GitLab

shaw authored Apr 08, 2026 and 陈曦 committed Apr 08, 2026

- Sync cc_version in x-anthropic-billing-header with the fingerprint
  User-Agent version, preserving the message-derived suffix
- Implement xxHash64-based CCH signing to replace the cch=00000
  placeholder with a computed hash
- Add admin toggle (enable_cch_signing) under gateway forwarding settings,
  disabled by default

shaw authored Apr 08, 2026 and 陈曦 committed Apr 08, 2026

commit f3aa54b7 的 rewriteSystemForNonClaudeCode 未能通过 Anthropic 第三方检测，
根因是两个关键信号与真实 Claude Code 不一致：

1. anthropic-beta 头缺少 claude-code-20250219：伪装路径主动将该 beta
   加入 drop set 并移除，但 Anthropic 依赖此 beta 识别 Claude Code 请求。
   修复：非 haiku 模型的伪装请求强制包含 claude-code beta。

2. system 字段使用 string 格式而非 array+cache_control：真实 Claude Code
   始终以 [{type,text,cache_control:{type:"ephemeral"}}] 发送 system，
   string 格式成为第三方检测信号。
   修复：rewriteSystemForNonClaudeCode 改为注入 array 格式。

附带调整：stripSystemCacheControl 按 system 是否被重写动态决定，
重写时保留 CC prompt 的 cache_control，未重写时（haiku/已含CC前缀）
保持原有剥离行为。

shaw authored Apr 07, 2026 and 陈曦 committed Apr 08, 2026

Anthropic近期引入基于system参数内容的第三方应用检测机制，原有的前置追加
Claude Code提示词策略无法通过检测（后续内容仍为非Claude Code格式触发429）。

新策略：对非Claude Code客户端的OAuth/SetupToken账号请求，将system字段
完整替换为Claude Code标识提示词，原始system内容作为user/assistant消息对
注入messages开头，模型仍接收完整指令。

仅影响/v1/messages路径，chat_completions和responses路径保持原有逻辑不变。
真正的Claude Code客户端请求完全不受影响（原样透传）。

YanzheL authored Apr 02, 2026 and 陈曦 committed Apr 08, 2026

- 20 unit tests for deriveOpenAIContentSessionSeed covering:
  - Empty/nil inputs, model-only, stable across turns
  - Different model/system/first-user produce different seeds
  - Tools, functions, developer role, structured content
  - Responses API: input string, input array, instructions, input_text typed items
  - JSON canonicalization (whitespace/key-order insensitive)
  - Prefix presence, empty tools ignored, messages preferred over input
- 3 integration tests for GenerateSessionHash content fallback:
  - Content fallback produces stable hash
  - Explicit signals override content fallback
  - Empty body still returns empty hash

YanzheL authored Apr 02, 2026 and 陈曦 committed Apr 08, 2026

When no explicit session signals (session_id, conversation_id, prompt_cache_key)
are provided, derive a stable session seed from the request body content
(model + tools + system prompt + first user message) to enable sticky routing
and prompt caching for non-Codex clients using the Chat Completions API.

This mirrors the content-based fallback already present in GatewayService.
GenerateSessionHash, adapted for the OpenAI gateway's request formats (both
Chat Completions messages and Responses API input).

JSON fragments are canonicalized via normalizeCompatSeedJSON to ensure
semantically identical requests produce the same seed regardless of
whitespace or key ordering.

Closes #1421

erio authored Apr 05, 2026 and 陈曦 committed Apr 08, 2026

refactor(channel): split long functions, extract shared validation, move billing validation to service

- Split Update (98→25 lines), buildCache (54→20 lines), Create (51→25 lines)
  into focused sub-functions: applyUpdateInput, checkGroupConflicts,
  fetchChannelData, populateChannelCache, storeErrorCache, getOldGroupIDs,
  invalidateAuthCacheForGroups
- Extract validateChannelConfig to eliminate duplicated validation calls
  between Create and Update
- Move validatePricingBillingMode from handler to service layer for
  proper separation of concerns
- Add error logging to IsModelRestricted (was silently swallowing errors)
- Add 12 new tests: ToUsageFields, billing mode validation, antigravity
  wildcard mapping isolation, Create/Update mapping conflict integration

Elysia authored Apr 07, 2026 and 陈曦 committed Apr 08, 2026

当上游返回SSE格式响应(如sub2api链路)时，API Key账号的非流式路径
未检测SSE，导致终态事件中空output直接透传给客户端。

- 将Content-Type SSE检测从仅OAuth扩展至所有账号类型
- 重命名handleOAuthSSEToJSON为handleSSEToJSON（无OAuth专属逻辑）
- 为透传路径新增handlePassthroughSSEToJSON，支持SSE转JSON及空output重建
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

shaw authored Apr 08, 2026 and 陈曦 committed Apr 08, 2026

commit f3aa54b7 的 rewriteSystemForNonClaudeCode 未能通过 Anthropic 第三方检测，
根因是两个关键信号与真实 Claude Code 不一致：

1. anthropic-beta 头缺少 claude-code-20250219：伪装路径主动将该 beta
   加入 drop set 并移除，但 Anthropic 依赖此 beta 识别 Claude Code 请求。
   修复：非 haiku 模型的伪装请求强制包含 claude-code beta。

2. system 字段使用 string 格式而非 array+cache_control：真实 Claude Code
   始终以 [{type,text,cache_control:{type:"ephemeral"}}] 发送 system，
   string 格式成为第三方检测信号。
   修复：rewriteSystemForNonClaudeCode 改为注入 array 格式。

附带调整：stripSystemCacheControl 按 system 是否被重写动态决定，
重写时保留 CC prompt 的 cache_control，未重写时（haiku/已含CC前缀）
保持原有剥离行为。

haruka authored Mar 30, 2026 and 陈曦 committed Apr 08, 2026

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

haruka authored Mar 30, 2026 and 陈曦 committed Apr 08, 2026

When multiple goroutines/workers concurrently refresh the same OAuth token,
the first succeeds but invalidates the old refresh_token (rotation). Subsequent
attempts using the stale token get invalid_grant, which was incorrectly treated
as non-retryable, permanently marking the account as ERROR.

Three complementary fixes:
1. Race-aware recovery: after invalid_grant, re-read DB to check if another
   worker already refreshed (refresh_token changed) — return success instead
   of error
2. In-process mutex (sync.Map of per-account locks): prevents concurrent
   refreshes within the same process, complementing the Redis distributed lock
3. Increase default lock TTL from 30s to 60s to reduce TTL-expiry races
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

shaw authored Apr 07, 2026 and 陈曦 committed Apr 08, 2026

上游API近期更新后，response.completed终态SSE事件的output字段可能为空，
实际内容仅通过response.output_text.delta等增量事件下发。流式路径不受影响，
但chat_completions非流式路径和responses OAuth非流式路径只依赖终态事件的
output，导致返回空响应。

新增BufferedResponseAccumulator累积器，在SSE扫描过程中收集delta事件内容
（文本、function_call、reasoning），当终态output为空时补充重建。

同时修复handleChatBufferedStreamingResponse遗漏response.done事件类型的问题。

shaw authored Apr 07, 2026 and 陈曦 committed Apr 08, 2026

Anthropic近期引入基于system参数内容的第三方应用检测机制，原有的前置追加
Claude Code提示词策略无法通过检测（后续内容仍为非Claude Code格式触发429）。

新策略：对非Claude Code客户端的OAuth/SetupToken账号请求，将system字段
完整替换为Claude Code标识提示词，原始system内容作为user/assistant消息对
注入messages开头，模型仍接收完整指令。

仅影响/v1/messages路径，chat_completions和responses路径保持原有逻辑不变。
真正的Claude Code客户端请求完全不受影响（原样透传）。

Antigravity groups were incorrectly matching pricing and model mapping
entries from anthropic/gemini platform tabs. Each platform should be
strictly isolated — antigravity groups only use antigravity-tagged pricing.

Restore gateway_service.go, setting_handler.go, routes/admin.go,
dto/settings.go, group_repo.go, api_key_repo.go, wire_gen.go to
upstream/main versions and surgically remove only Sora references.

This preserves upstream-only features (RequireOauthOnly, RequirePrivacySet,
GroupResolution, etc.) that were missing when using release branch versions.

When a channel has no model mapping for the requested model, ChannelMappedModel
equals OriginalModel (the user's arbitrary input). Combined with the default
BillingModelSource="channel_mapped", this incorrectly overrides the BillingModel
set by the OpenAI format conversion layer (e.g., gpt-5.4 from DefaultMappedModel)
back to the unmapped original model (e.g., glm) which has no pricing — resulting
in zero-cost billing.

Add guard condition so the channel_mapped override only fires when the channel
actually changed the model (ChannelMappedModel != OriginalModel).

- gofmt: user.go, config_test.go, group_handler.go, smart_retry_test.go
- Remove unused: mergeGroupIDs, resolveProxyURL, "time" import
- Fix api_contract_test.go: remove extra Sora args from NewAdminService,
  NewSettingHandler, NewAccountHandler; remove Sora field expectations
- Fix account_test_service_openai_test.go: restore test helpers

- Run gofmt on user schema, config test, group handler
- Remove unused mergeGroupIDs function
- Restore shared test helpers (newJSONResponse, queuedHTTPUpstream)
  that were in deleted Sora test file

- applyRequestTierOverrides now uses filterValidIntervals consistently
  with applyTokenOverrides (per_request/image modes were not filtering)
- CostInput accepts optional pre-resolved pricing via Resolved field,
  eliminating duplicate Resolver.Resolve() calls in gateway billing paths

- Remove unused claudeMax*Tokens constants (Claude Max feature not included)
- Remove unused UsageMapHook type, SetUsageMapHook method, and usageToMap function
- Fix gofmt formatting in channel_service.go, openai_model_mapping_test.go,
  chatcompletions_to_responses.go

Restore account_usage_service.go, antigravity_gateway_service.go,
antigravity_credits_overages.go and its test to upstream/main state.
These credits balance precheck changes were accidentally included
during cherry-pick of channel management commits.

Eliminates unnecessary indirection layer. The wrapper function only
called normalizeCodexModel with a special case for "gpt 5.3 codex spark"
(space-separated variant) that is no longer needed.

All call sites now use normalizeCodexModel directly.

- Add int64(0) param to SelectAccountWithLoadAwareness callers (signature change from channel scheduling refactor)
- Add UsageMapHook type and struct field to StreamingProcessor
- Revert Claude Max cache billing code to upstream/main (not part of channel feature)
- Revert credits overages logic to upstream/main (non-channel change)
- Remove Instructions field reference (non-channel OpenAI feature)
- Restore sora_client_handler_test.go from upstream + add channel service nil params

- Change channel cache TTL from 60s to 10min (reduce unnecessary DB queries)
- Actively rebuild cache after CRUD instead of lazy invalidation
- Add slog.Warn logging for channel pricing restriction blocks (4 places)

- GetGroupPlatforms failure now stores error-TTL cache and returns error (fail-close)
- Frontend group-to-channel conflict map loads all channels instead of current page only
- Toggle channel status reloads list when active filter would hide the changed item

P0-1: Credits degraded response retry + fail-open
- Add isAntigravityDegradedResponse() to detect transient API failures
- Retry up to 3 times with exponential backoff (500ms/1s/2s)
- Invalidate singleflight cache between retries
- Fail-open after exhausting retries instead of 5h circuit break

P1-1: Fix channel restriction pre-check timing conflict
- Swap checkClaudeCodeRestriction before checkChannelPricingRestriction
- Ensures channel restriction is checked against final fallback groupID

P1-2: Add interval pricing validation (frontend + backend)
- Backend: ValidateIntervals() with boundary, price, overlap checks
- Frontend: validateIntervals() with Chinese error messages
- Rules: MinTokens>=0, MaxTokens>MinTokens, prices>=0, no overlap

P2: Fix cross-platform same-model pricing/mapping override
- Store cache keys using original platform instead of group platform
- Lookup across matching platforms (antigravity→anthropic→gemini)
- Prevents anthropic/gemini same-name models from overwriting each other

20 test cases covering:
- billingModelForRestriction: 4 cases (requested/channel_mapped/upstream/empty)
- resolveAccountUpstreamModel: 3 cases (antigravity/unsupported/non-antigravity)
- checkChannelPricingRestriction: 10 cases (nil guards, 3 billing sources,
  RestrictModels disabled, no channel)
- isUpstreamModelRestrictedByChannel: 3 cases (restricted/allowed/unsupported)