ai-zero-token 1.0.6 → 1.0.7

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 1.0.7 - 2026-04-29
+
+- Added JSON `POST /v1/images/edits` support for image-to-image workflows with URL, base64 data URL, or raw base64 image references.
+- Added management-page Edits test examples and documented the JSON image editing request format.
+- Added `id_token` persistence for login, refresh, import, export, and account transfer JSON.
+- Added "Apply to Codex" account action to back up and update local `~/.codex/auth.json` for new Codex sessions.
+- Updated the local AI-Zero-Token skill documentation package with image editing and Codex account switching guidance.
+
 ## 1.0.6 - 2026-04-28
 
 - Added account JSON import/export support in the management page.

package/README.md

@@ -7,6 +7,7 @@ AI Zero Token 是一个本地优先的单用户 AI CLI 和本地网关。
 它把账号授权能力整理成 OpenAI 风格接口，重点是把图片生成能力也代理出来：
 
 - `POST /v1/images/generations`
+- `POST /v1/images/edits`
 - `POST /v1/responses`
 - `POST /v1/chat/completions`
 - `GET /v1/models`
@@ -15,9 +16,10 @@ AI Zero Token 是一个本地优先的单用户 AI CLI 和本地网关。
 
 ## 这次迭代亮点
 
-- 直接代理 `gpt-image-2`，把图片生成能力暴露成 OpenAI 风格 `images.generations` 接口
+- 直接代理 `gpt-image-2`，把图片生成能力暴露成 OpenAI 风格 `images.generations` / `images.edits` 接口
 - 启动 `azt start` 后即可获得本地管理页和本地网关，适合脚本、前端和自动化流程接入
 - 支持多账号保存、切换当前账号、查看账号套餐 plan，以及当前账号是否支持生图
+- 支持账号 JSON 批量导入/勾选导出，并可一键把已保存账号应用到本机 Codex
 - 模型列表会优先同步本机 `~/.codex/models_cache.json`，不需要每次为新模型重新 build
 - 管理页会每 10 分钟自动同步额度快照和版本状态，并提示当前版本是否可更新
 - `free` 账号会在管理页直接预警，并在网关层明确拦截生图请求
@@ -222,6 +224,7 @@ azt start
 - 在多个已保存账号之间切换当前使用账号
 - 在“新增账号”里选择 OAuth 登录，或粘贴外部账号 JSON 批量导入
 - 导出单个账号，或勾选多个账号后批量导出所选账号 JSON
+- 将任一已保存账号“应用到 Codex”，自动备份并更新本机 `~/.codex/auth.json`
 - 删除单个本地账号，或一键清空全部本地账号
 - 切换默认模型
 - 测试 `models` / `responses` / `chat.completions`
@@ -231,6 +234,8 @@ azt start
 
 导出的账号 JSON 包含完整 `access_token` 和 `refresh_token`，等同于账号登录凭据，只适合在可信环境中传递。
 
+账号卡片里的“应用到 Codex”会把该账号的 `access_token`、`refresh_token`、`id_token` 和 `account_id` 写入本机 Codex 的 `~/.codex/auth.json`。写入前会自动备份原文件；新开的 Codex 会话会使用该账号。
+
 如果当前网络访问海外上游不稳定，可以在管理页的“接口测试 / 系统设置”区域启用“上游代理”，并填写你自己的代理地址。保存后，OAuth 换取 token、模型刷新和接口转发都会通过该代理访问上游；本地管理页和 `127.0.0.1` 默认保持直连。
 
 默认监听地址：
@@ -322,9 +327,28 @@ curl http://127.0.0.1:8787/v1/images/generations \
 响应会返回 OpenAI 同类型结构的 `data[].b64_json`。如果你在管理页里测试，这张图片会直接显示预览。
 如果请求里不显式传 `model`，当前默认会使用 `gpt-image-2`。
 
+JSON 版 `images.edits` 支持通过 URL 或 base64 data URL 传参考图：
+
+```bash
+curl http://127.0.0.1:8787/v1/images/edits \
+  -H "content-type: application/json" \
+  -d '{
+    "model": "gpt-image-2",
+    "prompt": "参考这张图，生成一张更适合科技产品广告的版本。",
+    "images": [
+      {
+        "image_url": "data:image/png;base64,替换为你的图片base64"
+      }
+    ],
+    "size": "1024x1024",
+    "quality": "low",
+    "response_format": "b64_json"
+  }'
+```
+
 生图能力和账号套餐有关：
 
-- `plus` 或更高套餐账号可正常调用 `images.generations`
+- `plus` 或更高套餐账号可正常调用 `images.generations` / `images.edits`
 - `free` 账号不支持生图，网关会直接返回明确错误，而不是继续请求上游
 - 管理页会显示当前账号的 `plan` 和“生图能力”状态
 - 当当前账号是 `free` 且你选中 `Images` 测试时，“发送请求”按钮会被直接禁用
@@ -345,6 +369,7 @@ curl http://127.0.0.1:8787/v1/images/generations \
 - `POST /v1/responses`
 - `POST /v1/chat/completions`
 - `POST /v1/images/generations`
+- `POST /v1/images/edits`
 
 ### 7. 当前支持的主要参数
 
@@ -394,6 +419,24 @@ curl http://127.0.0.1:8787/v1/images/generations \
 - `response_format`
 - `user`
 
+`POST /v1/images/edits` 当前主要支持 JSON 请求：
+
+- `prompt`
+- `images`
+- `image`
+- `model`
+- `n`
+- `size`
+- `quality`
+- `background`
+- `output_format`
+- `output_compression`
+- `moderation`
+- `response_format`
+- `user`
+
+其中 `images` / `image` 支持 `image_url`，可以是 `https://...` URL、`data:image/...;base64,...`，或裸 base64 字符串。
+
 ### 8. 当前限制
 
 - `stream=true` 目前只识别，不返回真实流式结果
@@ -402,7 +445,8 @@ curl http://127.0.0.1:8787/v1/images/generations \
 - `images.generations` 暂不支持 `n > 1`
 - `images.generations` 当前只返回 `b64_json`，暂不支持托管图片 `url`
 - `images.generations` 当前只透传 GPT Image 路径，不兼容 DALL·E 专有参数
-- `images.generations` 对账号套餐有要求；`free` 账号会被网关直接拦截并返回“不支持图片生成”
+- `images.edits` 当前只支持 `application/json`，暂不支持 `multipart/form-data`、`mask` 和 `file_id`
+- `images.generations` / `images.edits` 对账号套餐有要求；`free` 账号会被网关直接拦截并返回“不支持图片生成”
 - 网关当前默认面向本地单用户使用
 
 ## 兼容说明

package/dist/core/providers/openai-codex/oauth.js

@@ -80,7 +80,7 @@ function parseAuthorizationInput(value) {
   }
   return { code: trimmed };
 }
-function extractProfile(accessToken, refreshToken, expires) {
+function extractProfile(accessToken, refreshToken, expires, idToken) {
   const payload = decodeJwtPayload(accessToken);
   const authClaim = payload?.[JWT_CLAIM_PATH];
   const accountId = authClaim?.chatgpt_account_id;
@@ -94,6 +94,7 @@ function extractProfile(accessToken, refreshToken, expires) {
     mode: "oauth_account",
     access: accessToken,
     refresh: refreshToken,
+    idToken,
     expires,
     accountId,
     email
@@ -124,6 +125,7 @@ async function exchangeAuthorizationCode(code, verifier) {
   return {
     access: json.access_token,
     refresh: json.refresh_token,
+    idToken: json.id_token,
     expires: Date.now() + json.expires_in * 1e3
   };
 }
@@ -150,7 +152,8 @@ async function refreshOpenAICodexToken(profile) {
   return extractProfile(
     json.access_token,
     json.refresh_token,
-    Date.now() + json.expires_in * 1e3
+    Date.now() + json.expires_in * 1e3,
+    json.id_token ?? profile.idToken
   );
 }
 function tryOpenBrowser(url) {
@@ -284,7 +287,7 @@ async function loginOpenAICodex() {
     console.log("\u5DF2\u6536\u5230\u6388\u6743\u56DE\u8C03\uFF0C\u6B63\u5728\u4EA4\u6362 access token...");
     const token = await exchangeAuthorizationCode(code, verifier);
     console.log("token \u4EA4\u6362\u6210\u529F\uFF0C\u6B63\u5728\u89E3\u6790\u8D26\u53F7\u4FE1\u606F...");
-    return extractProfile(token.access, token.refresh, token.expires);
+    return extractProfile(token.access, token.refresh, token.expires, token.idToken);
   } finally {
     callbackServer.close();
   }

package/dist/core/services/auth-service.js

@@ -13,6 +13,10 @@ import {
   refreshOpenAICodexToken
 } from "../providers/openai-codex/oauth.js";
 import { askOpenAICodex } from "../providers/openai-codex/chat.js";
+import {
+  applyProfileToCodexAuth,
+  getCodexAuthStatus
+} from "../store/codex-auth-store.js";
 import {
   exportProfilesToJson,
   exportProfileToJson,
@@ -97,6 +101,13 @@ class AuthService {
   getProfileImportTemplate() {
     return getProfileImportTemplate();
   }
+  async getCodexStatus() {
+    return getCodexAuthStatus();
+  }
+  async applyProfileToCodex(profileId, provider = "openai-codex") {
+    const profile = await this.requireFreshProfileWithIdToken(profileId, provider);
+    return applyProfileToCodexAuth(profile);
+  }
   async getActiveProfile(provider = "openai-codex") {
     const profile = await getActiveProfile();
     if (!profile || profile.provider !== provider) {
@@ -152,6 +163,22 @@ class AuthService {
     await saveProfile(refreshed);
     return this.toManagedProfile(refreshed);
   }
+  async requireFreshProfileWithIdToken(profileId, provider = "openai-codex") {
+    const profiles = await listProfiles();
+    const profile = profiles.find((item) => item.provider === provider && item.profileId === profileId);
+    if (!profile) {
+      throw new Error(`\u6CA1\u6709\u627E\u5230\u8D26\u53F7: ${profileId}`);
+    }
+    if (profile.idToken && Date.now() < profile.expires) {
+      return this.toManagedProfile(profile);
+    }
+    const refreshed = await refreshOpenAICodexToken(profile);
+    await saveProfile(refreshed);
+    if (!refreshed.idToken) {
+      throw new Error("\u5237\u65B0 token \u6210\u529F\uFF0C\u4F46\u4E0A\u6E38\u6CA1\u6709\u8FD4\u56DE id_token\u3002");
+    }
+    return this.toManagedProfile(refreshed);
+  }
   async logoutAll() {
     await clearStore();
   }

package/dist/core/services/image-service.js

@@ -280,7 +280,8 @@ class ImageService {
       background: request.background ?? "default",
       outputFormat: request.outputFormat ?? "default",
       outputCompression: typeof request.outputCompression === "number" ? request.outputCompression : void 0,
-      moderation: request.moderation ?? "default"
+      moderation: request.moderation ?? "default",
+      inputImageCount: request.inputImages?.length ?? 0
     };
     console.info("[gateway:image] upstream request", requestSummary);
     const tool = {
@@ -305,6 +306,9 @@ class ImageService {
     if (request.moderation) {
       tool.moderation = request.moderation;
     }
+    if (request.inputImages && request.inputImages.length > 0) {
+      tool.action = "edit";
+    }
     for (let attempt = 1; attempt <= IMAGE_GENERATION_MAX_ATTEMPTS; attempt += 1) {
       let result;
       try {
@@ -320,7 +324,11 @@ class ImageService {
                   {
                     type: "input_text",
                     text: request.prompt
-                  }
+                  },
+                  ...(request.inputImages ?? []).map((image) => ({
+                    type: "input_image",
+                    image_url: image.imageUrl
+                  }))
                 ]
               }
             ],

package/dist/core/store/codex-auth-store.js

@@ -0,0 +1,94 @@
+#!/usr/bin/env node
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+function getCodexHomeDir() {
+  return process.env.CODEX_HOME || path.join(os.homedir(), ".codex");
+}
+function getCodexAuthPath() {
+  return path.join(getCodexHomeDir(), "auth.json");
+}
+function createBackupSuffix() {
+  return (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+async function readCodexAuth() {
+  try {
+    const raw = await fs.readFile(getCodexAuthPath(), "utf8");
+    const parsed = JSON.parse(raw);
+    return isRecord(parsed) ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+async function getCodexAuthStatus() {
+  const authPath = getCodexAuthPath();
+  const auth = await readCodexAuth();
+  if (!auth) {
+    return {
+      path: authPath,
+      exists: false,
+      hasIdToken: false
+    };
+  }
+  const tokens = isRecord(auth.tokens) ? auth.tokens : {};
+  return {
+    path: authPath,
+    exists: true,
+    accountId: typeof tokens.account_id === "string" ? tokens.account_id : void 0,
+    hasIdToken: typeof tokens.id_token === "string" && tokens.id_token.length > 0,
+    lastRefresh: typeof auth.last_refresh === "string" ? auth.last_refresh : void 0
+  };
+}
+async function applyProfileToCodexAuth(profile) {
+  if (!profile.idToken) {
+    throw new Error("\u5F53\u524D\u8D26\u53F7\u7F3A\u5C11 id_token\u3002\u8BF7\u5148\u5237\u65B0\u8D26\u53F7 token \u6216\u91CD\u65B0\u5BFC\u5165\u5305\u542B id_token \u7684\u8D26\u53F7 JSON\u3002");
+  }
+  const authPath = getCodexAuthPath();
+  const codexHomeDir = path.dirname(authPath);
+  await fs.mkdir(codexHomeDir, { recursive: true });
+  let backupPath;
+  try {
+    await fs.access(authPath);
+    backupPath = `${authPath}.azt-backup-${createBackupSuffix()}`;
+    await fs.copyFile(authPath, backupPath);
+  } catch {
+    backupPath = void 0;
+  }
+  const authFile = {
+    auth_mode: "chatgpt",
+    OPENAI_API_KEY: null,
+    tokens: {
+      id_token: profile.idToken,
+      access_token: profile.access,
+      refresh_token: profile.refresh,
+      account_id: profile.accountId
+    },
+    last_refresh: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  const tmpPath = `${authPath}.tmp-${process.pid}`;
+  await fs.writeFile(tmpPath, `${JSON.stringify(authFile, null, 2)}
+`, {
+    encoding: "utf8",
+    mode: 384
+  });
+  await fs.rename(tmpPath, authPath);
+  await fs.chmod(authPath, 384);
+  return {
+    path: authPath,
+    exists: true,
+    accountId: profile.accountId,
+    hasIdToken: true,
+    lastRefresh: authFile.last_refresh,
+    backupPath,
+    appliedProfileId: profile.profileId,
+    appliedEmail: profile.email
+  };
+}
+export {
+  applyProfileToCodexAuth,
+  getCodexAuthPath,
+  getCodexAuthStatus
+};

package/dist/core/store/profile-transfer.js

@@ -67,6 +67,7 @@ function importProfileFromJson(value) {
   }
   const access = getString(value.access_token) ?? getString(value.access);
   const refresh = getString(value.refresh_token) ?? getString(value.refresh);
+  const idToken = getString(value.id_token) ?? getString(value.idToken);
   if (!access || !refresh) {
     throw new Error("\u5BFC\u5165\u5931\u8D25: \u7F3A\u5C11 access_token/access \u6216 refresh_token/refresh\u3002");
   }
@@ -80,6 +81,7 @@ function importProfileFromJson(value) {
     mode: "oauth_account",
     access,
     refresh,
+    idToken,
     expires,
     accountId,
     email
@@ -101,6 +103,7 @@ function exportProfileToJson(profile) {
     type: "codex",
     access_token: profile.access,
     refresh_token: profile.refresh,
+    id_token: profile.idToken,
     expired: new Date(profile.expires).toISOString(),
     email: profile.email,
     account_id: profile.accountId,
@@ -124,6 +127,7 @@ function getProfileImportTemplate() {
         type: "codex",
         access_token: "eyJ...access_token",
         refresh_token: "rt_...",
+        id_token: "eyJ...id_token",
         expired: "2026-05-04T22:13:00.000Z",
         email: "user@example.com",
         account_id: "\u53EF\u9009\uFF0C\u901A\u5E38\u4F1A\u4ECE access_token \u81EA\u52A8\u89E3\u6790",

package/dist/server/admin-page.js

@@ -1498,6 +1498,7 @@ function renderAdminPage() {
             <div class="tester-tabs" id="testerTabs">
               <button class="tab-btn is-active" type="button" data-endpoint="/v1/chat/completions">Chat</button>
               <button class="tab-btn" type="button" data-endpoint="/v1/images/generations">Images</button>
+              <button class="tab-btn" type="button" data-endpoint="/v1/images/edits">Edits</button>
               <button class="tab-btn" type="button" data-endpoint="/v1/responses">Responses</button>
               <button class="tab-btn" type="button" data-endpoint="/v1/models">Models</button>
             </div>
@@ -1545,6 +1546,7 @@ function renderAdminPage() {
               <button class="btn-secondary" type="button" data-example="/v1/responses">\u793A\u4F8B Responses</button>
               <button class="btn-secondary" type="button" data-example="/v1/chat/completions">\u793A\u4F8B Chat</button>
               <button class="btn-secondary" type="button" data-example="/v1/images/generations">\u793A\u4F8B Images</button>
+              <button class="btn-secondary" type="button" data-example="/v1/images/edits">\u793A\u4F8B Edits</button>
               <button class="btn-primary" id="runTestBtn" type="button">\u53D1\u9001\u8BF7\u6C42</button>
             </div>
 
@@ -1720,6 +1722,11 @@ function renderAdminPage() {
         tab: "Images",
         description: "\u517C\u5BB9 OpenAI images.generations \u63A5\u53E3\u3002",
       },
+      "/v1/images/edits": {
+        method: "POST",
+        tab: "Edits",
+        description: "\u517C\u5BB9 OpenAI images.edits JSON \u63A5\u53E3\u3002",
+      },
     };
 
     const endpointSelect = document.getElementById("endpointSelect");
@@ -2325,6 +2332,21 @@ function renderAdminPage() {
         });
       }
 
+      if (endpoint === "/v1/images/edits") {
+        return formatJson({
+          model: "gpt-image-2",
+          prompt: "\u53C2\u8003\u8FD9\u5F20\u56FE\u7247\uFF0C\u751F\u6210\u4E00\u5F20\u66F4\u9002\u5408\u79D1\u6280\u4EA7\u54C1\u5E7F\u544A\u7684\u7248\u672C\uFF0C\u4FDD\u7559\u4E3B\u4F53\u6784\u56FE\uFF0C\u589E\u5F3A\u5149\u7EBF\u548C\u8D28\u611F\u3002",
+          images: [
+            {
+              image_url: "data:image/png;base64,\u66FF\u6362\u4E3A\u4F60\u7684\u56FE\u7247base64",
+            },
+          ],
+          size: "1024x1024",
+          quality: "low",
+          response_format: "b64_json",
+        });
+      }
+
       return formatJson({
         model: model,
         input: "\u8BF7\u53EA\u56DE\u590D OK",
@@ -2336,6 +2358,10 @@ function renderAdminPage() {
       const avg = requests.length
         ? requests.reduce(function (sum, item) { return sum + (item.durationMs || 0); }, 0) / requests.length
         : 0;
+      const codexAccountId = config.codex && config.codex.accountId ? config.codex.accountId : "";
+      const codexProfile = codexAccountId && Array.isArray(config.profiles)
+        ? config.profiles.find(function (profile) { return profile.accountId === codexAccountId; })
+        : null;
 
       return [
         {
@@ -2357,6 +2383,12 @@ function renderAdminPage() {
           detail: "\u672A\u663E\u5F0F\u6307\u5B9A model \u65F6\u751F\u6548",
           compact: true,
         },
+        {
+          label: "Codex \u5F53\u524D\u8D26\u53F7",
+          value: codexProfile ? getProfileDisplayLabel(codexProfile) : (codexAccountId ? maskIdentifier(codexAccountId) : "\u672A\u68C0\u6D4B\u5230"),
+          detail: config.codex && config.codex.exists ? "\u6765\u81EA ~/.codex/auth.json" : "\u5C1A\u672A\u5E94\u7528\u5230 Codex",
+          compact: true,
+        },
         {
           label: "\u5F53\u524D\u7248\u672C",
           value: getVersionValue(config),
@@ -2550,6 +2582,7 @@ function renderAdminPage() {
           +   "</div>"
           +   '<div class="account-actions">'
           +     actionButton
+          +     '<button class="btn-secondary" type="button" data-profile-action="apply-codex" data-profile-id="' + escapeHtml(profile.profileId) + '">\u5E94\u7528\u5230 Codex</button>'
           +     '<button class="btn-secondary" type="button" data-profile-action="export" data-profile-id="' + escapeHtml(profile.profileId) + '">\u5BFC\u51FA</button>'
           +     '<button class="btn-danger" type="button" data-profile-action="remove" data-profile-id="' + escapeHtml(profile.profileId) + '">\u5220\u9664</button>'
           +   "</div>"
@@ -2561,13 +2594,15 @@ function renderAdminPage() {
       const profiles = Array.isArray(config.profiles) ? config.profiles : [];
       const now = Date.now();
       const seeds = profiles.slice(0, 5).map(function (profile, index) {
-        const endpoint = index % 4 === 0
+        const endpoint = index % 5 === 0
           ? "/v1/chat/completions"
-          : index % 4 === 1
+          : index % 5 === 1
             ? "/v1/responses"
-            : index % 4 === 2
+            : index % 5 === 2
               ? "/v1/models"
-              : "/v1/images/generations";
+              : index % 5 === 3
+                ? "/v1/images/generations"
+                : "/v1/images/edits";
         const method = endpointMeta[endpoint].method;
         return {
           time: now - index * 15 * 60 * 1000,
@@ -2575,7 +2610,7 @@ function renderAdminPage() {
           endpoint: endpoint,
           accountEmail: profile.email || "",
           accountFallback: profile.accountId || profile.profileId || "\u672A\u547D\u540D\u8D26\u53F7",
-          model: endpoint === "/v1/images/generations" ? "gpt-image-2" : config.settings.defaultModel,
+          model: endpoint.indexOf("/v1/images/") === 0 ? "gpt-image-2" : config.settings.defaultModel,
           statusCode: 200,
           durationMs: 860 + index * 230 + getPrimaryUsage(profile) * 8,
           source: index % 2 === 0 ? "\u7BA1\u7406\u9875" : "CLI",
@@ -2806,7 +2841,7 @@ function renderAdminPage() {
 
     function syncImageCapabilityHint(config) {
       const capability = getImageCapability(config ? config.profile : null);
-      const isImageEndpoint = endpointSelect.value === "/v1/images/generations";
+      const isImageEndpoint = endpointSelect.value === "/v1/images/generations" || endpointSelect.value === "/v1/images/edits";
       imageCapabilityHint.textContent = capability.detail;
       imageCapabilityHint.className = capability.supported && !isImageEndpoint ? "hint" : "hint warn";
       runTestBtn.disabled = isImageEndpoint && !capability.supported;
@@ -2987,6 +3022,10 @@ function renderAdminPage() {
         await exportProfile(profileId, button);
         return;
       }
+      if (action === "apply-codex") {
+        await applyProfileToCodex(profileId, button);
+        return;
+      }
 
       setBusy(button, true);
       authStatus.textContent = action === "activate" ? "\u6B63\u5728\u5207\u6362\u5F53\u524D\u8D26\u53F7..." : "\u6B63\u5728\u5220\u9664\u8D26\u53F7...";
@@ -3020,6 +3059,31 @@ function renderAdminPage() {
       }
     }
 
+    async function applyProfileToCodex(profileId, button) {
+      setBusy(button, true);
+      authStatus.textContent = "\u6B63\u5728\u5E94\u7528\u8D26\u53F7\u5230 Codex...";
+      try {
+        const result = await fetchJson("/_gateway/admin/codex/apply", {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+          },
+          body: formatJson({
+            profileId: profileId,
+          }),
+        });
+        const config = result.config || await fetchJson("/_gateway/admin/config");
+        renderConfig(config);
+        const codex = result.codex || config.codex || {};
+        authStatus.textContent = "\u5DF2\u5E94\u7528\u5230 Codex\u3002\u65B0\u5F00\u7684 Codex \u4F1A\u8BDD\u5C06\u4F7F\u7528\u8BE5\u8D26\u53F7\u3002"
+          + (codex.backupPath ? " \u5DF2\u5907\u4EFD\u539F auth.json\u3002" : "");
+      } catch (error) {
+        authStatus.textContent = error.message;
+      } finally {
+        setBusy(button, false);
+      }
+    }
+
     function downloadJsonFile(fileName, value) {
       const blob = new Blob([formatJson(value) + "\\n"], { type: "application/json" });
       const url = URL.createObjectURL(blob);

package/dist/server/app.js

@@ -85,6 +85,9 @@ const profileExportSchema = z.object({
   profileIds: z.array(z.string().min(1)).optional(),
   all: z.boolean().optional()
 });
+const codexApplySchema = z.object({
+  profileId: z.string().min(1)
+});
 const imageGenerationsBodySchema = z.object({
   prompt: z.string().min(1),
   model: z.string().optional(),
@@ -98,6 +101,29 @@ const imageGenerationsBodySchema = z.object({
   response_format: z.enum(["b64_json", "url"]).optional(),
   user: z.string().optional()
 }).passthrough();
+const imageReferenceSchema = z.union([
+  z.string().min(1),
+  z.object({
+    image_url: z.string().min(1).optional(),
+    file_id: z.string().min(1).optional()
+  }).passthrough()
+]);
+const imageEditsBodySchema = z.object({
+  prompt: z.string().min(1),
+  images: z.array(imageReferenceSchema).min(1).max(16).optional(),
+  image: z.union([imageReferenceSchema, z.array(imageReferenceSchema).min(1).max(16)]).optional(),
+  mask: imageReferenceSchema.optional(),
+  model: z.string().optional(),
+  n: z.number().int().positive().optional(),
+  quality: z.enum(["low", "medium", "high", "auto"]).optional(),
+  size: z.string().min(1).optional(),
+  background: z.enum(["transparent", "opaque", "auto"]).optional(),
+  output_format: z.enum(["png", "webp", "jpeg"]).optional(),
+  output_compression: z.number().int().min(0).max(100).optional(),
+  moderation: z.enum(["auto", "low"]).optional(),
+  response_format: z.enum(["b64_json", "url"]).optional(),
+  user: z.string().optional()
+}).passthrough();
 const chatCompletionExcludedKeys = /* @__PURE__ */ new Set([
   "messages",
   "n",
@@ -205,6 +231,46 @@ function summarizeImageRequestForLog(body) {
     user: body.user ?? void 0
   };
 }
+function getImageEditReferences(data) {
+  if (Array.isArray(data.images)) {
+    return data.images;
+  }
+  if (Array.isArray(data.image)) {
+    return data.image;
+  }
+  if (data.image) {
+    return [data.image];
+  }
+  return [];
+}
+function normalizeJsonImageReference(reference) {
+  if (typeof reference === "string") {
+    return {
+      imageUrl: normalizeJsonImageUrl(reference)
+    };
+  }
+  return {
+    imageUrl: reference.image_url ? normalizeJsonImageUrl(reference.image_url) : void 0,
+    fileId: reference.file_id
+  };
+}
+function normalizeJsonImageUrl(value) {
+  const trimmed = value.trim();
+  if (/^https?:\/\//i.test(trimmed) || /^data:image\//i.test(trimmed)) {
+    return trimmed;
+  }
+  if (/^[A-Za-z0-9+/=_-]+$/.test(trimmed) && trimmed.length > 80) {
+    return `data:image/png;base64,${trimmed}`;
+  }
+  return trimmed;
+}
+function summarizeImageEditRequestForLog(body) {
+  return {
+    ...summarizeImageRequestForLog(body),
+    imageCount: getImageEditReferences(body).length,
+    hasMask: Boolean(body.mask)
+  };
+}
 function buildResponseApiBody(result, includeRaw) {
   const responseBody = {
     object: "response",
@@ -266,6 +332,30 @@ function validateImageRequest(data) {
   }
   return null;
 }
+function validateImageEditRequest(data) {
+  const generationValidationError = validateImageRequest(data);
+  if (generationValidationError) {
+    return generationValidationError;
+  }
+  if (data.mask) {
+    return "\u5F53\u524D\u7F51\u5173\u7684 JSON \u7248 images.edits \u6682\u4E0D\u652F\u6301 mask\uFF1B\u8BF7\u5148\u4F7F\u7528\u53C2\u8003\u56FE\u7F16\u8F91\u3002";
+  }
+  const references = getImageEditReferences(data);
+  if (references.length === 0) {
+    return "images.edits \u8BF7\u6C42\u7F3A\u5C11 images \u6216 image\u3002";
+  }
+  const normalized = references.map((reference) => normalizeJsonImageReference(reference));
+  if (normalized.some((reference) => reference.fileId)) {
+    return "\u5F53\u524D\u7F51\u5173\u7684 JSON \u7248 images.edits \u6682\u4E0D\u652F\u6301 file_id\uFF0C\u8BF7\u4F7F\u7528 image_url URL \u6216 base64 data URL\u3002";
+  }
+  if (normalized.some((reference) => !reference.imageUrl)) {
+    return "images.edits \u7684\u6BCF\u4E2A\u56FE\u7247\u5F15\u7528\u90FD\u9700\u8981\u63D0\u4F9B image_url\u3002";
+  }
+  if (normalized.some((reference) => reference.imageUrl && !/^https?:\/\//i.test(reference.imageUrl) && !/^data:image\//i.test(reference.imageUrl))) {
+    return "images.edits \u7684 image_url \u9700\u8981\u662F http(s) URL\u3001data:image/...;base64,...\uFF0C\u6216\u88F8 base64 \u5B57\u7B26\u4E32\u3002";
+  }
+  return null;
+}
 function maskSecret(value) {
   if (value.length <= 12) {
     return value;
@@ -352,14 +442,15 @@ function createApp(params) {
     };
   });
   async function buildAdminConfig(request) {
-    const [status, models, modelCatalog, versionStatus, settings, profile, profiles] = await Promise.all([
+    const [status, models, modelCatalog, versionStatus, settings, profile, profiles, codexStatus] = await Promise.all([
       ctx.authService.getStatus(),
       ctx.modelService.listModels(),
       ctx.modelService.getCatalog(),
       ctx.versionService.getVersionStatus(),
       ctx.configService.getSettings(),
       ctx.authService.getActiveProfile(),
-      ctx.authService.listProfiles()
+      ctx.authService.listProfiles(),
+      ctx.authService.getCodexStatus()
     ]);
     const origin = resolveOrigin(request);
     return {
@@ -370,6 +461,7 @@ function createApp(params) {
       versionStatus,
       profile: serializeProfile(profile),
       profiles: profiles.map((item) => serializeManagedProfile(item)),
+      codex: codexStatus,
       adminUrl: `${origin}/`,
       baseUrl: `${origin}/v1`,
       supportedEndpoints: [
@@ -392,6 +484,11 @@ function createApp(params) {
           method: "POST",
           path: "/v1/images/generations",
           description: "OpenAI images.generations \u517C\u5BB9\u63A5\u53E3\u3002"
+        },
+        {
+          method: "POST",
+          path: "/v1/images/edits",
+          description: "OpenAI images.edits JSON \u517C\u5BB9\u63A5\u53E3\u3002"
         }
       ]
     };
@@ -518,6 +615,22 @@ function createApp(params) {
       profile: await ctx.authService.exportProfile(parsed.data.profileId)
     };
   });
+  app.post("/_gateway/admin/codex/apply", async (request, reply) => {
+    const parsed = codexApplySchema.safeParse(request.body);
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    return {
+      codex: await ctx.authService.applyProfileToCodex(parsed.data.profileId),
+      config: await buildAdminConfig(request)
+    };
+  });
   app.put("/_gateway/admin/settings", async (request, reply) => {
     const parsed = settingsUpdateSchema.safeParse(request.body);
     if (!parsed.success) {
@@ -733,6 +846,96 @@ function createApp(params) {
     });
     return response;
   });
+  app.post("/v1/images/edits", async (request, reply) => {
+    const contentType = request.headers["content-type"] ?? "";
+    if (!String(contentType).toLowerCase().includes("application/json")) {
+      reply.code(415);
+      return {
+        error: {
+          type: "unsupported_media_type",
+          message: "\u5F53\u524D\u7F51\u5173\u4EC5\u652F\u6301 JSON \u7248 images.edits\uFF1B\u8BF7\u4F7F\u7528 application/json\uFF0C\u5E76\u901A\u8FC7 images[].image_url \u4F20 URL \u6216 base64 data URL\u3002"
+        }
+      };
+    }
+    const parsed = imageEditsBodySchema.safeParse(request.body);
+    if (!parsed.success) {
+      console.error("[gateway:image:edit] validation failure", {
+        method: request.method,
+        url: request.url,
+        issue: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+      });
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    const validationError = validateImageEditRequest(parsed.data);
+    if (validationError) {
+      console.error("[gateway:image:edit] validation failure", {
+        method: request.method,
+        url: request.url,
+        summary: summarizeImageEditRequestForLog(parsed.data),
+        issue: validationError
+      });
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: validationError
+        }
+      };
+    }
+    if (typeof parsed.data.n === "number" && parsed.data.n > 1) {
+      console.error("[gateway:image:edit] not supported", {
+        method: request.method,
+        url: request.url,
+        summary: summarizeImageEditRequestForLog(parsed.data),
+        issue: "\u5F53\u524D\u7F51\u5173\u6682\u4E0D\u652F\u6301 images.edits \u4E00\u6B21\u8FD4\u56DE\u591A\u5F20\u56FE\uFF08n > 1\uFF09"
+      });
+      reply.code(501);
+      return {
+        error: {
+          type: "not_supported",
+          message: "\u5F53\u524D\u7F51\u5173\u6682\u4E0D\u652F\u6301 images.edits \u4E00\u6B21\u8FD4\u56DE\u591A\u5F20\u56FE\uFF08n > 1\uFF09"
+        }
+      };
+    }
+    const imageReferences = getImageEditReferences(parsed.data).map((reference) => normalizeJsonImageReference(reference)).map((reference) => ({
+      imageUrl: reference.imageUrl ?? ""
+    }));
+    const requestSummary = summarizeImageEditRequestForLog(parsed.data);
+    console.info("[gateway:image:edit] request accepted", {
+      method: request.method,
+      url: request.url,
+      summary: requestSummary
+    });
+    const response = await ctx.imageService.generate({
+      prompt: parsed.data.prompt,
+      inputImages: imageReferences,
+      model: parsed.data.model,
+      n: parsed.data.n,
+      size: parsed.data.size,
+      quality: parsed.data.quality,
+      background: parsed.data.background,
+      outputFormat: parsed.data.output_format,
+      outputCompression: parsed.data.output_compression,
+      moderation: parsed.data.moderation
+    });
+    console.info("[gateway:image:edit] response ready", {
+      method: request.method,
+      url: request.url,
+      summary: requestSummary,
+      created: response.created,
+      imageCount: response.data.length,
+      output_format: response.output_format,
+      quality: response.quality,
+      size: response.size
+    });
+    return response;
+  });
   return app;
 }
 export {

package/docs/API_USAGE.md

@@ -91,6 +91,25 @@ curl http://127.0.0.1:8787/v1/images/generations \
   }'
 ```
 
+JSON image edit with a reference image URL or base64 data URL:
+
+```bash
+curl http://127.0.0.1:8787/v1/images/edits \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gpt-image-2",
+    "prompt": "Use this reference image and make it look like a clean product advertisement.",
+    "images": [
+      {
+        "image_url": "data:image/png;base64,REPLACE_WITH_IMAGE_BASE64"
+      }
+    ],
+    "size": "1024x1024",
+    "quality": "low",
+    "response_format": "b64_json"
+  }'
+```
+
 ## JavaScript SDK Example
 
 ```ts
@@ -117,4 +136,3 @@ console.log(response.choices[0]?.message?.content);
 - A model appearing in `/v1/models` means the local Codex cache lists it. Final availability still depends on the active account.
 - `stream=true` is not supported yet.
 - The default listener is `0.0.0.0:8787`, so local-network clients can call the gateway by using the machine IP.
-

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "ai-zero-token",
-  "version": "1.0.6",
-  "description": "Local-first OpenAI-compatible AI CLI and gateway with Codex OAuth, multi-account management, and gpt-image-2 image generation.",
+  "version": "1.0.7",
+  "description": "Local-first OpenAI-compatible AI CLI and gateway with Codex OAuth, multi-account management, and gpt-image-2 image generation/editing.",
   "license": "MIT",
   "type": "module",
   "repository": {