Imagegen Bridge
Use image generation from your Codex subscription—no OpenAI API key required.
Quick start · Commands · Examples · SDKs and skill · Dashboard and API · Documentation

Imagegen Bridge connects to the Codex OAuth session from your own subscription and exposes its image generation through a local CLI, dashboard, and HTTP API. You keep using your existing Codex login instead of configuring or paying for a separate OpenAI API key.
Quick start
You need Rust 1.94, a working codex executable, and an existing Codex login.
Open the local generation dashboard with:
setup previews every change before applying it. Neither setup nor doctor
spends an image generation unless you explicitly request and confirm a live
probe.
Main commands
| Command | Purpose |
|---|---|
imagegen-bridge setup |
Configure the bridge for the current Codex login |
imagegen-bridge doctor |
Check OAuth, configuration, storage, and providers |
imagegen-bridge generate |
Generate one or more images |
imagegen-bridge edit |
Edit an image or use reference images |
imagegen-bridge dashboard |
Open or start the embedded dashboard |
imagegen-bridge serve |
Run the HTTP API explicitly |
imagegen-bridge preset |
Save and reuse complete request settings |
imagegen-bridge providers |
Inspect providers, models, and capabilities |
imagegen-bridge background remove |
Remove a flat background locally |
Run imagegen-bridge <command> --help for every option. The complete CLI
reference is in docs/cli.md.
Common workflows
Generate and save an image
Use --output-dir for generated filenames, --collision suffix to preserve an
existing file, --open for the system image viewer, and --metadata embedded
to store generation metadata inside the image. Metadata is disabled by default.
Generate multiple images
If a transport supports only one image per request, the bridge fans out bounded provider calls and preserves the requested order.
Edit with references
Create transparent output
auto uses native alpha when the provider supports it and otherwise applies the
local chroma-key pipeline. Existing keyed images can be processed without a
provider call:
Reuse settings and threads
Presets never retain image bytes, masks, reference images, or idempotency keys.
Use from code or agents
| Surface | Install or location |
|---|---|
| Rust SDK | cargo add imagegen-bridge |
| Python SDK | uv add imagegen-bridge |
| TypeScript SDK | bun add imagegen-bridge |
| OpenAPI and JSON Schema | schemas/ |
| Agent skill | skills/generate-images-with-bridge/ |
Install the agent skill with:
The SDKs and skill discover the same live provider capabilities as the CLI. See docs/sdks.md for examples.
Dashboard and API
imagegen-bridge dashboard opens the embedded UI and starts the local service
when needed. The dashboard supports generation, edits, reference images,
advanced controls, presets, asynchronous jobs, history, previews, metadata,
and provider diagnostics. It is embedded in the Rust binary: no Node runtime
or separate web server is required.
To run it manually:
Open http://127.0.0.1:8787/dashboard, or send a native request:
OpenAI-familiar generation and multipart edit routes are also available at
/v1/images/generations and /v1/images/edits. Durable jobs use /v1/jobs
and persist artifact-backed results across restarts. See
docs/api.md for authentication, streaming, presets, job history,
diagnostics, metrics, errors, and the full route contract.
Providers and models
| Transport | Status | Use it for | Constraint |
|---|---|---|---|
codex-responses |
Default, first class | Built-in Codex image generation, explicit models, and image controls | Uses the Codex Responses backend and Codex/ChatGPT OAuth |
codex-app-server |
Supported fallback | Codex lifecycle, edits, references, and reusable threads | Uses automatic image-tool action negotiation and a smaller parameter set |
codex-responses is the built-in Codex path and can route gpt-image-2,
gpt-image-1.5, gpt-image-1, and gpt-image-1-mini. It authenticates with
the existing Codex/ChatGPT OAuth session and the Codex Responses backend. It
does not read OPENAI_API_KEY and is separate from the official OpenAI
Platform API-key provider. Inspect its live capabilities with:
Requests are checked against the selected provider before generation. Strict
mode rejects unsupported combinations; --compatibility normalize applies
only changes reported back in the response. Masks are currently unsupported by
both Codex transports.
codex-app-server remains available as a fallback. Its upstream turn may
occasionally finish without emitting an image item; the bridge treats that as
an error and records content-safe structured counts of observed item types and
statuses for diagnosis. An API-key-backed official OpenAI provider is reserved
in configuration but is not implemented and never shares Codex OAuth handling.
Advanced controls
The native contract supports, where the provider allows them:
- size, aspect ratio, resolution, quality, format, compression, and background;
- multiple outputs with sequential or bounded parallel execution;
- negative-prompt, moderation, revised-prompt, and partial-image policies;
- input fidelity, reference images, edits, and reusable sessions;
- native or emulated transparency with alpha validation and despill;
- atomic output files, sidecar or embedded metadata, timings, and checksums;
- ordered provider/model fallbacks with per-attempt traces;
- strict, normalized, fail-fast, and best-effort request behavior.
Provider fallback is explicit and never reroutes safety refusals, cancellation, permission failures, or operations with an unknown upstream outcome:
Docker
The container runs as UID/GID 10001, supports a read-only root filesystem, and
keeps OAuth state, SQLite data, artifacts, and reference inputs in separate
mounts. Tagged releases publish Linux AMD64 and ARM64 images at
ghcr.io/crimsab/imagegen-bridge. Read
docs/deployment.md before exposing the API or mounting
Codex credentials.
Configuration
Configuration precedence is:
defaults < TOML file < IMAGEGEN_BRIDGE__* environment < --set/--unset
Start with imagegen-bridge setup, or use
config.example.toml for a hand-managed deployment.
Unknown keys fail validation. config show and config origins report the
effective configuration without resolving credential values.
Documentation
- CLI reference
- HTTP API contract
- SDK guide
- Deployment and operations
- Testing matrix
- Release process
- Contributing
Testing
Offline tests use fake Codex processes, mock HTTP services, fixture images, and the production dashboard. Live OAuth tests are individually gated because they can consume image-generation allowance. See docs/testing.md.
Security and upstream status
The default Responses adapter is live-tested against the Codex backend. Its wire protocol is an implementation detail of Codex OAuth and may evolve, so releases keep regression fixtures and controlled live gates. Imagegen Bridge does not disable or bypass upstream safety checks and does not automatically retry an unchanged safety refusal.
Do not commit auth.json, mount an entire home directory into the container, or
bind an unauthenticated bridge to a public interface.
License
Licensed under the MIT License.