ima2-gen 2.0.0 → 2.0.2

package/routes/auth.js

@@ -0,0 +1,242 @@
+import { spawn } from "node:child_process";
+import { randomBytes } from "node:crypto";
+import { writeFileSync, renameSync, mkdirSync, existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+const GROK_CLIENT_ID = "b1a00492-073a-47ea-816f-4c329264a828";
+const GROK_SCOPE = "openid profile email offline_access grok-cli:access api:access";
+const GROK_TOKEN_URL = "https://auth.x.ai/oauth2/token";
+const CODEX_DEVICE_CODE_GRANT = "urn:ietf:params:oauth:grant-type:device_code";
+// Bundled @openai/codex binary (npm dependency), resolved relative to this
+// module so device-auth login works even when `codex` is not on the user's PATH.
+const CODEX_BIN = join(dirname(fileURLToPath(import.meta.url)), "..", "node_modules", ".bin", process.platform === "win32" ? "codex.cmd" : "codex");
+const MAX_CONCURRENT_SESSIONS = 20;
+const sessions = new Map();
+function sid() {
+    return randomBytes(16).toString("hex");
+}
+function cleanup(id) {
+    const s = sessions.get(id);
+    if (s?.pollTimer)
+        clearInterval(s.pollTimer);
+    if (s?.child && !s.child.killed)
+        s.child.kill();
+    if (s)
+        delete s.deviceCode;
+    setTimeout(() => sessions.delete(id), 120_000);
+}
+function stripAnsi(s) {
+    return s.replace(/\x1B\[[0-9;]*m/g, "");
+}
+function saveGrokTokens(tokens) {
+    const dir = join(homedir(), ".progrok");
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true, mode: 0o700 });
+    let email;
+    if (typeof tokens.id_token === "string") {
+        try {
+            const payload = JSON.parse(Buffer.from(tokens.id_token.split(".")[1], "base64url").toString());
+            email = payload.email;
+        }
+        catch { /* ignore */ }
+    }
+    const data = {
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresAt: typeof tokens.expires_in === "number" ? Date.now() + tokens.expires_in * 1000 : undefined,
+        tokenEndpoint: GROK_TOKEN_URL,
+    };
+    if (email)
+        data.email = email;
+    // Atomic write: temp file (0600) + rename, so concurrent completions or a crash
+    // mid-flush can never truncate/corrupt the only credential file. Rename also
+    // guarantees final perms are 0600 even if a looser-perm file pre-existed.
+    const target = join(dir, "auth.json");
+    const tmp = join(dir, `auth.json.tmp-${randomBytes(6).toString("hex")}`);
+    writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 0o600 });
+    renameSync(tmp, target);
+}
+async function startGrokDeviceCode() {
+    const discovery = await fetch("https://auth.x.ai/.well-known/openid-configuration", { signal: AbortSignal.timeout(10000) });
+    const disc = await discovery.json();
+    if (!disc.device_authorization_endpoint)
+        throw new Error("xAI does not expose device_authorization_endpoint");
+    const res = await fetch(disc.device_authorization_endpoint, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({ client_id: GROK_CLIENT_ID, scope: GROK_SCOPE }),
+        signal: AbortSignal.timeout(15000),
+    });
+    if (!res.ok)
+        throw new Error(`Device code request failed: ${res.status}`);
+    const dc = await res.json();
+    const id = sid();
+    const session = {
+        provider: "grok",
+        userCode: dc.user_code,
+        verificationUrl: dc.verification_uri_complete || dc.verification_uri,
+        expiresAt: Date.now() + dc.expires_in * 1000,
+        status: "pending",
+        deviceCode: dc.device_code,
+    };
+    sessions.set(id, session);
+    const interval = Math.max((dc.interval || 5) * 1000, 5000);
+    session.pollTimer = setInterval(async () => {
+        if (session.status !== "pending") {
+            cleanup(id);
+            return;
+        }
+        if (Date.now() > session.expiresAt) {
+            session.status = "expired";
+            cleanup(id);
+            return;
+        }
+        try {
+            const tokenRes = await fetch(disc.token_endpoint, {
+                method: "POST",
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                body: new URLSearchParams({
+                    grant_type: CODEX_DEVICE_CODE_GRANT,
+                    client_id: GROK_CLIENT_ID,
+                    device_code: dc.device_code,
+                }),
+                signal: AbortSignal.timeout(10000),
+            });
+            if (tokenRes.ok) {
+                const tokens = await tokenRes.json();
+                saveGrokTokens(tokens);
+                session.status = "complete";
+                cleanup(id);
+                return;
+            }
+            const err = await tokenRes.json();
+            if (err.error !== "authorization_pending" && err.error !== "slow_down") {
+                session.status = "error";
+                session.error = err.error || "unknown";
+                cleanup(id);
+            }
+        }
+        catch { /* network error, keep polling */ }
+    }, interval);
+    return { sessionId: id, userCode: dc.user_code, verificationUrl: session.verificationUrl, expiresIn: dc.expires_in };
+}
+function startCodexDeviceCode() {
+    return new Promise((resolve, reject) => {
+        // Don't hand other providers' secrets to the codex child — it only needs
+        // PATH/HOME/codex config to run the ChatGPT device-code login.
+        const childEnv = { ...process.env };
+        for (const k of ["OPENAI_API_KEY", "XAI_API_KEY", "GEMINI_API_KEY", "ANTHROPIC_API_KEY", "VERTEX_SERVICE_ACCOUNT_JSON"]) {
+            delete childEnv[k];
+        }
+        const child = spawn(CODEX_BIN, ["login", "--device-auth"], {
+            stdio: ["ignore", "pipe", "pipe"],
+            env: childEnv,
+        });
+        let stdout = "";
+        let resolved = false;
+        const id = sid();
+        const session = {
+            provider: "codex",
+            userCode: "",
+            verificationUrl: "",
+            expiresAt: Date.now() + 15 * 60 * 1000,
+            status: "pending",
+            child,
+        };
+        sessions.set(id, session);
+        // Server-side reaper: if the client abandons the flow (closes browser, stops
+        // polling), kill the lingering codex child instead of waiting for it to self-exit.
+        const reaper = setTimeout(() => {
+            if (session.status === "pending") {
+                session.status = "expired";
+                cleanup(id);
+            }
+        }, 16 * 60 * 1000);
+        reaper.unref?.();
+        child.stdout?.on("data", (chunk) => {
+            stdout += chunk.toString();
+            if (resolved)
+                return;
+            const clean = stripAnsi(stdout);
+            const urlMatch = clean.match(/https:\/\/auth\.openai\.com\/codex\/device/);
+            const codeMatch = clean.match(/^\s+([A-Z0-9]{4}-[A-Z0-9]{4,5})\s*$/m);
+            if (urlMatch && codeMatch) {
+                resolved = true;
+                session.userCode = codeMatch[1];
+                session.verificationUrl = urlMatch[0];
+                resolve({
+                    sessionId: id,
+                    userCode: codeMatch[1],
+                    verificationUrl: urlMatch[0],
+                    expiresIn: 900,
+                });
+            }
+        });
+        child.stderr?.on("data", () => { });
+        child.on("close", (code) => {
+            if (!resolved) {
+                sessions.delete(id);
+                reject(new Error(`codex login exited with code ${code} before providing device code`));
+                return;
+            }
+            session.status = code === 0 ? "complete" : "error";
+            if (code !== 0)
+                session.error = `codex exited with code ${code}`;
+            cleanup(id);
+        });
+        child.on("error", (err) => {
+            if (!resolved) {
+                sessions.delete(id);
+                reject(new Error(`codex not found: ${err.message}`));
+                return;
+            }
+            session.status = "error";
+            session.error = err.message;
+            cleanup(id);
+        });
+        setTimeout(() => {
+            if (!resolved) {
+                sessions.delete(id);
+                if (!child.killed)
+                    child.kill();
+                reject(new Error("Timed out waiting for codex device code output"));
+            }
+        }, 30000);
+    });
+}
+export function registerAuthRoutes(app) {
+    app.post("/api/auth/switch", async (req, res) => {
+        const provider = req.body?.provider;
+        if (provider !== "grok" && provider !== "codex") {
+            return res.status(400).json({ error: "provider must be grok or codex" });
+        }
+        if (sessions.size >= MAX_CONCURRENT_SESSIONS) {
+            return res.status(429).json({ error: "Too many pending auth sessions" });
+        }
+        try {
+            const result = provider === "grok"
+                ? await startGrokDeviceCode()
+                : await startCodexDeviceCode();
+            res.json(result);
+        }
+        catch (e) {
+            res.status(502).json({ error: e.message });
+        }
+    });
+    app.get("/api/auth/switch/:sessionId", (req, res) => {
+        const session = sessions.get(req.params.sessionId);
+        if (!session)
+            return res.status(404).json({ status: "expired" });
+        if (session.status === "complete")
+            return res.json({ status: "complete" });
+        if (session.status === "error")
+            return res.json({ status: "error", error: session.error });
+        if (Date.now() > session.expiresAt) {
+            session.status = "expired";
+            cleanup(req.params.sessionId);
+            return res.json({ status: "expired" });
+        }
+        res.json({ status: "pending" });
+    });
+}

package/routes/edit.js

@@ -3,11 +3,14 @@ import { safeWriteSidecar } from "../lib/atomicWrite.js";
 import { join } from "path";
 import { randomBytes } from "crypto";
 import { detectImageMimeFromB64 } from "../lib/refs.js";
+import { generateImageThumbnailFromBuffer } from "../lib/imageThumb.js";
 import { classifyUpstreamError } from "../lib/errorClassify.js";
 import { normalizeOAuthParams } from "../lib/oauthNormalize.js";
 import { resolveProviderOptions } from "../lib/providerOptions.js";
 import { editViaResponses } from "../lib/responsesImageAdapter.js";
 import { editViaGrok } from "../lib/grokImageAdapter.js";
+import { generateViaAgy } from "../lib/agyImageAdapter.js";
+import { generateViaGeminiApi } from "../lib/geminiApiImageAdapter.js";
 import { startJob, finishJob, registerJobAbortController, isJobCanceled } from "../lib/inflight.js";
 import { isGenerationCanceledError, makeGenerationCanceledError, throwIfJobCanceled, } from "../lib/generationCancel.js";
 import { logEvent, logError } from "../lib/logger.js";
@@ -124,11 +127,11 @@ export function registerEditRoutes(app, ctxRaw) {
                 finishErrorCode = "INVALID_EDIT_INPUT";
                 return res.status(400).json({ error: "Prompt and image are required" });
             }
-            if (activeProvider === "grok" && rawMask) {
+            if ((activeProvider === "grok" || activeProvider === "agy" || activeProvider === "grok-api" || activeProvider === "gemini-api") && rawMask) {
                 finishStatus = "error";
                 finishHttpStatus = 400;
-                finishErrorCode = "GROK_MASK_UNSUPPORTED";
-                return res.status(400).json({ error: "Grok provider does not support mask editing", code: "GROK_MASK_UNSUPPORTED" });
+                const code = activeProvider === "agy" ? "AGY_MASK_UNSUPPORTED" : activeProvider === "gemini-api" ? "GEMINI_API_MASK_UNSUPPORTED" : "GROK_MASK_UNSUPPORTED";
+                return res.status(400).json({ error: `${activeProvider === "agy" ? "Agy" : activeProvider === "gemini-api" ? "Gemini API" : "Grok"} provider does not support mask editing`, code });
             }
             const maskCheck = validateEditMask(imageB64, rawMask);
             if (maskCheck.error) {
@@ -166,15 +169,45 @@ export function registerEditRoutes(app, ctxRaw) {
             let revisedPrompt;
             let webSearchCalls = 0;
             let resultMimeFromProvider;
-            if (activeProvider === "grok") {
+            let providerUrl = null;
+            if (activeProvider === "gemini-api") {
+                const r = await generateViaGeminiApi(`Edit this image: ${prompt}`, requireRuntimeContext(ctx), {
+                    model: imageModel,
+                    size: effectiveSize,
+                    signal: cancelController.signal,
+                    requestId,
+                    references: [{ b64: imageB64, declaredMime: null, detectedMime: detectImageMimeFromB64(imageB64) || null }],
+                });
+                resultB64 = r.b64;
+                usage = r.usage;
+                revisedPrompt = r.revisedPrompt;
+                webSearchCalls = r.webSearchCalls;
+                resultMimeFromProvider = r.mime;
+            }
+            else if (activeProvider === "agy") {
+                const r = await generateViaAgy(`Edit this image: ${prompt}`, {
+                    references: [{ b64: imageB64, declaredMime: null, detectedMime: detectImageMimeFromB64(imageB64) || null }],
+                    signal: cancelController.signal,
+                    requestId,
+                });
+                resultB64 = r.b64;
+                usage = r.usage;
+                revisedPrompt = r.revisedPrompt;
+                webSearchCalls = r.webSearchCalls;
+                resultMimeFromProvider = r.mime;
+            }
+            else if (activeProvider === "grok" || activeProvider === "grok-api") {
+                const directApiKey = activeProvider === "grok-api" ? ctx.xaiApiKey : undefined;
                 const grokModel = quality === "high" ? "grok-imagine-image-quality" : imageModel;
                 const r = await editViaGrok(prompt, imageB64, ctx, {
                     model: grokModel,
                     size: effectiveSize,
                     signal: cancelController.signal,
                     requestId,
+                    directApiKey,
                 });
                 resultB64 = r.b64;
+                providerUrl = r.providerUrl ?? null;
                 usage = r.usage;
                 revisedPrompt = r.revisedPrompt;
                 webSearchCalls = r.webSearchCalls;
@@ -197,12 +230,16 @@ export function registerEditRoutes(app, ctxRaw) {
             const elapsed = +((Date.now() - startTime) / 1000).toFixed(1);
             await mkdir(ctx.config.storage.generatedDir, { recursive: true });
             throwIfJobCanceled(requestId);
-            const editMime = activeProvider === "grok"
+            const editMime = activeProvider === "grok" || activeProvider === "agy" || activeProvider === "grok-api" || activeProvider === "gemini-api"
                 ? (resultMimeFromProvider || detectImageMimeFromB64(resultB64) || "image/png")
                 : "image/png";
-            const editExt = activeProvider === "grok" ? imageFormatFromMime(editMime) : "png";
+            const editExt = activeProvider === "grok" || activeProvider === "agy" || activeProvider === "grok-api" || activeProvider === "gemini-api" ? imageFormatFromMime(editMime) : "png";
             const filename = `${Date.now()}_${randomBytes(ctx.config.ids.generatedHexBytes).toString("hex")}.${editExt}`;
-            await writeFile(join(ctx.config.storage.generatedDir, filename), Buffer.from(resultB64, "base64"));
+            const editBuffer = Buffer.from(resultB64, "base64");
+            const editFilePath = join(ctx.config.storage.generatedDir, filename);
+            await writeFile(editFilePath, editBuffer);
+            generateImageThumbnailFromBuffer(editBuffer, editFilePath).catch(() => { });
+            const createdAt = Date.now();
             const meta = {
                 prompt,
                 userPrompt: prompt,
@@ -218,10 +255,11 @@ export function registerEditRoutes(app, ctxRaw) {
                 provider: activeProvider,
                 kind: "edit",
                 requestId,
-                createdAt: Date.now(),
+                createdAt,
                 usage: usage || null,
                 webSearchCalls,
                 webSearchEnabled,
+                ...(providerUrl ? { providerUrl } : {}),
             };
             await safeWriteSidecar(join(ctx.config.storage.generatedDir, filename + ".json"), meta);
             invalidateHistoryIndex();
@@ -247,6 +285,8 @@ export function registerEditRoutes(app, ctxRaw) {
                 promptMode: normalizedPromptMode,
                 webSearchCalls,
                 webSearchEnabled,
+                providerUrl,
+                createdAt,
             });
         }
         catch (e) {

package/routes/events.js

@@ -0,0 +1,78 @@
+import { subscribe, replaySince, hasReplayGap, replayOldestId, MAX_SSE_LISTENERS } from "../lib/eventBus.js";
+let activeConnections = 0;
+function safeWrite(res, chunk) {
+    if (res.writableEnded || res.destroyed)
+        return false;
+    try {
+        res.write(chunk);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function formatSse(ev) {
+    return `id: ${ev.id}\nevent: ${ev.event}\ndata: ${JSON.stringify({ ...ev.data, jobId: ev.jobId })}\n\n`;
+}
+export function registerEventsRoute(app, _ctx) {
+    app.get("/api/events", (req, res) => {
+        if (activeConnections >= MAX_SSE_LISTENERS) {
+            return res.status(503).json({
+                error: { code: "SSE_CAPACITY", message: "Too many event stream connections" },
+            });
+        }
+        res.setHeader("Content-Type", "text/event-stream; charset=utf-8");
+        res.setHeader("Cache-Control", "no-cache, no-transform");
+        res.setHeader("Connection", "keep-alive");
+        res.setHeader("X-Accel-Buffering", "no");
+        res.flushHeaders?.();
+        activeConnections++;
+        const headerLastId = parseInt(req.headers["last-event-id"], 10);
+        const queryLastId = parseInt(String(req.query.lastEventId ?? ""), 10);
+        const lastId = !Number.isNaN(headerLastId) ? headerLastId : queryLastId;
+        if (!Number.isNaN(lastId)) {
+            if (hasReplayGap(lastId)) {
+                const gapPayload = JSON.stringify({
+                    lastEventId: lastId,
+                    oldestAvailableId: replayOldestId(),
+                });
+                if (!safeWrite(res, `event: replay-gap\ndata: ${gapPayload}\n\n`)) {
+                    activeConnections = Math.max(0, activeConnections - 1);
+                    return;
+                }
+            }
+            for (const ev of replaySince(lastId)) {
+                if (!safeWrite(res, formatSse(ev)))
+                    break;
+            }
+        }
+        let cleaned = false;
+        const unsub = subscribe((ev) => {
+            if (!safeWrite(res, formatSse(ev)))
+                cleanup();
+        });
+        const heartbeat = setInterval(() => {
+            if (!safeWrite(res, ": ping\n\n"))
+                cleanup();
+        }, 15_000);
+        function cleanup() {
+            if (cleaned)
+                return;
+            cleaned = true;
+            unsub();
+            clearInterval(heartbeat);
+            activeConnections = Math.max(0, activeConnections - 1);
+            if (!res.writableEnded && !res.destroyed) {
+                try {
+                    res.end();
+                }
+                catch {
+                    /* socket already torn down */
+                }
+            }
+        }
+        req.on("close", cleanup);
+        res.on("close", cleanup);
+        res.on("error", cleanup);
+    });
+}