Cockpit Tools v0.22.18

更新日志（中文）

[0.22.18] - 2026-05-04

新增

• Codex 本地 API 服务现已支持官方生图 API 路径：本地网关会暴露 gpt-image-2，支持 /v1/images/generations 与 /v1/images/edits，并将图片请求映射为 Codex Responses 的 image_generation 工具；普通 Responses/chat 会话也会注入生图工具，让 Codex 官方 imagegen skill 能通过同一个本地 API 服务使用。

变更

• Codex API/账号切换现会自动修复会话可见性：在 OAuth 账号、API Key 账号与本地 API 服务之间切换时，会展示检测到的来源与目标凭据类型，并在弹框内自动执行可见性修复、展示修复结果，不再需要单独手动点击修复。
• Codex 额度刷新错误现避免误导为账号异常：临时额度刷新失败时，会说明只是未能获取最新额度且账号状态不受影响。

修复

• Codex 会话可见性修复与同步不再因无效 state 数据库失败：遇到无法读取、损坏或结构不完整的 state_5.sqlite 时会跳过并在修复摘要中说明，其他有效的 rollout 与 SQLite 记录仍会继续修复或同步。

Changelog (English)

[0.22.18] - 2026-05-04

Added

• Codex Local API Service now supports the official image-generation API path: the local gateway exposes gpt-image-2, accepts /v1/images/generations and /v1/images/edits, maps image requests to Codex Responses image_generation, and injects the image-generation tool into regular Responses/chat sessions so Codex's official imagegen skill can use the same local API service.

Changed

• Codex API/account switching now repairs session visibility automatically: switches between OAuth accounts, API Key accounts, and the local API Service show the detected source and target credential types, run visibility repair in the dialog automatically, and show the repair result without requiring a separate manual repair click.
• Codex quota refresh errors now avoid implying account damage: transient quota refresh failures now say that the latest quota could not be fetched and the account status is unaffected.

Fixed

• Codex session visibility repair and sync no longer fail on invalid state databases: unreadable, corrupted, or incomplete state_5.sqlite files are skipped with a clear repair summary, while valid rollout and SQLite records continue to be repaired or synchronized.

Cockpit Tools v0.22.17

更新日志（中文）

[0.22.17] - 2026-04-30

变更

• Codex API/账号切换现已分离真实切号与会话可见性修复：在 OAuth 账号、API Key 账号与本地 API 服务之间切换时，会先完成真实账号切换，再显示后置的“Codex 会话不可见”弹框；弹框内提供显式的“修复可见性”入口、弹框内修复结果展示与“不再提示”选项。

修复

• Codex API 服务启动取消后不再显示会话可见性弹框：在 API 服务风险提示中点击取消会直接停止启动流程，不再继续展示切换后的修复引导。
• Codex 切号后端不再自动执行历史会话可见性修复：普通切号不再等待 rollout/SQLite 修复任务，避免用户只想切换账号时卡在处理中。

Changelog (English)

[0.22.17] - 2026-04-30

Changed

• Codex API/account switching now keeps account changes and session-visibility repair separate: switching between OAuth accounts, API Key accounts, and the local API Service now completes the real account change first, then shows a post-switch “Codex Sessions Hidden” dialog with an explicit Repair Visibility action, in-dialog repair results, and a “don’t show again” option.

Fixed

• Codex API Service activation no longer shows the session-visibility dialog after cancellation: canceling the API Service risk notice stops the activation flow without showing the post-switch repair guidance.
• Codex account switching no longer auto-runs history visibility repair in the backend: normal account switching no longer waits on rollout/SQLite repair work, avoiding stuck processing states when users only want to switch accounts.

Cockpit Tools v0.22.16

更新日志（中文）

[0.22.16] - 2026-04-30

变更

• Codex OAuth Token 管理现改为受保护的官方客户端刷新链路：刷新请求使用官方 JSON 请求体与 connector scopes；账号刷新前会先读取同账号更新的官方 Keychain/auth 快照；TokenKeeper 按 8 天周期执行受保护保活，确保已轮换的 Token 链先写回，避免继续复用旧 refresh_token。
• WorkBuddy 切号现直接写入共享客户端 auth 文件：切号、注入与本机导入统一使用 CodeBuddyExtension/Data/Public/auth/workbuddy-desktop.info，不再依赖 VS Code state.vscdb secret 注入，落盘结构与当前桌面客户端保持一致，也不要求用户先具备 Keychain 加密 secret。
• GitHub Copilot 账号展示现可区分 PRO+ 高级额度：套餐徽标、筛选、仪表盘卡片、悬浮卡片、实例徽标与额度展示均识别 PRO+，在拿到精确计数时会以已用/总量展示 premium requests。
• Trae OAuth 登录现归一应用版本与产品信息检测：登录上下文可从应用目录或可执行文件路径识别产品信息，授权请求的应用版本最低使用 3.5.54，不再回退到过旧的插件/本地版本字段。
• Codex 账号概览现支持自定义排序与更安全的 API 模式切换：用户可持久化自定义展示顺序；从 OAuth 切换到 API Key/API 服务时会提示会话可见性影响，并可在本次切换后立即执行一次修复。

修复

• Codex 授权失败现会说明真实的 refresh-token 失败原因：已复用、过期、被撤销、无效或缺失的 refresh token 会提示重新登录；unsupported_country_region_territory 会提示切换网络地区，不再把账号标记为永久需要重新授权。
• 实例后台自动刷新不再打断已打开的实例菜单或弹框：当行内菜单或实例弹框打开时，后台实例刷新会暂停。

移除

• 已移除官方 Linux/Ubuntu 发布支持：发布工作流不再构建 Ubuntu 安装包，更新器元数据不再要求 Linux AppImage/deb/rpm 资产，官方文档现仅将 macOS 与 Windows 列为受支持桌面平台。

Changelog (English)

[0.22.16] - 2026-04-30

Changed

• Codex OAuth token management now uses a guarded official-client refresh path: refresh requests use the official JSON payload with connector scopes, account refresh reloads newer official Keychain/auth snapshots for the same account before rotating tokens, and TokenKeeper performs an 8-day guarded keepalive so refreshed token chains are written through before stale refresh_token values are reused.
• WorkBuddy account switching now writes the shared client auth file directly: switch, inject, and local import flows use CodeBuddyExtension/Data/Public/auth/workbuddy-desktop.info instead of VS Code state.vscdb secret injection, matching the current desktop client storage shape without requiring a prior Keychain-backed secret store.
• GitHub Copilot account presentation now distinguishes PRO+ premium entitlement: plan badges, filters, dashboard cards, floating cards, instance badges, and quota presentation recognize PRO+ and show premium request usage as used/total when exact counters are available.
• Trae OAuth login now normalizes app version and product detection: login context discovery accepts app directories and executable paths, and auth requests now use a minimum supported app version of 3.5.54 instead of falling back to stale plugin/version fields.
• Codex account overview now supports custom account ordering and safer API-mode switching: users can persist a custom display order, and switching from OAuth to API Key/API Service shows a session-visibility notice with an optional one-time repair action.

Fixed

• Codex auth failures now explain the real refresh-token failure mode: reused, expired, revoked, invalid, or missing refresh tokens ask the user to log in again, while unsupported_country_region_territory tells the user to change network region without marking the account as permanently requiring reauthorization.
• Instance auto-refresh no longer interrupts active instance menus or modals: background refresh pauses while inline menus or instance dialogs are open.

Removed

• Official Linux/Ubuntu release support has been removed: release workflows no longer build Ubuntu packages, updater metadata no longer requires Linux AppImage/deb/rpm assets, and official documentation now lists macOS and Windows as the supported desktop platforms.

Cockpit Tools v0.22.15

更新日志（中文）

[0.22.15] - 2026-04-29

变更

• Codex 本地 API 服务现已监听本机与局域网接口：网关会绑定到全部 IPv4 接口，同时应用自身仍使用 127.0.0.1 作为基础地址，局域网客户端可直接通过宿主机局域网 IP 连接，不再需要额外配置 Windows portproxy 规则。
• Codex 本地 API 服务现已支持更大的 Codex 客户端请求体：请求读取上限从 8 MB 提升到 32 MB，以承载转发到上游前更大的代码上下文请求。
• Codex API Key 账号添加流程现改为仅保存账号：API Key 导入保存后刷新账号列表，移除独立的“添加并切换”操作，并在配额/订阅位置展示空状态，不再跳转到 OpenAI 用量页。
• Codex 套餐识别现已支持当前 PRO 档位别名：pro-5x 与 codex-pro-5x 会归一为 PRO Lite，pro-20x 与 codex-pro-20x 会归一为 PRO Max。

Changelog (English)

[0.22.15] - 2026-04-29

Changed

• Codex Local API Service now listens on local and LAN interfaces: the gateway binds to all IPv4 interfaces while keeping the app's own base URL on 127.0.0.1, so LAN clients can connect through the host machine's LAN IP without a separate Windows portproxy rule.
• Codex Local API Service now accepts larger Codex client payloads: the request read limit increases from 8 MB to 32 MB to accommodate larger code-context requests before they are forwarded upstream.
• Codex API Key account handling is now save-only from the add-account modal: API Key imports refresh the account list after saving, remove the separate add-and-switch action, and show empty quota/subscription states instead of linking out to OpenAI usage.
• Codex plan detection now recognizes current PRO tier aliases: pro-5x and codex-pro-5x map to PRO Lite, while pro-20x and codex-pro-20x map to PRO Max.

Cockpit Tools v0.22.14

更新日志（中文）

[0.22.14] - 2026-04-28

新增

• Codex 本地 API 服务路由现可优先选择订阅更早到期的账号：账号池路由新增“优先近到期”策略，会读取已保存的订阅到期元数据，并在到期时间相同时继续按订阅档位和剩余配额排序。

变更

• Codex 账号概览不再保留独立的订阅到期筛选：账号页移除有效期筛选控件，并清理已持久化的该筛选状态，同时保留账号详情中的订阅元数据展示。
• Codex Plus 账号现已使用独立徽标样式：账号列表、本地 API 服务成员视图、仪表盘卡片、悬浮卡片与实例徽标可将 Plus 与其他套餐徽标分开展示。

Changelog (English)

[0.22.14] - 2026-04-28

Added

• Codex Local API Service routing can now prioritize accounts whose subscriptions expire sooner: account pool routing adds an Expiry Soon First strategy that reads saved subscription expiry metadata and then falls back to plan tier and remaining quota ordering.

Changed

• Codex account overview no longer keeps a separate subscription-expiry filter: the accounts page removes the expiry filter control and clears its persisted filter state while keeping subscription metadata available in account details.
• Codex Plus accounts now use a distinct badge treatment: account lists, Local API Service member views, dashboard cards, floating cards, and instance badges can style Plus separately from other plan badges.

Cockpit Tools v0.22.13

更新日志（中文）

[0.22.13] - 2026-04-27

修复

• Codex 配额刷新不再仅因 id_token 过期而强制轮换 OAuth Token：配额刷新重新以 access_token 有效性为主，只在访问 token 过期或配额接口明确返回 token 失效时刷新，避免不必要的刷新导致 401。

变更

• Codex 订阅元数据缺失时改用中性提示：订阅列、筛选、卡片与悬浮提示改为“订阅信息/有效期”语义，订阅元数据缺失时显示“未获得订阅信息”，不再提示用户重新授权。
• Codex PRO Lite 与 PRO Max 账号现保持 PRO 筛选并使用独立徽标：账号列表、本地 API 服务、仪表盘卡片、悬浮卡片与实例徽标可分别展示 pro_lite 与 pro_max 样式，同时仍归入 PRO 筛选分组。

Changelog (English)

[0.22.13] - 2026-04-27

Fixed

• Codex quota refresh no longer forces OAuth token rotation only because id_token expired: quota refresh again uses the access_token validity and only refreshes tokens when the access token is expired or the quota API reports token invalidation, avoiding unnecessary refreshes that could lead to 401 responses.

Changed

• Codex subscription metadata now uses neutral missing-information wording: subscription columns, filters, cards, and tooltips now say subscription info or term, and missing subscription metadata is shown as unavailable instead of asking the user to reauthorize.
• Codex PRO Lite and PRO Max accounts now keep PRO filtering while using distinct badges: account lists, local API access, dashboard cards, floating cards, and instance badges can style pro_lite and pro_max separately without moving them out of the PRO filter group.

Cockpit Tools v0.22.12

更新日志（中文）

[0.22.12] - 2026-04-27

修复

• Codex 本地 API 服务端口冲突现可在应用内恢复：网关重启前会先停止旧监听，端口被占用时展示明确的清理操作，并可清理当前配置的本地端口后重新启动服务。

新增

• Codex 账号列表现已展示订阅到期状态：OAuth 账号会保存 chatgpt_subscription_active_until，并在紧凑视图、卡片视图和表格视图展示到期状态，支持按到期状态筛选/排序，sub2api 导出也会带上订阅到期信息。
• GitHub Copilot 账号现已支持从本机 VS Code 导入当前会话：导入弹框可读取 VS Code 当前 Copilot 绑定的 GitHub 登录名与匹配的 GitHub 认证会话，经官方 GitHub/Copilot API 校验后保存为受管账号。

Changelog (English)

[0.22.12] - 2026-04-27

Fixed

• Codex Local API Service port conflicts are now recoverable in-app: gateway restart stops the previous listener before rebinding, occupied-port failures show a clear cleanup action, and the configured local port can be cleared before restarting the service.

Added

• Codex account lists now surface subscription expiry: OAuth accounts persist chatgpt_subscription_active_until, display expiry state in compact, card, and table views, support expiry filtering/sorting, and include subscription expiry metadata in sub2api exports.
• GitHub Copilot accounts can now import the current local VS Code session: the import modal can read VS Code's selected Copilot GitHub login and matching GitHub auth session, validate it through official GitHub/Copilot APIs, and save it as a managed account.

Cockpit Tools v0.22.11

更新日志（中文）

[0.22.11] - 2026-04-26

变更

• Codex Token 管理现已以 Cockpit 账号中心作为唯一真源：受管 Codex 工作流在注入前不再自动把未受管的官方 auth.json 或 Keychain 快照读回 Cockpit，避免旧本地凭证覆盖账号中心里已刷新的 Token。
• Codex 受管 CLI 执行现已更可靠地保留轮换后的 refresh token：同一账号的 Token 刷新、投影写入、官方 CLI 执行与执行后同步会串行处理，并只从 Cockpit 标记过的受管 home 回写，确保轮换后的 refresh_token 链在其他受管消费者复用旧值前写回账号中心。
• Codex API Key 现已默认隐藏敏感内容：API Key 账号卡片与凭证输入框默认隐藏密钥，仅在用户显式点击时显示；切换账号或受管供应商密钥时会重置显示状态。
• 仪表盘当前账户卡片现已兼顾只管理账号的用户：当平台已有受管账号但未解析到当前账户时，仪表盘会展示账号数据里的第一个账号，不再让当前账户位置显示为空。

新增

• 仪表盘平台卡片现已支持快捷隐藏：可直接在仪表盘隐藏平台卡片，并复用“平台布局”里的仪表盘显示设置。
• Codex 模型预设管理入口更易访问：Codex 模型供应商管理中可直接打开预设编辑器，减少维护唤醒模型预设的操作步骤。

Changelog (English)

[0.22.11] - 2026-04-26

Changed

• Codex token management now uses Cockpit's account store as the single authority: managed Codex workflows no longer auto-read unmanaged official auth.json or Keychain snapshots back into Cockpit before injection, preventing stale local credentials from overwriting refreshed account-center tokens.
• Codex managed CLI runs now preserve rotated refresh tokens more reliably: account-scoped execution serializes token refresh, projection writes, official CLI execution, and post-run token sync from Cockpit-marked managed homes so a rotated refresh_token chain is written back before another managed consumer can reuse the old value.
• Codex API Key handling now masks secrets by default: API Key account cards and credential inputs hide keys unless explicitly revealed, and reveal state resets when switching accounts or managed provider keys.
• Dashboard current-account cards now stay populated for account-management-only users: when a platform has managed accounts but no resolved current account, the dashboard shows the first account from the account data instead of an empty current-account slot.

Added

• Dashboard platform cards now include a quick hide action: platform cards can be hidden directly from the dashboard while using the same dashboard visibility setting managed by Platform Layout.
• Codex model preset management is easier to reach from provider configuration: the Codex model provider manager can open the preset editor directly, reducing the steps needed to maintain wake-up model presets.

Cockpit Tools v0.22.10

更新日志（中文）

[0.22.10] - 2026-04-24

变更

• Windsurf Auth1 账号注入现已与官方客户端 token 语义对齐：Auth1 链路会把 devin-session-token$... 作为本地会话写入的主访问 token，在可用时同步写入 sessionToken 与 authMethod=auth1，并移除额外 synthetic API key 补拉请求依赖。
• Windsurf 启动行为现已默认复用现有窗口，不再强制新开窗口：默认启动命令不再强制 open -n；实例启动与默认启动统一跟随应用复用窗口行为。
• Codex JSON 导出现已在同一弹框支持 CPA 多文档工作流：CPA 导出可按账号卡片展示，支持逐条保存账号 JSON，也支持选择目录后一键批量下载全部文件。

修复

• 导出失败现已在当前导出弹框内直接提示：复制/保存/打开目录失败会在弹框内固定错误区展示，并在重试、切换预览状态、切换导出格式或关闭弹框时清理旧错误，避免残留重复提示。
• Windsurf 扩展状态现已为受支持前缀写入兼容迁移 token：对 sk-ws-01-、devin-session-token$、cog_ 令牌会同步写入 windsurf.pendingApiKeyMigration，避免启动后反复进入迁移链路。

Changelog (English)

[0.22.10] - 2026-04-24

Changed

• Windsurf Auth1 account injection now matches official client token semantics: Auth1 flows now keep devin-session-token$... as the primary access token for local session writes, inject sessionToken / authMethod=auth1 into local auth status when available, and stop relying on the extra synthetic-API-key recovery request.
• Windsurf launch now defaults to window reuse instead of forcing a new window: default start commands no longer force open -n; instance and default launches follow normal app reuse behavior.
• Codex JSON export now supports CPA multi-document workflows in one modal: CPA exports can render per-account cards, save each account JSON separately, or batch-download all generated files into a chosen directory.

Fixed

• Export failures are now surfaced inside the active export modal: copy/save/open-directory failures now appear in-modal with anchored error messaging, and stale error states are cleared when retrying, toggling preview state, switching format, or closing the modal.
• Windsurf extension state now writes compatible pending migration tokens for supported prefixes: supported tokens (sk-ws-01-, devin-session-token$, cog_) are written into windsurf.pendingApiKeyMigration, preventing repeated migration loops after startup.

Cockpit Tools v0.22.9

更新日志（中文）

[0.22.9] - 2026-04-23

新增

• Windsurf 账号登录/导入现已支持 Auth1 账号与 Devin Session Token：导入时可直接识别 devin-session-token$...；邮箱密码登录会自动识别 Firebase / Auth1；Auth1 会话可补齐 synthetic API Key 与套餐快照。
• 日志查看器现已支持切换日志文件并按级别筛选：弹框可浏览受管的 app.log / codex-api.log 日志文件，并按 INFO / WARN / ERROR 过滤日志条目。

变更

• Codex 本地 API 服务现已移除手动“速度”档位，并改为跟随上游默认 tier 行为：弹框不再展示速度选择；请求转发不再注入 service_tier；统计范围会记住上次选择。
• Codex 本地 API 服务在账号池下的流式转发与路由开销已收敛：/v1/chat/completions 流式响应改为边读边转，不再整段缓冲后回放；路由阶段会短暂缓存已准备账号；请求统计改为异步批量落盘。

修复

• Codex 账号注入现已改为以账号中心存储为 Token 真源：当前账号解析与实例注入不再回读受管本地 auth 快照，避免旧本地状态反向覆盖已刷新的凭据。

Changelog (English)

[0.22.9] - 2026-04-23

Added

• Windsurf account login/import now supports Auth1 accounts and Devin Session Tokens: token import can read devin-session-token$..., password login auto-detects Firebase vs Auth1, and Auth1 sessions can recover synthetic API keys plus plan snapshots.
• Log Viewer now supports switching log files and filtering by level: the modal can browse managed app.log / codex-api.log files and filter entries by INFO / WARN / ERROR.

Changed

• Codex Local API Service now removes the manual Speed selector and follows upstream default tier behavior: the modal no longer exposes the tier control, request rewriting no longer injects service_tier, and the stats range keeps the last selected view.
• Codex Local API Service streaming and routing are now lighter under account pools: /v1/chat/completions stream responses are transformed chunk-by-chunk instead of full-buffer replay, prepared accounts are cached briefly for routing, and request stats are flushed asynchronously in batches.

Fixed

• Codex account injection now uses account-store tokens as the source of truth: current-account resolution and profile injection stop reading managed local auth snapshots back into the store, preventing stale local state from overriding refreshed credentials.