2405 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
win	ab1d263cf4	feat: 遥测优化 — 丰富事件 + 双批次 + model 解析 + beta 常量	2026-03-22 13:16:40 +08:00
win	eb6bee0137	feat: 遥测模拟 — 模拟 Claude CLI 的 event_logging + DataDog 日志 ... 基于真实 Claude CLI 2.1.81 抓包数据实现： - POST api.anthropic.com/api/event_logging/batch（请求前后自动发送） - POST http-intake.logs.us5.datadoghq.com/api/v2/logs - 事件类型：tengu_started, tengu_init, tengu_api_request_started/completed - 每个账号独立 session_id + device_id - process_metrics base64 编码（匹配真实格式） - 可通过 TELEMETRY_ENABLED=false 关闭	2026-03-22 13:06:24 +08:00
win	3f93d5d7bf	revert: 移除 Sora sidecar，还原 sora_sdk_client.go 到原版	2026-03-22 12:16:44 +08:00
win	a16db8e367	fix: 双模型审查 Critical 修复 ... 1. Sora session_key 按 accountID 隔离（消除跨账号指纹关联） 2. 有 per-account 代理的 Sora 账号跳过 sidecar（保持代理 IP） 3. 请求体用 base64 编码传输（防止二进制数据损坏） 4. Node.js 代理 Body 用 GetBody 安全复制（修复重试时 Body 枯竭）	2026-03-22 12:04:31 +08:00
win	2b0192e704	fix: 架构审查修复 3 个 bug ... 1. instanceSalt 空值兼容：salt 为空时保持原始 hash 格式不变 避免升级后所有 user_id hash 突变触发 Anthropic 检测 2. doViaNodeTLSProxy 克隆请求：不修改原始 req 对象 修复重试时 URL 已被改写导致请求失败 3. Sora doSoraBackendJSON 漏改：补上 sidecar 路由	2026-03-22 11:39:20 +08:00
win	e909214ee5	fix: 有 per-account 代理的账号不走 Node.js 代理，防止 IP 变化触发风控	2026-03-22 11:33:36 +08:00
win	fba8cc82ae	feat: Sora 请求优先走 curl_cffi sidecar（Chrome 指纹绕过 Cloudflare）	2026-03-22 03:38:24 +08:00
win	0bfd6edde6	feat: Sora curl_cffi sidecar — Chrome TLS 指纹绕过 Cloudflare ... - 新增 sora-curl-cffi-sidecar 容器（Python + curl_cffi + chrome131） - docker-compose.tls-proxy.yml 集成 sidecar，sub2api 自动连接 - 会话池复用，避免重复 TLS 握手 - 镜像 zfc931912343/sora-curl-cffi-sidecar:latest (amd64+arm64)	2026-03-22 03:31:49 +08:00
win	7185630ba1	fix: Node.js TLS 代理仅拦截 api.anthropic.com，修复 Sora 404	2026-03-22 03:19:08 +08:00
win	73bbbb415c	feat: 实例级隔离 — salt + 指纹版本可配置 ... - 新增 gateway.instance_salt: 不同 sub2api 实例对相同输入产生不同 hash 影响 user_id 重写和 session hash，防止跨实例指纹关联 - 新增 gateway.fingerprint_defaults: CLI 版本号/SDK 版本/OS/Arch 可配置 每个实例可设不同值，与其他 sub2api 部署区分 - constants.go + identity_service.go 支持启动时覆盖默认指纹 - wire_gen.go 启动时读取配置并应用覆盖	2026-03-22 03:01:55 +08:00
win	43506e4f78	fix: 更新 Claude CLI 指纹版本 2.1.22→2.1.81, SDK 0.70.0→0.80.0	2026-03-22 02:42:57 +08:00
win	3673936cb3	fix: Node.js TLS 代理仅拦截 Anthropic 请求（DoWithTLS 路径） ... - Do() 去掉 Node.js 代理拦截，Antigravity/Google 请求走原路径 - 只有 DoWithTLS 且 enableTLSFingerprint=true 时走 Node.js 代理 - 按平台分治：Anthropic → Node.js 原生 TLS，Google → 原有 uTLS/直连	2026-03-22 02:25:40 +08:00
win	5d476fbc09	fix: 重写 proxy.js — 预收集 body + H1/H2 自适应，本地测试 4/4 通过	2026-03-22 02:19:38 +08:00
win	88432f9438	feat: 智能 H1/H2 自适应 — 首次 H1 秒挂自动切 H2 并缓存 ... - 首次请求走 HTTP/1.1，如果 socket hang up < 2s 自动切 HTTP/2 - H2 主机缓存在内存中，后续请求直接走 H2（如 googleapis.com） - H2 session 池复用 + 空闲超时自动清理 - 详细日志：proxy_request → proxy_response/error，含协议标识 - 解决 googleapis.com 强制 H2 导致请求失败的问题	2026-03-22 02:06:10 +08:00
win	4ea945bb56	fix: 去掉 H2/ALPN 复杂度，回到纯 https.request + 动态主机 + 响应日志	2026-03-22 02:03:19 +08:00
win	47066d4111	feat: Node.js TLS 代理支持 HTTP/2 + 动态主机路由 ... - proxy.js: 自动探测上游 ALPN (h2/http1.1)，按需选择协议 - proxy.js: X-Forwarded-Host 动态路由，支持任意上游主机 - proxy.js: HTTP/2 session 缓存 + 空闲超时自动清理 - Go: 所有 HTTPS 上游请求统一走 Node.js 代理，无域名白名单 - 解决 googleapis.com 要求 HTTP/2 导致 socket hang up	2026-03-22 01:49:30 +08:00
win	764623c7a0	fix: Node.js TLS 代理对所有 HTTPS 上游生效，去掉域名白名单 ... - 移除 proxy_hosts 白名单限制和 shouldRouteViaNodeProxy - 所有 HTTPS 上游请求统一走 Node.js 代理 - 通过 X-Forwarded-Host 动态识别目标主机 - Anthropic / Gemini / 任意上游自动适配 - 移除诊断日志（已定位问题）	2026-03-22 01:42:44 +08:00
win	c179c348c6	diag: 在 DoWithTLS 路径也添加诊断日志	2026-03-22 01:39:55 +08:00
win	fbcaab03da	fix: Node.js TLS 代理按 proxy_hosts 白名单过滤 + 诊断日志 ... - 新增 proxy_hosts 配置：可配置需要走 Node.js 代理的主机列表 - 默认仅代理 api.anthropic.com，Gemini/Sora 走原路径 - 添加 warn 级别诊断日志，输出请求的 scheme/host/hostname/should_route - 用于定位 Anthropic 请求未命中 Node.js 代理的原因	2026-03-22 01:36:12 +08:00
win	c6a282c2e7	fix: Node.js TLS 代理按主机白名单过滤，Gemini 走原路径 ... - 新增 proxy_hosts 配置：白名单内的主机走 Node.js 代理 - 默认仅代理 api.anthropic.com - Gemini/Sora 等非 Anthropic 请求自动走原有 uTLS 路径 - 解决 Gemini 请求经 Node.js 代理后 socket hang up 的问题	2026-03-22 01:15:56 +08:00
win	5c587c1095	fix: Node.js TLS 代理动态识别上游主机 ... - Go: 通过 X-Forwarded-Host 传递原始目标主机给 Node.js 代理 - Node.js: 读取 X-Forwarded-Host 动态连接到正确的上游主机 - 所有 HTTPS 上游请求统一走代理，不再固定绑定 api.anthropic.com - Gemini/Sora 等不同上游自动识别，无需手动配置	2026-03-22 01:09:39 +08:00
win	2fff535bcd	fix: Node.js TLS 代理对所有 HTTPS 上游请求生效 ... Do() 方法新增 Node.js 代理检查，不再依赖账号级 TLS 指纹开关。 当 node_tls_proxy.enabled=true 时，所有 HTTPS 上游请求统一走 Node.js 代理，确保 JA3/JA4 指纹一致。	2026-03-22 01:01:38 +08:00
win	a72ba424cc	feat: Node.js TLS 指纹代理 + 网络隔离防泄露 ... - 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/) 原生 Node.js TLS 栈发起上游 HTTPS，JA3/JA4 天然匹配 Claude CLI SSE 流式透传，支持上游 HTTP CONNECT 代理 零依赖，Node.js 24.13.0 锁定版本 - Go 集成 (config.go + http_upstream.go) 新增 NodeTLSProxyConfig 配置 DoWithTLS 优先走 Node.js 代理模式，URL 重写 https→http://localhost:3456 - Docker 网络隔离 (docker-compose.tls-proxy.yml) sub2api 容器仅 internal 网络，物理隔离外网 node-tls-proxy 唯一出站通道，IPv6 内核级禁用 - iptables 防泄露脚本 (tools/firewall/) QUIC/UDP 443 全局 DROP，仅 nodeproxy 用户可出站 TCP 443 - 镜像切换为 zfc931912343/ 仓库	2026-03-22 00:18:43 +08:00
Wesley Liddick	bda7c39e55	Merge pull request #1196 from Eilen6316/fix/settings-form-url-validation ... fix: prevent silent save failure in admin settings form	2026-03-21 20:55:23 +08:00
Wesley Liddick	3583283ebb	Merge pull request #1197 from mutuyihao/fix/apicompat-array-content ... fix(apicompat): support array content for system and tool messages	2026-03-21 20:53:27 +08:00
mutuyihao	4feacf2213	fix(apicompat): support array content for system and tool messages	2026-03-21 15:34:28 +08:00
Eilen6316	73eb731881	fix: prevent silent save failure in admin settings form ... The settings form contains multiple <input type="url"> fields that lack a name attribute. When a field value fails browser URL validation, the browser silently blocks form submission without showing an error — no network request is made, and the user sees no feedback. Root cause: HTML5 form validation requires a focusable element with a name attribute to surface errors. Without it, validation fails silently. Fix: - Add novalidate to the <form> to disable browser-native URL validation - Add an isValidHttpUrl() helper in saveSettings() to replicate the same checks the backend performs - Optional URL fields (frontend_url, doc_url): auto-clear invalid values instead of blocking the save, matching backend behaviour (these fields accept empty string without error) - purchase_subscription_url: block save with a clear error message when enabled + invalid; auto-clear when disabled to prevent the backend 400 "Purchase Subscription URL must be an absolute http(s) URL" error Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-21 15:03:18 +08:00
Wesley Liddick	186e36752d	Merge pull request #1194 from Ethan0x0000/feat/requested-upstream-model-semantics ... feat(usage): 统一使用记录中的请求模型与上游模型语义	2026-03-21 14:02:10 +08:00
Wesley Liddick	421728a985	Merge pull request #1193 from xilu0/worktree-fix-thinking-block-log-level ... fix: correct log levels for thinking block signature retry flow	2026-03-21 13:57:30 +08:00
Wesley Liddick	39a5701184	Merge pull request #1182 from DaydreamCoding/fix/ops-alert-wg-race-and-context-leak ... fix(ops_alert): wg.Add 竞态修复 + leader lock release context 泄漏	2026-03-21 13:52:14 +08:00
Ethan0x0000	27948c777e	fix(dto): fallback to legacy model in usage mapping ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 11:10:40 +08:00
Dave King	c64ed46d05	fix: correct log levels for thinking block signature retry flow ... LegacyPrintf uses inferStdLogLevel() to infer log level from message text. Any message containing the word "error" is classified as ERROR level, causing the entire signature-retry recovery flow (which succeeds) to produce spurious ERROR log entries. Changes: - Remove noisy [SignatureCheck] debug logs inside isThinkingBlockSignatureError that were logging every detected signature check as ERROR - Change retry-start log to WARN level via [warn] prefix - Change retry-success log to INFO level by removing "error" from message Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-21 00:38:07 +00:00
Ethan0x0000	c64465ff7e	test(frontend): align admin usage typing with upstream model ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:26:03 +08:00
Ethan0x0000	095200bd16	refactor(dto): split admin usage upstream model exposure ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:25:34 +08:00
Ethan0x0000	2c667a159c	fix(provider): retain upstream model for gemini compat and ws ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:24:59 +08:00
Ethan0x0000	bac408044f	fix(provider): preserve requested model in antigravity and sora ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:24:30 +08:00
Ethan0x0000	4edcfe1f7c	fix(usage): preserve requested model in gateway billing paths ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:23:54 +08:00
Ethan0x0000	9259dcb6f5	test(repo): cover requested model repository semantics ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:23:20 +08:00
Ethan0x0000	7ef933c7cf	feat(repo): persist requested model in usage log queries ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:22:49 +08:00
Ethan0x0000	7d312822c1	feat(usage): add requested model usage metadata helpers ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:22:16 +08:00
Ethan0x0000	1b3e5c6ea6	chore(go): sync backend go.sum ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:21:48 +08:00
Ethan0x0000	efe8401e92	chore(ent): regenerate usage log requested model artifacts ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:21:21 +08:00
Ethan0x0000	0b845c2532	feat(ent): add requested model to usage log schema ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:20:56 +08:00
Ethan0x0000	fe60412a17	feat(db): add requested model usage log migrations ... Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-03-21 01:20:23 +08:00
QTom	5c39e6f2fb	fix(ops_alert): wg.Add 竞态修复 + leader lock release context 泄漏 ... 1. Start() 中 wg.Add(1) 从 run() goroutine 内部移到 go s.run() 之前， 防止 Stop().wg.Wait() 在 Add 之前返回导致孤儿 goroutine。 2. tryAcquireLeaderLock 返回的 release 闭包改用独立的 context.Background()+5s 超时，避免捕获的 evaluateOnce ctx 在 defer 执行时已过期导致锁释放失败（最长阻塞 90s TTL）。	2026-03-20 18:22:00 +08:00
Wesley Liddick	a225a241d7	Merge pull request #1162 from remxcode/main ... feat(openai): 增加 gpt-5.4-mini/nano 模型支持与定价配置	2026-03-20 13:57:47 +08:00
Wesley Liddick	553a486d17	Merge pull request #1171 from wucm667/fix/quota-display-stale-after-reset ... fix: quota display shows stale cumulative usage after daily/weekly reset	2026-03-20 13:54:18 +08:00
Wesley Liddick	c73374a221	Merge pull request #1176 from learnerLj/fix-bugs ... fix: 修复 OpenAI 转发路径未应用分组默认模型映射	2026-03-20 13:53:20 +08:00
Wesley Liddick	94e26dee4f	Merge pull request #1172 from alfadb/fix/openai-messages-effort-max-to-xhigh ... fix(apicompat): 修正 Anthropic→OpenAI 推理级别映射	2026-03-20 13:48:41 +08:00
Jiahao Luo	4617ef2bb8	Fix OpenAI default model forwarding	2026-03-20 13:36:54 +08:00