docs: add v6.10.4 update history

v6.9.38 → v6.10.4 (69 commits): WebSocket compact handling, session affinity via X-Amp-Thread-Id, Codex reasoning/image improvements, GPT-5.5 model, optional OpenAI-compat disable. Updated without re-auth. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
docs: add v6.9.38 update history
2026-05-04 13:27:37 +09:00 · 2026-04-26 18:22:04 +09:00 · 2026-04-23 00:20:44 +09:00 · 2026-03-31 21:23:22 +09:00 · 2026-03-31 21:20:55 +09:00
479 changed files with 10484 additions and 45160 deletions
@@ -1,5 +0,0 @@
-# Cluster JWT example.
-# After deploying https://github.com/router-for-me/CLIProxyAPIHome, get the JWT value with:
-# curl -sS -X POST "http://<home-host>:8327/v0/management/certificates/clients" -H "X-MANAGEMENT-KEY: <management-key>" | jq -r '.home_jwt'
-# Then paste it into HOME_JWT here or export it before starting Compose.
-HOME_JWT=your-home-jwt-here
@@ -1,81 +0,0 @@
-name: agents-md-guard
-
-on:
-  pull_request_target:
-    types:
-      - opened
-      - synchronize
-      - reopened
-
-permissions:
-  contents: read
-  issues: write
-  pull-requests: write
-
-jobs:
-  close-when-agents-md-changed:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Detect AGENTS.md changes and close PR
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const prNumber = context.payload.pull_request.number;
-            const { owner, repo } = context.repo;
-
-            const files = await github.paginate(github.rest.pulls.listFiles, {
-              owner,
-              repo,
-              pull_number: prNumber,
-              per_page: 100,
-            });
-
-            const touchesAgentsMd = (path) =>
-              typeof path === "string" &&
-              (path === "AGENTS.md" || path.endsWith("/AGENTS.md"));
-
-            const touched = files.filter(
-              (f) => touchesAgentsMd(f.filename) || touchesAgentsMd(f.previous_filename),
-            );
-
-            if (touched.length === 0) {
-              core.info("No AGENTS.md changes detected.");
-              return;
-            }
-
-            const changedList = touched
-              .map((f) =>
-                f.previous_filename && f.previous_filename !== f.filename
-                  ? `- ${f.previous_filename} -> ${f.filename}`
-                  : `- ${f.filename}`,
-              )
-              .join("\n");
-
-            const body = [
-              "This repository does not allow modifying `AGENTS.md` in pull requests.",
-              "",
-              "Detected changes:",
-              changedList,
-              "",
-              "Please revert these changes and open a new PR without touching `AGENTS.md`.",
-            ].join("\n");
-
-            try {
-              await github.rest.issues.createComment({
-                owner,
-                repo,
-                issue_number: prNumber,
-                body,
-              });
-            } catch (error) {
-              core.warning(`Failed to comment on PR #${prNumber}: ${error.message}`);
-            }
-
-            await github.rest.pulls.update({
-              owner,
-              repo,
-              pull_number: prNumber,
-              state: "closed",
-            });
-
-            core.setFailed("PR modifies AGENTS.md");
@@ -1,73 +0,0 @@
-name: auto-retarget-main-pr-to-dev
-
-on:
-  pull_request_target:
-    types:
-      - opened
-      - reopened
-      - edited
-    branches:
-      - main
-
-permissions:
-  contents: read
-  issues: write
-  pull-requests: write
-
-jobs:
-  retarget:
-    if: github.actor != 'github-actions[bot]'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Retarget PR base to dev
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const pr = context.payload.pull_request;
-            const prNumber = pr.number;
-            const { owner, repo } = context.repo;
-
-            const baseRef = pr.base?.ref;
-            const headRef = pr.head?.ref;
-            const desiredBase = "dev";
-
-            if (baseRef !== "main") {
-              core.info(`PR #${prNumber} base is ${baseRef}; nothing to do.`);
-              return;
-            }
-
-            if (headRef === desiredBase) {
-              core.info(`PR #${prNumber} is ${desiredBase} -> main; skipping retarget.`);
-              return;
-            }
-
-            core.info(`Retargeting PR #${prNumber} base from ${baseRef} to ${desiredBase}.`);
-
-            try {
-              await github.rest.pulls.update({
-                owner,
-                repo,
-                pull_number: prNumber,
-                base: desiredBase,
-              });
-            } catch (error) {
-              core.setFailed(`Failed to retarget PR #${prNumber} to ${desiredBase}: ${error.message}`);
-              return;
-            }
-
-            const body = [
-              `This pull request targeted \`${baseRef}\`.`,
-              "",
-              `The base branch has been automatically changed to \`${desiredBase}\`.`,
-            ].join("\n");
-
-            try {
-              await github.rest.issues.createComment({
-                owner,
-                repo,
-                issue_number: prNumber,
-                body,
-              });
-            } catch (error) {
-              core.warning(`Failed to comment on PR #${prNumber}: ${error.message}`);
-            }
@@ -33,16 +33,15 @@ GEMINI.md

 # Tooling metadata
 .vscode/*
-.worktrees/
 .codex/*
 .claude/*
 .gemini/*
 .serena/*
 .agent/*
 .agents/*
+.agents/*
 .opencode/*
 .idea/*
-.beads/*
 .bmad/*
 _bmad/*
 _bmad-output/*
@@ -50,4 +49,3 @@ _bmad-output/*
 # macOS
 .DS_Store
 ._*
-.gocache/
@@ -19,8 +19,6 @@ builds:
 archives:
  - id: "cli-proxy-api"
    format: tar.gz
-    name_template: >-
-      {{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{- if eq .Arch "arm64" -}}aarch64{{- else -}}{{ .Arch }}{{- end -}}
    format_overrides:
      - goos: windows
        format: zip
@@ -1,58 +0,0 @@
-# AGENTS.md
-
-Go 1.26+ proxy server providing OpenAI/Gemini/Claude/Codex compatible APIs with OAuth and round-robin load balancing.
-
-## Repository
- GitHub: https://github.com/router-for-me/CLIProxyAPI
-
-## Commands
-```bash
-gofmt -w . # Format (required after Go changes)
-go build -o cli-proxy-api ./cmd/server # Build
-go run ./cmd/server # Run dev server
-go test ./... # Run all tests
-go test -v -run TestName ./path/to/pkg # Run single test
-go build -o test-output ./cmd/server && rm test-output # Verify compile (REQUIRED after changes)
-```
- Common flags: `--config <path>`, `--tui`, `--standalone`, `--local-model`, `--no-browser`, `--oauth-callback-port <port>`
-
-## Config
- Default config: `config.yaml` (template: `config.example.yaml`)
- `.env` is auto-loaded from the working directory
- Auth material defaults under `auths/`
- Storage backends: file-based default; optional Postgres/git/object store (`PGSTORE_*`, `GITSTORE_*`, `OBJECTSTORE_*`)
-
-## Architecture
- `cmd/server/` — Server entrypoint
- `internal/api/` — Gin HTTP API (routes, middleware, modules)
- `internal/api/modules/amp/` — Amp integration (Amp-style routes + reverse proxy)
- `internal/thinking/` — Main thinking/reasoning pipeline. `ApplyThinking()` (apply.go) parses suffixes (`suffix.go`, suffix overrides body), normalizes config to canonical `ThinkingConfig` (`types.go`), normalizes and validates centrally (`validate.go`/`convert.go`), then applies provider-specific output via `ProviderApplier`. Do not break this "canonical representation → per-provider translation" architecture.
- `internal/runtime/executor/` — Per-provider runtime executors (incl. Codex WebSocket)
- `internal/translator/` — Provider protocol translators (and shared `common`)
- `internal/registry/` — Model registry + remote updater (`StartModelsUpdater`); `--local-model` disables remote updates
- `internal/store/` — Storage implementations and secret resolution
- `internal/managementasset/` — Config snapshots and management assets
- `internal/cache/` — Request signature caching
- `internal/watcher/` — Config hot-reload and watchers
- `internal/wsrelay/` — WebSocket relay sessions
- `internal/usage/` — Usage and token accounting
- `internal/tui/` — Bubbletea terminal UI (`--tui`, `--standalone`)
- `sdk/cliproxy/` — Embeddable SDK entry (service/builder/watchers/pipeline)
- `test/` — Cross-module integration tests
-
-## Code Conventions
- Keep changes small and simple (KISS)
- Comments in English only
- If editing code that already contains non-English comments, translate them to English (don’t add new non-English comments)
- For user-visible strings, keep the existing language used in that file/area
- New Markdown docs should be in English unless the file is explicitly language-specific (e.g. `README_CN.md`)
- As a rule, do not make standalone changes to `internal/translator/`. You may modify it only as part of broader changes elsewhere.
- If a task requires changing only `internal/translator/`, run `gh repo view --json viewerPermission -q .viewerPermission` to confirm you have `WRITE`, `MAINTAIN`, or `ADMIN`. If you do, you may proceed; otherwise, file a GitHub issue including the goal, rationale, and the intended implementation code, then stop further work.
- `internal/runtime/executor/` should contain executors and their unit tests only. Place any helper/supporting files under `internal/runtime/executor/helps/`.
- Follow `gofmt`; keep imports goimports-style; wrap errors with context where helpful
- Do not use `log.Fatal`/`log.Fatalf` (terminates the process); prefer returning errors and logging via logrus
- Shadowed variables: use method suffix (`errStart := server.Start()`)
- Wrap defer errors: `defer func() { if err := f.Close(); err != nil { log.Errorf(...) } }()`
- Use logrus structured logging; avoid leaking secrets/tokens in logs
- Avoid panics in HTTP handlers; prefer logged errors and meaningful HTTP status codes
- Timeouts are allowed only during credential acquisition; after an upstream connection is established, do not set timeouts for any subsequent network behavior. Intentional exceptions that must remain allowed are the Codex websocket liveness deadlines in `internal/runtime/executor/codex_websockets_executor.go`, the wsrelay session deadlines in `internal/wsrelay/session.go`, the management APICall timeout in `internal/api/handlers/management/api_tools.go`, and the `cmd/fetch_antigravity_models` utility timeouts
@@ -1 +0,0 @@
-@AGENTS.md
@@ -215,8 +215,6 @@ sudo /usr/local/bin/docker logs -f cli-proxy-api

 | 날짜 | 버전 | 비고 |
 |------|------|------|
-| 2026-05-24 | v7.1.20 | v7.1.10 → v7.1.20 패치 — Claude tool-use 이름 손실/중복 수정(v7.1.12), Claude 요청 변환 system→developer 처리(v7.1.20), Gemini 3.5 Flash 모델 추가(v7.1.18), Grok Build 0.1, Redis timeout/failover, xAI reasoning.effort. 무중단, 재인증 불필요 |
-| 2026-05-18 | v7.1.10 | 메이저 v6→v7 — Home Control Plane(Redis) 신설, ClaudeCodeSessionAffinity 제거, Usage tracking 제거(v6.10.0), xAI Grok 이미지/비디오, Codex client models, Local mgmt password validation + spoofed IP rejection. Auth 파일 호환(재인증 불필요), config 신규 필드 모두 옵션 |
 | 2026-05-04 | v6.10.4 | 69개 커밋 변경 — WebSocket compact 처리 개선, X-Amp-Thread-Id 기반 session affinity, Codex reasoning/이미지 처리 강화, GPT-5.5 모델 추가, OpenAI 호환 provider 비활성화 옵션. 무중단 업데이트, 재인증 불필요 |
 | 2026-04-26 | v6.9.38 | Protocol multiplexer + Redis queue 도입, 관리키/Redis AUTH 반복 실패 시 IP 차단 추가. 무중단 업데이트, 재인증 불필요 |
 | 2026-04-23 | v6.9.34 | `docker compose pull && docker compose up -d`로 무중단 업데이트. Auth 파일 형식 변경 없어 재인증 불필요 |
@@ -14,7 +14,7 @@ ARG BUILD_DATE=unknown

 RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w -X 'main.Version=${VERSION}' -X 'main.Commit=${COMMIT}' -X 'main.BuildDate=${BUILD_DATE}'" -o ./CLIProxyAPI ./cmd/server/

-FROM alpine:3.23
+FROM alpine:3.22.0

 RUN apk add --no-cache tzdata

@@ -32,4 +32,4 @@ ENV TZ=Asia/Shanghai

 RUN cp /usr/share/zoneinfo/${TZ} /etc/localtime && echo "${TZ}" > /etc/timezone

-CMD ["./CLIProxyAPI"]
+CMD ["./CLIProxyAPI"]
@@ -2,7 +2,7 @@

 English | [中文](README_CN.md) | [日本語](README_JA.md)

-A proxy server that provides OpenAI/Gemini/Claude/Codex/Grok compatible API interfaces for CLI.
+A proxy server that provides OpenAI/Gemini/Claude/Codex compatible API interfaces for CLI.

 It now also supports OpenAI Codex (GPT models) and Claude Code via OAuth.

@@ -10,19 +10,23 @@ So you can use local or multi-account CLI access with OpenAI(include Responses)/

 ## Sponsor

-[![https://www.packyapi.com/register?aff=cliproxyapi](./assets/packycode-en.png)](https://www.packyapi.com/register?aff=cliproxyapi)
+[![z.ai](https://assets.router-for.me/english-5-0.jpg)](https://z.ai/subscribe?ic=8JVLJQFSKB)

-Thanks to PackyCode for sponsoring this project!
+This project is sponsored by Z.ai, supporting us with their GLM CODING PLAN.

-PackyCode is a reliable and efficient API relay service provider, offering relay services for Claude Code, Codex, Gemini, and more.
+GLM CODING PLAN is a subscription service designed for AI coding, starting at just $10/month. It provides access to their flagship GLM-4.7 & （GLM-5 Only Available  for Pro Users）model across 10+ popular AI coding tools (Claude Code, Cline, Roo Code, etc.), offering developers top-tier, fast, and stable coding experiences.

-PackyCode provides special discounts for our software users: register using <a href="https://www.packyapi.com/register?aff=cliproxyapi">this link</a> and enter the "cliproxyapi" promo code during recharge to get 10% off.
+Get 10% OFF GLM CODING PLAN：https://z.ai/subscribe?ic=8JVLJQFSKB

 ---

 <table>
 <tbody>
 <tr>
+<td width="180"><a href="https://www.packyapi.com/register?aff=cliproxyapi"><img src="./assets/packycode.png" alt="PackyCode" width="150"></a></td>
+<td>Thanks to PackyCode for sponsoring this project! PackyCode is a reliable and efficient API relay service provider, offering relay services for Claude Code, Codex, Gemini, and more. PackyCode provides special discounts for our software users: register using <a href="https://www.packyapi.com/register?aff=cliproxyapi">this link</a> and enter the "cliproxyapi" promo code during recharge to get 10% off.</td>
+</tr>
+<tr>
 <td width="180"><a href="https://www.aicodemirror.com/register?invitecode=TJNAIF"><img src="./assets/aicodemirror.png" alt="AICodeMirror" width="150"></a></td>
 <td>Thanks to AICodeMirror for sponsoring this project! AICodeMirror provides official high-stability relay services for Claude Code / Codex / Gemini CLI, with enterprise-grade concurrency, fast invoicing, and 24/7 dedicated technical support. Claude Code / Codex / Gemini official channels at 38% / 2% / 9% of original price, with extra discounts on top-ups! AICodeMirror offers special benefits for CLIProxyAPI users: register via <a href="https://www.aicodemirror.com/register?invitecode=TJNAIF">this link</a> to enjoy 20% off your first top-up, and enterprise customers can get up to 25% off!</td>
 </tr>
@@ -31,32 +35,32 @@ PackyCode provides special discounts for our software users: register using <a h
 <td>Huge thanks to BmoPlus for sponsoring this project! BmoPlus is a highly reliable AI account provider built strictly for heavy AI users and developers. They offer rock-solid, ready-to-use accounts and official top-up services for ChatGPT Plus / ChatGPT Pro (Full Warranty) / Claude Pro / Super Grok / Gemini Pro. By registering and ordering through <a href="https://shop.bmoplus.com/?utm_source=github">BmoPlus - Premium AI Accounts & Top-ups</a>, users can unlock the mind-blowing rate of <b>10% of the official GPT subscription price (90% OFF)</b>!</td>
 </tr>
 <tr>
-<td width="180"><a href="https://coder.visioncoder.cn"><img src="./assets/visioncoder.png" alt="VisionCoder" width="150"></a></td>
-<td>Thanks to <b>VisionCoder</b> for supporting this project. <a href="https://coder.visioncoder.cn" target="_blank">VisionCoder Developer Platform</a> is a reliable and efficient API relay service provider, offering access to mainstream AI models such as Claude Code, Codex, and Gemini. It helps developers and teams integrate AI capabilities more easily and improve productivity.
-<p></p>
-VisionCoder is also offering our users a limited-time <a href="https://coder.visioncoder.cn" target="_blank">Token Plan</a> promotion: <b>buy 1 month and get 1 month free</b>.</td>
+<td width="180"><a href="https://www.lingtrue.com/register"><img src="./assets/lingtrue.png" alt="LingtrueAPI" width="150"></a></td>
+<td>Thanks to LingtrueAPI for its sponsorship of this project! LingtrueAPI is a global large - model API intermediary service platform that provides API calling services for various top - notch models such as Claude Code, Codex, and Gemini. It is committed to enabling users to connect to global AI capabilities at low cost and with high stability. LingtrueAPI offers special discounts to users of this software: register using <a href="https://www.lingtrue.com/register">this link</a>, and enter the promo code "LingtrueAPI" when making the first recharge to enjoy a 10% discount.</td>
 </tr>
 </tbody>
 </table>

 ## Overview

- OpenAI/Gemini/Claude/Grok compatible API endpoints for CLI models
+- OpenAI/Gemini/Claude compatible API endpoints for CLI models
 - OpenAI Codex support (GPT models) via OAuth login
 - Claude Code support via OAuth login
- Grok Build support via OAuth login
+- Qwen Code support via OAuth login
+- iFlow support via OAuth login
 - Amp CLI and IDE extensions support with provider routing
- Streaming, non-streaming, and WebSocket responses where supported
+- Streaming and non-streaming responses
 - Function calling/tools support
 - Multimodal input support (text and images)
- Multiple accounts with round-robin load balancing (Gemini, OpenAI, Claude, Grok)
- Simple CLI authentication flows (Gemini, OpenAI, Claude, Grok)
+- Multiple accounts with round-robin load balancing (Gemini, OpenAI, Claude, Qwen and iFlow)
+- Simple CLI authentication flows (Gemini, OpenAI, Claude, Qwen and iFlow)
 - Generative Language API Key support
 - AI Studio Build multi-account load balancing
 - Gemini CLI multi-account load balancing
 - Claude Code multi-account load balancing
+- Qwen Code multi-account load balancing
+- iFlow multi-account load balancing
 - OpenAI Codex multi-account load balancing
- Grok Build multi-account load balancing
 - OpenAI-compatible upstream providers via config (e.g., OpenRouter)
 - Reusable Go SDK for embedding the proxy (see `docs/sdk-usage.md`)

@@ -68,22 +72,6 @@ CLIProxyAPI Guides: [https://help.router-for.me/](https://help.router-for.me/)

 see [MANAGEMENT_API.md](https://help.router-for.me/management/api)

-## Usage Statistics
-
-Since v6.10.0, CLIProxyAPI and [CPAMC](https://github.com/router-for-me/Cli-Proxy-API-Management-Center) no longer ship built-in usage statistics. If you need usage statistics, use:
-
-### [CPA Usage Keeper](https://github.com/Willxup/cpa-usage-keeper)
-
-Standalone persistence and visualization service for CLIProxyAPI, with periodic data sync, SQLite storage, aggregate APIs, and a built-in dashboard for usage and statistics.
-
-### [CLIProxyAPI Usage Dashboard](https://github.com/zhanglunet/cliproxyapi-usage-dashboard)
-
-Local-first usage and quota dashboard for CLIProxyAPI. It collects per-request token usage from the Redis-compatible usage queue into SQLite, visualizes daily and recent-window usage by account and model, and shows Codex 5h/7d quota remaining in a local web UI.
-
-### [CPA-Manager](https://github.com/seakee/CPA-Manager)
-
-Full CLIProxyAPI management center with request-level monitoring and cost estimates. CPA-Manager tracks collected requests by account, model, channel, latency, status, and token usage; estimates cost with editable model prices and one-click LiteLLM price sync; persists events in SQLite; and provides Codex account-pool operations with batch inspection, quota detection, unhealthy account discovery, cleanup suggestions, and one-click execution for day-to-day multi-account maintenance.
-
 ## Amp CLI Support

 CLIProxyAPI includes integrated support for [Amp CLI](https://ampcode.com) and Amp IDE extensions, enabling you to use your Google/ChatGPT/Claude OAuth subscriptions with Amp's coding tools:
@@ -132,7 +120,7 @@ Native macOS menu bar app to use your Claude Code & ChatGPT subscriptions with A

 ### [Subtitle Translator](https://github.com/VjayC/SRT-Subtitle-Translator-Validator)

-A cross-platform desktop and web app to translate and validate SRT subtitles using your existing LLM subscriptions (Gemini, ChatGPT, Claude, etc.) via CLIProxyAPI - no API keys needed.
+Browser-based tool to translate SRT subtitles using your Gemini subscription via CLIProxyAPI with automatic validation/error correction - no API keys needed

 ### [CCS (Claude Code Switch)](https://github.com/kaitranntt/ccs)

@@ -140,11 +128,11 @@ CLI wrapper for instant switching between multiple Claude accounts and alternati

 ### [Quotio](https://github.com/nguyenphutrong/quotio)

-Native macOS menu bar app that unifies Claude, Gemini, OpenAI, and Antigravity subscriptions with real-time quota tracking and smart auto-failover for AI coding tools like Claude Code, OpenCode, and Droid - no API keys needed.
+Native macOS menu bar app that unifies Claude, Gemini, OpenAI, Qwen, and Antigravity subscriptions with real-time quota tracking and smart auto-failover for AI coding tools like Claude Code, OpenCode, and Droid - no API keys needed.

 ### [CodMate](https://github.com/loocor/CodMate)

-Native macOS SwiftUI app for managing CLI AI sessions (Codex, Claude Code, Gemini CLI) with unified provider management, Git review, project organization, global search, and terminal integration. Integrates CLIProxyAPI to provide OAuth authentication for Codex, Claude, Gemini, and Antigravity, with built-in and third-party provider rerouting through a single proxy endpoint - no API keys needed for OAuth providers.
+Native macOS SwiftUI app for managing CLI AI sessions (Codex, Claude Code, Gemini CLI) with unified provider management, Git review, project organization, global search, and terminal integration. Integrates CLIProxyAPI to provide OAuth authentication for Codex, Claude, Gemini, Antigravity, and Qwen Code, with built-in and third-party provider rerouting through a single proxy endpoint - no API keys needed for OAuth providers.

 ### [ProxyPilot](https://github.com/Finesssee/ProxyPilot)

@@ -168,7 +156,7 @@ A Windows tray application implemented using PowerShell scripts, without relying

 ### [霖君](https://github.com/wangdabaoqq/LinJun)

-霖君 is a cross-platform desktop application for managing AI programming assistants, supporting macOS, Windows, and Linux systems. Unified management of Claude Code, Gemini CLI, OpenAI Codex, and other AI coding tools, with local proxy for multi-account quota tracking and one-click configuration.
+霖君 is a cross-platform desktop application for managing AI programming assistants, supporting macOS, Windows, and Linux systems. Unified management of Claude Code, Gemini CLI, OpenAI Codex, Qwen Code, and other AI coding tools, with local proxy for multi-account quota tracking and one-click configuration.

 ### [CLIProxyAPI Dashboard](https://github.com/itsmylife44/cliproxyapi-dashboard)

@@ -185,22 +173,6 @@ mode without windows or traces, and enables cross-device AI Q&A interaction and
 LAN). Essentially, it is an automated collaboration layer of "screen/audio capture + AI inference + low-friction delivery",
 helping users to immersively use AI assistants across applications on controlled devices or in restricted environments.

-### [ProxyPal](https://github.com/buddingnewinsights/proxypal)
-
-Cross-platform desktop app (macOS, Windows, Linux) wrapping CLIProxyAPI with a native GUI. Connects Claude, ChatGPT, Gemini, GitHub Copilot, and custom OpenAI-compatible endpoints with usage analytics, request monitoring, and auto-configuration for popular coding tools - no API keys needed.
-
-### [CLIProxyAPI Quota Inspector](https://github.com/AllenReder/CLIProxyAPI-Quota-Inspector)
-
-Ready-to-use cross-platform quota inspector for CLIProxyAPI, supporting per-account codex 5h/7d quota windows, plan-based sorting, status coloring, and multi-account summary analytics.
-
-### [CodexCliPlus](https://github.com/C4AL/CodexCliPlus)
-
-Windows-focused, local-first desktop management platform for Codex CLI built on CLIProxyAPI, focused on simplifying local setup, account and runtime management, and providing a more complete Codex CLI experience for local users.
-
-### [CLIProxy Pool Watch](https://github.com/murasame612/CLIProxyPoolWidget)
-
-Native macOS SwiftUI app for monitoring ChatGPT/Codex account quotas in CLIProxyAPI pools. Displays account availability, Plus-base capacity, 5-hour and weekly quota bars, plan weights, and restore forecasts through the Management API.
-
 > [!NOTE]  
 > If you developed a project based on CLIProxyAPI, please open a PR to add it to this list.

@@ -218,14 +190,6 @@ Never stop coding. Smart routing to FREE & low-cost AI models with automatic fal

 OmniRoute is an AI gateway for multi-provider LLMs: an OpenAI-compatible endpoint with smart routing, load balancing, retries, and fallbacks. Add policies, rate limits, caching, and observability for reliable, cost-aware inference.

-### [Playful Proxy API Panel (PPAP)](https://github.com/daishuge/playful-proxy-api-panel)
-
-A public CLIProxyAPI-compatible fork and bundled management panel. It keeps upstream-style usage while restoring built-in usage statistics, adding cache hit rate, first-byte latency, TPS tracking, and Docker-oriented self-hosted installation docs.
-
-### [Codex Switch](https://github.com/9ycrooked/CodexSwitch)
-
-This is a tool built with Tauri 2 + Vue 3 for managing multiple OpenAI Codex desktop accounts. Switch between saved ChatGPT/Codex certification profiles, check 5-hour and weekly quota usage in real time, verify token health, view active account details, and import or save auth.json files without manual copying.
-
 > [!NOTE]  
 > If you have developed a port of CLIProxyAPI or a project inspired by it, please open a PR to add it to this list.

@@ -2,7 +2,7 @@

 [English](README.md) | 中文 | [日本語](README_JA.md)

-一个为 CLI 提供 OpenAI/Gemini/Claude/Codex/Grok 兼容 API 接口的代理服务器。
+一个为 CLI 提供 OpenAI/Gemini/Claude/Codex 兼容 API 接口的代理服务器。

 现已支持通过 OAuth 登录接入 OpenAI Codex（GPT 系列）和 Claude Code。

@@ -10,31 +10,33 @@

 ## 赞助商

-[![https://www.packyapi.com/register?aff=cliproxyapi](./assets/packycode-cn.png)](https://www.packyapi.com/register?aff=cliproxyapi)
+[![bigmodel.cn](https://assets.router-for.me/chinese-5-0.jpg)](https://www.bigmodel.cn/claude-code?ic=RRVJPB5SII)

-感谢 PackyCode 对本项目的赞助！
+本项目由 Z智谱 提供赞助, 他们通过 GLM CODING PLAN 对本项目提供技术支持。

-PackyCode 是一家可靠高效的 API 中转服务商，提供 Claude Code、Codex、Gemini 等多种服务的中转。
+GLM CODING PLAN 是专为AI编码打造的订阅套餐，每月最低仅需20元，即可在十余款主流AI编码工具如 Claude Code、Cline、Roo Code 中畅享智谱旗舰模型GLM-4.7（受限于算力，目前仅限Pro用户开放），为开发者提供顶尖的编码体验。

-PackyCode 为本软件用户提供了特别优惠：使用<a href="https://www.packyapi.com/register?aff=cliproxyapi" target="_blank">此链接</a>注册，并在充值时输入 "cliproxyapi" 优惠码即可享受九折优惠。
+智谱AI为本产品提供了特别优惠，使用以下链接购买可以享受九折优惠：https://www.bigmodel.cn/claude-code?ic=RRVJPB5SII

 ---

 <table>
 <tbody>
 <tr>
+<td width="180"><a href="https://www.packyapi.com/register?aff=cliproxyapi"><img src="./assets/packycode.png" alt="PackyCode" width="150"></a></td>
+<td>感谢 PackyCode 对本项目的赞助！PackyCode 是一家可靠高效的 API 中转服务商，提供 Claude Code、Codex、Gemini 等多种服务的中转。PackyCode 为本软件用户提供了特别优惠：使用<a href="https://www.packyapi.com/register?aff=cliproxyapi">此链接</a>注册，并在充值时输入 "cliproxyapi" 优惠码即可享受九折优惠。</td>
+</tr>
+<tr>
 <td width="180"><a href="https://www.aicodemirror.com/register?invitecode=TJNAIF"><img src="./assets/aicodemirror.png" alt="AICodeMirror" width="150"></a></td>
-<td>感谢 AICodeMirror 赞助了本项目！AICodeMirror 提供 Claude Code / Codex / Gemini CLI 官方高稳定中转服务，支持企业级高并发、极速开票、7×24 专属技术支持。 Claude Code / Codex / Gemini 官方渠道低至 3.8 / 0.2 / 0.9 折，充值更有折上折！AICodeMirror 为 CLIProxyAPI 的用户提供了特别福利，通过<a href="https://www.aicodemirror.com/register?invitecode=TJNAIF" target="_blank">此链接</a>注册的用户，可享受首充8折，企业客户最高可享 7.5 折！</td>
+<td>感谢 AICodeMirror 赞助了本项目！AICodeMirror 提供 Claude Code / Codex / Gemini CLI 官方高稳定中转服务，支持企业级高并发、极速开票、7×24 专属技术支持。 Claude Code / Codex / Gemini 官方渠道低至 3.8 / 0.2 / 0.9 折，充值更有折上折！AICodeMirror 为 CLIProxyAPI 的用户提供了特别福利，通过<a href="https://www.aicodemirror.com/register?invitecode=TJNAIF">此链接</a>注册的用户，可享受首充8折，企业客户最高可享 7.5 折！</td>
 </tr>
 <tr>
 <td width="180"><a href="https://shop.bmoplus.com/?utm_source=github"><img src="./assets/bmoplus.png" alt="BmoPlus" width="150"></a></td>
-<td>感谢 BmoPlus 赞助了本项目！BmoPlus 是一家专为AI订阅重度用户打造的可靠 AI 账号代充服务商，提供稳定的 ChatGPT Plus / ChatGPT Pro(全程质保) / Claude Pro / Super Grok / Gemini Pro 的官方代充&成品账号。 通过<a href="https://shop.bmoplus.com/?utm_source=github" target="_blank">BmoPlus AI成品号专卖/代充</a>注册下单的用户，可享GPT <b>官网订阅一折</b> 的震撼价格！</td>
+<td>感谢 BmoPlus 赞助了本项目！BmoPlus 是一家专为AI订阅重度用户打造的可靠 AI 账号代充服务商，提供稳定的 ChatGPT Plus / ChatGPT Pro(全程质保) / Claude Pro / Super Grok / Gemini Pro 的官方代充&成品账号。 通过<a href="https://shop.bmoplus.com/?utm_source=github">BmoPlus AI成品号专卖/代充</a>注册下单的用户，可享GPT <b>官网订阅一折</b> 的震撼价格！</td>
 </tr>
 <tr>
-<td width="180"><a href="https://coder.visioncoder.cn"><img src="./assets/visioncoder.png" alt="VisionCoder" width="150"></a></td>
-<td>感谢 <b>VisionCoder</b> 对本项目的支持。<a href="https://coder.visioncoder.cn" target="_blank">VisionCoder 开发平台</a> 是一个可靠高效的 API 中继服务提供商，提供 Claude Code、Codex、Gemini 等主流 AI 模型，帮助开发者和团队更轻松地集成 AI 功能，提升工作效率。
-<p></p>
-VisionCoder 还为我们的用户提供 <a href="https://coder.visioncoder.cn" target="_blank">Token Plan</a> 限时活动：<b>购买 1 个月，赠送 1 个月</b>。</td>
+<td width="180"><a href="https://www.lingtrue.com/register"><img src="./assets/lingtrue.png" alt="LingtrueAPI" width="150"></a></td>
+<td>感谢 LingtrueAPI 对本项目的赞助！LingtrueAPI 是一家全球大模型API中转服务平台，提供Claude Code、Codex、Gemini 等多种顶级模型API调用服务，致力于让用户以低成本、高稳定性链接全球AI能力。LingtrueAPI为本软件用户提供了特别优惠：使用<a href="https://www.lingtrue.com/register">此链接</a>注册，并在首次充值时输入 "LingtrueAPI" 优惠码即可享受9折优惠。</td>
 </tr>
 </tbody>
 </table>
@@ -42,21 +44,23 @@ VisionCoder 还为我们的用户提供 <a href="https://coder.visioncoder.cn" t

 ## 功能特性

- 为 CLI 模型提供 OpenAI/Gemini/Claude/Codex/Grok 兼容的 API 端点
+- 为 CLI 模型提供 OpenAI/Gemini/Claude/Codex 兼容的 API 端点
 - 新增 OpenAI Codex（GPT 系列）支持（OAuth 登录）
 - 新增 Claude Code 支持（OAuth 登录）
- 新增 Grok Build 支持（OAuth 登录）
- 支持流式、非流式响应，以及受支持场景下的 WebSocket 响应
+- 新增 Qwen Code 支持（OAuth 登录）
+- 新增 iFlow 支持（OAuth 登录）
+- 支持流式与非流式响应
 - 函数调用/工具支持
 - 多模态输入（文本、图片）
- 多账户支持与轮询负载均衡（Gemini、OpenAI、Claude、Grok）
- 简单的 CLI 身份验证流程（Gemini、OpenAI、Claude、Grok）
+- 多账户支持与轮询负载均衡（Gemini、OpenAI、Claude、Qwen 与 iFlow）
+- 简单的 CLI 身份验证流程（Gemini、OpenAI、Claude、Qwen 与 iFlow）
 - 支持 Gemini AIStudio API 密钥
 - 支持 AI Studio Build 多账户轮询
 - 支持 Gemini CLI 多账户轮询
 - 支持 Claude Code 多账户轮询
+- 支持 Qwen Code 多账户轮询
+- 支持 iFlow 多账户轮询
 - 支持 OpenAI Codex 多账户轮询
- 支持 Grok Build 多账户轮询
 - 通过配置接入上游 OpenAI 兼容提供商（例如 OpenRouter）
 - 可复用的 Go SDK（见 `docs/sdk-usage_CN.md`）

@@ -68,22 +72,6 @@ CLIProxyAPI 用户手册： [https://help.router-for.me/](https://help.router-fo

 请参见 [MANAGEMENT_API_CN.md](https://help.router-for.me/cn/management/api)

-## 使用量统计
-
-自v6.10.0版本以后，CLIProxyAPI及 [CPAMC](https://github.com/router-for-me/Cli-Proxy-API-Management-Center) 项目不再预置数据统计功能，如果有数据统计需求的请使用以下项目：
-
-### [CPA Usage Keeper](https://github.com/Willxup/cpa-usage-keeper)
-
-独立的 CLIProxyAPI 使用量持久化与可视化服务，定期同步 CLIProxyAPI 数据，存储到 SQLite，提供聚合 API，并内置使用量分析与统计仪表盘。
-
-### [CLIProxyAPI Usage Dashboard](https://github.com/zhanglunet/cliproxyapi-usage-dashboard)
-
-面向 CLIProxyAPI 的本地优先使用量与配额看板。它从 Redis 兼容使用量队列采集每次请求的 Token 消耗并写入 SQLite，按账号和模型可视化每日及最近时间窗口的用量，并在本地网页中显示 Codex 5h/7d 配额余量。
-
-### [CPA-Manager](https://github.com/seakee/CPA-Manager)
-
-面向 CLIProxyAPI 的完整管理中心，提供请求级监控和费用预估。CPA-Manager 可按账号、模型、渠道、延迟、状态和 token 用量追踪采集到的请求；支持可编辑模型价格与一键同步 LiteLLM 价格来估算费用；用 SQLite 持久化事件；并提供面向 Codex 账号池的批量巡检、配额识别、异常账号定位、清理建议与一键执行能力，适合多账号池的日常运维管理。
-
 ## Amp CLI 支持

 CLIProxyAPI 已内置对 [Amp CLI](https://ampcode.com) 和 Amp IDE 扩展的支持，可让你使用自己的 Google/ChatGPT/Claude OAuth 订阅来配合 Amp 编码工具：
@@ -131,7 +119,7 @@ CLIProxyAPI 已内置对 [Amp CLI](https://ampcode.com) 和 Amp IDE 扩展的支

 ### [Subtitle Translator](https://github.com/VjayC/SRT-Subtitle-Translator-Validator)

-一款跨平台的桌面和 Web 应用程序，可通过 CLIProxyAPI 使用您现有的 LLM 订阅（Gemini、ChatGPT、Claude, etc.）来翻译和验证 SRT 字幕 - 无需 API 密钥。
+一款基于浏览器的 SRT 字幕翻译工具，可通过 CLI 代理 API 使用您的 Gemini 订阅。内置自动验证与错误修正功能，无需 API 密钥。

 ### [CCS (Claude Code Switch)](https://github.com/kaitranntt/ccs)

@@ -139,11 +127,11 @@ CLI 封装器，用于通过 CLIProxyAPI OAuth 即时切换多个 Claude 账户

 ### [Quotio](https://github.com/nguyenphutrong/quotio)

-原生 macOS 菜单栏应用，统一管理 Claude、Gemini、OpenAI 和 Antigravity 订阅，提供实时配额追踪和智能自动故障转移，支持 Claude Code、OpenCode 和 Droid 等 AI 编程工具，无需 API 密钥。
+原生 macOS 菜单栏应用，统一管理 Claude、Gemini、OpenAI、Qwen 和 Antigravity 订阅，提供实时配额追踪和智能自动故障转移，支持 Claude Code、OpenCode 和 Droid 等 AI 编程工具，无需 API 密钥。

 ### [CodMate](https://github.com/loocor/CodMate)

-原生 macOS SwiftUI 应用，用于管理 CLI AI 会话（Claude Code、Codex、Gemini CLI），提供统一的提供商管理、Git 审查、项目组织、全局搜索和终端集成。集成 CLIProxyAPI 为 Codex、Claude、Gemini 和 Antigravity 提供统一的 OAuth 认证，支持内置和第三方提供商通过单一代理端点重路由 - OAuth 提供商无需 API 密钥。
+原生 macOS SwiftUI 应用，用于管理 CLI AI 会话（Claude Code、Codex、Gemini CLI），提供统一的提供商管理、Git 审查、项目组织、全局搜索和终端集成。集成 CLIProxyAPI 为 Codex、Claude、Gemini、Antigravity 和 Qwen Code 提供统一的 OAuth 认证，支持内置和第三方提供商通过单一代理端点重路由 - OAuth 提供商无需 API 密钥。

 ### [ProxyPilot](https://github.com/Finesssee/ProxyPilot)

@@ -167,7 +155,7 @@ Windows 托盘应用，基于 PowerShell 脚本实现，不依赖任何第三方

 ### [霖君](https://github.com/wangdabaoqq/LinJun)

-霖君是一款用于管理AI编程助手的跨平台桌面应用，支持macOS、Windows、Linux系统。统一管理Claude Code、Gemini CLI、OpenAI Codex等AI编程工具，本地代理实现多账户配额跟踪和一键配置。
+霖君是一款用于管理AI编程助手的跨平台桌面应用，支持macOS、Windows、Linux系统。统一管理Claude Code、Gemini CLI、OpenAI Codex、Qwen Code等AI编程工具，本地代理实现多账户配额跟踪和一键配置。

 ### [CLIProxyAPI Dashboard](https://github.com/itsmylife44/cliproxyapi-dashboard)

@@ -181,22 +169,6 @@ Windows 托盘应用，基于 PowerShell 脚本实现，不依赖任何第三方

 Shadow AI 是一款专为受限环境设计的 AI 辅助工具。提供无窗口、无痕迹的隐蔽运行方式，并通过局域网实现跨设备的 AI 问答交互与控制。本质上是一个「屏幕/音频采集 + AI 推理 + 低摩擦投送」的自动化协作层，帮助用户在受控设备/受限环境下沉浸式跨应用地使用 AI 助手。

-### [ProxyPal](https://github.com/buddingnewinsights/proxypal)
-
-跨平台桌面应用（macOS、Windows、Linux），以原生 GUI 封装 CLIProxyAPI。支持连接 Claude、ChatGPT、Gemini、GitHub Copilot 及自定义 OpenAI 兼容端点，具备使用分析、请求监控和热门编程工具自动配置功能，无需 API 密钥。
-
-### [CLIProxyAPI Quota Inspector](https://github.com/AllenReder/CLIProxyAPI-Quota-Inspector)
-
-上手即用的面向 CLIProxyAPI 跨平台配额查询工具，支持按账号展示 codex 5h/7d 配额窗口、按计划排序、状态着色及多账号汇总分析。
-
-### [CodexCliPlus](https://github.com/C4AL/CodexCliPlus)
-
-基于 CLIProxyAPI 的 Windows Codex CLI 本地优先桌面管理平台，聚焦简化本机配置、账号与运行状态管理，并为本地用户提供更完整的 Codex CLI 使用体验。
-
-### [CLIProxy Pool Watch](https://github.com/murasame612/CLIProxyPoolWidget)
-
-原生 macOS SwiftUI 应用，用于监控 CLIProxyAPI 池中的 ChatGPT/Codex 账号额度。通过 Management API 展示账号可用状态、Plus 基准容量、5 小时与周额度进度条、套餐权重和恢复预测。
-
 > [!NOTE]  
 > 如果你开发了基于 CLIProxyAPI 的项目，请提交一个 PR（拉取请求）将其添加到此列表中。

@@ -214,14 +186,6 @@ Shadow AI 是一款专为受限环境设计的 AI 辅助工具。提供无窗口

 OmniRoute 是一个面向多供应商大语言模型的 AI 网关：它提供兼容 OpenAI 的端点，具备智能路由、负载均衡、重试及回退机制。通过添加策略、速率限制、缓存和可观测性，确保推理过程既可靠又具备成本意识。

-### [Playful Proxy API Panel (PPAP)](https://github.com/daishuge/playful-proxy-api-panel)
-
-一个公开的 CLIProxyAPI 兼容二开版本和配套管理面板，尽量保持与上游一致的使用方式，同时恢复内置使用量统计，并补充缓存命中率、首字响应时间、TPS 记录和面向 Docker 自托管的安装说明。
-
-### [Codex Switch](https://github.com/9ycrooked/CodexSwitch)
-
-这是一个使用 Tauri 2 + Vue 3 构建的工具，用于管理多个 OpenAI Codex 桌面账户。它可以在已保存的 ChatGPT/Codex 认证配置之间切换，实时查看 5 小时和每周配额使用情况，验证 token 健康状态，查看当前账户详情，并在无需手动复制的情况下导入或保存 auth.json 文件。
-
 > [!NOTE]  
 > 如果你开发了 CLIProxyAPI 的移植或衍生项目，请提交 PR 将其添加到此列表中。

@@ -2,7 +2,7 @@

 [English](README.md) | [中文](README_CN.md) | 日本語

-CLI向けのOpenAI/Gemini/Claude/Codex/Grok互換APIインターフェースを提供するプロキシサーバーです。
+CLI向けのOpenAI/Gemini/Claude/Codex互換APIインターフェースを提供するプロキシサーバーです。

 OAuth経由でOpenAI Codex（GPTモデル）およびClaude Codeもサポートしています。

@@ -10,19 +10,23 @@ OAuth経由でOpenAI Codex（GPTモデル）およびClaude Codeもサポート

 ## スポンサー

-[![https://www.packyapi.com/register?aff=cliproxyapi](./assets/packycode-en.png)](https://www.packyapi.com/register?aff=cliproxyapi)
+[![z.ai](https://assets.router-for.me/english-5-0.jpg)](https://z.ai/subscribe?ic=8JVLJQFSKB)

-PackyCodeのスポンサーシップに感謝します！
+本プロジェクトはZ.aiにスポンサーされており、GLM CODING PLANの提供を受けています。

-PackyCodeは信頼性が高く効率的なAPIリレーサービスプロバイダーで、Claude Code、Codex、Geminiなどのリレーサービスを提供しています。
+GLM CODING PLANはAIコーディング向けに設計されたサブスクリプションサービスで、月額わずか$10から利用可能です。フラッグシップのGLM-4.7および（GLM-5はProユーザーのみ利用可能）モデルを10以上の人気AIコーディングツール（Claude Code、Cline、Roo Codeなど）で利用でき、開発者にトップクラスの高速かつ安定したコーディング体験を提供します。

-PackyCodeは当ソフトウェアのユーザーに特別割引を提供しています：<a href="https://www.packyapi.com/register?aff=cliproxyapi">こちらのリンク</a>から登録し、チャージ時にプロモーションコード「cliproxyapi」を入力すると10%割引になります。
+GLM CODING PLANを10%割引で取得：https://z.ai/subscribe?ic=8JVLJQFSKB

 ---

 <table>
 <tbody>
 <tr>
+<td width="180"><a href="https://www.packyapi.com/register?aff=cliproxyapi"><img src="./assets/packycode.png" alt="PackyCode" width="150"></a></td>
+<td>PackyCodeのスポンサーシップに感謝します！PackyCodeは信頼性が高く効率的なAPIリレーサービスプロバイダーで、Claude Code、Codex、Geminiなどのリレーサービスを提供しています。PackyCodeは当ソフトウェアのユーザーに特別割引を提供しています：<a href="https://www.packyapi.com/register?aff=cliproxyapi">こちらのリンク</a>から登録し、チャージ時にプロモーションコード「cliproxyapi」を入力すると10%割引になります。</td>
+</tr>
+<tr>
 <td width="180"><a href="https://www.aicodemirror.com/register?invitecode=TJNAIF"><img src="./assets/aicodemirror.png" alt="AICodeMirror" width="150"></a></td>
 <td>AICodeMirrorのスポンサーシップに感謝します！AICodeMirrorはClaude Code / Codex / Gemini CLI向けの公式高安定性リレーサービスを提供しており、エンタープライズグレードの同時接続、迅速な請求書発行、24時間365日の専任技術サポートを備えています。Claude Code / Codex / Geminiの公式チャネルが元の価格の38% / 2% / 9%で利用でき、チャージ時にはさらに割引があります！CLIProxyAPIユーザー向けの特別特典：<a href="https://www.aicodemirror.com/register?invitecode=TJNAIF">こちらのリンク</a>から登録すると、初回チャージが20%割引になり、エンタープライズのお客様は最大25%割引を受けられます！</td>
 </tr>
@@ -31,30 +35,32 @@ PackyCodeは当ソフトウェアのユーザーに特別割引を提供して
 <td>本プロジェクトにご支援いただいた BmoPlus に感謝いたします！BmoPlusは、AIサブスクリプションのヘビーユーザー向けに特化した信頼性の高いAIアカウントサービスプロバイダーであり、安定した ChatGPT Plus / ChatGPT Pro (完全保証) / Claude Pro / Super Grok / Gemini Pro の公式代行チャージおよび即納アカウントを提供しています。こちらの<a href="https://shop.bmoplus.com/?utm_source=github">BmoPlus AIアカウント専門店/代行チャージ</a>経由でご登録・ご注文いただいたユーザー様は、GPTを <b>公式サイト価格の約1割（90% OFF）</b> という驚異的な価格でご利用いただけます！</td>
 </tr>
 <tr>
-<td width="180"><a href="https://coder.visioncoder.cn"><img src="./assets/visioncoder.png" alt="VisionCoder" width="150"></a></td>
-<td><b>VisionCoder</b>のご支援に感謝します！<a href="https://coder.visioncoder.cn">VisionCoder 開発プラットフォーム</a> は、信頼性が高く効率的なAPIリレーサービスプロバイダーで、Claude Code、Codex、Geminiなどの主要AIモデルを提供し、開発者やチームがより簡単にAI機能を統合して生産性を向上できるよう支援します。さらに、VisionCoderはユーザー向けに <a href="https://coder.visioncoder.cn">Token Plan</a> の期間限定キャンペーン（1か月購入で1か月分プレゼント）も提供しています。</td>
+<td width="180"><a href="https://www.lingtrue.com/register"><img src="./assets/lingtrue.png" alt="LingtrueAPI" width="150"></a></td>
+<td>LingtrueAPIのスポンサーシップに感謝します！LingtrueAPIはグローバルな大規模モデルAPIリレーサービスプラットフォームで、Claude Code、Codex、GeminiなどのトップモデルAPI呼び出しサービスを提供し、ユーザーが低コストかつ高い安定性で世界中のAI能力に接続できるよう支援しています。LingtrueAPIは本ソフトウェアのユーザーに特別割引を提供しています：<a href="https://www.lingtrue.com/register">こちらのリンク</a>から登録し、初回チャージ時にプロモーションコード「LingtrueAPI」を入力すると10%割引になります。</td>
 </tr>
 </tbody>
 </table>

 ## 概要

- CLIモデル向けのOpenAI/Gemini/Claude/Grok互換APIエンドポイント
+- CLIモデル向けのOpenAI/Gemini/Claude互換APIエンドポイント
 - OAuthログインによるOpenAI Codexサポート（GPTモデル）
 - OAuthログインによるClaude Codeサポート
- OAuthログインによるGrok Buildサポート
+- OAuthログインによるQwen Codeサポート
+- OAuthログインによるiFlowサポート
 - プロバイダールーティングによるAmp CLIおよびIDE拡張機能のサポート
- ストリーミング、非ストリーミング、および対応環境でのWebSocketレスポンス
+- ストリーミングおよび非ストリーミングレスポンス
 - 関数呼び出し/ツールのサポート
 - マルチモーダル入力サポート（テキストと画像）
- ラウンドロビン負荷分散による複数アカウント対応（Gemini、OpenAI、Claude、Grok）
- シンプルなCLI認証フロー（Gemini、OpenAI、Claude、Grok）
+- ラウンドロビン負荷分散による複数アカウント対応（Gemini、OpenAI、Claude、QwenおよびiFlow）
+- シンプルなCLI認証フロー（Gemini、OpenAI、Claude、QwenおよびiFlow）
 - Generative Language APIキーのサポート
 - AI Studioビルドのマルチアカウント負荷分散
 - Gemini CLIのマルチアカウント負荷分散
 - Claude Codeのマルチアカウント負荷分散
+- Qwen Codeのマルチアカウント負荷分散
+- iFlowのマルチアカウント負荷分散
 - OpenAI Codexのマルチアカウント負荷分散
- Grok Buildのマルチアカウント負荷分散
 - 設定によるOpenAI互換アップストリームプロバイダー（例：OpenRouter）
 - プロキシ埋め込み用の再利用可能なGo SDK（`docs/sdk-usage.md`を参照）

@@ -66,22 +72,6 @@ CLIProxyAPIガイド：[https://help.router-for.me/](https://help.router-for.me/

 [MANAGEMENT_API.md](https://help.router-for.me/management/api)を参照

-## 使用量統計
-
-v6.10.0以降、CLIProxyAPIおよび [CPAMC](https://github.com/router-for-me/Cli-Proxy-API-Management-Center) プロジェクトには使用量統計機能がプリセットされなくなりました。使用量統計が必要な場合は、次のプロジェクトをご利用ください：
-
-### [CPA Usage Keeper](https://github.com/Willxup/cpa-usage-keeper)
-
-CLIProxyAPI向けの独立した使用量永続化・可視化サービス。CLIProxyAPIデータを定期同期してSQLiteに保存し、集計APIと、使用量や各種統計を確認できる組み込みダッシュボードを提供します。
-
-### [CLIProxyAPI Usage Dashboard](https://github.com/zhanglunet/cliproxyapi-usage-dashboard)
-
-CLIProxyAPI向けのローカル優先の使用量・クォータダッシュボード。Redis互換の使用量キューからリクエストごとのToken使用量を収集してSQLiteに保存し、アカウント別・モデル別の日次および直近時間枠の使用量を可視化し、Codex 5h/7dクォータ残量をローカルWeb UIで表示します。
-
-### [CPA-Manager](https://github.com/seakee/CPA-Manager)
-
-リクエスト単位の監視とコスト推定を備えたCLIProxyAPI向けのフル管理センターです。CPA-Managerは、収集したリクエストをアカウント、モデル、チャネル、レイテンシ、ステータス、Token使用量ごとに追跡し、編集可能なモデル価格とLiteLLM価格のワンクリック同期でコストを推定します。SQLiteでイベントを永続化し、Codexアカウントプール向けに一括検査、クォータ判定、異常アカウント検出、クリーンアップ提案、ワンクリック実行を提供し、日常的なマルチアカウント運用に適しています。
-
 ## Amp CLIサポート

 CLIProxyAPIは[Amp CLI](https://ampcode.com)およびAmp IDE拡張機能の統合サポートを含んでおり、Google/ChatGPT/ClaudeのOAuthサブスクリプションをAmpのコーディングツールで使用できます：
@@ -130,7 +120,7 @@ macOSネイティブのメニューバーアプリで、Claude CodeとChatGPTの

 ### [Subtitle Translator](https://github.com/VjayC/SRT-Subtitle-Translator-Validator)

-CLIProxyAPI経由で既存のLLMサブスクリプション（Gemini、ChatGPT、Claude, etc.）を使用してSRT字幕を翻訳および検証する、クロスプラットフォームのデスクトップおよびWebアプリ - APIキー不要。
+CLIProxyAPI経由でGeminiサブスクリプションを使用してSRT字幕を翻訳するブラウザベースのツール。自動検証/エラー修正機能付き - APIキー不要

 ### [CCS (Claude Code Switch)](https://github.com/kaitranntt/ccs)

@@ -138,11 +128,11 @@ CLIProxyAPI OAuthを使用して複数のClaudeアカウントや代替モデル

 ### [Quotio](https://github.com/nguyenphutrong/quotio)

-Claude、Gemini、OpenAI、Antigravityのサブスクリプションを統合し、リアルタイムのクォータ追跡とスマート自動フェイルオーバーを備えたmacOSネイティブのメニューバーアプリ。Claude Code、OpenCode、Droidなどのコーディングツール向け - APIキー不要
+Claude、Gemini、OpenAI、Qwen、Antigravityのサブスクリプションを統合し、リアルタイムのクォータ追跡とスマート自動フェイルオーバーを備えたmacOSネイティブのメニューバーアプリ。Claude Code、OpenCode、Droidなどのコーディングツール向け - APIキー不要

 ### [CodMate](https://github.com/loocor/CodMate)

-CLI AIセッション（Codex、Claude Code、Gemini CLI）を管理するmacOS SwiftUIネイティブアプリ。統合プロバイダー管理、Gitレビュー、プロジェクト整理、グローバル検索、ターミナル統合機能を搭載。CLIProxyAPIと統合し、Codex、Claude、Gemini、AntigravityのOAuth認証を提供。単一のプロキシエンドポイントを通じた組み込みおよびサードパーティプロバイダーの再ルーティングに対応 - OAuthプロバイダーではAPIキー不要
+CLI AIセッション（Codex、Claude Code、Gemini CLI）を管理するmacOS SwiftUIネイティブアプリ。統合プロバイダー管理、Gitレビュー、プロジェクト整理、グローバル検索、ターミナル統合機能を搭載。CLIProxyAPIと統合し、Codex、Claude、Gemini、Antigravity、Qwen CodeのOAuth認証を提供。単一のプロキシエンドポイントを通じた組み込みおよびサードパーティプロバイダーの再ルーティングに対応 - OAuthプロバイダーではAPIキー不要

 ### [ProxyPilot](https://github.com/Finesssee/ProxyPilot)

@@ -166,7 +156,7 @@ PowerShellスクリプトで実装されたWindowsトレイアプリケーショ

 ### [霖君](https://github.com/wangdabaoqq/LinJun)

-霖君はAIプログラミングアシスタントを管理するクロスプラットフォームデスクトップアプリケーションで、macOS、Windows、Linuxシステムに対応。Claude Code、Gemini CLI、OpenAI Codexなどのコーディングツールを統合管理し、ローカルプロキシによるマルチアカウントクォータ追跡とワンクリック設定が可能
+霖君はAIプログラミングアシスタントを管理するクロスプラットフォームデスクトップアプリケーションで、macOS、Windows、Linuxシステムに対応。Claude Code、Gemini CLI、OpenAI Codex、Qwen Codeなどのコーディングツールを統合管理し、ローカルプロキシによるマルチアカウントクォータ追跡とワンクリック設定が可能

 ### [CLIProxyAPI Dashboard](https://github.com/itsmylife44/cliproxyapi-dashboard)

@@ -180,22 +170,6 @@ New API互換リレーサイトアカウントをワンストップで管理す

 Shadow AIは制限された環境向けに特別に設計されたAIアシスタントツールです。ウィンドウや痕跡のないステルス動作モードを提供し、LAN（ローカルエリアネットワーク）を介したクロスデバイスAI質疑応答のインタラクションと制御を可能にします。本質的には「画面/音声キャプチャ + AI推論 + 低摩擦デリバリー」の自動化コラボレーションレイヤーであり、制御されたデバイスや制限された環境でアプリケーション横断的にAIアシスタントを没入的に使用できるようユーザーを支援します。

-### [ProxyPal](https://github.com/buddingnewinsights/proxypal)
-
-CLIProxyAPIをネイティブGUIでラップしたクロスプラットフォームデスクトップアプリ（macOS、Windows、Linux）。Claude、ChatGPT、Gemini、GitHub Copilot、カスタムOpenAI互換エンドポイントに対応し、使用状況分析、リクエスト監視、人気コーディングツールの自動設定機能を搭載 - APIキー不要
-
-### [CLIProxyAPI Quota Inspector](https://github.com/AllenReder/CLIProxyAPI-Quota-Inspector)
-
-CLIProxyAPI向けのすぐに使えるクロスプラットフォームのクォータ確認ツール。アカウントごとの codex 5h/7d クォータ表示、プラン別ソート、ステータス色分け、複数アカウントの集計分析に対応。
-
-### [CodexCliPlus](https://github.com/C4AL/CodexCliPlus)
-
-CLIProxyAPIを基盤にしたWindows向けのローカル優先Codex CLIデスクトップ管理プラットフォーム。ローカル設定、アカウント、実行状態の管理を簡素化し、ローカルユーザーにより包括的なCodex CLI体験を提供します。
-
-### [CLIProxy Pool Watch](https://github.com/murasame612/CLIProxyPoolWidget)
-
-CLIProxyAPIプール内のChatGPT/Codexアカウントクォータを監視するmacOSネイティブSwiftUIアプリ。Management APIを通じて、アカウントの可用性、Plus基準の容量、5時間/週次クォータバー、プラン重み、復元予測を表示します。
-
 > [!NOTE]
 > CLIProxyAPIをベースにプロジェクトを開発した場合は、PRを送ってこのリストに追加してください。

@@ -213,14 +187,6 @@ CLIProxyAPIに触発されたNext.js実装。インストールと使用が簡

 OmniRouteはマルチプロバイダーLLM向けのAIゲートウェイです：スマートルーティング、負荷分散、リトライ、フォールバックを備えたOpenAI互換エンドポイント。ポリシー、レート制限、キャッシュ、可観測性を追加して、信頼性が高くコストを意識した推論を実現します。

-### [Playful Proxy API Panel (PPAP)](https://github.com/daishuge/playful-proxy-api-panel)
-
-上流に近い使い方を維持する公開CLIProxyAPI互換フォーク兼管理パネルです。内蔵の使用量統計を復元し、キャッシュヒット率、初回バイト待ち時間、TPSの記録、Docker向けのセルフホスト手順を追加しています。
-
-### [Codex Switch](https://github.com/9ycrooked/CodexSwitch)
-
-Tauri 2 + Vue 3で構築された、複数のOpenAI Codexデスクトップアカウントを管理するためのツールです。保存済みのChatGPT/Codex認証プロファイルを切り替え、5時間および週次クォータ使用量をリアルタイムで確認し、tokenの状態を検証し、現在のアカウント詳細を表示し、手動コピーなしでauth.jsonファイルをインポートまたは保存できます。
-
 > [!NOTE]
 > CLIProxyAPIの移植版またはそれに触発されたプロジェクトを開発した場合は、PRを送ってこのリストに追加してください。

@@ -25,11 +25,10 @@ import (
 	"strings"
 	"time"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/misc"
-	sdkauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/auth"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/proxyutil"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
+	sdkauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/proxyutil"
 	log "github.com/sirupsen/logrus"
 	"github.com/tidwall/gjson"
 )
@@ -189,7 +188,7 @@ func fetchModels(ctx context.Context, auth *coreauth.Auth) []modelEntry {
 		httpReq.Close = true
 		httpReq.Header.Set("Content-Type", "application/json")
 		httpReq.Header.Set("Authorization", "Bearer "+accessToken)
-		httpReq.Header.Set("User-Agent", misc.AntigravityUserAgent())
+		httpReq.Header.Set("User-Agent", "antigravity/1.19.6 darwin/arm64")

 		httpClient := &http.Client{Timeout: 30 * time.Second}
 		if transport, _, errProxy := proxyutil.BuildHTTPTransport(auth.ProxyURL); errProxy == nil && transport != nil {
@@ -17,22 +17,21 @@ import (
 	"time"

 	"github.com/joho/godotenv"
-	configaccess "github.com/router-for-me/CLIProxyAPI/v7/internal/access/config_access"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/buildinfo"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/cmd"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/home"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/managementasset"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/misc"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/redisqueue"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/registry"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/store"
-	_ "github.com/router-for-me/CLIProxyAPI/v7/internal/translator"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/tui"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
-	sdkAuth "github.com/router-for-me/CLIProxyAPI/v7/sdk/auth"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
+	configaccess "github.com/router-for-me/CLIProxyAPI/v6/internal/access/config_access"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/buildinfo"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/cmd"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/managementasset"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/store"
+	_ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/tui"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/usage"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
+	sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 	log "github.com/sirupsen/logrus"
 )

@@ -62,18 +61,17 @@ func main() {
 	var codexLogin bool
 	var codexDeviceLogin bool
 	var claudeLogin bool
+	var qwenLogin bool
+	var iflowLogin bool
+	var iflowCookie bool
 	var noBrowser bool
 	var oauthCallbackPort int
 	var antigravityLogin bool
 	var kimiLogin bool
-	var xaiLogin bool
 	var projectID string
 	var vertexImport string
-	var vertexImportPrefix string
 	var configPath string
 	var password string
-	var homeJWT string
-	var homeDisableClusterDiscovery bool
 	var tuiMode bool
 	var standalone bool
 	var localModel bool
@@ -83,18 +81,17 @@ func main() {
 	flag.BoolVar(&codexLogin, "codex-login", false, "Login to Codex using OAuth")
 	flag.BoolVar(&codexDeviceLogin, "codex-device-login", false, "Login to Codex using device code flow")
 	flag.BoolVar(&claudeLogin, "claude-login", false, "Login to Claude using OAuth")
+	flag.BoolVar(&qwenLogin, "qwen-login", false, "Login to Qwen using OAuth")
+	flag.BoolVar(&iflowLogin, "iflow-login", false, "Login to iFlow using OAuth")
+	flag.BoolVar(&iflowCookie, "iflow-cookie", false, "Login to iFlow using Cookie")
 	flag.BoolVar(&noBrowser, "no-browser", false, "Don't open browser automatically for OAuth")
 	flag.IntVar(&oauthCallbackPort, "oauth-callback-port", 0, "Override OAuth callback port (defaults to provider-specific port)")
 	flag.BoolVar(&antigravityLogin, "antigravity-login", false, "Login to Antigravity using OAuth")
 	flag.BoolVar(&kimiLogin, "kimi-login", false, "Login to Kimi using OAuth")
-	flag.BoolVar(&xaiLogin, "xai-login", false, "Login to xAI using OAuth")
 	flag.StringVar(&projectID, "project_id", "", "Project ID (Gemini only, not required)")
 	flag.StringVar(&configPath, "config", DefaultConfigPath, "Configure File Path")
 	flag.StringVar(&vertexImport, "vertex-import", "", "Import Vertex service account key JSON file")
-	flag.StringVar(&vertexImportPrefix, "vertex-import-prefix", "", "Prefix for Vertex model namespacing (use with -vertex-import)")
 	flag.StringVar(&password, "password", "", "")
-	flag.StringVar(&homeJWT, "home-jwt", "", "Home control plane JWT for mTLS certificate bootstrap and connection")
-	flag.BoolVar(&homeDisableClusterDiscovery, "home-disable-cluster-discovery", false, "Disable Home CLUSTER NODES discovery and keep using the configured -home-jwt address")
 	flag.BoolVar(&tuiMode, "tui", false, "Start with terminal management UI")
 	flag.BoolVar(&standalone, "standalone", false, "In TUI mode, start an embedded local server")
 	flag.BoolVar(&localModel, "local-model", false, "Use embedded model catalog only, skip remote model fetching")
@@ -133,7 +130,6 @@ func main() {
 	var err error
 	var cfg *config.Config
 	var isCloudDeploy bool
-	var configLoadedFromHome bool
 	var (
 		usePostgresStore     bool
 		pgStoreDSN           string
@@ -144,7 +140,6 @@ func main() {
 		gitStoreRemoteURL    string
 		gitStoreUser         string
 		gitStorePassword     string
-		gitStoreBranch       string
 		gitStoreLocalPath    string
 		gitStoreInst         *store.GitTokenStore
 		gitStoreRoot         string
@@ -181,13 +176,6 @@ func main() {
 		return "", false
 	}
 	writableBase := util.WritablePath()
-
-	if strings.TrimSpace(homeJWT) == "" {
-		if v, ok := lookupEnv("HOME_JWT", "home_jwt"); ok {
-			homeJWT = v
-		}
-	}
-
 	if value, ok := lookupEnv("PGSTORE_DSN", "pgstore_dsn"); ok {
 		usePostgresStore = true
 		pgStoreDSN = value
@@ -221,9 +209,6 @@ func main() {
 	if value, ok := lookupEnv("GITSTORE_LOCAL_PATH", "gitstore_local_path"); ok {
 		gitStoreLocalPath = value
 	}
-	if value, ok := lookupEnv("GITSTORE_GIT_BRANCH", "gitstore_git_branch"); ok {
-		gitStoreBranch = value
-	}
 	if value, ok := lookupEnv("OBJECTSTORE_ENDPOINT", "objectstore_endpoint"); ok {
 		useObjectStore = true
 		objectStoreEndpoint = value
@@ -251,55 +236,7 @@ func main() {
 	// Determine and load the configuration file.
 	// Prefer the Postgres store when configured, otherwise fallback to git or local files.
 	var configFilePath string
-	if strings.TrimSpace(homeJWT) != "" {
-		configLoadedFromHome = true
-		ctxHome, cancelHome := context.WithTimeout(context.Background(), 30*time.Second)
-		homeCfg, errHomeCfg := home.ConfigFromJWT(ctxHome, homeJWT)
-		cancelHome()
-		if errHomeCfg != nil {
-			log.Errorf("invalid -home-jwt: %v", errHomeCfg)
-			return
-		}
-		if homeDisableClusterDiscovery {
-			homeCfg.DisableClusterDiscovery = true
-		}
-		homeClient := home.New(homeCfg)
-		defer homeClient.Close()
-
-		ctxHomeConfig, cancelHomeConfig := context.WithTimeout(context.Background(), 30*time.Second)
-		raw, errGetConfig := homeClient.GetConfig(ctxHomeConfig)
-		cancelHomeConfig()
-		if errGetConfig != nil {
-			log.Errorf("failed to fetch config from home: %v", errGetConfig)
-			return
-		}
-
-		parsed, errParseConfig := config.ParseConfigBytes(raw)
-		if errParseConfig != nil {
-			log.Errorf("failed to parse config payload from home: %v", errParseConfig)
-			return
-		}
-		if parsed == nil {
-			parsed = &config.Config{}
-		}
-		parsed.Home = homeCfg
-		parsed.Port = 8317 // Default to 8317 for home mode, can be overridden by home config
-		parsed.UsageStatisticsEnabled = true
-		cfg = parsed
-
-		// Keep a non-empty config path for downstream components (log paths, management assets, etc),
-		// but do not require the file to exist when loading config from home.
-		if strings.TrimSpace(configPath) != "" {
-			configFilePath = configPath
-		} else {
-			configFilePath = filepath.Join(wd, "config.yaml")
-		}
-
-		// Local stores are intentionally disabled when config is loaded from home.
-		usePostgresStore = false
-		useObjectStore = false
-		useGitStore = false
-	} else if usePostgresStore {
+	if usePostgresStore {
 		if pgStoreLocalPath == "" {
 			pgStoreLocalPath = wd
 		}
@@ -406,7 +343,7 @@ func main() {
 		}
 		gitStoreRoot = filepath.Join(gitStoreLocalPath, "gitstore")
 		authDir := filepath.Join(gitStoreRoot, "auths")
-		gitStoreInst = store.NewGitTokenStore(gitStoreRemoteURL, gitStoreUser, gitStorePassword, gitStoreBranch)
+		gitStoreInst = store.NewGitTokenStore(gitStoreRemoteURL, gitStoreUser, gitStorePassword)
 		gitStoreInst.SetBaseDir(authDir)
 		if errRepo := gitStoreInst.EnsureRepository(); errRepo != nil {
 			log.Errorf("failed to prepare git token store: %v", errRepo)
@@ -463,29 +400,24 @@ func main() {
 	// In cloud deploy mode, check if we have a valid configuration
 	var configFileExists bool
 	if isCloudDeploy {
-		if configLoadedFromHome && cfg != nil {
-			configFileExists = cfg.Port != 0
+		if info, errStat := os.Stat(configFilePath); errStat != nil {
+			// Don't mislead: API server will not start until configuration is provided.
+			log.Info("Cloud deploy mode: No configuration file detected; standing by for configuration")
+			configFileExists = false
+		} else if info.IsDir() {
+			log.Info("Cloud deploy mode: Config path is a directory; standing by for configuration")
+			configFileExists = false
+		} else if cfg.Port == 0 {
+			// LoadConfigOptional returns empty config when file is empty or invalid.
+			// Config file exists but is empty or invalid; treat as missing config
+			log.Info("Cloud deploy mode: Configuration file is empty or invalid; standing by for valid configuration")
+			configFileExists = false
 		} else {
-			if info, errStat := os.Stat(configFilePath); errStat != nil {
-				// Don't mislead: API server will not start until configuration is provided.
-				log.Info("Cloud deploy mode: No configuration file detected; standing by for configuration")
-				configFileExists = false
-			} else if info.IsDir() {
-				log.Info("Cloud deploy mode: Config path is a directory; standing by for configuration")
-				configFileExists = false
-			} else if cfg.Port == 0 {
-				// LoadConfigOptional returns empty config when file is empty or invalid.
-				// Config file exists but is empty or invalid; treat as missing config
-				log.Info("Cloud deploy mode: Configuration file is empty or invalid; standing by for valid configuration")
-				configFileExists = false
-			} else {
-				log.Info("Cloud deploy mode: Configuration file detected; starting service")
-				configFileExists = true
-			}
+			log.Info("Cloud deploy mode: Configuration file detected; starting service")
+			configFileExists = true
 		}
 	}
-	redisqueue.SetUsageStatisticsEnabled(cfg.UsageStatisticsEnabled)
-	redisqueue.SetRetentionSeconds(cfg.RedisUsageQueueRetentionSeconds)
+	usage.SetStatisticsEnabled(cfg.UsageStatisticsEnabled)
 	coreauth.SetQuotaCooldownDisabled(cfg.DisableCooling)

 	if err = logging.ConfigureLogOutput(cfg); err != nil {
@@ -530,7 +462,7 @@ func main() {

 	if vertexImport != "" {
 		// Handle Vertex service account import
-		cmd.DoVertexImport(cfg, vertexImport, vertexImportPrefix)
+		cmd.DoVertexImport(cfg, vertexImport)
 	} else if login {
 		// Handle Google/Gemini login
 		cmd.DoLogin(cfg, projectID, options)
@@ -546,10 +478,14 @@ func main() {
 	} else if claudeLogin {
 		// Handle Claude login
 		cmd.DoClaudeLogin(cfg, options)
+	} else if qwenLogin {
+		cmd.DoQwenLogin(cfg, options)
+	} else if iflowLogin {
+		cmd.DoIFlowLogin(cfg, options)
+	} else if iflowCookie {
+		cmd.DoIFlowCookieAuth(cfg, options)
 	} else if kimiLogin {
 		cmd.DoKimiLogin(cfg, options)
-	} else if xaiLogin {
-		cmd.DoXAILogin(cfg, options)
 	} else {
 		// In cloud deploy mode without config file, just wait for shutdown signals
 		if isCloudDeploy && !configFileExists {
@@ -564,11 +500,8 @@ func main() {
 			if standalone {
 				// Standalone mode: start an embedded local server and connect TUI client to it.
 				managementasset.StartAutoUpdater(context.Background(), configFilePath)
-				misc.StartAntigravityVersionUpdater(context.Background())
-				if !localModel && !cfg.Home.Enabled {
+				if !localModel {
 					registry.StartModelsUpdater(context.Background())
-				} else if cfg.Home.Enabled {
-					log.Info("Home mode: remote model updates disabled")
 				}
 				hook := tui.NewLogHook(2000)
 				hook.SetFormatter(&logging.LogFormatter{})
@@ -642,11 +575,8 @@ func main() {
 		} else {
 			// Start the main proxy service
 			managementasset.StartAutoUpdater(context.Background(), configFilePath)
-			misc.StartAntigravityVersionUpdater(context.Background())
-			if !localModel && !cfg.Home.Enabled {
+			if !localModel {
 				registry.StartModelsUpdater(context.Background())
-			} else if cfg.Home.Enabled {
-				log.Info("Home mode: remote model updates disabled")
 			}
 			cmd.StartService(cfg, configFilePath, password)
 		}
@@ -66,11 +66,6 @@ error-logs-max-files: 10
 # When false, disable in-memory usage statistics aggregation
 usage-statistics-enabled: false

-# How long (in seconds) usage queue items are retained in memory for the Management API.
-# The local Redis RESP usage output is disabled.
-# Default: 60. Max: 3600.
-redis-usage-queue-retention-seconds: 60
-
 # Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/
 # Per-entry proxy-url also supports "direct" or "none" to bypass both the global proxy-url and environment proxies explicitly.
 proxy-url: ""
@@ -92,65 +87,30 @@ max-retry-credentials: 0
 # Maximum wait time in seconds for a cooled-down credential before triggering a retry.
 max-retry-interval: 30

-# When true, disable auth/model cooldown scheduling globally (prevents blackout windows after failure states).
-disable-cooling: false
-
-# disable-image-generation supports: false (default), true, or "chat".
-# - true: disable image_generation everywhere (also returns 404 for /v1/images/generations and /v1/images/edits).
-# - "chat": disable image_generation injection on non-images endpoints, but keep /v1/images/generations and /v1/images/edits enabled.
-disable-image-generation: false
-
-# Core auth auto-refresh worker pool size (OAuth/file-based auth token refresh).
-# When > 0, overrides the default worker count (16).
-# auth-auto-refresh-workers: 16
-
 # Quota exceeded behavior
 quota-exceeded:
  switch-project: true # Whether to automatically switch to another project when a quota is exceeded
  switch-preview-model: true # Whether to automatically switch to a preview model when a quota is exceeded
-  antigravity-credits: true # Whether to use credits as last-resort fallback when all free-tier auths are exhausted for Claude models

 # Routing strategy for selecting credentials when multiple match.
 routing:
  strategy: "round-robin" # round-robin (default), fill-first
-  # Enable universal session-sticky routing for all clients.
-  # Session IDs are extracted from: metadata.user_id (Claude Code session format),
-  # X-Session-ID, Session_id (Codex), X-Amp-Thread-Id (Amp CLI),
-  # X-Client-Request-Id (PI), conversation_id, or first few messages hash.
-  # Automatic failover is always enabled when bound auth becomes unavailable.
-  session-affinity: false # default: false
-  # How long session-to-auth bindings are retained. Default: 1h
-  session-affinity-ttl: "1h"

 # When true, enable authentication for the WebSocket API (/v1/ws).
-ws-auth: true
-
-# When true, enable Gemini CLI internal endpoints (/v1internal:*).
-# Default is false for safety.
-enable-gemini-cli-endpoint: false
+ws-auth: false

 # When > 0, emit blank lines every N seconds for non-streaming responses to prevent idle timeouts.
 nonstream-keepalive-interval: 0
+
 # Streaming behavior (SSE keep-alives + safe bootstrap retries).
 # streaming:
 #   keepalive-seconds: 15   # Default: 0 (disabled). <= 0 disables keep-alives.
 #   bootstrap-retries: 1    # Default: 0 (disabled). Retries before first byte is sent.

-# Signature cache validation for thinking blocks (Antigravity/Claude).
-# When true (default), cached signatures are preferred and validated.
-# When false, client signatures are used directly after normalization (bypass mode for testing).
-# antigravity-signature-cache-enabled: true
-
-# Bypass mode signature validation strictness (only applies when signature cache is disabled).
-# When true, validates full Claude protobuf tree (Field 2 -> Field 1 structure).
-# When false (default), only checks R/E prefix + base64 + first byte 0x12.
-# antigravity-signature-bypass-strict: false
-
 # Gemini API keys
 # gemini-api-key:
 #   - api-key: "AIzaSy...01"
 #     prefix: "test" # optional: require calls like "test/gemini-3-pro-preview" to target this credential
-#     disable-cooling: false # optional: per-auth override for auth/model cooldown scheduling
 #     base-url: "https://generativelanguage.googleapis.com"
 #     headers:
 #       X-Custom-Header: "custom-value"
@@ -170,7 +130,6 @@ nonstream-keepalive-interval: 0
 # codex-api-key:
 #   - api-key: "sk-atSM..."
 #     prefix: "test" # optional: require calls like "test/gpt-5-codex" to target this credential
-#     disable-cooling: false # optional: per-auth override for auth/model cooldown scheduling
 #     base-url: "https://www.example.com" # use the custom codex API endpoint
 #     headers:
 #       X-Custom-Header: "custom-value"
@@ -190,7 +149,6 @@ nonstream-keepalive-interval: 0
 #   - api-key: "sk-atSM..." # use the official claude API key, no need to set the base url
 #   - api-key: "sk-atSM..."
 #     prefix: "test" # optional: require calls like "test/claude-sonnet-latest" to target this credential
-#     disable-cooling: false # optional: per-auth override for auth/model cooldown scheduling
 #     base-url: "https://www.example.com" # use the custom claude API endpoint
 #     headers:
 #       X-Custom-Header: "custom-value"
@@ -214,8 +172,6 @@ nonstream-keepalive-interval: 0
 #         - "API"
 #         - "proxy"
 #       cache-user-id: true          # optional: default is false; set true to reuse cached user_id per API key instead of generating a random one each request
-#     experimental-cch-signing: false # optional: default is false; when true, sign the final /v1/messages body using the current Claude Code cch algorithm
-#                                     # keep this disabled unless you explicitly need the behavior, so upstream seed changes fall back to legacy proxy behavior

 # Default headers for Claude API requests. Update when Claude Code releases new versions.
 # In legacy mode, user-agent/package-version/runtime-version/timeout are used as fallbacks
@@ -243,10 +199,8 @@ nonstream-keepalive-interval: 0
 # OpenAI compatibility providers
 # openai-compatibility:
 #   - name: "openrouter" # The name of the provider; it will be used in the user agent and other places.
-#     disabled: false # optional: set to true to disable this provider without removing it
 #     prefix: "test" # optional: require calls like "test/kimi-k2" to target this provider's credentials
 #     base-url: "https://openrouter.ai/api/v1" # The base URL of the provider.
-#     disable-cooling: false # optional: per-provider override for auth/model cooldown scheduling
 #     headers:
 #       X-Custom-Header: "custom-value"
 #     api-key-entries:
@@ -257,7 +211,6 @@ nonstream-keepalive-interval: 0
 #     models: # The models supported by the provider.
 #       - name: "moonshotai/kimi-k2:free" # The actual model name.
 #         alias: "kimi-k2"               # The alias used in the API.
-#         image: false                   # optional: set true to allow this model on /v1/images/generations and /v1/images/edits
 #         thinking:                      # optional: omit to default to levels ["low","medium","high"]
 #           levels: ["low", "medium", "high"]
 #       # You may repeat the same alias to build an internal model pool.
@@ -265,7 +218,7 @@ nonstream-keepalive-interval: 0
 #       # Requests to that alias will round-robin across the upstream names below,
 #       # and if the chosen upstream fails before producing output, the request will
 #       # continue with the next upstream model in the same alias pool.
-#       - name: "deepseek-v3.1"
+#       - name: "qwen3.5-plus"
 #         alias: "claude-opus-4.66"
 #       - name: "glm-5"
 #         alias: "claude-opus-4.66"
@@ -326,7 +279,7 @@ nonstream-keepalive-interval: 0

 # Global OAuth model name aliases (per channel)
 # These aliases rename model IDs for both model listing and request routing.
-# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, kimi, xai.
+# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kimi.
 # NOTE: Aliases do not apply to gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, or ampcode.
 # NOTE: Because aliases affect the merged /v1 model list and merged request routing, overlapping
 # client-visible names can become ambiguous across providers. /api/provider/{provider}/... helps
@@ -353,12 +306,15 @@ nonstream-keepalive-interval: 0
 #   codex:
 #     - name: "gpt-5"
 #       alias: "g5"
+#   qwen:
+#     - name: "qwen3-coder-plus"
+#       alias: "qwen-plus"
+#   iflow:
+#     - name: "glm-4.7"
+#       alias: "glm-god"
 #   kimi:
 #     - name: "kimi-k2.5"
 #       alias: "k2.5"
-#   xai:
-#     - name: "grok-4.3"
-#       alias: "grok-latest"

 # OAuth provider excluded models
 # oauth-excluded-models:
@@ -377,10 +333,12 @@ nonstream-keepalive-interval: 0
 #     - "claude-3-5-haiku-20241022"
 #   codex:
 #     - "gpt-5-codex-mini"
+#   qwen:
+#     - "vision-model"
+#   iflow:
+#     - "tstars2.0"
 #   kimi:
 #     - "kimi-k2-thinking"
-#   xai:
-#     - "grok-3-mini"

 # Optional payload configuration
 # payload:
@@ -388,17 +346,6 @@ nonstream-keepalive-interval: 0
 #     - models:
 #         - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*")
 #           protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
-#           from-protocol: "responses" # restricts the rule to the source protocol, options: openai, responses, gemini, claude
-#           headers: # all configured request headers must match; values support "*" wildcards
-#             X-Client-Tier: "tenant-*-region-*"
-#           match: # all payload JSON paths must equal the configured values
-#             - "metadata.client": "codex"
-#           not-match: # payload JSON paths must not equal the configured values
-#             - "metadata.mode": "dev"
-#           exist: # all payload JSON paths must exist and not be null
-#             - "tools.#(type==\"web_search\").type"
-#           not-exist: # all payload JSON paths must be missing or null
-#             - "metadata.disable_payload"
 #       params: # JSON path (gjson/sjson syntax) -> value
 #         "generationConfig.thinkingConfig.thinkingBudget": 32768
 #   default-raw: # Default raw rules set parameters using raw JSON when missing (must be valid JSON).
@@ -5,12 +5,113 @@
 # This script automates the process of building and running the Docker container
 # with version information dynamically injected at build time.

+# Hidden feature: Preserve usage statistics across rebuilds
+# Usage: ./docker-build.sh --with-usage
+# First run prompts for management API key, saved to temp/stats/.api_secret
+
 set -euo pipefail

-if [[ "${1:-}" != "" ]]; then
-  echo "Error: unknown option '${1}'."
-  echo "Usage: ./docker-build.sh"
-  exit 1
+STATS_DIR="temp/stats"
+STATS_FILE="${STATS_DIR}/.usage_backup.json"
+SECRET_FILE="${STATS_DIR}/.api_secret"
+WITH_USAGE=false
+
+get_port() {
+  if [[ -f "config.yaml" ]]; then
+    grep -E "^port:" config.yaml | sed -E 's/^port: *["'"'"']?([0-9]+)["'"'"']?.*$/\1/'
+  else
+    echo "8317"
+  fi
+}
+
+export_stats_api_secret() {
+  if [[ -f "${SECRET_FILE}" ]]; then
+    API_SECRET=$(cat "${SECRET_FILE}")
+  else
+    if [[ ! -d "${STATS_DIR}" ]]; then
+      mkdir -p "${STATS_DIR}"
+    fi
+    echo "First time using --with-usage. Management API key required."
+    read -r -p "Enter management key: " -s API_SECRET
+    echo
+    echo "${API_SECRET}" > "${SECRET_FILE}"
+    chmod 600 "${SECRET_FILE}"
+  fi
+}
+
+check_container_running() {
+  local port
+  port=$(get_port)
+
+  if ! curl -s -o /dev/null -w "%{http_code}" "http://localhost:${port}/" | grep -q "200"; then
+    echo "Error: cli-proxy-api service is not responding at localhost:${port}"
+    echo "Please start the container first or use without --with-usage flag."
+    exit 1
+  fi
+}
+
+export_stats() {
+  local port
+  port=$(get_port)
+
+  if [[ ! -d "${STATS_DIR}" ]]; then
+    mkdir -p "${STATS_DIR}"
+  fi
+  check_container_running
+  echo "Exporting usage statistics..."
+  EXPORT_RESPONSE=$(curl -s -w "\n%{http_code}" -H "X-Management-Key: ${API_SECRET}" \
+    "http://localhost:${port}/v0/management/usage/export")
+  HTTP_CODE=$(echo "${EXPORT_RESPONSE}" | tail -n1)
+  RESPONSE_BODY=$(echo "${EXPORT_RESPONSE}" | sed '$d')
+
+  if [[ "${HTTP_CODE}" != "200" ]]; then
+    echo "Export failed (HTTP ${HTTP_CODE}): ${RESPONSE_BODY}"
+    exit 1
+  fi
+
+  echo "${RESPONSE_BODY}" > "${STATS_FILE}"
+  echo "Statistics exported to ${STATS_FILE}"
+}
+
+import_stats() {
+  local port
+  port=$(get_port)
+
+  echo "Importing usage statistics..."
+  IMPORT_RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \
+    -H "X-Management-Key: ${API_SECRET}" \
+    -H "Content-Type: application/json" \
+    -d @"${STATS_FILE}" \
+    "http://localhost:${port}/v0/management/usage/import")
+  IMPORT_CODE=$(echo "${IMPORT_RESPONSE}" | tail -n1)
+  IMPORT_BODY=$(echo "${IMPORT_RESPONSE}" | sed '$d')
+
+  if [[ "${IMPORT_CODE}" == "200" ]]; then
+    echo "Statistics imported successfully"
+  else
+    echo "Import failed (HTTP ${IMPORT_CODE}): ${IMPORT_BODY}"
+  fi
+
+  rm -f "${STATS_FILE}"
+}
+
+wait_for_service() {
+  local port
+  port=$(get_port)
+
+  echo "Waiting for service to be ready..."
+  for i in {1..30}; do
+    if curl -s -o /dev/null -w "%{http_code}" "http://localhost:${port}/" | grep -q "200"; then
+      break
+    fi
+    sleep 1
+  done
+  sleep 2
+}
+
+if [[ "${1:-}" == "--with-usage" ]]; then
+  WITH_USAGE=true
+  export_stats_api_secret
 fi

 # --- Step 1: Choose Environment ---
@@ -23,7 +124,14 @@ read -r -p "Enter choice [1-2]: " choice
 case "$choice" in
  1)
    echo "--- Running with Pre-built Image ---"
+    if [[ "${WITH_USAGE}" == "true" ]]; then
+      export_stats
+    fi
    docker compose up -d --remove-orphans --no-build
+    if [[ "${WITH_USAGE}" == "true" ]]; then
+      wait_for_service
+      import_stats
+    fi
    echo "Services are starting from remote image."
    echo "Run 'docker compose logs -f' to see the logs."
    ;;
@@ -50,9 +158,18 @@ case "$choice" in
      --build-arg COMMIT="${COMMIT}" \
      --build-arg BUILD_DATE="${BUILD_DATE}"

+    if [[ "${WITH_USAGE}" == "true" ]]; then
+      export_stats
+    fi
+
    echo "Starting the services..."
    docker compose up -d --remove-orphans --pull never

+    if [[ "${WITH_USAGE}" == "true" ]]; then
+      wait_for_service
+      import_stats
+    fi
+
    echo "Build complete. Services are starting."
    echo "Run 'docker compose logs -f' to see the logs."
    ;;
@@ -1,29 +0,0 @@
-services:
-  cli-proxy-api:
-    image: ${CLI_PROXY_IMAGE:-eceasy/cli-proxy-api:latest}
-    pull_policy: always
-    build:
-      context: .
-      dockerfile: Dockerfile
-      args:
-        VERSION: ${VERSION:-dev}
-        COMMIT: ${COMMIT:-none}
-        BUILD_DATE: ${BUILD_DATE:-unknown}
-    container_name: cli-proxy-api-cluster
-    environment:
-      HOME_JWT: ${HOME_JWT:-}
-    ports:
-      - "8317:8317"
-    volumes:
-      - ./home:/root/.cli-proxy-api
-      - ./logs:/CLIProxyAPI/logs
-    command: >
-      sh -eu -c '
-        if [ -z "$$HOME_JWT" ]; then
-          echo "HOME_JWT is required" >&2
-          exit 1
-        fi
-
-        exec ./CLIProxyAPI -home-jwt "$$HOME_JWT"
-      '
-    restart: unless-stopped
@@ -24,14 +24,14 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api"
-	sdkAuth "github.com/router-for-me/CLIProxyAPI/v7/sdk/auth"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-	clipexec "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/executor"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/logging"
-	sdktr "github.com/router-for-me/CLIProxyAPI/v7/sdk/translator"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api"
+	sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
+	clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/logging"
+	sdktr "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator"
 )

 const (
@@ -16,8 +16,8 @@ import (
 	"strings"
 	"time"

-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-	clipexec "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/executor"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
+	clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor"
 	log "github.com/sirupsen/logrus"
 )

@@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"

-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/translator"
-	_ "github.com/router-for-me/CLIProxyAPI/v7/sdk/translator/builtin"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/translator"
+	_ "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator/builtin"
 )

 func main() {
@@ -1,4 +1,4 @@
-module github.com/router-for-me/CLIProxyAPI/v7
+module github.com/router-for-me/CLIProxyAPI/v6

 go 1.26.0

@@ -31,12 +31,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 )

-require (
-	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/redis/go-redis/v9 v9.19.0 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
-)
-
 require (
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
@@ -87,7 +81,6 @@ require (
 	github.com/muesli/cancelreader v0.2.2 // indirect
 	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
-	github.com/pierrec/xxHash v0.1.5
 	github.com/pjbgf/sha1cd v0.5.0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/xid v1.5.0 // indirect
@@ -18,8 +18,6 @@ github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc
 github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
 github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
-github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/charmbracelet/bubbles v1.0.0 h1:12J8/ak/uCZEMQ6KU7pcfwceyjLlWsDLAxB5fXonfvc=
 github.com/charmbracelet/bubbles v1.0.0/go.mod h1:9d/Zd5GdnauMI5ivUIVisuEm3ave1XwXtD1ckyV6r3E=
 github.com/charmbracelet/bubbletea v1.3.10 h1:otUDHWMMzQSB0Pkc87rm691KZ3SWa4KUlvF9nRvCICw=
@@ -154,14 +152,10 @@ github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc
 github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
-github.com/pierrec/xxHash v0.1.5 h1:n/jBpwTHiER4xYvK3/CdPVnLDPchj8eTJFFLUb4QHBo=
-github.com/pierrec/xxHash v0.1.5/go.mod h1:w2waW5Zoa/Wc4Yqe0wgrIYAGKqRMf7czn2HNKXmuL+I=
 github.com/pjbgf/sha1cd v0.5.0 h1:a+UkboSi1znleCDUNT3M5YxjOnN1fz2FhN48FlwCxs0=
 github.com/pjbgf/sha1cd v0.5.0/go.mod h1:lhpGlyHLpQZoxMv8HcgXvZEhcGs0PG/vsZnEJ7H0iCM=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/redis/go-redis/v9 v9.19.0 h1:XPVaaPSnG6RhYf7p+rmSa9zZfeVAnWsH5h3lxthOm/k=
-github.com/redis/go-redis/v9 v9.19.0/go.mod h1:v/M13XI1PVCDcm01VtPFOADfZtHf8YW3baQf57KlIkA=
 github.com/refraction-networking/utls v1.8.2 h1:j4Q1gJj0xngdeH+Ox/qND11aEfhpgoEvV+S9iJ2IdQo=
 github.com/refraction-networking/utls v1.8.2/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
@@ -207,8 +201,6 @@ github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65E
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
-go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
-go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
 golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
@@ -5,8 +5,8 @@ import (
 	"net/http"
 	"strings"

-	sdkaccess "github.com/router-for-me/CLIProxyAPI/v7/sdk/access"
-	sdkconfig "github.com/router-for-me/CLIProxyAPI/v7/sdk/config"
+	sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access"
+	sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config"
 )

 // Register ensures the config-access provider is available to the access manager.
@@ -6,9 +6,9 @@ import (
 	"sort"
 	"strings"

-	configaccess "github.com/router-for-me/CLIProxyAPI/v7/internal/access/config_access"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	sdkaccess "github.com/router-for-me/CLIProxyAPI/v7/sdk/access"
+	configaccess "github.com/router-for-me/CLIProxyAPI/v6/internal/access/config_access"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access"
 	log "github.com/sirupsen/logrus"
 )

@@ -1,32 +0,0 @@
-package api
-
-import (
-	"bufio"
-	"crypto/tls"
-	"net"
-)
-
-type bufferedConn struct {
-	net.Conn
-	reader *bufio.Reader
-}
-
-func (c *bufferedConn) Read(p []byte) (int, error) {
-	if c == nil {
-		return 0, net.ErrClosed
-	}
-	if c.reader == nil {
-		return c.Conn.Read(p)
-	}
-	return c.reader.Read(p)
-}
-
-func (c *bufferedConn) ConnectionState() tls.ConnectionState {
-	if c == nil || c.Conn == nil {
-		return tls.ConnectionState{}
-	}
-	if stater, ok := c.Conn.(interface{ ConnectionState() tls.ConnectionState }); ok {
-		return stater.ConnectionState()
-	}
-	return tls.ConnectionState{}
-}
@@ -1,107 +0,0 @@
-package management
-
-import (
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/gin-gonic/gin"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-)
-
-type apiKeyUsageEntry struct {
-	Success        int64                          `json:"success"`
-	Failed         int64                          `json:"failed"`
-	RecentRequests []coreauth.RecentRequestBucket `json:"recent_requests"`
-}
-
-func mergeRecentRequestBuckets(dst, src []coreauth.RecentRequestBucket) []coreauth.RecentRequestBucket {
-	if len(dst) == 0 {
-		return src
-	}
-	if len(src) == 0 {
-		return dst
-	}
-	if len(dst) != len(src) {
-		n := len(dst)
-		if len(src) < n {
-			n = len(src)
-		}
-		for i := 0; i < n; i++ {
-			dst[i].Success += src[i].Success
-			dst[i].Failed += src[i].Failed
-		}
-		return dst
-	}
-	for i := range dst {
-		dst[i].Success += src[i].Success
-		dst[i].Failed += src[i].Failed
-	}
-	return dst
-}
-
-// GetAPIKeyUsage returns recent request buckets for all in-memory api_key auths,
-// grouped by provider and keyed by "base_url|api_key".
-func (h *Handler) GetAPIKeyUsage(c *gin.Context) {
-	if h == nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "handler not initialized"})
-		return
-	}
-
-	h.mu.Lock()
-	manager := h.authManager
-	h.mu.Unlock()
-	if manager == nil {
-		c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"})
-		return
-	}
-
-	now := time.Now()
-	out := make(map[string]map[string]apiKeyUsageEntry)
-	for _, auth := range manager.List() {
-		if auth == nil {
-			continue
-		}
-		kind, apiKey := auth.AccountInfo()
-		if !strings.EqualFold(strings.TrimSpace(kind), "api_key") {
-			continue
-		}
-		apiKey = strings.TrimSpace(apiKey)
-		if apiKey == "" {
-			continue
-		}
-		baseURL := ""
-		if auth.Attributes != nil {
-			baseURL = strings.TrimSpace(auth.Attributes["base_url"])
-			if baseURL == "" {
-				baseURL = strings.TrimSpace(auth.Attributes["base-url"])
-			}
-		}
-		compositeKey := baseURL + "|" + apiKey
-		provider := strings.ToLower(strings.TrimSpace(auth.Provider))
-		if provider == "" {
-			provider = "unknown"
-		}
-
-		recent := auth.RecentRequestsSnapshot(now)
-		providerBucket, ok := out[provider]
-		if !ok {
-			providerBucket = make(map[string]apiKeyUsageEntry)
-			out[provider] = providerBucket
-		}
-		if existing, exists := providerBucket[compositeKey]; exists {
-			existing.Success += auth.Success
-			existing.Failed += auth.Failed
-			existing.RecentRequests = mergeRecentRequestBuckets(existing.RecentRequests, recent)
-			providerBucket[compositeKey] = existing
-			continue
-		}
-		providerBucket[compositeKey] = apiKeyUsageEntry{
-			Success:        auth.Success,
-			Failed:         auth.Failed,
-			RecentRequests: recent,
-		}
-	}
-
-	c.JSON(http.StatusOK, out)
-}
@@ -1,95 +0,0 @@
-package management
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-)
-
-func sumRecentRequestBuckets(buckets []coreauth.RecentRequestBucket) (int64, int64) {
-	var success int64
-	var failed int64
-	for _, bucket := range buckets {
-		success += bucket.Success
-		failed += bucket.Failed
-	}
-	return success, failed
-}
-
-func TestGetAPIKeyUsage_GroupsByProviderAndAPIKey(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "")
-	gin.SetMode(gin.TestMode)
-
-	manager := coreauth.NewManager(nil, nil, nil)
-	if _, err := manager.Register(context.Background(), &coreauth.Auth{
-		ID:       "codex-auth",
-		Provider: "codex",
-		Attributes: map[string]string{
-			"api_key":  "codex-key",
-			"base_url": "https://codex.example.com",
-		},
-	}); err != nil {
-		t.Fatalf("register codex auth: %v", err)
-	}
-	if _, err := manager.Register(context.Background(), &coreauth.Auth{
-		ID:       "claude-auth",
-		Provider: "claude",
-		Attributes: map[string]string{
-			"api_key":  "claude-key",
-			"base_url": "https://claude.example.com",
-		},
-	}); err != nil {
-		t.Fatalf("register claude auth: %v", err)
-	}
-
-	manager.MarkResult(context.Background(), coreauth.Result{AuthID: "codex-auth", Provider: "codex", Model: "gpt-5", Success: true})
-	manager.MarkResult(context.Background(), coreauth.Result{AuthID: "codex-auth", Provider: "codex", Model: "gpt-5", Success: false})
-	manager.MarkResult(context.Background(), coreauth.Result{AuthID: "claude-auth", Provider: "claude", Model: "claude-4", Success: true})
-
-	h := NewHandlerWithoutConfigFilePath(&config.Config{AuthDir: t.TempDir()}, manager)
-
-	rec := httptest.NewRecorder()
-	ginCtx, _ := gin.CreateTestContext(rec)
-	req := httptest.NewRequest(http.MethodGet, "/v0/management/api-key-usage", nil)
-	ginCtx.Request = req
-	h.GetAPIKeyUsage(ginCtx)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("status = %d, want %d body=%s", rec.Code, http.StatusOK, rec.Body.String())
-	}
-
-	var payload map[string]map[string]apiKeyUsageEntry
-	if err := json.Unmarshal(rec.Body.Bytes(), &payload); err != nil {
-		t.Fatalf("decode payload: %v", err)
-	}
-
-	codexEntry := payload["codex"]["https://codex.example.com|codex-key"]
-	if codexEntry.Success != 1 || codexEntry.Failed != 1 {
-		t.Fatalf("codex totals = %d/%d, want 1/1", codexEntry.Success, codexEntry.Failed)
-	}
-	if len(codexEntry.RecentRequests) != 20 {
-		t.Fatalf("codex buckets len = %d, want 20", len(codexEntry.RecentRequests))
-	}
-	codexSuccess, codexFailed := sumRecentRequestBuckets(codexEntry.RecentRequests)
-	if codexSuccess != 1 || codexFailed != 1 {
-		t.Fatalf("codex totals = %d/%d, want 1/1", codexSuccess, codexFailed)
-	}
-
-	claudeEntry := payload["claude"]["https://claude.example.com|claude-key"]
-	if claudeEntry.Success != 1 || claudeEntry.Failed != 0 {
-		t.Fatalf("claude totals = %d/%d, want 1/0", claudeEntry.Success, claudeEntry.Failed)
-	}
-	if len(claudeEntry.RecentRequests) != 20 {
-		t.Fatalf("claude buckets len = %d, want 20", len(claudeEntry.RecentRequests))
-	}
-	claudeSuccess, claudeFailed := sumRecentRequestBuckets(claudeEntry.RecentRequests)
-	if claudeSuccess != 1 || claudeFailed != 0 {
-		t.Fatalf("claude totals = %d/%d, want 1/0", claudeSuccess, claudeFailed)
-	}
-}
@@ -11,10 +11,9 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/runtime/geminicli"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/proxyutil"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/runtime/geminicli"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/proxyutil"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
@@ -637,11 +636,6 @@ func (h *Handler) apiCallTransport(auth *coreauth.Auth) http.RoundTripper {
 		if proxyStr := strings.TrimSpace(auth.ProxyURL); proxyStr != "" {
 			proxyCandidates = append(proxyCandidates, proxyStr)
 		}
-		if h != nil && h.cfg != nil {
-			if proxyStr := strings.TrimSpace(proxyURLFromAPIKeyConfig(h.cfg, auth)); proxyStr != "" {
-				proxyCandidates = append(proxyCandidates, proxyStr)
-			}
-		}
 	}
 	if h != nil && h.cfg != nil {
 		if proxyStr := strings.TrimSpace(h.cfg.ProxyURL); proxyStr != "" {
@@ -664,126 +658,6 @@ func (h *Handler) apiCallTransport(auth *coreauth.Auth) http.RoundTripper {
 	return clone
 }

-type apiKeyConfigEntry interface {
-	GetAPIKey() string
-	GetBaseURL() string
-}
-
-func resolveAPIKeyConfig[T apiKeyConfigEntry](entries []T, auth *coreauth.Auth) *T {
-	if auth == nil || len(entries) == 0 {
-		return nil
-	}
-	attrKey, attrBase := "", ""
-	if auth.Attributes != nil {
-		attrKey = strings.TrimSpace(auth.Attributes["api_key"])
-		attrBase = strings.TrimSpace(auth.Attributes["base_url"])
-	}
-	for i := range entries {
-		entry := &entries[i]
-		cfgKey := strings.TrimSpace((*entry).GetAPIKey())
-		cfgBase := strings.TrimSpace((*entry).GetBaseURL())
-		if attrKey != "" && attrBase != "" {
-			if strings.EqualFold(cfgKey, attrKey) && strings.EqualFold(cfgBase, attrBase) {
-				return entry
-			}
-			continue
-		}
-		if attrKey != "" && strings.EqualFold(cfgKey, attrKey) {
-			if cfgBase == "" || strings.EqualFold(cfgBase, attrBase) {
-				return entry
-			}
-		}
-		if attrKey == "" && attrBase != "" && strings.EqualFold(cfgBase, attrBase) {
-			return entry
-		}
-	}
-	if attrKey != "" {
-		for i := range entries {
-			entry := &entries[i]
-			if strings.EqualFold(strings.TrimSpace((*entry).GetAPIKey()), attrKey) {
-				return entry
-			}
-		}
-	}
-	return nil
-}
-
-func proxyURLFromAPIKeyConfig(cfg *config.Config, auth *coreauth.Auth) string {
-	if cfg == nil || auth == nil {
-		return ""
-	}
-	authKind, authAccount := auth.AccountInfo()
-	if !strings.EqualFold(strings.TrimSpace(authKind), "api_key") {
-		return ""
-	}
-
-	attrs := auth.Attributes
-	compatName := ""
-	providerKey := ""
-	if len(attrs) > 0 {
-		compatName = strings.TrimSpace(attrs["compat_name"])
-		providerKey = strings.TrimSpace(attrs["provider_key"])
-	}
-	if compatName != "" || strings.EqualFold(strings.TrimSpace(auth.Provider), "openai-compatibility") {
-		return resolveOpenAICompatAPIKeyProxyURL(cfg, auth, strings.TrimSpace(authAccount), providerKey, compatName)
-	}
-
-	switch strings.ToLower(strings.TrimSpace(auth.Provider)) {
-	case "gemini":
-		if entry := resolveAPIKeyConfig(cfg.GeminiKey, auth); entry != nil {
-			return strings.TrimSpace(entry.ProxyURL)
-		}
-	case "claude":
-		if entry := resolveAPIKeyConfig(cfg.ClaudeKey, auth); entry != nil {
-			return strings.TrimSpace(entry.ProxyURL)
-		}
-	case "codex":
-		if entry := resolveAPIKeyConfig(cfg.CodexKey, auth); entry != nil {
-			return strings.TrimSpace(entry.ProxyURL)
-		}
-	}
-	return ""
-}
-
-func resolveOpenAICompatAPIKeyProxyURL(cfg *config.Config, auth *coreauth.Auth, apiKey, providerKey, compatName string) string {
-	if cfg == nil || auth == nil {
-		return ""
-	}
-	apiKey = strings.TrimSpace(apiKey)
-	if apiKey == "" {
-		return ""
-	}
-	candidates := make([]string, 0, 3)
-	if v := strings.TrimSpace(compatName); v != "" {
-		candidates = append(candidates, v)
-	}
-	if v := strings.TrimSpace(providerKey); v != "" {
-		candidates = append(candidates, v)
-	}
-	if v := strings.TrimSpace(auth.Provider); v != "" {
-		candidates = append(candidates, v)
-	}
-
-	for i := range cfg.OpenAICompatibility {
-		compat := &cfg.OpenAICompatibility[i]
-		if compat.Disabled {
-			continue
-		}
-		for _, candidate := range candidates {
-			if candidate != "" && strings.EqualFold(strings.TrimSpace(candidate), compat.Name) {
-				for j := range compat.APIKeyEntries {
-					entry := &compat.APIKeyEntries[j]
-					if strings.EqualFold(strings.TrimSpace(entry.APIKey), apiKey) {
-						return strings.TrimSpace(entry.ProxyURL)
-					}
-				}
-				return ""
-			}
-		}
-	}
-	return ""
-}
-
 func buildProxyTransport(proxyStr string) *http.Transport {
 	transport, _, errBuild := proxyutil.BuildHTTPTransport(proxyStr)
 	if errBuild != nil {
@@ -5,9 +5,9 @@ import (
 	"net/http"
 	"testing"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-	sdkconfig "github.com/router-for-me/CLIProxyAPI/v7/sdk/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
+	sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config"
 )

 func TestAPICallTransportDirectBypassesGlobalProxy(t *testing.T) {
@@ -58,105 +58,6 @@ func TestAPICallTransportInvalidAuthFallsBackToGlobalProxy(t *testing.T) {
 	}
 }

-func TestAPICallTransportAPIKeyAuthFallsBackToConfigProxyURL(t *testing.T) {
-	t.Parallel()
-
-	h := &Handler{
-		cfg: &config.Config{
-			SDKConfig: sdkconfig.SDKConfig{ProxyURL: "http://global-proxy.example.com:8080"},
-			GeminiKey: []config.GeminiKey{{
-				APIKey:   "gemini-key",
-				ProxyURL: "http://gemini-proxy.example.com:8080",
-			}},
-			ClaudeKey: []config.ClaudeKey{{
-				APIKey:   "claude-key",
-				ProxyURL: "http://claude-proxy.example.com:8080",
-			}},
-			CodexKey: []config.CodexKey{{
-				APIKey:   "codex-key",
-				ProxyURL: "http://codex-proxy.example.com:8080",
-			}},
-			OpenAICompatibility: []config.OpenAICompatibility{{
-				Name:    "bohe",
-				BaseURL: "https://bohe.example.com",
-				APIKeyEntries: []config.OpenAICompatibilityAPIKey{{
-					APIKey:   "compat-key",
-					ProxyURL: "http://compat-proxy.example.com:8080",
-				}},
-			}},
-		},
-	}
-
-	cases := []struct {
-		name      string
-		auth      *coreauth.Auth
-		wantProxy string
-	}{
-		{
-			name: "gemini",
-			auth: &coreauth.Auth{
-				Provider:   "gemini",
-				Attributes: map[string]string{"api_key": "gemini-key"},
-			},
-			wantProxy: "http://gemini-proxy.example.com:8080",
-		},
-		{
-			name: "claude",
-			auth: &coreauth.Auth{
-				Provider:   "claude",
-				Attributes: map[string]string{"api_key": "claude-key"},
-			},
-			wantProxy: "http://claude-proxy.example.com:8080",
-		},
-		{
-			name: "codex",
-			auth: &coreauth.Auth{
-				Provider:   "codex",
-				Attributes: map[string]string{"api_key": "codex-key"},
-			},
-			wantProxy: "http://codex-proxy.example.com:8080",
-		},
-		{
-			name: "openai-compatibility",
-			auth: &coreauth.Auth{
-				Provider: "bohe",
-				Attributes: map[string]string{
-					"api_key":      "compat-key",
-					"compat_name":  "bohe",
-					"provider_key": "bohe",
-				},
-			},
-			wantProxy: "http://compat-proxy.example.com:8080",
-		},
-	}
-
-	for _, tc := range cases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-
-			transport := h.apiCallTransport(tc.auth)
-			httpTransport, ok := transport.(*http.Transport)
-			if !ok {
-				t.Fatalf("transport type = %T, want *http.Transport", transport)
-			}
-
-			req, errRequest := http.NewRequest(http.MethodGet, "https://example.com", nil)
-			if errRequest != nil {
-				t.Fatalf("http.NewRequest returned error: %v", errRequest)
-			}
-
-			proxyURL, errProxy := httpTransport.Proxy(req)
-			if errProxy != nil {
-				t.Fatalf("httpTransport.Proxy returned error: %v", errProxy)
-			}
-			if proxyURL == nil || proxyURL.String() != tc.wantProxy {
-				t.Fatalf("proxy URL = %v, want %s", proxyURL, tc.wantProxy)
-			}
-		})
-	}
-}
-
 func TestAuthByIndexDistinguishesSharedAPIKeysAcrossProviders(t *testing.T) {
 	t.Parallel()

@@ -22,18 +22,19 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/auth/antigravity"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/auth/claude"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/auth/codex"
-	geminiAuth "github.com/router-for-me/CLIProxyAPI/v7/internal/auth/gemini"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/auth/kimi"
-	xaiauth "github.com/router-for-me/CLIProxyAPI/v7/internal/auth/xai"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/interfaces"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/misc"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/registry"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
-	sdkAuth "github.com/router-for-me/CLIProxyAPI/v7/sdk/auth"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/antigravity"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/claude"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/codex"
+	geminiAuth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/gemini"
+	iflowauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/iflow"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kimi"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/qwen"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
+	sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 	log "github.com/sirupsen/logrus"
 	"github.com/tidwall/gjson"
 	"golang.org/x/oauth2"
@@ -141,7 +142,7 @@ func startCallbackForwarder(port int, provider, targetBase string) (*callbackFor
 		stopForwarderInstance(port, prev)
 	}

-	addr := fmt.Sprintf("0.0.0.0:%d", port)
+	addr := fmt.Sprintf("127.0.0.1:%d", port)
 	ln, err := net.Listen("tcp", addr)
 	if err != nil {
 		return nil, fmt.Errorf("failed to listen on %s: %w", addr, err)
@@ -334,9 +335,6 @@ func (h *Handler) listAuthFilesFromDisk(c *gin.Context) {
 				emailValue := gjson.GetBytes(data, "email").String()
 				fileData["type"] = typeValue
 				fileData["email"] = emailValue
-				if projectID := strings.TrimSpace(gjson.GetBytes(data, "project_id").String()); projectID != "" {
-					fileData["project_id"] = projectID
-				}
 				if pv := gjson.GetBytes(data, "priority"); pv.Exists() {
 					switch pv.Type {
 					case gjson.Number:
@@ -392,15 +390,9 @@ func (h *Handler) buildAuthFileEntry(auth *coreauth.Auth) gin.H {
 		"source":         "memory",
 		"size":           int64(0),
 	}
-	entry["success"] = auth.Success
-	entry["failed"] = auth.Failed
-	entry["recent_requests"] = auth.RecentRequestsSnapshot(time.Now())
 	if email := authEmail(auth); email != "" {
 		entry["email"] = email
 	}
-	if projectID := authProjectID(auth); projectID != "" {
-		entry["project_id"] = projectID
-	}
 	if accountType, account := auth.AccountInfo(); accountType != "" || account != "" {
 		if accountType != "" {
 			entry["account_type"] = accountType
@@ -475,28 +467,6 @@ func (h *Handler) buildAuthFileEntry(auth *coreauth.Auth) gin.H {
 	return entry
 }

-func authProjectID(auth *coreauth.Auth) string {
-	if auth == nil {
-		return ""
-	}
-	if auth.Metadata != nil {
-		if v, ok := auth.Metadata["project_id"].(string); ok {
-			if projectID := strings.TrimSpace(v); projectID != "" {
-				return projectID
-			}
-		}
-	}
-	if auth.Attributes != nil {
-		if projectID := strings.TrimSpace(auth.Attributes["project_id"]); projectID != "" {
-			return projectID
-		}
-		if projectID := strings.TrimSpace(auth.Attributes["gemini_virtual_project"]); projectID != "" {
-			return projectID
-		}
-	}
-	return ""
-}
-
 func extractCodexIDTokenClaims(auth *coreauth.Auth) gin.H {
 	if auth == nil || auth.Metadata == nil {
 		return nil
@@ -1067,7 +1037,6 @@ func (h *Handler) buildAuthFromFileData(path string, data []byte) (*coreauth.Aut
 			auth.Runtime = existing.Runtime
 		}
 	}
-	coreauth.ApplyCustomHeadersFromMetadata(auth)
 	return auth, nil
 }

@@ -1150,7 +1119,7 @@ func (h *Handler) PatchAuthFileStatus(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"status": "ok", "disabled": *req.Disabled})
 }

-// PatchAuthFileFields updates editable fields (prefix, proxy_url, headers, priority, note) of an auth file.
+// PatchAuthFileFields updates editable fields (prefix, proxy_url, priority, note) of an auth file.
 func (h *Handler) PatchAuthFileFields(c *gin.Context) {
 	if h.authManager == nil {
 		c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"})
@@ -1158,12 +1127,11 @@ func (h *Handler) PatchAuthFileFields(c *gin.Context) {
 	}

 	var req struct {
-		Name     string            `json:"name"`
-		Prefix   *string           `json:"prefix"`
-		ProxyURL *string           `json:"proxy_url"`
-		Headers  map[string]string `json:"headers"`
-		Priority *int              `json:"priority"`
-		Note     *string           `json:"note"`
+		Name     string  `json:"name"`
+		Prefix   *string `json:"prefix"`
+		ProxyURL *string `json:"proxy_url"`
+		Priority *int    `json:"priority"`
+		Note     *string `json:"note"`
 	}
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request body"})
@@ -1199,107 +1167,13 @@ func (h *Handler) PatchAuthFileFields(c *gin.Context) {

 	changed := false
 	if req.Prefix != nil {
-		prefix := strings.TrimSpace(*req.Prefix)
-		targetAuth.Prefix = prefix
-		if targetAuth.Metadata == nil {
-			targetAuth.Metadata = make(map[string]any)
-		}
-		if prefix == "" {
-			delete(targetAuth.Metadata, "prefix")
-		} else {
-			targetAuth.Metadata["prefix"] = prefix
-		}
+		targetAuth.Prefix = *req.Prefix
 		changed = true
 	}
 	if req.ProxyURL != nil {
-		proxyURL := strings.TrimSpace(*req.ProxyURL)
-		targetAuth.ProxyURL = proxyURL
-		if targetAuth.Metadata == nil {
-			targetAuth.Metadata = make(map[string]any)
-		}
-		if proxyURL == "" {
-			delete(targetAuth.Metadata, "proxy_url")
-		} else {
-			targetAuth.Metadata["proxy_url"] = proxyURL
-		}
+		targetAuth.ProxyURL = *req.ProxyURL
 		changed = true
 	}
-	if len(req.Headers) > 0 {
-		existingHeaders := coreauth.ExtractCustomHeadersFromMetadata(targetAuth.Metadata)
-		nextHeaders := make(map[string]string, len(existingHeaders))
-		for k, v := range existingHeaders {
-			nextHeaders[k] = v
-		}
-		headerChanged := false
-
-		for key, value := range req.Headers {
-			name := strings.TrimSpace(key)
-			if name == "" {
-				continue
-			}
-			val := strings.TrimSpace(value)
-			attrKey := "header:" + name
-			if val == "" {
-				if _, ok := nextHeaders[name]; ok {
-					delete(nextHeaders, name)
-					headerChanged = true
-				}
-				if targetAuth.Attributes != nil {
-					if _, ok := targetAuth.Attributes[attrKey]; ok {
-						headerChanged = true
-					}
-				}
-				continue
-			}
-			if prev, ok := nextHeaders[name]; !ok || prev != val {
-				headerChanged = true
-			}
-			nextHeaders[name] = val
-			if targetAuth.Attributes != nil {
-				if prev, ok := targetAuth.Attributes[attrKey]; !ok || prev != val {
-					headerChanged = true
-				}
-			} else {
-				headerChanged = true
-			}
-		}
-
-		if headerChanged {
-			if targetAuth.Metadata == nil {
-				targetAuth.Metadata = make(map[string]any)
-			}
-			if targetAuth.Attributes == nil {
-				targetAuth.Attributes = make(map[string]string)
-			}
-
-			for key, value := range req.Headers {
-				name := strings.TrimSpace(key)
-				if name == "" {
-					continue
-				}
-				val := strings.TrimSpace(value)
-				attrKey := "header:" + name
-				if val == "" {
-					delete(nextHeaders, name)
-					delete(targetAuth.Attributes, attrKey)
-					continue
-				}
-				nextHeaders[name] = val
-				targetAuth.Attributes[attrKey] = val
-			}
-
-			if len(nextHeaders) == 0 {
-				delete(targetAuth.Metadata, "headers")
-			} else {
-				metaHeaders := make(map[string]any, len(nextHeaders))
-				for k, v := range nextHeaders {
-					metaHeaders[k] = v
-				}
-				targetAuth.Metadata["headers"] = metaHeaders
-			}
-			changed = true
-		}
-	}
 	if req.Priority != nil || req.Note != nil {
 		if targetAuth.Metadata == nil {
 			targetAuth.Metadata = make(map[string]any)
@@ -1920,7 +1794,7 @@ func (h *Handler) RequestCodexToken(c *gin.Context) {
 		bundle, errExchange := openaiAuth.ExchangeCodeForTokens(ctx, code, pkceCodes)
 		if errExchange != nil {
 			authErr := codex.NewAuthenticationError(codex.ErrCodeExchangeFailed, errExchange)
-			SetOAuthSessionError(state, oauthSessionErrorWithCause("Failed to exchange authorization code for tokens", errExchange))
+			SetOAuthSessionError(state, "Failed to exchange authorization code for tokens")
 			log.Errorf("Failed to exchange authorization code for tokens: %v", authErr)
 			return
 		}
@@ -2081,7 +1955,7 @@ func (h *Handler) RequestAntigravityToken(c *gin.Context) {
 				log.Warnf("antigravity: failed to fetch project ID: %v", errProject)
 			} else {
 				projectID = fetchedProjectID
-				log.Infof("antigravity: obtained project ID %s", util.HideAPIKey(projectID))
+				log.Infof("antigravity: obtained project ID %s", projectID)
 			}
 		}

@@ -2125,7 +1999,7 @@ func (h *Handler) RequestAntigravityToken(c *gin.Context) {
 		CompleteOAuthSessionsByProvider("antigravity")
 		fmt.Printf("Authentication successful! Token saved to %s\n", savedPath)
 		if projectID != "" {
-			fmt.Printf("Using GCP project: %s\n", util.HideAPIKey(projectID))
+			fmt.Printf("Using GCP project: %s\n", projectID)
 		}
 		fmt.Println("You can now use Antigravity services through this CLI")
 	}()
@@ -2133,180 +2007,57 @@ func (h *Handler) RequestAntigravityToken(c *gin.Context) {
 	c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state})
 }

-func (h *Handler) RequestXAIToken(c *gin.Context) {
+func (h *Handler) RequestQwenToken(c *gin.Context) {
 	ctx := context.Background()
 	ctx = PopulateAuthContext(ctx, c)

-	fmt.Println("Initializing xAI authentication...")
+	fmt.Println("Initializing Qwen authentication...")

-	pkceCodes, errPKCE := xaiauth.GeneratePKCECodes()
-	if errPKCE != nil {
-		log.Errorf("Failed to generate xAI PKCE codes: %v", errPKCE)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate PKCE codes"})
-		return
-	}
+	state := fmt.Sprintf("gem-%d", time.Now().UnixNano())
+	// Initialize Qwen auth service
+	qwenAuth := qwen.NewQwenAuth(h.cfg)

-	state, errState := misc.GenerateRandomState()
-	if errState != nil {
-		log.Errorf("Failed to generate state parameter: %v", errState)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"})
-		return
-	}
-
-	nonce, errNonce := misc.GenerateRandomState()
-	if errNonce != nil {
-		log.Errorf("Failed to generate nonce parameter: %v", errNonce)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate nonce parameter"})
-		return
-	}
-
-	authSvc := xaiauth.NewXAIAuth(h.cfg)
-	discovery, errDiscover := authSvc.Discover(ctx)
-	if errDiscover != nil {
-		log.Errorf("Failed to discover xAI OAuth endpoints: %v", errDiscover)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to discover oauth endpoints"})
-		return
-	}
-
-	redirectURI := fmt.Sprintf("http://%s:%d%s", xaiauth.RedirectHost, xaiauth.CallbackPort, xaiauth.RedirectPath)
-	authURL, errAuthURL := xaiauth.BuildAuthorizeURL(xaiauth.AuthorizeURLParams{
-		AuthorizationEndpoint: discovery.AuthorizationEndpoint,
-		RedirectURI:           redirectURI,
-		CodeChallenge:         pkceCodes.CodeChallenge,
-		State:                 state,
-		Nonce:                 nonce,
-	})
-	if errAuthURL != nil {
-		log.Errorf("Failed to generate xAI authorization URL: %v", errAuthURL)
+	// Generate authorization URL
+	deviceFlow, err := qwenAuth.InitiateDeviceFlow(ctx)
+	if err != nil {
+		log.Errorf("Failed to generate authorization URL: %v", err)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"})
 		return
 	}
+	authURL := deviceFlow.VerificationURIComplete

-	RegisterOAuthSession(state, "xai")
-
-	isWebUI := isWebUIRequest(c)
-	var forwarder *callbackForwarder
-	if isWebUI {
-		targetURL, errTarget := h.managementCallbackURL("/xai/callback")
-		if errTarget != nil {
-			log.WithError(errTarget).Error("failed to compute xai callback target")
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"})
-			return
-		}
-		var errStart error
-		if forwarder, errStart = startCallbackForwarder(xaiauth.CallbackPort, "xai", targetURL); errStart != nil {
-			log.WithError(errStart).Error("failed to start xai callback forwarder")
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"})
-			return
-		}
-	}
+	RegisterOAuthSession(state, "qwen")

 	go func() {
-		if isWebUI {
-			defer stopCallbackForwarderInstance(xaiauth.CallbackPort, forwarder)
-		}
-
-		waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-xai-%s.oauth", state))
-		deadline := time.Now().Add(5 * time.Minute)
-		var authCode string
-		for {
-			if !IsOAuthSessionPending(state, "xai") {
-				return
-			}
-			if time.Now().After(deadline) {
-				log.Error("xai oauth flow timed out")
-				SetOAuthSessionError(state, "OAuth flow timed out")
-				return
-			}
-			if data, errReadFile := os.ReadFile(waitFile); errReadFile == nil {
-				var payload map[string]string
-				_ = json.Unmarshal(data, &payload)
-				_ = os.Remove(waitFile)
-				if errStr := strings.TrimSpace(payload["error"]); errStr != "" {
-					log.Errorf("xAI authentication failed: %s", errStr)
-					SetOAuthSessionError(state, "Authentication failed: "+errStr)
-					return
-				}
-				if payloadState := strings.TrimSpace(payload["state"]); payloadState != "" && payloadState != state {
-					log.Errorf("xAI authentication failed: state mismatch")
-					SetOAuthSessionError(state, "Authentication failed: state mismatch")
-					return
-				}
-				authCode = strings.TrimSpace(payload["code"])
-				if authCode == "" {
-					log.Error("xAI authentication failed: code not found")
-					SetOAuthSessionError(state, "Authentication failed: code not found")
-					return
-				}
-				break
-			}
-			time.Sleep(500 * time.Millisecond)
-		}
-
-		bundle, errExchange := authSvc.ExchangeCodeForTokens(ctx, authCode, redirectURI, pkceCodes, discovery.TokenEndpoint)
-		if errExchange != nil {
-			log.Errorf("Failed to exchange xAI token: %v", errExchange)
-			SetOAuthSessionError(state, oauthSessionErrorWithCause("Failed to exchange authorization code for tokens", errExchange))
+		fmt.Println("Waiting for authentication...")
+		tokenData, errPollForToken := qwenAuth.PollForToken(deviceFlow.DeviceCode, deviceFlow.CodeVerifier)
+		if errPollForToken != nil {
+			SetOAuthSessionError(state, "Authentication failed")
+			fmt.Printf("Authentication failed: %v\n", errPollForToken)
 			return
 		}

-		tokenStorage := authSvc.CreateTokenStorage(bundle)
-		if tokenStorage == nil || strings.TrimSpace(tokenStorage.AccessToken) == "" {
-			log.Error("xAI token exchange returned empty access token")
-			SetOAuthSessionError(state, "Failed to exchange token")
-			return
-		}
-
-		fileName := xaiauth.CredentialFileName(tokenStorage.Email, tokenStorage.Subject)
-		label := strings.TrimSpace(tokenStorage.Email)
-		if label == "" {
-			label = "xAI"
-		}
-
-		metadata := map[string]any{
-			"type":           "xai",
-			"access_token":   tokenStorage.AccessToken,
-			"refresh_token":  tokenStorage.RefreshToken,
-			"id_token":       tokenStorage.IDToken,
-			"token_type":     tokenStorage.TokenType,
-			"expires_in":     tokenStorage.ExpiresIn,
-			"expired":        tokenStorage.Expire,
-			"last_refresh":   tokenStorage.LastRefresh,
-			"base_url":       tokenStorage.BaseURL,
-			"redirect_uri":   tokenStorage.RedirectURI,
-			"token_endpoint": tokenStorage.TokenEndpoint,
-			"auth_kind":      "oauth",
-		}
-		if tokenStorage.Email != "" {
-			metadata["email"] = tokenStorage.Email
-		}
-		if tokenStorage.Subject != "" {
-			metadata["sub"] = tokenStorage.Subject
-		}
+		// Create token storage
+		tokenStorage := qwenAuth.CreateTokenStorage(tokenData)

+		tokenStorage.Email = fmt.Sprintf("%d", time.Now().UnixMilli())
 		record := &coreauth.Auth{
-			ID:       fileName,
-			Provider: "xai",
-			FileName: fileName,
-			Label:    label,
+			ID:       fmt.Sprintf("qwen-%s.json", tokenStorage.Email),
+			Provider: "qwen",
+			FileName: fmt.Sprintf("qwen-%s.json", tokenStorage.Email),
 			Storage:  tokenStorage,
-			Metadata: metadata,
-			Attributes: map[string]string{
-				"auth_kind": "oauth",
-				"base_url":  tokenStorage.BaseURL,
-			},
+			Metadata: map[string]any{"email": tokenStorage.Email},
 		}
 		savedPath, errSave := h.saveTokenRecord(ctx, record)
 		if errSave != nil {
-			log.Errorf("Failed to save xAI token to file: %v", errSave)
-			SetOAuthSessionError(state, "Failed to save token to file")
+			log.Errorf("Failed to save authentication tokens: %v", errSave)
+			SetOAuthSessionError(state, "Failed to save authentication tokens")
 			return
 		}

-		CompleteOAuthSession(state)
-		CompleteOAuthSessionsByProvider("xai")
 		fmt.Printf("Authentication successful! Token saved to %s\n", savedPath)
-		fmt.Println("You can now use xAI services through this CLI")
+		fmt.Println("You can now use Qwen services through this CLI")
+		CompleteOAuthSession(state)
 	}()

 	c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state})
@@ -2389,6 +2140,215 @@ func (h *Handler) RequestKimiToken(c *gin.Context) {
 	c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state})
 }

+func (h *Handler) RequestIFlowToken(c *gin.Context) {
+	ctx := context.Background()
+	ctx = PopulateAuthContext(ctx, c)
+
+	fmt.Println("Initializing iFlow authentication...")
+
+	state := fmt.Sprintf("ifl-%d", time.Now().UnixNano())
+	authSvc := iflowauth.NewIFlowAuth(h.cfg)
+	authURL, redirectURI := authSvc.AuthorizationURL(state, iflowauth.CallbackPort)
+
+	RegisterOAuthSession(state, "iflow")
+
+	isWebUI := isWebUIRequest(c)
+	var forwarder *callbackForwarder
+	if isWebUI {
+		targetURL, errTarget := h.managementCallbackURL("/iflow/callback")
+		if errTarget != nil {
+			log.WithError(errTarget).Error("failed to compute iflow callback target")
+			c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "callback server unavailable"})
+			return
+		}
+		var errStart error
+		if forwarder, errStart = startCallbackForwarder(iflowauth.CallbackPort, "iflow", targetURL); errStart != nil {
+			log.WithError(errStart).Error("failed to start iflow callback forwarder")
+			c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to start callback server"})
+			return
+		}
+	}
+
+	go func() {
+		if isWebUI {
+			defer stopCallbackForwarderInstance(iflowauth.CallbackPort, forwarder)
+		}
+		fmt.Println("Waiting for authentication...")
+
+		waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-iflow-%s.oauth", state))
+		deadline := time.Now().Add(5 * time.Minute)
+		var resultMap map[string]string
+		for {
+			if !IsOAuthSessionPending(state, "iflow") {
+				return
+			}
+			if time.Now().After(deadline) {
+				SetOAuthSessionError(state, "Authentication failed")
+				fmt.Println("Authentication failed: timeout waiting for callback")
+				return
+			}
+			if data, errR := os.ReadFile(waitFile); errR == nil {
+				_ = os.Remove(waitFile)
+				_ = json.Unmarshal(data, &resultMap)
+				break
+			}
+			time.Sleep(500 * time.Millisecond)
+		}
+
+		if errStr := strings.TrimSpace(resultMap["error"]); errStr != "" {
+			SetOAuthSessionError(state, "Authentication failed")
+			fmt.Printf("Authentication failed: %s\n", errStr)
+			return
+		}
+		if resultState := strings.TrimSpace(resultMap["state"]); resultState != state {
+			SetOAuthSessionError(state, "Authentication failed")
+			fmt.Println("Authentication failed: state mismatch")
+			return
+		}
+
+		code := strings.TrimSpace(resultMap["code"])
+		if code == "" {
+			SetOAuthSessionError(state, "Authentication failed")
+			fmt.Println("Authentication failed: code missing")
+			return
+		}
+
+		tokenData, errExchange := authSvc.ExchangeCodeForTokens(ctx, code, redirectURI)
+		if errExchange != nil {
+			SetOAuthSessionError(state, "Authentication failed")
+			fmt.Printf("Authentication failed: %v\n", errExchange)
+			return
+		}
+
+		tokenStorage := authSvc.CreateTokenStorage(tokenData)
+		identifier := strings.TrimSpace(tokenStorage.Email)
+		if identifier == "" {
+			identifier = fmt.Sprintf("%d", time.Now().UnixMilli())
+			tokenStorage.Email = identifier
+		}
+		record := &coreauth.Auth{
+			ID:         fmt.Sprintf("iflow-%s.json", identifier),
+			Provider:   "iflow",
+			FileName:   fmt.Sprintf("iflow-%s.json", identifier),
+			Storage:    tokenStorage,
+			Metadata:   map[string]any{"email": identifier, "api_key": tokenStorage.APIKey},
+			Attributes: map[string]string{"api_key": tokenStorage.APIKey},
+		}
+
+		savedPath, errSave := h.saveTokenRecord(ctx, record)
+		if errSave != nil {
+			SetOAuthSessionError(state, "Failed to save authentication tokens")
+			log.Errorf("Failed to save authentication tokens: %v", errSave)
+			return
+		}
+
+		fmt.Printf("Authentication successful! Token saved to %s\n", savedPath)
+		if tokenStorage.APIKey != "" {
+			fmt.Println("API key obtained and saved")
+		}
+		fmt.Println("You can now use iFlow services through this CLI")
+		CompleteOAuthSession(state)
+		CompleteOAuthSessionsByProvider("iflow")
+	}()
+
+	c.JSON(http.StatusOK, gin.H{"status": "ok", "url": authURL, "state": state})
+}
+
+func (h *Handler) RequestIFlowCookieToken(c *gin.Context) {
+	ctx := context.Background()
+
+	var payload struct {
+		Cookie string `json:"cookie"`
+	}
+	if err := c.ShouldBindJSON(&payload); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "cookie is required"})
+		return
+	}
+
+	cookieValue := strings.TrimSpace(payload.Cookie)
+
+	if cookieValue == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "cookie is required"})
+		return
+	}
+
+	cookieValue, errNormalize := iflowauth.NormalizeCookie(cookieValue)
+	if errNormalize != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": errNormalize.Error()})
+		return
+	}
+
+	// Check for duplicate BXAuth before authentication
+	bxAuth := iflowauth.ExtractBXAuth(cookieValue)
+	if existingFile, err := iflowauth.CheckDuplicateBXAuth(h.cfg.AuthDir, bxAuth); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to check duplicate"})
+		return
+	} else if existingFile != "" {
+		existingFileName := filepath.Base(existingFile)
+		c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "duplicate BXAuth found", "existing_file": existingFileName})
+		return
+	}
+
+	authSvc := iflowauth.NewIFlowAuth(h.cfg)
+	tokenData, errAuth := authSvc.AuthenticateWithCookie(ctx, cookieValue)
+	if errAuth != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": errAuth.Error()})
+		return
+	}
+
+	tokenData.Cookie = cookieValue
+
+	tokenStorage := authSvc.CreateCookieTokenStorage(tokenData)
+	email := strings.TrimSpace(tokenStorage.Email)
+	if email == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "failed to extract email from token"})
+		return
+	}
+
+	fileName := iflowauth.SanitizeIFlowFileName(email)
+	if fileName == "" {
+		fileName = fmt.Sprintf("iflow-%d", time.Now().UnixMilli())
+	} else {
+		fileName = fmt.Sprintf("iflow-%s", fileName)
+	}
+
+	tokenStorage.Email = email
+	timestamp := time.Now().Unix()
+
+	record := &coreauth.Auth{
+		ID:       fmt.Sprintf("%s-%d.json", fileName, timestamp),
+		Provider: "iflow",
+		FileName: fmt.Sprintf("%s-%d.json", fileName, timestamp),
+		Storage:  tokenStorage,
+		Metadata: map[string]any{
+			"email":        email,
+			"api_key":      tokenStorage.APIKey,
+			"expired":      tokenStorage.Expire,
+			"cookie":       tokenStorage.Cookie,
+			"type":         tokenStorage.Type,
+			"last_refresh": tokenStorage.LastRefresh,
+		},
+		Attributes: map[string]string{
+			"api_key": tokenStorage.APIKey,
+		},
+	}
+
+	savedPath, errSave := h.saveTokenRecord(ctx, record)
+	if errSave != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to save authentication tokens"})
+		return
+	}
+
+	fmt.Printf("iFlow cookie authentication successful. Token saved to %s\n", savedPath)
+	c.JSON(http.StatusOK, gin.H{
+		"status":     "ok",
+		"saved_path": savedPath,
+		"email":      email,
+		"expired":    tokenStorage.Expire,
+		"type":       tokenStorage.Type,
+	})
+}
+
 type projectSelectionRequiredError struct{}

 func (e *projectSelectionRequiredError) Error() string {
@@ -2606,10 +2566,23 @@ func performGeminiCLISetup(ctx context.Context, httpClient *http.Client, storage
 			finalProjectID := projectID
 			if responseProjectID != "" {
 				if explicitProject && !strings.EqualFold(responseProjectID, projectID) {
-					log.Infof("Gemini onboarding: requested project %s maps to backend project %s", projectID, responseProjectID)
-					log.Infof("Using backend project ID: %s", responseProjectID)
+					// Check if this is a free user (gen-lang-client projects or free/legacy tier)
+					isFreeUser := strings.HasPrefix(projectID, "gen-lang-client-") ||
+						strings.EqualFold(tierID, "FREE") ||
+						strings.EqualFold(tierID, "LEGACY")
+
+					if isFreeUser {
+						// For free users, use backend project ID for preview model access
+						log.Infof("Gemini onboarding: frontend project %s maps to backend project %s", projectID, responseProjectID)
+						log.Infof("Using backend project ID: %s (recommended for preview model access)", responseProjectID)
+						finalProjectID = responseProjectID
+					} else {
+						// Pro users: keep requested project ID (original behavior)
+						log.Warnf("Gemini onboarding returned project %s instead of requested %s; keeping requested project ID.", responseProjectID, projectID)
+					}
+				} else {
+					finalProjectID = responseProjectID
 				}
-				finalProjectID = responseProjectID
 			}

 			storage.ProjectID = strings.TrimSpace(finalProjectID)
@@ -12,8 +12,8 @@ import (
 	"testing"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 )

 func TestUploadAuthFile_BatchMultipart(t *testing.T) {
@@ -11,8 +11,8 @@ import (
 	"testing"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 )

 func TestDeleteAuthFile_UsesAuthPathFromManager(t *testing.T) {
@@ -9,7 +9,7 @@ import (
 	"testing"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 )

 func TestDownloadAuthFile_ReturnsFile(t *testing.T) {
@@ -11,7 +11,7 @@ import (
 	"testing"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 )

 func TestDownloadAuthFile_PreventsWindowsSlashTraversal(t *testing.T) {
@@ -1,164 +0,0 @@
-package management
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-)
-
-func TestPatchAuthFileFields_MergeHeadersAndDeleteEmptyValues(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "")
-	gin.SetMode(gin.TestMode)
-
-	store := &memoryAuthStore{}
-	manager := coreauth.NewManager(store, nil, nil)
-	record := &coreauth.Auth{
-		ID:       "test.json",
-		FileName: "test.json",
-		Provider: "claude",
-		Attributes: map[string]string{
-			"path":            "/tmp/test.json",
-			"header:X-Old":    "old",
-			"header:X-Remove": "gone",
-		},
-		Metadata: map[string]any{
-			"type": "claude",
-			"headers": map[string]any{
-				"X-Old":    "old",
-				"X-Remove": "gone",
-			},
-		},
-	}
-	if _, errRegister := manager.Register(context.Background(), record); errRegister != nil {
-		t.Fatalf("failed to register auth record: %v", errRegister)
-	}
-
-	h := NewHandlerWithoutConfigFilePath(&config.Config{AuthDir: t.TempDir()}, manager)
-
-	body := `{"name":"test.json","prefix":"p1","proxy_url":"http://proxy.local","headers":{"X-Old":"new","X-New":"v","X-Remove":"  ","X-Nope":""}}`
-	rec := httptest.NewRecorder()
-	ctx, _ := gin.CreateTestContext(rec)
-	req := httptest.NewRequest(http.MethodPatch, "/v0/management/auth-files/fields", strings.NewReader(body))
-	req.Header.Set("Content-Type", "application/json")
-	ctx.Request = req
-	h.PatchAuthFileFields(ctx)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("expected status %d, got %d with body %s", http.StatusOK, rec.Code, rec.Body.String())
-	}
-
-	updated, ok := manager.GetByID("test.json")
-	if !ok || updated == nil {
-		t.Fatalf("expected auth record to exist after patch")
-	}
-
-	if updated.Prefix != "p1" {
-		t.Fatalf("prefix = %q, want %q", updated.Prefix, "p1")
-	}
-	if updated.ProxyURL != "http://proxy.local" {
-		t.Fatalf("proxy_url = %q, want %q", updated.ProxyURL, "http://proxy.local")
-	}
-
-	if updated.Metadata == nil {
-		t.Fatalf("expected metadata to be non-nil")
-	}
-	if got, _ := updated.Metadata["prefix"].(string); got != "p1" {
-		t.Fatalf("metadata.prefix = %q, want %q", got, "p1")
-	}
-	if got, _ := updated.Metadata["proxy_url"].(string); got != "http://proxy.local" {
-		t.Fatalf("metadata.proxy_url = %q, want %q", got, "http://proxy.local")
-	}
-
-	headersMeta, ok := updated.Metadata["headers"].(map[string]any)
-	if !ok {
-		raw, _ := json.Marshal(updated.Metadata["headers"])
-		t.Fatalf("metadata.headers = %T (%s), want map[string]any", updated.Metadata["headers"], string(raw))
-	}
-	if got := headersMeta["X-Old"]; got != "new" {
-		t.Fatalf("metadata.headers.X-Old = %#v, want %q", got, "new")
-	}
-	if got := headersMeta["X-New"]; got != "v" {
-		t.Fatalf("metadata.headers.X-New = %#v, want %q", got, "v")
-	}
-	if _, ok := headersMeta["X-Remove"]; ok {
-		t.Fatalf("expected metadata.headers.X-Remove to be deleted")
-	}
-	if _, ok := headersMeta["X-Nope"]; ok {
-		t.Fatalf("expected metadata.headers.X-Nope to be absent")
-	}
-
-	if got := updated.Attributes["header:X-Old"]; got != "new" {
-		t.Fatalf("attrs header:X-Old = %q, want %q", got, "new")
-	}
-	if got := updated.Attributes["header:X-New"]; got != "v" {
-		t.Fatalf("attrs header:X-New = %q, want %q", got, "v")
-	}
-	if _, ok := updated.Attributes["header:X-Remove"]; ok {
-		t.Fatalf("expected attrs header:X-Remove to be deleted")
-	}
-	if _, ok := updated.Attributes["header:X-Nope"]; ok {
-		t.Fatalf("expected attrs header:X-Nope to be absent")
-	}
-}
-
-func TestPatchAuthFileFields_HeadersEmptyMapIsNoop(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "")
-	gin.SetMode(gin.TestMode)
-
-	store := &memoryAuthStore{}
-	manager := coreauth.NewManager(store, nil, nil)
-	record := &coreauth.Auth{
-		ID:       "noop.json",
-		FileName: "noop.json",
-		Provider: "claude",
-		Attributes: map[string]string{
-			"path":         "/tmp/noop.json",
-			"header:X-Kee": "1",
-		},
-		Metadata: map[string]any{
-			"type": "claude",
-			"headers": map[string]any{
-				"X-Kee": "1",
-			},
-		},
-	}
-	if _, errRegister := manager.Register(context.Background(), record); errRegister != nil {
-		t.Fatalf("failed to register auth record: %v", errRegister)
-	}
-
-	h := NewHandlerWithoutConfigFilePath(&config.Config{AuthDir: t.TempDir()}, manager)
-
-	body := `{"name":"noop.json","note":"hello","headers":{}}`
-	rec := httptest.NewRecorder()
-	ctx, _ := gin.CreateTestContext(rec)
-	req := httptest.NewRequest(http.MethodPatch, "/v0/management/auth-files/fields", strings.NewReader(body))
-	req.Header.Set("Content-Type", "application/json")
-	ctx.Request = req
-	h.PatchAuthFileFields(ctx)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("expected status %d, got %d with body %s", http.StatusOK, rec.Code, rec.Body.String())
-	}
-
-	updated, ok := manager.GetByID("noop.json")
-	if !ok || updated == nil {
-		t.Fatalf("expected auth record to exist after patch")
-	}
-	if got := updated.Attributes["header:X-Kee"]; got != "1" {
-		t.Fatalf("attrs header:X-Kee = %q, want %q", got, "1")
-	}
-	headersMeta, ok := updated.Metadata["headers"].(map[string]any)
-	if !ok {
-		t.Fatalf("expected metadata.headers to remain a map, got %T", updated.Metadata["headers"])
-	}
-	if got := headersMeta["X-Kee"]; got != "1" {
-		t.Fatalf("metadata.headers.X-Kee = %#v, want %q", got, "1")
-	}
-}
@@ -1,103 +0,0 @@
-package management
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-)
-
-func TestListAuthFiles_IncludesProjectIDFromManager(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "")
-	gin.SetMode(gin.TestMode)
-
-	authDir := t.TempDir()
-	fileName := "gemini-user@example.com-project-a.json"
-	filePath := filepath.Join(authDir, fileName)
-	if errWrite := os.WriteFile(filePath, []byte(`{"type":"gemini","email":"user@example.com","project_id":"project-a"}`), 0o600); errWrite != nil {
-		t.Fatalf("failed to write auth file: %v", errWrite)
-	}
-
-	manager := coreauth.NewManager(nil, nil, nil)
-	record := &coreauth.Auth{
-		ID:       fileName,
-		FileName: fileName,
-		Provider: "gemini-cli",
-		Status:   coreauth.StatusActive,
-		Attributes: map[string]string{
-			"path": filePath,
-		},
-		Metadata: map[string]any{
-			"type":       "gemini",
-			"email":      "user@example.com",
-			"project_id": "project-a",
-		},
-	}
-	if _, errRegister := manager.Register(context.Background(), record); errRegister != nil {
-		t.Fatalf("failed to register auth record: %v", errRegister)
-	}
-
-	h := NewHandlerWithoutConfigFilePath(&config.Config{AuthDir: authDir}, manager)
-	h.tokenStore = &memoryAuthStore{}
-
-	entry := firstAuthFileEntry(t, h)
-	if got := entry["project_id"]; got != "project-a" {
-		t.Fatalf("expected project_id %q, got %#v", "project-a", got)
-	}
-}
-
-func TestListAuthFilesFromDisk_IncludesProjectID(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "")
-	gin.SetMode(gin.TestMode)
-
-	authDir := t.TempDir()
-	filePath := filepath.Join(authDir, "gemini-user@example.com-project-a.json")
-	if errWrite := os.WriteFile(filePath, []byte(`{"type":"gemini","email":"user@example.com","project_id":"project-a"}`), 0o600); errWrite != nil {
-		t.Fatalf("failed to write auth file: %v", errWrite)
-	}
-
-	h := NewHandlerWithoutConfigFilePath(&config.Config{AuthDir: authDir}, nil)
-
-	entry := firstAuthFileEntry(t, h)
-	if got := entry["project_id"]; got != "project-a" {
-		t.Fatalf("expected project_id %q, got %#v", "project-a", got)
-	}
-}
-
-func firstAuthFileEntry(t *testing.T, h *Handler) map[string]any {
-	t.Helper()
-
-	rec := httptest.NewRecorder()
-	ginCtx, _ := gin.CreateTestContext(rec)
-	ginCtx.Request = httptest.NewRequest(http.MethodGet, "/v0/management/auth-files", nil)
-
-	h.ListAuthFiles(ginCtx)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("expected list status %d, got %d with body %s", http.StatusOK, rec.Code, rec.Body.String())
-	}
-
-	var payload map[string]any
-	if errUnmarshal := json.Unmarshal(rec.Body.Bytes(), &payload); errUnmarshal != nil {
-		t.Fatalf("failed to decode list payload: %v", errUnmarshal)
-	}
-	filesRaw, ok := payload["files"].([]any)
-	if !ok {
-		t.Fatalf("expected files array, payload: %#v", payload)
-	}
-	if len(filesRaw) != 1 {
-		t.Fatalf("expected 1 auth entry, got %d", len(filesRaw))
-	}
-	fileEntry, ok := filesRaw[0].(map[string]any)
-	if !ok {
-		t.Fatalf("expected file entry object, got %#v", filesRaw[0])
-	}
-	return fileEntry
-}
@@ -1,94 +0,0 @@
-package management
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-)
-
-func TestListAuthFiles_IncludesRecentRequestsBuckets(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "")
-	gin.SetMode(gin.TestMode)
-
-	manager := coreauth.NewManager(nil, nil, nil)
-	record := &coreauth.Auth{
-		ID:       "runtime-only-auth-1",
-		Provider: "codex",
-		Attributes: map[string]string{
-			"runtime_only": "true",
-		},
-		Metadata: map[string]any{
-			"type": "codex",
-		},
-	}
-	if _, errRegister := manager.Register(context.Background(), record); errRegister != nil {
-		t.Fatalf("failed to register auth record: %v", errRegister)
-	}
-
-	h := NewHandlerWithoutConfigFilePath(&config.Config{AuthDir: t.TempDir()}, manager)
-	h.tokenStore = &memoryAuthStore{}
-
-	rec := httptest.NewRecorder()
-	ginCtx, _ := gin.CreateTestContext(rec)
-	req := httptest.NewRequest(http.MethodGet, "/v0/management/auth-files", nil)
-	ginCtx.Request = req
-
-	h.ListAuthFiles(ginCtx)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("expected list status %d, got %d with body %s", http.StatusOK, rec.Code, rec.Body.String())
-	}
-
-	var payload map[string]any
-	if errUnmarshal := json.Unmarshal(rec.Body.Bytes(), &payload); errUnmarshal != nil {
-		t.Fatalf("failed to decode list payload: %v", errUnmarshal)
-	}
-	filesRaw, ok := payload["files"].([]any)
-	if !ok {
-		t.Fatalf("expected files array, payload: %#v", payload)
-	}
-	if len(filesRaw) != 1 {
-		t.Fatalf("expected 1 auth entry, got %d", len(filesRaw))
-	}
-
-	fileEntry, ok := filesRaw[0].(map[string]any)
-	if !ok {
-		t.Fatalf("expected file entry object, got %#v", filesRaw[0])
-	}
-
-	if _, ok := fileEntry["success"].(float64); !ok {
-		t.Fatalf("expected success number, got %#v", fileEntry["success"])
-	}
-	if _, ok := fileEntry["failed"].(float64); !ok {
-		t.Fatalf("expected failed number, got %#v", fileEntry["failed"])
-	}
-
-	recentRaw, ok := fileEntry["recent_requests"].([]any)
-	if !ok {
-		t.Fatalf("expected recent_requests array, got %#v", fileEntry["recent_requests"])
-	}
-	if len(recentRaw) != 20 {
-		t.Fatalf("expected 20 recent_requests buckets, got %d", len(recentRaw))
-	}
-	for idx, item := range recentRaw {
-		bucket, ok := item.(map[string]any)
-		if !ok {
-			t.Fatalf("expected bucket object at %d, got %#v", idx, item)
-		}
-		if _, ok := bucket["time"].(string); !ok {
-			t.Fatalf("expected bucket time string at %d, got %#v", idx, bucket["time"])
-		}
-		if _, ok := bucket["success"].(float64); !ok {
-			t.Fatalf("expected bucket success number at %d, got %#v", idx, bucket["success"])
-		}
-		if _, ok := bucket["failed"].(float64); !ok {
-			t.Fatalf("expected bucket failed number at %d, got %#v", idx, bucket["failed"])
-		}
-	}
-}
@@ -1,243 +0,0 @@
-package management
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/watcher/synthesizer"
-)
-
-type geminiKeyWithAuthIndex struct {
-	config.GeminiKey
-	AuthIndex string `json:"auth-index,omitempty"`
-}
-
-type claudeKeyWithAuthIndex struct {
-	config.ClaudeKey
-	AuthIndex string `json:"auth-index,omitempty"`
-}
-
-type codexKeyWithAuthIndex struct {
-	config.CodexKey
-	AuthIndex string `json:"auth-index,omitempty"`
-}
-
-type vertexCompatKeyWithAuthIndex struct {
-	config.VertexCompatKey
-	AuthIndex string `json:"auth-index,omitempty"`
-}
-
-type openAICompatibilityAPIKeyWithAuthIndex struct {
-	config.OpenAICompatibilityAPIKey
-	AuthIndex string `json:"auth-index,omitempty"`
-}
-
-type openAICompatibilityWithAuthIndex struct {
-	Name          string                                   `json:"name"`
-	Priority      int                                      `json:"priority,omitempty"`
-	Disabled      bool                                     `json:"disabled"`
-	Prefix        string                                   `json:"prefix,omitempty"`
-	BaseURL       string                                   `json:"base-url"`
-	APIKeyEntries []openAICompatibilityAPIKeyWithAuthIndex `json:"api-key-entries,omitempty"`
-	Models        []config.OpenAICompatibilityModel        `json:"models,omitempty"`
-	Headers       map[string]string                        `json:"headers,omitempty"`
-	AuthIndex     string                                   `json:"auth-index,omitempty"`
-}
-
-func (h *Handler) liveAuthIndexByID() map[string]string {
-	out := map[string]string{}
-	if h == nil {
-		return out
-	}
-	h.mu.Lock()
-	manager := h.authManager
-	h.mu.Unlock()
-	if manager == nil {
-		return out
-	}
-	// authManager.List() returns clones, so EnsureIndex only affects these copies.
-	for _, auth := range manager.List() {
-		if auth == nil {
-			continue
-		}
-		id := strings.TrimSpace(auth.ID)
-		if id == "" {
-			continue
-		}
-		idx := strings.TrimSpace(auth.Index)
-		if idx == "" {
-			idx = auth.EnsureIndex()
-		}
-		if idx == "" {
-			continue
-		}
-		out[id] = idx
-	}
-	return out
-}
-
-func (h *Handler) geminiKeysWithAuthIndex() []geminiKeyWithAuthIndex {
-	if h == nil {
-		return nil
-	}
-	liveIndexByID := h.liveAuthIndexByID()
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
-	if h.cfg == nil {
-		return nil
-	}
-
-	idGen := synthesizer.NewStableIDGenerator()
-	out := make([]geminiKeyWithAuthIndex, len(h.cfg.GeminiKey))
-	for i := range h.cfg.GeminiKey {
-		entry := h.cfg.GeminiKey[i]
-		authIndex := ""
-		if key := strings.TrimSpace(entry.APIKey); key != "" {
-			id, _ := idGen.Next("gemini:apikey", key, entry.BaseURL)
-			authIndex = liveIndexByID[id]
-		}
-		out[i] = geminiKeyWithAuthIndex{
-			GeminiKey: entry,
-			AuthIndex: authIndex,
-		}
-	}
-	return out
-}
-
-func (h *Handler) claudeKeysWithAuthIndex() []claudeKeyWithAuthIndex {
-	if h == nil {
-		return nil
-	}
-	liveIndexByID := h.liveAuthIndexByID()
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
-	if h.cfg == nil {
-		return nil
-	}
-
-	idGen := synthesizer.NewStableIDGenerator()
-	out := make([]claudeKeyWithAuthIndex, len(h.cfg.ClaudeKey))
-	for i := range h.cfg.ClaudeKey {
-		entry := h.cfg.ClaudeKey[i]
-		authIndex := ""
-		if key := strings.TrimSpace(entry.APIKey); key != "" {
-			id, _ := idGen.Next("claude:apikey", key, entry.BaseURL)
-			authIndex = liveIndexByID[id]
-		}
-		out[i] = claudeKeyWithAuthIndex{
-			ClaudeKey: entry,
-			AuthIndex: authIndex,
-		}
-	}
-	return out
-}
-
-func (h *Handler) codexKeysWithAuthIndex() []codexKeyWithAuthIndex {
-	if h == nil {
-		return nil
-	}
-	liveIndexByID := h.liveAuthIndexByID()
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
-	if h.cfg == nil {
-		return nil
-	}
-
-	idGen := synthesizer.NewStableIDGenerator()
-	out := make([]codexKeyWithAuthIndex, len(h.cfg.CodexKey))
-	for i := range h.cfg.CodexKey {
-		entry := h.cfg.CodexKey[i]
-		authIndex := ""
-		if key := strings.TrimSpace(entry.APIKey); key != "" {
-			id, _ := idGen.Next("codex:apikey", key, entry.BaseURL)
-			authIndex = liveIndexByID[id]
-		}
-		out[i] = codexKeyWithAuthIndex{
-			CodexKey:  entry,
-			AuthIndex: authIndex,
-		}
-	}
-	return out
-}
-
-func (h *Handler) vertexCompatKeysWithAuthIndex() []vertexCompatKeyWithAuthIndex {
-	if h == nil {
-		return nil
-	}
-	liveIndexByID := h.liveAuthIndexByID()
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
-	if h.cfg == nil {
-		return nil
-	}
-
-	idGen := synthesizer.NewStableIDGenerator()
-	out := make([]vertexCompatKeyWithAuthIndex, len(h.cfg.VertexCompatAPIKey))
-	for i := range h.cfg.VertexCompatAPIKey {
-		entry := h.cfg.VertexCompatAPIKey[i]
-		id, _ := idGen.Next("vertex:apikey", entry.APIKey, entry.BaseURL, entry.ProxyURL)
-		authIndex := liveIndexByID[id]
-		out[i] = vertexCompatKeyWithAuthIndex{
-			VertexCompatKey: entry,
-			AuthIndex:       authIndex,
-		}
-	}
-	return out
-}
-
-func (h *Handler) openAICompatibilityWithAuthIndex() []openAICompatibilityWithAuthIndex {
-	if h == nil {
-		return nil
-	}
-	liveIndexByID := h.liveAuthIndexByID()
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
-	if h.cfg == nil {
-		return nil
-	}
-
-	normalized := normalizedOpenAICompatibilityEntries(h.cfg.OpenAICompatibility)
-	out := make([]openAICompatibilityWithAuthIndex, len(normalized))
-	idGen := synthesizer.NewStableIDGenerator()
-	for i := range normalized {
-		entry := normalized[i]
-		providerName := strings.ToLower(strings.TrimSpace(entry.Name))
-		if providerName == "" {
-			providerName = "openai-compatibility"
-		}
-		idKind := fmt.Sprintf("openai-compatibility:%s", providerName)
-
-		response := openAICompatibilityWithAuthIndex{
-			Name:      entry.Name,
-			Priority:  entry.Priority,
-			Disabled:  entry.Disabled,
-			Prefix:    entry.Prefix,
-			BaseURL:   entry.BaseURL,
-			Models:    entry.Models,
-			Headers:   entry.Headers,
-			AuthIndex: "",
-		}
-		if len(entry.APIKeyEntries) == 0 {
-			id, _ := idGen.Next(idKind, entry.BaseURL)
-			response.AuthIndex = liveIndexByID[id]
-		} else {
-			response.APIKeyEntries = make([]openAICompatibilityAPIKeyWithAuthIndex, len(entry.APIKeyEntries))
-			for j := range entry.APIKeyEntries {
-				apiKeyEntry := entry.APIKeyEntries[j]
-				id, _ := idGen.Next(idKind, apiKeyEntry.APIKey, entry.BaseURL, apiKeyEntry.ProxyURL)
-				response.APIKeyEntries[j] = openAICompatibilityAPIKeyWithAuthIndex{
-					OpenAICompatibilityAPIKey: apiKeyEntry,
-					AuthIndex:                 liveIndexByID[id],
-				}
-			}
-		}
-		out[i] = response
-	}
-	return out
-}
@@ -11,9 +11,9 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
-	sdkconfig "github.com/router-for-me/CLIProxyAPI/v7/sdk/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
+	sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config"
 	log "github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v3"
 )
@@ -6,7 +6,7 @@ import (
 	"strings"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 )

 // Generic helpers for list[string]
@@ -120,7 +120,7 @@ func (h *Handler) DeleteAPIKeys(c *gin.Context) {

 // gemini-api-key: []GeminiKey
 func (h *Handler) GetGeminiKeys(c *gin.Context) {
-	c.JSON(200, gin.H{"gemini-api-key": h.geminiKeysWithAuthIndex()})
+	c.JSON(200, gin.H{"gemini-api-key": h.cfg.GeminiKey})
 }
 func (h *Handler) PutGeminiKeys(c *gin.Context) {
 	data, err := c.GetRawData()
@@ -139,11 +139,9 @@ func (h *Handler) PutGeminiKeys(c *gin.Context) {
 		}
 		arr = obj.Items
 	}
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	h.cfg.GeminiKey = append([]config.GeminiKey(nil), arr...)
 	h.cfg.SanitizeGeminiKeys()
-	h.persistLocked(c)
+	h.persist(c)
 }
 func (h *Handler) PatchGeminiKey(c *gin.Context) {
 	type geminiKeyPatch struct {
@@ -163,9 +161,6 @@ func (h *Handler) PatchGeminiKey(c *gin.Context) {
 		c.JSON(400, gin.H{"error": "invalid body"})
 		return
 	}
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	targetIndex := -1
 	if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.GeminiKey) {
 		targetIndex = *body.Index
@@ -192,7 +187,7 @@ func (h *Handler) PatchGeminiKey(c *gin.Context) {
 		if trimmed == "" {
 			h.cfg.GeminiKey = append(h.cfg.GeminiKey[:targetIndex], h.cfg.GeminiKey[targetIndex+1:]...)
 			h.cfg.SanitizeGeminiKeys()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 		entry.APIKey = trimmed
@@ -214,53 +209,24 @@ func (h *Handler) PatchGeminiKey(c *gin.Context) {
 	}
 	h.cfg.GeminiKey[targetIndex] = entry
 	h.cfg.SanitizeGeminiKeys()
-	h.persistLocked(c)
+	h.persist(c)
 }

 func (h *Handler) DeleteGeminiKey(c *gin.Context) {
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	if val := strings.TrimSpace(c.Query("api-key")); val != "" {
-		if baseRaw, okBase := c.GetQuery("base-url"); okBase {
-			base := strings.TrimSpace(baseRaw)
-			out := make([]config.GeminiKey, 0, len(h.cfg.GeminiKey))
-			for _, v := range h.cfg.GeminiKey {
-				if strings.TrimSpace(v.APIKey) == val && strings.TrimSpace(v.BaseURL) == base {
-					continue
-				}
+		out := make([]config.GeminiKey, 0, len(h.cfg.GeminiKey))
+		for _, v := range h.cfg.GeminiKey {
+			if v.APIKey != val {
 				out = append(out, v)
 			}
-			if len(out) != len(h.cfg.GeminiKey) {
-				h.cfg.GeminiKey = out
-				h.cfg.SanitizeGeminiKeys()
-				h.persistLocked(c)
-			} else {
-				c.JSON(404, gin.H{"error": "item not found"})
-			}
-			return
 		}
-
-		matchIndex := -1
-		matchCount := 0
-		for i := range h.cfg.GeminiKey {
-			if strings.TrimSpace(h.cfg.GeminiKey[i].APIKey) == val {
-				matchCount++
-				if matchIndex == -1 {
-					matchIndex = i
-				}
-			}
-		}
-		if matchCount == 0 {
+		if len(out) != len(h.cfg.GeminiKey) {
+			h.cfg.GeminiKey = out
+			h.cfg.SanitizeGeminiKeys()
+			h.persist(c)
+		} else {
 			c.JSON(404, gin.H{"error": "item not found"})
-			return
 		}
-		if matchCount > 1 {
-			c.JSON(400, gin.H{"error": "multiple items match api-key; base-url is required"})
-			return
-		}
-		h.cfg.GeminiKey = append(h.cfg.GeminiKey[:matchIndex], h.cfg.GeminiKey[matchIndex+1:]...)
-		h.cfg.SanitizeGeminiKeys()
-		h.persistLocked(c)
 		return
 	}
 	if idxStr := c.Query("index"); idxStr != "" {
@@ -268,7 +234,7 @@ func (h *Handler) DeleteGeminiKey(c *gin.Context) {
 		if _, err := fmt.Sscanf(idxStr, "%d", &idx); err == nil && idx >= 0 && idx < len(h.cfg.GeminiKey) {
 			h.cfg.GeminiKey = append(h.cfg.GeminiKey[:idx], h.cfg.GeminiKey[idx+1:]...)
 			h.cfg.SanitizeGeminiKeys()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 	}
@@ -277,7 +243,7 @@ func (h *Handler) DeleteGeminiKey(c *gin.Context) {

 // claude-api-key: []ClaudeKey
 func (h *Handler) GetClaudeKeys(c *gin.Context) {
-	c.JSON(200, gin.H{"claude-api-key": h.claudeKeysWithAuthIndex()})
+	c.JSON(200, gin.H{"claude-api-key": h.cfg.ClaudeKey})
 }
 func (h *Handler) PutClaudeKeys(c *gin.Context) {
 	data, err := c.GetRawData()
@@ -299,11 +265,9 @@ func (h *Handler) PutClaudeKeys(c *gin.Context) {
 	for i := range arr {
 		normalizeClaudeKey(&arr[i])
 	}
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	h.cfg.ClaudeKey = arr
 	h.cfg.SanitizeClaudeKeys()
-	h.persistLocked(c)
+	h.persist(c)
 }
 func (h *Handler) PatchClaudeKey(c *gin.Context) {
 	type claudeKeyPatch struct {
@@ -324,9 +288,6 @@ func (h *Handler) PatchClaudeKey(c *gin.Context) {
 		c.JSON(400, gin.H{"error": "invalid body"})
 		return
 	}
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	targetIndex := -1
 	if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.ClaudeKey) {
 		targetIndex = *body.Index
@@ -370,47 +331,20 @@ func (h *Handler) PatchClaudeKey(c *gin.Context) {
 	normalizeClaudeKey(&entry)
 	h.cfg.ClaudeKey[targetIndex] = entry
 	h.cfg.SanitizeClaudeKeys()
-	h.persistLocked(c)
+	h.persist(c)
 }

 func (h *Handler) DeleteClaudeKey(c *gin.Context) {
-	h.mu.Lock()
-	defer h.mu.Unlock()
-	if val := strings.TrimSpace(c.Query("api-key")); val != "" {
-		if baseRaw, okBase := c.GetQuery("base-url"); okBase {
-			base := strings.TrimSpace(baseRaw)
-			out := make([]config.ClaudeKey, 0, len(h.cfg.ClaudeKey))
-			for _, v := range h.cfg.ClaudeKey {
-				if strings.TrimSpace(v.APIKey) == val && strings.TrimSpace(v.BaseURL) == base {
-					continue
-				}
+	if val := c.Query("api-key"); val != "" {
+		out := make([]config.ClaudeKey, 0, len(h.cfg.ClaudeKey))
+		for _, v := range h.cfg.ClaudeKey {
+			if v.APIKey != val {
 				out = append(out, v)
 			}
-			h.cfg.ClaudeKey = out
-			h.cfg.SanitizeClaudeKeys()
-			h.persistLocked(c)
-			return
-		}
-
-		matchIndex := -1
-		matchCount := 0
-		for i := range h.cfg.ClaudeKey {
-			if strings.TrimSpace(h.cfg.ClaudeKey[i].APIKey) == val {
-				matchCount++
-				if matchIndex == -1 {
-					matchIndex = i
-				}
-			}
-		}
-		if matchCount > 1 {
-			c.JSON(400, gin.H{"error": "multiple items match api-key; base-url is required"})
-			return
-		}
-		if matchIndex != -1 {
-			h.cfg.ClaudeKey = append(h.cfg.ClaudeKey[:matchIndex], h.cfg.ClaudeKey[matchIndex+1:]...)
 		}
+		h.cfg.ClaudeKey = out
 		h.cfg.SanitizeClaudeKeys()
-		h.persistLocked(c)
+		h.persist(c)
 		return
 	}
 	if idxStr := c.Query("index"); idxStr != "" {
@@ -419,7 +353,7 @@ func (h *Handler) DeleteClaudeKey(c *gin.Context) {
 		if err == nil && idx >= 0 && idx < len(h.cfg.ClaudeKey) {
 			h.cfg.ClaudeKey = append(h.cfg.ClaudeKey[:idx], h.cfg.ClaudeKey[idx+1:]...)
 			h.cfg.SanitizeClaudeKeys()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 	}
@@ -428,7 +362,7 @@ func (h *Handler) DeleteClaudeKey(c *gin.Context) {

 // openai-compatibility: []OpenAICompatibility
 func (h *Handler) GetOpenAICompat(c *gin.Context) {
-	c.JSON(200, gin.H{"openai-compatibility": h.openAICompatibilityWithAuthIndex()})
+	c.JSON(200, gin.H{"openai-compatibility": normalizedOpenAICompatibilityEntries(h.cfg.OpenAICompatibility)})
 }
 func (h *Handler) PutOpenAICompat(c *gin.Context) {
 	data, err := c.GetRawData()
@@ -454,17 +388,14 @@ func (h *Handler) PutOpenAICompat(c *gin.Context) {
 			filtered = append(filtered, arr[i])
 		}
 	}
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	h.cfg.OpenAICompatibility = filtered
 	h.cfg.SanitizeOpenAICompatibility()
-	h.persistLocked(c)
+	h.persist(c)
 }
 func (h *Handler) PatchOpenAICompat(c *gin.Context) {
 	type openAICompatPatch struct {
 		Name          *string                             `json:"name"`
 		Prefix        *string                             `json:"prefix"`
-		Disabled      *bool                               `json:"disabled"`
 		BaseURL       *string                             `json:"base-url"`
 		APIKeyEntries *[]config.OpenAICompatibilityAPIKey `json:"api-key-entries"`
 		Models        *[]config.OpenAICompatibilityModel  `json:"models"`
@@ -479,9 +410,6 @@ func (h *Handler) PatchOpenAICompat(c *gin.Context) {
 		c.JSON(400, gin.H{"error": "invalid body"})
 		return
 	}
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	targetIndex := -1
 	if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.OpenAICompatibility) {
 		targetIndex = *body.Index
@@ -507,15 +435,12 @@ func (h *Handler) PatchOpenAICompat(c *gin.Context) {
 	if body.Value.Prefix != nil {
 		entry.Prefix = strings.TrimSpace(*body.Value.Prefix)
 	}
-	if body.Value.Disabled != nil {
-		entry.Disabled = *body.Value.Disabled
-	}
 	if body.Value.BaseURL != nil {
 		trimmed := strings.TrimSpace(*body.Value.BaseURL)
 		if trimmed == "" {
 			h.cfg.OpenAICompatibility = append(h.cfg.OpenAICompatibility[:targetIndex], h.cfg.OpenAICompatibility[targetIndex+1:]...)
 			h.cfg.SanitizeOpenAICompatibility()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 		entry.BaseURL = trimmed
@@ -532,12 +457,10 @@ func (h *Handler) PatchOpenAICompat(c *gin.Context) {
 	normalizeOpenAICompatibilityEntry(&entry)
 	h.cfg.OpenAICompatibility[targetIndex] = entry
 	h.cfg.SanitizeOpenAICompatibility()
-	h.persistLocked(c)
+	h.persist(c)
 }

 func (h *Handler) DeleteOpenAICompat(c *gin.Context) {
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	if name := c.Query("name"); name != "" {
 		out := make([]config.OpenAICompatibility, 0, len(h.cfg.OpenAICompatibility))
 		for _, v := range h.cfg.OpenAICompatibility {
@@ -547,7 +470,7 @@ func (h *Handler) DeleteOpenAICompat(c *gin.Context) {
 		}
 		h.cfg.OpenAICompatibility = out
 		h.cfg.SanitizeOpenAICompatibility()
-		h.persistLocked(c)
+		h.persist(c)
 		return
 	}
 	if idxStr := c.Query("index"); idxStr != "" {
@@ -556,7 +479,7 @@ func (h *Handler) DeleteOpenAICompat(c *gin.Context) {
 		if err == nil && idx >= 0 && idx < len(h.cfg.OpenAICompatibility) {
 			h.cfg.OpenAICompatibility = append(h.cfg.OpenAICompatibility[:idx], h.cfg.OpenAICompatibility[idx+1:]...)
 			h.cfg.SanitizeOpenAICompatibility()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 	}
@@ -565,7 +488,7 @@ func (h *Handler) DeleteOpenAICompat(c *gin.Context) {

 // vertex-api-key: []VertexCompatKey
 func (h *Handler) GetVertexCompatKeys(c *gin.Context) {
-	c.JSON(200, gin.H{"vertex-api-key": h.vertexCompatKeysWithAuthIndex()})
+	c.JSON(200, gin.H{"vertex-api-key": h.cfg.VertexCompatAPIKey})
 }
 func (h *Handler) PutVertexCompatKeys(c *gin.Context) {
 	data, err := c.GetRawData()
@@ -591,11 +514,9 @@ func (h *Handler) PutVertexCompatKeys(c *gin.Context) {
 			return
 		}
 	}
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	h.cfg.VertexCompatAPIKey = append([]config.VertexCompatKey(nil), arr...)
 	h.cfg.SanitizeVertexCompatKeys()
-	h.persistLocked(c)
+	h.persist(c)
 }
 func (h *Handler) PatchVertexCompatKey(c *gin.Context) {
 	type vertexCompatPatch struct {
@@ -616,9 +537,6 @@ func (h *Handler) PatchVertexCompatKey(c *gin.Context) {
 		c.JSON(400, gin.H{"error": "invalid body"})
 		return
 	}
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	targetIndex := -1
 	if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.VertexCompatAPIKey) {
 		targetIndex = *body.Index
@@ -645,7 +563,7 @@ func (h *Handler) PatchVertexCompatKey(c *gin.Context) {
 		if trimmed == "" {
 			h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:targetIndex], h.cfg.VertexCompatAPIKey[targetIndex+1:]...)
 			h.cfg.SanitizeVertexCompatKeys()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 		entry.APIKey = trimmed
@@ -658,7 +576,7 @@ func (h *Handler) PatchVertexCompatKey(c *gin.Context) {
 		if trimmed == "" {
 			h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:targetIndex], h.cfg.VertexCompatAPIKey[targetIndex+1:]...)
 			h.cfg.SanitizeVertexCompatKeys()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 		entry.BaseURL = trimmed
@@ -678,47 +596,20 @@ func (h *Handler) PatchVertexCompatKey(c *gin.Context) {
 	normalizeVertexCompatKey(&entry)
 	h.cfg.VertexCompatAPIKey[targetIndex] = entry
 	h.cfg.SanitizeVertexCompatKeys()
-	h.persistLocked(c)
+	h.persist(c)
 }

 func (h *Handler) DeleteVertexCompatKey(c *gin.Context) {
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	if val := strings.TrimSpace(c.Query("api-key")); val != "" {
-		if baseRaw, okBase := c.GetQuery("base-url"); okBase {
-			base := strings.TrimSpace(baseRaw)
-			out := make([]config.VertexCompatKey, 0, len(h.cfg.VertexCompatAPIKey))
-			for _, v := range h.cfg.VertexCompatAPIKey {
-				if strings.TrimSpace(v.APIKey) == val && strings.TrimSpace(v.BaseURL) == base {
-					continue
-				}
+		out := make([]config.VertexCompatKey, 0, len(h.cfg.VertexCompatAPIKey))
+		for _, v := range h.cfg.VertexCompatAPIKey {
+			if v.APIKey != val {
 				out = append(out, v)
 			}
-			h.cfg.VertexCompatAPIKey = out
-			h.cfg.SanitizeVertexCompatKeys()
-			h.persistLocked(c)
-			return
-		}
-
-		matchIndex := -1
-		matchCount := 0
-		for i := range h.cfg.VertexCompatAPIKey {
-			if strings.TrimSpace(h.cfg.VertexCompatAPIKey[i].APIKey) == val {
-				matchCount++
-				if matchIndex == -1 {
-					matchIndex = i
-				}
-			}
-		}
-		if matchCount > 1 {
-			c.JSON(400, gin.H{"error": "multiple items match api-key; base-url is required"})
-			return
-		}
-		if matchIndex != -1 {
-			h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:matchIndex], h.cfg.VertexCompatAPIKey[matchIndex+1:]...)
 		}
+		h.cfg.VertexCompatAPIKey = out
 		h.cfg.SanitizeVertexCompatKeys()
-		h.persistLocked(c)
+		h.persist(c)
 		return
 	}
 	if idxStr := c.Query("index"); idxStr != "" {
@@ -727,7 +618,7 @@ func (h *Handler) DeleteVertexCompatKey(c *gin.Context) {
 		if errScan == nil && idx >= 0 && idx < len(h.cfg.VertexCompatAPIKey) {
 			h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:idx], h.cfg.VertexCompatAPIKey[idx+1:]...)
 			h.cfg.SanitizeVertexCompatKeys()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 	}
@@ -918,7 +809,7 @@ func (h *Handler) DeleteOAuthModelAlias(c *gin.Context) {

 // codex-api-key: []CodexKey
 func (h *Handler) GetCodexKeys(c *gin.Context) {
-	c.JSON(200, gin.H{"codex-api-key": h.codexKeysWithAuthIndex()})
+	c.JSON(200, gin.H{"codex-api-key": h.cfg.CodexKey})
 }
 func (h *Handler) PutCodexKeys(c *gin.Context) {
 	data, err := c.GetRawData()
@@ -947,11 +838,9 @@ func (h *Handler) PutCodexKeys(c *gin.Context) {
 		}
 		filtered = append(filtered, entry)
 	}
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	h.cfg.CodexKey = filtered
 	h.cfg.SanitizeCodexKeys()
-	h.persistLocked(c)
+	h.persist(c)
 }
 func (h *Handler) PatchCodexKey(c *gin.Context) {
 	type codexKeyPatch struct {
@@ -972,9 +861,6 @@ func (h *Handler) PatchCodexKey(c *gin.Context) {
 		c.JSON(400, gin.H{"error": "invalid body"})
 		return
 	}
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
 	targetIndex := -1
 	if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.CodexKey) {
 		targetIndex = *body.Index
@@ -1005,7 +891,7 @@ func (h *Handler) PatchCodexKey(c *gin.Context) {
 		if trimmed == "" {
 			h.cfg.CodexKey = append(h.cfg.CodexKey[:targetIndex], h.cfg.CodexKey[targetIndex+1:]...)
 			h.cfg.SanitizeCodexKeys()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 		entry.BaseURL = trimmed
@@ -1025,47 +911,20 @@ func (h *Handler) PatchCodexKey(c *gin.Context) {
 	normalizeCodexKey(&entry)
 	h.cfg.CodexKey[targetIndex] = entry
 	h.cfg.SanitizeCodexKeys()
-	h.persistLocked(c)
+	h.persist(c)
 }

 func (h *Handler) DeleteCodexKey(c *gin.Context) {
-	h.mu.Lock()
-	defer h.mu.Unlock()
-	if val := strings.TrimSpace(c.Query("api-key")); val != "" {
-		if baseRaw, okBase := c.GetQuery("base-url"); okBase {
-			base := strings.TrimSpace(baseRaw)
-			out := make([]config.CodexKey, 0, len(h.cfg.CodexKey))
-			for _, v := range h.cfg.CodexKey {
-				if strings.TrimSpace(v.APIKey) == val && strings.TrimSpace(v.BaseURL) == base {
-					continue
-				}
+	if val := c.Query("api-key"); val != "" {
+		out := make([]config.CodexKey, 0, len(h.cfg.CodexKey))
+		for _, v := range h.cfg.CodexKey {
+			if v.APIKey != val {
 				out = append(out, v)
 			}
-			h.cfg.CodexKey = out
-			h.cfg.SanitizeCodexKeys()
-			h.persistLocked(c)
-			return
-		}
-
-		matchIndex := -1
-		matchCount := 0
-		for i := range h.cfg.CodexKey {
-			if strings.TrimSpace(h.cfg.CodexKey[i].APIKey) == val {
-				matchCount++
-				if matchIndex == -1 {
-					matchIndex = i
-				}
-			}
-		}
-		if matchCount > 1 {
-			c.JSON(400, gin.H{"error": "multiple items match api-key; base-url is required"})
-			return
-		}
-		if matchIndex != -1 {
-			h.cfg.CodexKey = append(h.cfg.CodexKey[:matchIndex], h.cfg.CodexKey[matchIndex+1:]...)
 		}
+		h.cfg.CodexKey = out
 		h.cfg.SanitizeCodexKeys()
-		h.persistLocked(c)
+		h.persist(c)
 		return
 	}
 	if idxStr := c.Query("index"); idxStr != "" {
@@ -1074,7 +933,7 @@ func (h *Handler) DeleteCodexKey(c *gin.Context) {
 		if err == nil && idx >= 0 && idx < len(h.cfg.CodexKey) {
 			h.cfg.CodexKey = append(h.cfg.CodexKey[:idx], h.cfg.CodexKey[idx+1:]...)
 			h.cfg.SanitizeCodexKeys()
-			h.persistLocked(c)
+			h.persist(c)
 			return
 		}
 	}
@@ -1,172 +0,0 @@
-package management
-
-import (
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-)
-
-func writeTestConfigFile(t *testing.T) string {
-	t.Helper()
-
-	dir := t.TempDir()
-	path := filepath.Join(dir, "config.yaml")
-	if errWrite := os.WriteFile(path, []byte("{}\n"), 0o600); errWrite != nil {
-		t.Fatalf("failed to write test config: %v", errWrite)
-	}
-	return path
-}
-
-func TestDeleteGeminiKey_RequiresBaseURLWhenAPIKeyDuplicated(t *testing.T) {
-	t.Parallel()
-	gin.SetMode(gin.TestMode)
-
-	h := &Handler{
-		cfg: &config.Config{
-			GeminiKey: []config.GeminiKey{
-				{APIKey: "shared-key", BaseURL: "https://a.example.com"},
-				{APIKey: "shared-key", BaseURL: "https://b.example.com"},
-			},
-		},
-		configFilePath: writeTestConfigFile(t),
-	}
-
-	rec := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(rec)
-	c.Request = httptest.NewRequest(http.MethodDelete, "/v0/management/gemini-api-key?api-key=shared-key", nil)
-
-	h.DeleteGeminiKey(c)
-
-	if rec.Code != http.StatusBadRequest {
-		t.Fatalf("status = %d, want %d; body=%s", rec.Code, http.StatusBadRequest, rec.Body.String())
-	}
-	if got := len(h.cfg.GeminiKey); got != 2 {
-		t.Fatalf("gemini keys len = %d, want 2", got)
-	}
-}
-
-func TestDeleteGeminiKey_DeletesOnlyMatchingBaseURL(t *testing.T) {
-	t.Parallel()
-	gin.SetMode(gin.TestMode)
-
-	h := &Handler{
-		cfg: &config.Config{
-			GeminiKey: []config.GeminiKey{
-				{APIKey: "shared-key", BaseURL: "https://a.example.com"},
-				{APIKey: "shared-key", BaseURL: "https://b.example.com"},
-			},
-		},
-		configFilePath: writeTestConfigFile(t),
-	}
-
-	rec := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(rec)
-	c.Request = httptest.NewRequest(http.MethodDelete, "/v0/management/gemini-api-key?api-key=shared-key&base-url=https://a.example.com", nil)
-
-	h.DeleteGeminiKey(c)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("status = %d, want %d; body=%s", rec.Code, http.StatusOK, rec.Body.String())
-	}
-	if got := len(h.cfg.GeminiKey); got != 1 {
-		t.Fatalf("gemini keys len = %d, want 1", got)
-	}
-	if got := h.cfg.GeminiKey[0].BaseURL; got != "https://b.example.com" {
-		t.Fatalf("remaining base-url = %q, want %q", got, "https://b.example.com")
-	}
-}
-
-func TestDeleteClaudeKey_DeletesEmptyBaseURLWhenExplicitlyProvided(t *testing.T) {
-	t.Parallel()
-	gin.SetMode(gin.TestMode)
-
-	h := &Handler{
-		cfg: &config.Config{
-			ClaudeKey: []config.ClaudeKey{
-				{APIKey: "shared-key", BaseURL: ""},
-				{APIKey: "shared-key", BaseURL: "https://claude.example.com"},
-			},
-		},
-		configFilePath: writeTestConfigFile(t),
-	}
-
-	rec := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(rec)
-	c.Request = httptest.NewRequest(http.MethodDelete, "/v0/management/claude-api-key?api-key=shared-key&base-url=", nil)
-
-	h.DeleteClaudeKey(c)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("status = %d, want %d; body=%s", rec.Code, http.StatusOK, rec.Body.String())
-	}
-	if got := len(h.cfg.ClaudeKey); got != 1 {
-		t.Fatalf("claude keys len = %d, want 1", got)
-	}
-	if got := h.cfg.ClaudeKey[0].BaseURL; got != "https://claude.example.com" {
-		t.Fatalf("remaining base-url = %q, want %q", got, "https://claude.example.com")
-	}
-}
-
-func TestDeleteVertexCompatKey_DeletesOnlyMatchingBaseURL(t *testing.T) {
-	t.Parallel()
-	gin.SetMode(gin.TestMode)
-
-	h := &Handler{
-		cfg: &config.Config{
-			VertexCompatAPIKey: []config.VertexCompatKey{
-				{APIKey: "shared-key", BaseURL: "https://a.example.com"},
-				{APIKey: "shared-key", BaseURL: "https://b.example.com"},
-			},
-		},
-		configFilePath: writeTestConfigFile(t),
-	}
-
-	rec := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(rec)
-	c.Request = httptest.NewRequest(http.MethodDelete, "/v0/management/vertex-api-key?api-key=shared-key&base-url=https://b.example.com", nil)
-
-	h.DeleteVertexCompatKey(c)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("status = %d, want %d; body=%s", rec.Code, http.StatusOK, rec.Body.String())
-	}
-	if got := len(h.cfg.VertexCompatAPIKey); got != 1 {
-		t.Fatalf("vertex keys len = %d, want 1", got)
-	}
-	if got := h.cfg.VertexCompatAPIKey[0].BaseURL; got != "https://a.example.com" {
-		t.Fatalf("remaining base-url = %q, want %q", got, "https://a.example.com")
-	}
-}
-
-func TestDeleteCodexKey_RequiresBaseURLWhenAPIKeyDuplicated(t *testing.T) {
-	t.Parallel()
-	gin.SetMode(gin.TestMode)
-
-	h := &Handler{
-		cfg: &config.Config{
-			CodexKey: []config.CodexKey{
-				{APIKey: "shared-key", BaseURL: "https://a.example.com"},
-				{APIKey: "shared-key", BaseURL: "https://b.example.com"},
-			},
-		},
-		configFilePath: writeTestConfigFile(t),
-	}
-
-	rec := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(rec)
-	c.Request = httptest.NewRequest(http.MethodDelete, "/v0/management/codex-api-key?api-key=shared-key", nil)
-
-	h.DeleteCodexKey(c)
-
-	if rec.Code != http.StatusBadRequest {
-		t.Fatalf("status = %d, want %d; body=%s", rec.Code, http.StatusBadRequest, rec.Body.String())
-	}
-	if got := len(h.cfg.CodexKey); got != 2 {
-		t.Fatalf("codex keys len = %d, want 2", got)
-	}
-}
@@ -13,10 +13,11 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/buildinfo"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	sdkAuth "github.com/router-for-me/CLIProxyAPI/v7/sdk/auth"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/buildinfo"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/usage"
+	sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 	"golang.org/x/crypto/bcrypt"
 )

@@ -40,6 +41,7 @@ type Handler struct {
 	attemptsMu          sync.Mutex
 	failedAttempts      map[string]*attemptInfo // keyed by client IP
 	authManager         *coreauth.Manager
+	usageStats          *usage.RequestStatistics
 	tokenStore          coreauth.Store
 	localPassword       string
 	allowRemoteOverride bool
@@ -58,6 +60,7 @@ func NewHandler(cfg *config.Config, configFilePath string, manager *coreauth.Man
 		configFilePath:      configFilePath,
 		failedAttempts:      make(map[string]*attemptInfo),
 		authManager:         manager,
+		usageStats:          usage.GetRequestStatistics(),
 		tokenStore:          sdkAuth.GetTokenStore(),
 		allowRemoteOverride: envSecret != "",
 		envSecret:           envSecret,
@@ -102,24 +105,13 @@ func NewHandlerWithoutConfigFilePath(cfg *config.Config, manager *coreauth.Manag
 }

 // SetConfig updates the in-memory config reference when the server hot-reloads.
-func (h *Handler) SetConfig(cfg *config.Config) {
-	if h == nil {
-		return
-	}
-	h.mu.Lock()
-	h.cfg = cfg
-	h.mu.Unlock()
-}
+func (h *Handler) SetConfig(cfg *config.Config) { h.cfg = cfg }

 // SetAuthManager updates the auth manager reference used by management endpoints.
-func (h *Handler) SetAuthManager(manager *coreauth.Manager) {
-	if h == nil {
-		return
-	}
-	h.mu.Lock()
-	h.authManager = manager
-	h.mu.Unlock()
-}
+func (h *Handler) SetAuthManager(manager *coreauth.Manager) { h.authManager = manager }
+
+// SetUsageStatistics allows replacing the usage statistics reference.
+func (h *Handler) SetUsageStatistics(stats *usage.RequestStatistics) { h.usageStats = stats }

 // SetLocalPassword configures the runtime-local password accepted for localhost requests.
 func (h *Handler) SetLocalPassword(password string) { h.localPassword = password }
@@ -146,6 +138,9 @@ func (h *Handler) SetPostAuthHook(hook coreauth.PostAuthHook) {
 // All requests (local and remote) require a valid management key.
 // Additionally, remote access requires allow-remote-management=true.
 func (h *Handler) Middleware() gin.HandlerFunc {
+	const maxFailures = 5
+	const banDuration = 30 * time.Minute
+
 	return func(c *gin.Context) {
 		c.Header("X-CPA-VERSION", buildinfo.Version)
 		c.Header("X-CPA-COMMIT", buildinfo.Commit)
@@ -153,6 +148,64 @@ func (h *Handler) Middleware() gin.HandlerFunc {

 		clientIP := c.ClientIP()
 		localClient := clientIP == "127.0.0.1" || clientIP == "::1"
+		cfg := h.cfg
+		var (
+			allowRemote bool
+			secretHash  string
+		)
+		if cfg != nil {
+			allowRemote = cfg.RemoteManagement.AllowRemote
+			secretHash = cfg.RemoteManagement.SecretKey
+		}
+		if h.allowRemoteOverride {
+			allowRemote = true
+		}
+		envSecret := h.envSecret
+
+		fail := func() {}
+		if !localClient {
+			h.attemptsMu.Lock()
+			ai := h.failedAttempts[clientIP]
+			if ai != nil {
+				if !ai.blockedUntil.IsZero() {
+					if time.Now().Before(ai.blockedUntil) {
+						remaining := time.Until(ai.blockedUntil).Round(time.Second)
+						h.attemptsMu.Unlock()
+						c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": fmt.Sprintf("IP banned due to too many failed attempts. Try again in %s", remaining)})
+						return
+					}
+					// Ban expired, reset state
+					ai.blockedUntil = time.Time{}
+					ai.count = 0
+				}
+			}
+			h.attemptsMu.Unlock()
+
+			if !allowRemote {
+				c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "remote management disabled"})
+				return
+			}
+
+			fail = func() {
+				h.attemptsMu.Lock()
+				aip := h.failedAttempts[clientIP]
+				if aip == nil {
+					aip = &attemptInfo{}
+					h.failedAttempts[clientIP] = aip
+				}
+				aip.count++
+				aip.lastActivity = time.Now()
+				if aip.count >= maxFailures {
+					aip.blockedUntil = time.Now().Add(banDuration)
+					aip.count = 0
+				}
+				h.attemptsMu.Unlock()
+			}
+		}
+		if secretHash == "" && envSecret == "" {
+			c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "remote management key not set"})
+			return
+		}

 		// Accept either Authorization: Bearer <key> or X-Management-Key
 		var provided string
@@ -168,126 +221,61 @@ func (h *Handler) Middleware() gin.HandlerFunc {
 			provided = c.GetHeader("X-Management-Key")
 		}

-		allowed, statusCode, errMsg := h.AuthenticateManagementKey(clientIP, localClient, provided)
-		if !allowed {
-			c.AbortWithStatusJSON(statusCode, gin.H{"error": errMsg})
+		if provided == "" {
+			if !localClient {
+				fail()
+			}
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "missing management key"})
 			return
 		}
-		c.Next()
-	}
-}

-// AuthenticateManagementKey verifies the provided management key for the given client.
-// It mirrors the behaviour of Middleware() so non-HTTP callers can reuse the same logic.
-func (h *Handler) AuthenticateManagementKey(clientIP string, localClient bool, provided string) (bool, int, string) {
-	const maxFailures = 5
-	const banDuration = 30 * time.Minute
-
-	if h == nil {
-		return false, http.StatusForbidden, "remote management disabled"
-	}
-
-	cfg := h.cfg
-	var (
-		allowRemote bool
-		secretHash  string
-	)
-	if cfg != nil {
-		allowRemote = cfg.RemoteManagement.AllowRemote
-		secretHash = cfg.RemoteManagement.SecretKey
-	}
-	if h.allowRemoteOverride {
-		allowRemote = true
-	}
-	envSecret := h.envSecret
-
-	now := time.Now()
-	h.attemptsMu.Lock()
-	ai := h.failedAttempts[clientIP]
-	if ai != nil && !ai.blockedUntil.IsZero() {
-		if now.Before(ai.blockedUntil) {
-			remaining := ai.blockedUntil.Sub(now).Round(time.Second)
-			h.attemptsMu.Unlock()
-			return false, http.StatusForbidden, fmt.Sprintf("IP banned due to too many failed attempts. Try again in %s", remaining)
-		}
-		// Ban expired, reset state
-		ai.blockedUntil = time.Time{}
-		ai.count = 0
-	}
-	h.attemptsMu.Unlock()
-
-	if !localClient && !allowRemote {
-		return false, http.StatusForbidden, "remote management disabled"
-	}
-
-	fail := func() {
-		h.attemptsMu.Lock()
-		aip := h.failedAttempts[clientIP]
-		if aip == nil {
-			aip = &attemptInfo{}
-			h.failedAttempts[clientIP] = aip
-		}
-		aip.count++
-		aip.lastActivity = time.Now()
-		if aip.count >= maxFailures {
-			aip.blockedUntil = time.Now().Add(banDuration)
-			aip.count = 0
-		}
-		h.attemptsMu.Unlock()
-	}
-
-	reset := func() {
-		h.attemptsMu.Lock()
-		if ai := h.failedAttempts[clientIP]; ai != nil {
-			ai.count = 0
-			ai.blockedUntil = time.Time{}
-		}
-		h.attemptsMu.Unlock()
-	}
-
-	if secretHash == "" && envSecret == "" {
-		return false, http.StatusForbidden, "remote management key not set"
-	}
-
-	if provided == "" {
-		fail()
-		return false, http.StatusUnauthorized, "missing management key"
-	}
-
-	if localClient {
-		if lp := h.localPassword; lp != "" {
-			if subtle.ConstantTimeCompare([]byte(provided), []byte(lp)) == 1 {
-				reset()
-				return true, 0, ""
+		if localClient {
+			if lp := h.localPassword; lp != "" {
+				if subtle.ConstantTimeCompare([]byte(provided), []byte(lp)) == 1 {
+					c.Next()
+					return
+				}
 			}
 		}
+
+		if envSecret != "" && subtle.ConstantTimeCompare([]byte(provided), []byte(envSecret)) == 1 {
+			if !localClient {
+				h.attemptsMu.Lock()
+				if ai := h.failedAttempts[clientIP]; ai != nil {
+					ai.count = 0
+					ai.blockedUntil = time.Time{}
+				}
+				h.attemptsMu.Unlock()
+			}
+			c.Next()
+			return
+		}
+
+		if secretHash == "" || bcrypt.CompareHashAndPassword([]byte(secretHash), []byte(provided)) != nil {
+			if !localClient {
+				fail()
+			}
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid management key"})
+			return
+		}
+
+		if !localClient {
+			h.attemptsMu.Lock()
+			if ai := h.failedAttempts[clientIP]; ai != nil {
+				ai.count = 0
+				ai.blockedUntil = time.Time{}
+			}
+			h.attemptsMu.Unlock()
+		}
+
+		c.Next()
 	}
-
-	if envSecret != "" && subtle.ConstantTimeCompare([]byte(provided), []byte(envSecret)) == 1 {
-		reset()
-		return true, 0, ""
-	}
-
-	if secretHash == "" || bcrypt.CompareHashAndPassword([]byte(secretHash), []byte(provided)) != nil {
-		fail()
-		return false, http.StatusUnauthorized, "invalid management key"
-	}
-
-	reset()
-
-	return true, 0, ""
 }

 // persist saves the current in-memory config to disk.
 func (h *Handler) persist(c *gin.Context) bool {
 	h.mu.Lock()
 	defer h.mu.Unlock()
-	return h.persistLocked(c)
-}
-
-// persistLocked saves the current in-memory config to disk.
-// It expects the caller to hold h.mu.
-func (h *Handler) persistLocked(c *gin.Context) bool {
 	// Preserve comments when writing
 	if err := config.SaveConfigPreserveComments(h.configFilePath, h.cfg); err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to save config: %v", err)})
@@ -1,38 +0,0 @@
-package management
-
-import (
-	"net/http"
-	"strings"
-	"testing"
-
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-)
-
-func TestAuthenticateManagementKey_LocalhostIPBan_BlocksCorrectKeyDuringBan(t *testing.T) {
-	h := &Handler{
-		cfg:            &config.Config{},
-		failedAttempts: make(map[string]*attemptInfo),
-		envSecret:      "test-secret",
-	}
-
-	for i := 0; i < 5; i++ {
-		allowed, statusCode, errMsg := h.AuthenticateManagementKey("127.0.0.1", true, "wrong-secret")
-		if allowed {
-			t.Fatalf("expected auth to be denied at attempt %d", i+1)
-		}
-		if statusCode != http.StatusUnauthorized || errMsg != "invalid management key" {
-			t.Fatalf("unexpected auth failure at attempt %d: status=%d msg=%q", i+1, statusCode, errMsg)
-		}
-	}
-
-	allowed, statusCode, errMsg := h.AuthenticateManagementKey("127.0.0.1", true, "test-secret")
-	if allowed {
-		t.Fatalf("expected correct key to be denied while banned")
-	}
-	if statusCode != http.StatusForbidden {
-		t.Fatalf("expected forbidden status while banned, got %d", statusCode)
-	}
-	if !strings.HasPrefix(errMsg, "IP banned due to too many failed attempts. Try again in") {
-		t.Fatalf("unexpected banned message: %q", errMsg)
-	}
-}
@@ -13,7 +13,7 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
 )

 const (
@@ -5,7 +5,7 @@ import (
 	"strings"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/registry"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
 )

 // GetStaticModelDefinitions returns static model metadata for a given channel.
@@ -79,7 +79,7 @@ func (h *Handler) PostOAuthCallback(c *gin.Context) {
 		return
 	}
 	if sessionStatus != "" {
-		c.JSON(http.StatusConflict, gin.H{"status": "error", "error": sessionStatus})
+		c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "oauth flow is not pending"})
 		return
 	}
 	if !strings.EqualFold(sessionProvider, canonicalProvider) {
@@ -89,11 +89,6 @@ func (h *Handler) PostOAuthCallback(c *gin.Context) {

 	if _, errWrite := WriteOAuthCallbackFileForPendingSession(h.cfg.AuthDir, canonicalProvider, state, code, errMsg); errWrite != nil {
 		if errors.Is(errWrite, errOAuthSessionNotPending) {
-			_, status, okSession := GetOAuthSession(state)
-			if okSession && status != "" {
-				c.JSON(http.StatusConflict, gin.H{"status": "error", "error": status})
-				return
-			}
 			c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "oauth flow is not pending"})
 			return
 		}
@@ -190,21 +190,6 @@ func IsOAuthSessionPending(state, provider string) bool {
 	return oauthSessions.IsPending(state, provider)
 }

-func oauthSessionErrorWithCause(message string, cause error) string {
-	message = strings.TrimSpace(message)
-	if message == "" {
-		message = "Authentication failed"
-	}
-	if cause == nil {
-		return message
-	}
-	detail := strings.TrimSpace(cause.Error())
-	if detail == "" {
-		return message
-	}
-	return message + ": " + detail
-}
-
 func ValidateOAuthState(state string) error {
 	trimmed := strings.TrimSpace(state)
 	if trimmed == "" {
@@ -240,10 +225,12 @@ func NormalizeOAuthProvider(provider string) (string, error) {
 		return "codex", nil
 	case "gemini", "google":
 		return "gemini", nil
+	case "iflow", "i-flow":
+		return "iflow", nil
 	case "antigravity", "anti-gravity":
 		return "antigravity", nil
-	case "xai", "x-ai", "x.ai", "grok":
-		return "xai", nil
+	case "qwen":
+		return "qwen", nil
 	default:
 		return "", errUnsupportedOAuthFlow
 	}
@@ -4,7 +4,7 @@ import (
 	"context"
 	"sync"

-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 )

 type memoryAuthStore struct {
@@ -2,54 +2,78 @@ package management

 import (
 	"encoding/json"
-	"errors"
 	"net/http"
-	"strconv"
-	"strings"
+	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/redisqueue"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/usage"
 )

-type usageQueueRecord []byte
-
-func (r usageQueueRecord) MarshalJSON() ([]byte, error) {
-	if json.Valid(r) {
-		return append([]byte(nil), r...), nil
-	}
-	return json.Marshal(string(r))
+type usageExportPayload struct {
+	Version    int                      `json:"version"`
+	ExportedAt time.Time                `json:"exported_at"`
+	Usage      usage.StatisticsSnapshot `json:"usage"`
 }

-// GetUsageQueue pops queued usage records from the usage queue.
-func (h *Handler) GetUsageQueue(c *gin.Context) {
-	if h == nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"})
+type usageImportPayload struct {
+	Version int                      `json:"version"`
+	Usage   usage.StatisticsSnapshot `json:"usage"`
+}
+
+// GetUsageStatistics returns the in-memory request statistics snapshot.
+func (h *Handler) GetUsageStatistics(c *gin.Context) {
+	var snapshot usage.StatisticsSnapshot
+	if h != nil && h.usageStats != nil {
+		snapshot = h.usageStats.Snapshot()
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"usage":           snapshot,
+		"failed_requests": snapshot.FailureCount,
+	})
+}
+
+// ExportUsageStatistics returns a complete usage snapshot for backup/migration.
+func (h *Handler) ExportUsageStatistics(c *gin.Context) {
+	var snapshot usage.StatisticsSnapshot
+	if h != nil && h.usageStats != nil {
+		snapshot = h.usageStats.Snapshot()
+	}
+	c.JSON(http.StatusOK, usageExportPayload{
+		Version:    1,
+		ExportedAt: time.Now().UTC(),
+		Usage:      snapshot,
+	})
+}
+
+// ImportUsageStatistics merges a previously exported usage snapshot into memory.
+func (h *Handler) ImportUsageStatistics(c *gin.Context) {
+	if h == nil || h.usageStats == nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "usage statistics unavailable"})
 		return
 	}

-	count, errCount := parseUsageQueueCount(c.Query("count"))
-	if errCount != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"error": errCount.Error()})
+	data, err := c.GetRawData()
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"})
 		return
 	}

-	items := redisqueue.PopOldest(count)
-	records := make([]usageQueueRecord, 0, len(items))
-	for _, item := range items {
-		records = append(records, usageQueueRecord(append([]byte(nil), item...)))
+	var payload usageImportPayload
+	if err := json.Unmarshal(data, &payload); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json"})
+		return
+	}
+	if payload.Version != 0 && payload.Version != 1 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "unsupported version"})
+		return
 	}

-	c.JSON(http.StatusOK, records)
-}
-
-func parseUsageQueueCount(value string) (int, error) {
-	value = strings.TrimSpace(value)
-	if value == "" {
-		return 1, nil
-	}
-	count, errCount := strconv.Atoi(value)
-	if errCount != nil || count <= 0 {
-		return 0, errors.New("count must be a positive integer")
-	}
-	return count, nil
+	result := h.usageStats.MergeSnapshot(payload.Usage)
+	snapshot := h.usageStats.Snapshot()
+	c.JSON(http.StatusOK, gin.H{
+		"added":           result.Added,
+		"skipped":         result.Skipped,
+		"total_requests":  snapshot.TotalRequests,
+		"failed_requests": snapshot.FailureCount,
+	})
 }
@@ -1,98 +0,0 @@
-package management
-
-import (
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/redisqueue"
-)
-
-func TestGetUsageQueuePopsRequestedRecords(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-	withManagementUsageQueue(t, func() {
-		redisqueue.Enqueue([]byte(`{"id":1}`))
-		redisqueue.Enqueue([]byte(`{"id":2}`))
-		redisqueue.Enqueue([]byte(`{"id":3}`))
-
-		rec := httptest.NewRecorder()
-		ginCtx, _ := gin.CreateTestContext(rec)
-		ginCtx.Request = httptest.NewRequest(http.MethodGet, "/v0/management/usage-queue?count=2", nil)
-
-		h := &Handler{}
-		h.GetUsageQueue(ginCtx)
-
-		if rec.Code != http.StatusOK {
-			t.Fatalf("status = %d, want %d body=%s", rec.Code, http.StatusOK, rec.Body.String())
-		}
-
-		var payload []json.RawMessage
-		if errUnmarshal := json.Unmarshal(rec.Body.Bytes(), &payload); errUnmarshal != nil {
-			t.Fatalf("unmarshal response: %v", errUnmarshal)
-		}
-		if len(payload) != 2 {
-			t.Fatalf("response records = %d, want 2", len(payload))
-		}
-		requireRecordID(t, payload[0], 1)
-		requireRecordID(t, payload[1], 2)
-
-		remaining := redisqueue.PopOldest(10)
-		if len(remaining) != 1 || string(remaining[0]) != `{"id":3}` {
-			t.Fatalf("remaining queue = %q, want third item only", remaining)
-		}
-	})
-}
-
-func TestGetUsageQueueInvalidCountDoesNotPop(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-	withManagementUsageQueue(t, func() {
-		redisqueue.Enqueue([]byte(`{"id":1}`))
-
-		rec := httptest.NewRecorder()
-		ginCtx, _ := gin.CreateTestContext(rec)
-		ginCtx.Request = httptest.NewRequest(http.MethodGet, "/v0/management/usage-queue?count=0", nil)
-
-		h := &Handler{}
-		h.GetUsageQueue(ginCtx)
-
-		if rec.Code != http.StatusBadRequest {
-			t.Fatalf("status = %d, want %d body=%s", rec.Code, http.StatusBadRequest, rec.Body.String())
-		}
-
-		remaining := redisqueue.PopOldest(10)
-		if len(remaining) != 1 || string(remaining[0]) != `{"id":1}` {
-			t.Fatalf("remaining queue = %q, want original item", remaining)
-		}
-	})
-}
-
-func withManagementUsageQueue(t *testing.T, fn func()) {
-	t.Helper()
-
-	prevQueueEnabled := redisqueue.Enabled()
-	redisqueue.SetEnabled(false)
-	redisqueue.SetEnabled(true)
-
-	defer func() {
-		redisqueue.SetEnabled(false)
-		redisqueue.SetEnabled(prevQueueEnabled)
-	}()
-
-	fn()
-}
-
-func requireRecordID(t *testing.T, raw json.RawMessage, want int) {
-	t.Helper()
-
-	var payload struct {
-		ID int `json:"id"`
-	}
-	if errUnmarshal := json.Unmarshal(raw, &payload); errUnmarshal != nil {
-		t.Fatalf("unmarshal record: %v", errUnmarshal)
-	}
-	if payload.ID != want {
-		t.Fatalf("record id = %d, want %d", payload.ID, want)
-	}
-}
@@ -9,8 +9,8 @@ import (
 	"strings"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/auth/vertex"
-	coreauth "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/vertex"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 )

 // ImportVertexCredential handles uploading a Vertex service account JSON and saving it as an auth record.
@@ -5,16 +5,14 @@ package middleware

 import (
 	"bytes"
-	"fmt"
 	"io"
 	"net/http"
 	"strings"
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/klauspost/compress/zstd"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 )

 const maxErrorOnlyCapturedRequestBodyBytes int64 = 1 << 20 // 1 MiB
@@ -138,7 +136,7 @@ func captureRequestInfo(c *gin.Context, captureBody bool) (*RequestInfo, error)

 		// Restore the body for the actual request processing
 		c.Request.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-		body = decodeCapturedRequestBodyForLog(bodyBytes, c.Request.Header.Get("Content-Encoding"))
+		body = bodyBytes
 	}

 	return &RequestInfo{
@@ -151,58 +149,6 @@ func captureRequestInfo(c *gin.Context, captureBody bool) (*RequestInfo, error)
 	}, nil
 }

-func decodeCapturedRequestBodyForLog(raw []byte, encoding string) []byte {
-	if len(raw) == 0 {
-		return raw
-	}
-
-	decoded, errDecode := decodeCapturedRequestBody(raw, encoding)
-	if errDecode != nil {
-		return raw
-	}
-	return decoded
-}
-
-func decodeCapturedRequestBody(raw []byte, encoding string) ([]byte, error) {
-	encoding = strings.TrimSpace(encoding)
-	if encoding == "" || strings.EqualFold(encoding, "identity") {
-		return raw, nil
-	}
-
-	parts := strings.Split(encoding, ",")
-	body := raw
-	for i := len(parts) - 1; i >= 0; i-- {
-		enc := strings.ToLower(strings.TrimSpace(parts[i]))
-		switch enc {
-		case "", "identity":
-			continue
-		case "zstd":
-			decoded, errDecode := decodeCapturedZstdRequestBody(body)
-			if errDecode != nil {
-				return nil, errDecode
-			}
-			body = decoded
-		default:
-			return nil, fmt.Errorf("unsupported request content encoding: %s", enc)
-		}
-	}
-	return body, nil
-}
-
-func decodeCapturedZstdRequestBody(raw []byte) ([]byte, error) {
-	decoder, errNewReader := zstd.NewReader(bytes.NewReader(raw))
-	if errNewReader != nil {
-		return nil, fmt.Errorf("failed to create zstd request decoder: %w", errNewReader)
-	}
-	defer decoder.Close()
-
-	decoded, errRead := io.ReadAll(decoder)
-	if errRead != nil {
-		return nil, fmt.Errorf("failed to decode zstd request body: %w", errRead)
-	}
-	return decoded, nil
-}
-
 // shouldLogRequest determines whether the request should be logged.
 // It skips management endpoints to avoid leaking secrets but allows
 // all other routes, including module-provided ones, to honor request-log.
@@ -1,16 +1,11 @@
 package middleware

 import (
-	"bytes"
 	"io"
 	"net/http"
-	"net/http/httptest"
 	"net/url"
 	"strings"
 	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/klauspost/compress/zstd"
 )

 func TestShouldSkipMethodForRequestLogging(t *testing.T) {
@@ -141,43 +136,3 @@ func TestShouldCaptureRequestBody(t *testing.T) {
 		}
 	}
 }
-
-func TestCaptureRequestInfoDecodesZstdRequestBodyForLog(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-
-	payload := []byte(`{"model":"test-model","stream":true}`)
-	var compressed bytes.Buffer
-	encoder, errNewWriter := zstd.NewWriter(&compressed)
-	if errNewWriter != nil {
-		t.Fatalf("zstd.NewWriter: %v", errNewWriter)
-	}
-	if _, errWrite := encoder.Write(payload); errWrite != nil {
-		t.Fatalf("zstd write: %v", errWrite)
-	}
-	if errClose := encoder.Close(); errClose != nil {
-		t.Fatalf("zstd close: %v", errClose)
-	}
-	compressedBytes := compressed.Bytes()
-
-	recorder := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(recorder)
-	req := httptest.NewRequest(http.MethodPost, "/v1/responses", bytes.NewReader(compressedBytes))
-	req.Header.Set("Content-Encoding", "zstd")
-	c.Request = req
-
-	info, errCapture := captureRequestInfo(c, true)
-	if errCapture != nil {
-		t.Fatalf("captureRequestInfo: %v", errCapture)
-	}
-	if !bytes.Equal(info.Body, payload) {
-		t.Fatalf("logged request body = %q, want %q", string(info.Body), string(payload))
-	}
-
-	restoredBody, errRead := io.ReadAll(c.Request.Body)
-	if errRead != nil {
-		t.Fatalf("read restored request body: %v", errRead)
-	}
-	if !bytes.Equal(restoredBody, compressedBytes) {
-		t.Fatal("request body was not restored with the original compressed bytes")
-	}
-}
@@ -10,13 +10,11 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/interfaces"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
 )

 const requestBodyOverrideContextKey = "REQUEST_BODY_OVERRIDE"
-const responseBodyOverrideContextKey = "RESPONSE_BODY_OVERRIDE"
-const websocketTimelineOverrideContextKey = "WEBSOCKET_TIMELINE_OVERRIDE"

 // RequestInfo holds essential details of an incoming HTTP request for logging purposes.
 type RequestInfo struct {
@@ -306,10 +304,6 @@ func (w *ResponseWriterWrapper) Finalize(c *gin.Context) error {
 		if len(apiResponse) > 0 {
 			_ = w.streamWriter.WriteAPIResponse(apiResponse)
 		}
-		apiWebsocketTimeline := w.extractAPIWebsocketTimeline(c)
-		if len(apiWebsocketTimeline) > 0 {
-			_ = w.streamWriter.WriteAPIWebsocketTimeline(apiWebsocketTimeline)
-		}
 		if err := w.streamWriter.Close(); err != nil {
 			w.streamWriter = nil
 			return err
@@ -318,7 +312,7 @@ func (w *ResponseWriterWrapper) Finalize(c *gin.Context) error {
 		return nil
 	}

-	return w.logRequest(w.extractRequestBody(c), finalStatusCode, w.cloneHeaders(), w.extractResponseBody(c), w.extractWebsocketTimeline(c), w.extractAPIRequest(c), w.extractAPIResponse(c), w.extractAPIWebsocketTimeline(c), w.extractAPIResponseTimestamp(c), slicesAPIResponseError, forceLog)
+	return w.logRequest(w.extractRequestBody(c), finalStatusCode, w.cloneHeaders(), w.body.Bytes(), w.extractAPIRequest(c), w.extractAPIResponse(c), w.extractAPIResponseTimestamp(c), slicesAPIResponseError, forceLog)
 }

 func (w *ResponseWriterWrapper) cloneHeaders() map[string][]string {
@@ -358,18 +352,6 @@ func (w *ResponseWriterWrapper) extractAPIResponse(c *gin.Context) []byte {
 	return data
 }

-func (w *ResponseWriterWrapper) extractAPIWebsocketTimeline(c *gin.Context) []byte {
-	apiTimeline, isExist := c.Get("API_WEBSOCKET_TIMELINE")
-	if !isExist {
-		return nil
-	}
-	data, ok := apiTimeline.([]byte)
-	if !ok || len(data) == 0 {
-		return nil
-	}
-	return bytes.Clone(data)
-}
-
 func (w *ResponseWriterWrapper) extractAPIResponseTimestamp(c *gin.Context) time.Time {
 	ts, isExist := c.Get("API_RESPONSE_TIMESTAMP")
 	if !isExist {
@@ -382,8 +364,19 @@ func (w *ResponseWriterWrapper) extractAPIResponseTimestamp(c *gin.Context) time
 }

 func (w *ResponseWriterWrapper) extractRequestBody(c *gin.Context) []byte {
-	if body := extractBodyOverride(c, requestBodyOverrideContextKey); len(body) > 0 {
-		return body
+	if c != nil {
+		if bodyOverride, isExist := c.Get(requestBodyOverrideContextKey); isExist {
+			switch value := bodyOverride.(type) {
+			case []byte:
+				if len(value) > 0 {
+					return bytes.Clone(value)
+				}
+			case string:
+				if strings.TrimSpace(value) != "" {
+					return []byte(value)
+				}
+			}
+		}
 	}
 	if w.requestInfo != nil && len(w.requestInfo.Body) > 0 {
 		return w.requestInfo.Body
@@ -391,48 +384,13 @@ func (w *ResponseWriterWrapper) extractRequestBody(c *gin.Context) []byte {
 	return nil
 }

-func (w *ResponseWriterWrapper) extractResponseBody(c *gin.Context) []byte {
-	if body := extractBodyOverride(c, responseBodyOverrideContextKey); len(body) > 0 {
-		return body
-	}
-	if w.body == nil || w.body.Len() == 0 {
-		return nil
-	}
-	return bytes.Clone(w.body.Bytes())
-}
-
-func (w *ResponseWriterWrapper) extractWebsocketTimeline(c *gin.Context) []byte {
-	return extractBodyOverride(c, websocketTimelineOverrideContextKey)
-}
-
-func extractBodyOverride(c *gin.Context, key string) []byte {
-	if c == nil {
-		return nil
-	}
-	bodyOverride, isExist := c.Get(key)
-	if !isExist {
-		return nil
-	}
-	switch value := bodyOverride.(type) {
-	case []byte:
-		if len(value) > 0 {
-			return bytes.Clone(value)
-		}
-	case string:
-		if strings.TrimSpace(value) != "" {
-			return []byte(value)
-		}
-	}
-	return nil
-}
-
-func (w *ResponseWriterWrapper) logRequest(requestBody []byte, statusCode int, headers map[string][]string, body, websocketTimeline, apiRequestBody, apiResponseBody, apiWebsocketTimeline []byte, apiResponseTimestamp time.Time, apiResponseErrors []*interfaces.ErrorMessage, forceLog bool) error {
+func (w *ResponseWriterWrapper) logRequest(requestBody []byte, statusCode int, headers map[string][]string, body []byte, apiRequestBody, apiResponseBody []byte, apiResponseTimestamp time.Time, apiResponseErrors []*interfaces.ErrorMessage, forceLog bool) error {
 	if w.requestInfo == nil {
 		return nil
 	}

 	if loggerWithOptions, ok := w.logger.(interface {
-		LogRequestWithOptions(string, string, map[string][]string, []byte, int, map[string][]string, []byte, []byte, []byte, []byte, []byte, []*interfaces.ErrorMessage, bool, string, time.Time, time.Time) error
+		LogRequestWithOptions(string, string, map[string][]string, []byte, int, map[string][]string, []byte, []byte, []byte, []*interfaces.ErrorMessage, bool, string, time.Time, time.Time) error
 	}); ok {
 		return loggerWithOptions.LogRequestWithOptions(
 			w.requestInfo.URL,
@@ -442,10 +400,8 @@ func (w *ResponseWriterWrapper) logRequest(requestBody []byte, statusCode int, h
 			statusCode,
 			headers,
 			body,
-			websocketTimeline,
 			apiRequestBody,
 			apiResponseBody,
-			apiWebsocketTimeline,
 			apiResponseErrors,
 			forceLog,
 			w.requestInfo.RequestID,
@@ -462,10 +418,8 @@ func (w *ResponseWriterWrapper) logRequest(requestBody []byte, statusCode int, h
 		statusCode,
 		headers,
 		body,
-		websocketTimeline,
 		apiRequestBody,
 		apiResponseBody,
-		apiWebsocketTimeline,
 		apiResponseErrors,
 		w.requestInfo.RequestID,
 		w.requestInfo.Timestamp,
@@ -1,14 +1,10 @@
 package middleware

 import (
-	"bytes"
 	"net/http/httptest"
 	"testing"
-	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/interfaces"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
 )

 func TestExtractRequestBodyPrefersOverride(t *testing.T) {
@@ -37,7 +33,7 @@ func TestExtractRequestBodySupportsStringOverride(t *testing.T) {
 	recorder := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(recorder)

-	wrapper := &ResponseWriterWrapper{body: &bytes.Buffer{}}
+	wrapper := &ResponseWriterWrapper{}
 	c.Set(requestBodyOverrideContextKey, "override-as-string")

 	body := wrapper.extractRequestBody(c)
@@ -45,158 +41,3 @@ func TestExtractRequestBodySupportsStringOverride(t *testing.T) {
 		t.Fatalf("request body = %q, want %q", string(body), "override-as-string")
 	}
 }
-
-func TestExtractResponseBodyPrefersOverride(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-	recorder := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(recorder)
-
-	wrapper := &ResponseWriterWrapper{body: &bytes.Buffer{}}
-	wrapper.body.WriteString("original-response")
-
-	body := wrapper.extractResponseBody(c)
-	if string(body) != "original-response" {
-		t.Fatalf("response body = %q, want %q", string(body), "original-response")
-	}
-
-	c.Set(responseBodyOverrideContextKey, []byte("override-response"))
-	body = wrapper.extractResponseBody(c)
-	if string(body) != "override-response" {
-		t.Fatalf("response body = %q, want %q", string(body), "override-response")
-	}
-
-	body[0] = 'X'
-	if got := wrapper.extractResponseBody(c); string(got) != "override-response" {
-		t.Fatalf("response override should be cloned, got %q", string(got))
-	}
-}
-
-func TestExtractResponseBodySupportsStringOverride(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-	recorder := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(recorder)
-
-	wrapper := &ResponseWriterWrapper{}
-	c.Set(responseBodyOverrideContextKey, "override-response-as-string")
-
-	body := wrapper.extractResponseBody(c)
-	if string(body) != "override-response-as-string" {
-		t.Fatalf("response body = %q, want %q", string(body), "override-response-as-string")
-	}
-}
-
-func TestExtractBodyOverrideClonesBytes(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-	recorder := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(recorder)
-
-	override := []byte("body-override")
-	c.Set(requestBodyOverrideContextKey, override)
-
-	body := extractBodyOverride(c, requestBodyOverrideContextKey)
-	if !bytes.Equal(body, override) {
-		t.Fatalf("body override = %q, want %q", string(body), string(override))
-	}
-
-	body[0] = 'X'
-	if !bytes.Equal(override, []byte("body-override")) {
-		t.Fatalf("override mutated: %q", string(override))
-	}
-}
-
-func TestExtractWebsocketTimelineUsesOverride(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-	recorder := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(recorder)
-
-	wrapper := &ResponseWriterWrapper{}
-	if got := wrapper.extractWebsocketTimeline(c); got != nil {
-		t.Fatalf("expected nil websocket timeline, got %q", string(got))
-	}
-
-	c.Set(websocketTimelineOverrideContextKey, []byte("timeline"))
-	body := wrapper.extractWebsocketTimeline(c)
-	if string(body) != "timeline" {
-		t.Fatalf("websocket timeline = %q, want %q", string(body), "timeline")
-	}
-}
-
-func TestFinalizeStreamingWritesAPIWebsocketTimeline(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-	recorder := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(recorder)
-
-	streamWriter := &testStreamingLogWriter{}
-	wrapper := &ResponseWriterWrapper{
-		ResponseWriter: c.Writer,
-		logger:         &testRequestLogger{enabled: true},
-		requestInfo: &RequestInfo{
-			URL:       "/v1/responses",
-			Method:    "POST",
-			Headers:   map[string][]string{"Content-Type": {"application/json"}},
-			RequestID: "req-1",
-			Timestamp: time.Date(2026, time.April, 1, 12, 0, 0, 0, time.UTC),
-		},
-		isStreaming:  true,
-		streamWriter: streamWriter,
-	}
-
-	c.Set("API_WEBSOCKET_TIMELINE", []byte("Timestamp: 2026-04-01T12:00:00Z\nEvent: api.websocket.request\n{}"))
-
-	if err := wrapper.Finalize(c); err != nil {
-		t.Fatalf("Finalize error: %v", err)
-	}
-	if string(streamWriter.apiWebsocketTimeline) != "Timestamp: 2026-04-01T12:00:00Z\nEvent: api.websocket.request\n{}" {
-		t.Fatalf("stream writer websocket timeline = %q", string(streamWriter.apiWebsocketTimeline))
-	}
-	if !streamWriter.closed {
-		t.Fatal("expected stream writer to be closed")
-	}
-}
-
-type testRequestLogger struct {
-	enabled bool
-}
-
-func (l *testRequestLogger) LogRequest(string, string, map[string][]string, []byte, int, map[string][]string, []byte, []byte, []byte, []byte, []byte, []*interfaces.ErrorMessage, string, time.Time, time.Time) error {
-	return nil
-}
-
-func (l *testRequestLogger) LogStreamingRequest(string, string, map[string][]string, []byte, string) (logging.StreamingLogWriter, error) {
-	return &testStreamingLogWriter{}, nil
-}
-
-func (l *testRequestLogger) IsEnabled() bool {
-	return l.enabled
-}
-
-type testStreamingLogWriter struct {
-	apiWebsocketTimeline []byte
-	closed               bool
-}
-
-func (w *testStreamingLogWriter) WriteChunkAsync([]byte) {}
-
-func (w *testStreamingLogWriter) WriteStatus(int, map[string][]string) error {
-	return nil
-}
-
-func (w *testStreamingLogWriter) WriteAPIRequest([]byte) error {
-	return nil
-}
-
-func (w *testStreamingLogWriter) WriteAPIResponse([]byte) error {
-	return nil
-}
-
-func (w *testStreamingLogWriter) WriteAPIWebsocketTimeline(apiWebsocketTimeline []byte) error {
-	w.apiWebsocketTimeline = bytes.Clone(apiWebsocketTimeline)
-	return nil
-}
-
-func (w *testStreamingLogWriter) SetFirstChunkTimestamp(time.Time) {}
-
-func (w *testStreamingLogWriter) Close() error {
-	w.closed = true
-	return nil
-}
@@ -9,9 +9,9 @@ import (
 	"sync"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/api/modules"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	sdkaccess "github.com/router-for-me/CLIProxyAPI/v7/sdk/access"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/api/modules"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access"
 	log "github.com/sirupsen/logrus"
 )

@@ -9,10 +9,10 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/api/modules"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	sdkaccess "github.com/router-for-me/CLIProxyAPI/v7/sdk/access"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/api/modules"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers"
 )

 func TestAmpModule_Name(t *testing.T) {
@@ -8,8 +8,8 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/thinking"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/thinking"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	log "github.com/sirupsen/logrus"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
@@ -253,7 +253,6 @@ func (fh *FallbackHandler) WrapHandler(handler gin.HandlerFunc) gin.HandlerFunc
 			log.Debugf("amp model mapping: request %s -> %s", normalizedModel, resolvedModel)
 			logAmpRouting(RouteTypeModelMapping, modelName, resolvedModel, providerName, requestPath)
 			rewriter := NewResponseRewriter(c.Writer, modelName)
-			rewriter.suppressThinking = true
 			c.Writer = rewriter
 			// Filter Anthropic-Beta header only for local handling paths
 			filterAntropicBetaHeader(c)
@@ -268,7 +267,6 @@ func (fh *FallbackHandler) WrapHandler(handler gin.HandlerFunc) gin.HandlerFunc
 			// proxies (e.g. NewAPI) may return a different model name and lack
 			// Amp-required fields like thinking.signature.
 			rewriter := NewResponseRewriter(c.Writer, modelName)
-			rewriter.suppressThinking = providerName != "claude"
 			c.Writer = rewriter
 			// Filter Anthropic-Beta header only for local handling paths
 			filterAntropicBetaHeader(c)
@@ -9,8 +9,8 @@ import (
 	"testing"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/registry"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
 )

 func TestFallbackHandler_ModelMapping_PreservesThinkingSuffixAndRewritesResponse(t *testing.T) {
@@ -7,9 +7,9 @@ import (
 	"strings"
 	"sync"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/thinking"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/thinking"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	log "github.com/sirupsen/logrus"
 )

@@ -3,8 +3,8 @@ package amp
 import (
 	"testing"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/registry"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
 )

 func TestNewModelMapper(t *testing.T) {
@@ -14,7 +14,7 @@ import (
 	"strings"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/misc"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
 	log "github.com/sirupsen/logrus"
 )

@@ -108,6 +108,11 @@ func createReverseProxy(upstreamURL string, secretSource SecretSource) (*httputi
 	// Modify incoming responses to handle gzip without Content-Encoding
 	// This addresses the same issue as inline handler gzip handling, but at the proxy level
 	proxy.ModifyResponse = func(resp *http.Response) error {
+		// Only process successful responses
+		if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+			return nil
+		}
+
 		// Skip if already marked as gzip (Content-Encoding set)
 		if resp.Header.Get("Content-Encoding") != "" {
 			return nil
@@ -11,7 +11,7 @@ import (
 	"strings"
 	"testing"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 )

 // Helper: compress data with gzip
@@ -129,11 +129,11 @@ func TestModifyResponse_GzipScenarios(t *testing.T) {
 			wantCE:   "",
 		},
 		{
-			name:     "decompresses_non_2xx_status_when_gzip_detected",
+			name:     "skips_non_2xx_status",
 			header:   http.Header{},
 			body:     good,
 			status:   404,
-			wantBody: goodJSON,
+			wantBody: good,
 			wantCE:   "",
 		},
 	}
@@ -2,7 +2,6 @@ package amp

 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"
@@ -18,18 +17,19 @@ import (
 // and to keep Amp-compatible response shapes.
 type ResponseRewriter struct {
 	gin.ResponseWriter
-	body             *bytes.Buffer
-	originalModel    string
-	isStreaming      bool
-	suppressThinking bool
+	body                   *bytes.Buffer
+	originalModel          string
+	isStreaming            bool
+	suppressedContentBlock map[int]struct{}
 }

 // NewResponseRewriter creates a new response rewriter for model name substitution.
 func NewResponseRewriter(w gin.ResponseWriter, originalModel string) *ResponseRewriter {
 	return &ResponseRewriter{
-		ResponseWriter: w,
-		body:           &bytes.Buffer{},
-		originalModel:  originalModel,
+		ResponseWriter:         w,
+		body:                   &bytes.Buffer{},
+		originalModel:          originalModel,
+		suppressedContentBlock: make(map[int]struct{}),
 	}
 }

@@ -91,8 +91,7 @@ func (rw *ResponseRewriter) Write(data []byte) (int, error) {
 	}

 	if rw.isStreaming {
-		rewritten := rw.rewriteStreamChunk(data)
-		n, err := rw.ResponseWriter.Write(rewritten)
+		n, err := rw.ResponseWriter.Write(rw.rewriteStreamChunk(data))
 		if err == nil {
 			if flusher, ok := rw.ResponseWriter.(http.Flusher); ok {
 				flusher.Flush()
@@ -123,52 +122,6 @@ func (rw *ResponseRewriter) Flush() {

 var modelFieldPaths = []string{"message.model", "model", "modelVersion", "response.model", "response.modelVersion"}

-// ampCanonicalToolNames maps tool names to the exact casing expected by the
-// Amp mode tool whitelist (case-sensitive match).
-var ampCanonicalToolNames = map[string]string{
-	"bash":  "Bash",
-	"read":  "Read",
-	"grep":  "Grep",
-	"glob":  "glob",
-	"task":  "Task",
-	"check": "Check",
-}
-
-// normalizeAmpToolNames fixes tool_use block names to match Amp's canonical casing.
-// Some upstream models return lowercase tool names (e.g. "bash" instead of "Bash")
-// which causes Amp's case-sensitive mode whitelist to reject them.
-func normalizeAmpToolNames(data []byte) []byte {
-	// Non-streaming: content[].name in tool_use blocks
-	for index, block := range gjson.GetBytes(data, "content").Array() {
-		if block.Get("type").String() != "tool_use" {
-			continue
-		}
-		name := block.Get("name").String()
-		if canonical, ok := ampCanonicalToolNames[strings.ToLower(name)]; ok && name != canonical {
-			path := fmt.Sprintf("content.%d.name", index)
-			var err error
-			data, err = sjson.SetBytes(data, path, canonical)
-			if err != nil {
-				log.Warnf("Amp ResponseRewriter: failed to normalize tool name %q to %q: %v", name, canonical, err)
-			}
-		}
-	}
-
-	// Streaming: content_block.name in content_block_start events
-	if gjson.GetBytes(data, "content_block.type").String() == "tool_use" {
-		name := gjson.GetBytes(data, "content_block.name").String()
-		if canonical, ok := ampCanonicalToolNames[strings.ToLower(name)]; ok && name != canonical {
-			var err error
-			data, err = sjson.SetBytes(data, "content_block.name", canonical)
-			if err != nil {
-				log.Warnf("Amp ResponseRewriter: failed to normalize streaming tool name %q to %q: %v", name, canonical, err)
-			}
-		}
-	}
-
-	return data
-}
-
 // ensureAmpSignature injects empty signature fields into tool_use/thinking blocks
 // in API responses so that the Amp TUI does not crash on P.signature.length.
 func ensureAmpSignature(data []byte) []byte {
@@ -201,10 +154,19 @@ func ensureAmpSignature(data []byte) []byte {
 	return data
 }

-func (rw *ResponseRewriter) suppressAmpThinking(data []byte) []byte {
-	if !rw.suppressThinking {
-		return data
+func (rw *ResponseRewriter) markSuppressedContentBlock(index int) {
+	if rw.suppressedContentBlock == nil {
+		rw.suppressedContentBlock = make(map[int]struct{})
 	}
+	rw.suppressedContentBlock[index] = struct{}{}
+}
+
+func (rw *ResponseRewriter) isSuppressedContentBlock(index int) bool {
+	_, ok := rw.suppressedContentBlock[index]
+	return ok
+}
+
+func (rw *ResponseRewriter) suppressAmpThinking(data []byte) []byte {
 	if gjson.GetBytes(data, `content.#(type=="tool_use")`).Exists() {
 		filtered := gjson.GetBytes(data, `content.#(type!="thinking")#`)
 		if filtered.Exists() {
@@ -215,17 +177,38 @@ func (rw *ResponseRewriter) suppressAmpThinking(data []byte) []byte {
 				data, err = sjson.SetBytes(data, "content", filtered.Value())
 				if err != nil {
 					log.Warnf("Amp ResponseRewriter: failed to suppress thinking blocks: %v", err)
+				} else {
+					log.Debugf("Amp ResponseRewriter: Suppressed %d thinking blocks due to tool usage", originalCount-filteredCount)
 				}
 			}
 		}
 	}

+	eventType := gjson.GetBytes(data, "type").String()
+	indexResult := gjson.GetBytes(data, "index")
+	if eventType == "content_block_start" && gjson.GetBytes(data, "content_block.type").String() == "thinking" && indexResult.Exists() {
+		rw.markSuppressedContentBlock(int(indexResult.Int()))
+		return nil
+	}
+	if gjson.GetBytes(data, "delta.type").String() == "thinking_delta" {
+		if indexResult.Exists() {
+			rw.markSuppressedContentBlock(int(indexResult.Int()))
+		}
+		return nil
+	}
+	if eventType == "content_block_stop" && indexResult.Exists() {
+		index := int(indexResult.Int())
+		if rw.isSuppressedContentBlock(index) {
+			delete(rw.suppressedContentBlock, index)
+			return nil
+		}
+	}
+
 	return data
 }

 func (rw *ResponseRewriter) rewriteModelInResponse(data []byte) []byte {
 	data = ensureAmpSignature(data)
-	data = normalizeAmpToolNames(data)
 	data = rw.suppressAmpThinking(data)
 	if len(data) == 0 {
 		return data
@@ -272,6 +255,7 @@ func (rw *ResponseRewriter) rewriteStreamChunk(chunk []byte) []byte {
 				if len(jsonData) > 0 && jsonData[0] == '{' {
 					rewritten := rw.rewriteStreamEvent(jsonData)
 					if rewritten == nil {
+						// Event suppressed (e.g. thinking block), skip event+data pair
 						i = dataIdx + 1
 						continue
 					}
@@ -318,16 +302,16 @@ func (rw *ResponseRewriter) rewriteStreamChunk(chunk []byte) []byte {

 // rewriteStreamEvent processes a single JSON event in the SSE stream.
 // It rewrites model names and ensures signature fields exist.
-// NOTE: streaming mode does NOT suppress thinking blocks - they are
-// passed through with signature injection to avoid breaking SSE index
-// alignment and TUI rendering.
 func (rw *ResponseRewriter) rewriteStreamEvent(data []byte) []byte {
+	// Suppress thinking blocks before any other processing.
+	data = rw.suppressAmpThinking(data)
+	if len(data) == 0 {
+		return nil
+	}
+
 	// Inject empty signature where needed
 	data = ensureAmpSignature(data)

-	// Normalize tool names to canonical casing
-	data = normalizeAmpToolNames(data)
-
 	// Rewrite model name
 	if rw.originalModel != "" {
 		for _, path := range modelFieldPaths {
@@ -341,10 +325,8 @@ func (rw *ResponseRewriter) rewriteStreamEvent(data []byte) []byte {
 }

 // SanitizeAmpRequestBody removes thinking blocks with empty/missing/invalid signatures
-// and strips the proxy-injected "signature" field from tool_use blocks in the messages
-// array before forwarding to the upstream API.
-// This prevents 400 errors from the API which requires valid signatures on thinking
-// blocks and does not accept a signature field on tool_use blocks.
+// from the messages array in a request body before forwarding to the upstream API.
+// This prevents 400 errors from the API which requires valid signatures on thinking blocks.
 func SanitizeAmpRequestBody(body []byte) []byte {
 	messages := gjson.GetBytes(body, "messages")
 	if !messages.Exists() || !messages.IsArray() {
@@ -362,30 +344,21 @@ func SanitizeAmpRequestBody(body []byte) []byte {
 		}

 		var keepBlocks []interface{}
-		contentModified := false
+		removedCount := 0

 		for _, block := range content.Array() {
 			blockType := block.Get("type").String()
 			if blockType == "thinking" {
 				sig := block.Get("signature")
 				if !sig.Exists() || sig.Type != gjson.String || strings.TrimSpace(sig.String()) == "" {
-					contentModified = true
+					removedCount++
 					continue
 				}
 			}
-
-			// Use raw JSON to prevent float64 rounding of large integers in tool_use inputs
-			blockRaw := []byte(block.Raw)
-			if blockType == "tool_use" && block.Get("signature").Exists() {
-				blockRaw, _ = sjson.DeleteBytes(blockRaw, "signature")
-				contentModified = true
-			}
-
-			// sjson.SetBytes supports raw JSON strings if wrapped in gjson.Raw
-			keepBlocks = append(keepBlocks, json.RawMessage(blockRaw))
+			keepBlocks = append(keepBlocks, block.Value())
 		}

-		if contentModified {
+		if removedCount > 0 {
 			contentPath := fmt.Sprintf("messages.%d.content", msgIdx)
 			var err error
 			if len(keepBlocks) == 0 {
@@ -394,10 +367,11 @@ func SanitizeAmpRequestBody(body []byte) []byte {
 				body, err = sjson.SetBytes(body, contentPath, keepBlocks)
 			}
 			if err != nil {
-				log.Warnf("Amp RequestSanitizer: failed to sanitize message %d: %v", msgIdx, err)
+				log.Warnf("Amp RequestSanitizer: failed to remove thinking blocks from message %d: %v", msgIdx, err)
 				continue
 			}
 			modified = true
+			log.Debugf("Amp RequestSanitizer: removed %d thinking blocks with invalid signatures from message %d", removedCount, msgIdx)
 		}
 	}

@@ -1,7 +1,6 @@
 package amp

 import (
-	"strings"
 	"testing"
 )

@@ -101,29 +100,23 @@ func TestRewriteStreamChunk_MessageModel(t *testing.T) {
 	}
 }

-func TestRewriteStreamChunk_PreservesThinkingWithSignatureInjection(t *testing.T) {
-	rw := &ResponseRewriter{}
+func TestRewriteStreamChunk_SuppressesThinkingContentBlockFrames(t *testing.T) {
+	rw := &ResponseRewriter{suppressedContentBlock: make(map[int]struct{})}

 	chunk := []byte("event: content_block_start\ndata: {\"type\":\"content_block_start\",\"index\":0,\"content_block\":{\"type\":\"thinking\",\"thinking\":\"\"}}\n\nevent: content_block_delta\ndata: {\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"thinking_delta\",\"thinking\":\"abc\"}}\n\nevent: content_block_stop\ndata: {\"type\":\"content_block_stop\",\"index\":0}\n\nevent: content_block_start\ndata: {\"type\":\"content_block_start\",\"index\":1,\"content_block\":{\"type\":\"tool_use\",\"name\":\"bash\",\"input\":{}}}\n\n")
 	result := rw.rewriteStreamChunk(chunk)

-	// Streaming mode preserves thinking blocks (does NOT suppress them)
-	// to avoid breaking SSE index alignment and TUI rendering
-	if !contains(result, []byte(`"content_block":{"type":"thinking"`)) {
-		t.Fatalf("expected thinking content_block_start to be preserved, got %s", string(result))
+	if contains(result, []byte("\"thinking\"")) || contains(result, []byte("\"thinking_delta\"")) {
+		t.Fatalf("expected thinking content_block frames to be suppressed, got %s", string(result))
 	}
-	if !contains(result, []byte(`"delta":{"type":"thinking_delta"`)) {
-		t.Fatalf("expected thinking_delta to be preserved, got %s", string(result))
+	if contains(result, []byte("content_block_stop")) {
+		t.Fatalf("expected suppressed thinking content_block_stop to be removed, got %s", string(result))
 	}
-	if !contains(result, []byte(`"type":"content_block_stop","index":0`)) {
-		t.Fatalf("expected content_block_stop for thinking block to be preserved, got %s", string(result))
-	}
-	if !contains(result, []byte(`"content_block":{"type":"tool_use"`)) {
+	if !contains(result, []byte("\"tool_use\"")) {
 		t.Fatalf("expected tool_use content_block frame to remain, got %s", string(result))
 	}
-	// Signature should be injected into both thinking and tool_use blocks
-	if count := strings.Count(string(result), `"signature":""`); count != 2 {
-		t.Fatalf("expected 2 signature injections, but got %d in %s", count, string(result))
+	if !contains(result, []byte("\"signature\":\"\"")) {
+		t.Fatalf("expected tool_use content_block signature injection, got %s", string(result))
 	}
 }

@@ -145,87 +138,6 @@ func TestSanitizeAmpRequestBody_RemovesWhitespaceAndNonStringSignatures(t *testi
 	}
 }

-func TestSanitizeAmpRequestBody_StripsSignatureFromToolUseBlocks(t *testing.T) {
-	input := []byte(`{"messages":[{"role":"assistant","content":[{"type":"thinking","thinking":"thought","signature":"valid-sig"},{"type":"tool_use","id":"toolu_01","name":"Bash","input":{"cmd":"ls"},"signature":""}]}]}`)
-	result := SanitizeAmpRequestBody(input)
-
-	if contains(result, []byte(`"signature":""`)) {
-		t.Fatalf("expected signature to be stripped from tool_use block, got %s", string(result))
-	}
-	if !contains(result, []byte(`"valid-sig"`)) {
-		t.Fatalf("expected thinking signature to remain, got %s", string(result))
-	}
-	if !contains(result, []byte(`"tool_use"`)) {
-		t.Fatalf("expected tool_use block to remain, got %s", string(result))
-	}
-}
-
-func TestSanitizeAmpRequestBody_MixedInvalidThinkingAndToolUseSignature(t *testing.T) {
-	input := []byte(`{"messages":[{"role":"assistant","content":[{"type":"thinking","thinking":"drop-me","signature":""},{"type":"tool_use","id":"toolu_01","name":"Bash","input":{"cmd":"ls"},"signature":""}]}]}`)
-	result := SanitizeAmpRequestBody(input)
-
-	if contains(result, []byte("drop-me")) {
-		t.Fatalf("expected invalid thinking block to be removed, got %s", string(result))
-	}
-	if contains(result, []byte(`"signature"`)) {
-		t.Fatalf("expected signature to be stripped from tool_use block, got %s", string(result))
-	}
-	if !contains(result, []byte(`"tool_use"`)) {
-		t.Fatalf("expected tool_use block to remain, got %s", string(result))
-	}
-}
-
-func TestNormalizeAmpToolNames_NonStreaming(t *testing.T) {
-	input := []byte(`{"content":[{"type":"tool_use","id":"toolu_01","name":"bash","input":{"cmd":"ls"}},{"type":"tool_use","id":"toolu_02","name":"read","input":{"path":"/tmp"}},{"type":"text","text":"hello"}]}`)
-	result := normalizeAmpToolNames(input)
-
-	if !contains(result, []byte(`"name":"Bash"`)) {
-		t.Errorf("expected bash->Bash, got %s", string(result))
-	}
-	if !contains(result, []byte(`"name":"Read"`)) {
-		t.Errorf("expected read->Read, got %s", string(result))
-	}
-	if contains(result, []byte(`"name":"bash"`)) {
-		t.Errorf("expected lowercase bash to be replaced, got %s", string(result))
-	}
-}
-
-func TestNormalizeAmpToolNames_Streaming(t *testing.T) {
-	input := []byte(`{"type":"content_block_start","index":1,"content_block":{"type":"tool_use","name":"grep","id":"toolu_01","input":{}}}`)
-	result := normalizeAmpToolNames(input)
-
-	if !contains(result, []byte(`"name":"Grep"`)) {
-		t.Errorf("expected grep->Grep in streaming, got %s", string(result))
-	}
-}
-
-func TestNormalizeAmpToolNames_AlreadyCorrect(t *testing.T) {
-	input := []byte(`{"content":[{"type":"tool_use","id":"toolu_01","name":"Bash","input":{"cmd":"ls"}}]}`)
-	result := normalizeAmpToolNames(input)
-
-	if string(result) != string(input) {
-		t.Errorf("expected no modification for correctly-cased tool, got %s", string(result))
-	}
-}
-
-func TestNormalizeAmpToolNames_GlobPreserved(t *testing.T) {
-	input := []byte(`{"content":[{"type":"tool_use","id":"toolu_01","name":"glob","input":{"pattern":"*.go"}}]}`)
-	result := normalizeAmpToolNames(input)
-
-	if string(result) != string(input) {
-		t.Errorf("expected glob to remain lowercase, got %s", string(result))
-	}
-}
-
-func TestNormalizeAmpToolNames_UnknownToolUntouched(t *testing.T) {
-	input := []byte(`{"content":[{"type":"tool_use","id":"toolu_01","name":"edit_file","input":{"path":"/tmp/x"}}]}`)
-	result := normalizeAmpToolNames(input)
-
-	if string(result) != string(input) {
-		t.Errorf("expected no modification for unknown tool, got %s", string(result))
-	}
-}
-
 func contains(data, substr []byte) bool {
 	for i := 0; i <= len(data)-len(substr); i++ {
 		if string(data[i:i+len(substr)]) == string(substr) {
@@ -9,11 +9,11 @@ import (
 	"strings"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers/claude"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers/gemini"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers/openai"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/claude"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/gemini"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/openai"
 	log "github.com/sirupsen/logrus"
 )

@@ -21,12 +21,12 @@ import (
 // from gin.Context to the request context for SecretSource lookup.
 type clientAPIKeyContextKey struct{}

-// clientAPIKeyMiddleware injects the authenticated client API key from gin.Context["userApiKey"]
+// clientAPIKeyMiddleware injects the authenticated client API key from gin.Context["apiKey"]
 // into the request context so that SecretSource can look it up for per-client upstream routing.
 func clientAPIKeyMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// Extract the client API key from gin context (set by AuthMiddleware)
-		if apiKey, exists := c.Get("userApiKey"); exists {
+		if apiKey, exists := c.Get("apiKey"); exists {
 			if keyStr, ok := apiKey.(string); ok && keyStr != "" {
 				// Inject into request context for SecretSource.Get(ctx) to read
 				ctx := context.WithValue(c.Request.Context(), clientAPIKeyContextKey{}, keyStr)
@@ -199,7 +199,6 @@ func (m *AmpModule) registerManagementRoutes(engine *gin.Engine, baseHandler *ha
 	ampAPI.Any("/telemetry/*path", proxyHandler)
 	ampAPI.Any("/threads", proxyHandler)
 	ampAPI.Any("/threads/*path", proxyHandler)
-	ampAPI.Any("/thread-actors", proxyHandler)
 	ampAPI.Any("/otel", proxyHandler)
 	ampAPI.Any("/otel/*path", proxyHandler)
 	ampAPI.Any("/tab", proxyHandler)
@@ -6,7 +6,7 @@ import (
 	"testing"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers"
 )

 func TestRegisterManagementRoutes(t *testing.T) {
@@ -49,7 +49,6 @@ func TestRegisterManagementRoutes(t *testing.T) {
 		{"/api/meta", http.MethodGet},
 		{"/api/telemetry", http.MethodGet},
 		{"/api/threads", http.MethodGet},
-		{"/api/thread-actors", http.MethodPost},
 		{"/threads/", http.MethodGet},
 		{"/threads.rss", http.MethodGet}, // Root-level route (no /api prefix)
 		{"/api/otel", http.MethodGet},
@@ -10,7 +10,7 @@ import (
 	"sync"
 	"time"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	log "github.com/sirupsen/logrus"
 )

@@ -9,7 +9,7 @@ import (
 	"testing"
 	"time"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	log "github.com/sirupsen/logrus"
 	"github.com/sirupsen/logrus/hooks/test"
 )
@@ -6,8 +6,8 @@ import (
 	"fmt"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers"
 )

 // Context encapsulates the dependencies exposed to routing modules during
@@ -1,68 +0,0 @@
-package api
-
-import (
-	"net"
-	"sync"
-)
-
-type muxListener struct {
-	addr    net.Addr
-	connCh  chan net.Conn
-	closeCh chan struct{}
-	once    sync.Once
-}
-
-func newMuxListener(addr net.Addr, buffer int) *muxListener {
-	if buffer <= 0 {
-		buffer = 1
-	}
-	return &muxListener{
-		addr:    addr,
-		connCh:  make(chan net.Conn, buffer),
-		closeCh: make(chan struct{}),
-	}
-}
-
-func (l *muxListener) Put(conn net.Conn) error {
-	if conn == nil {
-		return nil
-	}
-	select {
-	case <-l.closeCh:
-		return net.ErrClosed
-	case l.connCh <- conn:
-		return nil
-	}
-}
-
-func (l *muxListener) Accept() (net.Conn, error) {
-	select {
-	case <-l.closeCh:
-		return nil, net.ErrClosed
-	case conn := <-l.connCh:
-		if conn == nil {
-			return nil, net.ErrClosed
-		}
-		return conn, nil
-	}
-}
-
-func (l *muxListener) Close() error {
-	if l == nil {
-		return nil
-	}
-	l.once.Do(func() {
-		close(l.closeCh)
-	})
-	return nil
-}
-
-func (l *muxListener) Addr() net.Addr {
-	if l == nil {
-		return &net.TCPAddr{}
-	}
-	if l.addr == nil {
-		return &net.TCPAddr{}
-	}
-	return l.addr
-}
@@ -1,125 +0,0 @@
-package api
-
-import (
-	"bufio"
-	"crypto/tls"
-	"errors"
-	"net"
-	"net/http"
-	"strings"
-	"time"
-
-	log "github.com/sirupsen/logrus"
-)
-
-func normalizeHTTPServeError(err error) error {
-	if err == nil {
-		return nil
-	}
-	if errors.Is(err, net.ErrClosed) {
-		return nil
-	}
-	if errors.Is(err, http.ErrServerClosed) {
-		return nil
-	}
-	return err
-}
-
-func normalizeListenerError(err error) error {
-	if err == nil {
-		return nil
-	}
-	if errors.Is(err, net.ErrClosed) {
-		return nil
-	}
-	return err
-}
-
-func (s *Server) acceptMuxConnections(listener net.Listener, httpListener *muxListener) error {
-	if s == nil || listener == nil {
-		return net.ErrClosed
-	}
-
-	for {
-		conn, errAccept := listener.Accept()
-		if errAccept != nil {
-			return errAccept
-		}
-		if conn == nil {
-			continue
-		}
-
-		// Dispatch each connection to a goroutine so that slow/idle clients
-		// cannot block the accept loop. Previously, TLS handshake and
-		// reader.Peek(1) were performed inline; an idle TCP connection that
-		// never sent bytes would block Peek indefinitely, preventing all
-		// subsequent connections from being accepted (issue #3267).
-		go s.routeMuxConnection(conn, httpListener)
-	}
-}
-
-// routeMuxConnection performs per-connection protocol detection and routing.
-func (s *Server) routeMuxConnection(conn net.Conn, httpListener *muxListener) {
-	// Set a read deadline so that idle connections that never send bytes do not
-	// leak goroutines and file descriptors. The deadline is cleared once the
-	// connection is successfully routed to its handler.
-	const muxSniffDeadline = 10 * time.Second
-	_ = conn.SetReadDeadline(time.Now().Add(muxSniffDeadline))
-
-	tlsConn, ok := conn.(*tls.Conn)
-	if ok {
-		if errHandshake := tlsConn.Handshake(); errHandshake != nil {
-			if errClose := conn.Close(); errClose != nil {
-				log.Errorf("failed to close connection after TLS handshake error: %v", errClose)
-			}
-			return
-		}
-		proto := strings.TrimSpace(tlsConn.ConnectionState().NegotiatedProtocol)
-		if proto == "h2" || proto == "http/1.1" {
-			if httpListener == nil {
-				if errClose := conn.Close(); errClose != nil {
-					log.Errorf("failed to close connection: %v", errClose)
-				}
-				return
-			}
-			if errPut := httpListener.Put(tlsConn); errPut != nil {
-				if errClose := conn.Close(); errClose != nil {
-					log.Errorf("failed to close connection after HTTP routing failure: %v", errClose)
-				}
-			} else {
-				_ = conn.SetReadDeadline(time.Time{})
-			}
-			return
-		}
-	}
-
-	reader := bufio.NewReader(conn)
-	prefix, errPeek := reader.Peek(1)
-	if errPeek != nil {
-		if errClose := conn.Close(); errClose != nil {
-			log.Errorf("failed to close connection after protocol peek failure: %v", errClose)
-		}
-		return
-	}
-
-	if isRedisRESPPrefix(prefix[0]) {
-		_ = conn.SetReadDeadline(time.Time{})
-		s.handleRedisConnection(conn, reader)
-		return
-	}
-
-	if httpListener == nil {
-		if errClose := conn.Close(); errClose != nil {
-			log.Errorf("failed to close connection without HTTP listener: %v", errClose)
-		}
-		return
-	}
-
-	if errPut := httpListener.Put(&bufferedConn{Conn: conn, reader: reader}); errPut != nil {
-		if errClose := conn.Close(); errClose != nil {
-			log.Errorf("failed to close connection after HTTP routing failure: %v", errClose)
-		}
-	} else {
-		_ = conn.SetReadDeadline(time.Time{})
-	}
-}
@@ -1,65 +0,0 @@
-package api
-
-import (
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"sync/atomic"
-	"testing"
-	"time"
-)
-
-func TestAcceptMuxNotBlockedByIdleConnection(t *testing.T) {
-	listener, err := net.Listen("tcp", "127.0.0.1:0")
-	if err != nil {
-		t.Fatalf("failed to listen: %v", err)
-	}
-	defer listener.Close()
-
-	var routed atomic.Int32
-	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		routed.Add(1)
-		w.WriteHeader(http.StatusOK)
-	})
-	srv := httptest.NewUnstartedServer(handler)
-	defer srv.Close()
-
-	muxLn := newMuxListener(listener.Addr(), 1024)
-	server := &Server{managementRoutesEnabled: atomic.Bool{}}
-	server.managementRoutesEnabled.Store(false)
-
-	errCh := make(chan error, 1)
-	go func() {
-		errCh <- server.acceptMuxConnections(listener, muxLn)
-	}()
-
-	srv.Listener = muxLn
-	srv.Start()
-
-	// Open an idle TCP connection that never sends any bytes.
-	idleConn, err := net.DialTimeout("tcp", listener.Addr().String(), 2*time.Second)
-	if err != nil {
-		t.Fatalf("failed to dial idle connection: %v", err)
-	}
-	defer idleConn.Close()
-
-	// Give the accept loop time to pick up the idle connection.
-	time.Sleep(50 * time.Millisecond)
-
-	// Send a real HTTP request. Before the fix, the accept loop would be
-	// blocked on Peek(1) for the idle connection, causing this request to
-	// time out.
-	client := &http.Client{Timeout: 3 * time.Second}
-	resp, err := client.Get("http://" + listener.Addr().String() + "/")
-	if err != nil {
-		listener.Close()
-		t.Fatalf("HTTP request failed (accept loop may be blocked by idle connection): %v", err)
-	}
-	resp.Body.Close()
-
-	listener.Close()
-
-	if routed.Load() == 0 {
-		t.Error("expected at least one request to be routed")
-	}
-}
@@ -1,574 +0,0 @@
-package api
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/redisqueue"
-	log "github.com/sirupsen/logrus"
-)
-
-const redisUsageChannel = "usage"
-
-type redisSubscriptionCommand struct {
-	args []string
-	err  error
-}
-
-func isRedisRESPPrefix(prefix byte) bool {
-	switch prefix {
-	case '*', '$', '+', '-', ':':
-		return true
-	default:
-		return false
-	}
-}
-
-func (s *Server) handleRedisConnection(conn net.Conn, reader *bufio.Reader) {
-	if s == nil || conn == nil {
-		return
-	}
-	if reader == nil {
-		reader = bufio.NewReader(conn)
-	}
-
-	clientIP, localClient := resolveRemoteIP(conn.RemoteAddr())
-	authed := false
-	writer := bufio.NewWriter(conn)
-	defer func() {
-		if errClose := conn.Close(); errClose != nil {
-			log.Errorf("redis connection close error: %v", errClose)
-		}
-	}()
-
-	flush := func() bool {
-		if errFlush := writer.Flush(); errFlush != nil {
-			log.Errorf("redis protocol flush error: %v", errFlush)
-			return false
-		}
-		return true
-	}
-
-	if s.cfg != nil && s.cfg.Home.Enabled {
-		_ = writeRedisError(writer, "ERR redis usage output disabled in home mode")
-		_ = writer.Flush()
-		return
-	}
-
-	for {
-		if !s.managementRoutesEnabled.Load() {
-			return
-		}
-
-		args, errRead := readRESPArray(reader)
-		if errRead != nil {
-			if !errors.Is(errRead, io.EOF) {
-				_ = writeRedisError(writer, "ERR "+errRead.Error())
-				_ = writer.Flush()
-			}
-			return
-		}
-		if len(args) == 0 {
-			_ = writeRedisError(writer, "ERR empty command")
-			if !flush() {
-				return
-			}
-			continue
-		}
-
-		cmd := strings.ToUpper(strings.TrimSpace(args[0]))
-
-		if cmd != "AUTH" && !authed {
-			if s.mgmt != nil {
-				_, statusCode, errMsg := s.mgmt.AuthenticateManagementKey(clientIP, localClient, "")
-				if statusCode == http.StatusForbidden && strings.HasPrefix(errMsg, "IP banned due to too many failed attempts") {
-					_ = writeRedisError(writer, "ERR "+errMsg)
-				} else {
-					_ = writeRedisError(writer, "NOAUTH Authentication required.")
-				}
-			} else {
-				_ = writeRedisError(writer, "NOAUTH Authentication required.")
-			}
-			if !flush() {
-				return
-			}
-			continue
-		}
-
-		switch cmd {
-		case "AUTH":
-			password, ok := parseAuthPassword(args)
-			if !ok {
-				if s.mgmt != nil {
-					_, statusCode, errMsg := s.mgmt.AuthenticateManagementKey(clientIP, localClient, "")
-					if statusCode == http.StatusForbidden && strings.HasPrefix(errMsg, "IP banned due to too many failed attempts") {
-						_ = writeRedisError(writer, "ERR "+errMsg)
-						if !flush() {
-							return
-						}
-						continue
-					}
-				}
-				_ = writeRedisError(writer, "ERR wrong number of arguments for 'auth' command")
-				if !flush() {
-					return
-				}
-				continue
-			}
-			if s.mgmt == nil {
-				_ = writeRedisError(writer, "ERR remote management disabled")
-				if !flush() {
-					return
-				}
-				continue
-			}
-			allowed, _, errMsg := s.mgmt.AuthenticateManagementKey(clientIP, localClient, password)
-			if !allowed {
-				_ = writeRedisError(writer, "ERR "+errMsg)
-				if !flush() {
-					return
-				}
-				continue
-			}
-			authed = true
-			_ = writeRedisSimpleString(writer, "OK")
-			if !flush() {
-				return
-			}
-		case "SUBSCRIBE":
-			channel, ok := parseSubscribeChannel(args)
-			if !ok {
-				_ = writeRedisError(writer, "ERR wrong number of arguments for 'subscribe' command")
-				if !flush() {
-					return
-				}
-				continue
-			}
-			if !strings.EqualFold(channel, redisUsageChannel) {
-				_ = writeRedisError(writer, fmt.Sprintf("ERR unsupported channel '%s'", channel))
-				if !flush() {
-					return
-				}
-				continue
-			}
-			messages, unsubscribe := redisqueue.SubscribeUsage()
-			if errWrite := writeRedisPubSubSubscribe(writer, redisUsageChannel, 1); errWrite != nil {
-				unsubscribe()
-				log.Errorf("redis protocol subscribe response error: %v", errWrite)
-				return
-			}
-			if !flush() {
-				unsubscribe()
-				return
-			}
-			s.streamRedisUsageSubscription(reader, writer, messages, unsubscribe)
-			return
-		case "LPOP", "RPOP":
-			count, hasCount, ok := parsePopCount(args)
-			if !ok {
-				_ = writeRedisError(writer, "ERR wrong number of arguments for '"+strings.ToLower(cmd)+"' command")
-				if !flush() {
-					return
-				}
-				continue
-			}
-			if count <= 0 {
-				_ = writeRedisError(writer, "ERR value is not an integer or out of range")
-				if !flush() {
-					return
-				}
-				continue
-			}
-			items := redisqueue.PopOldest(count)
-			if hasCount {
-				_ = writeRedisArrayOfBulkStrings(writer, items)
-				if !flush() {
-					return
-				}
-				continue
-			}
-			if len(items) == 0 {
-				_ = writeRedisNilBulkString(writer)
-				if !flush() {
-					return
-				}
-				continue
-			}
-			_ = writeRedisBulkString(writer, items[0])
-			if !flush() {
-				return
-			}
-		default:
-			_ = writeRedisError(writer, fmt.Sprintf("ERR unknown command '%s'", strings.ToLower(cmd)))
-			if !flush() {
-				return
-			}
-		}
-	}
-}
-
-func (s *Server) streamRedisUsageSubscription(reader *bufio.Reader, writer *bufio.Writer, messages <-chan []byte, unsubscribe func()) {
-	if unsubscribe == nil {
-		return
-	}
-	defer unsubscribe()
-
-	done := make(chan struct{})
-	defer close(done)
-
-	commands := make(chan redisSubscriptionCommand, 1)
-	go readRedisSubscriptionCommands(reader, commands, done)
-
-	for {
-		select {
-		case msg, ok := <-messages:
-			if !ok {
-				return
-			}
-			if errWrite := writeRedisPubSubMessage(writer, redisUsageChannel, msg); errWrite != nil {
-				log.Errorf("redis protocol publish message error: %v", errWrite)
-				return
-			}
-			if errFlush := writer.Flush(); errFlush != nil {
-				log.Errorf("redis protocol flush error: %v", errFlush)
-				return
-			}
-		case command, ok := <-commands:
-			if !ok {
-				return
-			}
-			keepOpen := handleRedisSubscriptionCommand(writer, command)
-			if errFlush := writer.Flush(); errFlush != nil {
-				log.Errorf("redis protocol flush error: %v", errFlush)
-				return
-			}
-			if !keepOpen {
-				return
-			}
-		}
-	}
-}
-
-func readRedisSubscriptionCommands(reader *bufio.Reader, commands chan<- redisSubscriptionCommand, done <-chan struct{}) {
-	defer close(commands)
-
-	for {
-		args, errRead := readRESPArray(reader)
-		if errRead != nil {
-			if !errors.Is(errRead, io.EOF) {
-				select {
-				case commands <- redisSubscriptionCommand{err: errRead}:
-				case <-done:
-				}
-			}
-			return
-		}
-		select {
-		case commands <- redisSubscriptionCommand{args: args}:
-		case <-done:
-			return
-		}
-	}
-}
-
-func handleRedisSubscriptionCommand(writer *bufio.Writer, command redisSubscriptionCommand) bool {
-	if command.err != nil {
-		_ = writeRedisError(writer, "ERR "+command.err.Error())
-		return false
-	}
-	if len(command.args) == 0 {
-		_ = writeRedisError(writer, "ERR empty command")
-		return true
-	}
-
-	cmd := strings.ToUpper(strings.TrimSpace(command.args[0]))
-	switch cmd {
-	case "PING":
-		payload := []byte(nil)
-		if len(command.args) > 1 {
-			payload = []byte(command.args[1])
-		}
-		_ = writeRedisPubSubPong(writer, payload)
-		return true
-	case "UNSUBSCRIBE":
-		_ = writeRedisPubSubUnsubscribe(writer, redisUsageChannel, 0)
-		return false
-	case "QUIT":
-		_ = writeRedisSimpleString(writer, "OK")
-		return false
-	default:
-		_ = writeRedisError(writer, fmt.Sprintf("ERR unknown command '%s'", strings.ToLower(cmd)))
-		return true
-	}
-}
-
-func resolveRemoteIP(addr net.Addr) (ip string, localClient bool) {
-	if addr == nil {
-		return "", false
-	}
-
-	var host string
-	switch a := addr.(type) {
-	case *net.TCPAddr:
-		if a != nil && a.IP != nil {
-			if ip4 := a.IP.To4(); ip4 != nil {
-				host = ip4.String()
-			} else {
-				host = a.IP.String()
-			}
-		}
-	default:
-		host = addr.String()
-		if h, _, errSplit := net.SplitHostPort(host); errSplit == nil {
-			host = h
-		}
-		host = strings.TrimSpace(host)
-		if raw, _, ok := strings.Cut(host, "%"); ok {
-			host = raw
-		}
-		if parsed := net.ParseIP(host); parsed != nil {
-			if ip4 := parsed.To4(); ip4 != nil {
-				host = ip4.String()
-			} else {
-				host = parsed.String()
-			}
-		}
-	}
-
-	host = strings.TrimSpace(host)
-	localClient = host == "127.0.0.1" || host == "::1"
-	return host, localClient
-}
-
-func parseAuthPassword(args []string) (string, bool) {
-	switch len(args) {
-	case 2:
-		return args[1], true
-	case 3:
-		return args[2], true
-	default:
-		return "", false
-	}
-}
-
-func parseSubscribeChannel(args []string) (string, bool) {
-	if len(args) != 2 {
-		return "", false
-	}
-	return strings.TrimSpace(args[1]), true
-}
-
-func parsePopCount(args []string) (count int, hasCount bool, ok bool) {
-	if len(args) != 2 && len(args) != 3 {
-		return 0, false, false
-	}
-	if len(args) == 2 {
-		return 1, false, true
-	}
-	parsed, errParse := strconv.Atoi(strings.TrimSpace(args[2]))
-	if errParse != nil {
-		return 0, true, true
-	}
-	return parsed, true, true
-}
-
-func readRESPArray(reader *bufio.Reader) ([]string, error) {
-	prefix, errRead := reader.ReadByte()
-	if errRead != nil {
-		return nil, errRead
-	}
-	if prefix != '*' {
-		return nil, fmt.Errorf("protocol error")
-	}
-	line, errLine := readRESPLine(reader)
-	if errLine != nil {
-		return nil, errLine
-	}
-	count, errParse := strconv.Atoi(line)
-	if errParse != nil || count < 0 {
-		return nil, fmt.Errorf("protocol error")
-	}
-	args := make([]string, 0, count)
-	for i := 0; i < count; i++ {
-		value, errString := readRESPString(reader)
-		if errString != nil {
-			return nil, errString
-		}
-		args = append(args, value)
-	}
-	return args, nil
-}
-
-func readRESPString(reader *bufio.Reader) (string, error) {
-	prefix, errRead := reader.ReadByte()
-	if errRead != nil {
-		return "", errRead
-	}
-	switch prefix {
-	case '$':
-		return readRESPBulkString(reader)
-	case '+', ':':
-		return readRESPLine(reader)
-	default:
-		return "", fmt.Errorf("protocol error")
-	}
-}
-
-func readRESPBulkString(reader *bufio.Reader) (string, error) {
-	line, errLine := readRESPLine(reader)
-	if errLine != nil {
-		return "", errLine
-	}
-	length, errParse := strconv.Atoi(line)
-	if errParse != nil {
-		return "", fmt.Errorf("protocol error")
-	}
-	if length < 0 {
-		return "", nil
-	}
-	buf := make([]byte, length+2)
-	if _, errRead := io.ReadFull(reader, buf); errRead != nil {
-		return "", errRead
-	}
-	if length+2 < 2 || buf[length] != '\r' || buf[length+1] != '\n' {
-		return "", fmt.Errorf("protocol error")
-	}
-	return string(buf[:length]), nil
-}
-
-func readRESPLine(reader *bufio.Reader) (string, error) {
-	line, errRead := reader.ReadString('\n')
-	if errRead != nil {
-		return "", errRead
-	}
-	line = strings.TrimSuffix(line, "\n")
-	line = strings.TrimSuffix(line, "\r")
-	return line, nil
-}
-
-func writeRedisSimpleString(writer *bufio.Writer, value string) error {
-	if writer == nil {
-		return net.ErrClosed
-	}
-	_, errWrite := writer.WriteString("+" + value + "\r\n")
-	return errWrite
-}
-
-func writeRedisError(writer *bufio.Writer, message string) error {
-	if writer == nil {
-		return net.ErrClosed
-	}
-	_, errWrite := writer.WriteString("-" + message + "\r\n")
-	return errWrite
-}
-
-func writeRedisNilBulkString(writer *bufio.Writer) error {
-	if writer == nil {
-		return net.ErrClosed
-	}
-	_, errWrite := writer.WriteString("$-1\r\n")
-	return errWrite
-}
-
-func writeRedisBulkString(writer *bufio.Writer, payload []byte) error {
-	if writer == nil {
-		return net.ErrClosed
-	}
-	if payload == nil {
-		return writeRedisNilBulkString(writer)
-	}
-	if _, errWrite := writer.WriteString("$" + strconv.Itoa(len(payload)) + "\r\n"); errWrite != nil {
-		return errWrite
-	}
-	if _, errWrite := writer.Write(payload); errWrite != nil {
-		return errWrite
-	}
-	_, errWrite := writer.WriteString("\r\n")
-	return errWrite
-}
-
-func writeRedisArrayOfBulkStrings(writer *bufio.Writer, items [][]byte) error {
-	if writer == nil {
-		return net.ErrClosed
-	}
-	if _, errWrite := writer.WriteString("*" + strconv.Itoa(len(items)) + "\r\n"); errWrite != nil {
-		return errWrite
-	}
-	for i := range items {
-		if errWrite := writeRedisBulkString(writer, items[i]); errWrite != nil {
-			return errWrite
-		}
-	}
-	return nil
-}
-
-func writeRedisInteger(writer *bufio.Writer, value int) error {
-	if writer == nil {
-		return net.ErrClosed
-	}
-	_, errWrite := writer.WriteString(":" + strconv.Itoa(value) + "\r\n")
-	return errWrite
-}
-
-func writeRedisArrayHeader(writer *bufio.Writer, count int) error {
-	if writer == nil {
-		return net.ErrClosed
-	}
-	_, errWrite := writer.WriteString("*" + strconv.Itoa(count) + "\r\n")
-	return errWrite
-}
-
-func writeRedisPubSubSubscribe(writer *bufio.Writer, channel string, count int) error {
-	if errWrite := writeRedisArrayHeader(writer, 3); errWrite != nil {
-		return errWrite
-	}
-	if errWrite := writeRedisBulkString(writer, []byte("subscribe")); errWrite != nil {
-		return errWrite
-	}
-	if errWrite := writeRedisBulkString(writer, []byte(channel)); errWrite != nil {
-		return errWrite
-	}
-	return writeRedisInteger(writer, count)
-}
-
-func writeRedisPubSubUnsubscribe(writer *bufio.Writer, channel string, count int) error {
-	if errWrite := writeRedisArrayHeader(writer, 3); errWrite != nil {
-		return errWrite
-	}
-	if errWrite := writeRedisBulkString(writer, []byte("unsubscribe")); errWrite != nil {
-		return errWrite
-	}
-	if errWrite := writeRedisBulkString(writer, []byte(channel)); errWrite != nil {
-		return errWrite
-	}
-	return writeRedisInteger(writer, count)
-}
-
-func writeRedisPubSubMessage(writer *bufio.Writer, channel string, payload []byte) error {
-	if errWrite := writeRedisArrayHeader(writer, 3); errWrite != nil {
-		return errWrite
-	}
-	if errWrite := writeRedisBulkString(writer, []byte("message")); errWrite != nil {
-		return errWrite
-	}
-	if errWrite := writeRedisBulkString(writer, []byte(channel)); errWrite != nil {
-		return errWrite
-	}
-	return writeRedisBulkString(writer, payload)
-}
-
-func writeRedisPubSubPong(writer *bufio.Writer, payload []byte) error {
-	if errWrite := writeRedisArrayHeader(writer, 2); errWrite != nil {
-		return errWrite
-	}
-	if errWrite := writeRedisBulkString(writer, []byte("pong")); errWrite != nil {
-		return errWrite
-	}
-	return writeRedisBulkString(writer, payload)
-}
@@ -1,329 +0,0 @@
-package api
-
-import (
-	"bufio"
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"strconv"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/redisqueue"
-)
-
-func startRedisMuxListener(t *testing.T, server *Server) (addr string, stop func()) {
-	t.Helper()
-
-	listener, errListen := net.Listen("tcp", "127.0.0.1:0")
-	if errListen != nil {
-		t.Fatalf("failed to listen: %v", errListen)
-	}
-
-	errCh := make(chan error, 1)
-	go func() {
-		errCh <- server.acceptMuxConnections(listener, nil)
-	}()
-
-	stop = func() {
-		_ = listener.Close()
-		select {
-		case err := <-errCh:
-			if err != nil && !errors.Is(err, net.ErrClosed) {
-				t.Errorf("accept loop returned unexpected error: %v", err)
-			}
-		case <-time.After(2 * time.Second):
-			t.Errorf("timeout waiting for accept loop to exit")
-		}
-	}
-
-	return listener.Addr().String(), stop
-}
-
-func writeTestRESPCommand(conn net.Conn, args ...string) error {
-	if conn == nil {
-		return net.ErrClosed
-	}
-	if len(args) == 0 {
-		return nil
-	}
-
-	var buf bytes.Buffer
-	fmt.Fprintf(&buf, "*%d\r\n", len(args))
-	for _, arg := range args {
-		fmt.Fprintf(&buf, "$%d\r\n%s\r\n", len(arg), arg)
-	}
-	_, err := conn.Write(buf.Bytes())
-	return err
-}
-
-func readTestRESPLine(r *bufio.Reader) (string, error) {
-	line, err := r.ReadString('\n')
-	if err != nil {
-		return "", err
-	}
-	if !strings.HasSuffix(line, "\r\n") {
-		return "", fmt.Errorf("invalid RESP line terminator: %q", line)
-	}
-	return strings.TrimSuffix(line, "\r\n"), nil
-}
-
-func readTestRESPError(r *bufio.Reader) (string, error) {
-	prefix, err := r.ReadByte()
-	if err != nil {
-		return "", err
-	}
-	if prefix != '-' {
-		return "", fmt.Errorf("expected error prefix '-', got %q", prefix)
-	}
-	return readTestRESPLine(r)
-}
-
-func readTestRESPSimpleString(r *bufio.Reader) (string, error) {
-	prefix, errRead := r.ReadByte()
-	if errRead != nil {
-		return "", errRead
-	}
-	if prefix != '+' {
-		return "", fmt.Errorf("expected simple string prefix '+', got %q", prefix)
-	}
-	return readTestRESPLine(r)
-}
-
-func readTestRESPBulkString(r *bufio.Reader) ([]byte, error) {
-	prefix, errRead := r.ReadByte()
-	if errRead != nil {
-		return nil, errRead
-	}
-	if prefix != '$' {
-		return nil, fmt.Errorf("expected bulk string prefix '$', got %q", prefix)
-	}
-
-	line, errLine := readTestRESPLine(r)
-	if errLine != nil {
-		return nil, errLine
-	}
-	length, errParse := strconv.Atoi(line)
-	if errParse != nil {
-		return nil, fmt.Errorf("invalid bulk string length %q: %v", line, errParse)
-	}
-	if length == -1 {
-		return nil, nil
-	}
-	if length < -1 {
-		return nil, fmt.Errorf("invalid bulk string length %d", length)
-	}
-
-	payload := make([]byte, length+2)
-	if _, errRead := io.ReadFull(r, payload); errRead != nil {
-		return nil, errRead
-	}
-	if payload[length] != '\r' || payload[length+1] != '\n' {
-		return nil, fmt.Errorf("invalid bulk string terminator")
-	}
-	return payload[:length], nil
-}
-
-func readRESPArrayOfBulkStrings(r *bufio.Reader) ([][]byte, error) {
-	prefix, errRead := r.ReadByte()
-	if errRead != nil {
-		return nil, errRead
-	}
-	if prefix != '*' {
-		return nil, fmt.Errorf("expected array prefix '*', got %q", prefix)
-	}
-
-	line, errLine := readTestRESPLine(r)
-	if errLine != nil {
-		return nil, errLine
-	}
-	count, errParse := strconv.Atoi(line)
-	if errParse != nil {
-		return nil, fmt.Errorf("invalid array length %q: %v", line, errParse)
-	}
-	if count < 0 {
-		return nil, fmt.Errorf("invalid array length %d", count)
-	}
-
-	out := make([][]byte, 0, count)
-	for i := 0; i < count; i++ {
-		item, errItem := readTestRESPBulkString(r)
-		if errItem != nil {
-			return nil, errItem
-		}
-		out = append(out, item)
-	}
-	return out, nil
-}
-
-func TestRedisProtocol_ManagementDisabled_RejectsConnection(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "")
-	redisqueue.SetEnabled(false)
-
-	server := newTestServer(t)
-	if server.managementRoutesEnabled.Load() {
-		t.Fatalf("expected managementRoutesEnabled to be false")
-	}
-
-	addr, stop := startRedisMuxListener(t, server)
-	t.Cleanup(stop)
-
-	conn, errDial := net.DialTimeout("tcp", addr, time.Second)
-	if errDial != nil {
-		t.Fatalf("failed to dial redis listener: %v", errDial)
-	}
-	t.Cleanup(func() { _ = conn.Close() })
-
-	_ = conn.SetDeadline(time.Now().Add(2 * time.Second))
-	if errWrite := writeTestRESPCommand(conn, "PING"); errWrite != nil {
-		t.Fatalf("failed to write RESP command: %v", errWrite)
-	}
-
-	buf := make([]byte, 1)
-	_, errRead := conn.Read(buf)
-	if errRead == nil {
-		t.Fatalf("expected connection to be closed when management is disabled")
-	}
-	if ne, ok := errRead.(net.Error); ok && ne.Timeout() {
-		t.Fatalf("expected connection to be closed when management is disabled, got timeout: %v", errRead)
-	}
-}
-
-func TestRedisProtocol_HomeEnabled_DisablesConnection(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "test-management-password")
-	redisqueue.SetEnabled(false)
-	t.Cleanup(func() { redisqueue.SetEnabled(false) })
-
-	server := newTestServer(t)
-	if !server.managementRoutesEnabled.Load() {
-		t.Fatalf("expected managementRoutesEnabled to be true")
-	}
-	if server.cfg == nil {
-		t.Fatalf("expected server cfg to be non-nil")
-	}
-	server.cfg.Home.Enabled = true
-	redisqueue.SetEnabled(true)
-
-	addr, stop := startRedisMuxListener(t, server)
-	t.Cleanup(stop)
-
-	conn, errDial := net.DialTimeout("tcp", addr, time.Second)
-	if errDial != nil {
-		t.Fatalf("failed to dial redis listener: %v", errDial)
-	}
-	t.Cleanup(func() { _ = conn.Close() })
-
-	_ = conn.SetDeadline(time.Now().Add(2 * time.Second))
-	_ = writeTestRESPCommand(conn, "PING")
-
-	if msg, err := readTestRESPError(bufio.NewReader(conn)); err != nil {
-		t.Fatalf("failed to read home-mode RESP error: %v", err)
-	} else if msg != "ERR redis usage output disabled in home mode" {
-		t.Fatalf("unexpected disabled RESP error: %q", msg)
-	}
-
-	buf := make([]byte, 1)
-	_, errRead := conn.Read(buf)
-	if errRead == nil {
-		t.Fatalf("expected connection to be closed after home-mode RESP error")
-	}
-	if ne, ok := errRead.(net.Error); ok && ne.Timeout() {
-		t.Fatalf("expected connection to be closed after home-mode RESP error, got timeout: %v", errRead)
-	}
-}
-
-func TestRedisProtocol_AUTH_And_PopContracts(t *testing.T) {
-	const managementPassword = "test-management-password"
-
-	t.Setenv("MANAGEMENT_PASSWORD", managementPassword)
-	redisqueue.SetEnabled(false)
-	t.Cleanup(func() { redisqueue.SetEnabled(false) })
-
-	server := newTestServer(t)
-	if !server.managementRoutesEnabled.Load() {
-		t.Fatalf("expected managementRoutesEnabled to be true")
-	}
-
-	addr, stop := startRedisMuxListener(t, server)
-	t.Cleanup(stop)
-
-	conn, errDial := net.DialTimeout("tcp", addr, time.Second)
-	if errDial != nil {
-		t.Fatalf("failed to dial redis listener: %v", errDial)
-	}
-	t.Cleanup(func() { _ = conn.Close() })
-
-	reader := bufio.NewReader(conn)
-
-	_ = conn.SetDeadline(time.Now().Add(5 * time.Second))
-
-	if errWrite := writeTestRESPCommand(conn, "AUTH", managementPassword); errWrite != nil {
-		t.Fatalf("failed to write AUTH command: %v", errWrite)
-	}
-	if msg, errRead := readTestRESPSimpleString(reader); errRead != nil {
-		t.Fatalf("failed to read AUTH response: %v", errRead)
-	} else if msg != "OK" {
-		t.Fatalf("unexpected AUTH response: %q", msg)
-	}
-
-	if !redisqueue.Enabled() {
-		t.Fatalf("expected redisqueue to be enabled")
-	}
-	redisqueue.Enqueue([]byte("a"))
-	redisqueue.Enqueue([]byte("b"))
-	redisqueue.Enqueue([]byte("c"))
-
-	if errWrite := writeTestRESPCommand(conn, "RPOP", "usage"); errWrite != nil {
-		t.Fatalf("failed to write RPOP command: %v", errWrite)
-	}
-	if item, errRead := readTestRESPBulkString(reader); errRead != nil {
-		t.Fatalf("failed to read RPOP response: %v", errRead)
-	} else if string(item) != "a" {
-		t.Fatalf("unexpected RPOP item: %q", string(item))
-	}
-
-	if errWrite := writeTestRESPCommand(conn, "LPOP", "usage"); errWrite != nil {
-		t.Fatalf("failed to write LPOP command: %v", errWrite)
-	}
-	if item, errRead := readTestRESPBulkString(reader); errRead != nil {
-		t.Fatalf("failed to read LPOP response: %v", errRead)
-	} else if string(item) != "b" {
-		t.Fatalf("unexpected LPOP item: %q", string(item))
-	}
-
-	if errWrite := writeTestRESPCommand(conn, "RPOP", "usage", "10"); errWrite != nil {
-		t.Fatalf("failed to write RPOP count command: %v", errWrite)
-	}
-	items, errItems := readRESPArrayOfBulkStrings(reader)
-	if errItems != nil {
-		t.Fatalf("failed to read RPOP count response: %v", errItems)
-	}
-	if len(items) != 1 || string(items[0]) != "c" {
-		t.Fatalf("unexpected RPOP count items: %#v", items)
-	}
-
-	if errWrite := writeTestRESPCommand(conn, "LPOP", "usage"); errWrite != nil {
-		t.Fatalf("failed to write LPOP empty command: %v", errWrite)
-	}
-	item, errItem := readTestRESPBulkString(reader)
-	if errItem != nil {
-		t.Fatalf("failed to read LPOP empty response: %v", errItem)
-	}
-	if item != nil {
-		t.Fatalf("expected nil bulk string for empty queue, got %q", string(item))
-	}
-
-	if errWrite := writeTestRESPCommand(conn, "RPOP", "usage", "2"); errWrite != nil {
-		t.Fatalf("failed to write RPOP empty count command: %v", errWrite)
-	}
-	emptyItems, errEmpty := readRESPArrayOfBulkStrings(reader)
-	if errEmpty != nil {
-		t.Fatalf("failed to read RPOP empty count response: %v", errEmpty)
-	}
-	if len(emptyItems) != 0 {
-		t.Fatalf("expected empty array for empty queue with count, got %#v", emptyItems)
-	}
-}
@@ -7,43 +7,36 @@ package api
 import (
 	"context"
 	"crypto/subtle"
-	"crypto/tls"
-	"encoding/json"
 	"errors"
 	"fmt"
-	"net"
 	"net/http"
 	"os"
 	"path/filepath"
 	"reflect"
-	"sort"
 	"strings"
 	"sync"
 	"sync/atomic"
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/access"
-	managementHandlers "github.com/router-for-me/CLIProxyAPI/v7/internal/api/handlers/management"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/api/middleware"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/api/modules"
-	ampmodule "github.com/router-for-me/CLIProxyAPI/v7/internal/api/modules/amp"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/cache"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/home"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/managementasset"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/redisqueue"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
-	sdkaccess "github.com/router-for-me/CLIProxyAPI/v7/sdk/access"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers/claude"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers/gemini"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/api/handlers/openai"
-	sdkAuth "github.com/router-for-me/CLIProxyAPI/v7/sdk/auth"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/access"
+	managementHandlers "github.com/router-for-me/CLIProxyAPI/v6/internal/api/handlers/management"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/api/middleware"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/api/modules"
+	ampmodule "github.com/router-for-me/CLIProxyAPI/v6/internal/api/modules/amp"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/managementasset"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/usage"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
+	sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/claude"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/gemini"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/openai"
+	sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 	log "github.com/sirupsen/logrus"
-	"golang.org/x/net/http2"
 	"gopkg.in/yaml.v3"
 )

@@ -67,9 +60,7 @@ type ServerOption func(*serverOptionConfig)
 func defaultRequestLoggerFactory(cfg *config.Config, configPath string) logging.RequestLogger {
 	configDir := filepath.Dir(configPath)
 	logsDir := logging.ResolveLogDirectory(cfg)
-	logger := logging.NewFileRequestLogger(cfg.RequestLog, logsDir, configDir, cfg.ErrorLogsMaxFiles)
-	logger.SetHomeEnabled(cfg != nil && cfg.Home.Enabled)
-	return logger
+	return logging.NewFileRequestLogger(cfg.RequestLog, logsDir, configDir, cfg.ErrorLogsMaxFiles)
 }

 // WithMiddleware appends additional Gin middleware during server construction.
@@ -135,12 +126,6 @@ type Server struct {
 	// server is the underlying HTTP server.
 	server *http.Server

-	// muxBaseListener is the shared TCP listener used to serve both HTTP and Redis protocol traffic.
-	muxBaseListener net.Listener
-
-	// muxHTTPListener receives HTTP connections selected by the multiplexer.
-	muxHTTPListener *muxListener
-
 	// handlers contains the API handlers for processing requests.
 	handlers *handlers.BaseAPIHandler

@@ -276,7 +261,6 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk
 	}
 	managementasset.SetCurrentConfig(cfg)
 	auth.SetQuotaCooldownDisabled(cfg.DisableCooling)
-	applySignatureCacheConfig(nil, cfg)
 	// Initialize management handler
 	s.mgmt = managementHandlers.NewHandler(cfg, configFilePath, authManager)
 	if optionState.localPassword != "" {
@@ -289,10 +273,6 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk
 	}
 	s.localPassword = optionState.localPassword

-	// Home heartbeat gate: when home is enabled, block all endpoints with 503 until the
-	// subscribe-config heartbeat connection is healthy.
-	engine.Use(s.homeHeartbeatMiddleware())
-
 	// Setup routes
 	s.setupRoutes()

@@ -317,7 +297,6 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk
 	// or when a local management password is provided (e.g. TUI mode).
 	hasManagementSecret := cfg.RemoteManagement.SecretKey != "" || envManagementSecret || s.localPassword != ""
 	s.managementRoutesEnabled.Store(hasManagementSecret)
-	redisqueue.SetEnabled(hasManagementSecret || (cfg != nil && cfg.Home.Enabled))
 	if hasManagementSecret {
 		s.registerManagementRoutes()
 	}
@@ -335,42 +314,9 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk
 	return s
 }

-func (s *Server) homeHeartbeatMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		if s == nil || s.cfg == nil || !s.cfg.Home.Enabled {
-			c.Next()
-			return
-		}
-		if c != nil && c.Request != nil {
-			path := c.Request.URL.Path
-			if strings.HasPrefix(path, "/v0/management/") || path == "/v0/management" || path == "/management.html" {
-				c.Next()
-				return
-			}
-		}
-		client := home.Current()
-		if client == nil || !client.HeartbeatOK() {
-			c.AbortWithStatus(http.StatusServiceUnavailable)
-			return
-		}
-		c.Next()
-	}
-}
-
 // setupRoutes configures the API routes for the server.
 // It defines the endpoints and associates them with their respective handlers.
 func (s *Server) setupRoutes() {
-	healthzHandler := func(c *gin.Context) {
-		if c.Request.Method == http.MethodHead {
-			c.Status(http.StatusOK)
-			return
-		}
-
-		c.JSON(http.StatusOK, gin.H{"status": "ok"})
-	}
-	s.engine.GET("/healthz", healthzHandler)
-	s.engine.HEAD("/healthz", healthzHandler)
-
 	s.engine.GET("/management.html", s.serveManagementControlPanel)
 	openaiHandlers := openai.NewOpenAIAPIHandler(s.handlers)
 	geminiHandlers := gemini.NewGeminiAPIHandler(s.handlers)
@@ -385,13 +331,6 @@ func (s *Server) setupRoutes() {
 		v1.GET("/models", s.unifiedModelsHandler(openaiHandlers, claudeCodeHandlers))
 		v1.POST("/chat/completions", openaiHandlers.ChatCompletions)
 		v1.POST("/completions", openaiHandlers.Completions)
-		v1.POST("/images/generations", openaiHandlers.ImagesGenerations)
-		v1.POST("/images/edits", openaiHandlers.ImagesEdits)
-		v1.POST("/videos", openaiHandlers.VideosCreate)
-		v1.POST("/videos/generations", openaiHandlers.XAIVideosGenerations)
-		v1.POST("/videos/edits", openaiHandlers.XAIVideosEdits)
-		v1.POST("/videos/extensions", openaiHandlers.XAIVideosExtensions)
-		v1.GET("/videos/:request_id", openaiHandlers.XAIVideosRetrieve)
 		v1.POST("/messages", claudeCodeHandlers.ClaudeMessages)
 		v1.POST("/messages/count_tokens", claudeCodeHandlers.ClaudeCountTokens)
 		v1.GET("/responses", openaiResponsesHandlers.ResponsesWebsocket)
@@ -399,22 +338,13 @@ func (s *Server) setupRoutes() {
 		v1.POST("/responses/compact", openaiResponsesHandlers.Compact)
 	}

-	// Codex CLI direct route aliases (chatgpt_base_url compatible)
-	codexDirect := s.engine.Group("/backend-api/codex")
-	codexDirect.Use(AuthMiddleware(s.accessManager))
-	{
-		codexDirect.GET("/responses", openaiResponsesHandlers.ResponsesWebsocket)
-		codexDirect.POST("/responses", openaiResponsesHandlers.Responses)
-		codexDirect.POST("/responses/compact", openaiResponsesHandlers.Compact)
-	}
-
 	// Gemini compatible API routes
 	v1beta := s.engine.Group("/v1beta")
 	v1beta.Use(AuthMiddleware(s.accessManager))
 	{
-		v1beta.GET("/models", s.geminiModelsHandler(geminiHandlers))
+		v1beta.GET("/models", geminiHandlers.GeminiModels)
 		v1beta.POST("/models/*action", geminiHandlers.GeminiHandler)
-		v1beta.GET("/models/*action", s.geminiGetHandler(geminiHandlers))
+		v1beta.GET("/models/*action", geminiHandlers.GeminiGetHandler)
 	}

 	// Root endpoint
@@ -475,6 +405,20 @@ func (s *Server) setupRoutes() {
 		c.String(http.StatusOK, oauthCallbackSuccessHTML)
 	})

+	s.engine.GET("/iflow/callback", func(c *gin.Context) {
+		code := c.Query("code")
+		state := c.Query("state")
+		errStr := c.Query("error")
+		if errStr == "" {
+			errStr = c.Query("error_description")
+		}
+		if state != "" {
+			_, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "iflow", state, code, errStr)
+		}
+		c.Header("Content-Type", "text/html; charset=utf-8")
+		c.String(http.StatusOK, oauthCallbackSuccessHTML)
+	})
+
 	s.engine.GET("/antigravity/callback", func(c *gin.Context) {
 		code := c.Query("code")
 		state := c.Query("state")
@@ -489,20 +433,6 @@ func (s *Server) setupRoutes() {
 		c.String(http.StatusOK, oauthCallbackSuccessHTML)
 	})

-	s.engine.GET("/xai/callback", func(c *gin.Context) {
-		code := c.Query("code")
-		state := c.Query("state")
-		errStr := c.Query("error")
-		if errStr == "" {
-			errStr = c.Query("error_description")
-		}
-		if state != "" {
-			_, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "xai", state, code, errStr)
-		}
-		c.Header("Content-Type", "text/html; charset=utf-8")
-		c.String(http.StatusOK, oauthCallbackSuccessHTML)
-	})
-
 	// Management routes are registered lazily by registerManagementRoutes when a secret is configured.
 }

@@ -556,6 +486,9 @@ func (s *Server) registerManagementRoutes() {
 	mgmt := s.engine.Group("/v0/management")
 	mgmt.Use(s.managementAvailabilityMiddleware(), s.mgmt.Middleware())
 	{
+		mgmt.GET("/usage", s.mgmt.GetUsageStatistics)
+		mgmt.GET("/usage/export", s.mgmt.ExportUsageStatistics)
+		mgmt.POST("/usage/import", s.mgmt.ImportUsageStatistics)
 		mgmt.GET("/config", s.mgmt.GetConfig)
 		mgmt.GET("/config.yaml", s.mgmt.GetConfigYAML)
 		mgmt.PUT("/config.yaml", s.mgmt.PutConfigYAML)
@@ -600,8 +533,6 @@ func (s *Server) registerManagementRoutes() {
 		mgmt.PUT("/api-keys", s.mgmt.PutAPIKeys)
 		mgmt.PATCH("/api-keys", s.mgmt.PatchAPIKeys)
 		mgmt.DELETE("/api-keys", s.mgmt.DeleteAPIKeys)
-		mgmt.GET("/api-key-usage", s.mgmt.GetAPIKeyUsage)
-		mgmt.GET("/usage-queue", s.mgmt.GetUsageQueue)

 		mgmt.GET("/gemini-api-key", s.mgmt.GetGeminiKeys)
 		mgmt.PUT("/gemini-api-key", s.mgmt.PutGeminiKeys)
@@ -703,8 +634,10 @@ func (s *Server) registerManagementRoutes() {
 		mgmt.GET("/codex-auth-url", s.mgmt.RequestCodexToken)
 		mgmt.GET("/gemini-cli-auth-url", s.mgmt.RequestGeminiCLIToken)
 		mgmt.GET("/antigravity-auth-url", s.mgmt.RequestAntigravityToken)
+		mgmt.GET("/qwen-auth-url", s.mgmt.RequestQwenToken)
 		mgmt.GET("/kimi-auth-url", s.mgmt.RequestKimiToken)
-		mgmt.GET("/xai-auth-url", s.mgmt.RequestXAIToken)
+		mgmt.GET("/iflow-auth-url", s.mgmt.RequestIFlowToken)
+		mgmt.POST("/iflow-auth-url", s.mgmt.RequestIFlowCookieToken)
 		mgmt.POST("/oauth-callback", s.mgmt.PostOAuthCallback)
 		mgmt.GET("/get-auth-status", s.mgmt.GetAuthStatus)
 	}
@@ -712,14 +645,6 @@ func (s *Server) registerManagementRoutes() {

 func (s *Server) managementAvailabilityMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		if s == nil || s.cfg == nil {
-			c.AbortWithStatus(http.StatusNotFound)
-			return
-		}
-		if s.cfg.Home.Enabled {
-			c.AbortWithStatus(http.StatusNotFound)
-			return
-		}
 		if !s.managementRoutesEnabled.Load() {
 			c.AbortWithStatus(http.StatusNotFound)
 			return
@@ -730,7 +655,7 @@ func (s *Server) managementAvailabilityMiddleware() gin.HandlerFunc {

 func (s *Server) serveManagementControlPanel(c *gin.Context) {
 	cfg := s.cfg
-	if cfg == nil || cfg.Home.Enabled || cfg.RemoteManagement.DisableControlPanel {
+	if cfg == nil || cfg.RemoteManagement.DisableControlPanel {
 		c.AbortWithStatus(http.StatusNotFound)
 		return
 	}
@@ -842,20 +767,6 @@ func (s *Server) watchKeepAlive() {
 // otherwise it routes to OpenAI handler.
 func (s *Server) unifiedModelsHandler(openaiHandler *openai.OpenAIAPIHandler, claudeHandler *claude.ClaudeCodeAPIHandler) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		if _, ok := c.Request.URL.Query()["client_version"]; ok {
-			if s != nil && s.cfg != nil && s.cfg.Home.Enabled {
-				s.handleHomeCodexClientModels(c)
-				return
-			}
-			openaiHandler.OpenAIModels(c)
-			return
-		}
-
-		if s != nil && s.cfg != nil && s.cfg.Home.Enabled {
-			s.handleHomeModels(c)
-			return
-		}
-
 		userAgent := c.GetHeader("User-Agent")

 		// Route to Claude handler if User-Agent starts with "claude-cli"
@@ -869,307 +780,6 @@ func (s *Server) unifiedModelsHandler(openaiHandler *openai.OpenAIAPIHandler, cl
 	}
 }

-func (s *Server) handleHomeCodexClientModels(c *gin.Context) {
-	entries, ok := s.loadHomeModelEntries(c)
-	if !ok {
-		return
-	}
-
-	models := make([]map[string]any, 0, len(entries))
-	for _, entry := range entries {
-		model := map[string]any{
-			"id":     entry.id,
-			"object": "model",
-		}
-		if entry.created > 0 {
-			model["created"] = entry.created
-		}
-		if entry.ownedBy != "" {
-			model["owned_by"] = entry.ownedBy
-		}
-		if entry.displayName != "" {
-			model["display_name"] = entry.displayName
-			model["description"] = entry.displayName
-		}
-		models = append(models, model)
-	}
-
-	c.JSON(http.StatusOK, openai.CodexClientModelsResponse(models))
-}
-
-func (s *Server) geminiModelsHandler(geminiHandler *gemini.GeminiAPIHandler) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		if s != nil && s.cfg != nil && s.cfg.Home.Enabled {
-			s.handleHomeGeminiModels(c)
-			return
-		}
-
-		geminiHandler.GeminiModels(c)
-	}
-}
-
-func (s *Server) geminiGetHandler(geminiHandler *gemini.GeminiAPIHandler) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		if s != nil && s.cfg != nil && s.cfg.Home.Enabled {
-			s.handleHomeGeminiModel(c)
-			return
-		}
-
-		geminiHandler.GeminiGetHandler(c)
-	}
-}
-
-type homeModelEntry struct {
-	id          string
-	created     int64
-	ownedBy     string
-	displayName string
-}
-
-func (s *Server) handleHomeModels(c *gin.Context) {
-	entries, ok := s.loadHomeModelEntries(c)
-	if !ok {
-		return
-	}
-
-	userAgent := c.GetHeader("User-Agent")
-	isClaude := strings.HasPrefix(userAgent, "claude-cli")
-
-	if isClaude {
-		out := make([]map[string]any, 0, len(entries))
-		for _, entry := range entries {
-			model := map[string]any{
-				"id":       entry.id,
-				"object":   "model",
-				"owned_by": entry.ownedBy,
-			}
-			if entry.created > 0 {
-				model["created_at"] = entry.created
-			}
-			if entry.displayName != "" {
-				model["display_name"] = entry.displayName
-			}
-			out = append(out, model)
-		}
-		firstID := ""
-		lastID := ""
-		if len(out) > 0 {
-			if id, okID := out[0]["id"].(string); okID {
-				firstID = id
-			}
-			if id, okID := out[len(out)-1]["id"].(string); okID {
-				lastID = id
-			}
-		}
-		c.JSON(http.StatusOK, gin.H{
-			"data":     out,
-			"has_more": false,
-			"first_id": firstID,
-			"last_id":  lastID,
-		})
-		return
-	}
-
-	filtered := make([]map[string]any, 0, len(entries))
-	for _, entry := range entries {
-		model := map[string]any{
-			"id":     entry.id,
-			"object": "model",
-		}
-		if entry.created > 0 {
-			model["created"] = entry.created
-		}
-		if entry.ownedBy != "" {
-			model["owned_by"] = entry.ownedBy
-		}
-		filtered = append(filtered, model)
-	}
-	c.JSON(http.StatusOK, gin.H{
-		"object": "list",
-		"data":   filtered,
-	})
-}
-
-func (s *Server) handleHomeGeminiModels(c *gin.Context) {
-	entries, ok := s.loadHomeModelEntries(c)
-	if !ok {
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"models": formatHomeGeminiModels(entries),
-	})
-}
-
-func (s *Server) handleHomeGeminiModel(c *gin.Context) {
-	entries, ok := s.loadHomeModelEntries(c)
-	if !ok {
-		return
-	}
-
-	action := strings.TrimPrefix(c.Param("action"), "/")
-	action = strings.TrimSpace(action)
-	for _, entry := range entries {
-		if homeGeminiModelMatches(entry, action) {
-			c.JSON(http.StatusOK, formatHomeGeminiModel(entry))
-			return
-		}
-	}
-
-	c.JSON(http.StatusNotFound, handlers.ErrorResponse{
-		Error: handlers.ErrorDetail{
-			Message: "Not Found",
-			Type:    "not_found",
-		},
-	})
-}
-
-func (s *Server) loadHomeModelEntries(c *gin.Context) ([]homeModelEntry, bool) {
-	if s == nil || c == nil || c.Request == nil {
-		return nil, false
-	}
-	client := home.Current()
-	if client == nil {
-		c.JSON(http.StatusServiceUnavailable, handlers.ErrorResponse{
-			Error: handlers.ErrorDetail{
-				Message: "home control center unavailable",
-				Type:    "server_error",
-			},
-		})
-		return nil, false
-	}
-
-	raw, errGet := client.GetModels(c.Request.Context())
-	if errGet != nil {
-		c.JSON(http.StatusBadGateway, handlers.ErrorResponse{
-			Error: handlers.ErrorDetail{
-				Message: errGet.Error(),
-				Type:    "server_error",
-			},
-		})
-		return nil, false
-	}
-
-	entries, errDecode := decodeHomeModels(raw)
-	if errDecode != nil {
-		c.JSON(http.StatusBadGateway, handlers.ErrorResponse{
-			Error: handlers.ErrorDetail{
-				Message: errDecode.Error(),
-				Type:    "server_error",
-			},
-		})
-		return nil, false
-	}
-
-	return entries, true
-}
-
-func formatHomeGeminiModels(entries []homeModelEntry) []map[string]any {
-	out := make([]map[string]any, 0, len(entries))
-	for _, entry := range entries {
-		out = append(out, formatHomeGeminiModel(entry))
-	}
-	return out
-}
-
-func formatHomeGeminiModel(entry homeModelEntry) map[string]any {
-	name := entry.id
-	if !strings.HasPrefix(name, "models/") {
-		name = "models/" + name
-	}
-	displayName := entry.displayName
-	if displayName == "" {
-		displayName = entry.id
-	}
-	return map[string]any{
-		"name":                       name,
-		"displayName":                displayName,
-		"description":                displayName,
-		"supportedGenerationMethods": []string{"generateContent"},
-	}
-}
-
-func homeGeminiModelMatches(entry homeModelEntry, action string) bool {
-	id := strings.TrimSpace(entry.id)
-	if id == "" || action == "" {
-		return false
-	}
-	normalizedAction := strings.TrimPrefix(action, "models/")
-	normalizedID := strings.TrimPrefix(id, "models/")
-	return action == id || action == "models/"+id || normalizedAction == normalizedID
-}
-
-func decodeHomeModels(raw []byte) ([]homeModelEntry, error) {
-	if len(raw) == 0 {
-		return nil, fmt.Errorf("home models payload is empty")
-	}
-
-	var bySection map[string][]map[string]any
-	if err := json.Unmarshal(raw, &bySection); err != nil {
-		return nil, fmt.Errorf("parse home models payload: %w", err)
-	}
-	if len(bySection) == 0 {
-		return nil, fmt.Errorf("home models payload has no sections")
-	}
-
-	seen := make(map[string]struct{})
-	out := make([]homeModelEntry, 0, 256)
-	for _, models := range bySection {
-		for _, model := range models {
-			id, _ := model["id"].(string)
-			id = strings.TrimSpace(id)
-			if id == "" {
-				name, _ := model["name"].(string)
-				name = strings.TrimSpace(name)
-				id = strings.TrimPrefix(name, "models/")
-			}
-			if id == "" {
-				continue
-			}
-			if _, ok := seen[id]; ok {
-				continue
-			}
-			seen[id] = struct{}{}
-
-			created := int64(0)
-			switch v := model["created"].(type) {
-			case float64:
-				created = int64(v)
-			case int64:
-				created = v
-			case int:
-				created = int64(v)
-			case json.Number:
-				if n, err := v.Int64(); err == nil {
-					created = n
-				}
-			}
-
-			ownedBy, _ := model["owned_by"].(string)
-			ownedBy = strings.TrimSpace(ownedBy)
-			displayName, _ := model["display_name"].(string)
-			displayName = strings.TrimSpace(displayName)
-			if displayName == "" {
-				displayName, _ = model["displayName"].(string)
-				displayName = strings.TrimSpace(displayName)
-			}
-
-			out = append(out, homeModelEntry{
-				id:          id,
-				created:     created,
-				ownedBy:     ownedBy,
-				displayName: displayName,
-			})
-		}
-	}
-
-	sort.Slice(out, func(i, j int) bool { return out[i].id < out[j].id })
-	if len(out) == 0 {
-		return nil, fmt.Errorf("home models payload contains no models")
-	}
-	return out, nil
-}
-
 // Start begins listening for and serving HTTP or HTTPS requests.
 // It's a blocking call and will only return on an unrecoverable error.
 //
@@ -1180,98 +790,26 @@ func (s *Server) Start() error {
 		return fmt.Errorf("failed to start HTTP server: server not initialized")
 	}

-	addr := s.server.Addr
-	listener, errListen := net.Listen("tcp", addr)
-	if errListen != nil {
-		return fmt.Errorf("failed to start HTTP server: %v", errListen)
-	}
-
 	useTLS := s.cfg != nil && s.cfg.TLS.Enable
 	if useTLS {
-		certPath := strings.TrimSpace(s.cfg.TLS.Cert)
-		keyPath := strings.TrimSpace(s.cfg.TLS.Key)
-		if certPath == "" || keyPath == "" {
-			if errClose := listener.Close(); errClose != nil {
-				log.Errorf("failed to close listener after TLS validation failure: %v", errClose)
-			}
+		cert := strings.TrimSpace(s.cfg.TLS.Cert)
+		key := strings.TrimSpace(s.cfg.TLS.Key)
+		if cert == "" || key == "" {
 			return fmt.Errorf("failed to start HTTPS server: tls.cert or tls.key is empty")
 		}
-		certPair, errLoad := tls.LoadX509KeyPair(certPath, keyPath)
-		if errLoad != nil {
-			if errClose := listener.Close(); errClose != nil {
-				log.Errorf("failed to close listener after TLS key pair load failure: %v", errClose)
-			}
-			return fmt.Errorf("failed to start HTTPS server: %v", errLoad)
-		}
-
-		tlsConfig := &tls.Config{
-			Certificates: []tls.Certificate{certPair},
-			NextProtos:   []string{"h2", "http/1.1"},
-		}
-		s.server.TLSConfig = tlsConfig
-		if errHTTP2 := http2.ConfigureServer(s.server, &http2.Server{}); errHTTP2 != nil {
-			log.Warnf("failed to configure HTTP/2: %v", errHTTP2)
-		}
-		listener = tls.NewListener(listener, tlsConfig)
-		log.Debugf("Starting API server on %s with TLS", addr)
-	} else {
-		log.Debugf("Starting API server on %s", addr)
-	}
-
-	httpListener := newMuxListener(listener.Addr(), 1024)
-	s.muxBaseListener = listener
-	s.muxHTTPListener = httpListener
-
-	httpErrCh := make(chan error, 1)
-	acceptErrCh := make(chan error, 1)
-
-	go func() {
-		httpErrCh <- s.server.Serve(httpListener)
-	}()
-	go func() {
-		acceptErrCh <- s.acceptMuxConnections(listener, httpListener)
-	}()
-
-	select {
-	case errServe := <-httpErrCh:
-		if s.muxBaseListener != nil {
-			if errClose := s.muxBaseListener.Close(); errClose != nil && !errors.Is(errClose, net.ErrClosed) {
-				log.Debugf("failed to close shared listener after HTTP serve exit: %v", errClose)
-			}
-		}
-		if s.muxHTTPListener != nil {
-			_ = s.muxHTTPListener.Close()
-		}
-		errAccept := <-acceptErrCh
-		errServe = normalizeHTTPServeError(errServe)
-		errAccept = normalizeListenerError(errAccept)
-		if errServe != nil {
-			return fmt.Errorf("failed to start HTTP server: %v", errServe)
-		}
-		if errAccept != nil {
-			return fmt.Errorf("failed to start HTTP server: %v", errAccept)
-		}
-		return nil
-	case errAccept := <-acceptErrCh:
-		if s.muxHTTPListener != nil {
-			_ = s.muxHTTPListener.Close()
-		}
-		if s.muxBaseListener != nil {
-			if errClose := s.muxBaseListener.Close(); errClose != nil && !errors.Is(errClose, net.ErrClosed) {
-				log.Debugf("failed to close shared listener after accept loop exit: %v", errClose)
-			}
-		}
-		errServe := <-httpErrCh
-		errServe = normalizeHTTPServeError(errServe)
-		errAccept = normalizeListenerError(errAccept)
-		if errAccept != nil {
-			return fmt.Errorf("failed to start HTTP server: %v", errAccept)
-		}
-		if errServe != nil {
-			return fmt.Errorf("failed to start HTTP server: %v", errServe)
+		log.Debugf("Starting API server on %s with TLS", s.server.Addr)
+		if errServeTLS := s.server.ListenAndServeTLS(cert, key); errServeTLS != nil && !errors.Is(errServeTLS, http.ErrServerClosed) {
+			return fmt.Errorf("failed to start HTTPS server: %v", errServeTLS)
 		}
 		return nil
 	}
+
+	log.Debugf("Starting API server on %s", s.server.Addr)
+	if errServe := s.server.ListenAndServe(); errServe != nil && !errors.Is(errServe, http.ErrServerClosed) {
+		return fmt.Errorf("failed to start HTTP server: %v", errServe)
+	}
+
+	return nil
 }

 // Stop gracefully shuts down the API server without interrupting any
@@ -1292,15 +830,6 @@ func (s *Server) Stop(ctx context.Context) error {
 		}
 	}

-	if s.muxHTTPListener != nil {
-		_ = s.muxHTTPListener.Close()
-	}
-	if s.muxBaseListener != nil {
-		if errClose := s.muxBaseListener.Close(); errClose != nil && !errors.Is(errClose, net.ErrClosed) {
-			log.Debugf("failed to close shared listener: %v", errClose)
-		}
-	}
-
 	// Shutdown the HTTP server.
 	if err := s.server.Shutdown(ctx); err != nil {
 		return fmt.Errorf("failed to shutdown HTTP server: %v", err)
@@ -1365,12 +894,6 @@ func (s *Server) UpdateClients(cfg *config.Config) {
 		}
 	}

-	if oldCfg == nil || oldCfg.Home.Enabled != cfg.Home.Enabled {
-		if setter, ok := s.requestLogger.(interface{ SetHomeEnabled(bool) }); ok {
-			setter.SetHomeEnabled(cfg.Home.Enabled)
-		}
-	}
-
 	if oldCfg == nil || oldCfg.LoggingToFile != cfg.LoggingToFile || oldCfg.LogsMaxTotalSizeMB != cfg.LogsMaxTotalSizeMB {
 		if err := logging.ConfigureLogOutput(cfg); err != nil {
 			log.Errorf("failed to reconfigure log output: %v", err)
@@ -1378,11 +901,7 @@ func (s *Server) UpdateClients(cfg *config.Config) {
 	}

 	if oldCfg == nil || oldCfg.UsageStatisticsEnabled != cfg.UsageStatisticsEnabled {
-		redisqueue.SetUsageStatisticsEnabled(cfg.UsageStatisticsEnabled)
-	}
-
-	if oldCfg == nil || oldCfg.RedisUsageQueueRetentionSeconds != cfg.RedisUsageQueueRetentionSeconds {
-		redisqueue.SetRetentionSeconds(cfg.RedisUsageQueueRetentionSeconds)
+		usage.SetStatisticsEnabled(cfg.UsageStatisticsEnabled)
 	}

 	if s.requestLogger != nil && (oldCfg == nil || oldCfg.ErrorLogsMaxFiles != cfg.ErrorLogsMaxFiles) {
@@ -1395,12 +914,6 @@ func (s *Server) UpdateClients(cfg *config.Config) {
 		auth.SetQuotaCooldownDisabled(cfg.DisableCooling)
 	}

-	if oldCfg != nil && oldCfg.DisableImageGeneration != cfg.DisableImageGeneration {
-		log.Infof("disable-image-generation updated: %v -> %v", oldCfg.DisableImageGeneration, cfg.DisableImageGeneration)
-	}
-
-	applySignatureCacheConfig(oldCfg, cfg)
-
 	if s.handlers != nil && s.handlers.AuthManager != nil {
 		s.handlers.AuthManager.SetRetryConfig(cfg.RequestRetry, time.Duration(cfg.MaxRetryInterval)*time.Second, cfg.MaxRetryCredentials)
 	}
@@ -1441,7 +954,6 @@ func (s *Server) UpdateClients(cfg *config.Config) {
 			s.managementRoutesEnabled.Store(!newSecretEmpty)
 		}
 	}
-	redisqueue.SetEnabled(s.managementRoutesEnabled.Load() || (cfg != nil && cfg.Home.Enabled))

 	s.applyAccessConfig(oldCfg, cfg)
 	s.cfg = cfg
@@ -1474,14 +986,11 @@ func (s *Server) UpdateClients(cfg *config.Config) {
 	}

 	// Count client sources from configuration and auth store.
-	authEntries := 0
-	if cfg != nil && !cfg.Home.Enabled {
-		tokenStore := sdkAuth.GetTokenStore()
-		if dirSetter, ok := tokenStore.(interface{ SetBaseDir(string) }); ok {
-			dirSetter.SetBaseDir(cfg.AuthDir)
-		}
-		authEntries = util.CountAuthFiles(context.Background(), tokenStore)
+	tokenStore := sdkAuth.GetTokenStore()
+	if dirSetter, ok := tokenStore.(interface{ SetBaseDir(string) }); ok {
+		dirSetter.SetBaseDir(cfg.AuthDir)
 	}
+	authEntries := util.CountAuthFiles(context.Background(), tokenStore)
 	geminiAPIKeyCount := len(cfg.GeminiKey)
 	claudeAPIKeyCount := len(cfg.ClaudeKey)
 	codexAPIKeyCount := len(cfg.CodexKey)
@@ -1489,9 +998,6 @@ func (s *Server) UpdateClients(cfg *config.Config) {
 	openAICompatCount := 0
 	for i := range cfg.OpenAICompatibility {
 		entry := cfg.OpenAICompatibility[i]
-		if entry.Disabled {
-			continue
-		}
 		openAICompatCount += len(entry.APIKeyEntries)
 	}

@@ -1529,7 +1035,7 @@ func AuthMiddleware(manager *sdkaccess.Manager) gin.HandlerFunc {
 		result, err := manager.Authenticate(c.Request.Context(), c.Request)
 		if err == nil {
 			if result != nil {
-				c.Set("userApiKey", result.Principal)
+				c.Set("apiKey", result.Principal)
 				c.Set("accessProvider", result.Provider)
 				if len(result.Metadata) > 0 {
 					c.Set("accessMetadata", result.Metadata)
@@ -1546,37 +1052,3 @@ func AuthMiddleware(manager *sdkaccess.Manager) gin.HandlerFunc {
 		c.AbortWithStatusJSON(statusCode, gin.H{"error": err.Message})
 	}
 }
-
-func configuredSignatureCacheEnabled(cfg *config.Config) bool {
-	if cfg != nil && cfg.AntigravitySignatureCacheEnabled != nil {
-		return *cfg.AntigravitySignatureCacheEnabled
-	}
-	return true
-}
-
-func applySignatureCacheConfig(oldCfg, cfg *config.Config) {
-	newVal := configuredSignatureCacheEnabled(cfg)
-	newStrict := configuredSignatureBypassStrict(cfg)
-	if oldCfg == nil {
-		cache.SetSignatureCacheEnabled(newVal)
-		cache.SetSignatureBypassStrictMode(newStrict)
-		return
-	}
-
-	oldVal := configuredSignatureCacheEnabled(oldCfg)
-	if oldVal != newVal {
-		cache.SetSignatureCacheEnabled(newVal)
-	}
-
-	oldStrict := configuredSignatureBypassStrict(oldCfg)
-	if oldStrict != newStrict {
-		cache.SetSignatureBypassStrictMode(newStrict)
-	}
-}
-
-func configuredSignatureBypassStrict(cfg *config.Config) bool {
-	if cfg != nil && cfg.AntigravitySignatureBypassStrict != nil {
-		return *cfg.AntigravitySignatureBypassStrict
-	}
-	return false
-}
@@ -1,7 +1,6 @@
 package api

 import (
-	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -11,13 +10,11 @@ import (
 	"time"

 	gin "github.com/gin-gonic/gin"
-	proxyconfig "github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	internallogging "github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/redisqueue"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/registry"
-	sdkaccess "github.com/router-for-me/CLIProxyAPI/v7/sdk/access"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
-	sdkconfig "github.com/router-for-me/CLIProxyAPI/v7/sdk/config"
+	proxyconfig "github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	internallogging "github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
+	sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
+	sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config"
 )

 func newTestServer(t *testing.T) *Server {
@@ -49,131 +46,6 @@ func newTestServer(t *testing.T) *Server {
 	return NewServer(cfg, authManager, accessManager, configPath)
 }

-func TestHealthz(t *testing.T) {
-	server := newTestServer(t)
-
-	t.Run("GET", func(t *testing.T) {
-		req := httptest.NewRequest(http.MethodGet, "/healthz", nil)
-		rr := httptest.NewRecorder()
-		server.engine.ServeHTTP(rr, req)
-
-		if rr.Code != http.StatusOK {
-			t.Fatalf("unexpected status code: got %d want %d; body=%s", rr.Code, http.StatusOK, rr.Body.String())
-		}
-
-		var resp struct {
-			Status string `json:"status"`
-		}
-		if err := json.Unmarshal(rr.Body.Bytes(), &resp); err != nil {
-			t.Fatalf("failed to parse response JSON: %v; body=%s", err, rr.Body.String())
-		}
-		if resp.Status != "ok" {
-			t.Fatalf("unexpected response status: got %q want %q", resp.Status, "ok")
-		}
-	})
-
-	t.Run("HEAD", func(t *testing.T) {
-		req := httptest.NewRequest(http.MethodHead, "/healthz", nil)
-		rr := httptest.NewRecorder()
-		server.engine.ServeHTTP(rr, req)
-
-		if rr.Code != http.StatusOK {
-			t.Fatalf("unexpected status code: got %d want %d; body=%s", rr.Code, http.StatusOK, rr.Body.String())
-		}
-		if rr.Body.Len() != 0 {
-			t.Fatalf("expected empty body for HEAD request, got %q", rr.Body.String())
-		}
-	})
-}
-
-func TestManagementUsageRequiresManagementAuthAndPopsArray(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")
-
-	prevQueueEnabled := redisqueue.Enabled()
-	redisqueue.SetEnabled(false)
-	t.Cleanup(func() {
-		redisqueue.SetEnabled(false)
-		redisqueue.SetEnabled(prevQueueEnabled)
-	})
-
-	server := newTestServer(t)
-
-	redisqueue.Enqueue([]byte(`{"id":1}`))
-	redisqueue.Enqueue([]byte(`{"id":2}`))
-
-	missingKeyReq := httptest.NewRequest(http.MethodGet, "/v0/management/usage-queue?count=2", nil)
-	missingKeyRR := httptest.NewRecorder()
-	server.engine.ServeHTTP(missingKeyRR, missingKeyReq)
-	if missingKeyRR.Code != http.StatusUnauthorized {
-		t.Fatalf("missing key status = %d, want %d body=%s", missingKeyRR.Code, http.StatusUnauthorized, missingKeyRR.Body.String())
-	}
-
-	legacyReq := httptest.NewRequest(http.MethodGet, "/v0/management/usage?count=2", nil)
-	legacyReq.Header.Set("Authorization", "Bearer test-management-key")
-	legacyRR := httptest.NewRecorder()
-	server.engine.ServeHTTP(legacyRR, legacyReq)
-	if legacyRR.Code != http.StatusNotFound {
-		t.Fatalf("legacy usage status = %d, want %d body=%s", legacyRR.Code, http.StatusNotFound, legacyRR.Body.String())
-	}
-
-	authReq := httptest.NewRequest(http.MethodGet, "/v0/management/usage-queue?count=2", nil)
-	authReq.Header.Set("Authorization", "Bearer test-management-key")
-	authRR := httptest.NewRecorder()
-	server.engine.ServeHTTP(authRR, authReq)
-	if authRR.Code != http.StatusOK {
-		t.Fatalf("authenticated status = %d, want %d body=%s", authRR.Code, http.StatusOK, authRR.Body.String())
-	}
-
-	var payload []json.RawMessage
-	if errUnmarshal := json.Unmarshal(authRR.Body.Bytes(), &payload); errUnmarshal != nil {
-		t.Fatalf("unmarshal response: %v body=%s", errUnmarshal, authRR.Body.String())
-	}
-	if len(payload) != 2 {
-		t.Fatalf("response records = %d, want 2", len(payload))
-	}
-	for i, raw := range payload {
-		var record struct {
-			ID int `json:"id"`
-		}
-		if errUnmarshal := json.Unmarshal(raw, &record); errUnmarshal != nil {
-			t.Fatalf("unmarshal record %d: %v", i, errUnmarshal)
-		}
-		if record.ID != i+1 {
-			t.Fatalf("record %d id = %d, want %d", i, record.ID, i+1)
-		}
-	}
-
-	if remaining := redisqueue.PopOldest(1); len(remaining) != 0 {
-		t.Fatalf("remaining queue = %q, want empty", remaining)
-	}
-}
-
-func TestHomeEnabledHidesManagementEndpointsAndControlPanel(t *testing.T) {
-	t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")
-
-	server := newTestServer(t)
-	server.cfg.Home.Enabled = true
-
-	t.Run("management endpoints return 404", func(t *testing.T) {
-		req := httptest.NewRequest(http.MethodGet, "/v0/management/config", nil)
-		req.Header.Set("Authorization", "Bearer test-management-key")
-		rr := httptest.NewRecorder()
-		server.engine.ServeHTTP(rr, req)
-		if rr.Code != http.StatusNotFound {
-			t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusNotFound, rr.Body.String())
-		}
-	})
-
-	t.Run("management control panel returns 404", func(t *testing.T) {
-		req := httptest.NewRequest(http.MethodGet, "/management.html", nil)
-		rr := httptest.NewRecorder()
-		server.engine.ServeHTTP(rr, req)
-		if rr.Code != http.StatusNotFound {
-			t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusNotFound, rr.Body.String())
-		}
-	})
-}
-
 func TestAmpProviderModelRoutes(t *testing.T) {
 	testCases := []struct {
 		name         string
@@ -240,164 +112,6 @@ func TestAmpProviderModelRoutes(t *testing.T) {
 	}
 }

-func TestModelsWithClientVersionReturnsCodexCatalog(t *testing.T) {
-	modelRegistry := registry.GetGlobalRegistry()
-	clientID := "test-client-version-catalog"
-	modelRegistry.RegisterClient(clientID, "openai", []*registry.ModelInfo{
-		{
-			ID:            "gpt-5.5",
-			Object:        "model",
-			Created:       1776902400,
-			OwnedBy:       "openai",
-			Type:          "openai",
-			DisplayName:   "GPT 5.5",
-			Description:   "Frontier model for complex coding, research, and real-world work.",
-			ContextLength: 272000,
-			Thinking:      &registry.ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}},
-		},
-		{
-			ID:            "custom-codex-model-test",
-			Object:        "model",
-			OwnedBy:       "test",
-			Type:          "openai",
-			DisplayName:   "Custom Codex Model",
-			Description:   "Custom model from registry",
-			ContextLength: 123456,
-			Thinking:      &registry.ThinkingSupport{Levels: []string{"none", "minimal", "low", "medium", "unsupported", "high", "xhigh"}},
-		},
-		{ID: "grok-imagine-image-quality", Object: "model", OwnedBy: "xai", Type: "openai"},
-		{ID: "gpt-image-2", Object: "model", OwnedBy: "openai", Type: "openai"},
-		{ID: "grok-imagine-image", Object: "model", OwnedBy: "xai", Type: "openai"},
-		{ID: "grok-imagine-video", Object: "model", OwnedBy: "xai", Type: "openai"},
-	})
-	t.Cleanup(func() {
-		modelRegistry.UnregisterClient(clientID)
-	})
-
-	server := newTestServer(t)
-
-	req := httptest.NewRequest(http.MethodGet, "/v1/models?client_version", nil)
-	req.Header.Set("Authorization", "Bearer test-key")
-	req.Header.Set("User-Agent", "claude-cli/1.0")
-
-	rr := httptest.NewRecorder()
-	server.engine.ServeHTTP(rr, req)
-
-	if rr.Code != http.StatusOK {
-		t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
-	}
-
-	var resp struct {
-		Models []map[string]any `json:"models"`
-		Object string           `json:"object"`
-		Data   []any            `json:"data"`
-	}
-	if err := json.Unmarshal(rr.Body.Bytes(), &resp); err != nil {
-		t.Fatalf("failed to parse response JSON: %v; body=%s", err, rr.Body.String())
-	}
-	if resp.Object != "" || resp.Data != nil {
-		t.Fatalf("expected codex catalog format without object/data, got object=%q data=%v", resp.Object, resp.Data)
-	}
-	if len(resp.Models) == 0 {
-		t.Fatal("expected codex catalog models")
-	}
-
-	var gpt55 map[string]any
-	var custom map[string]any
-	for _, model := range resp.Models {
-		switch slug, _ := model["slug"].(string); slug {
-		case "gpt-5.5":
-			gpt55 = model
-		case "custom-codex-model-test":
-			custom = model
-		}
-	}
-	if gpt55 == nil {
-		t.Fatal("expected gpt-5.5 codex catalog entry")
-	}
-	if _, ok := gpt55["minimal_client_version"]; !ok {
-		t.Fatal("expected minimal_client_version in codex catalog")
-	}
-	serviceTiers, ok := gpt55["service_tiers"].([]any)
-	if !ok || len(serviceTiers) != 1 {
-		t.Fatalf("expected gpt-5.5 priority service tier, got %#v", gpt55["service_tiers"])
-	}
-	if custom == nil {
-		t.Fatal("expected custom model codex catalog entry")
-	}
-	if got, _ := custom["display_name"].(string); got != "Custom Codex Model" {
-		t.Fatalf("custom display_name = %q, want Custom Codex Model", got)
-	}
-	if got, _ := custom["description"].(string); got != "Custom model from registry" {
-		t.Fatalf("custom description = %q, want Custom model from registry", got)
-	}
-	if got, _ := custom["context_window"].(float64); got != 123456 {
-		t.Fatalf("custom context_window = %v, want 123456", custom["context_window"])
-	}
-	assertCodexSupportedReasoningLevels(t, custom, []string{"none", "low", "medium", "high", "xhigh"})
-	if custom["base_instructions"] != gpt55["base_instructions"] {
-		t.Fatal("expected custom model to use gpt-5.5 base_instructions fallback")
-	}
-	if _, ok := custom["available_in_plans"].([]any); !ok {
-		t.Fatalf("expected custom model to use gpt-5.5 available_in_plans fallback, got %#v", custom["available_in_plans"])
-	}
-	if got, _ := custom["prefer_websockets"].(bool); got {
-		t.Fatalf("custom prefer_websockets = %v, want false", custom["prefer_websockets"])
-	}
-	if _, ok := custom["apply_patch_tool_type"]; ok {
-		t.Fatal("expected custom model to omit apply_patch_tool_type")
-	}
-	if _, ok := custom["upgrade"]; ok {
-		t.Fatal("expected custom model to omit upgrade")
-	}
-	if _, ok := custom["availability_nux"]; ok {
-		t.Fatal("expected custom model to omit availability_nux")
-	}
-
-	hiddenModels := map[string]bool{
-		"grok-imagine-image-quality": false,
-		"gpt-image-2":                false,
-		"grok-imagine-image":         false,
-		"grok-imagine-video":         false,
-	}
-	for _, model := range resp.Models {
-		slug, _ := model["slug"].(string)
-		if _, ok := hiddenModels[slug]; !ok {
-			continue
-		}
-		if visibility, _ := model["visibility"].(string); visibility != "hide" {
-			t.Fatalf("%s visibility = %q, want hide", slug, visibility)
-		}
-		hiddenModels[slug] = true
-	}
-	for slug, found := range hiddenModels {
-		if !found {
-			t.Fatalf("expected hidden model %s in codex catalog", slug)
-		}
-	}
-}
-
-func assertCodexSupportedReasoningLevels(t *testing.T, model map[string]any, want []string) {
-	t.Helper()
-
-	rawLevels, ok := model["supported_reasoning_levels"].([]any)
-	if !ok {
-		t.Fatalf("expected supported_reasoning_levels, got %#v", model["supported_reasoning_levels"])
-	}
-	if len(rawLevels) != len(want) {
-		t.Fatalf("supported_reasoning_levels length = %d, want %d: %#v", len(rawLevels), len(want), rawLevels)
-	}
-	for index, rawLevel := range rawLevels {
-		levelEntry, ok := rawLevel.(map[string]any)
-		if !ok {
-			t.Fatalf("supported_reasoning_levels[%d] = %#v, want object", index, rawLevel)
-		}
-		if got, _ := levelEntry["effort"].(string); got != want[index] {
-			t.Fatalf("supported_reasoning_levels[%d].effort = %q, want %q", index, got, want[index])
-		}
-	}
-}
-
 func TestDefaultRequestLoggerFactory_UsesResolvedLogDirectory(t *testing.T) {
 	t.Setenv("WRITABLE_PATH", "")
 	t.Setenv("writable_path", "")
@@ -458,8 +172,6 @@ func TestDefaultRequestLoggerFactory_UsesResolvedLogDirectory(t *testing.T) {
 		nil,
 		nil,
 		nil,
-		nil,
-		nil,
 		true,
 		"issue-1711",
 		time.Now(),
@@ -11,9 +11,8 @@ import (
 	"strings"
 	"time"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/misc"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	log "github.com/sirupsen/logrus"
 )

@@ -37,87 +36,17 @@ type AntigravityAuth struct {

 // NewAntigravityAuth creates a new Antigravity auth service.
 func NewAntigravityAuth(cfg *config.Config, httpClient *http.Client) *AntigravityAuth {
-	if cfg == nil {
-		cfg = &config.Config{}
-	}
 	if httpClient != nil {
 		return &AntigravityAuth{httpClient: httpClient}
 	}
+	if cfg == nil {
+		cfg = &config.Config{}
+	}
 	return &AntigravityAuth{
 		httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}),
 	}
 }

-func (o *AntigravityAuth) shortUserAgent() string {
-	return misc.AntigravityRequestUserAgent("")
-}
-
-func (o *AntigravityAuth) nodeUserAgent() string {
-	return misc.AntigravityLoadCodeAssistUserAgent("")
-}
-
-func antigravityLoadCodeAssistMetadata() map[string]string {
-	return map[string]string{
-		"ideType": "ANTIGRAVITY",
-	}
-}
-
-func antigravityControlPlaneMetadata(userAgent string) map[string]string {
-	return map[string]string{
-		"ide_type":    "ANTIGRAVITY",
-		"ide_version": misc.AntigravityVersionFromUserAgent(userAgent),
-		"ide_name":    "antigravity",
-	}
-}
-
-func extractCloudaicompanionProject(data map[string]any) string {
-	if data == nil {
-		return ""
-	}
-	for _, key := range []string{"cloudaicompanionProject", "projectId", "project"} {
-		switch value := data[key].(type) {
-		case string:
-			if trimmed := strings.TrimSpace(value); trimmed != "" {
-				return trimmed
-			}
-		case map[string]any:
-			if id, ok := value["id"].(string); ok {
-				if trimmed := strings.TrimSpace(id); trimmed != "" {
-					return trimmed
-				}
-			}
-		}
-	}
-	return ""
-}
-
-func defaultAntigravityTierID(loadResp map[string]any) string {
-	if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers {
-		for _, rawTier := range tiers {
-			tier, okTier := rawTier.(map[string]any)
-			if !okTier {
-				continue
-			}
-			if isDefault, okDefault := tier["isDefault"].(bool); !okDefault || !isDefault {
-				continue
-			}
-			if id, okID := tier["id"].(string); okID {
-				if trimmed := strings.TrimSpace(id); trimmed != "" {
-					return trimmed
-				}
-			}
-		}
-	}
-	if currentTier, okTier := loadResp["currentTier"].(map[string]any); okTier {
-		if id, okID := currentTier["id"].(string); okID {
-			if trimmed := strings.TrimSpace(id); trimmed != "" {
-				return trimmed
-			}
-		}
-	}
-	return "free-tier"
-}
-
 // BuildAuthURL generates the OAuth authorization URL.
 func (o *AntigravityAuth) BuildAuthURL(state, redirectURI string) string {
 	if strings.TrimSpace(redirectURI) == "" {
@@ -189,7 +118,6 @@ func (o *AntigravityAuth) FetchUserInfo(ctx context.Context, accessToken string)
 		return "", fmt.Errorf("antigravity userinfo: create request: %w", err)
 	}
 	req.Header.Set("Authorization", "Bearer "+accessToken)
-	req.Header.Set("User-Agent", o.shortUserAgent())

 	resp, errDo := o.httpClient.Do(req)
 	if errDo != nil {
@@ -225,9 +153,12 @@ func (o *AntigravityAuth) FetchUserInfo(ctx context.Context, accessToken string)

 // FetchProjectID retrieves the project ID for the authenticated user via loadCodeAssist
 func (o *AntigravityAuth) FetchProjectID(ctx context.Context, accessToken string) (string, error) {
-	userAgent := o.shortUserAgent()
 	loadReqBody := map[string]any{
-		"metadata": antigravityLoadCodeAssistMetadata(),
+		"metadata": map[string]string{
+			"ideType":    "ANTIGRAVITY",
+			"platform":   "PLATFORM_UNSPECIFIED",
+			"pluginType": "GEMINI",
+		},
 	}

 	rawBody, errMarshal := json.Marshal(loadReqBody)
@@ -241,9 +172,10 @@ func (o *AntigravityAuth) FetchProjectID(ctx context.Context, accessToken string
 		return "", fmt.Errorf("create request: %w", err)
 	}
 	req.Header.Set("Authorization", "Bearer "+accessToken)
-	req.Header.Set("Accept", "*/*")
 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("User-Agent", userAgent)
+	req.Header.Set("User-Agent", APIUserAgent)
+	req.Header.Set("X-Goog-Api-Client", APIClient)
+	req.Header.Set("Client-Metadata", ClientMetadata)

 	resp, errDo := o.httpClient.Do(req)
 	if errDo != nil {
@@ -269,16 +201,40 @@ func (o *AntigravityAuth) FetchProjectID(ctx context.Context, accessToken string
 		return "", fmt.Errorf("decode response: %w", errDecode)
 	}

-	projectID := extractCloudaicompanionProject(loadResp)
+	// Extract projectID from response
+	projectID := ""
+	if id, ok := loadResp["cloudaicompanionProject"].(string); ok {
+		projectID = strings.TrimSpace(id)
+	}
+	if projectID == "" {
+		if projectMap, ok := loadResp["cloudaicompanionProject"].(map[string]any); ok {
+			if id, okID := projectMap["id"].(string); okID {
+				projectID = strings.TrimSpace(id)
+			}
+		}
+	}

 	if projectID == "" {
-		projectID, err = o.OnboardUser(ctx, accessToken, defaultAntigravityTierID(loadResp))
+		tierID := "legacy-tier"
+		if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers {
+			for _, rawTier := range tiers {
+				tier, okTier := rawTier.(map[string]any)
+				if !okTier {
+					continue
+				}
+				if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault {
+					if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" {
+						tierID = strings.TrimSpace(id)
+						break
+					}
+				}
+			}
+		}
+
+		projectID, err = o.OnboardUser(ctx, accessToken, tierID)
 		if err != nil {
 			return "", err
 		}
-		if projectID == "" {
-			return "", fmt.Errorf("project id not found in loadCodeAssist or onboardUser response")
-		}
 		return projectID, nil
 	}

@@ -288,10 +244,13 @@ func (o *AntigravityAuth) FetchProjectID(ctx context.Context, accessToken string
 // OnboardUser attempts to fetch the project ID via onboardUser by polling for completion
 func (o *AntigravityAuth) OnboardUser(ctx context.Context, accessToken, tierID string) (string, error) {
 	log.Infof("Antigravity: onboarding user with tier: %s", tierID)
-	userAgent := o.nodeUserAgent()
 	requestBody := map[string]any{
-		"tier_id":  tierID,
-		"metadata": antigravityControlPlaneMetadata(userAgent),
+		"tierId": tierID,
+		"metadata": map[string]string{
+			"ideType":    "ANTIGRAVITY",
+			"platform":   "PLATFORM_UNSPECIFIED",
+			"pluginType": "GEMINI",
+		},
 	}

 	rawBody, errMarshal := json.Marshal(requestBody)
@@ -310,17 +269,17 @@ func (o *AntigravityAuth) OnboardUser(ctx context.Context, accessToken, tierID s
 		}
 		reqCtx, cancel = context.WithTimeout(reqCtx, 30*time.Second)

-		endpointURL := fmt.Sprintf("%s/%s:onboardUser", DailyAPIEndpoint, APIVersion)
+		endpointURL := fmt.Sprintf("%s/%s:onboardUser", APIEndpoint, APIVersion)
 		req, errRequest := http.NewRequestWithContext(reqCtx, http.MethodPost, endpointURL, strings.NewReader(string(rawBody)))
 		if errRequest != nil {
 			cancel()
 			return "", fmt.Errorf("create request: %w", errRequest)
 		}
 		req.Header.Set("Authorization", "Bearer "+accessToken)
-		req.Header.Set("Accept", "*/*")
 		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("User-Agent", userAgent)
-		req.Header.Set("X-Goog-Api-Client", misc.AntigravityGoogAPIClientUA)
+		req.Header.Set("User-Agent", APIUserAgent)
+		req.Header.Set("X-Goog-Api-Client", APIClient)
+		req.Header.Set("Client-Metadata", ClientMetadata)

 		resp, errDo := o.httpClient.Do(req)
 		if errDo != nil {
@@ -347,11 +306,18 @@ func (o *AntigravityAuth) OnboardUser(ctx context.Context, accessToken, tierID s
 			if done, okDone := data["done"].(bool); okDone && done {
 				projectID := ""
 				if responseData, okResp := data["response"].(map[string]any); okResp {
-					projectID = extractCloudaicompanionProject(responseData)
+					switch projectValue := responseData["cloudaicompanionProject"].(type) {
+					case map[string]any:
+						if id, okID := projectValue["id"].(string); okID {
+							projectID = strings.TrimSpace(id)
+						}
+					case string:
+						projectID = strings.TrimSpace(projectValue)
+					}
 				}

 				if projectID != "" {
-					log.Infof("Successfully fetched project_id: %s", util.HideAPIKey(projectID))
+					log.Infof("Successfully fetched project_id: %s", projectID)
 					return projectID, nil
 				}

@@ -374,5 +340,5 @@ func (o *AntigravityAuth) OnboardUser(ctx context.Context, accessToken, tierID s
 		return "", fmt.Errorf("http %d: %s", resp.StatusCode, responseErr)
 	}

-	return "", fmt.Errorf("onboard user did not complete after %d attempts", maxAttempts)
+	return "", nil
 }
@@ -1,127 +0,0 @@
-package antigravity
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"strings"
-	"testing"
-)
-
-type roundTripperFunc func(*http.Request) (*http.Response, error)
-
-func (f roundTripperFunc) RoundTrip(req *http.Request) (*http.Response, error) {
-	return f(req)
-}
-
-func TestFetchProjectIDFromLoadCodeAssist(t *testing.T) {
-	auth := NewAntigravityAuth(nil, &http.Client{Transport: roundTripperFunc(func(req *http.Request) (*http.Response, error) {
-		if req.URL.String() != "https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist" {
-			t.Fatalf("unexpected request URL: %s", req.URL.String())
-		}
-		assertLoadCodeAssistHeaders(t, req)
-		assertJSONContains(t, req, `"ideType":"ANTIGRAVITY"`)
-		return jsonResponse(`{"cloudaicompanionProject":"cogent-snow-4mnnp"}`), nil
-	})})
-
-	projectID, err := auth.FetchProjectID(context.Background(), "access-token")
-	if err != nil {
-		t.Fatalf("FetchProjectID error: %v", err)
-	}
-	if projectID != "cogent-snow-4mnnp" {
-		t.Fatalf("projectID = %q", projectID)
-	}
-}
-
-func TestFetchProjectIDFallsBackToDailyOnboardUser(t *testing.T) {
-	var sawOnboard bool
-	auth := NewAntigravityAuth(nil, &http.Client{Transport: roundTripperFunc(func(req *http.Request) (*http.Response, error) {
-		switch req.URL.String() {
-		case "https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist":
-			assertLoadCodeAssistHeaders(t, req)
-			return jsonResponse(`{"allowedTiers":[{"id":"free-tier","isDefault":true}]}`), nil
-		case "https://daily-cloudcode-pa.googleapis.com/v1internal:onboardUser":
-			sawOnboard = true
-			assertOnboardUserHeaders(t, req)
-			assertJSONContains(t, req, `"tier_id":"free-tier"`)
-			assertJSONContains(t, req, `"ide_type":"ANTIGRAVITY"`)
-			return jsonResponse(`{
-				"done": true,
-				"response": {
-					"cloudaicompanionProject": {
-						"id": "cogent-snow-4mnnp",
-						"name": "cogent-snow-4mnnp",
-						"projectNumber": "22597072101"
-					}
-				}
-			}`), nil
-		default:
-			t.Fatalf("unexpected request URL: %s", req.URL.String())
-			return nil, nil
-		}
-	})})
-
-	projectID, err := auth.FetchProjectID(context.Background(), "access-token")
-	if err != nil {
-		t.Fatalf("FetchProjectID error: %v", err)
-	}
-	if !sawOnboard {
-		t.Fatalf("expected onboardUser fallback")
-	}
-	if projectID != "cogent-snow-4mnnp" {
-		t.Fatalf("projectID = %q", projectID)
-	}
-}
-
-func assertLoadCodeAssistHeaders(t *testing.T, req *http.Request) {
-	t.Helper()
-	if got := req.Header.Get("Authorization"); got != "Bearer access-token" {
-		t.Fatalf("Authorization = %q", got)
-	}
-	if got := req.Header.Get("Accept"); got != "*/*" {
-		t.Fatalf("Accept = %q", got)
-	}
-	if got := req.Header.Get("X-Goog-Api-Client"); got != "" {
-		t.Fatalf("X-Goog-Api-Client = %q, want empty", got)
-	}
-	if got := req.Header.Get("User-Agent"); strings.Contains(got, "google-api-nodejs-client/") {
-		t.Fatalf("User-Agent = %q", got)
-	}
-}
-
-func assertOnboardUserHeaders(t *testing.T, req *http.Request) {
-	t.Helper()
-	if got := req.Header.Get("Authorization"); got != "Bearer access-token" {
-		t.Fatalf("Authorization = %q", got)
-	}
-	if got := req.Header.Get("Accept"); got != "*/*" {
-		t.Fatalf("Accept = %q", got)
-	}
-	if got := req.Header.Get("X-Goog-Api-Client"); got != "gl-node/22.21.1" {
-		t.Fatalf("X-Goog-Api-Client = %q", got)
-	}
-	if got := req.Header.Get("User-Agent"); !strings.Contains(got, "google-api-nodejs-client/10.3.0") {
-		t.Fatalf("User-Agent = %q", got)
-	}
-}
-
-func assertJSONContains(t *testing.T, req *http.Request, want string) {
-	t.Helper()
-	body, err := io.ReadAll(req.Body)
-	if err != nil {
-		t.Fatalf("read body: %v", err)
-	}
-	bodyText := string(body)
-	req.Body = io.NopCloser(strings.NewReader(bodyText))
-	if !strings.Contains(bodyText, want) {
-		t.Fatalf("body missing %s: %s", want, bodyText)
-	}
-}
-
-func jsonResponse(body string) *http.Response {
-	return &http.Response{
-		StatusCode: http.StatusOK,
-		Header:     make(http.Header),
-		Body:       io.NopCloser(strings.NewReader(body)),
-	}
-}
@@ -21,12 +21,14 @@ var Scopes = []string{
 const (
 	TokenEndpoint    = "https://oauth2.googleapis.com/token"
 	AuthEndpoint     = "https://accounts.google.com/o/oauth2/v2/auth"
-	UserInfoEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo?alt=json"
+	UserInfoEndpoint = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json"
 )

 // Antigravity API configuration
 const (
-	APIEndpoint      = "https://cloudcode-pa.googleapis.com"
-	DailyAPIEndpoint = "https://daily-cloudcode-pa.googleapis.com"
-	APIVersion       = "v1internal"
+	APIEndpoint    = "https://cloudcode-pa.googleapis.com"
+	APIVersion     = "v1internal"
+	APIUserAgent   = "google-api-nodejs-client/9.15.1"
+	APIClient      = "google-cloud-sdk vscode_cloudshelleditor/0.1"
+	ClientMetadata = `{"ideType":"IDE_UNSPECIFIED","platform":"PLATFORM_UNSPECIFIED","pluginType":"GEMINI"}`
 )
@@ -6,18 +6,15 @@ package claude
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
-	"sync"
 	"time"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	log "github.com/sirupsen/logrus"
-	"golang.org/x/sync/singleflight"
 )

 // OAuth configuration constants for Claude/Anthropic
@@ -26,94 +23,8 @@ const (
 	TokenURL    = "https://api.anthropic.com/v1/oauth/token"
 	ClientID    = "9d1c250a-e61b-44d9-88ed-5944d1962f5e"
 	RedirectURI = "http://localhost:54545/callback"
-
-	claudeRefreshMinBackoff = 5 * time.Second
-	claudeRefreshMaxBackoff = 5 * time.Minute
 )

-var (
-	claudeRefreshGroup singleflight.Group
-	claudeRefreshMu    sync.Mutex
-	claudeRefreshBlock = make(map[string]time.Time)
-)
-
-type refreshHTTPError struct {
-	status    int
-	message   string
-	retryable bool
-}
-
-func (e *refreshHTTPError) Error() string {
-	return fmt.Sprintf("token refresh failed with status %d: %s", e.status, e.message)
-}
-
-func (e *refreshHTTPError) Retryable() bool {
-	return e != nil && e.retryable
-}
-
-func resetClaudeRefreshState() {
-	claudeRefreshMu.Lock()
-	defer claudeRefreshMu.Unlock()
-	claudeRefreshBlock = make(map[string]time.Time)
-	claudeRefreshGroup = singleflight.Group{}
-}
-
-func claudeRefreshBlockedUntil(refreshToken string) time.Time {
-	claudeRefreshMu.Lock()
-	defer claudeRefreshMu.Unlock()
-	return claudeRefreshBlock[refreshToken]
-}
-
-func setClaudeRefreshBlockedUntil(refreshToken string, until time.Time) {
-	claudeRefreshMu.Lock()
-	defer claudeRefreshMu.Unlock()
-	claudeRefreshBlock[refreshToken] = until
-}
-
-func clearClaudeRefreshBlockedUntil(refreshToken string) {
-	claudeRefreshMu.Lock()
-	defer claudeRefreshMu.Unlock()
-	delete(claudeRefreshBlock, refreshToken)
-}
-
-func clampClaudeRefreshBackoff(d time.Duration) time.Duration {
-	if d < claudeRefreshMinBackoff {
-		return claudeRefreshMinBackoff
-	}
-	if d > claudeRefreshMaxBackoff {
-		return claudeRefreshMaxBackoff
-	}
-	return d
-}
-
-func parseClaudeRetryAfter(resp *http.Response) time.Duration {
-	if resp == nil {
-		return claudeRefreshMinBackoff
-	}
-	if raw := strings.TrimSpace(resp.Header.Get("Retry-After")); raw != "" {
-		if seconds, err := time.ParseDuration(raw + "s"); err == nil {
-			return clampClaudeRefreshBackoff(seconds)
-		}
-		if when, err := http.ParseTime(raw); err == nil {
-			return clampClaudeRefreshBackoff(time.Until(when))
-		}
-	}
-	if raw := strings.TrimSpace(resp.Header.Get("Retry-After-Ms")); raw != "" {
-		if ms, err := time.ParseDuration(raw + "ms"); err == nil {
-			return clampClaudeRefreshBackoff(ms)
-		}
-	}
-	return claudeRefreshMinBackoff
-}
-
-func isClaudeRefreshRetryable(err error) bool {
-	var httpErr *refreshHTTPError
-	if errors.As(err, &httpErr) {
-		return httpErr.Retryable()
-	}
-	return true
-}
-
 // tokenResponse represents the response structure from Anthropic's OAuth token endpoint.
 // It contains access token, refresh token, and associated user/organization information.
 type tokenResponse struct {
@@ -148,30 +59,10 @@ type ClaudeAuth struct {
 // Returns:
 //   - *ClaudeAuth: A new Claude authentication service instance
 func NewClaudeAuth(cfg *config.Config) *ClaudeAuth {
-	return NewClaudeAuthWithProxyURL(cfg, "")
-}
-
-// NewClaudeAuthWithProxyURL creates a new Anthropic authentication service with a proxy override.
-// proxyURL takes precedence over cfg.ProxyURL when non-empty.
-func NewClaudeAuthWithProxyURL(cfg *config.Config, proxyURL string) *ClaudeAuth {
-	effectiveProxyURL := strings.TrimSpace(proxyURL)
-	var sdkCfg *config.SDKConfig
-	if cfg != nil {
-		sdkCfgCopy := cfg.SDKConfig
-		if effectiveProxyURL == "" {
-			effectiveProxyURL = strings.TrimSpace(cfg.ProxyURL)
-		}
-		sdkCfgCopy.ProxyURL = effectiveProxyURL
-		sdkCfg = &sdkCfgCopy
-	} else if effectiveProxyURL != "" {
-		sdkCfgCopy := config.SDKConfig{ProxyURL: effectiveProxyURL}
-		sdkCfg = &sdkCfgCopy
-	}
-
 	// Use custom HTTP client with Firefox TLS fingerprint to bypass
 	// Cloudflare's bot detection on Anthropic domains
 	return &ClaudeAuth{
-		httpClient: NewAnthropicHttpClient(sdkCfg),
+		httpClient: NewAnthropicHttpClient(&cfg.SDKConfig),
 	}
 }

@@ -197,7 +88,7 @@ func (o *ClaudeAuth) GenerateAuthURL(state string, pkceCodes *PKCECodes) (string
 		"client_id":             {ClientID},
 		"response_type":         {"code"},
 		"redirect_uri":          {RedirectURI},
-		"scope":                 {"user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload"},
+		"scope":                 {"org:create_api_key user:profile user:inference"},
 		"code_challenge":        {pkceCodes.CodeChallenge},
 		"code_challenge_method": {"S256"},
 		"state":                 {state},
@@ -331,35 +222,6 @@ func (o *ClaudeAuth) RefreshTokens(ctx context.Context, refreshToken string) (*C
 	if refreshToken == "" {
 		return nil, fmt.Errorf("refresh token is required")
 	}
-	if blockedUntil := claudeRefreshBlockedUntil(refreshToken); blockedUntil.After(time.Now()) {
-		return nil, &refreshHTTPError{
-			status:    http.StatusTooManyRequests,
-			message:   fmt.Sprintf("refresh temporarily blocked until %s", blockedUntil.Format(time.RFC3339)),
-			retryable: false,
-		}
-	}
-
-	result, err, _ := claudeRefreshGroup.Do(refreshToken, func() (interface{}, error) {
-		return o.refreshTokensSingleFlight(context.WithoutCancel(ctx), refreshToken)
-	})
-	if err != nil {
-		return nil, err
-	}
-	tokenData, ok := result.(*ClaudeTokenData)
-	if !ok || tokenData == nil {
-		return nil, fmt.Errorf("token refresh failed: invalid single-flight result")
-	}
-	return tokenData, nil
-}
-
-func (o *ClaudeAuth) refreshTokensSingleFlight(ctx context.Context, refreshToken string) (*ClaudeTokenData, error) {
-	if blockedUntil := claudeRefreshBlockedUntil(refreshToken); blockedUntil.After(time.Now()) {
-		return nil, &refreshHTTPError{
-			status:    http.StatusTooManyRequests,
-			message:   fmt.Sprintf("refresh temporarily blocked until %s", blockedUntil.Format(time.RFC3339)),
-			retryable: false,
-		}
-	}

 	reqBody := map[string]interface{}{
 		"client_id":     ClientID,
@@ -394,17 +256,7 @@ func (o *ClaudeAuth) refreshTokensSingleFlight(ctx context.Context, refreshToken
 	}

 	if resp.StatusCode != http.StatusOK {
-		message := string(body)
-		if resp.StatusCode == http.StatusTooManyRequests {
-			retryAfter := parseClaudeRetryAfter(resp)
-			setClaudeRefreshBlockedUntil(refreshToken, time.Now().Add(retryAfter))
-			return nil, &refreshHTTPError{status: resp.StatusCode, message: message, retryable: false}
-		}
-		return nil, &refreshHTTPError{
-			status:    resp.StatusCode,
-			message:   message,
-			retryable: resp.StatusCode >= http.StatusInternalServerError,
-		}
+		return nil, fmt.Errorf("token refresh failed with status %d: %s", resp.StatusCode, string(body))
 	}

 	// log.Debugf("Token response: %s", string(body))
@@ -415,8 +267,6 @@ func (o *ClaudeAuth) refreshTokensSingleFlight(ctx context.Context, refreshToken
 	}

 	// Create token data
-	clearClaudeRefreshBlockedUntil(refreshToken)
-
 	return &ClaudeTokenData{
 		AccessToken:  tokenResp.AccessToken,
 		RefreshToken: tokenResp.RefreshToken,
@@ -478,9 +328,6 @@ func (o *ClaudeAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken st

 		lastErr = err
 		log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err)
-		if !isClaudeRefreshRetryable(err) {
-			break
-		}
 	}

 	return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr)
@@ -1,33 +0,0 @@
-package claude
-
-import (
-	"testing"
-
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"golang.org/x/net/proxy"
-)
-
-func TestNewClaudeAuthWithProxyURL_OverrideDirectTakesPrecedence(t *testing.T) {
-	cfg := &config.Config{SDKConfig: config.SDKConfig{ProxyURL: "socks5://proxy.example.com:1080"}}
-	auth := NewClaudeAuthWithProxyURL(cfg, "direct")
-
-	transport, ok := auth.httpClient.Transport.(*utlsRoundTripper)
-	if !ok || transport == nil {
-		t.Fatalf("expected utlsRoundTripper, got %T", auth.httpClient.Transport)
-	}
-	if transport.dialer != proxy.Direct {
-		t.Fatalf("expected proxy.Direct, got %T", transport.dialer)
-	}
-}
-
-func TestNewClaudeAuthWithProxyURL_OverrideProxyAppliedWithoutConfig(t *testing.T) {
-	auth := NewClaudeAuthWithProxyURL(nil, "socks5://proxy.example.com:1080")
-
-	transport, ok := auth.httpClient.Transport.(*utlsRoundTripper)
-	if !ok || transport == nil {
-		t.Fatalf("expected utlsRoundTripper, got %T", auth.httpClient.Transport)
-	}
-	if transport.dialer == proxy.Direct {
-		t.Fatalf("expected proxy dialer, got %T", transport.dialer)
-	}
-}
@@ -1,123 +0,0 @@
-package claude
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"testing"
-	"time"
-)
-
-type roundTripFunc func(*http.Request) (*http.Response, error)
-
-func (f roundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
-	return f(req)
-}
-
-func TestRefreshTokensWithRetry_429BlocksImmediateReplay(t *testing.T) {
-	resetClaudeRefreshState()
-	defer resetClaudeRefreshState()
-
-	var calls int32
-	auth := &ClaudeAuth{
-		httpClient: &http.Client{
-			Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) {
-				atomic.AddInt32(&calls, 1)
-				return &http.Response{
-					StatusCode: http.StatusTooManyRequests,
-					Body:       io.NopCloser(strings.NewReader(`{"error":"rate_limited"}`)),
-					Header:     http.Header{"Retry-After": []string{"60"}},
-					Request:    req,
-				}, nil
-			}),
-		},
-	}
-
-	_, err := auth.RefreshTokensWithRetry(context.Background(), "dummy_refresh_token", 3)
-	if err == nil {
-		t.Fatalf("expected 429 refresh error")
-	}
-	if !strings.Contains(err.Error(), "status 429") {
-		t.Fatalf("expected status 429 in error, got %v", err)
-	}
-	if got := atomic.LoadInt32(&calls); got != 1 {
-		t.Fatalf("expected 1 refresh attempt after 429, got %d", got)
-	}
-
-	_, err = auth.RefreshTokensWithRetry(context.Background(), "dummy_refresh_token", 3)
-	if err == nil {
-		t.Fatalf("expected immediate blocked refresh error")
-	}
-	if got := atomic.LoadInt32(&calls); got != 1 {
-		t.Fatalf("expected blocked retry to avoid a second refresh call, got %d attempts", got)
-	}
-	if blockedUntil := claudeRefreshBlockedUntil("dummy_refresh_token"); !blockedUntil.After(time.Now()) {
-		t.Fatalf("expected blocked-until timestamp to be set, got %v", blockedUntil)
-	}
-}
-
-func TestRefreshTokens_DeduplicatesConcurrentRefresh(t *testing.T) {
-	resetClaudeRefreshState()
-	defer resetClaudeRefreshState()
-
-	var calls int32
-	started := make(chan struct{})
-	release := make(chan struct{})
-	var once sync.Once
-
-	auth := &ClaudeAuth{
-		httpClient: &http.Client{
-			Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) {
-				atomic.AddInt32(&calls, 1)
-				once.Do(func() { close(started) })
-				<-release
-				return &http.Response{
-					StatusCode: http.StatusOK,
-					Body: io.NopCloser(strings.NewReader(`{
-						"access_token":"new-access",
-						"refresh_token":"new-refresh",
-						"token_type":"Bearer",
-						"expires_in":3600,
-						"account":{"email_address":"shared@example.com"}
-					}`)),
-					Header:  make(http.Header),
-					Request: req,
-				}, nil
-			}),
-		},
-	}
-
-	results := make(chan *ClaudeTokenData, 2)
-	errs := make(chan error, 2)
-	runRefresh := func() {
-		td, err := auth.RefreshTokens(context.Background(), "shared-refresh-token")
-		results <- td
-		errs <- err
-	}
-
-	go runRefresh()
-	go runRefresh()
-
-	<-started
-	time.Sleep(20 * time.Millisecond)
-	if got := atomic.LoadInt32(&calls); got != 1 {
-		t.Fatalf("expected concurrent refresh to share a single upstream call, got %d", got)
-	}
-	close(release)
-
-	for i := 0; i < 2; i++ {
-		if err := <-errs; err != nil {
-			t.Fatalf("expected refresh to succeed, got %v", err)
-		}
-		td := <-results
-		if td == nil || td.AccessToken != "new-access" {
-			t.Fatalf("expected refreshed access token, got %#v", td)
-		}
-	}
-	if got := atomic.LoadInt32(&calls); got != 1 {
-		t.Fatalf("expected exactly 1 upstream refresh call, got %d", got)
-	}
-}
@@ -9,7 +9,7 @@ import (
 	"os"
 	"path/filepath"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/misc"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
 )

 // ClaudeTokenStorage stores OAuth2 token information for Anthropic Claude API authentication.
@@ -8,8 +8,8 @@ import (
 	"sync"

 	tls "github.com/refraction-networking/utls"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/proxyutil"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/proxyutil"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/proxy"
@@ -34,7 +34,7 @@ func newUtlsRoundTripper(cfg *config.SDKConfig) *utlsRoundTripper {
 	if cfg != nil {
 		proxyDialer, mode, errBuild := proxyutil.BuildDialer(cfg.ProxyURL)
 		if errBuild != nil {
-			log.Errorf("failed to configure proxy dialer for %q: %v", proxyutil.Redact(cfg.ProxyURL), errBuild)
+			log.Errorf("failed to configure proxy dialer for %q: %v", cfg.ProxyURL, errBuild)
 		} else if mode != proxyutil.ModeInherit && proxyDialer != nil {
 			dialer = proxyDialer
 		}
@@ -14,8 +14,8 @@ import (
 	"strings"
 	"time"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	log "github.com/sirupsen/logrus"
 )

@@ -37,23 +37,8 @@ type CodexAuth struct {
 // NewCodexAuth creates a new CodexAuth service instance.
 // It initializes an HTTP client with proxy settings from the provided configuration.
 func NewCodexAuth(cfg *config.Config) *CodexAuth {
-	return NewCodexAuthWithProxyURL(cfg, "")
-}
-
-// NewCodexAuthWithProxyURL creates a new CodexAuth service instance.
-// proxyURL takes precedence over cfg.ProxyURL when non-empty.
-func NewCodexAuthWithProxyURL(cfg *config.Config, proxyURL string) *CodexAuth {
-	effectiveProxyURL := strings.TrimSpace(proxyURL)
-	var sdkCfg config.SDKConfig
-	if cfg != nil {
-		sdkCfg = cfg.SDKConfig
-		if effectiveProxyURL == "" {
-			effectiveProxyURL = strings.TrimSpace(cfg.ProxyURL)
-		}
-	}
-	sdkCfg.ProxyURL = effectiveProxyURL
 	return &CodexAuth{
-		httpClient: util.SetProxy(&sdkCfg, &http.Client{}),
+		httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}),
 	}
 }

@@ -7,8 +7,6 @@ import (
 	"strings"
 	"sync/atomic"
 	"testing"
-
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
 )

 type roundTripFunc func(*http.Request) (*http.Response, error)
@@ -44,37 +42,3 @@ func TestRefreshTokensWithRetry_NonRetryableOnlyAttemptsOnce(t *testing.T) {
 		t.Fatalf("expected 1 refresh attempt, got %d", got)
 	}
 }
-
-func TestNewCodexAuthWithProxyURL_OverrideDirectDisablesProxy(t *testing.T) {
-	cfg := &config.Config{SDKConfig: config.SDKConfig{ProxyURL: "http://proxy.example.com:8080"}}
-	auth := NewCodexAuthWithProxyURL(cfg, "direct")
-
-	transport, ok := auth.httpClient.Transport.(*http.Transport)
-	if !ok || transport == nil {
-		t.Fatalf("expected http.Transport, got %T", auth.httpClient.Transport)
-	}
-	if transport.Proxy != nil {
-		t.Fatal("expected direct transport to disable proxy function")
-	}
-}
-
-func TestNewCodexAuthWithProxyURL_OverrideProxyTakesPrecedence(t *testing.T) {
-	cfg := &config.Config{SDKConfig: config.SDKConfig{ProxyURL: "http://global.example.com:8080"}}
-	auth := NewCodexAuthWithProxyURL(cfg, "http://override.example.com:8081")
-
-	transport, ok := auth.httpClient.Transport.(*http.Transport)
-	if !ok || transport == nil {
-		t.Fatalf("expected http.Transport, got %T", auth.httpClient.Transport)
-	}
-	req, errReq := http.NewRequest(http.MethodGet, "https://example.com", nil)
-	if errReq != nil {
-		t.Fatalf("new request: %v", errReq)
-	}
-	proxyURL, errProxy := transport.Proxy(req)
-	if errProxy != nil {
-		t.Fatalf("proxy func: %v", errProxy)
-	}
-	if proxyURL == nil || proxyURL.String() != "http://override.example.com:8081" {
-		t.Fatalf("proxy URL = %v, want http://override.example.com:8081", proxyURL)
-	}
-}
@@ -9,7 +9,7 @@ import (
 	"os"
 	"path/filepath"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/misc"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
 )

 // CodexTokenStorage stores OAuth2 token information for OpenAI Codex API authentication.
@@ -13,12 +13,12 @@ import (
 	"net/http"
 	"time"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/auth/codex"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/browser"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/misc"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
-	"github.com/router-for-me/CLIProxyAPI/v7/sdk/proxyutil"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/codex"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/browser"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/proxyutil"
 	log "github.com/sirupsen/logrus"
 	"github.com/tidwall/gjson"

@@ -10,7 +10,7 @@ import (
 	"path/filepath"
 	"strings"

-	"github.com/router-for-me/CLIProxyAPI/v7/internal/misc"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
 	log "github.com/sirupsen/logrus"
 )

@@ -0,0 +1,99 @@
+package iflow
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+// NormalizeCookie normalizes raw cookie strings for iFlow authentication flows.
+func NormalizeCookie(raw string) (string, error) {
+	trimmed := strings.TrimSpace(raw)
+	if trimmed == "" {
+		return "", fmt.Errorf("cookie cannot be empty")
+	}
+
+	combined := strings.Join(strings.Fields(trimmed), " ")
+	if !strings.HasSuffix(combined, ";") {
+		combined += ";"
+	}
+	if !strings.Contains(combined, "BXAuth=") {
+		return "", fmt.Errorf("cookie missing BXAuth field")
+	}
+	return combined, nil
+}
+
+// SanitizeIFlowFileName normalizes user identifiers for safe filename usage.
+func SanitizeIFlowFileName(raw string) string {
+	if raw == "" {
+		return ""
+	}
+	cleanEmail := strings.ReplaceAll(raw, "*", "x")
+	var result strings.Builder
+	for _, r := range cleanEmail {
+		if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '_' || r == '@' || r == '.' || r == '-' {
+			result.WriteRune(r)
+		}
+	}
+	return strings.TrimSpace(result.String())
+}
+
+// ExtractBXAuth extracts the BXAuth value from a cookie string.
+func ExtractBXAuth(cookie string) string {
+	parts := strings.Split(cookie, ";")
+	for _, part := range parts {
+		part = strings.TrimSpace(part)
+		if strings.HasPrefix(part, "BXAuth=") {
+			return strings.TrimPrefix(part, "BXAuth=")
+		}
+	}
+	return ""
+}
+
+// CheckDuplicateBXAuth checks if the given BXAuth value already exists in any iflow auth file.
+// Returns the path of the existing file if found, empty string otherwise.
+func CheckDuplicateBXAuth(authDir, bxAuth string) (string, error) {
+	if bxAuth == "" {
+		return "", nil
+	}
+
+	entries, err := os.ReadDir(authDir)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return "", nil
+		}
+		return "", fmt.Errorf("read auth dir failed: %w", err)
+	}
+
+	for _, entry := range entries {
+		if entry.IsDir() {
+			continue
+		}
+		name := entry.Name()
+		if !strings.HasPrefix(name, "iflow-") || !strings.HasSuffix(name, ".json") {
+			continue
+		}
+
+		filePath := filepath.Join(authDir, name)
+		data, err := os.ReadFile(filePath)
+		if err != nil {
+			continue
+		}
+
+		var tokenData struct {
+			Cookie string `json:"cookie"`
+		}
+		if err := json.Unmarshal(data, &tokenData); err != nil {
+			continue
+		}
+
+		existingBXAuth := ExtractBXAuth(tokenData.Cookie)
+		if existingBXAuth != "" && existingBXAuth == bxAuth {
+			return filePath, nil
+		}
+	}
+
+	return "", nil
+}
@@ -0,0 +1,523 @@
+package iflow
+
+import (
+	"compress/gzip"
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	// OAuth endpoints and client metadata are derived from the reference Python implementation.
+	iFlowOAuthTokenEndpoint     = "https://iflow.cn/oauth/token"
+	iFlowOAuthAuthorizeEndpoint = "https://iflow.cn/oauth"
+	iFlowUserInfoEndpoint       = "https://iflow.cn/api/oauth/getUserInfo"
+	iFlowSuccessRedirectURL     = "https://iflow.cn/oauth/success"
+
+	// Cookie authentication endpoints
+	iFlowAPIKeyEndpoint = "https://platform.iflow.cn/api/openapi/apikey"
+
+	// Client credentials provided by iFlow for the Code Assist integration.
+	iFlowOAuthClientID     = "10009311001"
+	iFlowOAuthClientSecret = "4Z3YjXycVsQvyGF1etiNlIBB4RsqSDtW"
+)
+
+// DefaultAPIBaseURL is the canonical chat completions endpoint.
+const DefaultAPIBaseURL = "https://apis.iflow.cn/v1"
+
+// SuccessRedirectURL is exposed for consumers needing the official success page.
+const SuccessRedirectURL = iFlowSuccessRedirectURL
+
+// CallbackPort defines the local port used for OAuth callbacks.
+const CallbackPort = 11451
+
+// IFlowAuth encapsulates the HTTP client helpers for the OAuth flow.
+type IFlowAuth struct {
+	httpClient *http.Client
+}
+
+// NewIFlowAuth constructs a new IFlowAuth with proxy-aware transport.
+func NewIFlowAuth(cfg *config.Config) *IFlowAuth {
+	client := &http.Client{Timeout: 30 * time.Second}
+	return &IFlowAuth{httpClient: util.SetProxy(&cfg.SDKConfig, client)}
+}
+
+// AuthorizationURL builds the authorization URL and matching redirect URI.
+func (ia *IFlowAuth) AuthorizationURL(state string, port int) (authURL, redirectURI string) {
+	redirectURI = fmt.Sprintf("http://localhost:%d/oauth2callback", port)
+	values := url.Values{}
+	values.Set("loginMethod", "phone")
+	values.Set("type", "phone")
+	values.Set("redirect", redirectURI)
+	values.Set("state", state)
+	values.Set("client_id", iFlowOAuthClientID)
+	authURL = fmt.Sprintf("%s?%s", iFlowOAuthAuthorizeEndpoint, values.Encode())
+	return authURL, redirectURI
+}
+
+// ExchangeCodeForTokens exchanges an authorization code for access and refresh tokens.
+func (ia *IFlowAuth) ExchangeCodeForTokens(ctx context.Context, code, redirectURI string) (*IFlowTokenData, error) {
+	form := url.Values{}
+	form.Set("grant_type", "authorization_code")
+	form.Set("code", code)
+	form.Set("redirect_uri", redirectURI)
+	form.Set("client_id", iFlowOAuthClientID)
+	form.Set("client_secret", iFlowOAuthClientSecret)
+
+	req, err := ia.newTokenRequest(ctx, form)
+	if err != nil {
+		return nil, err
+	}
+
+	return ia.doTokenRequest(ctx, req)
+}
+
+// RefreshTokens exchanges a refresh token for a new access token.
+func (ia *IFlowAuth) RefreshTokens(ctx context.Context, refreshToken string) (*IFlowTokenData, error) {
+	form := url.Values{}
+	form.Set("grant_type", "refresh_token")
+	form.Set("refresh_token", refreshToken)
+	form.Set("client_id", iFlowOAuthClientID)
+	form.Set("client_secret", iFlowOAuthClientSecret)
+
+	req, err := ia.newTokenRequest(ctx, form)
+	if err != nil {
+		return nil, err
+	}
+
+	return ia.doTokenRequest(ctx, req)
+}
+
+func (ia *IFlowAuth) newTokenRequest(ctx context.Context, form url.Values) (*http.Request, error) {
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, iFlowOAuthTokenEndpoint, strings.NewReader(form.Encode()))
+	if err != nil {
+		return nil, fmt.Errorf("iflow token: create request failed: %w", err)
+	}
+
+	basic := base64.StdEncoding.EncodeToString([]byte(iFlowOAuthClientID + ":" + iFlowOAuthClientSecret))
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Authorization", "Basic "+basic)
+	return req, nil
+}
+
+func (ia *IFlowAuth) doTokenRequest(ctx context.Context, req *http.Request) (*IFlowTokenData, error) {
+	resp, err := ia.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("iflow token: request failed: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("iflow token: read response failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		log.Debugf("iflow token request failed: status=%d body=%s", resp.StatusCode, string(body))
+		return nil, fmt.Errorf("iflow token: %d %s", resp.StatusCode, strings.TrimSpace(string(body)))
+	}
+
+	var tokenResp IFlowTokenResponse
+	if err = json.Unmarshal(body, &tokenResp); err != nil {
+		return nil, fmt.Errorf("iflow token: decode response failed: %w", err)
+	}
+
+	data := &IFlowTokenData{
+		AccessToken:  tokenResp.AccessToken,
+		RefreshToken: tokenResp.RefreshToken,
+		TokenType:    tokenResp.TokenType,
+		Scope:        tokenResp.Scope,
+		Expire:       time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339),
+	}
+
+	if tokenResp.AccessToken == "" {
+		log.Debug(string(body))
+		return nil, fmt.Errorf("iflow token: missing access token in response")
+	}
+
+	info, errAPI := ia.FetchUserInfo(ctx, tokenResp.AccessToken)
+	if errAPI != nil {
+		return nil, fmt.Errorf("iflow token: fetch user info failed: %w", errAPI)
+	}
+	if strings.TrimSpace(info.APIKey) == "" {
+		return nil, fmt.Errorf("iflow token: empty api key returned")
+	}
+	email := strings.TrimSpace(info.Email)
+	if email == "" {
+		email = strings.TrimSpace(info.Phone)
+	}
+	if email == "" {
+		return nil, fmt.Errorf("iflow token: missing account email/phone in user info")
+	}
+	data.APIKey = info.APIKey
+	data.Email = email
+
+	return data, nil
+}
+
+// FetchUserInfo retrieves account metadata (including API key) for the provided access token.
+func (ia *IFlowAuth) FetchUserInfo(ctx context.Context, accessToken string) (*userInfoData, error) {
+	if strings.TrimSpace(accessToken) == "" {
+		return nil, fmt.Errorf("iflow api key: access token is empty")
+	}
+
+	endpoint := fmt.Sprintf("%s?accessToken=%s", iFlowUserInfoEndpoint, url.QueryEscape(accessToken))
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
+	if err != nil {
+		return nil, fmt.Errorf("iflow api key: create request failed: %w", err)
+	}
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := ia.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("iflow api key: request failed: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("iflow api key: read response failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		log.Debugf("iflow api key failed: status=%d body=%s", resp.StatusCode, string(body))
+		return nil, fmt.Errorf("iflow api key: %d %s", resp.StatusCode, strings.TrimSpace(string(body)))
+	}
+
+	var result userInfoResponse
+	if err = json.Unmarshal(body, &result); err != nil {
+		return nil, fmt.Errorf("iflow api key: decode body failed: %w", err)
+	}
+
+	if !result.Success {
+		return nil, fmt.Errorf("iflow api key: request not successful")
+	}
+
+	if result.Data.APIKey == "" {
+		return nil, fmt.Errorf("iflow api key: missing api key in response")
+	}
+
+	return &result.Data, nil
+}
+
+// CreateTokenStorage converts token data into persistence storage.
+func (ia *IFlowAuth) CreateTokenStorage(data *IFlowTokenData) *IFlowTokenStorage {
+	if data == nil {
+		return nil
+	}
+	return &IFlowTokenStorage{
+		AccessToken:  data.AccessToken,
+		RefreshToken: data.RefreshToken,
+		LastRefresh:  time.Now().Format(time.RFC3339),
+		Expire:       data.Expire,
+		APIKey:       data.APIKey,
+		Email:        data.Email,
+		TokenType:    data.TokenType,
+		Scope:        data.Scope,
+	}
+}
+
+// UpdateTokenStorage updates the persisted token storage with latest token data.
+func (ia *IFlowAuth) UpdateTokenStorage(storage *IFlowTokenStorage, data *IFlowTokenData) {
+	if storage == nil || data == nil {
+		return
+	}
+	storage.AccessToken = data.AccessToken
+	storage.RefreshToken = data.RefreshToken
+	storage.LastRefresh = time.Now().Format(time.RFC3339)
+	storage.Expire = data.Expire
+	if data.APIKey != "" {
+		storage.APIKey = data.APIKey
+	}
+	if data.Email != "" {
+		storage.Email = data.Email
+	}
+	storage.TokenType = data.TokenType
+	storage.Scope = data.Scope
+}
+
+// IFlowTokenResponse models the OAuth token endpoint response.
+type IFlowTokenResponse struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	ExpiresIn    int    `json:"expires_in"`
+	TokenType    string `json:"token_type"`
+	Scope        string `json:"scope"`
+}
+
+// IFlowTokenData captures processed token details.
+type IFlowTokenData struct {
+	AccessToken  string
+	RefreshToken string
+	TokenType    string
+	Scope        string
+	Expire       string
+	APIKey       string
+	Email        string
+	Cookie       string
+}
+
+// userInfoResponse represents the structure returned by the user info endpoint.
+type userInfoResponse struct {
+	Success bool         `json:"success"`
+	Data    userInfoData `json:"data"`
+}
+
+type userInfoData struct {
+	APIKey string `json:"apiKey"`
+	Email  string `json:"email"`
+	Phone  string `json:"phone"`
+}
+
+// iFlowAPIKeyResponse represents the response from the API key endpoint
+type iFlowAPIKeyResponse struct {
+	Success bool         `json:"success"`
+	Code    string       `json:"code"`
+	Message string       `json:"message"`
+	Data    iFlowKeyData `json:"data"`
+	Extra   interface{}  `json:"extra"`
+}
+
+// iFlowKeyData contains the API key information
+type iFlowKeyData struct {
+	HasExpired bool   `json:"hasExpired"`
+	ExpireTime string `json:"expireTime"`
+	Name       string `json:"name"`
+	APIKey     string `json:"apiKey"`
+	APIKeyMask string `json:"apiKeyMask"`
+}
+
+// iFlowRefreshRequest represents the request body for refreshing API key
+type iFlowRefreshRequest struct {
+	Name string `json:"name"`
+}
+
+// AuthenticateWithCookie performs authentication using browser cookies
+func (ia *IFlowAuth) AuthenticateWithCookie(ctx context.Context, cookie string) (*IFlowTokenData, error) {
+	if strings.TrimSpace(cookie) == "" {
+		return nil, fmt.Errorf("iflow cookie authentication: cookie is empty")
+	}
+
+	// First, get initial API key information using GET request to obtain the name
+	keyInfo, err := ia.fetchAPIKeyInfo(ctx, cookie)
+	if err != nil {
+		return nil, fmt.Errorf("iflow cookie authentication: fetch initial API key info failed: %w", err)
+	}
+
+	// Refresh the API key using POST request
+	refreshedKeyInfo, err := ia.RefreshAPIKey(ctx, cookie, keyInfo.Name)
+	if err != nil {
+		return nil, fmt.Errorf("iflow cookie authentication: refresh API key failed: %w", err)
+	}
+
+	// Convert to token data format using refreshed key
+	data := &IFlowTokenData{
+		APIKey: refreshedKeyInfo.APIKey,
+		Expire: refreshedKeyInfo.ExpireTime,
+		Email:  refreshedKeyInfo.Name,
+		Cookie: cookie,
+	}
+
+	return data, nil
+}
+
+// fetchAPIKeyInfo retrieves API key information using GET request with cookie
+func (ia *IFlowAuth) fetchAPIKeyInfo(ctx context.Context, cookie string) (*iFlowKeyData, error) {
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, iFlowAPIKeyEndpoint, nil)
+	if err != nil {
+		return nil, fmt.Errorf("iflow cookie: create GET request failed: %w", err)
+	}
+
+	// Set cookie and other headers to mimic browser
+	req.Header.Set("Cookie", cookie)
+	req.Header.Set("Accept", "application/json, text/plain, */*")
+	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36")
+	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8")
+	req.Header.Set("Accept-Encoding", "gzip, deflate, br")
+	req.Header.Set("Connection", "keep-alive")
+	req.Header.Set("Sec-Fetch-Dest", "empty")
+	req.Header.Set("Sec-Fetch-Mode", "cors")
+	req.Header.Set("Sec-Fetch-Site", "same-origin")
+
+	resp, err := ia.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("iflow cookie: GET request failed: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	// Handle gzip compression
+	var reader io.Reader = resp.Body
+	if resp.Header.Get("Content-Encoding") == "gzip" {
+		gzipReader, err := gzip.NewReader(resp.Body)
+		if err != nil {
+			return nil, fmt.Errorf("iflow cookie: create gzip reader failed: %w", err)
+		}
+		defer func() { _ = gzipReader.Close() }()
+		reader = gzipReader
+	}
+
+	body, err := io.ReadAll(reader)
+	if err != nil {
+		return nil, fmt.Errorf("iflow cookie: read GET response failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		log.Debugf("iflow cookie GET request failed: status=%d body=%s", resp.StatusCode, string(body))
+		return nil, fmt.Errorf("iflow cookie: GET request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))
+	}
+
+	var keyResp iFlowAPIKeyResponse
+	if err = json.Unmarshal(body, &keyResp); err != nil {
+		return nil, fmt.Errorf("iflow cookie: decode GET response failed: %w", err)
+	}
+
+	if !keyResp.Success {
+		return nil, fmt.Errorf("iflow cookie: GET request not successful: %s", keyResp.Message)
+	}
+
+	// Handle initial response where apiKey field might be apiKeyMask
+	if keyResp.Data.APIKey == "" && keyResp.Data.APIKeyMask != "" {
+		keyResp.Data.APIKey = keyResp.Data.APIKeyMask
+	}
+
+	return &keyResp.Data, nil
+}
+
+// RefreshAPIKey refreshes the API key using POST request
+func (ia *IFlowAuth) RefreshAPIKey(ctx context.Context, cookie, name string) (*iFlowKeyData, error) {
+	if strings.TrimSpace(cookie) == "" {
+		return nil, fmt.Errorf("iflow cookie refresh: cookie is empty")
+	}
+	if strings.TrimSpace(name) == "" {
+		return nil, fmt.Errorf("iflow cookie refresh: name is empty")
+	}
+
+	// Prepare request body
+	refreshReq := iFlowRefreshRequest{
+		Name: name,
+	}
+
+	bodyBytes, err := json.Marshal(refreshReq)
+	if err != nil {
+		return nil, fmt.Errorf("iflow cookie refresh: marshal request failed: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, iFlowAPIKeyEndpoint, strings.NewReader(string(bodyBytes)))
+	if err != nil {
+		return nil, fmt.Errorf("iflow cookie refresh: create POST request failed: %w", err)
+	}
+
+	// Set cookie and other headers to mimic browser
+	req.Header.Set("Cookie", cookie)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json, text/plain, */*")
+	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36")
+	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8")
+	req.Header.Set("Accept-Encoding", "gzip, deflate, br")
+	req.Header.Set("Connection", "keep-alive")
+	req.Header.Set("Origin", "https://platform.iflow.cn")
+	req.Header.Set("Referer", "https://platform.iflow.cn/")
+
+	resp, err := ia.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("iflow cookie refresh: POST request failed: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	// Handle gzip compression
+	var reader io.Reader = resp.Body
+	if resp.Header.Get("Content-Encoding") == "gzip" {
+		gzipReader, err := gzip.NewReader(resp.Body)
+		if err != nil {
+			return nil, fmt.Errorf("iflow cookie refresh: create gzip reader failed: %w", err)
+		}
+		defer func() { _ = gzipReader.Close() }()
+		reader = gzipReader
+	}
+
+	body, err := io.ReadAll(reader)
+	if err != nil {
+		return nil, fmt.Errorf("iflow cookie refresh: read POST response failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		log.Debugf("iflow cookie POST request failed: status=%d body=%s", resp.StatusCode, string(body))
+		return nil, fmt.Errorf("iflow cookie refresh: POST request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))
+	}
+
+	var keyResp iFlowAPIKeyResponse
+	if err = json.Unmarshal(body, &keyResp); err != nil {
+		return nil, fmt.Errorf("iflow cookie refresh: decode POST response failed: %w", err)
+	}
+
+	if !keyResp.Success {
+		return nil, fmt.Errorf("iflow cookie refresh: POST request not successful: %s", keyResp.Message)
+	}
+
+	return &keyResp.Data, nil
+}
+
+// ShouldRefreshAPIKey checks if the API key needs to be refreshed (within 2 days of expiry)
+func ShouldRefreshAPIKey(expireTime string) (bool, time.Duration, error) {
+	if strings.TrimSpace(expireTime) == "" {
+		return false, 0, fmt.Errorf("iflow cookie: expire time is empty")
+	}
+
+	expire, err := time.Parse("2006-01-02 15:04", expireTime)
+	if err != nil {
+		return false, 0, fmt.Errorf("iflow cookie: parse expire time failed: %w", err)
+	}
+
+	now := time.Now()
+	twoDaysFromNow := now.Add(48 * time.Hour)
+
+	needsRefresh := expire.Before(twoDaysFromNow)
+	timeUntilExpiry := expire.Sub(now)
+
+	return needsRefresh, timeUntilExpiry, nil
+}
+
+// CreateCookieTokenStorage converts cookie-based token data into persistence storage
+func (ia *IFlowAuth) CreateCookieTokenStorage(data *IFlowTokenData) *IFlowTokenStorage {
+	if data == nil {
+		return nil
+	}
+
+	// Only save the BXAuth field from the cookie
+	bxAuth := ExtractBXAuth(data.Cookie)
+	cookieToSave := ""
+	if bxAuth != "" {
+		cookieToSave = "BXAuth=" + bxAuth + ";"
+	}
+
+	return &IFlowTokenStorage{
+		APIKey:      data.APIKey,
+		Email:       data.Email,
+		Expire:      data.Expire,
+		Cookie:      cookieToSave,
+		LastRefresh: time.Now().Format(time.RFC3339),
+		Type:        "iflow",
+	}
+}
+
+// UpdateCookieTokenStorage updates the persisted token storage with refreshed API key data
+func (ia *IFlowAuth) UpdateCookieTokenStorage(storage *IFlowTokenStorage, keyData *iFlowKeyData) {
+	if storage == nil || keyData == nil {
+		return
+	}
+
+	storage.APIKey = keyData.APIKey
+	storage.Expire = keyData.ExpireTime
+	storage.LastRefresh = time.Now().Format(time.RFC3339)
+}
@@ -0,0 +1,59 @@
+package iflow
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
+)
+
+// IFlowTokenStorage persists iFlow OAuth credentials alongside the derived API key.
+type IFlowTokenStorage struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	LastRefresh  string `json:"last_refresh"`
+	Expire       string `json:"expired"`
+	APIKey       string `json:"api_key"`
+	Email        string `json:"email"`
+	TokenType    string `json:"token_type"`
+	Scope        string `json:"scope"`
+	Cookie       string `json:"cookie"`
+	Type         string `json:"type"`
+
+	// Metadata holds arbitrary key-value pairs injected via hooks.
+	// It is not exported to JSON directly to allow flattening during serialization.
+	Metadata map[string]any `json:"-"`
+}
+
+// SetMetadata allows external callers to inject metadata into the storage before saving.
+func (ts *IFlowTokenStorage) SetMetadata(meta map[string]any) {
+	ts.Metadata = meta
+}
+
+// SaveTokenToFile serialises the token storage to disk.
+func (ts *IFlowTokenStorage) SaveTokenToFile(authFilePath string) error {
+	misc.LogSavingCredentials(authFilePath)
+	ts.Type = "iflow"
+	if err := os.MkdirAll(filepath.Dir(authFilePath), 0o700); err != nil {
+		return fmt.Errorf("iflow token: create directory failed: %w", err)
+	}
+
+	f, err := os.Create(authFilePath)
+	if err != nil {
+		return fmt.Errorf("iflow token: create file failed: %w", err)
+	}
+	defer func() { _ = f.Close() }()
+
+	// Merge metadata using helper
+	data, errMerge := misc.MergeMetadata(ts, ts.Metadata)
+	if errMerge != nil {
+		return fmt.Errorf("failed to merge metadata: %w", errMerge)
+	}
+
+	if err = json.NewEncoder(f).Encode(data); err != nil {
+		return fmt.Errorf("iflow token: encode token failed: %w", err)
+	}
+	return nil
+}
@@ -0,0 +1,143 @@
+package iflow
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+const errorRedirectURL = "https://iflow.cn/oauth/error"
+
+// OAuthResult captures the outcome of the local OAuth callback.
+type OAuthResult struct {
+	Code  string
+	State string
+	Error string
+}
+
+// OAuthServer provides a minimal HTTP server for handling the iFlow OAuth callback.
+type OAuthServer struct {
+	server  *http.Server
+	port    int
+	result  chan *OAuthResult
+	errChan chan error
+	mu      sync.Mutex
+	running bool
+}
+
+// NewOAuthServer constructs a new OAuthServer bound to the provided port.
+func NewOAuthServer(port int) *OAuthServer {
+	return &OAuthServer{
+		port:    port,
+		result:  make(chan *OAuthResult, 1),
+		errChan: make(chan error, 1),
+	}
+}
+
+// Start launches the callback listener.
+func (s *OAuthServer) Start() error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	if s.running {
+		return fmt.Errorf("iflow oauth server already running")
+	}
+	if !s.isPortAvailable() {
+		return fmt.Errorf("port %d is already in use", s.port)
+	}
+
+	mux := http.NewServeMux()
+	mux.HandleFunc("/oauth2callback", s.handleCallback)
+
+	s.server = &http.Server{
+		Addr:         fmt.Sprintf(":%d", s.port),
+		Handler:      mux,
+		ReadTimeout:  10 * time.Second,
+		WriteTimeout: 10 * time.Second,
+	}
+
+	s.running = true
+
+	go func() {
+		if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			s.errChan <- err
+		}
+	}()
+
+	time.Sleep(100 * time.Millisecond)
+	return nil
+}
+
+// Stop gracefully terminates the callback listener.
+func (s *OAuthServer) Stop(ctx context.Context) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	if !s.running || s.server == nil {
+		return nil
+	}
+	defer func() {
+		s.running = false
+		s.server = nil
+	}()
+	return s.server.Shutdown(ctx)
+}
+
+// WaitForCallback blocks until a callback result, server error, or timeout occurs.
+func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) {
+	select {
+	case res := <-s.result:
+		return res, nil
+	case err := <-s.errChan:
+		return nil, err
+	case <-time.After(timeout):
+		return nil, fmt.Errorf("timeout waiting for OAuth callback")
+	}
+}
+
+func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	query := r.URL.Query()
+	if errParam := strings.TrimSpace(query.Get("error")); errParam != "" {
+		s.sendResult(&OAuthResult{Error: errParam})
+		http.Redirect(w, r, errorRedirectURL, http.StatusFound)
+		return
+	}
+
+	code := strings.TrimSpace(query.Get("code"))
+	if code == "" {
+		s.sendResult(&OAuthResult{Error: "missing_code"})
+		http.Redirect(w, r, errorRedirectURL, http.StatusFound)
+		return
+	}
+
+	state := query.Get("state")
+	s.sendResult(&OAuthResult{Code: code, State: state})
+	http.Redirect(w, r, SuccessRedirectURL, http.StatusFound)
+}
+
+func (s *OAuthServer) sendResult(res *OAuthResult) {
+	select {
+	case s.result <- res:
+	default:
+		log.Debug("iflow oauth result channel full, dropping result")
+	}
+}
+
+func (s *OAuthServer) isPortAvailable() bool {
+	addr := fmt.Sprintf(":%d", s.port)
+	listener, err := net.Listen("tcp", addr)
+	if err != nil {
+		return false
+	}
+	_ = listener.Close()
+	return true
+}
@@ -15,8 +15,8 @@ import (
 	"time"

 	"github.com/google/uuid"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/util"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	log "github.com/sirupsen/logrus"
 )

@@ -102,24 +102,10 @@ func NewDeviceFlowClient(cfg *config.Config) *DeviceFlowClient {

 // NewDeviceFlowClientWithDeviceID creates a new device flow client with the specified device ID.
 func NewDeviceFlowClientWithDeviceID(cfg *config.Config, deviceID string) *DeviceFlowClient {
-	return NewDeviceFlowClientWithDeviceIDAndProxyURL(cfg, deviceID, "")
-}
-
-// NewDeviceFlowClientWithDeviceIDAndProxyURL creates a new device flow client with a proxy override.
-// proxyURL takes precedence over cfg.ProxyURL when non-empty.
-func NewDeviceFlowClientWithDeviceIDAndProxyURL(cfg *config.Config, deviceID string, proxyURL string) *DeviceFlowClient {
 	client := &http.Client{Timeout: 30 * time.Second}
-	effectiveProxyURL := strings.TrimSpace(proxyURL)
-	var sdkCfg config.SDKConfig
 	if cfg != nil {
-		sdkCfg = cfg.SDKConfig
-		if effectiveProxyURL == "" {
-			effectiveProxyURL = strings.TrimSpace(cfg.ProxyURL)
-		}
+		client = util.SetProxy(&cfg.SDKConfig, client)
 	}
-	sdkCfg.ProxyURL = effectiveProxyURL
-	client = util.SetProxy(&sdkCfg, client)
-
 	resolvedDeviceID := strings.TrimSpace(deviceID)
 	if resolvedDeviceID == "" {
 		resolvedDeviceID = getOrCreateDeviceID()
@@ -1,42 +0,0 @@
-package kimi
-
-import (
-	"net/http"
-	"testing"
-
-	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
-)
-
-func TestNewDeviceFlowClientWithDeviceIDAndProxyURL_OverrideDirectDisablesProxy(t *testing.T) {
-	cfg := &config.Config{SDKConfig: config.SDKConfig{ProxyURL: "http://proxy.example.com:8080"}}
-	client := NewDeviceFlowClientWithDeviceIDAndProxyURL(cfg, "device-1", "direct")
-
-	transport, ok := client.httpClient.Transport.(*http.Transport)
-	if !ok || transport == nil {
-		t.Fatalf("expected http.Transport, got %T", client.httpClient.Transport)
-	}
-	if transport.Proxy != nil {
-		t.Fatal("expected direct transport to disable proxy function")
-	}
-}
-
-func TestNewDeviceFlowClientWithDeviceIDAndProxyURL_OverrideProxyTakesPrecedence(t *testing.T) {
-	cfg := &config.Config{SDKConfig: config.SDKConfig{ProxyURL: "http://global.example.com:8080"}}
-	client := NewDeviceFlowClientWithDeviceIDAndProxyURL(cfg, "device-1", "http://override.example.com:8081")
-
-	transport, ok := client.httpClient.Transport.(*http.Transport)
-	if !ok || transport == nil {
-		t.Fatalf("expected http.Transport, got %T", client.httpClient.Transport)
-	}
-	req, errReq := http.NewRequest(http.MethodGet, "https://example.com", nil)
-	if errReq != nil {
-		t.Fatalf("new request: %v", errReq)
-	}
-	proxyURL, errProxy := transport.Proxy(req)
-	if errProxy != nil {
-		t.Fatalf("proxy func: %v", errProxy)
-	}
-	if proxyURL == nil || proxyURL.String() != "http://override.example.com:8081" {
-		t.Fatalf("proxy URL = %v, want http://override.example.com:8081", proxyURL)
-	}
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
airkjw	4e96fc3813	docs: add v6.10.4 update history v6.9.38 → v6.10.4 (69 commits): WebSocket compact handling, session affinity via X-Amp-Thread-Id, Codex reasoning/image improvements, GPT-5.5 model, optional OpenAI-compat disable. Updated without re-auth. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-04 13:27:37 +09:00
JOUNGWOOK KWON	a79b78d64a	docs: add v6.9.38 update history v6.9.38 introduces protocol multiplexer + Redis queue and IP ban on repeated management/Redis AUTH failures. Updated without re-auth. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 18:22:04 +09:00
JOUNGWOOK KWON	841e16536d	docs: add update history (v6.9.7 → v6.9.34) Auth file format unchanged so no re-authentication needed. Added update procedure section to DOCKER_DEPLOY.md for future reference. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-23 00:20:44 +09:00
JOUNGWOOK KWON	f93dde43df	docs: add API usage guide with multi-language code examples curl, Python(Anthropic/OpenAI SDK), Node.js(Anthropic/OpenAI SDK), Claude Code CLI 등 다양한 호출 방법 정리 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-31 21:23:22 +09:00
JOUNGWOOK KWON	84a2874c7b	docs: add Docker deployment and reverse proxy setup guides - DOCKER_DEPLOY.md: NAS Docker 배포 전체 가이드 (컨테이너 설정, config.yaml, 포트 등) - REVERSE_PROXY_SETUP.md: cliproxy.gru.farm HTTPS/역방향 프록시 설정 가이드 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-31 21:20:55 +09:00