Commit Graph
100 Commits
Author SHA1 Message Date
hkfires 50c1c50dbd docs: document PostgreSQL-backed config/token store 2025-10-14 15:43:58 +08:00
hkfires 5123cfd47e feat(store): add PostgreSQL-backed config store with env selection 2025-10-14 15:43:58 +08:00
hkfires 39abde2413 refactor(watcher): remove redundant quota-exceeded change logs 2025-10-13 14:02:55 +08:00
hkfires 0aa8706ef7 feat(config): Treat empty BaseURL for Codex keys as deletion 2025-10-13 13:48:27 +08:00
hkfires 5fd4a8b974 feat(config): Remove OpenAI providers with empty BaseURL 2025-10-13 13:48:27 +08:00
hkfires 06e6f0a5f2 refactor(watcher): Extract config change logging to new function 2025-10-13 13:48:27 +08:00
hkfires b5ad978d44 feat(managementasset): Authenticate GitHub API requests 2025-10-12 21:21:51 +08:00
hkfires 4c033b3af7 feat(config): disable logging and usage stats by default 2025-10-11 22:11:08 +08:00
hkfires 843a81f68d fix(server): Handle empty/invalid config in cloud deploy mode 2025-10-11 22:07:08 +08:00
hkfires fc6aa8ef77 feat(config): Gracefully handle empty or invalid optional config 2025-10-11 20:49:15 +08:00
hkfires c3f88126e6 refactor(provider): remove Gemini Web cookie-based support 2025-10-11 12:56:07 +08:00
hkfires b895018ff5 refactor(provider): remove Gemini Web cookie-based provider 2025-10-11 12:53:03 +08:00
hkfires 78738ca3f0 fix(config): treat directory as absent for optional config in cloud deploy mode 2025-10-10 19:40:02 +08:00
hkfires ac01c74c02 feat(server): Add cloud deploy mode 2025-10-10 18:52:43 +08:00
hkfires 01be94a0de feat(translator): Map OpenAI modalities to Gemini responseModalities 2025-10-09 19:38:07 +08:00
hkfires d1933075c3 Revert "feat(translator): Pass through imageConfig" 2025-10-09 16:35:08 +08:00
hkfires a602ae859b feat(translator): Add support for openrouter image_config 2025-10-09 15:47:06 +08:00
hkfires c5d7137d66 feat(translator): Pass through imageConfig 2025-10-09 13:50:43 +08:00
hkfires 514f5a8ad4 feat(cliproxy): Rebind auth executors on config change 2025-10-07 21:23:21 +08:00
hkfires 75d7763c5c refactor(gemini-web): Rename flash image preview model ID 2025-10-07 20:35:53 +08:00
hkfires 9bb7df7af7 feat(gemini-web): Enable config hot-reload and fix Gem selection 2025-10-07 20:23:33 +08:00
hkfires 43665cb649 feat(gemini-web): Replace code-mode with flexible gem-mode 2025-10-07 19:36:22 +08:00
hkfires 31659c790d feat(translator/gemini-cli): support inline image data in responses 2025-10-06 17:06:04 +08:00
hkfires c62ecc2442 fix(gemini): Disable thinking config for incompatible models 2025-10-06 16:32:03 +08:00
hkfires 8ca041cfcf feat(auth): Use user info for iFlow auth identifier 2025-10-05 20:11:30 +08:00
hkfires eac8b1a27f fix(auth): Correct iFlow OAuth callback port to 11451 2025-10-05 18:53:22 +08:00
hkfires c8029b7166 feat(iflow): Add User-Agent header to API requests 2025-10-05 18:50:35 +08:00
hkfires 64f4c18fea fix(auth): Return error if iFlow API key fetch fails 2025-10-05 16:34:27 +08:00
hkfires 9abcaf177f feat(registry): Add display names and descriptions for iFlow models 2025-10-05 16:11:40 +08:00
hkfires b839e351c4 feat: Add support for iFlow provider 2025-10-05 15:51:09 +08:00
hkfires 4657c98821 feat: Add option to disable management control panel 2025-10-04 19:55:07 +08:00
hkfires dd1e0da155 fix(cliproxy): Use model name as fallback for ID if alias is empty 2025-10-04 19:42:11 +08:00
hkfires cf9a748159 fix(watcher): Prevent infinite reload loop on rapid config changes 2025-10-04 13:58:15 +08:00
hkfires 2e328dd462 feat(management): Improve logging for management route status 2025-10-04 13:48:34 +08:00
hkfires edd4b4d97f refactor(api): Lazily register management routes 2025-10-04 13:41:49 +08:00
hkfires 608d745159 fix(api): Enable management routes based on secret key presence 2025-10-04 13:32:54 +08:00
hkfires fd795caf76 refactor(api): Use middleware to control management route availability
Previously, management API routes were conditionally registered at server startup based on the presence of the `remote-management-key`. This static approach meant a server restart was required to enable or disable these endpoints.

This commit refactors the route handling by:
1.  Introducing an `atomic.Bool` flag, `managementRoutesEnabled`, to track the state.
2.  Always registering the management routes at startup.
3.  Adding a new `managementAvailabilityMiddleware` to the management route group.

This middleware checks the `managementRoutesEnabled` flag for each request, rejecting it if management is disabled. This change provides the same initial behavior but creates a more flexible architecture that will allow for dynamically enabling or disabling management routes at runtime in the future.
2025-10-04 13:08:08 +08:00
hkfires f2201dabfa feat(gemini-web): Index and look up conversations by suffix 2025-09-30 12:21:51 +08:00
hkfires 108dcb7f70 fix(gemini-web): Correct history on conversation reuse 2025-09-30 12:21:51 +08:00
hkfires 8858e07d8b feat(gemini-web): Add support for custom auth labels 2025-09-30 12:21:51 +08:00
hkfires d33a89b89f fix(gemini-web): Ignore tool messages to fix sticky selection 2025-09-30 12:21:51 +08:00
hkfires 1d70336a91 fix(gemini-web): Correct ambiguity check in conversation lookup 2025-09-30 12:21:51 +08:00
hkfires 6080527e9e feat(gemini-web): Namespace conversation index by account label 2025-09-30 12:21:51 +08:00
hkfires 82187bffba feat(gemini-web): Add conversation affinity selector 2025-09-30 12:21:51 +08:00
hkfires f4977e5ef6 Ignore GEMINI.md file 2025-09-30 12:21:51 +08:00
hkfires ad4d045101 feat: Restore API key config in config file 2025-09-28 09:11:58 +08:00
hkfires 5888e04654 refactor(cliproxy): remove unused access provider refresh logic 2025-09-28 08:59:17 +08:00
hkfires 19b10cb894 feat(sdk/auth): extend Gemini Web refresh lead to 1 hour 2025-09-28 08:40:32 +08:00
hkfires aa25820698 chore(log): Refine debug messages for config reloads 2025-09-28 08:40:25 +08:00
hkfires da72ac1f6d fix(config): Inline SDKConfig for proper YAML parsing 2025-09-27 12:23:20 +08:00
hkfires f9a170a3c4 chore(watcher): Clarify API key client reload log message 2025-09-27 11:25:40 +08:00
hkfires 88f06fc305 feat(watcher): Log detailed diff for openai-compatibility on reload 2025-09-27 11:15:30 +08:00
hkfires 562a49a194 feat(provider/gemini-web): Prioritize explicit label for account identification 2025-09-27 10:56:15 +08:00
hkfires 6136a77eb3 refactor(util): Centralize auth directory path resolution
Introduces a new utility function, `util.ResolveAuthDir`, to handle the normalization and resolution of the authentication directory path.

Previously, the logic for expanding the tilde (~) to the user's home directory was implemented inline in `main.go`. This refactoring extracts that logic into a reusable function within the `util` package.

The new `ResolveAuthDir` function is now used consistently across the application:
- During initial server startup in `main.go`.
- When counting authentication files in `util.CountAuthFiles`.
- When the configuration is reloaded by the watcher.

This change eliminates code duplication, improves consistency, and makes the path resolution logic more robust and maintainable.
2025-09-27 09:06:51 +08:00
hkfires afff9216ea perf(watcher): Avoid unnecessary auth dir scan on config reload 2025-09-27 08:43:06 +08:00
hkfires b56edd4db0 refactor(access): Introduce ApplyAccessProviders helper function
The logic for reconciling access providers, updating the manager, and logging the changes was previously handled directly in the service layer.

This commit introduces a new `ApplyAccessProviders` helper function in the `internal/access` package to encapsulate this entire process. The service layer is updated to use this new helper, which simplifies its implementation and reduces code duplication.

This refactoring centralizes the provider update logic and improves overall code maintainability. Additionally, the `sdk/access` package import is now aliased to `sdkaccess` for clarity.
2025-09-27 08:23:24 +08:00
hkfires b0f2ad7cfe fix(cliproxy): Clear stale compatibility model registrations
Previously, if an OpenAI compatibility configuration was removed from the
config file or its model list was emptied, the associated models for
that auth entry were not unregistered from the global model registry.
This resulted in stale registrations persisting.

This change ensures that when an auth entry is identified as being for
a compatibility provider, its models are explicitly unregistered if:
- The corresponding configuration is found but has an empty model list.
- The corresponding configuration is no longer found in the config file.
2025-09-26 22:04:32 +08:00
hkfires cd0b1be46c fix(log): Reduce noise on metadata updates and provider sync 2025-09-26 21:42:42 +08:00
hkfires 08856a97fb fix(access): Exclude inline provider from reconciliation changes
The `ReconcileProviders` function was incorrectly including the default
inline provider (`access.teleport.dev`) in the lists of added, updated,
and removed providers.

The inline provider is a special case managed directly by the access
controller and does not correspond to a separate, reloadable resource.
Including it in the change lists could lead to errors when attempting
to perform lifecycle operations on it.

This commit modifies the reconciliation logic to explicitly ignore the
inline provider when calculating changes. This ensures that only
external, reloadable providers are reported as changed, preventing
incorrect lifecycle management.
2025-09-26 20:48:20 +08:00
hkfires b6d5ce2d4d fix(access): Force rebuild of aliased provider configurations
The provider reconciliation logic did not correctly handle aliased provider configurations (e.g., using YAML anchors). When a provider config was aliased, the check for configuration equality would pass, causing the system to reuse the existing provider instance without rebuilding it, even if the underlying configuration had changed.

This change introduces a check to detect if the old and new provider configurations point to the same object in memory. If they are aliased, the provider is now always rebuilt to ensure it reflects the latest configuration. The optimization to reuse an existing provider based on deep equality is now only applied to non-aliased providers.
2025-09-26 20:05:43 +08:00
hkfires 0f55e550cf refactor(registry): Preserve duplicate models in client registration
The `RegisterClient` function previously deduplicated the list of models provided by a client. This could lead to an inaccurate representation of the client's state if it intentionally registered the same model ID multiple times.

This change refactors the registration logic to store the raw, unfiltered list of models, preserving their original order and count.

A new `rawModelIDs` slice tracks the complete list for storage in `clientModels`, while the logic for processing changes continues to use a unique set of model IDs for efficiency. This ensures the registry's state accurately reflects what the client provides.
2025-09-26 19:38:44 +08:00
hkfires e1de04230f fix(registry): Reset client status on model re-registration
When a client re-registers with the model registry, its previous status for a given model (e.g., quota exceeded or suspended) was not being cleared. This could lead to a situation where a client is permanently unable to use a model even after re-registering.

This change ensures that when a client re-registers an existing model, its ID is removed from the model's `QuotaExceededClients` and `SuspendedClients` lists. This effectively resets the client's status for that model, allowing for a fresh start upon reconnection.
2025-09-26 19:19:24 +08:00
hkfires a887a337a5 fix(registry): Handle duplicate model IDs in client registration
The previous model registration logic used a set-like map to track the models associated with a client. This caused issues when a client registered multiple instances of the same model ID, as they were all treated as a single registration.

This commit refactors the registration logic to use count maps for both the old and new model lists. This allows the system to accurately track the number of instances for each model ID provided by a client.

The changes ensure that:
- When a client updates its model list, the exact number of added or removed instances for each model ID is correctly calculated.
- Provider counts are accurately incremented or decremented based on the number of model instances being added, removed, or having their provider changed.
- The registry correctly handles scenarios where a client reduces the number of duplicate model registrations (e.g., from `[A, A]` to `[A]`), properly deregistering the surplus instance.
2025-09-26 18:52:58 +08:00
hkfires 2717ba3e50 fix(registry): Avoid provider update when new provider is empty
When a client re-registered and changed its provider from a non-empty value to an empty string, the logic would still trigger a provider update for the client's models. An empty provider string should not cause an update.

This commit fixes this behavior by adding a check to ensure the new provider is a non-empty string before updating the model's provider information.

Additionally, the logic for detecting a provider change has been simplified by removing an unnecessary variable.
2025-09-26 18:32:47 +08:00
hkfires 63af4c551d fix(registry): Fix provider change logic for new models
When a client changed its provider and registered a new model in the same `RegisterClient` call, the logic would incorrectly attempt to decrement the provider count for the new model from the old provider. This was because the loop iterated over all new model IDs without checking if they were part of the client's previous registration.

This commit adds a check to ensure that a model existed in the client's old model set before attempting to decrement the old provider's usage count. This prevents incorrect state updates in the registry during provider transitions that also introduce new models.
2025-09-26 18:32:47 +08:00
hkfires c675cf5e72 refactor(config): Implement reconciliation for providers and clients
This commit introduces a reconciliation mechanism for handling configuration updates, significantly improving efficiency and resource management.

Previously, reloading the configuration would tear down and recreate all access providers from scratch, regardless of whether their individual configurations had changed. This was inefficient and could disrupt services.

The new `sdkaccess.ReconcileProviders` function now compares the old and new configurations to intelligently manage the provider lifecycle:
- Unchanged providers are kept.
- New providers are created.
- Providers removed from the config are closed and discarded.
- Providers with updated configurations are gracefully closed and recreated.

To support this, a `Close()` method has been added to the `Provider` interface.

A similar reconciliation logic has been applied to the client registration state in `state.RegisterClient`. This ensures that model registrations are accurately tracked when a client's configuration is updated, correctly handling added, removed, and unchanged models. Enhanced logging provides visibility into these operations.
2025-09-26 18:32:47 +08:00
hkfires 3ca01b60a5 refactor(logging): Improve client loading and registration logs 2025-09-26 14:01:41 +08:00
hkfires 9b80820b17 refactor(auth): Move candidate sorting to RoundRobinSelector 2025-09-26 10:50:15 +08:00
hkfires e836b4ac10 fix(auth): Make round-robin auth selection deterministic 2025-09-26 09:49:53 +08:00
hkfires f228a4dcca feat(auth): Enhance Gemini web auth with flexible input and UI 2025-09-26 09:43:26 +08:00
hkfires 96cebd2a35 feat(auth): add interactive prompts to Gemini web auth flow 2025-09-25 20:39:15 +08:00
hkfires a45d2109f3 feat(auth): Improve Gemini web auth with email label detection 2025-09-25 20:17:47 +08:00
hkfires 7a30e65175 refactor(gemini-web): Remove file-based PSIDTS cookie caching 2025-09-25 18:52:31 +08:00
hkfires c63dc7fe2f fix(auth): Scope unavailability checks to specific models 2025-09-25 18:51:50 +08:00
hkfires 2a274d4a08 Merge branch 'main' into gemini-web 2025-09-25 11:05:43 +08:00
hkfires 2175a10932 feat(gemini-web): Introduce stable account label for identification 2025-09-25 10:59:20 +08:00
hkfires 20f3e62529 feat(auth): Add stable label to Gemini Web tokens for logging 2025-09-25 10:34:46 +08:00
hkfires 7f2e2fee56 refactor(gemini-web): Consolidate conversation data into single BoltDB file 2025-09-25 10:34:46 +08:00
hkfires 9810834f20 refactor(gemini-web): Centralize HTTP client creation for media 2025-09-25 10:34:46 +08:00
hkfires 0d4cb9e9fb refactor(gemini-web): Improve client robustness and code reuse 2025-09-25 10:34:46 +08:00
hkfires 4ecc798b1b Reduce the size of gemini-web's package files 2025-09-24 22:30:00 +08:00
hkfires c76b8785f8 refactor(gemini-web): Standardize logging with logrus 2025-09-24 22:13:10 +08:00
hkfires d4f5ec2492 Removed the cookie snapshot feature. 2025-09-24 22:12:29 +08:00
hkfires 06a3e9792d chore: Ignore .serena directory 2025-09-24 22:12:29 +08:00
hkfires e9707c2f9e refactor(gemini-web): Move provider logic to its own package
The Gemini Web API client logic has been relocated from `internal/client/gemini-web` to a new, more specific `internal/provider/gemini-web` package. This refactoring improves code organization and modularity by better isolating provider-specific implementations.

As a result of this move, the `GeminiWebState` struct and its methods have been exported (capitalized) to make them accessible from the executor. All call sites have been updated to use the new package path and the exported identifiers.
2025-09-24 22:12:29 +08:00
hkfires b86ed46845 fix(codex): Remove reasoning.effort for default gpt-5-codex model 2025-09-24 13:17:19 +08:00
hkfires 73cf491478 fix(gemini-web): Correct stream translation and reduce auth refresh lead 2025-09-23 20:51:55 +08:00
hkfires 8e485e5868 refactor(gemini-web): Remove auto-refresh, auto-close, and caching
This commit simplifies the Gemini web client by removing several complex, stateful features. The previous implementation for auto-refreshing cookies and auto-closing the client involved background goroutines, timers, and file system caching, which made the client's lifecycle difficult to manage.

The following features have been removed:
- The cookie auto-refresh mechanism, including the background goroutine (`rotateCookies`) and related configuration fields.
- The file-based caching for the `__Secure-1PSIDTS` token. The `rotate1PSIDTS` function now fetches a new token on every call.
- The auto-close functionality, which used timers to close the client after a period of inactivity.
- Associated configuration options and methods (`WithAccountLabel`, `WithOnCookiesRefreshed`, `Close`, etc.).

By removing this logic, the client becomes more stateless and predictable. The responsibility for managing the client's lifecycle and handling token expiration is now shifted to the caller, leading to a simpler and more robust integration.
2025-09-23 12:48:30 +08:00
hkfires 50c8f7f96f feat(gemini-web): Inject fallback text for image-only flash model responses 2025-09-23 10:05:59 +08:00
hkfires e8e00d4cb8 refactor(watcher): Remove unnecessary log separator 2025-09-23 10:05:59 +08:00
hkfires 49232372a7 fix(log): Trim trailing newlines to prevent blank log lines 2025-09-23 10:05:59 +08:00
hkfires 22a69333a0 feat(gemini-web): Implement proactive PSIDTS cookie rotation 2025-09-22 21:54:52 +08:00
hkfires 314125e7ec fix(logging): Prevent race conditions in FileStreamingLogWriter 2025-09-22 16:46:01 +08:00
hkfires 759bb88a90 fix(auth): Improve file-based auth handling and consistency 2025-09-22 13:03:47 +08:00
hkfires d6bb143978 refactor(translator): Remove unused logrus imports 2025-09-22 08:01:37 +08:00
hkfires 9253bdbf77 feat(provider): Introduce dedicated provider type for Gemini-Web 2025-09-20 19:47:58 +08:00
hkfires 41effa5aeb feat(gemini-web): Add support for image generation with Gemini models through the OpenAI chat completions translator. 2025-09-20 19:34:53 +08:00
hkfires deaa64b080 feat(gemini-web): Add support for real Nano Banana model 2025-09-20 13:35:27 +08:00
hkfires aba719f5fe refactor(auth): Centralize auth file reading with snapshot preference
The logic for reading authentication files, which includes retries and a preference for cookie snapshot files, was previously implemented locally within the `watcher` package. This was done to handle potential file locks during writes.

This change moves this functionality into a shared `ReadAuthFileWithRetry` function in the `util` package to promote code reuse and consistency.

The `watcher` package is updated to use this new centralized function. Additionally, the initial token loading in the `run` command now also uses this logic, making it more resilient to file access issues and consistent with the watcher's behavior.
2025-09-20 00:14:26 +08:00
hkfires 1d7abc95b8 fix(gemini-web): ensure colon spacing in JSON output for compatibility 2025-09-19 23:32:52 +08:00