chore: sync VERSION file with release v1.1.255 [skip ci]

fix: 修正Claude通过openaiClaudeRoutes访问失败问题

README_EN.md

@@ -1,5 +1,4 @@
-# Claude Relay Service (Antigravity Edition)
+# Claude Relay Service
-
 
 > [!CAUTION]
 > **Security Update**: v1.1.248 and below contain a critical admin authentication bypass vulnerability allowing unauthorized access to the admin panel.
@@ -8,117 +7,606 @@
 
 <div align="center">
 
-This fork focuses on:
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-- Native compatibility for `claude` (Claude Code CLI)
+[![Node.js](https://img.shields.io/badge/Node.js-18+-green.svg)](https://nodejs.org/)
-- Antigravity OAuth integration + path-based routing
+[![Redis](https://img.shields.io/badge/Redis-6+-red.svg)](https://redis.io/)
-- Better stability for streaming (SSE) workloads
+[![Docker](https://img.shields.io/badge/Docker-Ready-blue.svg)](https://www.docker.com/)
-- Optional request/response dumps for debugging
+
+**🔐 Self-hosted Claude API relay service with multi-account management** 
+
+[中文文档](README.md) • [Preview](https://demo.pincc.ai/admin-next/login) • [Telegram Channel](https://t.me/claude_relay_service)
+
+</div>
 
 ---
 
-## Highlights
+## ⭐ If You Find It Useful, Please Give It a Star!
 
-- **Claude Code protocol compatibility**: `thoughtSignature` fallback + cache, tool_result passthrough, and message ordering fixes.
+> Open source is not easy, your Star is my motivation to continue updating 🚀  
-- **Antigravity OAuth**: account type `gemini-antigravity` with permission checks.
+> Join [Telegram Channel](https://t.me/claude_relay_service) for the latest updates
-- **Path-based routing (Anthropic Messages API)**:
-  - `/api` -> Claude account pool (default)
-  - `/antigravity/api` -> Antigravity OAuth account pool
-  - `/gemini-cli/api` -> Gemini OAuth account pool
-- **Stability**:
-  - Zombie stream watchdog (disconnect after 45s without valid data)
-  - Auto retry + account switching for Antigravity `429 Resource Exhausted` (streaming and non-streaming)
-- **Observability**: JSONL dumps for request/response/tools/upstream (with size limit + rotation)
 
 ---
 
-## Quick Start
+## ⚠️ Important Notice
 
-### Requirements
+**Please read carefully before using this project:**
-- Node.js 18+ (or Docker)
-- Redis 6+/7+
 
-### Docker Compose (recommended)
+🚨 **Terms of Service Risk**: Using this project may violate Anthropic's terms of service. Please carefully read Anthropic's user agreement before use. All risks from using this project are borne by the user.
 
+📖 **Disclaimer**: This project is for technical learning and research purposes only. The author is not responsible for any account bans, service interruptions, or other losses caused by using this project.
+
+## 🤔 Is This Project Right for You?
+
+- 🌍 **Regional Restrictions**: Can't directly access Claude Code service in your region?
+- 🔒 **Privacy Concerns**: Worried about third-party mirror services logging or leaking your conversation content?
+- 👥 **Cost Sharing**: Want to share Claude Code Max subscription costs with friends?
+- ⚡ **Stability Issues**: Third-party mirror sites often fail and are unstable, affecting efficiency?
+
+If you have any of these concerns, this project might be suitable for you.
+
+### Suitable Scenarios
+
+✅ **Cost Sharing with Friends**: 3-5 friends sharing Claude Code Max subscription, enjoying Opus freely  
+✅ **Privacy Sensitive**: Don't want third-party mirrors to see your conversation content  
+✅ **Technical Tinkering**: Have basic technical skills, willing to build and maintain yourself  
+✅ **Stability Needs**: Need long-term stable Claude access, don't want to be restricted by mirror sites  
+✅ **Regional Restrictions**: Cannot directly access Claude official service  
+
+### Unsuitable Scenarios
+
+❌ **Complete Beginner**: Don't understand technology at all, don't even know how to buy a server  
+❌ **Occasional Use**: Use it only a few times a month, not worth the hassle  
+❌ **Registration Issues**: Cannot register Claude account yourself  
+❌ **Payment Issues**: No payment method to subscribe to Claude Code  
+
+**If you're just an ordinary user with low privacy requirements, just want to casually play around and quickly experience Claude, then choosing a mirror site you're familiar with would be more suitable.**
+
+---
+
+## 💭 Why Build Your Own?
+
+### Potential Issues with Existing Mirror Sites
+
+- 🕵️ **Privacy Risk**: Your conversation content is completely visible to others, forget about business secrets
+- 🐌 **Performance Instability**: Slow when many people use it, often crashes during peak hours
+- 💰 **Price Opacity**: Don't know the actual costs
+
+### Benefits of Self-hosting
+
+- 🔐 **Data Security**: All API requests only go through your own server, direct connection to Anthropic API
+- ⚡ **Controllable Performance**: Only a few of you using it, Max $200 package basically allows you to enjoy Opus freely
+- 💰 **Cost Transparency**: Clear view of how many tokens used, specific costs calculated at official prices
+- 📊 **Complete Monitoring**: Usage statistics, cost analysis, performance monitoring all available
+
+---
+
+## 🚀 Core Features
+
+> 📸 **[Click to view interface preview](docs/preview.md)** - See detailed screenshots of the Web management interface
+
+### Basic Features
+- ✅ **Multi-account Management**: Add multiple Claude accounts for automatic rotation
+- ✅ **Custom API Keys**: Assign independent keys to each person
+- ✅ **Usage Statistics**: Detailed records of how many tokens each person used
+
+### Advanced Features
+- 🔄 **Smart Switching**: Automatically switch to next account when one has issues
+- 🚀 **Performance Optimization**: Connection pooling, caching to reduce latency
+- 📊 **Monitoring Dashboard**: Web interface to view all data
+- 🛡️ **Security Control**: Access restrictions, rate limiting
+- 🌐 **Proxy Support**: Support for HTTP/SOCKS5 proxies
+
+---
+
+## 📋 Deployment Requirements
+
+### Hardware Requirements (Minimum Configuration)
+- **CPU**: 1 core is sufficient
+- **Memory**: 512MB (1GB recommended)
+- **Storage**: 30GB available space
+- **Network**: Access to Anthropic API (recommend US region servers)
+- **Recommendation**: 2 cores 4GB is basically enough, choose network with good return routes to your country (to improve speed, recommend not using proxy or setting server IP for direct connection)
+
+### Software Requirements
+- **Node.js** 18 or higher
+- **Redis** 6 or higher
+- **Operating System**: Linux recommended
+
+### Cost Estimation
+- **Server**: Light cloud server, $5-10 per month
+- **Claude Subscription**: Depends on how you share costs
+- **Others**: Domain name (optional)
+
+---
+
+## 📦 Manual Deployment
+
+### Step 1: Environment Setup
+
+**Ubuntu/Debian users:**
 ```bash
-cp .env.example .env
+# Install Node.js
-cp config/config.example.js config/config.js
+curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
+sudo apt-get install -y nodejs
 
-# Edit .env at least:
+# Install Redis
-# JWT_SECRET=... (random string)
+sudo apt update
-# ENCRYPTION_KEY=... (32-char random string)
+sudo apt install redis-server
-
+sudo systemctl start redis-server
-docker-compose up -d
 ```
 
-### Node (no Docker)
+**CentOS/RHEL users:**
+```bash
+# Install Node.js
+curl -fsSL https://rpm.nodesource.com/setup_18.x | sudo bash -
+sudo yum install -y nodejs
+
+# Install Redis
+sudo yum install redis
+sudo systemctl start redis
+```
+
+### Step 2: Download and Configure
 
 ```bash
+# Download project
+git clone https://github.com/Wei-Shaw/claude-relay-service.git
+cd claude-relay-service
+
+# Install dependencies
 npm install
-cp .env.example .env
+
+# Copy configuration files (Important!)
 cp config/config.example.js config/config.js
-npm run setup
+cp .env.example .env
-npm run service:start:daemon
 ```
 
-### Admin UI
+### Step 3: Configuration File Setup
 
-- URL: `http://<host>:3000/web`
+**Edit `.env` file:**
-- Initial credentials: generated by `npm run setup` and saved to `data/init.json` (Docker users can also inspect container logs).
+```bash
+# Generate these two keys randomly, but remember them
+JWT_SECRET=your-super-secret-key
+ENCRYPTION_KEY=32-character-encryption-key-write-randomly
+
+# Redis configuration
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=
+```
+
+**Edit `config/config.js` file:**
+```javascript
+module.exports = {
+  server: {
+    port: 3000,          // Service port, can be changed
+    host: '0.0.0.0'     // Don't change
+  },
+  redis: {
+    host: '127.0.0.1',  // Redis address
+    port: 6379          // Redis port
+  },
+  // Keep other configurations as default
+}
+```
+
+### Step 4: Start Service
+
+```bash
+# Initialize
+npm run setup # Will randomly generate admin account password info, stored in data/init.json
+
+# Start service
+npm run service:start:daemon   # Run in background (recommended)
+
+# Check status
+npm run service:status
+```
 
 ---
 
-## Using with Claude Code (CLI)
+## 🎮 Getting Started
 
-### Antigravity pool (recommended)
+### 1. Open Management Interface
+
+Browser visit: `http://your-server-IP:3000/web`
+
+Default admin account: Look in data/init.json
+
+### 2. Add Claude Account
+
+This step is quite important, requires OAuth authorization:
+
+1. Click "Claude Accounts" tab
+2. If you're worried about multiple accounts sharing 1 IP getting banned, you can optionally set a static proxy IP
+3. Click "Add Account"
+4. Click "Generate Authorization Link", will open a new page
+5. Complete Claude login and authorization in the new page
+6. Copy the returned Authorization Code
+7. Paste to page to complete addition
+
+**Note**: If you're in China, this step may require VPN.
+
+### 3. Create API Key
+
+Assign a key to each user:
+
+1. Click "API Keys" tab
+2. Click "Create New Key"
+3. Give the key a name, like "Zhang San's Key"
+4. Set usage limits (optional)
+5. Save, note down the generated key
+
+### 4. Start Using Claude Code and Gemini CLI
+
+Now you can replace the official API with your own service:
+
+**Claude Code Set Environment Variables:**
+
+Default uses standard Claude account pool:
+
+```bash
+export ANTHROPIC_BASE_URL="http://127.0.0.1:3000/api/" # Fill in your server's IP address or domain
+export ANTHROPIC_AUTH_TOKEN="API key created in the backend"
+```
+
+**VSCode Claude Plugin Configuration:**
+
+If using VSCode Claude plugin, configure in `~/.claude/config.json`:
+
+```json
+{
+    "primaryApiKey": "crs"
+}
+```
+
+If the file doesn't exist, create it manually. Windows users path is `C:\Users\YourUsername\.claude\config.json`.
+
+**Gemini CLI Set Environment Variables:**
+
+**Method 1 (Recommended): Via Gemini Assist API**
+
+Each account enjoys 1000 requests per day, 60 requests per minute free quota.
+
+```bash
+CODE_ASSIST_ENDPOINT="http://127.0.0.1:3000/gemini"  # Fill in your server's IP address or domain
+GOOGLE_CLOUD_ACCESS_TOKEN="API key created in the backend"
+GOOGLE_GENAI_USE_GCA="true"
+GEMINI_MODEL="gemini-2.5-pro"
+```
+
+> **Note**: gemini-cli console will show `Failed to fetch user info: 401 Unauthorized`, but this doesn't affect usage.
+
+**Method 2: Via Gemini API**
+
+Very limited free quota, easily triggers 429 errors.
+
+```bash
+GOOGLE_GEMINI_BASE_URL="http://127.0.0.1:3000/gemini"  # Fill in your server's IP address or domain
+GEMINI_API_KEY="API key created in the backend"
+GEMINI_MODEL="gemini-2.5-pro"
+```
+
+**Use Claude Code:**
 
 ```bash
-export ANTHROPIC_BASE_URL="http://<host>:3000/antigravity/api/"
-export ANTHROPIC_AUTH_TOKEN="cr_xxxxxxxxxxxx"
-export ANTHROPIC_MODEL="claude-opus-4-5"
 claude
 ```
 
-### Gemini pool
+**Use Gemini CLI:**
 
 ```bash
-export ANTHROPIC_BASE_URL="http://<host>:3000/gemini-cli/api/"
+gemini
-export ANTHROPIC_AUTH_TOKEN="cr_xxxxxxxxxxxx"
-export ANTHROPIC_MODEL="gemini-2.5-pro"
-claude
-```
-
-### Standard Claude pool
-
-```bash
-export ANTHROPIC_BASE_URL="http://<host>:3000/api/"
-export ANTHROPIC_AUTH_TOKEN="cr_xxxxxxxxxxxx"
-claude
 ```
 
 ---
 
-## Antigravity Quota & Models
+## 🔧 Daily Maintenance
 
-- Quota display: in Admin UI -> Accounts -> `gemini-antigravity` -> click **Test/Refresh**.
+### Service Management
-- Dynamic models list:
+
-  - Anthropic/Claude Code routing: `GET /antigravity/api/v1/models` (proxies Antigravity `fetchAvailableModels`)
+```bash
-  - OpenAI-compatible routing: `GET /openai/gemini/models` (or `GET /openai/gemini/v1/models`)
+# Check service status
+npm run service:status
+
+# View logs
+npm run service:logs
+
+# Restart service
+npm run service:restart:daemon
+
+# Stop service
+npm run service:stop
+```
+
+### Monitor Usage
+
+- **Web Interface**: `http://your-domain:3000/web` - View usage statistics
+- **Health Check**: `http://your-domain:3000/health` - Confirm service is normal
+- **Log Files**: Various log files in `logs/` directory
+
+### Upgrade Guide
+
+When a new version is released, follow these steps to upgrade the service:
+
+```bash
+# 1. Navigate to project directory
+cd claude-relay-service
+
+# 2. Pull latest code
+git pull origin main
+
+# If you encounter package-lock.json conflicts, use the remote version
+git checkout --theirs package-lock.json
+git add package-lock.json
+
+# 3. Install new dependencies (if any)
+npm install
+
+# 4. Restart service
+npm run service:restart:daemon
+
+# 5. Check service status
+npm run service:status
+```
+
+**Important Notes:**
+- Before upgrading, it's recommended to backup important configuration files (.env, config/config.js)
+- Check the changelog to understand if there are any breaking changes
+- Database structure changes will be migrated automatically if needed
+
+### Common Issue Resolution
+
+**Can't connect to Redis?**
+```bash
+# Check if Redis is running
+redis-cli ping
+
+# Should return PONG
+```
+
+**OAuth authorization failed?**
+- Check if proxy settings are correct
+- Ensure normal access to claude.ai
+- Clear browser cache and retry
+
+**API request failed?**
+- Check if API Key is correct
+- View log files for error information
+- Confirm Claude account status is normal
 
 ---
 
-## Debug Dumps (optional)
+## 🛠️ Advanced Usage
 
-See `.env.example` for the full list. Common toggles:
+### Reverse Proxy Deployment Guide
 
-- `ANTHROPIC_DEBUG_REQUEST_DUMP=true`
+For production environments, it is recommended to use a reverse proxy for automatic HTTPS, security headers, and performance optimization. Two common solutions are provided below: **Caddy** and **Nginx Proxy Manager (NPM)**.
-- `ANTHROPIC_DEBUG_RESPONSE_DUMP=true`
-- `ANTIGRAVITY_DEBUG_UPSTREAM_REQUEST_DUMP=true`
-- `ANTIGRAVITY_DEBUG_UPSTREAM_RESPONSE_DUMP=true`
-- `DUMP_MAX_FILE_SIZE_BYTES=10485760`
 
 ---
 
-## License
+## Caddy Solution
 
-This project is licensed under the [MIT License](LICENSE).
+Caddy is a web server that automatically manages HTTPS certificates, with simple configuration and excellent performance, ideal for deployments without Docker environments.
 
+**1. Install Caddy**
+
+```bash
+# Ubuntu/Debian
+sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+sudo apt update
+sudo apt install caddy
+
+# CentOS/RHEL/Fedora
+sudo yum install yum-plugin-copr
+sudo yum copr enable @caddy/caddy
+sudo yum install caddy
+```
+
+**2. Caddy Configuration**
+
+Edit `/etc/caddy/Caddyfile`:
+
+```caddy
+your-domain.com {
+    # Reverse proxy to local service
+    reverse_proxy 127.0.0.1:3000 {
+        # Support streaming responses or SSE
+        flush_interval -1
+
+        # Pass real IP
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+
+        # Long read/write timeout configuration
+        transport http {
+            read_timeout 300s
+            write_timeout 300s
+            dial_timeout 30s
+        }
+    }
+
+    # Security headers
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Frame-Options "DENY"
+        X-Content-Type-Options "nosniff"
+        -Server
+    }
+}
+```
+
+**3. Start Caddy**
+
+```bash
+sudo caddy validate --config /etc/caddy/Caddyfile
+sudo systemctl start caddy
+sudo systemctl enable caddy
+sudo systemctl status caddy
+```
+
+**4. Service Configuration**
+
+Since Caddy automatically manages HTTPS, you can restrict the service to listen locally only:
+
+```javascript
+// config/config.js
+module.exports = {
+  server: {
+    port: 3000,
+    host: '127.0.0.1' // Listen locally only
+  }
+}
+```
+
+**Caddy Features**
+
+* 🔒 Automatic HTTPS with zero-configuration certificate management
+* 🛡️ Secure default configuration with modern TLS suites
+* ⚡ HTTP/2 and streaming support
+* 🔧 Concise configuration files, easy to maintain
+
+---
+
+## Nginx Proxy Manager (NPM) Solution
+
+Nginx Proxy Manager manages reverse proxies and HTTPS certificates through a graphical interface, deployed as a Docker container.
+
+**1. Create a New Proxy Host in NPM**
+
+Configure the Details as follows:
+
+| Item                  | Setting                  |
+| --------------------- | ------------------------ |
+| Domain Names          | relay.example.com        |
+| Scheme                | http                     |
+| Forward Hostname / IP | 192.168.0.1 (docker host IP) |
+| Forward Port          | 3000                     |
+| Block Common Exploits | ☑️                       |
+| Websockets Support    | ❌ **Disable**            |
+| Cache Assets          | ❌ **Disable**            |
+| Access List           | Publicly Accessible      |
+
+> Note:
+> - Ensure Claude Relay Service **listens on `0.0.0.0`, container IP, or host IP** to allow NPM internal network connections.
+> - **Websockets Support and Cache Assets must be disabled**, otherwise SSE / streaming responses will fail.
+
+**2. Custom locations**
+
+No content needed, keep it empty.
+
+**3. SSL Settings**
+
+* **SSL Certificate**: Request a new SSL Certificate (Let's Encrypt) or existing certificate
+* ☑️ **Force SSL**
+* ☑️ **HTTP/2 Support**
+* ☑️ **HSTS Enabled**
+* ☑️ **HSTS Subdomains**
+
+**4. Advanced Configuration**
+
+Add the following to Custom Nginx Configuration:
+
+```nginx
+# Pass real user IP
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+
+# Support WebSocket / SSE streaming
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+proxy_buffering off;
+
+# Long connection / timeout settings (for AI chat streaming)
+proxy_read_timeout 300s;
+proxy_send_timeout 300s;
+proxy_connect_timeout 30s;
+
+# ---- Security Settings ----
+# Strict HTTPS policy (HSTS)
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+# Block clickjacking and content sniffing
+add_header X-Frame-Options "DENY" always;
+add_header X-Content-Type-Options "nosniff" always;
+
+# Referrer / Permissions restriction policies
+add_header Referrer-Policy "no-referrer-when-downgrade" always;
+add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
+
+# Hide server information (equivalent to Caddy's `-Server`)
+proxy_hide_header Server;
+
+# ---- Performance Tuning ----
+# Disable proxy caching for real-time responses (SSE / Streaming)
+proxy_cache_bypass $http_upgrade;
+proxy_no_cache $http_upgrade;
+proxy_request_buffering off;
+```
+
+**5. Launch and Verify**
+
+* After saving, wait for NPM to automatically request Let's Encrypt certificate (if applicable).
+* Check Proxy Host status in Dashboard to ensure it shows "Online".
+* Visit `https://relay.example.com`, if the green lock icon appears, HTTPS is working properly.
+
+**NPM Features**
+
+* 🔒 Automatic certificate application and renewal
+* 🔧 Graphical interface for easy multi-service management
+* ⚡ Native HTTP/2 / HTTPS support
+* 🚀 Ideal for Docker container deployments
+
+---
+
+Both solutions are suitable for production deployment. If you use a Docker environment, **Nginx Proxy Manager is more convenient**; if you want to keep software lightweight and automated, **Caddy is a better choice**.
+
+---
+
+## 💡 Usage Recommendations
+
+### Account Management
+- **Regular Checks**: Check account status weekly, handle exceptions promptly
+- **Reasonable Allocation**: Can assign different API keys to different people, analyze usage based on different API keys
+
+### Security Recommendations
+- **Use HTTPS**: Strongly recommend using Caddy reverse proxy (automatic HTTPS) to ensure secure data transmission
+- **Regular Backups**: Back up important configurations and data
+- **Monitor Logs**: Regularly check exception logs
+- **Update Keys**: Regularly change JWT and encryption keys
+- **Firewall Settings**: Only open necessary ports (80, 443), hide direct service ports
+
+---
+
+## 🆘 What to Do When You Encounter Problems?
+
+### Self-troubleshooting
+1. **Check Logs**: Log files in `logs/` directory
+2. **Check Configuration**: Confirm configuration files are set correctly
+3. **Test Connectivity**: Use curl to test if API is normal
+4. **Restart Service**: Sometimes restarting fixes it
+
+### Seeking Help
+- **GitHub Issues**: Submit detailed error information
+- **Read Documentation**: Carefully read error messages and documentation
+- **Community Discussion**: See if others have encountered similar problems
+
+---
+
+## 📄 License
+This project uses the [MIT License](LICENSE).
+
+---
+
+<div align="center">
+
+**⭐ If you find it useful, please give it a Star, this is the greatest encouragement to the author!**
+
+**🤝 Feel free to submit Issues for problems, welcome PRs for improvement suggestions**
+
+</div>

VERSION

@@ -1 +1 @@
-1.1.253
+1.1.255

src/handlers/geminiHandlers.js

@@ -862,7 +862,7 @@ async function handleKeyInfo(req, res) {
     res.json({
       id: keyData.id,
       name: keyData.name,
-      permissions: keyData.permissions || 'all',
+      permissions: keyData.permissions,
       token_limit: keyData.tokenLimit,
       tokens_used: keyData.usage.total.tokens,
       tokens_remaining:

src/routes/apiStats.js

@@ -155,7 +155,7 @@ router.post('/api/user-stats', async (req, res) => {
         restrictedModels,
         enableClientRestriction: keyData.enableClientRestriction === 'true',
         allowedClients,
-        permissions: keyData.permissions || 'all',
+        permissions: keyData.permissions,
         // 添加激活相关字段
         expirationMode: keyData.expirationMode || 'fixed',
         isActivated: keyData.isActivated === 'true',

src/routes/openaiClaudeRoutes.js

@@ -8,6 +8,7 @@ const router = express.Router()
 const logger = require('../utils/logger')
 const { authenticateApiKey } = require('../middleware/auth')
 const claudeRelayService = require('../services/claudeRelayService')
+const claudeConsoleRelayService = require('../services/claudeConsoleRelayService')
 const openaiToClaude = require('../services/openaiToClaude')
 const apiKeyService = require('../services/apiKeyService')
 const unifiedClaudeScheduler = require('../services/unifiedClaudeScheduler')
@@ -19,8 +20,7 @@ const { getEffectiveModel } = require('../utils/modelHelper')
 
 // 🔧 辅助函数：检查 API Key 权限
 function checkPermissions(apiKeyData, requiredPermission = 'claude') {
-  const permissions = apiKeyData.permissions || 'all'
+  return apiKeyService.hasPermission(apiKeyData?.permissions, requiredPermission)
-  return permissions === 'all' || permissions === requiredPermission
 }
 
 function queueRateLimitUpdate(rateLimitInfo, usageSummary, model, context = '') {
@@ -235,7 +235,7 @@ async function handleChatCompletion(req, res, apiKeyData) {
       }
       throw error
     }
-    const { accountId } = accountSelection
+    const { accountId, accountType } = accountSelection
 
     // 获取该账号存储的 Claude Code headers
     const claudeCodeHeaders = await claudeCodeHeadersService.getAccountHeaders(accountId)
@@ -265,72 +265,105 @@ async function handleChatCompletion(req, res, apiKeyData) {
         }
       })
 
-      // 使用转换后的响应流 (使用 OAuth-only beta header，添加 Claude Code 必需的 headers)
+      // 使用转换后的响应流 (根据账户类型选择转发服务)
-      await claudeRelayService.relayStreamRequestWithUsageCapture(
+      // 创建 usage 回调函数
-        claudeRequest,
+      const usageCallback = (usage) => {
-        apiKeyData,
+        // 记录使用统计
-        res,
+        if (usage && usage.input_tokens !== undefined && usage.output_tokens !== undefined) {
-        claudeCodeHeaders,
+          const model = usage.model || claudeRequest.model
-        (usage) => {
+          const cacheCreateTokens =
-          // 记录使用统计
+            (usage.cache_creation && typeof usage.cache_creation === 'object'
-          if (usage && usage.input_tokens !== undefined && usage.output_tokens !== undefined) {
+              ? (usage.cache_creation.ephemeral_5m_input_tokens || 0) +
-            const model = usage.model || claudeRequest.model
+                (usage.cache_creation.ephemeral_1h_input_tokens || 0)
-            const cacheCreateTokens =
+              : usage.cache_creation_input_tokens || 0) || 0
-              (usage.cache_creation && typeof usage.cache_creation === 'object'
+          const cacheReadTokens = usage.cache_read_input_tokens || 0
-                ? (usage.cache_creation.ephemeral_5m_input_tokens || 0) +
-                  (usage.cache_creation.ephemeral_1h_input_tokens || 0)
-                : usage.cache_creation_input_tokens || 0) || 0
-            const cacheReadTokens = usage.cache_read_input_tokens || 0
 
-            // 使用新的 recordUsageWithDetails 方法来支持详细的缓存数据
+          // 使用新的 recordUsageWithDetails 方法来支持详细的缓存数据
-            apiKeyService
+          apiKeyService
-              .recordUsageWithDetails(
+            .recordUsageWithDetails(
-                apiKeyData.id,
+              apiKeyData.id,
-                usage, // 直接传递整个 usage 对象，包含可能的 cache_creation 详细数据
+              usage, // 直接传递整个 usage 对象，包含可能的 cache_creation 详细数据
-                model,
-                accountId
-              )
-              .catch((error) => {
-                logger.error('❌ Failed to record usage:', error)
-              })
-
-            queueRateLimitUpdate(
-              req.rateLimitInfo,
-              {
-                inputTokens: usage.input_tokens || 0,
-                outputTokens: usage.output_tokens || 0,
-                cacheCreateTokens,
-                cacheReadTokens
-              },
               model,
-              'openai-claude-stream'
+              accountId,
+              accountType
             )
-          }
+            .catch((error) => {
-        },
+              logger.error('❌ Failed to record usage:', error)
-        // 流转换器
+            })
-        (() => {
+
-          // 为每个请求创建独立的会话ID
+          queueRateLimitUpdate(
-          const sessionId = `chatcmpl-${Math.random().toString(36).substring(2, 15)}${Math.random().toString(36).substring(2, 15)}`
+            req.rateLimitInfo,
-          return (chunk) => openaiToClaude.convertStreamChunk(chunk, req.body.model, sessionId)
+            {
-        })(),
+              inputTokens: usage.input_tokens || 0,
-        {
+              outputTokens: usage.output_tokens || 0,
-          betaHeader:
+              cacheCreateTokens,
-            'oauth-2025-04-20,claude-code-20250219,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14'
+              cacheReadTokens
+            },
+            model,
+            `openai-${accountType}-stream`
+          )
         }
-      )
+      }
+
+      // 创建流转换器
+      const sessionId = `chatcmpl-${Math.random().toString(36).substring(2, 15)}${Math.random().toString(36).substring(2, 15)}`
+      const streamTransformer = (chunk) =>
+        openaiToClaude.convertStreamChunk(chunk, req.body.model, sessionId)
+
+      // 根据账户类型选择转发服务
+      if (accountType === 'claude-console') {
+        // Claude Console 账户使用 Console 转发服务
+        await claudeConsoleRelayService.relayStreamRequestWithUsageCapture(
+          claudeRequest,
+          apiKeyData,
+          res,
+          claudeCodeHeaders,
+          usageCallback,
+          accountId,
+          streamTransformer
+        )
+      } else {
+        // Claude Official 账户使用标准转发服务
+        await claudeRelayService.relayStreamRequestWithUsageCapture(
+          claudeRequest,
+          apiKeyData,
+          res,
+          claudeCodeHeaders,
+          usageCallback,
+          streamTransformer,
+          {
+            betaHeader:
+              'oauth-2025-04-20,claude-code-20250219,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14'
+          }
+        )
+      }
     } else {
       // 非流式请求
       logger.info(`📄 Processing OpenAI non-stream request for model: ${req.body.model}`)
 
-      // 发送请求到 Claude (使用 OAuth-only beta header，添加 Claude Code 必需的 headers)
+      // 根据账户类型选择转发服务
-      const claudeResponse = await claudeRelayService.relayRequest(
+      let claudeResponse
-        claudeRequest,
+      if (accountType === 'claude-console') {
-        apiKeyData,
+        // Claude Console 账户使用 Console 转发服务
-        req,
+        claudeResponse = await claudeConsoleRelayService.relayRequest(
-        res,
+          claudeRequest,
-        claudeCodeHeaders,
+          apiKeyData,
-        { betaHeader: 'oauth-2025-04-20' }
+          req,
-      )
+          res,
+          claudeCodeHeaders,
+          accountId
+        )
+      } else {
+        // Claude Official 账户使用标准转发服务
+        claudeResponse = await claudeRelayService.relayRequest(
+          claudeRequest,
+          apiKeyData,
+          req,
+          res,
+          claudeCodeHeaders,
+          { betaHeader: 'oauth-2025-04-20' }
+        )
+      }
 
       // 解析 Claude 响应
       let claudeData
@@ -376,7 +409,8 @@ async function handleChatCompletion(req, res, apiKeyData) {
             apiKeyData.id,
             usage, // 直接传递整个 usage 对象，包含可能的 cache_creation 详细数据
             claudeRequest.model,
-            accountId
+            accountId,
+            accountType
           )
           .catch((error) => {
             logger.error('❌ Failed to record usage:', error)
@@ -391,7 +425,7 @@ async function handleChatCompletion(req, res, apiKeyData) {
             cacheReadTokens
           },
           claudeRequest.model,
-          'openai-claude-non-stream'
+          `openai-${accountType}-non-stream`
         )
       }
 

src/routes/openaiRoutes.js

@@ -904,7 +904,7 @@ router.get('/key-info', authenticateApiKey, async (req, res) => {
       id: keyData.id,
       name: keyData.name,
       description: keyData.description,
-      permissions: keyData.permissions || 'all',
+      permissions: keyData.permissions,
       token_limit: keyData.tokenLimit,
       tokens_used: keyData.usage.total.tokens,
       tokens_remaining:

src/services/anthropicGeminiBridgeService.js

@@ -80,6 +80,15 @@ const ANTIGRAVITY_TOOL_FOLLOW_THROUGH_PROMPT =
 // 工具报错时注入的 system prompt，提示模型不要中断
 const TOOL_ERROR_CONTINUE_PROMPT =
   'Tool calls may fail (e.g., missing prerequisites). When a tool result indicates an error, do not stop: briefly explain the cause and continue with an alternative approach or the remaining steps.'
+// Antigravity 账号前置注入的系统提示词
+const ANTIGRAVITY_SYSTEM_INSTRUCTION_PREFIX = `<identity>
+You are Antigravity, a powerful agentic AI coding assistant designed by the Google Deepmind team working on Advanced Agentic Coding.
+You are pair programming with a USER to solve their coding task. The task may require creating a new codebase, modifying or debugging an existing codebase, or simply answering a question.
+The USER will send you requests, which you must always prioritize addressing. Along with each USER request, we will attach additional metadata about their current state, such as what files they have open and where their cursor is.
+This information may or may not be relevant to the coding task, it is up for you to decide.
+</identity>
+<communication_style>
+- **Proactiveness**. As an agent, you are allowed to be proactive, but only in the course of completing the user's task. For example, if the user asks you to add a new component, you can edit the code, verify build and test statuses, and take any other obvious follow-up actions, such as performing additional research. However, avoid surprising the user. For example, if the user asks HOW to approach something, you should answer their question and instead of jumping into editing a file.</communication_style>`
 
 // ============================================================================
 // 辅助函数：基础工具
@@ -1362,9 +1371,12 @@ function buildGeminiRequestFromAnthropic(
     generationConfig
   }
 
-  if (systemParts.length > 0) {
+  // antigravity: 前置注入系统提示词
-    geminiRequestBody.systemInstruction =
+  if (vendor === 'antigravity') {
-      vendor === 'antigravity' ? { role: 'user', parts: systemParts } : { parts: systemParts }
+    const allParts = [{ text: ANTIGRAVITY_SYSTEM_INSTRUCTION_PREFIX }, ...systemParts]
+    geminiRequestBody.systemInstruction = { role: 'user', parts: allParts }
+  } else if (systemParts.length > 0) {
+    geminiRequestBody.systemInstruction = { parts: systemParts }
   }
 
   const geminiTools = convertAnthropicToolsToGeminiTools(body.tools, { vendor })

src/services/antigravityClient.js

@@ -64,7 +64,8 @@ function getAntigravityHeaders(accessToken, baseUrl) {
     'User-Agent': process.env.ANTIGRAVITY_USER_AGENT || 'antigravity/1.11.3 windows/amd64',
     Authorization: `Bearer ${accessToken}`,
     'Content-Type': 'application/json',
-    'Accept-Encoding': 'gzip'
+    'Accept-Encoding': 'gzip',
+    requestType: 'agent'
   }
 }
 

src/services/rateLimitCleanupService.js

@@ -360,7 +360,10 @@ class RateLimitCleanupService {
 
   /**
    * 主动刷新 Claude 账户 Token（防止等待重置期间 Token 过期）
-   * 仅对等待重置（schedulable=false）且 Token 即将过期的账户执行刷新
+   * 仅对因限流/配额限制而等待重置的账户执行刷新：
+   * - 429 限流账户（rateLimitAutoStopped=true）
+   * - 5小时限制自动停止账户（fiveHourAutoStopped=true）
+   * 不处理错误状态账户（error/temp_error）
    */
   async proactiveRefreshClaudeTokens(result) {
     try {
@@ -381,9 +384,13 @@ class RateLimitCleanupService {
           continue
         }
 
-        // 3. 【优化】仅处理等待重置的账户（schedulable=false）
+        // 3. 【优化】仅处理因限流/配额限制而等待重置的账户
         // 正常调度的账户会在请求时自动刷新，无需主动刷新
-        if (account.schedulable !== 'false') {
+        // 错误状态账户的 Token 可能已失效，刷新也会失败
+        const isWaitingForReset =
+          account.rateLimitAutoStopped === 'true' || // 429 限流
+          account.fiveHourAutoStopped === 'true' // 5小时限制自动停止
+        if (!isWaitingForReset) {
           continue
         }