GitLab

Backend:
- Split payment_order.go (546→314 lines) into payment_order_lifecycle.go
- Replace magic strings with constants in factory, easypay, webhook handler
- Add rate limit/validity unit constants in payment_order_lifecycle, payment_service
- Fix critical regression: add PaymentEnabled to GetPublicSettings response
- Add missing migration 099_fix_migrated_purchase_menu_label_icon.sql

Frontend:
- Fix StripePopupView.vue: replace `as any` with typed interface, use extractApiErrorMessage
- Fix AdminOrderTable.vue: replace hardcoded column labels with i18n t() calls
- Fix SubscriptionsView.vue: replace hardcoded Today/Tomorrow with i18n
- Extract duplicate statusBadgeClass/canRefund/formatOrderDateTime to orderUtils.ts
- Add missing i18n keys: common.today, common.tomorrow, payment.orders.orderType/actions
- Remove dead PurchaseSubscriptionView.vue (replaced by PaymentView)

The built-in payment system replaces the old external purchase subscription
iframe approach. Remove purchase_subscription_enabled/url from admin settings
interface and form defaults, as the Payment tab now handles this functionality.
Kept in stores/app.ts fallback to match backend DTO response structure.

- Add payment navigation to AppSidebar (user orders + admin payment menu group with collapse)
- Add 5 missing nav i18n keys (myOrders, orderManagement, paymentDashboard, paymentConfig, paymentPlans)
- Renumber payment migrations 090-100 → 092-102 to avoid conflict with upstream 090/091
- Remove non-payment sora_client_enabled change, restore upstream purchase_subscription fields
- Remove extra 'data' from SettingsTab type union

Add a full payment and subscription system supporting EasyPay (Alipay/WeChat),
Stripe, and direct Alipay/WeChat Pay providers with multi-instance load balancing.

fix: 同步 LoadFactor 到调度快照缓存

feat: 为openai分组增加messages调度模型映射并支持instructions模板注入

fix(ops): 将错误日志请求体存储限制从 10KB 提升至 256KB

fix: include home_content URL in CSP frame-src origins

feat(auth): support OIDC login and prefer IdP real email on sign-in

LoadFactor 字段在构建调度快照缓存时缺失，导致调度算法
EffectiveLoadFactor() 无法使用配置的负载因子，回退到 Concurrency。
这会影响账号的负载率计算，进而影响调度优先级。

修复：在 buildSchedulerMetadataAccount 中添加 LoadFactor 字段。

10KB is too aggressive for modern LLM API requests where conversation
context routinely exceeds 1MB. This causes error logs to contain only
a minimal placeholder, making it impossible to debug upstream failures.

256KB retains enough context for effective debugging while the existing
multi-pass trimming logic handles larger payloads gracefully.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

优化调度快照缓存，避免 1.5 万账号场景下 Redis 大 MGET

- Suppress errcheck for xxhash Digest.Write (never returns error)
- Add enable_cch_signing field to settings API contract test

Fixes GO-2026-4947, GO-2026-4946, GO-2026-4870, GO-2026-4869,
GO-2026-4866, GO-2026-4865 in crypto/x509, crypto/tls, archive/tar,
and html/template.

- Sync cc_version in x-anthropic-billing-header with the fingerprint
  User-Agent version, preserving the message-derived suffix
- Implement xxHash64-based CCH signing to replace the cch=00000
  placeholder with a computed hash
- Add admin toggle (enable_cch_signing) under gateway forwarding settings,
  disabled by default

fix: sanitize empty base64 image payloads for OpenAI requests

fix(gemini): preserve google search grounding tools

fix(gateway): add content-based session hash fallback for non-Codex clients

refactor(channel): split long functions, extract shared validation, move billing validation to service

fix: 非流式响应路径扩展SSE检测至所有账号类型

commit f3aa54b7 的 rewriteSystemForNonClaudeCode 未能通过 Anthropic 第三方检测，
根因是两个关键信号与真实 Claude Code 不一致：

1. anthropic-beta 头缺少 claude-code-20250219：伪装路径主动将该 beta
   加入 drop set 并移除，但 Anthropic 依赖此 beta 识别 Claude Code 请求。
   修复：非 haiku 模型的伪装请求强制包含 claude-code beta。

2. system 字段使用 string 格式而非 array+cache_control：真实 Claude Code
   始终以 [{type,text,cache_control:{type:"ephemeral"}}] 发送 system，
   string 格式成为第三方检测信号。
   修复：rewriteSystemForNonClaudeCode 改为注入 array 格式。

附带调整：stripSystemCacheControl 按 system 是否被重写动态决定，
重写时保留 CC prompt 的 cache_control，未重写时（haiku/已含CC前缀）
保持原有剥离行为。

当上游返回SSE格式响应(如sub2api链路)时，API Key账号的非流式路径
未检测SSE，导致终态事件中空output直接透传给客户端。

- 将Content-Type SSE检测从仅OAuth扩展至所有账号类型
- 重命名handleOAuthSSEToJSON为handleSSEToJSON（无OAuth专属逻辑）
- 为透传路径新增handlePassthroughSSEToJSON，支持SSE转JSON及空output重建
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

fix: resolve refresh token race condition causing false invalid_grant errors fix issue#1381

do not normalize model for openai API token based accounts