ai-zero-token 1.0.5 → 1.0.7

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## 1.0.7 - 2026-04-29
+
+- Added JSON `POST /v1/images/edits` support for image-to-image workflows with URL, base64 data URL, or raw base64 image references.
+- Added management-page Edits test examples and documented the JSON image editing request format.
+- Added `id_token` persistence for login, refresh, import, export, and account transfer JSON.
+- Added "Apply to Codex" account action to back up and update local `~/.codex/auth.json` for new Codex sessions.
+- Updated the local AI-Zero-Token skill documentation package with image editing and Codex account switching guidance.
+
+## 1.0.6 - 2026-04-28
+
+- Added account JSON import/export support in the management page.
+- Added batch account import from a single object, an array, or a `profiles` bundle.
+- Added selectable batch export for checked accounts in the management page.
+- Added `azt profiles import/export` CLI commands for account transfer workflows.
+- Added an account import template endpoint for quick JSON format reference.
+
 ## 1.0.5 - 2026-04-27
 
 - Added management-page proxy configuration for upstream requests, persisted in local settings.

package/README.md

@@ -7,6 +7,7 @@ AI Zero Token 是一个本地优先的单用户 AI CLI 和本地网关。
 它把账号授权能力整理成 OpenAI 风格接口，重点是把图片生成能力也代理出来：
 
 - `POST /v1/images/generations`
+- `POST /v1/images/edits`
 - `POST /v1/responses`
 - `POST /v1/chat/completions`
 - `GET /v1/models`
@@ -15,9 +16,10 @@ AI Zero Token 是一个本地优先的单用户 AI CLI 和本地网关。
 
 ## 这次迭代亮点
 
-- 直接代理 `gpt-image-2`，把图片生成能力暴露成 OpenAI 风格 `images.generations` 接口
+- 直接代理 `gpt-image-2`，把图片生成能力暴露成 OpenAI 风格 `images.generations` / `images.edits` 接口
 - 启动 `azt start` 后即可获得本地管理页和本地网关，适合脚本、前端和自动化流程接入
 - 支持多账号保存、切换当前账号、查看账号套餐 plan，以及当前账号是否支持生图
+- 支持账号 JSON 批量导入/勾选导出，并可一键把已保存账号应用到本机 Codex
 - 模型列表会优先同步本机 `~/.codex/models_cache.json`，不需要每次为新模型重新 build
 - 管理页会每 10 分钟自动同步额度快照和版本状态，并提示当前版本是否可更新
 - `free` 账号会在管理页直接预警，并在网关层明确拦截生图请求
@@ -220,6 +222,9 @@ azt start
 - 查看当前账号、已保存账号列表、过期时间、token 摘要
 - 查看账号套餐 plan 和当前账号是否支持生图
 - 在多个已保存账号之间切换当前使用账号
+- 在“新增账号”里选择 OAuth 登录，或粘贴外部账号 JSON 批量导入
+- 导出单个账号，或勾选多个账号后批量导出所选账号 JSON
+- 将任一已保存账号“应用到 Codex”，自动备份并更新本机 `~/.codex/auth.json`
 - 删除单个本地账号，或一键清空全部本地账号
 - 切换默认模型
 - 测试 `models` / `responses` / `chat.completions`
@@ -227,6 +232,10 @@ azt start
 
 管理页里邮箱默认脱敏显示，需要手动点击“查看邮箱”才会显示明文。
 
+导出的账号 JSON 包含完整 `access_token` 和 `refresh_token`，等同于账号登录凭据，只适合在可信环境中传递。
+
+账号卡片里的“应用到 Codex”会把该账号的 `access_token`、`refresh_token`、`id_token` 和 `account_id` 写入本机 Codex 的 `~/.codex/auth.json`。写入前会自动备份原文件；新开的 Codex 会话会使用该账号。
+
 如果当前网络访问海外上游不稳定，可以在管理页的“接口测试 / 系统设置”区域启用“上游代理”，并填写你自己的代理地址。保存后，OAuth 换取 token、模型刷新和接口转发都会通过该代理访问上游；本地管理页和 `127.0.0.1` 默认保持直连。
 
 默认监听地址：
@@ -318,9 +327,28 @@ curl http://127.0.0.1:8787/v1/images/generations \
 响应会返回 OpenAI 同类型结构的 `data[].b64_json`。如果你在管理页里测试，这张图片会直接显示预览。
 如果请求里不显式传 `model`，当前默认会使用 `gpt-image-2`。
 
+JSON 版 `images.edits` 支持通过 URL 或 base64 data URL 传参考图：
+
+```bash
+curl http://127.0.0.1:8787/v1/images/edits \
+  -H "content-type: application/json" \
+  -d '{
+    "model": "gpt-image-2",
+    "prompt": "参考这张图，生成一张更适合科技产品广告的版本。",
+    "images": [
+      {
+        "image_url": "data:image/png;base64,替换为你的图片base64"
+      }
+    ],
+    "size": "1024x1024",
+    "quality": "low",
+    "response_format": "b64_json"
+  }'
+```
+
 生图能力和账号套餐有关：
 
-- `plus` 或更高套餐账号可正常调用 `images.generations`
+- `plus` 或更高套餐账号可正常调用 `images.generations` / `images.edits`
 - `free` 账号不支持生图，网关会直接返回明确错误，而不是继续请求上游
 - 管理页会显示当前账号的 `plan` 和“生图能力”状态
 - 当当前账号是 `free` 且你选中 `Images` 测试时，“发送请求”按钮会被直接禁用
@@ -341,6 +369,7 @@ curl http://127.0.0.1:8787/v1/images/generations \
 - `POST /v1/responses`
 - `POST /v1/chat/completions`
 - `POST /v1/images/generations`
+- `POST /v1/images/edits`
 
 ### 7. 当前支持的主要参数
 
@@ -390,6 +419,24 @@ curl http://127.0.0.1:8787/v1/images/generations \
 - `response_format`
 - `user`
 
+`POST /v1/images/edits` 当前主要支持 JSON 请求：
+
+- `prompt`
+- `images`
+- `image`
+- `model`
+- `n`
+- `size`
+- `quality`
+- `background`
+- `output_format`
+- `output_compression`
+- `moderation`
+- `response_format`
+- `user`
+
+其中 `images` / `image` 支持 `image_url`，可以是 `https://...` URL、`data:image/...;base64,...`，或裸 base64 字符串。
+
 ### 8. 当前限制
 
 - `stream=true` 目前只识别，不返回真实流式结果
@@ -398,12 +445,22 @@ curl http://127.0.0.1:8787/v1/images/generations \
 - `images.generations` 暂不支持 `n > 1`
 - `images.generations` 当前只返回 `b64_json`，暂不支持托管图片 `url`
 - `images.generations` 当前只透传 GPT Image 路径，不兼容 DALL·E 专有参数
-- `images.generations` 对账号套餐有要求；`free` 账号会被网关直接拦截并返回“不支持图片生成”
+- `images.edits` 当前只支持 `application/json`，暂不支持 `multipart/form-data`、`mask` 和 `file_id`
+- `images.generations` / `images.edits` 对账号套餐有要求；`free` 账号会被网关直接拦截并返回“不支持图片生成”
 - 网关当前默认面向本地单用户使用
 
 ## 兼容说明
 
-代码里仍然保留了 `login`、`status`、`models`、`ask`、`serve`、`clear` 等 CLI 命令，主要用于调试、兼容和后续扩展。
+代码里仍然保留了 `login`、`status`、`models`、`profiles`、`ask`、`serve`、`clear` 等 CLI 命令，主要用于调试、兼容和后续扩展。
+
+账号 JSON 也可以通过 CLI 导入/导出：
+
+```bash
+azt profiles import ./profile.json
+azt profiles export active ./profile.json
+azt profiles export all ./profiles.json
+azt profiles export "openai-codex:<accountId>" ./profile.json
+```
 
 README 不再把这些命令作为推荐使用方式。默认使用路径就是：
 

package/dist/cli/commands/help.js

@@ -5,6 +5,9 @@ function printHelp() {
   azt login
   azt models
   azt models --refresh
+  azt profiles import ./profile.json
+  azt profiles export active ./profile.json
+  azt profiles export all ./profiles.json
   azt status
   azt ask "\u4F60\u597D\uFF0C\u8BF7\u7B80\u5355\u4ECB\u7ECD\u4E00\u4E0B\u81EA\u5DF1"
   azt ask --model gpt-5.3-codex "\u4F60\u597D"
@@ -18,6 +21,7 @@ function printHelp() {
 
   login   \u8D70\u771F\u5B9E OpenAI Codex OAuth\uFF0C\u65B0\u589E\u5E76\u4FDD\u5B58\u4E00\u4E2A\u8D26\u53F7 profile
   models  \u67E5\u770B\u5F53\u524D\u53EF\u7528\u6A21\u578B\u5217\u8868\uFF1B\u4F18\u5148\u8BFB\u53D6 ~/.codex/models_cache.json\uFF0C--refresh \u53EF\u624B\u52A8\u91CD\u8BFB
+  profiles \u5BFC\u5165/\u5BFC\u51FA\u8D26\u53F7 JSON\uFF1B\u5BFC\u51FA\u6587\u4EF6\u5305\u542B\u5B8C\u6574 refresh token\uFF0C\u8BF7\u53EA\u5206\u4EAB\u7ED9\u53EF\u4FE1\u5BF9\u8C61
   status  \u67E5\u770B\u5F53\u524D demo \u5F53\u524D\u6FC0\u6D3B\u8D26\u53F7\u3001\u8D26\u53F7\u6570\u91CF\u548C\u8FC7\u671F\u65F6\u95F4
   ask     \u7528\u4FDD\u5B58\u7684 token \u8C03\u771F\u5B9E Codex Responses API
           \u5B9E\u9A8C\u6A21\u5F0F\u53EF\u7528 --payload-file \u900F\u4F20\u989D\u5916\u8BF7\u6C42\u4F53\uFF0C\u914D\u5408 --dump-raw / --print-raw \u89C2\u5BDF SSE \u539F\u59CB\u4E8B\u4EF6

package/dist/cli/commands/profiles.js

@@ -0,0 +1,63 @@
+#!/usr/bin/env node
+import fs from "node:fs/promises";
+import { createGatewayContext } from "../../core/context.js";
+import { formatExpiry } from "../shared.js";
+function printProfilesHelp() {
+  console.log(`\u7528\u6CD5:
+
+  azt profiles import ./profile.json
+  azt profiles export active ./profile.json
+  azt profiles export all ./profiles.json
+  azt profiles export <profileId> ./profile.json
+
+\u8BF4\u660E:
+
+  import  \u5BFC\u5165\u5916\u90E8\u8D26\u53F7 JSON\uFF0C\u652F\u6301\u5355\u4E2A\u5BF9\u8C61\u3001\u5BF9\u8C61\u6570\u7EC4\u6216 { "profiles": [...] }
+  export  \u5BFC\u51FA\u5F53\u524D\u8D26\u53F7\u3001\u5168\u90E8\u8D26\u53F7\u6216\u6307\u5B9A profileId \u7684\u5B8C\u6574\u51ED\u636E JSON
+`);
+}
+async function runProfilesCommand(argv) {
+  const [action, target, outputPath] = argv;
+  const ctx = createGatewayContext();
+  if (action === "import") {
+    if (!target) {
+      throw new Error("\u7F3A\u5C11\u5BFC\u5165\u6587\u4EF6\u8DEF\u5F84\u3002\u7528\u6CD5: azt profiles import ./profile.json");
+    }
+    const raw = await fs.readFile(target, "utf8");
+    const profiles = await ctx.authService.importProfiles(JSON.parse(raw));
+    console.log(`\u8D26\u53F7\u5BFC\u5165\u6210\u529F\uFF0C\u5171 ${profiles.length} \u4E2A\u3002`);
+    for (const profile of profiles) {
+      console.log(`profileId: ${profile.profileId}`);
+      console.log(`accountId: ${profile.accountId}`);
+      if (profile.email) {
+        console.log(`email: ${profile.email}`);
+      }
+      console.log(`expires: ${formatExpiry(profile.expires)}`);
+    }
+    return;
+  }
+  if (action === "export") {
+    const isAll = target === "all";
+    const profileId = outputPath && target !== "active" && !isAll ? target : void 0;
+    const resolvedOutputPath = outputPath ?? (target !== "active" && !isAll ? target : void 0);
+    if (!resolvedOutputPath) {
+      throw new Error("\u7F3A\u5C11\u5BFC\u51FA\u6587\u4EF6\u8DEF\u5F84\u3002\u7528\u6CD5: azt profiles export active ./profile.json");
+    }
+    const exported = isAll ? await ctx.authService.exportProfiles() : await ctx.authService.exportProfile(profileId);
+    await fs.writeFile(resolvedOutputPath, `${JSON.stringify(exported, null, 2)}
+`, "utf8");
+    console.log("\u8D26\u53F7\u5BFC\u51FA\u6210\u529F\u3002");
+    if ("profiles" in exported) {
+      console.log(`profileCount: ${exported.profiles.length}`);
+    } else {
+      console.log(`profileId: ${exported.profile_id}`);
+      console.log(`accountId: ${exported.account_id}`);
+    }
+    console.log(`file: ${resolvedOutputPath}`);
+    return;
+  }
+  printProfilesHelp();
+}
+export {
+  runProfilesCommand
+};

package/dist/cli/index.js

@@ -4,6 +4,7 @@ import { runClearCommand } from "./commands/clear.js";
 import { printHelp } from "./commands/help.js";
 import { runLoginCommand } from "./commands/login.js";
 import { runModelsCommand } from "./commands/models.js";
+import { runProfilesCommand } from "./commands/profiles.js";
 import { runServeCommand } from "./commands/serve.js";
 import { runStartCommand } from "./commands/start.js";
 import { runStatusCommand } from "./commands/status.js";
@@ -19,6 +20,9 @@ async function runCli(argv = process.argv.slice(2)) {
     case "models":
       await runModelsCommand(rest);
       return;
+    case "profiles":
+      await runProfilesCommand(rest);
+      return;
     case "ask":
       await runAskCommand(rest);
       return;

package/dist/core/providers/openai-codex/oauth.js

@@ -80,7 +80,7 @@ function parseAuthorizationInput(value) {
   }
   return { code: trimmed };
 }
-function extractProfile(accessToken, refreshToken, expires) {
+function extractProfile(accessToken, refreshToken, expires, idToken) {
   const payload = decodeJwtPayload(accessToken);
   const authClaim = payload?.[JWT_CLAIM_PATH];
   const accountId = authClaim?.chatgpt_account_id;
@@ -94,6 +94,7 @@ function extractProfile(accessToken, refreshToken, expires) {
     mode: "oauth_account",
     access: accessToken,
     refresh: refreshToken,
+    idToken,
     expires,
     accountId,
     email
@@ -124,6 +125,7 @@ async function exchangeAuthorizationCode(code, verifier) {
   return {
     access: json.access_token,
     refresh: json.refresh_token,
+    idToken: json.id_token,
     expires: Date.now() + json.expires_in * 1e3
   };
 }
@@ -150,7 +152,8 @@ async function refreshOpenAICodexToken(profile) {
   return extractProfile(
     json.access_token,
     json.refresh_token,
-    Date.now() + json.expires_in * 1e3
+    Date.now() + json.expires_in * 1e3,
+    json.id_token ?? profile.idToken
   );
 }
 function tryOpenBrowser(url) {
@@ -284,7 +287,7 @@ async function loginOpenAICodex() {
     console.log("\u5DF2\u6536\u5230\u6388\u6743\u56DE\u8C03\uFF0C\u6B63\u5728\u4EA4\u6362 access token...");
     const token = await exchangeAuthorizationCode(code, verifier);
     console.log("token \u4EA4\u6362\u6210\u529F\uFF0C\u6B63\u5728\u89E3\u6790\u8D26\u53F7\u4FE1\u606F...");
-    return extractProfile(token.access, token.refresh, token.expires);
+    return extractProfile(token.access, token.refresh, token.expires, token.idToken);
   } finally {
     callbackServer.close();
   }

package/dist/core/services/auth-service.js

@@ -13,6 +13,17 @@ import {
   refreshOpenAICodexToken
 } from "../providers/openai-codex/oauth.js";
 import { askOpenAICodex } from "../providers/openai-codex/chat.js";
+import {
+  applyProfileToCodexAuth,
+  getCodexAuthStatus
+} from "../store/codex-auth-store.js";
+import {
+  exportProfilesToJson,
+  exportProfileToJson,
+  getProfileImportTemplate,
+  importProfileFromJson,
+  importProfilesFromJson
+} from "../store/profile-transfer.js";
 class AuthService {
   constructor(configService) {
     this.configService = configService;
@@ -50,6 +61,53 @@ class AuthService {
     await saveProfile(profile);
     return this.toManagedProfile(profile);
   }
+  async importProfile(value, provider = "openai-codex") {
+    if (provider !== "openai-codex") {
+      throw new Error(`\u6682\u4E0D\u652F\u6301 provider: ${provider}`);
+    }
+    const profile = importProfileFromJson(value);
+    await saveProfile(profile);
+    return this.toManagedProfile(profile);
+  }
+  async importProfiles(value, provider = "openai-codex") {
+    if (provider !== "openai-codex") {
+      throw new Error(`\u6682\u4E0D\u652F\u6301 provider: ${provider}`);
+    }
+    const profiles = importProfilesFromJson(value);
+    for (const profile of profiles) {
+      await saveProfile(profile);
+    }
+    return profiles.map((profile) => this.toManagedProfile(profile));
+  }
+  async exportProfile(profileId, provider = "openai-codex") {
+    const profiles = await listProfiles();
+    const activeProfile = await this.getActiveProfile(provider);
+    const targetProfileId = profileId?.trim() || activeProfile?.profileId;
+    const profile = profiles.find((item) => item.provider === provider && item.profileId === targetProfileId);
+    if (!profile) {
+      throw new Error(targetProfileId ? `\u6CA1\u6709\u627E\u5230\u53EF\u5BFC\u51FA\u7684\u8D26\u53F7: ${targetProfileId}` : "\u6CA1\u6709\u53EF\u5BFC\u51FA\u7684\u5F53\u524D\u8D26\u53F7\u3002");
+    }
+    return exportProfileToJson(profile);
+  }
+  async exportProfiles(profileIds, provider = "openai-codex") {
+    const profiles = await listProfiles();
+    const idSet = profileIds && profileIds.length > 0 ? new Set(profileIds.map((item) => item.trim()).filter(Boolean)) : null;
+    const selected = profiles.filter((item) => item.provider === provider).filter((item) => !idSet || idSet.has(item.profileId));
+    if (selected.length === 0) {
+      throw new Error("\u6CA1\u6709\u627E\u5230\u53EF\u5BFC\u51FA\u7684\u8D26\u53F7\u3002");
+    }
+    return exportProfilesToJson(selected);
+  }
+  getProfileImportTemplate() {
+    return getProfileImportTemplate();
+  }
+  async getCodexStatus() {
+    return getCodexAuthStatus();
+  }
+  async applyProfileToCodex(profileId, provider = "openai-codex") {
+    const profile = await this.requireFreshProfileWithIdToken(profileId, provider);
+    return applyProfileToCodexAuth(profile);
+  }
   async getActiveProfile(provider = "openai-codex") {
     const profile = await getActiveProfile();
     if (!profile || profile.provider !== provider) {
@@ -105,6 +163,22 @@ class AuthService {
     await saveProfile(refreshed);
     return this.toManagedProfile(refreshed);
   }
+  async requireFreshProfileWithIdToken(profileId, provider = "openai-codex") {
+    const profiles = await listProfiles();
+    const profile = profiles.find((item) => item.provider === provider && item.profileId === profileId);
+    if (!profile) {
+      throw new Error(`\u6CA1\u6709\u627E\u5230\u8D26\u53F7: ${profileId}`);
+    }
+    if (profile.idToken && Date.now() < profile.expires) {
+      return this.toManagedProfile(profile);
+    }
+    const refreshed = await refreshOpenAICodexToken(profile);
+    await saveProfile(refreshed);
+    if (!refreshed.idToken) {
+      throw new Error("\u5237\u65B0 token \u6210\u529F\uFF0C\u4F46\u4E0A\u6E38\u6CA1\u6709\u8FD4\u56DE id_token\u3002");
+    }
+    return this.toManagedProfile(refreshed);
+  }
   async logoutAll() {
     await clearStore();
   }

package/dist/core/services/image-service.js

@@ -280,7 +280,8 @@ class ImageService {
       background: request.background ?? "default",
       outputFormat: request.outputFormat ?? "default",
       outputCompression: typeof request.outputCompression === "number" ? request.outputCompression : void 0,
-      moderation: request.moderation ?? "default"
+      moderation: request.moderation ?? "default",
+      inputImageCount: request.inputImages?.length ?? 0
     };
     console.info("[gateway:image] upstream request", requestSummary);
     const tool = {
@@ -305,6 +306,9 @@ class ImageService {
     if (request.moderation) {
       tool.moderation = request.moderation;
     }
+    if (request.inputImages && request.inputImages.length > 0) {
+      tool.action = "edit";
+    }
     for (let attempt = 1; attempt <= IMAGE_GENERATION_MAX_ATTEMPTS; attempt += 1) {
       let result;
       try {
@@ -320,7 +324,11 @@ class ImageService {
                   {
                     type: "input_text",
                     text: request.prompt
-                  }
+                  },
+                  ...(request.inputImages ?? []).map((image) => ({
+                    type: "input_image",
+                    image_url: image.imageUrl
+                  }))
                 ]
               }
             ],

package/dist/core/store/codex-auth-store.js

@@ -0,0 +1,94 @@
+#!/usr/bin/env node
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+function getCodexHomeDir() {
+  return process.env.CODEX_HOME || path.join(os.homedir(), ".codex");
+}
+function getCodexAuthPath() {
+  return path.join(getCodexHomeDir(), "auth.json");
+}
+function createBackupSuffix() {
+  return (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+async function readCodexAuth() {
+  try {
+    const raw = await fs.readFile(getCodexAuthPath(), "utf8");
+    const parsed = JSON.parse(raw);
+    return isRecord(parsed) ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+async function getCodexAuthStatus() {
+  const authPath = getCodexAuthPath();
+  const auth = await readCodexAuth();
+  if (!auth) {
+    return {
+      path: authPath,
+      exists: false,
+      hasIdToken: false
+    };
+  }
+  const tokens = isRecord(auth.tokens) ? auth.tokens : {};
+  return {
+    path: authPath,
+    exists: true,
+    accountId: typeof tokens.account_id === "string" ? tokens.account_id : void 0,
+    hasIdToken: typeof tokens.id_token === "string" && tokens.id_token.length > 0,
+    lastRefresh: typeof auth.last_refresh === "string" ? auth.last_refresh : void 0
+  };
+}
+async function applyProfileToCodexAuth(profile) {
+  if (!profile.idToken) {
+    throw new Error("\u5F53\u524D\u8D26\u53F7\u7F3A\u5C11 id_token\u3002\u8BF7\u5148\u5237\u65B0\u8D26\u53F7 token \u6216\u91CD\u65B0\u5BFC\u5165\u5305\u542B id_token \u7684\u8D26\u53F7 JSON\u3002");
+  }
+  const authPath = getCodexAuthPath();
+  const codexHomeDir = path.dirname(authPath);
+  await fs.mkdir(codexHomeDir, { recursive: true });
+  let backupPath;
+  try {
+    await fs.access(authPath);
+    backupPath = `${authPath}.azt-backup-${createBackupSuffix()}`;
+    await fs.copyFile(authPath, backupPath);
+  } catch {
+    backupPath = void 0;
+  }
+  const authFile = {
+    auth_mode: "chatgpt",
+    OPENAI_API_KEY: null,
+    tokens: {
+      id_token: profile.idToken,
+      access_token: profile.access,
+      refresh_token: profile.refresh,
+      account_id: profile.accountId
+    },
+    last_refresh: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  const tmpPath = `${authPath}.tmp-${process.pid}`;
+  await fs.writeFile(tmpPath, `${JSON.stringify(authFile, null, 2)}
+`, {
+    encoding: "utf8",
+    mode: 384
+  });
+  await fs.rename(tmpPath, authPath);
+  await fs.chmod(authPath, 384);
+  return {
+    path: authPath,
+    exists: true,
+    accountId: profile.accountId,
+    hasIdToken: true,
+    lastRefresh: authFile.last_refresh,
+    backupPath,
+    appliedProfileId: profile.profileId,
+    appliedEmail: profile.email
+  };
+}
+export {
+  applyProfileToCodexAuth,
+  getCodexAuthPath,
+  getCodexAuthStatus
+};

package/dist/core/store/profile-transfer.js

@@ -0,0 +1,146 @@
+#!/usr/bin/env node
+const AUTH_CLAIM_PATH = "https://api.openai.com/auth";
+const PROFILE_CLAIM_PATH = "https://api.openai.com/profile";
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function decodeJwtPayload(token) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+      return null;
+    }
+    const payload = parts[1] ?? "";
+    const normalized = payload.replace(/-/g, "+").replace(/_/g, "/");
+    const padding = normalized.length % 4 === 0 ? "" : "=".repeat(4 - normalized.length % 4);
+    return JSON.parse(Buffer.from(normalized + padding, "base64").toString("utf8"));
+  } catch {
+    return null;
+  }
+}
+function getString(value) {
+  return typeof value === "string" && value.trim() ? value.trim() : void 0;
+}
+function getNumber(value) {
+  return typeof value === "number" && Number.isFinite(value) ? value : void 0;
+}
+function extractAccountId(payload, fallback) {
+  const authClaim = payload?.[AUTH_CLAIM_PATH];
+  const accountId = isRecord(authClaim) ? getString(authClaim.chatgpt_account_id) : void 0;
+  const fallbackAccountId = getString(fallback);
+  const resolved = accountId ?? fallbackAccountId;
+  if (!resolved) {
+    throw new Error("\u5BFC\u5165\u5931\u8D25: \u65E0\u6CD5\u4ECE access_token \u4E2D\u63D0\u53D6 accountId\u3002");
+  }
+  return resolved;
+}
+function extractEmail(payload, fallback) {
+  const profileClaim = payload?.[PROFILE_CLAIM_PATH];
+  const profileEmail = isRecord(profileClaim) ? getString(profileClaim.email) : void 0;
+  return profileEmail ?? getString(payload?.email) ?? getString(fallback);
+}
+function parseExpiry(input, payload) {
+  const jwtExp = getNumber(payload?.exp);
+  if (jwtExp) {
+    return jwtExp * 1e3;
+  }
+  const directExpires = getNumber(input.expires);
+  if (directExpires) {
+    return directExpires > 1e10 ? directExpires : directExpires * 1e3;
+  }
+  const expiresAt = getNumber(input.expires_at);
+  if (expiresAt) {
+    return expiresAt > 1e10 ? expiresAt : expiresAt * 1e3;
+  }
+  const expired = getString(input.expired) ?? getString(input.expiresAt);
+  if (expired) {
+    const parsed = Date.parse(expired);
+    if (Number.isFinite(parsed)) {
+      return parsed;
+    }
+  }
+  throw new Error("\u5BFC\u5165\u5931\u8D25: \u7F3A\u5C11\u6709\u6548\u7684\u8FC7\u671F\u65F6\u95F4\u3002");
+}
+function importProfileFromJson(value) {
+  if (!isRecord(value)) {
+    throw new Error("\u5BFC\u5165\u5931\u8D25: JSON \u6839\u8282\u70B9\u5FC5\u987B\u662F\u5BF9\u8C61\u3002");
+  }
+  const access = getString(value.access_token) ?? getString(value.access);
+  const refresh = getString(value.refresh_token) ?? getString(value.refresh);
+  const idToken = getString(value.id_token) ?? getString(value.idToken);
+  if (!access || !refresh) {
+    throw new Error("\u5BFC\u5165\u5931\u8D25: \u7F3A\u5C11 access_token/access \u6216 refresh_token/refresh\u3002");
+  }
+  const payload = decodeJwtPayload(access);
+  const accountId = extractAccountId(payload, value.account_id ?? value.accountId);
+  const email = extractEmail(payload, value.email);
+  const expires = parseExpiry(value, payload);
+  return {
+    provider: "openai-codex",
+    profileId: `openai-codex:${accountId}`,
+    mode: "oauth_account",
+    access,
+    refresh,
+    idToken,
+    expires,
+    accountId,
+    email
+  };
+}
+function importProfilesFromJson(value) {
+  const items = Array.isArray(value) ? value : isRecord(value) && Array.isArray(value.profiles) ? value.profiles : [value];
+  return items.map((item, index) => {
+    try {
+      return importProfileFromJson(item);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new Error(`\u7B2C ${index + 1} \u4E2A\u8D26\u53F7${message.startsWith("\u5BFC\u5165\u5931\u8D25") ? message : `\u5BFC\u5165\u5931\u8D25: ${message}`}`);
+    }
+  });
+}
+function exportProfileToJson(profile) {
+  return {
+    type: "codex",
+    access_token: profile.access,
+    refresh_token: profile.refresh,
+    id_token: profile.idToken,
+    expired: new Date(profile.expires).toISOString(),
+    email: profile.email,
+    account_id: profile.accountId,
+    profile_id: profile.profileId,
+    exported_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function exportProfilesToJson(profiles) {
+  return {
+    type: "codex_profiles",
+    exported_at: (/* @__PURE__ */ new Date()).toISOString(),
+    profiles: profiles.map((profile) => exportProfileToJson(profile))
+  };
+}
+function getProfileImportTemplate() {
+  return {
+    type: "codex_profiles",
+    exported_at: (/* @__PURE__ */ new Date(0)).toISOString(),
+    profiles: [
+      {
+        type: "codex",
+        access_token: "eyJ...access_token",
+        refresh_token: "rt_...",
+        id_token: "eyJ...id_token",
+        expired: "2026-05-04T22:13:00.000Z",
+        email: "user@example.com",
+        account_id: "\u53EF\u9009\uFF0C\u901A\u5E38\u4F1A\u4ECE access_token \u81EA\u52A8\u89E3\u6790",
+        profile_id: "\u53EF\u9009\uFF0C\u5BFC\u5165\u65F6\u4F1A\u6309 account_id \u81EA\u52A8\u751F\u6210",
+        exported_at: (/* @__PURE__ */ new Date(0)).toISOString()
+      }
+    ]
+  };
+}
+export {
+  exportProfileToJson,
+  exportProfilesToJson,
+  getProfileImportTemplate,
+  importProfileFromJson,
+  importProfilesFromJson
+};