ima2-gen 1.1.6 → 1.1.8

package/lib/promptImport/promptIndex.js

@@ -0,0 +1,248 @@
+import { createHash } from "node:crypto";
+import { mkdir, readFile, rename, writeFile } from "node:fs/promises";
+import { dirname } from "node:path";
+import { getCuratedSource, getDefaultSearchSources, listCuratedSources } from "./curatedSources.js";
+import { buildGitHubRawFileSource, fetchGitHubSource } from "./githubSource.js";
+import { parsePromptCandidates } from "./parsePromptCandidates.js";
+import { extractGptImageHints } from "./gptImageHints.js";
+import { rankPromptCandidates } from "./rankPromptCandidates.js";
+import {
+  getDefaultReviewedDiscoverySources,
+  getReviewedDiscoverySource,
+  listReviewedDiscoverySources,
+} from "./discoveryRegistry.js";
+
+const INDEX_VERSION = 1;
+const EXTRACTOR_VERSION = 2;
+
+function limitsFromCtx(ctx) {
+  return {
+    maxFileBytesForPreview: ctx.config.limits.promptImportMaxFileBytes,
+    maxPromptCandidatesPerFile: ctx.config.limits.promptImportMaxCandidatesPerFile,
+    maxPromptCandidatesPerImport: ctx.config.limits.promptImportMaxCandidatesPerImport,
+    fetchTimeoutMs: ctx.config.limits.promptImportFetchTimeoutMs,
+    maxCandidateChars: ctx.config.limits.promptImportMaxCandidateChars,
+    minCandidateChars: ctx.config.limits.promptImportMinCandidateChars,
+    maxSourceCharsScanned: ctx.config.limits.promptImportMaxSourceCharsScanned,
+    maxRepoIndexFiles: ctx.config.limits.promptImportMaxRepoIndexFiles,
+    searchLimit: ctx.config.limits.promptImportCuratedSearchLimit,
+    ttlMs: ctx.config.limits.promptImportIndexCacheTtlMs,
+  };
+}
+
+function cacheFile(ctx) {
+  return ctx.config.storage.promptImportIndexCacheFile;
+}
+
+function sourceFileId(source, path) {
+  return `github:${source.repo}@${source.defaultRef}:${path}`;
+}
+
+function hashId(...parts) {
+  return createHash("sha256").update(parts.join("\0")).digest("hex");
+}
+
+async function readCache(ctx) {
+  try {
+    const parsed = JSON.parse(await readFile(cacheFile(ctx), "utf8"));
+    if (parsed.version !== INDEX_VERSION) return { version: INDEX_VERSION, sources: {} };
+    return { version: INDEX_VERSION, sources: parsed.sources || {} };
+  } catch {
+    return { version: INDEX_VERSION, sources: {} };
+  }
+}
+
+async function writeCache(ctx, cache) {
+  const file = cacheFile(ctx);
+  await mkdir(dirname(file), { recursive: true });
+  const tmp = `${file}.${process.pid}.${Date.now()}.tmp`;
+  await writeFile(tmp, JSON.stringify(cache, null, 2));
+  await rename(tmp, file);
+}
+
+function sourceTags(source, fileSource) {
+  return [
+    ...fileSource.tags,
+    `source:${source.id}`,
+    `license:${source.licenseSpdx}`,
+    `trust:${source.trustTier}`,
+    source.requiresAttribution ? "attribution-required" : null,
+  ].filter(Boolean);
+}
+
+function indexedCandidate({ candidate, source, fileSource, fileIndex, index }) {
+  const scoreHints = extractGptImageHints(candidate.text);
+  const headingPath = candidate.headingPath || candidate.name || "";
+  const candidateId = hashId(fileIndex.sourceFileId, fileIndex.contentHash, headingPath, String(candidate.ordinal || index + 1));
+  const tags = [...new Set([...(candidate.tags || []), ...sourceTags(source, fileSource)])];
+  return {
+    ...candidate,
+    id: candidateId,
+    candidateId,
+    name: candidate.name,
+    text: candidate.text,
+    textPreview: candidate.textPreview || candidate.text.slice(0, 220),
+    tags,
+    warnings: [...new Set([...(candidate.warnings || []), ...scoreHints.warnings])],
+    source: {
+      kind: "github",
+      owner: source.owner,
+      repo: source.name,
+      ref: source.defaultRef,
+      path: fileSource.path,
+      htmlUrl: fileSource.htmlUrl,
+      sourceId: source.id,
+    },
+    sourceFileId: fileIndex.sourceFileId,
+    headingPath,
+    ordinal: candidate.ordinal || index + 1,
+    promptHash: candidate.promptHash || hashId(candidate.text.trim().toLowerCase()),
+    scoreHints,
+  };
+}
+
+async function indexSource(ctx, sourceId) {
+  const source = getCuratedSource(sourceId) || await getReviewedDiscoverySource(ctx, sourceId);
+  if (!source || source.trustTier === "manual-review") {
+    return { source, indexedFiles: 0, candidateCount: 0, warnings: ["curated-source-unavailable"] };
+  }
+  if (String(source.defaultRef || "").includes("/")) {
+    return { source, indexedFiles: 0, candidateCount: 0, warnings: ["discovery-default-branch-unsupported"] };
+  }
+  if (!Array.isArray(source.allowedPaths) || source.allowedPaths.length === 0) {
+    return { source, indexedFiles: 0, candidateCount: 0, warnings: ["discovery-requires-paths"] };
+  }
+
+  const limits = limitsFromCtx(ctx);
+  const warnings = [];
+  const files = [];
+  const candidates = [];
+  const allowedPaths = source.allowedPaths.slice(0, limits.maxRepoIndexFiles);
+
+  for (const path of allowedPaths) {
+    try {
+      const fileSource = buildGitHubRawFileSource({
+        owner: source.owner,
+        repo: source.name,
+        ref: source.defaultRef,
+        path,
+      });
+      const fetched = await fetchGitHubSource(fileSource, limits);
+      const fileIndex = {
+        sourceFileId: sourceFileId(source, path),
+        owner: source.owner,
+        repo: source.name,
+        ref: source.defaultRef,
+        path,
+        extension: fileSource.extension,
+        contentHash: fetched.contentHash,
+        etag: fetched.etag,
+        sizeBytes: fetched.sizeBytes,
+        licenseSpdx: source.licenseSpdx,
+        htmlUrl: fileSource.htmlUrl,
+        indexedAt: new Date().toISOString(),
+        lastFetchStatus: "ok",
+        promptCandidateCount: 0,
+        extractorVersion: EXTRACTOR_VERSION,
+      };
+      const parsed = parsePromptCandidates({
+        text: fetched.text,
+        filename: path,
+        source: { kind: "github", owner: source.owner, repo: source.name, ref: source.defaultRef, path, htmlUrl: fileSource.htmlUrl },
+        tags: sourceTags(source, fileSource),
+        limits,
+      });
+      const indexed = parsed.map((candidate, index) => indexedCandidate({ candidate, source, fileSource, fileIndex, index }));
+      fileIndex.promptCandidateCount = indexed.length;
+      files.push(fileIndex);
+      candidates.push(...indexed);
+    } catch (error) {
+      warnings.push(`${path}: ${error?.message || "index failed"}`);
+    }
+  }
+
+  return {
+    source,
+    indexedFiles: files.length,
+    candidateCount: candidates.length,
+    warnings,
+    entry: {
+      source,
+      files,
+      candidates,
+      refreshedAt: Date.now(),
+    },
+  };
+}
+
+function isFresh(entry, ttlMs) {
+  return entry?.refreshedAt && Date.now() - entry.refreshedAt < ttlMs;
+}
+
+async function ensureSearchCache(ctx) {
+  const cache = await readCache(ctx);
+  const limits = limitsFromCtx(ctx);
+  const sources = [
+    ...getDefaultSearchSources(),
+    ...await getDefaultReviewedDiscoverySources(ctx),
+  ];
+  let changed = false;
+  const warnings = [];
+
+  for (const source of sources) {
+    if (isFresh(cache.sources[source.id], limits.ttlMs)) continue;
+    const result = await indexSource(ctx, source.id);
+    if (result.entry) {
+      cache.sources[source.id] = result.entry;
+      changed = true;
+    }
+    warnings.push(...result.warnings);
+  }
+  if (changed) await writeCache(ctx, cache);
+  return { cache, warnings };
+}
+
+export async function refreshCuratedSource(ctx, sourceId) {
+  const cache = await readCache(ctx);
+  const result = await indexSource(ctx, sourceId);
+  if (result.entry) {
+    cache.sources[sourceId] = result.entry;
+    await writeCache(ctx, cache);
+  }
+  return {
+    source: result.source,
+    indexedFiles: result.indexedFiles,
+    candidateCount: result.candidateCount,
+    warnings: result.warnings,
+  };
+}
+
+export async function searchCuratedPrompts(ctx, { q = "", sourceIds, limit } = {}) {
+  const { cache, warnings } = await ensureSearchCache(ctx);
+  const limits = limitsFromCtx(ctx);
+  const defaultSources = [
+    ...getDefaultSearchSources(),
+    ...await getDefaultReviewedDiscoverySources(ctx),
+  ];
+  const allowedIds = Array.isArray(sourceIds) && sourceIds.length
+    ? new Set(sourceIds)
+    : new Set(defaultSources.map((source) => source.id));
+  const candidates = Object.values(cache.sources)
+    .filter((entry) => allowedIds.has(entry.source.id))
+    .flatMap((entry) => entry.candidates || []);
+  const results = rankPromptCandidates({
+    candidates,
+    query: q,
+    limit: Math.min(Number(limit) || limits.searchLimit, limits.searchLimit),
+  });
+  const sources = [
+    ...listCuratedSources(),
+    ...await listReviewedDiscoverySources(ctx),
+  ];
+  return { results, sources, warnings };
+}
+
+export async function getPromptImportSources(ctx) {
+  const reviewed = ctx ? await listReviewedDiscoverySources(ctx) : [];
+  return { sources: [...listCuratedSources(), ...reviewed] };
+}

package/lib/promptImport/rankPromptCandidates.js

@@ -0,0 +1,49 @@
+function tokenize(value) {
+  return String(value || "")
+    .toLowerCase()
+    .split(/[^a-z0-9가-힣-]+/i)
+    .map((token) => token.trim())
+    .filter(Boolean);
+}
+
+function includesAny(values, terms) {
+  const haystack = values.map((value) => String(value || "").toLowerCase());
+  return terms.some((term) => haystack.some((value) => value.includes(term)));
+}
+
+export function rankPromptCandidates({ candidates, query, limit }) {
+  const terms = tokenize(query);
+  const boundedLimit = Math.max(1, Math.min(Number(limit) || 50, 100));
+  const ranked = candidates.map((candidate) => {
+    const text = String(candidate.text || "").toLowerCase();
+    const name = String(candidate.name || "").toLowerCase();
+    const tags = Array.isArray(candidate.tags) ? candidate.tags : [];
+    const hints = candidate.scoreHints || {};
+    const hintValues = [
+      ...(hints.modelHints || []),
+      ...(hints.generationSurfaceHints || []),
+      ...(hints.taskHints || []),
+      ...(hints.sizeHints || []),
+      ...(hints.qualityHints || []),
+    ];
+    let score = 0;
+
+    if (terms.length === 0) score += 1;
+    for (const term of terms) {
+      if (name.includes(term)) score += 18;
+      if (includesAny(tags, [term])) score += 12;
+      if (includesAny(hintValues, [term])) score += 14;
+      if (text.includes(term)) score += 5;
+      if (String(candidate.sourceFileId || "").toLowerCase().includes(term)) score += 4;
+    }
+    if (tags.some((tag) => tag === "trust:curated")) score += 5;
+    if (candidate.warnings?.length) score -= candidate.warnings.length * 3;
+
+    return { ...candidate, score };
+  });
+
+  return ranked
+    .filter((candidate) => terms.length === 0 || candidate.score > 0)
+    .sort((a, b) => b.score - a.score || String(a.name).localeCompare(String(b.name)))
+    .slice(0, boundedLimit);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ima2-gen",
-  "version": "1.1.6",
+  "version": "1.1.8",
   "description": "Local OAuth image generation studio with classic and node workflows",
   "type": "module",
   "bin": {
@@ -18,7 +18,7 @@
     "test:package-install": "node --test tests/package-install-smoke.mjs",
     "setup": "node bin/ima2.js setup",
     "prepublishOnly": "npm test && npm run build && npm run test:package-install && npm run lint:pkg",
-    "lint:pkg": "node -e \"const p=require('./package.json'); const req=['name','version','bin']; for(const k of req){if(!p[k])throw new Error('missing '+k)} const mustInclude=['bin/','lib/','routes/','server.js']; for(const f of mustInclude){if(!p.files.includes(f))throw new Error('files[] must include '+f)}\"",
+    "lint:pkg": "node -e \"const p=require('./package.json'); const req=['name','version','bin']; for(const k of req){if(!p[k])throw new Error('missing '+k)} const mustInclude=['bin/','lib/','routes/','integrations/','server.js']; for(const f of mustInclude){if(!p.files.includes(f))throw new Error('files[] must include '+f)}\"",
     "release:patch": "npm version patch && npm publish && git push origin main --tags",
     "release:minor": "npm version minor && npm publish && git push origin main --tags",
     "release:major": "npm version major && npm publish && git push origin main --tags"
@@ -39,6 +39,7 @@
     "bin/",
     "lib/",
     "routes/",
+    "integrations/",
     "ui/dist/",
     "docs/",
     "assets/",

package/routes/annotations.js

@@ -0,0 +1,95 @@
+import { getDb } from "../lib/db.js";
+
+const MAX_ANNOTATION_PAYLOAD_CHARS = 256 * 1024;
+
+function getBrowserId(req) {
+  const browserId = req.headers["x-ima2-browser-id"];
+  return typeof browserId === "string" && browserId.trim() ? browserId.trim() : null;
+}
+
+function isSafeFilename(filename) {
+  return (
+    typeof filename === "string" &&
+    filename.length > 0 &&
+    filename.length <= 240 &&
+    !filename.includes("..") &&
+    !filename.startsWith("/") &&
+    !filename.includes("\\")
+  );
+}
+
+function normalizePayload(value) {
+  const payload = value?.annotations ?? value;
+  if (!payload || typeof payload !== "object" || Array.isArray(payload)) {
+    return { error: "annotations payload is required" };
+  }
+  const paths = Array.isArray(payload.paths) ? payload.paths : [];
+  const boxes = Array.isArray(payload.boxes) ? payload.boxes : [];
+  const memos = Array.isArray(payload.memos) ? payload.memos : [];
+  const normalized = { paths, boxes, memos };
+  const text = JSON.stringify(normalized);
+  if (text.length > MAX_ANNOTATION_PAYLOAD_CHARS) {
+    return { error: "annotations payload is too large" };
+  }
+  return { payload: normalized, text };
+}
+
+export function registerAnnotationRoutes(app) {
+  app.get("/api/annotations/:filename", (req, res) => {
+    try {
+      const browserId = getBrowserId(req);
+      const filename = decodeURIComponent(req.params.filename);
+      if (!browserId) return res.status(400).json({ error: "X-Ima2-Browser-Id header is required" });
+      if (!isSafeFilename(filename)) return res.status(400).json({ error: "invalid filename" });
+
+      const row = getDb()
+        .prepare("SELECT payload FROM image_annotations WHERE browser_id = ? AND filename = ?")
+        .get(browserId, filename);
+      const annotations = row ? JSON.parse(row.payload) : null;
+      res.json({ annotations });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  app.put("/api/annotations/:filename", (req, res) => {
+    try {
+      const browserId = getBrowserId(req);
+      const filename = decodeURIComponent(req.params.filename);
+      if (!browserId) return res.status(400).json({ error: "X-Ima2-Browser-Id header is required" });
+      if (!isSafeFilename(filename)) return res.status(400).json({ error: "invalid filename" });
+
+      const normalized = normalizePayload(req.body);
+      if (normalized.error) return res.status(400).json({ error: normalized.error });
+
+      const id = `${browserId}:${filename}`;
+      getDb().prepare(`
+        INSERT INTO image_annotations (id, browser_id, filename, payload, schema_version, updated_at)
+        VALUES (?, ?, ?, ?, 1, unixepoch())
+        ON CONFLICT(browser_id, filename) DO UPDATE SET
+          payload = excluded.payload,
+          schema_version = excluded.schema_version,
+          updated_at = unixepoch()
+      `).run(id, browserId, filename, normalized.text);
+      res.json({ ok: true });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  app.delete("/api/annotations/:filename", (req, res) => {
+    try {
+      const browserId = getBrowserId(req);
+      const filename = decodeURIComponent(req.params.filename);
+      if (!browserId) return res.status(400).json({ error: "X-Ima2-Browser-Id header is required" });
+      if (!isSafeFilename(filename)) return res.status(400).json({ error: "invalid filename" });
+
+      getDb()
+        .prepare("DELETE FROM image_annotations WHERE browser_id = ? AND filename = ?")
+        .run(browserId, filename);
+      res.json({ ok: true });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+}

package/routes/canvasVersions.js

@@ -0,0 +1,64 @@
+import express from "express";
+import { createCanvasVersion, updateCanvasVersion } from "../lib/canvasVersionStore.js";
+
+function decodeHeader(value) {
+  if (typeof value !== "string" || !value) return null;
+  try {
+    return decodeURIComponent(value);
+  } catch {
+    return value;
+  }
+}
+
+function getRequestBuffer(req) {
+  return Buffer.isBuffer(req.body) ? req.body : Buffer.alloc(0);
+}
+
+function getPrompt(req) {
+  return decodeHeader(req.headers["x-ima2-canvas-prompt"]);
+}
+
+export function registerCanvasVersionRoutes(app, ctx) {
+  const rawPng = express.raw({ type: "image/png", limit: ctx.config.server.bodyLimit });
+
+  app.post("/api/canvas-versions", rawPng, async (req, res) => {
+    try {
+      const sourceFilename =
+        typeof req.query.sourceFilename === "string"
+          ? req.query.sourceFilename
+          : decodeHeader(req.headers["x-ima2-canvas-source-filename"]);
+      const item = await createCanvasVersion(ctx, {
+        sourceFilename,
+        prompt: getPrompt(req),
+        buffer: getRequestBuffer(req),
+      });
+      res.status(201).json({ item });
+    } catch (err) {
+      res.status(err.status || 500).json({
+        error: err.message,
+        code: err.code || "CANVAS_VERSION_SAVE_FAILED",
+      });
+    }
+  });
+
+  app.put("/api/canvas-versions/:filename", rawPng, async (req, res) => {
+    try {
+      const filename = decodeURIComponent(req.params.filename);
+      const sourceFilename =
+        typeof req.query.sourceFilename === "string"
+          ? req.query.sourceFilename
+          : decodeHeader(req.headers["x-ima2-canvas-source-filename"]);
+      const item = await updateCanvasVersion(ctx, filename, {
+        sourceFilename,
+        prompt: getPrompt(req),
+        buffer: getRequestBuffer(req),
+      });
+      res.json({ item });
+    } catch (err) {
+      res.status(err.status || 500).json({
+        error: err.message,
+        code: err.code || "CANVAS_VERSION_SAVE_FAILED",
+      });
+    }
+  });
+}

package/routes/comfy.js

@@ -0,0 +1,39 @@
+import { exportImageToComfy, isComfyBridgeError } from "../lib/comfyBridge.js";
+
+const ALLOWED_BODY_KEYS = new Set(["filename"]);
+
+function hasExactBodyShape(body) {
+  if (!body || typeof body !== "object" || Array.isArray(body)) return false;
+  const keys = Object.keys(body);
+  return keys.length === 1 && ALLOWED_BODY_KEYS.has(keys[0]) && typeof body.filename === "string";
+}
+
+function errorPayload(code, message) {
+  return {
+    ok: false,
+    error: { code, message },
+  };
+}
+
+export function registerComfyRoutes(app, ctx) {
+  app.post("/api/comfy/export-image", async (req, res) => {
+    try {
+      if (!hasExactBodyShape(req.body)) {
+        return res.status(400).json(errorPayload(
+          "COMFY_IMAGE_INVALID",
+          "Request body must contain exactly one filename.",
+        ));
+      }
+      const result = await exportImageToComfy(ctx, { filename: req.body.filename });
+      return res.json(result);
+    } catch (error) {
+      if (isComfyBridgeError(error)) {
+        return res.status(error.status).json(errorPayload(error.code, error.message));
+      }
+      return res.status(502).json(errorPayload(
+        "COMFY_UPLOAD_FAILED",
+        "Could not upload image to ComfyUI.",
+      ));
+    }
+  });
+}

package/routes/edit.js

@@ -4,9 +4,10 @@ import { randomBytes } from "crypto";
 import { editViaOAuth } from "../lib/oauthProxy.js";
 import { classifyUpstreamError } from "../lib/errorClassify.js";
 import { normalizeOAuthParams } from "../lib/oauthNormalize.js";
-import { normalizeImageModel } from "../lib/imageModels.js";
+import { normalizeImageModel, normalizeReasoningEffort } from "../lib/imageModels.js";
 import { startJob, finishJob } from "../lib/inflight.js";
 import { logEvent, logError } from "../lib/logger.js";
+import { hasPngAlphaChannel, parsePngInfo } from "../lib/pngInfo.js";
 
 function validateModeration(ctx, moderation) {
   if (typeof moderation !== "string" || !ctx.config.oauth.validModeration.has(moderation)) {
@@ -15,6 +16,49 @@ function validateModeration(ctx, moderation) {
   return { moderation };
 }
 
+const MAX_EDIT_MASK_BYTES = 16 * 1024 * 1024;
+const BASE64_RE = /^[A-Za-z0-9+/]+={0,2}$/;
+
+function stripPngDataUrl(value) {
+  if (typeof value !== "string") return "";
+  return value.replace(/^data:image\/png;base64,/, "");
+}
+
+function decodePngDataUrl(value, invalidCode, pngCode) {
+  const b64 = stripPngDataUrl(value).replace(/\s+/g, "");
+  if (!b64 || b64.length % 4 !== 0 || !BASE64_RE.test(b64)) {
+    return { error: "image must be valid base64", code: invalidCode };
+  }
+  const buffer = Buffer.from(b64, "base64");
+  if (buffer.length === 0 || buffer.toString("base64").replace(/=+$/, "") !== b64.replace(/=+$/, "")) {
+    return { error: "image must be valid base64", code: invalidCode };
+  }
+  const info = parsePngInfo(buffer);
+  if (info.error) return { error: "image must be a PNG image", code: pngCode };
+  return { b64, buffer, info };
+}
+
+function validateEditMask(imageB64, mask) {
+  if (mask == null) return { mask: null, maskBytes: 0 };
+  if (typeof mask !== "string" || mask.length === 0) {
+    return { error: "mask must be a PNG data URL or base64 string", code: "INVALID_EDIT_MASK" };
+  }
+  const maskCheck = decodePngDataUrl(mask, "INVALID_EDIT_MASK_BASE64", "INVALID_EDIT_MASK_PNG");
+  if (maskCheck.error) return maskCheck;
+  if (maskCheck.buffer.length > MAX_EDIT_MASK_BYTES) {
+    return { error: "mask is too large", code: "EDIT_MASK_TOO_LARGE" };
+  }
+  if (!hasPngAlphaChannel(maskCheck.info)) {
+    return { error: "mask PNG must include an alpha channel", code: "EDIT_MASK_NO_ALPHA" };
+  }
+  const imageCheck = decodePngDataUrl(imageB64, "INVALID_EDIT_IMAGE_BASE64", "INVALID_EDIT_IMAGE_PNG");
+  if (imageCheck.error) return imageCheck;
+  if (imageCheck.info.width !== maskCheck.info.width || imageCheck.info.height !== maskCheck.info.height) {
+    return { error: "mask dimensions must match image dimensions", code: "EDIT_MASK_DIMENSION_MISMATCH" };
+  }
+  return { mask: maskCheck.b64, maskBytes: maskCheck.buffer.length };
+}
+
 export function registerEditRoutes(app, ctx) {
   app.post("/api/edit", async (req, res) => {
     const requestId = typeof req.body?.requestId === "string" ? req.body.requestId : req.id;
@@ -26,12 +70,15 @@ export function registerEditRoutes(app, ctx) {
       const {
         prompt,
         image: imageB64,
+        mask: rawMask,
         quality: rawQuality = "medium",
         size = "1024x1024",
         moderation = "low",
         provider = "oauth",
         mode: promptMode = "auto",
         model: rawModel,
+        reasoningEffort: rawReasoningEffort,
+        webSearchEnabled: rawWebSearchEnabled = true,
       } = req.body;
       const { quality, warnings: qualityWarnings } = normalizeOAuthParams({ provider, quality: rawQuality });
       const modelCheck = normalizeImageModel(ctx, rawModel);
@@ -42,6 +89,15 @@ export function registerEditRoutes(app, ctx) {
         return res.status(modelCheck.status).json({ error: modelCheck.error, code: modelCheck.code });
       }
       const imageModel = modelCheck.model;
+      const reasoningCheck = normalizeReasoningEffort(ctx, rawReasoningEffort);
+      if (reasoningCheck.error) {
+        finishStatus = "error";
+        finishHttpStatus = reasoningCheck.status;
+        finishErrorCode = reasoningCheck.code;
+        return res.status(reasoningCheck.status).json({ error: reasoningCheck.error, code: reasoningCheck.code });
+      }
+      const reasoningEffort = reasoningCheck.effort;
+      const webSearchEnabled = rawWebSearchEnabled !== false;
       const sessionId = typeof req.body?.sessionId === "string" ? req.body.sessionId : null;
       const normalizedPromptMode = promptMode === "direct" ? "direct" : "auto";
 
@@ -64,6 +120,13 @@ export function registerEditRoutes(app, ctx) {
         finishErrorCode = "INVALID_EDIT_INPUT";
         return res.status(400).json({ error: "Prompt and image are required" });
       }
+      const maskCheck = validateEditMask(imageB64, rawMask);
+      if (maskCheck.error) {
+        finishStatus = "error";
+        finishHttpStatus = 400;
+        finishErrorCode = maskCheck.code;
+        return res.status(400).json({ error: maskCheck.error, code: maskCheck.code });
+      }
       const moderationCheck = validateModeration(ctx, moderation);
       if (moderationCheck.error) {
         finishStatus = "error";
@@ -89,10 +152,13 @@ export function registerEditRoutes(app, ctx) {
         sessionId,
         promptChars: typeof prompt === "string" ? prompt.length : 0,
         promptMode: normalizedPromptMode,
+        webSearchEnabled,
         inputImageChars: typeof imageB64 === "string" ? imageB64.length : 0,
+        maskPresent: Boolean(maskCheck.mask),
+        maskBytes: maskCheck.maskBytes ?? 0,
       });
       const startTime = Date.now();
-      const { b64: resultB64, usage, revisedPrompt } = await editViaOAuth(
+      const { b64: resultB64, usage, revisedPrompt, webSearchCalls = 0 } = await editViaOAuth(
         prompt,
         imageB64,
         quality,
@@ -101,7 +167,7 @@ export function registerEditRoutes(app, ctx) {
         normalizedPromptMode,
         ctx,
         requestId,
-        { model: imageModel },
+        { model: imageModel, reasoningEffort, webSearchEnabled, mask: maskCheck.mask },
       );
 
       const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
@@ -122,7 +188,8 @@ export function registerEditRoutes(app, ctx) {
         kind: "edit",
         createdAt: Date.now(),
         usage: usage || null,
-        webSearchCalls: 0,
+        webSearchCalls,
+        webSearchEnabled,
       };
       await writeFile(join(ctx.config.storage.generatedDir, filename + ".json"), JSON.stringify(meta)).catch(() => {});
       finishHttpStatus = 200;
@@ -145,6 +212,8 @@ export function registerEditRoutes(app, ctx) {
         warnings: qualityWarnings,
         revisedPrompt: revisedPrompt || null,
         promptMode: normalizedPromptMode,
+        webSearchCalls,
+        webSearchEnabled,
       });
     } catch (err) {
       const fallbackCode = err.code || classifyUpstreamError(err.message);