release

[ding113]

Summary

This is a comprehensive release PR merging the dev branch into main, containing multiple features and fixes that have been developed and tested over recent weeks. The PR consolidates 60+ commits spanning user management, session controls, proxy improvements, UI enhancements, and i18n updates.

Related Issues

• Closes feat: 缓存时间差异化计费支持；供应商/key 级别缓存时间偏好设置 #277 - feat: 缓存时间差异化计费支持 (Differentiated cache billing for 5min/1hr)
• Closes feat: add differentiated cache billing support for 5min/1hr cache, close #277 #278 - feat: add differentiated cache billing support
• Closes [BUG]仪表盘使用统计查看时间点数据的时候悬浮窗跑到左上角且被遮挡 #280 - [BUG] 仪表盘使用统计悬浮窗显示问题 (Dashboard chart tooltip visibility)
• Closes feat:增加在新建令牌时选择供应商分组的功能 #281 - feat: 增加在新建令牌时选择供应商分组的功能 (Provider group selection for keys)
• Closes [BUG]请求日志中 列表和内部实际不统一？ #229 - [BUG] 请求日志列表和详情不统一 (Log display inconsistencies)
• Related to Issue: 供应商故障转移后出现延迟的 499 错误 #285 - Issue: 供应商故障转移后出现延迟的 499 错误 (Undici timeout optimizations)

Key Features

1. Personal Usage Portal (/my-usage)

• New self-service page for non-admin users to view quotas, usage, and request logs
• Shows 5h/daily/weekly/monthly/total quota limits with visual progress bars
• Today's statistics with auto-refresh (30s interval)
• Paginated request history with filtering (date, model, status)
• Supports both fixed and rolling daily reset modes

2. User Expiration & Status Management

• Added is_enabled and expires_at columns to users table
• Lazy expiration check in ProxyAuthenticator (auto-disable expired users)
• UI controls for enable/disable toggle and expiration date picker
• Quick renew actions (30d/90d/1y/custom)

3. Enhanced Session Management

• Multi-select mode with batch session termination
• Single session termination from details page
• Improved error handling with detailed failure reporting
• Performance optimization using Set for O(1) selection checks

4. Provider Group for Keys

• Keys can now specify a provider group for routing
• Enables token-level provider group control (similar to newapi)

5. Cache TTL Preference

• Added cache_ttl_preference setting for providers and keys
• Differentiated billing for 5-minute vs 1-hour cache tokens
• New columns: cache_creation_5m_input_tokens, cache_creation_1h_input_tokens

6. CORS Preflight Handling

• Proper OPTIONS request handling for Electron/browser environments
• Dynamic origin echoing with exposed headers
• No security degradation - auth chain unchanged for actual requests

7. Error Override Enhancements

• Multi-format response support (Claude/OpenAI/Codex)
• Async rule detection ensuring rules load before checking
• Undici timeout optimization (600s) for LLM responses

8. Request Sequence Tracking

• New request_sequence column for tracking request order within sessions
• Sidebar component for viewing individual requests in session details

Database Migrations

Migration	Purpose
0028_abnormal_pretty_boy.sql	Add is_enabled, expires_at to users
0029_chemical_tenebrous.sql	Recreate index, change can_login_web_ui default
0030_unusual_goliath.sql	Add provider_group to keys
0031_rare_roxanne_simpson.sql	Add cache TTL preference fields
0032_add_request_sequence.sql	Add request_sequence to message_request

UI/UX Improvements

• Fixed chart tooltip visibility ([BUG]仪表盘使用统计查看时间点数据的时候悬浮窗跑到左上角且被遮挡 #280)
• Replaced native date pickers with shadcn/ui DatePickerField
• Enhanced user list with inline edit/delete actions
• Expiration badges (Active/Expiring Soon/Expired/Disabled)
• Personal usage page filters aligned with request logs page

i18n Updates

Added translations for all new features across 5 languages:

• English, Simplified Chinese, Traditional Chinese, Japanese, Russian

Breaking Changes

None - all migrations are backwards compatible with safe defaults.

Checklist

• All merged PRs passed CI
• Database migrations tested
• i18n translations complete
• No breaking changes to existing functionality

---

Description enhanced by Claude AI

[gemini-code-assist]

Summary of Changes

Hello @ding113, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a comprehensive set of features aimed at improving user and API key management, enhancing session visibility and control, and refining error handling within the system. It introduces new database fields and UI components to support user expiration, provider group assignments, and detailed session request logging. A new 'My Usage' page empowers individual users with self-service access to their usage data, while backend logic has been strengthened with asynchronous error rule detection and flexible error override capabilities.

Highlights

• Database Schema Enhancements: Introduced new database migrations to add is_enabled and expires_at fields to the users table, provider_group and cache_ttl_preference to the keys table, and request_sequence along with detailed cache token fields (cache_creation_5m_input_tokens, cache_creation_1h_input_tokens, cache_ttl_applied) to the message_request table. Corresponding indexes were also created or updated.
• User and Key Management: Implemented new functionalities for user and API key management, including user expiration, the ability to renew user access, and toggling user enabled/disabled status. Keys can now be assigned to specific provider groups and have custom cache TTL preferences.
• Session Tracking and Control: Enhanced session tracking to include a request_sequence for individual requests within a session, allowing for more granular logging and retrieval of messages/responses. Added features for single and batch termination of active sessions, providing administrators with better control over resource usage.
• Error Handling and Overrides: Improved the error handling mechanism with asynchronous error rule detection to ensure rules are loaded before processing. The error override functionality now supports different API error response formats (Claude, Gemini, OpenAI) and includes new default rules for common client-side errors like input/context/token limits and model-related issues.
• New 'My Usage' Page: Introduced a dedicated 'My Usage' page for non-admin users, allowing them to view their personal quotas, daily usage statistics, and detailed usage logs. This page provides a read-only dashboard for individual key holders.
• Internationalization Updates: Updated internationalization files across English, Japanese, Russian, Simplified Chinese, and Traditional Chinese to support the new UI features and terminology.
• API Proxy Enhancements: Integrated CORS middleware for the API proxy, added user status and expiration checks during authentication, and configured undici global dispatcher timeouts for more robust request handling. Cache TTL preferences are now applied to Anthropic requests.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Code Review Summary

This PR merges dev branch changes into main with 1,632 additions and 175 deletions across 36 files. The changes include comprehensive Gemini CLI support, format converters, response handling improvements, and various bug fixes. After thorough review through all 6 perspectives (Comment Analyzer, Test Analyzer, Silent Failure Hunter, Type Design Auditor, General Code Review, Code Simplifier), no issues meeting the 80% confidence threshold were identified.

PR Size: XL

• Lines changed: 1,807 (1,632+ / 175-)
• Files changed: 36

Split Suggestion for XL PR: For future PRs of this size, consider splitting by feature area:

1. Gemini CLI format converters and adapter
2. Response handler improvements
3. Provider selector refactoring
4. Bug fixes and minor changes

Issues Found

Category	Critical	High	Medium	Low
Logic/Bugs	0	0	0	0
Security	0	0	0	0
Error Handling	0	0	0	0
Types	0	0	0	0
Comments/Docs	0	0	0	0
Tests	0	0	0	0
Simplification	0	0	0	0

Review Highlights

Error Handling: The codebase demonstrates proper error handling patterns:

• All catch blocks either log errors via logger.error/logger.warn or return meaningful user-facing errors
• Circuit breaker properly records failures and persists state to Redis
• Response handler uses persistRequestFailure for comprehensive failure tracking
• Fail-open patterns used appropriately for Redis unavailability

Type Safety: TypeScript types are properly defined with interfaces like GeminiResponseState, ProviderChainItem, and UsageMetrics. No unsafe any usage found in critical paths.

Code Quality: Format converters follow consistent patterns with clear state machines for SSE transformation. The provider selector implements proper weighted random selection with priority-based filtering.

Review Coverage

• Logic and correctness - Clean
• Security (OWASP Top 10) - Clean
• Error handling - Proper logging and user feedback throughout
• Type safety - Well-typed with appropriate interfaces
• Documentation accuracy - Comments match implementation
• Test coverage - N/A (no test file changes in diff)
• Code clarity - State machines well-documented

---

Automated review by Claude AI

[gemini-code-assist]

Code Review

This pull request introduces significant database schema changes and new features related to user and key management, session tracking, and error handling. Database migrations add is_enabled and expires_at columns to the users table, provider_group and cache_ttl_preference to the keys table, and request_sequence, cache_creation_5m_input_tokens, cache_creation_1h_input_tokens, and cache_ttl_applied to the message_request table, along with new indexes. The keys table's can_login_web_ui default is changed to false.

New localization strings are added across multiple languages to support these features, including session termination, user expiration statuses, renewal actions, provider groups, and a new 'My Usage' page. Server actions are introduced for batch session termination, fetching session requests, and managing user expiration and enabled status. The error rule detection system is enhanced with lazy initialization and new patterns for client-side errors, and the error override response handling is updated to support Claude, Gemini, and OpenAI formats. The proxy forwarder now applies cache TTL overrides to Anthropic requests and includes more detailed error messages for system errors. The session manager now tracks individual request sequences within a session and stores messages/responses per sequence. Frontend components are updated to reflect these changes, including new UI for user status, expiration, key/user provider groups, session request lists, and batch session termination.

Review comments highlight a potential issue where applyCacheTtlOverrideToMessage mutates the request message in-place, which could lead to incorrect request bodies on retries with different providers. Another comment points out a possible undercharging scenario for 1-hour cached requests due to an incorrect fallback logic in cacheCreation1hCost calculation.

[gemini-code-assist]

Similar to the format conversion issue, applyCacheTtlOverrideToMessage mutates session.request.message in-place. This modification is specific to Anthropic. If the request is retried with a non-Anthropic provider, the request body will incorrectly contain Anthropic's cache_control fields.

This mutation should be performed on a temporary, deep copy of the message for this attempt only, to avoid leaking provider-specific fields into subsequent retries.

[gemini-code-assist]

The fallback logic for cacheCreation1hCost seems incorrect. If priceData.cache_creation_input_token_cost_above_1hr is not defined and inputCostPerToken is also not available, it falls back to cacheCreation5mCost. This would result in undercharging for 1-hour cached requests, as they would be billed at the 5-minute cache rate. The fallback should probably be undefined to indicate that the cost cannot be calculated, which would result in a cost of 0 rather than an incorrect, lower cost.

Suggested change

	const cacheCreation1hCost =
	priceData.cache_creation_input_token_cost_above_1hr ??
	(inputCostPerToken != null ? inputCostPerToken * 2 : undefined) ??
	cacheCreation5mCost;
	const cacheCreation1hCost =
	priceData.cache_creation_input_token_cost_above_1hr ??
	(inputCostPerToken != null ? inputCostPerToken * 2 : undefined);