GitLab

使用 go-sora2api v1.1.0 SDK 替代原有 ~2000 行自建 HTTP/PoW/TLS 指纹代码，
SDK 提供高并发性能优化（实例级 rand、PoW 缓冲区复用、context.Context 支持）。

- 新增 SoraSDKClient 适配器实现 SoraClient 接口
- 精简 sora_client.go 为仅保留接口和类型定义
- 更新 Wire 绑定使用 SoraSDKClient
- 删除 SoraDirectClient、sora_curl_cffi_sidecar、sora_request_guard 等旧代码
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

- Add claude-sonnet-4-6 to default Antigravity model mapping
- Add antigravity_extra_retries default value in config
- Add cache-dependency-path to CI setup-go for faster builds
- Simplify vitest config to avoid vite plugin compatibility issues

Remove the special case that bypassed model-supported checks for Gemini
API Key accounts, allowing model_mapping to filter requests properly.
Add tests for multiplatform model filtering behavior.

- Use mapped model (billingModel) instead of original request model for billing
- Use resolveFinalAntigravityModelKey for 429 rate limit model key,
  ensuring rate limit records match the actual upstream model
- Add regression tests for both fixes

Add a dedicated CheckMixedChannel endpoint that allows the frontend
to pre-validate mixed channel risk before submitting create/update
requests. This improves UX by showing warnings earlier in the flow
instead of only after form submission.

Backend changes:
- Add CheckMixedChannelRequest struct and CheckMixedChannel handler
- Register POST /check-mixed-channel route
- Expose CheckMixedChannelRisk as public method on AdminService
- Simplify Create/Update 409 responses (remove details/require_confirmation)
- Add comprehensive handler tests and stub methods

Frontend changes:
- Add checkMixedChannelRisk API function and TypeScript types
- Refactor CreateAccountModal to precheck before step transition and submission
- Refactor EditAccountModal to precheck before update submission
- Replace pendingPayload pattern with action-based dialog flow

Extract applyInterceptWarmup utility to unify all credential building
call sites:
- Fix upstream account creation missing intercept_warmup_requests write
- Fix apikey edit mode missing else-branch to clear the setting
- Add backend unit test for IsInterceptWarmupEnabled
- Add frontend unit test for credentialsBuilder

Before this change, when a client disconnected mid-request, the error
message was "Upstream request failed after retries", which is misleading
and pollutes error logs. Now we check context.Err() to return a more
accurate "Client disconnected" message for both Claude and Gemini
forward paths.

- oauth.go: GetUserAgent() 缺少闭合大括号导致语法错误
- client_test.go/oauth_test.go: UserAgent 变量已重构为 GetUserAgent()，更新测试引用
- model_rate_limit_test.go: gemini-3-pro-preview 映射目标已更新为 gemini-3.1-pro-high，同步测试

- 将媒体写入和删除切换为 os.Root 沙箱 API
- 移除旧的路径拼接校验辅助函数并收敛删除逻辑
- 调整并新增相关单元测试覆盖删除行为
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

- 新增安全路径拼接校验，确保目标文件仍在下载目录内
- 清理失败下载文件时复用安全校验，避免不安全删除路径
- 增加扩展名白名单归一化与相关单元测试
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

- 后端新增绝对重置时间字段计算（codex_5h_reset_at/codex_7d_reset_at）

- 前端统一窗口解析逻辑：绝对时间优先，updated_at+seconds 回退，过期自动归零

- 新增后端与前端单元测试，覆盖关键边界与异常场景

- 将 jwt.access_token_expire_minutes 默认值改为 0，未显式配置时回退 expire_hour

- 调整配置校验为允许 0，仅拒绝负数并补充优先级注释

- 新增配置与认证服务单元测试，覆盖分钟优先与小时回退场景

- 更新示例配置文档，明确分钟/小时优先级与默认行为

- ClearRateLimit 增加清理 temp_unschedulable 与缓存\n- 新增 ClearRateLimit 相关单元测试覆盖成功与失败分支

- 新增 UsageRecordWorkerPool，支持有界队列、溢出降级策略与自动扩缩容
- 将 Gateway/OpenAI/Sora/Gemini 使用量记录改为提交到统一任务池执行
- 增加 usage_record 配置默认值与校验规则，并补充配置与任务提交相关测试
- 注入并托管 worker 池生命周期，服务退出时统一 StopAndWait
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

- 新增 Anthropic API Key 自动透传开关与后端透传分支（仅替换认证）

- 账号编辑页新增自动透传开关，默认关闭

- 优化透传性能：SSE usage 解析 gjson 快路径、减少请求体重复拷贝、优化流式写回与非流式 usage 解析

- 补充单元测试与 benchmark，确保 Claude OAuth 路径不受影响

- 为 codex_cli_only 增加 originator 判定通道，避免仅依赖 User-Agent 误拦截
- 扩展官方客户端家族标识，补充 codex_chatgpt_desktop 等常见前缀
- 新增并更新单元测试与网关透传回归测试，覆盖 UA 与 originator 组合场景
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

- 在 failover 场景透传上游响应头并识别 Cloudflare challenge/cf-ray

- 统一 Sora 任务请求的 UA 与代理使用，sentinel 与业务请求保持一致

- 修复流式错误事件 JSON 转义问题并补充相关单元测试

- 后端新增 Sora2 邀请码与剩余额度探测，并补充对应结果解析
- Sora 测试流程补齐请求头与 Cloudflare 场景提示，完善单测覆盖
- 前端测试弹窗对 Sora 账号改为免选模型流程，并新增中英文提示文案
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

- 将 refresh_token 恢复请求改为表单编码并匹配 OAuth 约定
- 流式错误改为 JSON 序列化，避免消息含引号或换行导致 SSE 非法
- 补充 Sora token 恢复与 failover 流式错误透传回归测试
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

- 新增并接通 Sora 专用 OAuth 接口与 ST/RT 换取能力
- 完成前端 Sora 授权、RT/ST 手动导入与账号创建流程
- 强化 Sora token 恢复、转发日志与网关路由隔离行为
- 补充后端服务层与路由层相关测试覆盖
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>