更新日志（中文）

[0.22.20] - 2026-05-06

新增

• Windsurf 账号管理现支持 2026-04+ 新账号使用的 Devin Auth 体系：邮箱密码登录、auth1_ token 导入、刷新与实例切号可走 Devin auth1 → session → one-time token → IDE token 链路，并保存 IDE 所需的 Devin account/org ID 与 user-status 数据。
• Windsurf 账号页默认使用推荐排序：账号总览新增“按推荐”排序，按本地保存的日/周配额、重置时间和周期结束时间评分，让剩余可用度更高的账号优先展示。
• 备份管理现支持按平台归档与下载：自动/手动备份会保留可恢复 JSON，并同步生成 ZIP 压缩包，列表展示平台账号数量，支持按平台筛选，以及下载完整 JSON、ZIP 或单个平台 JSON。
• Codex 本地 API 服务现会在账号总览展示额度池：API 服务卡片会按订阅档位汇总成员账号，并分别展示 5 小时额度与周额度；档位较多时可打开完整额度池弹框查看。

变更

• Codex 账号读取现兼容更多便携账号文件：可把便携 token/API-key JSON 详情文件恢复到当前账号模型，并保留 API 供应商、时间戳、账号 ID、组织 ID、套餐与订阅字段。
• Codex 账号总览会在本地 API 服务启用时把“当前”标识移到 API 服务入口：该变化仅影响此账号列表页的展示，应用其他位置仍沿用原有当前账号逻辑。
• Codex 本地 API 服务卡片现与普通账号卡片对齐：卡片操作栏和悬浮样式跟随普通账号，主体内保留成员预览并在其下方竖排展示额度池统计。
• Codex 实例账号选择现可识别 API Key 供应商：API Key 账号在实例配额预览中展示供应商，也可按供应商名称搜索。
• 账号与配置文件写入现统一使用同步原子写入路径：账号索引、OAuth pending 状态、config.toml、分组/同步设置、OpenCode/OpenClaw auth 文件和备份文件都会通过临时文件替换写入，并只从有效备份恢复。
• 配额和 Token 刷新现直接使用主刷新链路：各平台刷新不再等待隐藏的延迟重试，失败时会更快暴露真实错误。
• Homebrew Cask 元数据已补齐到 v0.22.19 发布产物：Cask 版本与 SHA256 指向 0.22.19 universal DMG。

修复

• Windsurf Devin 账号切入实例时会使用更新的 IDE 凭据：实例启动前会预刷新 Devin 账号，写入稳定的 installation、onboarding、sign-in 与 user 字段，并带上 Devin account/org/protobuf 状态数据，避免启动后显示未登录或出现权限拒绝。
• 账号列表不再因存储临时返回异常空结果而消失：共享账号 store 在异常空读取时会保留当前缓存账号与当前账号，同时仍允许用户主动删除后的真实空列表。
• 备份恢复与保留清理现一致处理 JSON/ZIP 配对文件：读取备份时可从损坏或缺失的 JSON 回退到对应压缩包，过期清理也会同时清理 JSON 与 ZIP 备份。

Changelog (English)

[0.22.20] - 2026-05-06

Added

• Windsurf account management now supports the Devin Auth account system introduced for new 2026-04+ accounts: email/password login, auth1_ token import, refresh, and instance switching can use the Devin auth1 → session → one-time token → IDE token flow, while preserving Devin account/org IDs and user-status data needed by the IDE.
• Windsurf accounts now default to a recommended sort: the account overview adds a Recommended sort option that scores accounts from saved daily/weekly quota, reset timing, and plan-cycle timing so accounts with more useful remaining capacity surface first.
• Backup Manager now produces and exports platform-aware archives: scheduled/manual backups keep the restorable JSON file and a matching ZIP archive, show platform account counts, support platform filtering, and can download the full JSON, the ZIP, or one platform's JSON.
• Codex Local API Service now shows its quota pool on the account overview: the API Service card summarizes member accounts by subscription tier with separate 5-hour and weekly quota totals, and exposes a full quota-pool dialog when there are more tiers to inspect.

Changed

• Codex account loading now accepts more portable managed-account files: token/API-key detail files with portable JSON shapes can be recovered into the current account model, including API provider metadata, timestamps, account IDs, organization IDs, and subscription/plan fields.
• Codex account overview now treats the Local API Service as the current entry when it is active: the current marker moves from the underlying account to the API Service card on this page, while the rest of the app keeps its existing current-account logic.
• Codex Local API Service cards now align with regular account cards: the card keeps the same action-bar rhythm and hover styling as normal accounts while keeping member previews and quota-pool stats stacked in the body.
• Codex instance account selection now identifies API Key providers: API Key accounts show their provider inline in instance quota previews and can be searched by provider name.
• File writes for account/config state now use a shared synced atomic path: account indexes, OAuth pending state, config.toml, group/sync settings, OpenCode/OpenClaw auth files, and backup files write through temp-file replacement with validated backup restore behavior.
• Quota and token refreshes now use the primary refresh path directly: provider refresh flows no longer wait on a hidden delayed retry before surfacing the actual failure.
• Homebrew Cask metadata has been caught up with the v0.22.19 release artifact: the cask version and checksum now point to the 0.22.19 universal DMG.

Fixed

• Windsurf Devin accounts switch into instances with fresher IDE credentials: instance launch pre-refreshes Devin accounts, writes stable installation/onboarding/sign-in/user fields, and includes Devin account/org/protobuf status data to avoid launch-time signed-out or permission-denied states.
• Account lists no longer disappear when storage temporarily returns an unexpected empty result: shared account stores keep the current cached accounts/current account during abnormal empty reads, while still allowing real empty results after intentional deletion.
• Backup restore and retention now handle JSON/ZIP pairs consistently: backup reads can fall back from a damaged or missing JSON file to its archive, and cleanup removes expired JSON and ZIP backups together.

更新日志（中文）

[0.22.19] - 2026-05-05

新增

• Codex 外部账号导入链接现支持远端导入包：import_url 深链参数可拉取 HTTP/HTTPS JSON 导入包、逐个导入账号，并在专用进度弹框展示总数、成功/失败统计与可复制失败项。

变更

• Codex 账号导入后端现统一刷新 OAuth 额度信息：从本地、JSON 或文件导入后会跳过 API Key 账号并刷新 OAuth 账号配额，再用刷新后的记录更新账号列表与托盘状态。
• Codex 便携导出格式现归一 Cockpit Tools JSON：Cockpit Tools 导出会输出可移植的 Token/API Key JSON，CPA 文档会保留 Token 刷新时间与过期时间元数据。
• Codex PRO 档位识别现与 CPA 20x 语义对齐：未显式标记 prolite 的 pro 账号默认展示为 PRO Max/20x，并在本地 API 服务路由排序中按 20x 档位处理。
• Codex 会话可见性修复备份现按实例保留最近一次：执行新一轮修复前会清理旧的会话可见性修复备份目录，避免备份长期堆积。

修复

• Codex OAuth 导入不再因 email 只存在于 OpenAI profile claim 中失败：解析 id_token 时会在缺少顶层 email claim 时读取 https://api.openai.com/profile.email。
• 外部导入链接现会执行自动 token 导入请求：带 auto_import=true 的 token/payload 链接会自动提交导入，短时间重复投递的同一导入请求会被忽略。

Changelog (English)

[0.22.19] - 2026-05-05

Added

• Codex external account-import links now support remote import bundles: the import_url deep-link parameter can fetch an HTTP/HTTPS JSON import bundle, import accounts one by one, and show a dedicated progress dialog with totals, success/failure counts, and copyable failed items.

Changed

• Codex account imports now refresh OAuth quota data in the backend: local, JSON, and file imports refresh imported OAuth accounts after saving, skip API Key accounts, then update account and tray state from the refreshed records.
• Codex portable export output now normalizes Cockpit Tools JSON: Cockpit Tools exports produce portable token/API-key JSON, while CPA documents preserve token refresh and expiry metadata.
• Codex PRO plan handling now aligns bare pro accounts with CPA 20x semantics: accounts without an explicit prolite marker are shown as PRO Max/20x and ranked as the 20x tier by Local API Service routing.
• Codex session-visibility repair now keeps only the latest repair backup per instance: old session-visibility repair backup directories are pruned before running a new repair to avoid long-term backup buildup.

Fixed

• Codex OAuth imports no longer fail when email only exists in the OpenAI profile claim: id_token parsing now reads https://api.openai.com/profile.email when the top-level email claim is absent.
• External import links now honor automatic token import requests: token/payload links with auto_import=true submit automatically, and repeated delivery of the same import request within a short window is ignored.

更新日志（中文）

[0.22.18] - 2026-05-04

新增

• Codex 本地 API 服务现已支持官方生图 API 路径：本地网关会暴露 gpt-image-2，支持 /v1/images/generations 与 /v1/images/edits，并将图片请求映射为 Codex Responses 的 image_generation 工具；普通 Responses/chat 会话也会注入生图工具，让 Codex 官方 imagegen skill 能通过同一个本地 API 服务使用。

变更

• Codex API/账号切换现会自动修复会话可见性：在 OAuth 账号、API Key 账号与本地 API 服务之间切换时，会展示检测到的来源与目标凭据类型，并在弹框内自动执行可见性修复、展示修复结果，不再需要单独手动点击修复。
• Codex 额度刷新错误现避免误导为账号异常：临时额度刷新失败时，会说明只是未能获取最新额度且账号状态不受影响。

修复

• Codex 会话可见性修复与同步不再因无效 state 数据库失败：遇到无法读取、损坏或结构不完整的 state_5.sqlite 时会跳过并在修复摘要中说明，其他有效的 rollout 与 SQLite 记录仍会继续修复或同步。

Changelog (English)

[0.22.18] - 2026-05-04

Added

• Codex Local API Service now supports the official image-generation API path: the local gateway exposes gpt-image-2, accepts /v1/images/generations and /v1/images/edits, maps image requests to Codex Responses image_generation, and injects the image-generation tool into regular Responses/chat sessions so Codex's official imagegen skill can use the same local API service.

Changed

• Codex API/account switching now repairs session visibility automatically: switches between OAuth accounts, API Key accounts, and the local API Service show the detected source and target credential types, run visibility repair in the dialog automatically, and show the repair result without requiring a separate manual repair click.
• Codex quota refresh errors now avoid implying account damage: transient quota refresh failures now say that the latest quota could not be fetched and the account status is unaffected.

Fixed

• Codex session visibility repair and sync no longer fail on invalid state databases: unreadable, corrupted, or incomplete state_5.sqlite files are skipped with a clear repair summary, while valid rollout and SQLite records continue to be repaired or synchronized.

更新日志（中文）

[0.22.17] - 2026-04-30

变更

• Codex API/账号切换现已分离真实切号与会话可见性修复：在 OAuth 账号、API Key 账号与本地 API 服务之间切换时，会先完成真实账号切换，再显示后置的“Codex 会话不可见”弹框；弹框内提供显式的“修复可见性”入口、弹框内修复结果展示与“不再提示”选项。

修复

• Codex API 服务启动取消后不再显示会话可见性弹框：在 API 服务风险提示中点击取消会直接停止启动流程，不再继续展示切换后的修复引导。
• Codex 切号后端不再自动执行历史会话可见性修复：普通切号不再等待 rollout/SQLite 修复任务，避免用户只想切换账号时卡在处理中。

Changelog (English)

[0.22.17] - 2026-04-30

Changed

• Codex API/account switching now keeps account changes and session-visibility repair separate: switching between OAuth accounts, API Key accounts, and the local API Service now completes the real account change first, then shows a post-switch “Codex Sessions Hidden” dialog with an explicit Repair Visibility action, in-dialog repair results, and a “don’t show again” option.

Fixed

• Codex API Service activation no longer shows the session-visibility dialog after cancellation: canceling the API Service risk notice stops the activation flow without showing the post-switch repair guidance.
• Codex account switching no longer auto-runs history visibility repair in the backend: normal account switching no longer waits on rollout/SQLite repair work, avoiding stuck processing states when users only want to switch accounts.

更新日志（中文）

[0.22.16] - 2026-04-30

变更

• Codex OAuth Token 管理现改为受保护的官方客户端刷新链路：刷新请求使用官方 JSON 请求体与 connector scopes；账号刷新前会先读取同账号更新的官方 Keychain/auth 快照；TokenKeeper 按 8 天周期执行受保护保活，确保已轮换的 Token 链先写回，避免继续复用旧 refresh_token。
• WorkBuddy 切号现直接写入共享客户端 auth 文件：切号、注入与本机导入统一使用 CodeBuddyExtension/Data/Public/auth/workbuddy-desktop.info，不再依赖 VS Code state.vscdb secret 注入，落盘结构与当前桌面客户端保持一致，也不要求用户先具备 Keychain 加密 secret。
• GitHub Copilot 账号展示现可区分 PRO+ 高级额度：套餐徽标、筛选、仪表盘卡片、悬浮卡片、实例徽标与额度展示均识别 PRO+，在拿到精确计数时会以已用/总量展示 premium requests。
• Trae OAuth 登录现归一应用版本与产品信息检测：登录上下文可从应用目录或可执行文件路径识别产品信息，授权请求的应用版本最低使用 3.5.54，不再回退到过旧的插件/本地版本字段。
• Codex 账号概览现支持自定义排序与更安全的 API 模式切换：用户可持久化自定义展示顺序；从 OAuth 切换到 API Key/API 服务时会提示会话可见性影响，并可在本次切换后立即执行一次修复。

修复

• Codex 授权失败现会说明真实的 refresh-token 失败原因：已复用、过期、被撤销、无效或缺失的 refresh token 会提示重新登录；unsupported_country_region_territory 会提示切换网络地区，不再把账号标记为永久需要重新授权。
• 实例后台自动刷新不再打断已打开的实例菜单或弹框：当行内菜单或实例弹框打开时，后台实例刷新会暂停。

移除

• 已移除官方 Linux/Ubuntu 发布支持：发布工作流不再构建 Ubuntu 安装包，更新器元数据不再要求 Linux AppImage/deb/rpm 资产，官方文档现仅将 macOS 与 Windows 列为受支持桌面平台。

Changelog (English)

[0.22.16] - 2026-04-30

Changed

• Codex OAuth token management now uses a guarded official-client refresh path: refresh requests use the official JSON payload with connector scopes, account refresh reloads newer official Keychain/auth snapshots for the same account before rotating tokens, and TokenKeeper performs an 8-day guarded keepalive so refreshed token chains are written through before stale refresh_token values are reused.
• WorkBuddy account switching now writes the shared client auth file directly: switch, inject, and local import flows use CodeBuddyExtension/Data/Public/auth/workbuddy-desktop.info instead of VS Code state.vscdb secret injection, matching the current desktop client storage shape without requiring a prior Keychain-backed secret store.
• GitHub Copilot account presentation now distinguishes PRO+ premium entitlement: plan badges, filters, dashboard cards, floating cards, instance badges, and quota presentation recognize PRO+ and show premium request usage as used/total when exact counters are available.
• Trae OAuth login now normalizes app version and product detection: login context discovery accepts app directories and executable paths, and auth requests now use a minimum supported app version of 3.5.54 instead of falling back to stale plugin/version fields.
• Codex account overview now supports custom account ordering and safer API-mode switching: users can persist a custom display order, and switching from OAuth to API Key/API Service shows a session-visibility notice with an optional one-time repair action.

Fixed

• Codex auth failures now explain the real refresh-token failure mode: reused, expired, revoked, invalid, or missing refresh tokens ask the user to log in again, while unsupported_country_region_territory tells the user to change network region without marking the account as permanently requiring reauthorization.
• Instance auto-refresh no longer interrupts active instance menus or modals: background refresh pauses while inline menus or instance dialogs are open.

Removed

• Official Linux/Ubuntu release support has been removed: release workflows no longer build Ubuntu packages, updater metadata no longer requires Linux AppImage/deb/rpm assets, and official documentation now lists macOS and Windows as the supported desktop platforms.

更新日志（中文）

[0.22.15] - 2026-04-29

变更

• Codex 本地 API 服务现已监听本机与局域网接口：网关会绑定到全部 IPv4 接口，同时应用自身仍使用 127.0.0.1 作为基础地址，局域网客户端可直接通过宿主机局域网 IP 连接，不再需要额外配置 Windows portproxy 规则。
• Codex 本地 API 服务现已支持更大的 Codex 客户端请求体：请求读取上限从 8 MB 提升到 32 MB，以承载转发到上游前更大的代码上下文请求。
• Codex API Key 账号添加流程现改为仅保存账号：API Key 导入保存后刷新账号列表，移除独立的“添加并切换”操作，并在配额/订阅位置展示空状态，不再跳转到 OpenAI 用量页。
• Codex 套餐识别现已支持当前 PRO 档位别名：pro-5x 与 codex-pro-5x 会归一为 PRO Lite，pro-20x 与 codex-pro-20x 会归一为 PRO Max。

Changelog (English)

[0.22.15] - 2026-04-29

Changed

• Codex Local API Service now listens on local and LAN interfaces: the gateway binds to all IPv4 interfaces while keeping the app's own base URL on 127.0.0.1, so LAN clients can connect through the host machine's LAN IP without a separate Windows portproxy rule.
• Codex Local API Service now accepts larger Codex client payloads: the request read limit increases from 8 MB to 32 MB to accommodate larger code-context requests before they are forwarded upstream.
• Codex API Key account handling is now save-only from the add-account modal: API Key imports refresh the account list after saving, remove the separate add-and-switch action, and show empty quota/subscription states instead of linking out to OpenAI usage.
• Codex plan detection now recognizes current PRO tier aliases: pro-5x and codex-pro-5x map to PRO Lite, while pro-20x and codex-pro-20x map to PRO Max.

更新日志（中文）

[0.22.14] - 2026-04-28

新增

• Codex 本地 API 服务路由现可优先选择订阅更早到期的账号：账号池路由新增“优先近到期”策略，会读取已保存的订阅到期元数据，并在到期时间相同时继续按订阅档位和剩余配额排序。

变更

• Codex 账号概览不再保留独立的订阅到期筛选：账号页移除有效期筛选控件，并清理已持久化的该筛选状态，同时保留账号详情中的订阅元数据展示。
• Codex Plus 账号现已使用独立徽标样式：账号列表、本地 API 服务成员视图、仪表盘卡片、悬浮卡片与实例徽标可将 Plus 与其他套餐徽标分开展示。

Changelog (English)

[0.22.14] - 2026-04-28

Added

• Codex Local API Service routing can now prioritize accounts whose subscriptions expire sooner: account pool routing adds an Expiry Soon First strategy that reads saved subscription expiry metadata and then falls back to plan tier and remaining quota ordering.

Changed

• Codex account overview no longer keeps a separate subscription-expiry filter: the accounts page removes the expiry filter control and clears its persisted filter state while keeping subscription metadata available in account details.
• Codex Plus accounts now use a distinct badge treatment: account lists, Local API Service member views, dashboard cards, floating cards, and instance badges can style Plus separately from other plan badges.

更新日志（中文）

[0.22.13] - 2026-04-27

修复

• Codex 配额刷新不再仅因 id_token 过期而强制轮换 OAuth Token：配额刷新重新以 access_token 有效性为主，只在访问 token 过期或配额接口明确返回 token 失效时刷新，避免不必要的刷新导致 401。

变更

• Codex 订阅元数据缺失时改用中性提示：订阅列、筛选、卡片与悬浮提示改为“订阅信息/有效期”语义，订阅元数据缺失时显示“未获得订阅信息”，不再提示用户重新授权。
• Codex PRO Lite 与 PRO Max 账号现保持 PRO 筛选并使用独立徽标：账号列表、本地 API 服务、仪表盘卡片、悬浮卡片与实例徽标可分别展示 pro_lite 与 pro_max 样式，同时仍归入 PRO 筛选分组。

Changelog (English)

[0.22.13] - 2026-04-27

Fixed

• Codex quota refresh no longer forces OAuth token rotation only because id_token expired: quota refresh again uses the access_token validity and only refreshes tokens when the access token is expired or the quota API reports token invalidation, avoiding unnecessary refreshes that could lead to 401 responses.

Changed

• Codex subscription metadata now uses neutral missing-information wording: subscription columns, filters, cards, and tooltips now say subscription info or term, and missing subscription metadata is shown as unavailable instead of asking the user to reauthorize.
• Codex PRO Lite and PRO Max accounts now keep PRO filtering while using distinct badges: account lists, local API access, dashboard cards, floating cards, and instance badges can style pro_lite and pro_max separately without moving them out of the PRO filter group.

更新日志（中文）

[0.22.12] - 2026-04-27

修复

• Codex 本地 API 服务端口冲突现可在应用内恢复：网关重启前会先停止旧监听，端口被占用时展示明确的清理操作，并可清理当前配置的本地端口后重新启动服务。

新增

• Codex 账号列表现已展示订阅到期状态：OAuth 账号会保存 chatgpt_subscription_active_until，并在紧凑视图、卡片视图和表格视图展示到期状态，支持按到期状态筛选/排序，sub2api 导出也会带上订阅到期信息。
• GitHub Copilot 账号现已支持从本机 VS Code 导入当前会话：导入弹框可读取 VS Code 当前 Copilot 绑定的 GitHub 登录名与匹配的 GitHub 认证会话，经官方 GitHub/Copilot API 校验后保存为受管账号。

Changelog (English)

[0.22.12] - 2026-04-27

Fixed

• Codex Local API Service port conflicts are now recoverable in-app: gateway restart stops the previous listener before rebinding, occupied-port failures show a clear cleanup action, and the configured local port can be cleared before restarting the service.

Added

• Codex account lists now surface subscription expiry: OAuth accounts persist chatgpt_subscription_active_until, display expiry state in compact, card, and table views, support expiry filtering/sorting, and include subscription expiry metadata in sub2api exports.
• GitHub Copilot accounts can now import the current local VS Code session: the import modal can read VS Code's selected Copilot GitHub login and matching GitHub auth session, validate it through official GitHub/Copilot APIs, and save it as a managed account.

更新日志（中文）

[0.22.11] - 2026-04-26

变更

• Codex Token 管理现已以 Cockpit 账号中心作为唯一真源：受管 Codex 工作流在注入前不再自动把未受管的官方 auth.json 或 Keychain 快照读回 Cockpit，避免旧本地凭证覆盖账号中心里已刷新的 Token。
• Codex 受管 CLI 执行现已更可靠地保留轮换后的 refresh token：同一账号的 Token 刷新、投影写入、官方 CLI 执行与执行后同步会串行处理，并只从 Cockpit 标记过的受管 home 回写，确保轮换后的 refresh_token 链在其他受管消费者复用旧值前写回账号中心。
• Codex API Key 现已默认隐藏敏感内容：API Key 账号卡片与凭证输入框默认隐藏密钥，仅在用户显式点击时显示；切换账号或受管供应商密钥时会重置显示状态。
• 仪表盘当前账户卡片现已兼顾只管理账号的用户：当平台已有受管账号但未解析到当前账户时，仪表盘会展示账号数据里的第一个账号，不再让当前账户位置显示为空。

新增

• 仪表盘平台卡片现已支持快捷隐藏：可直接在仪表盘隐藏平台卡片，并复用“平台布局”里的仪表盘显示设置。
• Codex 模型预设管理入口更易访问：Codex 模型供应商管理中可直接打开预设编辑器，减少维护唤醒模型预设的操作步骤。

Changelog (English)

[0.22.11] - 2026-04-26

Changed

• Codex token management now uses Cockpit's account store as the single authority: managed Codex workflows no longer auto-read unmanaged official auth.json or Keychain snapshots back into Cockpit before injection, preventing stale local credentials from overwriting refreshed account-center tokens.
• Codex managed CLI runs now preserve rotated refresh tokens more reliably: account-scoped execution serializes token refresh, projection writes, official CLI execution, and post-run token sync from Cockpit-marked managed homes so a rotated refresh_token chain is written back before another managed consumer can reuse the old value.
• Codex API Key handling now masks secrets by default: API Key account cards and credential inputs hide keys unless explicitly revealed, and reveal state resets when switching accounts or managed provider keys.
• Dashboard current-account cards now stay populated for account-management-only users: when a platform has managed accounts but no resolved current account, the dashboard shows the first account from the account data instead of an empty current-account slot.

Added

• Dashboard platform cards now include a quick hide action: platform cards can be hidden directly from the dashboard while using the same dashboard visibility setting managed by Platform Layout.
• Codex model preset management is easier to reach from provider configuration: the Codex model provider manager can open the preset editor directly, reducing the steps needed to maintain wake-up model presets.