chore: merge upstream origin/main (v0.1.109) - delete Sora, add group account filter, Cache-Driven RPM, Beta model whitelist, OpenAI normalize fixes, refresh token race fix, Gemini customtools fix

2026-04-08 06:28:50 +08:00 · 2026-04-08 06:28:50 +08:00 · 3ba3a17652
commit 3ba3a17652
parent 47ce45fbed 00aaf0f796
274 changed files with 15713 additions and 28243 deletions
--- a/.github/audit-exceptions.yml
+++ b/.github/audit-exceptions.yml
@ -5,12 +5,26 @@ exceptions:
    severity: high
    reason: "Admin export only; switched to dynamic import to reduce exposure (CVE-2023-30533)"
    mitigation: "Load only on export; restrict export permissions and data scope"
-    expires_on: "2026-04-05"
+    expires_on: "2026-07-06"
    owner: "security@your-domain"
  - package: xlsx
    advisory: "GHSA-5pgg-2g8v-p4x9"
    severity: high
    reason: "Admin export only; switched to dynamic import to reduce exposure (CVE-2024-22363)"
    mitigation: "Load only on export; restrict export permissions and data scope"
-    expires_on: "2026-04-05"
+    expires_on: "2026-07-06"
    owner: "security@your-domain"
  - package: lodash
    advisory: "GHSA-r5fr-rjxr-66jc"
    severity: high
    reason: "lodash _.template not used with untrusted input; only internal admin UI templates"
    mitigation: "No user-controlled template strings; plan to migrate to lodash-es tree-shaken imports"
    expires_on: "2026-07-02"
    owner: "security@your-domain"
  - package: lodash-es
    advisory: "GHSA-r5fr-rjxr-66jc"
    severity: high
    reason: "lodash-es _.template not used with untrusted input; only internal admin UI templates"
    mitigation: "No user-controlled template strings; plan to migrate to native JS alternatives"
    expires_on: "2026-07-02"
    owner: "security@your-domain"
--- a/README.md
+++ b/README.md
@ -45,17 +45,30 @@ Sub2API is an AI API gateway platform designed to distribute and manage API quot
 - **Admin Dashboard** - Web interface for monitoring and management
 - **External System Integration** - Embed external systems (e.g. payment, ticketing) via iframe to extend the admin dashboard
-## Don't Want to Self-Host?
+## ❤️ Sponsors
 > [Want to appear here?](mailto:support@pincc.ai)
 <table>
 <tr>
 <td width="180" align="center" valign="middle"><a href="https://shop.pincc.ai/"><img src="assets/partners/logos/pincc-logo.png" alt="pincc" width="150"></a></td>
 <td valign="middle"><b><a href="https://shop.pincc.ai/">PinCC</a></b> is the official relay service built on Sub2API, offering stable access to Claude Code, Codex, Gemini and other popular models — ready to use, no deployment or maintenance required.</td>
 </tr>
 <tr>
 <td width="180"><a href="https://www.packyapi.com/register?aff=sub2api"><img src="assets/partners/logos/packycode.png" alt="PackyCode" width="150"></a></td>
 <td>Thanks to PackyCode for sponsoring this project! PackyCode is a reliable and efficient API relay service provider, offering relay services for Claude Code, Codex, Gemini, and more. PackyCode provides special discounts for our software users: register using <a href="https://www.packyapi.com/register?aff=sub2api">this link</a> and enter the "sub2api" promo code during first recharge to get 10% off.</td>
 </tr>
 <tr>
 <td width="180"><a href="https://poixe.com/i/sub2api"><img src="assets/partners/logos/poixe.png" alt="PoixeAi" width="150"></a></td>
 <td>Thanks to Poixe Ai for sponsoring this project! Poixe AI provides reliable LLM API services. You can leverage the platform's API endpoints to seamlessly build AI-powered products. Additionally, you can become a vendor by providing AI API resources to the platform and earn revenue. Register through the exclusive <a href="https://poixe.com/i/sub2api">sub2api</a> referral link and receive a bonus of $5 USD on your first top-up.</td>
 </tr>
 <tr>
 <td width="180"><a href="https://ctok.ai"><img src="assets/partners/logos/ctok.png" alt="CTok" width="150"></a></td>
 <td>Thanks to CTok.ai for sponsoring this project! CTok.ai is dedicated to building a one-stop AI programming tool service platform. We offer professional Claude Code packages and technical community services, with support for Google Gemini and OpenAI Codex. Through carefully designed plans and a professional tech community, we provide developers with reliable service guarantees and continuous technical support, making AI-assisted programming a true productivity tool. Click <a href="https://ctok.ai">here</a> to register!</td>
 </tr>
 </table>
 ## Ecosystem
--- a/README_CN.md
+++ b/README_CN.md
@ -44,17 +44,31 @@ Sub2API 是一个 AI API 网关平台，用于分发和管理 AI 产品订阅的
 - **管理后台** - Web 界面进行监控和管理
 - **外部系统集成** - 支持通过 iframe 嵌入外部系统（如支付、工单等），扩展管理后台功能
-## 不想自建？试试官方中转
+## ❤️ 赞助商
 > [想出现在这里？](mailto:support@pincc.ai)
 <table>
 <tr>
 <td width="180" align="center" valign="middle"><a href="https://shop.pincc.ai/"><img src="assets/partners/logos/pincc-logo.png" alt="pincc" width="150"></a></td>
 <td valign="middle"><b><a href="https://shop.pincc.ai/">PinCC</a></b> 是基于 Sub2API 搭建的官方中转服务，提供 Claude Code、Codex、Gemini 等主流模型的稳定中转，开箱即用，免去自建部署与运维烦恼。</td>
 </tr>
 <tr>
 <td width="180"><a href="https://www.packyapi.com/register?aff=sub2api"><img src="assets/partners/logos/packycode.png" alt="PackyCode" width="150"></a></td>
 <td>感谢 PackyCode 赞助了本项目！PackyCode 是一家稳定、高效的API中转服务商，提供 Claude Code、Codex、Gemini 等多种中转服务。PackyCode 为本软件的用户提供了特别优惠，使用<a href="https://www.packyapi.com/register?aff=sub2api">此链接</a>注册并在充值时填写"sub2api"优惠码，首次充值可以享受9折优惠！</td>
 </tr>
 <tr>
 <td width="180"><a href="https://poixe.com/i/sub2api"><img src="assets/partners/logos/poixe.png" alt="PoixeAI" width="150"></a></td>
 <td>感谢 Poixe AI 赞助了本项目！Poixe AI 提供可靠的 AI 模型接口服务，您可以使用平台提供的 LLM API 接口轻松构建 AI 产品，同时也可以成为供应商，为平台提供大模型资源以赚取收益。通过 <a href="https://poixe.com/i/sub2api">此链接</a> 专属链接注册，充值额外赠送 $5 美金</td>
 </tr>
 <tr>
 <td width="180"><a href="https://ctok.ai"><img src="assets/partners/logos/ctok.png" alt="CTok" width="150"></a></td>
 <td>感谢 CTok.ai 赞助了本项目！CTok.ai 致力于打造一站式 AI 编程工具服务平台。我们提供 Claude Code 专业套餐及技术社群服务，同时支持 Google Gemini 和 OpenAI Codex。通过精心设计的套餐方案和专业的技术社群，为开发者提供稳定的服务保障和持续的技术支持，让 AI 辅助编程真正成为开发者的生产力工具。点击<a href="https://ctok.ai">这里</a>注册！</td>
 </tr>
 </table>
 ## 生态项目
--- a/README_JA.md
+++ b/README_JA.md
@ -45,7 +45,9 @@ Sub2API は、AI 製品のサブスクリプションから API クォータを
 - **管理ダッシュボード** - 監視・管理のための Web インターフェース
 - **外部システム連携** - 外部システム（決済、チケット管理など）を iframe 経由で管理ダッシュボードに埋め込み可能
-## セルフホストが不要な方へ
+## ❤️ スポンサー
 > [こちらに掲載しませんか？](mailto:support@pincc.ai)
 <table>
 <tr>
@ -56,6 +58,16 @@ Sub2API は、AI 製品のサブスクリプションから API クォータを
 <td width="180"><a href="https://www.packyapi.com/register?aff=sub2api"><img src="assets/partners/logos/packycode.png" alt="PackyCode" width="150"></a></td>
 <td>PackyCode のご支援に感謝します！PackyCode は Claude Code、Codex、Gemini などのリレーサービスを提供する信頼性の高い API 中継プラットフォームです。本ソフト利用者向けに特別割引があります：<a href="https://www.packyapi.com/register?aff=sub2api">このリンク</a>で登録し、チャージ時に「sub2api」クーポンを入力すると 10% オフになります。</td>
 </tr>
 <tr>
 <td width="180"><a href="https://poixe.com/i/sub2api"><img src="assets/partners/logos/poixe.png" alt="PoixeAi" width="150"></a></td>
 <td>Poixe AI のご支援に感謝します！Poixe AI は信頼性の高い LLM API サービスを提供しています。プラットフォームの API エンドポイントを活用して、AI 搭載プロダクトをシームレスに構築できます。また、ベンダーとして AI API リソースをプラットフォームに提供し、収益を得ることも可能です。専用の <a href="https://poixe.com/i/sub2api">sub2api</a> 紹介リンクから登録すると、初回チャージ時に $5 USD のボーナスがもらえます。</td>
 </tr>
 <tr>
 <td width="180"><a href="https://ctok.ai"><img src="assets/partners/logos/ctok.png" alt="CTok" width="150"></a></td>
 <td>CTok.ai のご支援に感謝します！CTok.ai はワンストップ AI プログラミングツールサービスプラットフォームの構築に取り組んでいます。Claude Code の専用プランと技術コミュニティサービスを提供し、Google Gemini や OpenAI Codex もサポートしています。丁寧に設計されたプランと専門的な技術コミュニティを通じて、開発者に安定したサービス保証と継続的な技術サポートを提供し、AI アシスト プログラミングを真の生産性向上ツールにします。<a href="https://ctok.ai">こちら</a>から登録！</td>
 </tr>
 </table>
 ## エコシステム
--- a/assets/partners/logos/ctok.png
+++ b/assets/partners/logos/ctok.png
--- a/assets/partners/logos/poixe.png
+++ b/assets/partners/logos/poixe.png
--- a/backend/cmd/server/VERSION
+++ b/backend/cmd/server/VERSION
@ -1 +1 @@
-0.1.106
+0.1.109
--- a/backend/cmd/server/wire_gen.go
+++ b/backend/cmd/server/wire_gen.go
@ -54,6 +54,7 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	refreshTokenCache := repository.NewRefreshTokenCache(redisClient)
 	settingRepository := repository.NewSettingRepository(client)
 	groupRepository := repository.NewGroupRepository(client, db)
 	channelRepository := repository.NewChannelRepository(db)
 	settingService := service.ProvideSettingService(settingRepository, groupRepository, configConfig)
 	emailCache := repository.NewEmailCache(redisClient)
 	emailService := service.NewEmailService(settingRepository, emailCache)
@ -106,12 +107,11 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	dashboardHandler := admin.NewDashboardHandler(dashboardService, dashboardAggregationService)
 	schedulerCache := repository.NewSchedulerCache(redisClient)
 	accountRepository := repository.NewAccountRepository(client, db, schedulerCache)
 	soraAccountRepository := repository.NewSoraAccountRepository(db)
 	proxyRepository := repository.NewProxyRepository(client, db)
 	proxyExitInfoProber := repository.NewProxyExitInfoProber(configConfig)
 	proxyLatencyCache := repository.NewProxyLatencyCache(redisClient)
 	privacyClientFactory := providePrivacyClientFactory()
-	adminService := service.NewAdminService(userRepository, groupRepository, accountRepository, soraAccountRepository, proxyRepository, apiKeyRepository, redeemCodeRepository, userGroupRateRepository, billingCacheService, proxyExitInfoProber, proxyLatencyCache, apiKeyAuthCacheInvalidator, client, settingService, subscriptionService, userSubscriptionRepository, privacyClientFactory)
+	adminService := service.NewAdminService(userRepository, groupRepository, accountRepository, proxyRepository, apiKeyRepository, redeemCodeRepository, userGroupRateRepository, billingCacheService, proxyExitInfoProber, proxyLatencyCache, apiKeyAuthCacheInvalidator, client, settingService, subscriptionService, userSubscriptionRepository, privacyClientFactory)
 	concurrencyCache := repository.ProvideConcurrencyCache(redisClient, configConfig)
 	concurrencyService := service.ProvideConcurrencyService(concurrencyCache, accountRepository, configConfig)
 	adminUserHandler := admin.NewUserHandler(adminService, concurrencyService)
@ -143,11 +143,11 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	schedulerSnapshotService := service.ProvideSchedulerSnapshotService(schedulerCache, schedulerOutboxRepository, accountRepository, groupRepository, configConfig)
 	antigravityTokenProvider := service.ProvideAntigravityTokenProvider(accountRepository, geminiTokenCache, antigravityOAuthService, oauthRefreshAPI, tempUnschedCache)
 	internal500CounterCache := repository.NewInternal500CounterCache(redisClient)
 	antigravityGatewayService := service.NewAntigravityGatewayService(accountRepository, gatewayCache, schedulerSnapshotService, antigravityTokenProvider, rateLimitService, httpUpstream, settingService, internal500CounterCache)
 	tlsFingerprintProfileRepository := repository.NewTLSFingerprintProfileRepository(client)
 	tlsFingerprintProfileCache := repository.NewTLSFingerprintProfileCache(redisClient)
 	tlsFingerprintProfileService := service.NewTLSFingerprintProfileService(tlsFingerprintProfileRepository, tlsFingerprintProfileCache)
 	accountUsageService := service.NewAccountUsageService(accountRepository, usageLogRepository, claudeUsageFetcher, geminiQuotaService, antigravityQuotaFetcher, usageCache, identityCache, tlsFingerprintProfileService)
 	antigravityGatewayService := service.NewAntigravityGatewayService(accountRepository, gatewayCache, schedulerSnapshotService, antigravityTokenProvider, rateLimitService, httpUpstream, settingService, internal500CounterCache)
 	accountTestService := service.NewAccountTestService(accountRepository, geminiTokenProvider, antigravityGatewayService, httpUpstream, configConfig, tlsFingerprintProfileService)
 	crsSyncService := service.NewCRSSyncService(accountRepository, proxyRepository, oAuthService, openAIOAuthService, geminiOAuthService, configConfig)
 	sessionLimitCache := repository.ProvideSessionLimitCache(redisClient, configConfig)
@ -180,18 +180,15 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	deferredService := service.ProvideDeferredService(accountRepository, timingWheelService)
 	claudeTokenProvider := service.ProvideClaudeTokenProvider(accountRepository, geminiTokenCache, oAuthService, oauthRefreshAPI)
 	digestSessionStore := service.NewDigestSessionStore()
-	gatewayService := service.NewGatewayService(accountRepository, groupRepository, usageLogRepository, usageBillingRepository, userRepository, userSubscriptionRepository, userGroupRateRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, identityService, httpUpstream, deferredService, claudeTokenProvider, sessionLimitCache, rpmCache, digestSessionStore, settingService, tlsFingerprintProfileService)
+	channelService := service.NewChannelService(channelRepository, apiKeyAuthCacheInvalidator)
 	modelPricingResolver := service.NewModelPricingResolver(channelService, billingService)
 	gatewayService := service.NewGatewayService(accountRepository, groupRepository, usageLogRepository, usageBillingRepository, userRepository, userSubscriptionRepository, userGroupRateRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, identityService, httpUpstream, deferredService, claudeTokenProvider, sessionLimitCache, rpmCache, digestSessionStore, settingService, tlsFingerprintProfileService, channelService, modelPricingResolver)
 	openAITokenProvider := service.ProvideOpenAITokenProvider(accountRepository, geminiTokenCache, openAIOAuthService, oauthRefreshAPI)
-	openAIGatewayService := service.NewOpenAIGatewayService(accountRepository, usageLogRepository, usageBillingRepository, userRepository, userSubscriptionRepository, userGroupRateRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, httpUpstream, deferredService, openAITokenProvider)
+	openAIGatewayService := service.NewOpenAIGatewayService(accountRepository, usageLogRepository, usageBillingRepository, userRepository, userSubscriptionRepository, userGroupRateRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, httpUpstream, deferredService, openAITokenProvider, modelPricingResolver, channelService)
 	geminiMessagesCompatService := service.NewGeminiMessagesCompatService(accountRepository, groupRepository, gatewayCache, schedulerSnapshotService, geminiTokenProvider, rateLimitService, httpUpstream, antigravityGatewayService, configConfig)
 	opsSystemLogSink := service.ProvideOpsSystemLogSink(opsRepository)
 	opsService := service.NewOpsService(opsRepository, settingRepository, configConfig, accountRepository, userRepository, concurrencyService, gatewayService, openAIGatewayService, geminiMessagesCompatService, antigravityGatewayService, opsSystemLogSink)
-	soraS3Storage := service.NewSoraS3Storage(settingService)
+	settingHandler := admin.NewSettingHandler(settingService, emailService, turnstileService, opsService)
 	settingService.SetOnS3UpdateCallback(soraS3Storage.RefreshClient)
 	soraGenerationRepository := repository.NewSoraGenerationRepository(db)
 	soraQuotaService := service.NewSoraQuotaService(userRepository, groupRepository, settingService)
 	soraGenerationService := service.NewSoraGenerationService(soraGenerationRepository, soraS3Storage, soraQuotaService)
 	settingHandler := admin.NewSettingHandler(settingService, emailService, turnstileService, opsService, soraS3Storage)
 	opsHandler := admin.NewOpsHandler(opsService)
 	updateCache := repository.NewUpdateCache(redisClient)
 	gitHubReleaseClient := repository.ProvideGitHubReleaseClient(configConfig)
@ -218,22 +215,18 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	scheduledTestResultRepository := repository.NewScheduledTestResultRepository(db)
 	scheduledTestService := service.ProvideScheduledTestService(scheduledTestPlanRepository, scheduledTestResultRepository)
 	scheduledTestHandler := admin.NewScheduledTestHandler(scheduledTestService)
-	adminHandlers := handler.ProvideAdminHandlers(dashboardHandler, adminUserHandler, groupHandler, accountHandler, adminAnnouncementHandler, dataManagementHandler, backupHandler, oAuthHandler, openAIOAuthHandler, geminiOAuthHandler, antigravityOAuthHandler, proxyHandler, adminRedeemHandler, promoHandler, settingHandler, opsHandler, systemHandler, adminSubscriptionHandler, adminUsageHandler, userAttributeHandler, errorPassthroughHandler, tlsFingerprintProfileHandler, adminAPIKeyHandler, scheduledTestHandler)
+	channelHandler := admin.NewChannelHandler(channelService, billingService)
 	adminHandlers := handler.ProvideAdminHandlers(dashboardHandler, adminUserHandler, groupHandler, accountHandler, adminAnnouncementHandler, dataManagementHandler, backupHandler, oAuthHandler, openAIOAuthHandler, geminiOAuthHandler, antigravityOAuthHandler, proxyHandler, adminRedeemHandler, promoHandler, settingHandler, opsHandler, systemHandler, adminSubscriptionHandler, adminUsageHandler, userAttributeHandler, errorPassthroughHandler, tlsFingerprintProfileHandler, adminAPIKeyHandler, scheduledTestHandler, channelHandler)
 	usageRecordWorkerPool := service.NewUsageRecordWorkerPool(configConfig)
 	userMsgQueueCache := repository.NewUserMsgQueueCache(redisClient)
 	userMessageQueueService := service.ProvideUserMessageQueueService(userMsgQueueCache, rpmCache, configConfig)
 	gatewayHandler := handler.NewGatewayHandler(gatewayService, geminiMessagesCompatService, antigravityGatewayService, userService, concurrencyService, billingCacheService, usageService, apiKeyService, usageRecordWorkerPool, errorPassthroughService, userMessageQueueService, configConfig, settingService)
 	openAIGatewayHandler := handler.NewOpenAIGatewayHandler(openAIGatewayService, concurrencyService, billingCacheService, apiKeyService, usageRecordWorkerPool, errorPassthroughService, configConfig)
 	soraSDKClient := service.ProvideSoraSDKClient(configConfig, httpUpstream, openAITokenProvider, accountRepository, soraAccountRepository)
 	soraMediaStorage := service.ProvideSoraMediaStorage(configConfig)
 	soraGatewayService := service.NewSoraGatewayService(soraSDKClient, rateLimitService, httpUpstream, configConfig)
 	soraClientHandler := handler.NewSoraClientHandler(soraGenerationService, soraQuotaService, soraS3Storage, soraGatewayService, gatewayService, soraMediaStorage, apiKeyService)
 	soraGatewayHandler := handler.NewSoraGatewayHandler(gatewayService, soraGatewayService, concurrencyService, billingCacheService, usageRecordWorkerPool, configConfig)
 	handlerSettingHandler := handler.ProvideSettingHandler(settingService, buildInfo)
 	totpHandler := handler.NewTotpHandler(totpService)
 	idempotencyCoordinator := service.ProvideIdempotencyCoordinator(idempotencyRepository, configConfig)
 	idempotencyCleanupService := service.ProvideIdempotencyCleanupService(idempotencyRepository, configConfig)
-	handlers := handler.ProvideHandlers(authHandler, userHandler, apiKeyHandler, usageHandler, redeemHandler, subscriptionHandler, announcementHandler, adminHandlers, gatewayHandler, openAIGatewayHandler, soraGatewayHandler, soraClientHandler, handlerSettingHandler, totpHandler, idempotencyCoordinator, idempotencyCleanupService)
+	handlers := handler.ProvideHandlers(authHandler, userHandler, apiKeyHandler, usageHandler, redeemHandler, subscriptionHandler, announcementHandler, adminHandlers, gatewayHandler, openAIGatewayHandler, handlerSettingHandler, totpHandler, idempotencyCoordinator, idempotencyCleanupService)
 	jwtAuthMiddleware := middleware.NewJWTAuthMiddleware(authService, userService)
 	adminAuthMiddleware := middleware.NewAdminAuthMiddleware(authService, userService, settingService)
 	apiKeyAuthMiddleware := middleware.NewAPIKeyAuthMiddleware(apiKeyService, subscriptionService, configConfig)
@ -244,13 +237,12 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	opsAlertEvaluatorService := service.ProvideOpsAlertEvaluatorService(opsService, opsRepository, emailService, redisClient, configConfig)
 	opsCleanupService := service.ProvideOpsCleanupService(opsRepository, db, redisClient, configConfig)
 	opsScheduledReportService := service.ProvideOpsScheduledReportService(opsService, userService, emailService, redisClient, configConfig)
-	soraMediaCleanupService := service.ProvideSoraMediaCleanupService(soraMediaStorage, configConfig)
+	tokenRefreshService := service.ProvideTokenRefreshService(accountRepository, oAuthService, openAIOAuthService, geminiOAuthService, antigravityOAuthService, compositeTokenCacheInvalidator, schedulerCache, configConfig, tempUnschedCache, privacyClientFactory, proxyRepository, oauthRefreshAPI)
 	tokenRefreshService := service.ProvideTokenRefreshService(accountRepository, soraAccountRepository, oAuthService, openAIOAuthService, geminiOAuthService, antigravityOAuthService, compositeTokenCacheInvalidator, schedulerCache, configConfig, tempUnschedCache, privacyClientFactory, proxyRepository, oauthRefreshAPI)
 	lsPoolBootstrapService := service.ProvideLSPoolBootstrapService(accountRepository, configConfig)
 	accountExpiryService := service.ProvideAccountExpiryService(accountRepository)
 	subscriptionExpiryService := service.ProvideSubscriptionExpiryService(userSubscriptionRepository)
 	scheduledTestRunnerService := service.ProvideScheduledTestRunnerService(scheduledTestPlanRepository, scheduledTestService, accountTestService, rateLimitService, configConfig)
-	v := provideCleanup(client, redisClient, opsMetricsCollector, opsAggregationService, opsAlertEvaluatorService, opsCleanupService, opsScheduledReportService, opsSystemLogSink, soraMediaCleanupService, schedulerSnapshotService, tokenRefreshService, lsPoolBootstrapService, accountExpiryService, subscriptionExpiryService, usageCleanupService, idempotencyCleanupService, pricingService, emailQueueService, billingCacheService, usageRecordWorkerPool, subscriptionService, oAuthService, openAIOAuthService, geminiOAuthService, antigravityOAuthService, openAIGatewayService, scheduledTestRunnerService, backupService)
+	v := provideCleanup(client, redisClient, opsMetricsCollector, opsAggregationService, opsAlertEvaluatorService, opsCleanupService, opsScheduledReportService, opsSystemLogSink, schedulerSnapshotService, tokenRefreshService, lsPoolBootstrapService, accountExpiryService, subscriptionExpiryService, usageCleanupService, idempotencyCleanupService, pricingService, emailQueueService, billingCacheService, usageRecordWorkerPool, subscriptionService, oAuthService, openAIOAuthService, geminiOAuthService, antigravityOAuthService, openAIGatewayService, scheduledTestRunnerService, backupService)
 	application := &Application{
 		Server:  httpServer,
 		Cleanup: v,
@ -285,7 +277,6 @@ func provideCleanup(
 	opsCleanup *service.OpsCleanupService,
 	opsScheduledReport *service.OpsScheduledReportService,
 	opsSystemLogSink *service.OpsSystemLogSink,
 	soraMediaCleanup *service.SoraMediaCleanupService,
 	schedulerSnapshot *service.SchedulerSnapshotService,
 	tokenRefresh *service.TokenRefreshService,
 	lsPoolBootstrap *service.LSPoolBootstrapService,
@ -334,12 +325,6 @@ func provideCleanup(
 				}
 				return nil
 			}},
 			{"SoraMediaCleanupService", func() error {
 				if soraMediaCleanup != nil {
 					soraMediaCleanup.Stop()
 				}
 				return nil
 			}},
 			{"OpsAlertEvaluatorService", func() error {
 				if opsAlertEvaluator != nil {
 					opsAlertEvaluator.Stop()
--- a/backend/cmd/server/wire_gen_test.go
+++ b/backend/cmd/server/wire_gen_test.go
@ -58,7 +58,6 @@ func TestProvideCleanup_WithMinimalDependencies_NoPanic(t *testing.T) {
 		&service.OpsCleanupService{},
 		&service.OpsScheduledReportService{},
 		opsSystemLogSinkSvc,
 		&service.SoraMediaCleanupService{},
 		schedulerSnapshotSvc,
 		tokenRefreshSvc,
 		lsPoolBootstrapSvc,
--- a/backend/ent/group.go
+++ b/backend/ent/group.go
@ -52,16 +52,6 @@ type Group struct {
 	ImagePrice2k *float64 `json:"image_price_2k,omitempty"`
 	// ImagePrice4k holds the value of the "image_price_4k" field.
 	ImagePrice4k *float64 `json:"image_price_4k,omitempty"`
 	// SoraImagePrice360 holds the value of the "sora_image_price_360" field.
 	SoraImagePrice360 *float64 `json:"sora_image_price_360,omitempty"`
 	// SoraImagePrice540 holds the value of the "sora_image_price_540" field.
 	SoraImagePrice540 *float64 `json:"sora_image_price_540,omitempty"`
 	// SoraVideoPricePerRequest holds the value of the "sora_video_price_per_request" field.
 	SoraVideoPricePerRequest *float64 `json:"sora_video_price_per_request,omitempty"`
 	// SoraVideoPricePerRequestHd holds the value of the "sora_video_price_per_request_hd" field.
 	SoraVideoPricePerRequestHd *float64 `json:"sora_video_price_per_request_hd,omitempty"`
 	// SoraStorageQuotaBytes holds the value of the "sora_storage_quota_bytes" field.
 	SoraStorageQuotaBytes int64 `json:"sora_storage_quota_bytes,omitempty"`
 	// 是否仅允许 Claude Code 客户端
 	ClaudeCodeOnly bool `json:"claude_code_only,omitempty"`
 	// 非 Claude Code 请求降级使用的分组 ID
@ -80,6 +70,10 @@ type Group struct {
 	SortOrder int `json:"sort_order,omitempty"`
 	// 是否允许 /v1/messages 调度到此 OpenAI 分组
 	AllowMessagesDispatch bool `json:"allow_messages_dispatch,omitempty"`
 	// 仅允许非 apikey 类型账号关联到此分组
 	RequireOauthOnly bool `json:"require_oauth_only,omitempty"`
 	// 调度时仅允许 privacy 已成功设置的账号
 	RequirePrivacySet bool `json:"require_privacy_set,omitempty"`
 	// 默认映射模型 ID，当账号级映射找不到时使用此值
 	DefaultMappedModel string `json:"default_mapped_model,omitempty"`
 	// Edges holds the relations/edges for other nodes in the graph.
@ -190,11 +184,11 @@ func (*Group) scanValues(columns []string) ([]any, error) {
 		switch columns[i] {
 		case group.FieldModelRouting, group.FieldSupportedModelScopes:
 			values[i] = new([]byte)
-		case group.FieldIsExclusive, group.FieldClaudeCodeOnly, group.FieldModelRoutingEnabled, group.FieldMcpXMLInject, group.FieldAllowMessagesDispatch:
+		case group.FieldIsExclusive, group.FieldClaudeCodeOnly, group.FieldModelRoutingEnabled, group.FieldMcpXMLInject, group.FieldAllowMessagesDispatch, group.FieldRequireOauthOnly, group.FieldRequirePrivacySet:
 			values[i] = new(sql.NullBool)
-		case group.FieldRateMultiplier, group.FieldDailyLimitUsd, group.FieldWeeklyLimitUsd, group.FieldMonthlyLimitUsd, group.FieldImagePrice1k, group.FieldImagePrice2k, group.FieldImagePrice4k, group.FieldSoraImagePrice360, group.FieldSoraImagePrice540, group.FieldSoraVideoPricePerRequest, group.FieldSoraVideoPricePerRequestHd:
+		case group.FieldRateMultiplier, group.FieldDailyLimitUsd, group.FieldWeeklyLimitUsd, group.FieldMonthlyLimitUsd, group.FieldImagePrice1k, group.FieldImagePrice2k, group.FieldImagePrice4k:
 			values[i] = new(sql.NullFloat64)
-		case group.FieldID, group.FieldDefaultValidityDays, group.FieldSoraStorageQuotaBytes, group.FieldFallbackGroupID, group.FieldFallbackGroupIDOnInvalidRequest, group.FieldSortOrder:
+		case group.FieldID, group.FieldDefaultValidityDays, group.FieldFallbackGroupID, group.FieldFallbackGroupIDOnInvalidRequest, group.FieldSortOrder:
 			values[i] = new(sql.NullInt64)
 		case group.FieldName, group.FieldDescription, group.FieldStatus, group.FieldPlatform, group.FieldSubscriptionType, group.FieldDefaultMappedModel:
 			values[i] = new(sql.NullString)
@ -331,40 +325,6 @@ func (_m *Group) assignValues(columns []string, values []any) error {
 				_m.ImagePrice4k = new(float64)
 				*_m.ImagePrice4k = value.Float64
 			}
 		case group.FieldSoraImagePrice360:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_image_price_360", values[i])
 			} else if value.Valid {
 				_m.SoraImagePrice360 = new(float64)
 				*_m.SoraImagePrice360 = value.Float64
 			}
 		case group.FieldSoraImagePrice540:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_image_price_540", values[i])
 			} else if value.Valid {
 				_m.SoraImagePrice540 = new(float64)
 				*_m.SoraImagePrice540 = value.Float64
 			}
 		case group.FieldSoraVideoPricePerRequest:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_video_price_per_request", values[i])
 			} else if value.Valid {
 				_m.SoraVideoPricePerRequest = new(float64)
 				*_m.SoraVideoPricePerRequest = value.Float64
 			}
 		case group.FieldSoraVideoPricePerRequestHd:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_video_price_per_request_hd", values[i])
 			} else if value.Valid {
 				_m.SoraVideoPricePerRequestHd = new(float64)
 				*_m.SoraVideoPricePerRequestHd = value.Float64
 			}
 		case group.FieldSoraStorageQuotaBytes:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_storage_quota_bytes", values[i])
 			} else if value.Valid {
 				_m.SoraStorageQuotaBytes = value.Int64
 			}
 		case group.FieldClaudeCodeOnly:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field claude_code_only", values[i])
@ -425,6 +385,18 @@ func (_m *Group) assignValues(columns []string, values []any) error {
 			} else if value.Valid {
 				_m.AllowMessagesDispatch = value.Bool
 			}
 		case group.FieldRequireOauthOnly:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field require_oauth_only", values[i])
 			} else if value.Valid {
 				_m.RequireOauthOnly = value.Bool
 			}
 		case group.FieldRequirePrivacySet:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field require_privacy_set", values[i])
 			} else if value.Valid {
 				_m.RequirePrivacySet = value.Bool
 			}
 		case group.FieldDefaultMappedModel:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field default_mapped_model", values[i])
@ -574,29 +546,6 @@ func (_m *Group) String() string {
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.SoraImagePrice360; v != nil {
 		builder.WriteString("sora_image_price_360=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.SoraImagePrice540; v != nil {
 		builder.WriteString("sora_image_price_540=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.SoraVideoPricePerRequest; v != nil {
 		builder.WriteString("sora_video_price_per_request=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.SoraVideoPricePerRequestHd; v != nil {
 		builder.WriteString("sora_video_price_per_request_hd=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	builder.WriteString("sora_storage_quota_bytes=")
 	builder.WriteString(fmt.Sprintf("%v", _m.SoraStorageQuotaBytes))
 	builder.WriteString(", ")
 	builder.WriteString("claude_code_only=")
 	builder.WriteString(fmt.Sprintf("%v", _m.ClaudeCodeOnly))
 	builder.WriteString(", ")
@ -628,6 +577,12 @@ func (_m *Group) String() string {
 	builder.WriteString("allow_messages_dispatch=")
 	builder.WriteString(fmt.Sprintf("%v", _m.AllowMessagesDispatch))
 	builder.WriteString(", ")
 	builder.WriteString("require_oauth_only=")
 	builder.WriteString(fmt.Sprintf("%v", _m.RequireOauthOnly))
 	builder.WriteString(", ")
 	builder.WriteString("require_privacy_set=")
 	builder.WriteString(fmt.Sprintf("%v", _m.RequirePrivacySet))
 	builder.WriteString(", ")
 	builder.WriteString("default_mapped_model=")
 	builder.WriteString(_m.DefaultMappedModel)
 	builder.WriteByte(')')
--- a/backend/ent/group/group.go
+++ b/backend/ent/group/group.go
@ -49,16 +49,6 @@ const (
 	FieldImagePrice2k = "image_price_2k"
 	// FieldImagePrice4k holds the string denoting the image_price_4k field in the database.
 	FieldImagePrice4k = "image_price_4k"
 	// FieldSoraImagePrice360 holds the string denoting the sora_image_price_360 field in the database.
 	FieldSoraImagePrice360 = "sora_image_price_360"
 	// FieldSoraImagePrice540 holds the string denoting the sora_image_price_540 field in the database.
 	FieldSoraImagePrice540 = "sora_image_price_540"
 	// FieldSoraVideoPricePerRequest holds the string denoting the sora_video_price_per_request field in the database.
 	FieldSoraVideoPricePerRequest = "sora_video_price_per_request"
 	// FieldSoraVideoPricePerRequestHd holds the string denoting the sora_video_price_per_request_hd field in the database.
 	FieldSoraVideoPricePerRequestHd = "sora_video_price_per_request_hd"
 	// FieldSoraStorageQuotaBytes holds the string denoting the sora_storage_quota_bytes field in the database.
 	FieldSoraStorageQuotaBytes = "sora_storage_quota_bytes"
 	// FieldClaudeCodeOnly holds the string denoting the claude_code_only field in the database.
 	FieldClaudeCodeOnly = "claude_code_only"
 	// FieldFallbackGroupID holds the string denoting the fallback_group_id field in the database.
@ -77,6 +67,10 @@ const (
 	FieldSortOrder = "sort_order"
 	// FieldAllowMessagesDispatch holds the string denoting the allow_messages_dispatch field in the database.
 	FieldAllowMessagesDispatch = "allow_messages_dispatch"
 	// FieldRequireOauthOnly holds the string denoting the require_oauth_only field in the database.
 	FieldRequireOauthOnly = "require_oauth_only"
 	// FieldRequirePrivacySet holds the string denoting the require_privacy_set field in the database.
 	FieldRequirePrivacySet = "require_privacy_set"
 	// FieldDefaultMappedModel holds the string denoting the default_mapped_model field in the database.
 	FieldDefaultMappedModel = "default_mapped_model"
 	// EdgeAPIKeys holds the string denoting the api_keys edge name in mutations.
@ -171,11 +165,6 @@ var Columns = []string{
 	FieldImagePrice1k,
 	FieldImagePrice2k,
 	FieldImagePrice4k,
 	FieldSoraImagePrice360,
 	FieldSoraImagePrice540,
 	FieldSoraVideoPricePerRequest,
 	FieldSoraVideoPricePerRequestHd,
 	FieldSoraStorageQuotaBytes,
 	FieldClaudeCodeOnly,
 	FieldFallbackGroupID,
 	FieldFallbackGroupIDOnInvalidRequest,
@ -185,6 +174,8 @@ var Columns = []string{
 	FieldSupportedModelScopes,
 	FieldSortOrder,
 	FieldAllowMessagesDispatch,
 	FieldRequireOauthOnly,
 	FieldRequirePrivacySet,
 	FieldDefaultMappedModel,
 }
@ -241,8 +232,6 @@ var (
 	SubscriptionTypeValidator func(string) error
 	// DefaultDefaultValidityDays holds the default value on creation for the "default_validity_days" field.
 	DefaultDefaultValidityDays int
 	// DefaultSoraStorageQuotaBytes holds the default value on creation for the "sora_storage_quota_bytes" field.
 	DefaultSoraStorageQuotaBytes int64
 	// DefaultClaudeCodeOnly holds the default value on creation for the "claude_code_only" field.
 	DefaultClaudeCodeOnly bool
 	// DefaultModelRoutingEnabled holds the default value on creation for the "model_routing_enabled" field.
@ -255,6 +244,10 @@ var (
 	DefaultSortOrder int
 	// DefaultAllowMessagesDispatch holds the default value on creation for the "allow_messages_dispatch" field.
 	DefaultAllowMessagesDispatch bool
 	// DefaultRequireOauthOnly holds the default value on creation for the "require_oauth_only" field.
 	DefaultRequireOauthOnly bool
 	// DefaultRequirePrivacySet holds the default value on creation for the "require_privacy_set" field.
 	DefaultRequirePrivacySet bool
 	// DefaultDefaultMappedModel holds the default value on creation for the "default_mapped_model" field.
 	DefaultDefaultMappedModel string
 	// DefaultMappedModelValidator is a validator for the "default_mapped_model" field. It is called by the builders before save.
@ -354,31 +347,6 @@ func ByImagePrice4k(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldImagePrice4k, opts...).ToFunc()
 }
 // BySoraImagePrice360 orders the results by the sora_image_price_360 field.
 func BySoraImagePrice360(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraImagePrice360, opts...).ToFunc()
 }
 // BySoraImagePrice540 orders the results by the sora_image_price_540 field.
 func BySoraImagePrice540(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraImagePrice540, opts...).ToFunc()
 }
 // BySoraVideoPricePerRequest orders the results by the sora_video_price_per_request field.
 func BySoraVideoPricePerRequest(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraVideoPricePerRequest, opts...).ToFunc()
 }
 // BySoraVideoPricePerRequestHd orders the results by the sora_video_price_per_request_hd field.
 func BySoraVideoPricePerRequestHd(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraVideoPricePerRequestHd, opts...).ToFunc()
 }
 // BySoraStorageQuotaBytes orders the results by the sora_storage_quota_bytes field.
 func BySoraStorageQuotaBytes(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraStorageQuotaBytes, opts...).ToFunc()
 }
 // ByClaudeCodeOnly orders the results by the claude_code_only field.
 func ByClaudeCodeOnly(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldClaudeCodeOnly, opts...).ToFunc()
@ -414,6 +382,16 @@ func ByAllowMessagesDispatch(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldAllowMessagesDispatch, opts...).ToFunc()
 }
 // ByRequireOauthOnly orders the results by the require_oauth_only field.
 func ByRequireOauthOnly(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldRequireOauthOnly, opts...).ToFunc()
 }
 // ByRequirePrivacySet orders the results by the require_privacy_set field.
 func ByRequirePrivacySet(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldRequirePrivacySet, opts...).ToFunc()
 }
 // ByDefaultMappedModel orders the results by the default_mapped_model field.
 func ByDefaultMappedModel(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldDefaultMappedModel, opts...).ToFunc()
--- a/backend/ent/group/where.go
+++ b/backend/ent/group/where.go
@ -140,31 +140,6 @@ func ImagePrice4k(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldImagePrice4k, v))
 }
 // SoraImagePrice360 applies equality check predicate on the "sora_image_price_360" field. It's identical to SoraImagePrice360EQ.
 func SoraImagePrice360(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice540 applies equality check predicate on the "sora_image_price_540" field. It's identical to SoraImagePrice540EQ.
 func SoraImagePrice540(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraImagePrice540, v))
 }
 // SoraVideoPricePerRequest applies equality check predicate on the "sora_video_price_per_request" field. It's identical to SoraVideoPricePerRequestEQ.
 func SoraVideoPricePerRequest(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestHd applies equality check predicate on the "sora_video_price_per_request_hd" field. It's identical to SoraVideoPricePerRequestHdEQ.
 func SoraVideoPricePerRequestHd(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraStorageQuotaBytes applies equality check predicate on the "sora_storage_quota_bytes" field. It's identical to SoraStorageQuotaBytesEQ.
 func SoraStorageQuotaBytes(v int64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraStorageQuotaBytes, v))
 }
 // ClaudeCodeOnly applies equality check predicate on the "claude_code_only" field. It's identical to ClaudeCodeOnlyEQ.
 func ClaudeCodeOnly(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldClaudeCodeOnly, v))
@ -200,6 +175,16 @@ func AllowMessagesDispatch(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldAllowMessagesDispatch, v))
 }
 // RequireOauthOnly applies equality check predicate on the "require_oauth_only" field. It's identical to RequireOauthOnlyEQ.
 func RequireOauthOnly(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldRequireOauthOnly, v))
 }
 // RequirePrivacySet applies equality check predicate on the "require_privacy_set" field. It's identical to RequirePrivacySetEQ.
 func RequirePrivacySet(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldRequirePrivacySet, v))
 }
 // DefaultMappedModel applies equality check predicate on the "default_mapped_model" field. It's identical to DefaultMappedModelEQ.
 func DefaultMappedModel(v string) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldDefaultMappedModel, v))
@ -1060,246 +1045,6 @@ func ImagePrice4kNotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldImagePrice4k))
 }
 // SoraImagePrice360EQ applies the EQ predicate on the "sora_image_price_360" field.
 func SoraImagePrice360EQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360NEQ applies the NEQ predicate on the "sora_image_price_360" field.
 func SoraImagePrice360NEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360In applies the In predicate on the "sora_image_price_360" field.
 func SoraImagePrice360In(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSoraImagePrice360, vs...))
 }
 // SoraImagePrice360NotIn applies the NotIn predicate on the "sora_image_price_360" field.
 func SoraImagePrice360NotIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSoraImagePrice360, vs...))
 }
 // SoraImagePrice360GT applies the GT predicate on the "sora_image_price_360" field.
 func SoraImagePrice360GT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360GTE applies the GTE predicate on the "sora_image_price_360" field.
 func SoraImagePrice360GTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360LT applies the LT predicate on the "sora_image_price_360" field.
 func SoraImagePrice360LT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360LTE applies the LTE predicate on the "sora_image_price_360" field.
 func SoraImagePrice360LTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360IsNil applies the IsNil predicate on the "sora_image_price_360" field.
 func SoraImagePrice360IsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldSoraImagePrice360))
 }
 // SoraImagePrice360NotNil applies the NotNil predicate on the "sora_image_price_360" field.
 func SoraImagePrice360NotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldSoraImagePrice360))
 }
 // SoraImagePrice540EQ applies the EQ predicate on the "sora_image_price_540" field.
 func SoraImagePrice540EQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540NEQ applies the NEQ predicate on the "sora_image_price_540" field.
 func SoraImagePrice540NEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540In applies the In predicate on the "sora_image_price_540" field.
 func SoraImagePrice540In(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSoraImagePrice540, vs...))
 }
 // SoraImagePrice540NotIn applies the NotIn predicate on the "sora_image_price_540" field.
 func SoraImagePrice540NotIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSoraImagePrice540, vs...))
 }
 // SoraImagePrice540GT applies the GT predicate on the "sora_image_price_540" field.
 func SoraImagePrice540GT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540GTE applies the GTE predicate on the "sora_image_price_540" field.
 func SoraImagePrice540GTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540LT applies the LT predicate on the "sora_image_price_540" field.
 func SoraImagePrice540LT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540LTE applies the LTE predicate on the "sora_image_price_540" field.
 func SoraImagePrice540LTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540IsNil applies the IsNil predicate on the "sora_image_price_540" field.
 func SoraImagePrice540IsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldSoraImagePrice540))
 }
 // SoraImagePrice540NotNil applies the NotNil predicate on the "sora_image_price_540" field.
 func SoraImagePrice540NotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldSoraImagePrice540))
 }
 // SoraVideoPricePerRequestEQ applies the EQ predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestNEQ applies the NEQ predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestNEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestIn applies the In predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSoraVideoPricePerRequest, vs...))
 }
 // SoraVideoPricePerRequestNotIn applies the NotIn predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestNotIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSoraVideoPricePerRequest, vs...))
 }
 // SoraVideoPricePerRequestGT applies the GT predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestGT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestGTE applies the GTE predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestGTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestLT applies the LT predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestLT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestLTE applies the LTE predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestLTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestIsNil applies the IsNil predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestIsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldSoraVideoPricePerRequest))
 }
 // SoraVideoPricePerRequestNotNil applies the NotNil predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestNotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldSoraVideoPricePerRequest))
 }
 // SoraVideoPricePerRequestHdEQ applies the EQ predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdNEQ applies the NEQ predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdNEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdIn applies the In predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSoraVideoPricePerRequestHd, vs...))
 }
 // SoraVideoPricePerRequestHdNotIn applies the NotIn predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdNotIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSoraVideoPricePerRequestHd, vs...))
 }
 // SoraVideoPricePerRequestHdGT applies the GT predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdGT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdGTE applies the GTE predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdGTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdLT applies the LT predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdLT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdLTE applies the LTE predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdLTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdIsNil applies the IsNil predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdIsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldSoraVideoPricePerRequestHd))
 }
 // SoraVideoPricePerRequestHdNotNil applies the NotNil predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdNotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldSoraVideoPricePerRequestHd))
 }
 // SoraStorageQuotaBytesEQ applies the EQ predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesEQ(v int64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesNEQ applies the NEQ predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesNEQ(v int64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesIn applies the In predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesIn(vs ...int64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSoraStorageQuotaBytes, vs...))
 }
 // SoraStorageQuotaBytesNotIn applies the NotIn predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesNotIn(vs ...int64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSoraStorageQuotaBytes, vs...))
 }
 // SoraStorageQuotaBytesGT applies the GT predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesGT(v int64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesGTE applies the GTE predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesGTE(v int64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesLT applies the LT predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesLT(v int64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesLTE applies the LTE predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesLTE(v int64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSoraStorageQuotaBytes, v))
 }
 // ClaudeCodeOnlyEQ applies the EQ predicate on the "claude_code_only" field.
 func ClaudeCodeOnlyEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldClaudeCodeOnly, v))
@ -1490,6 +1235,26 @@ func AllowMessagesDispatchNEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldAllowMessagesDispatch, v))
 }
 // RequireOauthOnlyEQ applies the EQ predicate on the "require_oauth_only" field.
 func RequireOauthOnlyEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldRequireOauthOnly, v))
 }
 // RequireOauthOnlyNEQ applies the NEQ predicate on the "require_oauth_only" field.
 func RequireOauthOnlyNEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldRequireOauthOnly, v))
 }
 // RequirePrivacySetEQ applies the EQ predicate on the "require_privacy_set" field.
 func RequirePrivacySetEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldRequirePrivacySet, v))
 }
 // RequirePrivacySetNEQ applies the NEQ predicate on the "require_privacy_set" field.
 func RequirePrivacySetNEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldRequirePrivacySet, v))
 }
 // DefaultMappedModelEQ applies the EQ predicate on the "default_mapped_model" field.
 func DefaultMappedModelEQ(v string) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldDefaultMappedModel, v))
--- a/backend/ent/group_create.go
+++ b/backend/ent/group_create.go
@ -258,76 +258,6 @@ func (_c *GroupCreate) SetNillableImagePrice4k(v *float64) *GroupCreate {
 	return _c
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (_c *GroupCreate) SetSoraImagePrice360(v float64) *GroupCreate {
 	_c.mutation.SetSoraImagePrice360(v)
 	return _c
 }
 // SetNillableSoraImagePrice360 sets the "sora_image_price_360" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSoraImagePrice360(v *float64) *GroupCreate {
 	if v != nil {
 		_c.SetSoraImagePrice360(*v)
 	}
 	return _c
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (_c *GroupCreate) SetSoraImagePrice540(v float64) *GroupCreate {
 	_c.mutation.SetSoraImagePrice540(v)
 	return _c
 }
 // SetNillableSoraImagePrice540 sets the "sora_image_price_540" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSoraImagePrice540(v *float64) *GroupCreate {
 	if v != nil {
 		_c.SetSoraImagePrice540(*v)
 	}
 	return _c
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (_c *GroupCreate) SetSoraVideoPricePerRequest(v float64) *GroupCreate {
 	_c.mutation.SetSoraVideoPricePerRequest(v)
 	return _c
 }
 // SetNillableSoraVideoPricePerRequest sets the "sora_video_price_per_request" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSoraVideoPricePerRequest(v *float64) *GroupCreate {
 	if v != nil {
 		_c.SetSoraVideoPricePerRequest(*v)
 	}
 	return _c
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (_c *GroupCreate) SetSoraVideoPricePerRequestHd(v float64) *GroupCreate {
 	_c.mutation.SetSoraVideoPricePerRequestHd(v)
 	return _c
 }
 // SetNillableSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSoraVideoPricePerRequestHd(v *float64) *GroupCreate {
 	if v != nil {
 		_c.SetSoraVideoPricePerRequestHd(*v)
 	}
 	return _c
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (_c *GroupCreate) SetSoraStorageQuotaBytes(v int64) *GroupCreate {
 	_c.mutation.SetSoraStorageQuotaBytes(v)
 	return _c
 }
 // SetNillableSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSoraStorageQuotaBytes(v *int64) *GroupCreate {
 	if v != nil {
 		_c.SetSoraStorageQuotaBytes(*v)
 	}
 	return _c
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (_c *GroupCreate) SetClaudeCodeOnly(v bool) *GroupCreate {
 	_c.mutation.SetClaudeCodeOnly(v)
@ -438,6 +368,34 @@ func (_c *GroupCreate) SetNillableAllowMessagesDispatch(v *bool) *GroupCreate {
 	return _c
 }
 // SetRequireOauthOnly sets the "require_oauth_only" field.
 func (_c *GroupCreate) SetRequireOauthOnly(v bool) *GroupCreate {
 	_c.mutation.SetRequireOauthOnly(v)
 	return _c
 }
 // SetNillableRequireOauthOnly sets the "require_oauth_only" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableRequireOauthOnly(v *bool) *GroupCreate {
 	if v != nil {
 		_c.SetRequireOauthOnly(*v)
 	}
 	return _c
 }
 // SetRequirePrivacySet sets the "require_privacy_set" field.
 func (_c *GroupCreate) SetRequirePrivacySet(v bool) *GroupCreate {
 	_c.mutation.SetRequirePrivacySet(v)
 	return _c
 }
 // SetNillableRequirePrivacySet sets the "require_privacy_set" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableRequirePrivacySet(v *bool) *GroupCreate {
 	if v != nil {
 		_c.SetRequirePrivacySet(*v)
 	}
 	return _c
 }
 // SetDefaultMappedModel sets the "default_mapped_model" field.
 func (_c *GroupCreate) SetDefaultMappedModel(v string) *GroupCreate {
 	_c.mutation.SetDefaultMappedModel(v)
@ -617,10 +575,6 @@ func (_c *GroupCreate) defaults() error {
 		v := group.DefaultDefaultValidityDays
 		_c.mutation.SetDefaultValidityDays(v)
 	}
 	if _, ok := _c.mutation.SoraStorageQuotaBytes(); !ok {
 		v := group.DefaultSoraStorageQuotaBytes
 		_c.mutation.SetSoraStorageQuotaBytes(v)
 	}
 	if _, ok := _c.mutation.ClaudeCodeOnly(); !ok {
 		v := group.DefaultClaudeCodeOnly
 		_c.mutation.SetClaudeCodeOnly(v)
@ -645,6 +599,14 @@ func (_c *GroupCreate) defaults() error {
 		v := group.DefaultAllowMessagesDispatch
 		_c.mutation.SetAllowMessagesDispatch(v)
 	}
 	if _, ok := _c.mutation.RequireOauthOnly(); !ok {
 		v := group.DefaultRequireOauthOnly
 		_c.mutation.SetRequireOauthOnly(v)
 	}
 	if _, ok := _c.mutation.RequirePrivacySet(); !ok {
 		v := group.DefaultRequirePrivacySet
 		_c.mutation.SetRequirePrivacySet(v)
 	}
 	if _, ok := _c.mutation.DefaultMappedModel(); !ok {
 		v := group.DefaultDefaultMappedModel
 		_c.mutation.SetDefaultMappedModel(v)
@ -701,9 +663,6 @@ func (_c *GroupCreate) check() error {
 	if _, ok := _c.mutation.DefaultValidityDays(); !ok {
 		return &ValidationError{Name: "default_validity_days", err: errors.New(`ent: missing required field "Group.default_validity_days"`)}
 	}
 	if _, ok := _c.mutation.SoraStorageQuotaBytes(); !ok {
 		return &ValidationError{Name: "sora_storage_quota_bytes", err: errors.New(`ent: missing required field "Group.sora_storage_quota_bytes"`)}
 	}
 	if _, ok := _c.mutation.ClaudeCodeOnly(); !ok {
 		return &ValidationError{Name: "claude_code_only", err: errors.New(`ent: missing required field "Group.claude_code_only"`)}
 	}
@ -722,6 +681,12 @@ func (_c *GroupCreate) check() error {
 	if _, ok := _c.mutation.AllowMessagesDispatch(); !ok {
 		return &ValidationError{Name: "allow_messages_dispatch", err: errors.New(`ent: missing required field "Group.allow_messages_dispatch"`)}
 	}
 	if _, ok := _c.mutation.RequireOauthOnly(); !ok {
 		return &ValidationError{Name: "require_oauth_only", err: errors.New(`ent: missing required field "Group.require_oauth_only"`)}
 	}
 	if _, ok := _c.mutation.RequirePrivacySet(); !ok {
 		return &ValidationError{Name: "require_privacy_set", err: errors.New(`ent: missing required field "Group.require_privacy_set"`)}
 	}
 	if _, ok := _c.mutation.DefaultMappedModel(); !ok {
 		return &ValidationError{Name: "default_mapped_model", err: errors.New(`ent: missing required field "Group.default_mapped_model"`)}
 	}
@ -825,26 +790,6 @@ func (_c *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		_spec.SetField(group.FieldImagePrice4k, field.TypeFloat64, value)
 		_node.ImagePrice4k = &value
 	}
 	if value, ok := _c.mutation.SoraImagePrice360(); ok {
 		_spec.SetField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 		_node.SoraImagePrice360 = &value
 	}
 	if value, ok := _c.mutation.SoraImagePrice540(); ok {
 		_spec.SetField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 		_node.SoraImagePrice540 = &value
 	}
 	if value, ok := _c.mutation.SoraVideoPricePerRequest(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 		_node.SoraVideoPricePerRequest = &value
 	}
 	if value, ok := _c.mutation.SoraVideoPricePerRequestHd(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 		_node.SoraVideoPricePerRequestHd = &value
 	}
 	if value, ok := _c.mutation.SoraStorageQuotaBytes(); ok {
 		_spec.SetField(group.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 		_node.SoraStorageQuotaBytes = value
 	}
 	if value, ok := _c.mutation.ClaudeCodeOnly(); ok {
 		_spec.SetField(group.FieldClaudeCodeOnly, field.TypeBool, value)
 		_node.ClaudeCodeOnly = value
@ -881,6 +826,14 @@ func (_c *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		_spec.SetField(group.FieldAllowMessagesDispatch, field.TypeBool, value)
 		_node.AllowMessagesDispatch = value
 	}
 	if value, ok := _c.mutation.RequireOauthOnly(); ok {
 		_spec.SetField(group.FieldRequireOauthOnly, field.TypeBool, value)
 		_node.RequireOauthOnly = value
 	}
 	if value, ok := _c.mutation.RequirePrivacySet(); ok {
 		_spec.SetField(group.FieldRequirePrivacySet, field.TypeBool, value)
 		_node.RequirePrivacySet = value
 	}
 	if value, ok := _c.mutation.DefaultMappedModel(); ok {
 		_spec.SetField(group.FieldDefaultMappedModel, field.TypeString, value)
 		_node.DefaultMappedModel = value
@ -1329,120 +1282,6 @@ func (u *GroupUpsert) ClearImagePrice4k() *GroupUpsert {
 	return u
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (u *GroupUpsert) SetSoraImagePrice360(v float64) *GroupUpsert {
 	u.Set(group.FieldSoraImagePrice360, v)
 	return u
 }
 // UpdateSoraImagePrice360 sets the "sora_image_price_360" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSoraImagePrice360() *GroupUpsert {
 	u.SetExcluded(group.FieldSoraImagePrice360)
 	return u
 }
 // AddSoraImagePrice360 adds v to the "sora_image_price_360" field.
 func (u *GroupUpsert) AddSoraImagePrice360(v float64) *GroupUpsert {
 	u.Add(group.FieldSoraImagePrice360, v)
 	return u
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (u *GroupUpsert) ClearSoraImagePrice360() *GroupUpsert {
 	u.SetNull(group.FieldSoraImagePrice360)
 	return u
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (u *GroupUpsert) SetSoraImagePrice540(v float64) *GroupUpsert {
 	u.Set(group.FieldSoraImagePrice540, v)
 	return u
 }
 // UpdateSoraImagePrice540 sets the "sora_image_price_540" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSoraImagePrice540() *GroupUpsert {
 	u.SetExcluded(group.FieldSoraImagePrice540)
 	return u
 }
 // AddSoraImagePrice540 adds v to the "sora_image_price_540" field.
 func (u *GroupUpsert) AddSoraImagePrice540(v float64) *GroupUpsert {
 	u.Add(group.FieldSoraImagePrice540, v)
 	return u
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (u *GroupUpsert) ClearSoraImagePrice540() *GroupUpsert {
 	u.SetNull(group.FieldSoraImagePrice540)
 	return u
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (u *GroupUpsert) SetSoraVideoPricePerRequest(v float64) *GroupUpsert {
 	u.Set(group.FieldSoraVideoPricePerRequest, v)
 	return u
 }
 // UpdateSoraVideoPricePerRequest sets the "sora_video_price_per_request" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSoraVideoPricePerRequest() *GroupUpsert {
 	u.SetExcluded(group.FieldSoraVideoPricePerRequest)
 	return u
 }
 // AddSoraVideoPricePerRequest adds v to the "sora_video_price_per_request" field.
 func (u *GroupUpsert) AddSoraVideoPricePerRequest(v float64) *GroupUpsert {
 	u.Add(group.FieldSoraVideoPricePerRequest, v)
 	return u
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (u *GroupUpsert) ClearSoraVideoPricePerRequest() *GroupUpsert {
 	u.SetNull(group.FieldSoraVideoPricePerRequest)
 	return u
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsert) SetSoraVideoPricePerRequestHd(v float64) *GroupUpsert {
 	u.Set(group.FieldSoraVideoPricePerRequestHd, v)
 	return u
 }
 // UpdateSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSoraVideoPricePerRequestHd() *GroupUpsert {
 	u.SetExcluded(group.FieldSoraVideoPricePerRequestHd)
 	return u
 }
 // AddSoraVideoPricePerRequestHd adds v to the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsert) AddSoraVideoPricePerRequestHd(v float64) *GroupUpsert {
 	u.Add(group.FieldSoraVideoPricePerRequestHd, v)
 	return u
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsert) ClearSoraVideoPricePerRequestHd() *GroupUpsert {
 	u.SetNull(group.FieldSoraVideoPricePerRequestHd)
 	return u
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (u *GroupUpsert) SetSoraStorageQuotaBytes(v int64) *GroupUpsert {
 	u.Set(group.FieldSoraStorageQuotaBytes, v)
 	return u
 }
 // UpdateSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSoraStorageQuotaBytes() *GroupUpsert {
 	u.SetExcluded(group.FieldSoraStorageQuotaBytes)
 	return u
 }
 // AddSoraStorageQuotaBytes adds v to the "sora_storage_quota_bytes" field.
 func (u *GroupUpsert) AddSoraStorageQuotaBytes(v int64) *GroupUpsert {
 	u.Add(group.FieldSoraStorageQuotaBytes, v)
 	return u
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (u *GroupUpsert) SetClaudeCodeOnly(v bool) *GroupUpsert {
 	u.Set(group.FieldClaudeCodeOnly, v)
@ -1587,6 +1426,30 @@ func (u *GroupUpsert) UpdateAllowMessagesDispatch() *GroupUpsert {
 	return u
 }
 // SetRequireOauthOnly sets the "require_oauth_only" field.
 func (u *GroupUpsert) SetRequireOauthOnly(v bool) *GroupUpsert {
 	u.Set(group.FieldRequireOauthOnly, v)
 	return u
 }
 // UpdateRequireOauthOnly sets the "require_oauth_only" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateRequireOauthOnly() *GroupUpsert {
 	u.SetExcluded(group.FieldRequireOauthOnly)
 	return u
 }
 // SetRequirePrivacySet sets the "require_privacy_set" field.
 func (u *GroupUpsert) SetRequirePrivacySet(v bool) *GroupUpsert {
 	u.Set(group.FieldRequirePrivacySet, v)
 	return u
 }
 // UpdateRequirePrivacySet sets the "require_privacy_set" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateRequirePrivacySet() *GroupUpsert {
 	u.SetExcluded(group.FieldRequirePrivacySet)
 	return u
 }
 // SetDefaultMappedModel sets the "default_mapped_model" field.
 func (u *GroupUpsert) SetDefaultMappedModel(v string) *GroupUpsert {
 	u.Set(group.FieldDefaultMappedModel, v)
@ -1980,139 +1843,6 @@ func (u *GroupUpsertOne) ClearImagePrice4k() *GroupUpsertOne {
 	})
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (u *GroupUpsertOne) SetSoraImagePrice360(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraImagePrice360(v)
 	})
 }
 // AddSoraImagePrice360 adds v to the "sora_image_price_360" field.
 func (u *GroupUpsertOne) AddSoraImagePrice360(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraImagePrice360(v)
 	})
 }
 // UpdateSoraImagePrice360 sets the "sora_image_price_360" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSoraImagePrice360() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraImagePrice360()
 	})
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (u *GroupUpsertOne) ClearSoraImagePrice360() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraImagePrice360()
 	})
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (u *GroupUpsertOne) SetSoraImagePrice540(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraImagePrice540(v)
 	})
 }
 // AddSoraImagePrice540 adds v to the "sora_image_price_540" field.
 func (u *GroupUpsertOne) AddSoraImagePrice540(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraImagePrice540(v)
 	})
 }
 // UpdateSoraImagePrice540 sets the "sora_image_price_540" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSoraImagePrice540() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraImagePrice540()
 	})
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (u *GroupUpsertOne) ClearSoraImagePrice540() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraImagePrice540()
 	})
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (u *GroupUpsertOne) SetSoraVideoPricePerRequest(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraVideoPricePerRequest(v)
 	})
 }
 // AddSoraVideoPricePerRequest adds v to the "sora_video_price_per_request" field.
 func (u *GroupUpsertOne) AddSoraVideoPricePerRequest(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraVideoPricePerRequest(v)
 	})
 }
 // UpdateSoraVideoPricePerRequest sets the "sora_video_price_per_request" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSoraVideoPricePerRequest() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraVideoPricePerRequest()
 	})
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (u *GroupUpsertOne) ClearSoraVideoPricePerRequest() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraVideoPricePerRequest()
 	})
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertOne) SetSoraVideoPricePerRequestHd(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraVideoPricePerRequestHd(v)
 	})
 }
 // AddSoraVideoPricePerRequestHd adds v to the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertOne) AddSoraVideoPricePerRequestHd(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraVideoPricePerRequestHd(v)
 	})
 }
 // UpdateSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSoraVideoPricePerRequestHd() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraVideoPricePerRequestHd()
 	})
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertOne) ClearSoraVideoPricePerRequestHd() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraVideoPricePerRequestHd()
 	})
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (u *GroupUpsertOne) SetSoraStorageQuotaBytes(v int64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraStorageQuotaBytes(v)
 	})
 }
 // AddSoraStorageQuotaBytes adds v to the "sora_storage_quota_bytes" field.
 func (u *GroupUpsertOne) AddSoraStorageQuotaBytes(v int64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraStorageQuotaBytes(v)
 	})
 }
 // UpdateSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSoraStorageQuotaBytes() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraStorageQuotaBytes()
 	})
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (u *GroupUpsertOne) SetClaudeCodeOnly(v bool) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
@ -2281,6 +2011,34 @@ func (u *GroupUpsertOne) UpdateAllowMessagesDispatch() *GroupUpsertOne {
 	})
 }
 // SetRequireOauthOnly sets the "require_oauth_only" field.
 func (u *GroupUpsertOne) SetRequireOauthOnly(v bool) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetRequireOauthOnly(v)
 	})
 }
 // UpdateRequireOauthOnly sets the "require_oauth_only" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateRequireOauthOnly() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateRequireOauthOnly()
 	})
 }
 // SetRequirePrivacySet sets the "require_privacy_set" field.
 func (u *GroupUpsertOne) SetRequirePrivacySet(v bool) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetRequirePrivacySet(v)
 	})
 }
 // UpdateRequirePrivacySet sets the "require_privacy_set" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateRequirePrivacySet() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateRequirePrivacySet()
 	})
 }
 // SetDefaultMappedModel sets the "default_mapped_model" field.
 func (u *GroupUpsertOne) SetDefaultMappedModel(v string) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
@ -2842,139 +2600,6 @@ func (u *GroupUpsertBulk) ClearImagePrice4k() *GroupUpsertBulk {
 	})
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (u *GroupUpsertBulk) SetSoraImagePrice360(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraImagePrice360(v)
 	})
 }
 // AddSoraImagePrice360 adds v to the "sora_image_price_360" field.
 func (u *GroupUpsertBulk) AddSoraImagePrice360(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraImagePrice360(v)
 	})
 }
 // UpdateSoraImagePrice360 sets the "sora_image_price_360" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSoraImagePrice360() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraImagePrice360()
 	})
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (u *GroupUpsertBulk) ClearSoraImagePrice360() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraImagePrice360()
 	})
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (u *GroupUpsertBulk) SetSoraImagePrice540(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraImagePrice540(v)
 	})
 }
 // AddSoraImagePrice540 adds v to the "sora_image_price_540" field.
 func (u *GroupUpsertBulk) AddSoraImagePrice540(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraImagePrice540(v)
 	})
 }
 // UpdateSoraImagePrice540 sets the "sora_image_price_540" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSoraImagePrice540() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraImagePrice540()
 	})
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (u *GroupUpsertBulk) ClearSoraImagePrice540() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraImagePrice540()
 	})
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (u *GroupUpsertBulk) SetSoraVideoPricePerRequest(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraVideoPricePerRequest(v)
 	})
 }
 // AddSoraVideoPricePerRequest adds v to the "sora_video_price_per_request" field.
 func (u *GroupUpsertBulk) AddSoraVideoPricePerRequest(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraVideoPricePerRequest(v)
 	})
 }
 // UpdateSoraVideoPricePerRequest sets the "sora_video_price_per_request" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSoraVideoPricePerRequest() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraVideoPricePerRequest()
 	})
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (u *GroupUpsertBulk) ClearSoraVideoPricePerRequest() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraVideoPricePerRequest()
 	})
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertBulk) SetSoraVideoPricePerRequestHd(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraVideoPricePerRequestHd(v)
 	})
 }
 // AddSoraVideoPricePerRequestHd adds v to the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertBulk) AddSoraVideoPricePerRequestHd(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraVideoPricePerRequestHd(v)
 	})
 }
 // UpdateSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSoraVideoPricePerRequestHd() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraVideoPricePerRequestHd()
 	})
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertBulk) ClearSoraVideoPricePerRequestHd() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraVideoPricePerRequestHd()
 	})
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (u *GroupUpsertBulk) SetSoraStorageQuotaBytes(v int64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraStorageQuotaBytes(v)
 	})
 }
 // AddSoraStorageQuotaBytes adds v to the "sora_storage_quota_bytes" field.
 func (u *GroupUpsertBulk) AddSoraStorageQuotaBytes(v int64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraStorageQuotaBytes(v)
 	})
 }
 // UpdateSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSoraStorageQuotaBytes() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraStorageQuotaBytes()
 	})
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (u *GroupUpsertBulk) SetClaudeCodeOnly(v bool) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
@ -3143,6 +2768,34 @@ func (u *GroupUpsertBulk) UpdateAllowMessagesDispatch() *GroupUpsertBulk {
 	})
 }
 // SetRequireOauthOnly sets the "require_oauth_only" field.
 func (u *GroupUpsertBulk) SetRequireOauthOnly(v bool) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetRequireOauthOnly(v)
 	})
 }
 // UpdateRequireOauthOnly sets the "require_oauth_only" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateRequireOauthOnly() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateRequireOauthOnly()
 	})
 }
 // SetRequirePrivacySet sets the "require_privacy_set" field.
 func (u *GroupUpsertBulk) SetRequirePrivacySet(v bool) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetRequirePrivacySet(v)
 	})
 }
 // UpdateRequirePrivacySet sets the "require_privacy_set" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateRequirePrivacySet() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateRequirePrivacySet()
 	})
 }
 // SetDefaultMappedModel sets the "default_mapped_model" field.
 func (u *GroupUpsertBulk) SetDefaultMappedModel(v string) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
--- a/backend/ent/group_update.go
+++ b/backend/ent/group_update.go
@ -355,135 +355,6 @@ func (_u *GroupUpdate) ClearImagePrice4k() *GroupUpdate {
 	return _u
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (_u *GroupUpdate) SetSoraImagePrice360(v float64) *GroupUpdate {
 	_u.mutation.ResetSoraImagePrice360()
 	_u.mutation.SetSoraImagePrice360(v)
 	return _u
 }
 // SetNillableSoraImagePrice360 sets the "sora_image_price_360" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSoraImagePrice360(v *float64) *GroupUpdate {
 	if v != nil {
 		_u.SetSoraImagePrice360(*v)
 	}
 	return _u
 }
 // AddSoraImagePrice360 adds value to the "sora_image_price_360" field.
 func (_u *GroupUpdate) AddSoraImagePrice360(v float64) *GroupUpdate {
 	_u.mutation.AddSoraImagePrice360(v)
 	return _u
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (_u *GroupUpdate) ClearSoraImagePrice360() *GroupUpdate {
 	_u.mutation.ClearSoraImagePrice360()
 	return _u
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (_u *GroupUpdate) SetSoraImagePrice540(v float64) *GroupUpdate {
 	_u.mutation.ResetSoraImagePrice540()
 	_u.mutation.SetSoraImagePrice540(v)
 	return _u
 }
 // SetNillableSoraImagePrice540 sets the "sora_image_price_540" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSoraImagePrice540(v *float64) *GroupUpdate {
 	if v != nil {
 		_u.SetSoraImagePrice540(*v)
 	}
 	return _u
 }
 // AddSoraImagePrice540 adds value to the "sora_image_price_540" field.
 func (_u *GroupUpdate) AddSoraImagePrice540(v float64) *GroupUpdate {
 	_u.mutation.AddSoraImagePrice540(v)
 	return _u
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (_u *GroupUpdate) ClearSoraImagePrice540() *GroupUpdate {
 	_u.mutation.ClearSoraImagePrice540()
 	return _u
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (_u *GroupUpdate) SetSoraVideoPricePerRequest(v float64) *GroupUpdate {
 	_u.mutation.ResetSoraVideoPricePerRequest()
 	_u.mutation.SetSoraVideoPricePerRequest(v)
 	return _u
 }
 // SetNillableSoraVideoPricePerRequest sets the "sora_video_price_per_request" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSoraVideoPricePerRequest(v *float64) *GroupUpdate {
 	if v != nil {
 		_u.SetSoraVideoPricePerRequest(*v)
 	}
 	return _u
 }
 // AddSoraVideoPricePerRequest adds value to the "sora_video_price_per_request" field.
 func (_u *GroupUpdate) AddSoraVideoPricePerRequest(v float64) *GroupUpdate {
 	_u.mutation.AddSoraVideoPricePerRequest(v)
 	return _u
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (_u *GroupUpdate) ClearSoraVideoPricePerRequest() *GroupUpdate {
 	_u.mutation.ClearSoraVideoPricePerRequest()
 	return _u
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdate) SetSoraVideoPricePerRequestHd(v float64) *GroupUpdate {
 	_u.mutation.ResetSoraVideoPricePerRequestHd()
 	_u.mutation.SetSoraVideoPricePerRequestHd(v)
 	return _u
 }
 // SetNillableSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSoraVideoPricePerRequestHd(v *float64) *GroupUpdate {
 	if v != nil {
 		_u.SetSoraVideoPricePerRequestHd(*v)
 	}
 	return _u
 }
 // AddSoraVideoPricePerRequestHd adds value to the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdate) AddSoraVideoPricePerRequestHd(v float64) *GroupUpdate {
 	_u.mutation.AddSoraVideoPricePerRequestHd(v)
 	return _u
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdate) ClearSoraVideoPricePerRequestHd() *GroupUpdate {
 	_u.mutation.ClearSoraVideoPricePerRequestHd()
 	return _u
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (_u *GroupUpdate) SetSoraStorageQuotaBytes(v int64) *GroupUpdate {
 	_u.mutation.ResetSoraStorageQuotaBytes()
 	_u.mutation.SetSoraStorageQuotaBytes(v)
 	return _u
 }
 // SetNillableSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSoraStorageQuotaBytes(v *int64) *GroupUpdate {
 	if v != nil {
 		_u.SetSoraStorageQuotaBytes(*v)
 	}
 	return _u
 }
 // AddSoraStorageQuotaBytes adds value to the "sora_storage_quota_bytes" field.
 func (_u *GroupUpdate) AddSoraStorageQuotaBytes(v int64) *GroupUpdate {
 	_u.mutation.AddSoraStorageQuotaBytes(v)
 	return _u
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (_u *GroupUpdate) SetClaudeCodeOnly(v bool) *GroupUpdate {
 	_u.mutation.SetClaudeCodeOnly(v)
@ -639,6 +510,34 @@ func (_u *GroupUpdate) SetNillableAllowMessagesDispatch(v *bool) *GroupUpdate {
 	return _u
 }
 // SetRequireOauthOnly sets the "require_oauth_only" field.
 func (_u *GroupUpdate) SetRequireOauthOnly(v bool) *GroupUpdate {
 	_u.mutation.SetRequireOauthOnly(v)
 	return _u
 }
 // SetNillableRequireOauthOnly sets the "require_oauth_only" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableRequireOauthOnly(v *bool) *GroupUpdate {
 	if v != nil {
 		_u.SetRequireOauthOnly(*v)
 	}
 	return _u
 }
 // SetRequirePrivacySet sets the "require_privacy_set" field.
 func (_u *GroupUpdate) SetRequirePrivacySet(v bool) *GroupUpdate {
 	_u.mutation.SetRequirePrivacySet(v)
 	return _u
 }
 // SetNillableRequirePrivacySet sets the "require_privacy_set" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableRequirePrivacySet(v *bool) *GroupUpdate {
 	if v != nil {
 		_u.SetRequirePrivacySet(*v)
 	}
 	return _u
 }
 // SetDefaultMappedModel sets the "default_mapped_model" field.
 func (_u *GroupUpdate) SetDefaultMappedModel(v string) *GroupUpdate {
 	_u.mutation.SetDefaultMappedModel(v)
@ -1054,48 +953,6 @@ func (_u *GroupUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if _u.mutation.ImagePrice4kCleared() {
 		_spec.ClearField(group.FieldImagePrice4k, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraImagePrice360(); ok {
 		_spec.SetField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraImagePrice360(); ok {
 		_spec.AddField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraImagePrice360Cleared() {
 		_spec.ClearField(group.FieldSoraImagePrice360, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraImagePrice540(); ok {
 		_spec.SetField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraImagePrice540(); ok {
 		_spec.AddField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraImagePrice540Cleared() {
 		_spec.ClearField(group.FieldSoraImagePrice540, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraVideoPricePerRequest(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraVideoPricePerRequest(); ok {
 		_spec.AddField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraVideoPricePerRequestCleared() {
 		_spec.ClearField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraVideoPricePerRequestHd(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraVideoPricePerRequestHd(); ok {
 		_spec.AddField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraVideoPricePerRequestHdCleared() {
 		_spec.ClearField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraStorageQuotaBytes(); ok {
 		_spec.SetField(group.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraStorageQuotaBytes(); ok {
 		_spec.AddField(group.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.ClaudeCodeOnly(); ok {
 		_spec.SetField(group.FieldClaudeCodeOnly, field.TypeBool, value)
 	}
@ -1146,6 +1003,12 @@ func (_u *GroupUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if value, ok := _u.mutation.AllowMessagesDispatch(); ok {
 		_spec.SetField(group.FieldAllowMessagesDispatch, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.RequireOauthOnly(); ok {
 		_spec.SetField(group.FieldRequireOauthOnly, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.RequirePrivacySet(); ok {
 		_spec.SetField(group.FieldRequirePrivacySet, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.DefaultMappedModel(); ok {
 		_spec.SetField(group.FieldDefaultMappedModel, field.TypeString, value)
 	}
@ -1783,135 +1646,6 @@ func (_u *GroupUpdateOne) ClearImagePrice4k() *GroupUpdateOne {
 	return _u
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (_u *GroupUpdateOne) SetSoraImagePrice360(v float64) *GroupUpdateOne {
 	_u.mutation.ResetSoraImagePrice360()
 	_u.mutation.SetSoraImagePrice360(v)
 	return _u
 }
 // SetNillableSoraImagePrice360 sets the "sora_image_price_360" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSoraImagePrice360(v *float64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSoraImagePrice360(*v)
 	}
 	return _u
 }
 // AddSoraImagePrice360 adds value to the "sora_image_price_360" field.
 func (_u *GroupUpdateOne) AddSoraImagePrice360(v float64) *GroupUpdateOne {
 	_u.mutation.AddSoraImagePrice360(v)
 	return _u
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (_u *GroupUpdateOne) ClearSoraImagePrice360() *GroupUpdateOne {
 	_u.mutation.ClearSoraImagePrice360()
 	return _u
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (_u *GroupUpdateOne) SetSoraImagePrice540(v float64) *GroupUpdateOne {
 	_u.mutation.ResetSoraImagePrice540()
 	_u.mutation.SetSoraImagePrice540(v)
 	return _u
 }
 // SetNillableSoraImagePrice540 sets the "sora_image_price_540" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSoraImagePrice540(v *float64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSoraImagePrice540(*v)
 	}
 	return _u
 }
 // AddSoraImagePrice540 adds value to the "sora_image_price_540" field.
 func (_u *GroupUpdateOne) AddSoraImagePrice540(v float64) *GroupUpdateOne {
 	_u.mutation.AddSoraImagePrice540(v)
 	return _u
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (_u *GroupUpdateOne) ClearSoraImagePrice540() *GroupUpdateOne {
 	_u.mutation.ClearSoraImagePrice540()
 	return _u
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (_u *GroupUpdateOne) SetSoraVideoPricePerRequest(v float64) *GroupUpdateOne {
 	_u.mutation.ResetSoraVideoPricePerRequest()
 	_u.mutation.SetSoraVideoPricePerRequest(v)
 	return _u
 }
 // SetNillableSoraVideoPricePerRequest sets the "sora_video_price_per_request" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSoraVideoPricePerRequest(v *float64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSoraVideoPricePerRequest(*v)
 	}
 	return _u
 }
 // AddSoraVideoPricePerRequest adds value to the "sora_video_price_per_request" field.
 func (_u *GroupUpdateOne) AddSoraVideoPricePerRequest(v float64) *GroupUpdateOne {
 	_u.mutation.AddSoraVideoPricePerRequest(v)
 	return _u
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (_u *GroupUpdateOne) ClearSoraVideoPricePerRequest() *GroupUpdateOne {
 	_u.mutation.ClearSoraVideoPricePerRequest()
 	return _u
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdateOne) SetSoraVideoPricePerRequestHd(v float64) *GroupUpdateOne {
 	_u.mutation.ResetSoraVideoPricePerRequestHd()
 	_u.mutation.SetSoraVideoPricePerRequestHd(v)
 	return _u
 }
 // SetNillableSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSoraVideoPricePerRequestHd(v *float64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSoraVideoPricePerRequestHd(*v)
 	}
 	return _u
 }
 // AddSoraVideoPricePerRequestHd adds value to the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdateOne) AddSoraVideoPricePerRequestHd(v float64) *GroupUpdateOne {
 	_u.mutation.AddSoraVideoPricePerRequestHd(v)
 	return _u
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdateOne) ClearSoraVideoPricePerRequestHd() *GroupUpdateOne {
 	_u.mutation.ClearSoraVideoPricePerRequestHd()
 	return _u
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (_u *GroupUpdateOne) SetSoraStorageQuotaBytes(v int64) *GroupUpdateOne {
 	_u.mutation.ResetSoraStorageQuotaBytes()
 	_u.mutation.SetSoraStorageQuotaBytes(v)
 	return _u
 }
 // SetNillableSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSoraStorageQuotaBytes(v *int64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSoraStorageQuotaBytes(*v)
 	}
 	return _u
 }
 // AddSoraStorageQuotaBytes adds value to the "sora_storage_quota_bytes" field.
 func (_u *GroupUpdateOne) AddSoraStorageQuotaBytes(v int64) *GroupUpdateOne {
 	_u.mutation.AddSoraStorageQuotaBytes(v)
 	return _u
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (_u *GroupUpdateOne) SetClaudeCodeOnly(v bool) *GroupUpdateOne {
 	_u.mutation.SetClaudeCodeOnly(v)
@ -2067,6 +1801,34 @@ func (_u *GroupUpdateOne) SetNillableAllowMessagesDispatch(v *bool) *GroupUpdate
 	return _u
 }
 // SetRequireOauthOnly sets the "require_oauth_only" field.
 func (_u *GroupUpdateOne) SetRequireOauthOnly(v bool) *GroupUpdateOne {
 	_u.mutation.SetRequireOauthOnly(v)
 	return _u
 }
 // SetNillableRequireOauthOnly sets the "require_oauth_only" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableRequireOauthOnly(v *bool) *GroupUpdateOne {
 	if v != nil {
 		_u.SetRequireOauthOnly(*v)
 	}
 	return _u
 }
 // SetRequirePrivacySet sets the "require_privacy_set" field.
 func (_u *GroupUpdateOne) SetRequirePrivacySet(v bool) *GroupUpdateOne {
 	_u.mutation.SetRequirePrivacySet(v)
 	return _u
 }
 // SetNillableRequirePrivacySet sets the "require_privacy_set" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableRequirePrivacySet(v *bool) *GroupUpdateOne {
 	if v != nil {
 		_u.SetRequirePrivacySet(*v)
 	}
 	return _u
 }
 // SetDefaultMappedModel sets the "default_mapped_model" field.
 func (_u *GroupUpdateOne) SetDefaultMappedModel(v string) *GroupUpdateOne {
 	_u.mutation.SetDefaultMappedModel(v)
@ -2512,48 +2274,6 @@ func (_u *GroupUpdateOne) sqlSave(ctx context.Context) (_node *Group, err error)
 	if _u.mutation.ImagePrice4kCleared() {
 		_spec.ClearField(group.FieldImagePrice4k, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraImagePrice360(); ok {
 		_spec.SetField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraImagePrice360(); ok {
 		_spec.AddField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraImagePrice360Cleared() {
 		_spec.ClearField(group.FieldSoraImagePrice360, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraImagePrice540(); ok {
 		_spec.SetField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraImagePrice540(); ok {
 		_spec.AddField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraImagePrice540Cleared() {
 		_spec.ClearField(group.FieldSoraImagePrice540, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraVideoPricePerRequest(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraVideoPricePerRequest(); ok {
 		_spec.AddField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraVideoPricePerRequestCleared() {
 		_spec.ClearField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraVideoPricePerRequestHd(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraVideoPricePerRequestHd(); ok {
 		_spec.AddField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraVideoPricePerRequestHdCleared() {
 		_spec.ClearField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraStorageQuotaBytes(); ok {
 		_spec.SetField(group.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraStorageQuotaBytes(); ok {
 		_spec.AddField(group.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.ClaudeCodeOnly(); ok {
 		_spec.SetField(group.FieldClaudeCodeOnly, field.TypeBool, value)
 	}
@ -2604,6 +2324,12 @@ func (_u *GroupUpdateOne) sqlSave(ctx context.Context) (_node *Group, err error)
 	if value, ok := _u.mutation.AllowMessagesDispatch(); ok {
 		_spec.SetField(group.FieldAllowMessagesDispatch, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.RequireOauthOnly(); ok {
 		_spec.SetField(group.FieldRequireOauthOnly, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.RequirePrivacySet(); ok {
 		_spec.SetField(group.FieldRequirePrivacySet, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.DefaultMappedModel(); ok {
 		_spec.SetField(group.FieldDefaultMappedModel, field.TypeString, value)
 	}
--- a/backend/ent/migrate/schema.go
+++ b/backend/ent/migrate/schema.go
@ -395,11 +395,6 @@ var (
 		{Name: "image_price_1k", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "image_price_2k", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "image_price_4k", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "sora_image_price_360", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "sora_image_price_540", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "sora_video_price_per_request", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "sora_video_price_per_request_hd", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "sora_storage_quota_bytes", Type: field.TypeInt64, Default: 0},
 		{Name: "claude_code_only", Type: field.TypeBool, Default: false},
 		{Name: "fallback_group_id", Type: field.TypeInt64, Nullable: true},
 		{Name: "fallback_group_id_on_invalid_request", Type: field.TypeInt64, Nullable: true},
@ -409,6 +404,8 @@ var (
 		{Name: "supported_model_scopes", Type: field.TypeJSON, SchemaType: map[string]string{"postgres": "jsonb"}},
 		{Name: "sort_order", Type: field.TypeInt, Default: 0},
 		{Name: "allow_messages_dispatch", Type: field.TypeBool, Default: false},
 		{Name: "require_oauth_only", Type: field.TypeBool, Default: false},
 		{Name: "require_privacy_set", Type: field.TypeBool, Default: false},
 		{Name: "default_mapped_model", Type: field.TypeString, Size: 100, Default: ""},
 	}
 	// GroupsTable holds the schema information for the "groups" table.
@ -445,7 +442,7 @@ var (
 			{
 				Name:    "group_sort_order",
 				Unique:  false,
-				Columns: []*schema.Column{GroupsColumns[30]},
+				Columns: []*schema.Column{GroupsColumns[25]},
 			},
 		},
 	}
@ -742,6 +739,10 @@ var (
 		{Name: "model", Type: field.TypeString, Size: 100},
 		{Name: "requested_model", Type: field.TypeString, Nullable: true, Size: 100},
 		{Name: "upstream_model", Type: field.TypeString, Nullable: true, Size: 100},
 		{Name: "channel_id", Type: field.TypeInt64, Nullable: true},
 		{Name: "model_mapping_chain", Type: field.TypeString, Nullable: true, Size: 500},
 		{Name: "billing_tier", Type: field.TypeString, Nullable: true, Size: 50},
 		{Name: "billing_mode", Type: field.TypeString, Nullable: true, Size: 20},
 		{Name: "input_tokens", Type: field.TypeInt, Default: 0},
 		{Name: "output_tokens", Type: field.TypeInt, Default: 0},
 		{Name: "cache_creation_tokens", Type: field.TypeInt, Default: 0},
@ -764,7 +765,6 @@ var (
 		{Name: "ip_address", Type: field.TypeString, Nullable: true, Size: 45},
 		{Name: "image_count", Type: field.TypeInt, Default: 0},
 		{Name: "image_size", Type: field.TypeString, Nullable: true, Size: 10},
 		{Name: "media_type", Type: field.TypeString, Nullable: true, Size: 16},
 		{Name: "cache_ttl_overridden", Type: field.TypeBool, Default: false},
 		{Name: "created_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "api_key_id", Type: field.TypeInt64},
@ -781,31 +781,31 @@ var (
 		ForeignKeys: []*schema.ForeignKey{
 			{
 				Symbol:     "usage_logs_api_keys_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[30]},
+				Columns:    []*schema.Column{UsageLogsColumns[33]},
 				RefColumns: []*schema.Column{APIKeysColumns[0]},
 				OnDelete:   schema.NoAction,
 			},
 			{
 				Symbol:     "usage_logs_accounts_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[31]},
+				Columns:    []*schema.Column{UsageLogsColumns[34]},
 				RefColumns: []*schema.Column{AccountsColumns[0]},
 				OnDelete:   schema.NoAction,
 			},
 			{
 				Symbol:     "usage_logs_groups_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[32]},
+				Columns:    []*schema.Column{UsageLogsColumns[35]},
 				RefColumns: []*schema.Column{GroupsColumns[0]},
 				OnDelete:   schema.SetNull,
 			},
 			{
 				Symbol:     "usage_logs_users_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[33]},
+				Columns:    []*schema.Column{UsageLogsColumns[36]},
 				RefColumns: []*schema.Column{UsersColumns[0]},
 				OnDelete:   schema.NoAction,
 			},
 			{
 				Symbol:     "usage_logs_user_subscriptions_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[34]},
+				Columns:    []*schema.Column{UsageLogsColumns[37]},
 				RefColumns: []*schema.Column{UserSubscriptionsColumns[0]},
 				OnDelete:   schema.SetNull,
 			},
@ -814,32 +814,32 @@ var (
 			{
 				Name:    "usagelog_user_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[33]},
+				Columns: []*schema.Column{UsageLogsColumns[36]},
 			},
 			{
 				Name:    "usagelog_api_key_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[30]},
+				Columns: []*schema.Column{UsageLogsColumns[33]},
 			},
 			{
 				Name:    "usagelog_account_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[31]},
+				Columns: []*schema.Column{UsageLogsColumns[34]},
 			},
 			{
 				Name:    "usagelog_group_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[32]},
+				Columns: []*schema.Column{UsageLogsColumns[35]},
 			},
 			{
 				Name:    "usagelog_subscription_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[34]},
+				Columns: []*schema.Column{UsageLogsColumns[37]},
 			},
 			{
 				Name:    "usagelog_created_at",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[29]},
+				Columns: []*schema.Column{UsageLogsColumns[32]},
 			},
 			{
 				Name:    "usagelog_model",
@ -859,17 +859,17 @@ var (
 			{
 				Name:    "usagelog_user_id_created_at",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[33], UsageLogsColumns[29]},
+				Columns: []*schema.Column{UsageLogsColumns[36], UsageLogsColumns[32]},
 			},
 			{
 				Name:    "usagelog_api_key_id_created_at",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[30], UsageLogsColumns[29]},
+				Columns: []*schema.Column{UsageLogsColumns[33], UsageLogsColumns[32]},
 			},
 			{
 				Name:    "usagelog_group_id_created_at",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[32], UsageLogsColumns[29]},
+				Columns: []*schema.Column{UsageLogsColumns[35], UsageLogsColumns[32]},
 			},
 		},
 	}
@ -890,8 +890,6 @@ var (
 		{Name: "totp_secret_encrypted", Type: field.TypeString, Nullable: true, SchemaType: map[string]string{"postgres": "text"}},
 		{Name: "totp_enabled", Type: field.TypeBool, Default: false},
 		{Name: "totp_enabled_at", Type: field.TypeTime, Nullable: true},
 		{Name: "sora_storage_quota_bytes", Type: field.TypeInt64, Default: 0},
 		{Name: "sora_storage_used_bytes", Type: field.TypeInt64, Default: 0},
 	}
 	// UsersTable holds the schema information for the "users" table.
 	UsersTable = &schema.Table{
--- a/backend/ent/mutation.go
+++ b/backend/ent/mutation.go
--- a/backend/ent/runtime/runtime.go
+++ b/backend/ent/runtime/runtime.go
@ -430,36 +430,40 @@ func init() {
 	groupDescDefaultValidityDays := groupFields[10].Descriptor()
 	// group.DefaultDefaultValidityDays holds the default value on creation for the default_validity_days field.
 	group.DefaultDefaultValidityDays = groupDescDefaultValidityDays.Default.(int)
 	// groupDescSoraStorageQuotaBytes is the schema descriptor for sora_storage_quota_bytes field.
 	groupDescSoraStorageQuotaBytes := groupFields[18].Descriptor()
 	// group.DefaultSoraStorageQuotaBytes holds the default value on creation for the sora_storage_quota_bytes field.
 	group.DefaultSoraStorageQuotaBytes = groupDescSoraStorageQuotaBytes.Default.(int64)
 	// groupDescClaudeCodeOnly is the schema descriptor for claude_code_only field.
-	groupDescClaudeCodeOnly := groupFields[19].Descriptor()
+	groupDescClaudeCodeOnly := groupFields[14].Descriptor()
 	// group.DefaultClaudeCodeOnly holds the default value on creation for the claude_code_only field.
 	group.DefaultClaudeCodeOnly = groupDescClaudeCodeOnly.Default.(bool)
 	// groupDescModelRoutingEnabled is the schema descriptor for model_routing_enabled field.
-	groupDescModelRoutingEnabled := groupFields[23].Descriptor()
+	groupDescModelRoutingEnabled := groupFields[18].Descriptor()
 	// group.DefaultModelRoutingEnabled holds the default value on creation for the model_routing_enabled field.
 	group.DefaultModelRoutingEnabled = groupDescModelRoutingEnabled.Default.(bool)
 	// groupDescMcpXMLInject is the schema descriptor for mcp_xml_inject field.
-	groupDescMcpXMLInject := groupFields[24].Descriptor()
+	groupDescMcpXMLInject := groupFields[19].Descriptor()
 	// group.DefaultMcpXMLInject holds the default value on creation for the mcp_xml_inject field.
 	group.DefaultMcpXMLInject = groupDescMcpXMLInject.Default.(bool)
 	// groupDescSupportedModelScopes is the schema descriptor for supported_model_scopes field.
-	groupDescSupportedModelScopes := groupFields[25].Descriptor()
+	groupDescSupportedModelScopes := groupFields[20].Descriptor()
 	// group.DefaultSupportedModelScopes holds the default value on creation for the supported_model_scopes field.
 	group.DefaultSupportedModelScopes = groupDescSupportedModelScopes.Default.([]string)
 	// groupDescSortOrder is the schema descriptor for sort_order field.
-	groupDescSortOrder := groupFields[26].Descriptor()
+	groupDescSortOrder := groupFields[21].Descriptor()
 	// group.DefaultSortOrder holds the default value on creation for the sort_order field.
 	group.DefaultSortOrder = groupDescSortOrder.Default.(int)
 	// groupDescAllowMessagesDispatch is the schema descriptor for allow_messages_dispatch field.
-	groupDescAllowMessagesDispatch := groupFields[27].Descriptor()
+	groupDescAllowMessagesDispatch := groupFields[22].Descriptor()
 	// group.DefaultAllowMessagesDispatch holds the default value on creation for the allow_messages_dispatch field.
 	group.DefaultAllowMessagesDispatch = groupDescAllowMessagesDispatch.Default.(bool)
 	// groupDescRequireOauthOnly is the schema descriptor for require_oauth_only field.
 	groupDescRequireOauthOnly := groupFields[23].Descriptor()
 	// group.DefaultRequireOauthOnly holds the default value on creation for the require_oauth_only field.
 	group.DefaultRequireOauthOnly = groupDescRequireOauthOnly.Default.(bool)
 	// groupDescRequirePrivacySet is the schema descriptor for require_privacy_set field.
 	groupDescRequirePrivacySet := groupFields[24].Descriptor()
 	// group.DefaultRequirePrivacySet holds the default value on creation for the require_privacy_set field.
 	group.DefaultRequirePrivacySet = groupDescRequirePrivacySet.Default.(bool)
 	// groupDescDefaultMappedModel is the schema descriptor for default_mapped_model field.
-	groupDescDefaultMappedModel := groupFields[28].Descriptor()
+	groupDescDefaultMappedModel := groupFields[25].Descriptor()
 	// group.DefaultDefaultMappedModel holds the default value on creation for the default_mapped_model field.
 	group.DefaultDefaultMappedModel = groupDescDefaultMappedModel.Default.(string)
 	// group.DefaultMappedModelValidator is a validator for the "default_mapped_model" field. It is called by the builders before save.
@ -867,92 +871,100 @@ func init() {
 	usagelogDescUpstreamModel := usagelogFields[6].Descriptor()
 	// usagelog.UpstreamModelValidator is a validator for the "upstream_model" field. It is called by the builders before save.
 	usagelog.UpstreamModelValidator = usagelogDescUpstreamModel.Validators[0].(func(string) error)
 	// usagelogDescModelMappingChain is the schema descriptor for model_mapping_chain field.
 	usagelogDescModelMappingChain := usagelogFields[8].Descriptor()
 	// usagelog.ModelMappingChainValidator is a validator for the "model_mapping_chain" field. It is called by the builders before save.
 	usagelog.ModelMappingChainValidator = usagelogDescModelMappingChain.Validators[0].(func(string) error)
 	// usagelogDescBillingTier is the schema descriptor for billing_tier field.
 	usagelogDescBillingTier := usagelogFields[9].Descriptor()
 	// usagelog.BillingTierValidator is a validator for the "billing_tier" field. It is called by the builders before save.
 	usagelog.BillingTierValidator = usagelogDescBillingTier.Validators[0].(func(string) error)
 	// usagelogDescBillingMode is the schema descriptor for billing_mode field.
 	usagelogDescBillingMode := usagelogFields[10].Descriptor()
 	// usagelog.BillingModeValidator is a validator for the "billing_mode" field. It is called by the builders before save.
 	usagelog.BillingModeValidator = usagelogDescBillingMode.Validators[0].(func(string) error)
 	// usagelogDescInputTokens is the schema descriptor for input_tokens field.
-	usagelogDescInputTokens := usagelogFields[9].Descriptor()
+	usagelogDescInputTokens := usagelogFields[13].Descriptor()
 	// usagelog.DefaultInputTokens holds the default value on creation for the input_tokens field.
 	usagelog.DefaultInputTokens = usagelogDescInputTokens.Default.(int)
 	// usagelogDescOutputTokens is the schema descriptor for output_tokens field.
-	usagelogDescOutputTokens := usagelogFields[10].Descriptor()
+	usagelogDescOutputTokens := usagelogFields[14].Descriptor()
 	// usagelog.DefaultOutputTokens holds the default value on creation for the output_tokens field.
 	usagelog.DefaultOutputTokens = usagelogDescOutputTokens.Default.(int)
 	// usagelogDescCacheCreationTokens is the schema descriptor for cache_creation_tokens field.
-	usagelogDescCacheCreationTokens := usagelogFields[11].Descriptor()
+	usagelogDescCacheCreationTokens := usagelogFields[15].Descriptor()
 	// usagelog.DefaultCacheCreationTokens holds the default value on creation for the cache_creation_tokens field.
 	usagelog.DefaultCacheCreationTokens = usagelogDescCacheCreationTokens.Default.(int)
 	// usagelogDescCacheReadTokens is the schema descriptor for cache_read_tokens field.
-	usagelogDescCacheReadTokens := usagelogFields[12].Descriptor()
+	usagelogDescCacheReadTokens := usagelogFields[16].Descriptor()
 	// usagelog.DefaultCacheReadTokens holds the default value on creation for the cache_read_tokens field.
 	usagelog.DefaultCacheReadTokens = usagelogDescCacheReadTokens.Default.(int)
 	// usagelogDescCacheCreation5mTokens is the schema descriptor for cache_creation_5m_tokens field.
-	usagelogDescCacheCreation5mTokens := usagelogFields[13].Descriptor()
+	usagelogDescCacheCreation5mTokens := usagelogFields[17].Descriptor()
 	// usagelog.DefaultCacheCreation5mTokens holds the default value on creation for the cache_creation_5m_tokens field.
 	usagelog.DefaultCacheCreation5mTokens = usagelogDescCacheCreation5mTokens.Default.(int)
 	// usagelogDescCacheCreation1hTokens is the schema descriptor for cache_creation_1h_tokens field.
-	usagelogDescCacheCreation1hTokens := usagelogFields[14].Descriptor()
+	usagelogDescCacheCreation1hTokens := usagelogFields[18].Descriptor()
 	// usagelog.DefaultCacheCreation1hTokens holds the default value on creation for the cache_creation_1h_tokens field.
 	usagelog.DefaultCacheCreation1hTokens = usagelogDescCacheCreation1hTokens.Default.(int)
 	// usagelogDescInputCost is the schema descriptor for input_cost field.
-	usagelogDescInputCost := usagelogFields[15].Descriptor()
+	usagelogDescInputCost := usagelogFields[19].Descriptor()
 	// usagelog.DefaultInputCost holds the default value on creation for the input_cost field.
 	usagelog.DefaultInputCost = usagelogDescInputCost.Default.(float64)
 	// usagelogDescOutputCost is the schema descriptor for output_cost field.
-	usagelogDescOutputCost := usagelogFields[16].Descriptor()
+	usagelogDescOutputCost := usagelogFields[20].Descriptor()
 	// usagelog.DefaultOutputCost holds the default value on creation for the output_cost field.
 	usagelog.DefaultOutputCost = usagelogDescOutputCost.Default.(float64)
 	// usagelogDescCacheCreationCost is the schema descriptor for cache_creation_cost field.
-	usagelogDescCacheCreationCost := usagelogFields[17].Descriptor()
+	usagelogDescCacheCreationCost := usagelogFields[21].Descriptor()
 	// usagelog.DefaultCacheCreationCost holds the default value on creation for the cache_creation_cost field.
 	usagelog.DefaultCacheCreationCost = usagelogDescCacheCreationCost.Default.(float64)
 	// usagelogDescCacheReadCost is the schema descriptor for cache_read_cost field.
-	usagelogDescCacheReadCost := usagelogFields[18].Descriptor()
+	usagelogDescCacheReadCost := usagelogFields[22].Descriptor()
 	// usagelog.DefaultCacheReadCost holds the default value on creation for the cache_read_cost field.
 	usagelog.DefaultCacheReadCost = usagelogDescCacheReadCost.Default.(float64)
 	// usagelogDescTotalCost is the schema descriptor for total_cost field.
-	usagelogDescTotalCost := usagelogFields[19].Descriptor()
+	usagelogDescTotalCost := usagelogFields[23].Descriptor()
 	// usagelog.DefaultTotalCost holds the default value on creation for the total_cost field.
 	usagelog.DefaultTotalCost = usagelogDescTotalCost.Default.(float64)
 	// usagelogDescActualCost is the schema descriptor for actual_cost field.
-	usagelogDescActualCost := usagelogFields[20].Descriptor()
+	usagelogDescActualCost := usagelogFields[24].Descriptor()
 	// usagelog.DefaultActualCost holds the default value on creation for the actual_cost field.
 	usagelog.DefaultActualCost = usagelogDescActualCost.Default.(float64)
 	// usagelogDescRateMultiplier is the schema descriptor for rate_multiplier field.
-	usagelogDescRateMultiplier := usagelogFields[21].Descriptor()
+	usagelogDescRateMultiplier := usagelogFields[25].Descriptor()
 	// usagelog.DefaultRateMultiplier holds the default value on creation for the rate_multiplier field.
 	usagelog.DefaultRateMultiplier = usagelogDescRateMultiplier.Default.(float64)
 	// usagelogDescBillingType is the schema descriptor for billing_type field.
-	usagelogDescBillingType := usagelogFields[23].Descriptor()
+	usagelogDescBillingType := usagelogFields[27].Descriptor()
 	// usagelog.DefaultBillingType holds the default value on creation for the billing_type field.
 	usagelog.DefaultBillingType = usagelogDescBillingType.Default.(int8)
 	// usagelogDescStream is the schema descriptor for stream field.
-	usagelogDescStream := usagelogFields[24].Descriptor()
+	usagelogDescStream := usagelogFields[28].Descriptor()
 	// usagelog.DefaultStream holds the default value on creation for the stream field.
 	usagelog.DefaultStream = usagelogDescStream.Default.(bool)
 	// usagelogDescUserAgent is the schema descriptor for user_agent field.
-	usagelogDescUserAgent := usagelogFields[27].Descriptor()
+	usagelogDescUserAgent := usagelogFields[31].Descriptor()
 	// usagelog.UserAgentValidator is a validator for the "user_agent" field. It is called by the builders before save.
 	usagelog.UserAgentValidator = usagelogDescUserAgent.Validators[0].(func(string) error)
 	// usagelogDescIPAddress is the schema descriptor for ip_address field.
-	usagelogDescIPAddress := usagelogFields[28].Descriptor()
+	usagelogDescIPAddress := usagelogFields[32].Descriptor()
 	// usagelog.IPAddressValidator is a validator for the "ip_address" field. It is called by the builders before save.
 	usagelog.IPAddressValidator = usagelogDescIPAddress.Validators[0].(func(string) error)
 	// usagelogDescImageCount is the schema descriptor for image_count field.
-	usagelogDescImageCount := usagelogFields[29].Descriptor()
+	usagelogDescImageCount := usagelogFields[33].Descriptor()
 	// usagelog.DefaultImageCount holds the default value on creation for the image_count field.
 	usagelog.DefaultImageCount = usagelogDescImageCount.Default.(int)
 	// usagelogDescImageSize is the schema descriptor for image_size field.
-	usagelogDescImageSize := usagelogFields[30].Descriptor()
+	usagelogDescImageSize := usagelogFields[34].Descriptor()
 	// usagelog.ImageSizeValidator is a validator for the "image_size" field. It is called by the builders before save.
 	usagelog.ImageSizeValidator = usagelogDescImageSize.Validators[0].(func(string) error)
 	// usagelogDescMediaType is the schema descriptor for media_type field.
 	usagelogDescMediaType := usagelogFields[31].Descriptor()
 	// usagelog.MediaTypeValidator is a validator for the "media_type" field. It is called by the builders before save.
 	usagelog.MediaTypeValidator = usagelogDescMediaType.Validators[0].(func(string) error)
 	// usagelogDescCacheTTLOverridden is the schema descriptor for cache_ttl_overridden field.
-	usagelogDescCacheTTLOverridden := usagelogFields[32].Descriptor()
+	usagelogDescCacheTTLOverridden := usagelogFields[35].Descriptor()
 	// usagelog.DefaultCacheTTLOverridden holds the default value on creation for the cache_ttl_overridden field.
 	usagelog.DefaultCacheTTLOverridden = usagelogDescCacheTTLOverridden.Default.(bool)
 	// usagelogDescCreatedAt is the schema descriptor for created_at field.
-	usagelogDescCreatedAt := usagelogFields[33].Descriptor()
+	usagelogDescCreatedAt := usagelogFields[36].Descriptor()
 	// usagelog.DefaultCreatedAt holds the default value on creation for the created_at field.
 	usagelog.DefaultCreatedAt = usagelogDescCreatedAt.Default.(func() time.Time)
 	userMixin := schema.User{}.Mixin()
@ -1044,14 +1056,6 @@ func init() {
 	userDescTotpEnabled := userFields[9].Descriptor()
 	// user.DefaultTotpEnabled holds the default value on creation for the totp_enabled field.
 	user.DefaultTotpEnabled = userDescTotpEnabled.Default.(bool)
 	// userDescSoraStorageQuotaBytes is the schema descriptor for sora_storage_quota_bytes field.
 	userDescSoraStorageQuotaBytes := userFields[11].Descriptor()
 	// user.DefaultSoraStorageQuotaBytes holds the default value on creation for the sora_storage_quota_bytes field.
 	user.DefaultSoraStorageQuotaBytes = userDescSoraStorageQuotaBytes.Default.(int64)
 	// userDescSoraStorageUsedBytes is the schema descriptor for sora_storage_used_bytes field.
 	userDescSoraStorageUsedBytes := userFields[12].Descriptor()
 	// user.DefaultSoraStorageUsedBytes holds the default value on creation for the sora_storage_used_bytes field.
 	user.DefaultSoraStorageUsedBytes = userDescSoraStorageUsedBytes.Default.(int64)
 	userallowedgroupFields := schema.UserAllowedGroup{}.Fields()
 	_ = userallowedgroupFields
 	// userallowedgroupDescCreatedAt is the schema descriptor for created_at field.
--- a/backend/ent/schema/group.go
+++ b/backend/ent/schema/group.go
@ -87,28 +87,6 @@ func (Group) Fields() []ent.Field {
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		// Sora 按次计费配置（阶段 1）
 		field.Float("sora_image_price_360").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		field.Float("sora_image_price_540").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		field.Float("sora_video_price_per_request").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		field.Float("sora_video_price_per_request_hd").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		// Sora 存储配额
 		field.Int64("sora_storage_quota_bytes").
 			Default(0),
 		// Claude Code 客户端限制 (added by migration 029)
 		field.Bool("claude_code_only").
 			Default(false).
@ -153,6 +131,12 @@ func (Group) Fields() []ent.Field {
 		field.Bool("allow_messages_dispatch").
 			Default(false).
 			Comment("是否允许 /v1/messages 调度到此 OpenAI 分组"),
 		field.Bool("require_oauth_only").
 			Default(false).
 			Comment("仅允许非 apikey 类型账号关联到此分组"),
 		field.Bool("require_privacy_set").
 			Default(false).
 			Comment("调度时仅允许 privacy 已成功设置的账号"),
 		field.String("default_mapped_model").
 			MaxLen(100).
 			Default("").
--- a/backend/ent/schema/usage_log.go
+++ b/backend/ent/schema/usage_log.go
@ -53,6 +53,10 @@ func (UsageLog) Fields() []ent.Field {
 			MaxLen(100).
 			Optional().
 			Nillable(),
 		field.Int64("channel_id").Optional().Nillable().Comment("渠道 ID"),
 		field.String("model_mapping_chain").MaxLen(500).Optional().Nillable().Comment("模型映射链"),
 		field.String("billing_tier").MaxLen(50).Optional().Nillable().Comment("计费层级标签"),
 		field.String("billing_mode").MaxLen(20).Optional().Nillable().Comment("计费模式：token/per_request/image"),
 		field.Int64("group_id").
 			Optional().
 			Nillable(),
@ -130,12 +134,6 @@ func (UsageLog) Fields() []ent.Field {
 			MaxLen(10).
 			Optional().
 			Nillable(),
 		// 媒体类型字段（sora 使用）
 		field.String("media_type").
 			MaxLen(16).
 			Optional().
 			Nillable(),
 		// Cache TTL Override 标记（管理员强制替换了缓存 TTL 计费）
 		field.Bool("cache_ttl_overridden").
 			Default(false),
--- a/backend/ent/schema/user.go
+++ b/backend/ent/schema/user.go
@ -72,12 +72,6 @@ func (User) Fields() []ent.Field {
 		field.Time("totp_enabled_at").
 			Optional().
 			Nillable(),
 		// Sora 存储配额
 		field.Int64("sora_storage_quota_bytes").
 			Default(0),
 		field.Int64("sora_storage_used_bytes").
 			Default(0),
 	}
 }
--- a/backend/ent/usagelog.go
+++ b/backend/ent/usagelog.go
@ -36,6 +36,14 @@ type UsageLog struct {
 	RequestedModel *string `json:"requested_model,omitempty"`
 	// UpstreamModel holds the value of the "upstream_model" field.
 	UpstreamModel *string `json:"upstream_model,omitempty"`
 	// 渠道 ID
 	ChannelID *int64 `json:"channel_id,omitempty"`
 	// 模型映射链
 	ModelMappingChain *string `json:"model_mapping_chain,omitempty"`
 	// 计费层级标签
 	BillingTier *string `json:"billing_tier,omitempty"`
 	// 计费模式：token/per_request/image
 	BillingMode *string `json:"billing_mode,omitempty"`
 	// GroupID holds the value of the "group_id" field.
 	GroupID *int64 `json:"group_id,omitempty"`
 	// SubscriptionID holds the value of the "subscription_id" field.
@ -84,8 +92,6 @@ type UsageLog struct {
 	ImageCount int `json:"image_count,omitempty"`
 	// ImageSize holds the value of the "image_size" field.
 	ImageSize *string `json:"image_size,omitempty"`
 	// MediaType holds the value of the "media_type" field.
 	MediaType *string `json:"media_type,omitempty"`
 	// CacheTTLOverridden holds the value of the "cache_ttl_overridden" field.
 	CacheTTLOverridden bool `json:"cache_ttl_overridden,omitempty"`
 	// CreatedAt holds the value of the "created_at" field.
@ -177,9 +183,9 @@ func (*UsageLog) scanValues(columns []string) ([]any, error) {
 			values[i] = new(sql.NullBool)
 		case usagelog.FieldInputCost, usagelog.FieldOutputCost, usagelog.FieldCacheCreationCost, usagelog.FieldCacheReadCost, usagelog.FieldTotalCost, usagelog.FieldActualCost, usagelog.FieldRateMultiplier, usagelog.FieldAccountRateMultiplier:
 			values[i] = new(sql.NullFloat64)
-		case usagelog.FieldID, usagelog.FieldUserID, usagelog.FieldAPIKeyID, usagelog.FieldAccountID, usagelog.FieldGroupID, usagelog.FieldSubscriptionID, usagelog.FieldInputTokens, usagelog.FieldOutputTokens, usagelog.FieldCacheCreationTokens, usagelog.FieldCacheReadTokens, usagelog.FieldCacheCreation5mTokens, usagelog.FieldCacheCreation1hTokens, usagelog.FieldBillingType, usagelog.FieldDurationMs, usagelog.FieldFirstTokenMs, usagelog.FieldImageCount:
+		case usagelog.FieldID, usagelog.FieldUserID, usagelog.FieldAPIKeyID, usagelog.FieldAccountID, usagelog.FieldChannelID, usagelog.FieldGroupID, usagelog.FieldSubscriptionID, usagelog.FieldInputTokens, usagelog.FieldOutputTokens, usagelog.FieldCacheCreationTokens, usagelog.FieldCacheReadTokens, usagelog.FieldCacheCreation5mTokens, usagelog.FieldCacheCreation1hTokens, usagelog.FieldBillingType, usagelog.FieldDurationMs, usagelog.FieldFirstTokenMs, usagelog.FieldImageCount:
 			values[i] = new(sql.NullInt64)
-		case usagelog.FieldRequestID, usagelog.FieldModel, usagelog.FieldRequestedModel, usagelog.FieldUpstreamModel, usagelog.FieldUserAgent, usagelog.FieldIPAddress, usagelog.FieldImageSize, usagelog.FieldMediaType:
+		case usagelog.FieldRequestID, usagelog.FieldModel, usagelog.FieldRequestedModel, usagelog.FieldUpstreamModel, usagelog.FieldModelMappingChain, usagelog.FieldBillingTier, usagelog.FieldBillingMode, usagelog.FieldUserAgent, usagelog.FieldIPAddress, usagelog.FieldImageSize:
 			values[i] = new(sql.NullString)
 		case usagelog.FieldCreatedAt:
 			values[i] = new(sql.NullTime)
@ -248,6 +254,34 @@ func (_m *UsageLog) assignValues(columns []string, values []any) error {
 				_m.UpstreamModel = new(string)
 				*_m.UpstreamModel = value.String
 			}
 		case usagelog.FieldChannelID:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field channel_id", values[i])
 			} else if value.Valid {
 				_m.ChannelID = new(int64)
 				*_m.ChannelID = value.Int64
 			}
 		case usagelog.FieldModelMappingChain:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field model_mapping_chain", values[i])
 			} else if value.Valid {
 				_m.ModelMappingChain = new(string)
 				*_m.ModelMappingChain = value.String
 			}
 		case usagelog.FieldBillingTier:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field billing_tier", values[i])
 			} else if value.Valid {
 				_m.BillingTier = new(string)
 				*_m.BillingTier = value.String
 			}
 		case usagelog.FieldBillingMode:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field billing_mode", values[i])
 			} else if value.Valid {
 				_m.BillingMode = new(string)
 				*_m.BillingMode = value.String
 			}
 		case usagelog.FieldGroupID:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field group_id", values[i])
@ -400,13 +434,6 @@ func (_m *UsageLog) assignValues(columns []string, values []any) error {
 				_m.ImageSize = new(string)
 				*_m.ImageSize = value.String
 			}
 		case usagelog.FieldMediaType:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field media_type", values[i])
 			} else if value.Valid {
 				_m.MediaType = new(string)
 				*_m.MediaType = value.String
 			}
 		case usagelog.FieldCacheTTLOverridden:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field cache_ttl_overridden", values[i])
@ -505,6 +532,26 @@ func (_m *UsageLog) String() string {
 		builder.WriteString(*v)
 	}
 	builder.WriteString(", ")
 	if v := _m.ChannelID; v != nil {
 		builder.WriteString("channel_id=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.ModelMappingChain; v != nil {
 		builder.WriteString("model_mapping_chain=")
 		builder.WriteString(*v)
 	}
 	builder.WriteString(", ")
 	if v := _m.BillingTier; v != nil {
 		builder.WriteString("billing_tier=")
 		builder.WriteString(*v)
 	}
 	builder.WriteString(", ")
 	if v := _m.BillingMode; v != nil {
 		builder.WriteString("billing_mode=")
 		builder.WriteString(*v)
 	}
 	builder.WriteString(", ")
 	if v := _m.GroupID; v != nil {
 		builder.WriteString("group_id=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
@ -593,11 +640,6 @@ func (_m *UsageLog) String() string {
 		builder.WriteString(*v)
 	}
 	builder.WriteString(", ")
 	if v := _m.MediaType; v != nil {
 		builder.WriteString("media_type=")
 		builder.WriteString(*v)
 	}
 	builder.WriteString(", ")
 	builder.WriteString("cache_ttl_overridden=")
 	builder.WriteString(fmt.Sprintf("%v", _m.CacheTTLOverridden))
 	builder.WriteString(", ")
--- a/backend/ent/usagelog/usagelog.go
+++ b/backend/ent/usagelog/usagelog.go
@ -28,6 +28,14 @@ const (
 	FieldRequestedModel = "requested_model"
 	// FieldUpstreamModel holds the string denoting the upstream_model field in the database.
 	FieldUpstreamModel = "upstream_model"
 	// FieldChannelID holds the string denoting the channel_id field in the database.
 	FieldChannelID = "channel_id"
 	// FieldModelMappingChain holds the string denoting the model_mapping_chain field in the database.
 	FieldModelMappingChain = "model_mapping_chain"
 	// FieldBillingTier holds the string denoting the billing_tier field in the database.
 	FieldBillingTier = "billing_tier"
 	// FieldBillingMode holds the string denoting the billing_mode field in the database.
 	FieldBillingMode = "billing_mode"
 	// FieldGroupID holds the string denoting the group_id field in the database.
 	FieldGroupID = "group_id"
 	// FieldSubscriptionID holds the string denoting the subscription_id field in the database.
@ -76,8 +84,6 @@ const (
 	FieldImageCount = "image_count"
 	// FieldImageSize holds the string denoting the image_size field in the database.
 	FieldImageSize = "image_size"
 	// FieldMediaType holds the string denoting the media_type field in the database.
 	FieldMediaType = "media_type"
 	// FieldCacheTTLOverridden holds the string denoting the cache_ttl_overridden field in the database.
 	FieldCacheTTLOverridden = "cache_ttl_overridden"
 	// FieldCreatedAt holds the string denoting the created_at field in the database.
@ -141,6 +147,10 @@ var Columns = []string{
 	FieldModel,
 	FieldRequestedModel,
 	FieldUpstreamModel,
 	FieldChannelID,
 	FieldModelMappingChain,
 	FieldBillingTier,
 	FieldBillingMode,
 	FieldGroupID,
 	FieldSubscriptionID,
 	FieldInputTokens,
@ -165,7 +175,6 @@ var Columns = []string{
 	FieldIPAddress,
 	FieldImageCount,
 	FieldImageSize,
 	FieldMediaType,
 	FieldCacheTTLOverridden,
 	FieldCreatedAt,
 }
@ -189,6 +198,12 @@ var (
 	RequestedModelValidator func(string) error
 	// UpstreamModelValidator is a validator for the "upstream_model" field. It is called by the builders before save.
 	UpstreamModelValidator func(string) error
 	// ModelMappingChainValidator is a validator for the "model_mapping_chain" field. It is called by the builders before save.
 	ModelMappingChainValidator func(string) error
 	// BillingTierValidator is a validator for the "billing_tier" field. It is called by the builders before save.
 	BillingTierValidator func(string) error
 	// BillingModeValidator is a validator for the "billing_mode" field. It is called by the builders before save.
 	BillingModeValidator func(string) error
 	// DefaultInputTokens holds the default value on creation for the "input_tokens" field.
 	DefaultInputTokens int
 	// DefaultOutputTokens holds the default value on creation for the "output_tokens" field.
@ -227,8 +242,6 @@ var (
 	DefaultImageCount int
 	// ImageSizeValidator is a validator for the "image_size" field. It is called by the builders before save.
 	ImageSizeValidator func(string) error
 	// MediaTypeValidator is a validator for the "media_type" field. It is called by the builders before save.
 	MediaTypeValidator func(string) error
 	// DefaultCacheTTLOverridden holds the default value on creation for the "cache_ttl_overridden" field.
 	DefaultCacheTTLOverridden bool
 	// DefaultCreatedAt holds the default value on creation for the "created_at" field.
@ -278,6 +291,26 @@ func ByUpstreamModel(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldUpstreamModel, opts...).ToFunc()
 }
 // ByChannelID orders the results by the channel_id field.
 func ByChannelID(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldChannelID, opts...).ToFunc()
 }
 // ByModelMappingChain orders the results by the model_mapping_chain field.
 func ByModelMappingChain(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldModelMappingChain, opts...).ToFunc()
 }
 // ByBillingTier orders the results by the billing_tier field.
 func ByBillingTier(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldBillingTier, opts...).ToFunc()
 }
 // ByBillingMode orders the results by the billing_mode field.
 func ByBillingMode(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldBillingMode, opts...).ToFunc()
 }
 // ByGroupID orders the results by the group_id field.
 func ByGroupID(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldGroupID, opts...).ToFunc()
@ -398,11 +431,6 @@ func ByImageSize(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldImageSize, opts...).ToFunc()
 }
 // ByMediaType orders the results by the media_type field.
 func ByMediaType(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldMediaType, opts...).ToFunc()
 }
 // ByCacheTTLOverridden orders the results by the cache_ttl_overridden field.
 func ByCacheTTLOverridden(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldCacheTTLOverridden, opts...).ToFunc()
--- a/backend/ent/usagelog/where.go
+++ b/backend/ent/usagelog/where.go
@ -90,6 +90,26 @@ func UpstreamModel(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldUpstreamModel, v))
 }
 // ChannelID applies equality check predicate on the "channel_id" field. It's identical to ChannelIDEQ.
 func ChannelID(v int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldChannelID, v))
 }
 // ModelMappingChain applies equality check predicate on the "model_mapping_chain" field. It's identical to ModelMappingChainEQ.
 func ModelMappingChain(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldModelMappingChain, v))
 }
 // BillingTier applies equality check predicate on the "billing_tier" field. It's identical to BillingTierEQ.
 func BillingTier(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldBillingTier, v))
 }
 // BillingMode applies equality check predicate on the "billing_mode" field. It's identical to BillingModeEQ.
 func BillingMode(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldBillingMode, v))
 }
 // GroupID applies equality check predicate on the "group_id" field. It's identical to GroupIDEQ.
 func GroupID(v int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldGroupID, v))
@ -210,11 +230,6 @@ func ImageSize(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldImageSize, v))
 }
 // MediaType applies equality check predicate on the "media_type" field. It's identical to MediaTypeEQ.
 func MediaType(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldMediaType, v))
 }
 // CacheTTLOverridden applies equality check predicate on the "cache_ttl_overridden" field. It's identical to CacheTTLOverriddenEQ.
 func CacheTTLOverridden(v bool) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldCacheTTLOverridden, v))
@ -565,6 +580,281 @@ func UpstreamModelContainsFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContainsFold(FieldUpstreamModel, v))
 }
 // ChannelIDEQ applies the EQ predicate on the "channel_id" field.
 func ChannelIDEQ(v int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldChannelID, v))
 }
 // ChannelIDNEQ applies the NEQ predicate on the "channel_id" field.
 func ChannelIDNEQ(v int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNEQ(FieldChannelID, v))
 }
 // ChannelIDIn applies the In predicate on the "channel_id" field.
 func ChannelIDIn(vs ...int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIn(FieldChannelID, vs...))
 }
 // ChannelIDNotIn applies the NotIn predicate on the "channel_id" field.
 func ChannelIDNotIn(vs ...int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotIn(FieldChannelID, vs...))
 }
 // ChannelIDGT applies the GT predicate on the "channel_id" field.
 func ChannelIDGT(v int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGT(FieldChannelID, v))
 }
 // ChannelIDGTE applies the GTE predicate on the "channel_id" field.
 func ChannelIDGTE(v int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGTE(FieldChannelID, v))
 }
 // ChannelIDLT applies the LT predicate on the "channel_id" field.
 func ChannelIDLT(v int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLT(FieldChannelID, v))
 }
 // ChannelIDLTE applies the LTE predicate on the "channel_id" field.
 func ChannelIDLTE(v int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLTE(FieldChannelID, v))
 }
 // ChannelIDIsNil applies the IsNil predicate on the "channel_id" field.
 func ChannelIDIsNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIsNull(FieldChannelID))
 }
 // ChannelIDNotNil applies the NotNil predicate on the "channel_id" field.
 func ChannelIDNotNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotNull(FieldChannelID))
 }
 // ModelMappingChainEQ applies the EQ predicate on the "model_mapping_chain" field.
 func ModelMappingChainEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldModelMappingChain, v))
 }
 // ModelMappingChainNEQ applies the NEQ predicate on the "model_mapping_chain" field.
 func ModelMappingChainNEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNEQ(FieldModelMappingChain, v))
 }
 // ModelMappingChainIn applies the In predicate on the "model_mapping_chain" field.
 func ModelMappingChainIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIn(FieldModelMappingChain, vs...))
 }
 // ModelMappingChainNotIn applies the NotIn predicate on the "model_mapping_chain" field.
 func ModelMappingChainNotIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotIn(FieldModelMappingChain, vs...))
 }
 // ModelMappingChainGT applies the GT predicate on the "model_mapping_chain" field.
 func ModelMappingChainGT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGT(FieldModelMappingChain, v))
 }
 // ModelMappingChainGTE applies the GTE predicate on the "model_mapping_chain" field.
 func ModelMappingChainGTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGTE(FieldModelMappingChain, v))
 }
 // ModelMappingChainLT applies the LT predicate on the "model_mapping_chain" field.
 func ModelMappingChainLT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLT(FieldModelMappingChain, v))
 }
 // ModelMappingChainLTE applies the LTE predicate on the "model_mapping_chain" field.
 func ModelMappingChainLTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLTE(FieldModelMappingChain, v))
 }
 // ModelMappingChainContains applies the Contains predicate on the "model_mapping_chain" field.
 func ModelMappingChainContains(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContains(FieldModelMappingChain, v))
 }
 // ModelMappingChainHasPrefix applies the HasPrefix predicate on the "model_mapping_chain" field.
 func ModelMappingChainHasPrefix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasPrefix(FieldModelMappingChain, v))
 }
 // ModelMappingChainHasSuffix applies the HasSuffix predicate on the "model_mapping_chain" field.
 func ModelMappingChainHasSuffix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasSuffix(FieldModelMappingChain, v))
 }
 // ModelMappingChainIsNil applies the IsNil predicate on the "model_mapping_chain" field.
 func ModelMappingChainIsNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIsNull(FieldModelMappingChain))
 }
 // ModelMappingChainNotNil applies the NotNil predicate on the "model_mapping_chain" field.
 func ModelMappingChainNotNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotNull(FieldModelMappingChain))
 }
 // ModelMappingChainEqualFold applies the EqualFold predicate on the "model_mapping_chain" field.
 func ModelMappingChainEqualFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEqualFold(FieldModelMappingChain, v))
 }
 // ModelMappingChainContainsFold applies the ContainsFold predicate on the "model_mapping_chain" field.
 func ModelMappingChainContainsFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContainsFold(FieldModelMappingChain, v))
 }
 // BillingTierEQ applies the EQ predicate on the "billing_tier" field.
 func BillingTierEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldBillingTier, v))
 }
 // BillingTierNEQ applies the NEQ predicate on the "billing_tier" field.
 func BillingTierNEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNEQ(FieldBillingTier, v))
 }
 // BillingTierIn applies the In predicate on the "billing_tier" field.
 func BillingTierIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIn(FieldBillingTier, vs...))
 }
 // BillingTierNotIn applies the NotIn predicate on the "billing_tier" field.
 func BillingTierNotIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotIn(FieldBillingTier, vs...))
 }
 // BillingTierGT applies the GT predicate on the "billing_tier" field.
 func BillingTierGT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGT(FieldBillingTier, v))
 }
 // BillingTierGTE applies the GTE predicate on the "billing_tier" field.
 func BillingTierGTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGTE(FieldBillingTier, v))
 }
 // BillingTierLT applies the LT predicate on the "billing_tier" field.
 func BillingTierLT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLT(FieldBillingTier, v))
 }
 // BillingTierLTE applies the LTE predicate on the "billing_tier" field.
 func BillingTierLTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLTE(FieldBillingTier, v))
 }
 // BillingTierContains applies the Contains predicate on the "billing_tier" field.
 func BillingTierContains(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContains(FieldBillingTier, v))
 }
 // BillingTierHasPrefix applies the HasPrefix predicate on the "billing_tier" field.
 func BillingTierHasPrefix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasPrefix(FieldBillingTier, v))
 }
 // BillingTierHasSuffix applies the HasSuffix predicate on the "billing_tier" field.
 func BillingTierHasSuffix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasSuffix(FieldBillingTier, v))
 }
 // BillingTierIsNil applies the IsNil predicate on the "billing_tier" field.
 func BillingTierIsNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIsNull(FieldBillingTier))
 }
 // BillingTierNotNil applies the NotNil predicate on the "billing_tier" field.
 func BillingTierNotNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotNull(FieldBillingTier))
 }
 // BillingTierEqualFold applies the EqualFold predicate on the "billing_tier" field.
 func BillingTierEqualFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEqualFold(FieldBillingTier, v))
 }
 // BillingTierContainsFold applies the ContainsFold predicate on the "billing_tier" field.
 func BillingTierContainsFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContainsFold(FieldBillingTier, v))
 }
 // BillingModeEQ applies the EQ predicate on the "billing_mode" field.
 func BillingModeEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldBillingMode, v))
 }
 // BillingModeNEQ applies the NEQ predicate on the "billing_mode" field.
 func BillingModeNEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNEQ(FieldBillingMode, v))
 }
 // BillingModeIn applies the In predicate on the "billing_mode" field.
 func BillingModeIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIn(FieldBillingMode, vs...))
 }
 // BillingModeNotIn applies the NotIn predicate on the "billing_mode" field.
 func BillingModeNotIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotIn(FieldBillingMode, vs...))
 }
 // BillingModeGT applies the GT predicate on the "billing_mode" field.
 func BillingModeGT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGT(FieldBillingMode, v))
 }
 // BillingModeGTE applies the GTE predicate on the "billing_mode" field.
 func BillingModeGTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGTE(FieldBillingMode, v))
 }
 // BillingModeLT applies the LT predicate on the "billing_mode" field.
 func BillingModeLT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLT(FieldBillingMode, v))
 }
 // BillingModeLTE applies the LTE predicate on the "billing_mode" field.
 func BillingModeLTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLTE(FieldBillingMode, v))
 }
 // BillingModeContains applies the Contains predicate on the "billing_mode" field.
 func BillingModeContains(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContains(FieldBillingMode, v))
 }
 // BillingModeHasPrefix applies the HasPrefix predicate on the "billing_mode" field.
 func BillingModeHasPrefix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasPrefix(FieldBillingMode, v))
 }
 // BillingModeHasSuffix applies the HasSuffix predicate on the "billing_mode" field.
 func BillingModeHasSuffix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasSuffix(FieldBillingMode, v))
 }
 // BillingModeIsNil applies the IsNil predicate on the "billing_mode" field.
 func BillingModeIsNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIsNull(FieldBillingMode))
 }
 // BillingModeNotNil applies the NotNil predicate on the "billing_mode" field.
 func BillingModeNotNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotNull(FieldBillingMode))
 }
 // BillingModeEqualFold applies the EqualFold predicate on the "billing_mode" field.
 func BillingModeEqualFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEqualFold(FieldBillingMode, v))
 }
 // BillingModeContainsFold applies the ContainsFold predicate on the "billing_mode" field.
 func BillingModeContainsFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContainsFold(FieldBillingMode, v))
 }
 // GroupIDEQ applies the EQ predicate on the "group_id" field.
 func GroupIDEQ(v int64) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldGroupID, v))
@ -1610,81 +1900,6 @@ func ImageSizeContainsFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContainsFold(FieldImageSize, v))
 }
 // MediaTypeEQ applies the EQ predicate on the "media_type" field.
 func MediaTypeEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldMediaType, v))
 }
 // MediaTypeNEQ applies the NEQ predicate on the "media_type" field.
 func MediaTypeNEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNEQ(FieldMediaType, v))
 }
 // MediaTypeIn applies the In predicate on the "media_type" field.
 func MediaTypeIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIn(FieldMediaType, vs...))
 }
 // MediaTypeNotIn applies the NotIn predicate on the "media_type" field.
 func MediaTypeNotIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotIn(FieldMediaType, vs...))
 }
 // MediaTypeGT applies the GT predicate on the "media_type" field.
 func MediaTypeGT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGT(FieldMediaType, v))
 }
 // MediaTypeGTE applies the GTE predicate on the "media_type" field.
 func MediaTypeGTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGTE(FieldMediaType, v))
 }
 // MediaTypeLT applies the LT predicate on the "media_type" field.
 func MediaTypeLT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLT(FieldMediaType, v))
 }
 // MediaTypeLTE applies the LTE predicate on the "media_type" field.
 func MediaTypeLTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLTE(FieldMediaType, v))
 }
 // MediaTypeContains applies the Contains predicate on the "media_type" field.
 func MediaTypeContains(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContains(FieldMediaType, v))
 }
 // MediaTypeHasPrefix applies the HasPrefix predicate on the "media_type" field.
 func MediaTypeHasPrefix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasPrefix(FieldMediaType, v))
 }
 // MediaTypeHasSuffix applies the HasSuffix predicate on the "media_type" field.
 func MediaTypeHasSuffix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasSuffix(FieldMediaType, v))
 }
 // MediaTypeIsNil applies the IsNil predicate on the "media_type" field.
 func MediaTypeIsNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIsNull(FieldMediaType))
 }
 // MediaTypeNotNil applies the NotNil predicate on the "media_type" field.
 func MediaTypeNotNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotNull(FieldMediaType))
 }
 // MediaTypeEqualFold applies the EqualFold predicate on the "media_type" field.
 func MediaTypeEqualFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEqualFold(FieldMediaType, v))
 }
 // MediaTypeContainsFold applies the ContainsFold predicate on the "media_type" field.
 func MediaTypeContainsFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContainsFold(FieldMediaType, v))
 }
 // CacheTTLOverriddenEQ applies the EQ predicate on the "cache_ttl_overridden" field.
 func CacheTTLOverriddenEQ(v bool) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldCacheTTLOverridden, v))
--- a/backend/ent/usagelog_create.go
+++ b/backend/ent/usagelog_create.go
@ -85,6 +85,62 @@ func (_c *UsageLogCreate) SetNillableUpstreamModel(v *string) *UsageLogCreate {
 	return _c
 }
 // SetChannelID sets the "channel_id" field.
 func (_c *UsageLogCreate) SetChannelID(v int64) *UsageLogCreate {
 	_c.mutation.SetChannelID(v)
 	return _c
 }
 // SetNillableChannelID sets the "channel_id" field if the given value is not nil.
 func (_c *UsageLogCreate) SetNillableChannelID(v *int64) *UsageLogCreate {
 	if v != nil {
 		_c.SetChannelID(*v)
 	}
 	return _c
 }
 // SetModelMappingChain sets the "model_mapping_chain" field.
 func (_c *UsageLogCreate) SetModelMappingChain(v string) *UsageLogCreate {
 	_c.mutation.SetModelMappingChain(v)
 	return _c
 }
 // SetNillableModelMappingChain sets the "model_mapping_chain" field if the given value is not nil.
 func (_c *UsageLogCreate) SetNillableModelMappingChain(v *string) *UsageLogCreate {
 	if v != nil {
 		_c.SetModelMappingChain(*v)
 	}
 	return _c
 }
 // SetBillingTier sets the "billing_tier" field.
 func (_c *UsageLogCreate) SetBillingTier(v string) *UsageLogCreate {
 	_c.mutation.SetBillingTier(v)
 	return _c
 }
 // SetNillableBillingTier sets the "billing_tier" field if the given value is not nil.
 func (_c *UsageLogCreate) SetNillableBillingTier(v *string) *UsageLogCreate {
 	if v != nil {
 		_c.SetBillingTier(*v)
 	}
 	return _c
 }
 // SetBillingMode sets the "billing_mode" field.
 func (_c *UsageLogCreate) SetBillingMode(v string) *UsageLogCreate {
 	_c.mutation.SetBillingMode(v)
 	return _c
 }
 // SetNillableBillingMode sets the "billing_mode" field if the given value is not nil.
 func (_c *UsageLogCreate) SetNillableBillingMode(v *string) *UsageLogCreate {
 	if v != nil {
 		_c.SetBillingMode(*v)
 	}
 	return _c
 }
 // SetGroupID sets the "group_id" field.
 func (_c *UsageLogCreate) SetGroupID(v int64) *UsageLogCreate {
 	_c.mutation.SetGroupID(v)
@ -421,20 +477,6 @@ func (_c *UsageLogCreate) SetNillableImageSize(v *string) *UsageLogCreate {
 	return _c
 }
 // SetMediaType sets the "media_type" field.
 func (_c *UsageLogCreate) SetMediaType(v string) *UsageLogCreate {
 	_c.mutation.SetMediaType(v)
 	return _c
 }
 // SetNillableMediaType sets the "media_type" field if the given value is not nil.
 func (_c *UsageLogCreate) SetNillableMediaType(v *string) *UsageLogCreate {
 	if v != nil {
 		_c.SetMediaType(*v)
 	}
 	return _c
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (_c *UsageLogCreate) SetCacheTTLOverridden(v bool) *UsageLogCreate {
 	_c.mutation.SetCacheTTLOverridden(v)
@ -634,6 +676,21 @@ func (_c *UsageLogCreate) check() error {
 			return &ValidationError{Name: "upstream_model", err: fmt.Errorf(`ent: validator failed for field "UsageLog.upstream_model": %w`, err)}
 		}
 	}
 	if v, ok := _c.mutation.ModelMappingChain(); ok {
 		if err := usagelog.ModelMappingChainValidator(v); err != nil {
 			return &ValidationError{Name: "model_mapping_chain", err: fmt.Errorf(`ent: validator failed for field "UsageLog.model_mapping_chain": %w`, err)}
 		}
 	}
 	if v, ok := _c.mutation.BillingTier(); ok {
 		if err := usagelog.BillingTierValidator(v); err != nil {
 			return &ValidationError{Name: "billing_tier", err: fmt.Errorf(`ent: validator failed for field "UsageLog.billing_tier": %w`, err)}
 		}
 	}
 	if v, ok := _c.mutation.BillingMode(); ok {
 		if err := usagelog.BillingModeValidator(v); err != nil {
 			return &ValidationError{Name: "billing_mode", err: fmt.Errorf(`ent: validator failed for field "UsageLog.billing_mode": %w`, err)}
 		}
 	}
 	if _, ok := _c.mutation.InputTokens(); !ok {
 		return &ValidationError{Name: "input_tokens", err: errors.New(`ent: missing required field "UsageLog.input_tokens"`)}
 	}
@ -697,11 +754,6 @@ func (_c *UsageLogCreate) check() error {
 			return &ValidationError{Name: "image_size", err: fmt.Errorf(`ent: validator failed for field "UsageLog.image_size": %w`, err)}
 		}
 	}
 	if v, ok := _c.mutation.MediaType(); ok {
 		if err := usagelog.MediaTypeValidator(v); err != nil {
 			return &ValidationError{Name: "media_type", err: fmt.Errorf(`ent: validator failed for field "UsageLog.media_type": %w`, err)}
 		}
 	}
 	if _, ok := _c.mutation.CacheTTLOverridden(); !ok {
 		return &ValidationError{Name: "cache_ttl_overridden", err: errors.New(`ent: missing required field "UsageLog.cache_ttl_overridden"`)}
 	}
@ -760,6 +812,22 @@ func (_c *UsageLogCreate) createSpec() (*UsageLog, *sqlgraph.CreateSpec) {
 		_spec.SetField(usagelog.FieldUpstreamModel, field.TypeString, value)
 		_node.UpstreamModel = &value
 	}
 	if value, ok := _c.mutation.ChannelID(); ok {
 		_spec.SetField(usagelog.FieldChannelID, field.TypeInt64, value)
 		_node.ChannelID = &value
 	}
 	if value, ok := _c.mutation.ModelMappingChain(); ok {
 		_spec.SetField(usagelog.FieldModelMappingChain, field.TypeString, value)
 		_node.ModelMappingChain = &value
 	}
 	if value, ok := _c.mutation.BillingTier(); ok {
 		_spec.SetField(usagelog.FieldBillingTier, field.TypeString, value)
 		_node.BillingTier = &value
 	}
 	if value, ok := _c.mutation.BillingMode(); ok {
 		_spec.SetField(usagelog.FieldBillingMode, field.TypeString, value)
 		_node.BillingMode = &value
 	}
 	if value, ok := _c.mutation.InputTokens(); ok {
 		_spec.SetField(usagelog.FieldInputTokens, field.TypeInt, value)
 		_node.InputTokens = value
@ -848,10 +916,6 @@ func (_c *UsageLogCreate) createSpec() (*UsageLog, *sqlgraph.CreateSpec) {
 		_spec.SetField(usagelog.FieldImageSize, field.TypeString, value)
 		_node.ImageSize = &value
 	}
 	if value, ok := _c.mutation.MediaType(); ok {
 		_spec.SetField(usagelog.FieldMediaType, field.TypeString, value)
 		_node.MediaType = &value
 	}
 	if value, ok := _c.mutation.CacheTTLOverridden(); ok {
 		_spec.SetField(usagelog.FieldCacheTTLOverridden, field.TypeBool, value)
 		_node.CacheTTLOverridden = value
@ -1093,6 +1157,84 @@ func (u *UsageLogUpsert) ClearUpstreamModel() *UsageLogUpsert {
 	return u
 }
 // SetChannelID sets the "channel_id" field.
 func (u *UsageLogUpsert) SetChannelID(v int64) *UsageLogUpsert {
 	u.Set(usagelog.FieldChannelID, v)
 	return u
 }
 // UpdateChannelID sets the "channel_id" field to the value that was provided on create.
 func (u *UsageLogUpsert) UpdateChannelID() *UsageLogUpsert {
 	u.SetExcluded(usagelog.FieldChannelID)
 	return u
 }
 // AddChannelID adds v to the "channel_id" field.
 func (u *UsageLogUpsert) AddChannelID(v int64) *UsageLogUpsert {
 	u.Add(usagelog.FieldChannelID, v)
 	return u
 }
 // ClearChannelID clears the value of the "channel_id" field.
 func (u *UsageLogUpsert) ClearChannelID() *UsageLogUpsert {
 	u.SetNull(usagelog.FieldChannelID)
 	return u
 }
 // SetModelMappingChain sets the "model_mapping_chain" field.
 func (u *UsageLogUpsert) SetModelMappingChain(v string) *UsageLogUpsert {
 	u.Set(usagelog.FieldModelMappingChain, v)
 	return u
 }
 // UpdateModelMappingChain sets the "model_mapping_chain" field to the value that was provided on create.
 func (u *UsageLogUpsert) UpdateModelMappingChain() *UsageLogUpsert {
 	u.SetExcluded(usagelog.FieldModelMappingChain)
 	return u
 }
 // ClearModelMappingChain clears the value of the "model_mapping_chain" field.
 func (u *UsageLogUpsert) ClearModelMappingChain() *UsageLogUpsert {
 	u.SetNull(usagelog.FieldModelMappingChain)
 	return u
 }
 // SetBillingTier sets the "billing_tier" field.
 func (u *UsageLogUpsert) SetBillingTier(v string) *UsageLogUpsert {
 	u.Set(usagelog.FieldBillingTier, v)
 	return u
 }
 // UpdateBillingTier sets the "billing_tier" field to the value that was provided on create.
 func (u *UsageLogUpsert) UpdateBillingTier() *UsageLogUpsert {
 	u.SetExcluded(usagelog.FieldBillingTier)
 	return u
 }
 // ClearBillingTier clears the value of the "billing_tier" field.
 func (u *UsageLogUpsert) ClearBillingTier() *UsageLogUpsert {
 	u.SetNull(usagelog.FieldBillingTier)
 	return u
 }
 // SetBillingMode sets the "billing_mode" field.
 func (u *UsageLogUpsert) SetBillingMode(v string) *UsageLogUpsert {
 	u.Set(usagelog.FieldBillingMode, v)
 	return u
 }
 // UpdateBillingMode sets the "billing_mode" field to the value that was provided on create.
 func (u *UsageLogUpsert) UpdateBillingMode() *UsageLogUpsert {
 	u.SetExcluded(usagelog.FieldBillingMode)
 	return u
 }
 // ClearBillingMode clears the value of the "billing_mode" field.
 func (u *UsageLogUpsert) ClearBillingMode() *UsageLogUpsert {
 	u.SetNull(usagelog.FieldBillingMode)
 	return u
 }
 // SetGroupID sets the "group_id" field.
 func (u *UsageLogUpsert) SetGroupID(v int64) *UsageLogUpsert {
 	u.Set(usagelog.FieldGroupID, v)
@ -1537,24 +1679,6 @@ func (u *UsageLogUpsert) ClearImageSize() *UsageLogUpsert {
 	return u
 }
 // SetMediaType sets the "media_type" field.
 func (u *UsageLogUpsert) SetMediaType(v string) *UsageLogUpsert {
 	u.Set(usagelog.FieldMediaType, v)
 	return u
 }
 // UpdateMediaType sets the "media_type" field to the value that was provided on create.
 func (u *UsageLogUpsert) UpdateMediaType() *UsageLogUpsert {
 	u.SetExcluded(usagelog.FieldMediaType)
 	return u
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (u *UsageLogUpsert) ClearMediaType() *UsageLogUpsert {
 	u.SetNull(usagelog.FieldMediaType)
 	return u
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (u *UsageLogUpsert) SetCacheTTLOverridden(v bool) *UsageLogUpsert {
 	u.Set(usagelog.FieldCacheTTLOverridden, v)
@ -1724,6 +1848,97 @@ func (u *UsageLogUpsertOne) ClearUpstreamModel() *UsageLogUpsertOne {
 	})
 }
 // SetChannelID sets the "channel_id" field.
 func (u *UsageLogUpsertOne) SetChannelID(v int64) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetChannelID(v)
 	})
 }
 // AddChannelID adds v to the "channel_id" field.
 func (u *UsageLogUpsertOne) AddChannelID(v int64) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.AddChannelID(v)
 	})
 }
 // UpdateChannelID sets the "channel_id" field to the value that was provided on create.
 func (u *UsageLogUpsertOne) UpdateChannelID() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateChannelID()
 	})
 }
 // ClearChannelID clears the value of the "channel_id" field.
 func (u *UsageLogUpsertOne) ClearChannelID() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearChannelID()
 	})
 }
 // SetModelMappingChain sets the "model_mapping_chain" field.
 func (u *UsageLogUpsertOne) SetModelMappingChain(v string) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetModelMappingChain(v)
 	})
 }
 // UpdateModelMappingChain sets the "model_mapping_chain" field to the value that was provided on create.
 func (u *UsageLogUpsertOne) UpdateModelMappingChain() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateModelMappingChain()
 	})
 }
 // ClearModelMappingChain clears the value of the "model_mapping_chain" field.
 func (u *UsageLogUpsertOne) ClearModelMappingChain() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearModelMappingChain()
 	})
 }
 // SetBillingTier sets the "billing_tier" field.
 func (u *UsageLogUpsertOne) SetBillingTier(v string) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetBillingTier(v)
 	})
 }
 // UpdateBillingTier sets the "billing_tier" field to the value that was provided on create.
 func (u *UsageLogUpsertOne) UpdateBillingTier() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateBillingTier()
 	})
 }
 // ClearBillingTier clears the value of the "billing_tier" field.
 func (u *UsageLogUpsertOne) ClearBillingTier() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearBillingTier()
 	})
 }
 // SetBillingMode sets the "billing_mode" field.
 func (u *UsageLogUpsertOne) SetBillingMode(v string) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetBillingMode(v)
 	})
 }
 // UpdateBillingMode sets the "billing_mode" field to the value that was provided on create.
 func (u *UsageLogUpsertOne) UpdateBillingMode() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateBillingMode()
 	})
 }
 // ClearBillingMode clears the value of the "billing_mode" field.
 func (u *UsageLogUpsertOne) ClearBillingMode() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearBillingMode()
 	})
 }
 // SetGroupID sets the "group_id" field.
 func (u *UsageLogUpsertOne) SetGroupID(v int64) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
@ -2242,27 +2457,6 @@ func (u *UsageLogUpsertOne) ClearImageSize() *UsageLogUpsertOne {
 	})
 }
 // SetMediaType sets the "media_type" field.
 func (u *UsageLogUpsertOne) SetMediaType(v string) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetMediaType(v)
 	})
 }
 // UpdateMediaType sets the "media_type" field to the value that was provided on create.
 func (u *UsageLogUpsertOne) UpdateMediaType() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateMediaType()
 	})
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (u *UsageLogUpsertOne) ClearMediaType() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearMediaType()
 	})
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (u *UsageLogUpsertOne) SetCacheTTLOverridden(v bool) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
@ -2600,6 +2794,97 @@ func (u *UsageLogUpsertBulk) ClearUpstreamModel() *UsageLogUpsertBulk {
 	})
 }
 // SetChannelID sets the "channel_id" field.
 func (u *UsageLogUpsertBulk) SetChannelID(v int64) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetChannelID(v)
 	})
 }
 // AddChannelID adds v to the "channel_id" field.
 func (u *UsageLogUpsertBulk) AddChannelID(v int64) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.AddChannelID(v)
 	})
 }
 // UpdateChannelID sets the "channel_id" field to the value that was provided on create.
 func (u *UsageLogUpsertBulk) UpdateChannelID() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateChannelID()
 	})
 }
 // ClearChannelID clears the value of the "channel_id" field.
 func (u *UsageLogUpsertBulk) ClearChannelID() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearChannelID()
 	})
 }
 // SetModelMappingChain sets the "model_mapping_chain" field.
 func (u *UsageLogUpsertBulk) SetModelMappingChain(v string) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetModelMappingChain(v)
 	})
 }
 // UpdateModelMappingChain sets the "model_mapping_chain" field to the value that was provided on create.
 func (u *UsageLogUpsertBulk) UpdateModelMappingChain() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateModelMappingChain()
 	})
 }
 // ClearModelMappingChain clears the value of the "model_mapping_chain" field.
 func (u *UsageLogUpsertBulk) ClearModelMappingChain() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearModelMappingChain()
 	})
 }
 // SetBillingTier sets the "billing_tier" field.
 func (u *UsageLogUpsertBulk) SetBillingTier(v string) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetBillingTier(v)
 	})
 }
 // UpdateBillingTier sets the "billing_tier" field to the value that was provided on create.
 func (u *UsageLogUpsertBulk) UpdateBillingTier() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateBillingTier()
 	})
 }
 // ClearBillingTier clears the value of the "billing_tier" field.
 func (u *UsageLogUpsertBulk) ClearBillingTier() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearBillingTier()
 	})
 }
 // SetBillingMode sets the "billing_mode" field.
 func (u *UsageLogUpsertBulk) SetBillingMode(v string) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetBillingMode(v)
 	})
 }
 // UpdateBillingMode sets the "billing_mode" field to the value that was provided on create.
 func (u *UsageLogUpsertBulk) UpdateBillingMode() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateBillingMode()
 	})
 }
 // ClearBillingMode clears the value of the "billing_mode" field.
 func (u *UsageLogUpsertBulk) ClearBillingMode() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearBillingMode()
 	})
 }
 // SetGroupID sets the "group_id" field.
 func (u *UsageLogUpsertBulk) SetGroupID(v int64) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
@ -3118,27 +3403,6 @@ func (u *UsageLogUpsertBulk) ClearImageSize() *UsageLogUpsertBulk {
 	})
 }
 // SetMediaType sets the "media_type" field.
 func (u *UsageLogUpsertBulk) SetMediaType(v string) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetMediaType(v)
 	})
 }
 // UpdateMediaType sets the "media_type" field to the value that was provided on create.
 func (u *UsageLogUpsertBulk) UpdateMediaType() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateMediaType()
 	})
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (u *UsageLogUpsertBulk) ClearMediaType() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearMediaType()
 	})
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (u *UsageLogUpsertBulk) SetCacheTTLOverridden(v bool) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
--- a/backend/ent/usagelog_update.go
+++ b/backend/ent/usagelog_update.go
@ -142,6 +142,93 @@ func (_u *UsageLogUpdate) ClearUpstreamModel() *UsageLogUpdate {
 	return _u
 }
 // SetChannelID sets the "channel_id" field.
 func (_u *UsageLogUpdate) SetChannelID(v int64) *UsageLogUpdate {
 	_u.mutation.ResetChannelID()
 	_u.mutation.SetChannelID(v)
 	return _u
 }
 // SetNillableChannelID sets the "channel_id" field if the given value is not nil.
 func (_u *UsageLogUpdate) SetNillableChannelID(v *int64) *UsageLogUpdate {
 	if v != nil {
 		_u.SetChannelID(*v)
 	}
 	return _u
 }
 // AddChannelID adds value to the "channel_id" field.
 func (_u *UsageLogUpdate) AddChannelID(v int64) *UsageLogUpdate {
 	_u.mutation.AddChannelID(v)
 	return _u
 }
 // ClearChannelID clears the value of the "channel_id" field.
 func (_u *UsageLogUpdate) ClearChannelID() *UsageLogUpdate {
 	_u.mutation.ClearChannelID()
 	return _u
 }
 // SetModelMappingChain sets the "model_mapping_chain" field.
 func (_u *UsageLogUpdate) SetModelMappingChain(v string) *UsageLogUpdate {
 	_u.mutation.SetModelMappingChain(v)
 	return _u
 }
 // SetNillableModelMappingChain sets the "model_mapping_chain" field if the given value is not nil.
 func (_u *UsageLogUpdate) SetNillableModelMappingChain(v *string) *UsageLogUpdate {
 	if v != nil {
 		_u.SetModelMappingChain(*v)
 	}
 	return _u
 }
 // ClearModelMappingChain clears the value of the "model_mapping_chain" field.
 func (_u *UsageLogUpdate) ClearModelMappingChain() *UsageLogUpdate {
 	_u.mutation.ClearModelMappingChain()
 	return _u
 }
 // SetBillingTier sets the "billing_tier" field.
 func (_u *UsageLogUpdate) SetBillingTier(v string) *UsageLogUpdate {
 	_u.mutation.SetBillingTier(v)
 	return _u
 }
 // SetNillableBillingTier sets the "billing_tier" field if the given value is not nil.
 func (_u *UsageLogUpdate) SetNillableBillingTier(v *string) *UsageLogUpdate {
 	if v != nil {
 		_u.SetBillingTier(*v)
 	}
 	return _u
 }
 // ClearBillingTier clears the value of the "billing_tier" field.
 func (_u *UsageLogUpdate) ClearBillingTier() *UsageLogUpdate {
 	_u.mutation.ClearBillingTier()
 	return _u
 }
 // SetBillingMode sets the "billing_mode" field.
 func (_u *UsageLogUpdate) SetBillingMode(v string) *UsageLogUpdate {
 	_u.mutation.SetBillingMode(v)
 	return _u
 }
 // SetNillableBillingMode sets the "billing_mode" field if the given value is not nil.
 func (_u *UsageLogUpdate) SetNillableBillingMode(v *string) *UsageLogUpdate {
 	if v != nil {
 		_u.SetBillingMode(*v)
 	}
 	return _u
 }
 // ClearBillingMode clears the value of the "billing_mode" field.
 func (_u *UsageLogUpdate) ClearBillingMode() *UsageLogUpdate {
 	_u.mutation.ClearBillingMode()
 	return _u
 }
 // SetGroupID sets the "group_id" field.
 func (_u *UsageLogUpdate) SetGroupID(v int64) *UsageLogUpdate {
 	_u.mutation.SetGroupID(v)
@ -652,26 +739,6 @@ func (_u *UsageLogUpdate) ClearImageSize() *UsageLogUpdate {
 	return _u
 }
 // SetMediaType sets the "media_type" field.
 func (_u *UsageLogUpdate) SetMediaType(v string) *UsageLogUpdate {
 	_u.mutation.SetMediaType(v)
 	return _u
 }
 // SetNillableMediaType sets the "media_type" field if the given value is not nil.
 func (_u *UsageLogUpdate) SetNillableMediaType(v *string) *UsageLogUpdate {
 	if v != nil {
 		_u.SetMediaType(*v)
 	}
 	return _u
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (_u *UsageLogUpdate) ClearMediaType() *UsageLogUpdate {
 	_u.mutation.ClearMediaType()
 	return _u
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (_u *UsageLogUpdate) SetCacheTTLOverridden(v bool) *UsageLogUpdate {
 	_u.mutation.SetCacheTTLOverridden(v)
@ -795,6 +862,21 @@ func (_u *UsageLogUpdate) check() error {
 			return &ValidationError{Name: "upstream_model", err: fmt.Errorf(`ent: validator failed for field "UsageLog.upstream_model": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.ModelMappingChain(); ok {
 		if err := usagelog.ModelMappingChainValidator(v); err != nil {
 			return &ValidationError{Name: "model_mapping_chain", err: fmt.Errorf(`ent: validator failed for field "UsageLog.model_mapping_chain": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.BillingTier(); ok {
 		if err := usagelog.BillingTierValidator(v); err != nil {
 			return &ValidationError{Name: "billing_tier", err: fmt.Errorf(`ent: validator failed for field "UsageLog.billing_tier": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.BillingMode(); ok {
 		if err := usagelog.BillingModeValidator(v); err != nil {
 			return &ValidationError{Name: "billing_mode", err: fmt.Errorf(`ent: validator failed for field "UsageLog.billing_mode": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.UserAgent(); ok {
 		if err := usagelog.UserAgentValidator(v); err != nil {
 			return &ValidationError{Name: "user_agent", err: fmt.Errorf(`ent: validator failed for field "UsageLog.user_agent": %w`, err)}
@ -810,11 +892,6 @@ func (_u *UsageLogUpdate) check() error {
 			return &ValidationError{Name: "image_size", err: fmt.Errorf(`ent: validator failed for field "UsageLog.image_size": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.MediaType(); ok {
 		if err := usagelog.MediaTypeValidator(v); err != nil {
 			return &ValidationError{Name: "media_type", err: fmt.Errorf(`ent: validator failed for field "UsageLog.media_type": %w`, err)}
 		}
 	}
 	if _u.mutation.UserCleared() && len(_u.mutation.UserIDs()) > 0 {
 		return errors.New(`ent: clearing a required unique edge "UsageLog.user"`)
 	}
@ -857,6 +934,33 @@ func (_u *UsageLogUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if _u.mutation.UpstreamModelCleared() {
 		_spec.ClearField(usagelog.FieldUpstreamModel, field.TypeString)
 	}
 	if value, ok := _u.mutation.ChannelID(); ok {
 		_spec.SetField(usagelog.FieldChannelID, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedChannelID(); ok {
 		_spec.AddField(usagelog.FieldChannelID, field.TypeInt64, value)
 	}
 	if _u.mutation.ChannelIDCleared() {
 		_spec.ClearField(usagelog.FieldChannelID, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.ModelMappingChain(); ok {
 		_spec.SetField(usagelog.FieldModelMappingChain, field.TypeString, value)
 	}
 	if _u.mutation.ModelMappingChainCleared() {
 		_spec.ClearField(usagelog.FieldModelMappingChain, field.TypeString)
 	}
 	if value, ok := _u.mutation.BillingTier(); ok {
 		_spec.SetField(usagelog.FieldBillingTier, field.TypeString, value)
 	}
 	if _u.mutation.BillingTierCleared() {
 		_spec.ClearField(usagelog.FieldBillingTier, field.TypeString)
 	}
 	if value, ok := _u.mutation.BillingMode(); ok {
 		_spec.SetField(usagelog.FieldBillingMode, field.TypeString, value)
 	}
 	if _u.mutation.BillingModeCleared() {
 		_spec.ClearField(usagelog.FieldBillingMode, field.TypeString)
 	}
 	if value, ok := _u.mutation.InputTokens(); ok {
 		_spec.SetField(usagelog.FieldInputTokens, field.TypeInt, value)
 	}
@ -995,12 +1099,6 @@ func (_u *UsageLogUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if _u.mutation.ImageSizeCleared() {
 		_spec.ClearField(usagelog.FieldImageSize, field.TypeString)
 	}
 	if value, ok := _u.mutation.MediaType(); ok {
 		_spec.SetField(usagelog.FieldMediaType, field.TypeString, value)
 	}
 	if _u.mutation.MediaTypeCleared() {
 		_spec.ClearField(usagelog.FieldMediaType, field.TypeString)
 	}
 	if value, ok := _u.mutation.CacheTTLOverridden(); ok {
 		_spec.SetField(usagelog.FieldCacheTTLOverridden, field.TypeBool, value)
 	}
@ -1279,6 +1377,93 @@ func (_u *UsageLogUpdateOne) ClearUpstreamModel() *UsageLogUpdateOne {
 	return _u
 }
 // SetChannelID sets the "channel_id" field.
 func (_u *UsageLogUpdateOne) SetChannelID(v int64) *UsageLogUpdateOne {
 	_u.mutation.ResetChannelID()
 	_u.mutation.SetChannelID(v)
 	return _u
 }
 // SetNillableChannelID sets the "channel_id" field if the given value is not nil.
 func (_u *UsageLogUpdateOne) SetNillableChannelID(v *int64) *UsageLogUpdateOne {
 	if v != nil {
 		_u.SetChannelID(*v)
 	}
 	return _u
 }
 // AddChannelID adds value to the "channel_id" field.
 func (_u *UsageLogUpdateOne) AddChannelID(v int64) *UsageLogUpdateOne {
 	_u.mutation.AddChannelID(v)
 	return _u
 }
 // ClearChannelID clears the value of the "channel_id" field.
 func (_u *UsageLogUpdateOne) ClearChannelID() *UsageLogUpdateOne {
 	_u.mutation.ClearChannelID()
 	return _u
 }
 // SetModelMappingChain sets the "model_mapping_chain" field.
 func (_u *UsageLogUpdateOne) SetModelMappingChain(v string) *UsageLogUpdateOne {
 	_u.mutation.SetModelMappingChain(v)
 	return _u
 }
 // SetNillableModelMappingChain sets the "model_mapping_chain" field if the given value is not nil.
 func (_u *UsageLogUpdateOne) SetNillableModelMappingChain(v *string) *UsageLogUpdateOne {
 	if v != nil {
 		_u.SetModelMappingChain(*v)
 	}
 	return _u
 }
 // ClearModelMappingChain clears the value of the "model_mapping_chain" field.
 func (_u *UsageLogUpdateOne) ClearModelMappingChain() *UsageLogUpdateOne {
 	_u.mutation.ClearModelMappingChain()
 	return _u
 }
 // SetBillingTier sets the "billing_tier" field.
 func (_u *UsageLogUpdateOne) SetBillingTier(v string) *UsageLogUpdateOne {
 	_u.mutation.SetBillingTier(v)
 	return _u
 }
 // SetNillableBillingTier sets the "billing_tier" field if the given value is not nil.
 func (_u *UsageLogUpdateOne) SetNillableBillingTier(v *string) *UsageLogUpdateOne {
 	if v != nil {
 		_u.SetBillingTier(*v)
 	}
 	return _u
 }
 // ClearBillingTier clears the value of the "billing_tier" field.
 func (_u *UsageLogUpdateOne) ClearBillingTier() *UsageLogUpdateOne {
 	_u.mutation.ClearBillingTier()
 	return _u
 }
 // SetBillingMode sets the "billing_mode" field.
 func (_u *UsageLogUpdateOne) SetBillingMode(v string) *UsageLogUpdateOne {
 	_u.mutation.SetBillingMode(v)
 	return _u
 }
 // SetNillableBillingMode sets the "billing_mode" field if the given value is not nil.
 func (_u *UsageLogUpdateOne) SetNillableBillingMode(v *string) *UsageLogUpdateOne {
 	if v != nil {
 		_u.SetBillingMode(*v)
 	}
 	return _u
 }
 // ClearBillingMode clears the value of the "billing_mode" field.
 func (_u *UsageLogUpdateOne) ClearBillingMode() *UsageLogUpdateOne {
 	_u.mutation.ClearBillingMode()
 	return _u
 }
 // SetGroupID sets the "group_id" field.
 func (_u *UsageLogUpdateOne) SetGroupID(v int64) *UsageLogUpdateOne {
 	_u.mutation.SetGroupID(v)
@ -1789,26 +1974,6 @@ func (_u *UsageLogUpdateOne) ClearImageSize() *UsageLogUpdateOne {
 	return _u
 }
 // SetMediaType sets the "media_type" field.
 func (_u *UsageLogUpdateOne) SetMediaType(v string) *UsageLogUpdateOne {
 	_u.mutation.SetMediaType(v)
 	return _u
 }
 // SetNillableMediaType sets the "media_type" field if the given value is not nil.
 func (_u *UsageLogUpdateOne) SetNillableMediaType(v *string) *UsageLogUpdateOne {
 	if v != nil {
 		_u.SetMediaType(*v)
 	}
 	return _u
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (_u *UsageLogUpdateOne) ClearMediaType() *UsageLogUpdateOne {
 	_u.mutation.ClearMediaType()
 	return _u
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (_u *UsageLogUpdateOne) SetCacheTTLOverridden(v bool) *UsageLogUpdateOne {
 	_u.mutation.SetCacheTTLOverridden(v)
@ -1945,6 +2110,21 @@ func (_u *UsageLogUpdateOne) check() error {
 			return &ValidationError{Name: "upstream_model", err: fmt.Errorf(`ent: validator failed for field "UsageLog.upstream_model": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.ModelMappingChain(); ok {
 		if err := usagelog.ModelMappingChainValidator(v); err != nil {
 			return &ValidationError{Name: "model_mapping_chain", err: fmt.Errorf(`ent: validator failed for field "UsageLog.model_mapping_chain": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.BillingTier(); ok {
 		if err := usagelog.BillingTierValidator(v); err != nil {
 			return &ValidationError{Name: "billing_tier", err: fmt.Errorf(`ent: validator failed for field "UsageLog.billing_tier": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.BillingMode(); ok {
 		if err := usagelog.BillingModeValidator(v); err != nil {
 			return &ValidationError{Name: "billing_mode", err: fmt.Errorf(`ent: validator failed for field "UsageLog.billing_mode": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.UserAgent(); ok {
 		if err := usagelog.UserAgentValidator(v); err != nil {
 			return &ValidationError{Name: "user_agent", err: fmt.Errorf(`ent: validator failed for field "UsageLog.user_agent": %w`, err)}
@ -1960,11 +2140,6 @@ func (_u *UsageLogUpdateOne) check() error {
 			return &ValidationError{Name: "image_size", err: fmt.Errorf(`ent: validator failed for field "UsageLog.image_size": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.MediaType(); ok {
 		if err := usagelog.MediaTypeValidator(v); err != nil {
 			return &ValidationError{Name: "media_type", err: fmt.Errorf(`ent: validator failed for field "UsageLog.media_type": %w`, err)}
 		}
 	}
 	if _u.mutation.UserCleared() && len(_u.mutation.UserIDs()) > 0 {
 		return errors.New(`ent: clearing a required unique edge "UsageLog.user"`)
 	}
@ -2024,6 +2199,33 @@ func (_u *UsageLogUpdateOne) sqlSave(ctx context.Context) (_node *UsageLog, err
 	if _u.mutation.UpstreamModelCleared() {
 		_spec.ClearField(usagelog.FieldUpstreamModel, field.TypeString)
 	}
 	if value, ok := _u.mutation.ChannelID(); ok {
 		_spec.SetField(usagelog.FieldChannelID, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedChannelID(); ok {
 		_spec.AddField(usagelog.FieldChannelID, field.TypeInt64, value)
 	}
 	if _u.mutation.ChannelIDCleared() {
 		_spec.ClearField(usagelog.FieldChannelID, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.ModelMappingChain(); ok {
 		_spec.SetField(usagelog.FieldModelMappingChain, field.TypeString, value)
 	}
 	if _u.mutation.ModelMappingChainCleared() {
 		_spec.ClearField(usagelog.FieldModelMappingChain, field.TypeString)
 	}
 	if value, ok := _u.mutation.BillingTier(); ok {
 		_spec.SetField(usagelog.FieldBillingTier, field.TypeString, value)
 	}
 	if _u.mutation.BillingTierCleared() {
 		_spec.ClearField(usagelog.FieldBillingTier, field.TypeString)
 	}
 	if value, ok := _u.mutation.BillingMode(); ok {
 		_spec.SetField(usagelog.FieldBillingMode, field.TypeString, value)
 	}
 	if _u.mutation.BillingModeCleared() {
 		_spec.ClearField(usagelog.FieldBillingMode, field.TypeString)
 	}
 	if value, ok := _u.mutation.InputTokens(); ok {
 		_spec.SetField(usagelog.FieldInputTokens, field.TypeInt, value)
 	}
@ -2162,12 +2364,6 @@ func (_u *UsageLogUpdateOne) sqlSave(ctx context.Context) (_node *UsageLog, err
 	if _u.mutation.ImageSizeCleared() {
 		_spec.ClearField(usagelog.FieldImageSize, field.TypeString)
 	}
 	if value, ok := _u.mutation.MediaType(); ok {
 		_spec.SetField(usagelog.FieldMediaType, field.TypeString, value)
 	}
 	if _u.mutation.MediaTypeCleared() {
 		_spec.ClearField(usagelog.FieldMediaType, field.TypeString)
 	}
 	if value, ok := _u.mutation.CacheTTLOverridden(); ok {
 		_spec.SetField(usagelog.FieldCacheTTLOverridden, field.TypeBool, value)
 	}
--- a/backend/ent/user.go
+++ b/backend/ent/user.go
@ -45,10 +45,6 @@ type User struct {
 	TotpEnabled bool `json:"totp_enabled,omitempty"`
 	// TotpEnabledAt holds the value of the "totp_enabled_at" field.
 	TotpEnabledAt *time.Time `json:"totp_enabled_at,omitempty"`
 	// SoraStorageQuotaBytes holds the value of the "sora_storage_quota_bytes" field.
 	SoraStorageQuotaBytes int64 `json:"sora_storage_quota_bytes,omitempty"`
 	// SoraStorageUsedBytes holds the value of the "sora_storage_used_bytes" field.
 	SoraStorageUsedBytes int64 `json:"sora_storage_used_bytes,omitempty"`
 	// Edges holds the relations/edges for other nodes in the graph.
 	// The values are being populated by the UserQuery when eager-loading is set.
 	Edges        UserEdges `json:"edges"`
@ -181,7 +177,7 @@ func (*User) scanValues(columns []string) ([]any, error) {
 			values[i] = new(sql.NullBool)
 		case user.FieldBalance:
 			values[i] = new(sql.NullFloat64)
-		case user.FieldID, user.FieldConcurrency, user.FieldSoraStorageQuotaBytes, user.FieldSoraStorageUsedBytes:
+		case user.FieldID, user.FieldConcurrency:
 			values[i] = new(sql.NullInt64)
 		case user.FieldEmail, user.FieldPasswordHash, user.FieldRole, user.FieldStatus, user.FieldUsername, user.FieldNotes, user.FieldTotpSecretEncrypted:
 			values[i] = new(sql.NullString)
@ -295,18 +291,6 @@ func (_m *User) assignValues(columns []string, values []any) error {
 				_m.TotpEnabledAt = new(time.Time)
 				*_m.TotpEnabledAt = value.Time
 			}
 		case user.FieldSoraStorageQuotaBytes:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_storage_quota_bytes", values[i])
 			} else if value.Valid {
 				_m.SoraStorageQuotaBytes = value.Int64
 			}
 		case user.FieldSoraStorageUsedBytes:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_storage_used_bytes", values[i])
 			} else if value.Valid {
 				_m.SoraStorageUsedBytes = value.Int64
 			}
 		default:
 			_m.selectValues.Set(columns[i], values[i])
 		}
@ -440,12 +424,6 @@ func (_m *User) String() string {
 		builder.WriteString("totp_enabled_at=")
 		builder.WriteString(v.Format(time.ANSIC))
 	}
 	builder.WriteString(", ")
 	builder.WriteString("sora_storage_quota_bytes=")
 	builder.WriteString(fmt.Sprintf("%v", _m.SoraStorageQuotaBytes))
 	builder.WriteString(", ")
 	builder.WriteString("sora_storage_used_bytes=")
 	builder.WriteString(fmt.Sprintf("%v", _m.SoraStorageUsedBytes))
 	builder.WriteByte(')')
 	return builder.String()
 }
--- a/backend/ent/user/user.go
+++ b/backend/ent/user/user.go
@ -43,10 +43,6 @@ const (
 	FieldTotpEnabled = "totp_enabled"
 	// FieldTotpEnabledAt holds the string denoting the totp_enabled_at field in the database.
 	FieldTotpEnabledAt = "totp_enabled_at"
 	// FieldSoraStorageQuotaBytes holds the string denoting the sora_storage_quota_bytes field in the database.
 	FieldSoraStorageQuotaBytes = "sora_storage_quota_bytes"
 	// FieldSoraStorageUsedBytes holds the string denoting the sora_storage_used_bytes field in the database.
 	FieldSoraStorageUsedBytes = "sora_storage_used_bytes"
 	// EdgeAPIKeys holds the string denoting the api_keys edge name in mutations.
 	EdgeAPIKeys = "api_keys"
 	// EdgeRedeemCodes holds the string denoting the redeem_codes edge name in mutations.
@ -156,8 +152,6 @@ var Columns = []string{
 	FieldTotpSecretEncrypted,
 	FieldTotpEnabled,
 	FieldTotpEnabledAt,
 	FieldSoraStorageQuotaBytes,
 	FieldSoraStorageUsedBytes,
 }
 var (
@ -214,10 +208,6 @@ var (
 	DefaultNotes string
 	// DefaultTotpEnabled holds the default value on creation for the "totp_enabled" field.
 	DefaultTotpEnabled bool
 	// DefaultSoraStorageQuotaBytes holds the default value on creation for the "sora_storage_quota_bytes" field.
 	DefaultSoraStorageQuotaBytes int64
 	// DefaultSoraStorageUsedBytes holds the default value on creation for the "sora_storage_used_bytes" field.
 	DefaultSoraStorageUsedBytes int64
 )
 // OrderOption defines the ordering options for the User queries.
@ -298,16 +288,6 @@ func ByTotpEnabledAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldTotpEnabledAt, opts...).ToFunc()
 }
 // BySoraStorageQuotaBytes orders the results by the sora_storage_quota_bytes field.
 func BySoraStorageQuotaBytes(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraStorageQuotaBytes, opts...).ToFunc()
 }
 // BySoraStorageUsedBytes orders the results by the sora_storage_used_bytes field.
 func BySoraStorageUsedBytes(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraStorageUsedBytes, opts...).ToFunc()
 }
 // ByAPIKeysCount orders the results by api_keys count.
 func ByAPIKeysCount(opts ...sql.OrderTermOption) OrderOption {
 	return func(s *sql.Selector) {
--- a/backend/ent/user/where.go
+++ b/backend/ent/user/where.go
@ -125,16 +125,6 @@ func TotpEnabledAt(v time.Time) predicate.User {
 	return predicate.User(sql.FieldEQ(FieldTotpEnabledAt, v))
 }
 // SoraStorageQuotaBytes applies equality check predicate on the "sora_storage_quota_bytes" field. It's identical to SoraStorageQuotaBytesEQ.
 func SoraStorageQuotaBytes(v int64) predicate.User {
 	return predicate.User(sql.FieldEQ(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageUsedBytes applies equality check predicate on the "sora_storage_used_bytes" field. It's identical to SoraStorageUsedBytesEQ.
 func SoraStorageUsedBytes(v int64) predicate.User {
 	return predicate.User(sql.FieldEQ(FieldSoraStorageUsedBytes, v))
 }
 // CreatedAtEQ applies the EQ predicate on the "created_at" field.
 func CreatedAtEQ(v time.Time) predicate.User {
 	return predicate.User(sql.FieldEQ(FieldCreatedAt, v))
@ -870,86 +860,6 @@ func TotpEnabledAtNotNil() predicate.User {
 	return predicate.User(sql.FieldNotNull(FieldTotpEnabledAt))
 }
 // SoraStorageQuotaBytesEQ applies the EQ predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesEQ(v int64) predicate.User {
 	return predicate.User(sql.FieldEQ(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesNEQ applies the NEQ predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesNEQ(v int64) predicate.User {
 	return predicate.User(sql.FieldNEQ(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesIn applies the In predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesIn(vs ...int64) predicate.User {
 	return predicate.User(sql.FieldIn(FieldSoraStorageQuotaBytes, vs...))
 }
 // SoraStorageQuotaBytesNotIn applies the NotIn predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesNotIn(vs ...int64) predicate.User {
 	return predicate.User(sql.FieldNotIn(FieldSoraStorageQuotaBytes, vs...))
 }
 // SoraStorageQuotaBytesGT applies the GT predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesGT(v int64) predicate.User {
 	return predicate.User(sql.FieldGT(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesGTE applies the GTE predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesGTE(v int64) predicate.User {
 	return predicate.User(sql.FieldGTE(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesLT applies the LT predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesLT(v int64) predicate.User {
 	return predicate.User(sql.FieldLT(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageQuotaBytesLTE applies the LTE predicate on the "sora_storage_quota_bytes" field.
 func SoraStorageQuotaBytesLTE(v int64) predicate.User {
 	return predicate.User(sql.FieldLTE(FieldSoraStorageQuotaBytes, v))
 }
 // SoraStorageUsedBytesEQ applies the EQ predicate on the "sora_storage_used_bytes" field.
 func SoraStorageUsedBytesEQ(v int64) predicate.User {
 	return predicate.User(sql.FieldEQ(FieldSoraStorageUsedBytes, v))
 }
 // SoraStorageUsedBytesNEQ applies the NEQ predicate on the "sora_storage_used_bytes" field.
 func SoraStorageUsedBytesNEQ(v int64) predicate.User {
 	return predicate.User(sql.FieldNEQ(FieldSoraStorageUsedBytes, v))
 }
 // SoraStorageUsedBytesIn applies the In predicate on the "sora_storage_used_bytes" field.
 func SoraStorageUsedBytesIn(vs ...int64) predicate.User {
 	return predicate.User(sql.FieldIn(FieldSoraStorageUsedBytes, vs...))
 }
 // SoraStorageUsedBytesNotIn applies the NotIn predicate on the "sora_storage_used_bytes" field.
 func SoraStorageUsedBytesNotIn(vs ...int64) predicate.User {
 	return predicate.User(sql.FieldNotIn(FieldSoraStorageUsedBytes, vs...))
 }
 // SoraStorageUsedBytesGT applies the GT predicate on the "sora_storage_used_bytes" field.
 func SoraStorageUsedBytesGT(v int64) predicate.User {
 	return predicate.User(sql.FieldGT(FieldSoraStorageUsedBytes, v))
 }
 // SoraStorageUsedBytesGTE applies the GTE predicate on the "sora_storage_used_bytes" field.
 func SoraStorageUsedBytesGTE(v int64) predicate.User {
 	return predicate.User(sql.FieldGTE(FieldSoraStorageUsedBytes, v))
 }
 // SoraStorageUsedBytesLT applies the LT predicate on the "sora_storage_used_bytes" field.
 func SoraStorageUsedBytesLT(v int64) predicate.User {
 	return predicate.User(sql.FieldLT(FieldSoraStorageUsedBytes, v))
 }
 // SoraStorageUsedBytesLTE applies the LTE predicate on the "sora_storage_used_bytes" field.
 func SoraStorageUsedBytesLTE(v int64) predicate.User {
 	return predicate.User(sql.FieldLTE(FieldSoraStorageUsedBytes, v))
 }
 // HasAPIKeys applies the HasEdge predicate on the "api_keys" edge.
 func HasAPIKeys() predicate.User {
 	return predicate.User(func(s *sql.Selector) {
--- a/backend/ent/user_create.go
+++ b/backend/ent/user_create.go
@ -210,34 +210,6 @@ func (_c *UserCreate) SetNillableTotpEnabledAt(v *time.Time) *UserCreate {
 	return _c
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (_c *UserCreate) SetSoraStorageQuotaBytes(v int64) *UserCreate {
 	_c.mutation.SetSoraStorageQuotaBytes(v)
 	return _c
 }
 // SetNillableSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field if the given value is not nil.
 func (_c *UserCreate) SetNillableSoraStorageQuotaBytes(v *int64) *UserCreate {
 	if v != nil {
 		_c.SetSoraStorageQuotaBytes(*v)
 	}
 	return _c
 }
 // SetSoraStorageUsedBytes sets the "sora_storage_used_bytes" field.
 func (_c *UserCreate) SetSoraStorageUsedBytes(v int64) *UserCreate {
 	_c.mutation.SetSoraStorageUsedBytes(v)
 	return _c
 }
 // SetNillableSoraStorageUsedBytes sets the "sora_storage_used_bytes" field if the given value is not nil.
 func (_c *UserCreate) SetNillableSoraStorageUsedBytes(v *int64) *UserCreate {
 	if v != nil {
 		_c.SetSoraStorageUsedBytes(*v)
 	}
 	return _c
 }
 // AddAPIKeyIDs adds the "api_keys" edge to the APIKey entity by IDs.
 func (_c *UserCreate) AddAPIKeyIDs(ids ...int64) *UserCreate {
 	_c.mutation.AddAPIKeyIDs(ids...)
@ -452,14 +424,6 @@ func (_c *UserCreate) defaults() error {
 		v := user.DefaultTotpEnabled
 		_c.mutation.SetTotpEnabled(v)
 	}
 	if _, ok := _c.mutation.SoraStorageQuotaBytes(); !ok {
 		v := user.DefaultSoraStorageQuotaBytes
 		_c.mutation.SetSoraStorageQuotaBytes(v)
 	}
 	if _, ok := _c.mutation.SoraStorageUsedBytes(); !ok {
 		v := user.DefaultSoraStorageUsedBytes
 		_c.mutation.SetSoraStorageUsedBytes(v)
 	}
 	return nil
 }
@ -523,12 +487,6 @@ func (_c *UserCreate) check() error {
 	if _, ok := _c.mutation.TotpEnabled(); !ok {
 		return &ValidationError{Name: "totp_enabled", err: errors.New(`ent: missing required field "User.totp_enabled"`)}
 	}
 	if _, ok := _c.mutation.SoraStorageQuotaBytes(); !ok {
 		return &ValidationError{Name: "sora_storage_quota_bytes", err: errors.New(`ent: missing required field "User.sora_storage_quota_bytes"`)}
 	}
 	if _, ok := _c.mutation.SoraStorageUsedBytes(); !ok {
 		return &ValidationError{Name: "sora_storage_used_bytes", err: errors.New(`ent: missing required field "User.sora_storage_used_bytes"`)}
 	}
 	return nil
 }
@ -612,14 +570,6 @@ func (_c *UserCreate) createSpec() (*User, *sqlgraph.CreateSpec) {
 		_spec.SetField(user.FieldTotpEnabledAt, field.TypeTime, value)
 		_node.TotpEnabledAt = &value
 	}
 	if value, ok := _c.mutation.SoraStorageQuotaBytes(); ok {
 		_spec.SetField(user.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 		_node.SoraStorageQuotaBytes = value
 	}
 	if value, ok := _c.mutation.SoraStorageUsedBytes(); ok {
 		_spec.SetField(user.FieldSoraStorageUsedBytes, field.TypeInt64, value)
 		_node.SoraStorageUsedBytes = value
 	}
 	if nodes := _c.mutation.APIKeysIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
@ -1006,42 +956,6 @@ func (u *UserUpsert) ClearTotpEnabledAt() *UserUpsert {
 	return u
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (u *UserUpsert) SetSoraStorageQuotaBytes(v int64) *UserUpsert {
 	u.Set(user.FieldSoraStorageQuotaBytes, v)
 	return u
 }
 // UpdateSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field to the value that was provided on create.
 func (u *UserUpsert) UpdateSoraStorageQuotaBytes() *UserUpsert {
 	u.SetExcluded(user.FieldSoraStorageQuotaBytes)
 	return u
 }
 // AddSoraStorageQuotaBytes adds v to the "sora_storage_quota_bytes" field.
 func (u *UserUpsert) AddSoraStorageQuotaBytes(v int64) *UserUpsert {
 	u.Add(user.FieldSoraStorageQuotaBytes, v)
 	return u
 }
 // SetSoraStorageUsedBytes sets the "sora_storage_used_bytes" field.
 func (u *UserUpsert) SetSoraStorageUsedBytes(v int64) *UserUpsert {
 	u.Set(user.FieldSoraStorageUsedBytes, v)
 	return u
 }
 // UpdateSoraStorageUsedBytes sets the "sora_storage_used_bytes" field to the value that was provided on create.
 func (u *UserUpsert) UpdateSoraStorageUsedBytes() *UserUpsert {
 	u.SetExcluded(user.FieldSoraStorageUsedBytes)
 	return u
 }
 // AddSoraStorageUsedBytes adds v to the "sora_storage_used_bytes" field.
 func (u *UserUpsert) AddSoraStorageUsedBytes(v int64) *UserUpsert {
 	u.Add(user.FieldSoraStorageUsedBytes, v)
 	return u
 }
 // UpdateNewValues updates the mutable fields using the new values that were set on create.
 // Using this option is equivalent to using:
 //
@ -1304,48 +1218,6 @@ func (u *UserUpsertOne) ClearTotpEnabledAt() *UserUpsertOne {
 	})
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (u *UserUpsertOne) SetSoraStorageQuotaBytes(v int64) *UserUpsertOne {
 	return u.Update(func(s *UserUpsert) {
 		s.SetSoraStorageQuotaBytes(v)
 	})
 }
 // AddSoraStorageQuotaBytes adds v to the "sora_storage_quota_bytes" field.
 func (u *UserUpsertOne) AddSoraStorageQuotaBytes(v int64) *UserUpsertOne {
 	return u.Update(func(s *UserUpsert) {
 		s.AddSoraStorageQuotaBytes(v)
 	})
 }
 // UpdateSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field to the value that was provided on create.
 func (u *UserUpsertOne) UpdateSoraStorageQuotaBytes() *UserUpsertOne {
 	return u.Update(func(s *UserUpsert) {
 		s.UpdateSoraStorageQuotaBytes()
 	})
 }
 // SetSoraStorageUsedBytes sets the "sora_storage_used_bytes" field.
 func (u *UserUpsertOne) SetSoraStorageUsedBytes(v int64) *UserUpsertOne {
 	return u.Update(func(s *UserUpsert) {
 		s.SetSoraStorageUsedBytes(v)
 	})
 }
 // AddSoraStorageUsedBytes adds v to the "sora_storage_used_bytes" field.
 func (u *UserUpsertOne) AddSoraStorageUsedBytes(v int64) *UserUpsertOne {
 	return u.Update(func(s *UserUpsert) {
 		s.AddSoraStorageUsedBytes(v)
 	})
 }
 // UpdateSoraStorageUsedBytes sets the "sora_storage_used_bytes" field to the value that was provided on create.
 func (u *UserUpsertOne) UpdateSoraStorageUsedBytes() *UserUpsertOne {
 	return u.Update(func(s *UserUpsert) {
 		s.UpdateSoraStorageUsedBytes()
 	})
 }
 // Exec executes the query.
 func (u *UserUpsertOne) Exec(ctx context.Context) error {
 	if len(u.create.conflict) == 0 {
@ -1774,48 +1646,6 @@ func (u *UserUpsertBulk) ClearTotpEnabledAt() *UserUpsertBulk {
 	})
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (u *UserUpsertBulk) SetSoraStorageQuotaBytes(v int64) *UserUpsertBulk {
 	return u.Update(func(s *UserUpsert) {
 		s.SetSoraStorageQuotaBytes(v)
 	})
 }
 // AddSoraStorageQuotaBytes adds v to the "sora_storage_quota_bytes" field.
 func (u *UserUpsertBulk) AddSoraStorageQuotaBytes(v int64) *UserUpsertBulk {
 	return u.Update(func(s *UserUpsert) {
 		s.AddSoraStorageQuotaBytes(v)
 	})
 }
 // UpdateSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field to the value that was provided on create.
 func (u *UserUpsertBulk) UpdateSoraStorageQuotaBytes() *UserUpsertBulk {
 	return u.Update(func(s *UserUpsert) {
 		s.UpdateSoraStorageQuotaBytes()
 	})
 }
 // SetSoraStorageUsedBytes sets the "sora_storage_used_bytes" field.
 func (u *UserUpsertBulk) SetSoraStorageUsedBytes(v int64) *UserUpsertBulk {
 	return u.Update(func(s *UserUpsert) {
 		s.SetSoraStorageUsedBytes(v)
 	})
 }
 // AddSoraStorageUsedBytes adds v to the "sora_storage_used_bytes" field.
 func (u *UserUpsertBulk) AddSoraStorageUsedBytes(v int64) *UserUpsertBulk {
 	return u.Update(func(s *UserUpsert) {
 		s.AddSoraStorageUsedBytes(v)
 	})
 }
 // UpdateSoraStorageUsedBytes sets the "sora_storage_used_bytes" field to the value that was provided on create.
 func (u *UserUpsertBulk) UpdateSoraStorageUsedBytes() *UserUpsertBulk {
 	return u.Update(func(s *UserUpsert) {
 		s.UpdateSoraStorageUsedBytes()
 	})
 }
 // Exec executes the query.
 func (u *UserUpsertBulk) Exec(ctx context.Context) error {
 	if u.create.err != nil {
--- a/backend/ent/user_update.go
+++ b/backend/ent/user_update.go
@ -242,48 +242,6 @@ func (_u *UserUpdate) ClearTotpEnabledAt() *UserUpdate {
 	return _u
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (_u *UserUpdate) SetSoraStorageQuotaBytes(v int64) *UserUpdate {
 	_u.mutation.ResetSoraStorageQuotaBytes()
 	_u.mutation.SetSoraStorageQuotaBytes(v)
 	return _u
 }
 // SetNillableSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field if the given value is not nil.
 func (_u *UserUpdate) SetNillableSoraStorageQuotaBytes(v *int64) *UserUpdate {
 	if v != nil {
 		_u.SetSoraStorageQuotaBytes(*v)
 	}
 	return _u
 }
 // AddSoraStorageQuotaBytes adds value to the "sora_storage_quota_bytes" field.
 func (_u *UserUpdate) AddSoraStorageQuotaBytes(v int64) *UserUpdate {
 	_u.mutation.AddSoraStorageQuotaBytes(v)
 	return _u
 }
 // SetSoraStorageUsedBytes sets the "sora_storage_used_bytes" field.
 func (_u *UserUpdate) SetSoraStorageUsedBytes(v int64) *UserUpdate {
 	_u.mutation.ResetSoraStorageUsedBytes()
 	_u.mutation.SetSoraStorageUsedBytes(v)
 	return _u
 }
 // SetNillableSoraStorageUsedBytes sets the "sora_storage_used_bytes" field if the given value is not nil.
 func (_u *UserUpdate) SetNillableSoraStorageUsedBytes(v *int64) *UserUpdate {
 	if v != nil {
 		_u.SetSoraStorageUsedBytes(*v)
 	}
 	return _u
 }
 // AddSoraStorageUsedBytes adds value to the "sora_storage_used_bytes" field.
 func (_u *UserUpdate) AddSoraStorageUsedBytes(v int64) *UserUpdate {
 	_u.mutation.AddSoraStorageUsedBytes(v)
 	return _u
 }
 // AddAPIKeyIDs adds the "api_keys" edge to the APIKey entity by IDs.
 func (_u *UserUpdate) AddAPIKeyIDs(ids ...int64) *UserUpdate {
 	_u.mutation.AddAPIKeyIDs(ids...)
@ -751,18 +709,6 @@ func (_u *UserUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if _u.mutation.TotpEnabledAtCleared() {
 		_spec.ClearField(user.FieldTotpEnabledAt, field.TypeTime)
 	}
 	if value, ok := _u.mutation.SoraStorageQuotaBytes(); ok {
 		_spec.SetField(user.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraStorageQuotaBytes(); ok {
 		_spec.AddField(user.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.SoraStorageUsedBytes(); ok {
 		_spec.SetField(user.FieldSoraStorageUsedBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraStorageUsedBytes(); ok {
 		_spec.AddField(user.FieldSoraStorageUsedBytes, field.TypeInt64, value)
 	}
 	if _u.mutation.APIKeysCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
@ -1406,48 +1352,6 @@ func (_u *UserUpdateOne) ClearTotpEnabledAt() *UserUpdateOne {
 	return _u
 }
 // SetSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field.
 func (_u *UserUpdateOne) SetSoraStorageQuotaBytes(v int64) *UserUpdateOne {
 	_u.mutation.ResetSoraStorageQuotaBytes()
 	_u.mutation.SetSoraStorageQuotaBytes(v)
 	return _u
 }
 // SetNillableSoraStorageQuotaBytes sets the "sora_storage_quota_bytes" field if the given value is not nil.
 func (_u *UserUpdateOne) SetNillableSoraStorageQuotaBytes(v *int64) *UserUpdateOne {
 	if v != nil {
 		_u.SetSoraStorageQuotaBytes(*v)
 	}
 	return _u
 }
 // AddSoraStorageQuotaBytes adds value to the "sora_storage_quota_bytes" field.
 func (_u *UserUpdateOne) AddSoraStorageQuotaBytes(v int64) *UserUpdateOne {
 	_u.mutation.AddSoraStorageQuotaBytes(v)
 	return _u
 }
 // SetSoraStorageUsedBytes sets the "sora_storage_used_bytes" field.
 func (_u *UserUpdateOne) SetSoraStorageUsedBytes(v int64) *UserUpdateOne {
 	_u.mutation.ResetSoraStorageUsedBytes()
 	_u.mutation.SetSoraStorageUsedBytes(v)
 	return _u
 }
 // SetNillableSoraStorageUsedBytes sets the "sora_storage_used_bytes" field if the given value is not nil.
 func (_u *UserUpdateOne) SetNillableSoraStorageUsedBytes(v *int64) *UserUpdateOne {
 	if v != nil {
 		_u.SetSoraStorageUsedBytes(*v)
 	}
 	return _u
 }
 // AddSoraStorageUsedBytes adds value to the "sora_storage_used_bytes" field.
 func (_u *UserUpdateOne) AddSoraStorageUsedBytes(v int64) *UserUpdateOne {
 	_u.mutation.AddSoraStorageUsedBytes(v)
 	return _u
 }
 // AddAPIKeyIDs adds the "api_keys" edge to the APIKey entity by IDs.
 func (_u *UserUpdateOne) AddAPIKeyIDs(ids ...int64) *UserUpdateOne {
 	_u.mutation.AddAPIKeyIDs(ids...)
@ -1945,18 +1849,6 @@ func (_u *UserUpdateOne) sqlSave(ctx context.Context) (_node *User, err error) {
 	if _u.mutation.TotpEnabledAtCleared() {
 		_spec.ClearField(user.FieldTotpEnabledAt, field.TypeTime)
 	}
 	if value, ok := _u.mutation.SoraStorageQuotaBytes(); ok {
 		_spec.SetField(user.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraStorageQuotaBytes(); ok {
 		_spec.AddField(user.FieldSoraStorageQuotaBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.SoraStorageUsedBytes(); ok {
 		_spec.SetField(user.FieldSoraStorageUsedBytes, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraStorageUsedBytes(); ok {
 		_spec.AddField(user.FieldSoraStorageUsedBytes, field.TypeInt64, value)
 	}
 	if _u.mutation.APIKeysCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
--- a/backend/internal/config/config.go
+++ b/backend/internal/config/config.go
@ -77,7 +77,6 @@ type Config struct {
 	UsageCleanup            UsageCleanupConfig            `mapstructure:"usage_cleanup"`
 	Concurrency             ConcurrencyConfig             `mapstructure:"concurrency"`
 	TokenRefresh            TokenRefreshConfig            `mapstructure:"token_refresh"`
 	Sora                    SoraConfig                    `mapstructure:"sora"`
 	RunMode                 string                        `mapstructure:"run_mode" yaml:"run_mode"`
 	Timezone                string                        `mapstructure:"timezone"` // e.g. "Asia/Shanghai", "UTC"
 	Gemini                  GeminiConfig                  `mapstructure:"gemini"`
@ -197,8 +196,6 @@ type TokenRefreshConfig struct {
 	MaxRetries int `mapstructure:"max_retries"`
 	// 重试退避基础时间（秒）
 	RetryBackoffSeconds int `mapstructure:"retry_backoff_seconds"`
 	// 是否允许 OpenAI 刷新器同步覆盖关联的 Sora 账号 token（默认关闭）
 	SyncLinkedSoraAccounts bool `mapstructure:"sync_linked_sora_accounts"`
 }
 type PricingConfig struct {
@ -303,59 +300,6 @@ type ConcurrencyConfig struct {
 	PingInterval int `mapstructure:"ping_interval"`
 }
 // SoraConfig 直连 Sora 配置
 type SoraConfig struct {
 	Client  SoraClientConfig  `mapstructure:"client"`
 	Storage SoraStorageConfig `mapstructure:"storage"`
 }
 // SoraClientConfig 直连 Sora 客户端配置
 type SoraClientConfig struct {
 	BaseURL                            string                    `mapstructure:"base_url"`
 	TimeoutSeconds                     int                       `mapstructure:"timeout_seconds"`
 	MaxRetries                         int                       `mapstructure:"max_retries"`
 	CloudflareChallengeCooldownSeconds int                       `mapstructure:"cloudflare_challenge_cooldown_seconds"`
 	PollIntervalSeconds                int                       `mapstructure:"poll_interval_seconds"`
 	MaxPollAttempts                    int                       `mapstructure:"max_poll_attempts"`
 	RecentTaskLimit                    int                       `mapstructure:"recent_task_limit"`
 	RecentTaskLimitMax                 int                       `mapstructure:"recent_task_limit_max"`
 	Debug                              bool                      `mapstructure:"debug"`
 	UseOpenAITokenProvider             bool                      `mapstructure:"use_openai_token_provider"`
 	Headers                            map[string]string         `mapstructure:"headers"`
 	UserAgent                          string                    `mapstructure:"user_agent"`
 	DisableTLSFingerprint              bool                      `mapstructure:"disable_tls_fingerprint"`
 	CurlCFFISidecar                    SoraCurlCFFISidecarConfig `mapstructure:"curl_cffi_sidecar"`
 }
 // SoraCurlCFFISidecarConfig Sora 专用 curl_cffi sidecar 配置
 type SoraCurlCFFISidecarConfig struct {
 	Enabled             bool   `mapstructure:"enabled"`
 	BaseURL             string `mapstructure:"base_url"`
 	Impersonate         string `mapstructure:"impersonate"`
 	TimeoutSeconds      int    `mapstructure:"timeout_seconds"`
 	SessionReuseEnabled bool   `mapstructure:"session_reuse_enabled"`
 	SessionTTLSeconds   int    `mapstructure:"session_ttl_seconds"`
 }
 // SoraStorageConfig 媒体存储配置
 type SoraStorageConfig struct {
 	Type                   string                   `mapstructure:"type"`
 	LocalPath              string                   `mapstructure:"local_path"`
 	FallbackToUpstream     bool                     `mapstructure:"fallback_to_upstream"`
 	MaxConcurrentDownloads int                      `mapstructure:"max_concurrent_downloads"`
 	DownloadTimeoutSeconds int                      `mapstructure:"download_timeout_seconds"`
 	MaxDownloadBytes       int64                    `mapstructure:"max_download_bytes"`
 	Debug                  bool                     `mapstructure:"debug"`
 	Cleanup                SoraStorageCleanupConfig `mapstructure:"cleanup"`
 }
 // SoraStorageCleanupConfig 媒体清理配置
 type SoraStorageCleanupConfig struct {
 	Enabled       bool   `mapstructure:"enabled"`
 	Schedule      string `mapstructure:"schedule"`
 	RetentionDays int    `mapstructure:"retention_days"`
 }
 // GatewayConfig API网关相关配置
 type GatewayConfig struct {
 	// 等待上游响应头的超时时间（秒），0表示无超时
@ -428,24 +372,6 @@ type GatewayConfig struct {
 	// 是否允许对部分 400 错误触发 failover（默认关闭以避免改变语义）
 	FailoverOn400 bool `mapstructure:"failover_on_400"`
 	// Sora 专用配置
 	// SoraMaxBodySize: Sora 请求体最大字节数（0 表示使用 gateway.max_body_size）
 	SoraMaxBodySize int64 `mapstructure:"sora_max_body_size"`
 	// SoraStreamTimeoutSeconds: Sora 流式请求总超时（秒，0 表示不限制）
 	SoraStreamTimeoutSeconds int `mapstructure:"sora_stream_timeout_seconds"`
 	// SoraRequestTimeoutSeconds: Sora 非流式请求超时（秒，0 表示不限制）
 	SoraRequestTimeoutSeconds int `mapstructure:"sora_request_timeout_seconds"`
 	// SoraStreamMode: stream 强制策略（force/error）
 	SoraStreamMode string `mapstructure:"sora_stream_mode"`
 	// SoraModelFilters: 模型列表过滤配置
 	SoraModelFilters SoraModelFiltersConfig `mapstructure:"sora_model_filters"`
 	// SoraMediaRequireAPIKey: 是否要求访问 /sora/media 携带 API Key
 	SoraMediaRequireAPIKey bool `mapstructure:"sora_media_require_api_key"`
 	// SoraMediaSigningKey: /sora/media 临时签名密钥（空表示禁用签名）
 	SoraMediaSigningKey string `mapstructure:"sora_media_signing_key"`
 	// SoraMediaSignedURLTTLSeconds: 临时签名 URL 有效期（秒，<=0 表示禁用）
 	SoraMediaSignedURLTTLSeconds int `mapstructure:"sora_media_signed_url_ttl_seconds"`
 	// 账户切换最大次数（遇到上游错误时切换到其他账户的次数上限）
 	MaxAccountSwitches int `mapstructure:"max_account_switches"`
 	// Gemini 账户切换最大次数（Gemini 平台单独配置，因 API 限制更严格）
@ -665,12 +591,6 @@ type GatewayUsageRecordConfig struct {
 	AutoScaleCooldownSeconds int `mapstructure:"auto_scale_cooldown_seconds"`
 }
 // SoraModelFiltersConfig Sora 模型过滤配置
 type SoraModelFiltersConfig struct {
 	// HidePromptEnhance 是否隐藏 prompt-enhance 模型
 	HidePromptEnhance bool `mapstructure:"hide_prompt_enhance"`
 }
 // NodeTLSProxyConfig Node.js TLS 代理配置
 // 通过本地 Node.js 进程转发 HTTPS 请求，利用原生 TLS 栈产生真实 JA3 指纹
 type NodeTLSProxyConfig struct {
@ -1471,13 +1391,6 @@ func setDefaults() {
 	viper.SetDefault("gateway.upstream_response_read_max_bytes", int64(8*1024*1024))
 	viper.SetDefault("gateway.proxy_probe_response_read_max_bytes", int64(1024*1024))
 	viper.SetDefault("gateway.gemini_debug_response_headers", false)
 	viper.SetDefault("gateway.sora_max_body_size", int64(256*1024*1024))
 	viper.SetDefault("gateway.sora_stream_timeout_seconds", 900)
 	viper.SetDefault("gateway.sora_request_timeout_seconds", 180)
 	viper.SetDefault("gateway.sora_stream_mode", "force")
 	viper.SetDefault("gateway.sora_model_filters.hide_prompt_enhance", true)
 	viper.SetDefault("gateway.sora_media_require_api_key", true)
 	viper.SetDefault("gateway.sora_media_signed_url_ttl_seconds", 900)
 	viper.SetDefault("gateway.connection_pool_isolation", ConnectionPoolIsolationAccountProxy)
 	// HTTP 上游连接池配置（针对 5000+ 并发用户优化）
 	viper.SetDefault("gateway.max_idle_conns", 2560)          // 最大空闲连接总数（高并发场景可调大）
@ -1549,45 +1462,12 @@ func setDefaults() {
 	_ = viper.BindEnv("gateway.node_tls_proxy.upstream_host", "GATEWAY_NODE_TLS_PROXY_UPSTREAM_HOST")
 	viper.SetDefault("concurrency.ping_interval", 10)
 	// Sora 直连配置
 	viper.SetDefault("sora.client.base_url", "https://sora.chatgpt.com/backend")
 	viper.SetDefault("sora.client.timeout_seconds", 120)
 	viper.SetDefault("sora.client.max_retries", 3)
 	viper.SetDefault("sora.client.cloudflare_challenge_cooldown_seconds", 900)
 	viper.SetDefault("sora.client.poll_interval_seconds", 2)
 	viper.SetDefault("sora.client.max_poll_attempts", 600)
 	viper.SetDefault("sora.client.recent_task_limit", 50)
 	viper.SetDefault("sora.client.recent_task_limit_max", 200)
 	viper.SetDefault("sora.client.debug", false)
 	viper.SetDefault("sora.client.use_openai_token_provider", false)
 	viper.SetDefault("sora.client.headers", map[string]string{})
 	viper.SetDefault("sora.client.user_agent", "Sora/1.2026.007 (Android 15; 24122RKC7C; build 2600700)")
 	viper.SetDefault("sora.client.disable_tls_fingerprint", false)
 	viper.SetDefault("sora.client.curl_cffi_sidecar.enabled", true)
 	viper.SetDefault("sora.client.curl_cffi_sidecar.base_url", "http://sora-curl-cffi-sidecar:8080")
 	viper.SetDefault("sora.client.curl_cffi_sidecar.impersonate", "chrome131")
 	viper.SetDefault("sora.client.curl_cffi_sidecar.timeout_seconds", 60)
 	viper.SetDefault("sora.client.curl_cffi_sidecar.session_reuse_enabled", true)
 	viper.SetDefault("sora.client.curl_cffi_sidecar.session_ttl_seconds", 3600)
 	viper.SetDefault("sora.storage.type", "local")
 	viper.SetDefault("sora.storage.local_path", "")
 	viper.SetDefault("sora.storage.fallback_to_upstream", true)
 	viper.SetDefault("sora.storage.max_concurrent_downloads", 4)
 	viper.SetDefault("sora.storage.download_timeout_seconds", 120)
 	viper.SetDefault("sora.storage.max_download_bytes", int64(200<<20))
 	viper.SetDefault("sora.storage.debug", false)
 	viper.SetDefault("sora.storage.cleanup.enabled", true)
 	viper.SetDefault("sora.storage.cleanup.retention_days", 7)
 	viper.SetDefault("sora.storage.cleanup.schedule", "0 3 * * *")
 	// TokenRefresh
 	viper.SetDefault("token_refresh.enabled", true)
 	viper.SetDefault("token_refresh.check_interval_minutes", 5)        // 每5分钟检查一次
 	viper.SetDefault("token_refresh.refresh_before_expiry_hours", 0.5) // 提前30分钟刷新（适配Google 1小时token）
 	viper.SetDefault("token_refresh.max_retries", 3)                   // 最多重试3次
 	viper.SetDefault("token_refresh.retry_backoff_seconds", 2)         // 重试退避基础2秒
 	viper.SetDefault("token_refresh.sync_linked_sora_accounts", false) // 默认不跨平台覆盖 Sora token
 	// Gemini OAuth - configure via environment variables or config file
 	// GEMINI_OAUTH_CLIENT_ID and GEMINI_OAUTH_CLIENT_SECRET
@ -1963,86 +1843,6 @@ func (c *Config) Validate() error {
 	if c.Gateway.ProxyProbeResponseReadMaxBytes <= 0 {
 		return fmt.Errorf("gateway.proxy_probe_response_read_max_bytes must be positive")
 	}
 	if c.Gateway.SoraMaxBodySize < 0 {
 		return fmt.Errorf("gateway.sora_max_body_size must be non-negative")
 	}
 	if c.Gateway.SoraStreamTimeoutSeconds < 0 {
 		return fmt.Errorf("gateway.sora_stream_timeout_seconds must be non-negative")
 	}
 	if c.Gateway.SoraRequestTimeoutSeconds < 0 {
 		return fmt.Errorf("gateway.sora_request_timeout_seconds must be non-negative")
 	}
 	if c.Gateway.SoraMediaSignedURLTTLSeconds < 0 {
 		return fmt.Errorf("gateway.sora_media_signed_url_ttl_seconds must be non-negative")
 	}
 	if mode := strings.TrimSpace(strings.ToLower(c.Gateway.SoraStreamMode)); mode != "" {
 		switch mode {
 		case "force", "error":
 		default:
 			return fmt.Errorf("gateway.sora_stream_mode must be one of: force/error")
 		}
 	}
 	if c.Sora.Client.TimeoutSeconds < 0 {
 		return fmt.Errorf("sora.client.timeout_seconds must be non-negative")
 	}
 	if c.Sora.Client.MaxRetries < 0 {
 		return fmt.Errorf("sora.client.max_retries must be non-negative")
 	}
 	if c.Sora.Client.CloudflareChallengeCooldownSeconds < 0 {
 		return fmt.Errorf("sora.client.cloudflare_challenge_cooldown_seconds must be non-negative")
 	}
 	if c.Sora.Client.PollIntervalSeconds < 0 {
 		return fmt.Errorf("sora.client.poll_interval_seconds must be non-negative")
 	}
 	if c.Sora.Client.MaxPollAttempts < 0 {
 		return fmt.Errorf("sora.client.max_poll_attempts must be non-negative")
 	}
 	if c.Sora.Client.RecentTaskLimit < 0 {
 		return fmt.Errorf("sora.client.recent_task_limit must be non-negative")
 	}
 	if c.Sora.Client.RecentTaskLimitMax < 0 {
 		return fmt.Errorf("sora.client.recent_task_limit_max must be non-negative")
 	}
 	if c.Sora.Client.RecentTaskLimitMax > 0 && c.Sora.Client.RecentTaskLimit > 0 &&
 		c.Sora.Client.RecentTaskLimitMax < c.Sora.Client.RecentTaskLimit {
 		c.Sora.Client.RecentTaskLimitMax = c.Sora.Client.RecentTaskLimit
 	}
 	if c.Sora.Client.CurlCFFISidecar.TimeoutSeconds < 0 {
 		return fmt.Errorf("sora.client.curl_cffi_sidecar.timeout_seconds must be non-negative")
 	}
 	if c.Sora.Client.CurlCFFISidecar.SessionTTLSeconds < 0 {
 		return fmt.Errorf("sora.client.curl_cffi_sidecar.session_ttl_seconds must be non-negative")
 	}
 	if !c.Sora.Client.CurlCFFISidecar.Enabled {
 		return fmt.Errorf("sora.client.curl_cffi_sidecar.enabled must be true")
 	}
 	if strings.TrimSpace(c.Sora.Client.CurlCFFISidecar.BaseURL) == "" {
 		return fmt.Errorf("sora.client.curl_cffi_sidecar.base_url is required")
 	}
 	if c.Sora.Storage.MaxConcurrentDownloads < 0 {
 		return fmt.Errorf("sora.storage.max_concurrent_downloads must be non-negative")
 	}
 	if c.Sora.Storage.DownloadTimeoutSeconds < 0 {
 		return fmt.Errorf("sora.storage.download_timeout_seconds must be non-negative")
 	}
 	if c.Sora.Storage.MaxDownloadBytes < 0 {
 		return fmt.Errorf("sora.storage.max_download_bytes must be non-negative")
 	}
 	if c.Sora.Storage.Cleanup.Enabled {
 		if c.Sora.Storage.Cleanup.RetentionDays <= 0 {
 			return fmt.Errorf("sora.storage.cleanup.retention_days must be positive")
 		}
 		if strings.TrimSpace(c.Sora.Storage.Cleanup.Schedule) == "" {
 			return fmt.Errorf("sora.storage.cleanup.schedule is required when cleanup is enabled")
 		}
 	} else {
 		if c.Sora.Storage.Cleanup.RetentionDays < 0 {
 			return fmt.Errorf("sora.storage.cleanup.retention_days must be non-negative")
 		}
 	}
 	if storageType := strings.TrimSpace(strings.ToLower(c.Sora.Storage.Type)); storageType != "" && storageType != "local" {
 		return fmt.Errorf("sora.storage.type must be 'local'")
 	}
 	if strings.TrimSpace(c.Gateway.ConnectionPoolIsolation) != "" {
 		switch c.Gateway.ConnectionPoolIsolation {
 		case ConnectionPoolIsolationProxy, ConnectionPoolIsolationAccount, ConnectionPoolIsolationAccountProxy:
--- a/backend/internal/config/config_test.go
+++ b/backend/internal/config/config_test.go
@ -1554,94 +1554,6 @@ func TestValidateConfig_LogRequiredAndRotationBounds(t *testing.T) {
 	}
 }
 func TestSoraCurlCFFISidecarDefaults(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	if !cfg.Sora.Client.CurlCFFISidecar.Enabled {
 		t.Fatalf("Sora curl_cffi sidecar should be enabled by default")
 	}
 	if cfg.Sora.Client.CloudflareChallengeCooldownSeconds <= 0 {
 		t.Fatalf("Sora cloudflare challenge cooldown should be positive by default")
 	}
 	if cfg.Sora.Client.CurlCFFISidecar.BaseURL == "" {
 		t.Fatalf("Sora curl_cffi sidecar base_url should not be empty by default")
 	}
 	if cfg.Sora.Client.CurlCFFISidecar.Impersonate == "" {
 		t.Fatalf("Sora curl_cffi sidecar impersonate should not be empty by default")
 	}
 	if !cfg.Sora.Client.CurlCFFISidecar.SessionReuseEnabled {
 		t.Fatalf("Sora curl_cffi sidecar session reuse should be enabled by default")
 	}
 	if cfg.Sora.Client.CurlCFFISidecar.SessionTTLSeconds <= 0 {
 		t.Fatalf("Sora curl_cffi sidecar session ttl should be positive by default")
 	}
 }
 func TestValidateSoraCurlCFFISidecarRequired(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Sora.Client.CurlCFFISidecar.Enabled = false
 	err = cfg.Validate()
 	if err == nil || !strings.Contains(err.Error(), "sora.client.curl_cffi_sidecar.enabled must be true") {
 		t.Fatalf("Validate() error = %v, want sidecar enabled error", err)
 	}
 }
 func TestValidateSoraCurlCFFISidecarBaseURLRequired(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Sora.Client.CurlCFFISidecar.BaseURL = "   "
 	err = cfg.Validate()
 	if err == nil || !strings.Contains(err.Error(), "sora.client.curl_cffi_sidecar.base_url is required") {
 		t.Fatalf("Validate() error = %v, want sidecar base_url required error", err)
 	}
 }
 func TestValidateSoraCurlCFFISidecarSessionTTLNonNegative(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Sora.Client.CurlCFFISidecar.SessionTTLSeconds = -1
 	err = cfg.Validate()
 	if err == nil || !strings.Contains(err.Error(), "sora.client.curl_cffi_sidecar.session_ttl_seconds must be non-negative") {
 		t.Fatalf("Validate() error = %v, want sidecar session ttl error", err)
 	}
 }
 func TestValidateSoraCloudflareChallengeCooldownNonNegative(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Sora.Client.CloudflareChallengeCooldownSeconds = -1
 	err = cfg.Validate()
 	if err == nil || !strings.Contains(err.Error(), "sora.client.cloudflare_challenge_cooldown_seconds must be non-negative") {
 		t.Fatalf("Validate() error = %v, want cloudflare cooldown error", err)
 	}
 }
 func TestLoad_DefaultGatewayUsageRecordConfig(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
--- a/backend/internal/domain/constants.go
+++ b/backend/internal/domain/constants.go
@ -22,7 +22,6 @@ const (
 	PlatformOpenAI      = "openai"
 	PlatformGemini      = "gemini"
 	PlatformAntigravity = "antigravity"
 	PlatformSora        = "sora"
 )
 // Account type constants
--- a/backend/internal/handler/admin/account_data.go
+++ b/backend/internal/handler/admin/account_data.go
@ -567,15 +567,15 @@ func defaultProxyName(name string) string {
 // enrichCredentialsFromIDToken performs best-effort extraction of user info fields
 // (email, plan_type, chatgpt_account_id, etc.) from id_token in credentials.
-// Only applies to OpenAI/Sora OAuth accounts. Skips expired token errors silently.
+// Only applies to OpenAI OAuth accounts. Skips expired token errors silently.
 // Existing credential values are never overwritten — only missing fields are filled.
 func enrichCredentialsFromIDToken(item *DataAccount) {
 	if item.Credentials == nil {
 		return
 	}
-	// Only enrich OpenAI/Sora OAuth accounts
+	// Only enrich OpenAI OAuth accounts
 	platform := strings.ToLower(strings.TrimSpace(item.Platform))
-	if platform != service.PlatformOpenAI && platform != service.PlatformSora {
+	if platform != service.PlatformOpenAI {
 		return
 	}
 	if strings.ToLower(strings.TrimSpace(item.Type)) != service.AccountTypeOAuth {
--- a/backend/internal/handler/admin/account_handler.go
+++ b/backend/internal/handler/admin/account_handler.go
@ -839,6 +839,7 @@ func (h *AccountHandler) refreshSingleAccount(ctx context.Context, account *serv
 			if updateErr != nil {
 				return nil, "", fmt.Errorf("failed to update credentials: %w", updateErr)
 			}
 			h.adminService.EnsureAntigravityPrivacy(ctx, updatedAccount)
 			return updatedAccount, "missing_project_id_temporary", nil
 		}
@ -1886,12 +1887,6 @@ func (h *AccountHandler) GetAvailableModels(c *gin.Context) {
 		return
 	}
 	// Handle Sora accounts
 	if account.Platform == service.PlatformSora {
 		response.Success(c, service.DefaultSoraModels(nil))
 		return
 	}
 	// Handle Claude/Anthropic accounts
 	// For OAuth and Setup-Token accounts: return default models
 	if account.IsOAuth() {
--- a/backend/internal/handler/admin/admin_service_stub_test.go
+++ b/backend/internal/handler/admin/admin_service_stub_test.go
@ -380,7 +380,6 @@ func (s *stubAdminService) CheckProxyQuality(ctx context.Context, id int64) (*se
 			{Target: "openai", Status: "pass", HTTPStatus: 401},
 			{Target: "anthropic", Status: "pass", HTTPStatus: 401},
 			{Target: "gemini", Status: "pass", HTTPStatus: 200},
 			{Target: "sora", Status: "pass", HTTPStatus: 401},
 		},
 	}, nil
 }
--- a/backend/internal/handler/admin/channel_handler.go
+++ b/backend/internal/handler/admin/channel_handler.go
@ -0,0 +1,452 @@
 package admin
 import (
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
 	infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/pagination"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/response"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/gin-gonic/gin"
 )
 // ChannelHandler handles admin channel management
 type ChannelHandler struct {
 	channelService *service.ChannelService
 	billingService *service.BillingService
 }
 // NewChannelHandler creates a new admin channel handler
 func NewChannelHandler(channelService *service.ChannelService, billingService *service.BillingService) *ChannelHandler {
 	return &ChannelHandler{channelService: channelService, billingService: billingService}
 }
 // --- Request / Response types ---
 type createChannelRequest struct {
 	Name               string                       `json:"name" binding:"required,max=100"`
 	Description        string                       `json:"description"`
 	GroupIDs           []int64                      `json:"group_ids"`
 	ModelPricing       []channelModelPricingRequest `json:"model_pricing"`
 	ModelMapping       map[string]map[string]string `json:"model_mapping"`
 	BillingModelSource string                       `json:"billing_model_source" binding:"omitempty,oneof=requested upstream channel_mapped"`
 	RestrictModels     bool                         `json:"restrict_models"`
 }
 type updateChannelRequest struct {
 	Name               string                        `json:"name" binding:"omitempty,max=100"`
 	Description        *string                       `json:"description"`
 	Status             string                        `json:"status" binding:"omitempty,oneof=active disabled"`
 	GroupIDs           *[]int64                      `json:"group_ids"`
 	ModelPricing       *[]channelModelPricingRequest `json:"model_pricing"`
 	ModelMapping       map[string]map[string]string  `json:"model_mapping"`
 	BillingModelSource string                        `json:"billing_model_source" binding:"omitempty,oneof=requested upstream channel_mapped"`
 	RestrictModels     *bool                         `json:"restrict_models"`
 }
 type channelModelPricingRequest struct {
 	Platform         string                   `json:"platform" binding:"omitempty,max=50"`
 	Models           []string                 `json:"models" binding:"required,min=1,max=100"`
 	BillingMode      string                   `json:"billing_mode" binding:"omitempty,oneof=token per_request image"`
 	InputPrice       *float64                 `json:"input_price" binding:"omitempty,min=0"`
 	OutputPrice      *float64                 `json:"output_price" binding:"omitempty,min=0"`
 	CacheWritePrice  *float64                 `json:"cache_write_price" binding:"omitempty,min=0"`
 	CacheReadPrice   *float64                 `json:"cache_read_price" binding:"omitempty,min=0"`
 	ImageOutputPrice *float64                 `json:"image_output_price" binding:"omitempty,min=0"`
 	PerRequestPrice  *float64                 `json:"per_request_price" binding:"omitempty,min=0"`
 	Intervals        []pricingIntervalRequest `json:"intervals"`
 }
 type pricingIntervalRequest struct {
 	MinTokens       int      `json:"min_tokens"`
 	MaxTokens       *int     `json:"max_tokens"`
 	TierLabel       string   `json:"tier_label"`
 	InputPrice      *float64 `json:"input_price"`
 	OutputPrice     *float64 `json:"output_price"`
 	CacheWritePrice *float64 `json:"cache_write_price"`
 	CacheReadPrice  *float64 `json:"cache_read_price"`
 	PerRequestPrice *float64 `json:"per_request_price"`
 	SortOrder       int      `json:"sort_order"`
 }
 type channelResponse struct {
 	ID                 int64                         `json:"id"`
 	Name               string                        `json:"name"`
 	Description        string                        `json:"description"`
 	Status             string                        `json:"status"`
 	BillingModelSource string                        `json:"billing_model_source"`
 	RestrictModels     bool                          `json:"restrict_models"`
 	GroupIDs           []int64                       `json:"group_ids"`
 	ModelPricing       []channelModelPricingResponse `json:"model_pricing"`
 	ModelMapping       map[string]map[string]string  `json:"model_mapping"`
 	CreatedAt          string                        `json:"created_at"`
 	UpdatedAt          string                        `json:"updated_at"`
 }
 type channelModelPricingResponse struct {
 	ID               int64                     `json:"id"`
 	Platform         string                    `json:"platform"`
 	Models           []string                  `json:"models"`
 	BillingMode      string                    `json:"billing_mode"`
 	InputPrice       *float64                  `json:"input_price"`
 	OutputPrice      *float64                  `json:"output_price"`
 	CacheWritePrice  *float64                  `json:"cache_write_price"`
 	CacheReadPrice   *float64                  `json:"cache_read_price"`
 	ImageOutputPrice *float64                  `json:"image_output_price"`
 	PerRequestPrice  *float64                  `json:"per_request_price"`
 	Intervals        []pricingIntervalResponse `json:"intervals"`
 }
 type pricingIntervalResponse struct {
 	ID              int64    `json:"id"`
 	MinTokens       int      `json:"min_tokens"`
 	MaxTokens       *int     `json:"max_tokens"`
 	TierLabel       string   `json:"tier_label,omitempty"`
 	InputPrice      *float64 `json:"input_price"`
 	OutputPrice     *float64 `json:"output_price"`
 	CacheWritePrice *float64 `json:"cache_write_price"`
 	CacheReadPrice  *float64 `json:"cache_read_price"`
 	PerRequestPrice *float64 `json:"per_request_price"`
 	SortOrder       int      `json:"sort_order"`
 }
 func channelToResponse(ch *service.Channel) *channelResponse {
 	if ch == nil {
 		return nil
 	}
 	resp := &channelResponse{
 		ID:             ch.ID,
 		Name:           ch.Name,
 		Description:    ch.Description,
 		Status:         ch.Status,
 		RestrictModels: ch.RestrictModels,
 		GroupIDs:       ch.GroupIDs,
 		ModelMapping:   ch.ModelMapping,
 		CreatedAt:      ch.CreatedAt.Format("2006-01-02T15:04:05Z"),
 		UpdatedAt:      ch.UpdatedAt.Format("2006-01-02T15:04:05Z"),
 	}
 	resp.BillingModelSource = ch.BillingModelSource
 	if resp.BillingModelSource == "" {
 		resp.BillingModelSource = service.BillingModelSourceChannelMapped
 	}
 	if resp.GroupIDs == nil {
 		resp.GroupIDs = []int64{}
 	}
 	if resp.ModelMapping == nil {
 		resp.ModelMapping = map[string]map[string]string{}
 	}
 	resp.ModelPricing = make([]channelModelPricingResponse, 0, len(ch.ModelPricing))
 	for _, p := range ch.ModelPricing {
 		resp.ModelPricing = append(resp.ModelPricing, pricingToResponse(&p))
 	}
 	return resp
 }
 func pricingToResponse(p *service.ChannelModelPricing) channelModelPricingResponse {
 	models := p.Models
 	if models == nil {
 		models = []string{}
 	}
 	billingMode := string(p.BillingMode)
 	if billingMode == "" {
 		billingMode = string(service.BillingModeToken)
 	}
 	platform := p.Platform
 	if platform == "" {
 		platform = service.PlatformAnthropic
 	}
 	intervals := make([]pricingIntervalResponse, 0, len(p.Intervals))
 	for _, iv := range p.Intervals {
 		intervals = append(intervals, intervalToResponse(iv))
 	}
 	return channelModelPricingResponse{
 		ID:               p.ID,
 		Platform:         platform,
 		Models:           models,
 		BillingMode:      billingMode,
 		InputPrice:       p.InputPrice,
 		OutputPrice:      p.OutputPrice,
 		CacheWritePrice:  p.CacheWritePrice,
 		CacheReadPrice:   p.CacheReadPrice,
 		ImageOutputPrice: p.ImageOutputPrice,
 		PerRequestPrice:  p.PerRequestPrice,
 		Intervals:        intervals,
 	}
 }
 func intervalToResponse(iv service.PricingInterval) pricingIntervalResponse {
 	return pricingIntervalResponse{
 		ID:              iv.ID,
 		MinTokens:       iv.MinTokens,
 		MaxTokens:       iv.MaxTokens,
 		TierLabel:       iv.TierLabel,
 		InputPrice:      iv.InputPrice,
 		OutputPrice:     iv.OutputPrice,
 		CacheWritePrice: iv.CacheWritePrice,
 		CacheReadPrice:  iv.CacheReadPrice,
 		PerRequestPrice: iv.PerRequestPrice,
 		SortOrder:       iv.SortOrder,
 	}
 }
 func pricingRequestToService(reqs []channelModelPricingRequest) []service.ChannelModelPricing {
 	result := make([]service.ChannelModelPricing, 0, len(reqs))
 	for _, r := range reqs {
 		billingMode := service.BillingMode(r.BillingMode)
 		if billingMode == "" {
 			billingMode = service.BillingModeToken
 		}
 		platform := r.Platform
 		if platform == "" {
 			platform = service.PlatformAnthropic
 		}
 		intervals := make([]service.PricingInterval, 0, len(r.Intervals))
 		for _, iv := range r.Intervals {
 			intervals = append(intervals, service.PricingInterval{
 				MinTokens:       iv.MinTokens,
 				MaxTokens:       iv.MaxTokens,
 				TierLabel:       iv.TierLabel,
 				InputPrice:      iv.InputPrice,
 				OutputPrice:     iv.OutputPrice,
 				CacheWritePrice: iv.CacheWritePrice,
 				CacheReadPrice:  iv.CacheReadPrice,
 				PerRequestPrice: iv.PerRequestPrice,
 				SortOrder:       iv.SortOrder,
 			})
 		}
 		result = append(result, service.ChannelModelPricing{
 			Platform:         platform,
 			Models:           r.Models,
 			BillingMode:      billingMode,
 			InputPrice:       r.InputPrice,
 			OutputPrice:      r.OutputPrice,
 			CacheWritePrice:  r.CacheWritePrice,
 			CacheReadPrice:   r.CacheReadPrice,
 			ImageOutputPrice: r.ImageOutputPrice,
 			PerRequestPrice:  r.PerRequestPrice,
 			Intervals:        intervals,
 		})
 	}
 	return result
 }
 // validatePricingBillingMode 校验计费配置
 func validatePricingBillingMode(pricing []service.ChannelModelPricing) error {
 	for _, p := range pricing {
 		// 按次/图片模式必须配置默认价格或区间
 		if p.BillingMode == service.BillingModePerRequest || p.BillingMode == service.BillingModeImage {
 			if p.PerRequestPrice == nil && len(p.Intervals) == 0 {
 				return errors.New("per-request price or intervals required for per_request/image billing mode")
 			}
 		}
 		// 校验价格不能为负
 		if err := validatePriceNotNegative("input_price", p.InputPrice); err != nil {
 			return err
 		}
 		if err := validatePriceNotNegative("output_price", p.OutputPrice); err != nil {
 			return err
 		}
 		if err := validatePriceNotNegative("cache_write_price", p.CacheWritePrice); err != nil {
 			return err
 		}
 		if err := validatePriceNotNegative("cache_read_price", p.CacheReadPrice); err != nil {
 			return err
 		}
 		if err := validatePriceNotNegative("image_output_price", p.ImageOutputPrice); err != nil {
 			return err
 		}
 		if err := validatePriceNotNegative("per_request_price", p.PerRequestPrice); err != nil {
 			return err
 		}
 		// 校验 interval：至少有一个价格字段非空
 		for _, iv := range p.Intervals {
 			if iv.InputPrice == nil && iv.OutputPrice == nil &&
 				iv.CacheWritePrice == nil && iv.CacheReadPrice == nil &&
 				iv.PerRequestPrice == nil {
 				return fmt.Errorf("interval [%d, %s] has no price fields set for model %v",
 					iv.MinTokens, formatMaxTokens(iv.MaxTokens), p.Models)
 			}
 		}
 	}
 	return nil
 }
 func validatePriceNotNegative(field string, val *float64) error {
 	if val != nil && *val < 0 {
 		return fmt.Errorf("%s must be >= 0", field)
 	}
 	return nil
 }
 func formatMaxTokens(max *int) string {
 	if max == nil {
 		return "∞"
 	}
 	return fmt.Sprintf("%d", *max)
 }
 // --- Handlers ---
 // List handles listing channels with pagination
 // GET /api/v1/admin/channels
 func (h *ChannelHandler) List(c *gin.Context) {
 	page, pageSize := response.ParsePagination(c)
 	status := c.Query("status")
 	search := strings.TrimSpace(c.Query("search"))
 	if len(search) > 100 {
 		search = search[:100]
 	}
 	channels, pag, err := h.channelService.List(c.Request.Context(), pagination.PaginationParams{Page: page, PageSize: pageSize}, status, search)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	out := make([]*channelResponse, 0, len(channels))
 	for i := range channels {
 		out = append(out, channelToResponse(&channels[i]))
 	}
 	response.Paginated(c, out, pag.Total, page, pageSize)
 }
 // GetByID handles getting a channel by ID
 // GET /api/v1/admin/channels/:id
 func (h *ChannelHandler) GetByID(c *gin.Context) {
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
 		response.ErrorFrom(c, infraerrors.BadRequest("INVALID_CHANNEL_ID", "Invalid channel ID"))
 		return
 	}
 	channel, err := h.channelService.GetByID(c.Request.Context(), id)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, channelToResponse(channel))
 }
 // Create handles creating a new channel
 // POST /api/v1/admin/channels
 func (h *ChannelHandler) Create(c *gin.Context) {
 	var req createChannelRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		response.ErrorFrom(c, infraerrors.BadRequest("VALIDATION_ERROR", err.Error()))
 		return
 	}
 	pricing := pricingRequestToService(req.ModelPricing)
 	if err := validatePricingBillingMode(pricing); err != nil {
 		response.ErrorFrom(c, infraerrors.BadRequest("VALIDATION_ERROR", err.Error()))
 		return
 	}
 	channel, err := h.channelService.Create(c.Request.Context(), &service.CreateChannelInput{
 		Name:               req.Name,
 		Description:        req.Description,
 		GroupIDs:           req.GroupIDs,
 		ModelPricing:       pricing,
 		ModelMapping:       req.ModelMapping,
 		BillingModelSource: req.BillingModelSource,
 		RestrictModels:     req.RestrictModels,
 	})
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, channelToResponse(channel))
 }
 // Update handles updating a channel
 // PUT /api/v1/admin/channels/:id
 func (h *ChannelHandler) Update(c *gin.Context) {
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
 		response.ErrorFrom(c, infraerrors.BadRequest("INVALID_CHANNEL_ID", "Invalid channel ID"))
 		return
 	}
 	var req updateChannelRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		response.ErrorFrom(c, infraerrors.BadRequest("VALIDATION_ERROR", err.Error()))
 		return
 	}
 	input := &service.UpdateChannelInput{
 		Name:               req.Name,
 		Description:        req.Description,
 		Status:             req.Status,
 		GroupIDs:           req.GroupIDs,
 		ModelMapping:       req.ModelMapping,
 		BillingModelSource: req.BillingModelSource,
 		RestrictModels:     req.RestrictModels,
 	}
 	if req.ModelPricing != nil {
 		pricing := pricingRequestToService(*req.ModelPricing)
 		if err := validatePricingBillingMode(pricing); err != nil {
 			response.ErrorFrom(c, infraerrors.BadRequest("VALIDATION_ERROR", err.Error()))
 			return
 		}
 		input.ModelPricing = &pricing
 	}
 	channel, err := h.channelService.Update(c.Request.Context(), id, input)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, channelToResponse(channel))
 }
 // Delete handles deleting a channel
 // DELETE /api/v1/admin/channels/:id
 func (h *ChannelHandler) Delete(c *gin.Context) {
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
 		response.ErrorFrom(c, infraerrors.BadRequest("INVALID_CHANNEL_ID", "Invalid channel ID"))
 		return
 	}
 	if err := h.channelService.Delete(c.Request.Context(), id); err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, gin.H{"message": "Channel deleted successfully"})
 }
 // GetModelDefaultPricing 获取模型的默认定价（用于前端自动填充）
 // GET /api/v1/admin/channels/model-pricing?model=claude-sonnet-4
 func (h *ChannelHandler) GetModelDefaultPricing(c *gin.Context) {
 	model := strings.TrimSpace(c.Query("model"))
 	if model == "" {
 		response.ErrorFrom(c, infraerrors.BadRequest("MISSING_PARAMETER", "model parameter is required").
 			WithMetadata(map[string]string{"param": "model"}))
 		return
 	}
 	pricing, err := h.billingService.GetModelPricing(model)
 	if err != nil {
 		// 模型不在定价列表中
 		response.Success(c, gin.H{"found": false})
 		return
 	}
 	response.Success(c, gin.H{
 		"found":              true,
 		"input_price":        pricing.InputPricePerToken,
 		"output_price":       pricing.OutputPricePerToken,
 		"cache_write_price":  pricing.CacheCreationPricePerToken,
 		"cache_read_price":   pricing.CacheReadPricePerToken,
 		"image_output_price": pricing.ImageOutputPricePerToken,
 	})
 }
--- a/backend/internal/handler/admin/channel_handler_test.go
+++ b/backend/internal/handler/admin/channel_handler_test.go
@ -0,0 +1,502 @@
 //go:build unit
 package admin
 import (
 	"testing"
 	"time"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/stretchr/testify/require"
 )
 // ---------------------------------------------------------------------------
 // helpers
 // ---------------------------------------------------------------------------
 func float64Ptr(v float64) *float64 { return &v }
 func intPtr(v int) *int             { return &v }
 // ---------------------------------------------------------------------------
 // 1. channelToResponse
 // ---------------------------------------------------------------------------
 func TestChannelToResponse_NilInput(t *testing.T) {
 	require.Nil(t, channelToResponse(nil))
 }
 func TestChannelToResponse_FullChannel(t *testing.T) {
 	now := time.Date(2025, 6, 1, 12, 0, 0, 0, time.UTC)
 	ch := &service.Channel{
 		ID:                 42,
 		Name:               "test-channel",
 		Description:        "desc",
 		Status:             "active",
 		BillingModelSource: "upstream",
 		RestrictModels:     true,
 		CreatedAt:          now,
 		UpdatedAt:          now.Add(time.Hour),
 		GroupIDs:           []int64{1, 2, 3},
 		ModelPricing: []service.ChannelModelPricing{
 			{
 				ID:              10,
 				Platform:        "openai",
 				Models:          []string{"gpt-4"},
 				BillingMode:     service.BillingModeToken,
 				InputPrice:      float64Ptr(0.01),
 				OutputPrice:     float64Ptr(0.03),
 				CacheWritePrice: float64Ptr(0.005),
 				CacheReadPrice:  float64Ptr(0.002),
 				PerRequestPrice: float64Ptr(0.5),
 			},
 		},
 		ModelMapping: map[string]map[string]string{
 			"anthropic": {"claude-3-haiku": "claude-haiku-3"},
 		},
 	}
 	resp := channelToResponse(ch)
 	require.NotNil(t, resp)
 	require.Equal(t, int64(42), resp.ID)
 	require.Equal(t, "test-channel", resp.Name)
 	require.Equal(t, "desc", resp.Description)
 	require.Equal(t, "active", resp.Status)
 	require.Equal(t, "upstream", resp.BillingModelSource)
 	require.True(t, resp.RestrictModels)
 	require.Equal(t, []int64{1, 2, 3}, resp.GroupIDs)
 	require.Equal(t, "2025-06-01T12:00:00Z", resp.CreatedAt)
 	require.Equal(t, "2025-06-01T13:00:00Z", resp.UpdatedAt)
 	// model mapping
 	require.Len(t, resp.ModelMapping, 1)
 	require.Equal(t, "claude-haiku-3", resp.ModelMapping["anthropic"]["claude-3-haiku"])
 	// pricing
 	require.Len(t, resp.ModelPricing, 1)
 	p := resp.ModelPricing[0]
 	require.Equal(t, int64(10), p.ID)
 	require.Equal(t, "openai", p.Platform)
 	require.Equal(t, []string{"gpt-4"}, p.Models)
 	require.Equal(t, "token", p.BillingMode)
 	require.Equal(t, float64Ptr(0.01), p.InputPrice)
 	require.Equal(t, float64Ptr(0.03), p.OutputPrice)
 	require.Equal(t, float64Ptr(0.005), p.CacheWritePrice)
 	require.Equal(t, float64Ptr(0.002), p.CacheReadPrice)
 	require.Equal(t, float64Ptr(0.5), p.PerRequestPrice)
 	require.Empty(t, p.Intervals)
 }
 func TestChannelToResponse_EmptyDefaults(t *testing.T) {
 	now := time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC)
 	ch := &service.Channel{
 		ID:                 1,
 		Name:               "ch",
 		BillingModelSource: "",
 		CreatedAt:          now,
 		UpdatedAt:          now,
 		GroupIDs:           nil,
 		ModelMapping:       nil,
 		ModelPricing: []service.ChannelModelPricing{
 			{
 				Platform:    "",
 				BillingMode: "",
 				Models:      []string{"m1"},
 			},
 		},
 	}
 	resp := channelToResponse(ch)
 	require.Equal(t, "channel_mapped", resp.BillingModelSource)
 	require.NotNil(t, resp.GroupIDs)
 	require.Empty(t, resp.GroupIDs)
 	require.NotNil(t, resp.ModelMapping)
 	require.Empty(t, resp.ModelMapping)
 	require.Len(t, resp.ModelPricing, 1)
 	require.Equal(t, "anthropic", resp.ModelPricing[0].Platform)
 	require.Equal(t, "token", resp.ModelPricing[0].BillingMode)
 }
 func TestChannelToResponse_NilModels(t *testing.T) {
 	now := time.Now()
 	ch := &service.Channel{
 		ID:        1,
 		Name:      "ch",
 		CreatedAt: now,
 		UpdatedAt: now,
 		ModelPricing: []service.ChannelModelPricing{
 			{
 				Models: nil,
 			},
 		},
 	}
 	resp := channelToResponse(ch)
 	require.Len(t, resp.ModelPricing, 1)
 	require.NotNil(t, resp.ModelPricing[0].Models)
 	require.Empty(t, resp.ModelPricing[0].Models)
 }
 func TestChannelToResponse_WithIntervals(t *testing.T) {
 	now := time.Now()
 	ch := &service.Channel{
 		ID:        1,
 		Name:      "ch",
 		CreatedAt: now,
 		UpdatedAt: now,
 		ModelPricing: []service.ChannelModelPricing{
 			{
 				Models:      []string{"m1"},
 				BillingMode: service.BillingModePerRequest,
 				Intervals: []service.PricingInterval{
 					{
 						ID:              100,
 						MinTokens:       0,
 						MaxTokens:       intPtr(1000),
 						TierLabel:       "1K",
 						InputPrice:      float64Ptr(0.01),
 						OutputPrice:     float64Ptr(0.02),
 						CacheWritePrice: float64Ptr(0.003),
 						CacheReadPrice:  float64Ptr(0.001),
 						PerRequestPrice: float64Ptr(0.1),
 						SortOrder:       1,
 					},
 					{
 						ID:        101,
 						MinTokens: 1000,
 						MaxTokens: nil,
 						TierLabel: "unlimited",
 						SortOrder: 2,
 					},
 				},
 			},
 		},
 	}
 	resp := channelToResponse(ch)
 	require.Len(t, resp.ModelPricing, 1)
 	intervals := resp.ModelPricing[0].Intervals
 	require.Len(t, intervals, 2)
 	iv0 := intervals[0]
 	require.Equal(t, int64(100), iv0.ID)
 	require.Equal(t, 0, iv0.MinTokens)
 	require.Equal(t, intPtr(1000), iv0.MaxTokens)
 	require.Equal(t, "1K", iv0.TierLabel)
 	require.Equal(t, float64Ptr(0.01), iv0.InputPrice)
 	require.Equal(t, float64Ptr(0.02), iv0.OutputPrice)
 	require.Equal(t, float64Ptr(0.003), iv0.CacheWritePrice)
 	require.Equal(t, float64Ptr(0.001), iv0.CacheReadPrice)
 	require.Equal(t, float64Ptr(0.1), iv0.PerRequestPrice)
 	require.Equal(t, 1, iv0.SortOrder)
 	iv1 := intervals[1]
 	require.Equal(t, int64(101), iv1.ID)
 	require.Equal(t, 1000, iv1.MinTokens)
 	require.Nil(t, iv1.MaxTokens)
 	require.Equal(t, "unlimited", iv1.TierLabel)
 	require.Equal(t, 2, iv1.SortOrder)
 }
 func TestChannelToResponse_MultipleEntries(t *testing.T) {
 	now := time.Now()
 	ch := &service.Channel{
 		ID:        1,
 		Name:      "multi",
 		CreatedAt: now,
 		UpdatedAt: now,
 		ModelPricing: []service.ChannelModelPricing{
 			{
 				ID:          1,
 				Platform:    "anthropic",
 				Models:      []string{"claude-sonnet-4"},
 				BillingMode: service.BillingModeToken,
 				InputPrice:  float64Ptr(0.003),
 				OutputPrice: float64Ptr(0.015),
 			},
 			{
 				ID:              2,
 				Platform:        "openai",
 				Models:          []string{"gpt-4", "gpt-4o"},
 				BillingMode:     service.BillingModePerRequest,
 				PerRequestPrice: float64Ptr(1.0),
 			},
 			{
 				ID:               3,
 				Platform:         "gemini",
 				Models:           []string{"gemini-2.5-pro"},
 				BillingMode:      service.BillingModeImage,
 				ImageOutputPrice: float64Ptr(0.05),
 				PerRequestPrice:  float64Ptr(0.2),
 			},
 		},
 	}
 	resp := channelToResponse(ch)
 	require.Len(t, resp.ModelPricing, 3)
 	require.Equal(t, int64(1), resp.ModelPricing[0].ID)
 	require.Equal(t, "anthropic", resp.ModelPricing[0].Platform)
 	require.Equal(t, []string{"claude-sonnet-4"}, resp.ModelPricing[0].Models)
 	require.Equal(t, "token", resp.ModelPricing[0].BillingMode)
 	require.Equal(t, int64(2), resp.ModelPricing[1].ID)
 	require.Equal(t, "openai", resp.ModelPricing[1].Platform)
 	require.Equal(t, []string{"gpt-4", "gpt-4o"}, resp.ModelPricing[1].Models)
 	require.Equal(t, "per_request", resp.ModelPricing[1].BillingMode)
 	require.Equal(t, int64(3), resp.ModelPricing[2].ID)
 	require.Equal(t, "gemini", resp.ModelPricing[2].Platform)
 	require.Equal(t, []string{"gemini-2.5-pro"}, resp.ModelPricing[2].Models)
 	require.Equal(t, "image", resp.ModelPricing[2].BillingMode)
 	require.Equal(t, float64Ptr(0.05), resp.ModelPricing[2].ImageOutputPrice)
 }
 // ---------------------------------------------------------------------------
 // 2. pricingRequestToService
 // ---------------------------------------------------------------------------
 func TestPricingRequestToService_Defaults(t *testing.T) {
 	tests := []struct {
 		name      string
 		req       channelModelPricingRequest
 		wantField string // which default field to check
 		wantValue string
 	}{
 		{
 			name: "empty billing mode defaults to token",
 			req: channelModelPricingRequest{
 				Models:      []string{"m1"},
 				BillingMode: "",
 			},
 			wantField: "BillingMode",
 			wantValue: string(service.BillingModeToken),
 		},
 		{
 			name: "empty platform defaults to anthropic",
 			req: channelModelPricingRequest{
 				Models:   []string{"m1"},
 				Platform: "",
 			},
 			wantField: "Platform",
 			wantValue: "anthropic",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			result := pricingRequestToService([]channelModelPricingRequest{tt.req})
 			require.Len(t, result, 1)
 			switch tt.wantField {
 			case "BillingMode":
 				require.Equal(t, service.BillingMode(tt.wantValue), result[0].BillingMode)
 			case "Platform":
 				require.Equal(t, tt.wantValue, result[0].Platform)
 			}
 		})
 	}
 }
 func TestPricingRequestToService_WithAllFields(t *testing.T) {
 	reqs := []channelModelPricingRequest{
 		{
 			Platform:         "openai",
 			Models:           []string{"gpt-4", "gpt-4o"},
 			BillingMode:      "per_request",
 			InputPrice:       float64Ptr(0.01),
 			OutputPrice:      float64Ptr(0.03),
 			CacheWritePrice:  float64Ptr(0.005),
 			CacheReadPrice:   float64Ptr(0.002),
 			ImageOutputPrice: float64Ptr(0.04),
 			PerRequestPrice:  float64Ptr(0.5),
 		},
 	}
 	result := pricingRequestToService(reqs)
 	require.Len(t, result, 1)
 	r := result[0]
 	require.Equal(t, "openai", r.Platform)
 	require.Equal(t, []string{"gpt-4", "gpt-4o"}, r.Models)
 	require.Equal(t, service.BillingModePerRequest, r.BillingMode)
 	require.Equal(t, float64Ptr(0.01), r.InputPrice)
 	require.Equal(t, float64Ptr(0.03), r.OutputPrice)
 	require.Equal(t, float64Ptr(0.005), r.CacheWritePrice)
 	require.Equal(t, float64Ptr(0.002), r.CacheReadPrice)
 	require.Equal(t, float64Ptr(0.04), r.ImageOutputPrice)
 	require.Equal(t, float64Ptr(0.5), r.PerRequestPrice)
 }
 func TestPricingRequestToService_WithIntervals(t *testing.T) {
 	reqs := []channelModelPricingRequest{
 		{
 			Models:      []string{"m1"},
 			BillingMode: "per_request",
 			Intervals: []pricingIntervalRequest{
 				{
 					MinTokens:       0,
 					MaxTokens:       intPtr(2000),
 					TierLabel:       "small",
 					InputPrice:      float64Ptr(0.01),
 					OutputPrice:     float64Ptr(0.02),
 					CacheWritePrice: float64Ptr(0.003),
 					CacheReadPrice:  float64Ptr(0.001),
 					PerRequestPrice: float64Ptr(0.1),
 					SortOrder:       1,
 				},
 				{
 					MinTokens: 2000,
 					MaxTokens: nil,
 					TierLabel: "large",
 					SortOrder: 2,
 				},
 			},
 		},
 	}
 	result := pricingRequestToService(reqs)
 	require.Len(t, result, 1)
 	require.Len(t, result[0].Intervals, 2)
 	iv0 := result[0].Intervals[0]
 	require.Equal(t, 0, iv0.MinTokens)
 	require.Equal(t, intPtr(2000), iv0.MaxTokens)
 	require.Equal(t, "small", iv0.TierLabel)
 	require.Equal(t, float64Ptr(0.01), iv0.InputPrice)
 	require.Equal(t, float64Ptr(0.02), iv0.OutputPrice)
 	require.Equal(t, float64Ptr(0.003), iv0.CacheWritePrice)
 	require.Equal(t, float64Ptr(0.001), iv0.CacheReadPrice)
 	require.Equal(t, float64Ptr(0.1), iv0.PerRequestPrice)
 	require.Equal(t, 1, iv0.SortOrder)
 	iv1 := result[0].Intervals[1]
 	require.Equal(t, 2000, iv1.MinTokens)
 	require.Nil(t, iv1.MaxTokens)
 	require.Equal(t, "large", iv1.TierLabel)
 	require.Equal(t, 2, iv1.SortOrder)
 }
 func TestPricingRequestToService_EmptySlice(t *testing.T) {
 	result := pricingRequestToService([]channelModelPricingRequest{})
 	require.NotNil(t, result)
 	require.Empty(t, result)
 }
 func TestPricingRequestToService_NilPriceFields(t *testing.T) {
 	reqs := []channelModelPricingRequest{
 		{
 			Models:      []string{"m1"},
 			BillingMode: "token",
 			// all price fields are nil by default
 		},
 	}
 	result := pricingRequestToService(reqs)
 	require.Len(t, result, 1)
 	r := result[0]
 	require.Nil(t, r.InputPrice)
 	require.Nil(t, r.OutputPrice)
 	require.Nil(t, r.CacheWritePrice)
 	require.Nil(t, r.CacheReadPrice)
 	require.Nil(t, r.ImageOutputPrice)
 	require.Nil(t, r.PerRequestPrice)
 }
 // ---------------------------------------------------------------------------
 // 3. validatePricingBillingMode
 // ---------------------------------------------------------------------------
 func TestValidatePricingBillingMode(t *testing.T) {
 	tests := []struct {
 		name    string
 		pricing []service.ChannelModelPricing
 		wantErr bool
 	}{
 		{
 			name: "token mode - valid",
 			pricing: []service.ChannelModelPricing{
 				{BillingMode: service.BillingModeToken},
 			},
 			wantErr: false,
 		},
 		{
 			name: "per_request with price - valid",
 			pricing: []service.ChannelModelPricing{
 				{
 					BillingMode:     service.BillingModePerRequest,
 					PerRequestPrice: float64Ptr(0.5),
 				},
 			},
 			wantErr: false,
 		},
 		{
 			name: "per_request with intervals - valid",
 			pricing: []service.ChannelModelPricing{
 				{
 					BillingMode: service.BillingModePerRequest,
 					Intervals: []service.PricingInterval{
 						{MinTokens: 0, MaxTokens: intPtr(1000), PerRequestPrice: float64Ptr(0.1)},
 					},
 				},
 			},
 			wantErr: false,
 		},
 		{
 			name: "per_request no price no intervals - invalid",
 			pricing: []service.ChannelModelPricing{
 				{BillingMode: service.BillingModePerRequest},
 			},
 			wantErr: true,
 		},
 		{
 			name: "image with price - valid",
 			pricing: []service.ChannelModelPricing{
 				{
 					BillingMode:     service.BillingModeImage,
 					PerRequestPrice: float64Ptr(0.2),
 				},
 			},
 			wantErr: false,
 		},
 		{
 			name: "image no price no intervals - invalid",
 			pricing: []service.ChannelModelPricing{
 				{BillingMode: service.BillingModeImage},
 			},
 			wantErr: true,
 		},
 		{
 			name:    "empty list - valid",
 			pricing: []service.ChannelModelPricing{},
 			wantErr: false,
 		},
 		{
 			name: "mixed modes with invalid image - invalid",
 			pricing: []service.ChannelModelPricing{
 				{
 					BillingMode: service.BillingModeToken,
 					InputPrice:  float64Ptr(0.01),
 				},
 				{
 					BillingMode:     service.BillingModePerRequest,
 					PerRequestPrice: float64Ptr(0.5),
 				},
 				{
 					BillingMode: service.BillingModeImage,
 				},
 			},
 			wantErr: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			err := validatePricingBillingMode(tt.pricing)
 			if tt.wantErr {
 				require.Error(t, err)
 				require.Contains(t, err.Error(), "per-request price or intervals required")
 			} else {
 				require.NoError(t, err)
 			}
 		})
 	}
 }
--- a/backend/internal/handler/admin/dashboard_handler.go
+++ b/backend/internal/handler/admin/dashboard_handler.go
@ -636,6 +636,40 @@ func (h *DashboardHandler) GetUserBreakdown(c *gin.Context) {
 	dim.Endpoint = c.Query("endpoint")
 	dim.EndpointType = c.DefaultQuery("endpoint_type", "inbound")
 	// Additional filter conditions
 	if v := c.Query("user_id"); v != "" {
 		if id, err := strconv.ParseInt(v, 10, 64); err == nil {
 			dim.UserID = id
 		}
 	}
 	if v := c.Query("api_key_id"); v != "" {
 		if id, err := strconv.ParseInt(v, 10, 64); err == nil {
 			dim.APIKeyID = id
 		}
 	}
 	if v := c.Query("account_id"); v != "" {
 		if id, err := strconv.ParseInt(v, 10, 64); err == nil {
 			dim.AccountID = id
 		}
 	}
 	if v := c.Query("request_type"); v != "" {
 		if rt, err := strconv.ParseInt(v, 10, 16); err == nil {
 			rtVal := int16(rt)
 			dim.RequestType = &rtVal
 		}
 	}
 	if v := c.Query("stream"); v != "" {
 		if s, err := strconv.ParseBool(v); err == nil {
 			dim.Stream = &s
 		}
 	}
 	if v := c.Query("billing_type"); v != "" {
 		if bt, err := strconv.ParseInt(v, 10, 8); err == nil {
 			btVal := int8(bt)
 			dim.BillingType = &btVal
 		}
 	}
 	limit := 50
 	if v := c.Query("limit"); v != "" {
 		if n, err := strconv.Atoi(v); err == nil && n > 0 && n <= 200 {
--- a/backend/internal/handler/admin/group_handler.go
+++ b/backend/internal/handler/admin/group_handler.go
@ -84,7 +84,7 @@ func NewGroupHandler(adminService service.AdminService, dashboardService *servic
 type CreateGroupRequest struct {
 	Name             string             `json:"name" binding:"required"`
 	Description      string             `json:"description"`
-	Platform         string             `json:"platform" binding:"omitempty,oneof=anthropic openai gemini antigravity sora"`
+	Platform         string             `json:"platform" binding:"omitempty,oneof=anthropic openai gemini antigravity"`
 	RateMultiplier   float64            `json:"rate_multiplier"`
 	IsExclusive      bool               `json:"is_exclusive"`
 	SubscriptionType string             `json:"subscription_type" binding:"omitempty,oneof=standard subscription"`
@ -95,10 +95,6 @@ type CreateGroupRequest struct {
 	ImagePrice1K                    *float64 `json:"image_price_1k"`
 	ImagePrice2K                    *float64 `json:"image_price_2k"`
 	ImagePrice4K                    *float64 `json:"image_price_4k"`
 	SoraImagePrice360               *float64 `json:"sora_image_price_360"`
 	SoraImagePrice540               *float64 `json:"sora_image_price_540"`
 	SoraVideoPricePerRequest        *float64 `json:"sora_video_price_per_request"`
 	SoraVideoPricePerRequestHD      *float64 `json:"sora_video_price_per_request_hd"`
 	ClaudeCodeOnly                  bool     `json:"claude_code_only"`
 	FallbackGroupID                 *int64   `json:"fallback_group_id"`
 	FallbackGroupIDOnInvalidRequest *int64   `json:"fallback_group_id_on_invalid_request"`
@ -108,10 +104,10 @@ type CreateGroupRequest struct {
 	MCPXMLInject        *bool              `json:"mcp_xml_inject"`
 	// 支持的模型系列（仅 antigravity 平台使用）
 	SupportedModelScopes []string `json:"supported_model_scopes"`
 	// Sora 存储配额
 	SoraStorageQuotaBytes int64 `json:"sora_storage_quota_bytes"`
 	// OpenAI Messages 调度配置（仅 openai 平台使用）
 	AllowMessagesDispatch bool   `json:"allow_messages_dispatch"`
 	RequireOAuthOnly      bool   `json:"require_oauth_only"`
 	RequirePrivacySet     bool   `json:"require_privacy_set"`
 	DefaultMappedModel    string `json:"default_mapped_model"`
 	// 从指定分组复制账号（创建后自动绑定）
 	CopyAccountsFromGroupIDs []int64 `json:"copy_accounts_from_group_ids"`
@ -121,7 +117,7 @@ type CreateGroupRequest struct {
 type UpdateGroupRequest struct {
 	Name             string             `json:"name"`
 	Description      string             `json:"description"`
-	Platform         string             `json:"platform" binding:"omitempty,oneof=anthropic openai gemini antigravity sora"`
+	Platform         string             `json:"platform" binding:"omitempty,oneof=anthropic openai gemini antigravity"`
 	RateMultiplier   *float64           `json:"rate_multiplier"`
 	IsExclusive      *bool              `json:"is_exclusive"`
 	Status           string             `json:"status" binding:"omitempty,oneof=active inactive"`
@ -133,10 +129,6 @@ type UpdateGroupRequest struct {
 	ImagePrice1K                    *float64 `json:"image_price_1k"`
 	ImagePrice2K                    *float64 `json:"image_price_2k"`
 	ImagePrice4K                    *float64 `json:"image_price_4k"`
 	SoraImagePrice360               *float64 `json:"sora_image_price_360"`
 	SoraImagePrice540               *float64 `json:"sora_image_price_540"`
 	SoraVideoPricePerRequest        *float64 `json:"sora_video_price_per_request"`
 	SoraVideoPricePerRequestHD      *float64 `json:"sora_video_price_per_request_hd"`
 	ClaudeCodeOnly                  *bool    `json:"claude_code_only"`
 	FallbackGroupID                 *int64   `json:"fallback_group_id"`
 	FallbackGroupIDOnInvalidRequest *int64   `json:"fallback_group_id_on_invalid_request"`
@ -146,10 +138,10 @@ type UpdateGroupRequest struct {
 	MCPXMLInject        *bool              `json:"mcp_xml_inject"`
 	// 支持的模型系列（仅 antigravity 平台使用）
 	SupportedModelScopes *[]string `json:"supported_model_scopes"`
 	// Sora 存储配额
 	SoraStorageQuotaBytes *int64 `json:"sora_storage_quota_bytes"`
 	// OpenAI Messages 调度配置（仅 openai 平台使用）
 	AllowMessagesDispatch *bool   `json:"allow_messages_dispatch"`
 	RequireOAuthOnly      *bool   `json:"require_oauth_only"`
 	RequirePrivacySet     *bool   `json:"require_privacy_set"`
 	DefaultMappedModel    *string `json:"default_mapped_model"`
 	// 从指定分组复制账号（同步操作：先清空当前分组的账号绑定，再绑定源分组的账号）
 	CopyAccountsFromGroupIDs []int64 `json:"copy_accounts_from_group_ids"`
@ -254,10 +246,6 @@ func (h *GroupHandler) Create(c *gin.Context) {
 		ImagePrice1K:                    req.ImagePrice1K,
 		ImagePrice2K:                    req.ImagePrice2K,
 		ImagePrice4K:                    req.ImagePrice4K,
 		SoraImagePrice360:               req.SoraImagePrice360,
 		SoraImagePrice540:               req.SoraImagePrice540,
 		SoraVideoPricePerRequest:        req.SoraVideoPricePerRequest,
 		SoraVideoPricePerRequestHD:      req.SoraVideoPricePerRequestHD,
 		ClaudeCodeOnly:                  req.ClaudeCodeOnly,
 		FallbackGroupID:                 req.FallbackGroupID,
 		FallbackGroupIDOnInvalidRequest: req.FallbackGroupIDOnInvalidRequest,
@ -265,8 +253,9 @@ func (h *GroupHandler) Create(c *gin.Context) {
 		ModelRoutingEnabled:             req.ModelRoutingEnabled,
 		MCPXMLInject:                    req.MCPXMLInject,
 		SupportedModelScopes:            req.SupportedModelScopes,
 		SoraStorageQuotaBytes:           req.SoraStorageQuotaBytes,
 		AllowMessagesDispatch:           req.AllowMessagesDispatch,
 		RequireOAuthOnly:                req.RequireOAuthOnly,
 		RequirePrivacySet:               req.RequirePrivacySet,
 		DefaultMappedModel:              req.DefaultMappedModel,
 		CopyAccountsFromGroupIDs:        req.CopyAccountsFromGroupIDs,
 	})
@ -307,10 +296,6 @@ func (h *GroupHandler) Update(c *gin.Context) {
 		ImagePrice1K:                    req.ImagePrice1K,
 		ImagePrice2K:                    req.ImagePrice2K,
 		ImagePrice4K:                    req.ImagePrice4K,
 		SoraImagePrice360:               req.SoraImagePrice360,
 		SoraImagePrice540:               req.SoraImagePrice540,
 		SoraVideoPricePerRequest:        req.SoraVideoPricePerRequest,
 		SoraVideoPricePerRequestHD:      req.SoraVideoPricePerRequestHD,
 		ClaudeCodeOnly:                  req.ClaudeCodeOnly,
 		FallbackGroupID:                 req.FallbackGroupID,
 		FallbackGroupIDOnInvalidRequest: req.FallbackGroupIDOnInvalidRequest,
@ -318,8 +303,9 @@ func (h *GroupHandler) Update(c *gin.Context) {
 		ModelRoutingEnabled:             req.ModelRoutingEnabled,
 		MCPXMLInject:                    req.MCPXMLInject,
 		SupportedModelScopes:            req.SupportedModelScopes,
 		SoraStorageQuotaBytes:           req.SoraStorageQuotaBytes,
 		AllowMessagesDispatch:           req.AllowMessagesDispatch,
 		RequireOAuthOnly:                req.RequireOAuthOnly,
 		RequirePrivacySet:               req.RequirePrivacySet,
 		DefaultMappedModel:              req.DefaultMappedModel,
 		CopyAccountsFromGroupIDs:        req.CopyAccountsFromGroupIDs,
 	})
--- a/backend/internal/handler/admin/openai_oauth_handler.go
+++ b/backend/internal/handler/admin/openai_oauth_handler.go
@ -19,9 +19,6 @@ type OpenAIOAuthHandler struct {
 }
 func oauthPlatformFromPath(c *gin.Context) string {
 	if strings.Contains(c.FullPath(), "/admin/sora/") {
 		return service.PlatformSora
 	}
 	return service.PlatformOpenAI
 }
@ -105,7 +102,6 @@ type OpenAIRefreshTokenRequest struct {
 // RefreshToken refreshes an OpenAI OAuth token
 // POST /api/v1/admin/openai/refresh-token
 // POST /api/v1/admin/sora/rt2at
 func (h *OpenAIOAuthHandler) RefreshToken(c *gin.Context) {
 	var req OpenAIRefreshTokenRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
@ -145,39 +141,8 @@ func (h *OpenAIOAuthHandler) RefreshToken(c *gin.Context) {
 	response.Success(c, tokenInfo)
 }
-// ExchangeSoraSessionToken exchanges Sora session token to access token
+// RefreshAccountToken refreshes token for a specific OpenAI account
 // POST /api/v1/admin/sora/st2at
 func (h *OpenAIOAuthHandler) ExchangeSoraSessionToken(c *gin.Context) {
 	var req struct {
 		SessionToken string `json:"session_token"`
 		ST           string `json:"st"`
 		ProxyID      *int64 `json:"proxy_id"`
 	}
 	if err := c.ShouldBindJSON(&req); err != nil {
 		response.BadRequest(c, "Invalid request: "+err.Error())
 		return
 	}
 	sessionToken := strings.TrimSpace(req.SessionToken)
 	if sessionToken == "" {
 		sessionToken = strings.TrimSpace(req.ST)
 	}
 	if sessionToken == "" {
 		response.BadRequest(c, "session_token is required")
 		return
 	}
 	tokenInfo, err := h.openaiOAuthService.ExchangeSoraSessionToken(c.Request.Context(), sessionToken, req.ProxyID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, tokenInfo)
 }
 // RefreshAccountToken refreshes token for a specific OpenAI/Sora account
 // POST /api/v1/admin/openai/accounts/:id/refresh
 // POST /api/v1/admin/sora/accounts/:id/refresh
 func (h *OpenAIOAuthHandler) RefreshAccountToken(c *gin.Context) {
 	accountID, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
@ -232,9 +197,8 @@ func (h *OpenAIOAuthHandler) RefreshAccountToken(c *gin.Context) {
 	response.Success(c, dto.AccountFromService(updatedAccount))
 }
-// CreateAccountFromOAuth creates a new OpenAI/Sora OAuth account from token info
+// CreateAccountFromOAuth creates a new OpenAI OAuth account from token info
 // POST /api/v1/admin/openai/create-from-oauth
 // POST /api/v1/admin/sora/create-from-oauth
 func (h *OpenAIOAuthHandler) CreateAccountFromOAuth(c *gin.Context) {
 	var req struct {
 		SessionID   string  `json:"session_id" binding:"required"`
@ -276,11 +240,7 @@ func (h *OpenAIOAuthHandler) CreateAccountFromOAuth(c *gin.Context) {
 		name = tokenInfo.Email
 	}
 	if name == "" {
-		if platform == service.PlatformSora {
+		name = "OpenAI OAuth Account"
 			name = "Sora OAuth Account"
 		} else {
 			name = "OpenAI OAuth Account"
 		}
 	}
 	// Create account
--- a/backend/internal/handler/admin/redeem_handler.go
+++ b/backend/internal/handler/admin/redeem_handler.go
@ -35,9 +35,9 @@ func NewRedeemHandler(adminService service.AdminService, redeemService *service.
 type GenerateRedeemCodesRequest struct {
 	Count        int     `json:"count" binding:"required,min=1,max=100"`
 	Type         string  `json:"type" binding:"required,oneof=balance concurrency subscription invitation"`
-	Value        float64 `json:"value" binding:"min=0"`
+	Value        float64 `json:"value"`
-	GroupID      *int64  `json:"group_id"`                                    // 订阅类型必填
+	GroupID      *int64  `json:"group_id"`      // 订阅类型必填
-	ValidityDays int     `json:"validity_days" binding:"omitempty,max=36500"` // 订阅类型使用，默认30天，最大100年
+	ValidityDays int     `json:"validity_days"` // 订阅类型使用，正数增加/负数退款扣减
 }
 // CreateAndRedeemCodeRequest represents creating a fixed code and redeeming it for a target user.
@ -45,10 +45,10 @@ type GenerateRedeemCodesRequest struct {
 type CreateAndRedeemCodeRequest struct {
 	Code         string  `json:"code" binding:"required,min=3,max=128"`
 	Type         string  `json:"type" binding:"omitempty,oneof=balance concurrency subscription invitation"` // 不传时默认 balance（向后兼容）
-	Value        float64 `json:"value" binding:"required,gt=0"`
+	Value        float64 `json:"value" binding:"required"`
 	UserID       int64   `json:"user_id" binding:"required,gt=0"`
-	GroupID      *int64  `json:"group_id"`                                    // subscription 类型必填
+	GroupID      *int64  `json:"group_id"`      // subscription 类型必填
-	ValidityDays int     `json:"validity_days" binding:"omitempty,max=36500"` // subscription 类型必填，>0
+	ValidityDays int     `json:"validity_days"` // subscription 类型：正数增加，负数退款扣减
 	Notes        string  `json:"notes"`
 }
@ -150,8 +150,8 @@ func (h *RedeemHandler) CreateAndRedeem(c *gin.Context) {
 			response.BadRequest(c, "group_id is required for subscription type")
 			return
 		}
-		if req.ValidityDays <= 0 {
+		if req.ValidityDays == 0 {
-			response.BadRequest(c, "validity_days must be greater than 0 for subscription type")
+			response.BadRequest(c, "validity_days must not be zero for subscription type")
 			return
 		}
 	}
--- a/backend/internal/handler/admin/redeem_handler_test.go
+++ b/backend/internal/handler/admin/redeem_handler_test.go
@ -76,32 +76,38 @@ func TestCreateAndRedeem_SubscriptionRequiresGroupID(t *testing.T) {
 	assert.Equal(t, http.StatusBadRequest, code)
 }
-func TestCreateAndRedeem_SubscriptionRequiresPositiveValidityDays(t *testing.T) {
+func TestCreateAndRedeem_SubscriptionRequiresNonZeroValidityDays(t *testing.T) {
 	groupID := int64(5)
 	h := newCreateAndRedeemHandler()
-	cases := []struct {
+	// zero should be rejected
-		name         string
+	t.Run("zero", func(t *testing.T) {
-		validityDays int
+		code := postCreateAndRedeemValidation(t, h, map[string]any{
-	}{
+			"code":          "test-sub-bad-days-zero",
-		{"zero", 0},
+			"type":          "subscription",
-		{"negative", -1},
+			"value":         29.9,
-	}
+			"user_id":       1,
-
+			"group_id":      groupID,
-	for _, tc := range cases {
+			"validity_days": 0,
 		t.Run(tc.name, func(t *testing.T) {
 			code := postCreateAndRedeemValidation(t, h, map[string]any{
 				"code":          "test-sub-bad-days-" + tc.name,
 				"type":          "subscription",
 				"value":         29.9,
 				"user_id":       1,
 				"group_id":      groupID,
 				"validity_days": tc.validityDays,
 			})
 			assert.Equal(t, http.StatusBadRequest, code)
 		})
-	}
+
 		assert.Equal(t, http.StatusBadRequest, code)
 	})
 	// negative should pass validation (used for refund/reduction)
 	t.Run("negative_passes_validation", func(t *testing.T) {
 		code := postCreateAndRedeemValidation(t, h, map[string]any{
 			"code":          "test-sub-negative-days",
 			"type":          "subscription",
 			"value":         29.9,
 			"user_id":       1,
 			"group_id":      groupID,
 			"validity_days": -7,
 		})
 		assert.NotEqual(t, http.StatusBadRequest, code,
 			"negative validity_days should pass validation for refund")
 	})
 }
 func TestCreateAndRedeem_SubscriptionValidParamsPassValidation(t *testing.T) {
--- a/backend/internal/handler/admin/setting_handler.go
+++ b/backend/internal/handler/admin/setting_handler.go
@ -41,17 +41,15 @@ type SettingHandler struct {
 	emailService     *service.EmailService
 	turnstileService *service.TurnstileService
 	opsService       *service.OpsService
 	soraS3Storage    *service.SoraS3Storage
 }
 // NewSettingHandler 创建系统设置处理器
-func NewSettingHandler(settingService *service.SettingService, emailService *service.EmailService, turnstileService *service.TurnstileService, opsService *service.OpsService, soraS3Storage *service.SoraS3Storage) *SettingHandler {
+func NewSettingHandler(settingService *service.SettingService, emailService *service.EmailService, turnstileService *service.TurnstileService, opsService *service.OpsService) *SettingHandler {
 	return &SettingHandler{
 		settingService:   settingService,
 		emailService:     emailService,
 		turnstileService: turnstileService,
 		opsService:       opsService,
 		soraS3Storage:    soraS3Storage,
 	}
 }
@ -108,7 +106,6 @@ func (h *SettingHandler) GetSettings(c *gin.Context) {
 		HideCcsImportButton:                  settings.HideCcsImportButton,
 		PurchaseSubscriptionEnabled:          settings.PurchaseSubscriptionEnabled,
 		PurchaseSubscriptionURL:              settings.PurchaseSubscriptionURL,
 		SoraClientEnabled:                    settings.SoraClientEnabled,
 		CustomMenuItems:                      dto.ParseCustomMenuItems(settings.CustomMenuItems),
 		CustomEndpoints:                      dto.ParseCustomEndpoints(settings.CustomEndpoints),
 		DefaultConcurrency:                   settings.DefaultConcurrency,
@ -177,7 +174,6 @@ type UpdateSettingsRequest struct {
 	HideCcsImportButton         bool                  `json:"hide_ccs_import_button"`
 	PurchaseSubscriptionEnabled *bool                 `json:"purchase_subscription_enabled"`
 	PurchaseSubscriptionURL     *string               `json:"purchase_subscription_url"`
 	SoraClientEnabled           bool                  `json:"sora_client_enabled"`
 	CustomMenuItems             *[]dto.CustomMenuItem `json:"custom_menu_items"`
 	CustomEndpoints             *[]dto.CustomEndpoint `json:"custom_endpoints"`
@ -566,7 +562,6 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
 		HideCcsImportButton:              req.HideCcsImportButton,
 		PurchaseSubscriptionEnabled:      purchaseEnabled,
 		PurchaseSubscriptionURL:          purchaseURL,
 		SoraClientEnabled:                req.SoraClientEnabled,
 		CustomMenuItems:                  customMenuJSON,
 		CustomEndpoints:                  customEndpointsJSON,
 		DefaultConcurrency:               req.DefaultConcurrency,
@ -676,7 +671,6 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
 		HideCcsImportButton:                  updatedSettings.HideCcsImportButton,
 		PurchaseSubscriptionEnabled:          updatedSettings.PurchaseSubscriptionEnabled,
 		PurchaseSubscriptionURL:              updatedSettings.PurchaseSubscriptionURL,
 		SoraClientEnabled:                    updatedSettings.SoraClientEnabled,
 		CustomMenuItems:                      dto.ParseCustomMenuItems(updatedSettings.CustomMenuItems),
 		CustomEndpoints:                      dto.ParseCustomEndpoints(updatedSettings.CustomEndpoints),
 		DefaultConcurrency:                   updatedSettings.DefaultConcurrency,
@ -1207,384 +1201,6 @@ func (h *SettingHandler) GetStreamTimeoutSettings(c *gin.Context) {
 	})
 }
 func toSoraS3SettingsDTO(settings *service.SoraS3Settings) dto.SoraS3Settings {
 	if settings == nil {
 		return dto.SoraS3Settings{}
 	}
 	return dto.SoraS3Settings{
 		Enabled:                   settings.Enabled,
 		Endpoint:                  settings.Endpoint,
 		Region:                    settings.Region,
 		Bucket:                    settings.Bucket,
 		AccessKeyID:               settings.AccessKeyID,
 		SecretAccessKeyConfigured: settings.SecretAccessKeyConfigured,
 		Prefix:                    settings.Prefix,
 		ForcePathStyle:            settings.ForcePathStyle,
 		CDNURL:                    settings.CDNURL,
 		DefaultStorageQuotaBytes:  settings.DefaultStorageQuotaBytes,
 	}
 }
 func toSoraS3ProfileDTO(profile service.SoraS3Profile) dto.SoraS3Profile {
 	return dto.SoraS3Profile{
 		ProfileID:                 profile.ProfileID,
 		Name:                      profile.Name,
 		IsActive:                  profile.IsActive,
 		Enabled:                   profile.Enabled,
 		Endpoint:                  profile.Endpoint,
 		Region:                    profile.Region,
 		Bucket:                    profile.Bucket,
 		AccessKeyID:               profile.AccessKeyID,
 		SecretAccessKeyConfigured: profile.SecretAccessKeyConfigured,
 		Prefix:                    profile.Prefix,
 		ForcePathStyle:            profile.ForcePathStyle,
 		CDNURL:                    profile.CDNURL,
 		DefaultStorageQuotaBytes:  profile.DefaultStorageQuotaBytes,
 		UpdatedAt:                 profile.UpdatedAt,
 	}
 }
 func validateSoraS3RequiredWhenEnabled(enabled bool, endpoint, bucket, accessKeyID, secretAccessKey string, hasStoredSecret bool) error {
 	if !enabled {
 		return nil
 	}
 	if strings.TrimSpace(endpoint) == "" {
 		return fmt.Errorf("S3 Endpoint is required when enabled")
 	}
 	if strings.TrimSpace(bucket) == "" {
 		return fmt.Errorf("S3 Bucket is required when enabled")
 	}
 	if strings.TrimSpace(accessKeyID) == "" {
 		return fmt.Errorf("S3 Access Key ID is required when enabled")
 	}
 	if strings.TrimSpace(secretAccessKey) != "" || hasStoredSecret {
 		return nil
 	}
 	return fmt.Errorf("S3 Secret Access Key is required when enabled")
 }
 func findSoraS3ProfileByID(items []service.SoraS3Profile, profileID string) *service.SoraS3Profile {
 	for idx := range items {
 		if items[idx].ProfileID == profileID {
 			return &items[idx]
 		}
 	}
 	return nil
 }
 // GetSoraS3Settings 获取 Sora S3 存储配置（兼容旧单配置接口）
 // GET /api/v1/admin/settings/sora-s3
 func (h *SettingHandler) GetSoraS3Settings(c *gin.Context) {
 	settings, err := h.settingService.GetSoraS3Settings(c.Request.Context())
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, toSoraS3SettingsDTO(settings))
 }
 // ListSoraS3Profiles 获取 Sora S3 多配置
 // GET /api/v1/admin/settings/sora-s3/profiles
 func (h *SettingHandler) ListSoraS3Profiles(c *gin.Context) {
 	result, err := h.settingService.ListSoraS3Profiles(c.Request.Context())
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	items := make([]dto.SoraS3Profile, 0, len(result.Items))
 	for idx := range result.Items {
 		items = append(items, toSoraS3ProfileDTO(result.Items[idx]))
 	}
 	response.Success(c, dto.ListSoraS3ProfilesResponse{
 		ActiveProfileID: result.ActiveProfileID,
 		Items:           items,
 	})
 }
 // UpdateSoraS3SettingsRequest 更新/测试 Sora S3 配置请求（兼容旧接口）
 type UpdateSoraS3SettingsRequest struct {
 	ProfileID                string `json:"profile_id"`
 	Enabled                  bool   `json:"enabled"`
 	Endpoint                 string `json:"endpoint"`
 	Region                   string `json:"region"`
 	Bucket                   string `json:"bucket"`
 	AccessKeyID              string `json:"access_key_id"`
 	SecretAccessKey          string `json:"secret_access_key"`
 	Prefix                   string `json:"prefix"`
 	ForcePathStyle           bool   `json:"force_path_style"`
 	CDNURL                   string `json:"cdn_url"`
 	DefaultStorageQuotaBytes int64  `json:"default_storage_quota_bytes"`
 }
 type CreateSoraS3ProfileRequest struct {
 	ProfileID                string `json:"profile_id"`
 	Name                     string `json:"name"`
 	SetActive                bool   `json:"set_active"`
 	Enabled                  bool   `json:"enabled"`
 	Endpoint                 string `json:"endpoint"`
 	Region                   string `json:"region"`
 	Bucket                   string `json:"bucket"`
 	AccessKeyID              string `json:"access_key_id"`
 	SecretAccessKey          string `json:"secret_access_key"`
 	Prefix                   string `json:"prefix"`
 	ForcePathStyle           bool   `json:"force_path_style"`
 	CDNURL                   string `json:"cdn_url"`
 	DefaultStorageQuotaBytes int64  `json:"default_storage_quota_bytes"`
 }
 type UpdateSoraS3ProfileRequest struct {
 	Name                     string `json:"name"`
 	Enabled                  bool   `json:"enabled"`
 	Endpoint                 string `json:"endpoint"`
 	Region                   string `json:"region"`
 	Bucket                   string `json:"bucket"`
 	AccessKeyID              string `json:"access_key_id"`
 	SecretAccessKey          string `json:"secret_access_key"`
 	Prefix                   string `json:"prefix"`
 	ForcePathStyle           bool   `json:"force_path_style"`
 	CDNURL                   string `json:"cdn_url"`
 	DefaultStorageQuotaBytes int64  `json:"default_storage_quota_bytes"`
 }
 // CreateSoraS3Profile 创建 Sora S3 配置
 // POST /api/v1/admin/settings/sora-s3/profiles
 func (h *SettingHandler) CreateSoraS3Profile(c *gin.Context) {
 	var req CreateSoraS3ProfileRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		response.BadRequest(c, "Invalid request: "+err.Error())
 		return
 	}
 	if req.DefaultStorageQuotaBytes < 0 {
 		req.DefaultStorageQuotaBytes = 0
 	}
 	if strings.TrimSpace(req.Name) == "" {
 		response.BadRequest(c, "Name is required")
 		return
 	}
 	if strings.TrimSpace(req.ProfileID) == "" {
 		response.BadRequest(c, "Profile ID is required")
 		return
 	}
 	if err := validateSoraS3RequiredWhenEnabled(req.Enabled, req.Endpoint, req.Bucket, req.AccessKeyID, req.SecretAccessKey, false); err != nil {
 		response.BadRequest(c, err.Error())
 		return
 	}
 	created, err := h.settingService.CreateSoraS3Profile(c.Request.Context(), &service.SoraS3Profile{
 		ProfileID:                req.ProfileID,
 		Name:                     req.Name,
 		Enabled:                  req.Enabled,
 		Endpoint:                 req.Endpoint,
 		Region:                   req.Region,
 		Bucket:                   req.Bucket,
 		AccessKeyID:              req.AccessKeyID,
 		SecretAccessKey:          req.SecretAccessKey,
 		Prefix:                   req.Prefix,
 		ForcePathStyle:           req.ForcePathStyle,
 		CDNURL:                   req.CDNURL,
 		DefaultStorageQuotaBytes: req.DefaultStorageQuotaBytes,
 	}, req.SetActive)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, toSoraS3ProfileDTO(*created))
 }
 // UpdateSoraS3Profile 更新 Sora S3 配置
 // PUT /api/v1/admin/settings/sora-s3/profiles/:profile_id
 func (h *SettingHandler) UpdateSoraS3Profile(c *gin.Context) {
 	profileID := strings.TrimSpace(c.Param("profile_id"))
 	if profileID == "" {
 		response.BadRequest(c, "Profile ID is required")
 		return
 	}
 	var req UpdateSoraS3ProfileRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		response.BadRequest(c, "Invalid request: "+err.Error())
 		return
 	}
 	if req.DefaultStorageQuotaBytes < 0 {
 		req.DefaultStorageQuotaBytes = 0
 	}
 	if strings.TrimSpace(req.Name) == "" {
 		response.BadRequest(c, "Name is required")
 		return
 	}
 	existingList, err := h.settingService.ListSoraS3Profiles(c.Request.Context())
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	existing := findSoraS3ProfileByID(existingList.Items, profileID)
 	if existing == nil {
 		response.ErrorFrom(c, service.ErrSoraS3ProfileNotFound)
 		return
 	}
 	if err := validateSoraS3RequiredWhenEnabled(req.Enabled, req.Endpoint, req.Bucket, req.AccessKeyID, req.SecretAccessKey, existing.SecretAccessKeyConfigured); err != nil {
 		response.BadRequest(c, err.Error())
 		return
 	}
 	updated, updateErr := h.settingService.UpdateSoraS3Profile(c.Request.Context(), profileID, &service.SoraS3Profile{
 		Name:                     req.Name,
 		Enabled:                  req.Enabled,
 		Endpoint:                 req.Endpoint,
 		Region:                   req.Region,
 		Bucket:                   req.Bucket,
 		AccessKeyID:              req.AccessKeyID,
 		SecretAccessKey:          req.SecretAccessKey,
 		Prefix:                   req.Prefix,
 		ForcePathStyle:           req.ForcePathStyle,
 		CDNURL:                   req.CDNURL,
 		DefaultStorageQuotaBytes: req.DefaultStorageQuotaBytes,
 	})
 	if updateErr != nil {
 		response.ErrorFrom(c, updateErr)
 		return
 	}
 	response.Success(c, toSoraS3ProfileDTO(*updated))
 }
 // DeleteSoraS3Profile 删除 Sora S3 配置
 // DELETE /api/v1/admin/settings/sora-s3/profiles/:profile_id
 func (h *SettingHandler) DeleteSoraS3Profile(c *gin.Context) {
 	profileID := strings.TrimSpace(c.Param("profile_id"))
 	if profileID == "" {
 		response.BadRequest(c, "Profile ID is required")
 		return
 	}
 	if err := h.settingService.DeleteSoraS3Profile(c.Request.Context(), profileID); err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, gin.H{"deleted": true})
 }
 // SetActiveSoraS3Profile 切换激活 Sora S3 配置
 // POST /api/v1/admin/settings/sora-s3/profiles/:profile_id/activate
 func (h *SettingHandler) SetActiveSoraS3Profile(c *gin.Context) {
 	profileID := strings.TrimSpace(c.Param("profile_id"))
 	if profileID == "" {
 		response.BadRequest(c, "Profile ID is required")
 		return
 	}
 	active, err := h.settingService.SetActiveSoraS3Profile(c.Request.Context(), profileID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, toSoraS3ProfileDTO(*active))
 }
 // UpdateSoraS3Settings 更新 Sora S3 存储配置（兼容旧单配置接口）
 // PUT /api/v1/admin/settings/sora-s3
 func (h *SettingHandler) UpdateSoraS3Settings(c *gin.Context) {
 	var req UpdateSoraS3SettingsRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		response.BadRequest(c, "Invalid request: "+err.Error())
 		return
 	}
 	existing, err := h.settingService.GetSoraS3Settings(c.Request.Context())
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	if req.DefaultStorageQuotaBytes < 0 {
 		req.DefaultStorageQuotaBytes = 0
 	}
 	if err := validateSoraS3RequiredWhenEnabled(req.Enabled, req.Endpoint, req.Bucket, req.AccessKeyID, req.SecretAccessKey, existing.SecretAccessKeyConfigured); err != nil {
 		response.BadRequest(c, err.Error())
 		return
 	}
 	settings := &service.SoraS3Settings{
 		Enabled:                  req.Enabled,
 		Endpoint:                 req.Endpoint,
 		Region:                   req.Region,
 		Bucket:                   req.Bucket,
 		AccessKeyID:              req.AccessKeyID,
 		SecretAccessKey:          req.SecretAccessKey,
 		Prefix:                   req.Prefix,
 		ForcePathStyle:           req.ForcePathStyle,
 		CDNURL:                   req.CDNURL,
 		DefaultStorageQuotaBytes: req.DefaultStorageQuotaBytes,
 	}
 	if err := h.settingService.SetSoraS3Settings(c.Request.Context(), settings); err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	updatedSettings, err := h.settingService.GetSoraS3Settings(c.Request.Context())
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, toSoraS3SettingsDTO(updatedSettings))
 }
 // TestSoraS3Connection 测试 Sora S3 连接（HeadBucket）
 // POST /api/v1/admin/settings/sora-s3/test
 func (h *SettingHandler) TestSoraS3Connection(c *gin.Context) {
 	if h.soraS3Storage == nil {
 		response.Error(c, 500, "S3 存储服务未初始化")
 		return
 	}
 	var req UpdateSoraS3SettingsRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		response.BadRequest(c, "Invalid request: "+err.Error())
 		return
 	}
 	if !req.Enabled {
 		response.BadRequest(c, "S3 未启用，无法测试连接")
 		return
 	}
 	if req.SecretAccessKey == "" {
 		if req.ProfileID != "" {
 			profiles, err := h.settingService.ListSoraS3Profiles(c.Request.Context())
 			if err == nil {
 				profile := findSoraS3ProfileByID(profiles.Items, req.ProfileID)
 				if profile != nil {
 					req.SecretAccessKey = profile.SecretAccessKey
 				}
 			}
 		}
 		if req.SecretAccessKey == "" {
 			existing, err := h.settingService.GetSoraS3Settings(c.Request.Context())
 			if err == nil {
 				req.SecretAccessKey = existing.SecretAccessKey
 			}
 		}
 	}
 	testCfg := &service.SoraS3Settings{
 		Enabled:         true,
 		Endpoint:        req.Endpoint,
 		Region:          req.Region,
 		Bucket:          req.Bucket,
 		AccessKeyID:     req.AccessKeyID,
 		SecretAccessKey: req.SecretAccessKey,
 		Prefix:          req.Prefix,
 		ForcePathStyle:  req.ForcePathStyle,
 		CDNURL:          req.CDNURL,
 	}
 	if err := h.soraS3Storage.TestConnectionWithSettings(c.Request.Context(), testCfg); err != nil {
 		response.Error(c, 400, "S3 连接测试失败: "+err.Error())
 		return
 	}
 	response.Success(c, gin.H{"message": "S3 连接成功"})
 }
 // GetRectifierSettings 获取请求整流器配置
 // GET /api/v1/admin/settings/rectifier
 func (h *SettingHandler) GetRectifierSettings(c *gin.Context) {
--- a/backend/internal/handler/admin/usage_handler.go
+++ b/backend/internal/handler/admin/usage_handler.go
@ -110,6 +110,7 @@ func (h *UsageHandler) List(c *gin.Context) {
 	}
 	model := c.Query("model")
 	billingMode := strings.TrimSpace(c.Query("billing_mode"))
 	var requestType *int16
 	var stream *bool
@ -174,6 +175,7 @@ func (h *UsageHandler) List(c *gin.Context) {
 		RequestType: requestType,
 		Stream:      stream,
 		BillingType: billingType,
 		BillingMode: billingMode,
 		StartTime:   startTime,
 		EndTime:     endTime,
 		ExactTotal:  exactTotal,
@ -234,6 +236,7 @@ func (h *UsageHandler) Stats(c *gin.Context) {
 	}
 	model := c.Query("model")
 	billingMode := strings.TrimSpace(c.Query("billing_mode"))
 	var requestType *int16
 	var stream *bool
@ -312,6 +315,7 @@ func (h *UsageHandler) Stats(c *gin.Context) {
 		RequestType: requestType,
 		Stream:      stream,
 		BillingType: billingType,
 		BillingMode: billingMode,
 		StartTime:   &startTime,
 		EndTime:     &endTime,
 	}
--- a/backend/internal/handler/admin/user_handler.go
+++ b/backend/internal/handler/admin/user_handler.go
@ -34,14 +34,13 @@ func NewUserHandler(adminService service.AdminService, concurrencyService *servi
 // CreateUserRequest represents admin create user request
 type CreateUserRequest struct {
-	Email                 string  `json:"email" binding:"required,email"`
+	Email         string  `json:"email" binding:"required,email"`
-	Password              string  `json:"password" binding:"required,min=6"`
+	Password      string  `json:"password" binding:"required,min=6"`
-	Username              string  `json:"username"`
+	Username      string  `json:"username"`
-	Notes                 string  `json:"notes"`
+	Notes         string  `json:"notes"`
-	Balance               float64 `json:"balance"`
+	Balance       float64 `json:"balance"`
-	Concurrency           int     `json:"concurrency"`
+	Concurrency   int     `json:"concurrency"`
-	AllowedGroups         []int64 `json:"allowed_groups"`
+	AllowedGroups []int64 `json:"allowed_groups"`
 	SoraStorageQuotaBytes int64   `json:"sora_storage_quota_bytes"`
 }
 // UpdateUserRequest represents admin update user request
@ -57,8 +56,7 @@ type UpdateUserRequest struct {
 	AllowedGroups *[]int64 `json:"allowed_groups"`
 	// GroupRates 用户专属分组倍率配置
 	// map[groupID]*rate，nil 表示删除该分组的专属倍率
-	GroupRates            map[int64]*float64 `json:"group_rates"`
+	GroupRates map[int64]*float64 `json:"group_rates"`
 	SoraStorageQuotaBytes *int64             `json:"sora_storage_quota_bytes"`
 }
 // UpdateBalanceRequest represents balance update request
@ -182,14 +180,13 @@ func (h *UserHandler) Create(c *gin.Context) {
 	}
 	user, err := h.adminService.CreateUser(c.Request.Context(), &service.CreateUserInput{
-		Email:                 req.Email,
+		Email:         req.Email,
-		Password:              req.Password,
+		Password:      req.Password,
-		Username:              req.Username,
+		Username:      req.Username,
-		Notes:                 req.Notes,
+		Notes:         req.Notes,
-		Balance:               req.Balance,
+		Balance:       req.Balance,
-		Concurrency:           req.Concurrency,
+		Concurrency:   req.Concurrency,
-		AllowedGroups:         req.AllowedGroups,
+		AllowedGroups: req.AllowedGroups,
 		SoraStorageQuotaBytes: req.SoraStorageQuotaBytes,
 	})
 	if err != nil {
 		response.ErrorFrom(c, err)
@ -216,16 +213,15 @@ func (h *UserHandler) Update(c *gin.Context) {
 	// 使用指针类型直接传递，nil 表示未提供该字段
 	user, err := h.adminService.UpdateUser(c.Request.Context(), userID, &service.UpdateUserInput{
-		Email:                 req.Email,
+		Email:         req.Email,
-		Password:              req.Password,
+		Password:      req.Password,
-		Username:              req.Username,
+		Username:      req.Username,
-		Notes:                 req.Notes,
+		Notes:         req.Notes,
-		Balance:               req.Balance,
+		Balance:       req.Balance,
-		Concurrency:           req.Concurrency,
+		Concurrency:   req.Concurrency,
-		Status:                req.Status,
+		Status:        req.Status,
-		AllowedGroups:         req.AllowedGroups,
+		AllowedGroups: req.AllowedGroups,
-		GroupRates:            req.GroupRates,
+		GroupRates:    req.GroupRates,
 		SoraStorageQuotaBytes: req.SoraStorageQuotaBytes,
 	})
 	if err != nil {
 		response.ErrorFrom(c, err)
--- a/backend/internal/handler/dto/mappers.go
+++ b/backend/internal/handler/dto/mappers.go
@ -59,11 +59,9 @@ func UserFromServiceAdmin(u *service.User) *AdminUser {
 		return nil
 	}
 	return &AdminUser{
-		User:                  *base,
+		User:       *base,
-		Notes:                 u.Notes,
+		Notes:      u.Notes,
-		GroupRates:            u.GroupRates,
+		GroupRates: u.GroupRates,
 		SoraStorageQuotaBytes: u.SoraStorageQuotaBytes,
 		SoraStorageUsedBytes:  u.SoraStorageUsedBytes,
 	}
 }
@ -172,15 +170,12 @@ func groupFromServiceBase(g *service.Group) Group {
 		ImagePrice1K:                    g.ImagePrice1K,
 		ImagePrice2K:                    g.ImagePrice2K,
 		ImagePrice4K:                    g.ImagePrice4K,
 		SoraImagePrice360:               g.SoraImagePrice360,
 		SoraImagePrice540:               g.SoraImagePrice540,
 		SoraVideoPricePerRequest:        g.SoraVideoPricePerRequest,
 		SoraVideoPricePerRequestHD:      g.SoraVideoPricePerRequestHD,
 		ClaudeCodeOnly:                  g.ClaudeCodeOnly,
 		FallbackGroupID:                 g.FallbackGroupID,
 		FallbackGroupIDOnInvalidRequest: g.FallbackGroupIDOnInvalidRequest,
 		SoraStorageQuotaBytes:           g.SoraStorageQuotaBytes,
 		AllowMessagesDispatch:           g.AllowMessagesDispatch,
 		RequireOAuthOnly:                g.RequireOAuthOnly,
 		RequirePrivacySet:               g.RequirePrivacySet,
 		CreatedAt:                       g.CreatedAt,
 		UpdatedAt:                       g.UpdatedAt,
 	}
@ -575,6 +570,7 @@ func usageLogFromServiceUser(l *service.UsageLog) UsageLog {
 		MediaType:             l.MediaType,
 		UserAgent:             l.UserAgent,
 		CacheTTLOverridden:    l.CacheTTLOverridden,
 		BillingMode:           l.BillingMode,
 		CreatedAt:             l.CreatedAt,
 		User:                  UserFromServiceShallow(l.User),
 		APIKey:                APIKeyFromService(l.APIKey),
@ -602,6 +598,9 @@ func UsageLogFromServiceAdmin(l *service.UsageLog) *AdminUsageLog {
 	return &AdminUsageLog{
 		UsageLog:              usageLogFromServiceUser(l),
 		UpstreamModel:         l.UpstreamModel,
 		ChannelID:             l.ChannelID,
 		ModelMappingChain:     l.ModelMappingChain,
 		BillingTier:           l.BillingTier,
 		AccountRateMultiplier: l.AccountRateMultiplier,
 		IPAddress:             l.IPAddress,
 		Account:               AccountSummaryFromService(l.Account),
--- a/backend/internal/handler/dto/settings.go
+++ b/backend/internal/handler/dto/settings.go
@ -61,7 +61,6 @@ type SystemSettings struct {
 	HideCcsImportButton         bool             `json:"hide_ccs_import_button"`
 	PurchaseSubscriptionEnabled bool             `json:"purchase_subscription_enabled"`
 	PurchaseSubscriptionURL     string           `json:"purchase_subscription_url"`
 	SoraClientEnabled           bool             `json:"sora_client_enabled"`
 	CustomMenuItems             []CustomMenuItem `json:"custom_menu_items"`
 	CustomEndpoints             []CustomEndpoint `json:"custom_endpoints"`
@ -128,49 +127,10 @@ type PublicSettings struct {
 	CustomMenuItems                  []CustomMenuItem `json:"custom_menu_items"`
 	CustomEndpoints                  []CustomEndpoint `json:"custom_endpoints"`
 	LinuxDoOAuthEnabled              bool             `json:"linuxdo_oauth_enabled"`
 	SoraClientEnabled                bool             `json:"sora_client_enabled"`
 	BackendModeEnabled               bool             `json:"backend_mode_enabled"`
 	Version                          string           `json:"version"`
 }
 // SoraS3Settings Sora S3 存储配置 DTO（响应用，不含敏感字段）
 type SoraS3Settings struct {
 	Enabled                   bool   `json:"enabled"`
 	Endpoint                  string `json:"endpoint"`
 	Region                    string `json:"region"`
 	Bucket                    string `json:"bucket"`
 	AccessKeyID               string `json:"access_key_id"`
 	SecretAccessKeyConfigured bool   `json:"secret_access_key_configured"`
 	Prefix                    string `json:"prefix"`
 	ForcePathStyle            bool   `json:"force_path_style"`
 	CDNURL                    string `json:"cdn_url"`
 	DefaultStorageQuotaBytes  int64  `json:"default_storage_quota_bytes"`
 }
 // SoraS3Profile Sora S3 存储配置项 DTO（响应用，不含敏感字段）
 type SoraS3Profile struct {
 	ProfileID                 string `json:"profile_id"`
 	Name                      string `json:"name"`
 	IsActive                  bool   `json:"is_active"`
 	Enabled                   bool   `json:"enabled"`
 	Endpoint                  string `json:"endpoint"`
 	Region                    string `json:"region"`
 	Bucket                    string `json:"bucket"`
 	AccessKeyID               string `json:"access_key_id"`
 	SecretAccessKeyConfigured bool   `json:"secret_access_key_configured"`
 	Prefix                    string `json:"prefix"`
 	ForcePathStyle            bool   `json:"force_path_style"`
 	CDNURL                    string `json:"cdn_url"`
 	DefaultStorageQuotaBytes  int64  `json:"default_storage_quota_bytes"`
 	UpdatedAt                 string `json:"updated_at"`
 }
 // ListSoraS3ProfilesResponse Sora S3 配置列表响应
 type ListSoraS3ProfilesResponse struct {
 	ActiveProfileID string          `json:"active_profile_id"`
 	Items           []SoraS3Profile `json:"items"`
 }
 // OverloadCooldownSettings 529过载冷却配置 DTO
 type OverloadCooldownSettings struct {
 	Enabled         bool `json:"enabled"`
@ -197,10 +157,13 @@ type RectifierSettings struct {
 // BetaPolicyRule Beta 策略规则 DTO
 type BetaPolicyRule struct {
-	BetaToken    string `json:"beta_token"`
+	BetaToken            string   `json:"beta_token"`
-	Action       string `json:"action"`
+	Action               string   `json:"action"`
-	Scope        string `json:"scope"`
+	Scope                string   `json:"scope"`
-	ErrorMessage string `json:"error_message,omitempty"`
+	ErrorMessage         string   `json:"error_message,omitempty"`
 	ModelWhitelist       []string `json:"model_whitelist,omitempty"`
 	FallbackAction       string   `json:"fallback_action,omitempty"`
 	FallbackErrorMessage string   `json:"fallback_error_message,omitempty"`
 }
 // BetaPolicySettings Beta 策略配置 DTO
--- a/backend/internal/handler/dto/types.go
+++ b/backend/internal/handler/dto/types.go
@ -26,9 +26,7 @@ type AdminUser struct {
 	Notes string `json:"notes"`
 	// GroupRates 用户专属分组倍率配置
 	// map[groupID]rateMultiplier
-	GroupRates            map[int64]float64 `json:"group_rates,omitempty"`
+	GroupRates map[int64]float64 `json:"group_rates,omitempty"`
 	SoraStorageQuotaBytes int64             `json:"sora_storage_quota_bytes"`
 	SoraStorageUsedBytes  int64             `json:"sora_storage_used_bytes"`
 }
 type APIKey struct {
@ -84,24 +82,19 @@ type Group struct {
 	ImagePrice2K *float64 `json:"image_price_2k"`
 	ImagePrice4K *float64 `json:"image_price_4k"`
 	// Sora 按次计费配置
 	SoraImagePrice360          *float64 `json:"sora_image_price_360"`
 	SoraImagePrice540          *float64 `json:"sora_image_price_540"`
 	SoraVideoPricePerRequest   *float64 `json:"sora_video_price_per_request"`
 	SoraVideoPricePerRequestHD *float64 `json:"sora_video_price_per_request_hd"`
 	// Claude Code 客户端限制
 	ClaudeCodeOnly  bool   `json:"claude_code_only"`
 	FallbackGroupID *int64 `json:"fallback_group_id"`
 	// 无效请求兜底分组
 	FallbackGroupIDOnInvalidRequest *int64 `json:"fallback_group_id_on_invalid_request"`
 	// Sora 存储配额
 	SoraStorageQuotaBytes int64 `json:"sora_storage_quota_bytes"`
 	// OpenAI Messages 调度开关（用户侧需要此字段判断是否展示 Claude Code 教程）
 	AllowMessagesDispatch bool `json:"allow_messages_dispatch"`
 	// 账号过滤控制（仅 OpenAI/Antigravity 平台有效）
 	RequireOAuthOnly  bool `json:"require_oauth_only"`
 	RequirePrivacySet bool `json:"require_privacy_set"`
 	CreatedAt time.Time `json:"created_at"`
 	UpdatedAt time.Time `json:"updated_at"`
 }
@ -386,6 +379,9 @@ type UsageLog struct {
 	// Cache TTL Override 标记
 	CacheTTLOverridden bool `json:"cache_ttl_overridden"`
 	// BillingMode 计费模式：token/image
 	BillingMode *string `json:"billing_mode,omitempty"`
 	CreatedAt time.Time `json:"created_at"`
 	User         *User             `json:"user,omitempty"`
@ -402,6 +398,13 @@ type AdminUsageLog struct {
 	// Omitted when no mapping was applied (requested model was used as-is).
 	UpstreamModel *string `json:"upstream_model,omitempty"`
 	// ChannelID 渠道 ID
 	ChannelID *int64 `json:"channel_id,omitempty"`
 	// ModelMappingChain 模型映射链，如 "a→b→c"
 	ModelMappingChain *string `json:"model_mapping_chain,omitempty"`
 	// BillingTier 计费层级标签（per_request/image 模式）
 	BillingTier *string `json:"billing_tier,omitempty"`
 	// AccountRateMultiplier 账号计费倍率快照（nil 表示按 1.0 处理）
 	AccountRateMultiplier *float64 `json:"account_rate_multiplier"`
--- a/backend/internal/handler/endpoint.go
+++ b/backend/internal/handler/endpoint.go
@ -31,7 +31,7 @@ const (
 // ──────────────────────────────────────────────────────────
 // NormalizeInboundEndpoint maps a raw request path (which may carry
-// prefixes like /antigravity, /openai, /sora) to its canonical form.
+// prefixes like /antigravity, /openai) to its canonical form.
 //
 //	"/antigravity/v1/messages"   → "/v1/messages"
 //	"/v1/chat/completions"       → "/v1/chat/completions"
@ -61,7 +61,7 @@ func NormalizeInboundEndpoint(path string) string {
 //     such as /v1/responses/compact preserved from the raw URL).
 //   - Anthropic  → /v1/messages
 //   - Gemini     → /v1beta/models
-//   - Sora       → /v1/chat/completions
+//   - Antigravity → /v1/messages (Claude) or gemini (Gemini)
 //   - Antigravity routes may target either Claude or Gemini, so the
 //     inbound endpoint is used to distinguish.
 func DeriveUpstreamEndpoint(inbound, rawRequestPath, platform string) string {
@ -82,9 +82,6 @@ func DeriveUpstreamEndpoint(inbound, rawRequestPath, platform string) string {
 	case service.PlatformGemini:
 		return EndpointGeminiModels
 	case service.PlatformSora:
 		return EndpointChatCompletions
 	case service.PlatformAntigravity:
 		// Antigravity accounts serve both Claude and Gemini.
 		if inbound == EndpointGeminiModels {
--- a/backend/internal/handler/endpoint_test.go
+++ b/backend/internal/handler/endpoint_test.go
@ -27,11 +27,10 @@ func TestNormalizeInboundEndpoint(t *testing.T) {
 		{"/v1/responses", EndpointResponses},
 		{"/v1beta/models", EndpointGeminiModels},
-		// Prefixed paths (antigravity, openai, sora).
+		// Prefixed paths (antigravity, openai).
 		{"/antigravity/v1/messages", EndpointMessages},
 		{"/openai/v1/responses", EndpointResponses},
 		{"/openai/v1/responses/compact", EndpointResponses},
 		{"/sora/v1/chat/completions", EndpointChatCompletions},
 		{"/antigravity/v1beta/models/gemini:generateContent", EndpointGeminiModels},
 		// Gin route patterns with wildcards.
@ -68,9 +67,6 @@ func TestDeriveUpstreamEndpoint(t *testing.T) {
 		// Gemini.
 		{"gemini models", EndpointGeminiModels, "/v1beta/models/gemini:gen", service.PlatformGemini, EndpointGeminiModels},
 		// Sora.
 		{"sora completions", EndpointChatCompletions, "/sora/v1/chat/completions", service.PlatformSora, EndpointChatCompletions},
 		// OpenAI — always /v1/responses.
 		{"openai responses root", EndpointResponses, "/v1/responses", service.PlatformOpenAI, EndpointResponses},
 		{"openai responses compact", EndpointResponses, "/openai/v1/responses/compact", service.PlatformOpenAI, "/v1/responses/compact"},
--- a/backend/internal/handler/gateway_handler.go
+++ b/backend/internal/handler/gateway_handler.go
@ -158,6 +158,9 @@ func (h *GatewayHandler) Messages(c *gin.Context) {
 	reqStream := parsedReq.Stream
 	reqLog = reqLog.With(zap.String("model", reqModel), zap.Bool("stream", reqStream))
 	// 解析渠道级模型映射
 	channelMapping, _ := h.gatewayService.ResolveChannelMappingAndRestrict(c.Request.Context(), apiKey.GroupID, reqModel)
 	// 设置 max_tokens=1 + haiku 探测请求标识到 context 中
 	// 必须在 SetClaudeCodeClientContext 之前设置，因为 ClaudeCodeValidator 需要读取此标识进行绕过判断
 	if isMaxTokensOneHaikuRequest(reqModel, parsedReq.MaxTokens, reqStream) {
@ -292,7 +295,7 @@ func (h *GatewayHandler) Messages(c *gin.Context) {
 		}
 		for {
-			selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), apiKey.GroupID, sessionKey, reqModel, fs.FailedAccountIDs, "") // Gemini 不使用会话限制
+			selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), apiKey.GroupID, sessionKey, reqModel, fs.FailedAccountIDs, "", int64(0)) // Gemini 不使用会话限制
 			if err != nil {
 				if len(fs.FailedAccountIDs) == 0 {
 					h.handleStreamingAwareError(c, http.StatusServiceUnavailable, "api_error", "No available accounts: "+err.Error(), streamStarted)
@ -478,6 +481,7 @@ func (h *GatewayHandler) Messages(c *gin.Context) {
 					RequestPayloadHash: requestPayloadHash,
 					ForceCacheBilling:  fs.ForceCacheBilling,
 					APIKeyService:      h.apiKeyService,
 					ChannelUsageFields: channelMapping.ToUsageFields(reqModel, result.UpstreamModel),
 				}); err != nil {
 					logger.L().With(
 						zap.String("component", "handler.gateway.messages"),
@ -514,7 +518,7 @@ func (h *GatewayHandler) Messages(c *gin.Context) {
 		for {
 			// 选择支持该模型的账号
-			selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), currentAPIKey.GroupID, sessionKey, reqModel, fs.FailedAccountIDs, parsedReq.MetadataUserID)
+			selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), currentAPIKey.GroupID, sessionKey, reqModel, fs.FailedAccountIDs, parsedReq.MetadataUserID, int64(0))
 			if err != nil {
 				if len(fs.FailedAccountIDs) == 0 {
 					h.handleStreamingAwareError(c, http.StatusServiceUnavailable, "api_error", "No available accounts: "+err.Error(), streamStarted)
@ -660,6 +664,13 @@ func (h *GatewayHandler) Messages(c *gin.Context) {
 			parsedReq.OnUpstreamAccepted = queueRelease
 			// ===== 用户消息串行队列 END =====
 			// 应用渠道模型映射到请求
 			if channelMapping.Mapped {
 				parsedReq.Model = channelMapping.MappedModel
 				parsedReq.Body = h.gatewayService.ReplaceModelInBody(parsedReq.Body, channelMapping.MappedModel)
 				body = h.gatewayService.ReplaceModelInBody(body, channelMapping.MappedModel)
 			}
 			// 转发请求 - 根据账号平台分流
 			var result *service.ForwardResult
 			requestCtx := c.Request.Context()
@ -810,6 +821,7 @@ func (h *GatewayHandler) Messages(c *gin.Context) {
 					RequestPayloadHash: requestPayloadHash,
 					ForceCacheBilling:  fs.ForceCacheBilling,
 					APIKeyService:      h.apiKeyService,
 					ChannelUsageFields: channelMapping.ToUsageFields(reqModel, result.UpstreamModel),
 				}); err != nil {
 					logger.L().With(
 						zap.String("component", "handler.gateway.messages"),
@ -847,14 +859,6 @@ func (h *GatewayHandler) Models(c *gin.Context) {
 		platform = forcedPlatform
 	}
 	if platform == service.PlatformSora {
 		c.JSON(http.StatusOK, gin.H{
 			"object": "list",
 			"data":   service.DefaultSoraModels(h.cfg),
 		})
 		return
 	}
 	// Get available models from account configurations (without platform filter)
 	availableModels := h.gatewayService.GetAvailableModels(c.Request.Context(), groupID, "")
--- a/backend/internal/handler/gateway_handler_chat_completions.go
+++ b/backend/internal/handler/gateway_handler_chat_completions.go
@ -80,6 +80,9 @@ func (h *GatewayHandler) ChatCompletions(c *gin.Context) {
 	setOpsRequestContext(c, reqModel, reqStream, body)
 	setOpsEndpointContext(c, "", int16(service.RequestTypeFromLegacy(reqStream, false)))
 	// 解析渠道级模型映射
 	channelMapping, _ := h.gatewayService.ResolveChannelMappingAndRestrict(c.Request.Context(), apiKey.GroupID, reqModel)
 	// Claude Code only restriction
 	if apiKey.Group != nil && apiKey.Group.ClaudeCodeOnly {
 		h.chatCompletionsErrorResponse(c, http.StatusForbidden, "permission_error",
@ -154,7 +157,7 @@ func (h *GatewayHandler) ChatCompletions(c *gin.Context) {
 	fs := NewFailoverState(h.maxAccountSwitches, false)
 	for {
-		selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), apiKey.GroupID, sessionHash, reqModel, fs.FailedAccountIDs, "")
+		selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), apiKey.GroupID, sessionHash, reqModel, fs.FailedAccountIDs, "", int64(0))
 		if err != nil {
 			if len(fs.FailedAccountIDs) == 0 {
 				h.chatCompletionsErrorResponse(c, http.StatusServiceUnavailable, "api_error", "No available accounts: "+err.Error())
@ -203,7 +206,11 @@ func (h *GatewayHandler) ChatCompletions(c *gin.Context) {
 		// 5. Forward request
 		writerSizeBeforeForward := c.Writer.Size()
-		result, err := h.gatewayService.ForwardAsChatCompletions(c.Request.Context(), c, account, body, parsedReq)
+		forwardBody := body
 		if channelMapping.Mapped {
 			forwardBody = h.gatewayService.ReplaceModelInBody(body, channelMapping.MappedModel)
 		}
 		result, err := h.gatewayService.ForwardAsChatCompletions(c.Request.Context(), c, account, forwardBody, parsedReq)
 		if accountReleaseFunc != nil {
 			accountReleaseFunc()
@ -255,6 +262,7 @@ func (h *GatewayHandler) ChatCompletions(c *gin.Context) {
 				IPAddress:          clientIP,
 				RequestPayloadHash: requestPayloadHash,
 				APIKeyService:      h.apiKeyService,
 				ChannelUsageFields: channelMapping.ToUsageFields(reqModel, result.UpstreamModel),
 			}); err != nil {
 				reqLog.Error("gateway.cc.record_usage_failed",
 					zap.Int64("account_id", account.ID),
--- a/backend/internal/handler/gateway_handler_responses.go
+++ b/backend/internal/handler/gateway_handler_responses.go
@ -80,6 +80,9 @@ func (h *GatewayHandler) Responses(c *gin.Context) {
 	setOpsRequestContext(c, reqModel, reqStream, body)
 	setOpsEndpointContext(c, "", int16(service.RequestTypeFromLegacy(reqStream, false)))
 	// 解析渠道级模型映射
 	channelMapping, _ := h.gatewayService.ResolveChannelMappingAndRestrict(c.Request.Context(), apiKey.GroupID, reqModel)
 	// Claude Code only restriction:
 	// /v1/responses is never a Claude Code endpoint.
 	// When claude_code_only is enabled, this endpoint is rejected.
@ -159,7 +162,7 @@ func (h *GatewayHandler) Responses(c *gin.Context) {
 	fs := NewFailoverState(h.maxAccountSwitches, false)
 	for {
-		selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), apiKey.GroupID, sessionHash, reqModel, fs.FailedAccountIDs, "")
+		selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), apiKey.GroupID, sessionHash, reqModel, fs.FailedAccountIDs, "", int64(0))
 		if err != nil {
 			if len(fs.FailedAccountIDs) == 0 {
 				h.responsesErrorResponse(c, http.StatusServiceUnavailable, "api_error", "No available accounts: "+err.Error())
@ -208,7 +211,11 @@ func (h *GatewayHandler) Responses(c *gin.Context) {
 		// 5. Forward request
 		writerSizeBeforeForward := c.Writer.Size()
-		result, err := h.gatewayService.ForwardAsResponses(c.Request.Context(), c, account, body, parsedReq)
+		forwardBody := body
 		if channelMapping.Mapped {
 			forwardBody = h.gatewayService.ReplaceModelInBody(body, channelMapping.MappedModel)
 		}
 		result, err := h.gatewayService.ForwardAsResponses(c.Request.Context(), c, account, forwardBody, parsedReq)
 		if accountReleaseFunc != nil {
 			accountReleaseFunc()
@ -261,6 +268,7 @@ func (h *GatewayHandler) Responses(c *gin.Context) {
 				IPAddress:          clientIP,
 				RequestPayloadHash: requestPayloadHash,
 				APIKeyService:      h.apiKeyService,
 				ChannelUsageFields: channelMapping.ToUsageFields(reqModel, result.UpstreamModel),
 			}); err != nil {
 				reqLog.Error("gateway.responses.record_usage_failed",
 					zap.Int64("account_id", account.ID),
--- a/backend/internal/handler/gateway_handler_warmup_intercept_unit_test.go
+++ b/backend/internal/handler/gateway_handler_warmup_intercept_unit_test.go
@ -161,6 +161,8 @@ func newTestGatewayHandler(t *testing.T, group *service.Group, accounts []*servi
 		nil, // digestStore
 		nil, // settingService
 		nil, // tlsFPProfileService
 		nil, // channelService
 		nil, // resolver
 	)
 	// RunModeSimple：跳过计费检查，避免引入 repo/cache 依赖。
--- a/backend/internal/handler/gemini_v1beta_handler.go
+++ b/backend/internal/handler/gemini_v1beta_handler.go
@ -121,7 +121,7 @@ func (h *GatewayHandler) GeminiV1BetaGetModel(c *gin.Context) {
 		googleError(c, http.StatusBadGateway, err.Error())
 		return
 	}
-	if shouldFallbackGeminiModels(res) {
+	if shouldFallbackGeminiModel(modelName, res) {
 		c.JSON(http.StatusOK, gemini.FallbackModel(modelName))
 		return
 	}
@ -184,6 +184,13 @@ func (h *GatewayHandler) GeminiV1BetaModels(c *gin.Context) {
 	setOpsRequestContext(c, modelName, stream, body)
 	setOpsEndpointContext(c, "", int16(service.RequestTypeFromLegacy(stream, false)))
 	// 解析渠道级模型映射
 	channelMapping, _ := h.gatewayService.ResolveChannelMappingAndRestrict(c.Request.Context(), apiKey.GroupID, modelName)
 	reqModel := modelName // 保存映射前的原始模型名
 	if channelMapping.Mapped {
 		modelName = channelMapping.MappedModel
 	}
 	// Get subscription (may be nil)
 	subscription, _ := middleware.GetSubscriptionFromContext(c)
@ -353,7 +360,7 @@ func (h *GatewayHandler) GeminiV1BetaModels(c *gin.Context) {
 	}
 	for {
-		selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), apiKey.GroupID, sessionKey, modelName, fs.FailedAccountIDs, "") // Gemini 不使用会话限制
+		selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), apiKey.GroupID, sessionKey, modelName, fs.FailedAccountIDs, "", int64(0)) // Gemini 不使用会话限制
 		if err != nil {
 			if len(fs.FailedAccountIDs) == 0 {
 				googleError(c, http.StatusServiceUnavailable, "No available Gemini accounts: "+err.Error())
@ -523,6 +530,7 @@ func (h *GatewayHandler) GeminiV1BetaModels(c *gin.Context) {
 				LongContextMultiplier: 2.0,    // 超出部分双倍计费
 				ForceCacheBilling:     fs.ForceCacheBilling,
 				APIKeyService:         h.apiKeyService,
 				ChannelUsageFields:    channelMapping.ToUsageFields(reqModel, result.UpstreamModel),
 			}); err != nil {
 				logger.L().With(
 					zap.String("component", "handler.gemini_v1beta.models"),
@ -674,6 +682,16 @@ func shouldFallbackGeminiModels(res *service.UpstreamHTTPResult) bool {
 	return false
 }
 func shouldFallbackGeminiModel(modelName string, res *service.UpstreamHTTPResult) bool {
 	if shouldFallbackGeminiModels(res) {
 		return true
 	}
 	if res == nil || res.StatusCode != http.StatusNotFound {
 		return false
 	}
 	return gemini.HasFallbackModel(modelName)
 }
 // extractGeminiCLISessionHash 从 Gemini CLI 请求中提取会话标识。
 // 组合 x-gemini-api-privileged-user-id header 和请求体中的 tmp 目录哈希。
 //
--- a/backend/internal/handler/gemini_v1beta_handler_test.go
+++ b/backend/internal/handler/gemini_v1beta_handler_test.go
@ -3,6 +3,7 @@
 package handler
 import (
 	"net/http"
 	"testing"
 	"github.com/Wei-Shaw/sub2api/internal/service"
@ -141,3 +142,28 @@ func TestGeminiV1BetaHandler_GetModelAntigravityFallback(t *testing.T) {
 		})
 	}
 }
 func TestShouldFallbackGeminiModel_KnownFallbackOn404(t *testing.T) {
 	t.Parallel()
 	res := &service.UpstreamHTTPResult{StatusCode: http.StatusNotFound}
 	require.True(t, shouldFallbackGeminiModel("gemini-3.1-pro-preview-customtools", res))
 }
 func TestShouldFallbackGeminiModel_UnknownModelOn404(t *testing.T) {
 	t.Parallel()
 	res := &service.UpstreamHTTPResult{StatusCode: http.StatusNotFound}
 	require.False(t, shouldFallbackGeminiModel("gemini-future-model", res))
 }
 func TestShouldFallbackGeminiModel_DelegatesScopeFallback(t *testing.T) {
 	t.Parallel()
 	res := &service.UpstreamHTTPResult{
 		StatusCode: http.StatusForbidden,
 		Headers:    http.Header{"Www-Authenticate": []string{"Bearer error=\"insufficient_scope\""}},
 		Body:       []byte("insufficient authentication scopes"),
 	}
 	require.True(t, shouldFallbackGeminiModel("gemini-future-model", res))
 }
--- a/backend/internal/handler/handler.go
+++ b/backend/internal/handler/handler.go
@ -30,6 +30,7 @@ type AdminHandlers struct {
 	TLSFingerprintProfile *admin.TLSFingerprintProfileHandler
 	APIKey                *admin.AdminAPIKeyHandler
 	ScheduledTest         *admin.ScheduledTestHandler
 	Channel               *admin.ChannelHandler
 }
 // Handlers contains all HTTP handlers
@ -44,8 +45,6 @@ type Handlers struct {
 	Admin         *AdminHandlers
 	Gateway       *GatewayHandler
 	OpenAIGateway *OpenAIGatewayHandler
 	SoraGateway   *SoraGatewayHandler
 	SoraClient    *SoraClientHandler
 	Setting       *SettingHandler
 	Totp          *TotpHandler
 }
--- a/backend/internal/handler/openai_chat_completions.go
+++ b/backend/internal/handler/openai_chat_completions.go
@ -79,6 +79,9 @@ func (h *OpenAIGatewayHandler) ChatCompletions(c *gin.Context) {
 	setOpsRequestContext(c, reqModel, reqStream, body)
 	setOpsEndpointContext(c, "", int16(service.RequestTypeFromLegacy(reqStream, false)))
 	// 解析渠道级模型映射
 	channelMapping, _ := h.gatewayService.ResolveChannelMappingAndRestrict(c.Request.Context(), apiKey.GroupID, reqModel)
 	if h.errorPassthroughService != nil {
 		service.BindErrorPassthroughService(c, h.errorPassthroughService)
 	}
@ -183,7 +186,11 @@ func (h *OpenAIGatewayHandler) ChatCompletions(c *gin.Context) {
 		forwardStart := time.Now()
 		defaultMappedModel := resolveOpenAIForwardDefaultMappedModel(apiKey, c.GetString("openai_chat_completions_fallback_model"))
-		result, err := h.gatewayService.ForwardAsChatCompletions(c.Request.Context(), c, account, body, promptCacheKey, defaultMappedModel)
+		forwardBody := body
 		if channelMapping.Mapped {
 			forwardBody = h.gatewayService.ReplaceModelInBody(body, channelMapping.MappedModel)
 		}
 		result, err := h.gatewayService.ForwardAsChatCompletions(c.Request.Context(), c, account, forwardBody, promptCacheKey, defaultMappedModel)
 		forwardDurationMs := time.Since(forwardStart).Milliseconds()
 		if accountReleaseFunc != nil {
@ -257,16 +264,17 @@ func (h *OpenAIGatewayHandler) ChatCompletions(c *gin.Context) {
 		h.submitUsageRecordTask(func(ctx context.Context) {
 			if err := h.gatewayService.RecordUsage(ctx, &service.OpenAIRecordUsageInput{
-				Result:           result,
+				Result:             result,
-				APIKey:           apiKey,
+				APIKey:             apiKey,
-				User:             apiKey.User,
+				User:               apiKey.User,
-				Account:          account,
+				Account:            account,
-				Subscription:     subscription,
+				Subscription:       subscription,
-				InboundEndpoint:  GetInboundEndpoint(c),
+				InboundEndpoint:    GetInboundEndpoint(c),
-				UpstreamEndpoint: GetUpstreamEndpoint(c, account.Platform),
+				UpstreamEndpoint:   GetUpstreamEndpoint(c, account.Platform),
-				UserAgent:        userAgent,
+				UserAgent:          userAgent,
-				IPAddress:        clientIP,
+				IPAddress:          clientIP,
-				APIKeyService:    h.apiKeyService,
+				APIKeyService:      h.apiKeyService,
 				ChannelUsageFields: channelMapping.ToUsageFields(reqModel, result.UpstreamModel),
 			}); err != nil {
 				logger.L().With(
 					zap.String("component", "handler.openai_gateway.chat_completions"),
--- a/backend/internal/handler/openai_gateway_handler.go
+++ b/backend/internal/handler/openai_gateway_handler.go
@ -185,6 +185,9 @@ func (h *OpenAIGatewayHandler) Responses(c *gin.Context) {
 	setOpsRequestContext(c, reqModel, reqStream, body)
 	setOpsEndpointContext(c, "", int16(service.RequestTypeFromLegacy(reqStream, false)))
 	// 解析渠道级模型映射
 	channelMapping, _ := h.gatewayService.ResolveChannelMappingAndRestrict(c.Request.Context(), apiKey.GroupID, reqModel)
 	// 提前校验 function_call_output 是否具备可关联上下文，避免上游 400。
 	if !h.validateFunctionCallOutputRequest(c, body, reqLog) {
 		return
@ -284,7 +287,12 @@ func (h *OpenAIGatewayHandler) Responses(c *gin.Context) {
 		// Forward request
 		service.SetOpsLatencyMs(c, service.OpsRoutingLatencyMsKey, time.Since(routingStart).Milliseconds())
 		forwardStart := time.Now()
-		result, err := h.gatewayService.Forward(c.Request.Context(), c, account, body)
+		// 应用渠道模型映射到请求体
 		forwardBody := body
 		if channelMapping.Mapped {
 			forwardBody = h.gatewayService.ReplaceModelInBody(body, channelMapping.MappedModel)
 		}
 		result, err := h.gatewayService.Forward(c.Request.Context(), c, account, forwardBody)
 		forwardDurationMs := time.Since(forwardStart).Milliseconds()
 		if accountReleaseFunc != nil {
 			accountReleaseFunc()
@ -379,6 +387,7 @@ func (h *OpenAIGatewayHandler) Responses(c *gin.Context) {
 				IPAddress:          clientIP,
 				RequestPayloadHash: requestPayloadHash,
 				APIKeyService:      h.apiKeyService,
 				ChannelUsageFields: channelMapping.ToUsageFields(reqModel, result.UpstreamModel),
 			}); err != nil {
 				logger.L().With(
 					zap.String("component", "handler.openai_gateway.responses"),
@ -549,6 +558,9 @@ func (h *OpenAIGatewayHandler) Messages(c *gin.Context) {
 	setOpsRequestContext(c, reqModel, reqStream, body)
 	setOpsEndpointContext(c, "", int16(service.RequestTypeFromLegacy(reqStream, false)))
 	// 解析渠道级模型映射
 	channelMappingMsg, _ := h.gatewayService.ResolveChannelMappingAndRestrict(c.Request.Context(), apiKey.GroupID, reqModel)
 	// 绑定错误透传服务，允许 service 层在非 failover 错误场景复用规则。
 	if h.errorPassthroughService != nil {
 		service.BindErrorPassthroughService(c, h.errorPassthroughService)
@ -673,7 +685,12 @@ func (h *OpenAIGatewayHandler) Messages(c *gin.Context) {
 		// Forward 层需要始终拿到 group 默认映射模型，这样未命中账号级映射的
 		// Claude 兼容模型才不会在后续 Codex 规范化中意外退化到 gpt-5.1。
 		defaultMappedModel := resolveOpenAIForwardDefaultMappedModel(apiKey, c.GetString("openai_messages_fallback_model"))
-		result, err := h.gatewayService.ForwardAsAnthropic(c.Request.Context(), c, account, body, promptCacheKey, defaultMappedModel)
+		// 应用渠道模型映射到请求体
 		forwardBody := body
 		if channelMappingMsg.Mapped {
 			forwardBody = h.gatewayService.ReplaceModelInBody(body, channelMappingMsg.MappedModel)
 		}
 		result, err := h.gatewayService.ForwardAsAnthropic(c.Request.Context(), c, account, forwardBody, promptCacheKey, defaultMappedModel)
 		forwardDurationMs := time.Since(forwardStart).Milliseconds()
 		if accountReleaseFunc != nil {
@ -759,6 +776,7 @@ func (h *OpenAIGatewayHandler) Messages(c *gin.Context) {
 				IPAddress:          clientIP,
 				RequestPayloadHash: requestPayloadHash,
 				APIKeyService:      h.apiKeyService,
 				ChannelUsageFields: channelMappingMsg.ToUsageFields(reqModel, result.UpstreamModel),
 			}); err != nil {
 				logger.L().With(
 					zap.String("component", "handler.openai_gateway.messages"),
@ -1101,6 +1119,9 @@ func (h *OpenAIGatewayHandler) ResponsesWebSocket(c *gin.Context) {
 	setOpsRequestContext(c, reqModel, true, firstMessage)
 	setOpsEndpointContext(c, "", int16(service.RequestTypeWSV2))
 	// 解析渠道级模型映射
 	channelMappingWS, _ := h.gatewayService.ResolveChannelMappingAndRestrict(ctx, apiKey.GroupID, reqModel)
 	var currentUserRelease func()
 	var currentAccountRelease func()
 	releaseTurnSlots := func() {
@ -1259,6 +1280,7 @@ func (h *OpenAIGatewayHandler) ResponsesWebSocket(c *gin.Context) {
 					IPAddress:          clientIP,
 					RequestPayloadHash: service.HashUsageRequestPayload(firstMessage),
 					APIKeyService:      h.apiKeyService,
 					ChannelUsageFields: channelMappingWS.ToUsageFields(reqModel, result.UpstreamModel),
 				}); err != nil {
 					reqLog.Error("openai.websocket_record_usage_failed",
 						zap.Int64("account_id", account.ID),
@ -1270,7 +1292,13 @@ func (h *OpenAIGatewayHandler) ResponsesWebSocket(c *gin.Context) {
 		},
 	}
-	if err := h.gatewayService.ProxyResponsesWebSocketFromClient(ctx, c, wsConn, account, token, firstMessage, hooks); err != nil {
+	// 应用渠道模型映射到 WebSocket 首条消息
 	wsFirstMessage := firstMessage
 	if channelMappingWS.Mapped {
 		wsFirstMessage = h.gatewayService.ReplaceModelInBody(firstMessage, channelMappingWS.MappedModel)
 	}
 	if err := h.gatewayService.ProxyResponsesWebSocketFromClient(ctx, c, wsConn, account, token, wsFirstMessage, hooks); err != nil {
 		h.gatewayService.ReportOpenAIAccountScheduleResult(account.ID, false, nil)
 		closeStatus, closeReason := summarizeWSCloseErrorForLog(err)
 		reqLog.Warn("openai.websocket_proxy_failed",
--- a/backend/internal/handler/setting_handler.go
+++ b/backend/internal/handler/setting_handler.go
@ -54,7 +54,6 @@ func (h *SettingHandler) GetPublicSettings(c *gin.Context) {
 		CustomMenuItems:                  dto.ParseUserVisibleMenuItems(settings.CustomMenuItems),
 		CustomEndpoints:                  dto.ParseCustomEndpoints(settings.CustomEndpoints),
 		LinuxDoOAuthEnabled:              settings.LinuxDoOAuthEnabled,
 		SoraClientEnabled:                settings.SoraClientEnabled,
 		BackendModeEnabled:               settings.BackendModeEnabled,
 		Version:                          h.version,
 	})
--- a/backend/internal/handler/sora_client_handler.go
+++ b/backend/internal/handler/sora_client_handler.go
@ -1,979 +0,0 @@
 package handler
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/ctxkey"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/logger"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/response"
 	middleware2 "github.com/Wei-Shaw/sub2api/internal/server/middleware"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/gin-gonic/gin"
 )
 const (
 	// 上游模型缓存 TTL
 	modelCacheTTL       = 1 * time.Hour   // 上游获取成功
 	modelCacheFailedTTL = 2 * time.Minute // 上游获取失败（降级到本地）
 )
 // SoraClientHandler 处理 Sora 客户端 API 请求。
 type SoraClientHandler struct {
 	genService         *service.SoraGenerationService
 	quotaService       *service.SoraQuotaService
 	s3Storage          *service.SoraS3Storage
 	soraGatewayService *service.SoraGatewayService
 	gatewayService     *service.GatewayService
 	mediaStorage       *service.SoraMediaStorage
 	apiKeyService      *service.APIKeyService
 	// 上游模型缓存
 	modelCacheMu       sync.RWMutex
 	cachedFamilies     []service.SoraModelFamily
 	modelCacheTime     time.Time
 	modelCacheUpstream bool // 是否来自上游（决定 TTL）
 }
 // NewSoraClientHandler 创建 Sora 客户端 Handler。
 func NewSoraClientHandler(
 	genService *service.SoraGenerationService,
 	quotaService *service.SoraQuotaService,
 	s3Storage *service.SoraS3Storage,
 	soraGatewayService *service.SoraGatewayService,
 	gatewayService *service.GatewayService,
 	mediaStorage *service.SoraMediaStorage,
 	apiKeyService *service.APIKeyService,
 ) *SoraClientHandler {
 	return &SoraClientHandler{
 		genService:         genService,
 		quotaService:       quotaService,
 		s3Storage:          s3Storage,
 		soraGatewayService: soraGatewayService,
 		gatewayService:     gatewayService,
 		mediaStorage:       mediaStorage,
 		apiKeyService:      apiKeyService,
 	}
 }
 // GenerateRequest 生成请求。
 type GenerateRequest struct {
 	Model      string `json:"model" binding:"required"`
 	Prompt     string `json:"prompt" binding:"required"`
 	MediaType  string `json:"media_type"`            // video / image，默认 video
 	VideoCount int    `json:"video_count,omitempty"` // 视频数量（1-3）
 	ImageInput string `json:"image_input,omitempty"` // 参考图（base64 或 URL）
 	APIKeyID   *int64 `json:"api_key_id,omitempty"`  // 前端传递的 API Key ID
 }
 // Generate 异步生成 — 创建 pending 记录后立即返回。
 // POST /api/v1/sora/generate
 func (h *SoraClientHandler) Generate(c *gin.Context) {
 	userID := getUserIDFromContext(c)
 	if userID == 0 {
 		response.Error(c, http.StatusUnauthorized, "未登录")
 		return
 	}
 	var req GenerateRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		response.Error(c, http.StatusBadRequest, "参数错误: "+err.Error())
 		return
 	}
 	if req.MediaType == "" {
 		req.MediaType = "video"
 	}
 	req.VideoCount = normalizeVideoCount(req.MediaType, req.VideoCount)
 	// 并发数检查（最多 3 个）
 	activeCount, err := h.genService.CountActiveByUser(c.Request.Context(), userID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	if activeCount >= 3 {
 		response.Error(c, http.StatusTooManyRequests, "同时进行中的任务不能超过 3 个")
 		return
 	}
 	// 配额检查（粗略检查，实际文件大小在上传后才知道）
 	if h.quotaService != nil {
 		if err := h.quotaService.CheckQuota(c.Request.Context(), userID, 0); err != nil {
 			var quotaErr *service.QuotaExceededError
 			if errors.As(err, &quotaErr) {
 				response.Error(c, http.StatusTooManyRequests, "存储配额已满，请删除不需要的作品释放空间")
 				return
 			}
 			response.Error(c, http.StatusForbidden, err.Error())
 			return
 		}
 	}
 	// 获取 API Key ID 和 Group ID
 	var apiKeyID *int64
 	var groupID *int64
 	if req.APIKeyID != nil && h.apiKeyService != nil {
 		// 前端传递了 api_key_id，需要校验
 		apiKey, err := h.apiKeyService.GetByID(c.Request.Context(), *req.APIKeyID)
 		if err != nil {
 			response.Error(c, http.StatusBadRequest, "API Key 不存在")
 			return
 		}
 		if apiKey.UserID != userID {
 			response.Error(c, http.StatusForbidden, "API Key 不属于当前用户")
 			return
 		}
 		if apiKey.Status != service.StatusAPIKeyActive {
 			response.Error(c, http.StatusForbidden, "API Key 不可用")
 			return
 		}
 		apiKeyID = &apiKey.ID
 		groupID = apiKey.GroupID
 	} else if id, ok := c.Get("api_key_id"); ok {
 		// 兼容 API Key 认证路径（/sora/v1/ 网关路由）
 		if v, ok := id.(int64); ok {
 			apiKeyID = &v
 		}
 	}
 	gen, err := h.genService.CreatePending(c.Request.Context(), userID, apiKeyID, req.Model, req.Prompt, req.MediaType)
 	if err != nil {
 		if errors.Is(err, service.ErrSoraGenerationConcurrencyLimit) {
 			response.Error(c, http.StatusTooManyRequests, "同时进行中的任务不能超过 3 个")
 			return
 		}
 		response.ErrorFrom(c, err)
 		return
 	}
 	// 启动后台异步生成 goroutine
 	go h.processGeneration(gen.ID, userID, groupID, req.Model, req.Prompt, req.MediaType, req.ImageInput, req.VideoCount)
 	response.Success(c, gin.H{
 		"generation_id": gen.ID,
 		"status":        gen.Status,
 	})
 }
 // processGeneration 后台异步执行 Sora 生成任务。
 // 流程：选择账号 → Forward → 提取媒体 URL → 三层降级存储（S3 → 本地 → 上游）→ 更新记录。
 func (h *SoraClientHandler) processGeneration(genID int64, userID int64, groupID *int64, model, prompt, mediaType, imageInput string, videoCount int) {
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
 	defer cancel()
 	// 标记为生成中
 	if err := h.genService.MarkGenerating(ctx, genID, ""); err != nil {
 		if errors.Is(err, service.ErrSoraGenerationStateConflict) {
 			logger.LegacyPrintf("handler.sora_client", "[SoraClient] 任务状态已变化，跳过生成 id=%d", genID)
 			return
 		}
 		logger.LegacyPrintf("handler.sora_client", "[SoraClient] 标记生成中失败 id=%d err=%v", genID, err)
 		return
 	}
 	logger.LegacyPrintf(
 		"handler.sora_client",
 		"[SoraClient] 开始生成 id=%d user=%d group=%d model=%s media_type=%s video_count=%d has_image=%v prompt_len=%d",
 		genID,
 		userID,
 		groupIDForLog(groupID),
 		model,
 		mediaType,
 		videoCount,
 		strings.TrimSpace(imageInput) != "",
 		len(strings.TrimSpace(prompt)),
 	)
 	// 有 groupID 时由分组决定平台，无 groupID 时用 ForcePlatform 兜底
 	if groupID == nil {
 		ctx = context.WithValue(ctx, ctxkey.ForcePlatform, service.PlatformSora)
 	}
 	if h.gatewayService == nil {
 		_ = h.genService.MarkFailed(ctx, genID, "内部错误: gatewayService 未初始化")
 		return
 	}
 	// 选择 Sora 账号
 	account, err := h.gatewayService.SelectAccountForModel(ctx, groupID, "", model)
 	if err != nil {
 		logger.LegacyPrintf(
 			"handler.sora_client",
 			"[SoraClient] 选择账号失败 id=%d user=%d group=%d model=%s err=%v",
 			genID,
 			userID,
 			groupIDForLog(groupID),
 			model,
 			err,
 		)
 		_ = h.genService.MarkFailed(ctx, genID, "选择账号失败: "+err.Error())
 		return
 	}
 	logger.LegacyPrintf(
 		"handler.sora_client",
 		"[SoraClient] 选中账号 id=%d user=%d group=%d model=%s account_id=%d account_name=%s platform=%s type=%s",
 		genID,
 		userID,
 		groupIDForLog(groupID),
 		model,
 		account.ID,
 		account.Name,
 		account.Platform,
 		account.Type,
 	)
 	// 构建 chat completions 请求体（非流式）
 	body := buildAsyncRequestBody(model, prompt, imageInput, normalizeVideoCount(mediaType, videoCount))
 	if h.soraGatewayService == nil {
 		_ = h.genService.MarkFailed(ctx, genID, "内部错误: soraGatewayService 未初始化")
 		return
 	}
 	// 创建 mock gin 上下文用于 Forward（捕获响应以提取媒体 URL）
 	recorder := httptest.NewRecorder()
 	mockGinCtx, _ := gin.CreateTestContext(recorder)
 	mockGinCtx.Request, _ = http.NewRequest("POST", "/", nil)
 	// 调用 Forward（非流式）
 	result, err := h.soraGatewayService.Forward(ctx, mockGinCtx, account, body, false)
 	if err != nil {
 		logger.LegacyPrintf(
 			"handler.sora_client",
 			"[SoraClient] Forward失败 id=%d account_id=%d model=%s status=%d body=%s err=%v",
 			genID,
 			account.ID,
 			model,
 			recorder.Code,
 			trimForLog(recorder.Body.String(), 400),
 			err,
 		)
 		// 检查是否已取消
 		gen, _ := h.genService.GetByID(ctx, genID, userID)
 		if gen != nil && gen.Status == service.SoraGenStatusCancelled {
 			return
 		}
 		_ = h.genService.MarkFailed(ctx, genID, "生成失败: "+err.Error())
 		return
 	}
 	// 提取媒体 URL（优先从 ForwardResult，其次从响应体解析）
 	mediaURL, mediaURLs := extractMediaURLsFromResult(result, recorder)
 	if mediaURL == "" {
 		logger.LegacyPrintf(
 			"handler.sora_client",
 			"[SoraClient] 未提取到媒体URL id=%d account_id=%d model=%s status=%d body=%s",
 			genID,
 			account.ID,
 			model,
 			recorder.Code,
 			trimForLog(recorder.Body.String(), 400),
 		)
 		_ = h.genService.MarkFailed(ctx, genID, "未获取到媒体 URL")
 		return
 	}
 	// 检查任务是否已被取消
 	gen, _ := h.genService.GetByID(ctx, genID, userID)
 	if gen != nil && gen.Status == service.SoraGenStatusCancelled {
 		logger.LegacyPrintf("handler.sora_client", "[SoraClient] 任务已取消，跳过存储 id=%d", genID)
 		return
 	}
 	// 三层降级存储：S3 → 本地 → 上游临时 URL
 	storedURL, storedURLs, storageType, s3Keys, fileSize := h.storeMediaWithDegradation(ctx, userID, mediaType, mediaURL, mediaURLs)
 	usageAdded := false
 	if (storageType == service.SoraStorageTypeS3 || storageType == service.SoraStorageTypeLocal) && fileSize > 0 && h.quotaService != nil {
 		if err := h.quotaService.AddUsage(ctx, userID, fileSize); err != nil {
 			h.cleanupStoredMedia(ctx, storageType, s3Keys, storedURLs)
 			var quotaErr *service.QuotaExceededError
 			if errors.As(err, &quotaErr) {
 				_ = h.genService.MarkFailed(ctx, genID, "存储配额已满，请删除不需要的作品释放空间")
 				return
 			}
 			_ = h.genService.MarkFailed(ctx, genID, "存储配额更新失败: "+err.Error())
 			return
 		}
 		usageAdded = true
 	}
 	// 存储完成后再做一次取消检查，防止取消被 completed 覆盖。
 	gen, _ = h.genService.GetByID(ctx, genID, userID)
 	if gen != nil && gen.Status == service.SoraGenStatusCancelled {
 		logger.LegacyPrintf("handler.sora_client", "[SoraClient] 存储后检测到任务已取消，回滚存储 id=%d", genID)
 		h.cleanupStoredMedia(ctx, storageType, s3Keys, storedURLs)
 		if usageAdded && h.quotaService != nil {
 			_ = h.quotaService.ReleaseUsage(ctx, userID, fileSize)
 		}
 		return
 	}
 	// 标记完成
 	if err := h.genService.MarkCompleted(ctx, genID, storedURL, storedURLs, storageType, s3Keys, fileSize); err != nil {
 		if errors.Is(err, service.ErrSoraGenerationStateConflict) {
 			h.cleanupStoredMedia(ctx, storageType, s3Keys, storedURLs)
 			if usageAdded && h.quotaService != nil {
 				_ = h.quotaService.ReleaseUsage(ctx, userID, fileSize)
 			}
 			return
 		}
 		logger.LegacyPrintf("handler.sora_client", "[SoraClient] 标记完成失败 id=%d err=%v", genID, err)
 		return
 	}
 	logger.LegacyPrintf("handler.sora_client", "[SoraClient] 生成完成 id=%d storage=%s size=%d", genID, storageType, fileSize)
 }
 // storeMediaWithDegradation 实现三层降级存储链：S3 → 本地 → 上游。
 func (h *SoraClientHandler) storeMediaWithDegradation(
 	ctx context.Context, userID int64, mediaType string,
 	mediaURL string, mediaURLs []string,
 ) (storedURL string, storedURLs []string, storageType string, s3Keys []string, fileSize int64) {
 	urls := mediaURLs
 	if len(urls) == 0 {
 		urls = []string{mediaURL}
 	}
 	// 第一层：尝试 S3
 	if h.s3Storage != nil && h.s3Storage.Enabled(ctx) {
 		keys := make([]string, 0, len(urls))
 		var totalSize int64
 		allOK := true
 		for _, u := range urls {
 			key, size, err := h.s3Storage.UploadFromURL(ctx, userID, u)
 			if err != nil {
 				logger.LegacyPrintf("handler.sora_client", "[SoraClient] S3 上传失败 err=%v", err)
 				allOK = false
 				// 清理已上传的文件
 				if len(keys) > 0 {
 					_ = h.s3Storage.DeleteObjects(ctx, keys)
 				}
 				break
 			}
 			keys = append(keys, key)
 			totalSize += size
 		}
 		if allOK && len(keys) > 0 {
 			accessURLs := make([]string, 0, len(keys))
 			for _, key := range keys {
 				accessURL, err := h.s3Storage.GetAccessURL(ctx, key)
 				if err != nil {
 					logger.LegacyPrintf("handler.sora_client", "[SoraClient] 生成 S3 访问 URL 失败 err=%v", err)
 					_ = h.s3Storage.DeleteObjects(ctx, keys)
 					allOK = false
 					break
 				}
 				accessURLs = append(accessURLs, accessURL)
 			}
 			if allOK && len(accessURLs) > 0 {
 				return accessURLs[0], accessURLs, service.SoraStorageTypeS3, keys, totalSize
 			}
 		}
 	}
 	// 第二层：尝试本地存储
 	if h.mediaStorage != nil && h.mediaStorage.Enabled() {
 		storedPaths, err := h.mediaStorage.StoreFromURLs(ctx, mediaType, urls)
 		if err == nil && len(storedPaths) > 0 {
 			firstPath := storedPaths[0]
 			totalSize, sizeErr := h.mediaStorage.TotalSizeByRelativePaths(storedPaths)
 			if sizeErr != nil {
 				logger.LegacyPrintf("handler.sora_client", "[SoraClient] 统计本地文件大小失败 err=%v", sizeErr)
 			}
 			return firstPath, storedPaths, service.SoraStorageTypeLocal, nil, totalSize
 		}
 		logger.LegacyPrintf("handler.sora_client", "[SoraClient] 本地存储失败 err=%v", err)
 	}
 	// 第三层：保留上游临时 URL
 	return urls[0], urls, service.SoraStorageTypeUpstream, nil, 0
 }
 // buildAsyncRequestBody 构建 Sora 异步生成的 chat completions 请求体。
 func buildAsyncRequestBody(model, prompt, imageInput string, videoCount int) []byte {
 	body := map[string]any{
 		"model": model,
 		"messages": []map[string]string{
 			{"role": "user", "content": prompt},
 		},
 		"stream": false,
 	}
 	if imageInput != "" {
 		body["image_input"] = imageInput
 	}
 	if videoCount > 1 {
 		body["video_count"] = videoCount
 	}
 	b, _ := json.Marshal(body)
 	return b
 }
 func normalizeVideoCount(mediaType string, videoCount int) int {
 	if mediaType != "video" {
 		return 1
 	}
 	if videoCount <= 0 {
 		return 1
 	}
 	if videoCount > 3 {
 		return 3
 	}
 	return videoCount
 }
 // extractMediaURLsFromResult 从 Forward 结果和响应体中提取媒体 URL。
 // OAuth 路径：ForwardResult.MediaURL 已填充。
 // APIKey 路径：需从响应体解析 media_url / media_urls 字段。
 func extractMediaURLsFromResult(result *service.ForwardResult, recorder *httptest.ResponseRecorder) (string, []string) {
 	// 优先从 ForwardResult 获取（OAuth 路径）
 	if result != nil && result.MediaURL != "" {
 		// 尝试从响应体获取完整 URL 列表
 		if urls := parseMediaURLsFromBody(recorder.Body.Bytes()); len(urls) > 0 {
 			return urls[0], urls
 		}
 		return result.MediaURL, []string{result.MediaURL}
 	}
 	// 从响应体解析（APIKey 路径）
 	if urls := parseMediaURLsFromBody(recorder.Body.Bytes()); len(urls) > 0 {
 		return urls[0], urls
 	}
 	return "", nil
 }
 // parseMediaURLsFromBody 从 JSON 响应体中解析 media_url / media_urls 字段。
 func parseMediaURLsFromBody(body []byte) []string {
 	if len(body) == 0 {
 		return nil
 	}
 	var resp map[string]any
 	if err := json.Unmarshal(body, &resp); err != nil {
 		return nil
 	}
 	// 优先 media_urls（多图数组）
 	if rawURLs, ok := resp["media_urls"]; ok {
 		if arr, ok := rawURLs.([]any); ok && len(arr) > 0 {
 			urls := make([]string, 0, len(arr))
 			for _, item := range arr {
 				if s, ok := item.(string); ok && s != "" {
 					urls = append(urls, s)
 				}
 			}
 			if len(urls) > 0 {
 				return urls
 			}
 		}
 	}
 	// 回退到 media_url（单个 URL）
 	if url, ok := resp["media_url"].(string); ok && url != "" {
 		return []string{url}
 	}
 	return nil
 }
 // ListGenerations 查询生成记录列表。
 // GET /api/v1/sora/generations
 func (h *SoraClientHandler) ListGenerations(c *gin.Context) {
 	userID := getUserIDFromContext(c)
 	if userID == 0 {
 		response.Error(c, http.StatusUnauthorized, "未登录")
 		return
 	}
 	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
 	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
 	params := service.SoraGenerationListParams{
 		UserID:      userID,
 		Status:      c.Query("status"),
 		StorageType: c.Query("storage_type"),
 		MediaType:   c.Query("media_type"),
 		Page:        page,
 		PageSize:    pageSize,
 	}
 	gens, total, err := h.genService.List(c.Request.Context(), params)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	// 为 S3 记录动态生成预签名 URL
 	for _, gen := range gens {
 		_ = h.genService.ResolveMediaURLs(c.Request.Context(), gen)
 	}
 	response.Success(c, gin.H{
 		"data":  gens,
 		"total": total,
 		"page":  page,
 	})
 }
 // GetGeneration 查询生成记录详情。
 // GET /api/v1/sora/generations/:id
 func (h *SoraClientHandler) GetGeneration(c *gin.Context) {
 	userID := getUserIDFromContext(c)
 	if userID == 0 {
 		response.Error(c, http.StatusUnauthorized, "未登录")
 		return
 	}
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
 		response.Error(c, http.StatusBadRequest, "无效的 ID")
 		return
 	}
 	gen, err := h.genService.GetByID(c.Request.Context(), id, userID)
 	if err != nil {
 		response.Error(c, http.StatusNotFound, err.Error())
 		return
 	}
 	_ = h.genService.ResolveMediaURLs(c.Request.Context(), gen)
 	response.Success(c, gen)
 }
 // DeleteGeneration 删除生成记录。
 // DELETE /api/v1/sora/generations/:id
 func (h *SoraClientHandler) DeleteGeneration(c *gin.Context) {
 	userID := getUserIDFromContext(c)
 	if userID == 0 {
 		response.Error(c, http.StatusUnauthorized, "未登录")
 		return
 	}
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
 		response.Error(c, http.StatusBadRequest, "无效的 ID")
 		return
 	}
 	gen, err := h.genService.GetByID(c.Request.Context(), id, userID)
 	if err != nil {
 		response.Error(c, http.StatusNotFound, err.Error())
 		return
 	}
 	// 先尝试清理本地文件，再删除记录（清理失败不阻塞删除）。
 	if gen.StorageType == service.SoraStorageTypeLocal && h.mediaStorage != nil {
 		paths := gen.MediaURLs
 		if len(paths) == 0 && gen.MediaURL != "" {
 			paths = []string{gen.MediaURL}
 		}
 		if err := h.mediaStorage.DeleteByRelativePaths(paths); err != nil {
 			logger.LegacyPrintf("handler.sora_client", "[SoraClient] 删除本地文件失败 id=%d err=%v", id, err)
 		}
 	}
 	if err := h.genService.Delete(c.Request.Context(), id, userID); err != nil {
 		response.Error(c, http.StatusNotFound, err.Error())
 		return
 	}
 	response.Success(c, gin.H{"message": "已删除"})
 }
 // GetQuota 查询用户存储配额。
 // GET /api/v1/sora/quota
 func (h *SoraClientHandler) GetQuota(c *gin.Context) {
 	userID := getUserIDFromContext(c)
 	if userID == 0 {
 		response.Error(c, http.StatusUnauthorized, "未登录")
 		return
 	}
 	if h.quotaService == nil {
 		response.Success(c, service.QuotaInfo{QuotaSource: "unlimited", Source: "unlimited"})
 		return
 	}
 	quota, err := h.quotaService.GetQuota(c.Request.Context(), userID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, quota)
 }
 // CancelGeneration 取消生成任务。
 // POST /api/v1/sora/generations/:id/cancel
 func (h *SoraClientHandler) CancelGeneration(c *gin.Context) {
 	userID := getUserIDFromContext(c)
 	if userID == 0 {
 		response.Error(c, http.StatusUnauthorized, "未登录")
 		return
 	}
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
 		response.Error(c, http.StatusBadRequest, "无效的 ID")
 		return
 	}
 	// 权限校验
 	gen, err := h.genService.GetByID(c.Request.Context(), id, userID)
 	if err != nil {
 		response.Error(c, http.StatusNotFound, err.Error())
 		return
 	}
 	_ = gen
 	if err := h.genService.MarkCancelled(c.Request.Context(), id); err != nil {
 		if errors.Is(err, service.ErrSoraGenerationNotActive) {
 			response.Error(c, http.StatusConflict, "任务已结束，无法取消")
 			return
 		}
 		response.Error(c, http.StatusBadRequest, err.Error())
 		return
 	}
 	response.Success(c, gin.H{"message": "已取消"})
 }
 // SaveToStorage 手动保存 upstream 记录到 S3。
 // POST /api/v1/sora/generations/:id/save
 func (h *SoraClientHandler) SaveToStorage(c *gin.Context) {
 	userID := getUserIDFromContext(c)
 	if userID == 0 {
 		response.Error(c, http.StatusUnauthorized, "未登录")
 		return
 	}
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
 		response.Error(c, http.StatusBadRequest, "无效的 ID")
 		return
 	}
 	gen, err := h.genService.GetByID(c.Request.Context(), id, userID)
 	if err != nil {
 		response.Error(c, http.StatusNotFound, err.Error())
 		return
 	}
 	if gen.StorageType != service.SoraStorageTypeUpstream {
 		response.Error(c, http.StatusBadRequest, "仅 upstream 类型的记录可手动保存")
 		return
 	}
 	if gen.MediaURL == "" {
 		response.Error(c, http.StatusBadRequest, "媒体 URL 为空，可能已过期")
 		return
 	}
 	if h.s3Storage == nil || !h.s3Storage.Enabled(c.Request.Context()) {
 		response.Error(c, http.StatusServiceUnavailable, "云存储未配置，请联系管理员")
 		return
 	}
 	sourceURLs := gen.MediaURLs
 	if len(sourceURLs) == 0 && gen.MediaURL != "" {
 		sourceURLs = []string{gen.MediaURL}
 	}
 	if len(sourceURLs) == 0 {
 		response.Error(c, http.StatusBadRequest, "媒体 URL 为空，可能已过期")
 		return
 	}
 	uploadedKeys := make([]string, 0, len(sourceURLs))
 	accessURLs := make([]string, 0, len(sourceURLs))
 	var totalSize int64
 	for _, sourceURL := range sourceURLs {
 		objectKey, fileSize, uploadErr := h.s3Storage.UploadFromURL(c.Request.Context(), userID, sourceURL)
 		if uploadErr != nil {
 			if len(uploadedKeys) > 0 {
 				_ = h.s3Storage.DeleteObjects(c.Request.Context(), uploadedKeys)
 			}
 			var upstreamErr *service.UpstreamDownloadError
 			if errors.As(uploadErr, &upstreamErr) && (upstreamErr.StatusCode == http.StatusForbidden || upstreamErr.StatusCode == http.StatusNotFound) {
 				response.Error(c, http.StatusGone, "媒体链接已过期，无法保存")
 				return
 			}
 			response.Error(c, http.StatusInternalServerError, "上传到 S3 失败: "+uploadErr.Error())
 			return
 		}
 		accessURL, err := h.s3Storage.GetAccessURL(c.Request.Context(), objectKey)
 		if err != nil {
 			uploadedKeys = append(uploadedKeys, objectKey)
 			_ = h.s3Storage.DeleteObjects(c.Request.Context(), uploadedKeys)
 			response.Error(c, http.StatusInternalServerError, "生成 S3 访问链接失败: "+err.Error())
 			return
 		}
 		uploadedKeys = append(uploadedKeys, objectKey)
 		accessURLs = append(accessURLs, accessURL)
 		totalSize += fileSize
 	}
 	usageAdded := false
 	if totalSize > 0 && h.quotaService != nil {
 		if err := h.quotaService.AddUsage(c.Request.Context(), userID, totalSize); err != nil {
 			_ = h.s3Storage.DeleteObjects(c.Request.Context(), uploadedKeys)
 			var quotaErr *service.QuotaExceededError
 			if errors.As(err, &quotaErr) {
 				response.Error(c, http.StatusTooManyRequests, "存储配额已满，请删除不需要的作品释放空间")
 				return
 			}
 			response.Error(c, http.StatusInternalServerError, "配额更新失败: "+err.Error())
 			return
 		}
 		usageAdded = true
 	}
 	if err := h.genService.UpdateStorageForCompleted(
 		c.Request.Context(),
 		id,
 		accessURLs[0],
 		accessURLs,
 		service.SoraStorageTypeS3,
 		uploadedKeys,
 		totalSize,
 	); err != nil {
 		_ = h.s3Storage.DeleteObjects(c.Request.Context(), uploadedKeys)
 		if usageAdded && h.quotaService != nil {
 			_ = h.quotaService.ReleaseUsage(c.Request.Context(), userID, totalSize)
 		}
 		response.ErrorFrom(c, err)
 		return
 	}
 	response.Success(c, gin.H{
 		"message":     "已保存到 S3",
 		"object_key":  uploadedKeys[0],
 		"object_keys": uploadedKeys,
 	})
 }
 // GetStorageStatus 返回存储状态。
 // GET /api/v1/sora/storage-status
 func (h *SoraClientHandler) GetStorageStatus(c *gin.Context) {
 	s3Enabled := h.s3Storage != nil && h.s3Storage.Enabled(c.Request.Context())
 	s3Healthy := false
 	if s3Enabled {
 		s3Healthy = h.s3Storage.IsHealthy(c.Request.Context())
 	}
 	localEnabled := h.mediaStorage != nil && h.mediaStorage.Enabled()
 	response.Success(c, gin.H{
 		"s3_enabled":    s3Enabled,
 		"s3_healthy":    s3Healthy,
 		"local_enabled": localEnabled,
 	})
 }
 func (h *SoraClientHandler) cleanupStoredMedia(ctx context.Context, storageType string, s3Keys []string, localPaths []string) {
 	switch storageType {
 	case service.SoraStorageTypeS3:
 		if h.s3Storage != nil && len(s3Keys) > 0 {
 			if err := h.s3Storage.DeleteObjects(ctx, s3Keys); err != nil {
 				logger.LegacyPrintf("handler.sora_client", "[SoraClient] 清理 S3 文件失败 keys=%v err=%v", s3Keys, err)
 			}
 		}
 	case service.SoraStorageTypeLocal:
 		if h.mediaStorage != nil && len(localPaths) > 0 {
 			if err := h.mediaStorage.DeleteByRelativePaths(localPaths); err != nil {
 				logger.LegacyPrintf("handler.sora_client", "[SoraClient] 清理本地文件失败 paths=%v err=%v", localPaths, err)
 			}
 		}
 	}
 }
 // getUserIDFromContext 从 gin 上下文中提取用户 ID。
 func getUserIDFromContext(c *gin.Context) int64 {
 	if subject, ok := middleware2.GetAuthSubjectFromContext(c); ok && subject.UserID > 0 {
 		return subject.UserID
 	}
 	if id, ok := c.Get("user_id"); ok {
 		switch v := id.(type) {
 		case int64:
 			return v
 		case float64:
 			return int64(v)
 		case string:
 			n, _ := strconv.ParseInt(v, 10, 64)
 			return n
 		}
 	}
 	// 尝试从 JWT claims 获取
 	if id, ok := c.Get("userID"); ok {
 		if v, ok := id.(int64); ok {
 			return v
 		}
 	}
 	return 0
 }
 func groupIDForLog(groupID *int64) int64 {
 	if groupID == nil {
 		return 0
 	}
 	return *groupID
 }
 func trimForLog(raw string, maxLen int) string {
 	trimmed := strings.TrimSpace(raw)
 	if maxLen <= 0 || len(trimmed) <= maxLen {
 		return trimmed
 	}
 	return trimmed[:maxLen] + "...(truncated)"
 }
 // GetModels 获取可用 Sora 模型家族列表。
 // 优先从上游 Sora API 同步模型列表，失败时降级到本地配置。
 // GET /api/v1/sora/models
 func (h *SoraClientHandler) GetModels(c *gin.Context) {
 	families := h.getModelFamilies(c.Request.Context())
 	response.Success(c, families)
 }
 // getModelFamilies 获取模型家族列表（带缓存）。
 func (h *SoraClientHandler) getModelFamilies(ctx context.Context) []service.SoraModelFamily {
 	// 读锁检查缓存
 	h.modelCacheMu.RLock()
 	ttl := modelCacheTTL
 	if !h.modelCacheUpstream {
 		ttl = modelCacheFailedTTL
 	}
 	if h.cachedFamilies != nil && time.Since(h.modelCacheTime) < ttl {
 		families := h.cachedFamilies
 		h.modelCacheMu.RUnlock()
 		return families
 	}
 	h.modelCacheMu.RUnlock()
 	// 写锁更新缓存
 	h.modelCacheMu.Lock()
 	defer h.modelCacheMu.Unlock()
 	// double-check
 	ttl = modelCacheTTL
 	if !h.modelCacheUpstream {
 		ttl = modelCacheFailedTTL
 	}
 	if h.cachedFamilies != nil && time.Since(h.modelCacheTime) < ttl {
 		return h.cachedFamilies
 	}
 	// 尝试从上游获取
 	families, err := h.fetchUpstreamModels(ctx)
 	if err != nil {
 		logger.LegacyPrintf("handler.sora_client", "[SoraClient] 上游模型获取失败，使用本地配置: %v", err)
 		families = service.BuildSoraModelFamilies()
 		h.cachedFamilies = families
 		h.modelCacheTime = time.Now()
 		h.modelCacheUpstream = false
 		return families
 	}
 	logger.LegacyPrintf("handler.sora_client", "[SoraClient] 从上游同步到 %d 个模型家族", len(families))
 	h.cachedFamilies = families
 	h.modelCacheTime = time.Now()
 	h.modelCacheUpstream = true
 	return families
 }
 // fetchUpstreamModels 从上游 Sora API 获取模型列表。
 func (h *SoraClientHandler) fetchUpstreamModels(ctx context.Context) ([]service.SoraModelFamily, error) {
 	if h.gatewayService == nil {
 		return nil, fmt.Errorf("gatewayService 未初始化")
 	}
 	// 设置 ForcePlatform 用于 Sora 账号选择
 	ctx = context.WithValue(ctx, ctxkey.ForcePlatform, service.PlatformSora)
 	// 选择一个 Sora 账号
 	account, err := h.gatewayService.SelectAccountForModel(ctx, nil, "", "sora2-landscape-10s")
 	if err != nil {
 		return nil, fmt.Errorf("选择 Sora 账号失败: %w", err)
 	}
 	// 仅支持 API Key 类型账号
 	if account.Type != service.AccountTypeAPIKey {
 		return nil, fmt.Errorf("当前账号类型 %s 不支持模型同步", account.Type)
 	}
 	apiKey := account.GetCredential("api_key")
 	if apiKey == "" {
 		return nil, fmt.Errorf("账号缺少 api_key")
 	}
 	baseURL := account.GetBaseURL()
 	if baseURL == "" {
 		return nil, fmt.Errorf("账号缺少 base_url")
 	}
 	// 构建上游模型列表请求
 	modelsURL := strings.TrimRight(baseURL, "/") + "/sora/v1/models"
 	reqCtx, cancel := context.WithTimeout(ctx, 10*time.Second)
 	defer cancel()
 	req, err := http.NewRequestWithContext(reqCtx, http.MethodGet, modelsURL, nil)
 	if err != nil {
 		return nil, fmt.Errorf("创建请求失败: %w", err)
 	}
 	req.Header.Set("Authorization", "Bearer "+apiKey)
 	client := &http.Client{Timeout: 10 * time.Second}
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, fmt.Errorf("请求上游失败: %w", err)
 	}
 	defer func() {
 		_ = resp.Body.Close()
 	}()
 	if resp.StatusCode != http.StatusOK {
 		return nil, fmt.Errorf("上游返回状态码 %d", resp.StatusCode)
 	}
 	body, err := io.ReadAll(io.LimitReader(resp.Body, 1*1024*1024))
 	if err != nil {
 		return nil, fmt.Errorf("读取响应失败: %w", err)
 	}
 	// 解析 OpenAI 格式的模型列表
 	var modelsResp struct {
 		Data []struct {
 			ID string `json:"id"`
 		} `json:"data"`
 	}
 	if err := json.Unmarshal(body, &modelsResp); err != nil {
 		return nil, fmt.Errorf("解析响应失败: %w", err)
 	}
 	if len(modelsResp.Data) == 0 {
 		return nil, fmt.Errorf("上游返回空模型列表")
 	}
 	// 提取模型 ID
 	modelIDs := make([]string, 0, len(modelsResp.Data))
 	for _, m := range modelsResp.Data {
 		modelIDs = append(modelIDs, m.ID)
 	}
 	// 转换为模型家族
 	families := service.BuildSoraModelFamiliesFromIDs(modelIDs)
 	if len(families) == 0 {
 		return nil, fmt.Errorf("未能从上游模型列表中识别出有效的模型家族")
 	}
 	return families, nil
 }
--- a/backend/internal/handler/sora_client_handler_test.go
+++ b/backend/internal/handler/sora_client_handler_test.go
--- a/backend/internal/handler/sora_gateway_handler.go
+++ b/backend/internal/handler/sora_gateway_handler.go
@ -1,695 +0,0 @@
 package handler
 import (
 	"context"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/Wei-Shaw/sub2api/internal/config"
 	pkghttputil "github.com/Wei-Shaw/sub2api/internal/pkg/httputil"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/ip"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/logger"
 	middleware2 "github.com/Wei-Shaw/sub2api/internal/server/middleware"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/Wei-Shaw/sub2api/internal/util/soraerror"
 	"github.com/gin-gonic/gin"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 	"go.uber.org/zap"
 )
 // SoraGatewayHandler handles Sora chat completions requests
 type SoraGatewayHandler struct {
 	gatewayService        *service.GatewayService
 	soraGatewayService    *service.SoraGatewayService
 	billingCacheService   *service.BillingCacheService
 	usageRecordWorkerPool *service.UsageRecordWorkerPool
 	concurrencyHelper     *ConcurrencyHelper
 	maxAccountSwitches    int
 	streamMode            string
 	soraTLSEnabled        bool
 	soraMediaSigningKey   string
 	soraMediaRoot         string
 }
 // NewSoraGatewayHandler creates a new SoraGatewayHandler
 func NewSoraGatewayHandler(
 	gatewayService *service.GatewayService,
 	soraGatewayService *service.SoraGatewayService,
 	concurrencyService *service.ConcurrencyService,
 	billingCacheService *service.BillingCacheService,
 	usageRecordWorkerPool *service.UsageRecordWorkerPool,
 	cfg *config.Config,
 ) *SoraGatewayHandler {
 	pingInterval := time.Duration(0)
 	maxAccountSwitches := 3
 	streamMode := "force"
 	soraTLSEnabled := true
 	signKey := ""
 	mediaRoot := "/app/data/sora"
 	if cfg != nil {
 		pingInterval = time.Duration(cfg.Concurrency.PingInterval) * time.Second
 		if cfg.Gateway.MaxAccountSwitches > 0 {
 			maxAccountSwitches = cfg.Gateway.MaxAccountSwitches
 		}
 		if mode := strings.TrimSpace(cfg.Gateway.SoraStreamMode); mode != "" {
 			streamMode = mode
 		}
 		soraTLSEnabled = !cfg.Sora.Client.DisableTLSFingerprint
 		signKey = strings.TrimSpace(cfg.Gateway.SoraMediaSigningKey)
 		if root := strings.TrimSpace(cfg.Sora.Storage.LocalPath); root != "" {
 			mediaRoot = root
 		}
 	}
 	return &SoraGatewayHandler{
 		gatewayService:        gatewayService,
 		soraGatewayService:    soraGatewayService,
 		billingCacheService:   billingCacheService,
 		usageRecordWorkerPool: usageRecordWorkerPool,
 		concurrencyHelper:     NewConcurrencyHelper(concurrencyService, SSEPingFormatComment, pingInterval),
 		maxAccountSwitches:    maxAccountSwitches,
 		streamMode:            strings.ToLower(streamMode),
 		soraTLSEnabled:        soraTLSEnabled,
 		soraMediaSigningKey:   signKey,
 		soraMediaRoot:         mediaRoot,
 	}
 }
 // ChatCompletions handles Sora /v1/chat/completions endpoint
 func (h *SoraGatewayHandler) ChatCompletions(c *gin.Context) {
 	apiKey, ok := middleware2.GetAPIKeyFromContext(c)
 	if !ok {
 		h.errorResponse(c, http.StatusUnauthorized, "authentication_error", "Invalid API key")
 		return
 	}
 	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
 		h.errorResponse(c, http.StatusInternalServerError, "api_error", "User context not found")
 		return
 	}
 	reqLog := requestLogger(
 		c,
 		"handler.sora_gateway.chat_completions",
 		zap.Int64("user_id", subject.UserID),
 		zap.Int64("api_key_id", apiKey.ID),
 		zap.Any("group_id", apiKey.GroupID),
 	)
 	body, err := pkghttputil.ReadRequestBodyWithPrealloc(c.Request)
 	if err != nil {
 		if maxErr, ok := extractMaxBytesError(err); ok {
 			h.errorResponse(c, http.StatusRequestEntityTooLarge, "invalid_request_error", buildBodyTooLargeMessage(maxErr.Limit))
 			return
 		}
 		h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "Failed to read request body")
 		return
 	}
 	if len(body) == 0 {
 		h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "Request body is empty")
 		return
 	}
 	setOpsRequestContext(c, "", false, body)
 	// 校验请求体 JSON 合法性
 	if !gjson.ValidBytes(body) {
 		h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "Failed to parse request body")
 		return
 	}
 	// 使用 gjson 只读提取字段做校验，避免完整 Unmarshal
 	modelResult := gjson.GetBytes(body, "model")
 	if !modelResult.Exists() || modelResult.Type != gjson.String || modelResult.String() == "" {
 		h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "model is required")
 		return
 	}
 	reqModel := modelResult.String()
 	msgsResult := gjson.GetBytes(body, "messages")
 	if !msgsResult.IsArray() || len(msgsResult.Array()) == 0 {
 		h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "messages is required")
 		return
 	}
 	clientStream := gjson.GetBytes(body, "stream").Bool()
 	reqLog = reqLog.With(zap.String("model", reqModel), zap.Bool("stream", clientStream))
 	if !clientStream {
 		if h.streamMode == "error" {
 			h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "Sora requires stream=true")
 			return
 		}
 		var err error
 		body, err = sjson.SetBytes(body, "stream", true)
 		if err != nil {
 			h.errorResponse(c, http.StatusInternalServerError, "api_error", "Failed to process request")
 			return
 		}
 	}
 	setOpsRequestContext(c, reqModel, clientStream, body)
 	setOpsEndpointContext(c, "", int16(service.RequestTypeFromLegacy(clientStream, false)))
 	platform := ""
 	if forced, ok := middleware2.GetForcePlatformFromContext(c); ok {
 		platform = forced
 	} else if apiKey.Group != nil {
 		platform = apiKey.Group.Platform
 	}
 	if platform != service.PlatformSora {
 		h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "This endpoint only supports Sora platform")
 		return
 	}
 	streamStarted := false
 	subscription, _ := middleware2.GetSubscriptionFromContext(c)
 	maxWait := service.CalculateMaxWait(subject.Concurrency)
 	canWait, err := h.concurrencyHelper.IncrementWaitCount(c.Request.Context(), subject.UserID, maxWait)
 	waitCounted := false
 	if err != nil {
 		reqLog.Warn("sora.user_wait_counter_increment_failed", zap.Error(err))
 	} else if !canWait {
 		reqLog.Info("sora.user_wait_queue_full", zap.Int("max_wait", maxWait))
 		h.errorResponse(c, http.StatusTooManyRequests, "rate_limit_error", "Too many pending requests, please retry later")
 		return
 	}
 	if err == nil && canWait {
 		waitCounted = true
 	}
 	defer func() {
 		if waitCounted {
 			h.concurrencyHelper.DecrementWaitCount(c.Request.Context(), subject.UserID)
 		}
 	}()
 	userReleaseFunc, err := h.concurrencyHelper.AcquireUserSlotWithWait(c, subject.UserID, subject.Concurrency, clientStream, &streamStarted)
 	if err != nil {
 		reqLog.Warn("sora.user_slot_acquire_failed", zap.Error(err))
 		h.handleConcurrencyError(c, err, "user", streamStarted)
 		return
 	}
 	if waitCounted {
 		h.concurrencyHelper.DecrementWaitCount(c.Request.Context(), subject.UserID)
 		waitCounted = false
 	}
 	userReleaseFunc = wrapReleaseOnDone(c.Request.Context(), userReleaseFunc)
 	if userReleaseFunc != nil {
 		defer userReleaseFunc()
 	}
 	if err := h.billingCacheService.CheckBillingEligibility(c.Request.Context(), apiKey.User, apiKey, apiKey.Group, subscription); err != nil {
 		reqLog.Info("sora.billing_eligibility_check_failed", zap.Error(err))
 		status, code, message := billingErrorDetails(err)
 		h.handleStreamingAwareError(c, status, code, message, streamStarted)
 		return
 	}
 	sessionHash := generateOpenAISessionHash(c, body)
 	maxAccountSwitches := h.maxAccountSwitches
 	switchCount := 0
 	failedAccountIDs := make(map[int64]struct{})
 	lastFailoverStatus := 0
 	var lastFailoverBody []byte
 	var lastFailoverHeaders http.Header
 	for {
 		selection, err := h.gatewayService.SelectAccountWithLoadAwareness(c.Request.Context(), apiKey.GroupID, sessionHash, reqModel, failedAccountIDs, "")
 		if err != nil {
 			reqLog.Warn("sora.account_select_failed",
 				zap.Error(err),
 				zap.Int("excluded_account_count", len(failedAccountIDs)),
 			)
 			if len(failedAccountIDs) == 0 {
 				h.handleStreamingAwareError(c, http.StatusServiceUnavailable, "api_error", "No available accounts: "+err.Error(), streamStarted)
 				return
 			}
 			rayID, mitigated, contentType := extractSoraFailoverHeaderInsights(lastFailoverHeaders, lastFailoverBody)
 			fields := []zap.Field{
 				zap.Int("last_upstream_status", lastFailoverStatus),
 			}
 			if rayID != "" {
 				fields = append(fields, zap.String("last_upstream_cf_ray", rayID))
 			}
 			if mitigated != "" {
 				fields = append(fields, zap.String("last_upstream_cf_mitigated", mitigated))
 			}
 			if contentType != "" {
 				fields = append(fields, zap.String("last_upstream_content_type", contentType))
 			}
 			reqLog.Warn("sora.failover_exhausted_no_available_accounts", fields...)
 			h.handleFailoverExhausted(c, lastFailoverStatus, lastFailoverHeaders, lastFailoverBody, streamStarted)
 			return
 		}
 		account := selection.Account
 		setOpsSelectedAccount(c, account.ID, account.Platform)
 		proxyBound := account.ProxyID != nil
 		proxyID := int64(0)
 		if account.ProxyID != nil {
 			proxyID = *account.ProxyID
 		}
 		tlsFingerprintEnabled := h.soraTLSEnabled
 		accountReleaseFunc := selection.ReleaseFunc
 		if !selection.Acquired {
 			if selection.WaitPlan == nil {
 				h.handleStreamingAwareError(c, http.StatusServiceUnavailable, "api_error", "No available accounts", streamStarted)
 				return
 			}
 			accountWaitCounted := false
 			canWait, err := h.concurrencyHelper.IncrementAccountWaitCount(c.Request.Context(), account.ID, selection.WaitPlan.MaxWaiting)
 			if err != nil {
 				reqLog.Warn("sora.account_wait_counter_increment_failed",
 					zap.Int64("account_id", account.ID),
 					zap.Int64("proxy_id", proxyID),
 					zap.Bool("proxy_bound", proxyBound),
 					zap.Bool("tls_fingerprint_enabled", tlsFingerprintEnabled),
 					zap.Error(err),
 				)
 			} else if !canWait {
 				reqLog.Info("sora.account_wait_queue_full",
 					zap.Int64("account_id", account.ID),
 					zap.Int64("proxy_id", proxyID),
 					zap.Bool("proxy_bound", proxyBound),
 					zap.Bool("tls_fingerprint_enabled", tlsFingerprintEnabled),
 					zap.Int("max_waiting", selection.WaitPlan.MaxWaiting),
 				)
 				h.handleStreamingAwareError(c, http.StatusTooManyRequests, "rate_limit_error", "Too many pending requests, please retry later", streamStarted)
 				return
 			}
 			if err == nil && canWait {
 				accountWaitCounted = true
 			}
 			defer func() {
 				if accountWaitCounted {
 					h.concurrencyHelper.DecrementAccountWaitCount(c.Request.Context(), account.ID)
 				}
 			}()
 			accountReleaseFunc, err = h.concurrencyHelper.AcquireAccountSlotWithWaitTimeout(
 				c,
 				account.ID,
 				selection.WaitPlan.MaxConcurrency,
 				selection.WaitPlan.Timeout,
 				clientStream,
 				&streamStarted,
 			)
 			if err != nil {
 				reqLog.Warn("sora.account_slot_acquire_failed",
 					zap.Int64("account_id", account.ID),
 					zap.Int64("proxy_id", proxyID),
 					zap.Bool("proxy_bound", proxyBound),
 					zap.Bool("tls_fingerprint_enabled", tlsFingerprintEnabled),
 					zap.Error(err),
 				)
 				h.handleConcurrencyError(c, err, "account", streamStarted)
 				return
 			}
 			if accountWaitCounted {
 				h.concurrencyHelper.DecrementAccountWaitCount(c.Request.Context(), account.ID)
 				accountWaitCounted = false
 			}
 		}
 		accountReleaseFunc = wrapReleaseOnDone(c.Request.Context(), accountReleaseFunc)
 		result, err := h.soraGatewayService.Forward(c.Request.Context(), c, account, body, clientStream)
 		if accountReleaseFunc != nil {
 			accountReleaseFunc()
 		}
 		if err != nil {
 			var failoverErr *service.UpstreamFailoverError
 			if errors.As(err, &failoverErr) {
 				failedAccountIDs[account.ID] = struct{}{}
 				if switchCount >= maxAccountSwitches {
 					lastFailoverStatus = failoverErr.StatusCode
 					lastFailoverHeaders = cloneHTTPHeaders(failoverErr.ResponseHeaders)
 					lastFailoverBody = failoverErr.ResponseBody
 					rayID, mitigated, contentType := extractSoraFailoverHeaderInsights(lastFailoverHeaders, lastFailoverBody)
 					fields := []zap.Field{
 						zap.Int64("account_id", account.ID),
 						zap.Int64("proxy_id", proxyID),
 						zap.Bool("proxy_bound", proxyBound),
 						zap.Bool("tls_fingerprint_enabled", tlsFingerprintEnabled),
 						zap.Int("upstream_status", failoverErr.StatusCode),
 						zap.Int("switch_count", switchCount),
 						zap.Int("max_switches", maxAccountSwitches),
 					}
 					if rayID != "" {
 						fields = append(fields, zap.String("upstream_cf_ray", rayID))
 					}
 					if mitigated != "" {
 						fields = append(fields, zap.String("upstream_cf_mitigated", mitigated))
 					}
 					if contentType != "" {
 						fields = append(fields, zap.String("upstream_content_type", contentType))
 					}
 					reqLog.Warn("sora.upstream_failover_exhausted", fields...)
 					h.handleFailoverExhausted(c, lastFailoverStatus, lastFailoverHeaders, lastFailoverBody, streamStarted)
 					return
 				}
 				lastFailoverStatus = failoverErr.StatusCode
 				lastFailoverHeaders = cloneHTTPHeaders(failoverErr.ResponseHeaders)
 				lastFailoverBody = failoverErr.ResponseBody
 				switchCount++
 				upstreamErrCode, upstreamErrMsg := extractUpstreamErrorCodeAndMessage(lastFailoverBody)
 				rayID, mitigated, contentType := extractSoraFailoverHeaderInsights(lastFailoverHeaders, lastFailoverBody)
 				fields := []zap.Field{
 					zap.Int64("account_id", account.ID),
 					zap.Int64("proxy_id", proxyID),
 					zap.Bool("proxy_bound", proxyBound),
 					zap.Bool("tls_fingerprint_enabled", tlsFingerprintEnabled),
 					zap.Int("upstream_status", failoverErr.StatusCode),
 					zap.String("upstream_error_code", upstreamErrCode),
 					zap.String("upstream_error_message", upstreamErrMsg),
 					zap.Int("switch_count", switchCount),
 					zap.Int("max_switches", maxAccountSwitches),
 				}
 				if rayID != "" {
 					fields = append(fields, zap.String("upstream_cf_ray", rayID))
 				}
 				if mitigated != "" {
 					fields = append(fields, zap.String("upstream_cf_mitigated", mitigated))
 				}
 				if contentType != "" {
 					fields = append(fields, zap.String("upstream_content_type", contentType))
 				}
 				reqLog.Warn("sora.upstream_failover_switching", fields...)
 				continue
 			}
 			reqLog.Error("sora.forward_failed",
 				zap.Int64("account_id", account.ID),
 				zap.Int64("proxy_id", proxyID),
 				zap.Bool("proxy_bound", proxyBound),
 				zap.Bool("tls_fingerprint_enabled", tlsFingerprintEnabled),
 				zap.Error(err),
 			)
 			return
 		}
 		userAgent := c.GetHeader("User-Agent")
 		clientIP := ip.GetClientIP(c)
 		requestPayloadHash := service.HashUsageRequestPayload(body)
 		inboundEndpoint := GetInboundEndpoint(c)
 		upstreamEndpoint := GetUpstreamEndpoint(c, account.Platform)
 		// 使用量记录通过有界 worker 池提交，避免请求热路径创建无界 goroutine。
 		h.submitUsageRecordTask(func(ctx context.Context) {
 			if err := h.gatewayService.RecordUsage(ctx, &service.RecordUsageInput{
 				Result:             result,
 				APIKey:             apiKey,
 				User:               apiKey.User,
 				Account:            account,
 				Subscription:       subscription,
 				InboundEndpoint:    inboundEndpoint,
 				UpstreamEndpoint:   upstreamEndpoint,
 				UserAgent:          userAgent,
 				IPAddress:          clientIP,
 				RequestPayloadHash: requestPayloadHash,
 			}); err != nil {
 				logger.L().With(
 					zap.String("component", "handler.sora_gateway.chat_completions"),
 					zap.Int64("user_id", subject.UserID),
 					zap.Int64("api_key_id", apiKey.ID),
 					zap.Any("group_id", apiKey.GroupID),
 					zap.String("model", reqModel),
 					zap.Int64("account_id", account.ID),
 				).Error("sora.record_usage_failed", zap.Error(err))
 			}
 		})
 		reqLog.Debug("sora.request_completed",
 			zap.Int64("account_id", account.ID),
 			zap.Int64("proxy_id", proxyID),
 			zap.Bool("proxy_bound", proxyBound),
 			zap.Bool("tls_fingerprint_enabled", tlsFingerprintEnabled),
 			zap.Int("switch_count", switchCount),
 		)
 		return
 	}
 }
 func generateOpenAISessionHash(c *gin.Context, body []byte) string {
 	if c == nil {
 		return ""
 	}
 	sessionID := strings.TrimSpace(c.GetHeader("session_id"))
 	if sessionID == "" {
 		sessionID = strings.TrimSpace(c.GetHeader("conversation_id"))
 	}
 	if sessionID == "" && len(body) > 0 {
 		sessionID = strings.TrimSpace(gjson.GetBytes(body, "prompt_cache_key").String())
 	}
 	if sessionID == "" {
 		return ""
 	}
 	hash := sha256.Sum256([]byte(sessionID))
 	return hex.EncodeToString(hash[:])
 }
 func (h *SoraGatewayHandler) submitUsageRecordTask(task service.UsageRecordTask) {
 	if task == nil {
 		return
 	}
 	if h.usageRecordWorkerPool != nil {
 		h.usageRecordWorkerPool.Submit(task)
 		return
 	}
 	// 回退路径：worker 池未注入时同步执行，避免退回到无界 goroutine 模式。
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
 	defer func() {
 		if recovered := recover(); recovered != nil {
 			logger.L().With(
 				zap.String("component", "handler.sora_gateway.chat_completions"),
 				zap.Any("panic", recovered),
 			).Error("sora.usage_record_task_panic_recovered")
 		}
 	}()
 	task(ctx)
 }
 func (h *SoraGatewayHandler) handleConcurrencyError(c *gin.Context, err error, slotType string, streamStarted bool) {
 	h.handleStreamingAwareError(c, http.StatusTooManyRequests, "rate_limit_error",
 		fmt.Sprintf("Concurrency limit exceeded for %s, please retry later", slotType), streamStarted)
 }
 func (h *SoraGatewayHandler) handleFailoverExhausted(c *gin.Context, statusCode int, responseHeaders http.Header, responseBody []byte, streamStarted bool) {
 	upstreamMsg := service.ExtractUpstreamErrorMessage(responseBody)
 	service.SetOpsUpstreamError(c, statusCode, upstreamMsg, "")
 	status, errType, errMsg := h.mapUpstreamError(statusCode, responseHeaders, responseBody)
 	h.handleStreamingAwareError(c, status, errType, errMsg, streamStarted)
 }
 func (h *SoraGatewayHandler) mapUpstreamError(statusCode int, responseHeaders http.Header, responseBody []byte) (int, string, string) {
 	if isSoraCloudflareChallengeResponse(statusCode, responseHeaders, responseBody) {
 		baseMsg := fmt.Sprintf("Sora request blocked by Cloudflare challenge (HTTP %d). Please switch to a clean proxy/network and retry.", statusCode)
 		return http.StatusBadGateway, "upstream_error", formatSoraCloudflareChallengeMessage(baseMsg, responseHeaders, responseBody)
 	}
 	upstreamCode, upstreamMessage := extractUpstreamErrorCodeAndMessage(responseBody)
 	if strings.EqualFold(upstreamCode, "cf_shield_429") {
 		baseMsg := "Sora request blocked by Cloudflare shield (429). Please switch to a clean proxy/network and retry."
 		return http.StatusTooManyRequests, "rate_limit_error", formatSoraCloudflareChallengeMessage(baseMsg, responseHeaders, responseBody)
 	}
 	if shouldPassthroughSoraUpstreamMessage(statusCode, upstreamMessage) {
 		switch statusCode {
 		case 401, 403, 404, 500, 502, 503, 504:
 			return http.StatusBadGateway, "upstream_error", upstreamMessage
 		case 429:
 			return http.StatusTooManyRequests, "rate_limit_error", upstreamMessage
 		}
 	}
 	switch statusCode {
 	case 401:
 		return http.StatusBadGateway, "upstream_error", "Upstream authentication failed, please contact administrator"
 	case 403:
 		return http.StatusBadGateway, "upstream_error", "Upstream access forbidden, please contact administrator"
 	case 404:
 		if strings.EqualFold(upstreamCode, "unsupported_country_code") {
 			return http.StatusBadGateway, "upstream_error", "Upstream region capability unavailable for this account, please contact administrator"
 		}
 		return http.StatusBadGateway, "upstream_error", "Upstream capability unavailable for this account, please contact administrator"
 	case 429:
 		return http.StatusTooManyRequests, "rate_limit_error", "Upstream rate limit exceeded, please retry later"
 	case 529:
 		return http.StatusServiceUnavailable, "upstream_error", "Upstream service overloaded, please retry later"
 	case 500, 502, 503, 504:
 		return http.StatusBadGateway, "upstream_error", "Upstream service temporarily unavailable"
 	default:
 		return http.StatusBadGateway, "upstream_error", "Upstream request failed"
 	}
 }
 func cloneHTTPHeaders(headers http.Header) http.Header {
 	if headers == nil {
 		return nil
 	}
 	return headers.Clone()
 }
 func extractSoraFailoverHeaderInsights(headers http.Header, body []byte) (rayID, mitigated, contentType string) {
 	if headers != nil {
 		mitigated = strings.TrimSpace(headers.Get("cf-mitigated"))
 		contentType = strings.TrimSpace(headers.Get("content-type"))
 		if contentType == "" {
 			contentType = strings.TrimSpace(headers.Get("Content-Type"))
 		}
 	}
 	rayID = soraerror.ExtractCloudflareRayID(headers, body)
 	return rayID, mitigated, contentType
 }
 func isSoraCloudflareChallengeResponse(statusCode int, headers http.Header, body []byte) bool {
 	return soraerror.IsCloudflareChallengeResponse(statusCode, headers, body)
 }
 func shouldPassthroughSoraUpstreamMessage(statusCode int, message string) bool {
 	message = strings.TrimSpace(message)
 	if message == "" {
 		return false
 	}
 	if statusCode == http.StatusForbidden || statusCode == http.StatusTooManyRequests {
 		lower := strings.ToLower(message)
 		if strings.Contains(lower, "<html") || strings.Contains(lower, "<!doctype html") || strings.Contains(lower, "window._cf_chl_opt") {
 			return false
 		}
 	}
 	return true
 }
 func formatSoraCloudflareChallengeMessage(base string, headers http.Header, body []byte) string {
 	return soraerror.FormatCloudflareChallengeMessage(base, headers, body)
 }
 func extractUpstreamErrorCodeAndMessage(body []byte) (string, string) {
 	return soraerror.ExtractUpstreamErrorCodeAndMessage(body)
 }
 func (h *SoraGatewayHandler) handleStreamingAwareError(c *gin.Context, status int, errType, message string, streamStarted bool) {
 	if streamStarted {
 		flusher, ok := c.Writer.(http.Flusher)
 		if ok {
 			errorData := map[string]any{
 				"error": map[string]string{
 					"type":    errType,
 					"message": message,
 				},
 			}
 			jsonBytes, err := json.Marshal(errorData)
 			if err != nil {
 				_ = c.Error(err)
 				return
 			}
 			errorEvent := fmt.Sprintf("event: error\ndata: %s\n\n", string(jsonBytes))
 			if _, err := fmt.Fprint(c.Writer, errorEvent); err != nil {
 				_ = c.Error(err)
 			}
 			flusher.Flush()
 		}
 		return
 	}
 	h.errorResponse(c, status, errType, message)
 }
 func (h *SoraGatewayHandler) errorResponse(c *gin.Context, status int, errType, message string) {
 	c.JSON(status, gin.H{
 		"error": gin.H{
 			"type":    errType,
 			"message": message,
 		},
 	})
 }
 // MediaProxy serves local Sora media files.
 func (h *SoraGatewayHandler) MediaProxy(c *gin.Context) {
 	h.proxySoraMedia(c, false)
 }
 // MediaProxySigned serves local Sora media files with signature verification.
 func (h *SoraGatewayHandler) MediaProxySigned(c *gin.Context) {
 	h.proxySoraMedia(c, true)
 }
 func (h *SoraGatewayHandler) proxySoraMedia(c *gin.Context, requireSignature bool) {
 	rawPath := c.Param("filepath")
 	if rawPath == "" {
 		c.Status(http.StatusNotFound)
 		return
 	}
 	cleaned := path.Clean(rawPath)
 	if !strings.HasPrefix(cleaned, "/image/") && !strings.HasPrefix(cleaned, "/video/") {
 		c.Status(http.StatusNotFound)
 		return
 	}
 	query := c.Request.URL.Query()
 	if requireSignature {
 		if h.soraMediaSigningKey == "" {
 			c.JSON(http.StatusServiceUnavailable, gin.H{
 				"error": gin.H{
 					"type":    "api_error",
 					"message": "Sora 媒体签名未配置",
 				},
 			})
 			return
 		}
 		expiresStr := strings.TrimSpace(query.Get("expires"))
 		signature := strings.TrimSpace(query.Get("sig"))
 		expires, err := strconv.ParseInt(expiresStr, 10, 64)
 		if err != nil || expires <= time.Now().Unix() {
 			c.JSON(http.StatusUnauthorized, gin.H{
 				"error": gin.H{
 					"type":    "authentication_error",
 					"message": "Sora 媒体签名已过期",
 				},
 			})
 			return
 		}
 		query.Del("sig")
 		query.Del("expires")
 		signingQuery := query.Encode()
 		if !service.VerifySoraMediaURL(cleaned, signingQuery, expires, signature, h.soraMediaSigningKey) {
 			c.JSON(http.StatusUnauthorized, gin.H{
 				"error": gin.H{
 					"type":    "authentication_error",
 					"message": "Sora 媒体签名无效",
 				},
 			})
 			return
 		}
 	}
 	if strings.TrimSpace(h.soraMediaRoot) == "" {
 		c.JSON(http.StatusServiceUnavailable, gin.H{
 			"error": gin.H{
 				"type":    "api_error",
 				"message": "Sora 媒体目录未配置",
 			},
 		})
 		return
 	}
 	relative := strings.TrimPrefix(cleaned, "/")
 	localPath := filepath.Join(h.soraMediaRoot, filepath.FromSlash(relative))
 	if _, err := os.Stat(localPath); err != nil {
 		if os.IsNotExist(err) {
 			c.Status(http.StatusNotFound)
 			return
 		}
 		c.Status(http.StatusInternalServerError)
 		return
 	}
 	c.File(localPath)
 }
--- a/backend/internal/handler/sora_gateway_handler_test.go
+++ b/backend/internal/handler/sora_gateway_handler_test.go
@ -1,726 +0,0 @@
 //go:build unit
 package handler
 import (
 	"context"
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
 	"time"
 	"github.com/Wei-Shaw/sub2api/internal/config"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/pagination"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/usagestats"
 	"github.com/Wei-Shaw/sub2api/internal/server/middleware"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/Wei-Shaw/sub2api/internal/testutil"
 	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/require"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
 // 编译期接口断言
 var _ service.SoraClient = (*stubSoraClient)(nil)
 var _ service.AccountRepository = (*stubAccountRepo)(nil)
 var _ service.GroupRepository = (*stubGroupRepo)(nil)
 var _ service.UsageLogRepository = (*stubUsageLogRepo)(nil)
 type stubSoraClient struct {
 	imageURLs []string
 }
 func (s *stubSoraClient) Enabled() bool { return true }
 func (s *stubSoraClient) UploadImage(ctx context.Context, account *service.Account, data []byte, filename string) (string, error) {
 	return "upload", nil
 }
 func (s *stubSoraClient) CreateImageTask(ctx context.Context, account *service.Account, req service.SoraImageRequest) (string, error) {
 	return "task-image", nil
 }
 func (s *stubSoraClient) CreateVideoTask(ctx context.Context, account *service.Account, req service.SoraVideoRequest) (string, error) {
 	return "task-video", nil
 }
 func (s *stubSoraClient) CreateStoryboardTask(ctx context.Context, account *service.Account, req service.SoraStoryboardRequest) (string, error) {
 	return "task-video", nil
 }
 func (s *stubSoraClient) UploadCharacterVideo(ctx context.Context, account *service.Account, data []byte) (string, error) {
 	return "cameo-1", nil
 }
 func (s *stubSoraClient) GetCameoStatus(ctx context.Context, account *service.Account, cameoID string) (*service.SoraCameoStatus, error) {
 	return &service.SoraCameoStatus{
 		Status:          "finalized",
 		StatusMessage:   "Completed",
 		DisplayNameHint: "Character",
 		UsernameHint:    "user.character",
 		ProfileAssetURL: "https://example.com/avatar.webp",
 	}, nil
 }
 func (s *stubSoraClient) DownloadCharacterImage(ctx context.Context, account *service.Account, imageURL string) ([]byte, error) {
 	return []byte("avatar"), nil
 }
 func (s *stubSoraClient) UploadCharacterImage(ctx context.Context, account *service.Account, data []byte) (string, error) {
 	return "asset-pointer", nil
 }
 func (s *stubSoraClient) FinalizeCharacter(ctx context.Context, account *service.Account, req service.SoraCharacterFinalizeRequest) (string, error) {
 	return "character-1", nil
 }
 func (s *stubSoraClient) SetCharacterPublic(ctx context.Context, account *service.Account, cameoID string) error {
 	return nil
 }
 func (s *stubSoraClient) DeleteCharacter(ctx context.Context, account *service.Account, characterID string) error {
 	return nil
 }
 func (s *stubSoraClient) PostVideoForWatermarkFree(ctx context.Context, account *service.Account, generationID string) (string, error) {
 	return "s_post", nil
 }
 func (s *stubSoraClient) DeletePost(ctx context.Context, account *service.Account, postID string) error {
 	return nil
 }
 func (s *stubSoraClient) GetWatermarkFreeURLCustom(ctx context.Context, account *service.Account, parseURL, parseToken, postID string) (string, error) {
 	return "https://example.com/no-watermark.mp4", nil
 }
 func (s *stubSoraClient) EnhancePrompt(ctx context.Context, account *service.Account, prompt, expansionLevel string, durationS int) (string, error) {
 	return "enhanced prompt", nil
 }
 func (s *stubSoraClient) GetImageTask(ctx context.Context, account *service.Account, taskID string) (*service.SoraImageTaskStatus, error) {
 	return &service.SoraImageTaskStatus{ID: taskID, Status: "completed", URLs: s.imageURLs}, nil
 }
 func (s *stubSoraClient) GetVideoTask(ctx context.Context, account *service.Account, taskID string) (*service.SoraVideoTaskStatus, error) {
 	return &service.SoraVideoTaskStatus{ID: taskID, Status: "completed", URLs: s.imageURLs}, nil
 }
 type stubAccountRepo struct {
 	accounts map[int64]*service.Account
 }
 func (r *stubAccountRepo) Create(ctx context.Context, account *service.Account) error { return nil }
 func (r *stubAccountRepo) GetByID(ctx context.Context, id int64) (*service.Account, error) {
 	if acc, ok := r.accounts[id]; ok {
 		return acc, nil
 	}
 	return nil, service.ErrAccountNotFound
 }
 func (r *stubAccountRepo) GetByIDs(ctx context.Context, ids []int64) ([]*service.Account, error) {
 	var result []*service.Account
 	for _, id := range ids {
 		if acc, ok := r.accounts[id]; ok {
 			result = append(result, acc)
 		}
 	}
 	return result, nil
 }
 func (r *stubAccountRepo) ExistsByID(ctx context.Context, id int64) (bool, error) {
 	_, ok := r.accounts[id]
 	return ok, nil
 }
 func (r *stubAccountRepo) GetByCRSAccountID(ctx context.Context, crsAccountID string) (*service.Account, error) {
 	return nil, nil
 }
 func (r *stubAccountRepo) FindByExtraField(ctx context.Context, key string, value any) ([]service.Account, error) {
 	return nil, nil
 }
 func (r *stubAccountRepo) ListCRSAccountIDs(ctx context.Context) (map[string]int64, error) {
 	return map[string]int64{}, nil
 }
 func (r *stubAccountRepo) Update(ctx context.Context, account *service.Account) error { return nil }
 func (r *stubAccountRepo) Delete(ctx context.Context, id int64) error                 { return nil }
 func (r *stubAccountRepo) List(ctx context.Context, params pagination.PaginationParams) ([]service.Account, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (r *stubAccountRepo) ListWithFilters(ctx context.Context, params pagination.PaginationParams, platform, accountType, status, search string, groupID int64, privacyMode string) ([]service.Account, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (r *stubAccountRepo) ListByGroup(ctx context.Context, groupID int64) ([]service.Account, error) {
 	return nil, nil
 }
 func (r *stubAccountRepo) ListActive(ctx context.Context) ([]service.Account, error) { return nil, nil }
 func (r *stubAccountRepo) ListByPlatform(ctx context.Context, platform string) ([]service.Account, error) {
 	return r.listSchedulableByPlatform(platform), nil
 }
 func (r *stubAccountRepo) UpdateLastUsed(ctx context.Context, id int64) error { return nil }
 func (r *stubAccountRepo) BatchUpdateLastUsed(ctx context.Context, updates map[int64]time.Time) error {
 	return nil
 }
 func (r *stubAccountRepo) SetError(ctx context.Context, id int64, errorMsg string) error { return nil }
 func (r *stubAccountRepo) ClearError(ctx context.Context, id int64) error                { return nil }
 func (r *stubAccountRepo) SetSchedulable(ctx context.Context, id int64, schedulable bool) error {
 	return nil
 }
 func (r *stubAccountRepo) AutoPauseExpiredAccounts(ctx context.Context, now time.Time) (int64, error) {
 	return 0, nil
 }
 func (r *stubAccountRepo) BindGroups(ctx context.Context, accountID int64, groupIDs []int64) error {
 	return nil
 }
 func (r *stubAccountRepo) ListSchedulable(ctx context.Context) ([]service.Account, error) {
 	return r.listSchedulable(), nil
 }
 func (r *stubAccountRepo) ListSchedulableByGroupID(ctx context.Context, groupID int64) ([]service.Account, error) {
 	return r.listSchedulable(), nil
 }
 func (r *stubAccountRepo) ListSchedulableByPlatform(ctx context.Context, platform string) ([]service.Account, error) {
 	return r.listSchedulableByPlatform(platform), nil
 }
 func (r *stubAccountRepo) ListSchedulableByGroupIDAndPlatform(ctx context.Context, groupID int64, platform string) ([]service.Account, error) {
 	return r.listSchedulableByPlatform(platform), nil
 }
 func (r *stubAccountRepo) ListSchedulableByPlatforms(ctx context.Context, platforms []string) ([]service.Account, error) {
 	var result []service.Account
 	for _, acc := range r.accounts {
 		for _, platform := range platforms {
 			if acc.Platform == platform && acc.IsSchedulable() {
 				result = append(result, *acc)
 				break
 			}
 		}
 	}
 	return result, nil
 }
 func (r *stubAccountRepo) ListSchedulableByGroupIDAndPlatforms(ctx context.Context, groupID int64, platforms []string) ([]service.Account, error) {
 	return r.ListSchedulableByPlatforms(ctx, platforms)
 }
 func (r *stubAccountRepo) ListSchedulableUngroupedByPlatform(ctx context.Context, platform string) ([]service.Account, error) {
 	return r.ListSchedulableByPlatform(ctx, platform)
 }
 func (r *stubAccountRepo) ListSchedulableUngroupedByPlatforms(ctx context.Context, platforms []string) ([]service.Account, error) {
 	return r.ListSchedulableByPlatforms(ctx, platforms)
 }
 func (r *stubAccountRepo) SetRateLimited(ctx context.Context, id int64, resetAt time.Time) error {
 	return nil
 }
 func (r *stubAccountRepo) SetModelRateLimit(ctx context.Context, id int64, scope string, resetAt time.Time) error {
 	return nil
 }
 func (r *stubAccountRepo) SetOverloaded(ctx context.Context, id int64, until time.Time) error {
 	return nil
 }
 func (r *stubAccountRepo) SetTempUnschedulable(ctx context.Context, id int64, until time.Time, reason string) error {
 	return nil
 }
 func (r *stubAccountRepo) ClearTempUnschedulable(ctx context.Context, id int64) error { return nil }
 func (r *stubAccountRepo) ClearRateLimit(ctx context.Context, id int64) error         { return nil }
 func (r *stubAccountRepo) ClearAntigravityQuotaScopes(ctx context.Context, id int64) error {
 	return nil
 }
 func (r *stubAccountRepo) ClearModelRateLimits(ctx context.Context, id int64) error { return nil }
 func (r *stubAccountRepo) UpdateSessionWindow(ctx context.Context, id int64, start, end *time.Time, status string) error {
 	return nil
 }
 func (r *stubAccountRepo) UpdateExtra(ctx context.Context, id int64, updates map[string]any) error {
 	return nil
 }
 func (r *stubAccountRepo) BulkUpdate(ctx context.Context, ids []int64, updates service.AccountBulkUpdate) (int64, error) {
 	return 0, nil
 }
 func (r *stubAccountRepo) IncrementQuotaUsed(ctx context.Context, id int64, amount float64) error {
 	return nil
 }
 func (r *stubAccountRepo) ResetQuotaUsed(ctx context.Context, id int64) error {
 	return nil
 }
 func (r *stubAccountRepo) listSchedulable() []service.Account {
 	var result []service.Account
 	for _, acc := range r.accounts {
 		if acc.IsSchedulable() {
 			result = append(result, *acc)
 		}
 	}
 	return result
 }
 func (r *stubAccountRepo) listSchedulableByPlatform(platform string) []service.Account {
 	var result []service.Account
 	for _, acc := range r.accounts {
 		if acc.Platform == platform && acc.IsSchedulable() {
 			result = append(result, *acc)
 		}
 	}
 	return result
 }
 type stubGroupRepo struct {
 	group *service.Group
 }
 func (r *stubGroupRepo) Create(ctx context.Context, group *service.Group) error { return nil }
 func (r *stubGroupRepo) GetByID(ctx context.Context, id int64) (*service.Group, error) {
 	return r.group, nil
 }
 func (r *stubGroupRepo) GetByIDLite(ctx context.Context, id int64) (*service.Group, error) {
 	return r.group, nil
 }
 func (r *stubGroupRepo) Update(ctx context.Context, group *service.Group) error { return nil }
 func (r *stubGroupRepo) Delete(ctx context.Context, id int64) error             { return nil }
 func (r *stubGroupRepo) DeleteCascade(ctx context.Context, id int64) ([]int64, error) {
 	return nil, nil
 }
 func (r *stubGroupRepo) List(ctx context.Context, params pagination.PaginationParams) ([]service.Group, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (r *stubGroupRepo) ListWithFilters(ctx context.Context, params pagination.PaginationParams, platform, status, search string, isExclusive *bool) ([]service.Group, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (r *stubGroupRepo) ListActive(ctx context.Context) ([]service.Group, error) { return nil, nil }
 func (r *stubGroupRepo) ListActiveByPlatform(ctx context.Context, platform string) ([]service.Group, error) {
 	return nil, nil
 }
 func (r *stubGroupRepo) ExistsByName(ctx context.Context, name string) (bool, error) {
 	return false, nil
 }
 func (r *stubGroupRepo) GetAccountCount(ctx context.Context, groupID int64) (int64, int64, error) {
 	return 0, 0, nil
 }
 func (r *stubGroupRepo) DeleteAccountGroupsByGroupID(ctx context.Context, groupID int64) (int64, error) {
 	return 0, nil
 }
 func (r *stubGroupRepo) GetAccountIDsByGroupIDs(ctx context.Context, groupIDs []int64) ([]int64, error) {
 	return nil, nil
 }
 func (r *stubGroupRepo) BindAccountsToGroup(ctx context.Context, groupID int64, accountIDs []int64) error {
 	return nil
 }
 func (r *stubGroupRepo) UpdateSortOrders(ctx context.Context, updates []service.GroupSortOrderUpdate) error {
 	return nil
 }
 type stubUsageLogRepo struct{}
 func (s *stubUsageLogRepo) Create(ctx context.Context, log *service.UsageLog) (bool, error) {
 	return true, nil
 }
 func (s *stubUsageLogRepo) GetByID(ctx context.Context, id int64) (*service.UsageLog, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) Delete(ctx context.Context, id int64) error { return nil }
 func (s *stubUsageLogRepo) ListByUser(ctx context.Context, userID int64, params pagination.PaginationParams) ([]service.UsageLog, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (s *stubUsageLogRepo) ListByAPIKey(ctx context.Context, apiKeyID int64, params pagination.PaginationParams) ([]service.UsageLog, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (s *stubUsageLogRepo) ListByAccount(ctx context.Context, accountID int64, params pagination.PaginationParams) ([]service.UsageLog, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (s *stubUsageLogRepo) ListByUserAndTimeRange(ctx context.Context, userID int64, startTime, endTime time.Time) ([]service.UsageLog, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (s *stubUsageLogRepo) ListByAPIKeyAndTimeRange(ctx context.Context, apiKeyID int64, startTime, endTime time.Time) ([]service.UsageLog, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (s *stubUsageLogRepo) ListByAccountAndTimeRange(ctx context.Context, accountID int64, startTime, endTime time.Time) ([]service.UsageLog, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (s *stubUsageLogRepo) ListByModelAndTimeRange(ctx context.Context, modelName string, startTime, endTime time.Time) ([]service.UsageLog, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (s *stubUsageLogRepo) GetAccountWindowStats(ctx context.Context, accountID int64, startTime time.Time) (*usagestats.AccountStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetAccountTodayStats(ctx context.Context, accountID int64) (*usagestats.AccountStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetDashboardStats(ctx context.Context) (*usagestats.DashboardStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetUsageTrendWithFilters(ctx context.Context, startTime, endTime time.Time, granularity string, userID, apiKeyID, accountID, groupID int64, model string, requestType *int16, stream *bool, billingType *int8) ([]usagestats.TrendDataPoint, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetModelStatsWithFilters(ctx context.Context, startTime, endTime time.Time, userID, apiKeyID, accountID, groupID int64, requestType *int16, stream *bool, billingType *int8) ([]usagestats.ModelStat, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetEndpointStatsWithFilters(ctx context.Context, startTime, endTime time.Time, userID, apiKeyID, accountID, groupID int64, model string, requestType *int16, stream *bool, billingType *int8) ([]usagestats.EndpointStat, error) {
 	return []usagestats.EndpointStat{}, nil
 }
 func (s *stubUsageLogRepo) GetUpstreamEndpointStatsWithFilters(ctx context.Context, startTime, endTime time.Time, userID, apiKeyID, accountID, groupID int64, model string, requestType *int16, stream *bool, billingType *int8) ([]usagestats.EndpointStat, error) {
 	return []usagestats.EndpointStat{}, nil
 }
 func (s *stubUsageLogRepo) GetGroupStatsWithFilters(ctx context.Context, startTime, endTime time.Time, userID, apiKeyID, accountID, groupID int64, requestType *int16, stream *bool, billingType *int8) ([]usagestats.GroupStat, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetUserBreakdownStats(ctx context.Context, startTime, endTime time.Time, dim usagestats.UserBreakdownDimension, limit int) ([]usagestats.UserBreakdownItem, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetAllGroupUsageSummary(ctx context.Context, todayStart time.Time) ([]usagestats.GroupUsageSummary, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetAPIKeyUsageTrend(ctx context.Context, startTime, endTime time.Time, granularity string, limit int) ([]usagestats.APIKeyUsageTrendPoint, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetUserUsageTrend(ctx context.Context, startTime, endTime time.Time, granularity string, limit int) ([]usagestats.UserUsageTrendPoint, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetUserSpendingRanking(ctx context.Context, startTime, endTime time.Time, limit int) (*usagestats.UserSpendingRankingResponse, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetBatchUserUsageStats(ctx context.Context, userIDs []int64, startTime, endTime time.Time) (map[int64]*usagestats.BatchUserUsageStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetBatchAPIKeyUsageStats(ctx context.Context, apiKeyIDs []int64, startTime, endTime time.Time) (map[int64]*usagestats.BatchAPIKeyUsageStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetUserDashboardStats(ctx context.Context, userID int64) (*usagestats.UserDashboardStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetAPIKeyDashboardStats(ctx context.Context, apiKeyID int64) (*usagestats.UserDashboardStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetUserUsageTrendByUserID(ctx context.Context, userID int64, startTime, endTime time.Time, granularity string) ([]usagestats.TrendDataPoint, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetUserModelStats(ctx context.Context, userID int64, startTime, endTime time.Time) ([]usagestats.ModelStat, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) ListWithFilters(ctx context.Context, params pagination.PaginationParams, filters usagestats.UsageLogFilters) ([]service.UsageLog, *pagination.PaginationResult, error) {
 	return nil, nil, nil
 }
 func (s *stubUsageLogRepo) GetGlobalStats(ctx context.Context, startTime, endTime time.Time) (*usagestats.UsageStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetStatsWithFilters(ctx context.Context, filters usagestats.UsageLogFilters) (*usagestats.UsageStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetAccountUsageStats(ctx context.Context, accountID int64, startTime, endTime time.Time) (*usagestats.AccountUsageStatsResponse, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetUserStatsAggregated(ctx context.Context, userID int64, startTime, endTime time.Time) (*usagestats.UsageStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetAPIKeyStatsAggregated(ctx context.Context, apiKeyID int64, startTime, endTime time.Time) (*usagestats.UsageStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetAccountStatsAggregated(ctx context.Context, accountID int64, startTime, endTime time.Time) (*usagestats.UsageStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetModelStatsAggregated(ctx context.Context, modelName string, startTime, endTime time.Time) (*usagestats.UsageStats, error) {
 	return nil, nil
 }
 func (s *stubUsageLogRepo) GetDailyStatsAggregated(ctx context.Context, userID int64, startTime, endTime time.Time) ([]map[string]any, error) {
 	return nil, nil
 }
 func TestSoraGatewayHandler_ChatCompletions(t *testing.T) {
 	gin.SetMode(gin.TestMode)
 	cfg := &config.Config{
 		RunMode: config.RunModeSimple,
 		Gateway: config.GatewayConfig{
 			SoraStreamMode:     "force",
 			MaxAccountSwitches: 1,
 			Scheduling: config.GatewaySchedulingConfig{
 				LoadBatchEnabled: false,
 			},
 		},
 		Concurrency: config.ConcurrencyConfig{PingInterval: 0},
 		Sora: config.SoraConfig{
 			Client: config.SoraClientConfig{
 				BaseURL:             "https://sora.test",
 				PollIntervalSeconds: 1,
 				MaxPollAttempts:     1,
 			},
 		},
 	}
 	account := &service.Account{ID: 1, Platform: service.PlatformSora, Status: service.StatusActive, Schedulable: true, Concurrency: 1, Priority: 1}
 	accountRepo := &stubAccountRepo{accounts: map[int64]*service.Account{account.ID: account}}
 	group := &service.Group{ID: 1, Platform: service.PlatformSora, Status: service.StatusActive, Hydrated: true}
 	groupRepo := &stubGroupRepo{group: group}
 	usageLogRepo := &stubUsageLogRepo{}
 	deferredService := service.NewDeferredService(accountRepo, nil, 0)
 	billingService := service.NewBillingService(cfg, nil)
 	concurrencyService := service.NewConcurrencyService(testutil.StubConcurrencyCache{})
 	billingCacheService := service.NewBillingCacheService(nil, nil, nil, nil, cfg)
 	t.Cleanup(func() {
 		billingCacheService.Stop()
 	})
 	gatewayService := service.NewGatewayService(
 		accountRepo,
 		groupRepo,
 		usageLogRepo,
 		nil,
 		nil,
 		nil,
 		nil,
 		testutil.StubGatewayCache{},
 		cfg,
 		nil,
 		concurrencyService,
 		billingService,
 		nil,
 		billingCacheService,
 		nil,
 		nil,
 		deferredService,
 		nil,
 		testutil.StubSessionLimitCache{},
 		nil, // rpmCache
 		nil, // digestStore
 		nil, // settingService
 		nil, // tlsFPProfileService
 	)
 	soraClient := &stubSoraClient{imageURLs: []string{"https://example.com/a.png"}}
 	soraGatewayService := service.NewSoraGatewayService(soraClient, nil, nil, cfg)
 	handler := NewSoraGatewayHandler(gatewayService, soraGatewayService, concurrencyService, billingCacheService, nil, cfg)
 	rec := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(rec)
 	body := `{"model":"gpt-image","messages":[{"role":"user","content":"hello"}]}`
 	c.Request = httptest.NewRequest(http.MethodPost, "/sora/v1/chat/completions", strings.NewReader(body))
 	c.Request.Header.Set("Content-Type", "application/json")
 	apiKey := &service.APIKey{
 		ID:      1,
 		UserID:  1,
 		Status:  service.StatusActive,
 		GroupID: &group.ID,
 		User:    &service.User{ID: 1, Concurrency: 1, Status: service.StatusActive},
 		Group:   group,
 	}
 	c.Set(string(middleware.ContextKeyAPIKey), apiKey)
 	c.Set(string(middleware.ContextKeyUser), middleware.AuthSubject{UserID: apiKey.UserID, Concurrency: apiKey.User.Concurrency})
 	handler.ChatCompletions(c)
 	require.Equal(t, http.StatusOK, rec.Code)
 	var resp map[string]any
 	require.NoError(t, json.Unmarshal(rec.Body.Bytes(), &resp))
 	require.NotEmpty(t, resp["media_url"])
 }
 // TestSoraHandler_StreamForcing 验证 sora handler 的 stream 强制逻辑
 func TestSoraHandler_StreamForcing(t *testing.T) {
 	// 测试 1：stream=false 时 sjson 强制修改为 true
 	body := []byte(`{"model":"sora","messages":[{"role":"user","content":"test"}],"stream":false}`)
 	clientStream := gjson.GetBytes(body, "stream").Bool()
 	require.False(t, clientStream)
 	newBody, err := sjson.SetBytes(body, "stream", true)
 	require.NoError(t, err)
 	require.True(t, gjson.GetBytes(newBody, "stream").Bool())
 	// 测试 2：stream=true 时不修改
 	body2 := []byte(`{"model":"sora","messages":[{"role":"user","content":"test"}],"stream":true}`)
 	require.True(t, gjson.GetBytes(body2, "stream").Bool())
 	// 测试 3：无 stream 字段时 gjson 返回 false（零值）
 	body3 := []byte(`{"model":"sora","messages":[{"role":"user","content":"test"}]}`)
 	require.False(t, gjson.GetBytes(body3, "stream").Bool())
 }
 // TestSoraHandler_ValidationExtraction 验证 sora handler 中 gjson 字段校验逻辑
 func TestSoraHandler_ValidationExtraction(t *testing.T) {
 	// model 缺失
 	body := []byte(`{"messages":[{"role":"user","content":"test"}]}`)
 	modelResult := gjson.GetBytes(body, "model")
 	require.True(t, !modelResult.Exists() || modelResult.Type != gjson.String || modelResult.String() == "")
 	// model 为数字 → 类型不是 gjson.String，应被拒绝
 	body1b := []byte(`{"model":123,"messages":[{"role":"user","content":"test"}]}`)
 	modelResult1b := gjson.GetBytes(body1b, "model")
 	require.True(t, modelResult1b.Exists())
 	require.NotEqual(t, gjson.String, modelResult1b.Type)
 	// messages 缺失
 	body2 := []byte(`{"model":"sora"}`)
 	require.False(t, gjson.GetBytes(body2, "messages").IsArray())
 	// messages 不是 JSON 数组（字符串）
 	body3 := []byte(`{"model":"sora","messages":"not array"}`)
 	require.False(t, gjson.GetBytes(body3, "messages").IsArray())
 	// messages 是对象而非数组 → IsArray 返回 false
 	body4 := []byte(`{"model":"sora","messages":{}}`)
 	require.False(t, gjson.GetBytes(body4, "messages").IsArray())
 	// messages 是空数组 → IsArray 为 true 但 len==0，应被拒绝
 	body5 := []byte(`{"model":"sora","messages":[]}`)
 	msgsResult := gjson.GetBytes(body5, "messages")
 	require.True(t, msgsResult.IsArray())
 	require.Equal(t, 0, len(msgsResult.Array()))
 	// 非法 JSON 被 gjson.ValidBytes 拦截
 	require.False(t, gjson.ValidBytes([]byte(`{invalid`)))
 }
 // TestGenerateOpenAISessionHash_WithBody 验证 generateOpenAISessionHash 的 body/header 解析逻辑
 func TestGenerateOpenAISessionHash_WithBody(t *testing.T) {
 	gin.SetMode(gin.TestMode)
 	// 从 body 提取 prompt_cache_key
 	body := []byte(`{"model":"sora","prompt_cache_key":"session-abc"}`)
 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
 	c.Request = httptest.NewRequest("POST", "/", nil)
 	hash := generateOpenAISessionHash(c, body)
 	require.NotEmpty(t, hash)
 	// 无 prompt_cache_key 且无 header → 空 hash
 	body2 := []byte(`{"model":"sora"}`)
 	hash2 := generateOpenAISessionHash(c, body2)
 	require.Empty(t, hash2)
 	// header 优先于 body
 	c.Request.Header.Set("session_id", "from-header")
 	hash3 := generateOpenAISessionHash(c, body)
 	require.NotEmpty(t, hash3)
 	require.NotEqual(t, hash, hash3) // 不同来源应产生不同 hash
 }
 func TestSoraHandleStreamingAwareError_JSONEscaping(t *testing.T) {
 	tests := []struct {
 		name    string
 		errType string
 		message string
 	}{
 		{
 			name:    "包含双引号",
 			errType: "upstream_error",
 			message: `upstream returned "invalid" payload`,
 		},
 		{
 			name:    "包含换行和制表符",
 			errType: "rate_limit_error",
 			message: "line1\nline2\ttab",
 		},
 		{
 			name:    "包含反斜杠",
 			errType: "upstream_error",
 			message: `path C:\Users\test\file.txt not found`,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			gin.SetMode(gin.TestMode)
 			w := httptest.NewRecorder()
 			c, _ := gin.CreateTestContext(w)
 			c.Request = httptest.NewRequest(http.MethodGet, "/", nil)
 			h := &SoraGatewayHandler{}
 			h.handleStreamingAwareError(c, http.StatusBadGateway, tt.errType, tt.message, true)
 			body := w.Body.String()
 			require.True(t, strings.HasPrefix(body, "event: error\n"), "应以 SSE error 事件开头")
 			require.True(t, strings.HasSuffix(body, "\n\n"), "应以 SSE 结束分隔符结尾")
 			lines := strings.Split(strings.TrimSuffix(body, "\n\n"), "\n")
 			require.Len(t, lines, 2, "SSE 错误事件应包含 event 行和 data 行")
 			require.Equal(t, "event: error", lines[0])
 			require.True(t, strings.HasPrefix(lines[1], "data: "), "第二行应为 data 前缀")
 			jsonStr := strings.TrimPrefix(lines[1], "data: ")
 			var parsed map[string]any
 			require.NoError(t, json.Unmarshal([]byte(jsonStr), &parsed), "data 行必须是合法 JSON")
 			errorObj, ok := parsed["error"].(map[string]any)
 			require.True(t, ok, "JSON 中应包含 error 对象")
 			require.Equal(t, tt.errType, errorObj["type"])
 			require.Equal(t, tt.message, errorObj["message"])
 		})
 	}
 }
 func TestSoraHandleFailoverExhausted_StreamPassesUpstreamMessage(t *testing.T) {
 	gin.SetMode(gin.TestMode)
 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
 	c.Request = httptest.NewRequest(http.MethodGet, "/", nil)
 	h := &SoraGatewayHandler{}
 	resp := []byte(`{"error":{"message":"invalid \"prompt\"\nline2","code":"bad_request"}}`)
 	h.handleFailoverExhausted(c, http.StatusBadGateway, nil, resp, true)
 	body := w.Body.String()
 	require.True(t, strings.HasPrefix(body, "event: error\n"))
 	require.True(t, strings.HasSuffix(body, "\n\n"))
 	lines := strings.Split(strings.TrimSuffix(body, "\n\n"), "\n")
 	require.Len(t, lines, 2)
 	jsonStr := strings.TrimPrefix(lines[1], "data: ")
 	var parsed map[string]any
 	require.NoError(t, json.Unmarshal([]byte(jsonStr), &parsed))
 	errorObj, ok := parsed["error"].(map[string]any)
 	require.True(t, ok)
 	require.Equal(t, "upstream_error", errorObj["type"])
 	require.Equal(t, "invalid \"prompt\"\nline2", errorObj["message"])
 }
 func TestSoraHandleFailoverExhausted_CloudflareChallengeIncludesRay(t *testing.T) {
 	gin.SetMode(gin.TestMode)
 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
 	c.Request = httptest.NewRequest(http.MethodGet, "/", nil)
 	headers := http.Header{}
 	headers.Set("cf-ray", "9d01b0e9ecc35829-SEA")
 	body := []byte(`<!DOCTYPE html><html><head><title>Just a moment...</title></head><body><script>window._cf_chl_opt={};</script></body></html>`)
 	h := &SoraGatewayHandler{}
 	h.handleFailoverExhausted(c, http.StatusForbidden, headers, body, true)
 	lines := strings.Split(strings.TrimSuffix(w.Body.String(), "\n\n"), "\n")
 	require.Len(t, lines, 2)
 	jsonStr := strings.TrimPrefix(lines[1], "data: ")
 	var parsed map[string]any
 	require.NoError(t, json.Unmarshal([]byte(jsonStr), &parsed))
 	errorObj, ok := parsed["error"].(map[string]any)
 	require.True(t, ok)
 	require.Equal(t, "upstream_error", errorObj["type"])
 	msg, _ := errorObj["message"].(string)
 	require.Contains(t, msg, "Cloudflare challenge")
 	require.Contains(t, msg, "cf-ray: 9d01b0e9ecc35829-SEA")
 }
 func TestSoraHandleFailoverExhausted_CfShield429MappedToRateLimitError(t *testing.T) {
 	gin.SetMode(gin.TestMode)
 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
 	c.Request = httptest.NewRequest(http.MethodGet, "/", nil)
 	headers := http.Header{}
 	headers.Set("cf-ray", "9d03b68c086027a1-SEA")
 	body := []byte(`{"error":{"code":"cf_shield_429","message":"shield blocked"}}`)
 	h := &SoraGatewayHandler{}
 	h.handleFailoverExhausted(c, http.StatusTooManyRequests, headers, body, true)
 	lines := strings.Split(strings.TrimSuffix(w.Body.String(), "\n\n"), "\n")
 	require.Len(t, lines, 2)
 	jsonStr := strings.TrimPrefix(lines[1], "data: ")
 	var parsed map[string]any
 	require.NoError(t, json.Unmarshal([]byte(jsonStr), &parsed))
 	errorObj, ok := parsed["error"].(map[string]any)
 	require.True(t, ok)
 	require.Equal(t, "rate_limit_error", errorObj["type"])
 	msg, _ := errorObj["message"].(string)
 	require.Contains(t, msg, "Cloudflare shield")
 	require.Contains(t, msg, "cf-ray: 9d03b68c086027a1-SEA")
 }
 func TestExtractSoraFailoverHeaderInsights(t *testing.T) {
 	headers := http.Header{}
 	headers.Set("cf-mitigated", "challenge")
 	headers.Set("content-type", "text/html")
 	body := []byte(`<script>window._cf_chl_opt={cRay: '9cff2d62d83bb98d'};</script>`)
 	rayID, mitigated, contentType := extractSoraFailoverHeaderInsights(headers, body)
 	require.Equal(t, "9cff2d62d83bb98d", rayID)
 	require.Equal(t, "challenge", mitigated)
 	require.Equal(t, "text/html", contentType)
 }
--- a/backend/internal/handler/usage_record_submit_task_test.go
+++ b/backend/internal/handler/usage_record_submit_task_test.go
@ -129,56 +129,3 @@ func TestOpenAIGatewayHandlerSubmitUsageRecordTask_WithoutPool_TaskPanicRecovere
 	})
 	require.True(t, called.Load(), "panic 后后续任务应仍可执行")
 }
 func TestSoraGatewayHandlerSubmitUsageRecordTask_WithPool(t *testing.T) {
 	pool := newUsageRecordTestPool(t)
 	h := &SoraGatewayHandler{usageRecordWorkerPool: pool}
 	done := make(chan struct{})
 	h.submitUsageRecordTask(func(ctx context.Context) {
 		close(done)
 	})
 	select {
 	case <-done:
 	case <-time.After(time.Second):
 		t.Fatal("task not executed")
 	}
 }
 func TestSoraGatewayHandlerSubmitUsageRecordTask_WithoutPoolSyncFallback(t *testing.T) {
 	h := &SoraGatewayHandler{}
 	var called atomic.Bool
 	h.submitUsageRecordTask(func(ctx context.Context) {
 		if _, ok := ctx.Deadline(); !ok {
 			t.Fatal("expected deadline in fallback context")
 		}
 		called.Store(true)
 	})
 	require.True(t, called.Load())
 }
 func TestSoraGatewayHandlerSubmitUsageRecordTask_NilTask(t *testing.T) {
 	h := &SoraGatewayHandler{}
 	require.NotPanics(t, func() {
 		h.submitUsageRecordTask(nil)
 	})
 }
 func TestSoraGatewayHandlerSubmitUsageRecordTask_WithoutPool_TaskPanicRecovered(t *testing.T) {
 	h := &SoraGatewayHandler{}
 	var called atomic.Bool
 	require.NotPanics(t, func() {
 		h.submitUsageRecordTask(func(ctx context.Context) {
 			panic("usage task panic")
 		})
 	})
 	h.submitUsageRecordTask(func(ctx context.Context) {
 		called.Store(true)
 	})
 	require.True(t, called.Load(), "panic 后后续任务应仍可执行")
 }
--- a/backend/internal/handler/wire.go
+++ b/backend/internal/handler/wire.go
@ -33,6 +33,7 @@ func ProvideAdminHandlers(
 	tlsFingerprintProfileHandler *admin.TLSFingerprintProfileHandler,
 	apiKeyHandler *admin.AdminAPIKeyHandler,
 	scheduledTestHandler *admin.ScheduledTestHandler,
 	channelHandler *admin.ChannelHandler,
 ) *AdminHandlers {
 	return &AdminHandlers{
 		Dashboard:             dashboardHandler,
@ -59,6 +60,7 @@ func ProvideAdminHandlers(
 		TLSFingerprintProfile: tlsFingerprintProfileHandler,
 		APIKey:                apiKeyHandler,
 		ScheduledTest:         scheduledTestHandler,
 		Channel:               channelHandler,
 	}
 }
@ -84,8 +86,6 @@ func ProvideHandlers(
 	adminHandlers *AdminHandlers,
 	gatewayHandler *GatewayHandler,
 	openaiGatewayHandler *OpenAIGatewayHandler,
 	soraGatewayHandler *SoraGatewayHandler,
 	soraClientHandler *SoraClientHandler,
 	settingHandler *SettingHandler,
 	totpHandler *TotpHandler,
 	_ *service.IdempotencyCoordinator,
@ -102,8 +102,6 @@ func ProvideHandlers(
 		Admin:         adminHandlers,
 		Gateway:       gatewayHandler,
 		OpenAIGateway: openaiGatewayHandler,
 		SoraGateway:   soraGatewayHandler,
 		SoraClient:    soraClientHandler,
 		Setting:       settingHandler,
 		Totp:          totpHandler,
 	}
@ -121,7 +119,6 @@ var ProviderSet = wire.NewSet(
 	NewAnnouncementHandler,
 	NewGatewayHandler,
 	NewOpenAIGatewayHandler,
 	NewSoraGatewayHandler,
 	NewTotpHandler,
 	ProvideSettingHandler,
@ -150,6 +147,7 @@ var ProviderSet = wire.NewSet(
 	admin.NewTLSFingerprintProfileHandler,
 	admin.NewAdminAPIKeyHandler,
 	admin.NewScheduledTestHandler,
 	admin.NewChannelHandler,
 	// AdminHandlers and Handlers constructors
 	ProvideAdminHandlers,
--- a/backend/internal/pkg/antigravity/claude_types.go
+++ b/backend/internal/pkg/antigravity/claude_types.go
@ -125,6 +125,7 @@ type ClaudeUsage struct {
 	OutputTokens             int `json:"output_tokens"`
 	CacheCreationInputTokens int `json:"cache_creation_input_tokens,omitempty"`
 	CacheReadInputTokens     int `json:"cache_read_input_tokens,omitempty"`
 	ImageOutputTokens        int `json:"image_output_tokens,omitempty"`
 }
 // ClaudeError Claude 错误响应
--- a/backend/internal/pkg/antigravity/gemini_types.go
+++ b/backend/internal/pkg/antigravity/gemini_types.go
@ -149,13 +149,31 @@ type GeminiCandidate struct {
 	GroundingMetadata *GeminiGroundingMetadata `json:"groundingMetadata,omitempty"`
 }
 // GeminiTokenDetail Gemini token 详情（按模态分类）
 type GeminiTokenDetail struct {
 	Modality   string `json:"modality"`
 	TokenCount int    `json:"tokenCount"`
 }
 // GeminiUsageMetadata Gemini 用量元数据
 type GeminiUsageMetadata struct {
-	PromptTokenCount        int `json:"promptTokenCount,omitempty"`
+	PromptTokenCount        int                 `json:"promptTokenCount,omitempty"`
-	CandidatesTokenCount    int `json:"candidatesTokenCount,omitempty"`
+	CandidatesTokenCount    int                 `json:"candidatesTokenCount,omitempty"`
-	CachedContentTokenCount int `json:"cachedContentTokenCount,omitempty"`
+	CachedContentTokenCount int                 `json:"cachedContentTokenCount,omitempty"`
-	TotalTokenCount         int `json:"totalTokenCount,omitempty"`
+	TotalTokenCount         int                 `json:"totalTokenCount,omitempty"`
-	ThoughtsTokenCount      int `json:"thoughtsTokenCount,omitempty"` // thinking tokens（按输出价格计费）
+	ThoughtsTokenCount      int                 `json:"thoughtsTokenCount,omitempty"` // thinking tokens（按输出价格计费）
 	CandidatesTokensDetails []GeminiTokenDetail `json:"candidatesTokensDetails,omitempty"`
 	PromptTokensDetails     []GeminiTokenDetail `json:"promptTokensDetails,omitempty"`
 }
 // ImageOutputTokens 从 CandidatesTokensDetails 中提取 IMAGE 模态的 token 数
 func (m *GeminiUsageMetadata) ImageOutputTokens() int {
 	for _, d := range m.CandidatesTokensDetails {
 		if d.Modality == "IMAGE" {
 			return d.TokenCount
 		}
 	}
 	return 0
 }
 // GeminiGroundingMetadata Gemini grounding 元数据（Web Search）
--- a/backend/internal/pkg/antigravity/oauth.go
+++ b/backend/internal/pkg/antigravity/oauth.go
@ -53,6 +53,7 @@ const (
 // defaultUserAgentVersion 可通过环境变量 ANTIGRAVITY_USER_AGENT_VERSION 配置，默认 1.107.0
 var defaultUserAgentVersion = "1.107.0"
 // defaultClientSecret 必须通过环境变量 ANTIGRAVITY_OAUTH_CLIENT_SECRET 配置
 var defaultClientSecret string
--- a/backend/internal/pkg/antigravity/oauth_test.go
+++ b/backend/internal/pkg/antigravity/oauth_test.go
@ -690,7 +690,7 @@ func TestConstants_值正确(t *testing.T) {
 	if RedirectURI != "http://localhost:8085/callback" {
 		t.Errorf("RedirectURI 不匹配: got %s", RedirectURI)
 	}
-	if GetUserAgent() != "antigravity/1.20.5 windows/amd64" {
+	if GetUserAgent() != "antigravity/1.21.9 windows/amd64" {
 		t.Errorf("UserAgent 不匹配: got %s", GetUserAgent())
 	}
 	if SessionTTL != 30*time.Minute {
--- a/backend/internal/pkg/antigravity/response_transformer.go
+++ b/backend/internal/pkg/antigravity/response_transformer.go
@ -284,6 +284,7 @@ func (p *NonStreamingProcessor) buildResponse(geminiResp *GeminiResponse, respon
 		usage.InputTokens = geminiResp.UsageMetadata.PromptTokenCount - cached
 		usage.OutputTokens = geminiResp.UsageMetadata.CandidatesTokenCount + geminiResp.UsageMetadata.ThoughtsTokenCount
 		usage.CacheReadInputTokens = cached
 		usage.ImageOutputTokens = geminiResp.UsageMetadata.ImageOutputTokens()
 	}
 	// 生成响应 ID
--- a/backend/internal/pkg/antigravity/stream_transformer.go
+++ b/backend/internal/pkg/antigravity/stream_transformer.go
@ -32,9 +32,10 @@ type StreamingProcessor struct {
 	groundingChunks   []GeminiGroundingChunk
 	// 累计 usage
-	inputTokens     int
+	inputTokens       int
-	outputTokens    int
+	outputTokens      int
-	cacheReadTokens int
+	cacheReadTokens   int
 	imageOutputTokens int
 }
 // NewStreamingProcessor 创建流式响应处理器
@ -87,6 +88,7 @@ func (p *StreamingProcessor) ProcessLine(line string) []byte {
 		p.inputTokens = geminiResp.UsageMetadata.PromptTokenCount - cached
 		p.outputTokens = geminiResp.UsageMetadata.CandidatesTokenCount + geminiResp.UsageMetadata.ThoughtsTokenCount
 		p.cacheReadTokens = cached
 		p.imageOutputTokens = geminiResp.UsageMetadata.ImageOutputTokens()
 	}
 	// 处理 parts
@ -127,6 +129,7 @@ func (p *StreamingProcessor) Finish() ([]byte, *ClaudeUsage) {
 		InputTokens:          p.inputTokens,
 		OutputTokens:         p.outputTokens,
 		CacheReadInputTokens: p.cacheReadTokens,
 		ImageOutputTokens:    p.imageOutputTokens,
 	}
 	if !p.messageStartSent {
@ -158,6 +161,7 @@ func (p *StreamingProcessor) emitMessageStart(v1Resp *V1InternalResponse) []byte
 		usage.InputTokens = v1Resp.Response.UsageMetadata.PromptTokenCount - cached
 		usage.OutputTokens = v1Resp.Response.UsageMetadata.CandidatesTokenCount + v1Resp.Response.UsageMetadata.ThoughtsTokenCount
 		usage.CacheReadInputTokens = cached
 		usage.ImageOutputTokens = v1Resp.Response.UsageMetadata.ImageOutputTokens()
 	}
 	responseID := v1Resp.ResponseID
@ -485,6 +489,7 @@ func (p *StreamingProcessor) emitFinish(finishReason string) []byte {
 		InputTokens:          p.inputTokens,
 		OutputTokens:         p.outputTokens,
 		CacheReadInputTokens: p.cacheReadTokens,
 		ImageOutputTokens:    p.imageOutputTokens,
 	}
 	deltaEvent := map[string]any{
--- a/backend/internal/pkg/apicompat/chatcompletions_responses_test.go
+++ b/backend/internal/pkg/apicompat/chatcompletions_responses_test.go
@ -876,3 +876,182 @@ func TestChatCompletionsStreamRoundTrip(t *testing.T) {
 		assert.Equal(t, "resp_rt", c.ID)
 	}
 }
 // ---------------------------------------------------------------------------
 // BufferedResponseAccumulator tests
 // ---------------------------------------------------------------------------
 func TestBufferedResponseAccumulator_TextOnly(t *testing.T) {
 	acc := NewBufferedResponseAccumulator()
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.output_text.delta", Delta: "Hello"})
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.output_text.delta", Delta: ", world!"})
 	assert.True(t, acc.HasContent())
 	output := acc.BuildOutput()
 	require.Len(t, output, 1)
 	assert.Equal(t, "message", output[0].Type)
 	assert.Equal(t, "assistant", output[0].Role)
 	require.Len(t, output[0].Content, 1)
 	assert.Equal(t, "output_text", output[0].Content[0].Type)
 	assert.Equal(t, "Hello, world!", output[0].Content[0].Text)
 }
 func TestBufferedResponseAccumulator_ToolCalls(t *testing.T) {
 	acc := NewBufferedResponseAccumulator()
 	// Add function call at output_index=1
 	acc.ProcessEvent(&ResponsesStreamEvent{
 		Type:        "response.output_item.added",
 		OutputIndex: 1,
 		Item: &ResponsesOutput{
 			Type:   "function_call",
 			CallID: "call_abc",
 			Name:   "get_weather",
 		},
 	})
 	acc.ProcessEvent(&ResponsesStreamEvent{
 		Type:        "response.function_call_arguments.delta",
 		OutputIndex: 1,
 		Delta:       `{"city":`,
 	})
 	acc.ProcessEvent(&ResponsesStreamEvent{
 		Type:        "response.function_call_arguments.delta",
 		OutputIndex: 1,
 		Delta:       `"NYC"}`,
 	})
 	assert.True(t, acc.HasContent())
 	output := acc.BuildOutput()
 	require.Len(t, output, 1)
 	assert.Equal(t, "function_call", output[0].Type)
 	assert.Equal(t, "call_abc", output[0].CallID)
 	assert.Equal(t, "get_weather", output[0].Name)
 	assert.Equal(t, `{"city":"NYC"}`, output[0].Arguments)
 }
 func TestBufferedResponseAccumulator_Reasoning(t *testing.T) {
 	acc := NewBufferedResponseAccumulator()
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.reasoning_summary_text.delta", Delta: "Step 1: "})
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.reasoning_summary_text.delta", Delta: "think about it"})
 	assert.True(t, acc.HasContent())
 	output := acc.BuildOutput()
 	require.Len(t, output, 1)
 	assert.Equal(t, "reasoning", output[0].Type)
 	require.Len(t, output[0].Summary, 1)
 	assert.Equal(t, "summary_text", output[0].Summary[0].Type)
 	assert.Equal(t, "Step 1: think about it", output[0].Summary[0].Text)
 }
 func TestBufferedResponseAccumulator_Mixed(t *testing.T) {
 	acc := NewBufferedResponseAccumulator()
 	// Reasoning first
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.reasoning_summary_text.delta", Delta: "I thought about it."})
 	// Then text
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.output_text.delta", Delta: "The answer is 42."})
 	// Then a tool call
 	acc.ProcessEvent(&ResponsesStreamEvent{
 		Type:        "response.output_item.added",
 		OutputIndex: 2,
 		Item: &ResponsesOutput{
 			Type:   "function_call",
 			CallID: "call_1",
 			Name:   "verify",
 		},
 	})
 	acc.ProcessEvent(&ResponsesStreamEvent{
 		Type:        "response.function_call_arguments.delta",
 		OutputIndex: 2,
 		Delta:       `{}`,
 	})
 	assert.True(t, acc.HasContent())
 	output := acc.BuildOutput()
 	// Order: reasoning → message → function_calls
 	require.Len(t, output, 3)
 	assert.Equal(t, "reasoning", output[0].Type)
 	assert.Equal(t, "message", output[1].Type)
 	assert.Equal(t, "function_call", output[2].Type)
 	assert.Equal(t, "The answer is 42.", output[1].Content[0].Text)
 	assert.Equal(t, "verify", output[2].Name)
 }
 func TestBufferedResponseAccumulator_SupplementEmptyOutput(t *testing.T) {
 	acc := NewBufferedResponseAccumulator()
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.output_text.delta", Delta: "Hello"})
 	resp := &ResponsesResponse{
 		ID:     "resp_1",
 		Status: "completed",
 		Output: nil, // empty output
 		Usage:  &ResponsesUsage{InputTokens: 10, OutputTokens: 5},
 	}
 	acc.SupplementResponseOutput(resp)
 	require.Len(t, resp.Output, 1)
 	assert.Equal(t, "message", resp.Output[0].Type)
 	assert.Equal(t, "Hello", resp.Output[0].Content[0].Text)
 	// Usage should be untouched
 	assert.Equal(t, 10, resp.Usage.InputTokens)
 }
 func TestBufferedResponseAccumulator_NoSupplementWhenOutputExists(t *testing.T) {
 	acc := NewBufferedResponseAccumulator()
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.output_text.delta", Delta: "from deltas"})
 	resp := &ResponsesResponse{
 		ID:     "resp_2",
 		Status: "completed",
 		Output: []ResponsesOutput{
 			{
 				Type: "message",
 				Content: []ResponsesContentPart{
 					{Type: "output_text", Text: "from terminal event"},
 				},
 			},
 		},
 	}
 	acc.SupplementResponseOutput(resp)
 	// Output should NOT be overwritten
 	require.Len(t, resp.Output, 1)
 	assert.Equal(t, "from terminal event", resp.Output[0].Content[0].Text)
 }
 func TestBufferedResponseAccumulator_EmptyDeltas(t *testing.T) {
 	acc := NewBufferedResponseAccumulator()
 	// Process events with empty delta — should not accumulate
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.output_text.delta", Delta: ""})
 	acc.ProcessEvent(&ResponsesStreamEvent{Type: "response.created"})
 	assert.False(t, acc.HasContent())
 	resp := &ResponsesResponse{ID: "resp_3", Status: "completed"}
 	acc.SupplementResponseOutput(resp)
 	assert.Nil(t, resp.Output)
 }
 func TestBufferedResponseAccumulator_IgnoresNonFunctionCallItems(t *testing.T) {
 	acc := NewBufferedResponseAccumulator()
 	// output_item.added with type "message" should be ignored
 	acc.ProcessEvent(&ResponsesStreamEvent{
 		Type:        "response.output_item.added",
 		OutputIndex: 0,
 		Item:        &ResponsesOutput{Type: "message"},
 	})
 	assert.False(t, acc.HasContent())
 }
--- a/backend/internal/pkg/apicompat/responses_to_chatcompletions.go
+++ b/backend/internal/pkg/apicompat/responses_to_chatcompletions.go
@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"strings"
 	"time"
 )
@ -372,3 +373,119 @@ func generateChatCmplID() string {
 	_, _ = rand.Read(b)
 	return "chatcmpl-" + hex.EncodeToString(b)
 }
 // ---------------------------------------------------------------------------
 // BufferedResponseAccumulator: accumulates SSE delta events for non-streaming
 // paths where the terminal event may have empty output.
 // ---------------------------------------------------------------------------
 type bufferedFuncCall struct {
 	CallID string
 	Name   string
 	Args   strings.Builder
 }
 // BufferedResponseAccumulator collects content from Responses SSE delta events
 // so that non-streaming handlers can reconstruct output when the terminal event
 // (response.completed / response.done) carries an empty output array.
 type BufferedResponseAccumulator struct {
 	text                 strings.Builder
 	reasoning            strings.Builder
 	funcCalls            []bufferedFuncCall
 	outputIndexToFuncIdx map[int]int
 }
 // NewBufferedResponseAccumulator returns an initialised accumulator.
 func NewBufferedResponseAccumulator() *BufferedResponseAccumulator {
 	return &BufferedResponseAccumulator{
 		outputIndexToFuncIdx: make(map[int]int),
 	}
 }
 // ProcessEvent inspects a single Responses SSE event and accumulates any
 // content it carries. Only delta events that contribute to the final output
 // are handled; all other event types are silently ignored.
 func (a *BufferedResponseAccumulator) ProcessEvent(event *ResponsesStreamEvent) {
 	switch event.Type {
 	case "response.output_text.delta":
 		if event.Delta != "" {
 			_, _ = a.text.WriteString(event.Delta)
 		}
 	case "response.output_item.added":
 		if event.Item != nil && event.Item.Type == "function_call" {
 			idx := len(a.funcCalls)
 			a.outputIndexToFuncIdx[event.OutputIndex] = idx
 			a.funcCalls = append(a.funcCalls, bufferedFuncCall{
 				CallID: event.Item.CallID,
 				Name:   event.Item.Name,
 			})
 		}
 	case "response.function_call_arguments.delta":
 		if event.Delta != "" {
 			if idx, ok := a.outputIndexToFuncIdx[event.OutputIndex]; ok {
 				_, _ = a.funcCalls[idx].Args.WriteString(event.Delta)
 			}
 		}
 	case "response.reasoning_summary_text.delta":
 		if event.Delta != "" {
 			_, _ = a.reasoning.WriteString(event.Delta)
 		}
 	}
 }
 // HasContent reports whether any content has been accumulated.
 func (a *BufferedResponseAccumulator) HasContent() bool {
 	return a.text.Len() > 0 || len(a.funcCalls) > 0 || a.reasoning.Len() > 0
 }
 // BuildOutput constructs a []ResponsesOutput from the accumulated delta
 // content. The order matches what ResponsesToChatCompletions expects:
 // reasoning → message → function_calls.
 func (a *BufferedResponseAccumulator) BuildOutput() []ResponsesOutput {
 	var out []ResponsesOutput
 	if a.reasoning.Len() > 0 {
 		out = append(out, ResponsesOutput{
 			Type: "reasoning",
 			Summary: []ResponsesSummary{{
 				Type: "summary_text",
 				Text: a.reasoning.String(),
 			}},
 		})
 	}
 	if a.text.Len() > 0 {
 		out = append(out, ResponsesOutput{
 			Type: "message",
 			Role: "assistant",
 			Content: []ResponsesContentPart{{
 				Type: "output_text",
 				Text: a.text.String(),
 			}},
 		})
 	}
 	for i := range a.funcCalls {
 		out = append(out, ResponsesOutput{
 			Type:      "function_call",
 			CallID:    a.funcCalls[i].CallID,
 			Name:      a.funcCalls[i].Name,
 			Arguments: a.funcCalls[i].Args.String(),
 		})
 	}
 	return out
 }
 // SupplementResponseOutput fills resp.Output from accumulated delta content
 // when the terminal event delivered an empty output array. If resp.Output is
 // already populated, this is a no-op (preserves backward compatibility).
 func (a *BufferedResponseAccumulator) SupplementResponseOutput(resp *ResponsesResponse) {
 	if resp == nil || len(resp.Output) > 0 {
 		return
 	}
 	if !a.HasContent() {
 		return
 	}
 	resp.Output = a.BuildOutput()
 }
--- a/backend/internal/pkg/gemini/models.go
+++ b/backend/internal/pkg/gemini/models.go
@ -2,6 +2,8 @@
 // It is used when upstream model listing is unavailable (e.g. OAuth token missing AI Studio scopes).
 package gemini
 import "strings"
 type Model struct {
 	Name                       string   `json:"name"`
 	DisplayName                string   `json:"displayName,omitempty"`
@ -23,10 +25,27 @@ func DefaultModels() []Model {
 		{Name: "models/gemini-3-flash-preview", SupportedGenerationMethods: methods},
 		{Name: "models/gemini-3-pro-preview", SupportedGenerationMethods: methods},
 		{Name: "models/gemini-3.1-pro-preview", SupportedGenerationMethods: methods},
 		{Name: "models/gemini-3.1-pro-preview-customtools", SupportedGenerationMethods: methods},
 		{Name: "models/gemini-3.1-flash-image", SupportedGenerationMethods: methods},
 	}
 }
 func HasFallbackModel(model string) bool {
 	trimmed := strings.TrimSpace(model)
 	if trimmed == "" {
 		return false
 	}
 	if !strings.HasPrefix(trimmed, "models/") {
 		trimmed = "models/" + trimmed
 	}
 	for _, model := range DefaultModels() {
 		if model.Name == trimmed {
 			return true
 		}
 	}
 	return false
 }
 func FallbackModelsList() ModelsListResponse {
 	return ModelsListResponse{Models: DefaultModels()}
 }
--- a/backend/internal/pkg/gemini/models_test.go
+++ b/backend/internal/pkg/gemini/models_test.go
@ -2,7 +2,7 @@ package gemini
 import "testing"
-func TestDefaultModels_ContainsImageModels(t *testing.T) {
+func TestDefaultModels_ContainsFallbackCatalogModels(t *testing.T) {
 	t.Parallel()
 	models := DefaultModels()
@ -13,6 +13,7 @@ func TestDefaultModels_ContainsImageModels(t *testing.T) {
 	required := []string{
 		"models/gemini-2.5-flash-image",
 		"models/gemini-3.1-pro-preview-customtools",
 		"models/gemini-3.1-flash-image",
 	}
@ -26,3 +27,17 @@ func TestDefaultModels_ContainsImageModels(t *testing.T) {
 		}
 	}
 }
 func TestHasFallbackModel_RecognizesCustomtoolsModel(t *testing.T) {
 	t.Parallel()
 	if !HasFallbackModel("gemini-3.1-pro-preview-customtools") {
 		t.Fatalf("expected customtools model to exist in fallback catalog")
 	}
 	if !HasFallbackModel("models/gemini-3.1-pro-preview-customtools") {
 		t.Fatalf("expected prefixed customtools model to exist in fallback catalog")
 	}
 	if HasFallbackModel("gemini-unknown") {
 		t.Fatalf("did not expect unknown model to exist in fallback catalog")
 	}
 }
--- a/backend/internal/pkg/openai/oauth.go
+++ b/backend/internal/pkg/openai/oauth.go
@ -17,8 +17,6 @@ import (
 const (
 	// OAuth Client ID for OpenAI (Codex CLI official)
 	ClientID = "app_EMoamEEZ73f0CkXaXp7hrann"
 	// OAuth Client ID for Sora mobile flow (aligned with sora2api)
 	SoraClientID = "app_LlGpXReQgckcGGUo2JrYvtJK"
 	// OAuth endpoints
 	AuthorizeURL = "https://auth.openai.com/oauth/authorize"
@ -39,8 +37,6 @@ const (
 const (
 	// OAuthPlatformOpenAI uses OpenAI Codex-compatible OAuth client.
 	OAuthPlatformOpenAI = "openai"
 	// OAuthPlatformSora uses Sora OAuth client.
 	OAuthPlatformSora = "sora"
 )
 // OAuthSession stores OAuth flow state for OpenAI
@ -211,15 +207,8 @@ func BuildAuthorizationURLForPlatform(state, codeChallenge, redirectURI, platfor
 }
 // OAuthClientConfigByPlatform returns oauth client_id and whether codex simplified flow should be enabled.
 // Sora 授权流程复用 Codex CLI 的 client_id（支持 localhost redirect_uri），
 // 但不启用 codex_cli_simplified_flow；拿到的 access_token 绑定同一 OpenAI 账号，对 Sora API 同样可用。
 func OAuthClientConfigByPlatform(platform string) (clientID string, codexFlow bool) {
-	switch strings.ToLower(strings.TrimSpace(platform)) {
+	return ClientID, true
 	case OAuthPlatformSora:
 		return ClientID, false
 	default:
 		return ClientID, true
 	}
 }
 // TokenRequest represents the token exchange request body
--- a/backend/internal/pkg/openai/oauth_test.go
+++ b/backend/internal/pkg/openai/oauth_test.go
@ -60,23 +60,3 @@ func TestBuildAuthorizationURLForPlatform_OpenAI(t *testing.T) {
 		t.Fatalf("id_token_add_organizations mismatch: got=%q want=true", got)
 	}
 }
 // TestBuildAuthorizationURLForPlatform_Sora 验证 Sora 平台复用 Codex CLI 的 client_id，
 // 但不启用 codex_cli_simplified_flow。
 func TestBuildAuthorizationURLForPlatform_Sora(t *testing.T) {
 	authURL := BuildAuthorizationURLForPlatform("state-2", "challenge-2", DefaultRedirectURI, OAuthPlatformSora)
 	parsed, err := url.Parse(authURL)
 	if err != nil {
 		t.Fatalf("Parse URL failed: %v", err)
 	}
 	q := parsed.Query()
 	if got := q.Get("client_id"); got != ClientID {
 		t.Fatalf("client_id mismatch: got=%q want=%q (Sora should reuse Codex CLI client_id)", got, ClientID)
 	}
 	if got := q.Get("codex_cli_simplified_flow"); got != "" {
 		t.Fatalf("codex flow should be empty for sora, got=%q", got)
 	}
 	if got := q.Get("id_token_add_organizations"); got != "true" {
 		t.Fatalf("id_token_add_organizations mismatch: got=%q want=true", got)
 	}
 }
--- a/backend/internal/pkg/usagestats/usage_log_types.go
+++ b/backend/internal/pkg/usagestats/usage_log_types.go
@ -175,6 +175,13 @@ type UserBreakdownDimension struct {
 	ModelType    string // "requested", "upstream", or "mapping"
 	Endpoint     string // filter by endpoint value (non-empty to enable)
 	EndpointType string // "inbound", "upstream", or "path"
 	// Additional filter conditions
 	UserID      int64  // filter by user_id (>0 to enable)
 	APIKeyID    int64  // filter by api_key_id (>0 to enable)
 	AccountID   int64  // filter by account_id (>0 to enable)
 	RequestType *int16 // filter by request_type (non-nil to enable)
 	Stream      *bool  // filter by stream flag (non-nil to enable)
 	BillingType *int8  // filter by billing_type (non-nil to enable)
 }
 // APIKeyUsageTrendPoint represents API key usage trend data point
@ -230,6 +237,7 @@ type UsageLogFilters struct {
 	RequestType *int16
 	Stream      *bool
 	BillingType *int8
 	BillingMode string
 	StartTime   *time.Time
 	EndTime     *time.Time
 	// ExactTotal requests exact COUNT(*) for pagination. Default false for fast large-table paging.
--- a/backend/internal/repository/account_repo.go
+++ b/backend/internal/repository/account_repo.go
@ -468,6 +468,14 @@ func (r *accountRepository) ListWithFilters(ctx context.Context, params paginati
 	}
 	if status != "" {
 		switch status {
 		case service.StatusActive:
 			q = q.Where(
 				dbaccount.StatusEQ(status),
 				dbaccount.Or(
 					dbaccount.RateLimitResetAtIsNil(),
 					dbaccount.RateLimitResetAtLTE(time.Now()),
 				),
 			)
 		case "rate_limited":
 			q = q.Where(dbaccount.RateLimitResetAtGT(time.Now()))
 		case "temp_unschedulable":
@ -1692,20 +1700,13 @@ func itoa(v int) string {
 }
 // FindByExtraField 根据 extra 字段中的键值对查找账号。
 // 该方法限定 platform='sora'，避免误查询其他平台的账号。
 // 使用 PostgreSQL JSONB @> 操作符进行高效查询（需要 GIN 索引支持）。
 //
 // 应用场景：查找通过 linked_openai_account_id 关联的 Sora 账号。
 //
 // FindByExtraField finds accounts by key-value pairs in the extra field.
 // Limited to platform='sora' to avoid querying accounts from other platforms.
 // Uses PostgreSQL JSONB @> operator for efficient queries (requires GIN index).
 //
 // Use case: Finding Sora accounts linked via linked_openai_account_id.
 func (r *accountRepository) FindByExtraField(ctx context.Context, key string, value any) ([]service.Account, error) {
 	accounts, err := r.client.Account.Query().
 		Where(
 			dbaccount.PlatformEQ("sora"), // 限定平台为 sora
 			dbaccount.DeletedAtIsNil(),
 			func(s *entsql.Selector) {
 				path := sqljson.Path(key)
--- a/backend/internal/repository/account_repo_integration_test.go
+++ b/backend/internal/repository/account_repo_integration_test.go
@ -255,6 +255,22 @@ func (s *AccountRepoSuite) TestListWithFilters() {
 				s.Require().Equal(service.StatusDisabled, accounts[0].Status)
 			},
 		},
 		{
 			name: "filter_by_status_active_excludes_rate_limited",
 			setup: func(client *dbent.Client) {
 				mustCreateAccount(s.T(), client, &service.Account{Name: "active-normal", Status: service.StatusActive})
 				rateLimited := mustCreateAccount(s.T(), client, &service.Account{Name: "active-rate-limited", Status: service.StatusActive})
 				err := client.Account.UpdateOneID(rateLimited.ID).
 					SetRateLimitResetAt(time.Now().Add(10 * time.Minute)).
 					Exec(context.Background())
 				s.Require().NoError(err)
 			},
 			status:    service.StatusActive,
 			wantCount: 1,
 			validate: func(accounts []service.Account) {
 				s.Require().Equal("active-normal", accounts[0].Name)
 			},
 		},
 		{
 			name: "filter_by_search",
 			setup: func(client *dbent.Client) {
--- a/backend/internal/repository/api_key_repo.go
+++ b/backend/internal/repository/api_key_repo.go
@ -155,10 +155,6 @@ func (r *apiKeyRepository) GetByKeyForAuth(ctx context.Context, key string) (*se
 				group.FieldImagePrice1k,
 				group.FieldImagePrice2k,
 				group.FieldImagePrice4k,
 				group.FieldSoraImagePrice360,
 				group.FieldSoraImagePrice540,
 				group.FieldSoraVideoPricePerRequest,
 				group.FieldSoraVideoPricePerRequestHd,
 				group.FieldClaudeCodeOnly,
 				group.FieldFallbackGroupID,
 				group.FieldFallbackGroupIDOnInvalidRequest,
@ -608,22 +604,20 @@ func userEntityToService(u *dbent.User) *service.User {
 		return nil
 	}
 	return &service.User{
-		ID:                    u.ID,
+		ID:                  u.ID,
-		Email:                 u.Email,
+		Email:               u.Email,
-		Username:              u.Username,
+		Username:            u.Username,
-		Notes:                 u.Notes,
+		Notes:               u.Notes,
-		PasswordHash:          u.PasswordHash,
+		PasswordHash:        u.PasswordHash,
-		Role:                  u.Role,
+		Role:                u.Role,
-		Balance:               u.Balance,
+		Balance:             u.Balance,
-		Concurrency:           u.Concurrency,
+		Concurrency:         u.Concurrency,
-		Status:                u.Status,
+		Status:              u.Status,
-		SoraStorageQuotaBytes: u.SoraStorageQuotaBytes,
+		TotpSecretEncrypted: u.TotpSecretEncrypted,
-		SoraStorageUsedBytes:  u.SoraStorageUsedBytes,
+		TotpEnabled:         u.TotpEnabled,
-		TotpSecretEncrypted:   u.TotpSecretEncrypted,
+		TotpEnabledAt:       u.TotpEnabledAt,
-		TotpEnabled:           u.TotpEnabled,
+		CreatedAt:           u.CreatedAt,
-		TotpEnabledAt:         u.TotpEnabledAt,
+		UpdatedAt:           u.UpdatedAt,
 		CreatedAt:             u.CreatedAt,
 		UpdatedAt:             u.UpdatedAt,
 	}
 }
@ -647,11 +641,6 @@ func groupEntityToService(g *dbent.Group) *service.Group {
 		ImagePrice1K:                    g.ImagePrice1k,
 		ImagePrice2K:                    g.ImagePrice2k,
 		ImagePrice4K:                    g.ImagePrice4k,
 		SoraImagePrice360:               g.SoraImagePrice360,
 		SoraImagePrice540:               g.SoraImagePrice540,
 		SoraVideoPricePerRequest:        g.SoraVideoPricePerRequest,
 		SoraVideoPricePerRequestHD:      g.SoraVideoPricePerRequestHd,
 		SoraStorageQuotaBytes:           g.SoraStorageQuotaBytes,
 		DefaultValidityDays:             g.DefaultValidityDays,
 		ClaudeCodeOnly:                  g.ClaudeCodeOnly,
 		FallbackGroupID:                 g.FallbackGroupID,
@ -662,6 +651,8 @@ func groupEntityToService(g *dbent.Group) *service.Group {
 		SupportedModelScopes:            g.SupportedModelScopes,
 		SortOrder:                       g.SortOrder,
 		AllowMessagesDispatch:           g.AllowMessagesDispatch,
 		RequireOAuthOnly:                g.RequireOauthOnly,
 		RequirePrivacySet:               g.RequirePrivacySet,
 		DefaultMappedModel:              g.DefaultMappedModel,
 		CreatedAt:                       g.CreatedAt,
 		UpdatedAt:                       g.UpdatedAt,
--- a/backend/internal/repository/channel_repo.go
+++ b/backend/internal/repository/channel_repo.go
@ -0,0 +1,461 @@
 package repository
 import (
 	"context"
 	"database/sql"
 	"encoding/json"
 	"fmt"
 	"strings"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/pagination"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/lib/pq"
 )
 type channelRepository struct {
 	db *sql.DB
 }
 // NewChannelRepository 创建渠道数据访问实例
 func NewChannelRepository(db *sql.DB) service.ChannelRepository {
 	return &channelRepository{db: db}
 }
 // runInTx 在事务中执行 fn，成功 commit，失败 rollback。
 func (r *channelRepository) runInTx(ctx context.Context, fn func(tx *sql.Tx) error) error {
 	tx, err := r.db.BeginTx(ctx, nil)
 	if err != nil {
 		return fmt.Errorf("begin tx: %w", err)
 	}
 	defer func() { _ = tx.Rollback() }()
 	if err := fn(tx); err != nil {
 		return err
 	}
 	return tx.Commit()
 }
 func (r *channelRepository) Create(ctx context.Context, channel *service.Channel) error {
 	return r.runInTx(ctx, func(tx *sql.Tx) error {
 		modelMappingJSON, err := marshalModelMapping(channel.ModelMapping)
 		if err != nil {
 			return err
 		}
 		err = tx.QueryRowContext(ctx,
 			`INSERT INTO channels (name, description, status, model_mapping, billing_model_source, restrict_models) VALUES ($1, $2, $3, $4, $5, $6)
 			 RETURNING id, created_at, updated_at`,
 			channel.Name, channel.Description, channel.Status, modelMappingJSON, channel.BillingModelSource, channel.RestrictModels,
 		).Scan(&channel.ID, &channel.CreatedAt, &channel.UpdatedAt)
 		if err != nil {
 			if isUniqueViolation(err) {
 				return service.ErrChannelExists
 			}
 			return fmt.Errorf("insert channel: %w", err)
 		}
 		// 设置分组关联
 		if len(channel.GroupIDs) > 0 {
 			if err := setGroupIDsTx(ctx, tx, channel.ID, channel.GroupIDs); err != nil {
 				return err
 			}
 		}
 		// 设置模型定价
 		if len(channel.ModelPricing) > 0 {
 			if err := replaceModelPricingTx(ctx, tx, channel.ID, channel.ModelPricing); err != nil {
 				return err
 			}
 		}
 		return nil
 	})
 }
 func (r *channelRepository) GetByID(ctx context.Context, id int64) (*service.Channel, error) {
 	ch := &service.Channel{}
 	var modelMappingJSON []byte
 	err := r.db.QueryRowContext(ctx,
 		`SELECT id, name, description, status, model_mapping, billing_model_source, restrict_models, created_at, updated_at
 		 FROM channels WHERE id = $1`, id,
 	).Scan(&ch.ID, &ch.Name, &ch.Description, &ch.Status, &modelMappingJSON, &ch.BillingModelSource, &ch.RestrictModels, &ch.CreatedAt, &ch.UpdatedAt)
 	if err == sql.ErrNoRows {
 		return nil, service.ErrChannelNotFound
 	}
 	if err != nil {
 		return nil, fmt.Errorf("get channel: %w", err)
 	}
 	ch.ModelMapping = unmarshalModelMapping(modelMappingJSON)
 	groupIDs, err := r.GetGroupIDs(ctx, id)
 	if err != nil {
 		return nil, err
 	}
 	ch.GroupIDs = groupIDs
 	pricing, err := r.ListModelPricing(ctx, id)
 	if err != nil {
 		return nil, err
 	}
 	ch.ModelPricing = pricing
 	return ch, nil
 }
 func (r *channelRepository) Update(ctx context.Context, channel *service.Channel) error {
 	return r.runInTx(ctx, func(tx *sql.Tx) error {
 		modelMappingJSON, err := marshalModelMapping(channel.ModelMapping)
 		if err != nil {
 			return err
 		}
 		result, err := tx.ExecContext(ctx,
 			`UPDATE channels SET name = $1, description = $2, status = $3, model_mapping = $4, billing_model_source = $5, restrict_models = $6, updated_at = NOW()
 			 WHERE id = $7`,
 			channel.Name, channel.Description, channel.Status, modelMappingJSON, channel.BillingModelSource, channel.RestrictModels, channel.ID,
 		)
 		if err != nil {
 			if isUniqueViolation(err) {
 				return service.ErrChannelExists
 			}
 			return fmt.Errorf("update channel: %w", err)
 		}
 		rows, _ := result.RowsAffected()
 		if rows == 0 {
 			return service.ErrChannelNotFound
 		}
 		// 更新分组关联
 		if channel.GroupIDs != nil {
 			if err := setGroupIDsTx(ctx, tx, channel.ID, channel.GroupIDs); err != nil {
 				return err
 			}
 		}
 		// 更新模型定价
 		if channel.ModelPricing != nil {
 			if err := replaceModelPricingTx(ctx, tx, channel.ID, channel.ModelPricing); err != nil {
 				return err
 			}
 		}
 		return nil
 	})
 }
 func (r *channelRepository) Delete(ctx context.Context, id int64) error {
 	result, err := r.db.ExecContext(ctx, `DELETE FROM channels WHERE id = $1`, id)
 	if err != nil {
 		return fmt.Errorf("delete channel: %w", err)
 	}
 	rows, _ := result.RowsAffected()
 	if rows == 0 {
 		return service.ErrChannelNotFound
 	}
 	return nil
 }
 func (r *channelRepository) List(ctx context.Context, params pagination.PaginationParams, status, search string) ([]service.Channel, *pagination.PaginationResult, error) {
 	where := []string{"1=1"}
 	args := []any{}
 	argIdx := 1
 	if status != "" {
 		where = append(where, fmt.Sprintf("c.status = $%d", argIdx))
 		args = append(args, status)
 		argIdx++
 	}
 	if search != "" {
 		where = append(where, fmt.Sprintf("(c.name ILIKE $%d OR c.description ILIKE $%d)", argIdx, argIdx))
 		args = append(args, "%"+escapeLike(search)+"%")
 		argIdx++
 	}
 	whereClause := strings.Join(where, " AND ")
 	// 计数
 	var total int64
 	countQuery := fmt.Sprintf("SELECT COUNT(*) FROM channels c WHERE %s", whereClause)
 	if err := r.db.QueryRowContext(ctx, countQuery, args...).Scan(&total); err != nil {
 		return nil, nil, fmt.Errorf("count channels: %w", err)
 	}
 	pageSize := params.Limit() // 约束在 [1, 100]
 	page := params.Page
 	if page < 1 {
 		page = 1
 	}
 	offset := (page - 1) * pageSize
 	// 查询 channel 列表
 	dataQuery := fmt.Sprintf(
 		`SELECT c.id, c.name, c.description, c.status, c.model_mapping, c.billing_model_source, c.restrict_models, c.created_at, c.updated_at
 		 FROM channels c WHERE %s ORDER BY c.id ASC LIMIT $%d OFFSET $%d`,
 		whereClause, argIdx, argIdx+1,
 	)
 	args = append(args, pageSize, offset)
 	rows, err := r.db.QueryContext(ctx, dataQuery, args...)
 	if err != nil {
 		return nil, nil, fmt.Errorf("query channels: %w", err)
 	}
 	defer func() { _ = rows.Close() }()
 	var channels []service.Channel
 	var channelIDs []int64
 	for rows.Next() {
 		var ch service.Channel
 		var modelMappingJSON []byte
 		if err := rows.Scan(&ch.ID, &ch.Name, &ch.Description, &ch.Status, &modelMappingJSON, &ch.BillingModelSource, &ch.RestrictModels, &ch.CreatedAt, &ch.UpdatedAt); err != nil {
 			return nil, nil, fmt.Errorf("scan channel: %w", err)
 		}
 		ch.ModelMapping = unmarshalModelMapping(modelMappingJSON)
 		channels = append(channels, ch)
 		channelIDs = append(channelIDs, ch.ID)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, nil, fmt.Errorf("iterate channels: %w", err)
 	}
 	// 批量加载分组 ID 和模型定价（避免 N+1）
 	if len(channelIDs) > 0 {
 		groupMap, err := r.batchLoadGroupIDs(ctx, channelIDs)
 		if err != nil {
 			return nil, nil, err
 		}
 		pricingMap, err := r.batchLoadModelPricing(ctx, channelIDs)
 		if err != nil {
 			return nil, nil, err
 		}
 		for i := range channels {
 			channels[i].GroupIDs = groupMap[channels[i].ID]
 			channels[i].ModelPricing = pricingMap[channels[i].ID]
 		}
 	}
 	pages := 0
 	if total > 0 {
 		pages = int((total + int64(pageSize) - 1) / int64(pageSize))
 	}
 	paginationResult := &pagination.PaginationResult{
 		Total:    total,
 		Page:     page,
 		PageSize: pageSize,
 		Pages:    pages,
 	}
 	return channels, paginationResult, nil
 }
 func (r *channelRepository) ListAll(ctx context.Context) ([]service.Channel, error) {
 	rows, err := r.db.QueryContext(ctx,
 		`SELECT id, name, description, status, model_mapping, billing_model_source, restrict_models, created_at, updated_at FROM channels ORDER BY id`,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("query all channels: %w", err)
 	}
 	defer func() { _ = rows.Close() }()
 	var channels []service.Channel
 	var channelIDs []int64
 	for rows.Next() {
 		var ch service.Channel
 		var modelMappingJSON []byte
 		if err := rows.Scan(&ch.ID, &ch.Name, &ch.Description, &ch.Status, &modelMappingJSON, &ch.BillingModelSource, &ch.RestrictModels, &ch.CreatedAt, &ch.UpdatedAt); err != nil {
 			return nil, fmt.Errorf("scan channel: %w", err)
 		}
 		ch.ModelMapping = unmarshalModelMapping(modelMappingJSON)
 		channels = append(channels, ch)
 		channelIDs = append(channelIDs, ch.ID)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, fmt.Errorf("iterate channels: %w", err)
 	}
 	if len(channelIDs) == 0 {
 		return channels, nil
 	}
 	// 批量加载分组 ID
 	groupMap, err := r.batchLoadGroupIDs(ctx, channelIDs)
 	if err != nil {
 		return nil, err
 	}
 	// 批量加载模型定价
 	pricingMap, err := r.batchLoadModelPricing(ctx, channelIDs)
 	if err != nil {
 		return nil, err
 	}
 	for i := range channels {
 		channels[i].GroupIDs = groupMap[channels[i].ID]
 		channels[i].ModelPricing = pricingMap[channels[i].ID]
 	}
 	return channels, nil
 }
 // --- 批量加载辅助方法 ---
 // batchLoadGroupIDs 批量加载多个渠道的分组 ID
 func (r *channelRepository) batchLoadGroupIDs(ctx context.Context, channelIDs []int64) (map[int64][]int64, error) {
 	rows, err := r.db.QueryContext(ctx,
 		`SELECT channel_id, group_id FROM channel_groups
 		 WHERE channel_id = ANY($1) ORDER BY channel_id, group_id`,
 		pq.Array(channelIDs),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("batch load group ids: %w", err)
 	}
 	defer func() { _ = rows.Close() }()
 	groupMap := make(map[int64][]int64, len(channelIDs))
 	for rows.Next() {
 		var channelID, groupID int64
 		if err := rows.Scan(&channelID, &groupID); err != nil {
 			return nil, fmt.Errorf("scan group id: %w", err)
 		}
 		groupMap[channelID] = append(groupMap[channelID], groupID)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, fmt.Errorf("iterate group ids: %w", err)
 	}
 	return groupMap, nil
 }
 func (r *channelRepository) ExistsByName(ctx context.Context, name string) (bool, error) {
 	var exists bool
 	err := r.db.QueryRowContext(ctx,
 		`SELECT EXISTS(SELECT 1 FROM channels WHERE name = $1)`, name,
 	).Scan(&exists)
 	return exists, err
 }
 func (r *channelRepository) ExistsByNameExcluding(ctx context.Context, name string, excludeID int64) (bool, error) {
 	var exists bool
 	err := r.db.QueryRowContext(ctx,
 		`SELECT EXISTS(SELECT 1 FROM channels WHERE name = $1 AND id != $2)`, name, excludeID,
 	).Scan(&exists)
 	return exists, err
 }
 // --- 分组关联 ---
 func (r *channelRepository) GetGroupIDs(ctx context.Context, channelID int64) ([]int64, error) {
 	rows, err := r.db.QueryContext(ctx,
 		`SELECT group_id FROM channel_groups WHERE channel_id = $1 ORDER BY group_id`, channelID,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("get group ids: %w", err)
 	}
 	defer func() { _ = rows.Close() }()
 	var ids []int64
 	for rows.Next() {
 		var id int64
 		if err := rows.Scan(&id); err != nil {
 			return nil, fmt.Errorf("scan group id: %w", err)
 		}
 		ids = append(ids, id)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, fmt.Errorf("iterate group ids: %w", err)
 	}
 	return ids, nil
 }
 func (r *channelRepository) SetGroupIDs(ctx context.Context, channelID int64, groupIDs []int64) error {
 	return setGroupIDsTx(ctx, r.db, channelID, groupIDs)
 }
 func (r *channelRepository) GetChannelIDByGroupID(ctx context.Context, groupID int64) (int64, error) {
 	var channelID int64
 	err := r.db.QueryRowContext(ctx,
 		`SELECT channel_id FROM channel_groups WHERE group_id = $1`, groupID,
 	).Scan(&channelID)
 	if err == sql.ErrNoRows {
 		return 0, nil
 	}
 	return channelID, err
 }
 func (r *channelRepository) GetGroupsInOtherChannels(ctx context.Context, channelID int64, groupIDs []int64) ([]int64, error) {
 	if len(groupIDs) == 0 {
 		return nil, nil
 	}
 	rows, err := r.db.QueryContext(ctx,
 		`SELECT group_id FROM channel_groups WHERE group_id = ANY($1) AND channel_id != $2`,
 		pq.Array(groupIDs), channelID,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("get groups in other channels: %w", err)
 	}
 	defer func() { _ = rows.Close() }()
 	var conflicting []int64
 	for rows.Next() {
 		var id int64
 		if err := rows.Scan(&id); err != nil {
 			return nil, fmt.Errorf("scan conflicting group id: %w", err)
 		}
 		conflicting = append(conflicting, id)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, fmt.Errorf("iterate conflicting group ids: %w", err)
 	}
 	return conflicting, nil
 }
 // marshalModelMapping 将 model mapping 序列化为嵌套 JSON 字节
 // 格式：{"platform": {"src": "dst"}, ...}
 func marshalModelMapping(m map[string]map[string]string) ([]byte, error) {
 	if len(m) == 0 {
 		return []byte("{}"), nil
 	}
 	data, err := json.Marshal(m)
 	if err != nil {
 		return nil, fmt.Errorf("marshal model_mapping: %w", err)
 	}
 	return data, nil
 }
 // unmarshalModelMapping 将 JSON 字节反序列化为嵌套 model mapping
 func unmarshalModelMapping(data []byte) map[string]map[string]string {
 	if len(data) == 0 {
 		return nil
 	}
 	var m map[string]map[string]string
 	if err := json.Unmarshal(data, &m); err != nil {
 		return nil
 	}
 	return m
 }
 // GetGroupPlatforms 批量查询分组 ID 对应的平台
 func (r *channelRepository) GetGroupPlatforms(ctx context.Context, groupIDs []int64) (map[int64]string, error) {
 	if len(groupIDs) == 0 {
 		return make(map[int64]string), nil
 	}
 	rows, err := r.db.QueryContext(ctx,
 		`SELECT id, platform FROM groups WHERE id = ANY($1)`,
 		pq.Array(groupIDs),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("get group platforms: %w", err)
 	}
 	defer rows.Close() //nolint:errcheck
 	result := make(map[int64]string, len(groupIDs))
 	for rows.Next() {
 		var id int64
 		var platform string
 		if err := rows.Scan(&id, &platform); err != nil {
 			return nil, fmt.Errorf("scan group platform: %w", err)
 		}
 		result[id] = platform
 	}
 	if err := rows.Err(); err != nil {
 		return nil, fmt.Errorf("iterate group platforms: %w", err)
 	}
 	return result, nil
 }
--- a/backend/internal/repository/channel_repo_pricing.go
+++ b/backend/internal/repository/channel_repo_pricing.go
@ -0,0 +1,291 @@
 package repository
 import (
 	"context"
 	"database/sql"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"strings"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/lib/pq"
 )
 // --- 模型定价 ---
 func (r *channelRepository) ListModelPricing(ctx context.Context, channelID int64) ([]service.ChannelModelPricing, error) {
 	rows, err := r.db.QueryContext(ctx,
 		`SELECT id, channel_id, platform, models, billing_mode, input_price, output_price, cache_write_price, cache_read_price, image_output_price, per_request_price, created_at, updated_at
 		 FROM channel_model_pricing WHERE channel_id = $1 ORDER BY id`, channelID,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("list model pricing: %w", err)
 	}
 	defer func() { _ = rows.Close() }()
 	result, pricingIDs, err := scanModelPricingRows(rows)
 	if err != nil {
 		return nil, err
 	}
 	if len(pricingIDs) > 0 {
 		intervalMap, err := r.batchLoadIntervals(ctx, pricingIDs)
 		if err != nil {
 			return nil, err
 		}
 		for i := range result {
 			result[i].Intervals = intervalMap[result[i].ID]
 		}
 	}
 	return result, nil
 }
 func (r *channelRepository) CreateModelPricing(ctx context.Context, pricing *service.ChannelModelPricing) error {
 	return createModelPricingExec(ctx, r.db, pricing)
 }
 func (r *channelRepository) UpdateModelPricing(ctx context.Context, pricing *service.ChannelModelPricing) error {
 	modelsJSON, err := json.Marshal(pricing.Models)
 	if err != nil {
 		return fmt.Errorf("marshal models: %w", err)
 	}
 	billingMode := pricing.BillingMode
 	if billingMode == "" {
 		billingMode = service.BillingModeToken
 	}
 	result, err := r.db.ExecContext(ctx,
 		`UPDATE channel_model_pricing
 		 SET models = $1, billing_mode = $2, input_price = $3, output_price = $4, cache_write_price = $5, cache_read_price = $6, image_output_price = $7, per_request_price = $8, platform = $9, updated_at = NOW()
 		 WHERE id = $10`,
 		modelsJSON, billingMode, pricing.InputPrice, pricing.OutputPrice, pricing.CacheWritePrice, pricing.CacheReadPrice,
 		pricing.ImageOutputPrice, pricing.PerRequestPrice, pricing.Platform, pricing.ID,
 	)
 	if err != nil {
 		return fmt.Errorf("update model pricing: %w", err)
 	}
 	rows, _ := result.RowsAffected()
 	if rows == 0 {
 		return fmt.Errorf("pricing entry not found: %d", pricing.ID)
 	}
 	return nil
 }
 func (r *channelRepository) DeleteModelPricing(ctx context.Context, id int64) error {
 	_, err := r.db.ExecContext(ctx, `DELETE FROM channel_model_pricing WHERE id = $1`, id)
 	if err != nil {
 		return fmt.Errorf("delete model pricing: %w", err)
 	}
 	return nil
 }
 func (r *channelRepository) ReplaceModelPricing(ctx context.Context, channelID int64, pricingList []service.ChannelModelPricing) error {
 	return r.runInTx(ctx, func(tx *sql.Tx) error {
 		return replaceModelPricingTx(ctx, tx, channelID, pricingList)
 	})
 }
 // --- 批量加载辅助方法 ---
 // batchLoadModelPricing 批量加载多个渠道的模型定价（含区间）
 func (r *channelRepository) batchLoadModelPricing(ctx context.Context, channelIDs []int64) (map[int64][]service.ChannelModelPricing, error) {
 	rows, err := r.db.QueryContext(ctx,
 		`SELECT id, channel_id, platform, models, billing_mode, input_price, output_price, cache_write_price, cache_read_price, image_output_price, per_request_price, created_at, updated_at
 		 FROM channel_model_pricing WHERE channel_id = ANY($1) ORDER BY channel_id, id`,
 		pq.Array(channelIDs),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("batch load model pricing: %w", err)
 	}
 	defer func() { _ = rows.Close() }()
 	allPricing, allPricingIDs, err := scanModelPricingRows(rows)
 	if err != nil {
 		return nil, err
 	}
 	// 按 channelID 分组
 	pricingMap := make(map[int64][]service.ChannelModelPricing, len(channelIDs))
 	for _, p := range allPricing {
 		pricingMap[p.ChannelID] = append(pricingMap[p.ChannelID], p)
 	}
 	// 批量加载所有区间
 	if len(allPricingIDs) > 0 {
 		intervalMap, err := r.batchLoadIntervals(ctx, allPricingIDs)
 		if err != nil {
 			return nil, err
 		}
 		for chID := range pricingMap {
 			for i := range pricingMap[chID] {
 				pricingMap[chID][i].Intervals = intervalMap[pricingMap[chID][i].ID]
 			}
 		}
 	}
 	return pricingMap, nil
 }
 // batchLoadIntervals 批量加载多个定价条目的区间
 func (r *channelRepository) batchLoadIntervals(ctx context.Context, pricingIDs []int64) (map[int64][]service.PricingInterval, error) {
 	rows, err := r.db.QueryContext(ctx,
 		`SELECT id, pricing_id, min_tokens, max_tokens, tier_label,
 		        input_price, output_price, cache_write_price, cache_read_price,
 		        per_request_price, sort_order, created_at, updated_at
 		 FROM channel_pricing_intervals
 		 WHERE pricing_id = ANY($1) ORDER BY pricing_id, sort_order, id`,
 		pq.Array(pricingIDs),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("batch load intervals: %w", err)
 	}
 	defer func() { _ = rows.Close() }()
 	intervalMap := make(map[int64][]service.PricingInterval, len(pricingIDs))
 	for rows.Next() {
 		var iv service.PricingInterval
 		if err := rows.Scan(
 			&iv.ID, &iv.PricingID, &iv.MinTokens, &iv.MaxTokens, &iv.TierLabel,
 			&iv.InputPrice, &iv.OutputPrice, &iv.CacheWritePrice, &iv.CacheReadPrice,
 			&iv.PerRequestPrice, &iv.SortOrder, &iv.CreatedAt, &iv.UpdatedAt,
 		); err != nil {
 			return nil, fmt.Errorf("scan interval: %w", err)
 		}
 		intervalMap[iv.PricingID] = append(intervalMap[iv.PricingID], iv)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, fmt.Errorf("iterate intervals: %w", err)
 	}
 	return intervalMap, nil
 }
 // --- 共享 scan 辅助 ---
 // scanModelPricingRows 扫描 model pricing 行，返回结果列表和 ID 列表
 func scanModelPricingRows(rows *sql.Rows) ([]service.ChannelModelPricing, []int64, error) {
 	var result []service.ChannelModelPricing
 	var pricingIDs []int64
 	for rows.Next() {
 		var p service.ChannelModelPricing
 		var modelsJSON []byte
 		if err := rows.Scan(
 			&p.ID, &p.ChannelID, &p.Platform, &modelsJSON, &p.BillingMode,
 			&p.InputPrice, &p.OutputPrice, &p.CacheWritePrice, &p.CacheReadPrice,
 			&p.ImageOutputPrice, &p.PerRequestPrice, &p.CreatedAt, &p.UpdatedAt,
 		); err != nil {
 			return nil, nil, fmt.Errorf("scan model pricing: %w", err)
 		}
 		if err := json.Unmarshal(modelsJSON, &p.Models); err != nil {
 			p.Models = []string{}
 		}
 		pricingIDs = append(pricingIDs, p.ID)
 		result = append(result, p)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, nil, fmt.Errorf("iterate model pricing: %w", err)
 	}
 	return result, pricingIDs, nil
 }
 // --- 事务内辅助方法 ---
 // dbExec 是 *sql.DB 和 *sql.Tx 共享的最小 SQL 执行接口
 type dbExec interface {
 	ExecContext(ctx context.Context, query string, args ...any) (sql.Result, error)
 	QueryContext(ctx context.Context, query string, args ...any) (*sql.Rows, error)
 	QueryRowContext(ctx context.Context, query string, args ...any) *sql.Row
 }
 func setGroupIDsTx(ctx context.Context, exec dbExec, channelID int64, groupIDs []int64) error {
 	if _, err := exec.ExecContext(ctx, `DELETE FROM channel_groups WHERE channel_id = $1`, channelID); err != nil {
 		return fmt.Errorf("delete old group associations: %w", err)
 	}
 	if len(groupIDs) == 0 {
 		return nil
 	}
 	_, err := exec.ExecContext(ctx,
 		`INSERT INTO channel_groups (channel_id, group_id)
 		 SELECT $1, unnest($2::bigint[])`,
 		channelID, pq.Array(groupIDs),
 	)
 	if err != nil {
 		return fmt.Errorf("insert group associations: %w", err)
 	}
 	return nil
 }
 func createModelPricingExec(ctx context.Context, exec dbExec, pricing *service.ChannelModelPricing) error {
 	modelsJSON, err := json.Marshal(pricing.Models)
 	if err != nil {
 		return fmt.Errorf("marshal models: %w", err)
 	}
 	billingMode := pricing.BillingMode
 	if billingMode == "" {
 		billingMode = service.BillingModeToken
 	}
 	platform := pricing.Platform
 	if platform == "" {
 		platform = "anthropic"
 	}
 	err = exec.QueryRowContext(ctx,
 		`INSERT INTO channel_model_pricing (channel_id, platform, models, billing_mode, input_price, output_price, cache_write_price, cache_read_price, image_output_price, per_request_price)
 		 VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) RETURNING id, created_at, updated_at`,
 		pricing.ChannelID, platform, modelsJSON, billingMode,
 		pricing.InputPrice, pricing.OutputPrice, pricing.CacheWritePrice, pricing.CacheReadPrice,
 		pricing.ImageOutputPrice, pricing.PerRequestPrice,
 	).Scan(&pricing.ID, &pricing.CreatedAt, &pricing.UpdatedAt)
 	if err != nil {
 		return fmt.Errorf("insert model pricing: %w", err)
 	}
 	for i := range pricing.Intervals {
 		pricing.Intervals[i].PricingID = pricing.ID
 		if err := createIntervalExec(ctx, exec, &pricing.Intervals[i]); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 func createIntervalExec(ctx context.Context, exec dbExec, iv *service.PricingInterval) error {
 	return exec.QueryRowContext(ctx,
 		`INSERT INTO channel_pricing_intervals
 		 (pricing_id, min_tokens, max_tokens, tier_label, input_price, output_price, cache_write_price, cache_read_price, per_request_price, sort_order)
 		 VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) RETURNING id, created_at, updated_at`,
 		iv.PricingID, iv.MinTokens, iv.MaxTokens, iv.TierLabel,
 		iv.InputPrice, iv.OutputPrice, iv.CacheWritePrice, iv.CacheReadPrice,
 		iv.PerRequestPrice, iv.SortOrder,
 	).Scan(&iv.ID, &iv.CreatedAt, &iv.UpdatedAt)
 }
 func replaceModelPricingTx(ctx context.Context, exec dbExec, channelID int64, pricingList []service.ChannelModelPricing) error {
 	if _, err := exec.ExecContext(ctx, `DELETE FROM channel_model_pricing WHERE channel_id = $1`, channelID); err != nil {
 		return fmt.Errorf("delete old model pricing: %w", err)
 	}
 	for i := range pricingList {
 		pricingList[i].ChannelID = channelID
 		if err := createModelPricingExec(ctx, exec, &pricingList[i]); err != nil {
 			return fmt.Errorf("insert model pricing: %w", err)
 		}
 	}
 	return nil
 }
 // isUniqueViolation 检查 pq 唯一约束违反错误
 func isUniqueViolation(err error) bool {
 	var pqErr *pq.Error
 	if errors.As(err, &pqErr) && pqErr != nil {
 		return pqErr.Code == "23505"
 	}
 	return false
 }
 // escapeLike 转义 LIKE/ILIKE 模式中的特殊字符
 func escapeLike(s string) string {
 	s = strings.ReplaceAll(s, `\`, `\\`)
 	s = strings.ReplaceAll(s, `%`, `\%`)
 	s = strings.ReplaceAll(s, `_`, `\_`)
 	return s
 }
--- a/backend/internal/repository/channel_repo_test.go
+++ b/backend/internal/repository/channel_repo_test.go
@ -0,0 +1,227 @@
 //go:build unit
 package repository
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"testing"
 	"github.com/lib/pq"
 	"github.com/stretchr/testify/require"
 )
 // --- marshalModelMapping ---
 func TestMarshalModelMapping(t *testing.T) {
 	tests := []struct {
 		name     string
 		input    map[string]map[string]string
 		wantJSON string // expected JSON output (exact match)
 	}{
 		{
 			name:     "empty map",
 			input:    map[string]map[string]string{},
 			wantJSON: "{}",
 		},
 		{
 			name:     "nil map",
 			input:    nil,
 			wantJSON: "{}",
 		},
 		{
 			name: "populated map",
 			input: map[string]map[string]string{
 				"openai": {"gpt-4": "gpt-4-turbo"},
 			},
 		},
 		{
 			name: "nested values",
 			input: map[string]map[string]string{
 				"openai":    {"*": "gpt-5.4"},
 				"anthropic": {"claude-old": "claude-new"},
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			result, err := marshalModelMapping(tt.input)
 			require.NoError(t, err)
 			if tt.wantJSON != "" {
 				require.Equal(t, []byte(tt.wantJSON), result)
 			} else {
 				// round-trip: unmarshal and compare with input
 				var parsed map[string]map[string]string
 				require.NoError(t, json.Unmarshal(result, &parsed))
 				require.Equal(t, tt.input, parsed)
 			}
 		})
 	}
 }
 // --- unmarshalModelMapping ---
 func TestUnmarshalModelMapping(t *testing.T) {
 	tests := []struct {
 		name    string
 		input   []byte
 		wantNil bool
 		want    map[string]map[string]string
 	}{
 		{
 			name:    "nil data",
 			input:   nil,
 			wantNil: true,
 		},
 		{
 			name:    "empty data",
 			input:   []byte{},
 			wantNil: true,
 		},
 		{
 			name:    "invalid JSON",
 			input:   []byte("not-json"),
 			wantNil: true,
 		},
 		{
 			name:    "type error - number",
 			input:   []byte("42"),
 			wantNil: true,
 		},
 		{
 			name:    "type error - array",
 			input:   []byte("[1,2,3]"),
 			wantNil: true,
 		},
 		{
 			name:  "valid JSON",
 			input: []byte(`{"openai":{"gpt-4":"gpt-4-turbo"},"anthropic":{"old":"new"}}`),
 			want: map[string]map[string]string{
 				"openai":    {"gpt-4": "gpt-4-turbo"},
 				"anthropic": {"old": "new"},
 			},
 		},
 		{
 			name:  "empty object",
 			input: []byte("{}"),
 			want:  map[string]map[string]string{},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			result := unmarshalModelMapping(tt.input)
 			if tt.wantNil {
 				require.Nil(t, result)
 			} else {
 				require.NotNil(t, result)
 				require.Equal(t, tt.want, result)
 			}
 		})
 	}
 }
 // --- escapeLike ---
 func TestEscapeLike(t *testing.T) {
 	tests := []struct {
 		name  string
 		input string
 		want  string
 	}{
 		{
 			name:  "no special chars",
 			input: "hello",
 			want:  "hello",
 		},
 		{
 			name:  "backslash",
 			input: `a\b`,
 			want:  `a\\b`,
 		},
 		{
 			name:  "percent",
 			input: "50%",
 			want:  `50\%`,
 		},
 		{
 			name:  "underscore",
 			input: "a_b",
 			want:  `a\_b`,
 		},
 		{
 			name:  "all special chars",
 			input: `a\b%c_d`,
 			want:  `a\\b\%c\_d`,
 		},
 		{
 			name:  "empty string",
 			input: "",
 			want:  "",
 		},
 		{
 			name:  "consecutive special chars",
 			input: "%_%",
 			want:  `\%\_\%`,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			require.Equal(t, tt.want, escapeLike(tt.input))
 		})
 	}
 }
 // --- isUniqueViolation ---
 func TestIsUniqueViolation(t *testing.T) {
 	tests := []struct {
 		name string
 		err  error
 		want bool
 	}{
 		{
 			name: "unique violation code 23505",
 			err:  &pq.Error{Code: "23505"},
 			want: true,
 		},
 		{
 			name: "different pq error code",
 			err:  &pq.Error{Code: "23503"},
 			want: false,
 		},
 		{
 			name: "non-pq error",
 			err:  errors.New("some generic error"),
 			want: false,
 		},
 		{
 			name: "typed nil pq.Error",
 			err: func() error {
 				var pqErr *pq.Error
 				return pqErr
 			}(),
 			want: false,
 		},
 		{
 			name: "bare nil",
 			err:  nil,
 			want: false,
 		},
 		{
 			name: "wrapped pq error with 23505",
 			err:  fmt.Errorf("wrapped: %w", &pq.Error{Code: "23505"}),
 			want: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			require.Equal(t, tt.want, isUniqueViolation(tt.err))
 		})
 	}
 }
--- a/backend/internal/repository/group_repo.go
+++ b/backend/internal/repository/group_repo.go
@ -49,18 +49,15 @@ func (r *groupRepository) Create(ctx context.Context, groupIn *service.Group) er
 		SetNillableImagePrice1k(groupIn.ImagePrice1K).
 		SetNillableImagePrice2k(groupIn.ImagePrice2K).
 		SetNillableImagePrice4k(groupIn.ImagePrice4K).
 		SetNillableSoraImagePrice360(groupIn.SoraImagePrice360).
 		SetNillableSoraImagePrice540(groupIn.SoraImagePrice540).
 		SetNillableSoraVideoPricePerRequest(groupIn.SoraVideoPricePerRequest).
 		SetNillableSoraVideoPricePerRequestHd(groupIn.SoraVideoPricePerRequestHD).
 		SetDefaultValidityDays(groupIn.DefaultValidityDays).
 		SetClaudeCodeOnly(groupIn.ClaudeCodeOnly).
 		SetNillableFallbackGroupID(groupIn.FallbackGroupID).
 		SetNillableFallbackGroupIDOnInvalidRequest(groupIn.FallbackGroupIDOnInvalidRequest).
 		SetModelRoutingEnabled(groupIn.ModelRoutingEnabled).
 		SetMcpXMLInject(groupIn.MCPXMLInject).
 		SetSoraStorageQuotaBytes(groupIn.SoraStorageQuotaBytes).
 		SetAllowMessagesDispatch(groupIn.AllowMessagesDispatch).
 		SetRequireOauthOnly(groupIn.RequireOAuthOnly).
 		SetRequirePrivacySet(groupIn.RequirePrivacySet).
 		SetDefaultMappedModel(groupIn.DefaultMappedModel)
 	// 设置模型路由配置
@ -120,16 +117,13 @@ func (r *groupRepository) Update(ctx context.Context, groupIn *service.Group) er
 		SetNillableImagePrice1k(groupIn.ImagePrice1K).
 		SetNillableImagePrice2k(groupIn.ImagePrice2K).
 		SetNillableImagePrice4k(groupIn.ImagePrice4K).
 		SetNillableSoraImagePrice360(groupIn.SoraImagePrice360).
 		SetNillableSoraImagePrice540(groupIn.SoraImagePrice540).
 		SetNillableSoraVideoPricePerRequest(groupIn.SoraVideoPricePerRequest).
 		SetNillableSoraVideoPricePerRequestHd(groupIn.SoraVideoPricePerRequestHD).
 		SetDefaultValidityDays(groupIn.DefaultValidityDays).
 		SetClaudeCodeOnly(groupIn.ClaudeCodeOnly).
 		SetModelRoutingEnabled(groupIn.ModelRoutingEnabled).
 		SetMcpXMLInject(groupIn.MCPXMLInject).
 		SetSoraStorageQuotaBytes(groupIn.SoraStorageQuotaBytes).
 		SetAllowMessagesDispatch(groupIn.AllowMessagesDispatch).
 		SetRequireOauthOnly(groupIn.RequireOAuthOnly).
 		SetRequirePrivacySet(groupIn.RequirePrivacySet).
 		SetDefaultMappedModel(groupIn.DefaultMappedModel)
 	// 显式处理可空字段：nil 需要 clear，非 nil 需要 set。
--- a/backend/internal/repository/openai_oauth_service_test.go
+++ b/backend/internal/repository/openai_oauth_service_test.go
@ -158,30 +158,6 @@ func (s *OpenAIOAuthServiceSuite) TestRefreshToken_DefaultsToOpenAIClientID() {
 	require.Equal(s.T(), []string{openai.ClientID}, seenClientIDs)
 }
 // TestRefreshToken_UseSoraClientID 验证显式传入 Sora ClientID 时直接使用，不回退。
 func (s *OpenAIOAuthServiceSuite) TestRefreshToken_UseSoraClientID() {
 	var seenClientIDs []string
 	s.setupServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if err := r.ParseForm(); err != nil {
 			w.WriteHeader(http.StatusBadRequest)
 			return
 		}
 		clientID := r.PostForm.Get("client_id")
 		seenClientIDs = append(seenClientIDs, clientID)
 		if clientID == openai.SoraClientID {
 			w.Header().Set("Content-Type", "application/json")
 			_, _ = io.WriteString(w, `{"access_token":"at-sora","refresh_token":"rt-sora","token_type":"bearer","expires_in":3600}`)
 			return
 		}
 		w.WriteHeader(http.StatusBadRequest)
 	}))
 	resp, err := s.svc.RefreshTokenWithClientID(s.ctx, "rt", "", openai.SoraClientID)
 	require.NoError(s.T(), err, "RefreshTokenWithClientID")
 	require.Equal(s.T(), "at-sora", resp.AccessToken)
 	require.Equal(s.T(), []string{openai.SoraClientID}, seenClientIDs)
 }
 func (s *OpenAIOAuthServiceSuite) TestRefreshToken_UseProvidedClientID() {
 	const customClientID = "custom-client-id"
 	var seenClientIDs []string
@ -276,7 +252,7 @@ func (s *OpenAIOAuthServiceSuite) TestExchangeCode_UsesProvidedRedirectURI() {
 }
 func (s *OpenAIOAuthServiceSuite) TestExchangeCode_UseProvidedClientID() {
-	wantClientID := openai.SoraClientID
+	wantClientID := "custom-exchange-client-id"
 	errCh := make(chan string, 1)
 	s.setupServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		_ = r.ParseForm()
--- a/backend/internal/repository/sora_account_repo.go
+++ b/backend/internal/repository/sora_account_repo.go
@ -1,98 +0,0 @@
 package repository
 import (
 	"context"
 	"database/sql"
 	"errors"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 )
 // soraAccountRepository 实现 service.SoraAccountRepository 接口。
 // 使用原生 SQL 操作 sora_accounts 表，因为该表不在 Ent ORM 管理范围内。
 //
 // 设计说明：
 //   - sora_accounts 表是独立迁移创建的，不通过 Ent Schema 管理
 //   - 使用 ON CONFLICT (account_id) DO UPDATE 实现 Upsert 语义
 //   - 与 accounts 主表通过外键关联，ON DELETE CASCADE 确保级联删除
 type soraAccountRepository struct {
 	sql *sql.DB
 }
 // NewSoraAccountRepository 创建 Sora 账号扩展表仓储实例
 func NewSoraAccountRepository(sqlDB *sql.DB) service.SoraAccountRepository {
 	return &soraAccountRepository{sql: sqlDB}
 }
 // Upsert 创建或更新 Sora 账号扩展信息
 // 使用 PostgreSQL ON CONFLICT ... DO UPDATE 实现原子性 upsert
 func (r *soraAccountRepository) Upsert(ctx context.Context, accountID int64, updates map[string]any) error {
 	accessToken, accessOK := updates["access_token"].(string)
 	refreshToken, refreshOK := updates["refresh_token"].(string)
 	sessionToken, sessionOK := updates["session_token"].(string)
 	if !accessOK || accessToken == "" || !refreshOK || refreshToken == "" {
 		if !sessionOK {
 			return errors.New("缺少 access_token/refresh_token，且未提供可更新字段")
 		}
 		result, err := r.sql.ExecContext(ctx, `
 			UPDATE sora_accounts
 			SET session_token = CASE WHEN $2 = '' THEN session_token ELSE $2 END,
 				updated_at = NOW()
 			WHERE account_id = $1
 		`, accountID, sessionToken)
 		if err != nil {
 			return err
 		}
 		rows, err := result.RowsAffected()
 		if err != nil {
 			return err
 		}
 		if rows == 0 {
 			return errors.New("sora_accounts 记录不存在，无法仅更新 session_token")
 		}
 		return nil
 	}
 	_, err := r.sql.ExecContext(ctx, `
 		INSERT INTO sora_accounts (account_id, access_token, refresh_token, session_token, created_at, updated_at)
 		VALUES ($1, $2, $3, $4, NOW(), NOW())
 		ON CONFLICT (account_id) DO UPDATE SET
 			access_token = EXCLUDED.access_token,
 			refresh_token = EXCLUDED.refresh_token,
 			session_token = CASE WHEN EXCLUDED.session_token = '' THEN sora_accounts.session_token ELSE EXCLUDED.session_token END,
 			updated_at = NOW()
 	`, accountID, accessToken, refreshToken, sessionToken)
 	return err
 }
 // GetByAccountID 根据账号 ID 获取 Sora 扩展信息
 func (r *soraAccountRepository) GetByAccountID(ctx context.Context, accountID int64) (*service.SoraAccount, error) {
 	rows, err := r.sql.QueryContext(ctx, `
 		SELECT account_id, access_token, refresh_token, COALESCE(session_token, '')
 		FROM sora_accounts
 		WHERE account_id = $1
 	`, accountID)
 	if err != nil {
 		return nil, err
 	}
 	defer func() { _ = rows.Close() }()
 	if !rows.Next() {
 		return nil, nil // 记录不存在
 	}
 	var sa service.SoraAccount
 	if err := rows.Scan(&sa.AccountID, &sa.AccessToken, &sa.RefreshToken, &sa.SessionToken); err != nil {
 		return nil, err
 	}
 	return &sa, nil
 }
 // Delete 删除 Sora 账号扩展信息
 func (r *soraAccountRepository) Delete(ctx context.Context, accountID int64) error {
 	_, err := r.sql.ExecContext(ctx, `
 		DELETE FROM sora_accounts WHERE account_id = $1
 	`, accountID)
 	return err
 }
--- a/backend/internal/repository/sora_generation_repo.go
+++ b/backend/internal/repository/sora_generation_repo.go
@ -1,419 +0,0 @@
 package repository
 import (
 	"context"
 	"database/sql"
 	"encoding/json"
 	"fmt"
 	"strings"
 	"time"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 )
 // soraGenerationRepository 实现 service.SoraGenerationRepository 接口。
 // 使用原生 SQL 操作 sora_generations 表。
 type soraGenerationRepository struct {
 	sql *sql.DB
 }
 // NewSoraGenerationRepository 创建 Sora 生成记录仓储实例。
 func NewSoraGenerationRepository(sqlDB *sql.DB) service.SoraGenerationRepository {
 	return &soraGenerationRepository{sql: sqlDB}
 }
 func (r *soraGenerationRepository) Create(ctx context.Context, gen *service.SoraGeneration) error {
 	mediaURLsJSON, _ := json.Marshal(gen.MediaURLs)
 	s3KeysJSON, _ := json.Marshal(gen.S3ObjectKeys)
 	err := r.sql.QueryRowContext(ctx, `
 		INSERT INTO sora_generations (
 			user_id, api_key_id, model, prompt, media_type,
 			status, media_url, media_urls, file_size_bytes,
 			storage_type, s3_object_keys, upstream_task_id, error_message
 		) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13)
 		RETURNING id, created_at
 	`,
 		gen.UserID, gen.APIKeyID, gen.Model, gen.Prompt, gen.MediaType,
 		gen.Status, gen.MediaURL, mediaURLsJSON, gen.FileSizeBytes,
 		gen.StorageType, s3KeysJSON, gen.UpstreamTaskID, gen.ErrorMessage,
 	).Scan(&gen.ID, &gen.CreatedAt)
 	return err
 }
 // CreatePendingWithLimit 在单事务内执行“并发上限检查 + 创建”，避免 count+create 竞态。
 func (r *soraGenerationRepository) CreatePendingWithLimit(
 	ctx context.Context,
 	gen *service.SoraGeneration,
 	activeStatuses []string,
 	maxActive int64,
 ) error {
 	if gen == nil {
 		return fmt.Errorf("generation is nil")
 	}
 	if maxActive <= 0 {
 		return r.Create(ctx, gen)
 	}
 	if len(activeStatuses) == 0 {
 		activeStatuses = []string{service.SoraGenStatusPending, service.SoraGenStatusGenerating}
 	}
 	tx, err := r.sql.BeginTx(ctx, nil)
 	if err != nil {
 		return err
 	}
 	defer func() { _ = tx.Rollback() }()
 	// 使用用户级 advisory lock 串行化并发创建，避免超限竞态。
 	if _, err := tx.ExecContext(ctx, `SELECT pg_advisory_xact_lock($1)`, gen.UserID); err != nil {
 		return err
 	}
 	placeholders := make([]string, len(activeStatuses))
 	args := make([]any, 0, 1+len(activeStatuses))
 	args = append(args, gen.UserID)
 	for i, s := range activeStatuses {
 		placeholders[i] = fmt.Sprintf("$%d", i+2)
 		args = append(args, s)
 	}
 	countQuery := fmt.Sprintf(
 		`SELECT COUNT(*) FROM sora_generations WHERE user_id = $1 AND status IN (%s)`,
 		strings.Join(placeholders, ","),
 	)
 	var activeCount int64
 	if err := tx.QueryRowContext(ctx, countQuery, args...).Scan(&activeCount); err != nil {
 		return err
 	}
 	if activeCount >= maxActive {
 		return service.ErrSoraGenerationConcurrencyLimit
 	}
 	mediaURLsJSON, _ := json.Marshal(gen.MediaURLs)
 	s3KeysJSON, _ := json.Marshal(gen.S3ObjectKeys)
 	if err := tx.QueryRowContext(ctx, `
 		INSERT INTO sora_generations (
 			user_id, api_key_id, model, prompt, media_type,
 			status, media_url, media_urls, file_size_bytes,
 			storage_type, s3_object_keys, upstream_task_id, error_message
 		) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13)
 		RETURNING id, created_at
 	`,
 		gen.UserID, gen.APIKeyID, gen.Model, gen.Prompt, gen.MediaType,
 		gen.Status, gen.MediaURL, mediaURLsJSON, gen.FileSizeBytes,
 		gen.StorageType, s3KeysJSON, gen.UpstreamTaskID, gen.ErrorMessage,
 	).Scan(&gen.ID, &gen.CreatedAt); err != nil {
 		return err
 	}
 	return tx.Commit()
 }
 func (r *soraGenerationRepository) GetByID(ctx context.Context, id int64) (*service.SoraGeneration, error) {
 	gen := &service.SoraGeneration{}
 	var mediaURLsJSON, s3KeysJSON []byte
 	var completedAt sql.NullTime
 	var apiKeyID sql.NullInt64
 	err := r.sql.QueryRowContext(ctx, `
 		SELECT id, user_id, api_key_id, model, prompt, media_type,
 			status, media_url, media_urls, file_size_bytes,
 			storage_type, s3_object_keys, upstream_task_id, error_message,
 			created_at, completed_at
 		FROM sora_generations WHERE id = $1
 	`, id).Scan(
 		&gen.ID, &gen.UserID, &apiKeyID, &gen.Model, &gen.Prompt, &gen.MediaType,
 		&gen.Status, &gen.MediaURL, &mediaURLsJSON, &gen.FileSizeBytes,
 		&gen.StorageType, &s3KeysJSON, &gen.UpstreamTaskID, &gen.ErrorMessage,
 		&gen.CreatedAt, &completedAt,
 	)
 	if err != nil {
 		if err == sql.ErrNoRows {
 			return nil, fmt.Errorf("生成记录不存在")
 		}
 		return nil, err
 	}
 	if apiKeyID.Valid {
 		gen.APIKeyID = &apiKeyID.Int64
 	}
 	if completedAt.Valid {
 		gen.CompletedAt = &completedAt.Time
 	}
 	_ = json.Unmarshal(mediaURLsJSON, &gen.MediaURLs)
 	_ = json.Unmarshal(s3KeysJSON, &gen.S3ObjectKeys)
 	return gen, nil
 }
 func (r *soraGenerationRepository) Update(ctx context.Context, gen *service.SoraGeneration) error {
 	mediaURLsJSON, _ := json.Marshal(gen.MediaURLs)
 	s3KeysJSON, _ := json.Marshal(gen.S3ObjectKeys)
 	var completedAt *time.Time
 	if gen.CompletedAt != nil {
 		completedAt = gen.CompletedAt
 	}
 	_, err := r.sql.ExecContext(ctx, `
 		UPDATE sora_generations SET
 			status = $2, media_url = $3, media_urls = $4, file_size_bytes = $5,
 			storage_type = $6, s3_object_keys = $7, upstream_task_id = $8,
 			error_message = $9, completed_at = $10
 		WHERE id = $1
 	`,
 		gen.ID, gen.Status, gen.MediaURL, mediaURLsJSON, gen.FileSizeBytes,
 		gen.StorageType, s3KeysJSON, gen.UpstreamTaskID,
 		gen.ErrorMessage, completedAt,
 	)
 	return err
 }
 // UpdateGeneratingIfPending 仅当状态为 pending 时更新为 generating。
 func (r *soraGenerationRepository) UpdateGeneratingIfPending(ctx context.Context, id int64, upstreamTaskID string) (bool, error) {
 	result, err := r.sql.ExecContext(ctx, `
 		UPDATE sora_generations
 		SET status = $2, upstream_task_id = $3
 		WHERE id = $1 AND status = $4
 	`,
 		id, service.SoraGenStatusGenerating, upstreamTaskID, service.SoraGenStatusPending,
 	)
 	if err != nil {
 		return false, err
 	}
 	affected, err := result.RowsAffected()
 	if err != nil {
 		return false, err
 	}
 	return affected > 0, nil
 }
 // UpdateCompletedIfActive 仅当状态为 pending/generating 时更新为 completed。
 func (r *soraGenerationRepository) UpdateCompletedIfActive(
 	ctx context.Context,
 	id int64,
 	mediaURL string,
 	mediaURLs []string,
 	storageType string,
 	s3Keys []string,
 	fileSizeBytes int64,
 	completedAt time.Time,
 ) (bool, error) {
 	mediaURLsJSON, _ := json.Marshal(mediaURLs)
 	s3KeysJSON, _ := json.Marshal(s3Keys)
 	result, err := r.sql.ExecContext(ctx, `
 		UPDATE sora_generations
 		SET status = $2,
 			media_url = $3,
 			media_urls = $4,
 			file_size_bytes = $5,
 			storage_type = $6,
 			s3_object_keys = $7,
 			error_message = '',
 			completed_at = $8
 		WHERE id = $1 AND status IN ($9, $10)
 	`,
 		id, service.SoraGenStatusCompleted, mediaURL, mediaURLsJSON, fileSizeBytes,
 		storageType, s3KeysJSON, completedAt, service.SoraGenStatusPending, service.SoraGenStatusGenerating,
 	)
 	if err != nil {
 		return false, err
 	}
 	affected, err := result.RowsAffected()
 	if err != nil {
 		return false, err
 	}
 	return affected > 0, nil
 }
 // UpdateFailedIfActive 仅当状态为 pending/generating 时更新为 failed。
 func (r *soraGenerationRepository) UpdateFailedIfActive(
 	ctx context.Context,
 	id int64,
 	errMsg string,
 	completedAt time.Time,
 ) (bool, error) {
 	result, err := r.sql.ExecContext(ctx, `
 		UPDATE sora_generations
 		SET status = $2,
 			error_message = $3,
 			completed_at = $4
 		WHERE id = $1 AND status IN ($5, $6)
 	`,
 		id, service.SoraGenStatusFailed, errMsg, completedAt, service.SoraGenStatusPending, service.SoraGenStatusGenerating,
 	)
 	if err != nil {
 		return false, err
 	}
 	affected, err := result.RowsAffected()
 	if err != nil {
 		return false, err
 	}
 	return affected > 0, nil
 }
 // UpdateCancelledIfActive 仅当状态为 pending/generating 时更新为 cancelled。
 func (r *soraGenerationRepository) UpdateCancelledIfActive(ctx context.Context, id int64, completedAt time.Time) (bool, error) {
 	result, err := r.sql.ExecContext(ctx, `
 		UPDATE sora_generations
 		SET status = $2, completed_at = $3
 		WHERE id = $1 AND status IN ($4, $5)
 	`,
 		id, service.SoraGenStatusCancelled, completedAt, service.SoraGenStatusPending, service.SoraGenStatusGenerating,
 	)
 	if err != nil {
 		return false, err
 	}
 	affected, err := result.RowsAffected()
 	if err != nil {
 		return false, err
 	}
 	return affected > 0, nil
 }
 // UpdateStorageIfCompleted 更新已完成记录的存储信息（用于手动保存，不重置 completed_at）。
 func (r *soraGenerationRepository) UpdateStorageIfCompleted(
 	ctx context.Context,
 	id int64,
 	mediaURL string,
 	mediaURLs []string,
 	storageType string,
 	s3Keys []string,
 	fileSizeBytes int64,
 ) (bool, error) {
 	mediaURLsJSON, _ := json.Marshal(mediaURLs)
 	s3KeysJSON, _ := json.Marshal(s3Keys)
 	result, err := r.sql.ExecContext(ctx, `
 		UPDATE sora_generations
 		SET media_url = $2,
 			media_urls = $3,
 			file_size_bytes = $4,
 			storage_type = $5,
 			s3_object_keys = $6
 		WHERE id = $1 AND status = $7
 	`,
 		id, mediaURL, mediaURLsJSON, fileSizeBytes, storageType, s3KeysJSON, service.SoraGenStatusCompleted,
 	)
 	if err != nil {
 		return false, err
 	}
 	affected, err := result.RowsAffected()
 	if err != nil {
 		return false, err
 	}
 	return affected > 0, nil
 }
 func (r *soraGenerationRepository) Delete(ctx context.Context, id int64) error {
 	_, err := r.sql.ExecContext(ctx, `DELETE FROM sora_generations WHERE id = $1`, id)
 	return err
 }
 func (r *soraGenerationRepository) List(ctx context.Context, params service.SoraGenerationListParams) ([]*service.SoraGeneration, int64, error) {
 	// 构建 WHERE 条件
 	conditions := []string{"user_id = $1"}
 	args := []any{params.UserID}
 	argIdx := 2
 	if params.Status != "" {
 		// 支持逗号分隔的多状态
 		statuses := strings.Split(params.Status, ",")
 		placeholders := make([]string, len(statuses))
 		for i, s := range statuses {
 			placeholders[i] = fmt.Sprintf("$%d", argIdx)
 			args = append(args, strings.TrimSpace(s))
 			argIdx++
 		}
 		conditions = append(conditions, fmt.Sprintf("status IN (%s)", strings.Join(placeholders, ",")))
 	}
 	if params.StorageType != "" {
 		storageTypes := strings.Split(params.StorageType, ",")
 		placeholders := make([]string, len(storageTypes))
 		for i, s := range storageTypes {
 			placeholders[i] = fmt.Sprintf("$%d", argIdx)
 			args = append(args, strings.TrimSpace(s))
 			argIdx++
 		}
 		conditions = append(conditions, fmt.Sprintf("storage_type IN (%s)", strings.Join(placeholders, ",")))
 	}
 	if params.MediaType != "" {
 		conditions = append(conditions, fmt.Sprintf("media_type = $%d", argIdx))
 		args = append(args, params.MediaType)
 		argIdx++
 	}
 	whereClause := "WHERE " + strings.Join(conditions, " AND ")
 	// 计数
 	var total int64
 	countQuery := fmt.Sprintf("SELECT COUNT(*) FROM sora_generations %s", whereClause)
 	if err := r.sql.QueryRowContext(ctx, countQuery, args...).Scan(&total); err != nil {
 		return nil, 0, err
 	}
 	// 分页查询
 	offset := (params.Page - 1) * params.PageSize
 	listQuery := fmt.Sprintf(`
 		SELECT id, user_id, api_key_id, model, prompt, media_type,
 			status, media_url, media_urls, file_size_bytes,
 			storage_type, s3_object_keys, upstream_task_id, error_message,
 			created_at, completed_at
 		FROM sora_generations %s
 		ORDER BY created_at DESC
 		LIMIT $%d OFFSET $%d
 	`, whereClause, argIdx, argIdx+1)
 	args = append(args, params.PageSize, offset)
 	rows, err := r.sql.QueryContext(ctx, listQuery, args...)
 	if err != nil {
 		return nil, 0, err
 	}
 	defer func() {
 		_ = rows.Close()
 	}()
 	var results []*service.SoraGeneration
 	for rows.Next() {
 		gen := &service.SoraGeneration{}
 		var mediaURLsJSON, s3KeysJSON []byte
 		var completedAt sql.NullTime
 		var apiKeyID sql.NullInt64
 		if err := rows.Scan(
 			&gen.ID, &gen.UserID, &apiKeyID, &gen.Model, &gen.Prompt, &gen.MediaType,
 			&gen.Status, &gen.MediaURL, &mediaURLsJSON, &gen.FileSizeBytes,
 			&gen.StorageType, &s3KeysJSON, &gen.UpstreamTaskID, &gen.ErrorMessage,
 			&gen.CreatedAt, &completedAt,
 		); err != nil {
 			return nil, 0, err
 		}
 		if apiKeyID.Valid {
 			gen.APIKeyID = &apiKeyID.Int64
 		}
 		if completedAt.Valid {
 			gen.CompletedAt = &completedAt.Time
 		}
 		_ = json.Unmarshal(mediaURLsJSON, &gen.MediaURLs)
 		_ = json.Unmarshal(s3KeysJSON, &gen.S3ObjectKeys)
 		results = append(results, gen)
 	}
 	return results, total, rows.Err()
 }
 func (r *soraGenerationRepository) CountByUserAndStatus(ctx context.Context, userID int64, statuses []string) (int64, error) {
 	if len(statuses) == 0 {
 		return 0, nil
 	}
 	placeholders := make([]string, len(statuses))
 	args := []any{userID}
 	for i, s := range statuses {
 		placeholders[i] = fmt.Sprintf("$%d", i+2)
 		args = append(args, s)
 	}
 	var count int64
 	query := fmt.Sprintf("SELECT COUNT(*) FROM sora_generations WHERE user_id = $1 AND status IN (%s)", strings.Join(placeholders, ","))
 	err := r.sql.QueryRowContext(ctx, query, args...).Scan(&count)
 	return count, err
 }
--- a/backend/internal/repository/usage_log_repo.go
+++ b/backend/internal/repository/usage_log_repo.go
@ -28,7 +28,7 @@ import (
 	gocache "github.com/patrickmn/go-cache"
 )
-const usageLogSelectColumns = "id, user_id, api_key_id, account_id, request_id, model, requested_model, upstream_model, group_id, subscription_id, input_tokens, output_tokens, cache_creation_tokens, cache_read_tokens, cache_creation_5m_tokens, cache_creation_1h_tokens, input_cost, output_cost, cache_creation_cost, cache_read_cost, total_cost, actual_cost, rate_multiplier, account_rate_multiplier, billing_type, request_type, stream, openai_ws_mode, duration_ms, first_token_ms, user_agent, ip_address, image_count, image_size, media_type, service_tier, reasoning_effort, inbound_endpoint, upstream_endpoint, cache_ttl_overridden, created_at"
+const usageLogSelectColumns = "id, user_id, api_key_id, account_id, request_id, model, requested_model, upstream_model, group_id, subscription_id, input_tokens, output_tokens, cache_creation_tokens, cache_read_tokens, cache_creation_5m_tokens, cache_creation_1h_tokens, image_output_tokens, image_output_cost, input_cost, output_cost, cache_creation_cost, cache_read_cost, total_cost, actual_cost, rate_multiplier, account_rate_multiplier, billing_type, request_type, stream, openai_ws_mode, duration_ms, first_token_ms, user_agent, ip_address, image_count, image_size, service_tier, reasoning_effort, inbound_endpoint, upstream_endpoint, cache_ttl_overridden, channel_id, model_mapping_chain, billing_tier, billing_mode, created_at"
 // usageLogInsertArgTypes must stay in the same order as:
 //  1. prepareUsageLogInsert().args
@ -53,6 +53,8 @@ var usageLogInsertArgTypes = [...]string{
 	"integer",     // cache_read_tokens
 	"integer",     // cache_creation_5m_tokens
 	"integer",     // cache_creation_1h_tokens
 	"integer",     // image_output_tokens
 	"numeric",     // image_output_cost
 	"numeric",     // input_cost
 	"numeric",     // output_cost
 	"numeric",     // cache_creation_cost
@ -71,12 +73,15 @@ var usageLogInsertArgTypes = [...]string{
 	"text",        // ip_address
 	"integer",     // image_count
 	"text",        // image_size
 	"text",        // media_type
 	"text",        // service_tier
 	"text",        // reasoning_effort
 	"text",        // inbound_endpoint
 	"text",        // upstream_endpoint
 	"boolean",     // cache_ttl_overridden
 	"bigint",      // channel_id
 	"text",        // model_mapping_chain
 	"text",        // billing_tier
 	"text",        // billing_mode
 	"timestamptz", // created_at
 }
@ -326,6 +331,8 @@ func (r *usageLogRepository) createSingle(ctx context.Context, sqlq sqlExecutor,
 			cache_read_tokens,
 			cache_creation_5m_tokens,
 			cache_creation_1h_tokens,
 			image_output_tokens,
 			image_output_cost,
 			input_cost,
 			output_cost,
 			cache_creation_cost,
@ -344,20 +351,23 @@ func (r *usageLogRepository) createSingle(ctx context.Context, sqlq sqlExecutor,
 			ip_address,
 			image_count,
 			image_size,
 			media_type,
 			service_tier,
 			reasoning_effort,
 			inbound_endpoint,
 			upstream_endpoint,
 			cache_ttl_overridden,
 			channel_id,
 			model_mapping_chain,
 			billing_tier,
 			billing_mode,
 			created_at
 		) VALUES (
 			$1, $2, $3, $4, $5, $6, $7,
 			$8, $9,
 			$10, $11, $12, $13,
-			$14, $15,
+			$14, $15, $16, $17,
-			$16, $17, $18, $19, $20, $21,
+			$18, $19, $20, $21, $22, $23,
-			$22, $23, $24, $25, $26, $27, $28, $29, $30, $31, $32, $33, $34, $35, $36, $37, $38, $39, $40
+			$24, $25, $26, $27, $28, $29, $30, $31, $32, $33, $34, $35, $36, $37, $38, $39, $40, $41, $42, $43, $44, $45
 		)
 		ON CONFLICT (request_id, api_key_id) DO NOTHING
 		RETURNING id, created_at
@ -758,6 +768,8 @@ func buildUsageLogBatchInsertQuery(keys []string, preparedByKey map[string]usage
 			cache_read_tokens,
 			cache_creation_5m_tokens,
 			cache_creation_1h_tokens,
 			image_output_tokens,
 			image_output_cost,
 			input_cost,
 			output_cost,
 			cache_creation_cost,
@ -776,16 +788,19 @@ func buildUsageLogBatchInsertQuery(keys []string, preparedByKey map[string]usage
 			ip_address,
 			image_count,
 			image_size,
 			media_type,
 			service_tier,
 			reasoning_effort,
 			inbound_endpoint,
 			upstream_endpoint,
 			cache_ttl_overridden,
 			channel_id,
 			model_mapping_chain,
 			billing_tier,
 			billing_mode,
 			created_at
 		) AS (VALUES `)
-	args := make([]any, 0, len(keys)*39)
+	args := make([]any, 0, len(keys)*46)
 	argPos := 1
 	for idx, key := range keys {
 		if idx > 0 {
@ -829,6 +844,8 @@ func buildUsageLogBatchInsertQuery(keys []string, preparedByKey map[string]usage
 				cache_read_tokens,
 				cache_creation_5m_tokens,
 				cache_creation_1h_tokens,
 				image_output_tokens,
 				image_output_cost,
 				input_cost,
 				output_cost,
 				cache_creation_cost,
@ -847,12 +864,15 @@ func buildUsageLogBatchInsertQuery(keys []string, preparedByKey map[string]usage
 				ip_address,
 				image_count,
 				image_size,
 				media_type,
 				service_tier,
 				reasoning_effort,
 				inbound_endpoint,
 				upstream_endpoint,
 				cache_ttl_overridden,
 				channel_id,
 				model_mapping_chain,
 				billing_tier,
 				billing_mode,
 				created_at
 			)
 			SELECT
@ -871,6 +891,8 @@ func buildUsageLogBatchInsertQuery(keys []string, preparedByKey map[string]usage
 				cache_read_tokens,
 				cache_creation_5m_tokens,
 				cache_creation_1h_tokens,
 				image_output_tokens,
 				image_output_cost,
 				input_cost,
 				output_cost,
 				cache_creation_cost,
@ -889,12 +911,15 @@ func buildUsageLogBatchInsertQuery(keys []string, preparedByKey map[string]usage
 				ip_address,
 				image_count,
 				image_size,
 				media_type,
 				service_tier,
 				reasoning_effort,
 				inbound_endpoint,
 				upstream_endpoint,
 				cache_ttl_overridden,
 				channel_id,
 				model_mapping_chain,
 				billing_tier,
 				billing_mode,
 				created_at
 			FROM input
 			ON CONFLICT (request_id, api_key_id) DO NOTHING
@ -953,6 +978,8 @@ func buildUsageLogBestEffortInsertQuery(preparedList []usageLogInsertPrepared) (
 			cache_read_tokens,
 			cache_creation_5m_tokens,
 			cache_creation_1h_tokens,
 			image_output_tokens,
 			image_output_cost,
 			input_cost,
 			output_cost,
 			cache_creation_cost,
@ -971,16 +998,19 @@ func buildUsageLogBestEffortInsertQuery(preparedList []usageLogInsertPrepared) (
 			ip_address,
 			image_count,
 			image_size,
 			media_type,
 			service_tier,
 			reasoning_effort,
 			inbound_endpoint,
 			upstream_endpoint,
 			cache_ttl_overridden,
 			channel_id,
 			model_mapping_chain,
 			billing_tier,
 			billing_mode,
 			created_at
 		) AS (VALUES `)
-	args := make([]any, 0, len(preparedList)*40)
+	args := make([]any, 0, len(preparedList)*45)
 	argPos := 1
 	for idx, prepared := range preparedList {
 		if idx > 0 {
@ -1021,6 +1051,8 @@ func buildUsageLogBestEffortInsertQuery(preparedList []usageLogInsertPrepared) (
 			cache_read_tokens,
 			cache_creation_5m_tokens,
 			cache_creation_1h_tokens,
 			image_output_tokens,
 			image_output_cost,
 			input_cost,
 			output_cost,
 			cache_creation_cost,
@ -1039,12 +1071,15 @@ func buildUsageLogBestEffortInsertQuery(preparedList []usageLogInsertPrepared) (
 			ip_address,
 			image_count,
 			image_size,
 			media_type,
 			service_tier,
 			reasoning_effort,
 			inbound_endpoint,
 			upstream_endpoint,
 			cache_ttl_overridden,
 			channel_id,
 			model_mapping_chain,
 			billing_tier,
 			billing_mode,
 			created_at
 		)
 		SELECT
@ -1063,6 +1098,8 @@ func buildUsageLogBestEffortInsertQuery(preparedList []usageLogInsertPrepared) (
 			cache_read_tokens,
 			cache_creation_5m_tokens,
 			cache_creation_1h_tokens,
 			image_output_tokens,
 			image_output_cost,
 			input_cost,
 			output_cost,
 			cache_creation_cost,
@ -1081,12 +1118,15 @@ func buildUsageLogBestEffortInsertQuery(preparedList []usageLogInsertPrepared) (
 			ip_address,
 			image_count,
 			image_size,
 			media_type,
 			service_tier,
 			reasoning_effort,
 			inbound_endpoint,
 			upstream_endpoint,
 			cache_ttl_overridden,
 			channel_id,
 			model_mapping_chain,
 			billing_tier,
 			billing_mode,
 			created_at
 		FROM input
 		ON CONFLICT (request_id, api_key_id) DO NOTHING
@ -1113,6 +1153,8 @@ func execUsageLogInsertNoResult(ctx context.Context, sqlq sqlExecutor, prepared
 			cache_read_tokens,
 			cache_creation_5m_tokens,
 			cache_creation_1h_tokens,
 			image_output_tokens,
 			image_output_cost,
 			input_cost,
 			output_cost,
 			cache_creation_cost,
@ -1131,20 +1173,23 @@ func execUsageLogInsertNoResult(ctx context.Context, sqlq sqlExecutor, prepared
 			ip_address,
 			image_count,
 			image_size,
 			media_type,
 			service_tier,
 			reasoning_effort,
 			inbound_endpoint,
 			upstream_endpoint,
 			cache_ttl_overridden,
 			channel_id,
 			model_mapping_chain,
 			billing_tier,
 			billing_mode,
 			created_at
 		) VALUES (
 			$1, $2, $3, $4, $5, $6, $7,
 			$8, $9,
 			$10, $11, $12, $13,
-			$14, $15,
+			$14, $15, $16, $17,
-			$16, $17, $18, $19, $20, $21,
+			$18, $19, $20, $21, $22, $23,
-			$22, $23, $24, $25, $26, $27, $28, $29, $30, $31, $32, $33, $34, $35, $36, $37, $38, $39, $40
+			$24, $25, $26, $27, $28, $29, $30, $31, $32, $33, $34, $35, $36, $37, $38, $39, $40, $41, $42, $43, $44, $45
 		)
 		ON CONFLICT (request_id, api_key_id) DO NOTHING
 	`, prepared.args...)
@ -1171,11 +1216,14 @@ func prepareUsageLogInsert(log *service.UsageLog) usageLogInsertPrepared {
 	userAgent := nullString(log.UserAgent)
 	ipAddress := nullString(log.IPAddress)
 	imageSize := nullString(log.ImageSize)
 	mediaType := nullString(log.MediaType)
 	serviceTier := nullString(log.ServiceTier)
 	reasoningEffort := nullString(log.ReasoningEffort)
 	inboundEndpoint := nullString(log.InboundEndpoint)
 	upstreamEndpoint := nullString(log.UpstreamEndpoint)
 	channelID := nullInt64(log.ChannelID)
 	modelMappingChain := nullString(log.ModelMappingChain)
 	billingTier := nullString(log.BillingTier)
 	billingMode := nullString(log.BillingMode)
 	requestedModel := strings.TrimSpace(log.RequestedModel)
 	if requestedModel == "" {
 		requestedModel = strings.TrimSpace(log.Model)
@ -1208,6 +1256,8 @@ func prepareUsageLogInsert(log *service.UsageLog) usageLogInsertPrepared {
 			log.CacheReadTokens,
 			log.CacheCreation5mTokens,
 			log.CacheCreation1hTokens,
 			log.ImageOutputTokens,
 			log.ImageOutputCost,
 			log.InputCost,
 			log.OutputCost,
 			log.CacheCreationCost,
@ -1226,12 +1276,15 @@ func prepareUsageLogInsert(log *service.UsageLog) usageLogInsertPrepared {
 			ipAddress,
 			log.ImageCount,
 			imageSize,
 			mediaType,
 			serviceTier,
 			reasoningEffort,
 			inboundEndpoint,
 			upstreamEndpoint,
 			log.CacheTTLOverridden,
 			channelID,
 			modelMappingChain,
 			billingTier,
 			billingMode,
 			createdAt,
 		},
 	}
@ -2564,8 +2617,8 @@ type UsageLogFilters = usagestats.UsageLogFilters
 // ListWithFilters lists usage logs with optional filters (for admin)
 func (r *usageLogRepository) ListWithFilters(ctx context.Context, params pagination.PaginationParams, filters UsageLogFilters) ([]service.UsageLog, *pagination.PaginationResult, error) {
-	conditions := make([]string, 0, 8)
+	conditions := make([]string, 0, 9)
-	args := make([]any, 0, 8)
+	args := make([]any, 0, 9)
 	if filters.UserID > 0 {
 		conditions = append(conditions, fmt.Sprintf("user_id = $%d", len(args)+1))
@ -2589,6 +2642,10 @@ func (r *usageLogRepository) ListWithFilters(ctx context.Context, params paginat
 		conditions = append(conditions, fmt.Sprintf("billing_type = $%d", len(args)+1))
 		args = append(args, int16(*filters.BillingType))
 	}
 	if filters.BillingMode != "" {
 		conditions = append(conditions, fmt.Sprintf("billing_mode = $%d", len(args)+1))
 		args = append(args, filters.BillingMode)
 	}
 	if filters.StartTime != nil {
 		conditions = append(conditions, fmt.Sprintf("created_at >= $%d", len(args)+1))
 		args = append(args, *filters.StartTime)
@ -3096,6 +3153,30 @@ func (r *usageLogRepository) GetUserBreakdownStats(ctx context.Context, startTim
 		query += fmt.Sprintf(" AND %s = $%d", col, len(args)+1)
 		args = append(args, dim.Endpoint)
 	}
 	if dim.UserID > 0 {
 		query += fmt.Sprintf(" AND ul.user_id = $%d", len(args)+1)
 		args = append(args, dim.UserID)
 	}
 	if dim.APIKeyID > 0 {
 		query += fmt.Sprintf(" AND ul.api_key_id = $%d", len(args)+1)
 		args = append(args, dim.APIKeyID)
 	}
 	if dim.AccountID > 0 {
 		query += fmt.Sprintf(" AND ul.account_id = $%d", len(args)+1)
 		args = append(args, dim.AccountID)
 	}
 	if dim.RequestType != nil {
 		query += fmt.Sprintf(" AND ul.request_type = $%d", len(args)+1)
 		args = append(args, *dim.RequestType)
 	}
 	if dim.Stream != nil {
 		query += fmt.Sprintf(" AND ul.stream = $%d", len(args)+1)
 		args = append(args, *dim.Stream)
 	}
 	if dim.BillingType != nil {
 		query += fmt.Sprintf(" AND ul.billing_type = $%d", len(args)+1)
 		args = append(args, *dim.BillingType)
 	}
 	query += " GROUP BY ul.user_id, u.email ORDER BY actual_cost DESC"
 	if limit > 0 {
@ -3256,6 +3337,10 @@ func (r *usageLogRepository) GetStatsWithFilters(ctx context.Context, filters Us
 		conditions = append(conditions, fmt.Sprintf("billing_type = $%d", len(args)+1))
 		args = append(args, int16(*filters.BillingType))
 	}
 	if filters.BillingMode != "" {
 		conditions = append(conditions, fmt.Sprintf("billing_mode = $%d", len(args)+1))
 		args = append(args, filters.BillingMode)
 	}
 	if filters.StartTime != nil {
 		conditions = append(conditions, fmt.Sprintf("created_at >= $%d", len(args)+1))
 		args = append(args, *filters.StartTime)
@ -3935,6 +4020,8 @@ func scanUsageLog(scanner interface{ Scan(...any) error }) (*service.UsageLog, e
 		cacheReadTokens       int
 		cacheCreation5m       int
 		cacheCreation1h       int
 		imageOutputTokens     int
 		imageOutputCost       float64
 		inputCost             float64
 		outputCost            float64
 		cacheCreationCost     float64
@ -3953,12 +4040,15 @@ func scanUsageLog(scanner interface{ Scan(...any) error }) (*service.UsageLog, e
 		ipAddress             sql.NullString
 		imageCount            int
 		imageSize             sql.NullString
 		mediaType             sql.NullString
 		serviceTier           sql.NullString
 		reasoningEffort       sql.NullString
 		inboundEndpoint       sql.NullString
 		upstreamEndpoint      sql.NullString
 		cacheTTLOverridden    bool
 		channelID             sql.NullInt64
 		modelMappingChain     sql.NullString
 		billingTier           sql.NullString
 		billingMode           sql.NullString
 		createdAt             time.Time
 	)
@ -3979,6 +4069,8 @@ func scanUsageLog(scanner interface{ Scan(...any) error }) (*service.UsageLog, e
 		&cacheReadTokens,
 		&cacheCreation5m,
 		&cacheCreation1h,
 		&imageOutputTokens,
 		&imageOutputCost,
 		&inputCost,
 		&outputCost,
 		&cacheCreationCost,
@ -3997,12 +4089,15 @@ func scanUsageLog(scanner interface{ Scan(...any) error }) (*service.UsageLog, e
 		&ipAddress,
 		&imageCount,
 		&imageSize,
 		&mediaType,
 		&serviceTier,
 		&reasoningEffort,
 		&inboundEndpoint,
 		&upstreamEndpoint,
 		&cacheTTLOverridden,
 		&channelID,
 		&modelMappingChain,
 		&billingTier,
 		&billingMode,
 		&createdAt,
 	); err != nil {
 		return nil, err
@ -4021,6 +4116,8 @@ func scanUsageLog(scanner interface{ Scan(...any) error }) (*service.UsageLog, e
 		CacheReadTokens:       cacheReadTokens,
 		CacheCreation5mTokens: cacheCreation5m,
 		CacheCreation1hTokens: cacheCreation1h,
 		ImageOutputTokens:     imageOutputTokens,
 		ImageOutputCost:       imageOutputCost,
 		InputCost:             inputCost,
 		OutputCost:            outputCost,
 		CacheCreationCost:     cacheCreationCost,
@ -4069,9 +4166,6 @@ func scanUsageLog(scanner interface{ Scan(...any) error }) (*service.UsageLog, e
 	if imageSize.Valid {
 		log.ImageSize = &imageSize.String
 	}
 	if mediaType.Valid {
 		log.MediaType = &mediaType.String
 	}
 	if serviceTier.Valid {
 		log.ServiceTier = &serviceTier.String
 	}
@ -4087,6 +4181,19 @@ func scanUsageLog(scanner interface{ Scan(...any) error }) (*service.UsageLog, e
 	if upstreamModel.Valid {
 		log.UpstreamModel = &upstreamModel.String
 	}
 	if channelID.Valid {
 		value := channelID.Int64
 		log.ChannelID = &value
 	}
 	if modelMappingChain.Valid {
 		log.ModelMappingChain = &modelMappingChain.String
 	}
 	if billingTier.Valid {
 		log.BillingTier = &billingTier.String
 	}
 	if billingMode.Valid {
 		log.BillingMode = &billingMode.String
 	}
 	return log, nil
 }
--- a/backend/internal/repository/usage_log_repo_request_type_test.go
+++ b/backend/internal/repository/usage_log_repo_request_type_test.go
@ -56,6 +56,8 @@ func TestUsageLogRepositoryCreateSyncRequestTypeAndLegacyFields(t *testing.T) {
 			log.CacheReadTokens,
 			log.CacheCreation5mTokens,
 			log.CacheCreation1hTokens,
 			log.ImageOutputTokens,
 			log.ImageOutputCost,
 			log.InputCost,
 			log.OutputCost,
 			log.CacheCreationCost,
@ -74,12 +76,15 @@ func TestUsageLogRepositoryCreateSyncRequestTypeAndLegacyFields(t *testing.T) {
 			sqlmock.AnyArg(), // ip_address
 			log.ImageCount,
 			sqlmock.AnyArg(), // image_size
 			sqlmock.AnyArg(), // media_type
 			sqlmock.AnyArg(), // service_tier
 			sqlmock.AnyArg(), // reasoning_effort
 			sqlmock.AnyArg(), // inbound_endpoint
 			sqlmock.AnyArg(), // upstream_endpoint
 			log.CacheTTLOverridden,
 			sqlmock.AnyArg(), // channel_id
 			sqlmock.AnyArg(), // model_mapping_chain
 			sqlmock.AnyArg(), // billing_tier
 			sqlmock.AnyArg(), // billing_mode
 			createdAt,
 		).
 		WillReturnRows(sqlmock.NewRows([]string{"id", "created_at"}).AddRow(int64(99), createdAt))
@ -129,6 +134,8 @@ func TestUsageLogRepositoryCreate_PersistsServiceTier(t *testing.T) {
 			log.CacheReadTokens,
 			log.CacheCreation5mTokens,
 			log.CacheCreation1hTokens,
 			log.ImageOutputTokens,
 			log.ImageOutputCost,
 			log.InputCost,
 			log.OutputCost,
 			log.CacheCreationCost,
@ -147,12 +154,15 @@ func TestUsageLogRepositoryCreate_PersistsServiceTier(t *testing.T) {
 			sqlmock.AnyArg(),
 			log.ImageCount,
 			sqlmock.AnyArg(),
 			sqlmock.AnyArg(),
 			serviceTier,
 			sqlmock.AnyArg(),
 			sqlmock.AnyArg(),
 			sqlmock.AnyArg(),
 			log.CacheTTLOverridden,
 			sqlmock.AnyArg(), // channel_id
 			sqlmock.AnyArg(), // model_mapping_chain
 			sqlmock.AnyArg(), // billing_tier
 			sqlmock.AnyArg(), // billing_mode
 			createdAt,
 		).
 		WillReturnRows(sqlmock.NewRows([]string{"id", "created_at"}).AddRow(int64(100), createdAt))
@ -439,6 +449,8 @@ func TestScanUsageLogRequestTypeAndLegacyFallback(t *testing.T) {
 			4,                 // cache_read_tokens
 			5,                 // cache_creation_5m_tokens
 			6,                 // cache_creation_1h_tokens
 			0,                 // image_output_tokens
 			0.0,               // image_output_cost
 			0.1,               // input_cost
 			0.2,               // output_cost
 			0.3,               // cache_creation_cost
@ -457,12 +469,15 @@ func TestScanUsageLogRequestTypeAndLegacyFallback(t *testing.T) {
 			sql.NullString{},
 			0,
 			sql.NullString{},
 			sql.NullString{},
 			sql.NullString{Valid: true, String: "priority"},
 			sql.NullString{},
 			sql.NullString{},
 			sql.NullString{},
 			false,
 			sql.NullInt64{},  // channel_id
 			sql.NullString{}, // model_mapping_chain
 			sql.NullString{}, // billing_tier
 			sql.NullString{}, // billing_mode
 			now,
 		}})
 		require.NoError(t, err)
@ -487,6 +502,7 @@ func TestScanUsageLogRequestTypeAndLegacyFallback(t *testing.T) {
 			sql.NullInt64{},
 			sql.NullInt64{},
 			1, 2, 3, 4, 5, 6,
 			0, 0.0, // image_output_tokens, image_output_cost
 			0.1, 0.2, 0.3, 0.4, 1.0, 0.9,
 			1.0,
 			sql.NullFloat64{},
@ -500,12 +516,15 @@ func TestScanUsageLogRequestTypeAndLegacyFallback(t *testing.T) {
 			sql.NullString{},
 			0,
 			sql.NullString{},
 			sql.NullString{},
 			sql.NullString{Valid: true, String: "flex"},
 			sql.NullString{},
 			sql.NullString{},
 			sql.NullString{},
 			false,
 			sql.NullInt64{},  // channel_id
 			sql.NullString{}, // model_mapping_chain
 			sql.NullString{}, // billing_tier
 			sql.NullString{}, // billing_mode
 			now,
 		}})
 		require.NoError(t, err)
@ -530,6 +549,7 @@ func TestScanUsageLogRequestTypeAndLegacyFallback(t *testing.T) {
 			sql.NullInt64{},
 			sql.NullInt64{},
 			1, 2, 3, 4, 5, 6,
 			0, 0.0, // image_output_tokens, image_output_cost
 			0.1, 0.2, 0.3, 0.4, 1.0, 0.9,
 			1.0,
 			sql.NullFloat64{},
@ -543,12 +563,15 @@ func TestScanUsageLogRequestTypeAndLegacyFallback(t *testing.T) {
 			sql.NullString{},
 			0,
 			sql.NullString{},
 			sql.NullString{},
 			sql.NullString{Valid: true, String: "priority"},
 			sql.NullString{},
 			sql.NullString{},
 			sql.NullString{},
 			false,
 			sql.NullInt64{},  // channel_id
 			sql.NullString{}, // model_mapping_chain
 			sql.NullString{}, // billing_tier
 			sql.NullString{}, // billing_mode
 			now,
 		}})
 		require.NoError(t, err)
--- a/backend/internal/repository/user_repo.go
+++ b/backend/internal/repository/user_repo.go
@ -62,7 +62,6 @@ func (r *userRepository) Create(ctx context.Context, userIn *service.User) error
 		SetBalance(userIn.Balance).
 		SetConcurrency(userIn.Concurrency).
 		SetStatus(userIn.Status).
 		SetSoraStorageQuotaBytes(userIn.SoraStorageQuotaBytes).
 		Save(ctx)
 	if err != nil {
 		return translatePersistenceError(err, nil, service.ErrEmailExists)
@ -145,8 +144,6 @@ func (r *userRepository) Update(ctx context.Context, userIn *service.User) error
 		SetBalance(userIn.Balance).
 		SetConcurrency(userIn.Concurrency).
 		SetStatus(userIn.Status).
 		SetSoraStorageQuotaBytes(userIn.SoraStorageQuotaBytes).
 		SetSoraStorageUsedBytes(userIn.SoraStorageUsedBytes).
 		Save(ctx)
 	if err != nil {
 		return translatePersistenceError(err, service.ErrUserNotFound, service.ErrEmailExists)
@ -376,65 +373,6 @@ func (r *userRepository) UpdateConcurrency(ctx context.Context, id int64, amount
 	return nil
 }
 // AddSoraStorageUsageWithQuota 原子累加 Sora 存储用量，并在有配额时校验不超额。
 func (r *userRepository) AddSoraStorageUsageWithQuota(ctx context.Context, userID int64, deltaBytes int64, effectiveQuota int64) (int64, error) {
 	if deltaBytes <= 0 {
 		user, err := r.GetByID(ctx, userID)
 		if err != nil {
 			return 0, err
 		}
 		return user.SoraStorageUsedBytes, nil
 	}
 	var newUsed int64
 	err := scanSingleRow(ctx, r.sql, `
 		UPDATE users
 		SET sora_storage_used_bytes = sora_storage_used_bytes + $2
 		WHERE id = $1
 		  AND ($3 = 0 OR sora_storage_used_bytes + $2 <= $3)
 		RETURNING sora_storage_used_bytes
 	`, []any{userID, deltaBytes, effectiveQuota}, &newUsed)
 	if err == nil {
 		return newUsed, nil
 	}
 	if errors.Is(err, sql.ErrNoRows) {
 		// 区分用户不存在和配额冲突
 		exists, existsErr := r.client.User.Query().Where(dbuser.IDEQ(userID)).Exist(ctx)
 		if existsErr != nil {
 			return 0, existsErr
 		}
 		if !exists {
 			return 0, service.ErrUserNotFound
 		}
 		return 0, service.ErrSoraStorageQuotaExceeded
 	}
 	return 0, err
 }
 // ReleaseSoraStorageUsageAtomic 原子释放 Sora 存储用量，并保证不低于 0。
 func (r *userRepository) ReleaseSoraStorageUsageAtomic(ctx context.Context, userID int64, deltaBytes int64) (int64, error) {
 	if deltaBytes <= 0 {
 		user, err := r.GetByID(ctx, userID)
 		if err != nil {
 			return 0, err
 		}
 		return user.SoraStorageUsedBytes, nil
 	}
 	var newUsed int64
 	err := scanSingleRow(ctx, r.sql, `
 		UPDATE users
 		SET sora_storage_used_bytes = GREATEST(sora_storage_used_bytes - $2, 0)
 		WHERE id = $1
 		RETURNING sora_storage_used_bytes
 	`, []any{userID, deltaBytes}, &newUsed)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return 0, service.ErrUserNotFound
 		}
 		return 0, err
 	}
 	return newUsed, nil
 }
 func (r *userRepository) ExistsByEmail(ctx context.Context, email string) (bool, error) {
 	return r.client.User.Query().Where(dbuser.EmailEQ(email)).Exist(ctx)
 }
--- a/backend/internal/repository/wire.go
+++ b/backend/internal/repository/wire.go
@ -53,7 +53,6 @@ var ProviderSet = wire.NewSet(
 	NewAPIKeyRepository,
 	NewGroupRepository,
 	NewAccountRepository,
 	NewSoraAccountRepository,         // Sora 账号扩展表仓储
 	NewScheduledTestPlanRepository,   // 定时测试计划仓储
 	NewScheduledTestResultRepository, // 定时测试结果仓储
 	NewProxyRepository,
@ -74,6 +73,7 @@ var ProviderSet = wire.NewSet(
 	NewUserGroupRateRepository,
 	NewErrorPassthroughRepository,
 	NewTLSFingerprintProfileRepository,
 	NewChannelRepository,
 	// Cache implementations
 	NewGatewayCache,
--- a/backend/internal/server/api_contract_test.go
+++ b/backend/internal/server/api_contract_test.go
@ -204,16 +204,13 @@ func TestAPIContracts(t *testing.T) {
 						"image_price_1k": null,
 						"image_price_2k": null,
 						"image_price_4k": null,
 							"sora_image_price_360": null,
 							"sora_image_price_540": null,
 							"sora_storage_quota_bytes": 0,
 							"sora_video_price_per_request": null,
 							"sora_video_price_per_request_hd": null,
 							"claude_code_only": false,
 						"allow_messages_dispatch": false,
 						"fallback_group_id": null,
 						"fallback_group_id_on_invalid_request": null,
 						"allow_messages_dispatch": false,
 						"require_oauth_only": false,
 						"require_privacy_set": false,
 						"created_at": "2025-01-02T03:04:05Z",
 						"updated_at": "2025-01-02T03:04:05Z"
 					}
@ -530,7 +527,6 @@ func TestAPIContracts(t *testing.T) {
 						"fallback_model_openai": "gpt-4o",
 						"enable_identity_patch": true,
 						"identity_patch_prompt": "",
 						"sora_client_enabled": false,
 						"invitation_code_enabled": false,
 						"home_content": "",
 					"hide_ccs_import_button": false,
@ -651,11 +647,11 @@ func newContractDeps(t *testing.T) *contractDeps {
 	settingRepo := newStubSettingRepo()
 	settingService := service.NewSettingService(settingRepo, cfg)
-	adminService := service.NewAdminService(userRepo, groupRepo, &accountRepo, nil, proxyRepo, apiKeyRepo, redeemRepo, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil)
+	adminService := service.NewAdminService(userRepo, groupRepo, &accountRepo, proxyRepo, apiKeyRepo, redeemRepo, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil)
 	authHandler := handler.NewAuthHandler(cfg, nil, userService, settingService, nil, redeemService, nil)
 	apiKeyHandler := handler.NewAPIKeyHandler(apiKeyService)
 	usageHandler := handler.NewUsageHandler(usageService, apiKeyService)
-	adminSettingHandler := adminhandler.NewSettingHandler(settingService, nil, nil, nil, nil)
+	adminSettingHandler := adminhandler.NewSettingHandler(settingService, nil, nil, nil)
 	adminAccountHandler := adminhandler.NewAccountHandler(adminService, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil)
 	jwtAuth := func(c *gin.Context) {
--- a/backend/internal/server/middleware/security_headers.go
+++ b/backend/internal/server/middleware/security_headers.go
@ -94,7 +94,6 @@ func isAPIRoutePath(c *gin.Context) bool {
 	return strings.HasPrefix(path, "/v1/") ||
 		strings.HasPrefix(path, "/v1beta/") ||
 		strings.HasPrefix(path, "/antigravity/") ||
 		strings.HasPrefix(path, "/sora/") ||
 		strings.HasPrefix(path, "/responses")
 }
--- a/backend/internal/server/router.go
+++ b/backend/internal/server/router.go
@ -109,7 +109,6 @@ func registerRoutes(
 	// 注册各模块路由
 	routes.RegisterAuthRoutes(v1, h, jwtAuth, redisClient, settingService)
 	routes.RegisterUserRoutes(v1, h, jwtAuth, settingService)
 	routes.RegisterSoraClientRoutes(v1, h, jwtAuth, settingService)
 	routes.RegisterAdminRoutes(v1, h, adminAuth)
 	routes.RegisterGatewayRoutes(r, h, apiKeyAuth, apiKeyService, subscriptionService, opsService, settingService, cfg)
 }
--- a/backend/internal/server/routes/admin.go
+++ b/backend/internal/server/routes/admin.go
@ -34,8 +34,6 @@ func RegisterAdminRoutes(
 		// OpenAI OAuth
 		registerOpenAIOAuthRoutes(admin, h)
 		// Sora OAuth（实现复用 OpenAI OAuth 服务，入口独立）
 		registerSoraOAuthRoutes(admin, h)
 		// Gemini OAuth
 		registerGeminiOAuthRoutes(admin, h)
@ -87,6 +85,9 @@ func RegisterAdminRoutes(
 		// 定时测试计划
 		registerScheduledTestRoutes(admin, h)
 		// 渠道管理
 		registerChannelRoutes(admin, h)
 	}
 }
@ -318,19 +319,6 @@ func registerOpenAIOAuthRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
 	}
 }
 func registerSoraOAuthRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
 	sora := admin.Group("/sora")
 	{
 		sora.POST("/generate-auth-url", h.Admin.OpenAIOAuth.GenerateAuthURL)
 		sora.POST("/exchange-code", h.Admin.OpenAIOAuth.ExchangeCode)
 		sora.POST("/refresh-token", h.Admin.OpenAIOAuth.RefreshToken)
 		sora.POST("/st2at", h.Admin.OpenAIOAuth.ExchangeSoraSessionToken)
 		sora.POST("/rt2at", h.Admin.OpenAIOAuth.RefreshToken)
 		sora.POST("/accounts/:id/refresh", h.Admin.OpenAIOAuth.RefreshAccountToken)
 		sora.POST("/create-from-oauth", h.Admin.OpenAIOAuth.CreateAccountFromOAuth)
 	}
 }
 func registerGeminiOAuthRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
 	gemini := admin.Group("/gemini")
 	{
@ -419,15 +407,6 @@ func registerSettingsRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
 		// Beta 策略配置
 		adminSettings.GET("/beta-policy", h.Admin.Setting.GetBetaPolicySettings)
 		adminSettings.PUT("/beta-policy", h.Admin.Setting.UpdateBetaPolicySettings)
 		// Sora S3 存储配置
 		adminSettings.GET("/sora-s3", h.Admin.Setting.GetSoraS3Settings)
 		adminSettings.PUT("/sora-s3", h.Admin.Setting.UpdateSoraS3Settings)
 		adminSettings.POST("/sora-s3/test", h.Admin.Setting.TestSoraS3Connection)
 		adminSettings.GET("/sora-s3/profiles", h.Admin.Setting.ListSoraS3Profiles)
 		adminSettings.POST("/sora-s3/profiles", h.Admin.Setting.CreateSoraS3Profile)
 		adminSettings.PUT("/sora-s3/profiles/:profile_id", h.Admin.Setting.UpdateSoraS3Profile)
 		adminSettings.DELETE("/sora-s3/profiles/:profile_id", h.Admin.Setting.DeleteSoraS3Profile)
 		adminSettings.POST("/sora-s3/profiles/:profile_id/activate", h.Admin.Setting.SetActiveSoraS3Profile)
 	}
 }
@ -567,3 +546,15 @@ func registerTLSFingerprintProfileRoutes(admin *gin.RouterGroup, h *handler.Hand
 		profiles.DELETE("/:id", h.Admin.TLSFingerprintProfile.Delete)
 	}
 }
 func registerChannelRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
 	channels := admin.Group("/channels")
 	{
 		channels.GET("", h.Admin.Channel.List)
 		channels.GET("/model-pricing", h.Admin.Channel.GetModelDefaultPricing)
 		channels.GET("/:id", h.Admin.Channel.GetByID)
 		channels.POST("", h.Admin.Channel.Create)
 		channels.PUT("/:id", h.Admin.Channel.Update)
 		channels.DELETE("/:id", h.Admin.Channel.Delete)
 	}
 }
--- a/backend/internal/server/routes/gateway.go
+++ b/backend/internal/server/routes/gateway.go
@ -23,11 +23,6 @@ func RegisterGatewayRoutes(
 	cfg *config.Config,
 ) {
 	bodyLimit := middleware.RequestBodyLimit(cfg.Gateway.MaxBodySize)
 	soraMaxBodySize := cfg.Gateway.SoraMaxBodySize
 	if soraMaxBodySize <= 0 {
 		soraMaxBodySize = cfg.Gateway.MaxBodySize
 	}
 	soraBodyLimit := middleware.RequestBodyLimit(soraMaxBodySize)
 	clientRequestID := middleware.ClientRequestID()
 	opsErrorLogger := handler.OpsErrorLoggerMiddleware(opsService)
 	endpointNorm := handler.InboundEndpointMiddleware()
@ -163,28 +158,6 @@ func RegisterGatewayRoutes(
 		antigravityV1Beta.POST("/models/*modelAction", h.Gateway.GeminiV1BetaModels)
 	}
 	// Sora 专用路由（强制使用 sora 平台）
 	soraV1 := r.Group("/sora/v1")
 	soraV1.Use(soraBodyLimit)
 	soraV1.Use(clientRequestID)
 	soraV1.Use(opsErrorLogger)
 	soraV1.Use(endpointNorm)
 	soraV1.Use(middleware.ForcePlatform(service.PlatformSora))
 	soraV1.Use(gin.HandlerFunc(apiKeyAuth))
 	soraV1.Use(requireGroupAnthropic)
 	{
 		soraV1.POST("/chat/completions", h.SoraGateway.ChatCompletions)
 		soraV1.GET("/models", h.Gateway.Models)
 	}
 	// Sora 媒体代理（可选 API Key 验证）
 	if cfg.Gateway.SoraMediaRequireAPIKey {
 		r.GET("/sora/media/*filepath", gin.HandlerFunc(apiKeyAuth), h.SoraGateway.MediaProxy)
 	} else {
 		r.GET("/sora/media/*filepath", h.SoraGateway.MediaProxy)
 	}
 	// Sora 媒体代理（签名 URL，无需 API Key）
 	r.GET("/sora/media-signed/*filepath", h.SoraGateway.MediaProxySigned)
 }
 // getGroupPlatform extracts the group platform from the API Key stored in context.
--- a/backend/internal/server/routes/gateway_test.go
+++ b/backend/internal/server/routes/gateway_test.go
@ -22,7 +22,6 @@ func newGatewayRoutesTestRouter() *gin.Engine {
 		&handler.Handlers{
 			Gateway:       &handler.GatewayHandler{},
 			OpenAIGateway: &handler.OpenAIGatewayHandler{},
 			SoraGateway:   &handler.SoraGatewayHandler{},
 		},
 		servermiddleware.APIKeyAuthMiddleware(func(c *gin.Context) {
 			c.Next()
--- a/Show More
+++ b/Show More