ImgTagPlus is a local-first image-tagging tool that scans images on disk, runs an AI tagging backend, and writes keywords to XMP sidecar files for DAM workflows.
- Headless CLI runs against a file or directory.
- Local web UI runs on
127.0.0.1:5000. - The web UI defaults to sandboxed browsing unless full file system access is explicitly enabled.
- Supported image extensions are
.jpg,.jpeg,.png,.webp,.tiff,.tif,.bmp, and.gif. - A single image path processes one file.
- A directory path scans either one level or recursively depending on
--recursive. - Missing paths are rejected before processing starts.
- In sandbox mode, server-side browse and tag requests must stay within the configured sandbox root.
clipperforms zero-shot tagging against the built-in tag vocabulary.florence-2-baseperforms caption-driven keyword extraction.florence-2-largeperforms the same caption-driven extraction with a larger model.thresholdapplies to CLIP-style scoring and is clamped to the inclusive range0.0..1.0.- Florence backends ignore the
thresholdparameter; all extracted keywords are returned. - Florence-2 also generates compound keywords by detecting adjacent word pairs in the caption (e.g. "blue sky").
max_tagsis clamped to the inclusive range1..200.
- XMP sidecars are written alongside the image by default unless
--output-diris provided. - Existing XMP tags are merged by default.
--overwritereplaces existing ImgTagPlus tags instead of merging.- Malformed existing XMP is treated as unreadable input and ignored with a warning rather than crashing the run.
- XML-special characters in tags must be escaped correctly.
- The web UI includes a viewer mode for browsing a selected directory of images.
- Viewer browsing reuses the existing sandbox-aware directory picker.
- The viewer lists supported image files from the selected directory and can optionally include subdirectories recursively.
- The viewer supports both grid and list preview modes for the loaded files.
- The viewer reads tags from
.xmpsidecar files located next to each image. - Images without sidecar tags still appear in the viewer and show an explicit empty-tag state.
- The lightbox supports previous/next navigation and keyboard shortcuts with
ArrowLeft,ArrowRight, andEscape. - The lightbox keeps a consistent preview frame size while navigating between images.
- When the scanner finds no supported images at the given path,
app.run()returns exit code0but fires a progress callback with(0, 0, "")to signal an empty result. - The web server emits a WARNING log: "No images found at {path}."
- The web UI shows a yellow "No Images Found" state instead of the green success bar.
- All HTTP responses include
X-Frame-Options: DENY,X-Content-Type-Options: nosniff,Referrer-Policy: no-referrer, and a restrictiveContent-Security-Policy. - POST, PUT, and DELETE requests are subject to origin validation; only
localhostand127.0.0.1origins are accepted. - Rate limiting is enforced per client IP on browse, image, and tag endpoints.
- SSE connections are limited to 5 concurrent clients.
- The frontend escapes all server-provided strings before HTML interpolation to prevent XSS.
- Florence-2
trust_remote_codeis only enabled for model IDs in the pinned revision allowlist.
- Headless CLI returns a non-zero exit code when scanning or model loading fails.
- Per-image processing failures can continue or abort depending on CLI flags and interactive choices.
- The web server returns explicit error responses for invalid paths or sandbox violations.
- The server exposes
/healthfor readiness checks. - The server exposes
/api/imagesfor viewer image/tag listing and/api/imagefor serving viewer image assets to the local browser. - Only one tagging job may run at a time in the current server architecture.
- Log files are written to the process log directory and can be downloaded from the web UI.
- Multi-user scheduling
- Remote/multi-host deployment
- Database-backed job orchestration