1748 Commits

Author	SHA1	Message	Date
win	ffe6a5e331	feat: Antigravity 100% 指纹还原 + BoringCrypto TLS ... Antigravity: - Client ID 保留双 ID 支持（二进制确认两个都存在） - Daily URL 去掉 .sandbox 后缀（日志确认） - Redirect URI /callback → /oauth-callback（extension.js 确认） - User-Agent 动态 OS/arch: antigravity/{ver} {os}/{arch} - 新增 x-goog-api-client: gl-go/{goVer} gax-go/v2 grpc-go/1.81.0-dev - googleapis 不再走 Node.js proxy → Go 原生 TLS（匹配真实 BoringCrypto） - 新增 Go 后端心跳服务（每5分钟 loadCodeAssist + fetchAvailableModels） - Dockerfile 切换 BoringCrypto 编译（CGO_ENABLED=1 GOEXPERIMENT=boringcrypto） GeminiCLI: - User-Agent 动态化: GeminiCLI/0.1.5 ({OS}; {ARCH}) - AI Studio 请求补上 User-Agent Claude: - CLI 版本 2.1.84, 包版本 0.74.0, 运行时 v24.3.0 - Token 交换 axios/1.13.6, timeout 15s - proxy.js 仅服务 api.anthropic.com（Claude 专属） 架构变更: - Node.js proxy 仅用于 Claude (api.anthropic.com) - Antigravity (googleapis) 走 Go 原生 HTTP + GOST proxy - TLS 指纹: Go BoringCrypto ≈ 真实 Antigravity BoringCrypto	2026-03-27 02:24:03 +08:00
win	8c6e578a84	feat: IP管理代理与 node-tls-proxy 指纹伪装共存 ... - Do()/DoWithTLS() 移除 proxyURL=="" 条件，绑了代理也走 node-tls-proxy - doViaNodeTLSProxy 通过 X-Upstream-Proxy header 传递账号代理给 node-tls-proxy - node-tls-proxy 支持 per-request 动态上游代理，优先 X-Upstream-Proxy，回退全局 UPSTREAM_PROXY - 效果：IP管理 = 落地机网络，账号绑代理后指纹伪装仍然生效	2026-03-26 14:00:17 +08:00
win	e1de3a7b21	fix: antigravity client 无显式代理时自动读取 HTTPS_PROXY 环境变量 ... 解决 OAuth token 交换在国内服务器超时的问题： 当账号未绑定代理时，NewClient 现在显式使用 http.ProxyFromEnvironment， 使得 HTTPS_PROXY 环境变量对 oauth2.googleapis.com 等外部请求生效。 API 调用仍然走 node-tls-proxy（指纹伪装不受影响）。	2026-03-26 12:31:01 +08:00
win	f5abc62fd3	fix: 三节点部署脚本修复 + sub2api 容器代理透传 ... - GOST 下载 URL 修复：补全版本号 (gost_3.2.6_linux_amd64.tar.gz) - CN 中转机服务名改为 gost-sub2api-relay，避免与现有 gost-relay 冲突 - CN 中转机监听协议改为 http（兼容 node-tls-proxy 的 HTTP CONNECT） - 美国落地机服务名改为 gost-sub2api-exit - sub2api 容器透传 HTTPS_PROXY/HTTP_PROXY 环境变量（解决 OAuth 超时） - ops_cleanup 日志字段名避免触发 ERROR 误判 - 添加密码重置脚本和 SOCKS5 服务文件	2026-03-26 12:09:05 +08:00
win	e5d78f8e56	refactor: 将自定义代码集中到 antigravity/ 目录和 *_antigravity.go 文件 ... - antigravity/node-tls-proxy/ ← 原 tools/node-tls-proxy - antigravity/firewall/ ← 原 tools/firewall - antigravity/maintenance/ ← 原 tools/maintenance - repository/http_upstream_antigravity.go ← Node.js 代理 3 个方法（原在 http_upstream.go） - service/identity_service_antigravity.go ← ApplyDefaultFingerprintOverrides + NewIdentityServiceWithSalt - service/account_antigravity.go ← Gemini TLS 指纹扩展函数 对上游文件 http_upstream.go 的钩子调用精简为 2 处 if 块（共 14 行） 对上游文件 account.go Gemini 分支精简为 1 行函数调用 便于 upstream rebase 时快速识别和保留自定义改动	2026-03-25 11:37:27 +08:00
win	44539d5b32	feat: Antigravity (googleapis.com) 也走 Node.js TLS 代理，消除 Go 指纹	2026-03-25 11:37:27 +08:00
win	1ccf6613e2	feat: 遥测优化 — 丰富事件 + 双批次 + model 解析 + beta 常量	2026-03-25 11:37:27 +08:00
win	068b0cbc39	revert: 移除 Sora sidecar，还原 sora_sdk_client.go 到原版	2026-03-25 11:37:27 +08:00
win	3c8ffd3efc	fix: 双模型审查 Critical 修复 ... 1. Sora session_key 按 accountID 隔离（消除跨账号指纹关联） 2. 有 per-account 代理的 Sora 账号跳过 sidecar（保持代理 IP） 3. 请求体用 base64 编码传输（防止二进制数据损坏） 4. Node.js 代理 Body 用 GetBody 安全复制（修复重试时 Body 枯竭）	2026-03-25 11:37:27 +08:00
win	4a92f1903f	fix: 架构审查修复 3 个 bug ... 1. instanceSalt 空值兼容：salt 为空时保持原始 hash 格式不变 避免升级后所有 user_id hash 突变触发 Anthropic 检测 2. doViaNodeTLSProxy 克隆请求：不修改原始 req 对象 修复重试时 URL 已被改写导致请求失败 3. Sora doSoraBackendJSON 漏改：补上 sidecar 路由	2026-03-25 11:37:27 +08:00
win	99c77c4641	fix: 有 per-account 代理的账号不走 Node.js 代理，防止 IP 变化触发风控	2026-03-25 11:37:27 +08:00
win	4037eebd37	feat: Sora 请求优先走 curl_cffi sidecar（Chrome 指纹绕过 Cloudflare）	2026-03-25 11:37:27 +08:00
win	4bca447e33	fix: Node.js TLS 代理仅拦截 api.anthropic.com，修复 Sora 404	2026-03-25 11:37:27 +08:00
win	f5fdd41aea	feat: 实例级隔离 — salt + 指纹版本可配置 ... - 新增 gateway.instance_salt: 不同 sub2api 实例对相同输入产生不同 hash 影响 user_id 重写和 session hash，防止跨实例指纹关联 - 新增 gateway.fingerprint_defaults: CLI 版本号/SDK 版本/OS/Arch 可配置 每个实例可设不同值，与其他 sub2api 部署区分 - constants.go + identity_service.go 支持启动时覆盖默认指纹 - wire_gen.go 启动时读取配置并应用覆盖	2026-03-25 11:37:27 +08:00
win	f68dc13a1a	fix: 更新 Claude CLI 指纹版本 2.1.22→2.1.81, SDK 0.70.0→0.80.0	2026-03-25 11:37:27 +08:00
win	d38b672d54	fix: Node.js TLS 代理仅拦截 Anthropic 请求（DoWithTLS 路径） ... - Do() 去掉 Node.js 代理拦截，Antigravity/Google 请求走原路径 - 只有 DoWithTLS 且 enableTLSFingerprint=true 时走 Node.js 代理 - 按平台分治：Anthropic → Node.js 原生 TLS，Google → 原有 uTLS/直连	2026-03-25 11:37:27 +08:00
win	0086cfdfe8	fix: Node.js TLS 代理对所有 HTTPS 上游生效，去掉域名白名单 ... - 移除 proxy_hosts 白名单限制和 shouldRouteViaNodeProxy - 所有 HTTPS 上游请求统一走 Node.js 代理 - 通过 X-Forwarded-Host 动态识别目标主机 - Anthropic / Gemini / 任意上游自动适配 - 移除诊断日志（已定位问题）	2026-03-25 11:37:27 +08:00
win	cb035e4637	diag: 在 DoWithTLS 路径也添加诊断日志	2026-03-25 11:37:27 +08:00
win	47fba12a75	fix: Node.js TLS 代理按 proxy_hosts 白名单过滤 + 诊断日志 ... - 新增 proxy_hosts 配置：可配置需要走 Node.js 代理的主机列表 - 默认仅代理 api.anthropic.com，Gemini/Sora 走原路径 - 添加 warn 级别诊断日志，输出请求的 scheme/host/hostname/should_route - 用于定位 Anthropic 请求未命中 Node.js 代理的原因	2026-03-25 11:37:27 +08:00
win	45c90b22eb	fix: Node.js TLS 代理按主机白名单过滤，Gemini 走原路径 ... - 新增 proxy_hosts 配置：白名单内的主机走 Node.js 代理 - 默认仅代理 api.anthropic.com - Gemini/Sora 等非 Anthropic 请求自动走原有 uTLS 路径 - 解决 Gemini 请求经 Node.js 代理后 socket hang up 的问题	2026-03-25 11:37:27 +08:00
win	5de1618e08	fix: Node.js TLS 代理动态识别上游主机 ... - Go: 通过 X-Forwarded-Host 传递原始目标主机给 Node.js 代理 - Node.js: 读取 X-Forwarded-Host 动态连接到正确的上游主机 - 所有 HTTPS 上游请求统一走代理，不再固定绑定 api.anthropic.com - Gemini/Sora 等不同上游自动识别，无需手动配置	2026-03-25 11:37:27 +08:00
win	71a068c193	fix: Node.js TLS 代理对所有 HTTPS 上游请求生效 ... Do() 方法新增 Node.js 代理检查，不再依赖账号级 TLS 指纹开关。 当 node_tls_proxy.enabled=true 时，所有 HTTPS 上游请求统一走 Node.js 代理，确保 JA3/JA4 指纹一致。	2026-03-25 11:37:26 +08:00
win	8cac4269aa	feat: Node.js TLS 指纹代理 + 网络隔离防泄露 ... - 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/) 原生 Node.js TLS 栈发起上游 HTTPS，JA3/JA4 天然匹配 Claude CLI SSE 流式透传，支持上游 HTTP CONNECT 代理 零依赖，Node.js 24.13.0 锁定版本 - Go 集成 (config.go + http_upstream.go) 新增 NodeTLSProxyConfig 配置 DoWithTLS 优先走 Node.js 代理模式，URL 重写 https→http://localhost:3456 - Docker 网络隔离 (docker-compose.tls-proxy.yml) sub2api 容器仅 internal 网络，物理隔离外网 node-tls-proxy 唯一出站通道，IPv6 内核级禁用 - iptables 防泄露脚本 (tools/firewall/) QUIC/UDP 443 全局 DROP，仅 nodeproxy 用户可出站 TCP 443 - 镜像切换为 zfc931912343/ 仓库	2026-03-25 11:37:26 +08:00
Wesley Liddick	4b1ffc23f5	Merge pull request #1240 from Zqysl/qingyu/fix-openai-passthrough-429-rate-limits ... fix(openai): persist passthrough 429 rate limits	2026-03-24 19:02:40 +08:00
Wesley Liddick	c7137dffa8	Merge pull request #1218 from LvyuanW/openai-runtime-recheck ... fix(openai): prevent rescheduling rate-limited accounts	2026-03-24 15:21:18 +08:00
Wesley Liddick	8e834fd9f5	Merge pull request #1204 from Eilen6316/fix/smtp-config-stability-and-refresh-test ... fix(settings): prevent SMTP config overwrite and stabilize SMTP test after refresh	2026-03-24 15:19:24 +08:00
Wesley Liddick	02046744eb	Merge pull request #1212 from alfadb/fix/filter-empty-text-blocks-nested ... fix(gateway): 修复 tool_result 嵌套内容中空 text block 导致上游 400 错误	2026-03-24 15:19:01 +08:00
Wesley Liddick	68d7ec9155	Merge pull request #1220 from weak-fox/feat/account-privacy-mode-filter ... feat: 管理员账号列表支持按 Privacy 状态筛选	2026-03-24 15:18:30 +08:00
Wesley Liddick	5f41b74707	Merge pull request #1242 from Ethan0x0000/feat/anthropic-openai-endpoint-compat ... 支持 Anthropic Responses / Chat Completions 兼容端点并完善会话一致性与错误可观测性	2026-03-24 15:16:26 +08:00
QTom	91b1d812ce	feat(openai): Mobile RT 补全 plan_type、精确匹配账号、刷新时自动设置隐私 ... 1. accounts/check 补全 plan_type：当 id_token 缺少 plan_type（如 Mobile RT）， 自动调用 accounts/check 端点获取订阅类型 2. orgID 精确匹配账号：从 JWT 提取 poid 匹配正确账号，避免 Go map 遍历顺序随机导致 plan_type 不稳定 3. RT 刷新时设置隐私：调用 disableOpenAITraining 关闭训练数据共享， 结果存入 extra.privacy_mode，后续跳过重复设置 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 14:50:03 +08:00
shaw	995bee143a	feat: 支持自定义端点配置与展示	2026-03-24 10:22:08 +08:00
Ethan0x0000	f10e56be7e	refactor(test): improve type assertions in ops endpoint context tests	2026-03-24 09:52:56 +08:00
Ethan0x0000	2f8e10db46	fix(service): preserve anthropic usage fields across compat endpoints ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-24 09:32:34 +08:00
Ethan0x0000	5418e15e63	fix(service): normalize user agent for gemini session reuse ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-24 09:32:01 +08:00
Ethan0x0000	bcf84cc153	fix(service): normalize user agent for sticky session hashes ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-24 09:31:32 +08:00
qingyuzhang	ce8520c9e6	fix(openai): persist passthrough 429 rate limits	2026-03-24 01:48:25 +08:00
Ethan0x0000	d927c0e45f	feat(routes): add platform-based routing split for /v1/responses and /v1/chat/completions ... Mirror the existing /v1/messages platform split pattern: - OpenAI groups → OpenAIGateway handlers (existing, unchanged) - Non-OpenAI groups → Gateway handlers (new Anthropic-upstream path) Updated both /v1 prefixed routes and non-prefixed alias routes (/responses, /chat/completions). WebSocket route (/v1/responses GET) remains OpenAI-only as Anthropic has no WebSocket equivalent.	2026-03-23 16:24:47 +08:00
Ethan0x0000	31660c4c5f	feat(handler): add Responses/ChatCompletions handlers on GatewayHandler ... New HTTP handlers for Anthropic platform groups accepting OpenAI-format endpoints: - GatewayHandler.Responses: /v1/responses for non-OpenAI groups - GatewayHandler.ChatCompletions: /v1/chat/completions for non-OpenAI groups Both handlers include: - Claude Code only restriction (403 reject when claude_code_only enabled, since these endpoints are never Claude Code clients) - Full auth → billing → user/account concurrency → failover loop - Ops error/endpoint context propagation - Async usage recording via worker pool Error responses use each endpoint's native format (Responses API format for /v1/responses, CC format for /v1/chat/completions).	2026-03-23 16:24:35 +08:00
Ethan0x0000	4321adab71	feat(service): add ForwardAsResponses/ForwardAsChatCompletions on GatewayService ... New forwarding methods on GatewayService for Anthropic platform groups: - ForwardAsResponses: accept Responses body → convert to Anthropic → forward to upstream → convert response back to Responses format. Supports both streaming (SSE event-by-event conversion) and buffered (accumulate then convert) response modes. - ForwardAsChatCompletions: chain CC→Responses→Anthropic for request, Anthropic→Responses→CC for response. Streaming uses dual state machine chain with [DONE] marker. Both methods reuse existing GatewayService infrastructure: buildUpstreamRequest, Claude Code mimicry, cache control enforcement, model mapping, and return UpstreamFailoverError for handler-level retry.	2026-03-23 16:24:22 +08:00
Ethan0x0000	68f151f5c0	feat(apicompat): add Responses↔Anthropic bidirectional format conversion ... Add reverse-direction converters for Anthropic platform groups to accept OpenAI-format requests: - ResponsesToAnthropicRequest: Responses API input → Anthropic Messages request with system extraction, tool/toolChoice mapping, reasoning effort conversion, image data URI↔base64, and consecutive role merging - AnthropicToResponsesResponse: Anthropic response → Responses response with content block→output item mapping, usage, stop_reason→status - AnthropicEventToResponsesEvents: stateful SSE stream converter (Anthropic streaming protocol → Responses streaming protocol) - FinalizeAnthropicResponsesStream: synthetic termination for incomplete streams	2026-03-23 16:24:09 +08:00
weak-fox	4838ab74b3	feat(admin): add account privacy mode filter	2026-03-23 10:16:52 +08:00
Wang Lvyuan	fef9259aaa	fix(openai): recheck runtime state from db before final account selection	2026-03-23 03:50:03 +08:00
Wang Lvyuan	ad7c10727a	fix(account): preserve runtime state during credentials-only updates	2026-03-23 03:49:28 +08:00
alfadb	70a9d0d3a2	fix(gateway): strip empty text blocks from nested tool_result content ... Empty text blocks inside tool_result.content were not being filtered, causing upstream 400 errors: 'text content blocks must be non-empty'. Changes: - Add stripEmptyTextBlocksFromSlice helper for recursive content filtering - FilterThinkingBlocksForRetry now recurses into tool_result nested content - Add StripEmptyTextBlocks pre-filter on initial request path to avoid unnecessary 400+retry round-trips - Add unit tests for nested empty text block scenarios	2026-03-22 17:26:44 +08:00
Ethan0x0000	7cd3824863	test(ops): add tests for setOpsEndpointContext and safeUpstreamURL	2026-03-21 23:49:50 +08:00
Ethan0x0000	db9021f9c1	feat(ops): propagate endpoint/request-type context in handlers; add UpstreamURL to upstream error events	2026-03-21 23:47:39 +08:00
Ethan0x0000	a2418c6040	feat(ops): adapt repository INSERT/SELECT + add setOpsEndpointContext in error logger middleware	2026-03-21 23:38:00 +08:00
Eilen6316	1fb29d59b7	fix(settings): prevent SMTP config overwrite and stabilize test after refresh	2026-03-21 23:36:30 +08:00
Ethan0x0000	8c4a217f03	feat(ops): add endpoint/model/request_type fields to error log structs + safeUpstreamURL	2026-03-21 23:30:13 +08:00
mutuyihao	4feacf2213	fix(apicompat): support array content for system and tool messages	2026-03-21 15:34:28 +08:00