ima2-gen 2.0.1 → 2.0.2

package/lib/promptBuilder/systemPrompt.js

@@ -117,12 +117,9 @@ For variations:
 - Vary only the requested axis, such as style, mood, color palette, composition, camera angle, background, medium, or lighting.
 - Do not generate images unless explicitly asked.
 
-Safety and style limits:
-- Do not create prompts that violate safety policy.
-- Do not directly imitate a living artist's distinctive current style.
+Style limits:
 - When a living artist style is requested, replace it with broader visual characteristics such as medium, color, lighting, era, composition, texture, or mood.
-- Avoid prompts that enable deception, impersonation, or harmful misuse.
-- For real people, avoid defamatory, sexualized, misleading, or dignity-violating framing.
+- For real people, preserve dignity and avoid misleading framing.
 
 Before finalizing, check:
 - Does the prompt preserve the user's original idea?

package/lib/promptSafetyPolicy.js

@@ -1,5 +1 @@
-export const SAFETY_INTENT_POLICY = [
-    "* [Level of Intent to Sexual Exploitation]: Zero",
-    "* [Level of Intent to Sexual Commodification]: Zero",
-    "* [Judged by Appearance Alone]: Forbidden",
-].join("\n");
+export const SAFETY_INTENT_POLICY = "";

package/lib/responsesFallback.js

@@ -38,7 +38,8 @@ export async function retryPromptOnlyJsonImage({ postResponses, ctx, provider, p
                     tools: tools(false, { quality, size, moderation }),
                     tool_choice: imageToolChoice(true),
                     reasoning: { effort: reasoningEffort || "low" },
-                    stream: false,
+                    // OAuth/Codex proxy returns empty output[] for non-stream image requests; SSE required.
+                    stream: true,
                 },
             });
         }

package/lib/routeHelpers.js

@@ -0,0 +1,44 @@
+export function validateModeration(ctx, moderation) {
+    if (typeof moderation !== "string" || !ctx.config.oauth.validModeration.has(moderation)) {
+        return { error: "moderation must be one of: auto, low" };
+    }
+    return { moderation };
+}
+export function imageFormatFromMime(mime) {
+    if (mime === "image/jpeg")
+        return "jpeg";
+    if (mime === "image/webp")
+        return "webp";
+    return "png";
+}
+export function writeSse(res, event, data) {
+    res.write(`event: ${event}\n`);
+    res.write(`data: ${JSON.stringify(data)}\n\n`);
+}
+export function dataUrlFromB64(format, b64) {
+    return `data:image/${format === "jpeg" ? "jpeg" : format};base64,${b64}`;
+}
+export function upstreamErrorFields(src) {
+    return {
+        upstreamCode: src.upstreamCode || null,
+        upstreamType: src.upstreamType || null,
+        upstreamParam: src.upstreamParam || null,
+        diagnosticReason: src.diagnosticReason || null,
+        retryKind: src.retryKind || null,
+        initialEventCount: src.initialEventCount ?? null,
+        initialEventTypes: src.initialEventTypes || null,
+        referencesDroppedOnRetry: src.referencesDroppedOnRetry ?? null,
+        developerPromptDroppedOnRetry: src.developerPromptDroppedOnRetry ?? null,
+        webSearchDroppedOnRetry: src.webSearchDroppedOnRetry ?? null,
+        fallbackEventCount: src.fallbackEventCount ?? null,
+        fallbackEventTypes: src.fallbackEventTypes || null,
+        fallbackImageCallSeen: src.fallbackImageCallSeen ?? null,
+        fallbackImageResultCount: src.fallbackImageResultCount ?? null,
+        errorEventCount: src.eventCount ?? null,
+        eventTypes: src.eventTypes || null,
+        webSearchCalls: src.webSearchCalls ?? null,
+        responseDiagnostics: src.responseDiagnostics || null,
+        toolTypes: src.toolTypes || null,
+        toolChoiceKind: src.toolChoiceKind || null,
+    };
+}

package/lib/ssePublish.js

@@ -0,0 +1,12 @@
+import { publish } from "./eventBus.js";
+import { isJobCanceled } from "./inflight.js";
+/**
+ * Publish a multiplexed job event. Suppresses terminal `done` after cancel so
+ * clients never resolve success when abortJob already emitted `error`.
+ */
+export function publishJobEvent(requestId, event, data) {
+    if (event === "done" && isJobCanceled(requestId))
+        return false;
+    publish(requestId, event, data);
+    return true;
+}

package/lib/storyboardPrefix.js

@@ -0,0 +1,28 @@
+export const STORYBOARD_PREFIX = [
+    "[STORYBOARD MODE — Video Production Keyframe / Storyboard Grid]",
+    "This image will be used for video production. It may be a single keyframe OR a 3x3 storyboard grid.",
+    "The prompt and all injected instructions MUST be in English.",
+    "",
+    "IF GENERATING A 3x3 STORYBOARD GRID:",
+    "- Panel 1 (top-left) MUST be COMPLETELY SOLID BLACK — no image, no text, just pure black.",
+    "- Panels 2-9 contain the action sequence (8 key moments).",
+    "- Do NOT add timestamp labels or text overlays to any panel — they burn into the video.",
+    "- Maintain identical character designs across all panels.",
+    "- Each panel should look like a cinematic film still, not a sketch.",
+    "",
+    "CHARACTER LOCK:",
+    "- Identify each character by 2-3 VISUAL identifiers (clothing color + physique + position/props). Never by name alone.",
+    "- Copy character descriptions VERBATIM from the reference/prior frame. Do NOT rephrase or drift.",
+    "",
+    "SCENE CONTINUITY:",
+    "- Lock lighting direction, color palette, environment, and art style to prior frames.",
+    "- Change ONLY: action, shot scale, camera angle, or expression.",
+    "- Reference image = canonical anchor. Preserve it faithfully.",
+    "",
+    "VIDEO-READY COMPOSITION:",
+    "- Frame for animation: leave space for motion, avoid static-only poses.",
+    "- Use descriptive caption format: shot type + subject action + environment + technical (lens, lighting) + mood.",
+    "- Specify intended camera movement for the video phase (e.g. 'slow dolly-in', 'static wide').",
+    "- End pose must be stable and suitable for video continuation.",
+    "",
+].join("\n") + "\n";

package/lib/thumbBackfill.js

@@ -2,6 +2,10 @@ import { readdir } from "node:fs/promises";
 import { join } from "node:path";
 import { ensureVideoThumbnail, videoThumbExists } from "./videoThumb.js";
 import { generateImageThumbnail, imageThumbExists } from "./imageThumb.js";
+const FAILURE_DETAIL_LIMIT = 20;
+function errorReason(error) {
+    return error instanceof Error ? error.message : String(error);
+}
 /**
  * Recursively scan `dir` (up to `maxDepth` levels, matching historyList's walk
  * depth) and generate missing `.thumb.jpg` thumbnails for every image and video.
@@ -11,7 +15,13 @@ import { generateImageThumbnail, imageThumbExists } from "./imageThumb.js";
  * shows a thumbless media tile.
  */
 export async function backfillThumbnails(dir, maxDepth = 2) {
-    const result = { total: 0, created: 0, skipped: 0, failed: 0 };
+    const result = { total: 0, created: 0, skipped: 0, failed: 0, failures: [] };
+    function recordFailure(file, kind, reason) {
+        result.failed++;
+        if (result.failures.length >= FAILURE_DETAIL_LIMIT)
+            return;
+        result.failures.push({ file, kind, reason });
+    }
     async function walk(current, depth) {
         const entries = await readdir(current, { withFileTypes: true }).catch(() => []);
         for (const entry of entries) {
@@ -28,8 +38,9 @@ export async function backfillThumbnails(dir, maxDepth = 2) {
             if (!/\.(png|jpe?g|webp|mp4)$/i.test(entry.name))
                 continue;
             result.total++;
+            const kind = /\.mp4$/i.test(entry.name) ? "video" : "image";
             try {
-                if (/\.mp4$/i.test(entry.name)) {
+                if (kind === "video") {
                     if (await videoThumbExists(full)) {
                         result.skipped++;
                         continue;
@@ -38,7 +49,7 @@ export async function backfillThumbnails(dir, maxDepth = 2) {
                     if (ok)
                         result.created++;
                     else
-                        result.failed++;
+                        recordFailure(full, kind, "thumbnail generation returned false");
                 }
                 else {
                     if (await imageThumbExists(full)) {
@@ -49,8 +60,8 @@ export async function backfillThumbnails(dir, maxDepth = 2) {
                     result.created++;
                 }
             }
-            catch {
-                result.failed++;
+            catch (error) {
+                recordFailure(full, kind, errorReason(error));
             }
         }
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ima2-gen",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "Local OAuth image generation studio with classic and node workflows",
   "type": "module",
   "bin": {
@@ -39,6 +39,7 @@
     "cli"
   ],
   "license": "MIT",
+  "homepage": "https://lidge-jun.github.io/ima2-gen/",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/lidge-jun/ima2-gen.git"
@@ -57,6 +58,7 @@
     "assets/card-news/templates/",
     ".env.example",
     "README.md",
+    "CHANGELOG.md",
     "LICENSE",
     "server.js",
     "config.js"
@@ -65,6 +67,7 @@
     "node": ">=20"
   },
   "dependencies": {
+    "@openai/codex": "latest",
     "better-sqlite3": "^12.9.0",
     "dotenv": "^17.4.2",
     "express": "^5.1.0",

package/routes/agy.js

@@ -0,0 +1,44 @@
+import { spawn } from "node:child_process";
+// Detect whether the Antigravity CLI (`agy`) is installed, using the same
+// spawn-and-catch style as lib/agyImageAdapter.ts (no shell `which`/`where`).
+// Login state cannot be probed — agy has no status command — so we only
+// report installation here.
+function isAgyInstalled() {
+    return new Promise((resolve) => {
+        let settled = false;
+        const done = (value) => {
+            if (settled)
+                return;
+            settled = true;
+            resolve(value);
+        };
+        try {
+            const child = spawn("agy", ["--version"], { stdio: "ignore" });
+            child.on("error", () => done(false)); // ENOENT when not on PATH
+            child.on("exit", (code) => done(code === 0));
+            // Safety timeout so a hung binary never blocks the request.
+            setTimeout(() => {
+                try {
+                    if (!child.killed)
+                        child.kill();
+                }
+                catch { /* ignore */ }
+                done(false);
+            }, 3000).unref?.();
+        }
+        catch {
+            done(false);
+        }
+    });
+}
+export function registerAgyRoutes(app) {
+    app.get("/api/agy/status", async (_req, res) => {
+        try {
+            const installed = await isAgyInstalled();
+            res.json({ installed });
+        }
+        catch {
+            res.json({ installed: false });
+        }
+    });
+}

package/routes/auth.js

@@ -2,11 +2,15 @@ import { spawn } from "node:child_process";
 import { randomBytes } from "node:crypto";
 import { writeFileSync, renameSync, mkdirSync, existsSync } from "node:fs";
 import { homedir } from "node:os";
-import { join } from "node:path";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
 const GROK_CLIENT_ID = "b1a00492-073a-47ea-816f-4c329264a828";
 const GROK_SCOPE = "openid profile email offline_access grok-cli:access api:access";
 const GROK_TOKEN_URL = "https://auth.x.ai/oauth2/token";
 const CODEX_DEVICE_CODE_GRANT = "urn:ietf:params:oauth:grant-type:device_code";
+// Bundled @openai/codex binary (npm dependency), resolved relative to this
+// module so device-auth login works even when `codex` is not on the user's PATH.
+const CODEX_BIN = join(dirname(fileURLToPath(import.meta.url)), "..", "node_modules", ".bin", process.platform === "win32" ? "codex.cmd" : "codex");
 const MAX_CONCURRENT_SESSIONS = 20;
 const sessions = new Map();
 function sid() {
@@ -125,7 +129,7 @@ function startCodexDeviceCode() {
         for (const k of ["OPENAI_API_KEY", "XAI_API_KEY", "GEMINI_API_KEY", "ANTHROPIC_API_KEY", "VERTEX_SERVICE_ACCOUNT_JSON"]) {
             delete childEnv[k];
         }
-        const child = spawn("codex", ["login", "--device-auth"], {
+        const child = spawn(CODEX_BIN, ["login", "--device-auth"], {
             stdio: ["ignore", "pipe", "pipe"],
             env: childEnv,
         });

package/routes/edit.js

@@ -169,6 +169,7 @@ export function registerEditRoutes(app, ctxRaw) {
             let revisedPrompt;
             let webSearchCalls = 0;
             let resultMimeFromProvider;
+            let providerUrl = null;
             if (activeProvider === "gemini-api") {
                 const r = await generateViaGeminiApi(`Edit this image: ${prompt}`, requireRuntimeContext(ctx), {
                     model: imageModel,
@@ -206,6 +207,7 @@ export function registerEditRoutes(app, ctxRaw) {
                     directApiKey,
                 });
                 resultB64 = r.b64;
+                providerUrl = r.providerUrl ?? null;
                 usage = r.usage;
                 revisedPrompt = r.revisedPrompt;
                 webSearchCalls = r.webSearchCalls;
@@ -237,6 +239,7 @@ export function registerEditRoutes(app, ctxRaw) {
             const editFilePath = join(ctx.config.storage.generatedDir, filename);
             await writeFile(editFilePath, editBuffer);
             generateImageThumbnailFromBuffer(editBuffer, editFilePath).catch(() => { });
+            const createdAt = Date.now();
             const meta = {
                 prompt,
                 userPrompt: prompt,
@@ -252,10 +255,11 @@ export function registerEditRoutes(app, ctxRaw) {
                 provider: activeProvider,
                 kind: "edit",
                 requestId,
-                createdAt: Date.now(),
+                createdAt,
                 usage: usage || null,
                 webSearchCalls,
                 webSearchEnabled,
+                ...(providerUrl ? { providerUrl } : {}),
             };
             await safeWriteSidecar(join(ctx.config.storage.generatedDir, filename + ".json"), meta);
             invalidateHistoryIndex();
@@ -281,6 +285,8 @@ export function registerEditRoutes(app, ctxRaw) {
                 promptMode: normalizedPromptMode,
                 webSearchCalls,
                 webSearchEnabled,
+                providerUrl,
+                createdAt,
             });
         }
         catch (e) {

package/routes/events.js

@@ -0,0 +1,78 @@
+import { subscribe, replaySince, hasReplayGap, replayOldestId, MAX_SSE_LISTENERS } from "../lib/eventBus.js";
+let activeConnections = 0;
+function safeWrite(res, chunk) {
+    if (res.writableEnded || res.destroyed)
+        return false;
+    try {
+        res.write(chunk);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function formatSse(ev) {
+    return `id: ${ev.id}\nevent: ${ev.event}\ndata: ${JSON.stringify({ ...ev.data, jobId: ev.jobId })}\n\n`;
+}
+export function registerEventsRoute(app, _ctx) {
+    app.get("/api/events", (req, res) => {
+        if (activeConnections >= MAX_SSE_LISTENERS) {
+            return res.status(503).json({
+                error: { code: "SSE_CAPACITY", message: "Too many event stream connections" },
+            });
+        }
+        res.setHeader("Content-Type", "text/event-stream; charset=utf-8");
+        res.setHeader("Cache-Control", "no-cache, no-transform");
+        res.setHeader("Connection", "keep-alive");
+        res.setHeader("X-Accel-Buffering", "no");
+        res.flushHeaders?.();
+        activeConnections++;
+        const headerLastId = parseInt(req.headers["last-event-id"], 10);
+        const queryLastId = parseInt(String(req.query.lastEventId ?? ""), 10);
+        const lastId = !Number.isNaN(headerLastId) ? headerLastId : queryLastId;
+        if (!Number.isNaN(lastId)) {
+            if (hasReplayGap(lastId)) {
+                const gapPayload = JSON.stringify({
+                    lastEventId: lastId,
+                    oldestAvailableId: replayOldestId(),
+                });
+                if (!safeWrite(res, `event: replay-gap\ndata: ${gapPayload}\n\n`)) {
+                    activeConnections = Math.max(0, activeConnections - 1);
+                    return;
+                }
+            }
+            for (const ev of replaySince(lastId)) {
+                if (!safeWrite(res, formatSse(ev)))
+                    break;
+            }
+        }
+        let cleaned = false;
+        const unsub = subscribe((ev) => {
+            if (!safeWrite(res, formatSse(ev)))
+                cleanup();
+        });
+        const heartbeat = setInterval(() => {
+            if (!safeWrite(res, ": ping\n\n"))
+                cleanup();
+        }, 15_000);
+        function cleanup() {
+            if (cleaned)
+                return;
+            cleaned = true;
+            unsub();
+            clearInterval(heartbeat);
+            activeConnections = Math.max(0, activeConnections - 1);
+            if (!res.writableEnded && !res.destroyed) {
+                try {
+                    res.end();
+                }
+                catch {
+                    /* socket already torn down */
+                }
+            }
+        }
+        req.on("close", cleanup);
+        res.on("close", cleanup);
+        res.on("error", cleanup);
+    });
+}