Merge branch 'antigravity'

src/app.js

@@ -52,6 +52,16 @@ class Application {
       await redis.connect()
       logger.success('✅ Redis connected successfully')
 
+      // 💳 初始化账户余额查询服务（Provider 注册）
+      try {
+        const accountBalanceService = require('./services/accountBalanceService')
+        const { registerAllProviders } = require('./services/balanceProviders')
+        registerAllProviders(accountBalanceService)
+        logger.info('✅ 账户余额查询服务已初始化')
+      } catch (error) {
+        logger.warn('⚠️ 账户余额查询服务初始化失败:', error.message)
+      }
+
       // 💰 初始化价格服务
       logger.info('🔄 Initializing pricing service...')
       await pricingService.initialize()
@@ -169,7 +179,7 @@ class Application {
       // 🔧 基础中间件
       this.app.use(
         express.json({
-          limit: '10mb',
+          limit: '100mb',
           verify: (req, res, buf, encoding) => {
             // 验证JSON格式
             if (buf && buf.length && !buf.toString(encoding || 'utf8').trim()) {
@@ -178,7 +188,7 @@ class Application {
           }
         })
       )
-      this.app.use(express.urlencoded({ extended: true, limit: '10mb' }))
+      this.app.use(express.urlencoded({ extended: true, limit: '100mb' }))
       this.app.use(securityMiddleware)
 
       // 🎯 信任代理
@@ -268,6 +278,25 @@ class Application {
       this.app.use('/api', apiRoutes)
       this.app.use('/api', unifiedRoutes) // 统一智能路由（支持 /v1/chat/completions 等）
       this.app.use('/claude', apiRoutes) // /claude 路由别名，与 /api 功能相同
+      // Anthropic (Claude Code) 路由：按路径强制分流到 Gemini OAuth 账户
+      // - /antigravity/api/v1/messages -> Antigravity OAuth
+      // - /gemini-cli/api/v1/messages -> Gemini CLI OAuth
+      this.app.use(
+        '/antigravity/api',
+        (req, res, next) => {
+          req._anthropicVendor = 'antigravity'
+          next()
+        },
+        apiRoutes
+      )
+      this.app.use(
+        '/gemini-cli/api',
+        (req, res, next) => {
+          req._anthropicVendor = 'gemini-cli'
+          next()
+        },
+        apiRoutes
+      )
       this.app.use('/admin', adminRoutes)
       this.app.use('/users', userRoutes)
       // 使用 web 路由（包含 auth 和页面重定向）

src/handlers/geminiHandlers.js

@@ -9,6 +9,7 @@ const logger = require('../utils/logger')
 const geminiAccountService = require('../services/geminiAccountService')
 const geminiApiAccountService = require('../services/geminiApiAccountService')
 const { sendGeminiRequest, getAvailableModels } = require('../services/geminiRelayService')
+const { sendAntigravityRequest } = require('../services/antigravityRelayService')
 const crypto = require('crypto')
 const sessionHelper = require('../utils/sessionHelper')
 const unifiedGeminiScheduler = require('../services/unifiedGeminiScheduler')
@@ -86,8 +87,7 @@ function generateSessionHash(req) {
  * 检查 API Key 权限
  */
 function checkPermissions(apiKeyData, requiredPermission = 'gemini') {
-  const permissions = apiKeyData?.permissions || 'all'
-  return permissions === 'all' || permissions === requiredPermission
+  return apiKeyService.hasPermission(apiKeyData?.permissions, requiredPermission)
 }
 
 /**
@@ -508,20 +508,37 @@ async function handleMessages(req, res) {
       // OAuth 账户：使用现有的 sendGeminiRequest
       // 智能处理项目ID：优先使用配置的 projectId，降级到临时 tempProjectId
       const effectiveProjectId = account.projectId || account.tempProjectId || null
+      const oauthProvider = account.oauthProvider || 'gemini-cli'
 
-      geminiResponse = await sendGeminiRequest({
-        messages,
-        model,
-        temperature,
-        maxTokens: max_tokens,
-        stream,
-        accessToken: account.accessToken,
-        proxy: account.proxy,
-        apiKeyId: apiKeyData.id,
-        signal: abortController.signal,
-        projectId: effectiveProjectId,
-        accountId: account.id
-      })
+      if (oauthProvider === 'antigravity') {
+        geminiResponse = await sendAntigravityRequest({
+          messages,
+          model,
+          temperature,
+          maxTokens: max_tokens,
+          stream,
+          accessToken: account.accessToken,
+          proxy: account.proxy,
+          apiKeyId: apiKeyData.id,
+          signal: abortController.signal,
+          projectId: effectiveProjectId,
+          accountId: account.id
+        })
+      } else {
+        geminiResponse = await sendGeminiRequest({
+          messages,
+          model,
+          temperature,
+          maxTokens: max_tokens,
+          stream,
+          accessToken: account.accessToken,
+          proxy: account.proxy,
+          apiKeyId: apiKeyData.id,
+          signal: abortController.signal,
+          projectId: effectiveProjectId,
+          accountId: account.id
+        })
+      }
     }
 
     if (stream) {
@@ -754,8 +771,16 @@ async function handleModels(req, res) {
         ]
       }
     } else {
-      // OAuth 账户：使用 OAuth token 获取模型列表
-      models = await getAvailableModels(account.accessToken, account.proxy)
+      // OAuth 账户：根据 OAuth provider 选择上游
+      const oauthProvider = account.oauthProvider || 'gemini-cli'
+      models =
+        oauthProvider === 'antigravity'
+          ? await geminiAccountService.fetchAvailableModelsAntigravity(
+              account.accessToken,
+              account.proxy,
+              account.refreshToken
+            )
+          : await getAvailableModels(account.accessToken, account.proxy)
     }
 
     res.json({
@@ -927,7 +952,8 @@ function handleSimpleEndpoint(apiMethod) {
       const client = await geminiAccountService.getOauthClient(
         accessToken,
         refreshToken,
-        proxyConfig
+        proxyConfig,
+        account.oauthProvider
       )
 
       // 直接转发请求体，不做特殊处理
@@ -1006,7 +1032,12 @@ async function handleLoadCodeAssist(req, res) {
     // 解析账户的代理配置
     const proxyConfig = parseProxyConfig(account)
 
-    const client = await geminiAccountService.getOauthClient(accessToken, refreshToken, proxyConfig)
+    const client = await geminiAccountService.getOauthClient(
+      accessToken,
+      refreshToken,
+      proxyConfig,
+      account.oauthProvider
+    )
 
     // 智能处理项目ID
     const effectiveProjectId = projectId || cloudaicompanionProject || null
@@ -1104,7 +1135,12 @@ async function handleOnboardUser(req, res) {
     // 解析账户的代理配置
     const proxyConfig = parseProxyConfig(account)
 
-    const client = await geminiAccountService.getOauthClient(accessToken, refreshToken, proxyConfig)
+    const client = await geminiAccountService.getOauthClient(
+      accessToken,
+      refreshToken,
+      proxyConfig,
+      account.oauthProvider
+    )
 
     // 智能处理项目ID
     const effectiveProjectId = projectId || cloudaicompanionProject || null
@@ -1256,7 +1292,8 @@ async function handleCountTokens(req, res) {
       const client = await geminiAccountService.getOauthClient(
         accessToken,
         refreshToken,
-        proxyConfig
+        proxyConfig,
+        account.oauthProvider
       )
       response = await geminiAccountService.countTokens(client, contents, model, proxyConfig)
     }
@@ -1366,13 +1403,20 @@ async function handleGenerateContent(req, res) {
     // 解析账户的代理配置
     const proxyConfig = parseProxyConfig(account)
 
-    const client = await geminiAccountService.getOauthClient(accessToken, refreshToken, proxyConfig)
+    const client = await geminiAccountService.getOauthClient(
+      accessToken,
+      refreshToken,
+      proxyConfig,
+      account.oauthProvider
+    )
 
     // 智能处理项目ID：优先使用配置的 projectId，降级到临时 tempProjectId
     let effectiveProjectId = account.projectId || account.tempProjectId || null
 
+    const oauthProvider = account.oauthProvider || 'gemini-cli'
+
     // 如果没有任何项目ID，尝试调用 loadCodeAssist 获取
-    if (!effectiveProjectId) {
+    if (!effectiveProjectId && oauthProvider !== 'antigravity') {
       try {
         logger.info('📋 No projectId available, attempting to fetch from loadCodeAssist...')
         const loadResponse = await geminiAccountService.loadCodeAssist(client, null, proxyConfig)
@@ -1388,6 +1432,12 @@ async function handleGenerateContent(req, res) {
       }
     }
 
+    if (!effectiveProjectId && oauthProvider === 'antigravity') {
+      // Antigravity 账号允许没有 projectId：生成一个稳定的临时 projectId 并缓存
+      effectiveProjectId = `ag-${crypto.randomUUID().replace(/-/g, '').slice(0, 16)}`
+      await geminiAccountService.updateTempProjectId(accountId, effectiveProjectId)
+    }
+
     // 如果还是没有项目ID，返回错误
     if (!effectiveProjectId) {
       return res.status(403).json({
@@ -1410,14 +1460,24 @@ async function handleGenerateContent(req, res) {
           : '从loadCodeAssist获取'
     })
 
-    const response = await geminiAccountService.generateContent(
-      client,
-      { model, request: actualRequestData },
-      user_prompt_id,
-      effectiveProjectId,
-      req.apiKey?.id,
-      proxyConfig
-    )
+    const response =
+      oauthProvider === 'antigravity'
+        ? await geminiAccountService.generateContentAntigravity(
+            client,
+            { model, request: actualRequestData },
+            user_prompt_id,
+            effectiveProjectId,
+            req.apiKey?.id,
+            proxyConfig
+          )
+        : await geminiAccountService.generateContent(
+            client,
+            { model, request: actualRequestData },
+            user_prompt_id,
+            effectiveProjectId,
+            req.apiKey?.id,
+            proxyConfig
+          )
 
     // 记录使用统计
     if (response?.response?.usageMetadata) {
@@ -1578,13 +1638,20 @@ async function handleStreamGenerateContent(req, res) {
     // 解析账户的代理配置
     const proxyConfig = parseProxyConfig(account)
 
-    const client = await geminiAccountService.getOauthClient(accessToken, refreshToken, proxyConfig)
+    const client = await geminiAccountService.getOauthClient(
+      accessToken,
+      refreshToken,
+      proxyConfig,
+      account.oauthProvider
+    )
 
     // 智能处理项目ID：优先使用配置的 projectId，降级到临时 tempProjectId
     let effectiveProjectId = account.projectId || account.tempProjectId || null
 
+    const oauthProvider = account.oauthProvider || 'gemini-cli'
+
     // 如果没有任何项目ID，尝试调用 loadCodeAssist 获取
-    if (!effectiveProjectId) {
+    if (!effectiveProjectId && oauthProvider !== 'antigravity') {
       try {
         logger.info('📋 No projectId available, attempting to fetch from loadCodeAssist...')
         const loadResponse = await geminiAccountService.loadCodeAssist(client, null, proxyConfig)
@@ -1600,6 +1667,11 @@ async function handleStreamGenerateContent(req, res) {
       }
     }
 
+    if (!effectiveProjectId && oauthProvider === 'antigravity') {
+      effectiveProjectId = `ag-${crypto.randomUUID().replace(/-/g, '').slice(0, 16)}`
+      await geminiAccountService.updateTempProjectId(accountId, effectiveProjectId)
+    }
+
     // 如果还是没有项目ID，返回错误
     if (!effectiveProjectId) {
       return res.status(403).json({
@@ -1622,15 +1694,26 @@ async function handleStreamGenerateContent(req, res) {
           : '从loadCodeAssist获取'
     })
 
-    const streamResponse = await geminiAccountService.generateContentStream(
-      client,
-      { model, request: actualRequestData },
-      user_prompt_id,
-      effectiveProjectId,
-      req.apiKey?.id,
-      abortController.signal,
-      proxyConfig
-    )
+    const streamResponse =
+      oauthProvider === 'antigravity'
+        ? await geminiAccountService.generateContentStreamAntigravity(
+            client,
+            { model, request: actualRequestData },
+            user_prompt_id,
+            effectiveProjectId,
+            req.apiKey?.id,
+            abortController.signal,
+            proxyConfig
+          )
+        : await geminiAccountService.generateContentStream(
+            client,
+            { model, request: actualRequestData },
+            user_prompt_id,
+            effectiveProjectId,
+            req.apiKey?.id,
+            abortController.signal,
+            proxyConfig
+          )
 
     // 设置 SSE 响应头
     res.setHeader('Content-Type', 'text/event-stream')
@@ -1978,15 +2061,23 @@ async function handleStandardGenerateContent(req, res) {
     } else {
       // OAuth 账户
       const { accessToken, refreshToken } = account
+      const oauthProvider = account.oauthProvider || 'gemini-cli'
       const client = await geminiAccountService.getOauthClient(
         accessToken,
         refreshToken,
-        proxyConfig
+        proxyConfig,
+        oauthProvider
       )
 
       let effectiveProjectId = account.projectId || account.tempProjectId || null
 
-      if (!effectiveProjectId) {
+      if (oauthProvider === 'antigravity') {
+        if (!effectiveProjectId) {
+          // Antigravity 账号允许没有 projectId：生成一个稳定的临时 projectId 并缓存
+          effectiveProjectId = `ag-${crypto.randomUUID().replace(/-/g, '').slice(0, 16)}`
+          await geminiAccountService.updateTempProjectId(actualAccountId, effectiveProjectId)
+        }
+      } else if (!effectiveProjectId) {
         try {
           logger.info('📋 No projectId available, attempting to fetch from loadCodeAssist...')
           const loadResponse = await geminiAccountService.loadCodeAssist(client, null, proxyConfig)
@@ -2024,14 +2115,25 @@ async function handleStandardGenerateContent(req, res) {
 
       const userPromptId = `${crypto.randomUUID()}########0`
 
-      response = await geminiAccountService.generateContent(
-        client,
-        { model, request: actualRequestData },
-        userPromptId,
-        effectiveProjectId,
-        req.apiKey?.id,
-        proxyConfig
-      )
+      if (oauthProvider === 'antigravity') {
+        response = await geminiAccountService.generateContentAntigravity(
+          client,
+          { model, request: actualRequestData },
+          userPromptId,
+          effectiveProjectId,
+          req.apiKey?.id,
+          proxyConfig
+        )
+      } else {
+        response = await geminiAccountService.generateContent(
+          client,
+          { model, request: actualRequestData },
+          userPromptId,
+          effectiveProjectId,
+          req.apiKey?.id,
+          proxyConfig
+        )
+      }
     }
 
     // 记录使用统计
@@ -2263,12 +2365,20 @@ async function handleStandardStreamGenerateContent(req, res) {
       const client = await geminiAccountService.getOauthClient(
         accessToken,
         refreshToken,
-        proxyConfig
+        proxyConfig,
+        account.oauthProvider
       )
 
       let effectiveProjectId = account.projectId || account.tempProjectId || null
 
-      if (!effectiveProjectId) {
+      const oauthProvider = account.oauthProvider || 'gemini-cli'
+
+      if (oauthProvider === 'antigravity') {
+        if (!effectiveProjectId) {
+          effectiveProjectId = `ag-${crypto.randomUUID().replace(/-/g, '').slice(0, 16)}`
+          await geminiAccountService.updateTempProjectId(actualAccountId, effectiveProjectId)
+        }
+      } else if (!effectiveProjectId) {
         try {
           logger.info('📋 No projectId available, attempting to fetch from loadCodeAssist...')
           const loadResponse = await geminiAccountService.loadCodeAssist(client, null, proxyConfig)
@@ -2306,15 +2416,27 @@ async function handleStandardStreamGenerateContent(req, res) {
 
       const userPromptId = `${crypto.randomUUID()}########0`
 
-      streamResponse = await geminiAccountService.generateContentStream(
-        client,
-        { model, request: actualRequestData },
-        userPromptId,
-        effectiveProjectId,
-        req.apiKey?.id,
-        abortController.signal,
-        proxyConfig
-      )
+      if (oauthProvider === 'antigravity') {
+        streamResponse = await geminiAccountService.generateContentStreamAntigravity(
+          client,
+          { model, request: actualRequestData },
+          userPromptId,
+          effectiveProjectId,
+          req.apiKey?.id,
+          abortController.signal,
+          proxyConfig
+        )
+      } else {
+        streamResponse = await geminiAccountService.generateContentStream(
+          client,
+          { model, request: actualRequestData },
+          userPromptId,
+          effectiveProjectId,
+          req.apiKey?.id,
+          abortController.signal,
+          proxyConfig
+        )
+      }
     }
 
     // 设置 SSE 响应头

src/middleware/auth.js

@@ -2050,7 +2050,7 @@ const globalRateLimit = async (req, res, next) =>
 
 // 📊 请求大小限制中间件
 const requestSizeLimit = (req, res, next) => {
-  const MAX_SIZE_MB = parseInt(process.env.REQUEST_MAX_SIZE_MB || '60', 10)
+  const MAX_SIZE_MB = parseInt(process.env.REQUEST_MAX_SIZE_MB || '100', 10)
   const maxSize = MAX_SIZE_MB * 1024 * 1024
   const contentLength = parseInt(req.headers['content-length'] || '0')
 
@@ -2059,7 +2059,7 @@ const requestSizeLimit = (req, res, next) => {
     return res.status(413).json({
       error: 'Payload Too Large',
       message: 'Request body size exceeds limit',
-      limit: '10MB'
+      limit: `${MAX_SIZE_MB}MB`
     })
   }
 

src/models/redis.js

@@ -1521,6 +1521,123 @@ class RedisClient {
     return await this.client.del(key)
   }
 
+  // 💰 账户余额缓存（API 查询结果）
+  async setAccountBalance(platform, accountId, balanceData, ttl = 3600) {
+    const key = `account_balance:${platform}:${accountId}`
+
+    const payload = {
+      balance:
+        balanceData && balanceData.balance !== null && balanceData.balance !== undefined
+          ? String(balanceData.balance)
+          : '',
+      currency: balanceData?.currency || 'USD',
+      lastRefreshAt: balanceData?.lastRefreshAt || new Date().toISOString(),
+      queryMethod: balanceData?.queryMethod || 'api',
+      status: balanceData?.status || 'success',
+      errorMessage: balanceData?.errorMessage || balanceData?.error || '',
+      rawData: balanceData?.rawData ? JSON.stringify(balanceData.rawData) : '',
+      quota: balanceData?.quota ? JSON.stringify(balanceData.quota) : ''
+    }
+
+    await this.client.hset(key, payload)
+    await this.client.expire(key, ttl)
+  }
+
+  async getAccountBalance(platform, accountId) {
+    const key = `account_balance:${platform}:${accountId}`
+    const [data, ttlSeconds] = await Promise.all([this.client.hgetall(key), this.client.ttl(key)])
+
+    if (!data || Object.keys(data).length === 0) {
+      return null
+    }
+
+    let rawData = null
+    if (data.rawData) {
+      try {
+        rawData = JSON.parse(data.rawData)
+      } catch (error) {
+        rawData = null
+      }
+    }
+
+    let quota = null
+    if (data.quota) {
+      try {
+        quota = JSON.parse(data.quota)
+      } catch (error) {
+        quota = null
+      }
+    }
+
+    return {
+      balance: data.balance ? parseFloat(data.balance) : null,
+      currency: data.currency || 'USD',
+      lastRefreshAt: data.lastRefreshAt || null,
+      queryMethod: data.queryMethod || null,
+      status: data.status || null,
+      errorMessage: data.errorMessage || '',
+      rawData,
+      quota,
+      ttlSeconds: Number.isFinite(ttlSeconds) ? ttlSeconds : null
+    }
+  }
+
+  // 📊 账户余额缓存（本地统计）
+  async setLocalBalance(platform, accountId, statisticsData, ttl = 300) {
+    const key = `account_balance_local:${platform}:${accountId}`
+
+    await this.client.hset(key, {
+      estimatedBalance: JSON.stringify(statisticsData || {}),
+      lastCalculated: new Date().toISOString()
+    })
+    await this.client.expire(key, ttl)
+  }
+
+  async getLocalBalance(platform, accountId) {
+    const key = `account_balance_local:${platform}:${accountId}`
+    const data = await this.client.hgetall(key)
+
+    if (!data || !data.estimatedBalance) {
+      return null
+    }
+
+    try {
+      return JSON.parse(data.estimatedBalance)
+    } catch (error) {
+      return null
+    }
+  }
+
+  async deleteAccountBalance(platform, accountId) {
+    const key = `account_balance:${platform}:${accountId}`
+    const localKey = `account_balance_local:${platform}:${accountId}`
+    await this.client.del(key, localKey)
+  }
+
+  // 🧩 账户余额脚本配置
+  async setBalanceScriptConfig(platform, accountId, scriptConfig) {
+    const key = `account_balance_script:${platform}:${accountId}`
+    await this.client.set(key, JSON.stringify(scriptConfig || {}))
+  }
+
+  async getBalanceScriptConfig(platform, accountId) {
+    const key = `account_balance_script:${platform}:${accountId}`
+    const raw = await this.client.get(key)
+    if (!raw) {
+      return null
+    }
+    try {
+      return JSON.parse(raw)
+    } catch (error) {
+      return null
+    }
+  }
+
+  async deleteBalanceScriptConfig(platform, accountId) {
+    const key = `account_balance_script:${platform}:${accountId}`
+    return await this.client.del(key)
+  }
+
   // 📈 系统统计
   async getSystemStats() {
     const keys = await Promise.all([

src/routes/admin/accountBalance.js

@@ -0,0 +1,214 @@
+const express = require('express')
+const { authenticateAdmin } = require('../../middleware/auth')
+const logger = require('../../utils/logger')
+const accountBalanceService = require('../../services/accountBalanceService')
+const balanceScriptService = require('../../services/balanceScriptService')
+const { isBalanceScriptEnabled } = require('../../utils/featureFlags')
+
+const router = express.Router()
+
+const ensureValidPlatform = (rawPlatform) => {
+  const normalized = accountBalanceService.normalizePlatform(rawPlatform)
+  if (!normalized) {
+    return { ok: false, status: 400, error: '缺少 platform 参数' }
+  }
+
+  const supported = accountBalanceService.getSupportedPlatforms()
+  if (!supported.includes(normalized)) {
+    return { ok: false, status: 400, error: `不支持的平台: ${normalized}` }
+  }
+
+  return { ok: true, platform: normalized }
+}
+
+// 1) 获取账户余额（默认本地统计优先，可选触发 Provider）
+// GET /admin/accounts/:accountId/balance?platform=xxx&queryApi=false
+router.get('/accounts/:accountId/balance', authenticateAdmin, async (req, res) => {
+  try {
+    const { accountId } = req.params
+    const { platform, queryApi } = req.query
+
+    const valid = ensureValidPlatform(platform)
+    if (!valid.ok) {
+      return res.status(valid.status).json({ success: false, error: valid.error })
+    }
+
+    const balance = await accountBalanceService.getAccountBalance(accountId, valid.platform, {
+      queryApi
+    })
+
+    if (!balance) {
+      return res.status(404).json({ success: false, error: 'Account not found' })
+    }
+
+    return res.json(balance)
+  } catch (error) {
+    logger.error('获取账户余额失败', error)
+    return res.status(500).json({ success: false, error: error.message })
+  }
+})
+
+// 2) 强制刷新账户余额（强制触发查询：优先脚本；Provider 仅为降级）
+// POST /admin/accounts/:accountId/balance/refresh
+// Body: { platform: 'xxx' }
+router.post('/accounts/:accountId/balance/refresh', authenticateAdmin, async (req, res) => {
+  try {
+    const { accountId } = req.params
+    const { platform } = req.body || {}
+
+    const valid = ensureValidPlatform(platform)
+    if (!valid.ok) {
+      return res.status(valid.status).json({ success: false, error: valid.error })
+    }
+
+    logger.info(`手动刷新余额: ${valid.platform}:${accountId}`)
+
+    const balance = await accountBalanceService.refreshAccountBalance(accountId, valid.platform)
+    if (!balance) {
+      return res.status(404).json({ success: false, error: 'Account not found' })
+    }
+
+    return res.json(balance)
+  } catch (error) {
+    logger.error('刷新账户余额失败', error)
+    return res.status(500).json({ success: false, error: error.message })
+  }
+})
+
+// 3) 批量获取平台所有账户余额
+// GET /admin/accounts/balance/platform/:platform?queryApi=false
+router.get('/accounts/balance/platform/:platform', authenticateAdmin, async (req, res) => {
+  try {
+    const { platform } = req.params
+    const { queryApi } = req.query
+
+    const valid = ensureValidPlatform(platform)
+    if (!valid.ok) {
+      return res.status(valid.status).json({ success: false, error: valid.error })
+    }
+
+    const balances = await accountBalanceService.getAllAccountsBalance(valid.platform, { queryApi })
+
+    return res.json({ success: true, data: balances })
+  } catch (error) {
+    logger.error('批量获取余额失败', error)
+    return res.status(500).json({ success: false, error: error.message })
+  }
+})
+
+// 4) 获取余额汇总（Dashboard 用）
+// GET /admin/accounts/balance/summary
+router.get('/accounts/balance/summary', authenticateAdmin, async (req, res) => {
+  try {
+    const summary = await accountBalanceService.getBalanceSummary()
+    return res.json({ success: true, data: summary })
+  } catch (error) {
+    logger.error('获取余额汇总失败', error)
+    return res.status(500).json({ success: false, error: error.message })
+  }
+})
+
+// 5) 清除缓存
+// DELETE /admin/accounts/:accountId/balance/cache?platform=xxx
+router.delete('/accounts/:accountId/balance/cache', authenticateAdmin, async (req, res) => {
+  try {
+    const { accountId } = req.params
+    const { platform } = req.query
+
+    const valid = ensureValidPlatform(platform)
+    if (!valid.ok) {
+      return res.status(valid.status).json({ success: false, error: valid.error })
+    }
+
+    await accountBalanceService.clearCache(accountId, valid.platform)
+
+    return res.json({ success: true, message: '缓存已清除' })
+  } catch (error) {
+    logger.error('清除缓存失败', error)
+    return res.status(500).json({ success: false, error: error.message })
+  }
+})
+
+// 6) 获取/保存/测试余额脚本配置（单账户）
+router.get('/accounts/:accountId/balance/script', authenticateAdmin, async (req, res) => {
+  try {
+    const { accountId } = req.params
+    const { platform } = req.query
+
+    const valid = ensureValidPlatform(platform)
+    if (!valid.ok) {
+      return res.status(valid.status).json({ success: false, error: valid.error })
+    }
+
+    const config = await accountBalanceService.redis.getBalanceScriptConfig(
+      valid.platform,
+      accountId
+    )
+    return res.json({ success: true, data: config || null })
+  } catch (error) {
+    logger.error('获取余额脚本配置失败', error)
+    return res.status(500).json({ success: false, error: error.message })
+  }
+})
+
+router.put('/accounts/:accountId/balance/script', authenticateAdmin, async (req, res) => {
+  try {
+    const { accountId } = req.params
+    const { platform } = req.query
+    const valid = ensureValidPlatform(platform)
+    if (!valid.ok) {
+      return res.status(valid.status).json({ success: false, error: valid.error })
+    }
+
+    const payload = req.body || {}
+    await accountBalanceService.redis.setBalanceScriptConfig(valid.platform, accountId, payload)
+    return res.json({ success: true, data: payload })
+  } catch (error) {
+    logger.error('保存余额脚本配置失败', error)
+    return res.status(500).json({ success: false, error: error.message })
+  }
+})
+
+router.post('/accounts/:accountId/balance/script/test', authenticateAdmin, async (req, res) => {
+  try {
+    const { accountId } = req.params
+    const { platform } = req.query
+    const valid = ensureValidPlatform(platform)
+    if (!valid.ok) {
+      return res.status(valid.status).json({ success: false, error: valid.error })
+    }
+
+    if (!isBalanceScriptEnabled()) {
+      return res.status(403).json({
+        success: false,
+        error: '余额脚本功能已禁用（可通过 BALANCE_SCRIPT_ENABLED=true 启用）'
+      })
+    }
+
+    const payload = req.body || {}
+    const { scriptBody } = payload
+    if (!scriptBody) {
+      return res.status(400).json({ success: false, error: '脚本内容不能为空' })
+    }
+
+    const result = await balanceScriptService.execute({
+      scriptBody,
+      timeoutSeconds: payload.timeoutSeconds || 10,
+      variables: {
+        baseUrl: payload.baseUrl || '',
+        apiKey: payload.apiKey || '',
+        token: payload.token || '',
+        accountId,
+        platform: valid.platform,
+        extra: payload.extra || ''
+      }
+    })
+
+    return res.json({ success: true, data: result })
+  } catch (error) {
+    logger.error('测试余额脚本失败', error)
+    return res.status(400).json({ success: false, error: error.message })
+  }
+})
+
+module.exports = router

src/routes/admin/apiKeys.js

@@ -8,6 +8,43 @@ const config = require('../../../config/config')
 
 const router = express.Router()
 
+// 有效的权限值列表
+const VALID_PERMISSIONS = ['claude', 'gemini', 'openai', 'droid']
+
+/**
+ * 验证权限数组格式
+ * @param {any} permissions - 权限值（可以是数组或其他）
+ * @returns {string|null} - 返回错误消息，null 表示验证通过
+ */
+function validatePermissions(permissions) {
+  // 空值或未定义表示全部服务
+  if (permissions === undefined || permissions === null || permissions === '') {
+    return null
+  }
+  // 兼容旧格式字符串
+  if (typeof permissions === 'string') {
+    if (permissions === 'all' || VALID_PERMISSIONS.includes(permissions)) {
+      return null
+    }
+    return `Invalid permissions value. Must be an array of: ${VALID_PERMISSIONS.join(', ')}`
+  }
+  // 新格式数组
+  if (Array.isArray(permissions)) {
+    // 空数组表示全部服务
+    if (permissions.length === 0) {
+      return null
+    }
+    // 验证数组中的每个值
+    for (const perm of permissions) {
+      if (!VALID_PERMISSIONS.includes(perm)) {
+        return `Invalid permission value "${perm}". Valid values are: ${VALID_PERMISSIONS.join(', ')}`
+      }
+    }
+    return null
+  }
+  return `Permissions must be an array. Valid values are: ${VALID_PERMISSIONS.join(', ')}`
+}
+
 // 👥 用户管理 (用于API Key分配)
 
 // 获取所有用户列表（用于API Key分配）
@@ -1382,16 +1419,10 @@ router.post('/api-keys', authenticateAdmin, async (req, res) => {
       }
     }
 
-    // 验证服务权限字段
-    if (
-      permissions !== undefined &&
-      permissions !== null &&
-      permissions !== '' &&
-      !['claude', 'gemini', 'openai', 'droid', 'all'].includes(permissions)
-    ) {
-      return res.status(400).json({
-        error: 'Invalid permissions value. Must be claude, gemini, openai, droid, or all'
-      })
+    // 验证服务权限字段（支持数组格式）
+    const permissionsError = validatePermissions(permissions)
+    if (permissionsError) {
+      return res.status(400).json({ error: permissionsError })
     }
 
     const newKey = await apiKeyService.generateApiKey({
@@ -1481,15 +1512,10 @@ router.post('/api-keys/batch', authenticateAdmin, async (req, res) => {
         .json({ error: 'Base name must be less than 90 characters to allow for numbering' })
     }
 
-    if (
-      permissions !== undefined &&
-      permissions !== null &&
-      permissions !== '' &&
-      !['claude', 'gemini', 'openai', 'droid', 'all'].includes(permissions)
-    ) {
-      return res.status(400).json({
-        error: 'Invalid permissions value. Must be claude, gemini, openai, droid, or all'
-      })
+    // 验证服务权限字段（支持数组格式）
+    const batchPermissionsError = validatePermissions(permissions)
+    if (batchPermissionsError) {
+      return res.status(400).json({ error: batchPermissionsError })
     }
 
     // 生成批量API Keys
@@ -1592,13 +1618,12 @@ router.put('/api-keys/batch', authenticateAdmin, async (req, res) => {
       })
     }
 
-    if (
-      updates.permissions !== undefined &&
-      !['claude', 'gemini', 'openai', 'droid', 'all'].includes(updates.permissions)
-    ) {
-      return res.status(400).json({
-        error: 'Invalid permissions value. Must be claude, gemini, openai, droid, or all'
-      })
+    // 验证服务权限字段（支持数组格式）
+    if (updates.permissions !== undefined) {
+      const updatePermissionsError = validatePermissions(updates.permissions)
+      if (updatePermissionsError) {
+        return res.status(400).json({ error: updatePermissionsError })
+      }
     }
 
     logger.info(
@@ -1873,11 +1898,10 @@ router.put('/api-keys/:keyId', authenticateAdmin, async (req, res) => {
     }
 
     if (permissions !== undefined) {
-      // 验证权限值
-      if (!['claude', 'gemini', 'openai', 'droid', 'all'].includes(permissions)) {
-        return res.status(400).json({
-          error: 'Invalid permissions value. Must be claude, gemini, openai, droid, or all'
-        })
+      // 验证服务权限字段（支持数组格式）
+      const singlePermissionsError = validatePermissions(permissions)
+      if (singlePermissionsError) {
+        return res.status(400).json({ error: singlePermissionsError })
       }
       updates.permissions = permissions
     }

src/routes/admin/balanceScripts.js

@@ -0,0 +1,41 @@
+const express = require('express')
+const { authenticateAdmin } = require('../../middleware/auth')
+const balanceScriptService = require('../../services/balanceScriptService')
+const router = express.Router()
+
+// 获取全部脚本配置列表
+router.get('/balance-scripts', authenticateAdmin, (req, res) => {
+  const items = balanceScriptService.listConfigs()
+  return res.json({ success: true, data: items })
+})
+
+// 获取单个脚本配置
+router.get('/balance-scripts/:name', authenticateAdmin, (req, res) => {
+  const { name } = req.params
+  const config = balanceScriptService.getConfig(name || 'default')
+  return res.json({ success: true, data: config })
+})
+
+// 保存脚本配置
+router.put('/balance-scripts/:name', authenticateAdmin, (req, res) => {
+  try {
+    const { name } = req.params
+    const saved = balanceScriptService.saveConfig(name || 'default', req.body || {})
+    return res.json({ success: true, data: saved })
+  } catch (error) {
+    return res.status(400).json({ success: false, error: error.message })
+  }
+})
+
+// 测试脚本（不落库）
+router.post('/balance-scripts/:name/test', authenticateAdmin, async (req, res) => {
+  try {
+    const { name } = req.params
+    const result = await balanceScriptService.testScript(name || 'default', req.body || {})
+    return res.json({ success: true, data: result })
+  } catch (error) {
+    return res.status(400).json({ success: false, error: error.message })
+  }
+})
+
+module.exports = router

src/routes/admin/dashboard.js

@@ -6,13 +6,11 @@ const bedrockAccountService = require('../../services/bedrockAccountService')
 const ccrAccountService = require('../../services/ccrAccountService')
 const geminiAccountService = require('../../services/geminiAccountService')
 const droidAccountService = require('../../services/droidAccountService')
-const openaiAccountService = require('../../services/openaiAccountService')
 const openaiResponsesAccountService = require('../../services/openaiResponsesAccountService')
 const redis = require('../../models/redis')
 const { authenticateAdmin } = require('../../middleware/auth')
 const logger = require('../../utils/logger')
 const CostCalculator = require('../../utils/costCalculator')
-const pricingService = require('../../services/pricingService')
 const config = require('../../../config/config')
 
 const router = express.Router()

src/routes/admin/geminiAccounts.js

@@ -11,14 +11,19 @@ const { formatAccountExpiry, mapExpiryField } = require('./utils')
 const router = express.Router()
 
 // 🤖 Gemini OAuth 账户管理
+function getDefaultRedirectUri(oauthProvider) {
+  if (oauthProvider === 'antigravity') {
+    return process.env.ANTIGRAVITY_OAUTH_REDIRECT_URI || 'http://localhost:45462'
+  }
+  return process.env.GEMINI_OAUTH_REDIRECT_URI || 'https://codeassist.google.com/authcode'
+}
 
 // 生成 Gemini OAuth 授权 URL
 router.post('/generate-auth-url', authenticateAdmin, async (req, res) => {
   try {
-    const { state, proxy } = req.body // 接收代理配置
+    const { state, proxy, oauthProvider } = req.body // 接收代理配置与OAuth Provider
 
-    // 使用新的 codeassist.google.com 回调地址
-    const redirectUri = 'https://codeassist.google.com/authcode'
+    const redirectUri = getDefaultRedirectUri(oauthProvider)
 
     logger.info(`Generating Gemini OAuth URL with redirect_uri: ${redirectUri}`)
 
@@ -26,8 +31,9 @@ router.post('/generate-auth-url', authenticateAdmin, async (req, res) => {
       authUrl,
       state: authState,
       codeVerifier,
-      redirectUri: finalRedirectUri
-    } = await geminiAccountService.generateAuthUrl(state, redirectUri, proxy)
+      redirectUri: finalRedirectUri,
+      oauthProvider: resolvedOauthProvider
+    } = await geminiAccountService.generateAuthUrl(state, redirectUri, proxy, oauthProvider)
 
     // 创建 OAuth 会话，包含 codeVerifier 和代理配置
     const sessionId = authState
@@ -37,6 +43,7 @@ router.post('/generate-auth-url', authenticateAdmin, async (req, res) => {
       redirectUri: finalRedirectUri,
       codeVerifier, // 保存 PKCE code verifier
       proxy: proxy || null, // 保存代理配置
+      oauthProvider: resolvedOauthProvider,
       createdAt: new Date().toISOString()
     })
 
@@ -45,7 +52,8 @@ router.post('/generate-auth-url', authenticateAdmin, async (req, res) => {
       success: true,
       data: {
         authUrl,
-        sessionId
+        sessionId,
+        oauthProvider: resolvedOauthProvider
       }
     })
   } catch (error) {
@@ -80,13 +88,14 @@ router.post('/poll-auth-status', authenticateAdmin, async (req, res) => {
 // 交换 Gemini 授权码
 router.post('/exchange-code', authenticateAdmin, async (req, res) => {
   try {
-    const { code, sessionId, proxy: requestProxy } = req.body
+    const { code, sessionId, proxy: requestProxy, oauthProvider } = req.body
+    let resolvedOauthProvider = oauthProvider
 
     if (!code) {
       return res.status(400).json({ error: 'Authorization code is required' })
     }
 
-    let redirectUri = 'https://codeassist.google.com/authcode'
+    let redirectUri = getDefaultRedirectUri(resolvedOauthProvider)
     let codeVerifier = null
     let proxyConfig = null
 
@@ -97,11 +106,16 @@ router.post('/exchange-code', authenticateAdmin, async (req, res) => {
         const {
           redirectUri: sessionRedirectUri,
           codeVerifier: sessionCodeVerifier,
-          proxy
+          proxy,
+          oauthProvider: sessionOauthProvider
         } = sessionData
         redirectUri = sessionRedirectUri || redirectUri
         codeVerifier = sessionCodeVerifier
         proxyConfig = proxy // 获取代理配置
+        if (!resolvedOauthProvider && sessionOauthProvider) {
+          // 会话里保存的 provider 仅作为兜底
+          resolvedOauthProvider = sessionOauthProvider
+        }
         logger.info(
           `Using session redirect_uri: ${redirectUri}, has codeVerifier: ${!!codeVerifier}, has proxy from session: ${!!proxyConfig}`
         )
@@ -120,7 +134,8 @@ router.post('/exchange-code', authenticateAdmin, async (req, res) => {
       code,
       redirectUri,
       codeVerifier,
-      proxyConfig // 传递代理配置
+      proxyConfig, // 传递代理配置
+      resolvedOauthProvider
     )
 
     // 清理 OAuth 会话
@@ -129,7 +144,7 @@ router.post('/exchange-code', authenticateAdmin, async (req, res) => {
     }
 
     logger.success('✅ Successfully exchanged Gemini authorization code')
-    return res.json({ success: true, data: { tokens } })
+    return res.json({ success: true, data: { tokens, oauthProvider: resolvedOauthProvider } })
   } catch (error) {
     logger.error('❌ Failed to exchange Gemini authorization code:', error)
     return res.status(500).json({ error: 'Failed to exchange code', message: error.message })

src/routes/admin/index.js

@@ -21,6 +21,7 @@ const openaiResponsesAccountsRoutes = require('./openaiResponsesAccounts')
 const droidAccountsRoutes = require('./droidAccounts')
 const dashboardRoutes = require('./dashboard')
 const usageStatsRoutes = require('./usageStats')
+const accountBalanceRoutes = require('./accountBalance')
 const systemRoutes = require('./system')
 const concurrencyRoutes = require('./concurrency')
 const claudeRelayConfigRoutes = require('./claudeRelayConfig')
@@ -37,6 +38,7 @@ router.use('/', openaiResponsesAccountsRoutes)
 router.use('/', droidAccountsRoutes)
 router.use('/', dashboardRoutes)
 router.use('/', usageStatsRoutes)
+router.use('/', accountBalanceRoutes)
 router.use('/', systemRoutes)
 router.use('/', concurrencyRoutes)
 router.use('/', claudeRelayConfigRoutes)

src/routes/api.js

@@ -20,6 +20,11 @@ const {
   sendMockWarmupStream
 } = require('../utils/warmupInterceptor')
 const { sanitizeUpstreamError } = require('../utils/errorSanitizer')
+const { dumpAnthropicMessagesRequest } = require('../utils/anthropicRequestDump')
+const {
+  handleAnthropicMessagesToGemini,
+  handleAnthropicCountTokensToGemini
+} = require('../services/anthropicGeminiBridgeService')
 const router = express.Router()
 
 function queueRateLimitUpdate(rateLimitInfo, usageSummary, model, context = '') {
@@ -117,16 +122,18 @@ async function handleMessagesRequest(req, res) {
   try {
     const startTime = Date.now()
 
-    // Claude 服务权限校验，阻止未授权的 Key
-    if (
-      req.apiKey.permissions &&
-      req.apiKey.permissions !== 'all' &&
-      req.apiKey.permissions !== 'claude'
-    ) {
+    const forcedVendor = req._anthropicVendor || null
+    const requiredService =
+      forcedVendor === 'gemini-cli' || forcedVendor === 'antigravity' ? 'gemini' : 'claude'
+
+    if (!apiKeyService.hasPermission(req.apiKey?.permissions, requiredService)) {
       return res.status(403).json({
         error: {
           type: 'permission_error',
-          message: '此 API Key 无权访问 Claude 服务'
+          message:
+            requiredService === 'gemini'
+              ? '此 API Key 无权访问 Gemini 服务'
+              : '此 API Key 无权访问 Claude 服务'
         }
       })
     }
@@ -175,6 +182,25 @@ async function handleMessagesRequest(req, res) {
       }
     }
 
+    logger.api('📥 /v1/messages request received', {
+      model: req.body.model || null,
+      forcedVendor,
+      stream: req.body.stream === true
+    })
+
+    dumpAnthropicMessagesRequest(req, {
+      route: '/v1/messages',
+      forcedVendor,
+      model: req.body?.model || null,
+      stream: req.body?.stream === true
+    })
+
+    // /v1/messages 的扩展：按路径强制分流到 Gemini OAuth 账户（避免 model 前缀混乱）
+    if (forcedVendor === 'gemini-cli' || forcedVendor === 'antigravity') {
+      const baseModel = (req.body.model || '').trim()
+      return await handleAnthropicMessagesToGemini(req, res, { vendor: forcedVendor, baseModel })
+    }
+
     // 检查是否为流式请求
     const isStream = req.body.stream === true
 
@@ -1024,8 +1050,8 @@ async function handleMessagesRequest(req, res) {
           const cacheReadTokens = jsonData.usage.cache_read_input_tokens || 0
           // Parse the model to remove vendor prefix if present (e.g., "ccr,gemini-2.5-pro" -> "gemini-2.5-pro")
           const rawModel = jsonData.model || req.body.model || 'unknown'
-          const { baseModel } = parseVendorPrefixedModel(rawModel)
-          const model = baseModel || rawModel
+          const { baseModel: usageBaseModel } = parseVendorPrefixedModel(rawModel)
+          const model = usageBaseModel || rawModel
 
           // 记录真实的token使用量（包含模型信息和所有4种token以及账户ID）
           const { accountId: responseAccountId } = response
@@ -1201,6 +1227,65 @@ router.post('/claude/v1/messages', authenticateApiKey, handleMessagesRequest)
 // 📋 模型列表端点 - 支持 Claude, OpenAI, Gemini
 router.get('/v1/models', authenticateApiKey, async (req, res) => {
   try {
+    // Claude Code / Anthropic baseUrl 的分流：/antigravity/api/v1/models 返回 Antigravity 实时模型列表
+    //（通过 v1internal:fetchAvailableModels），避免依赖静态 modelService 列表。
+    const forcedVendor = req._anthropicVendor || null
+    if (forcedVendor === 'antigravity') {
+      if (!apiKeyService.hasPermission(req.apiKey?.permissions, 'gemini')) {
+        return res.status(403).json({
+          error: {
+            type: 'permission_error',
+            message: '此 API Key 无权访问 Gemini 服务'
+          }
+        })
+      }
+
+      const unifiedGeminiScheduler = require('../services/unifiedGeminiScheduler')
+      const geminiAccountService = require('../services/geminiAccountService')
+
+      let accountSelection
+      try {
+        accountSelection = await unifiedGeminiScheduler.selectAccountForApiKey(
+          req.apiKey,
+          null,
+          null,
+          { oauthProvider: 'antigravity' }
+        )
+      } catch (error) {
+        logger.error('Failed to select Gemini OAuth account (antigravity models):', error)
+        return res.status(503).json({ error: 'No available Gemini OAuth accounts' })
+      }
+
+      const account = await geminiAccountService.getAccount(accountSelection.accountId)
+      if (!account) {
+        return res.status(503).json({ error: 'Gemini OAuth account not found' })
+      }
+
+      let proxyConfig = null
+      if (account.proxy) {
+        try {
+          proxyConfig =
+            typeof account.proxy === 'string' ? JSON.parse(account.proxy) : account.proxy
+        } catch (e) {
+          logger.warn('Failed to parse proxy configuration:', e)
+        }
+      }
+
+      const models = await geminiAccountService.fetchAvailableModelsAntigravity(
+        account.accessToken,
+        proxyConfig,
+        account.refreshToken
+      )
+
+      // 可选：根据 API Key 的模型限制过滤（黑名单语义）
+      let filteredModels = models
+      if (req.apiKey.enableModelRestriction && req.apiKey.restrictedModels?.length > 0) {
+        filteredModels = models.filter((model) => !req.apiKey.restrictedModels.includes(model.id))
+      }
+
+      return res.json({ object: 'list', data: filteredModels })
+    }
+
     const modelService = require('../services/modelService')
 
     // 从 modelService 获取所有支持的模型
@@ -1337,20 +1422,27 @@ router.get('/v1/organizations/:org_id/usage', authenticateApiKey, async (req, re
 
 // 🔢 Token计数端点 - count_tokens beta API
 router.post('/v1/messages/count_tokens', authenticateApiKey, async (req, res) => {
-  // 检查权限
-  if (
-    req.apiKey.permissions &&
-    req.apiKey.permissions !== 'all' &&
-    req.apiKey.permissions !== 'claude'
-  ) {
+  // 按路径强制分流到 Gemini OAuth 账户（避免 model 前缀混乱）
+  const forcedVendor = req._anthropicVendor || null
+  const requiredService =
+    forcedVendor === 'gemini-cli' || forcedVendor === 'antigravity' ? 'gemini' : 'claude'
+
+  if (!apiKeyService.hasPermission(req.apiKey?.permissions, requiredService)) {
     return res.status(403).json({
       error: {
         type: 'permission_error',
-        message: 'This API key does not have permission to access Claude'
+        message:
+          requiredService === 'gemini'
+            ? 'This API key does not have permission to access Gemini'
+            : 'This API key does not have permission to access Claude'
       }
     })
   }
 
+  if (requiredService === 'gemini') {
+    return await handleAnthropicCountTokensToGemini(req, res, { vendor: forcedVendor })
+  }
+
   // 🔗 会话绑定验证（与 messages 端点保持一致）
   const originalSessionId = claudeRelayConfigService.extractOriginalSessionId(req.body)
   const sessionValidation = await claudeRelayConfigService.validateNewSession(

src/routes/droidRoutes.js

@@ -4,12 +4,12 @@ const { authenticateApiKey } = require('../middleware/auth')
 const droidRelayService = require('../services/droidRelayService')
 const sessionHelper = require('../utils/sessionHelper')
 const logger = require('../utils/logger')
+const apiKeyService = require('../services/apiKeyService')
 
 const router = express.Router()
 
 function hasDroidPermission(apiKeyData) {
-  const permissions = apiKeyData?.permissions || 'all'
-  return permissions === 'all' || permissions === 'droid'
+  return apiKeyService.hasPermission(apiKeyData?.permissions, 'droid')
 }
 
 /**

src/routes/openaiGeminiRoutes.js

@@ -6,6 +6,7 @@ const geminiAccountService = require('../services/geminiAccountService')
 const unifiedGeminiScheduler = require('../services/unifiedGeminiScheduler')
 const { getAvailableModels } = require('../services/geminiRelayService')
 const crypto = require('crypto')
+const apiKeyService = require('../services/apiKeyService')
 
 // 生成会话哈希
 function generateSessionHash(req) {
@@ -19,10 +20,19 @@ function generateSessionHash(req) {
   return crypto.createHash('sha256').update(sessionData).digest('hex')
 }
 
+function ensureAntigravityProjectId(account) {
+  if (account.projectId) {
+    return account.projectId
+  }
+  if (account.tempProjectId) {
+    return account.tempProjectId
+  }
+  return `ag-${crypto.randomBytes(8).toString('hex')}`
+}
+
 // 检查 API Key 权限
 function checkPermissions(apiKeyData, requiredPermission = 'gemini') {
-  const permissions = apiKeyData.permissions || 'all'
-  return permissions === 'all' || permissions === requiredPermission
+  return apiKeyService.hasPermission(apiKeyData?.permissions, requiredPermission)
 }
 
 // 转换 OpenAI 消息格式到 Gemini 格式
@@ -335,25 +345,48 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
     const client = await geminiAccountService.getOauthClient(
       account.accessToken,
       account.refreshToken,
-      proxyConfig
+      proxyConfig,
+      account.oauthProvider
     )
     if (actualStream) {
       // 流式响应
+      const oauthProvider = account.oauthProvider || 'gemini-cli'
+      let { projectId } = account
+
+      if (oauthProvider === 'antigravity') {
+        projectId = ensureAntigravityProjectId(account)
+        if (!account.projectId && account.tempProjectId !== projectId) {
+          await geminiAccountService.updateTempProjectId(account.id, projectId)
+          account.tempProjectId = projectId
+        }
+      }
+
       logger.info('StreamGenerateContent request', {
         model,
-        projectId: account.projectId,
+        projectId,
         apiKeyId: apiKeyData.id
       })
 
-      const streamResponse = await geminiAccountService.generateContentStream(
-        client,
-        { model, request: geminiRequestBody },
-        null, // user_prompt_id
-        account.projectId, // 使用有权限的项目ID
-        apiKeyData.id, // 使用 API Key ID 作为 session ID
-        abortController.signal, // 传递中止信号
-        proxyConfig // 传递代理配置
-      )
+      const streamResponse =
+        oauthProvider === 'antigravity'
+          ? await geminiAccountService.generateContentStreamAntigravity(
+              client,
+              { model, request: geminiRequestBody },
+              null, // user_prompt_id
+              projectId,
+              apiKeyData.id, // 使用 API Key ID 作为 session ID
+              abortController.signal, // 传递中止信号
+              proxyConfig // 传递代理配置
+            )
+          : await geminiAccountService.generateContentStream(
+              client,
+              { model, request: geminiRequestBody },
+              null, // user_prompt_id
+              projectId, // 使用有权限的项目ID
+              apiKeyData.id, // 使用 API Key ID 作为 session ID
+              abortController.signal, // 传递中止信号
+              proxyConfig // 传递代理配置
+            )
 
       // 设置流式响应头
       res.setHeader('Content-Type', 'text/event-stream')
@@ -499,7 +532,6 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
         // 记录使用统计
         if (!usageReported && totalUsage.totalTokenCount > 0) {
           try {
-            const apiKeyService = require('../services/apiKeyService')
             await apiKeyService.recordUsage(
               apiKeyData.id,
               totalUsage.promptTokenCount || 0,
@@ -559,20 +591,41 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
       })
     } else {
       // 非流式响应
+      const oauthProvider = account.oauthProvider || 'gemini-cli'
+      let { projectId } = account
+
+      if (oauthProvider === 'antigravity') {
+        projectId = ensureAntigravityProjectId(account)
+        if (!account.projectId && account.tempProjectId !== projectId) {
+          await geminiAccountService.updateTempProjectId(account.id, projectId)
+          account.tempProjectId = projectId
+        }
+      }
+
       logger.info('GenerateContent request', {
         model,
-        projectId: account.projectId,
+        projectId,
         apiKeyId: apiKeyData.id
       })
 
-      const response = await geminiAccountService.generateContent(
-        client,
-        { model, request: geminiRequestBody },
-        null, // user_prompt_id
-        account.projectId, // 使用有权限的项目ID
-        apiKeyData.id, // 使用 API Key ID 作为 session ID
-        proxyConfig // 传递代理配置
-      )
+      const response =
+        oauthProvider === 'antigravity'
+          ? await geminiAccountService.generateContentAntigravity(
+              client,
+              { model, request: geminiRequestBody },
+              null, // user_prompt_id
+              projectId,
+              apiKeyData.id, // 使用 API Key ID 作为 session ID
+              proxyConfig // 传递代理配置
+            )
+          : await geminiAccountService.generateContent(
+              client,
+              { model, request: geminiRequestBody },
+              null, // user_prompt_id
+              projectId, // 使用有权限的项目ID
+              apiKeyData.id, // 使用 API Key ID 作为 session ID
+              proxyConfig // 传递代理配置
+            )
 
       // 转换为 OpenAI 格式并返回
       const openaiResponse = convertGeminiResponseToOpenAI(response, model, false)
@@ -580,7 +633,6 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
       // 记录使用统计
       if (openaiResponse.usage) {
         try {
-          const apiKeyService = require('../services/apiKeyService')
           await apiKeyService.recordUsage(
             apiKeyData.id,
             openaiResponse.usage.prompt_tokens || 0,
@@ -604,12 +656,15 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
     const duration = Date.now() - startTime
     logger.info(`OpenAI-Gemini request completed in ${duration}ms`)
   } catch (error) {
-    // 客户端主动断开连接是正常情况，使用 INFO 级别
-    if (error.message === 'Client disconnected') {
-      logger.info('🔌 OpenAI-Gemini stream ended: Client disconnected')
-    } else {
-      logger.error('OpenAI-Gemini request error:', error)
-    }
+    const statusForLog = error?.status || error?.response?.status
+    logger.error('OpenAI-Gemini request error', {
+      message: error?.message,
+      status: statusForLog,
+      code: error?.code,
+      requestUrl: error?.config?.url,
+      requestMethod: error?.config?.method,
+      upstreamTraceId: error?.response?.headers?.['x-cloudaicompanion-trace-id']
+    })
 
     // 处理速率限制
     if (error.status === 429) {
@@ -645,8 +700,8 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
   return undefined
 })
 
-// OpenAI 兼容的模型列表端点
-router.get('/v1/models', authenticateApiKey, async (req, res) => {
+// 获取可用模型列表的共享处理器
+async function handleGetModels(req, res) {
   try {
     const apiKeyData = req.apiKey
 
@@ -677,8 +732,21 @@ router.get('/v1/models', authenticateApiKey, async (req, res) => {
     let models = []
 
     if (account) {
-      // 获取实际的模型列表
-      models = await getAvailableModels(account.accessToken, account.proxy)
+      // 获取实际的模型列表（失败时回退到默认列表，避免影响 /v1/models 可用性）
+      try {
+        const oauthProvider = account.oauthProvider || 'gemini-cli'
+        models =
+          oauthProvider === 'antigravity'
+            ? await geminiAccountService.fetchAvailableModelsAntigravity(
+                account.accessToken,
+                account.proxy,
+                account.refreshToken
+              )
+            : await getAvailableModels(account.accessToken, account.proxy)
+      } catch (error) {
+        logger.warn('Failed to get Gemini models list from upstream, fallback to default:', error)
+        models = []
+      }
     } else {
       // 返回默认模型列表
       models = [
@@ -691,6 +759,17 @@ router.get('/v1/models', authenticateApiKey, async (req, res) => {
       ]
     }
 
+    if (!models || models.length === 0) {
+      models = [
+        {
+          id: 'gemini-2.0-flash-exp',
+          object: 'model',
+          created: Math.floor(Date.now() / 1000),
+          owned_by: 'google'
+        }
+      ]
+    }
+
     // 如果启用了模型限制，过滤模型列表
     if (apiKeyData.enableModelRestriction && apiKeyData.restrictedModels.length > 0) {
       models = models.filter((model) => apiKeyData.restrictedModels.includes(model.id))
@@ -710,8 +789,13 @@ router.get('/v1/models', authenticateApiKey, async (req, res) => {
       }
     })
   }
-  return undefined
-})
+}
+
+// OpenAI 兼容的模型列表端点 (带 v1 版)
+router.get('/v1/models', authenticateApiKey, handleGetModels)
+
+// OpenAI 兼容的模型列表端点 (根路径版，方便第三方加载)
+router.get('/models', authenticateApiKey, handleGetModels)
 
 // OpenAI 兼容的模型详情端点
 router.get('/v1/models/:model', authenticateApiKey, async (req, res) => {

src/routes/openaiRoutes.js

@@ -20,8 +20,7 @@ function createProxyAgent(proxy) {
 
 // 检查 API Key 是否具备 OpenAI 权限
 function checkOpenAIPermissions(apiKeyData) {
-  const permissions = apiKeyData?.permissions || 'all'
-  return permissions === 'all' || permissions === 'openai'
+  return apiKeyService.hasPermission(apiKeyData?.permissions, 'openai')
 }
 
 function normalizeHeaders(headers = {}) {

src/routes/unified.js

@@ -8,6 +8,7 @@ const {
   handleStreamGenerateContent: geminiHandleStreamGenerateContent
 } = require('../handlers/geminiHandlers')
 const openaiRoutes = require('./openaiRoutes')
+const apiKeyService = require('../services/apiKeyService')
 
 const router = express.Router()
 
@@ -45,11 +46,11 @@ async function routeToBackend(req, res, requestedModel) {
   logger.info(`🔀 Routing request - Model: ${requestedModel}, Backend: ${backend}`)
 
   // 检查权限
-  const permissions = req.apiKey.permissions || 'all'
+  const { permissions } = req.apiKey
 
   if (backend === 'claude') {
     // Claude 后端：通过 OpenAI 兼容层
-    if (permissions !== 'all' && permissions !== 'claude') {
+    if (!apiKeyService.hasPermission(permissions, 'claude')) {
       return res.status(403).json({
         error: {
           message: 'This API key does not have permission to access Claude',
@@ -61,7 +62,7 @@ async function routeToBackend(req, res, requestedModel) {
     await handleChatCompletion(req, res, req.apiKey)
   } else if (backend === 'openai') {
     // OpenAI 后端
-    if (permissions !== 'all' && permissions !== 'openai') {
+    if (!apiKeyService.hasPermission(permissions, 'openai')) {
       return res.status(403).json({
         error: {
           message: 'This API key does not have permission to access OpenAI',
@@ -73,7 +74,7 @@ async function routeToBackend(req, res, requestedModel) {
     return await openaiRoutes.handleResponses(req, res)
   } else if (backend === 'gemini') {
     // Gemini 后端
-    if (permissions !== 'all' && permissions !== 'gemini') {
+    if (!apiKeyService.hasPermission(permissions, 'gemini')) {
       return res.status(403).json({
         error: {
           message: 'This API key does not have permission to access Gemini',

src/services/accountBalanceService.js

@@ -0,0 +1,764 @@
+const redis = require('../models/redis')
+const balanceScriptService = require('./balanceScriptService')
+const logger = require('../utils/logger')
+const CostCalculator = require('../utils/costCalculator')
+const { isBalanceScriptEnabled } = require('../utils/featureFlags')
+
+class AccountBalanceService {
+  constructor(options = {}) {
+    this.redis = options.redis || redis
+    this.logger = options.logger || logger
+
+    this.providers = new Map()
+
+    this.CACHE_TTL_SECONDS = 3600
+    this.LOCAL_TTL_SECONDS = 300
+
+    this.LOW_BALANCE_THRESHOLD = 10
+    this.HIGH_USAGE_THRESHOLD_PERCENT = 90
+    this.DEFAULT_CONCURRENCY = 10
+  }
+
+  getSupportedPlatforms() {
+    return [
+      'claude',
+      'claude-console',
+      'gemini',
+      'gemini-api',
+      'openai',
+      'openai-responses',
+      'azure_openai',
+      'bedrock',
+      'droid',
+      'ccr'
+    ]
+  }
+
+  normalizePlatform(platform) {
+    if (!platform) {
+      return null
+    }
+
+    const value = String(platform).trim().toLowerCase()
+
+    // 兼容实施文档与历史命名
+    if (value === 'claude-official') {
+      return 'claude'
+    }
+    if (value === 'azure-openai') {
+      return 'azure_openai'
+    }
+
+    // 保持前端平台键一致
+    return value
+  }
+
+  registerProvider(platform, provider) {
+    const normalized = this.normalizePlatform(platform)
+    if (!normalized) {
+      throw new Error('registerProvider: 缺少 platform')
+    }
+    if (!provider || typeof provider.queryBalance !== 'function') {
+      throw new Error(`registerProvider: Provider 无效 (${normalized})`)
+    }
+    this.providers.set(normalized, provider)
+  }
+
+  async getAccountBalance(accountId, platform, options = {}) {
+    const normalizedPlatform = this.normalizePlatform(platform)
+    const account = await this.getAccount(accountId, normalizedPlatform)
+    if (!account) {
+      return null
+    }
+    return await this._getAccountBalanceForAccount(account, normalizedPlatform, options)
+  }
+
+  async refreshAccountBalance(accountId, platform) {
+    const normalizedPlatform = this.normalizePlatform(platform)
+    const account = await this.getAccount(accountId, normalizedPlatform)
+    if (!account) {
+      return null
+    }
+
+    return await this._getAccountBalanceForAccount(account, normalizedPlatform, {
+      queryApi: true,
+      useCache: false
+    })
+  }
+
+  async getAllAccountsBalance(platform, options = {}) {
+    const normalizedPlatform = this.normalizePlatform(platform)
+    const accounts = await this.getAllAccountsByPlatform(normalizedPlatform)
+    const queryApi = this._parseBoolean(options.queryApi) || false
+    const useCache = options.useCache !== false
+
+    const results = await this._mapWithConcurrency(
+      accounts,
+      this.DEFAULT_CONCURRENCY,
+      async (acc) => {
+        try {
+          const balance = await this._getAccountBalanceForAccount(acc, normalizedPlatform, {
+            queryApi,
+            useCache
+          })
+          return { ...balance, name: acc.name || '' }
+        } catch (error) {
+          this.logger.error(`批量获取余额失败: ${normalizedPlatform}:${acc?.id}`, error)
+          return {
+            success: true,
+            data: {
+              accountId: acc?.id,
+              platform: normalizedPlatform,
+              balance: null,
+              quota: null,
+              statistics: {},
+              source: 'local',
+              lastRefreshAt: new Date().toISOString(),
+              cacheExpiresAt: null,
+              status: 'error',
+              error: error.message || '批量查询失败'
+            },
+            name: acc?.name || ''
+          }
+        }
+      }
+    )
+
+    return results
+  }
+
+  async getBalanceSummary() {
+    const platforms = this.getSupportedPlatforms()
+
+    const summary = {
+      totalBalance: 0,
+      totalCost: 0,
+      lowBalanceCount: 0,
+      platforms: {}
+    }
+
+    for (const platform of platforms) {
+      const accounts = await this.getAllAccountsByPlatform(platform)
+      const platformData = {
+        count: accounts.length,
+        totalBalance: 0,
+        totalCost: 0,
+        lowBalanceCount: 0,
+        accounts: []
+      }
+
+      const balances = await this._mapWithConcurrency(
+        accounts,
+        this.DEFAULT_CONCURRENCY,
+        async (acc) => {
+          const balance = await this._getAccountBalanceForAccount(acc, platform, {
+            queryApi: false,
+            useCache: true
+          })
+          return { ...balance, name: acc.name || '' }
+        }
+      )
+
+      for (const item of balances) {
+        platformData.accounts.push(item)
+
+        const amount = item?.data?.balance?.amount
+        const percentage = item?.data?.quota?.percentage
+        const totalCost = Number(item?.data?.statistics?.totalCost || 0)
+
+        const hasAmount = typeof amount === 'number' && Number.isFinite(amount)
+        const isLowBalance = hasAmount && amount < this.LOW_BALANCE_THRESHOLD
+        const isHighUsage =
+          typeof percentage === 'number' &&
+          Number.isFinite(percentage) &&
+          percentage > this.HIGH_USAGE_THRESHOLD_PERCENT
+
+        if (hasAmount) {
+          platformData.totalBalance += amount
+        }
+
+        if (isLowBalance || isHighUsage) {
+          platformData.lowBalanceCount += 1
+          summary.lowBalanceCount += 1
+        }
+
+        platformData.totalCost += totalCost
+      }
+
+      summary.platforms[platform] = platformData
+      summary.totalBalance += platformData.totalBalance
+      summary.totalCost += platformData.totalCost
+    }
+
+    return summary
+  }
+
+  async clearCache(accountId, platform) {
+    const normalizedPlatform = this.normalizePlatform(platform)
+    if (!normalizedPlatform) {
+      throw new Error('缺少 platform 参数')
+    }
+
+    await this.redis.deleteAccountBalance(normalizedPlatform, accountId)
+    this.logger.info(`余额缓存已清除: ${normalizedPlatform}:${accountId}`)
+  }
+
+  async getAccount(accountId, platform) {
+    if (!accountId || !platform) {
+      return null
+    }
+
+    const serviceMap = {
+      claude: require('./claudeAccountService'),
+      'claude-console': require('./claudeConsoleAccountService'),
+      gemini: require('./geminiAccountService'),
+      'gemini-api': require('./geminiApiAccountService'),
+      openai: require('./openaiAccountService'),
+      'openai-responses': require('./openaiResponsesAccountService'),
+      azure_openai: require('./azureOpenaiAccountService'),
+      bedrock: require('./bedrockAccountService'),
+      droid: require('./droidAccountService'),
+      ccr: require('./ccrAccountService')
+    }
+
+    const service = serviceMap[platform]
+    if (!service || typeof service.getAccount !== 'function') {
+      return null
+    }
+
+    return await service.getAccount(accountId)
+  }
+
+  async getAllAccountsByPlatform(platform) {
+    if (!platform) {
+      return []
+    }
+
+    const serviceMap = {
+      claude: require('./claudeAccountService'),
+      'claude-console': require('./claudeConsoleAccountService'),
+      gemini: require('./geminiAccountService'),
+      'gemini-api': require('./geminiApiAccountService'),
+      openai: require('./openaiAccountService'),
+      'openai-responses': require('./openaiResponsesAccountService'),
+      azure_openai: require('./azureOpenaiAccountService'),
+      bedrock: require('./bedrockAccountService'),
+      droid: require('./droidAccountService'),
+      ccr: require('./ccrAccountService')
+    }
+
+    const service = serviceMap[platform]
+    if (!service) {
+      return []
+    }
+
+    // Bedrock 特殊：返回 { success, data }
+    if (platform === 'bedrock' && typeof service.getAllAccounts === 'function') {
+      const result = await service.getAllAccounts()
+      return result?.success ? result.data || [] : []
+    }
+
+    if (platform === 'openai-responses') {
+      return await service.getAllAccounts(true)
+    }
+
+    if (typeof service.getAllAccounts !== 'function') {
+      return []
+    }
+
+    return await service.getAllAccounts()
+  }
+
+  async _getAccountBalanceForAccount(account, platform, options = {}) {
+    const queryMode = this._parseQueryMode(options.queryApi)
+    const useCache = options.useCache !== false
+
+    const accountId = account?.id
+    if (!accountId) {
+      throw new Error('账户缺少 id')
+    }
+
+    // 余额脚本配置状态（用于前端控制“刷新余额”按钮）
+    let scriptConfig = null
+    let scriptConfigured = false
+    if (typeof this.redis?.getBalanceScriptConfig === 'function') {
+      scriptConfig = await this.redis.getBalanceScriptConfig(platform, accountId)
+      scriptConfigured = !!(
+        scriptConfig &&
+        scriptConfig.scriptBody &&
+        String(scriptConfig.scriptBody).trim().length > 0
+      )
+    }
+    const scriptEnabled = isBalanceScriptEnabled()
+    const scriptMeta = { scriptEnabled, scriptConfigured }
+
+    const localBalance = await this._getBalanceFromLocal(accountId, platform)
+    const localStatistics = localBalance.statistics || {}
+
+    const quotaFromLocal = this._buildQuotaFromLocal(account, localStatistics)
+
+    // 安全限制：queryApi=auto 仅用于 Antigravity（gemini + oauthProvider=antigravity）账户
+    const effectiveQueryMode =
+      queryMode === 'auto' && !(platform === 'gemini' && account?.oauthProvider === 'antigravity')
+        ? 'local'
+        : queryMode
+
+    // local: 仅本地统计/缓存；auto: 优先缓存，无缓存则尝试远程 Provider（并缓存结果）
+    if (effectiveQueryMode !== 'api') {
+      if (useCache) {
+        const cached = await this.redis.getAccountBalance(platform, accountId)
+        if (cached && cached.status === 'success') {
+          return this._buildResponse(
+            {
+              status: cached.status,
+              errorMessage: cached.errorMessage,
+              balance: quotaFromLocal.balance ?? cached.balance,
+              currency: quotaFromLocal.currency || cached.currency || 'USD',
+              quota: quotaFromLocal.quota || cached.quota || null,
+              statistics: localStatistics,
+              lastRefreshAt: cached.lastRefreshAt
+            },
+            accountId,
+            platform,
+            'cache',
+            cached.ttlSeconds,
+            scriptMeta
+          )
+        }
+      }
+
+      if (effectiveQueryMode === 'local') {
+        return this._buildResponse(
+          {
+            status: 'success',
+            errorMessage: null,
+            balance: quotaFromLocal.balance,
+            currency: quotaFromLocal.currency || 'USD',
+            quota: quotaFromLocal.quota,
+            statistics: localStatistics,
+            lastRefreshAt: localBalance.lastCalculated
+          },
+          accountId,
+          platform,
+          'local',
+          null,
+          scriptMeta
+        )
+      }
+    }
+
+    // 强制查询：优先脚本（如启用且已配置），否则调用 Provider；失败自动降级到本地统计
+    let providerResult
+
+    if (scriptEnabled && scriptConfigured) {
+      providerResult = await this._getBalanceFromScript(scriptConfig, accountId, platform)
+    } else {
+      const provider = this.providers.get(platform)
+      if (!provider) {
+        return this._buildResponse(
+          {
+            status: 'error',
+            errorMessage: `不支持的平台: ${platform}`,
+            balance: quotaFromLocal.balance,
+            currency: quotaFromLocal.currency || 'USD',
+            quota: quotaFromLocal.quota,
+            statistics: localStatistics,
+            lastRefreshAt: new Date().toISOString()
+          },
+          accountId,
+          platform,
+          'local',
+          null,
+          scriptMeta
+        )
+      }
+      providerResult = await this._getBalanceFromProvider(provider, account)
+    }
+
+    const isRemoteSuccess =
+      providerResult.status === 'success' && ['api', 'script'].includes(providerResult.queryMethod)
+
+    // 仅缓存“真实远程查询成功”的结果，避免把字段/本地降级结果当作 API 结果缓存 1h
+    if (isRemoteSuccess) {
+      await this.redis.setAccountBalance(
+        platform,
+        accountId,
+        providerResult,
+        this.CACHE_TTL_SECONDS
+      )
+    }
+
+    const source = isRemoteSuccess ? 'api' : 'local'
+
+    return this._buildResponse(
+      {
+        status: providerResult.status,
+        errorMessage: providerResult.errorMessage,
+        balance: quotaFromLocal.balance ?? providerResult.balance,
+        currency: quotaFromLocal.currency || providerResult.currency || 'USD',
+        quota: quotaFromLocal.quota || providerResult.quota || null,
+        statistics: localStatistics,
+        lastRefreshAt: providerResult.lastRefreshAt
+      },
+      accountId,
+      platform,
+      source,
+      null,
+      scriptMeta
+    )
+  }
+
+  async _getBalanceFromScript(scriptConfig, accountId, platform) {
+    try {
+      const result = await balanceScriptService.execute({
+        scriptBody: scriptConfig.scriptBody,
+        timeoutSeconds: scriptConfig.timeoutSeconds || 10,
+        variables: {
+          baseUrl: scriptConfig.baseUrl || '',
+          apiKey: scriptConfig.apiKey || '',
+          token: scriptConfig.token || '',
+          accountId,
+          platform,
+          extra: scriptConfig.extra || ''
+        }
+      })
+
+      const mapped = result?.mapped || {}
+      return {
+        status: mapped.status || 'error',
+        balance: typeof mapped.balance === 'number' ? mapped.balance : null,
+        currency: mapped.currency || 'USD',
+        quota: mapped.quota || null,
+        queryMethod: 'api',
+        rawData: mapped.rawData || result?.response?.data || null,
+        lastRefreshAt: new Date().toISOString(),
+        errorMessage: mapped.errorMessage || ''
+      }
+    } catch (error) {
+      return {
+        status: 'error',
+        balance: null,
+        currency: 'USD',
+        quota: null,
+        queryMethod: 'api',
+        rawData: null,
+        lastRefreshAt: new Date().toISOString(),
+        errorMessage: error.message || '脚本执行失败'
+      }
+    }
+  }
+
+  async _getBalanceFromProvider(provider, account) {
+    try {
+      const result = await provider.queryBalance(account)
+      return {
+        status: 'success',
+        balance: typeof result?.balance === 'number' ? result.balance : null,
+        currency: result?.currency || 'USD',
+        quota: result?.quota || null,
+        queryMethod: result?.queryMethod || 'api',
+        rawData: result?.rawData || null,
+        lastRefreshAt: new Date().toISOString(),
+        errorMessage: ''
+      }
+    } catch (error) {
+      return {
+        status: 'error',
+        balance: null,
+        currency: 'USD',
+        quota: null,
+        queryMethod: 'api',
+        rawData: null,
+        lastRefreshAt: new Date().toISOString(),
+        errorMessage: error.message || '查询失败'
+      }
+    }
+  }
+
+  async _getBalanceFromLocal(accountId, platform) {
+    const cached = await this.redis.getLocalBalance(platform, accountId)
+    if (cached && cached.statistics) {
+      return cached
+    }
+
+    const statistics = await this._computeLocalStatistics(accountId)
+    const localBalance = {
+      status: 'success',
+      balance: null,
+      currency: 'USD',
+      statistics,
+      queryMethod: 'local',
+      lastCalculated: new Date().toISOString()
+    }
+
+    await this.redis.setLocalBalance(platform, accountId, localBalance, this.LOCAL_TTL_SECONDS)
+    return localBalance
+  }
+
+  async _computeLocalStatistics(accountId) {
+    const safeNumber = (value) => {
+      const num = Number(value)
+      return Number.isFinite(num) ? num : 0
+    }
+
+    try {
+      const usageStats = await this.redis.getAccountUsageStats(accountId)
+      const dailyCost = safeNumber(usageStats?.daily?.cost || 0)
+      const monthlyCost = await this._computeMonthlyCost(accountId)
+      const totalCost = await this._computeTotalCost(accountId)
+
+      return {
+        totalCost,
+        dailyCost,
+        monthlyCost,
+        totalRequests: safeNumber(usageStats?.total?.requests || 0),
+        dailyRequests: safeNumber(usageStats?.daily?.requests || 0),
+        monthlyRequests: safeNumber(usageStats?.monthly?.requests || 0)
+      }
+    } catch (error) {
+      this.logger.debug(`本地统计计算失败: ${accountId}`, error)
+      return {
+        totalCost: 0,
+        dailyCost: 0,
+        monthlyCost: 0,
+        totalRequests: 0,
+        dailyRequests: 0,
+        monthlyRequests: 0
+      }
+    }
+  }
+
+  async _computeMonthlyCost(accountId) {
+    const tzDate = this.redis.getDateInTimezone(new Date())
+    const currentMonth = `${tzDate.getUTCFullYear()}-${String(tzDate.getUTCMonth() + 1).padStart(
+      2,
+      '0'
+    )}`
+
+    const pattern = `account_usage:model:monthly:${accountId}:*:${currentMonth}`
+    return await this._sumModelCostsByKeysPattern(pattern)
+  }
+
+  async _computeTotalCost(accountId) {
+    const pattern = `account_usage:model:monthly:${accountId}:*:*`
+    return await this._sumModelCostsByKeysPattern(pattern)
+  }
+
+  async _sumModelCostsByKeysPattern(pattern) {
+    try {
+      const client = this.redis.getClientSafe()
+      let totalCost = 0
+      let cursor = '0'
+      const scanCount = 200
+      let iterations = 0
+      const maxIterations = 2000
+
+      do {
+        const [nextCursor, keys] = await client.scan(cursor, 'MATCH', pattern, 'COUNT', scanCount)
+        cursor = nextCursor
+        iterations += 1
+
+        if (!keys || keys.length === 0) {
+          continue
+        }
+
+        const pipeline = client.pipeline()
+        keys.forEach((key) => pipeline.hgetall(key))
+        const results = await pipeline.exec()
+
+        for (let i = 0; i < results.length; i += 1) {
+          const [, data] = results[i] || []
+          if (!data || Object.keys(data).length === 0) {
+            continue
+          }
+
+          const parts = String(keys[i]).split(':')
+          const model = parts[4] || 'unknown'
+
+          const usage = {
+            input_tokens: parseInt(data.inputTokens || 0),
+            output_tokens: parseInt(data.outputTokens || 0),
+            cache_creation_input_tokens: parseInt(data.cacheCreateTokens || 0),
+            cache_read_input_tokens: parseInt(data.cacheReadTokens || 0)
+          }
+
+          const costResult = CostCalculator.calculateCost(usage, model)
+          totalCost += costResult.costs.total || 0
+        }
+
+        if (iterations >= maxIterations) {
+          this.logger.warn(`SCAN 次数超过上限，停止汇总：${pattern}`)
+          break
+        }
+      } while (cursor !== '0')
+
+      return totalCost
+    } catch (error) {
+      this.logger.debug(`汇总模型费用失败: ${pattern}`, error)
+      return 0
+    }
+  }
+
+  _buildQuotaFromLocal(account, statistics) {
+    if (!account || !Object.prototype.hasOwnProperty.call(account, 'dailyQuota')) {
+      return { balance: null, currency: null, quota: null }
+    }
+
+    const dailyQuota = Number(account.dailyQuota || 0)
+    const used = Number(statistics?.dailyCost || 0)
+
+    const resetAt = this._computeNextResetAt(account.quotaResetTime || '00:00')
+
+    // 不限制
+    if (!Number.isFinite(dailyQuota) || dailyQuota <= 0) {
+      return {
+        balance: null,
+        currency: 'USD',
+        quota: {
+          daily: Infinity,
+          used,
+          remaining: Infinity,
+          percentage: 0,
+          unlimited: true,
+          resetAt
+        }
+      }
+    }
+
+    const remaining = Math.max(0, dailyQuota - used)
+    const percentage = dailyQuota > 0 ? (used / dailyQuota) * 100 : 0
+
+    return {
+      balance: remaining,
+      currency: 'USD',
+      quota: {
+        daily: dailyQuota,
+        used,
+        remaining,
+        resetAt,
+        percentage: Math.round(percentage * 100) / 100
+      }
+    }
+  }
+
+  _computeNextResetAt(resetTime) {
+    const now = new Date()
+    const tzNow = this.redis.getDateInTimezone(now)
+    const offsetMs = tzNow.getTime() - now.getTime()
+
+    const [h, m] = String(resetTime || '00:00')
+      .split(':')
+      .map((n) => parseInt(n, 10))
+
+    const resetHour = Number.isFinite(h) ? h : 0
+    const resetMinute = Number.isFinite(m) ? m : 0
+
+    const year = tzNow.getUTCFullYear()
+    const month = tzNow.getUTCMonth()
+    const day = tzNow.getUTCDate()
+
+    let resetAtMs = Date.UTC(year, month, day, resetHour, resetMinute, 0, 0) - offsetMs
+    if (resetAtMs <= now.getTime()) {
+      resetAtMs += 24 * 60 * 60 * 1000
+    }
+
+    return new Date(resetAtMs).toISOString()
+  }
+
+  _buildResponse(balanceData, accountId, platform, source, ttlSeconds = null, extraData = {}) {
+    const now = new Date()
+
+    const amount = typeof balanceData.balance === 'number' ? balanceData.balance : null
+    const currency = balanceData.currency || 'USD'
+
+    let cacheExpiresAt = null
+    if (source === 'cache') {
+      const ttl =
+        typeof ttlSeconds === 'number' && ttlSeconds > 0 ? ttlSeconds : this.CACHE_TTL_SECONDS
+      cacheExpiresAt = new Date(Date.now() + ttl * 1000).toISOString()
+    }
+
+    return {
+      success: true,
+      data: {
+        accountId,
+        platform,
+        balance:
+          typeof amount === 'number'
+            ? {
+                amount,
+                currency,
+                formattedAmount: this._formatCurrency(amount, currency)
+              }
+            : null,
+        quota: balanceData.quota || null,
+        statistics: balanceData.statistics || {},
+        source,
+        lastRefreshAt: balanceData.lastRefreshAt || now.toISOString(),
+        cacheExpiresAt,
+        status: balanceData.status || 'success',
+        error: balanceData.errorMessage || null,
+        ...(extraData && typeof extraData === 'object' ? extraData : {})
+      }
+    }
+  }
+
+  _formatCurrency(amount, currency = 'USD') {
+    try {
+      if (typeof amount !== 'number' || !Number.isFinite(amount)) {
+        return 'N/A'
+      }
+      return new Intl.NumberFormat('en-US', { style: 'currency', currency }).format(amount)
+    } catch (error) {
+      return `$${amount.toFixed(2)}`
+    }
+  }
+
+  _parseBoolean(value) {
+    if (typeof value === 'boolean') {
+      return value
+    }
+    if (typeof value !== 'string') {
+      return null
+    }
+    const normalized = value.trim().toLowerCase()
+    if (normalized === 'true' || normalized === '1' || normalized === 'yes') {
+      return true
+    }
+    if (normalized === 'false' || normalized === '0' || normalized === 'no') {
+      return false
+    }
+    return null
+  }
+
+  _parseQueryMode(value) {
+    if (value === 'auto') {
+      return 'auto'
+    }
+    const parsed = this._parseBoolean(value)
+    return parsed ? 'api' : 'local'
+  }
+
+  async _mapWithConcurrency(items, limit, mapper) {
+    const concurrency = Math.max(1, Number(limit) || 1)
+    const list = Array.isArray(items) ? items : []
+
+    const results = new Array(list.length)
+    let nextIndex = 0
+
+    const workers = new Array(Math.min(concurrency, list.length)).fill(null).map(async () => {
+      while (nextIndex < list.length) {
+        const currentIndex = nextIndex
+        nextIndex += 1
+        results[currentIndex] = await mapper(list[currentIndex], currentIndex)
+      }
+    })
+
+    await Promise.all(workers)
+    return results
+  }
+}
+
+const accountBalanceService = new AccountBalanceService()
+module.exports = accountBalanceService
+module.exports.AccountBalanceService = AccountBalanceService

src/services/antigravityClient.js

@@ -0,0 +1,594 @@
+const axios = require('axios')
+const https = require('https')
+const { v4: uuidv4 } = require('uuid')
+
+const ProxyHelper = require('../utils/proxyHelper')
+const logger = require('../utils/logger')
+const {
+  mapAntigravityUpstreamModel,
+  normalizeAntigravityModelInput,
+  getAntigravityModelMetadata
+} = require('../utils/antigravityModel')
+const { cleanJsonSchemaForGemini } = require('../utils/geminiSchemaCleaner')
+const { dumpAntigravityUpstreamRequest } = require('../utils/antigravityUpstreamDump')
+
+const keepAliveAgent = new https.Agent({
+  keepAlive: true,
+  keepAliveMsecs: 30000,
+  timeout: 120000,
+  maxSockets: 100,
+  maxFreeSockets: 10
+})
+
+function getAntigravityApiUrl() {
+  return process.env.ANTIGRAVITY_API_URL || 'https://daily-cloudcode-pa.sandbox.googleapis.com'
+}
+
+function normalizeBaseUrl(url) {
+  const str = String(url || '').trim()
+  return str.endsWith('/') ? str.slice(0, -1) : str
+}
+
+function getAntigravityApiUrlCandidates() {
+  const configured = normalizeBaseUrl(getAntigravityApiUrl())
+  const daily = 'https://daily-cloudcode-pa.sandbox.googleapis.com'
+  const prod = 'https://cloudcode-pa.googleapis.com'
+
+  // 若显式配置了自定义 base url，则只使用该地址（不做 fallback，避免意外路由到别的环境）。
+  if (process.env.ANTIGRAVITY_API_URL) {
+    return [configured]
+  }
+
+  // 默认行为：优先 daily（与旧逻辑一致），失败时再尝试 prod（对齐 CLIProxyAPI）。
+  if (configured === normalizeBaseUrl(daily)) {
+    return [configured, prod]
+  }
+  if (configured === normalizeBaseUrl(prod)) {
+    return [configured, daily]
+  }
+
+  return [configured, prod, daily].filter(Boolean)
+}
+
+function getAntigravityHeaders(accessToken, baseUrl) {
+  const resolvedBaseUrl = baseUrl || getAntigravityApiUrl()
+  let host = 'daily-cloudcode-pa.sandbox.googleapis.com'
+  try {
+    host = new URL(resolvedBaseUrl).host || host
+  } catch (e) {
+    // ignore
+  }
+
+  return {
+    Host: host,
+    'User-Agent': process.env.ANTIGRAVITY_USER_AGENT || 'antigravity/1.11.3 windows/amd64',
+    Authorization: `Bearer ${accessToken}`,
+    'Content-Type': 'application/json',
+    'Accept-Encoding': 'gzip'
+  }
+}
+
+function generateAntigravityProjectId() {
+  return `ag-${uuidv4().replace(/-/g, '').slice(0, 16)}`
+}
+
+function generateAntigravitySessionId() {
+  return `sess-${uuidv4()}`
+}
+
+function resolveAntigravityProjectId(projectId, requestData) {
+  const candidate = projectId || requestData?.project || requestData?.projectId || null
+  return candidate || generateAntigravityProjectId()
+}
+
+function resolveAntigravitySessionId(sessionId, requestData) {
+  const candidate =
+    sessionId || requestData?.request?.sessionId || requestData?.request?.session_id || null
+  return candidate || generateAntigravitySessionId()
+}
+
+function buildAntigravityEnvelope({ requestData, projectId, sessionId, userPromptId }) {
+  const model = mapAntigravityUpstreamModel(requestData?.model)
+  const resolvedProjectId = resolveAntigravityProjectId(projectId, requestData)
+  const resolvedSessionId = resolveAntigravitySessionId(sessionId, requestData)
+  const requestPayload = {
+    ...(requestData?.request || {})
+  }
+
+  if (requestPayload.session_id !== undefined) {
+    delete requestPayload.session_id
+  }
+  requestPayload.sessionId = resolvedSessionId
+
+  const envelope = {
+    project: resolvedProjectId,
+    requestId: `req-${uuidv4()}`,
+    model,
+    userAgent: 'antigravity',
+    request: {
+      ...requestPayload
+    }
+  }
+
+  if (userPromptId) {
+    envelope.user_prompt_id = userPromptId
+    envelope.userPromptId = userPromptId
+  }
+
+  normalizeAntigravityEnvelope(envelope)
+  return { model, envelope }
+}
+
+function normalizeAntigravityThinking(model, requestPayload) {
+  if (!requestPayload || typeof requestPayload !== 'object') {
+    return
+  }
+
+  const { generationConfig } = requestPayload
+  if (!generationConfig || typeof generationConfig !== 'object') {
+    return
+  }
+  const { thinkingConfig } = generationConfig
+  if (!thinkingConfig || typeof thinkingConfig !== 'object') {
+    return
+  }
+
+  const normalizedModel = normalizeAntigravityModelInput(model)
+  if (thinkingConfig.thinkingLevel && !normalizedModel.startsWith('gemini-3-')) {
+    delete thinkingConfig.thinkingLevel
+  }
+
+  const metadata = getAntigravityModelMetadata(normalizedModel)
+  if (metadata && !metadata.thinking) {
+    delete generationConfig.thinkingConfig
+    return
+  }
+  if (!metadata || !metadata.thinking) {
+    return
+  }
+
+  const budgetRaw = Number(thinkingConfig.thinkingBudget)
+  if (!Number.isFinite(budgetRaw)) {
+    return
+  }
+  let budget = Math.trunc(budgetRaw)
+
+  const minBudget = Number.isFinite(metadata.thinking.min) ? metadata.thinking.min : null
+  const maxBudget = Number.isFinite(metadata.thinking.max) ? metadata.thinking.max : null
+
+  if (maxBudget !== null && budget > maxBudget) {
+    budget = maxBudget
+  }
+
+  let effectiveMax = Number.isFinite(generationConfig.maxOutputTokens)
+    ? generationConfig.maxOutputTokens
+    : null
+  let setDefaultMax = false
+  if (!effectiveMax && metadata.maxCompletionTokens) {
+    effectiveMax = metadata.maxCompletionTokens
+    setDefaultMax = true
+  }
+
+  if (effectiveMax && budget >= effectiveMax) {
+    budget = Math.max(0, effectiveMax - 1)
+  }
+
+  if (minBudget !== null && budget >= 0 && budget < minBudget) {
+    delete generationConfig.thinkingConfig
+    return
+  }
+
+  thinkingConfig.thinkingBudget = budget
+  if (setDefaultMax) {
+    generationConfig.maxOutputTokens = effectiveMax
+  }
+}
+
+function normalizeAntigravityEnvelope(envelope) {
+  if (!envelope || typeof envelope !== 'object') {
+    return
+  }
+  const model = String(envelope.model || '')
+  const requestPayload = envelope.request
+  if (!requestPayload || typeof requestPayload !== 'object') {
+    return
+  }
+
+  if (requestPayload.safetySettings !== undefined) {
+    delete requestPayload.safetySettings
+  }
+
+  // 对齐 CLIProxyAPI：有 tools 时默认启用 VALIDATED（除非显式 NONE）
+  if (Array.isArray(requestPayload.tools) && requestPayload.tools.length > 0) {
+    const existing = requestPayload?.toolConfig?.functionCallingConfig || null
+    if (existing?.mode !== 'NONE') {
+      const nextCfg = { ...(existing || {}), mode: 'VALIDATED' }
+      requestPayload.toolConfig = { functionCallingConfig: nextCfg }
+    }
+  }
+
+  // 对齐 CLIProxyAPI：非 Claude 模型移除 maxOutputTokens（Antigravity 环境不稳定）
+  normalizeAntigravityThinking(model, requestPayload)
+  if (!model.includes('claude')) {
+    if (requestPayload.generationConfig && typeof requestPayload.generationConfig === 'object') {
+      delete requestPayload.generationConfig.maxOutputTokens
+    }
+    return
+  }
+
+  // Claude 模型：parametersJsonSchema -> parameters + schema 清洗（避免 $schema / additionalProperties 等触发 400）
+  if (!Array.isArray(requestPayload.tools)) {
+    return
+  }
+
+  for (const tool of requestPayload.tools) {
+    if (!tool || typeof tool !== 'object') {
+      continue
+    }
+    const decls = Array.isArray(tool.functionDeclarations)
+      ? tool.functionDeclarations
+      : Array.isArray(tool.function_declarations)
+        ? tool.function_declarations
+        : null
+
+    if (!decls) {
+      continue
+    }
+
+    for (const decl of decls) {
+      if (!decl || typeof decl !== 'object') {
+        continue
+      }
+      let schema =
+        decl.parametersJsonSchema !== undefined ? decl.parametersJsonSchema : decl.parameters
+      if (typeof schema === 'string' && schema) {
+        try {
+          schema = JSON.parse(schema)
+        } catch (_) {
+          schema = null
+        }
+      }
+
+      decl.parameters = cleanJsonSchemaForGemini(schema)
+      delete decl.parametersJsonSchema
+    }
+  }
+}
+
+async function request({
+  accessToken,
+  proxyConfig = null,
+  requestData,
+  projectId = null,
+  sessionId = null,
+  userPromptId = null,
+  stream = false,
+  signal = null,
+  params = null,
+  timeoutMs = null
+}) {
+  const { model, envelope } = buildAntigravityEnvelope({
+    requestData,
+    projectId,
+    sessionId,
+    userPromptId
+  })
+
+  const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
+  let endpoints = getAntigravityApiUrlCandidates()
+
+  // Claude 模型在 sandbox(daily) 环境下对 tool_use/tool_result 的兼容性不稳定，优先走 prod。
+  // 保持可配置优先：若用户显式设置了 ANTIGRAVITY_API_URL，则不改变顺序。
+  if (!process.env.ANTIGRAVITY_API_URL && String(model).includes('claude')) {
+    const prodHost = 'cloudcode-pa.googleapis.com'
+    const dailyHost = 'daily-cloudcode-pa.sandbox.googleapis.com'
+    const ordered = []
+    for (const u of endpoints) {
+      if (String(u).includes(prodHost)) {
+        ordered.push(u)
+      }
+    }
+    for (const u of endpoints) {
+      if (!String(u).includes(prodHost)) {
+        ordered.push(u)
+      }
+    }
+    // 去重并保持 prod -> daily 的稳定顺序
+    endpoints = Array.from(new Set(ordered)).sort((a, b) => {
+      const av = String(a)
+      const bv = String(b)
+      const aScore = av.includes(prodHost) ? 0 : av.includes(dailyHost) ? 1 : 2
+      const bScore = bv.includes(prodHost) ? 0 : bv.includes(dailyHost) ? 1 : 2
+      return aScore - bScore
+    })
+  }
+
+  const isRetryable = (error) => {
+    // 处理网络层面的连接重置或超时（常见于长请求被中间节点切断）
+    if (error.code === 'ECONNRESET' || error.code === 'ETIMEDOUT') {
+      return true
+    }
+
+    const status = error?.response?.status
+    if (status === 429) {
+      return true
+    }
+
+    // 400/404 的 “model unavailable / not found” 在不同环境间可能表现不同，允许 fallback。
+    if (status === 400 || status === 404) {
+      const data = error?.response?.data
+      const safeToString = (value) => {
+        if (typeof value === 'string') {
+          return value
+        }
+        if (value === null || value === undefined) {
+          return ''
+        }
+        // axios responseType=stream 时，data 可能是 stream（存在循环引用），不能 JSON.stringify
+        if (typeof value === 'object' && typeof value.pipe === 'function') {
+          return ''
+        }
+        if (Buffer.isBuffer(value)) {
+          try {
+            return value.toString('utf8')
+          } catch (_) {
+            return ''
+          }
+        }
+        if (typeof value === 'object') {
+          try {
+            return JSON.stringify(value)
+          } catch (_) {
+            return ''
+          }
+        }
+        return String(value)
+      }
+
+      const text = safeToString(data)
+      const msg = (text || '').toLowerCase()
+      return (
+        msg.includes('requested model is currently unavailable') ||
+        msg.includes('tool_use') ||
+        msg.includes('tool_result') ||
+        msg.includes('requested entity was not found') ||
+        msg.includes('not found')
+      )
+    }
+
+    return false
+  }
+
+  let lastError = null
+  let retriedAfterDelay = false
+
+  const attemptRequest = async () => {
+    for (let index = 0; index < endpoints.length; index += 1) {
+      const baseUrl = endpoints[index]
+      const url = `${baseUrl}/v1internal:${stream ? 'streamGenerateContent' : 'generateContent'}`
+
+      const axiosConfig = {
+        url,
+        method: 'POST',
+        ...(params ? { params } : {}),
+        headers: getAntigravityHeaders(accessToken, baseUrl),
+        data: envelope,
+        timeout: stream ? 0 : timeoutMs || 600000,
+        ...(stream ? { responseType: 'stream' } : {})
+      }
+
+      if (proxyAgent) {
+        axiosConfig.httpsAgent = proxyAgent
+        axiosConfig.proxy = false
+        if (index === 0) {
+          logger.info(
+            `🌐 Using proxy for Antigravity ${stream ? 'streamGenerateContent' : 'generateContent'}: ${ProxyHelper.getProxyDescription(proxyConfig)}`
+          )
+        }
+      } else {
+        axiosConfig.httpsAgent = keepAliveAgent
+      }
+
+      if (signal) {
+        axiosConfig.signal = signal
+      }
+
+      try {
+        dumpAntigravityUpstreamRequest({
+          requestId: envelope.requestId,
+          model,
+          stream,
+          url,
+          baseUrl,
+          params: axiosConfig.params || null,
+          headers: axiosConfig.headers,
+          envelope
+        }).catch(() => {})
+        const response = await axios(axiosConfig)
+        return { model, response }
+      } catch (error) {
+        lastError = error
+        const status = error?.response?.status || null
+
+        const hasNext = index + 1 < endpoints.length
+        if (hasNext && isRetryable(error)) {
+          logger.warn('⚠️ Antigravity upstream error, retrying with fallback baseUrl', {
+            status,
+            from: baseUrl,
+            to: endpoints[index + 1],
+            model
+          })
+          continue
+        }
+        throw error
+      }
+    }
+
+    throw lastError || new Error('Antigravity request failed')
+  }
+
+  try {
+    return await attemptRequest()
+  } catch (error) {
+    // 如果是 429 RESOURCE_EXHAUSTED 且尚未重试过，等待 2 秒后重试一次
+    const status = error?.response?.status
+    if (status === 429 && !retriedAfterDelay && !signal?.aborted) {
+      const data = error?.response?.data
+
+      // 安全地将 data 转为字符串，避免 stream 对象导致循环引用崩溃
+      const safeDataToString = (value) => {
+        if (typeof value === 'string') {
+          return value
+        }
+        if (value === null || value === undefined) {
+          return ''
+        }
+        // stream 对象存在循环引用，不能 JSON.stringify
+        if (typeof value === 'object' && typeof value.pipe === 'function') {
+          return ''
+        }
+        if (Buffer.isBuffer(value)) {
+          try {
+            return value.toString('utf8')
+          } catch (_) {
+            return ''
+          }
+        }
+        if (typeof value === 'object') {
+          try {
+            return JSON.stringify(value)
+          } catch (_) {
+            return ''
+          }
+        }
+        return String(value)
+      }
+
+      const msg = safeDataToString(data)
+      if (
+        msg.toLowerCase().includes('resource_exhausted') ||
+        msg.toLowerCase().includes('no capacity')
+      ) {
+        retriedAfterDelay = true
+        logger.warn('⏳ Antigravity 429 RESOURCE_EXHAUSTED, waiting 2s before retry', { model })
+        await new Promise((resolve) => setTimeout(resolve, 2000))
+        return await attemptRequest()
+      }
+    }
+    throw error
+  }
+}
+
+async function fetchAvailableModels({ accessToken, proxyConfig = null, timeoutMs = 30000 }) {
+  const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
+  const endpoints = getAntigravityApiUrlCandidates()
+
+  let lastError = null
+  for (let index = 0; index < endpoints.length; index += 1) {
+    const baseUrl = endpoints[index]
+    const url = `${baseUrl}/v1internal:fetchAvailableModels`
+
+    const axiosConfig = {
+      url,
+      method: 'POST',
+      headers: getAntigravityHeaders(accessToken, baseUrl),
+      data: {},
+      timeout: timeoutMs
+    }
+
+    if (proxyAgent) {
+      axiosConfig.httpsAgent = proxyAgent
+      axiosConfig.proxy = false
+      if (index === 0) {
+        logger.info(
+          `🌐 Using proxy for Antigravity fetchAvailableModels: ${ProxyHelper.getProxyDescription(proxyConfig)}`
+        )
+      }
+    } else {
+      axiosConfig.httpsAgent = keepAliveAgent
+    }
+
+    try {
+      const response = await axios(axiosConfig)
+      return response.data
+    } catch (error) {
+      lastError = error
+      const status = error?.response?.status
+      const hasNext = index + 1 < endpoints.length
+      if (hasNext && (status === 429 || status === 404)) {
+        continue
+      }
+      throw error
+    }
+  }
+
+  throw lastError || new Error('Antigravity fetchAvailableModels failed')
+}
+
+async function countTokens({
+  accessToken,
+  proxyConfig = null,
+  contents,
+  model,
+  timeoutMs = 30000
+}) {
+  const upstreamModel = mapAntigravityUpstreamModel(model)
+
+  const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
+  const endpoints = getAntigravityApiUrlCandidates()
+
+  let lastError = null
+  for (let index = 0; index < endpoints.length; index += 1) {
+    const baseUrl = endpoints[index]
+    const url = `${baseUrl}/v1internal:countTokens`
+    const axiosConfig = {
+      url,
+      method: 'POST',
+      headers: getAntigravityHeaders(accessToken, baseUrl),
+      data: {
+        request: {
+          model: `models/${upstreamModel}`,
+          contents
+        }
+      },
+      timeout: timeoutMs
+    }
+
+    if (proxyAgent) {
+      axiosConfig.httpsAgent = proxyAgent
+      axiosConfig.proxy = false
+      if (index === 0) {
+        logger.info(
+          `🌐 Using proxy for Antigravity countTokens: ${ProxyHelper.getProxyDescription(proxyConfig)}`
+        )
+      }
+    } else {
+      axiosConfig.httpsAgent = keepAliveAgent
+    }
+
+    try {
+      const response = await axios(axiosConfig)
+      return response.data
+    } catch (error) {
+      lastError = error
+      const status = error?.response?.status
+      const hasNext = index + 1 < endpoints.length
+      if (hasNext && (status === 429 || status === 404)) {
+        continue
+      }
+      throw error
+    }
+  }
+
+  throw lastError || new Error('Antigravity countTokens failed')
+}
+
+module.exports = {
+  getAntigravityApiUrl,
+  getAntigravityApiUrlCandidates,
+  getAntigravityHeaders,
+  buildAntigravityEnvelope,
+  request,
+  fetchAvailableModels,
+  countTokens
+}

src/services/antigravityRelayService.js

@@ -0,0 +1,170 @@
+const apiKeyService = require('./apiKeyService')
+const { convertMessagesToGemini, convertGeminiResponse } = require('./geminiRelayService')
+const { normalizeAntigravityModelInput } = require('../utils/antigravityModel')
+const antigravityClient = require('./antigravityClient')
+
+function buildRequestData({ messages, model, temperature, maxTokens, sessionId }) {
+  const requestedModel = normalizeAntigravityModelInput(model)
+  const { contents, systemInstruction } = convertMessagesToGemini(messages)
+
+  const requestData = {
+    model: requestedModel,
+    request: {
+      contents,
+      generationConfig: {
+        temperature,
+        maxOutputTokens: maxTokens,
+        candidateCount: 1,
+        topP: 0.95,
+        topK: 40
+      },
+      ...(sessionId ? { sessionId } : {})
+    }
+  }
+
+  if (systemInstruction) {
+    requestData.request.systemInstruction = { parts: [{ text: systemInstruction }] }
+  }
+
+  return requestData
+}
+
+async function* handleStreamResponse(response, model, apiKeyId, accountId) {
+  let buffer = ''
+  let totalUsage = {
+    promptTokenCount: 0,
+    candidatesTokenCount: 0,
+    totalTokenCount: 0
+  }
+  let usageRecorded = false
+
+  try {
+    for await (const chunk of response.data) {
+      buffer += chunk.toString()
+
+      const lines = buffer.split('\n')
+      buffer = lines.pop() || ''
+
+      for (const line of lines) {
+        if (!line.trim()) {
+          continue
+        }
+
+        let jsonData = line
+        if (line.startsWith('data: ')) {
+          jsonData = line.substring(6).trim()
+        }
+
+        if (!jsonData || jsonData === '[DONE]') {
+          continue
+        }
+
+        try {
+          const data = JSON.parse(jsonData)
+          const payload = data?.response || data
+
+          if (payload?.usageMetadata) {
+            totalUsage = payload.usageMetadata
+          }
+
+          const openaiChunk = convertGeminiResponse(payload, model, true)
+          if (openaiChunk) {
+            yield `data: ${JSON.stringify(openaiChunk)}\n\n`
+            const finishReason = openaiChunk.choices?.[0]?.finish_reason
+            if (finishReason === 'stop') {
+              yield 'data: [DONE]\n\n'
+
+              if (apiKeyId && totalUsage.totalTokenCount > 0) {
+                await apiKeyService.recordUsage(
+                  apiKeyId,
+                  totalUsage.promptTokenCount || 0,
+                  totalUsage.candidatesTokenCount || 0,
+                  0,
+                  0,
+                  model,
+                  accountId
+                )
+                usageRecorded = true
+              }
+              return
+            }
+          }
+        } catch (e) {
+          // ignore chunk parse errors
+        }
+      }
+    }
+  } finally {
+    if (!usageRecorded && apiKeyId && totalUsage.totalTokenCount > 0) {
+      await apiKeyService.recordUsage(
+        apiKeyId,
+        totalUsage.promptTokenCount || 0,
+        totalUsage.candidatesTokenCount || 0,
+        0,
+        0,
+        model,
+        accountId
+      )
+    }
+  }
+}
+
+async function sendAntigravityRequest({
+  messages,
+  model,
+  temperature = 0.7,
+  maxTokens = 4096,
+  stream = false,
+  accessToken,
+  proxy,
+  apiKeyId,
+  signal,
+  projectId,
+  accountId = null
+}) {
+  const requestedModel = normalizeAntigravityModelInput(model)
+
+  const requestData = buildRequestData({
+    messages,
+    model: requestedModel,
+    temperature,
+    maxTokens,
+    sessionId: apiKeyId
+  })
+
+  const { response } = await antigravityClient.request({
+    accessToken,
+    proxyConfig: proxy,
+    requestData,
+    projectId,
+    sessionId: apiKeyId,
+    stream,
+    signal,
+    params: { alt: 'sse' }
+  })
+
+  if (stream) {
+    return handleStreamResponse(response, requestedModel, apiKeyId, accountId)
+  }
+
+  const payload = response.data?.response || response.data
+  const openaiResponse = convertGeminiResponse(payload, requestedModel, false)
+
+  if (apiKeyId && openaiResponse?.usage) {
+    await apiKeyService.recordUsage(
+      apiKeyId,
+      openaiResponse.usage.prompt_tokens || 0,
+      openaiResponse.usage.completion_tokens || 0,
+      0,
+      0,
+      requestedModel,
+      accountId
+    )
+  }
+
+  return openaiResponse
+}
+
+module.exports = {
+  sendAntigravityRequest
+}

src/services/apiKeyService.js

@@ -37,6 +37,51 @@ const ACCOUNT_CATEGORY_MAP = {
   droid: 'droid'
 }
 
+/**
+ * 规范化权限数据，兼容旧格式（字符串）和新格式（数组）
+ * @param {string|array} permissions - 权限数据
+ * @returns {array} - 权限数组，空数组表示全部服务
+ */
+function normalizePermissions(permissions) {
+  if (!permissions) {
+    return [] // 空 = 全部服务
+  }
+  if (Array.isArray(permissions)) {
+    return permissions
+  }
+  // 尝试解析 JSON 字符串（新格式存储）
+  if (typeof permissions === 'string') {
+    if (permissions.startsWith('[')) {
+      try {
+        const parsed = JSON.parse(permissions)
+        if (Array.isArray(parsed)) {
+          return parsed
+        }
+      } catch (e) {
+        // 解析失败，继续处理为普通字符串
+      }
+    }
+    // 旧格式 'all' 转为空数组
+    if (permissions === 'all') {
+      return []
+    }
+    // 旧单个字符串转为数组
+    return [permissions]
+  }
+  return []
+}
+
+/**
+ * 检查是否有访问特定服务的权限
+ * @param {string|array} permissions - 权限数据
+ * @param {string} service - 服务名称（claude/gemini/openai/droid）
+ * @returns {boolean} - 是否有权限
+ */
+function hasPermission(permissions, service) {
+  const perms = normalizePermissions(permissions)
+  return perms.length === 0 || perms.includes(service) // 空数组 = 全部服务
+}
+
 function normalizeAccountTypeKey(type) {
   if (!type) {
     return null
@@ -89,7 +134,7 @@ class ApiKeyService {
       azureOpenaiAccountId = null,
       bedrockAccountId = null, // 添加 Bedrock 账号ID支持
       droidAccountId = null,
-      permissions = 'all', // 可选值：'claude'、'gemini'、'openai'、'droid' 或 'all'
+      permissions = [], // 数组格式，空数组表示全部服务，如 ['claude', 'gemini']
       isActive = true,
       concurrencyLimit = 0,
       rateLimitWindow = null,
@@ -132,7 +177,7 @@ class ApiKeyService {
       azureOpenaiAccountId: azureOpenaiAccountId || '',
       bedrockAccountId: bedrockAccountId || '', // 添加 Bedrock 账号ID
       droidAccountId: droidAccountId || '',
-      permissions: permissions || 'all',
+      permissions: JSON.stringify(normalizePermissions(permissions)),
       enableModelRestriction: String(enableModelRestriction),
       restrictedModels: JSON.stringify(restrictedModels || []),
       enableClientRestriction: String(enableClientRestriction || false),
@@ -186,7 +231,7 @@ class ApiKeyService {
       azureOpenaiAccountId: keyData.azureOpenaiAccountId,
       bedrockAccountId: keyData.bedrockAccountId, // 添加 Bedrock 账号ID
       droidAccountId: keyData.droidAccountId,
-      permissions: keyData.permissions,
+      permissions: normalizePermissions(keyData.permissions),
       enableModelRestriction: keyData.enableModelRestriction === 'true',
       restrictedModels: JSON.parse(keyData.restrictedModels),
       enableClientRestriction: keyData.enableClientRestriction === 'true',
@@ -338,7 +383,7 @@ class ApiKeyService {
           azureOpenaiAccountId: keyData.azureOpenaiAccountId,
           bedrockAccountId: keyData.bedrockAccountId, // 添加 Bedrock 账号ID
           droidAccountId: keyData.droidAccountId,
-          permissions: keyData.permissions || 'all',
+          permissions: normalizePermissions(keyData.permissions),
           tokenLimit: parseInt(keyData.tokenLimit),
           concurrencyLimit: parseInt(keyData.concurrencyLimit || 0),
           rateLimitWindow: parseInt(keyData.rateLimitWindow || 0),
@@ -467,7 +512,7 @@ class ApiKeyService {
           azureOpenaiAccountId: keyData.azureOpenaiAccountId,
           bedrockAccountId: keyData.bedrockAccountId,
           droidAccountId: keyData.droidAccountId,
-          permissions: keyData.permissions || 'all',
+          permissions: normalizePermissions(keyData.permissions),
           tokenLimit: parseInt(keyData.tokenLimit),
           concurrencyLimit: parseInt(keyData.concurrencyLimit || 0),
           rateLimitWindow: parseInt(keyData.rateLimitWindow || 0),
@@ -525,7 +570,7 @@ class ApiKeyService {
         key.isActive = key.isActive === 'true'
         key.enableModelRestriction = key.enableModelRestriction === 'true'
         key.enableClientRestriction = key.enableClientRestriction === 'true'
-        key.permissions = key.permissions || 'all' // 兼容旧数据
+        key.permissions = normalizePermissions(key.permissions)
         key.dailyCostLimit = parseFloat(key.dailyCostLimit || 0)
         key.totalCostLimit = parseFloat(key.totalCostLimit || 0)
         key.weeklyOpusCostLimit = parseFloat(key.weeklyOpusCostLimit || 0)
@@ -1568,7 +1613,7 @@ class ApiKeyService {
         userId: keyData.userId,
         userUsername: keyData.userUsername,
         createdBy: keyData.createdBy,
-        permissions: keyData.permissions,
+        permissions: normalizePermissions(keyData.permissions),
         dailyCostLimit: parseFloat(keyData.dailyCostLimit || 0),
         totalCostLimit: parseFloat(keyData.totalCostLimit || 0),
         // 所有平台账户绑定字段
@@ -1820,4 +1865,8 @@ const apiKeyService = new ApiKeyService()
 // 为了方便其他服务调用，导出 recordUsage 方法
 apiKeyService.recordUsageMetrics = apiKeyService.recordUsage.bind(apiKeyService)
 
+// 导出权限辅助函数供路由使用
+apiKeyService.hasPermission = hasPermission
+apiKeyService.normalizePermissions = normalizePermissions
+
 module.exports = apiKeyService

src/services/balanceProviders/baseBalanceProvider.js

@@ -0,0 +1,133 @@
+const axios = require('axios')
+const logger = require('../../utils/logger')
+const ProxyHelper = require('../../utils/proxyHelper')
+
+/**
+ * Provider 抽象基类
+ * 各平台 Provider 需继承并实现 queryBalance(account)
+ */
+class BaseBalanceProvider {
+  constructor(platform) {
+    this.platform = platform
+    this.logger = logger
+  }
+
+  /**
+   * 查询余额（抽象方法）
+   * @param {object} account - 账户对象
+   * @returns {Promise<object>}
+   * 形如：
+   * {
+   *   balance: number|null,
+   *   currency?: string,
+   *   quota?: { daily, used, remaining, resetAt, percentage, unlimited? },
+   *   queryMethod?: 'api'|'field'|'local',
+   *   rawData?: any
+   * }
+   */
+  async queryBalance(_account) {
+    throw new Error('queryBalance 方法必须由子类实现')
+  }
+
+  /**
+   * 通用 HTTP 请求方法（支持代理）
+   * @param {string} url
+   * @param {object} options
+   * @param {object} account
+   */
+  async makeRequest(url, options = {}, account = {}) {
+    const config = {
+      url,
+      method: options.method || 'GET',
+      headers: options.headers || {},
+      timeout: options.timeout || 15000,
+      data: options.data,
+      params: options.params,
+      responseType: options.responseType
+    }
+
+    const proxyConfig = account.proxyConfig || account.proxy
+    if (proxyConfig) {
+      const agent = ProxyHelper.createProxyAgent(proxyConfig)
+      if (agent) {
+        config.httpAgent = agent
+        config.httpsAgent = agent
+        config.proxy = false
+      }
+    }
+
+    try {
+      const response = await axios(config)
+      return {
+        success: true,
+        data: response.data,
+        status: response.status,
+        headers: response.headers
+      }
+    } catch (error) {
+      const status = error.response?.status
+      const message = error.response?.data?.message || error.message || '请求失败'
+      this.logger.debug(`余额 Provider HTTP 请求失败: ${url} (${this.platform})`, {
+        status,
+        message
+      })
+      return { success: false, status, error: message }
+    }
+  }
+
+  /**
+   * 从账户字段读取 dailyQuota / dailyUsage（通用降级方案）
+   * 注意：部分平台 dailyUsage 字段可能不是实时值，最终以 AccountBalanceService 的本地统计为准
+   */
+  readQuotaFromFields(account) {
+    const dailyQuota = Number(account?.dailyQuota || 0)
+    const dailyUsage = Number(account?.dailyUsage || 0)
+
+    // 无限制
+    if (!Number.isFinite(dailyQuota) || dailyQuota <= 0) {
+      return {
+        balance: null,
+        currency: 'USD',
+        quota: {
+          daily: Infinity,
+          used: Number.isFinite(dailyUsage) ? dailyUsage : 0,
+          remaining: Infinity,
+          percentage: 0,
+          unlimited: true
+        },
+        queryMethod: 'field'
+      }
+    }
+
+    const used = Number.isFinite(dailyUsage) ? dailyUsage : 0
+    const remaining = Math.max(0, dailyQuota - used)
+    const percentage = dailyQuota > 0 ? (used / dailyQuota) * 100 : 0
+
+    return {
+      balance: remaining,
+      currency: 'USD',
+      quota: {
+        daily: dailyQuota,
+        used,
+        remaining,
+        percentage: Math.round(percentage * 100) / 100
+      },
+      queryMethod: 'field'
+    }
+  }
+
+  parseCurrency(data) {
+    return data?.currency || data?.Currency || 'USD'
+  }
+
+  async safeExecute(fn, fallbackValue = null) {
+    try {
+      return await fn()
+    } catch (error) {
+      this.logger.error(`余额 Provider 执行失败: ${this.platform}`, error)
+      return fallbackValue
+    }
+  }
+}
+
+module.exports = BaseBalanceProvider

src/services/balanceProviders/claudeBalanceProvider.js

@@ -0,0 +1,30 @@
+const BaseBalanceProvider = require('./baseBalanceProvider')
+const claudeAccountService = require('../claudeAccountService')
+
+class ClaudeBalanceProvider extends BaseBalanceProvider {
+  constructor() {
+    super('claude')
+  }
+
+  /**
+   * Claude（OAuth）：优先尝试获取 OAuth usage（用于配额/使用信息），不强行提供余额金额
+   */
+  async queryBalance(account) {
+    this.logger.debug(`查询 Claude 余额（OAuth usage）: ${account?.id}`)
+
+    // 仅 OAuth 账户可用；失败时降级
+    const usageData = await claudeAccountService.fetchOAuthUsage(account.id).catch(() => null)
+    if (!usageData) {
+      return { balance: null, currency: 'USD', queryMethod: 'local' }
+    }
+
+    return {
+      balance: null,
+      currency: 'USD',
+      queryMethod: 'api',
+      rawData: usageData
+    }
+  }
+}
+
+module.exports = ClaudeBalanceProvider

src/services/balanceProviders/claudeConsoleBalanceProvider.js

@@ -0,0 +1,14 @@
+const BaseBalanceProvider = require('./baseBalanceProvider')
+
+class ClaudeConsoleBalanceProvider extends BaseBalanceProvider {
+  constructor() {
+    super('claude-console')
+  }
+
+  async queryBalance(account) {
+    this.logger.debug(`查询 Claude Console 余额（字段）: ${account?.id}`)
+    return this.readQuotaFromFields(account)
+  }
+}
+
+module.exports = ClaudeConsoleBalanceProvider

src/services/balanceProviders/geminiBalanceProvider.js

@@ -0,0 +1,250 @@
+const BaseBalanceProvider = require('./baseBalanceProvider')
+const antigravityClient = require('../antigravityClient')
+const geminiAccountService = require('../geminiAccountService')
+
+const OAUTH_PROVIDER_ANTIGRAVITY = 'antigravity'
+
+function clamp01(value) {
+  if (typeof value !== 'number' || !Number.isFinite(value)) {
+    return null
+  }
+  if (value < 0) {
+    return 0
+  }
+  if (value > 1) {
+    return 1
+  }
+  return value
+}
+
+function round2(value) {
+  if (typeof value !== 'number' || !Number.isFinite(value)) {
+    return null
+  }
+  return Math.round(value * 100) / 100
+}
+
+function normalizeQuotaCategory(displayName, modelId) {
+  const name = String(displayName || '')
+  const id = String(modelId || '')
+
+  if (name.includes('Gemini') && name.includes('Pro')) {
+    return 'Gemini Pro'
+  }
+  if (name.includes('Gemini') && name.includes('Flash')) {
+    return 'Gemini Flash'
+  }
+  if (name.includes('Gemini') && name.toLowerCase().includes('image')) {
+    return 'Gemini Image'
+  }
+
+  if (name.includes('Claude') || name.includes('GPT-OSS')) {
+    return 'Claude'
+  }
+
+  if (id.startsWith('gemini-3-pro-') || id.startsWith('gemini-2.5-pro')) {
+    return 'Gemini Pro'
+  }
+  if (id.startsWith('gemini-3-flash') || id.startsWith('gemini-2.5-flash')) {
+    return 'Gemini Flash'
+  }
+  if (id.includes('image')) {
+    return 'Gemini Image'
+  }
+  if (id.includes('claude') || id.includes('gpt-oss')) {
+    return 'Claude'
+  }
+
+  return name || id || 'Unknown'
+}
+
+function buildAntigravityQuota(modelsResponse) {
+  const models = modelsResponse && typeof modelsResponse === 'object' ? modelsResponse.models : null
+
+  if (!models || typeof models !== 'object') {
+    return null
+  }
+
+  const parseRemainingFraction = (quotaInfo) => {
+    if (!quotaInfo || typeof quotaInfo !== 'object') {
+      return null
+    }
+
+    const raw =
+      quotaInfo.remainingFraction ??
+      quotaInfo.remaining_fraction ??
+      quotaInfo.remaining ??
+      undefined
+
+    const num = typeof raw === 'number' ? raw : typeof raw === 'string' ? Number(raw) : NaN
+    if (!Number.isFinite(num)) {
+      return null
+    }
+
+    return clamp01(num)
+  }
+
+  const allowedCategories = new Set(['Gemini Pro', 'Claude', 'Gemini Flash', 'Gemini Image'])
+  const fixedOrder = ['Gemini Pro', 'Claude', 'Gemini Flash', 'Gemini Image']
+
+  const categoryMap = new Map()
+
+  for (const [modelId, modelDataRaw] of Object.entries(models)) {
+    if (!modelDataRaw || typeof modelDataRaw !== 'object') {
+      continue
+    }
+
+    const displayName = modelDataRaw.displayName || modelDataRaw.display_name || modelId
+    const quotaInfo = modelDataRaw.quotaInfo || modelDataRaw.quota_info || null
+
+    const remainingFraction = parseRemainingFraction(quotaInfo)
+    if (remainingFraction === null) {
+      continue
+    }
+
+    const remainingPercent = round2(remainingFraction * 100)
+    const usedPercent = round2(100 - remainingPercent)
+    const resetAt = quotaInfo?.resetTime || quotaInfo?.reset_time || null
+
+    const category = normalizeQuotaCategory(displayName, modelId)
+    if (!allowedCategories.has(category)) {
+      continue
+    }
+    const entry = {
+      category,
+      modelId,
+      displayName: String(displayName || modelId || category),
+      remainingPercent,
+      usedPercent,
+      resetAt: typeof resetAt === 'string' && resetAt.trim() ? resetAt : null
+    }
+
+    const existing = categoryMap.get(category)
+    if (!existing || entry.remainingPercent < existing.remainingPercent) {
+      categoryMap.set(category, entry)
+    }
+  }
+
+  const buckets = fixedOrder.map((category) => {
+    const existing = categoryMap.get(category) || null
+    if (existing) {
+      return existing
+    }
+    return {
+      category,
+      modelId: '',
+      displayName: category,
+      remainingPercent: null,
+      usedPercent: null,
+      resetAt: null
+    }
+  })
+
+  if (buckets.length === 0) {
+    return null
+  }
+
+  const critical = buckets
+    .filter((item) => item.remainingPercent !== null)
+    .reduce((min, item) => {
+      if (!min) {
+        return item
+      }
+      return (item.remainingPercent ?? 0) < (min.remainingPercent ?? 0) ? item : min
+    }, null)
+
+  if (!critical) {
+    return null
+  }
+
+  return {
+    balance: null,
+    currency: 'USD',
+    quota: {
+      type: 'antigravity',
+      total: 100,
+      used: critical.usedPercent,
+      remaining: critical.remainingPercent,
+      percentage: critical.usedPercent,
+      resetAt: critical.resetAt,
+      buckets: buckets.map((item) => ({
+        category: item.category,
+        remaining: item.remainingPercent,
+        used: item.usedPercent,
+        percentage: item.usedPercent,
+        resetAt: item.resetAt
+      }))
+    },
+    queryMethod: 'api',
+    rawData: {
+      modelsCount: Object.keys(models).length,
+      bucketCount: buckets.length
+    }
+  }
+}
+
+class GeminiBalanceProvider extends BaseBalanceProvider {
+  constructor() {
+    super('gemini')
+  }
+
+  async queryBalance(account) {
+    const oauthProvider = account?.oauthProvider
+    if (oauthProvider !== OAUTH_PROVIDER_ANTIGRAVITY) {
+      if (account && Object.prototype.hasOwnProperty.call(account, 'dailyQuota')) {
+        return this.readQuotaFromFields(account)
+      }
+      return { balance: null, currency: 'USD', queryMethod: 'local' }
+    }
+
+    const accessToken = String(account?.accessToken || '').trim()
+    const refreshToken = String(account?.refreshToken || '').trim()
+    const proxyConfig = account?.proxyConfig || account?.proxy || null
+
+    if (!accessToken) {
+      throw new Error('Antigravity 账户缺少 accessToken')
+    }
+
+    const fetch = async (token) =>
+      await antigravityClient.fetchAvailableModels({
+        accessToken: token,
+        proxyConfig
+      })
+
+    let data
+    try {
+      data = await fetch(accessToken)
+    } catch (error) {
+      const status = error?.response?.status
+      if ((status === 401 || status === 403) && refreshToken) {
+        const refreshed = await geminiAccountService.refreshAccessToken(
+          refreshToken,
+          proxyConfig,
+          OAUTH_PROVIDER_ANTIGRAVITY
+        )
+        const nextToken = String(refreshed?.access_token || '').trim()
+        if (!nextToken) {
+          throw error
+        }
+        data = await fetch(nextToken)
+      } else {
+        throw error
+      }
+    }
+
+    const mapped = buildAntigravityQuota(data)
+    if (!mapped) {
+      return {
+        balance: null,
+        currency: 'USD',
+        quota: null,
+        queryMethod: 'api',
+        rawData: data || null
+      }
+    }
+
+    return mapped
+  }
+}
+
+module.exports = GeminiBalanceProvider

src/services/balanceProviders/genericBalanceProvider.js

@@ -0,0 +1,23 @@
+const BaseBalanceProvider = require('./baseBalanceProvider')
+
+class GenericBalanceProvider extends BaseBalanceProvider {
+  constructor(platform) {
+    super(platform)
+  }
+
+  async queryBalance(account) {
+    this.logger.debug(`${this.platform} 暂无专用余额 API，实现降级策略`)
+
+    if (account && Object.prototype.hasOwnProperty.call(account, 'dailyQuota')) {
+      return this.readQuotaFromFields(account)
+    }
+
+    return {
+      balance: null,
+      currency: 'USD',
+      queryMethod: 'local'
+    }
+  }
+}
+
+module.exports = GenericBalanceProvider

src/services/balanceProviders/index.js

@@ -0,0 +1,25 @@
+const ClaudeBalanceProvider = require('./claudeBalanceProvider')
+const ClaudeConsoleBalanceProvider = require('./claudeConsoleBalanceProvider')
+const OpenAIResponsesBalanceProvider = require('./openaiResponsesBalanceProvider')
+const GenericBalanceProvider = require('./genericBalanceProvider')
+const GeminiBalanceProvider = require('./geminiBalanceProvider')
+
+function registerAllProviders(balanceService) {
+  // Claude
+  balanceService.registerProvider('claude', new ClaudeBalanceProvider())
+  balanceService.registerProvider('claude-console', new ClaudeConsoleBalanceProvider())
+
+  // OpenAI / Codex
+  balanceService.registerProvider('openai-responses', new OpenAIResponsesBalanceProvider())
+  balanceService.registerProvider('openai', new GenericBalanceProvider('openai'))
+  balanceService.registerProvider('azure_openai', new GenericBalanceProvider('azure_openai'))
+
+  // 其他平台（降级）
+  balanceService.registerProvider('gemini', new GeminiBalanceProvider())
+  balanceService.registerProvider('gemini-api', new GenericBalanceProvider('gemini-api'))
+  balanceService.registerProvider('bedrock', new GenericBalanceProvider('bedrock'))
+  balanceService.registerProvider('droid', new GenericBalanceProvider('droid'))
+  balanceService.registerProvider('ccr', new GenericBalanceProvider('ccr'))
+}
+
+module.exports = { registerAllProviders }

src/services/balanceProviders/openaiResponsesBalanceProvider.js

@@ -0,0 +1,54 @@
+const BaseBalanceProvider = require('./baseBalanceProvider')
+
+class OpenAIResponsesBalanceProvider extends BaseBalanceProvider {
+  constructor() {
+    super('openai-responses')
+  }
+
+  /**
+   * OpenAI-Responses：
+   * - 优先使用 dailyQuota 字段（如果配置了额度）
+   * - 可选：尝试调用兼容 API（不同服务商实现不一，失败自动降级）
+   */
+  async queryBalance(account) {
+    this.logger.debug(`查询 OpenAI Responses 余额: ${account?.id}`)
+
+    // 配置了额度时直接返回（字段法）
+    if (account?.dailyQuota && Number(account.dailyQuota) > 0) {
+      return this.readQuotaFromFields(account)
+    }
+
+    // 尝试调用 usage 接口（兼容性不保证）
+    if (account?.apiKey && account?.baseApi) {
+      const baseApi = String(account.baseApi).replace(/\/$/, '')
+      const response = await this.makeRequest(
+        `${baseApi}/v1/usage`,
+        {
+          method: 'GET',
+          headers: {
+            Authorization: `Bearer ${account.apiKey}`,
+            'Content-Type': 'application/json'
+          }
+        },
+        account
+      )
+
+      if (response.success) {
+        return {
+          balance: null,
+          currency: this.parseCurrency(response.data),
+          queryMethod: 'api',
+          rawData: response.data
+        }
+      }
+    }
+
+    return {
+      balance: null,
+      currency: 'USD',
+      queryMethod: 'local'
+    }
+  }
+}
+
+module.exports = OpenAIResponsesBalanceProvider

src/services/balanceScriptService.js

@@ -0,0 +1,210 @@
+const vm = require('vm')
+const axios = require('axios')
+const { isBalanceScriptEnabled } = require('../utils/featureFlags')
+
+/**
+ * SSRF防护：检查URL是否访问内网或敏感地址
+ * @param {string} url - 要检查的URL
+ * @returns {boolean} - true表示URL安全
+ */
+function isUrlSafe(url) {
+  try {
+    const parsed = new URL(url)
+    const hostname = parsed.hostname.toLowerCase()
+
+    // 禁止的协议
+    if (!['http:', 'https:'].includes(parsed.protocol)) {
+      return false
+    }
+
+    // 禁止访问localhost和私有IP
+    const privatePatterns = [
+      /^localhost$/i,
+      /^127\./,
+      /^10\./,
+      /^172\.(1[6-9]|2[0-9]|3[0-1])\./,
+      /^192\.168\./,
+      /^169\.254\./, // AWS metadata
+      /^0\./, // 0.0.0.0
+      /^::1$/,
+      /^fc00:/i,
+      /^fe80:/i,
+      /\.local$/i,
+      /\.internal$/i,
+      /\.localhost$/i
+    ]
+
+    for (const pattern of privatePatterns) {
+      if (pattern.test(hostname)) {
+        return false
+      }
+    }
+
+    return true
+  } catch {
+    return false
+  }
+}
+
+/**
+ * 可配置脚本余额查询执行器
+ * - 脚本格式：({ request: {...}, extractor: function(response){...} })
+ * - 模板变量：{{baseUrl}}, {{apiKey}}, {{token}}, {{accountId}}, {{platform}}, {{extra}}
+ */
+class BalanceScriptService {
+  /**
+   * 执行脚本：返回标准余额结构 + 原始响应
+   * @param {object} options
+   *  - scriptBody: string
+   *  - variables: Record<string,string>
+   *  - timeoutSeconds: number
+   */
+  async execute(options = {}) {
+    if (!isBalanceScriptEnabled()) {
+      const error = new Error('余额脚本功能已禁用（可通过 BALANCE_SCRIPT_ENABLED=true 启用）')
+      error.code = 'BALANCE_SCRIPT_DISABLED'
+      throw error
+    }
+
+    const scriptBody = options.scriptBody?.trim()
+    if (!scriptBody) {
+      throw new Error('脚本内容为空')
+    }
+
+    const timeoutMs = Math.max(1, (options.timeoutSeconds || 10) * 1000)
+    const sandbox = {
+      console,
+      Math,
+      Date
+    }
+
+    let scriptResult
+    try {
+      const wrapped = scriptBody.startsWith('(') ? scriptBody : `(${scriptBody})`
+      const script = new vm.Script(wrapped)
+      scriptResult = script.runInNewContext(sandbox, { timeout: timeoutMs })
+    } catch (error) {
+      throw new Error(`脚本解析失败: ${error.message}`)
+    }
+
+    if (!scriptResult || typeof scriptResult !== 'object') {
+      throw new Error('脚本返回格式无效（需返回 { request, extractor }）')
+    }
+
+    const variables = options.variables || {}
+    const request = this.applyTemplates(scriptResult.request || {}, variables)
+    const { extractor } = scriptResult
+
+    if (!request?.url || typeof request.url !== 'string') {
+      throw new Error('脚本 request.url 不能为空')
+    }
+
+    // SSRF防护：验证URL安全性
+    if (!isUrlSafe(request.url)) {
+      throw new Error('脚本 request.url 不安全：禁止访问内网地址、localhost或使用非HTTP(S)协议')
+    }
+
+    if (typeof extractor !== 'function') {
+      throw new Error('脚本 extractor 必须是函数')
+    }
+
+    const axiosConfig = {
+      url: request.url,
+      method: (request.method || 'GET').toUpperCase(),
+      headers: request.headers || {},
+      timeout: timeoutMs
+    }
+
+    if (request.params) {
+      axiosConfig.params = request.params
+    }
+    if (request.body || request.data) {
+      axiosConfig.data = request.body || request.data
+    }
+
+    let httpResponse
+    try {
+      httpResponse = await axios(axiosConfig)
+    } catch (error) {
+      const { response } = error || {}
+      const { status, data } = response || {}
+      throw new Error(
+        `请求失败: ${status || ''} ${error.message}${data ? ` | ${JSON.stringify(data)}` : ''}`
+      )
+    }
+
+    const responseData = httpResponse?.data
+
+    let extracted = {}
+    try {
+      extracted = extractor(responseData) || {}
+    } catch (error) {
+      throw new Error(`extractor 执行失败: ${error.message}`)
+    }
+
+    const mapped = this.mapExtractorResult(extracted, responseData)
+    return {
+      mapped,
+      extracted,
+      response: {
+        status: httpResponse?.status,
+        headers: httpResponse?.headers,
+        data: responseData
+      }
+    }
+  }
+
+  applyTemplates(value, variables) {
+    if (typeof value === 'string') {
+      return value.replace(/{{(\w+)}}/g, (_, key) => {
+        const trimmed = key.trim()
+        return variables[trimmed] !== undefined ? String(variables[trimmed]) : ''
+      })
+    }
+    if (Array.isArray(value)) {
+      return value.map((item) => this.applyTemplates(item, variables))
+    }
+    if (value && typeof value === 'object') {
+      const result = {}
+      Object.keys(value).forEach((k) => {
+        result[k] = this.applyTemplates(value[k], variables)
+      })
+      return result
+    }
+    return value
+  }
+
+  mapExtractorResult(result = {}, responseData) {
+    const isValid = result.isValid !== false
+    const remaining = Number(result.remaining)
+    const total = Number(result.total)
+    const used = Number(result.used)
+    const currency = result.unit || 'USD'
+
+    const quota =
+      Number.isFinite(total) || Number.isFinite(used)
+        ? {
+            total: Number.isFinite(total) ? total : null,
+            used: Number.isFinite(used) ? used : null,
+            remaining: Number.isFinite(remaining) ? remaining : null,
+            percentage:
+              Number.isFinite(total) && total > 0 && Number.isFinite(used)
+                ? (used / total) * 100
+                : null
+          }
+        : null
+
+    return {
+      status: isValid ? 'success' : 'error',
+      errorMessage: isValid ? '' : result.invalidMessage || '套餐无效',
+      balance: Number.isFinite(remaining) ? remaining : null,
+      currency,
+      quota,
+      planName: result.planName || null,
+      extra: result.extra || null,
+      rawData: responseData || result.raw
+    }
+  }
+}
+
+module.exports = new BalanceScriptService()

src/services/geminiAccountService.js

@@ -16,11 +16,62 @@ const {
 } = require('../utils/tokenRefreshLogger')
 const tokenRefreshService = require('./tokenRefreshService')
 const LRUCache = require('../utils/lruCache')
+const antigravityClient = require('./antigravityClient')
 
-// Gemini CLI OAuth 配置 - 这些是公开的 Gemini CLI 凭据
-const OAUTH_CLIENT_ID = '681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com'
-const OAUTH_CLIENT_SECRET = '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'
-const OAUTH_SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
+// Gemini OAuth 配置 - 支持 Gemini CLI 与 Antigravity 两种 OAuth 应用
+const OAUTH_PROVIDER_GEMINI_CLI = 'gemini-cli'
+const OAUTH_PROVIDER_ANTIGRAVITY = 'antigravity'
+
+const OAUTH_PROVIDERS = {
+  [OAUTH_PROVIDER_GEMINI_CLI]: {
+    // Gemini CLI OAuth 配置（公开）
+    clientId:
+      process.env.GEMINI_OAUTH_CLIENT_ID ||
+      '681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com',
+    clientSecret: process.env.GEMINI_OAUTH_CLIENT_SECRET || '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',
+    scopes: ['https://www.googleapis.com/auth/cloud-platform']
+  },
+  [OAUTH_PROVIDER_ANTIGRAVITY]: {
+    // Antigravity OAuth 配置（参考 gcli2api）
+    clientId:
+      process.env.ANTIGRAVITY_OAUTH_CLIENT_ID ||
+      '1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com',
+    clientSecret:
+      process.env.ANTIGRAVITY_OAUTH_CLIENT_SECRET || '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',
+    scopes: [
+      'https://www.googleapis.com/auth/cloud-platform',
+      'https://www.googleapis.com/auth/userinfo.email',
+      'https://www.googleapis.com/auth/userinfo.profile',
+      'https://www.googleapis.com/auth/cclog',
+      'https://www.googleapis.com/auth/experimentsandconfigs'
+    ]
+  }
+}
+
+if (!process.env.GEMINI_OAUTH_CLIENT_SECRET) {
+  logger.warn(
+    '⚠️ GEMINI_OAUTH_CLIENT_SECRET 未设置，使用内置默认值（建议在生产环境通过环境变量覆盖）'
+  )
+}
+if (!process.env.ANTIGRAVITY_OAUTH_CLIENT_SECRET) {
+  logger.warn(
+    '⚠️ ANTIGRAVITY_OAUTH_CLIENT_SECRET 未设置，使用内置默认值（建议在生产环境通过环境变量覆盖）'
+  )
+}
+
+function normalizeOauthProvider(oauthProvider) {
+  if (!oauthProvider) {
+    return OAUTH_PROVIDER_GEMINI_CLI
+  }
+  return oauthProvider === OAUTH_PROVIDER_ANTIGRAVITY
+    ? OAUTH_PROVIDER_ANTIGRAVITY
+    : OAUTH_PROVIDER_GEMINI_CLI
+}
+
+function getOauthProviderConfig(oauthProvider) {
+  const normalized = normalizeOauthProvider(oauthProvider)
+  return OAUTH_PROVIDERS[normalized] || OAUTH_PROVIDERS[OAUTH_PROVIDER_GEMINI_CLI]
+}
 
 // 🌐 TCP Keep-Alive Agent 配置
 // 解决长时间流式请求中 NAT/防火墙空闲超时导致的连接中断问题
@@ -34,6 +85,117 @@ const keepAliveAgent = new https.Agent({
 
 logger.info('🌐 Gemini HTTPS Agent initialized with TCP Keep-Alive support')
 
+async function fetchAvailableModelsAntigravity(
+  accessToken,
+  proxyConfig = null,
+  refreshToken = null
+) {
+  try {
+    let effectiveToken = accessToken
+    if (refreshToken) {
+      try {
+        const client = await getOauthClient(
+          accessToken,
+          refreshToken,
+          proxyConfig,
+          OAUTH_PROVIDER_ANTIGRAVITY
+        )
+        if (client && client.getAccessToken) {
+          const latest = await client.getAccessToken()
+          if (latest?.token) {
+            effectiveToken = latest.token
+          }
+        }
+      } catch (error) {
+        logger.warn('Failed to refresh Antigravity access token for models list:', {
+          message: error.message
+        })
+      }
+    }
+
+    const data = await antigravityClient.fetchAvailableModels({
+      accessToken: effectiveToken,
+      proxyConfig
+    })
+    const modelsDict = data?.models
+    const created = Math.floor(Date.now() / 1000)
+
+    const models = []
+    const seen = new Set()
+    const {
+      getAntigravityModelAlias,
+      getAntigravityModelMetadata,
+      normalizeAntigravityModelInput
+    } = require('../utils/antigravityModel')
+
+    const pushModel = (modelId) => {
+      if (!modelId || seen.has(modelId)) {
+        return
+      }
+      seen.add(modelId)
+      const metadata = getAntigravityModelMetadata(modelId)
+      const entry = {
+        id: modelId,
+        object: 'model',
+        created,
+        owned_by: 'antigravity'
+      }
+      if (metadata?.name) {
+        entry.name = metadata.name
+      }
+      if (metadata?.maxCompletionTokens) {
+        entry.max_completion_tokens = metadata.maxCompletionTokens
+      }
+      if (metadata?.thinking) {
+        entry.thinking = metadata.thinking
+      }
+      models.push(entry)
+    }
+
+    if (modelsDict && typeof modelsDict === 'object') {
+      for (const modelId of Object.keys(modelsDict)) {
+        const normalized = normalizeAntigravityModelInput(modelId)
+        const alias = getAntigravityModelAlias(normalized)
+        if (!alias) {
+          continue
+        }
+        pushModel(alias)
+
+        if (alias.endsWith('-thinking')) {
+          pushModel(alias.replace(/-thinking$/, ''))
+        }
+
+        if (alias.startsWith('gemini-claude-')) {
+          pushModel(alias.replace(/^gemini-/, ''))
+        }
+      }
+    }
+
+    return models
+  } catch (error) {
+    logger.error('Failed to fetch Antigravity models:', error.response?.data || error.message)
+    return [
+      {
+        id: 'gemini-2.5-flash',
+        object: 'model',
+        created: Math.floor(Date.now() / 1000),
+        owned_by: 'antigravity'
+      }
+    ]
+  }
+}
+
+async function countTokensAntigravity(client, contents, model, proxyConfig = null) {
+  const { token } = await client.getAccessToken()
+  const response = await antigravityClient.countTokens({
+    accessToken: token,
+    proxyConfig,
+    contents,
+    model
+  })
+  return response
+}
+
 // 加密相关常量
 const ALGORITHM = 'aes-256-cbc'
 const ENCRYPTION_SALT = 'gemini-account-salt'
@@ -124,14 +286,15 @@ setInterval(
 )
 
 // 创建 OAuth2 客户端（支持代理配置）
-function createOAuth2Client(redirectUri = null, proxyConfig = null) {
+function createOAuth2Client(redirectUri = null, proxyConfig = null, oauthProvider = null) {
   // 如果没有提供 redirectUri，使用默认值
   const uri = redirectUri || 'http://localhost:45462'
+  const oauthConfig = getOauthProviderConfig(oauthProvider)
 
   // 准备客户端选项
   const clientOptions = {
-    clientId: OAUTH_CLIENT_ID,
-    clientSecret: OAUTH_CLIENT_SECRET,
+    clientId: oauthConfig.clientId,
+    clientSecret: oauthConfig.clientSecret,
     redirectUri: uri
   }
 
@@ -152,10 +315,17 @@ function createOAuth2Client(redirectUri = null, proxyConfig = null) {
 }
 
 // 生成授权 URL (支持 PKCE 和代理)
-async function generateAuthUrl(state = null, redirectUri = null, proxyConfig = null) {
+async function generateAuthUrl(
+  state = null,
+  redirectUri = null,
+  proxyConfig = null,
+  oauthProvider = null
+) {
   // 使用新的 redirect URI
   const finalRedirectUri = redirectUri || 'https://codeassist.google.com/authcode'
-  const oAuth2Client = createOAuth2Client(finalRedirectUri, proxyConfig)
+  const normalizedProvider = normalizeOauthProvider(oauthProvider)
+  const oauthConfig = getOauthProviderConfig(normalizedProvider)
+  const oAuth2Client = createOAuth2Client(finalRedirectUri, proxyConfig, normalizedProvider)
 
   if (proxyConfig) {
     logger.info(
@@ -172,7 +342,7 @@ async function generateAuthUrl(state = null, redirectUri = null, proxyConfig = n
   const authUrl = oAuth2Client.generateAuthUrl({
     redirect_uri: finalRedirectUri,
     access_type: 'offline',
-    scope: OAUTH_SCOPES,
+    scope: oauthConfig.scopes,
     code_challenge_method: 'S256',
     code_challenge: codeVerifier.codeChallenge,
     state: stateValue,
@@ -183,7 +353,8 @@ async function generateAuthUrl(state = null, redirectUri = null, proxyConfig = n
     authUrl,
     state: stateValue,
     codeVerifier: codeVerifier.codeVerifier,
-    redirectUri: finalRedirectUri
+    redirectUri: finalRedirectUri,
+    oauthProvider: normalizedProvider
   }
 }
 
@@ -244,11 +415,14 @@ async function exchangeCodeForTokens(
   code,
   redirectUri = null,
   codeVerifier = null,
-  proxyConfig = null
+  proxyConfig = null,
+  oauthProvider = null
 ) {
   try {
+    const normalizedProvider = normalizeOauthProvider(oauthProvider)
+    const oauthConfig = getOauthProviderConfig(normalizedProvider)
     // 创建带代理配置的 OAuth2Client
-    const oAuth2Client = createOAuth2Client(redirectUri, proxyConfig)
+    const oAuth2Client = createOAuth2Client(redirectUri, proxyConfig, normalizedProvider)
 
     if (proxyConfig) {
       logger.info(
@@ -274,7 +448,7 @@ async function exchangeCodeForTokens(
     return {
       access_token: tokens.access_token,
       refresh_token: tokens.refresh_token,
-      scope: tokens.scope || OAUTH_SCOPES.join(' '),
+      scope: tokens.scope || oauthConfig.scopes.join(' '),
       token_type: tokens.token_type || 'Bearer',
       expiry_date: tokens.expiry_date || Date.now() + tokens.expires_in * 1000
     }
@@ -285,9 +459,11 @@ async function exchangeCodeForTokens(
 }
 
 // 刷新访问令牌
-async function refreshAccessToken(refreshToken, proxyConfig = null) {
+async function refreshAccessToken(refreshToken, proxyConfig = null, oauthProvider = null) {
+  const normalizedProvider = normalizeOauthProvider(oauthProvider)
+  const oauthConfig = getOauthProviderConfig(normalizedProvider)
   // 创建带代理配置的 OAuth2Client
-  const oAuth2Client = createOAuth2Client(null, proxyConfig)
+  const oAuth2Client = createOAuth2Client(null, proxyConfig, normalizedProvider)
 
   try {
     // 设置 refresh_token
@@ -319,7 +495,7 @@ async function refreshAccessToken(refreshToken, proxyConfig = null) {
     return {
       access_token: credentials.access_token,
       refresh_token: credentials.refresh_token || refreshToken, // 保留原 refresh_token 如果没有返回新的
-      scope: credentials.scope || OAUTH_SCOPES.join(' '),
+      scope: credentials.scope || oauthConfig.scopes.join(' '),
       token_type: credentials.token_type || 'Bearer',
       expiry_date: credentials.expiry_date || Date.now() + 3600000 // 默认1小时过期
     }
@@ -339,6 +515,8 @@ async function refreshAccessToken(refreshToken, proxyConfig = null) {
 async function createAccount(accountData) {
   const id = uuidv4()
   const now = new Date().toISOString()
+  const oauthProvider = normalizeOauthProvider(accountData.oauthProvider)
+  const oauthConfig = getOauthProviderConfig(oauthProvider)
 
   // 处理凭证数据
   let geminiOauth = null
@@ -371,7 +549,7 @@ async function createAccount(accountData) {
       geminiOauth = JSON.stringify({
         access_token: accessToken,
         refresh_token: refreshToken,
-        scope: accountData.scope || OAUTH_SCOPES.join(' '),
+        scope: accountData.scope || oauthConfig.scopes.join(' '),
         token_type: accountData.tokenType || 'Bearer',
         expiry_date: accountData.expiryDate || Date.now() + 3600000 // 默认1小时
       })
@@ -399,7 +577,8 @@ async function createAccount(accountData) {
     refreshToken: refreshToken ? encrypt(refreshToken) : '',
     expiresAt, // OAuth Token 过期时间（技术字段，自动刷新）
     // 只有OAuth方式才有scopes，手动添加的没有
-    scopes: accountData.geminiOauth ? accountData.scopes || OAUTH_SCOPES.join(' ') : '',
+    scopes: accountData.geminiOauth ? accountData.scopes || oauthConfig.scopes.join(' ') : '',
+    oauthProvider,
 
     // ✅ 新增：账户订阅到期时间（业务字段，手动管理）
     subscriptionExpiresAt: accountData.subscriptionExpiresAt || null,
@@ -508,6 +687,10 @@ async function updateAccount(accountId, updates) {
     updates.schedulable = updates.schedulable.toString()
   }
 
+  if (updates.oauthProvider !== undefined) {
+    updates.oauthProvider = normalizeOauthProvider(updates.oauthProvider)
+  }
+
   // 加密敏感字段
   if (updates.geminiOauth) {
     updates.geminiOauth = encrypt(
@@ -885,12 +1068,13 @@ async function refreshAccountToken(accountId) {
       // 重新获取账户数据（可能已被其他进程刷新）
       const updatedAccount = await getAccount(accountId)
       if (updatedAccount && updatedAccount.accessToken) {
+        const oauthConfig = getOauthProviderConfig(updatedAccount.oauthProvider)
         const accessToken = decrypt(updatedAccount.accessToken)
         return {
           access_token: accessToken,
           refresh_token: updatedAccount.refreshToken ? decrypt(updatedAccount.refreshToken) : '',
           expiry_date: updatedAccount.expiresAt ? new Date(updatedAccount.expiresAt).getTime() : 0,
-          scope: updatedAccount.scope || OAUTH_SCOPES.join(' '),
+          scope: updatedAccount.scopes || oauthConfig.scopes.join(' '),
           token_type: 'Bearer'
         }
       }
@@ -904,7 +1088,11 @@ async function refreshAccountToken(accountId) {
 
     // account.refreshToken 已经是解密后的值（从 getAccount 返回）
     // 传入账户的代理配置
-    const newTokens = await refreshAccessToken(account.refreshToken, account.proxy)
+    const newTokens = await refreshAccessToken(
+      account.refreshToken,
+      account.proxy,
+      account.oauthProvider
+    )
 
     // 更新账户信息
     const updates = {
@@ -1036,14 +1224,15 @@ async function getAccountRateLimitInfo(accountId) {
 }
 
 // 获取配置的OAuth客户端 - 参考GeminiCliSimulator的getOauthClient方法（支持代理）
-async function getOauthClient(accessToken, refreshToken, proxyConfig = null) {
-  const client = createOAuth2Client(null, proxyConfig)
+async function getOauthClient(accessToken, refreshToken, proxyConfig = null, oauthProvider = null) {
+  const normalizedProvider = normalizeOauthProvider(oauthProvider)
+  const oauthConfig = getOauthProviderConfig(normalizedProvider)
+  const client = createOAuth2Client(null, proxyConfig, normalizedProvider)
 
   const creds = {
     access_token: accessToken,
     refresh_token: refreshToken,
-    scope:
-      'https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.profile openid https://www.googleapis.com/auth/userinfo.email',
+    scope: oauthConfig.scopes.join(' '),
     token_type: 'Bearer',
     expiry_date: 1754269905646
   }
@@ -1509,6 +1698,43 @@ async function generateContent(
   return response.data
 }
 
+// 调用 Antigravity 上游生成内容（非流式）
+async function generateContentAntigravity(
+  client,
+  requestData,
+  userPromptId,
+  projectId = null,
+  sessionId = null,
+  proxyConfig = null
+) {
+  const { token } = await client.getAccessToken()
+  const { model } = antigravityClient.buildAntigravityEnvelope({
+    requestData,
+    projectId,
+    sessionId,
+    userPromptId
+  })
+
+  logger.info('🪐 Antigravity generateContent API调用开始', {
+    model,
+    userPromptId,
+    projectId,
+    sessionId
+  })
+
+  const { response } = await antigravityClient.request({
+    accessToken: token,
+    proxyConfig,
+    requestData,
+    projectId,
+    sessionId,
+    userPromptId,
+    stream: false
+  })
+  logger.info('✅ Antigravity generateContent API调用成功')
+  return response.data
+}
+
 // 调用 Code Assist API 生成内容（流式）
 async function generateContentStream(
   client,
@@ -1593,6 +1819,46 @@ async function generateContentStream(
   return response.data // 返回流对象
 }
 
+// 调用 Antigravity 上游生成内容（流式）
+async function generateContentStreamAntigravity(
+  client,
+  requestData,
+  userPromptId,
+  projectId = null,
+  sessionId = null,
+  signal = null,
+  proxyConfig = null
+) {
+  const { token } = await client.getAccessToken()
+  const { model } = antigravityClient.buildAntigravityEnvelope({
+    requestData,
+    projectId,
+    sessionId,
+    userPromptId
+  })
+
+  logger.info('🌊 Antigravity streamGenerateContent API调用开始', {
+    model,
+    userPromptId,
+    projectId,
+    sessionId
+  })
+
+  const { response } = await antigravityClient.request({
+    accessToken: token,
+    proxyConfig,
+    requestData,
+    projectId,
+    sessionId,
+    userPromptId,
+    stream: true,
+    signal,
+    params: { alt: 'sse' }
+  })
+  logger.info('✅ Antigravity streamGenerateContent API调用成功，开始流式传输')
+  return response.data
+}
+
 // 更新账户的临时项目 ID
 async function updateTempProjectId(accountId, tempProjectId) {
   if (!tempProjectId) {
@@ -1687,10 +1953,12 @@ module.exports = {
   generateEncryptionKey,
   decryptCache, // 暴露缓存对象以便测试和监控
   countTokens,
+  countTokensAntigravity,
   generateContent,
   generateContentStream,
+  generateContentAntigravity,
+  generateContentStreamAntigravity,
+  fetchAvailableModelsAntigravity,
   updateTempProjectId,
-  resetAccountStatus,
-  OAUTH_CLIENT_ID,
-  OAUTH_SCOPES
+  resetAccountStatus
 }

src/services/unifiedGeminiScheduler.js

@@ -4,11 +4,35 @@ const accountGroupService = require('./accountGroupService')
 const redis = require('../models/redis')
 const logger = require('../utils/logger')
 
+const OAUTH_PROVIDER_GEMINI_CLI = 'gemini-cli'
+const OAUTH_PROVIDER_ANTIGRAVITY = 'antigravity'
+const KNOWN_OAUTH_PROVIDERS = [OAUTH_PROVIDER_GEMINI_CLI, OAUTH_PROVIDER_ANTIGRAVITY]
+
+function normalizeOauthProvider(oauthProvider) {
+  if (!oauthProvider) {
+    return OAUTH_PROVIDER_GEMINI_CLI
+  }
+  return oauthProvider === OAUTH_PROVIDER_ANTIGRAVITY
+    ? OAUTH_PROVIDER_ANTIGRAVITY
+    : OAUTH_PROVIDER_GEMINI_CLI
+}
+
 class UnifiedGeminiScheduler {
   constructor() {
     this.SESSION_MAPPING_PREFIX = 'unified_gemini_session_mapping:'
   }
 
+  _getSessionMappingKey(sessionHash, oauthProvider = null) {
+    if (!sessionHash) {
+      return null
+    }
+    if (!oauthProvider) {
+      return `${this.SESSION_MAPPING_PREFIX}${sessionHash}`
+    }
+    const normalized = normalizeOauthProvider(oauthProvider)
+    return `${this.SESSION_MAPPING_PREFIX}${normalized}:${sessionHash}`
+  }
+
   // 🔧 辅助方法：检查账户是否可调度（兼容字符串和布尔值）
   _isSchedulable(schedulable) {
     // 如果是 undefined 或 null，默认为可调度
@@ -32,7 +56,8 @@ class UnifiedGeminiScheduler {
     requestedModel = null,
     options = {}
   ) {
-    const { allowApiAccounts = false } = options
+    const { allowApiAccounts = false, oauthProvider = null } = options
+    const normalizedOauthProvider = oauthProvider ? normalizeOauthProvider(oauthProvider) : null
 
     try {
       // 如果API Key绑定了专属账户或分组，优先使用
@@ -83,14 +108,23 @@ class UnifiedGeminiScheduler {
             this._isActive(boundAccount.isActive) &&
             boundAccount.status !== 'error'
           ) {
-            logger.info(
-              `🎯 Using bound dedicated Gemini account: ${boundAccount.name} (${apiKeyData.geminiAccountId}) for API key ${apiKeyData.name}`
-            )
-            // 更新账户的最后使用时间
-            await geminiAccountService.markAccountUsed(apiKeyData.geminiAccountId)
-            return {
-              accountId: apiKeyData.geminiAccountId,
-              accountType: 'gemini'
+            if (
+              normalizedOauthProvider &&
+              normalizeOauthProvider(boundAccount.oauthProvider) !== normalizedOauthProvider
+            ) {
+              logger.warn(
+                `⚠️ Bound Gemini OAuth account ${boundAccount.name} oauthProvider=${normalizeOauthProvider(boundAccount.oauthProvider)} does not match requested oauthProvider=${normalizedOauthProvider}, falling back to pool`
+              )
+            } else {
+              logger.info(
+                `🎯 Using bound dedicated Gemini account: ${boundAccount.name} (${apiKeyData.geminiAccountId}) for API key ${apiKeyData.name}`
+              )
+              // 更新账户的最后使用时间
+              await geminiAccountService.markAccountUsed(apiKeyData.geminiAccountId)
+              return {
+                accountId: apiKeyData.geminiAccountId,
+                accountType: 'gemini'
+              }
             }
           } else {
             logger.warn(
@@ -102,7 +136,7 @@ class UnifiedGeminiScheduler {
 
       // 如果有会话哈希，检查是否有已映射的账户
       if (sessionHash) {
-        const mappedAccount = await this._getSessionMapping(sessionHash)
+        const mappedAccount = await this._getSessionMapping(sessionHash, normalizedOauthProvider)
         if (mappedAccount) {
           // 验证映射的账户是否仍然可用
           const isAvailable = await this._isAccountAvailable(
@@ -111,7 +145,7 @@ class UnifiedGeminiScheduler {
           )
           if (isAvailable) {
             // 🚀 智能会话续期（续期 unified 映射键，按配置）
-            await this._extendSessionMappingTTL(sessionHash)
+            await this._extendSessionMappingTTL(sessionHash, normalizedOauthProvider)
             logger.info(
               `🎯 Using sticky session account: ${mappedAccount.accountId} (${mappedAccount.accountType}) for session ${sessionHash}`
             )
@@ -132,11 +166,10 @@ class UnifiedGeminiScheduler {
       }
 
       // 获取所有可用账户
-      const availableAccounts = await this._getAllAvailableAccounts(
-        apiKeyData,
-        requestedModel,
-        allowApiAccounts
-      )
+      const availableAccounts = await this._getAllAvailableAccounts(apiKeyData, requestedModel, {
+        allowApiAccounts,
+        oauthProvider: normalizedOauthProvider
+      })
 
       if (availableAccounts.length === 0) {
         // 提供更详细的错误信息
@@ -160,7 +193,8 @@ class UnifiedGeminiScheduler {
         await this._setSessionMapping(
           sessionHash,
           selectedAccount.accountId,
-          selectedAccount.accountType
+          selectedAccount.accountType,
+          normalizedOauthProvider
         )
         logger.info(
           `🎯 Created new sticky session mapping: ${selectedAccount.name} (${selectedAccount.accountId}, ${selectedAccount.accountType}) for session ${sessionHash}`
@@ -189,7 +223,18 @@ class UnifiedGeminiScheduler {
   }
 
   // 📋 获取所有可用账户
-  async _getAllAvailableAccounts(apiKeyData, requestedModel = null, allowApiAccounts = false) {
+  async _getAllAvailableAccounts(
+    apiKeyData,
+    requestedModel = null,
+    allowApiAccountsOrOptions = false
+  ) {
+    const options =
+      allowApiAccountsOrOptions && typeof allowApiAccountsOrOptions === 'object'
+        ? allowApiAccountsOrOptions
+        : { allowApiAccounts: allowApiAccountsOrOptions }
+    const { allowApiAccounts = false, oauthProvider = null } = options
+    const normalizedOauthProvider = oauthProvider ? normalizeOauthProvider(oauthProvider) : null
+
     const availableAccounts = []
 
     // 如果API Key绑定了专属账户，优先返回
@@ -254,6 +299,12 @@ class UnifiedGeminiScheduler {
           this._isActive(boundAccount.isActive) &&
           boundAccount.status !== 'error'
         ) {
+          if (
+            normalizedOauthProvider &&
+            normalizeOauthProvider(boundAccount.oauthProvider) !== normalizedOauthProvider
+          ) {
+            return availableAccounts
+          }
           const isRateLimited = await this.isAccountRateLimited(boundAccount.id)
           if (!isRateLimited) {
             // 检查模型支持
@@ -303,6 +354,12 @@ class UnifiedGeminiScheduler {
         (account.accountType === 'shared' || !account.accountType) && // 兼容旧数据
         this._isSchedulable(account.schedulable)
       ) {
+        if (
+          normalizedOauthProvider &&
+          normalizeOauthProvider(account.oauthProvider) !== normalizedOauthProvider
+        ) {
+          continue
+        }
         // 检查是否可调度
 
         // 检查token是否过期
@@ -437,9 +494,10 @@ class UnifiedGeminiScheduler {
   }
 
   // 🔗 获取会话映射
-  async _getSessionMapping(sessionHash) {
+  async _getSessionMapping(sessionHash, oauthProvider = null) {
     const client = redis.getClientSafe()
-    const mappingData = await client.get(`${this.SESSION_MAPPING_PREFIX}${sessionHash}`)
+    const key = this._getSessionMappingKey(sessionHash, oauthProvider)
+    const mappingData = key ? await client.get(key) : null
 
     if (mappingData) {
       try {
@@ -454,27 +512,42 @@ class UnifiedGeminiScheduler {
   }
 
   // 💾 设置会话映射
-  async _setSessionMapping(sessionHash, accountId, accountType) {
+  async _setSessionMapping(sessionHash, accountId, accountType, oauthProvider = null) {
     const client = redis.getClientSafe()
     const mappingData = JSON.stringify({ accountId, accountType })
     // 依据配置设置TTL（小时）
     const appConfig = require('../../config/config')
     const ttlHours = appConfig.session?.stickyTtlHours || 1
     const ttlSeconds = Math.max(1, Math.floor(ttlHours * 60 * 60))
-    await client.setex(`${this.SESSION_MAPPING_PREFIX}${sessionHash}`, ttlSeconds, mappingData)
+    const key = this._getSessionMappingKey(sessionHash, oauthProvider)
+    if (!key) {
+      return
+    }
+    await client.setex(key, ttlSeconds, mappingData)
   }
 
   // 🗑️ 删除会话映射
   async _deleteSessionMapping(sessionHash) {
     const client = redis.getClientSafe()
-    await client.del(`${this.SESSION_MAPPING_PREFIX}${sessionHash}`)
+    if (!sessionHash) {
+      return
+    }
+
+    const keys = [this._getSessionMappingKey(sessionHash)]
+    for (const provider of KNOWN_OAUTH_PROVIDERS) {
+      keys.push(this._getSessionMappingKey(sessionHash, provider))
+    }
+    await client.del(keys.filter(Boolean))
   }
 
   // 🔁 续期统一调度会话映射TTL（针对 unified_gemini_session_mapping:* 键），遵循会话配置
-  async _extendSessionMappingTTL(sessionHash) {
+  async _extendSessionMappingTTL(sessionHash, oauthProvider = null) {
     try {
       const client = redis.getClientSafe()
-      const key = `${this.SESSION_MAPPING_PREFIX}${sessionHash}`
+      const key = this._getSessionMappingKey(sessionHash, oauthProvider)
+      if (!key) {
+        return false
+      }
       const remainingTTL = await client.ttl(key)
 
       if (remainingTTL === -2) {

src/utils/anthropicRequestDump.js

@@ -0,0 +1,126 @@
+const path = require('path')
+const logger = require('./logger')
+const { getProjectRoot } = require('./projectPaths')
+const { safeRotatingAppend } = require('./safeRotatingAppend')
+
+const REQUEST_DUMP_ENV = 'ANTHROPIC_DEBUG_REQUEST_DUMP'
+const REQUEST_DUMP_MAX_BYTES_ENV = 'ANTHROPIC_DEBUG_REQUEST_DUMP_MAX_BYTES'
+const REQUEST_DUMP_FILENAME = 'anthropic-requests-dump.jsonl'
+
+function isEnabled() {
+  const raw = process.env[REQUEST_DUMP_ENV]
+  if (!raw) {
+    return false
+  }
+  return raw === '1' || raw.toLowerCase() === 'true'
+}
+
+function getMaxBytes() {
+  const raw = process.env[REQUEST_DUMP_MAX_BYTES_ENV]
+  if (!raw) {
+    return 2 * 1024 * 1024
+  }
+  const parsed = Number.parseInt(raw, 10)
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return 2 * 1024 * 1024
+  }
+  return parsed
+}
+
+function maskSecret(value) {
+  if (value === null || value === undefined) {
+    return value
+  }
+  const str = String(value)
+  if (str.length <= 8) {
+    return '***'
+  }
+  return `${str.slice(0, 4)}...${str.slice(-4)}`
+}
+
+function sanitizeHeaders(headers) {
+  const sensitive = new Set([
+    'authorization',
+    'proxy-authorization',
+    'x-api-key',
+    'cookie',
+    'set-cookie',
+    'x-forwarded-for',
+    'x-real-ip'
+  ])
+
+  const out = {}
+  for (const [k, v] of Object.entries(headers || {})) {
+    const key = k.toLowerCase()
+    if (sensitive.has(key)) {
+      out[key] = maskSecret(v)
+      continue
+    }
+    out[key] = v
+  }
+  return out
+}
+
+function safeJsonStringify(payload, maxBytes) {
+  let json = ''
+  try {
+    json = JSON.stringify(payload)
+  } catch (e) {
+    return JSON.stringify({
+      type: 'anthropic_request_dump_error',
+      error: 'JSON.stringify_failed',
+      message: e?.message || String(e)
+    })
+  }
+
+  if (Buffer.byteLength(json, 'utf8') <= maxBytes) {
+    return json
+  }
+
+  const truncated = Buffer.from(json, 'utf8').subarray(0, maxBytes).toString('utf8')
+  return JSON.stringify({
+    type: 'anthropic_request_dump_truncated',
+    maxBytes,
+    originalBytes: Buffer.byteLength(json, 'utf8'),
+    partialJson: truncated
+  })
+}
+
+async function dumpAnthropicMessagesRequest(req, meta = {}) {
+  if (!isEnabled()) {
+    return
+  }
+
+  const maxBytes = getMaxBytes()
+  const filename = path.join(getProjectRoot(), REQUEST_DUMP_FILENAME)
+
+  const record = {
+    ts: new Date().toISOString(),
+    requestId: req?.requestId || null,
+    method: req?.method || null,
+    url: req?.originalUrl || req?.url || null,
+    ip: req?.ip || null,
+    meta,
+    headers: sanitizeHeaders(req?.headers || {}),
+    body: req?.body || null
+  }
+
+  const line = `${safeJsonStringify(record, maxBytes)}\n`
+
+  try {
+    await safeRotatingAppend(filename, line)
+  } catch (e) {
+    logger.warn('Failed to dump Anthropic request', {
+      filename,
+      requestId: req?.requestId || null,
+      error: e?.message || String(e)
+    })
+  }
+}
+
+module.exports = {
+  dumpAnthropicMessagesRequest,
+  REQUEST_DUMP_ENV,
+  REQUEST_DUMP_MAX_BYTES_ENV,
+  REQUEST_DUMP_FILENAME
+}

src/utils/anthropicResponseDump.js

@@ -0,0 +1,125 @@
+const path = require('path')
+const logger = require('./logger')
+const { getProjectRoot } = require('./projectPaths')
+const { safeRotatingAppend } = require('./safeRotatingAppend')
+
+const RESPONSE_DUMP_ENV = 'ANTHROPIC_DEBUG_RESPONSE_DUMP'
+const RESPONSE_DUMP_MAX_BYTES_ENV = 'ANTHROPIC_DEBUG_RESPONSE_DUMP_MAX_BYTES'
+const RESPONSE_DUMP_FILENAME = 'anthropic-responses-dump.jsonl'
+
+function isEnabled() {
+  const raw = process.env[RESPONSE_DUMP_ENV]
+  if (!raw) {
+    return false
+  }
+  return raw === '1' || raw.toLowerCase() === 'true'
+}
+
+function getMaxBytes() {
+  const raw = process.env[RESPONSE_DUMP_MAX_BYTES_ENV]
+  if (!raw) {
+    return 2 * 1024 * 1024
+  }
+  const parsed = Number.parseInt(raw, 10)
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return 2 * 1024 * 1024
+  }
+  return parsed
+}
+
+function safeJsonStringify(payload, maxBytes) {
+  let json = ''
+  try {
+    json = JSON.stringify(payload)
+  } catch (e) {
+    return JSON.stringify({
+      type: 'anthropic_response_dump_error',
+      error: 'JSON.stringify_failed',
+      message: e?.message || String(e)
+    })
+  }
+
+  if (Buffer.byteLength(json, 'utf8') <= maxBytes) {
+    return json
+  }
+
+  const truncated = Buffer.from(json, 'utf8').subarray(0, maxBytes).toString('utf8')
+  return JSON.stringify({
+    type: 'anthropic_response_dump_truncated',
+    maxBytes,
+    originalBytes: Buffer.byteLength(json, 'utf8'),
+    partialJson: truncated
+  })
+}
+
+function summarizeAnthropicResponseBody(body) {
+  const content = Array.isArray(body?.content) ? body.content : []
+  const toolUses = content.filter((b) => b && b.type === 'tool_use')
+  const texts = content
+    .filter((b) => b && b.type === 'text' && typeof b.text === 'string')
+    .map((b) => b.text)
+    .join('')
+
+  return {
+    id: body?.id || null,
+    model: body?.model || null,
+    stop_reason: body?.stop_reason || null,
+    usage: body?.usage || null,
+    content_blocks: content.map((b) => (b ? b.type : null)).filter(Boolean),
+    tool_use_names: toolUses.map((b) => b.name).filter(Boolean),
+    text_preview: texts ? texts.slice(0, 800) : ''
+  }
+}
+
+async function dumpAnthropicResponse(req, responseInfo, meta = {}) {
+  if (!isEnabled()) {
+    return
+  }
+
+  const maxBytes = getMaxBytes()
+  const filename = path.join(getProjectRoot(), RESPONSE_DUMP_FILENAME)
+
+  const record = {
+    ts: new Date().toISOString(),
+    requestId: req?.requestId || null,
+    url: req?.originalUrl || req?.url || null,
+    meta,
+    response: responseInfo
+  }
+
+  const line = `${safeJsonStringify(record, maxBytes)}\n`
+  try {
+    await safeRotatingAppend(filename, line)
+  } catch (e) {
+    logger.warn('Failed to dump Anthropic response', {
+      filename,
+      requestId: req?.requestId || null,
+      error: e?.message || String(e)
+    })
+  }
+}
+
+async function dumpAnthropicNonStreamResponse(req, statusCode, body, meta = {}) {
+  return dumpAnthropicResponse(
+    req,
+    { kind: 'non-stream', statusCode, summary: summarizeAnthropicResponseBody(body), body },
+    meta
+  )
+}
+
+async function dumpAnthropicStreamSummary(req, summary, meta = {}) {
+  return dumpAnthropicResponse(req, { kind: 'stream', summary }, meta)
+}
+
+async function dumpAnthropicStreamError(req, error, meta = {}) {
+  return dumpAnthropicResponse(req, { kind: 'stream-error', error }, meta)
+}
+
+module.exports = {
+  dumpAnthropicNonStreamResponse,
+  dumpAnthropicStreamSummary,
+  dumpAnthropicStreamError,
+  RESPONSE_DUMP_ENV,
+  RESPONSE_DUMP_MAX_BYTES_ENV,
+  RESPONSE_DUMP_FILENAME
+}

src/utils/antigravityModel.js

@@ -0,0 +1,138 @@
+const DEFAULT_ANTIGRAVITY_MODEL = 'gemini-2.5-flash'
+
+const UPSTREAM_TO_ALIAS = {
+  'rev19-uic3-1p': 'gemini-2.5-computer-use-preview-10-2025',
+  'gemini-3-pro-image': 'gemini-3-pro-image-preview',
+  'gemini-3-pro-high': 'gemini-3-pro-preview',
+  'gemini-3-flash': 'gemini-3-flash-preview',
+  'claude-sonnet-4-5': 'gemini-claude-sonnet-4-5',
+  'claude-sonnet-4-5-thinking': 'gemini-claude-sonnet-4-5-thinking',
+  'claude-opus-4-5-thinking': 'gemini-claude-opus-4-5-thinking',
+  chat_20706: '',
+  chat_23310: '',
+  'gemini-2.5-flash-thinking': '',
+  'gemini-3-pro-low': '',
+  'gemini-2.5-pro': ''
+}
+
+const ALIAS_TO_UPSTREAM = {
+  'gemini-2.5-computer-use-preview-10-2025': 'rev19-uic3-1p',
+  'gemini-3-pro-image-preview': 'gemini-3-pro-image',
+  'gemini-3-pro-preview': 'gemini-3-pro-high',
+  'gemini-3-flash-preview': 'gemini-3-flash',
+  'gemini-claude-sonnet-4-5': 'claude-sonnet-4-5',
+  'gemini-claude-sonnet-4-5-thinking': 'claude-sonnet-4-5-thinking',
+  'gemini-claude-opus-4-5-thinking': 'claude-opus-4-5-thinking'
+}
+
+const ANTIGRAVITY_MODEL_METADATA = {
+  'gemini-2.5-flash': {
+    thinking: { min: 0, max: 24576, zeroAllowed: true, dynamicAllowed: true },
+    name: 'models/gemini-2.5-flash'
+  },
+  'gemini-2.5-flash-lite': {
+    thinking: { min: 0, max: 24576, zeroAllowed: true, dynamicAllowed: true },
+    name: 'models/gemini-2.5-flash-lite'
+  },
+  'gemini-2.5-computer-use-preview-10-2025': {
+    name: 'models/gemini-2.5-computer-use-preview-10-2025'
+  },
+  'gemini-3-pro-preview': {
+    thinking: {
+      min: 128,
+      max: 32768,
+      zeroAllowed: false,
+      dynamicAllowed: true,
+      levels: ['low', 'high']
+    },
+    name: 'models/gemini-3-pro-preview'
+  },
+  'gemini-3-pro-image-preview': {
+    thinking: {
+      min: 128,
+      max: 32768,
+      zeroAllowed: false,
+      dynamicAllowed: true,
+      levels: ['low', 'high']
+    },
+    name: 'models/gemini-3-pro-image-preview'
+  },
+  'gemini-3-flash-preview': {
+    thinking: {
+      min: 128,
+      max: 32768,
+      zeroAllowed: false,
+      dynamicAllowed: true,
+      levels: ['minimal', 'low', 'medium', 'high']
+    },
+    name: 'models/gemini-3-flash-preview'
+  },
+  'gemini-claude-sonnet-4-5-thinking': {
+    thinking: { min: 1024, max: 200000, zeroAllowed: false, dynamicAllowed: true },
+    maxCompletionTokens: 64000
+  },
+  'gemini-claude-opus-4-5-thinking': {
+    thinking: { min: 1024, max: 200000, zeroAllowed: false, dynamicAllowed: true },
+    maxCompletionTokens: 64000
+  }
+}
+
+function normalizeAntigravityModelInput(model, defaultModel = DEFAULT_ANTIGRAVITY_MODEL) {
+  if (!model) {
+    return defaultModel
+  }
+  return model.startsWith('models/') ? model.slice('models/'.length) : model
+}
+
+function getAntigravityModelAlias(modelName) {
+  const normalized = normalizeAntigravityModelInput(modelName)
+  if (Object.prototype.hasOwnProperty.call(UPSTREAM_TO_ALIAS, normalized)) {
+    return UPSTREAM_TO_ALIAS[normalized]
+  }
+  return normalized
+}
+
+function getAntigravityModelMetadata(modelName) {
+  const normalized = normalizeAntigravityModelInput(modelName)
+  if (Object.prototype.hasOwnProperty.call(ANTIGRAVITY_MODEL_METADATA, normalized)) {
+    return ANTIGRAVITY_MODEL_METADATA[normalized]
+  }
+  if (normalized.startsWith('claude-')) {
+    const prefixed = `gemini-${normalized}`
+    if (Object.prototype.hasOwnProperty.call(ANTIGRAVITY_MODEL_METADATA, prefixed)) {
+      return ANTIGRAVITY_MODEL_METADATA[prefixed]
+    }
+    const thinkingAlias = `${prefixed}-thinking`
+    if (Object.prototype.hasOwnProperty.call(ANTIGRAVITY_MODEL_METADATA, thinkingAlias)) {
+      return ANTIGRAVITY_MODEL_METADATA[thinkingAlias]
+    }
+  }
+  return null
+}
+
+function mapAntigravityUpstreamModel(model) {
+  const normalized = normalizeAntigravityModelInput(model)
+  let upstream = Object.prototype.hasOwnProperty.call(ALIAS_TO_UPSTREAM, normalized)
+    ? ALIAS_TO_UPSTREAM[normalized]
+    : normalized
+
+  if (upstream.startsWith('gemini-claude-')) {
+    upstream = upstream.replace(/^gemini-/, '')
+  }
+
+  const mapping = {
+    // Opus：上游更常见的是 thinking 变体（CLIProxyAPI 也按此处理）
+    'claude-opus-4-5': 'claude-opus-4-5-thinking',
+    // Gemini thinking 变体回退
+    'gemini-2.5-flash-thinking': 'gemini-2.5-flash'
+  }
+
+  return mapping[upstream] || upstream
+}
+
+module.exports = {
+  normalizeAntigravityModelInput,
+  getAntigravityModelAlias,
+  getAntigravityModelMetadata,
+  mapAntigravityUpstreamModel
+}

src/utils/antigravityUpstreamDump.js

@@ -0,0 +1,121 @@
+const path = require('path')
+const logger = require('./logger')
+const { getProjectRoot } = require('./projectPaths')
+const { safeRotatingAppend } = require('./safeRotatingAppend')
+
+const UPSTREAM_REQUEST_DUMP_ENV = 'ANTIGRAVITY_DEBUG_UPSTREAM_REQUEST_DUMP'
+const UPSTREAM_REQUEST_DUMP_MAX_BYTES_ENV = 'ANTIGRAVITY_DEBUG_UPSTREAM_REQUEST_DUMP_MAX_BYTES'
+const UPSTREAM_REQUEST_DUMP_FILENAME = 'antigravity-upstream-requests-dump.jsonl'
+
+function isEnabled() {
+  const raw = process.env[UPSTREAM_REQUEST_DUMP_ENV]
+  if (!raw) {
+    return false
+  }
+  const normalized = String(raw).trim().toLowerCase()
+  return normalized === '1' || normalized === 'true'
+}
+
+function getMaxBytes() {
+  const raw = process.env[UPSTREAM_REQUEST_DUMP_MAX_BYTES_ENV]
+  if (!raw) {
+    return 2 * 1024 * 1024
+  }
+  const parsed = Number.parseInt(raw, 10)
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return 2 * 1024 * 1024
+  }
+  return parsed
+}
+
+function redact(value) {
+  if (!value) {
+    return value
+  }
+  const s = String(value)
+  if (s.length <= 10) {
+    return '***'
+  }
+  return `${s.slice(0, 3)}...${s.slice(-4)}`
+}
+
+function safeJsonStringify(payload, maxBytes) {
+  let json = ''
+  try {
+    json = JSON.stringify(payload)
+  } catch (e) {
+    return JSON.stringify({
+      type: 'antigravity_upstream_dump_error',
+      error: 'JSON.stringify_failed',
+      message: e?.message || String(e)
+    })
+  }
+
+  if (Buffer.byteLength(json, 'utf8') <= maxBytes) {
+    return json
+  }
+
+  const truncated = Buffer.from(json, 'utf8').subarray(0, maxBytes).toString('utf8')
+  return JSON.stringify({
+    type: 'antigravity_upstream_dump_truncated',
+    maxBytes,
+    originalBytes: Buffer.byteLength(json, 'utf8'),
+    partialJson: truncated
+  })
+}
+
+async function dumpAntigravityUpstreamRequest(requestInfo) {
+  if (!isEnabled()) {
+    return
+  }
+
+  const maxBytes = getMaxBytes()
+  const filename = path.join(getProjectRoot(), UPSTREAM_REQUEST_DUMP_FILENAME)
+
+  const record = {
+    ts: new Date().toISOString(),
+    type: 'antigravity_upstream_request',
+    requestId: requestInfo?.requestId || null,
+    model: requestInfo?.model || null,
+    stream: Boolean(requestInfo?.stream),
+    url: requestInfo?.url || null,
+    baseUrl: requestInfo?.baseUrl || null,
+    params: requestInfo?.params || null,
+    headers: requestInfo?.headers
+      ? {
+          Host: requestInfo.headers.Host || requestInfo.headers.host || null,
+          'User-Agent':
+            requestInfo.headers['User-Agent'] || requestInfo.headers['user-agent'] || null,
+          Authorization: (() => {
+            const raw = requestInfo.headers.Authorization || requestInfo.headers.authorization
+            if (!raw) {
+              return null
+            }
+            const value = String(raw)
+            const m = value.match(/^Bearer\\s+(.+)$/i)
+            const token = m ? m[1] : value
+            return `Bearer ${redact(token)}`
+          })()
+        }
+      : null,
+    envelope: requestInfo?.envelope || null
+  }
+
+  const line = `${safeJsonStringify(record, maxBytes)}\n`
+  try {
+    await safeRotatingAppend(filename, line)
+  } catch (e) {
+    logger.warn('Failed to dump Antigravity upstream request', {
+      filename,
+      requestId: requestInfo?.requestId || null,
+      error: e?.message || String(e)
+    })
+  }
+}
+
+module.exports = {
+  dumpAntigravityUpstreamRequest,
+  UPSTREAM_REQUEST_DUMP_ENV,
+  UPSTREAM_REQUEST_DUMP_MAX_BYTES_ENV,
+  UPSTREAM_REQUEST_DUMP_FILENAME
+}

src/utils/antigravityUpstreamResponseDump.js

@@ -0,0 +1,175 @@
+const path = require('path')
+const logger = require('./logger')
+const { getProjectRoot } = require('./projectPaths')
+const { safeRotatingAppend } = require('./safeRotatingAppend')
+
+const UPSTREAM_RESPONSE_DUMP_ENV = 'ANTIGRAVITY_DEBUG_UPSTREAM_RESPONSE_DUMP'
+const UPSTREAM_RESPONSE_DUMP_MAX_BYTES_ENV = 'ANTIGRAVITY_DEBUG_UPSTREAM_RESPONSE_DUMP_MAX_BYTES'
+const UPSTREAM_RESPONSE_DUMP_FILENAME = 'antigravity-upstream-responses-dump.jsonl'
+
+function isEnabled() {
+  const raw = process.env[UPSTREAM_RESPONSE_DUMP_ENV]
+  if (!raw) {
+    return false
+  }
+  const normalized = String(raw).trim().toLowerCase()
+  return normalized === '1' || normalized === 'true'
+}
+
+function getMaxBytes() {
+  const raw = process.env[UPSTREAM_RESPONSE_DUMP_MAX_BYTES_ENV]
+  if (!raw) {
+    return 2 * 1024 * 1024
+  }
+  const parsed = Number.parseInt(raw, 10)
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return 2 * 1024 * 1024
+  }
+  return parsed
+}
+
+function safeJsonStringify(payload, maxBytes) {
+  let json = ''
+  try {
+    json = JSON.stringify(payload)
+  } catch (e) {
+    return JSON.stringify({
+      type: 'antigravity_upstream_response_dump_error',
+      error: 'JSON.stringify_failed',
+      message: e?.message || String(e)
+    })
+  }
+
+  if (Buffer.byteLength(json, 'utf8') <= maxBytes) {
+    return json
+  }
+
+  const truncated = Buffer.from(json, 'utf8').subarray(0, maxBytes).toString('utf8')
+  return JSON.stringify({
+    type: 'antigravity_upstream_response_dump_truncated',
+    maxBytes,
+    originalBytes: Buffer.byteLength(json, 'utf8'),
+    partialJson: truncated
+  })
+}
+
+/**
+ * 记录 Antigravity 上游 API 的响应
+ * @param {Object} responseInfo - 响应信息
+ * @param {string} responseInfo.requestId - 请求 ID
+ * @param {string} responseInfo.model - 模型名称
+ * @param {number} responseInfo.statusCode - HTTP 状态码
+ * @param {string} responseInfo.statusText - HTTP 状态文本
+ * @param {Object} responseInfo.headers - 响应头
+ * @param {string} responseInfo.responseType - 响应类型 (stream/non-stream/error)
+ * @param {Object} responseInfo.summary - 响应摘要
+ * @param {Object} responseInfo.error - 错误信息（如果有）
+ */
+async function dumpAntigravityUpstreamResponse(responseInfo) {
+  if (!isEnabled()) {
+    return
+  }
+
+  const maxBytes = getMaxBytes()
+  const filename = path.join(getProjectRoot(), UPSTREAM_RESPONSE_DUMP_FILENAME)
+
+  const record = {
+    ts: new Date().toISOString(),
+    type: 'antigravity_upstream_response',
+    requestId: responseInfo?.requestId || null,
+    model: responseInfo?.model || null,
+    statusCode: responseInfo?.statusCode || null,
+    statusText: responseInfo?.statusText || null,
+    responseType: responseInfo?.responseType || null,
+    headers: responseInfo?.headers || null,
+    summary: responseInfo?.summary || null,
+    error: responseInfo?.error || null,
+    rawData: responseInfo?.rawData || null
+  }
+
+  const line = `${safeJsonStringify(record, maxBytes)}\n`
+  try {
+    await safeRotatingAppend(filename, line)
+  } catch (e) {
+    logger.warn('Failed to dump Antigravity upstream response', {
+      filename,
+      requestId: responseInfo?.requestId || null,
+      error: e?.message || String(e)
+    })
+  }
+}
+
+/**
+ * 记录 SSE 流中的每个事件（用于详细调试）
+ */
+async function dumpAntigravityStreamEvent(eventInfo) {
+  if (!isEnabled()) {
+    return
+  }
+
+  const maxBytes = getMaxBytes()
+  const filename = path.join(getProjectRoot(), UPSTREAM_RESPONSE_DUMP_FILENAME)
+
+  const record = {
+    ts: new Date().toISOString(),
+    type: 'antigravity_stream_event',
+    requestId: eventInfo?.requestId || null,
+    eventIndex: eventInfo?.eventIndex || null,
+    eventType: eventInfo?.eventType || null,
+    data: eventInfo?.data || null
+  }
+
+  const line = `${safeJsonStringify(record, maxBytes)}\n`
+  try {
+    await safeRotatingAppend(filename, line)
+  } catch (e) {
+    // 静默处理，避免日志过多
+  }
+}
+
+/**
+ * 记录流式响应的最终摘要
+ */
+async function dumpAntigravityStreamSummary(summaryInfo) {
+  if (!isEnabled()) {
+    return
+  }
+
+  const maxBytes = getMaxBytes()
+  const filename = path.join(getProjectRoot(), UPSTREAM_RESPONSE_DUMP_FILENAME)
+
+  const record = {
+    ts: new Date().toISOString(),
+    type: 'antigravity_stream_summary',
+    requestId: summaryInfo?.requestId || null,
+    model: summaryInfo?.model || null,
+    totalEvents: summaryInfo?.totalEvents || 0,
+    finishReason: summaryInfo?.finishReason || null,
+    hasThinking: summaryInfo?.hasThinking || false,
+    hasToolCalls: summaryInfo?.hasToolCalls || false,
+    toolCallNames: summaryInfo?.toolCallNames || [],
+    usage: summaryInfo?.usage || null,
+    error: summaryInfo?.error || null,
+    textPreview: summaryInfo?.textPreview || null
+  }
+
+  const line = `${safeJsonStringify(record, maxBytes)}\n`
+  try {
+    await safeRotatingAppend(filename, line)
+  } catch (e) {
+    logger.warn('Failed to dump Antigravity stream summary', {
+      filename,
+      requestId: summaryInfo?.requestId || null,
+      error: e?.message || String(e)
+    })
+  }
+}
+
+module.exports = {
+  dumpAntigravityUpstreamResponse,
+  dumpAntigravityStreamEvent,
+  dumpAntigravityStreamSummary,
+  UPSTREAM_RESPONSE_DUMP_ENV,
+  UPSTREAM_RESPONSE_DUMP_MAX_BYTES_ENV,
+  UPSTREAM_RESPONSE_DUMP_FILENAME
+}

src/utils/errorSanitizer.js

@@ -55,16 +55,69 @@ function sanitizeUpstreamError(errorData) {
     return errorData
   }
 
-  // 深拷贝避免修改原始对象
-  const sanitized = JSON.parse(JSON.stringify(errorData))
+  // AxiosError / Error：返回摘要，避免泄露请求体/headers/token 等敏感信息
+  const looksLikeAxiosError =
+    errorData.isAxiosError ||
+    (errorData.name === 'AxiosError' && (errorData.config || errorData.response))
+  const looksLikeError = errorData instanceof Error || typeof errorData.message === 'string'
+
+  if (looksLikeAxiosError || looksLikeError) {
+    const statusCode = errorData.response?.status
+    const upstreamBody = errorData.response?.data
+    const upstreamMessage = sanitizeErrorMessage(extractErrorMessage(upstreamBody) || '')
+
+    return {
+      name: errorData.name || 'Error',
+      code: errorData.code,
+      statusCode,
+      message: sanitizeErrorMessage(errorData.message || ''),
+      upstreamMessage: upstreamMessage || undefined,
+      upstreamType: upstreamBody?.error?.type || upstreamBody?.error?.status || undefined
+    }
+  }
 
   // 递归清理嵌套的错误对象
+  const visited = new WeakSet()
+
+  const shouldRedactKey = (key) => {
+    if (!key) {
+      return false
+    }
+    const lowerKey = String(key).toLowerCase()
+    return (
+      lowerKey === 'authorization' ||
+      lowerKey === 'cookie' ||
+      lowerKey.includes('api_key') ||
+      lowerKey.includes('apikey') ||
+      lowerKey.includes('access_token') ||
+      lowerKey.includes('refresh_token') ||
+      lowerKey.endsWith('token') ||
+      lowerKey.includes('secret') ||
+      lowerKey.includes('password')
+    )
+  }
+
   const sanitizeObject = (obj) => {
     if (!obj || typeof obj !== 'object') {
       return obj
     }
 
+    if (visited.has(obj)) {
+      return '[Circular]'
+    }
+    visited.add(obj)
+
+    // 主动剔除常见“超大且敏感”的字段
+    if (obj.config || obj.request || obj.response) {
+      return '[Redacted]'
+    }
+
     for (const key in obj) {
+      if (shouldRedactKey(key)) {
+        obj[key] = '[REDACTED]'
+        continue
+      }
+
       // 清理所有字符串字段，不仅仅是 message
       if (typeof obj[key] === 'string') {
         obj[key] = sanitizeErrorMessage(obj[key])
@@ -76,7 +129,9 @@ function sanitizeUpstreamError(errorData) {
     return obj
   }
 
-  return sanitizeObject(sanitized)
+  // 尽量不修改原对象：浅拷贝后递归清理
+  const clone = Array.isArray(errorData) ? [...errorData] : { ...errorData }
+  return sanitizeObject(clone)
 }
 
 /**

src/utils/featureFlags.js

@@ -0,0 +1,46 @@
+let config = {}
+try {
+  // config/config.js 可能在某些环境不存在（例如仅拷贝了 config.example.js）
+  // 为保证可运行，这里做容错处理
+  // eslint-disable-next-line global-require
+  config = require('../../config/config')
+} catch (error) {
+  config = {}
+}
+
+const parseBooleanEnv = (value) => {
+  if (typeof value === 'boolean') {
+    return value
+  }
+  if (typeof value !== 'string') {
+    return false
+  }
+  const normalized = value.trim().toLowerCase()
+  return normalized === 'true' || normalized === '1' || normalized === 'yes' || normalized === 'on'
+}
+
+/**
+ * 是否允许执行"余额脚本"（安全开关）
+ * ⚠️ 安全警告：vm模块非安全沙箱，默认禁用。如需启用请显式设置 BALANCE_SCRIPT_ENABLED=true
+ * 仅在完全信任管理员且了解RCE风险时才启用此功能
+ */
+const isBalanceScriptEnabled = () => {
+  if (
+    process.env.BALANCE_SCRIPT_ENABLED !== undefined &&
+    process.env.BALANCE_SCRIPT_ENABLED !== ''
+  ) {
+    return parseBooleanEnv(process.env.BALANCE_SCRIPT_ENABLED)
+  }
+
+  const fromConfig =
+    config?.accountBalance?.enableBalanceScript ??
+    config?.features?.balanceScriptEnabled ??
+    config?.security?.enableBalanceScript
+
+  // 默认禁用，需显式启用
+  return typeof fromConfig === 'boolean' ? fromConfig : false
+}
+
+module.exports = {
+  isBalanceScriptEnabled
+}

src/utils/geminiSchemaCleaner.js

@@ -0,0 +1,265 @@
+function appendHint(description, hint) {
+  if (!hint) {
+    return description || ''
+  }
+  if (!description) {
+    return hint
+  }
+  return `${description} (${hint})`
+}
+
+function getRefHint(refValue) {
+  const ref = String(refValue || '')
+  if (!ref) {
+    return ''
+  }
+  const idx = ref.lastIndexOf('/')
+  const name = idx >= 0 ? ref.slice(idx + 1) : ref
+  return name ? `See: ${name}` : ''
+}
+
+function normalizeType(typeValue) {
+  if (typeof typeValue === 'string' && typeValue) {
+    return { type: typeValue, hint: '' }
+  }
+  if (!Array.isArray(typeValue) || typeValue.length === 0) {
+    return { type: '', hint: '' }
+  }
+  const raw = typeValue.map((t) => (t === null || t === undefined ? '' : String(t))).filter(Boolean)
+  const hasNull = raw.includes('null')
+  const nonNull = raw.filter((t) => t !== 'null')
+  const primary = nonNull[0] || 'string'
+  const hintParts = []
+  if (nonNull.length > 1) {
+    hintParts.push(`Accepts: ${nonNull.join(' | ')}`)
+  }
+  if (hasNull) {
+    hintParts.push('nullable')
+  }
+  return { type: primary, hint: hintParts.join('; ') }
+}
+
+const CONSTRAINT_KEYS = [
+  'minLength',
+  'maxLength',
+  'exclusiveMinimum',
+  'exclusiveMaximum',
+  'pattern',
+  'minItems',
+  'maxItems'
+]
+
+function scoreSchema(schema) {
+  if (!schema || typeof schema !== 'object') {
+    return { score: 0, type: '' }
+  }
+  const t = typeof schema.type === 'string' ? schema.type : ''
+  if (t === 'object' || (schema.properties && typeof schema.properties === 'object')) {
+    return { score: 3, type: t || 'object' }
+  }
+  if (t === 'array' || schema.items) {
+    return { score: 2, type: t || 'array' }
+  }
+  if (t && t !== 'null') {
+    return { score: 1, type: t }
+  }
+  return { score: 0, type: t || 'null' }
+}
+
+function pickBestFromAlternatives(alternatives) {
+  let bestIndex = 0
+  let bestScore = -1
+  const types = []
+  for (let i = 0; i < alternatives.length; i += 1) {
+    const alt = alternatives[i]
+    const { score, type } = scoreSchema(alt)
+    if (type) {
+      types.push(type)
+    }
+    if (score > bestScore) {
+      bestScore = score
+      bestIndex = i
+    }
+  }
+  return { best: alternatives[bestIndex], types: Array.from(new Set(types)).filter(Boolean) }
+}
+
+function cleanJsonSchemaForGemini(schema) {
+  if (schema === null || schema === undefined) {
+    return { type: 'object', properties: {} }
+  }
+  if (typeof schema !== 'object') {
+    return { type: 'object', properties: {} }
+  }
+  if (Array.isArray(schema)) {
+    return { type: 'object', properties: {} }
+  }
+
+  // $ref：Gemini/Antigravity 不支持，转换为 hint
+  if (typeof schema.$ref === 'string' && schema.$ref) {
+    return {
+      type: 'object',
+      description: appendHint(schema.description || '', getRefHint(schema.$ref)),
+      properties: {}
+    }
+  }
+
+  // anyOf / oneOf：选择最可能的 schema，保留类型提示
+  const anyOf = Array.isArray(schema.anyOf) ? schema.anyOf : null
+  const oneOf = Array.isArray(schema.oneOf) ? schema.oneOf : null
+  const alts = anyOf && anyOf.length ? anyOf : oneOf && oneOf.length ? oneOf : null
+  if (alts) {
+    const { best, types } = pickBestFromAlternatives(alts)
+    const cleaned = cleanJsonSchemaForGemini(best)
+    const mergedDescription = appendHint(cleaned.description || '', schema.description || '')
+    const typeHint = types.length > 1 ? `Accepts: ${types.join(' || ')}` : ''
+    return {
+      ...cleaned,
+      description: appendHint(mergedDescription, typeHint)
+    }
+  }
+
+  // allOf：合并 properties/required
+  if (Array.isArray(schema.allOf) && schema.allOf.length) {
+    const merged = {}
+    let mergedDesc = schema.description || ''
+    const mergedReq = new Set()
+    const mergedProps = {}
+    for (const item of schema.allOf) {
+      const cleaned = cleanJsonSchemaForGemini(item)
+      if (cleaned.description) {
+        mergedDesc = appendHint(mergedDesc, cleaned.description)
+      }
+      if (Array.isArray(cleaned.required)) {
+        for (const r of cleaned.required) {
+          if (typeof r === 'string' && r) {
+            mergedReq.add(r)
+          }
+        }
+      }
+      if (cleaned.properties && typeof cleaned.properties === 'object') {
+        Object.assign(mergedProps, cleaned.properties)
+      }
+      if (cleaned.type && !merged.type) {
+        merged.type = cleaned.type
+      }
+      if (cleaned.items && !merged.items) {
+        merged.items = cleaned.items
+      }
+      if (Array.isArray(cleaned.enum) && !merged.enum) {
+        merged.enum = cleaned.enum
+      }
+    }
+    if (Object.keys(mergedProps).length) {
+      merged.type = merged.type || 'object'
+      merged.properties = mergedProps
+      const req = Array.from(mergedReq).filter((r) => mergedProps[r])
+      if (req.length) {
+        merged.required = req
+      }
+    }
+    if (mergedDesc) {
+      merged.description = mergedDesc
+    }
+    return cleanJsonSchemaForGemini(merged)
+  }
+
+  const result = {}
+  const constraintHints = []
+
+  // description
+  if (typeof schema.description === 'string') {
+    result.description = schema.description
+  }
+
+  for (const key of CONSTRAINT_KEYS) {
+    const value = schema[key]
+    if (value === undefined || value === null || typeof value === 'object') {
+      continue
+    }
+    constraintHints.push(`${key}: ${value}`)
+  }
+
+  // const -> enum
+  if (schema.const !== undefined && !Array.isArray(schema.enum)) {
+    result.enum = [schema.const]
+  }
+
+  // enum
+  if (Array.isArray(schema.enum)) {
+    const en = schema.enum.filter(
+      (v) => typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean'
+    )
+    if (en.length) {
+      result.enum = en
+    }
+  }
+
+  // type（flatten 数组 type）
+  const { type: normalizedType, hint: typeHint } = normalizeType(schema.type)
+  if (normalizedType) {
+    result.type = normalizedType
+  }
+  if (typeHint) {
+    result.description = appendHint(result.description || '', typeHint)
+  }
+
+  if (result.enum && result.enum.length > 1 && result.enum.length <= 10) {
+    const list = result.enum.map((item) => String(item)).join(', ')
+    result.description = appendHint(result.description || '', `Allowed: ${list}`)
+  }
+
+  if (constraintHints.length) {
+    result.description = appendHint(result.description || '', constraintHints.join(', '))
+  }
+
+  // additionalProperties：Gemini/Antigravity 不接受布尔值，直接删除并用 hint 记录
+  if (schema.additionalProperties === false) {
+    result.description = appendHint(result.description || '', 'No extra properties allowed')
+  }
+
+  // properties
+  if (
+    schema.properties &&
+    typeof schema.properties === 'object' &&
+    !Array.isArray(schema.properties)
+  ) {
+    const props = {}
+    for (const [name, propSchema] of Object.entries(schema.properties)) {
+      props[name] = cleanJsonSchemaForGemini(propSchema)
+    }
+    result.type = result.type || 'object'
+    result.properties = props
+  }
+
+  // items
+  if (schema.items !== undefined) {
+    result.type = result.type || 'array'
+    result.items = cleanJsonSchemaForGemini(schema.items)
+  }
+
+  // required（最后再清理无效字段）
+  if (Array.isArray(schema.required) && result.properties) {
+    const req = schema.required.filter(
+      (r) =>
+        typeof r === 'string' && r && Object.prototype.hasOwnProperty.call(result.properties, r)
+    )
+    if (req.length) {
+      result.required = req
+    }
+  }
+
+  // 只保留 Gemini 兼容字段：其他（$schema/$id/$defs/definitions/format/constraints/pattern...）一律丢弃
+
+  if (!result.type) {
+    result.type = result.properties ? 'object' : result.items ? 'array' : 'object'
+  }
+  if (result.type === 'object' && !result.properties) {
+    result.properties = {}
+  }
+  return result
+}
+
+module.exports = {
+  cleanJsonSchemaForGemini
+}

src/utils/modelHelper.js

@@ -5,6 +5,10 @@
  * Supports parsing model strings like "ccr,model_name" to extract vendor type and base model.
  */
 
+// 仅保留原仓库既有的模型前缀：CCR 路由
+// Gemini/Antigravity 采用“路径分流”，避免在 model 字段里混入 vendor 前缀造成混乱
+const SUPPORTED_VENDOR_PREFIXES = ['ccr']
+
 /**
  * Parse vendor-prefixed model string
  * @param {string} modelStr - Model string, potentially with vendor prefix (e.g., "ccr,gemini-2.5-pro")
@@ -19,16 +23,21 @@ function parseVendorPrefixedModel(modelStr) {
   const trimmed = modelStr.trim()
   const lowerTrimmed = trimmed.toLowerCase()
 
-  // Check for ccr prefix (case insensitive)
-  if (lowerTrimmed.startsWith('ccr,')) {
+  for (const vendorPrefix of SUPPORTED_VENDOR_PREFIXES) {
+    if (!lowerTrimmed.startsWith(`${vendorPrefix},`)) {
+      continue
+    }
+
     const parts = trimmed.split(',')
-    if (parts.length >= 2) {
-      // Extract base model (everything after the first comma, rejoined in case model name contains commas)
-      const baseModel = parts.slice(1).join(',').trim()
-      return {
-        vendor: 'ccr',
-        baseModel
-      }
+    if (parts.length < 2) {
+      break
+    }
+
+    // Extract base model (everything after the first comma, rejoined in case model name contains commas)
+    const baseModel = parts.slice(1).join(',').trim()
+    return {
+      vendor: vendorPrefix,
+      baseModel
     }
   }
 

src/utils/projectPaths.js

@@ -0,0 +1,10 @@
+const path = require('path')
+
+// 该文件位于 src/utils 下，向上两级即项目根目录。
+function getProjectRoot() {
+  return path.resolve(__dirname, '..', '..')
+}
+
+module.exports = {
+  getProjectRoot
+}

src/utils/safeRotatingAppend.js

@@ -0,0 +1,88 @@
+/**
+ * ============================================================================
+ * 安全 JSONL 追加工具（带文件大小限制与自动轮转）
+ * ============================================================================
+ *
+ * 用于所有调试 Dump 模块，避免日志文件无限增长导致 I/O 拥塞。
+ *
+ * 策略：
+ * - 每次写入前检查目标文件大小
+ * - 超过阈值时，将现有文件重命名为 .bak（覆盖旧 .bak）
+ * - 然后写入新文件
+ */
+
+const fs = require('fs/promises')
+const logger = require('./logger')
+
+// 默认文件大小上限：10MB
+const DEFAULT_MAX_FILE_SIZE_BYTES = 10 * 1024 * 1024
+const MAX_FILE_SIZE_ENV = 'DUMP_MAX_FILE_SIZE_BYTES'
+
+/**
+ * 获取文件大小上限（可通过环境变量覆盖）
+ */
+function getMaxFileSize() {
+  const raw = process.env[MAX_FILE_SIZE_ENV]
+  if (raw) {
+    const parsed = Number.parseInt(raw, 10)
+    if (Number.isFinite(parsed) && parsed > 0) {
+      return parsed
+    }
+  }
+  return DEFAULT_MAX_FILE_SIZE_BYTES
+}
+
+/**
+ * 获取文件大小，文件不存在时返回 0
+ */
+async function getFileSize(filepath) {
+  try {
+    const stat = await fs.stat(filepath)
+    return stat.size
+  } catch (e) {
+    // 文件不存在或无法读取
+    return 0
+  }
+}
+
+/**
+ * 安全追加写入 JSONL 文件，支持自动轮转
+ *
+ * @param {string} filepath - 目标文件绝对路径
+ * @param {string} line - 要写入的单行（应以 \n 结尾）
+ * @param {Object} options - 可选配置
+ * @param {number} options.maxFileSize - 文件大小上限（字节），默认从环境变量或 10MB
+ */
+async function safeRotatingAppend(filepath, line, options = {}) {
+  const maxFileSize = options.maxFileSize || getMaxFileSize()
+
+  const currentSize = await getFileSize(filepath)
+
+  // 如果当前文件已达到或超过阈值，轮转
+  if (currentSize >= maxFileSize) {
+    const backupPath = `${filepath}.bak`
+    try {
+      // 先删除旧备份（如果存在）
+      await fs.unlink(backupPath).catch(() => {})
+      // 重命名当前文件为备份
+      await fs.rename(filepath, backupPath)
+    } catch (renameErr) {
+      // 轮转失败时记录警告日志，继续写入原文件
+      logger.warn('⚠️ Log rotation failed, continuing to write to original file', {
+        filepath,
+        backupPath,
+        error: renameErr?.message || String(renameErr)
+      })
+    }
+  }
+
+  // 追加写入
+  await fs.appendFile(filepath, line, { encoding: 'utf8' })
+}
+
+module.exports = {
+  safeRotatingAppend,
+  getMaxFileSize,
+  MAX_FILE_SIZE_ENV,
+  DEFAULT_MAX_FILE_SIZE_BYTES
+}

src/utils/signatureCache.js

@@ -0,0 +1,183 @@
+/**
+ * Signature Cache - 签名缓存模块
+ *
+ * 用于缓存 Antigravity thinking block 的 thoughtSignature。
+ * Claude Code 客户端可能剥离非标准字段，导致多轮对话时签名丢失。
+ * 此模块按 sessionId + thinkingText 存储签名，便于后续请求恢复。
+ *
+ * 参考实现：
+ * - CLIProxyAPI: internal/cache/signature_cache.go
+ * - antigravity-claude-proxy: src/format/signature-cache.js
+ */
+
+const crypto = require('crypto')
+const logger = require('./logger')
+
+// 配置常量
+const SIGNATURE_CACHE_TTL_MS = 60 * 60 * 1000 // 1 小时（同 CLIProxyAPI）
+const MAX_ENTRIES_PER_SESSION = 100 // 每会话最大缓存条目
+const MIN_SIGNATURE_LENGTH = 50 // 最小有效签名长度
+const TEXT_HASH_LENGTH = 16 // 文本哈希长度（SHA256 前 16 位）
+
+// 主缓存：sessionId -> Map<textHash, { signature, timestamp }>
+const signatureCache = new Map()
+
+/**
+ * 生成文本内容的稳定哈希值
+ * @param {string} text - 待哈希的文本
+ * @returns {string} 16 字符的十六进制哈希
+ */
+function hashText(text) {
+  if (!text || typeof text !== 'string') {
+    return ''
+  }
+  const hash = crypto.createHash('sha256').update(text).digest('hex')
+  return hash.slice(0, TEXT_HASH_LENGTH)
+}
+
+/**
+ * 获取或创建会话缓存
+ * @param {string} sessionId - 会话 ID
+ * @returns {Map} 会话的签名缓存 Map
+ */
+function getOrCreateSessionCache(sessionId) {
+  if (!signatureCache.has(sessionId)) {
+    signatureCache.set(sessionId, new Map())
+  }
+  return signatureCache.get(sessionId)
+}
+
+/**
+ * 检查签名是否有效
+ * @param {string} signature - 待检查的签名
+ * @returns {boolean} 签名是否有效
+ */
+function isValidSignature(signature) {
+  return typeof signature === 'string' && signature.length >= MIN_SIGNATURE_LENGTH
+}
+
+/**
+ * 缓存 thinking 签名
+ * @param {string} sessionId - 会话 ID
+ * @param {string} thinkingText - thinking 内容文本
+ * @param {string} signature - thoughtSignature
+ */
+function cacheSignature(sessionId, thinkingText, signature) {
+  if (!sessionId || !thinkingText || !signature) {
+    return
+  }
+
+  if (!isValidSignature(signature)) {
+    return
+  }
+
+  const sessionCache = getOrCreateSessionCache(sessionId)
+  const textHash = hashText(thinkingText)
+
+  if (!textHash) {
+    return
+  }
+
+  // 淘汰策略：超过限制时删除最老的 1/4 条目
+  if (sessionCache.size >= MAX_ENTRIES_PER_SESSION) {
+    const entries = Array.from(sessionCache.entries())
+    entries.sort((a, b) => a[1].timestamp - b[1].timestamp)
+    const toRemove = Math.max(1, Math.floor(entries.length / 4))
+    for (let i = 0; i < toRemove; i++) {
+      sessionCache.delete(entries[i][0])
+    }
+    logger.debug(
+      `[SignatureCache] Evicted ${toRemove} old entries for session ${sessionId.slice(0, 8)}...`
+    )
+  }
+
+  sessionCache.set(textHash, {
+    signature,
+    timestamp: Date.now()
+  })
+
+  logger.debug(
+    `[SignatureCache] Cached signature for session ${sessionId.slice(0, 8)}..., hash ${textHash}`
+  )
+}
+
+/**
+ * 获取缓存的签名
+ * @param {string} sessionId - 会话 ID
+ * @param {string} thinkingText - thinking 内容文本
+ * @returns {string|null} 缓存的签名，未找到或过期则返回 null
+ */
+function getCachedSignature(sessionId, thinkingText) {
+  if (!sessionId || !thinkingText) {
+    return null
+  }
+
+  const sessionCache = signatureCache.get(sessionId)
+  if (!sessionCache) {
+    return null
+  }
+
+  const textHash = hashText(thinkingText)
+  if (!textHash) {
+    return null
+  }
+
+  const entry = sessionCache.get(textHash)
+  if (!entry) {
+    return null
+  }
+
+  // 检查是否过期
+  if (Date.now() - entry.timestamp > SIGNATURE_CACHE_TTL_MS) {
+    sessionCache.delete(textHash)
+    logger.debug(`[SignatureCache] Entry expired for hash ${textHash}`)
+    return null
+  }
+
+  logger.debug(
+    `[SignatureCache] Cache hit for session ${sessionId.slice(0, 8)}..., hash ${textHash}`
+  )
+  return entry.signature
+}
+
+/**
+ * 清除会话缓存
+ * @param {string} sessionId - 要清除的会话 ID，为空则清除全部
+ */
+function clearSignatureCache(sessionId = null) {
+  if (sessionId) {
+    signatureCache.delete(sessionId)
+    logger.debug(`[SignatureCache] Cleared cache for session ${sessionId.slice(0, 8)}...`)
+  } else {
+    signatureCache.clear()
+    logger.debug('[SignatureCache] Cleared all caches')
+  }
+}
+
+/**
+ * 获取缓存统计信息（调试用）
+ * @returns {Object} { sessionCount, totalEntries }
+ */
+function getCacheStats() {
+  let totalEntries = 0
+  for (const sessionCache of signatureCache.values()) {
+    totalEntries += sessionCache.size
+  }
+  return {
+    sessionCount: signatureCache.size,
+    totalEntries
+  }
+}
+
+module.exports = {
+  cacheSignature,
+  getCachedSignature,
+  clearSignatureCache,
+  getCacheStats,
+  isValidSignature,
+  // 内部函数导出（用于测试或扩展）
+  hashText,
+  MIN_SIGNATURE_LENGTH,
+  MAX_ENTRIES_PER_SESSION,
+  SIGNATURE_CACHE_TTL_MS
+}

src/validators/clients/claudeCodeValidator.js

@@ -62,12 +62,17 @@ class ClaudeCodeValidator {
 
     for (const entry of systemEntries) {
       const rawText = typeof entry?.text === 'string' ? entry.text : ''
-      const { bestScore } = bestSimilarityByTemplates(rawText)
+      const { bestScore, templateId, maskedRaw } = bestSimilarityByTemplates(rawText)
       if (bestScore < threshold) {
         logger.error(
           `Claude system prompt similarity below threshold: score=${bestScore.toFixed(4)}, threshold=${threshold}`
         )
-        logger.warn(`Claude system prompt detail: ${rawText}`)
+        const preview = typeof maskedRaw === 'string' ? maskedRaw.slice(0, 200) : ''
+        logger.warn(
+          `Claude system prompt detail: templateId=${templateId || 'unknown'}, preview=${preview}${
+            maskedRaw && maskedRaw.length > 200 ? '…' : ''
+          }`
+        )
         return false
       }
     }

src/validators/clients/codexCliValidator.js

@@ -125,8 +125,12 @@ class CodexCliValidator {
       const part1 = parts1[i] || 0
       const part2 = parts2[i] || 0
 
-      if (part1 < part2) return -1
-      if (part1 > part2) return 1
+      if (part1 < part2) {
+        return -1
+      }
+      if (part1 > part2) {
+        return 1
+      }
     }
 
     return 0

src/validators/clients/geminiCliValidator.js

@@ -53,7 +53,7 @@ class GeminiCliValidator {
       // 2. 对于 /gemini 路径，检查是否包含 generateContent
       if (path.includes('generateContent')) {
         // 包含 generateContent 的路径需要验证 User-Agent
-        const geminiCliPattern = /^GeminiCLI\/v?[\d\.]+/i
+        const geminiCliPattern = /^GeminiCLI\/v?[\d.]+/i
         if (!geminiCliPattern.test(userAgent)) {
           logger.debug(
             `Gemini CLI validation failed - UA mismatch for generateContent: ${userAgent}`
@@ -84,8 +84,12 @@ class GeminiCliValidator {
       const part1 = parts1[i] || 0
       const part2 = parts2[i] || 0
 
-      if (part1 < part2) return -1
-      if (part1 > part2) return 1
+      if (part1 < part2) {
+        return -1
+      }
+      if (part1 > part2) {
+        return 1
+      }
     }
 
     return 0