: "ignore" })
-            : spawn("xdg-open", [url], { detached: true, stdio: "ignore" });
-    child.unref();
-}
-function stopOnSignal(server) {
-    for (const signal of ["SIGINT", "SIGTERM"]) {
-        process.once(signal, () => {
-            server.close(() => process.exit(0));
-        });
-    }
-}
-function bail(message, options) {
-    if (options.json) {
-        console.log(JSON.stringify({ success: false, error: message }));
-    }
-    else {
-        p.log.error(message);
-    }
-    process.exit(1);
-}
-export async function editCommand(input, options = {}) {
-    const noOpen = options.noOpen === true || options.open === false;
-    const normalizedOptions = { ...options, noOpen };
-    if (!input) {
-        bail("HTML file path is required. Example: html2pptx edit ./html2pptx/slides.html", normalizedOptions);
-    }
-    const root = await realpath(process.cwd());
-    const abs = resolve(root, input);
-    const rel = relativeToRoot(root, abs);
-    const ext = extname(abs).toLowerCase();
-    if (!ALLOWED_EXT.has(ext)) {
-        bail("Only .html/.htm files can be opened in the editor.", normalizedOptions);
-    }
-    if (abs !== root && !abs.startsWith(root + sep)) {
-        bail("The file must be inside the current working directory.", normalizedOptions);
-    }
-    try {
-        await stat(abs);
-    }
-    catch {
-        bail(`File not found: ${rel}`, normalizedOptions);
-    }
-    let baseUrl;
-    let requestedPort;
-    try {
-        baseUrl = await resolveEditorBaseUrl(root, options.baseUrl);
-        requestedPort = parsePort(options.port);
-    }
-    catch (error) {
-        bail(error.message, normalizedOptions);
-    }
-    const ctx = {
-        root,
-        editorOrigin: baseUrl.origin,
-        localStateDir: join(root, ".html2pptx", "edit-slide"),
-        sessionToken: generateSessionToken(),
-    };
-    const server = createBridgeServer(ctx);
-    let bridgePort;
-    try {
-        bridgePort = await listen(server, requestedPort);
-    }
-    catch (error) {
-        bail(error.message || "failed to start local edit bridge", options);
-    }
-    const bridgeUrl = `http://127.0.0.1:${bridgePort}`;
-    const editorUrl = buildEditorUrl(baseUrl, rel, bridgeUrl, ctx.sessionToken);
-    if (normalizedOptions.json) {
-        console.log(JSON.stringify({
-            success: true,
-            editorUrl: editorUrl.toString(),
-            bridgeUrl,
-            sessionTokenRequired: true,
-            file: rel,
-            root,
-        }));
-    }
-    else {
-        p.log.success(`Local edit bridge listening on ${pc.cyan(bridgeUrl)} ${pc.dim("(session token required)")}`);
-        if (normalizedOptions.noOpen) {
-            p.log.info(`Open in editor: ${pc.cyan(editorUrl.toString())}`);
-        }
-        else {
-            p.log.info("Opening the editor in your browser. Use --no-open to print the tokenized URL instead.");
-        }
-        p.log.info(pc.dim("Press Ctrl+C to stop the bridge."));
-    }
-    if (!normalizedOptions.noOpen) {
-        openUrl(editorUrl.toString());
-    }
-    stopOnSignal(server);
-    await new Promise((resolveClose) => server.on("close", resolveClose));
-}
-export const editCommandInternalsForTest = {
-    buildEditorUrl,
-    createBridgeServer,
-    generateSessionToken,
-    listen,
-    normalizeBaseUrl,
-    parsePort,
-    readRegisteredEditorBaseUrl,
-    resolveEditorBaseUrl,
-};