ima2-gen 1.0.4 → 1.0.5

package/bin/ima2.js

@@ -6,6 +6,7 @@ import { fileURLToPath } from "url";
 import { spawn, execSync } from "child_process";
 import { networkInterfaces, homedir } from "os";
 import { openUrl, resolveBin } from "./lib/platform.js";
+import { detectCodexAuth } from "../lib/codexDetect.js";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const ROOT = join(__dirname, "..");
@@ -67,12 +68,16 @@ async function setup() {
     saveConfig(config);
     console.log("\n  Starting OAuth login...\n");
 
-    // Check if codex auth exists
-    const hasAuth =
-      existsSync(join(HOME, ".codex", "auth.json")) ||
-      existsSync(join(HOME, ".chatgpt-local", "auth.json"));
+    // Check if codex auth exists (file OR keyring via `codex login status`)
+    const auth = detectCodexAuth();
+    const hasAuth = auth.authed;
 
     if (!hasAuth) {
+      if (auth.platform === "win32") {
+        console.log(
+          "  Windows note: OpenAI Codex has no documented native installer. Use WSL2 for best results.\n",
+        );
+      }
       console.log("  Running 'codex login' — follow the browser prompt.\n");
       try {
         execSync(`${resolveBin("npx")} @openai/codex login`, { stdio: "inherit" });
@@ -82,7 +87,8 @@ async function setup() {
         process.exit(1);
       }
     } else {
-      console.log("  Existing OAuth session found.\n");
+      const how = auth.probe === "authed" ? "codex CLI" : "auth file";
+      console.log(`  Existing OAuth session found (${how}).\n`);
     }
 
     saveConfig(config);
@@ -156,12 +162,22 @@ async function showStatus() {
     console.log("  Run 'ima2 setup' to configure.\n");
   }
 
-  // Check OAuth auth files
-  const hasCodexAuth = existsSync(join(HOME, ".codex", "auth.json"));
-  const hasChatgptAuth = existsSync(join(HOME, ".chatgpt-local", "auth.json"));
+  // Check OAuth auth files + codex CLI probe
+  const auth = detectCodexAuth();
   console.log(`  OAuth sessions:`);
-  console.log(`    ~/.codex/auth.json          ${hasCodexAuth ? "✓" : "✗"}`);
-  console.log(`    ~/.chatgpt-local/auth.json  ${hasChatgptAuth ? "✓" : "✗"}`);
+  console.log(`    ${auth.files.codex}          ${auth.fileHits.codex ? "✓" : "✗"}`);
+  console.log(`    ${auth.files.chatgpt}  ${auth.fileHits.chatgpt ? "✓" : "✗"}`);
+  if (auth.fileHits.xdgCodex) {
+    console.log(`    ${auth.files.xdgCodex}  ✓`);
+  }
+  const probeLabel =
+    auth.probe === "authed" ? "✓ authed"
+    : auth.probe === "unauthed" ? "✗ not logged in"
+    : "– codex CLI not found";
+  console.log(`    codex login status           ${probeLabel}`);
+  if (auth.platform === "win32") {
+    console.log("    (Windows: no native codex installer — use WSL2)");
+  }
   console.log("");
 }
 

package/bin/lib/platform.js

@@ -37,6 +37,14 @@ export function resolveBin(name) {
  * spawn() wrapper that works for npm/npx/any PATH-resolved exe on Windows.
  */
 export function spawnBin(name, args, opts = {}) {
+  if (isWin) {
+    // Node 24 on Windows can throw EINVAL when spawning PATH-resolved .cmd
+    // shims directly with piped stdio. Routing through cmd.exe avoids that.
+    return spawn("cmd.exe", ["/d", "/s", "/c", `${name} ${args.join(" ")}`], {
+      windowsHide: true,
+      ...opts,
+    });
+  }
   return spawn(resolveBin(name), args, { windowsHide: true, ...opts });
 }
 

package/lib/assetLifecycle.js

@@ -0,0 +1,120 @@
+import { getDb } from "./db.js";
+import { rename, unlink, mkdir, access } from "fs/promises";
+import { join, resolve, sep } from "path";
+
+const DIR = "generated";
+const TRASH = ".trash";
+const TRASH_TTL_MS = 10_000;
+
+function resolveInGenerated(rootDir, relPath) {
+  if (typeof relPath !== "string" || relPath.length === 0) {
+    const err = new Error("filename required");
+    err.status = 400;
+    err.code = "INVALID_FILENAME";
+    throw err;
+  }
+  if (relPath.includes("\0")) {
+    const err = new Error("invalid filename");
+    err.status = 400;
+    err.code = "INVALID_FILENAME";
+    throw err;
+  }
+  const baseDir = resolve(rootDir, DIR);
+  const target = resolve(baseDir, relPath);
+  if (target !== baseDir && !target.startsWith(baseDir + sep)) {
+    const err = new Error("filename escapes generated/");
+    err.status = 400;
+    err.code = "INVALID_FILENAME";
+    throw err;
+  }
+  return target;
+}
+
+function nodesReferencingFilename(filename) {
+  // The client stores imageUrl as `/generated/<encoded filename>` in node data JSON.
+  // We scan all sessions' nodes for substring match on the decoded and encoded forms.
+  const db = getDb();
+  const encoded = encodeURIComponent(filename);
+  const rows = db
+    .prepare("SELECT session_id AS sessionId, id, data FROM nodes WHERE data LIKE ? OR data LIKE ?")
+    .all(`%${filename}%`, `%${encoded}%`);
+  return rows;
+}
+
+function markNodesAssetMissing(filename) {
+  const db = getDb();
+  const rows = nodesReferencingFilename(filename);
+  if (rows.length === 0) return { sessionsTouched: 0, nodesTouched: 0 };
+  const touchedSessions = new Set();
+  const update = db.prepare("UPDATE nodes SET data = ? WHERE session_id = ? AND id = ?");
+  const bumpSession = db.prepare("UPDATE sessions SET graph_version = graph_version + 1, updated_at = ? WHERE id = ?");
+  const tx = db.transaction(() => {
+    for (const r of rows) {
+      let data;
+      try { data = JSON.parse(r.data); } catch { data = {}; }
+      const imgRef = data?.imageUrl || "";
+      if (imgRef.includes(filename) || imgRef.includes(encodeURIComponent(filename))) {
+        data.imageUrl = null;
+        data.status = "asset-missing";
+        update.run(JSON.stringify(data), r.sessionId, r.id);
+        touchedSessions.add(r.sessionId);
+      }
+    }
+    const t = Date.now();
+    for (const sid of touchedSessions) bumpSession.run(t, sid);
+  });
+  tx();
+  return { sessionsTouched: touchedSessions.size, nodesTouched: rows.length };
+}
+
+export async function trashAsset(rootDir, filename) {
+  const src = resolveInGenerated(rootDir, filename);
+  try {
+    await access(src);
+  } catch {
+    const err = new Error("Asset not found");
+    err.status = 404;
+    err.code = "ASSET_NOT_FOUND";
+    throw err;
+  }
+  const trashDir = resolve(rootDir, DIR, TRASH);
+  await mkdir(trashDir, { recursive: true });
+  // Flatten filename (subdir separators -> __) so trash is flat & easy to restore
+  const flat = filename.replace(/[\\/]+/g, "__");
+  const trashPath = join(trashDir, `${Date.now()}_${flat}`);
+  await rename(src, trashPath);
+  // Move sidecar too (best-effort)
+  await rename(src + ".json", trashPath + ".json").catch(() => {});
+
+  const summary = markNodesAssetMissing(filename);
+
+  // Schedule hard delete after TTL
+  const unlinkAt = Date.now() + TRASH_TTL_MS;
+  setTimeout(async () => {
+    await unlink(trashPath).catch(() => {});
+    await unlink(trashPath + ".json").catch(() => {});
+  }, TRASH_TTL_MS).unref?.();
+
+  return {
+    ok: true,
+    trashId: trashPath.slice(trashDir.length + 1),
+    filename,
+    unlinkAt,
+    sessionsTouched: summary.sessionsTouched,
+    nodesTouched: summary.nodesTouched,
+  };
+}
+
+export async function restoreAsset(rootDir, trashId, originalFilename) {
+  const trashDir = resolve(rootDir, DIR, TRASH);
+  const src = resolve(trashDir, trashId);
+  if (!src.startsWith(trashDir + sep) && src !== trashDir) {
+    const err = new Error("invalid trashId");
+    err.status = 400;
+    throw err;
+  }
+  const dst = resolveInGenerated(rootDir, originalFilename);
+  await rename(src, dst);
+  await rename(src + ".json", dst + ".json").catch(() => {});
+  return { ok: true };
+}

package/lib/codexDetect.js

@@ -0,0 +1,69 @@
+// Codex CLI / OAuth auth detection across platforms.
+// References:
+// - OpenAI Codex stores auth under CODEX_HOME (default ~/.codex/auth.json).
+// - Legacy chatgpt-local stores auth under ~/.chatgpt-local/auth.json.
+// - Auth may live in OS keyring instead of a file (file absence ≠ unauth).
+// - Windows has no documented native install path; WSL is the supported path.
+import { existsSync } from "node:fs";
+import { execFileSync } from "node:child_process";
+import { homedir } from "node:os";
+import { join } from "node:path";
+
+const HOME = homedir();
+
+export function codexAuthPaths() {
+  const codexHome = process.env.CODEX_HOME || join(HOME, ".codex");
+  return {
+    codex: join(codexHome, "auth.json"),
+    chatgpt: join(HOME, ".chatgpt-local", "auth.json"),
+    xdgCodex: join(HOME, ".config", "codex", "auth.json"),
+  };
+}
+
+export function hasAuthFile() {
+  const p = codexAuthPaths();
+  return existsSync(p.codex) || existsSync(p.chatgpt) || existsSync(p.xdgCodex);
+}
+
+// Non-invasive probe: `codex login status` returns 0 when authed (file OR keyring).
+// Returns: "authed" | "unauthed" | "missing" (codex binary not found)
+export function codexLoginStatus(timeoutMs = 2000) {
+  const candidates =
+    process.platform === "win32"
+      ? ["codex.cmd", "codex.exe", "codex"]
+      : ["codex"];
+  for (const bin of candidates) {
+    try {
+      execFileSync(bin, ["login", "status"], {
+        stdio: "ignore",
+        timeout: timeoutMs,
+        windowsHide: true,
+      });
+      return "authed";
+    } catch (err) {
+      if (err && err.code === "ENOENT") continue;
+      // non-zero exit = binary exists but not authed
+      if (err && typeof err.status === "number") return "unauthed";
+    }
+  }
+  return "missing";
+}
+
+export function detectCodexAuth() {
+  const files = codexAuthPaths();
+  const fileHits = {
+    codex: existsSync(files.codex),
+    chatgpt: existsSync(files.chatgpt),
+    xdgCodex: existsSync(files.xdgCodex),
+  };
+  const probe = codexLoginStatus();
+  const authed = probe === "authed" || fileHits.codex || fileHits.chatgpt || fileHits.xdgCodex;
+  return {
+    authed,
+    probe,
+    files,
+    fileHits,
+    platform: process.platform,
+    wslHint: process.platform === "win32",
+  };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ima2-gen",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "GPT Image 2 generator with OAuth & API key support",
   "type": "module",
   "bin": {
@@ -8,7 +8,8 @@
   },
   "scripts": {
     "start": "node bin/ima2.js serve",
-    "dev": "node --watch server.js",
+    "dev": "node scripts/dev.mjs",
+    "dev:server": "node --watch server.js",
     "ui:install": "cd ui && npm install",
     "ui:dev": "cd ui && npm run dev",
     "ui:build": "cd ui && npm run build",

package/server.js

@@ -7,6 +7,7 @@ import { spawn } from "child_process";
 import { spawnBin, onShutdown } from "./bin/lib/platform.js";
 import { existsSync, writeFileSync, unlinkSync, mkdirSync, readFileSync as fsReadFileSync } from "fs";
 import { homedir } from "os";
+import { randomBytes } from "crypto";
 import { newNodeId, saveNode, loadNodeB64, loadNodeMeta, loadAssetB64 } from "./lib/nodeStore.js";
 import { startJob, finishJob, listJobs, setJobPhase } from "./lib/inflight.js";
 import {
@@ -18,6 +19,7 @@ import {
   saveGraph,
   ensureDefaultSession,
 } from "./lib/sessionStore.js";
+import { trashAsset, restoreAsset } from "./lib/assetLifecycle.js";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const app = express();
@@ -278,6 +280,7 @@ async function listImages(baseDir) {
   async function walk(dir, depth) {
     const entries = await readdir(dir, { withFileTypes: true }).catch(() => []);
     for (const e of entries) {
+      if (e.name === ".trash") continue;
       const full = join(dir, e.name);
       if (e.isDirectory() && depth > 0) {
         await walk(full, depth - 1);
@@ -294,7 +297,14 @@ app.get("/api/history", async (req, res) => {
   try {
     const dir = join(__dirname, "generated");
     await mkdir(dir, { recursive: true });
-    const limit = Math.min(parseInt(req.query.limit) || 50, 200);
+    const limitRaw = parseInt(req.query.limit);
+    const limit = Math.min(Number.isFinite(limitRaw) && limitRaw > 0 ? limitRaw : 50, 500);
+    const beforeTs = parseInt(req.query.before);
+    const beforeFn = typeof req.query.beforeFilename === "string" ? req.query.beforeFilename : null;
+    const sinceTs = parseInt(req.query.since);
+    const sessionId = typeof req.query.sessionId === "string" ? req.query.sessionId : null;
+    const groupBy = req.query.groupBy === "session" ? "session" : null;
+
     const imgs = await listImages(dir);
     const rows = await Promise.all(imgs.map(async ({ full, rel, name }) => {
       const st = await stat(full).catch(() => null);
@@ -316,16 +326,91 @@ app.get("/api/history", async (req, res) => {
         provider: meta?.provider || "oauth",
         usage: meta?.usage || null,
         webSearchCalls: meta?.webSearchCalls || 0,
+        sessionId: meta?.sessionId || null,
+        nodeId: meta?.nodeId || null,
+        parentNodeId: meta?.parentNodeId || null,
+        clientNodeId: meta?.clientNodeId || null,
+        kind: meta?.kind || null,
       };
     }));
-    rows.sort((a, b) => b.createdAt - a.createdAt);
-    res.json({ items: rows.slice(0, limit), total: rows.length });
+
+    // composite sort: createdAt DESC, filename DESC (stable tiebreaker)
+    rows.sort((a, b) => {
+      if (b.createdAt !== a.createdAt) return b.createdAt - a.createdAt;
+      return b.filename < a.filename ? -1 : b.filename > a.filename ? 1 : 0;
+    });
+
+    let filtered = rows;
+    if (Number.isFinite(sinceTs)) {
+      filtered = filtered.filter((r) => r.createdAt > sinceTs);
+    }
+    if (Number.isFinite(beforeTs)) {
+      filtered = filtered.filter((r) => {
+        if (r.createdAt < beforeTs) return true;
+        if (r.createdAt === beforeTs && beforeFn) return r.filename < beforeFn;
+        return false;
+      });
+    }
+    if (sessionId) {
+      filtered = filtered.filter((r) => r.sessionId === sessionId);
+    }
+
+    const page = filtered.slice(0, limit);
+    const nextCursor = page.length === limit && filtered.length > limit
+      ? { before: page[page.length - 1].createdAt, beforeFilename: page[page.length - 1].filename }
+      : null;
+
+    if (groupBy === "session") {
+      // Group by sessionId while preserving createdAt DESC order overall.
+      const groups = new Map(); // sessionId|null -> { sessionId, items, lastUsedAt }
+      const loose = [];
+      for (const r of page) {
+        if (r.sessionId) {
+          let g = groups.get(r.sessionId);
+          if (!g) {
+            g = { sessionId: r.sessionId, items: [], lastUsedAt: r.createdAt };
+            groups.set(r.sessionId, g);
+          }
+          g.items.push(r);
+          if (r.createdAt > g.lastUsedAt) g.lastUsedAt = r.createdAt;
+        } else {
+          loose.push(r);
+        }
+      }
+      const sessions = Array.from(groups.values()).sort((a, b) => b.lastUsedAt - a.lastUsedAt);
+      return res.json({ sessions, loose, total: rows.length, nextCursor });
+    }
+
+    res.json({ items: page, total: rows.length, nextCursor });
   } catch (err) {
     console.error("[history] error:", err.message);
     res.status(500).json({ error: err.message });
   }
 });
 
+// ── Asset lifecycle: soft-delete to .trash/, auto-purge after TTL ──
+app.delete("/api/history/:filename", async (req, res) => {
+  try {
+    const filename = decodeURIComponent(req.params.filename);
+    const result = await trashAsset(__dirname, filename);
+    res.json(result);
+  } catch (err) {
+    res.status(err.status || 500).json({ error: err.message, code: err.code });
+  }
+});
+
+app.post("/api/history/:filename/restore", async (req, res) => {
+  try {
+    const filename = decodeURIComponent(req.params.filename);
+    const trashId = typeof req.body?.trashId === "string" ? req.body.trashId : null;
+    if (!trashId) return res.status(400).json({ error: "trashId required" });
+    const result = await restoreAsset(__dirname, trashId, filename);
+    res.json(result);
+  } catch (err) {
+    res.status(err.status || 500).json({ error: err.message });
+  }
+});
+
 // ── OAuth status ──
 app.get("/api/oauth/status", async (_req, res) => {
   try {
@@ -433,7 +518,8 @@ app.post("/api/generate", async (req, res) => {
     let totalWebSearchCalls = 0;
     for (const r of results) {
       if (r.status === "fulfilled" && r.value.b64) {
-        const filename = `${Date.now()}_${images.length}.${format}`;
+        const rand = randomBytes(4).toString("hex");
+        const filename = `${Date.now()}_${rand}_${images.length}.${format}`;
         await writeFile(join(__dirname, "generated", filename), Buffer.from(r.value.b64, "base64"));
         // Sidecar metadata for /api/history reconstruction
         const meta = {
@@ -581,7 +667,7 @@ app.post("/api/edit", async (req, res) => {
     const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
 
     await mkdir(join(__dirname, "generated"), { recursive: true });
-    const filename = `${Date.now()}.png`;
+    const filename = `${Date.now()}_${randomBytes(4).toString("hex")}.png`;
     await writeFile(join(__dirname, "generated", filename), Buffer.from(resultB64, "base64"));
     const meta = {
       prompt,
@@ -712,6 +798,8 @@ app.post("/api/node/generate", async (req, res) => {
     const meta = {
       nodeId,
       parentNodeId,
+      sessionId,
+      clientNodeId,
       prompt,
       options: { quality, size, format },
       createdAt: Date.now(),