Show a semi-transparent blue rectangle overlay while dragging to
select rows, matching the project's primary color theme with dark
mode support. The box spans the full table width from drag start
to current mouse position.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The recent upstream commit added allow_messages_dispatch to the Group
DTO but did not update the API contract test expectation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extend the existing total quota limit with daily and weekly periodic
dimensions. Each dimension is independently configurable and uses lazy
reset — when the period expires, usage is automatically reset to zero on
the next increment. Any dimension exceeding its limit will pause the
account from scheduling.
Backend:
- Add GetQuotaDailyLimit/Used, GetQuotaWeeklyLimit/Used, HasAnyQuotaLimit
- Rewrite IncrementQuotaUsed with atomic CTE SQL for 3-dimension update
- Rewrite ResetQuotaUsed to clear all dimensions and period timestamps
- Update postUsageBilling to use HasAnyQuotaLimit()
- Preserve daily/weekly used values on account edit
Frontend:
- Refactor QuotaLimitCard from single v-model to 3-dimension props
- Add QuotaBadge component for compact D/W/$ display
- Update AccountCapacityCell with per-dimension badges
- Update Create/Edit modals with daily/weekly quota fields
- Update AccountActionMenu hasQuotaLimit to check all dimensions
- Add i18n strings for daily/weekly/total quota labels
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GO-2026-4602 (os), GO-2026-4601 (net/url), GO-2026-4600 and
GO-2026-4599 (crypto/x509). The crypto/x509 fixes are only
available in go1.26.1+, not backported to go1.25.x.
- Fix gofmt: align struct field comments in UsageCache, trim trailing
whitespace on const comments
- Fix errcheck: use comma-ok on type assertion for singleflight result
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevents 429 rate-limit retry storms and reduces upstream correlation risk
for Anthropic usage API queries.
Three changes:
1. Negative caching (1 min TTL) — 429/error responses are now cached,
preventing every subsequent page load from re-triggering failed API calls.
2. singleflight dedup — concurrent requests for the same account are
collapsed into a single upstream call, preventing cache stampede.
3. Random jitter (0–800 ms) — staggers multi-account cache-miss bursts so
requests from different accounts don't hit upstream simultaneously with
identical TLS fingerprints, reducing anti-abuse correlation risk.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When customErrorCodes is disabled or modelMapping is empty, explicitly
delete the fields inherited from currentCredentials spread to avoid
preserving stale values.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When editing an apikey account, the credentials object was built from
scratch, causing fields like tier_id that are not exposed in the UI to
be silently dropped on save. Spread currentCredentials first so unknown
fields are retained, then let the known fields overwrite them.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
