sub2api

Author	SHA1	Message	Date
win	75c3c01f46	feat: 遥测模拟 — 模拟 Claude CLI 的 event_logging + DataDog 日志基于真实 Claude CLI 2.1.81 抓包数据实现： - POST api.anthropic.com/api/event_logging/batch（请求前后自动发送） - POST http-intake.logs.us5.datadoghq.com/api/v2/logs - 事件类型：tengu_started, tengu_init, tengu_api_request_started/completed - 每个账号独立 session_id + device_id - process_metrics base64 编码（匹配真实格式） - 可通过 TELEMETRY_ENABLED=false 关闭	2026-03-25 11:37:27 +08:00
win	068b0cbc39	revert: 移除 Sora sidecar，还原 sora_sdk_client.go 到原版	2026-03-25 11:37:27 +08:00
win	3c8ffd3efc	fix: 双模型审查 Critical 修复 1. Sora session_key 按 accountID 隔离（消除跨账号指纹关联） 2. 有 per-account 代理的 Sora 账号跳过 sidecar（保持代理 IP） 3. 请求体用 base64 编码传输（防止二进制数据损坏） 4. Node.js 代理 Body 用 GetBody 安全复制（修复重试时 Body 枯竭）	2026-03-25 11:37:27 +08:00
win	4a92f1903f	fix: 架构审查修复 3 个 bug 1. instanceSalt 空值兼容：salt 为空时保持原始 hash 格式不变避免升级后所有 user_id hash 突变触发 Anthropic 检测 2. doViaNodeTLSProxy 克隆请求：不修改原始 req 对象修复重试时 URL 已被改写导致请求失败 3. Sora doSoraBackendJSON 漏改：补上 sidecar 路由	2026-03-25 11:37:27 +08:00
win	99c77c4641	fix: 有 per-account 代理的账号不走 Node.js 代理，防止 IP 变化触发风控	2026-03-25 11:37:27 +08:00
win	4037eebd37	feat: Sora 请求优先走 curl_cffi sidecar（Chrome 指纹绕过 Cloudflare）	2026-03-25 11:37:27 +08:00
win	60c532ea7f	feat: Sora curl_cffi sidecar — Chrome TLS 指纹绕过 Cloudflare - 新增 sora-curl-cffi-sidecar 容器（Python + curl_cffi + chrome131） - docker-compose.tls-proxy.yml 集成 sidecar，sub2api 自动连接 - 会话池复用，避免重复 TLS 握手 - 镜像 zfc931912343/sora-curl-cffi-sidecar:latest (amd64+arm64)	2026-03-25 11:37:27 +08:00
win	4bca447e33	fix: Node.js TLS 代理仅拦截 api.anthropic.com，修复 Sora 404	2026-03-25 11:37:27 +08:00
win	f5fdd41aea	feat: 实例级隔离 — salt + 指纹版本可配置 - 新增 gateway.instance_salt: 不同 sub2api 实例对相同输入产生不同 hash 影响 user_id 重写和 session hash，防止跨实例指纹关联 - 新增 gateway.fingerprint_defaults: CLI 版本号/SDK 版本/OS/Arch 可配置每个实例可设不同值，与其他 sub2api 部署区分 - constants.go + identity_service.go 支持启动时覆盖默认指纹 - wire_gen.go 启动时读取配置并应用覆盖	2026-03-25 11:37:27 +08:00
win	f68dc13a1a	fix: 更新 Claude CLI 指纹版本 2.1.22→2.1.81, SDK 0.70.0→0.80.0	2026-03-25 11:37:27 +08:00
win	d38b672d54	fix: Node.js TLS 代理仅拦截 Anthropic 请求（DoWithTLS 路径） - Do() 去掉 Node.js 代理拦截，Antigravity/Google 请求走原路径 - 只有 DoWithTLS 且 enableTLSFingerprint=true 时走 Node.js 代理 - 按平台分治：Anthropic → Node.js 原生 TLS，Google → 原有 uTLS/直连	2026-03-25 11:37:27 +08:00
win	3b42e71b12	fix: 重写 proxy.js — 预收集 body + H1/H2 自适应，本地测试 4/4 通过	2026-03-25 11:37:27 +08:00
win	37a1b404e9	feat: 智能 H1/H2 自适应 — 首次 H1 秒挂自动切 H2 并缓存 - 首次请求走 HTTP/1.1，如果 socket hang up < 2s 自动切 HTTP/2 - H2 主机缓存在内存中，后续请求直接走 H2（如 googleapis.com） - H2 session 池复用 + 空闲超时自动清理 - 详细日志：proxy_request → proxy_response/error，含协议标识 - 解决 googleapis.com 强制 H2 导致请求失败的问题	2026-03-25 11:37:27 +08:00
win	9586cf1110	fix: 去掉 H2/ALPN 复杂度，回到纯 https.request + 动态主机 + 响应日志	2026-03-25 11:37:27 +08:00
win	4f82ce23a9	feat: Node.js TLS 代理支持 HTTP/2 + 动态主机路由 - proxy.js: 自动探测上游 ALPN (h2/http1.1)，按需选择协议 - proxy.js: X-Forwarded-Host 动态路由，支持任意上游主机 - proxy.js: HTTP/2 session 缓存 + 空闲超时自动清理 - Go: 所有 HTTPS 上游请求统一走 Node.js 代理，无域名白名单 - 解决 googleapis.com 要求 HTTP/2 导致 socket hang up	2026-03-25 11:37:27 +08:00
win	0086cfdfe8	fix: Node.js TLS 代理对所有 HTTPS 上游生效，去掉域名白名单 - 移除 proxy_hosts 白名单限制和 shouldRouteViaNodeProxy - 所有 HTTPS 上游请求统一走 Node.js 代理 - 通过 X-Forwarded-Host 动态识别目标主机 - Anthropic / Gemini / 任意上游自动适配 - 移除诊断日志（已定位问题）	2026-03-25 11:37:27 +08:00
win	cb035e4637	diag: 在 DoWithTLS 路径也添加诊断日志	2026-03-25 11:37:27 +08:00
win	47fba12a75	fix: Node.js TLS 代理按 proxy_hosts 白名单过滤 + 诊断日志 - 新增 proxy_hosts 配置：可配置需要走 Node.js 代理的主机列表 - 默认仅代理 api.anthropic.com，Gemini/Sora 走原路径 - 添加 warn 级别诊断日志，输出请求的 scheme/host/hostname/should_route - 用于定位 Anthropic 请求未命中 Node.js 代理的原因	2026-03-25 11:37:27 +08:00
win	45c90b22eb	fix: Node.js TLS 代理按主机白名单过滤，Gemini 走原路径 - 新增 proxy_hosts 配置：白名单内的主机走 Node.js 代理 - 默认仅代理 api.anthropic.com - Gemini/Sora 等非 Anthropic 请求自动走原有 uTLS 路径 - 解决 Gemini 请求经 Node.js 代理后 socket hang up 的问题	2026-03-25 11:37:27 +08:00
win	5de1618e08	fix: Node.js TLS 代理动态识别上游主机 - Go: 通过 X-Forwarded-Host 传递原始目标主机给 Node.js 代理 - Node.js: 读取 X-Forwarded-Host 动态连接到正确的上游主机 - 所有 HTTPS 上游请求统一走代理，不再固定绑定 api.anthropic.com - Gemini/Sora 等不同上游自动识别，无需手动配置	2026-03-25 11:37:27 +08:00
win	71a068c193	fix: Node.js TLS 代理对所有 HTTPS 上游请求生效 Do() 方法新增 Node.js 代理检查，不再依赖账号级 TLS 指纹开关。当 node_tls_proxy.enabled=true 时，所有 HTTPS 上游请求统一走 Node.js 代理，确保 JA3/JA4 指纹一致。	2026-03-25 11:37:26 +08:00
win	8cac4269aa	feat: Node.js TLS 指纹代理 + 网络隔离防泄露 - 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/) 原生 Node.js TLS 栈发起上游 HTTPS，JA3/JA4 天然匹配 Claude CLI SSE 流式透传，支持上游 HTTP CONNECT 代理零依赖，Node.js 24.13.0 锁定版本 - Go 集成 (config.go + http_upstream.go) 新增 NodeTLSProxyConfig 配置 DoWithTLS 优先走 Node.js 代理模式，URL 重写 https→http://localhost:3456 - Docker 网络隔离 (docker-compose.tls-proxy.yml) sub2api 容器仅 internal 网络，物理隔离外网 node-tls-proxy 唯一出站通道，IPv6 内核级禁用 - iptables 防泄露脚本 (tools/firewall/) QUIC/UDP 443 全局 DROP，仅 nodeproxy 用户可出站 TCP 443 - 镜像切换为 zfc931912343/ 仓库	2026-03-25 11:37:26 +08:00
Wesley Liddick	0f03393010	Merge pull request #1234 from Zqysl/qingyu/fix-ops-runtime-log-controls-layout fix(ops): prevent runtime log controls UI overflow	2026-03-24 19:13:47 +08:00
Wesley Liddick	4b1ffc23f5	Merge pull request #1240 from Zqysl/qingyu/fix-openai-passthrough-429-rate-limits fix(openai): persist passthrough 429 rate limits	2026-03-24 19:02:40 +08:00
Wesley Liddick	c7137dffa8	Merge pull request #1218 from LvyuanW/openai-runtime-recheck fix(openai): prevent rescheduling rate-limited accounts	2026-03-24 15:21:18 +08:00
Wesley Liddick	5a3375ce52	Merge pull request #1227 from liruiluo/codex/dockerignore-deploy-data Ignore deploy runtime data in Docker context	2026-03-24 15:20:10 +08:00
Wesley Liddick	8e834fd9f5	Merge pull request #1204 from Eilen6316/fix/smtp-config-stability-and-refresh-test fix(settings): prevent SMTP config overwrite and stabilize SMTP test after refresh	2026-03-24 15:19:24 +08:00
Wesley Liddick	02046744eb	Merge pull request #1212 from alfadb/fix/filter-empty-text-blocks-nested fix(gateway): 修复 tool_result 嵌套内容中空 text block 导致上游 400 错误	2026-03-24 15:19:01 +08:00
Wesley Liddick	68d7ec9155	Merge pull request #1220 from weak-fox/feat/account-privacy-mode-filter feat: 管理员账号列表支持按 Privacy 状态筛选	2026-03-24 15:18:30 +08:00
Wesley Liddick	7537dce0f0	Merge pull request #1230 from LvyuanW/bulk-openai-oauth-ws-mode-pr Add bulk OpenAI OAuth WS mode editing	2026-03-24 15:17:13 +08:00
Wesley Liddick	5f41b74707	Merge pull request #1242 from Ethan0x0000/feat/anthropic-openai-endpoint-compat 支持 Anthropic Responses / Chat Completions 兼容端点并完善会话一致性与错误可观测性	2026-03-24 15:16:26 +08:00
Wesley Liddick	25d961d4e0	Merge pull request #1252 from DaydreamCoding/feat/openai-mobile-rt feat(openai): 支持 Mobile Refresh Token 导入，自动补全 plan_type	2026-03-24 15:12:25 +08:00
QTom	91b1d812ce	feat(openai): Mobile RT 补全 plan_type、精确匹配账号、刷新时自动设置隐私 1. accounts/check 补全 plan_type：当 id_token 缺少 plan_type（如 Mobile RT），自动调用 accounts/check 端点获取订阅类型 2. orgID 精确匹配账号：从 JWT 提取 poid 匹配正确账号，避免 Go map 遍历顺序随机导致 plan_type 不稳定 3. RT 刷新时设置隐私：调用 disableOpenAITraining 关闭训练数据共享，结果存入 extra.privacy_mode，后续跳过重复设置 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 14:50:03 +08:00
QTom	1f05d9f79d	fix(openai): buildCredentials 对齐后端 BuildAccountCredentials 字段补齐前端 buildCredentials 缺失的 id_token、email、plan_type 字段，与后端 BuildAccountCredentials 保持一致。修复手动 RT 创建的账号缺少订阅类型等关键信息的问题。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 14:50:03 +08:00
QTom	9f8cffe887	feat(openai): 新增"手动输入 Mobile RT"入口，使用 SoraClientID 刷新在 OpenAI 平台添加独立的"手动输入 Mobile RT"选项，使用 client_id=app_LlGpXReQgckcGGUo2JrYvtJK 刷新 token，与现有 "手动输入 RT"（Codex CLI client_id）互不影响。共享同一 UI 和批量创建逻辑，通过 clientId 参数区分。同时修复空名称触发 ent NotEmpty() 校验导致 500 的问题。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 14:50:03 +08:00
shaw	995bee143a	feat: 支持自定义端点配置与展示	2026-03-24 10:22:08 +08:00
Ethan0x0000	f10e56be7e	refactor(test): improve type assertions in ops endpoint context tests	2026-03-24 09:52:56 +08:00
Ethan0x0000	2f8e10db46	fix(service): preserve anthropic usage fields across compat endpoints Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-24 09:32:34 +08:00
Ethan0x0000	5418e15e63	fix(service): normalize user agent for gemini session reuse Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-24 09:32:01 +08:00
Ethan0x0000	bcf84cc153	fix(service): normalize user agent for sticky session hashes Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-24 09:31:32 +08:00
qingyuzhang	ce8520c9e6	fix(openai): persist passthrough 429 rate limits	2026-03-24 01:48:25 +08:00
qingyuzhang	0b3928c33e	fix(ops): prevent runtime log controls overflow	2026-03-23 18:54:45 +08:00
Wang Lvyuan	adbedd488c	Add bulk OpenAI OAuth WS mode editing	2026-03-23 17:11:01 +08:00
Ethan0x0000	13b72f6bc2	Merge remote-tracking branch 'origin/feat/ops-error-observability-transfer' into feat/anthropic-openai-endpoint-compat # Conflicts: # frontend/src/api/admin/ops.ts # frontend/src/views/admin/ops/components/OpsErrorDetailModal.vue # frontend/src/views/admin/ops/components/OpsErrorLogTable.vue	2026-03-23 16:31:59 +08:00
Ethan0x0000	c5aa96a3aa	feat(frontend): display error observability fields in ops admin panel Show endpoint, model mapping, and request type in the ops error log table and detail modal: - Endpoint column with inbound/upstream tooltip - Model column showing requested→upstream mapping with arrow - Request type badge (sync/stream/ws) in status column - New detail cards for inbound endpoint, upstream endpoint, request type	2026-03-23 16:24:59 +08:00
Ethan0x0000	d927c0e45f	feat(routes): add platform-based routing split for /v1/responses and /v1/chat/completions Mirror the existing /v1/messages platform split pattern: - OpenAI groups → OpenAIGateway handlers (existing, unchanged) - Non-OpenAI groups → Gateway handlers (new Anthropic-upstream path) Updated both /v1 prefixed routes and non-prefixed alias routes (/responses, /chat/completions). WebSocket route (/v1/responses GET) remains OpenAI-only as Anthropic has no WebSocket equivalent.	2026-03-23 16:24:47 +08:00
Ethan0x0000	31660c4c5f	feat(handler): add Responses/ChatCompletions handlers on GatewayHandler New HTTP handlers for Anthropic platform groups accepting OpenAI-format endpoints: - GatewayHandler.Responses: /v1/responses for non-OpenAI groups - GatewayHandler.ChatCompletions: /v1/chat/completions for non-OpenAI groups Both handlers include: - Claude Code only restriction (403 reject when claude_code_only enabled, since these endpoints are never Claude Code clients) - Full auth → billing → user/account concurrency → failover loop - Ops error/endpoint context propagation - Async usage recording via worker pool Error responses use each endpoint's native format (Responses API format for /v1/responses, CC format for /v1/chat/completions).	2026-03-23 16:24:35 +08:00
Ethan0x0000	4321adab71	feat(service): add ForwardAsResponses/ForwardAsChatCompletions on GatewayService New forwarding methods on GatewayService for Anthropic platform groups: - ForwardAsResponses: accept Responses body → convert to Anthropic → forward to upstream → convert response back to Responses format. Supports both streaming (SSE event-by-event conversion) and buffered (accumulate then convert) response modes. - ForwardAsChatCompletions: chain CC→Responses→Anthropic for request, Anthropic→Responses→CC for response. Streaming uses dual state machine chain with [DONE] marker. Both methods reuse existing GatewayService infrastructure: buildUpstreamRequest, Claude Code mimicry, cache control enforcement, model mapping, and return UpstreamFailoverError for handler-level retry.	2026-03-23 16:24:22 +08:00
Ethan0x0000	68f151f5c0	feat(apicompat): add Responses↔Anthropic bidirectional format conversion Add reverse-direction converters for Anthropic platform groups to accept OpenAI-format requests: - ResponsesToAnthropicRequest: Responses API input → Anthropic Messages request with system extraction, tool/toolChoice mapping, reasoning effort conversion, image data URI↔base64, and consecutive role merging - AnthropicToResponsesResponse: Anthropic response → Responses response with content block→output item mapping, usage, stop_reason→status - AnthropicEventToResponsesEvents: stateful SSE stream converter (Anthropic streaming protocol → Responses streaming protocol) - FinalizeAnthropicResponsesStream: synthetic termination for incomplete streams	2026-03-23 16:24:09 +08:00
Ethan0x0000	ecad083ffc	fix(ops): prefer upstream_model in ops error displays	2026-03-23 15:50:12 +08:00

1 2 3 4 5 ...

2443 Commits