feat: optionally intercept Anthropic warmup requests

[ding113]

Summary

Adds an optional system setting to intercept Anthropic warmup requests directly at the proxy level, avoiding unnecessary upstream API calls and output token costs.

背景 / Background

Anthropic /v1/messages occasionally sends warmup requests that waste upstream API calls and output tokens.

变更 / Changes

• New system setting: interceptAnthropicWarmupRequests (default: off) - when enabled, CCH directly responds to warmup requests with minimal valid response
• Request logging: Warmup requests are logged to message_request with blocked_by=warmup, provider_id=0, cost_usd=NULL, and clearly labeled in logs list/detail views
• Statistics exclusion: Warmup requests are excluded from billing, RPM, quotas, and provider statistics; no concurrent session tracking (SessionTracker.trackSession not called)
• Session detail visibility: CCH-intercepted response body/headers visible in session details with x-cch-intercepted: warmup header

Database Migration

• Migration: drizzle/0044_uneven_donald_blake.sql
• Adds column intercept_anthropic_warmup_requests (default: false) to system_settings table

Files Changed

Core Changes

File	Description
src/app/v1/_lib/proxy/warmup-guard.ts	New guard to detect and intercept warmup requests
src/app/v1/_lib/proxy/guard-pipeline.ts	Integrate warmup guard into pipeline
src/app/v1/_lib/proxy/session-guard.ts	Skip session tracking for warmup requests
src/app/v1/_lib/proxy/session.ts	Add warmup detection methods

UI Changes

File	Description
src/app/[locale]/settings/config/_components/system-settings-form.tsx	Add setting toggle
src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx	Display warmup badge
src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx	Show intercepted response

Repository/Data Layer

File	Description
src/repository/statistics.ts	Exclude warmup from aggregations
src/repository/message.ts	Handle warmup in message queries
src/repository/usage-logs.ts	Filter warmup in logs
src/repository/leaderboard.ts	Exclude warmup from rankings

i18n

• Added translations for all 5 locales (en, ja, ru, zh-CN, zh-TW)

Testing

Automated Tests

• tests/unit/proxy/warmup-guard.test.ts - Warmup detection logic
• tests/unit/proxy/session-guard-warmup-intercept.test.ts - Session guard integration
• tests/unit/proxy/guard-pipeline-warmup.test.ts - Pipeline integration
• tests/unit/proxy/session.test.ts - Session warmup methods
• tests/unit/repository/warmup-stats-exclusion.test.ts - Statistics exclusion
• tests/unit/dashboard-logs-warmup-ui.test.tsx - Logs UI
• tests/unit/error-details-dialog-warmup-ui.test.tsx - Error dialog UI

Verification Steps

bun run lint
bun run typecheck
bun run test
bun run build
bun run test --coverage  # Coverage exceeds baseline

Checklist

• Code follows project conventions
• Self-review completed
• Tests pass locally
• i18n translations added
• Database migration included

---

Description enhanced by Claude AI

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces support for intercepting Anthropic Warmup requests. It adds a new database column, configuration setting, and guard implementation to detect warmup probes, respond without upstream calls, exclude them from statistics and rate limits, and log them for audit purposes across multiple languages.

Changes

变更组 / 文件	摘要
数据库架构和元数据 drizzle/0044_uneven_donald_blake.sql, drizzle/meta/0044_snapshot.json, drizzle/meta/_journal.json, src/drizzle/schema.ts	新增布尔列 intercept_anthropic_warmup_requests 到 system_settings 表，默认值为 false，不可为空。更新迁移版本为 7，包含完整的 PostgreSQL 架构快照。
系统配置和类型定义 src/types/system-config.ts, src/lib/config/system-settings-cache.ts, src/lib/validation/schemas.ts, src/repository/system-config.ts, src/actions/system-config.ts	在 SystemSettings 中新增 interceptAnthropicWarmupRequests 字段，支持读写和更新。扩展验证架构和缓存默认值，包含新字段。
国际化翻译 messages/en/dashboard.json, messages/en/settings.json, messages/ja/dashboard.json, messages/ja/settings.json, messages/ru/dashboard.json, messages/ru/settings.json, messages/zh-CN/dashboard.json, messages/zh-CN/settings.json, messages/zh-TW/dashboard.json, messages/zh-TW/settings.json	在仪表板和设置中添加"已跳过"（Skipped）和"拦截 Warmup 请求"标签。在日志详情中新增 warmup 对象，包含标题、原因、warmup 描述信息，涵盖英语、日语、俄语和简体/繁体中文。
Warmup 检测和拦截逻辑 src/app/v1/_lib/proxy/warmup-guard.ts, src/app/v1/_lib/proxy/session.ts, src/app/v1/_lib/proxy/session-guard.ts, src/app/v1/_lib/proxy/guard-pipeline.ts	新增 ProxyWarmupGuard 类实现 warmup 拦截，包含响应构建、数据库记录和审计日志。新增 isWarmupRequest() 方法检测 warmup 探测（特定消息内容和缓存控制）。集成到 guard-pipeline，在会话验证后执行。更新会话追踪跳过已拦截 warmup 请求。
统计数据排除逻辑 src/repository/usage-logs.ts, src/repository/message.ts, src/repository/leaderboard.ts, src/repository/key.ts, src/repository/provider.ts, src/repository/statistics.ts, src/repository/overview.ts	跨多个仓库模块引入 EXCLUDE_WARMUP_CONDITION，从用户/密钥/提供商统计、排行榜、成本计算和消息聚合中排除 blockedBy='warmup' 的记录。新增 totalCount 字段区分总行数和排除 warmup 后的请求数。
前端仪表板 UI src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx, src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx	在错误详情对话框中新增 warmup 跳过状态检测和显示。在日志表中为 warmup 跳过的日志添加"已跳过"徽章和特殊样式，区分于普通阻止。
设置表单 src/app/[locale]/settings/config/_components/system-settings-form.tsx, src/app/[locale]/settings/config/page.tsx	在系统设置表单中新增 interceptAnthropicWarmupRequests 开关控件，支持启用/禁用 warmup 拦截功能。
单元测试 tests/unit/proxy/warmup-guard.test.ts, tests/unit/proxy/session.test.ts, tests/unit/proxy/session-guard-warmup-intercept.test.ts, tests/unit/proxy/guard-pipeline-warmup.test.ts, tests/unit/dashboard-logs-warmup-ui.test.tsx, tests/unit/error-details-dialog-warmup-ui.test.tsx, tests/unit/repository/warmup-stats-exclusion.test.ts, tests/unit/lib/cache/session-cache.test.ts, tests/unit/lib/config/system-settings-cache.test.ts	新增全面的单元测试，验证 warmup 检测、拦截、UI 显示、统计排除和会话缓存行为。
其他更新 src/components/ui/__tests__/badge.test.tsx, tests/integration/billing-model-source.test.ts, tests/setup.ts, tests/unit/lib/provider-url-validation.test.ts	新增 Badge 组件测试、TEST_CONFIG 导出、测试工具配置更新和现有测试中的新字段初始化。

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.91% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	PR标题清晰准确地总结了主要变更：添加可选的Anthropic Warmup请求拦截功能，与changeset完全相关。
Description check	✅ Passed	PR描述详细阐述了Warmup请求拦截功能的背景、变更内容、数据库迁移和验证步骤，与changeset高度相关。

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/intercept-anthropic-warmup

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @ding113, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

此拉取请求引入了一项新功能，允许系统选择性地拦截 Anthropic 的 Warmup 请求。通过在本地直接响应这些探测请求，可以有效减少对上游供应商的无效调用和资源浪费。此功能旨在优化系统效率和成本，同时确保所有被拦截的请求都有详细的日志记录，但不会影响计费和统计数据。

Highlights

• Anthropic Warmup 请求拦截: 新增系统设置开关 interceptAnthropicWarmupRequests（默认关闭），开启后，系统将直接响应 Anthropic /v1/messages 的 Warmup 请求，避免不必要的上游调用和 Token 消耗。
• 日志与统计处理: 被拦截的 Warmup 请求会写入 message_request 日志，并明确标注为 blocked_by=warmup、provider_id=0、cost_usd=NULL。这些请求将不计费、不计入 RPM/额度/供应商统计等聚合口径，也不会计入并发会话计数。
• 会话详情展示: 会话详情页面将显示系统直接响应的请求体/响应头，并带有 x-cch-intercepted: warmup 标识，便于审计和排查。
• 多语言支持: 为新的 Warmup 拦截功能添加了英文、日文、俄文、简体中文和繁体中文的仪表盘和设置页面翻译。
• 数据库变更: 新增数据库迁移，在 system_settings 表中添加 intercept_anthropic_warmup_requests 布尔列，默认值为 false。

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🧪 测试结果

测试类型	状态
代码质量	✅
单元测试	✅
集成测试	✅
API 测试	✅

总体结果: ✅ 所有测试通过

[gemini-code-assist]

Code Review

本次 PR 新增了对 Anthropic Warmup 请求的可选拦截功能，实现非常完整和健壮。

• 新增的 interceptAnthropicWarmupRequests 系统设置开关，提供了灵活的控制。
• ProxyWarmupGuard 的实现逻辑清晰，能够有效拦截 Warmup 请求并提前返回，避免了不必要的上游调用，节省了资源。
• 对日志记录的处理非常细致，通过 blocked_by=warmup 标志清晰地标识了这类请求，并且正确地将 cost_usd 设为 NULL，避免了计费混淆。
• 在所有相关的统计查询中（如用户、密钥、供应商、排行榜等），都通过 EXCLUDE_WARMUP_CONDITION 将 Warmup 请求排除，确保了统计数据的准确性。
• 在并发会话计数中也排除了 Warmup 请求，避免了对真实请求的限流产生影响。
• UI 层面也做了相应的适配，在日志列表和详情中对 Warmup 请求有清晰的标注和说明，提升了可观测性。
• 数据库迁移和多语言本地化文件的更新也很完整。
• 尤其值得称赞的是，本次 PR 包含了大量新增的单元测试和集成测试，覆盖了核心逻辑、UI 组件和数据库查询等多个方面，极大地保证了代码质量和未来的可维护性。

总的来说，这是一个高质量的 PR，考虑周全，实现优雅。我只发现了一个非常微小的问题，不影响整体功能。

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/repository/statistics.ts (1)

1012-1164: 添加 EXCLUDE_WARMUP_CONDITION 条件过滤以保持与其他统计函数的一致性。

getRateLimitEventStats 函数未显式使用 EXCLUDE_WARMUP_CONDITION。虽然 warmup 请求在守卫链中位于限流检查之前（会提前返回 200 响应，不产生限流错误），导致自然被 errorMessage LIKE '%rate_limit_metadata%' 条件过滤掉，但应与其他统计函数（sumKeyTotalCost、sumUserCostInTimeRange 等）保持一致，添加显式的 warmup 排除条件。这样可增强代码的防御性和可维护性。

建议在 WHERE 条件中添加：

AND (${messageRequest.blockedBy} IS NULL OR ${messageRequest.blockedBy} <> 'warmup')

🧹 Nitpick comments (10)

tests/setup.ts (1)

137-141: 建议：使用 const 断言提升类型安全

根据编码规范中"对不可变数据结构使用 readonly 或 const 断言"的要求，TEST_CONFIG 作为配置对象应该是不可变的。建议添加 as const 断言以获得更好的类型推断和不可变性保证。

🔎 建议的改进

-export const TEST_CONFIG = {
+export const TEST_CONFIG = {
   timeout: DEFAULT_TIMEOUT,
   apiBaseUrl: process.env.API_BASE_URL,
   skipAuthTests: !process.env.TEST_AUTH_TOKEN,
-};
+} as const;

这样可以：

• 将属性类型从 string | undefined 精确化为字面量类型
• 防止意外修改配置对象
• 符合 TypeScript 严格模式的最佳实践

src/repository/provider.ts (1)

528-531: 成功将 Warmup 日志从供应商统计与最近调用中过滤掉

在 provider_stats 的 LEFT JOIN 以及 latest_call CTE 中增加
(blocked_by IS NULL OR blocked_by <> 'warmup') 条件，能确保被标记为 warmup 的 message_request 既不会计入 today_cost/today_calls，也不会被当作最近一次调用时间/模型，行为上与「warmup 不计费、不进统计」的目标一致，且不影响其它 blocked_by 场景的统计结果。

可以后续考虑把这段 warmup 过滤条件抽成统一的 SQL 片段/常量（在多个统计查询里复用），以避免将来修改 warmup 标记值或语义时出现条件不一致的情况。

Also applies to: 545-548

src/repository/message.ts (1)

605-608: 建议：aggregateMultipleSessionStats 中的空 session 判断逻辑可能需要对齐。

在 aggregateSessionStats 中使用 totalCount === 0 判断 session 不存在，但在批量版本中使用 requestCount === 0。如果一个 session 只有 warmup 请求，requestCount 会是 0 但 session 实际存在。

考虑是否应该在批量版本中也添加 totalCount 字段并使用它来判断 session 存在性，以保持行为一致。

🔎 可选的修改建议

在 aggregateMultipleSessionStats 的 select 中添加 totalCount：

  const statsResults = await db
    .select({
      sessionId: messageRequest.sessionId,
+     totalCount: sql<number>`count(*)::double precision`,
      requestCount: sql<number>`count(*) FILTER (WHERE ${excludeWarmup})::double precision`,
      // ... other fields
    })

然后在过滤逻辑中使用：

-   if (!stats || !userInfo || stats.requestCount === 0) {
+   if (!stats || !userInfo || stats.totalCount === 0) {
      continue;
    }

tests/unit/dashboard-logs-warmup-ui.test.tsx (1)

15-18: 建议：测试描述应使用英文以保持代码库一致性

测试逻辑正确，但测试套件和用例的描述使用了中文（lines 15, 53, 54）。为保持代码库一致性，建议改为英文描述，例如：

-// 测试环境不加载 next-intl/navigation -> next/navigation 的真实实现（避免 Next.js 运行时依赖）
+// Mock next-intl/navigation to avoid Next.js runtime dependencies in test environment

-describe("UsageLogsTable - warmup 跳过展示", () => {
-  test("blockedBy=warmup 时应在 Provider/Cost 列显示 Skipped 标记", () => {
+describe("UsageLogsTable - warmup skip display", () => {
+  test("should display Skipped badge when blockedBy=warmup", () => {

测试本身的实现（mock 设置、组件渲染、断言）都是正确的。

Also applies to: 53-54

tests/unit/proxy/session-guard-warmup-intercept.test.ts (1)

107-108: 建议：测试描述应使用英文

测试逻辑和 mock 设置都正确，但测试套件和用例描述使用了中文。建议改为英文以保持代码库一致性：

-describe("ProxySessionGuard：warmup 拦截不应计入并发会话", () => {
-  test("当 warmup 且开关开启时，不应调用 SessionTracker.trackSession", async () => {
+describe("ProxySessionGuard: warmup intercept should not count toward concurrent sessions", () => {
+  test("should not call SessionTracker.trackSession when warmup and interception is enabled", async () => {
     // ...
   });

-  test("当 warmup 但开关关闭时，应正常调用 SessionTracker.trackSession", async () => {
+  test("should call SessionTracker.trackSession when warmup but interception is disabled", async () => {

Also applies to: 118-118

tests/unit/error-details-dialog-warmup-ui.test.tsx (1)

26-50: 建议：考虑添加自动清理机制

当前 renderWithIntl 依赖测试手动调用 unmount()。如果测试抛出异常，容器可能不会被清理。

🔎 可选的改进方案

import { afterEach } from "vitest";

const containers: HTMLDivElement[] = [];

afterEach(() => {
  containers.forEach(c => c.remove());
  containers.length = 0;
});

function renderWithIntl(node: ReactNode) {
  const container = document.createElement("div");
  containers.push(container);
  // ... rest of implementation
}

tests/unit/proxy/guard-pipeline-warmup.test.ts (1)

41-47: 建议：Mock 返回值保持一致性

部分 mock 显式返回 null（如 auth、client），而另一些隐式返回 undefined（如 session、requestFilter）。虽然功能上等效（pipeline 检查 falsy），但保持一致性更好。

🔎 建议统一返回 null

 vi.mock("@/app/v1/_lib/proxy/session-guard", () => ({
   ProxySessionGuard: {
     ensure: async () => {
       callOrder.push("session");
+      return null;
     },
   },
 }));

src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx (1)

113-118: Warmup 显示实现良好！

两处 warmup 显示使用一致的蓝色配色方案，与橙色的"已拦截"状态形成区分。Cost 列的 Tooltip 提供了有用的解释。

可选优化：考虑提取共享的 badge 样式常量

两处蓝色 badge 样式重复，可以提取为共享常量以便维护。

🔎 可选：提取共享样式

// 在文件顶部或共享模块中
const WARMUP_BADGE_CLASSES = 
  "bg-blue-50 text-blue-700 border-blue-200 dark:bg-blue-950/30 dark:text-blue-300 dark:border-blue-800";

// 使用时
<Badge variant="outline" className={`text-[10px] leading-tight px-1 ${WARMUP_BADGE_CLASSES}`}>

Also applies to: 313-331

src/app/v1/_lib/proxy/warmup-guard.ts (2)

35-38: 认证状态校验逻辑

当 authState 不完整时直接返回 null 继续后续流程是合理的——此时请求会被后续 guard 拦截。但建议添加注释说明此处的设计意图：未认证请求不应被 warmup 拦截，而是应该走正常的认证失败流程。

---

50-67: Session 数据存储使用 Promise.allSettled

使用 Promise.allSettled 并行存储 session 数据是合理的——即使部分存储失败也不影响主流程。但当前没有处理失败的情况，建议至少记录警告日志以便排查问题。

🔎 建议添加失败日志

     if (session.sessionId) {
       const seq = session.getRequestSequence();
-      await Promise.allSettled([
+      const results = await Promise.allSettled([
         SessionManager.storeSessionResponse(session.sessionId, responseText, seq),
         SessionManager.storeSessionResponseHeaders(session.sessionId, responseHeaders, seq),
         SessionManager.storeSessionUpstreamRequestMeta(
           session.sessionId,
           { url: WARMUP_UPSTREAM_META_URL, method: session.method },
           seq
         ),
         SessionManager.storeSessionUpstreamResponseMeta(
           session.sessionId,
           { url: WARMUP_UPSTREAM_META_URL, statusCode: 200 },
           seq
         ),
       ]);
+
+      const failures = results.filter((r) => r.status === "rejected");
+      if (failures.length > 0) {
+        logger.warn("[WarmupGuard] Some session data failed to store", {
+          sessionId: session.sessionId,
+          failureCount: failures.length,
+        });
+      }
     }

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

📥 Commits

Reviewing files that changed from the base of the PR and between 83290bc and 0379a46.

📒 Files selected for processing (49)

• drizzle/0044_uneven_donald_blake.sql
• drizzle/meta/0044_snapshot.json
• drizzle/meta/_journal.json
• messages/en/dashboard.json
• messages/en/settings.json
• messages/ja/dashboard.json
• messages/ja/settings.json
• messages/ru/dashboard.json
• messages/ru/settings.json
• messages/zh-CN/dashboard.json
• messages/zh-CN/settings.json
• messages/zh-TW/dashboard.json
• messages/zh-TW/settings.json
• src/actions/system-config.ts
• src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx
• src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx
• src/app/[locale]/settings/config/_components/system-settings-form.tsx
• src/app/[locale]/settings/config/page.tsx
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts
• src/app/v1/_lib/proxy/session.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/components/ui/__tests__/badge.test.tsx
• src/drizzle/schema.ts
• src/lib/config/system-settings-cache.ts
• src/lib/validation/schemas.ts
• src/repository/_shared/transformers.test.ts
• src/repository/_shared/transformers.ts
• src/repository/key.ts
• src/repository/leaderboard.ts
• src/repository/message.ts
• src/repository/overview.ts
• src/repository/provider.ts
• src/repository/statistics.ts
• src/repository/system-config.ts
• src/repository/usage-logs.ts
• src/types/system-config.ts
• tests/integration/billing-model-source.test.ts
• tests/setup.ts
• tests/unit/dashboard-logs-warmup-ui.test.tsx
• tests/unit/error-details-dialog-warmup-ui.test.tsx
• tests/unit/lib/cache/session-cache.test.ts
• tests/unit/lib/config/system-settings-cache.test.ts
• tests/unit/lib/provider-url-validation.test.ts
• tests/unit/proxy/guard-pipeline-warmup.test.ts
• tests/unit/proxy/session-guard-warmup-intercept.test.ts
• tests/unit/proxy/session.test.ts
• tests/unit/proxy/warmup-guard.test.ts
• tests/unit/repository/warmup-stats-exclusion.test.ts

🧰 Additional context used

📓 Path-based instructions (27)

**/*.{ts,tsx,js,jsx,json}

📄 CodeRabbit inference engine (CLAUDE.md)

Use 2-space indentation in all code files

Files:

• src/repository/_shared/transformers.test.ts
• src/app/v1/_lib/proxy/session.ts
• messages/ja/settings.json
• src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx
• tests/unit/lib/config/system-settings-cache.test.ts
• tests/unit/proxy/session-guard-warmup-intercept.test.ts
• tests/unit/proxy/guard-pipeline-warmup.test.ts
• src/repository/system-config.ts
• messages/ru/settings.json
• src/app/v1/_lib/proxy/warmup-guard.ts
• messages/zh-TW/dashboard.json
• tests/integration/billing-model-source.test.ts
• messages/en/settings.json
• messages/ru/dashboard.json
• messages/zh-CN/dashboard.json
• src/app/v1/_lib/proxy/guard-pipeline.ts
• tests/unit/error-details-dialog-warmup-ui.test.tsx
• tests/unit/dashboard-logs-warmup-ui.test.tsx
• tests/unit/proxy/session.test.ts
• tests/setup.ts
• messages/zh-CN/settings.json
• drizzle/meta/0044_snapshot.json
• drizzle/meta/_journal.json
• src/components/ui/__tests__/badge.test.tsx
• src/repository/usage-logs.ts
• messages/zh-TW/settings.json
• tests/unit/lib/cache/session-cache.test.ts
• src/types/system-config.ts
• messages/ja/dashboard.json
• messages/en/dashboard.json
• src/repository/_shared/transformers.ts
• src/app/v1/_lib/proxy/session-guard.ts
• src/repository/statistics.ts
• src/repository/key.ts
• src/repository/provider.ts
• tests/unit/lib/provider-url-validation.test.ts
• src/app/[locale]/settings/config/_components/system-settings-form.tsx
• src/repository/message.ts
• src/lib/validation/schemas.ts
• src/repository/leaderboard.ts
• src/app/[locale]/settings/config/page.tsx
• src/repository/overview.ts
• tests/unit/proxy/warmup-guard.test.ts
• src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx
• src/lib/config/system-settings-cache.ts
• src/drizzle/schema.ts
• tests/unit/repository/warmup-stats-exclusion.test.ts
• src/actions/system-config.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx,js,jsx}: Use double quotes for strings instead of single quotes
Use trailing commas in multi-line structures
Enforce maximum line length of 100 characters
Use path alias @/* to reference files from ./src/* directory

**/*.{ts,tsx,js,jsx}: Use Biome for linting and formatting with 2-space indent, double quotes, trailing commas, and 100 character max line length
Use path alias @/* to reference files in ./src/* directory

Files:

• src/repository/_shared/transformers.test.ts
• src/app/v1/_lib/proxy/session.ts
• src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx
• tests/unit/lib/config/system-settings-cache.test.ts
• tests/unit/proxy/session-guard-warmup-intercept.test.ts
• tests/unit/proxy/guard-pipeline-warmup.test.ts
• src/repository/system-config.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• tests/integration/billing-model-source.test.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• tests/unit/error-details-dialog-warmup-ui.test.tsx
• tests/unit/dashboard-logs-warmup-ui.test.tsx
• tests/unit/proxy/session.test.ts
• tests/setup.ts
• src/components/ui/__tests__/badge.test.tsx
• src/repository/usage-logs.ts
• tests/unit/lib/cache/session-cache.test.ts
• src/types/system-config.ts
• src/repository/_shared/transformers.ts
• src/app/v1/_lib/proxy/session-guard.ts
• src/repository/statistics.ts
• src/repository/key.ts
• src/repository/provider.ts
• tests/unit/lib/provider-url-validation.test.ts
• src/app/[locale]/settings/config/_components/system-settings-form.tsx
• src/repository/message.ts
• src/lib/validation/schemas.ts
• src/repository/leaderboard.ts
• src/app/[locale]/settings/config/page.tsx
• src/repository/overview.ts
• tests/unit/proxy/warmup-guard.test.ts
• src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx
• src/lib/config/system-settings-cache.ts
• src/drizzle/schema.ts
• tests/unit/repository/warmup-stats-exclusion.test.ts
• src/actions/system-config.ts

src/repository/**/*.ts

📄 CodeRabbit inference engine (CLAUDE.md)

Use Repository pattern in src/repository/ to wrap Drizzle queries

Files:

• src/repository/_shared/transformers.test.ts
• src/repository/system-config.ts
• src/repository/usage-logs.ts
• src/repository/_shared/transformers.ts
• src/repository/statistics.ts
• src/repository/key.ts
• src/repository/provider.ts
• src/repository/message.ts
• src/repository/leaderboard.ts
• src/repository/overview.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Use TypeScript strict mode for type safety
Use readonly or const assertions for immutable data structures

Files:

• src/repository/_shared/transformers.test.ts
• src/app/v1/_lib/proxy/session.ts
• src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx
• tests/unit/lib/config/system-settings-cache.test.ts
• tests/unit/proxy/session-guard-warmup-intercept.test.ts
• tests/unit/proxy/guard-pipeline-warmup.test.ts
• src/repository/system-config.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• tests/integration/billing-model-source.test.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• tests/unit/error-details-dialog-warmup-ui.test.tsx
• tests/unit/dashboard-logs-warmup-ui.test.tsx
• tests/unit/proxy/session.test.ts
• tests/setup.ts
• src/components/ui/__tests__/badge.test.tsx
• src/repository/usage-logs.ts
• tests/unit/lib/cache/session-cache.test.ts
• src/types/system-config.ts
• src/repository/_shared/transformers.ts
• src/app/v1/_lib/proxy/session-guard.ts
• src/repository/statistics.ts
• src/repository/key.ts
• src/repository/provider.ts
• tests/unit/lib/provider-url-validation.test.ts
• src/app/[locale]/settings/config/_components/system-settings-form.tsx
• src/repository/message.ts
• src/lib/validation/schemas.ts
• src/repository/leaderboard.ts
• src/app/[locale]/settings/config/page.tsx
• src/repository/overview.ts
• tests/unit/proxy/warmup-guard.test.ts
• src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx
• src/lib/config/system-settings-cache.ts
• src/drizzle/schema.ts
• tests/unit/repository/warmup-stats-exclusion.test.ts
• src/actions/system-config.ts

src/**/*.ts

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.ts: Hash API keys using SHA-256 before storing in database, never store plaintext keys
Mask API keys and sensitive data in application logs
Validate required environment variables at startup with clear error messages

Files:

• src/repository/_shared/transformers.test.ts
• src/app/v1/_lib/proxy/session.ts
• src/repository/system-config.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/repository/usage-logs.ts
• src/types/system-config.ts
• src/repository/_shared/transformers.ts
• src/app/v1/_lib/proxy/session-guard.ts
• src/repository/statistics.ts
• src/repository/key.ts
• src/repository/provider.ts
• src/repository/message.ts
• src/lib/validation/schemas.ts
• src/repository/leaderboard.ts
• src/repository/overview.ts
• src/lib/config/system-settings-cache.ts
• src/drizzle/schema.ts
• src/actions/system-config.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Use Vitest for unit testing with Node environment, coverage thresholds: 50% lines/functions, 40% branches

Files:

• src/repository/_shared/transformers.test.ts
• tests/unit/lib/config/system-settings-cache.test.ts
• tests/unit/proxy/session-guard-warmup-intercept.test.ts
• tests/unit/proxy/guard-pipeline-warmup.test.ts
• tests/integration/billing-model-source.test.ts
• tests/unit/error-details-dialog-warmup-ui.test.tsx
• tests/unit/dashboard-logs-warmup-ui.test.tsx
• tests/unit/proxy/session.test.ts
• src/components/ui/__tests__/badge.test.tsx
• tests/unit/lib/cache/session-cache.test.ts
• tests/unit/lib/provider-url-validation.test.ts
• tests/unit/proxy/warmup-guard.test.ts
• tests/unit/repository/warmup-stats-exclusion.test.ts

**/*.test.ts

📄 CodeRabbit inference engine (AGENTS.md)

Ensure test database names contain 'test' keyword for safety validation

Files:

• src/repository/_shared/transformers.test.ts
• tests/unit/lib/config/system-settings-cache.test.ts
• tests/unit/proxy/session-guard-warmup-intercept.test.ts
• tests/unit/proxy/guard-pipeline-warmup.test.ts
• tests/integration/billing-model-source.test.ts
• tests/unit/proxy/session.test.ts
• tests/unit/lib/cache/session-cache.test.ts
• tests/unit/lib/provider-url-validation.test.ts
• tests/unit/proxy/warmup-guard.test.ts
• tests/unit/repository/warmup-stats-exclusion.test.ts

src/{repository,actions}/**/*.ts

📄 CodeRabbit inference engine (AGENTS.md)

Avoid N+1 queries by using eager loading and batch queries for statistics

Files:

• src/repository/_shared/transformers.test.ts
• src/repository/system-config.ts
• src/repository/usage-logs.ts
• src/repository/_shared/transformers.ts
• src/repository/statistics.ts
• src/repository/key.ts
• src/repository/provider.ts
• src/repository/message.ts
• src/repository/leaderboard.ts
• src/repository/overview.ts
• src/actions/system-config.ts

src/app/v1/_lib/**/*.ts

📄 CodeRabbit inference engine (CLAUDE.md)

Guard pipeline must execute in order: ProxyAuthenticator, SensitiveWordGuard, VersionGuard, ProxySessionGuard, ProxyRateLimitGuard, ProxyProviderResolver

Files:

• src/app/v1/_lib/proxy/session.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts

src/app/v1/_lib/proxy/**/*.ts

📄 CodeRabbit inference engine (AGENTS.md)

src/app/v1/_lib/proxy/**/*.ts: Implement guard pipeline pattern for cross-cutting concerns in request processing (auth, rate limiting, session)
Use undici library for HTTP requests instead of node-fetch for better performance

Files:

• src/app/v1/_lib/proxy/session.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts

src/app/**/*.ts

📄 CodeRabbit inference engine (AGENTS.md)

Implement Content-Security-Policy headers for XSS prevention

Files:

• src/app/v1/_lib/proxy/session.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts

src/app/v1/**/*.ts

📄 CodeRabbit inference engine (AGENTS.md)

Use Hono router for ultrafast, lightweight routing in proxy endpoints

Files:

• src/app/v1/_lib/proxy/session.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts

messages/**/*.json

📄 CodeRabbit inference engine (CLAUDE.md)

Support 5 locales via next-intl: en, ja, ru, zh-CN, zh-TW with messages in messages/{locale}/*.json

Store message translations in messages/{locale}/*.json files

Files:

• messages/ja/settings.json
• messages/ru/settings.json
• messages/zh-TW/dashboard.json
• messages/en/settings.json
• messages/ru/dashboard.json
• messages/zh-CN/dashboard.json
• messages/zh-CN/settings.json
• messages/zh-TW/settings.json
• messages/ja/dashboard.json
• messages/en/dashboard.json

**/*.{tsx,json}

📄 CodeRabbit inference engine (AGENTS.md)

Use next-intl for internationalization with 5 locales: en, ja, ru, zh-CN, zh-TW

Files:

• messages/ja/settings.json
• src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx
• messages/ru/settings.json
• messages/zh-TW/dashboard.json
• messages/en/settings.json
• messages/ru/dashboard.json
• messages/zh-CN/dashboard.json
• tests/unit/error-details-dialog-warmup-ui.test.tsx
• tests/unit/dashboard-logs-warmup-ui.test.tsx
• messages/zh-CN/settings.json
• drizzle/meta/0044_snapshot.json
• drizzle/meta/_journal.json
• src/components/ui/__tests__/badge.test.tsx
• messages/zh-TW/settings.json
• messages/ja/dashboard.json
• messages/en/dashboard.json
• src/app/[locale]/settings/config/_components/system-settings-form.tsx
• src/app/[locale]/settings/config/page.tsx
• src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx

src/**/*.{tsx,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.{tsx,jsx}: Use lucide-react for icons, no custom SVGs
Use React's automatic escaping to prevent XSS vulnerabilities

Files:

• src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx
• src/components/ui/__tests__/badge.test.tsx
• src/app/[locale]/settings/config/_components/system-settings-form.tsx
• src/app/[locale]/settings/config/page.tsx
• src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx

src/**/*{guard,auth}*.ts

📄 CodeRabbit inference engine (AGENTS.md)

Use constant-time comparison for API key validation to prevent timing attacks

Files:

• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts

src/app/v1/_lib/proxy/**/*guard*.ts

📄 CodeRabbit inference engine (AGENTS.md)

Implement fail-open strategy: allow requests when Redis is unavailable

Files:

• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts

tests/integration/**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Integration tests requiring database must be placed in tests/integration/ and use test database with 'test' in the name

Files:

• tests/integration/billing-model-source.test.ts

tests/integration/**/*.test.ts

📄 CodeRabbit inference engine (AGENTS.md)

Place integration tests requiring database in tests/integration/ (excluded by default)

Files:

• tests/integration/billing-model-source.test.ts

src/components/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Use lucide-react for icons instead of custom SVGs

Files:

• src/components/ui/__tests__/badge.test.tsx

src/components/ui/**/*.{tsx,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

Place UI components in src/components/ui/ directory (excluded from typecheck)

Files:

• src/components/ui/__tests__/badge.test.tsx

src/components/**/*.{tsx,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

src/components/**/*.{tsx,jsx}: Use Tailwind CSS for styling, place utility classes close to JSX
Use shadcn/ui component library for high-quality, accessible UI components

Files:

• src/components/ui/__tests__/badge.test.tsx

src/**/*{message,response,log}*.ts

📄 CodeRabbit inference engine (AGENTS.md)

Log request duration, token usage, and cost to message_request table for analytics

Files:

• src/repository/usage-logs.ts
• src/repository/message.ts

src/**/*provider*.ts

📄 CodeRabbit inference engine (AGENTS.md)

Set provider circuit breaker failure threshold, open duration, and half-open success threshold in configuration

Files:

• src/repository/provider.ts

src/lib/**/*.ts

📄 CodeRabbit inference engine (AGENTS.md)

Use connection pooling for database and Redis connections

Files:

• src/lib/validation/schemas.ts
• src/lib/config/system-settings-cache.ts

src/drizzle/**/*.ts

📄 CodeRabbit inference engine (CLAUDE.md)

Use Drizzle ORM with PostgreSQL for database operations

src/drizzle/**/*.ts: Use Drizzle ORM with parameterized queries to prevent SQL injection
Use soft delete pattern with deletedAt column instead of hard deletes
Use JSON columns in PostgreSQL for flexible data structures (modelRedirects, providerChain, etc.)
Implement proper indexing strategy for common queries and foreign keys

Files:

• src/drizzle/schema.ts

src/actions/**/*.ts

📄 CodeRabbit inference engine (AGENTS.md)

src/actions/**/*.ts: Validate all user inputs with Zod schemas before processing
Use Server Actions in next-safe-action with OpenAPI generation for admin API endpoints
Use Next.js API Routes and Server Actions for admin operations and REST endpoints

Files:

• src/actions/system-config.ts

🧠 Learnings (23)

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/app/v1/_lib/proxy/**/*.ts : Implement guard pipeline pattern for cross-cutting concerns in request processing (auth, rate limiting, session)

Applied to files:

• src/app/v1/_lib/proxy/session.ts
• tests/unit/proxy/session-guard-warmup-intercept.test.ts
• tests/unit/proxy/guard-pipeline-warmup.test.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• tests/unit/proxy/session.test.ts
• src/app/v1/_lib/proxy/session-guard.ts
• tests/unit/proxy/warmup-guard.test.ts

📚 Learning: 2026-01-03T09:08:20.573Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T09:08:20.573Z
Learning: Applies to src/app/v1/_lib/proxy-handler.ts : Structure request flow in proxy handler through: ProxySession.fromContext() -> detectFormat() -> GuardPipelineBuilder.run() -> ProxyForwarder.send() -> ProxyResponseHandler.dispatch()

Applied to files:

• src/app/v1/_lib/proxy/session.ts
• tests/unit/proxy/session-guard-warmup-intercept.test.ts
• tests/unit/proxy/guard-pipeline-warmup.test.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• tests/unit/proxy/session.test.ts
• src/app/v1/_lib/proxy/session-guard.ts
• tests/unit/proxy/warmup-guard.test.ts

📚 Learning: 2026-01-03T09:08:20.573Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T09:08:20.573Z
Learning: Applies to src/app/v1/_lib/**/*.ts : Guard pipeline must execute in order: ProxyAuthenticator, SensitiveWordGuard, VersionGuard, ProxySessionGuard, ProxyRateLimitGuard, ProxyProviderResolver

Applied to files:

• src/app/v1/_lib/proxy/session.ts
• tests/unit/proxy/session-guard-warmup-intercept.test.ts
• tests/unit/proxy/guard-pipeline-warmup.test.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts
• tests/unit/proxy/warmup-guard.test.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/app/v1/_lib/proxy/*handler*.ts : Stream responses with proper backpressure handling and chunked transfer encoding

Applied to files:

• src/app/v1/_lib/proxy/session.ts
• src/app/v1/_lib/proxy/warmup-guard.ts

📚 Learning: 2026-01-03T09:08:20.573Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T09:08:20.573Z
Learning: Applies to messages/**/*.json : Support 5 locales via next-intl: en, ja, ru, zh-CN, zh-TW with messages in `messages/{locale}/*.json`

Applied to files:

• messages/ja/settings.json
• messages/ru/settings.json
• messages/zh-CN/settings.json

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/app/v1/_lib/proxy/**/*guard*.ts : Implement fail-open strategy: allow requests when Redis is unavailable

Applied to files:

• tests/unit/proxy/guard-pipeline-warmup.test.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts
• tests/unit/proxy/warmup-guard.test.ts

📚 Learning: 2026-01-03T09:10:02.182Z

Learnt from: NieiR
Repo: ding113/claude-code-hub PR: 517
File: src/app/v1/_lib/proxy/auth-guard.ts:205-232
Timestamp: 2026-01-03T09:10:02.182Z
Learning: In `src/app/v1/_lib/proxy/auth-guard.ts`, the `extractApiKeyFromHeaders` function is intentionally a standalone simplified version for non-Guard flows. It deliberately does not check for multi-source conflicts (unlike `ProxyAuthenticator.validate`), and the code duplication is intentional to avoid coupling between Guard and non-Guard authentication flows.

Applied to files:

• tests/unit/proxy/guard-pipeline-warmup.test.ts
• src/app/v1/_lib/proxy/warmup-guard.ts
• src/app/v1/_lib/proxy/guard-pipeline.ts
• src/app/v1/_lib/proxy/session-guard.ts
• tests/unit/proxy/warmup-guard.test.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/app/v1/_lib/proxy/**/*.ts : Use undici library for HTTP requests instead of node-fetch for better performance

Applied to files:

• src/app/v1/_lib/proxy/warmup-guard.ts

📚 Learning: 2026-01-03T09:09:37.748Z

Learnt from: NieiR
Repo: ding113/claude-code-hub PR: 517
File: src/app/v1/_lib/models/available-models.ts:45-70
Timestamp: 2026-01-03T09:09:37.748Z
Learning: The `authenticateRequest` function in `src/app/v1/_lib/models/available-models.ts` is intentionally a lightweight version of authentication, specifically designed for the `/v1/models` endpoint. It does not need to check for multi-source conflicts or use the full `ProxyAuthenticator` logic, as the scenario is simpler. The JSON error response format is intentional (more generic than `ProxyResponses.buildError`).

Applied to files:

• src/app/v1/_lib/proxy/warmup-guard.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/**/*{guard,auth}*.ts : Use constant-time comparison for API key validation to prevent timing attacks

Applied to files:

• src/app/v1/_lib/proxy/warmup-guard.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to **/*.{tsx,json} : Use next-intl for internationalization with 5 locales: en, ja, ru, zh-CN, zh-TW

Applied to files:

• tests/unit/error-details-dialog-warmup-ui.test.tsx

📚 Learning: 2026-01-03T09:08:20.573Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T09:08:20.573Z
Learning: Applies to tests/integration/**/*.test.{ts,tsx} : Integration tests requiring database must be placed in `tests/integration/` and use test database with 'test' in the name

Applied to files:

• tests/unit/dashboard-logs-warmup-ui.test.tsx
• tests/unit/repository/warmup-stats-exclusion.test.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to **/*.test.{ts,tsx} : Use Vitest for unit testing with Node environment, coverage thresholds: 50% lines/functions, 40% branches

Applied to files:

• tests/unit/dashboard-logs-warmup-ui.test.tsx
• tests/setup.ts
• src/components/ui/__tests__/badge.test.tsx
• tests/unit/lib/provider-url-validation.test.ts
• tests/unit/repository/warmup-stats-exclusion.test.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to tests/integration/**/*.test.ts : Place integration tests requiring database in `tests/integration/` (excluded by default)

Applied to files:

• tests/setup.ts
• tests/unit/repository/warmup-stats-exclusion.test.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/drizzle/**/*.ts : Use JSON columns in PostgreSQL for flexible data structures (modelRedirects, providerChain, etc.)

Applied to files:

• drizzle/meta/0044_snapshot.json

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/{repository,actions}/**/*.ts : Avoid N+1 queries by using eager loading and batch queries for statistics

Applied to files:

• src/repository/usage-logs.ts
• src/repository/provider.ts
• src/repository/message.ts
• tests/unit/repository/warmup-stats-exclusion.test.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/**/*{message,response,log}*.ts : Log request duration, token usage, and cost to message_request table for analytics

Applied to files:

• src/repository/usage-logs.ts
• src/repository/statistics.ts
• src/repository/provider.ts
• src/repository/message.ts
• src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx
• tests/unit/repository/warmup-stats-exclusion.test.ts

📚 Learning: 2026-01-03T09:08:20.573Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T09:08:20.573Z
Learning: Applies to src/lib/session-manager.ts : Session Manager must use 5-minute Redis context cache with sliding window and record decision chains for audit trail

Applied to files:

• tests/unit/lib/cache/session-cache.test.ts
• src/app/v1/_lib/proxy/session-guard.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/lib/session/**/*.ts : Store session data in Redis with 5-minute TTL for session stickiness

Applied to files:

• tests/unit/lib/cache/session-cache.test.ts
• src/app/v1/_lib/proxy/session-guard.ts

📚 Learning: 2026-01-03T09:08:20.573Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T09:08:20.573Z
Learning: Applies to src/repository/**/*.ts : Use Repository pattern in `src/repository/` to wrap Drizzle queries

Applied to files:

• tests/unit/repository/warmup-stats-exclusion.test.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to **/*.test.ts : Ensure test database names contain 'test' keyword for safety validation

Applied to files:

• tests/unit/repository/warmup-stats-exclusion.test.ts

📚 Learning: 2026-01-03T09:08:20.573Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-03T09:08:20.573Z
Learning: Applies to src/drizzle/**/*.ts : Use Drizzle ORM with PostgreSQL for database operations

Applied to files:

• tests/unit/repository/warmup-stats-exclusion.test.ts

📚 Learning: 2026-01-03T09:08:49.019Z

Learnt from: CR
Repo: ding113/claude-code-hub PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-03T09:08:49.019Z
Learning: Applies to src/drizzle/**/*.ts : Use Drizzle ORM with parameterized queries to prevent SQL injection

Applied to files:

• tests/unit/repository/warmup-stats-exclusion.test.ts

🧬 Code graph analysis (20)

src/repository/_shared/transformers.test.ts (1)

src/repository/_shared/transformers.ts (1)

• toSystemSettings (140-158)

src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx (2)

scripts/sync-settings-keys.js (2)

• t (72-72)
• p (102-102)

src/components/ui/badge.tsx (1)

• Badge (39-39)

tests/unit/proxy/session-guard-warmup-intercept.test.ts (2)

src/app/v1/_lib/proxy/session.ts (1)

• ProxySession (48-733)

src/app/v1/_lib/proxy/session-guard.ts (1)

• ProxySessionGuard (38-150)

tests/unit/proxy/guard-pipeline-warmup.test.ts (1)

src/app/v1/_lib/proxy/guard-pipeline.ts (2)

• CHAT_PIPELINE (172-189)
• GuardPipelineBuilder (144-169)

src/repository/system-config.ts (1)

src/drizzle/schema.ts (1)

• systemSettings (439-473)

src/app/v1/_lib/proxy/warmup-guard.ts (5)

src/app/v1/_lib/proxy/session.ts (1)

• ProxySession (48-733)

src/lib/config/system-settings-cache.ts (1)

• getCachedSystemSettings (40-93)

src/drizzle/db.ts (1)

• db (37-44)

src/drizzle/schema.ts (1)

• messageRequest (264-345)

src/lib/logger.ts (1)

• logger (168-187)

src/app/v1/_lib/proxy/guard-pipeline.ts (1)

src/app/v1/_lib/proxy/warmup-guard.ts (1)

• ProxyWarmupGuard (23-108)

tests/unit/dashboard-logs-warmup-ui.test.tsx (2)

src/repository/usage-logs.ts (1)

• UsageLogRow (30-61)

src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx (1)

• UsageLogsTable (44-546)

src/components/ui/__tests__/badge.test.tsx (1)

src/components/ui/badge.tsx (1)

• Badge (39-39)

src/repository/usage-logs.ts (1)

src/drizzle/schema.ts (1)

• messageRequest (264-345)

tests/unit/lib/cache/session-cache.test.ts (1)

src/lib/cache/session-cache.ts (9)

• getActiveSessionsCache (145-147)
• setActiveSessionsCache (152-157)
• setSessionDetailsCache (169-174)
• clearActiveSessionsCache (179-181)
• clearAllSessionsCache (186-188)
• clearSessionDetailsCache (193-195)
• clearAllSessionCache (200-203)
• stopCacheCleanup (222-229)
• startCacheCleanup (208-217)

src/app/v1/_lib/proxy/session-guard.ts (2)

src/lib/config/system-settings-cache.ts (1)

• getCachedSystemSettings (40-93)

src/lib/session-tracker.ts (1)

• SessionTracker (18-580)

src/repository/key.ts (1)

src/drizzle/schema.ts (1)

• messageRequest (264-345)

tests/unit/lib/provider-url-validation.test.ts (1)

src/lib/validation/provider-url.ts (1)

• validateProviderUrlForConnectivity (14-48)

src/app/[locale]/settings/config/_components/system-settings-form.tsx (2)

src/components/ui/label.tsx (1)

• Label (21-21)

src/components/ui/switch.tsx (1)

• Switch (28-28)

src/repository/message.ts (1)

src/drizzle/schema.ts (1)

• messageRequest (264-345)

src/repository/leaderboard.ts (1)

src/drizzle/schema.ts (1)

• messageRequest (264-345)

src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx (4)

src/components/ui/table.tsx (1)

• TableRow (92-92)

scripts/sync-settings-keys.js (1)

• t (72-72)

src/components/ui/tooltip.tsx (4)

• TooltipProvider (57-57)
• Tooltip (57-57)
• TooltipTrigger (57-57)
• TooltipContent (57-57)

src/components/ui/badge.tsx (1)

• Badge (39-39)

src/lib/config/system-settings-cache.ts (1)

src/types/system-config.ts (1)

• SystemSettings (6-37)

tests/unit/repository/warmup-stats-exclusion.test.ts (2)

src/repository/usage-logs.ts (2)

• findUsageLogsWithDetails (301-475)
• findUsageLogsStats (524-624)

src/repository/provider.ts (1)

• getProviderStatistics (483-586)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Greptile Review
• GitHub Check: 🌐 API Tests
• GitHub Check: pr-description
• GitHub Check: check-codex-status
• GitHub Check: pr-review
• GitHub Check: pr-label
• GitHub Check: Docker Build Test

🔇 Additional comments (83)

tests/setup.ts (1)

127-130: 项目确实使用了 React，该标记是必要且恰当的

项目依赖中包含 React 19 及多个 React 相关库，源代码中存在 .tsx 文件并广泛使用 React（React.FC、React.ComponentType、React.hooks 等）。在测试环境全局设置 IS_REACT_ACT_ENVIRONMENT 标记是 React 18+ 的标准做法，可防止 "not configured to support act(...)" 的警告。该配置是必要的且遵循最佳实践，无需修改。

drizzle/0044_uneven_donald_blake.sql (1)

1-1: LGTM！数据库迁移语句符合规范。

该迁移正确添加了布尔类型的 intercept_anthropic_warmup_requests 字段，默认值 false 确保了向后兼容性，NOT NULL 约束也符合预期。

tests/unit/lib/provider-url-validation.test.ts (2)

1-1: LGTM！正确引入 Vitest 的 mock 工具。

为新增的 mock 测试用例添加 vi 导入，符合 Vitest 的最佳实践。

---

55-82: LGTM！优秀的边界测试覆盖。

该测试用例有效覆盖了 URL 构造器抛出非 Error 类型异常的边界场景：

• 使用 vi.stubGlobal 正确模拟全局 URL 构造器
• 在 finally 块中妥善恢复原始 URL，确保测试隔离性
• 验证了兜底错误消息 "URL 解析失败" 的正确返回

这有助于提高代码的健壮性测试覆盖率。

tests/integration/billing-model-source.test.ts (1)

102-102: LGTM！测试数据结构更新正确。

新增的 interceptAnthropicWarmupRequests: false 字段与数据库 schema 变更保持一致，默认值 false 适用于现有测试场景。

src/components/ui/__tests__/badge.test.tsx (3)

1-27: LGTM！测试环境配置和辅助函数实现规范。

• 使用 happy-dom 环境适合轻量级 DOM 测试
• render 辅助函数正确使用了 React 18+ 的 createRoot API
• 使用 act() 包裹渲染和卸载操作，确保 React 状态更新的正确处理
• 清理逻辑完整，包含 unmount() 和容器移除

---

29-38: LGTM！默认渲染测试覆盖完整。

测试用例正确验证了 Badge 组件的默认行为：

• 使用 data-slot="badge" 属性进行查询，符合组件设计规范
• 验证了渲染为 <span> 标签
• 清理逻辑调用了 unmount()

---

40-54: LGTM！asChild 属性测试覆盖了 Slot 组件分支。

测试用例有效验证了 asChild 属性的透传行为：

• 确认 Badge 属性被正确应用到子元素 <a> 标签上
• 验证了 data-slot="badge" 属性的存在
• 检查了 href 属性值的正确性
• 测试名称明确标注了覆盖 Slot 分支的意图

src/repository/key.ts (9)

11-12: LGTM！Warmup 请求排除条件定义正确。

EXCLUDE_WARMUP_CONDITION 使用合理的 SQL 逻辑排除 warmup 请求：

• blockedBy IS NULL：包含正常请求
• blockedBy <> 'warmup'：包含其他类型的拦截请求（如敏感词拦截）
• 确保 warmup 预热请求不计入密钥使用统计

该条件将在多个查询中复用，提高了代码的可维护性。

---

301-301: LGTM！正确排除 warmup 请求统计。

在 findKeyUsageToday 查询中添加 EXCLUDE_WARMUP_CONDITION，确保今日用量统计不包含 warmup 请求。

---

346-346: LGTM！批量查询保持一致的排除逻辑。

findKeyUsageTodayBatch 的批量查询版本正确应用了相同的 warmup 排除条件，与单用户版本保持一致。

---

571-571: LGTM！今日调用次数统计排除 warmup。

在 findKeysWithStatistics 的今日调用次数查询中应用排除条件，确保 warmup 请求不计入展示给用户的调用次数。

---

585-591: LGTM！最后使用时间查询排除 warmup。

在查询密钥最后使用时间时应用排除条件，确保 warmup 请求不会更新"最后使用时间"字段，避免产生误导性的活跃状态。

---

607-607: LGTM！分模型统计排除 warmup。

在按模型聚合统计中应用排除条件，确保 warmup 请求不计入各模型的调用次数和费用汇总。

---

693-693: LGTM！批量今日调用次数统计排除 warmup。

批量查询版本的今日调用次数统计正确应用了排除条件，与非批量版本保持一致。

---

716-722: LGTM！批量最后使用时间查询排除 warmup。

批量查询版本的最后使用时间查询使用 DISTINCT ON 优化，同时正确应用了 warmup 排除条件。

---

748-748: LGTM！批量分模型统计排除 warmup。

批量查询版本的分模型统计正确应用了排除条件，确保多用户场景下的统计准确性。

src/app/v1/_lib/proxy/session-guard.ts (1)

1-1: Warmup 拦截与会话追踪的集成逻辑合理

这里通过 session.isWarmupRequest() + 认证成功态 + getCachedSystemSettings().interceptAnthropicWarmupRequests 组合判断 warmup 请求，并仅在非 warmup 场景下调用 SessionTracker.trackSession，既满足“拦截后不计入并发会话”的需求，又利用了缓存设置的 fail‑open 行为，不会因为系统设置读取失败阻塞请求；整体实现清晰且与 Guard 流程解耦良好。

Also applies to: 50-56, 111-116

src/lib/validation/schemas.ts (1)

701-702: 系统设置 Schema 中新增字段定义合理

interceptAnthropicWarmupRequests: z.boolean().optional() 与其他布尔配置风格一致，适合作为可选部分更新字段，且与后端 SystemSettings 类型保持对齐，没有发现类型或验证层面的遗漏。

messages/zh-TW/dashboard.json (1)

130-130: Warmup「已跳過」狀態文案與行為描述一致

新增的 logs.table.skipped 及 logs.details.skipped 文案清楚说明請求被識別為 Warmup 並由 CCH 直接回應，且不計費、不限流、不進統計，與後端對 warmup 請求的實際處理策略一致，適合作為儀表板上新的狀態呈現。

Also applies to: 156-161

src/app/v1/_lib/proxy/session.ts (1)

570-630: Anthropic Warmup 判定逻辑严格且健壮

isWarmupRequest 仅在满足「/v1/messages + 单条 user 消息 + 单个 text block + 文本为 'Warmup'（忽略大小写/空白）+ block 级 cache_control.type === 'ephemeral'」时才返回 true，同时避开 /v1/messages/count_tokens 等端点，并对 message 结构逐层做类型与长度检查，既降低了误判风险，又与 Anthropic 的 Warmup 结构相匹配，实现上比较稳健。

messages/ru/settings.json (1)

103-104: Warmup 拦截相关俄文配置文案与功能一致

interceptAnthropicWarmupRequests 及其说明清楚表达了开启后由 CCH 直接响应 Anthropic Warmup 请求、仅记录日志但不计费且不参与限流/统计的语义，与英文/其它语言版本保持一致，有利于设置页统一理解。

tests/unit/lib/config/system-settings-cache.test.ts (1)

1-155: 系统设置缓存测试覆盖完整，特别是 Warmup 拦截相关分支

这组单测通过 mock getSystemSettings 与 logger，验证了：首访缓存、TTL 过期重取、带缓存时的 fail‑open、无缓存时返回最小默认设置（并显式断言 interceptAnthropicWarmupRequests: false）、缓存失效以及 isHttp2Enabled 读取缓存等场景，基本把新增加的 warmup 配置在缓存层的关键行为都跑了一遍，细节和时序控制都比较到位。

messages/ru/dashboard.json (1)

130-130: 翻译内容已添加，结构正确。

俄语翻译符合功能需求，skipped 和 warmup 相关的本地化字符串已正确添加，与其他语言文件保持一致。

Also applies to: 156-161

messages/ja/dashboard.json (1)

130-130: 日语翻译已正确添加。

翻译内容结构与其他语言文件一致，日语表述自然准确。

Also applies to: 156-161

tests/unit/lib/cache/session-cache.test.ts (3)

47-80: 测试用例覆盖了基本的读写和 TTL 行为，结构良好。

测试数据包含了 SessionStats 所需的所有字段，断言逻辑清晰。使用 vi.useFakeTimers() 和 vi.advanceTimersByTime() 正确模拟了时间流逝。

---

221-282: 清理间隔的生命周期测试覆盖全面。

测试验证了：

• 未启动时调用 stop 无副作用
• 幂等性（重复调用 start 不创建新间隔）
• 过期条目被正确清理
• stop 后间隔 ID 被清除

这些测试确保了清理机制的正确性。

---

22-28: 不存在清理间隔 ID 访问方式的不匹配问题。

测试中的 CLEANUP_INTERVAL_GLOBAL_KEY 常量值为 "__CCH_CACHE_CLEANUP_INTERVAL_ID__"，而生产代码中 cacheCleanupState 就是 globalThis 的类型转换，其中使用 cacheCleanupState.__CCH_CACHE_CLEANUP_INTERVAL_ID__ 访问该属性。两者都在访问 globalThis 上相同键名的属性，只是使用了不同的访问语法（点号 vs 方括号），这在 JavaScript 中是等价的，因此测试辅助函数与生产代码完全兼容。

Likely an incorrect or invalid review comment.

tests/unit/repository/warmup-stats-exclusion.test.ts (4)

3-34: sqlToString 辅助函数设计合理，具有循环检测机制。

使用 visited Set 防止无限递归，能够处理 Drizzle ORM 生成的多种 SQL 结构（包括 value、queryChunks 等属性）。

---

36-53: createThenableQuery 使用 Promise.resolve 作为基础是一个巧妙的设计。

这种方式避免了手动为普通对象添加 then 方法可能引发的 Biome 警告，同时保持了查询对象的可链式调用和可 await 特性。

---

55-108: 测试正确验证了分页 total 与统计 totalRequests 的区别。

• total (用于分页) 包含 warmup 行 → 期望值 2
• summary.totalRequests (统计口径) 排除 warmup → 期望值 1

这确保了审计日志完整性与统计准确性的分离。

---

151-197: Provider 统计测试验证了 SQL 中包含 warmup 排除逻辑。

测试检查生成的 SQL 同时包含 warmup 和 blocked_by，确保供应商统计和最近调用记录不会被 warmup 请求污染。

src/repository/message.ts (4)

296-296: Warmup 排除条件定义清晰。

使用 blockedBy IS NULL OR blockedBy <> 'warmup' 的逻辑正确处理了 blockedBy 为 NULL 的正常请求和非 warmup 的阻断请求。

---

301-312: totalCount 与 requestCount 的分离设计合理。

• totalCount: 用于判断 session 是否存在（包含所有请求）
• requestCount + 其他聚合字段: 使用 FILTER (WHERE excludeWarmup) 排除 warmup

这确保了 warmup 请求虽然被记录但不影响统计数据，符合 PR 目标。

---

317-319: 使用 totalCount 判断 session 存在性是正确的。

即使 session 中只有 warmup 请求，session 本身仍然存在，应返回相应的统计数据（统计值为 0）。这避免了误判 session 不存在的情况。

---

455-469: 批量聚合函数 aggregateMultipleSessionStats 同样应用了 warmup 排除逻辑。

与单 session 聚合函数保持一致，确保了批量查询的统计结果也排除 warmup 请求。代码保持了高效的批量查询模式，未引入 N+1 问题。

src/app/[locale]/settings/config/page.tsx (1)

43-43: 新设置项已正确传递至表单组件。

interceptAnthropicWarmupRequests 的传递方式与其他设置项（如 enableHttp2）保持一致，遵循现有模式。

messages/en/dashboard.json (1)

130-130: 英语翻译内容清晰准确。

• "Skipped" 作为表格状态标签简洁明了
• details.skipped.desc 完整说明了 warmup 请求的处理方式：由 CCH 直接响应、不计费、不限流、不计入统计

翻译质量良好，与功能需求一致。

Also applies to: 156-161

drizzle/meta/_journal.json (1)

313-319: 变更正常，迁移元数据格式正确。

新增的迁移条目结构规范，idx 递增正确，与现有条目格式保持一致。

src/repository/_shared/transformers.test.ts (2)

234-234: 测试覆盖完整，默认值断言正确。

正确验证了当 dbSettings 为 undefined 时，interceptAnthropicWarmupRequests 字段默认为 false。

---

239-247: 测试用例结构清晰，验证逻辑正确。

新增的测试用例正确验证了 interceptAnthropicWarmupRequests 字段的映射行为，覆盖了显式设置为 true 的场景。

src/drizzle/schema.ts (1)

465-469: 列定义规范，默认值设置合理。

新增的 intercept_anthropic_warmup_requests 列定义符合现有模式，默认值 false 适合作为可选功能的初始状态，notNull 约束确保了数据一致性。注释清晰说明了功能用途。

src/repository/overview.ts (2)

30-30: SQL 过滤逻辑正确，实现符合预期。

新增的 excludeWarmup 过滤器正确排除了 blockedBy = 'warmup' 的请求，同时保留了正常请求（NULL）和其他拦截类型，逻辑清晰且安全。

---

43-43: 过滤器应用位置正确。

在 WHERE 子句中正确应用了 warmup 排除逻辑，与现有的 deletedAt 和日期过滤器配合良好，确保概览统计数据不包含 warmup 请求。

messages/zh-TW/settings.json (1)

103-104: 翻译文本清晰准确，键名规范。

新增的繁体中文翻译正确描述了 Warmup 拦截功能的行为特性（直接响应、记录但不计费/限流），与其他设置项的翻译风格保持一致。

src/repository/_shared/transformers.ts (1)

154-154: LGTM！新增字段映射符合预期

interceptAnthropicWarmupRequests 字段的映射实现正确，使用 ?? false 作为默认值符合 PR 目标（默认关闭拦截）。代码风格与文件中其他字段保持一致。

messages/zh-CN/settings.json (1)

86-87: 翻译清晰准确，表述完整

新增的中文翻译键值准确描述了 Warmup 请求拦截功能：

• 标签简洁明了
• 描述详细说明了拦截后的行为（记录日志但不计费、不限流、不计入统计），便于用户理解功能影响

messages/ja/settings.json (1)

103-104: 日语翻译结构完整，表述清晰

新增的日语翻译键值结构与其他语言环境保持一致，功能说明详细描述了 Warmup 请求的拦截行为和日志记录策略。

src/repository/leaderboard.ts (4)

176-182: Warmup 排除条件已正确应用到用户排行榜查询

WHERE 子句中正确添加了 EXCLUDE_WARMUP_CONDITION，确保 warmup 请求不计入用户消耗排行榜统计。

---

316-321: Warmup 排除条件已正确应用到供应商排行榜查询

供应商排行榜的 WHERE 条件数组中正确包含了 EXCLUDE_WARMUP_CONDITION，与其他过滤条件（deletedAt、日期范围、providerType）一起使用，逻辑清晰。

---

416-422: Warmup 排除条件已正确应用到缓存命中率排行榜查询

供应商缓存命中率排行榜的 WHERE 条件中正确包含了 EXCLUDE_WARMUP_CONDITION，确保 warmup 请求不影响缓存统计分析。

---

561-567: Warmup 排除条件已正确应用到模型排行榜查询

模型排行榜查询的 WHERE 子句中正确添加了 EXCLUDE_WARMUP_CONDITION，确保 warmup 请求不计入模型使用统计。

src/types/system-config.ts (2)

32-33: 类型定义正确，注释清晰

新增的 interceptAnthropicWarmupRequests 字段定义为必需的 boolean 类型，确保系统设置中始终存在该值。注释明确说明默认关闭，符合 PR 设计意图。

---

65-66: 部分更新接口定义正确

UpdateSystemSettingsInput 中将 interceptAnthropicWarmupRequests 定义为可选字段，支持部分更新场景，与其他配置字段的设计保持一致。

src/app/[locale]/dashboard/logs/_components/error-details-dialog.tsx (2)

114-115: 逻辑正确：warmup 跳过状态的识别与排除

warmup 拦截判断逻辑清晰：isWarmupSkipped 检测 blockedBy === "warmup"，并将其从 isBlocked 中排除。这样的设计合理，因为 warmup 是信息性的跳过而非错误拦截，应当区别对待。

---

261-282: UI 实现规范：warmup 跳过信息展示

新增的 warmup 跳过信息块实现良好：

• 使用蓝色主题传达"信息性"而非"错误"的语义
• 图标、Badge 和文本层次清晰
• 国际化文本通过 t() 正确引用
• 与现有的拦截信息块（lines 284-343）结构一致

messages/en/settings.json (1)

105-106: 翻译文本清晰准确

新增的 warmup 拦截功能翻译键命名规范，描述文本准确传达了功能要点：CCH 直接响应 warmup 请求、记录审计、不计费不限流不纳入统计。文本简洁易懂。

tests/unit/dashboard-logs-warmup-ui.test.tsx (1)

27-51: 测试实现正确：renderWithIntl 辅助函数与断言

• renderWithIntl 辅助函数正确使用 createRoot 和 act() 进行 React 18 兼容的渲染
• 加载真实的翻译文件确保测试使用实际的 i18n 键
• 断言检查 "Skipped" 和 "Warmup" 文本存在于渲染输出中，覆盖了 warmup 跳过状态的 UI 显示
• cleanup 逻辑（unmount 和 container.remove()）确保测试隔离

Also applies to: 88-103

tests/unit/proxy/session-guard-warmup-intercept.test.ts (1)

49-97: 测试实现正确：动态加载与场景覆盖

测试设计良好：

• 使用 loadGuard() 动态导入确保 mock 在模块加载前生效
• createMockSession 提供精简但充分的 ProxySession 模拟
• 两个测试用例覆盖了关键场景：
  1. warmup 拦截开启时，不调用 trackSession（避免计入并发）
  2. warmup 拦截关闭时，正常调用 trackSession
• 断言清晰验证了 trackSessionMock 的调用次数和参数

Also applies to: 108-127

messages/zh-CN/dashboard.json (1)

130-130: 中文翻译准确且专业

新增的 warmup 跳过相关翻译质量良好：

• "已跳过" 准确传达了 "skipped" 的语义
• "跳过信息" 部分的各项翻译清晰：
  • "Warmup 抢答（CCH）" 生动描述了 CCH 拦截 warmup 请求的行为
  • 描述文本详细说明了拦截机制、不计费不限流不统计的特性
• 术语与现有中文翻译保持一致

Also applies to: 156-161

tests/unit/error-details-dialog-warmup-ui.test.tsx (1)

52-91: 测试覆盖良好！

测试用例正确验证了 warmup 跳过场景下的 UI 行为：

1. 验证显示 "Warmup Fast Response (CCH)" 和 "Skipped"
2. 验证不显示 "Blocking Information"

测试结构清晰，cleanup 处理得当。

tests/unit/proxy/guard-pipeline-warmup.test.ts (1)

108-146: 测试设计合理！

测试正确验证了：

1. warmup 步骤位于 pipeline 中正确位置（session 之后、requestFilter 之前）
2. warmup 短路行为：返回响应后后续步骤不会执行

基于 learnings，Guard pipeline 执行顺序验证很重要。

src/actions/system-config.ts (1)

40-41: LGTM！

新增字段 interceptAnthropicWarmupRequests 的处理方式与现有字段一致，遵循了 Zod 验证 + 类型安全的模式。

Also applies to: 61-62

drizzle/meta/0044_snapshot.json (1)

1858-1864: 快照正确反映了 schema 变更！

新列 intercept_anthropic_warmup_requests 配置正确：

• 类型：boolean
• 非空：true
• 默认值：false

与 PR 目标一致（默认关闭）。

src/repository/system-config.ts (1)

89-89: LGTM！

新字段 interceptAnthropicWarmupRequests 已正确添加到：

1. createFallbackSettings() 默认值
2. 所有 select 查询
3. insert 的 returning 子句
4. update 逻辑和 returning 子句

实现与现有字段模式一致。

Also applies to: 114-114, 147-148, 171-172, 253-256, 275-276

src/app/[locale]/settings/config/_components/system-settings-form.tsx (1)

201-216: LGTM！

新增的 Switch 组件实现与现有布尔设置（如 enableHttp2、verboseProviderError）保持一致：

• 使用 Label + 描述 + Switch 的标准布局
• 正确使用 i18n 翻译键
• isPending 时禁用交互

src/app/[locale]/dashboard/logs/_components/usage-logs-table.tsx (1)

93-94: 逻辑清晰！

新增的 isWarmupSkipped 和 isMutedRow 标志正确识别 warmup 跳过的请求，并统一应用样式（与 non-billing 类似的灰度处理）。

Also applies to: 101-101

src/app/v1/_lib/proxy/guard-pipeline.ts (3)

13-13: LGTM!

导入语句和类型定义遵循现有模式，实现简洁清晰。

Also applies to: 35-35

---

96-101: LGTM!

Warmup guard 实现遵循了与其他 guard 一致的模式，代码结构清晰。

---

181-181: Guard 顺序设计合理。

Warmup guard 放置在 session 之后、requestFilter 之前的位置是恰当的：

1. 在 session 之后：可以访问 authState 和 sessionId 等会话信息
2. 在 rateLimit 之前：确保 warmup 请求不会被计入速率限制（符合 PR 目标）
3. 在 provider 之前：warmup 请求直接响应，无需解析真实的 provider

根据编码指南，guard pipeline 的执行顺序已正确维护。

tests/unit/proxy/session.test.ts (2)

34-34: LGTM!

测试辅助函数的扩展设计良好：

• 保持向后兼容（提供默认值）
• 参数命名清晰（requestUrl, requestMessage）
• 最小化对现有测试的影响

Also applies to: 53-60, 78-81

---

430-669: 测试覆盖全面且结构清晰。

新增的 isWarmupRequest 测试套件覆盖了：

• ✅ 正向案例：合法 warmup 请求识别（大小写、空格容忍）
• ✅ Endpoint 校验：非 /v1/messages 正确拒绝
• ✅ Cache control 校验：缺失或非 ephemeral 正确拒绝
• ✅ 结构严格性：多消息/多块/异常结构正确拒绝
• ✅ 边界条件：null 值、错误类型、字段缺失

测试用例设计合理，有效防止误判。

src/lib/config/system-settings-cache.ts (2)

27-30: LGTM!

新增配置项遵循现有模式，默认值设置为 false 是合理的安全默认值（opt-in 特性）。

---

88-88: LGTM!

Fallback 配置对象正确包含了新字段，确保缓存获取失败时的一致性。

src/repository/statistics.ts (2)

18-19: 常量定义清晰且命名准确。

EXCLUDE_WARMUP_CONDITION 的实现正确过滤了被标记为 warmup 的请求，确保这些探测请求不会污染统计数据。

---

51-51: Warmup 排除逻辑应用一致且全面。

在所有统计和成本计算查询中正确应用了 EXCLUDE_WARMUP_CONDITION，确保：

• 用户/密钥统计数据不包含 warmup 请求
• 成本计算（总成本、时间范围成本、成本明细）排除 warmup 请求
• 符合 PR 目标：warmup 请求不计入计费、统计、配额

实现遵循了 DRY 原则，使用统一的条件常量。

Also applies to: 87-87, 123-123, 159-159, 235-235, 276-276, 317-317, 358-358, 440-440, 470-470, 512-512, 542-542, 584-584, 614-614, 656-656, 686-686, 733-733, 785-785, 814-814, 839-840, 875-876, 909-910, 944-945, 990-991, 1183-1184

tests/unit/proxy/warmup-guard.test.ts (3)

1-82: 测试设置结构良好且全面。

Mock 配置和测试辅助函数设计合理：

• ✅ 依赖项 mock 覆盖完整（config、db、session-manager、logger）
• ✅ loadGuard() 使用动态导入确保 mock 在模块加载前生效
• ✅ createMockSession() 提供合理的默认值和灵活的覆盖机制
• ✅ beforeEach 正确重置所有 mock 状态

---

84-112: 负向测试用例覆盖充分。

三个测试用例正确验证了 guard 的各个提前退出条件：

1. 非 warmup 请求：验证不读取系统设置（性能优化）
2. 功能开关关闭：验证配置项生效
3. 认证态不完整：验证必要前置条件

每个测试都确认了不会产生副作用（DB 插入、Session 存储），符合 fail-open 策略。

---

114-180: 正向测试用例全面且精确。

成功拦截测试（lines 114-169）验证了：

• ✅ HTTP 响应：状态码 200、content-type、自定义标识头
• ✅ 响应体结构：符合 Anthropic Messages API 格式
• ✅ Session 存储：响应体、响应头、上下游元数据
• ✅ 数据库日志：providerId=0、blockedBy='warmup'、costUsd=null 等字段
• ✅ 调试日志：记录拦截事件

故障恢复测试（lines 171-179）验证了：

• ✅ DB 写入失败不影响 HTTP 响应
• ✅ 错误被正确记录

符合编码指南中的 fail-open 策略。

src/repository/usage-logs.ts (2)

372-389: 统计聚合逻辑正确排除 warmup 请求

使用 PostgreSQL 的 FILTER (WHERE ...) 子句对聚合函数进行条件过滤是正确的做法。totalRows 保持包含所有记录（用于分页），而 totalRequests 及其他统计字段排除 warmup 请求，符合 PR 目标中"warmup 请求不计入统计"的要求。

---

587-603: findUsageLogsStats 正确应用 warmup 排除条件

statsConditions 在原有条件基础上追加 EXCLUDE_WARMUP_CONDITION，确保独立的聚合统计查询也排除 warmup 请求，与 findUsageLogsWithDetails 保持一致。

src/app/v1/_lib/proxy/warmup-guard.ts (2)

110-131: Warmup 响应体结构

响应体格式符合 Anthropic API 规范，包含必要字段。使用 crypto.randomBytes 生成随机 ID 是安全的做法。

一个小建议：stop_reason: "end_turn" 是 Anthropic 的标准值，可以考虑添加注释说明这是模拟正常对话结束的响应。

---

73-94: definerId=0 为特殊标记的设计已确认安全，建议提取为常量以便维护

已确认 providers 表使用 PostgreSQL serial 类型，自增 ID 从 1 开始，providerId: 0 作为特殊标记值不会与实际供应商 ID 冲突。

建议将 providerId: 0 提取为命名常量（如 const WARMUP_PROVIDER_ID = 0 或 const BLOCKED_PROVIDER_ID = 0），因为该值目前在多个文件中硬编码使用（warmup-guard.ts、sensitive-word-guard.ts、测试/webhook 模板），统一常量定义可提升代码可读性和维护性。

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# Search for authState.apiKey usage and any hashing operations
rg -n "authState.*apiKey|apiKey.*hash|SHA-256|crypto" --type ts -g "*auth*.ts" -g "*session*.ts" -g "*warmup*.ts"

Repository: ding113/claude-code-hub

Length of output: 1045

---

🏁 Script executed:

# Check where authState is defined and how apiKey is assigned
rg -n "authState\s*=" --type ts -B3 -A3

Repository: ding113/claude-code-hub

Length of output: 2511

---

🏁 Script executed:

# Search for database insert operations with key field
rg -n "db\.insert.*messageRequest|messageRequest.*values" --type ts -B5 -A5

Repository: ding113/claude-code-hub

Length of output: 2648

---

🏁 Script executed:

# Check for any hash or encryption functions in the codebase
fd -t f -name "*.ts" | xargs rg -l "SHA-256|sha256|crypto.*hash" | head -20

Repository: ding113/claude-code-hub

Length of output: 460

---

🏁 Script executed:

# Find ProxyAuthenticator definition
rg -n "class ProxyAuthenticator|export.*ProxyAuthenticator" --type ts -B2 -A15

Repository: ding113/claude-code-hub

Length of output: 1507

---

🏁 Script executed:

# Find where authState is defined/typed
rg -n "type AuthState|interface AuthState" --type ts -B2 -A10

Repository: ding113/claude-code-hub

Length of output: 816

---

🏁 Script executed:

# Check the validate method of ProxyAuthenticator
rg -n "validate\s*\(" --type ts -B3 -A20 | grep -A20 "ProxyAuthenticator"

Repository: ding113/claude-code-hub

Length of output: 2733

---

🏁 Script executed:

# Search for the actual ProxyAuthenticator implementation file
fd -type f -name "*authenticator*.ts" -o -name "*auth*.ts" | grep -v node_modules

Repository: ding113/claude-code-hub

Length of output: 237

---

🏁 Script executed:

# Read the full auth-guard.ts file to see the complete validate implementation
cat -n src/app/v1/_lib/proxy/auth-guard.ts

Repository: ding113/claude-code-hub

Length of output: 8430

---

🏁 Script executed:

# Find database schema for messageRequest table
fd -type f -name "*.ts" | xargs rg -l "messageRequest" | head -10

Repository: ding113/claude-code-hub

Length of output: 560

---

🏁 Script executed:

# Look for schema definitions
rg -n "messageRequest.*=|table.*messageRequest" --type ts -B2 -A10

Repository: ding113/claude-code-hub

Length of output: 23465

---

🏁 Script executed:

# Check if there are migrations or schema files
find . -type f \( -name "*schema*" -o -name "*migrations*" \) | grep -E "\.(ts|sql)$"

Repository: ding113/claude-code-hub

Length of output: 317

---

🏁 Script executed:

# Read the complete messageRequest schema definition
sed -n '264,320p' src/drizzle/schema.ts

Repository: ding113/claude-code-hub

Length of output: 2192

---

API 密钥存储安全问题：未进行 SHA-256 哈希

验证确认：authState.apiKey 为明文字符串（在 src/app/v1/_lib/proxy/auth-guard.ts 中直接从请求头提取），数据库 messageRequest 表的 key 字段存储时未进行任何哈希处理。

这违反了 coding guidelines 的要求："Hash API keys using SHA-256 before storing in database, never store plaintext keys"。

受影响的位置包括：

• warmup-guard.ts 第 76 行
• sensitive-word-guard.ts 第 94 行
• message-service.ts 第 37 行

需要在数据库插入前使用 SHA-256 对 API 密钥进行哈希，或在应用层验证时哈希密钥以支持比对。

🤖 Prompt for AI Agents

In src/app/v1/_lib/proxy/warmup-guard.ts around lines 73 to 76, the API key is
being stored in plaintext (authState.apiKey) — compute a SHA-256 hash of the API
key and store the hex (or base64) digest instead of the raw key; implement this
by invoking a shared helper (e.g., hashApiKey(apiKey): string) that performs a
SHA-256 digest using Node's crypto and returns the encoded string, and replace
key: authState.apiKey with key: hashApiKey(authState.apiKey); apply the same
change to the other affected locations (sensitive-word-guard.ts line ~94 and
message-service.ts line ~37) so all DB writes and comparisons use the SHA-256
hashed value.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# 检查 EXCLUDE_WARMUP_CONDITION 在代码库中的定义和使用情况
rg -n "EXCLUDE_WARMUP_CONDITION" --type ts

Repository: ding113/claude-code-hub

Length of output: 3611

---

提取 EXCLUDE_WARMUP_CONDITION 常量到共享文件

EXCLUDE_WARMUP_CONDITION 在 4 个文件中重复定义：

• src/repository/leaderboard.ts:11
• src/repository/usage-logs.ts:9
• src/repository/statistics.ts:19
• src/repository/key.ts:12

所有定义使用完全相同的 SQL 逻辑。建议创建专用的 constants 文件（如 src/repository/constants.ts）并从各文件中导入此常量，避免重复定义，降低后续维护风险。

[github-actions]

Code Review Summary

This PR adds an optional system setting to intercept Anthropic warmup requests directly at the proxy level. The implementation is thorough, well-structured, and follows existing patterns in the codebase. The code properly excludes warmup requests from billing, rate limiting, quotas, and statistics while maintaining audit visibility in logs.

PR Size: XL

• Lines changed: 4494 (4426 additions + 68 deletions)
• Files changed: 49

Split suggestions for future consideration: Given the XL size, future PRs of this nature could potentially be split into:

1. Core warmup detection/interception logic
2. Repository layer changes (statistics exclusion)
3. UI changes (logs display)

However, the current PR is cohesive as a single feature and the complexity is justified.

Issues Found

Category	Critical	High	Medium	Low
Logic/Bugs	0	0	0	0
Security	0	0	0	0
Error Handling	0	0	0	0
Types	0	0	0	0
Comments/Docs	0	0	0	0
Tests	0	0	0	0
Simplification	0	0	0	0

No significant issues identified in this PR.

Review Coverage

• Logic and correctness - Clean
• Security (OWASP Top 10) - Clean
• Error handling - Clean (errors properly logged, failures don't block responses)
• Type safety - Clean
• Documentation accuracy - Clean
• Test coverage - Comprehensive (8 new test files)
• Code clarity - Good

Review Notes

Strengths observed:

• The warmup detection logic (isWarmupRequest()) in session.ts:567-634 is thorough with strict validation criteria to minimize false positives
• Error handling in warmup-guard.ts:70-76 properly logs failures without blocking the response
• Consistent application of EXCLUDE_WARMUP_CONDITION across all statistics/billing repositories
• Session tracking is correctly skipped for warmup requests to avoid affecting concurrent session limits
• UI properly distinguishes warmup requests with separate visual styling (blue badge vs orange for blocked)
• All 5 locales have been updated with appropriate translations

Architecture decisions validated:

• The guard pipeline placement (after session, before rateLimit/provider) correctly ensures warmup requests bypass billing/limits
• Using providerId: 0 and blockedBy: 'warmup' provides clear audit trail
• The feature is opt-in (default: false) which is appropriate for potentially breaking behavior changes

---

Automated review by Claude AI

[github-actions]

Code Review Summary

This PR adds an optional system setting to intercept Anthropic warmup requests directly at the proxy level. The implementation is thorough, well-structured, and follows existing patterns in the codebase. The code properly excludes warmup requests from billing, rate limiting, quotas, and statistics while maintaining audit visibility in logs.

PR Size: XL

• Lines changed: 4494 (4426 additions + 68 deletions)
• Files changed: 49

Split suggestions for future consideration: Given the XL size, future PRs of this nature could potentially be split into:

1. Core warmup detection/interception logic
2. Repository layer changes (statistics exclusion)
3. UI changes (logs display)

However, the current PR is cohesive as a single feature and the complexity is justified.

Issues Found

Category	Critical	High	Medium	Low
Logic/Bugs	0	0	0	0
Security	0	0	0	0
Error Handling	0	0	0	0
Types	0	0	0	0
Comments/Docs	0	0	0	0
Tests	0	0	0	0
Simplification	0	0	0	0

No significant issues identified in this PR.

Review Coverage

• Logic and correctness - Clean
• Security (OWASP Top 10) - Clean
• Error handling - Clean (errors properly logged, failures do not block responses)
• Type safety - Clean
• Documentation accuracy - Clean
• Test coverage - Comprehensive (8 new test files)
• Code clarity - Good

Review Notes

Strengths observed:

• The warmup detection logic in session.ts:567-634 is thorough with strict validation criteria to minimize false positives
• Error handling in warmup-guard.ts:70-76 properly logs failures without blocking the response
• Consistent application of EXCLUDE_WARMUP_CONDITION across all statistics/billing repositories
• Session tracking is correctly skipped for warmup requests to avoid affecting concurrent session limits
• UI properly distinguishes warmup requests with separate visual styling (blue badge vs orange for blocked)
• All 5 locales have been updated with appropriate translations

Architecture decisions validated:

• The guard pipeline placement (after session, before rateLimit/provider) correctly ensures warmup requests bypass billing/limits
• Using providerId: 0 and blockedBy: warmup provides clear audit trail
• The feature is opt-in (default: false) which is appropriate for potentially breaking behavior changes

---

Automated review by Claude AI

[github-actions]

Code Review Summary

No significant issues identified in this PR based on diff-scope review.
Reviewed the warmup interception flow, system settings plumbing, repository/statistics exclusions, and added unit/UI tests.

PR Size: XL

• Lines changed: 4494
• Files changed: 49
• Split suggestions: Consider splitting into (1) proxy warmup guard + pipeline changes, (2) system settings + DB migration, (3) repository/statistics exclusions + dashboard UI, (4) tests + i18n updates.

Review Coverage

• Logic and correctness - Clean
• Security (OWASP Top 10) - Clean
• Error handling - Clean
• Type safety - Clean
• Documentation accuracy - Clean
• Test coverage - Adequate
• Code clarity - Good

---

Automated review by Codex AI

[github-actions]

Applied PR size label size/XL to PR #525 and posted a review comment summary via gh pr review.

No diff-scope issues met the >=80 confidence threshold, so no inline review comments were filed.