ima2-gen 1.0.3 → 1.0.5

package/bin/commands/show.js

@@ -1,8 +1,7 @@
 import { parseArgs } from "../lib/args.js";
 import { resolveServer, request } from "../lib/client.js";
-import { execSync } from "node:child_process";
+import { openUrl } from "../lib/platform.js";
 import { out, die, color, json, exitCodeForError } from "../lib/output.js";
-import { join } from "node:path";
 
 const SPEC = {
   flags: {
@@ -42,16 +41,8 @@ export default async function showCmd(argv) {
 
   if (args.reveal) {
     const url = item.url ? `${server.base}${item.url}` : null;
-    try {
-      if (process.platform === "darwin") {
-        execSync(`open "${server.base}${item.url || ""}"`);
-      } else if (process.platform === "win32") {
-        execSync(`start "" "${url}"`);
-      } else {
-        execSync(`xdg-open "${url}"`);
-      }
-    } catch {
-      out(color.yellow("(could not reveal)"));
-    }
+    if (!url) { out(color.yellow("(no url)")); return; }
+    const res = openUrl(url);
+    if (!res.ok) out(color.yellow("(could not reveal)"));
   }
 }

package/bin/ima2.js

@@ -5,12 +5,18 @@ import { join, dirname } from "path";
 import { fileURLToPath } from "url";
 import { spawn, execSync } from "child_process";
 import { networkInterfaces, homedir } from "os";
+import { openUrl, resolveBin } from "./lib/platform.js";
+import { detectCodexAuth } from "../lib/codexDetect.js";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const ROOT = join(__dirname, "..");
 const HOME = homedir();
-const CONFIG_DIR = join(ROOT, ".ima2");
+// Config lives in $IMA2_CONFIG_DIR (tests) or ~/.ima2 to match server.js and
+// ~/.ima2/server.json advertise path. Legacy installs that stored config at
+// <packageRoot>/.ima2/config.json will be migrated on first write.
+const CONFIG_DIR = process.env.IMA2_CONFIG_DIR || join(HOME, ".ima2");
 const CONFIG_FILE = join(CONFIG_DIR, "config.json");
+const LEGACY_CONFIG_FILE = join(ROOT, ".ima2", "config.json");
 
 // Load package.json for version
 let pkg = { version: "?", name: "ima2-gen" };
@@ -22,6 +28,10 @@ function loadConfig() {
   if (existsSync(CONFIG_FILE)) {
     return JSON.parse(readFileSync(CONFIG_FILE, "utf-8"));
   }
+  // One-time read from legacy location so users who set up on <1.0.4 don't lose auth.
+  if (existsSync(LEGACY_CONFIG_FILE)) {
+    try { return JSON.parse(readFileSync(LEGACY_CONFIG_FILE, "utf-8")); } catch {}
+  }
   return {};
 }
 
@@ -58,22 +68,27 @@ async function setup() {
     saveConfig(config);
     console.log("\n  Starting OAuth login...\n");
 
-    // Check if codex auth exists
-    const hasAuth =
-      existsSync(join(HOME, ".codex", "auth.json")) ||
-      existsSync(join(HOME, ".chatgpt-local", "auth.json"));
+    // Check if codex auth exists (file OR keyring via `codex login status`)
+    const auth = detectCodexAuth();
+    const hasAuth = auth.authed;
 
     if (!hasAuth) {
+      if (auth.platform === "win32") {
+        console.log(
+          "  Windows note: OpenAI Codex has no documented native installer. Use WSL2 for best results.\n",
+        );
+      }
       console.log("  Running 'codex login' — follow the browser prompt.\n");
       try {
-        execSync("npx @openai/codex login", { stdio: "inherit" });
+        execSync(`${resolveBin("npx")} @openai/codex login`, { stdio: "inherit" });
       } catch {
         console.log("\n  Login failed or cancelled. You can retry with 'ima2 serve'.\n");
         rl.close();
         process.exit(1);
       }
     } else {
-      console.log("  Existing OAuth session found.\n");
+      const how = auth.probe === "authed" ? "codex CLI" : "auth file";
+      console.log(`  Existing OAuth session found (${how}).\n`);
     }
 
     saveConfig(config);
@@ -98,7 +113,7 @@ async function serve() {
     if (hasUiSrc) {
       console.log("\n  ui/dist missing — running 'npm run build' first...\n");
       try {
-        execSync("npm run build", { stdio: "inherit", cwd: ROOT });
+        execSync(`${resolveBin("npm")} run build`, { stdio: "inherit", cwd: ROOT });
       } catch {
         console.log("\n  Build failed. Try: cd ui && npm install && npm run build\n");
         process.exit(1);
@@ -147,12 +162,22 @@ async function showStatus() {
     console.log("  Run 'ima2 setup' to configure.\n");
   }
 
-  // Check OAuth auth files
-  const hasCodexAuth = existsSync(join(HOME, ".codex", "auth.json"));
-  const hasChatgptAuth = existsSync(join(HOME, ".chatgpt-local", "auth.json"));
+  // Check OAuth auth files + codex CLI probe
+  const auth = detectCodexAuth();
   console.log(`  OAuth sessions:`);
-  console.log(`    ~/.codex/auth.json          ${hasCodexAuth ? "✓" : "✗"}`);
-  console.log(`    ~/.chatgpt-local/auth.json  ${hasChatgptAuth ? "✓" : "✗"}`);
+  console.log(`    ${auth.files.codex}          ${auth.fileHits.codex ? "✓" : "✗"}`);
+  console.log(`    ${auth.files.chatgpt}  ${auth.fileHits.chatgpt ? "✓" : "✗"}`);
+  if (auth.fileHits.xdgCodex) {
+    console.log(`    ${auth.files.xdgCodex}  ✓`);
+  }
+  const probeLabel =
+    auth.probe === "authed" ? "✓ authed"
+    : auth.probe === "unauthed" ? "✗ not logged in"
+    : "– codex CLI not found";
+  console.log(`    codex login status           ${probeLabel}`);
+  if (auth.platform === "win32") {
+    console.log("    (Windows: no native codex installer — use WSL2)");
+  }
   console.log("");
 }
 
@@ -219,17 +244,10 @@ async function doctor() {
 function openBrowser() {
   const port = process.env.PORT || 3333;
   const url = `http://localhost:${port}`;
-
-  const platform = process.platform;
-  let cmd;
-  if (platform === "darwin") cmd = "open";
-  else if (platform === "win32") cmd = "start";
-  else cmd = "xdg-open";
-
-  try {
-    execSync(`${cmd} ${url}`, { stdio: "ignore" });
+  const res = openUrl(url);
+  if (res.ok) {
     console.log(`\n  Opening ${url} ...\n`);
-  } catch {
+  } else {
     console.log(`\n  Could not open browser. Visit: ${url}\n`);
   }
 }

package/bin/lib/platform.js

@@ -0,0 +1,97 @@
+// Cross-platform helpers (Windows / macOS / Linux / WSL).
+// Keep this file tiny & dependency-free. Node 18+ only.
+
+import { spawn, execSync } from "node:child_process";
+import { readFileSync } from "node:fs";
+
+export const isWin = process.platform === "win32";
+export const isMac = process.platform === "darwin";
+export const isLinux = !isWin && !isMac;
+
+let _wslCached = null;
+export function isWsl() {
+  if (_wslCached !== null) return _wslCached;
+  if (!isLinux) return (_wslCached = false);
+  try {
+    _wslCached = readFileSync("/proc/version", "utf-8").toLowerCase().includes("microsoft");
+  } catch {
+    _wslCached = false;
+  }
+  return _wslCached;
+}
+
+export function hasDesktopSession() {
+  return Boolean(process.env.DISPLAY || process.env.WAYLAND_DISPLAY);
+}
+
+/**
+ * Resolve an executable name that differs between Windows and Unix.
+ * On Windows, npm global shims are .cmd files; spawn() without shell:true
+ * cannot resolve them and fails with ENOENT.
+ */
+export function resolveBin(name) {
+  return isWin ? `${name}.cmd` : name;
+}
+
+/**
+ * spawn() wrapper that works for npm/npx/any PATH-resolved exe on Windows.
+ */
+export function spawnBin(name, args, opts = {}) {
+  if (isWin) {
+    // Node 24 on Windows can throw EINVAL when spawning PATH-resolved .cmd
+    // shims directly with piped stdio. Routing through cmd.exe avoids that.
+    return spawn("cmd.exe", ["/d", "/s", "/c", `${name} ${args.join(" ")}`], {
+      windowsHide: true,
+      ...opts,
+    });
+  }
+  return spawn(resolveBin(name), args, { windowsHide: true, ...opts });
+}
+
+/**
+ * Open a URL in the user's default browser.
+ * Returns { ok: boolean, error?: string }.
+ * Handles WSL (via powershell.exe) and refuses on headless Linux without DISPLAY.
+ */
+export function openUrl(url) {
+  try {
+    if (isMac) {
+      execSync(`open ${JSON.stringify(url)}`, { stdio: "ignore" });
+    } else if (isWin) {
+      execSync(`cmd /c start "" ${JSON.stringify(url)}`, { stdio: "ignore" });
+    } else if (isWsl()) {
+      // WSL: hand off to Windows via powershell
+      execSync(`powershell.exe -NoProfile -Command Start-Process ${JSON.stringify(url)}`, { stdio: "ignore" });
+    } else {
+      if (!hasDesktopSession()) {
+        return { ok: false, error: "no desktop session (DISPLAY/WAYLAND_DISPLAY unset)" };
+      }
+      execSync(`xdg-open ${JSON.stringify(url)}`, { stdio: "ignore" });
+    }
+    return { ok: true };
+  } catch (e) {
+    return { ok: false, error: e.message || String(e) };
+  }
+}
+
+/**
+ * Register graceful shutdown handlers.
+ * Windows does NOT raise SIGTERM from the OS — SIGINT (Ctrl+C) and SIGBREAK
+ * (Ctrl+Break) are the observable signals. We still register SIGTERM so that
+ * Node-internal `child.kill("SIGTERM")` calls work in tests.
+ */
+export function onShutdown(handler) {
+  const signals = isWin
+    ? ["SIGINT", "SIGTERM", "SIGBREAK"]
+    : ["SIGINT", "SIGTERM", "SIGHUP"];
+  for (const sig of signals) {
+    try {
+      process.on(sig, () => {
+        try { handler(sig); } finally { process.exit(0); }
+      });
+    } catch {
+      // Some signals aren't installable on certain platforms; ignore.
+    }
+  }
+}
+

package/lib/assetLifecycle.js

@@ -0,0 +1,120 @@
+import { getDb } from "./db.js";
+import { rename, unlink, mkdir, access } from "fs/promises";
+import { join, resolve, sep } from "path";
+
+const DIR = "generated";
+const TRASH = ".trash";
+const TRASH_TTL_MS = 10_000;
+
+function resolveInGenerated(rootDir, relPath) {
+  if (typeof relPath !== "string" || relPath.length === 0) {
+    const err = new Error("filename required");
+    err.status = 400;
+    err.code = "INVALID_FILENAME";
+    throw err;
+  }
+  if (relPath.includes("\0")) {
+    const err = new Error("invalid filename");
+    err.status = 400;
+    err.code = "INVALID_FILENAME";
+    throw err;
+  }
+  const baseDir = resolve(rootDir, DIR);
+  const target = resolve(baseDir, relPath);
+  if (target !== baseDir && !target.startsWith(baseDir + sep)) {
+    const err = new Error("filename escapes generated/");
+    err.status = 400;
+    err.code = "INVALID_FILENAME";
+    throw err;
+  }
+  return target;
+}
+
+function nodesReferencingFilename(filename) {
+  // The client stores imageUrl as `/generated/<encoded filename>` in node data JSON.
+  // We scan all sessions' nodes for substring match on the decoded and encoded forms.
+  const db = getDb();
+  const encoded = encodeURIComponent(filename);
+  const rows = db
+    .prepare("SELECT session_id AS sessionId, id, data FROM nodes WHERE data LIKE ? OR data LIKE ?")
+    .all(`%${filename}%`, `%${encoded}%`);
+  return rows;
+}
+
+function markNodesAssetMissing(filename) {
+  const db = getDb();
+  const rows = nodesReferencingFilename(filename);
+  if (rows.length === 0) return { sessionsTouched: 0, nodesTouched: 0 };
+  const touchedSessions = new Set();
+  const update = db.prepare("UPDATE nodes SET data = ? WHERE session_id = ? AND id = ?");
+  const bumpSession = db.prepare("UPDATE sessions SET graph_version = graph_version + 1, updated_at = ? WHERE id = ?");
+  const tx = db.transaction(() => {
+    for (const r of rows) {
+      let data;
+      try { data = JSON.parse(r.data); } catch { data = {}; }
+      const imgRef = data?.imageUrl || "";
+      if (imgRef.includes(filename) || imgRef.includes(encodeURIComponent(filename))) {
+        data.imageUrl = null;
+        data.status = "asset-missing";
+        update.run(JSON.stringify(data), r.sessionId, r.id);
+        touchedSessions.add(r.sessionId);
+      }
+    }
+    const t = Date.now();
+    for (const sid of touchedSessions) bumpSession.run(t, sid);
+  });
+  tx();
+  return { sessionsTouched: touchedSessions.size, nodesTouched: rows.length };
+}
+
+export async function trashAsset(rootDir, filename) {
+  const src = resolveInGenerated(rootDir, filename);
+  try {
+    await access(src);
+  } catch {
+    const err = new Error("Asset not found");
+    err.status = 404;
+    err.code = "ASSET_NOT_FOUND";
+    throw err;
+  }
+  const trashDir = resolve(rootDir, DIR, TRASH);
+  await mkdir(trashDir, { recursive: true });
+  // Flatten filename (subdir separators -> __) so trash is flat & easy to restore
+  const flat = filename.replace(/[\\/]+/g, "__");
+  const trashPath = join(trashDir, `${Date.now()}_${flat}`);
+  await rename(src, trashPath);
+  // Move sidecar too (best-effort)
+  await rename(src + ".json", trashPath + ".json").catch(() => {});
+
+  const summary = markNodesAssetMissing(filename);
+
+  // Schedule hard delete after TTL
+  const unlinkAt = Date.now() + TRASH_TTL_MS;
+  setTimeout(async () => {
+    await unlink(trashPath).catch(() => {});
+    await unlink(trashPath + ".json").catch(() => {});
+  }, TRASH_TTL_MS).unref?.();
+
+  return {
+    ok: true,
+    trashId: trashPath.slice(trashDir.length + 1),
+    filename,
+    unlinkAt,
+    sessionsTouched: summary.sessionsTouched,
+    nodesTouched: summary.nodesTouched,
+  };
+}
+
+export async function restoreAsset(rootDir, trashId, originalFilename) {
+  const trashDir = resolve(rootDir, DIR, TRASH);
+  const src = resolve(trashDir, trashId);
+  if (!src.startsWith(trashDir + sep) && src !== trashDir) {
+    const err = new Error("invalid trashId");
+    err.status = 400;
+    throw err;
+  }
+  const dst = resolveInGenerated(rootDir, originalFilename);
+  await rename(src, dst);
+  await rename(src + ".json", dst + ".json").catch(() => {});
+  return { ok: true };
+}

package/lib/codexDetect.js

@@ -0,0 +1,69 @@
+// Codex CLI / OAuth auth detection across platforms.
+// References:
+// - OpenAI Codex stores auth under CODEX_HOME (default ~/.codex/auth.json).
+// - Legacy chatgpt-local stores auth under ~/.chatgpt-local/auth.json.
+// - Auth may live in OS keyring instead of a file (file absence ≠ unauth).
+// - Windows has no documented native install path; WSL is the supported path.
+import { existsSync } from "node:fs";
+import { execFileSync } from "node:child_process";
+import { homedir } from "node:os";
+import { join } from "node:path";
+
+const HOME = homedir();
+
+export function codexAuthPaths() {
+  const codexHome = process.env.CODEX_HOME || join(HOME, ".codex");
+  return {
+    codex: join(codexHome, "auth.json"),
+    chatgpt: join(HOME, ".chatgpt-local", "auth.json"),
+    xdgCodex: join(HOME, ".config", "codex", "auth.json"),
+  };
+}
+
+export function hasAuthFile() {
+  const p = codexAuthPaths();
+  return existsSync(p.codex) || existsSync(p.chatgpt) || existsSync(p.xdgCodex);
+}
+
+// Non-invasive probe: `codex login status` returns 0 when authed (file OR keyring).
+// Returns: "authed" | "unauthed" | "missing" (codex binary not found)
+export function codexLoginStatus(timeoutMs = 2000) {
+  const candidates =
+    process.platform === "win32"
+      ? ["codex.cmd", "codex.exe", "codex"]
+      : ["codex"];
+  for (const bin of candidates) {
+    try {
+      execFileSync(bin, ["login", "status"], {
+        stdio: "ignore",
+        timeout: timeoutMs,
+        windowsHide: true,
+      });
+      return "authed";
+    } catch (err) {
+      if (err && err.code === "ENOENT") continue;
+      // non-zero exit = binary exists but not authed
+      if (err && typeof err.status === "number") return "unauthed";
+    }
+  }
+  return "missing";
+}
+
+export function detectCodexAuth() {
+  const files = codexAuthPaths();
+  const fileHits = {
+    codex: existsSync(files.codex),
+    chatgpt: existsSync(files.chatgpt),
+    xdgCodex: existsSync(files.xdgCodex),
+  };
+  const probe = codexLoginStatus();
+  const authed = probe === "authed" || fileHits.codex || fileHits.chatgpt || fileHits.xdgCodex;
+  return {
+    authed,
+    probe,
+    files,
+    fileHits,
+    platform: process.platform,
+    wslHint: process.platform === "win32",
+  };
+}

package/lib/db.js

@@ -0,0 +1,92 @@
+import Database from "better-sqlite3";
+import { mkdirSync, existsSync } from "fs";
+import { dirname, join } from "path";
+import { homedir } from "os";
+
+const DEFAULT_DB_DIR = join(homedir(), ".ima2");
+const DEFAULT_DB_PATH = join(DEFAULT_DB_DIR, "sessions.db");
+
+let db = null;
+
+export function getDbPath() {
+  return process.env.IMA2_DB_PATH || DEFAULT_DB_PATH;
+}
+
+export function getDb() {
+  if (db) return db;
+  const dbPath = getDbPath();
+  const dir = dirname(dbPath);
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+
+  db = new Database(dbPath);
+  db.pragma("journal_mode = WAL");
+  db.pragma("foreign_keys = ON");
+  migrate(db);
+  return db;
+}
+
+function migrate(database) {
+  database.exec(`
+    CREATE TABLE IF NOT EXISTS _meta (
+      key   TEXT PRIMARY KEY,
+      value TEXT NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS sessions (
+      id          TEXT PRIMARY KEY,
+      title       TEXT NOT NULL DEFAULT 'Untitled',
+      created_at  INTEGER NOT NULL,
+      updated_at  INTEGER NOT NULL,
+      graph_version INTEGER NOT NULL DEFAULT 0
+    );
+
+    CREATE TABLE IF NOT EXISTS nodes (
+      session_id  TEXT NOT NULL,
+      id          TEXT NOT NULL,
+      x           REAL NOT NULL DEFAULT 0,
+      y           REAL NOT NULL DEFAULT 0,
+      data        TEXT NOT NULL DEFAULT '{}',
+      PRIMARY KEY (session_id, id),
+      FOREIGN KEY (session_id) REFERENCES sessions(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE IF NOT EXISTS edges (
+      session_id  TEXT NOT NULL,
+      id          TEXT NOT NULL,
+      source      TEXT NOT NULL,
+      target      TEXT NOT NULL,
+      data        TEXT NOT NULL DEFAULT '{}',
+      PRIMARY KEY (session_id, id),
+      FOREIGN KEY (session_id) REFERENCES sessions(id) ON DELETE CASCADE
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_nodes_session ON nodes(session_id);
+    CREATE INDEX IF NOT EXISTS idx_edges_session ON edges(session_id);
+  `);
+
+  const sessionColumns = database
+    .prepare("PRAGMA table_info(sessions)")
+    .all()
+    .map((row) => row.name);
+  if (!sessionColumns.includes("graph_version")) {
+    database.exec(
+      "ALTER TABLE sessions ADD COLUMN graph_version INTEGER NOT NULL DEFAULT 0",
+    );
+  }
+
+  const row = database.prepare("SELECT value FROM _meta WHERE key = 'schema_version'").get();
+  if (!row) {
+    database.prepare("INSERT INTO _meta (key, value) VALUES ('schema_version', '2')").run();
+  } else if (row.value !== "2") {
+    database
+      .prepare("UPDATE _meta SET value = '2' WHERE key = 'schema_version'")
+      .run();
+  }
+}
+
+export function closeDb() {
+  if (db) {
+    db.close();
+    db = null;
+  }
+}

package/lib/inflight.js

@@ -0,0 +1,57 @@
+// In-memory inflight job registry.
+// Tracks generation requests that are currently running on the server so clients
+// can reconcile optimistic UI state after a reload or across tabs.
+//
+// This is intentionally process-local: if the server restarts, inflight jobs
+// are lost (which is correct — the fetch they came from is already gone).
+
+const jobs = new Map(); // requestId -> { requestId, kind, prompt, meta, startedAt, phase, phaseAt }
+
+// Phases: "queued" → "streaming" (upstream connection open, waiting for image)
+//                 → "decoding" (b64 received, writing to disk)
+// finishJob removes the entry entirely.
+export function startJob({ requestId, kind, prompt, meta = {} }) {
+  if (!requestId) return;
+  jobs.set(requestId, {
+    requestId,
+    kind,
+    prompt: typeof prompt === "string" ? prompt.slice(0, 500) : "",
+    meta,
+    startedAt: Date.now(),
+    phase: "queued",
+    phaseAt: Date.now(),
+  });
+}
+
+export function setJobPhase(requestId, phase) {
+  if (!requestId) return;
+  const j = jobs.get(requestId);
+  if (!j) return;
+  j.phase = phase;
+  j.phaseAt = Date.now();
+}
+
+export function finishJob(requestId, _options = {}) {
+  if (!requestId) return;
+  jobs.delete(requestId);
+}
+
+export function listJobs(filters = {}) {
+  // Stale reaping: > 10 min is almost certainly a crashed fetch.
+  const now = Date.now();
+  for (const [id, j] of jobs) {
+    if (now - j.startedAt > 10 * 60 * 1000) jobs.delete(id);
+  }
+  const { kind, sessionId } = filters;
+  return Array.from(jobs.values())
+    .filter((j) => {
+      if (kind && j.kind !== kind) return false;
+      if (sessionId && j.meta?.sessionId !== sessionId) return false;
+      return true;
+    })
+    .sort((a, b) => a.startedAt - b.startedAt);
+}
+
+export function _resetForTests() {
+  jobs.clear();
+}

package/lib/nodeStore.js

@@ -0,0 +1,66 @@
+import { writeFile, readFile, access } from "fs/promises";
+import { join, resolve, sep } from "path";
+import { randomBytes } from "crypto";
+
+const DIR = "generated";
+
+export function newNodeId() {
+  return "n_" + randomBytes(5).toString("hex");
+}
+
+export async function saveNode(rootDir, { nodeId, b64, meta, ext = "png" }) {
+  const filename = `${nodeId}.${ext}`;
+  await writeFile(join(rootDir, DIR, filename), Buffer.from(b64, "base64"));
+  await writeFile(join(rootDir, DIR, filename + ".json"), JSON.stringify(meta, null, 2));
+  return { filename };
+}
+
+export async function loadNodeB64(rootDir, filename) {
+  const p = resolveGeneratedPath(rootDir, filename);
+  try { await access(p); } catch {
+    const err = new Error(`Node file not found: ${filename}`);
+    err.code = "NODE_NOT_FOUND";
+    err.status = 404;
+    throw err;
+  }
+  const buf = await readFile(p);
+  return buf.toString("base64");
+}
+
+export async function loadNodeMeta(rootDir, nodeId, ext = "png") {
+  try {
+    return JSON.parse(await readFile(join(rootDir, DIR, `${nodeId}.${ext}.json`), "utf-8"));
+  } catch {
+    return null;
+  }
+}
+
+export async function loadAssetB64(rootDir, externalSrc) {
+  const p = resolveGeneratedPath(rootDir, externalSrc);
+  try { await access(p); } catch {
+    const err = new Error(`Asset file not found: ${externalSrc}`);
+    err.code = "NODE_NOT_FOUND";
+    err.status = 404;
+    throw err;
+  }
+  const buf = await readFile(p);
+  return buf.toString("base64");
+}
+
+function resolveGeneratedPath(rootDir, relPath) {
+  if (typeof relPath !== "string" || relPath.length === 0) {
+    const err = new Error("Asset path is required");
+    err.code = "NODE_SOURCE_INVALID";
+    err.status = 400;
+    throw err;
+  }
+  const baseDir = resolve(rootDir, DIR);
+  const target = resolve(baseDir, relPath);
+  if (target !== baseDir && !target.startsWith(baseDir + sep)) {
+    const err = new Error(`Asset path escapes generated/: ${relPath}`);
+    err.code = "NODE_SOURCE_INVALID";
+    err.status = 400;
+    throw err;
+  }
+  return target;
+}