sub2api

Author	SHA1	Message	Date
Jamie Wong	cff2f291be	fix(openai): also match bare /responses route in handleStreamingAwareError The first revision compared GetInboundEndpoint(c) against EndpointResponses ("/v1/responses"). NormalizeInboundEndpoint only recognizes paths that contain the literal "/v1/responses" substring, but the project actually registers six /responses routes — three of which (top-level r.POST("/responses", ...) and codexDirect's "/backend-api/codex/responses") have FullPath values without the "/v1" prefix and therefore fall through to the default branch. Codex CLI users targeting the bare /responses route at the production deployment (observed 2026-05-24 ~11:05 UTC, user 16) never reached the new writeResponsesFailedSSE path: the endpoint check was false, the legacy `event: error` frame fired, and the strict SDK kept reporting "stream closed before response.completed". Replace the strict equality check with inboundIsResponses(c), which uses suffix detection on FullPath (falling back to URL.Path when FullPath is empty in test fixtures) and covers all six route variants: /v1/responses[/...] /responses[/...] /backend-api/codex/responses[/...] Add test table covering all routes plus negative cases. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-24 19:32:08 +08:00
win	e938be5f3f	chore: merge upstream Wei-Shaw/sub2api latest (v0.1.130+) Upstream features: bedrock CC compat, email whitelist wildcard, content moderation per-model toggle, redeem code batch update, OIDC verified-email fast path, subscription expiry email, cache hit rate fix, audit dedup, js-cookie security fix, x/net vulnerability fix, OpenAI account cooldown optimization, reverse proxy client IP fix, API key ACL trusted forwarded IP. Local additions preserved: rpmTokenBucketService, quotaFactor scoring, P2C scheduler selection.	2026-05-24 15:54:54 +08:00
Jamie Wong	5e5c2062bf	fix(openai): emit response.failed for /v1/responses after stream started When /v1/responses streaming hits the user/account concurrency wait, the wait loop sends SSE ping comments to keep the connection alive, which flushes HTTP 200 + headers. If the wait then times out (or any other post-flush error fires), handleStreamingAwareError previously emitted a generic `event: error` frame. Codex CLI requires the stream to end with a Responses terminal event (response.completed/failed/incomplete/cancelled), so it reports "stream closed before response.completed" and the user-facing rate-limit intent is lost. This change detects inbound = /v1/responses in both handleStreamingAwareError implementations and emits a protocol-compliant response.failed event whose field set mirrors apicompat.makeResponsesCompletedEvent (id/object/model/status/output/error). The synthetic id reuses ctxkey.RequestID so client errors can be grepped against server logs. sequence_number is intentionally omitted to preserve monotonicity on streams that already emitted real events. Other inbound endpoints (/v1/chat/completions, /v1/messages) keep their legacy formats untouched. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-24 10:58:29 +08:00
github-actions[bot]	63b0631a58	chore: sync VERSION to 0.1.130 [skip ci]	2026-05-23 06:40:10 +00:00
Wesley Liddick	3c5a444802	Merge pull request #2698 from deqiying/fix/log-real-client-ip fix: 修复反代部署下拒绝日志客户端 IP 不准确	2026-05-23 11:08:47 +08:00
shaw	b6c0b40848	fix: update x/net vulnerability dependency	2026-05-23 10:55:44 +08:00
shaw	1e406fed52	fix: optimize OpenAI account cooldown scheduling	2026-05-23 10:18:43 +08:00
deqiying	0af44ce4c2	fix: 修复反代部署下拒绝日志客户端 IP 不准确将 OpenAI codex_cli_only 拒绝诊断日志中的 request_client_ip 改为复用 ip.GetClientIP，与 usage 记录和 access log 的真实客户端 IP 解析逻辑保持一致。保留 request_remote_addr 用于排查底层 Docker/反代 peer 地址，并补充单元测试覆盖反代头与 remote addr 分离的场景。	2026-05-22 23:28:21 +08:00
Wesley Liddick	f59d9a5f8e	Merge pull request #2674 from wucm667/feat/moderation-per-model-toggle feat(risk-control): 内容审计支持按模型生效	2026-05-22 20:10:38 +08:00
Wesley Liddick	301032dc72	Merge pull request #2672 from wucm667/feat/email-whitelist-wildcard-suffix feat(registration): 邮箱白名单支持后缀通配符匹配(*.edu.cn)	2026-05-22 17:33:29 +08:00
Wesley Liddick	a5efb84fa0	Merge pull request #2656 from wucm667/fix/apicompat-developer-role-to-system fix(apicompat): Responses 转 Chat Completions 时 developer role 映射为 system	2026-05-22 17:32:47 +08:00
Wesley Liddick	9f91a8af17	Merge pull request #2662 from touwaeriol/feat/bedrock-cc-compat feat(bedrock): add Claude Code compatibility for AWS Bedrock	2026-05-22 17:32:11 +08:00
Wesley Liddick	a33a294970	Merge pull request #2658 from wucm667/feat/account-test-chat-completions-path feat(account): 测试连接支持 OpenAI-compatible Chat Completions 路径	2026-05-22 17:31:14 +08:00
wucm667	199a5bcc69	fix(risk-control): Agent 工具循环中同一用户消息重复审计去重末尾 role 检查方案：当 messages / input / contents 数组末尾一项不是用户消息（而是 assistant、tool / function_call_output 等）时，直接跳过内容审计，从而避免 Agent 工具循环中同一用户输入被反复审计、计费、写日志。 Fixes #2678	2026-05-22 14:54:06 +08:00
wucm667	0d5c6f7cc7	feat(risk-control): 内容审计支持按模型生效	2026-05-21 21:18:43 +08:00
wucm667	a5b9b68b76	feat(registration): 支持邮箱白名单后缀通配符	2026-05-21 21:02:26 +08:00
wucm667	ca60cede14	feat(account): 支持测试连接 Chat Completions 路径	2026-05-21 16:37:20 +08:00
wucm667	c4d7edba08	fix(apicompat): map developer role to system	2026-05-21 16:37:05 +08:00
shaw	aae20ef437	fix(oidc): harden verified-email fast path	2026-05-21 15:19:29 +08:00
Wesley Liddick	35901a174b	Merge pull request #2655 from ye4241/feat/oidc-trust-verified-email-fast-path feat(oidc): 上游邮箱已验证时跳过 choice 页直接登录注册	2026-05-21 14:47:08 +08:00
shaw	a613a587ba	feat: add subscription expiry email toggle	2026-05-21 14:27:50 +08:00
ye4241	55554adc18	chore(oidc): 回应 Copilot review - ProviderType 从 identity.ProviderType 取（不再硬编码） - fast-path 日志改用 infraerrors.Reason(err) 避免泄露 PII / 降噪	2026-05-21 13:32:20 +08:00
ye4241	39fe7aa0eb	feat(oidc): 上游邮箱已验证时跳过 choice 页直接登录注册当前 OIDC 首次登录无条件创建 choose_account_action_required 的 pending session，即使 force_email_on_third_party_signup 关闭，前端仍然会强制弹出"创建账号 / 绑定已有账号"的二选一界面，并展示内部合成邮箱（oidc-xxx@oidc-connect.invalid），用户体验差。本次复用已存在的 LoginOrRegisterVerifiedEmailOAuth 路径（原本仅供 github/google 使用），在以下条件全部满足时跳过 choice 页，直接信任上游身份完成注册/登录： - force_email_on_third_party_signup = false - 邀请码模式未启用 - 上游声明 email_verified = true 且 compat_email 非空 - 本地不存在同邮箱已有账号失败时（如邮箱后缀不在白名单、注册关闭等）自动回退到现有 choice 流程，行为完全向后兼容。测试覆盖： - TestTryOIDCVerifiedEmailFastPathCreatesUserAndIdentity - TestTryOIDCVerifiedEmailFastPathSkippedWhenInvitationCodeRequired - TestTryOIDCVerifiedEmailFastPathSkippedWhenForceEmailEnabled	2026-05-21 13:32:20 +08:00
erio	fe1c6c958b	feat(bedrock): add Claude Code compatibility for AWS Bedrock - Export ApplyBedrockCCCompat() in GatewayService, called after channel model mapping to ensure mapped model ID is used for Opus 4.7+ detection - Add sanitizeBedrockCCFields(): remove service_tier/interface_geo/ context_management, inject max_tokens/anthropic_version defaults - Add sanitizeBedrockCCBetaTokens(): filter anthropic_beta to keep only Bedrock-supported tokens, reusing autoInjectBedrockBetaTokens and filterBedrockBetaTokens for consistent rules - Remove unsupported beta tokens (interleaved-thinking, context-management) from whitelist based on AWS official docs - Simplify IsBedrockCCCompatEnabled() to check boolean toggle directly, applying CC compat to all accounts regardless of platform - Add unit tests for IsBedrockCCCompatEnabled (8 cases), sanitizeBedrockCCFields (8 cases), sanitizeBedrockCCBetaTokens (7 cases) - Update bedrock beta policy tests for removed auto-injection	2026-05-21 11:46:24 +08:00
Wesley Liddick	bd3d4d9a24	Merge pull request #2399 from gaoren002/fix/openai-image-upstream-errors fix(openai): surface image moderation errors	2026-05-21 11:31:22 +08:00
Wesley Liddick	a60a349ecf	Merge pull request #2375 from gaoren002/fix/account-delete-scheduler-cache fix: clear scheduler cache when deleting accounts	2026-05-21 11:31:05 +08:00
Wesley Liddick	131d4b3050	Merge pull request #2374 from gaoren002/fix/openai-refresh-token-reused fix: mark reused refresh tokens non-retryable and unschedule errored accounts	2026-05-21 11:30:52 +08:00
Wesley Liddick	eda04c6129	Merge pull request #2615 from wucm667/feat/redeem-code-batch-update feat(redeem): 兑换码支持批量修改	2026-05-21 10:39:46 +08:00
Wesley Liddick	b106192ee2	Merge pull request #2648 from DaydreamCoding/fix/user-provider-default-grants-check fix(auth): user_provider_default_grants 加入 github/google/dingtalk	2026-05-21 10:38:34 +08:00
Wesley Liddick	d3c4e50753	Merge pull request #2645 from lyen1688/fix/trusted-forwarded-ip-acl PR：为 API Key IP 白/黑名单增加可配置的反代真实 IP 判断	2026-05-21 10:34:28 +08:00
DaydreamCoding	4bfb707ff3	fix(auth): user_provider_default_grants 加入 github/google/dingtalk migration 135/136 把 github、google、dingtalk 加到 users / auth_identities / auth_identity_channels / pending_auth_sessions 的 check 约束时，漏改 user_provider_default_grants。一旦管理员开启 grant_on_first_bind，OAuth 首次绑定就会在 INSERT user_provider_default_grants 时撞约束，触发 500。	2026-05-21 00:48:38 +08:00
lyen1688	1d2445ff52	修复 API Key ACL 开关的 CI 校验	2026-05-20 23:51:39 +08:00
lyen1688	08c8c67df7	为 API Key ACL 增加反代真实 IP 开关	2026-05-20 22:51:46 +08:00
win	82bc1e199f	chore: remove unused real-time log stream / request event bus 删除 fork 独有的实时日志相关功能（上游 Wei-Shaw/sub2api 不存在）： A. OpsLogBroadcaster + SSE 日志流（前端有用但用户不需要）: - backend/internal/service/ops_log_broadcaster{,_test}.go - backend/internal/handler/ops_log_stream_middleware.go - backend/internal/handler/admin/ops_log_stream_handler.go - backend/internal/server/routes/admin.go: GET /admin/ops/logs/{stream,recent} - backend/internal/server/routes/{gateway,windsurf_gateway}.go: opsLogStream middleware - backend/internal/service/wire.go: ProvideOpsLogBroadcaster - frontend/src/views/admin/ops/OpsLogStreamView.vue - frontend/src/api/admin/ops.ts: subscribeOpsLogStream, getRecentOpsLogs, OpsLogEntry/OpsLogFilter/OpsLogRecentResponse 类型 - frontend/src/router/index.ts: AdminOpsLogStream 路由 - frontend/src/components/layout/AppSidebar.vue: 侧边栏入口 - frontend/src/i18n/locales/{en,zh}.ts: nav.opsLogStream + admin.ops.logStream 全部文案 B. RequestEventBus + WS 请求事件流（前端零调用 dead code）: - backend/internal/service/request_event_bus{,_test}.go - backend/internal/handler/admin/ops_ws_requests_handler.go - backend/internal/server/routes/admin.go: GET /admin/ops/ws/requests - backend/internal/handler/gateway_handler.go: RequestEventBus 字段/参数 + reqStartTime + reqEventAccountID/reqEventStatus 跟踪 + defer Publish - backend/internal/service/wire.go: NewRequestEventBus - backend/internal/handler/admin/ops_handler.go: OpsHandler 中 requestEventBus + logBroadcaster 字段,简化 NewOpsHandler 签名保留: - /admin/ops/ws/qps (前端 QPS 监控仍在用) - /admin/ops/realtime-traffic (前端在用) - OpsErrorLoggerMiddleware (与本次无关) 签名变更: - NewOpsHandler(opsService) — 移除 requestEventBus, logBroadcaster - NewGatewayHandler(...): 移除 requestEventBus 末位参数 - ProvideRouter / SetupRouter / registerRoutes / RegisterGatewayRoutes / RegisterWindsurfGatewayRoutes: 移除 opsLogBroadcaster 参数 - 同步更新 wire_gen.go + 测试调用点验证: - 后端 go build/vet 通过 - 前端 pnpm run build 通过 (9.48s) - 测试: 2 个 baseline 既存失败 (TestProxyImportData..., TestWindsurfTierAccessService_Snapshot_HappyPath) 与本次无关	2026-05-20 22:43:20 +08:00
Wesley Liddick	e5d6f1727f	Merge pull request #2641 from Arron196/fix/channel-monitor-responses-reasoning fix(channel-monitor): 兼容 Responses reasoning 输出	2026-05-20 22:36:46 +08:00
Wesley Liddick	f2d072ffc7	Merge pull request #2643 from Arron196/fix/ops-sla-local-client-errors fix(ops): 排除本地客户端限制错误的 SLA 计数	2026-05-20 22:36:02 +08:00
win	502d57652f	chore: merge upstream Wei-Shaw/sub2api v0.1.130-fix Upstream 改动 (PR #2636): - fix(gateway): retry on "thinking block must contain thinking" upstream error 跨模型切换时,其他模型回过的 assistant 历史里有 type=thinking 但缺 thinking 文本,送给开启 extended thinking 的 Claude 会被拒,通过 signature error 重试机制可恢复。修改文件: backend/internal/service/gateway_service.go (+9), gateway_request_test.go (+31 测试)	2026-05-20 22:06:26 +08:00
benjamin	69305a6091	fix(ops): 排除本地客户端限制错误的 SLA 计数 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-05-20 22:01:33 +08:00
erio	4fd21994c5	feat(bedrock): add Claude Code compatibility transformations for Bedrock accounts Add channel-level Bedrock CC compatibility toggle (similar to web_search_emulation) that fixes 4 types of Bedrock 400 errors seen with Claude Code: 1. thinking.type "enabled" → "adaptive" for Opus 4.7+ (only supports adaptive) 2. Add default budget_tokens when missing for older models 3. Replace illegal characters in tool_use IDs to match Bedrock's ^[a-zA-Z0-9_-]+$ pattern 4. anthropic_version / invalid beta flag (already handled elsewhere) Transformations run in Forward() before any forwarding path, so both native Bedrock accounts and apikey passthrough accounts pointing to Bedrock relays benefit. Includes channel-level toggle UI and unit tests.	2026-05-20 21:47:38 +08:00
benjamin	d3d5843b9d	fix(channel-monitor): 兼容 Responses reasoning 输出 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-05-20 21:19:06 +08:00
name	8211aa7066	fix: retry on "thinking block must contain thinking" upstream error Some clients reuse assistant history from other models when switching to claude with extended thinking enabled. If a prior thinking block lacks the thinking text field, upstream returns: messages.X.content.Y.thinking: each thinking block must contain thinking Add this pattern to isThinkingBlockSignatureError so the existing FilterThinkingBlocksForRetry retry path triggers and rewrites/drops the offending blocks.	2026-05-20 18:46:50 +08:00
win	4e3ba04717	chore: merge upstream Wei-Shaw/sub2api v0.1.129 Upstream 改动 (2 commits): - ci: 限制 CLA workflow 只在 upstream 仓库运行 (Wei-Shaw/sub2api), 避免 fork 触发 CLA 检查 - chore: VERSION 0.1.128 -> 0.1.129 无代码变更,无冲突,直接 fast-forward 风格 merge。	2026-05-20 18:07:13 +08:00
win	92433656f5	chore: merge upstream Wei-Shaw/sub2api v0.1.128 — keep fork customizations Upstream 新功能 (34 commits, ~main..origin/main): - feat(email): 通知邮件模板服务、模板编辑器、订阅/余额提醒邮件 - feat(notification): NotificationEmailService 注入到 Balance/Payment/Setting - feat(payment): 支付成功通知邮件 - feat(usage): 用户 API Key 用量页支持按日明细 - feat(openai-gateway): Codex OAuth 浏览器 UA 自动改写规避 Cloudflare 质询 - feat(admin): 邮件模板管理接口 - fix(auth): 停用/删除分组后阻断 API Key - fix(group): 修正分组账号可用计数口径 - fix(openai): /v1/responses respect force chat completions, images n 参数透传 - test(repository): AES Encryptor 单元测试 - chore: VERSION 0.1.128 冲突解决 (backend/cmd/server/wire_gen.go): - 引入 upstream 新 wire providers: notificationEmailService, ProvidePaymentService(10 args), ProvideAdminSettingHandler(8 args) - 保留 fork 独有依赖: rpmTokenBucketService (RPM 平滑), NewOpsHandler 3 参数版本 (requestEventBus, opsLogBroadcaster) - ProvideBalanceNotifyService 接受 4 参数 (含 notificationEmailService) 修复 session-id helper 设计 (claude_code_session_id.go): - 发现: TestGatewayService_AnthropicOAuth_InjectsClaudeCodeSessionHeaderFromMetadata 在 OAuth + mimicClaudeCode=false 场景失败 - 重新审视设计原则: OAuth 凭证本身就是 Claude Code 客户端,可信任 metadata 派生 session_id;不应受 mimicClaudeCode 标志阻止 - 修复: metadata 派生只看 tokenType=="oauth";UUID 兜底仍需 oauth && mimic - 更新测试: OAuthNonMimicDerivesFromMetadata 取代原 IgnoresMetadata 所有 fork 独有功能保留: - Claude Code 2.1.145 mimicry bundle (上个 commit 引入) - RPM token bucket smoothing (commit 95814974) - Windsurf/Antigravity/Omniroute 定制 - claudemask/ 校验包 (upstream 已删除,我们仍在 gateway_service 中使用) 不在范围: - 不修复 baseline 既存的 2 个测试失败 (TestProxyImportData..., TestWindsurfTierAccessService_Snapshot_HappyPath) - 与 merge 无关	2026-05-20 17:50:44 +08:00
gaoren002	202aab8e63	fix(accounts): unschedule errored accounts	2026-05-20 09:24:51 +00:00
gaoren002	49b415e333	fix: mark reused refresh tokens non-retryable	2026-05-20 09:24:51 +00:00
gaoren002	60f6602b81	fix: clear scheduler cache when deleting accounts	2026-05-20 09:24:29 +00:00
gaoren002	888cd8092d	fix(openai): surface image moderation errors	2026-05-20 09:19:20 +00:00
win	0fefedf9cd	feat(claude-mimic): upgrade Claude Code mimicry to 2.1.145 via bundle abstraction 反编译本地 Claude Code 2.1.145 二进制 (Bun 1.3.14 打包, @anthropic-ai/sdk@0.94.0 嵌入) 提取真实指纹,系统性升级 mimicry。核心改动: - 新增 ClaudeCodeBundle struct 作为单一事实源,DefaultBundle 描述当前伪装目标的完整快照 (CLIVersion/SDKVersion/RuntimeVersion/OS/Arch) - DefaultCLIVersion/DefaultStainlessPackageVersion/CLICurrentVersion/ DefaultHeaders 全部派生自 DefaultBundle,消除三处 (2.1.92, 2.1.104, 0.70.0, 0.81.0) 版本分裂 - CLI 版本 2.1.92/2.1.104 -> 2.1.145 - SDK 版本 0.70.0/0.81.0 -> 0.94.0 - 新增 12 个 2.1.145 反编译确认的 anthropic-beta token: advanced-tool-use, tool-search-tool, mcp-servers, mcp-client, mid-conversation-system, afk-mode, cache-diagnosis, context-hint, environments, managed-agents, skills, compact - FullClaudeCodeMimicryBetas() 从 7 个 token 升级到 21 个 ordered list - 修正 BetaTokenEfficientTools 错日期 (2026-03-28 -> 2025-02-19) - 从默认 beta header 移除已 GA 的 BetaFineGrainedToolStreaming / BetaTokenEfficientTools (常量保留供客户端显式 merge) - claudemask.RequiredNodeHeaders 加 X-Claude-Code-Session-Id 强制新增 ensureClaudeCodeSessionID helper (claude_code_session_id.go): - 真实 CLI 在 SDK 内强制 X-Claude-Code-Session-Id:y_(),缺失被判第三方 - OAuth mimic 路径: metadata.user_id 派生 -> canonical UUID 写入 -> 兜底 uuid.NewString() - API key passthrough 路径: 不从 body 派生,保护客户端原始语义 - 所有路径均对客户端传入的非法 UUID 执行删除 (避免恶意值上游透传) - 所有写入 header 的 session-id 都通过 uuid.Parse 校验测试: - 新增 14 个 ensureClaudeCodeSessionID 单元测试,含恶意 UUID 注入拒绝 + API key 路径隔离 + canonical 形式校验 - 新增 3 个 bundle 派生一致性测试 - mask_test 加 session-id 缺失校验 case - 老 UA 断言 2.1.104 -> 2.1.145 不在范围: - TLS 指纹 (utls 已处理) - Bun.hash vs xxHash64 算法验证 (需 golden vectors,独立项目) References: - VERSION:2.1.145 BUILD_TIME:2026-05-19T01:36:35Z GIT_SHA:daa4c3755d45ab0cf97bb41db8c03bd2dfd2ff5f	2026-05-20 17:18:47 +08:00
github-actions[bot]	771e0ca973	chore: sync VERSION to 0.1.129 [skip ci]	2026-05-20 09:11:41 +00:00
Wesley Liddick	51f72186a5	Merge pull request #2613 from wucm667/feat/api-key-usage-daily-detail feat(usage): 用户 API Key 用量页支持按日明细	2026-05-20 16:55:42 +08:00

1 2 3 4 5 ...

2715 Commits