feat(translator): add usage metadata aggregation for Claude and OpenAI responses

- Integrated input, output, reasoning, and total token tracking in response processing for Claude and OpenAI.
- Ensured support for usage details even when specific fields are missing in the response.
- Enhanced completion outputs with aggregated usage details for accurate reporting.

README.md

@@ -62,6 +62,16 @@ The first Chinese provider has now been added: [Qwen Code](https://github.com/Qw
 
 ## Usage
 
+### GUI Client & Official WebUI
+
+#### [EasyCLI](https://github.com/router-for-me/EasyCLI)
+
+A cross-platform desktop GUI client for CLIProxyAPI. 
+
+#### [Cli-Proxy-API-Management-Center](https://github.com/router-for-me/Cli-Proxy-API-Management-Center)
+
+A web-based management center for CLIProxyAPI.  
+
 ### Authentication
 
 You can authenticate for Gemini, OpenAI, and/or Claude. All can coexist in the same `auth-dir` and will be load balanced.
@@ -270,6 +280,8 @@ The server uses a YAML configuration file (`config.yaml`) located in the project
 | `quota-exceeded.switch-project`         | boolean  | true               | Whether to automatically switch to another project when a quota is exceeded.                                                                                                              |
 | `quota-exceeded.switch-preview-model`   | boolean  | true               | Whether to automatically switch to a preview model when a quota is exceeded.                                                                                                              |
 | `debug`                                 | boolean  | false              | Enable debug mode for verbose logging.                                                                                                                                                    |
+| `logging-to-file`                       | boolean  | true               | Write application logs to rotating files instead of stdout. Set to `false` to log to stdout/stderr.                                                                                      |
+| `usage-statistics-enabled`              | boolean  | true               | Enable in-memory usage aggregation for management APIs. Disable to drop all collected usage metrics.                                                                                    |
 | `auth`                                  | object   | {}                 | Request authentication configuration.                                                                                                                                                     |
 | `auth.providers`                        | object[] | []                 | Authentication providers. Includes built-in `config-api-key` for inline keys.                                                                                                             |
 | `auth.providers.*.name`                 | string   | ""                 | Provider instance name.                                                                                                                                                                   |
@@ -319,6 +331,12 @@ auth-dir: "~/.cli-proxy-api"
 # Enable debug logging
 debug: false
 
+# When true, write application logs to rotating files instead of stdout
+logging-to-file: true
+
+# When false, disable in-memory usage statistics aggregation
+usage-statistics-enabled: true
+
 # Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/
 proxy-url: ""
 
@@ -626,8 +644,11 @@ see [MANAGEMENT_API.md](MANAGEMENT_API.md)
 
 ## SDK Docs
 
-- Usage: `docs/sdk-usage.md` (中文: `docs/sdk-usage_CN.md`)
-- Advanced (executors & translators): `docs/sdk-advanced.md` (中文: `docs/sdk-advanced_CN.md`)
+- Usage: [docs/sdk-usage.md](docs/sdk-usage.md)
+- Advanced (executors & translators): [docs/sdk-advanced.md](docs/sdk-advanced.md)
+- Access: [docs/sdk-access.md](docs/sdk-access.md)
+- Watcher: [docs/sdk-watcher.md](docs/sdk-watcher.md)
+- Custom Provider Example: `examples/custom-provider`
 
 ## Contributing
 

README_CN.md

@@ -75,6 +75,16 @@
 
 ## 使用方法
 
+### 图形客户端与官方 WebUI
+
+#### [EasyCLI](https://github.com/router-for-me/EasyCLI)
+
+CLIProxyAPI 的跨平台桌面图形客户端。
+
+#### [Cli-Proxy-API-Management-Center](https://github.com/router-for-me/Cli-Proxy-API-Management-Center)
+
+CLIProxyAPI 的基于 Web 的管理中心。
+
 ### 身份验证
 
 您可以分别为 Gemini、OpenAI 和 Claude 进行身份验证，三者可同时存在于同一个 `auth-dir` 中并参与负载均衡。
@@ -282,6 +292,8 @@ console.log(await claudeResponse.json());
 | `quota-exceeded.switch-project`         | boolean  | true               | 当配额超限时，是否自动切换到另一个项目。                                                |
 | `quota-exceeded.switch-preview-model`   | boolean  | true               | 当配额超限时，是否自动切换到预览模型。                                                 |
 | `debug`                                 | boolean  | false              | 启用调试模式以获取详细日志。                                                      |
+| `logging-to-file`                       | boolean  | true               | 是否将应用日志写入滚动文件；设为 false 时输出到 stdout/stderr。                           |
+| `usage-statistics-enabled`              | boolean  | true               | 是否启用内存中的使用统计；设为 false 时直接丢弃所有统计数据。                               |
 | `auth`                                  | object   | {}                 | 请求鉴权配置。                                                                  |
 | `auth.providers`                        | object[] | []                 | 鉴权提供方列表，内置 `config-api-key` 支持内联密钥。                             |
 | `auth.providers.*.name`                 | string   | ""                 | 提供方实例名称。                                                                |
@@ -330,6 +342,12 @@ auth-dir: "~/.cli-proxy-api"
 # 启用调试日志
 debug: false
 
+# 为 true 时将应用日志写入滚动文件而不是 stdout
+logging-to-file: true
+
+# 为 false 时禁用内存中的使用统计并直接丢弃所有数据
+usage-statistics-enabled: true
+
 # 代理URL。支持socks5/http/https协议。例如：socks5://user:pass@192.168.1.1:1080/
 proxy-url: ""
 
@@ -635,8 +653,10 @@ docker run --rm -p 8317:8317 -v /path/to/your/config.yaml:/CLIProxyAPI/config.ya
 
 ## SDK 文档
 
-- 使用文档：`docs/sdk-usage_CN.md`（English: `docs/sdk-usage.md`）
-- 高级（执行器与翻译器）：`docs/sdk-advanced_CN.md`（English: `docs/sdk-advanced.md`）
+- 使用文档：[docs/sdk-usage_CN.md](docs/sdk-usage_CN.md)
+- 高级（执行器与翻译器）：[docs/sdk-advanced_CN.md](docs/sdk-advanced_CN.md)
+- 认证: [docs/sdk-access_CN.md](docs/sdk-access_CN.md)
+- 凭据加载/更新: [docs/sdk-watcher_CN.md](docs/sdk-watcher_CN.md)
 - 自定义 Provider 示例：`examples/custom-provider`
 
 ## 贡献

cmd/server/main.go

@@ -14,6 +14,7 @@ import (
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
 	_ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/usage"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
 	log "github.com/sirupsen/logrus"
@@ -111,6 +112,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("failed to load config: %v", err)
 	}
+	usage.SetStatisticsEnabled(cfg.UsageStatisticsEnabled)
 
 	if err = logging.ConfigureLogOutput(cfg.LoggingToFile); err != nil {
 		log.Fatalf("failed to configure log output: %v", err)

config.example.yaml

@@ -21,6 +21,9 @@ debug: false
 # When true, write application logs to rotating files instead of stdout
 logging-to-file: true
 
+# When false, disable in-memory usage statistics aggregation
+usage-statistics-enabled: true
+
 # Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/
 proxy-url: ""
 

internal/api/handlers/management/config_basic.go

@@ -12,6 +12,22 @@ func (h *Handler) GetConfig(c *gin.Context) {
 func (h *Handler) GetDebug(c *gin.Context) { c.JSON(200, gin.H{"debug": h.cfg.Debug}) }
 func (h *Handler) PutDebug(c *gin.Context) { h.updateBoolField(c, func(v bool) { h.cfg.Debug = v }) }
 
+// UsageStatisticsEnabled
+func (h *Handler) GetUsageStatisticsEnabled(c *gin.Context) {
+	c.JSON(200, gin.H{"usage-statistics-enabled": h.cfg.UsageStatisticsEnabled})
+}
+func (h *Handler) PutUsageStatisticsEnabled(c *gin.Context) {
+	h.updateBoolField(c, func(v bool) { h.cfg.UsageStatisticsEnabled = v })
+}
+
+// UsageStatisticsEnabled
+func (h *Handler) GetLoggingToFile(c *gin.Context) {
+	c.JSON(200, gin.H{"logging-to-file": h.cfg.LoggingToFile})
+}
+func (h *Handler) PutLoggingToFile(c *gin.Context) {
+	h.updateBoolField(c, func(v bool) { h.cfg.LoggingToFile = v })
+}
+
 // Request log
 func (h *Handler) GetRequestLog(c *gin.Context) { c.JSON(200, gin.H{"request-log": h.cfg.RequestLog}) }
 func (h *Handler) PutRequestLog(c *gin.Context) {

internal/api/server.go

@@ -24,6 +24,7 @@ import (
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/api/middleware"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/usage"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access"
 	"github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
@@ -193,7 +194,7 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk
 		loggerToggle:   toggle,
 		configFilePath: configFilePath,
 	}
-	s.applyAccessConfig(cfg)
+	s.applyAccessConfig(nil, cfg)
 	// Initialize management handler
 	s.mgmt = managementHandlers.NewHandler(cfg, configFilePath, authManager)
 	if optionState.localPassword != "" {
@@ -317,6 +318,14 @@ func (s *Server) setupRoutes() {
 			mgmt.PUT("/debug", s.mgmt.PutDebug)
 			mgmt.PATCH("/debug", s.mgmt.PutDebug)
 
+			mgmt.GET("/logging-to-file", s.mgmt.GetLoggingToFile)
+			mgmt.PUT("/logging-to-file", s.mgmt.PutLoggingToFile)
+			mgmt.PATCH("/logging-to-file", s.mgmt.PutLoggingToFile)
+
+			mgmt.GET("/usage-statistics-enabled", s.mgmt.GetUsageStatisticsEnabled)
+			mgmt.PUT("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled)
+			mgmt.PATCH("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled)
+
 			mgmt.GET("/proxy-url", s.mgmt.GetProxyURL)
 			mgmt.PUT("/proxy-url", s.mgmt.PutProxyURL)
 			mgmt.PATCH("/proxy-url", s.mgmt.PutProxyURL)
@@ -538,16 +547,23 @@ func corsMiddleware() gin.HandlerFunc {
 	}
 }
 
-func (s *Server) applyAccessConfig(cfg *config.Config) {
-	if s == nil || s.accessManager == nil {
+func (s *Server) applyAccessConfig(oldCfg, newCfg *config.Config) {
+	if s == nil || s.accessManager == nil || newCfg == nil {
 		return
 	}
-	providers, err := sdkaccess.BuildProviders(cfg)
+	existing := s.accessManager.Providers()
+	providers, added, updated, removed, err := sdkaccess.ReconcileProviders(oldCfg, newCfg, existing)
 	if err != nil {
-		log.Errorf("failed to update request auth providers: %v", err)
+		log.Errorf("failed to reconcile request auth providers: %v", err)
 		return
 	}
 	s.accessManager.SetProviders(providers)
+	if len(added)+len(updated)+len(removed) > 0 {
+		log.Debugf("auth providers reconciled (added=%d updated=%d removed=%d)", len(added), len(updated), len(removed))
+		log.Debugf("auth provider changes details - added=%v updated=%v removed=%v", added, updated, removed)
+	} else {
+		log.Debug("auth providers unchanged after config update")
+	}
 }
 
 // UpdateClients updates the server's client list and configuration.
@@ -557,37 +573,60 @@ func (s *Server) applyAccessConfig(cfg *config.Config) {
 //   - clients: The new slice of AI service clients
 //   - cfg: The new application configuration
 func (s *Server) UpdateClients(cfg *config.Config) {
+	oldCfg := s.cfg
+
 	// Update request logger enabled state if it has changed
-	if s.requestLogger != nil && s.cfg.RequestLog != cfg.RequestLog {
+	previousRequestLog := false
+	if oldCfg != nil {
+		previousRequestLog = oldCfg.RequestLog
+	}
+	if s.requestLogger != nil && (oldCfg == nil || previousRequestLog != cfg.RequestLog) {
 		if s.loggerToggle != nil {
 			s.loggerToggle(cfg.RequestLog)
 		} else if toggler, ok := s.requestLogger.(interface{ SetEnabled(bool) }); ok {
 			toggler.SetEnabled(cfg.RequestLog)
 		}
-		log.Debugf("request logging updated from %t to %t", s.cfg.RequestLog, cfg.RequestLog)
+		if oldCfg != nil {
+			log.Debugf("request logging updated from %t to %t", previousRequestLog, cfg.RequestLog)
+		} else {
+			log.Debugf("request logging toggled to %t", cfg.RequestLog)
+		}
 	}
 
-	if s.cfg.LoggingToFile != cfg.LoggingToFile {
+	if oldCfg != nil && oldCfg.LoggingToFile != cfg.LoggingToFile {
 		if err := logging.ConfigureLogOutput(cfg.LoggingToFile); err != nil {
 			log.Errorf("failed to reconfigure log output: %v", err)
 		} else {
-			log.Debugf("logging_to_file updated from %t to %t", s.cfg.LoggingToFile, cfg.LoggingToFile)
+			log.Debugf("logging_to_file updated from %t to %t", oldCfg.LoggingToFile, cfg.LoggingToFile)
+		}
+	}
+
+	if oldCfg == nil || oldCfg.UsageStatisticsEnabled != cfg.UsageStatisticsEnabled {
+		usage.SetStatisticsEnabled(cfg.UsageStatisticsEnabled)
+		if oldCfg != nil {
+			log.Debugf("usage_statistics_enabled updated from %t to %t", oldCfg.UsageStatisticsEnabled, cfg.UsageStatisticsEnabled)
+		} else {
+			log.Debugf("usage_statistics_enabled toggled to %t", cfg.UsageStatisticsEnabled)
 		}
 	}
 
 	// Update log level dynamically when debug flag changes
-	if s.cfg.Debug != cfg.Debug {
+	if oldCfg == nil || oldCfg.Debug != cfg.Debug {
 		util.SetLogLevel(cfg)
-		log.Debugf("debug mode updated from %t to %t", s.cfg.Debug, cfg.Debug)
+		if oldCfg != nil {
+			log.Debugf("debug mode updated from %t to %t", oldCfg.Debug, cfg.Debug)
+		} else {
+			log.Debugf("debug mode toggled to %t", cfg.Debug)
+		}
 	}
 
+	s.applyAccessConfig(oldCfg, cfg)
 	s.cfg = cfg
 	s.handlers.UpdateClients(cfg)
 	if s.mgmt != nil {
 		s.mgmt.SetConfig(cfg)
 		s.mgmt.SetAuthManager(s.handlers.AuthManager)
 	}
-	s.applyAccessConfig(cfg)
 
 	// Count client sources from configuration and auth directory
 	authFiles := util.CountAuthFiles(cfg.AuthDir)

internal/cmd/gemini-web_auth.go

@@ -18,9 +18,16 @@ import (
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
-	log "github.com/sirupsen/logrus"
 )
 
+// banner prints a simple ASCII banner for clarity without ANSI colors.
+func banner(title string) {
+	line := strings.Repeat("=", len(title)+8)
+	fmt.Println(line)
+	fmt.Println("=== " + title + " ===")
+	fmt.Println(line)
+}
+
 // DoGeminiWebAuth handles the process of creating a Gemini Web token file.
 // New flow:
 //  1. Prompt user to paste the full cookie string.
@@ -32,78 +39,82 @@ func DoGeminiWebAuth(cfg *config.Config) {
 
 	reader := bufio.NewReader(os.Stdin)
 	isMacOS := strings.HasPrefix(runtime.GOOS, "darwin")
+	cookieProvided := false
+	banner("Gemini Web Cookie Sign-in")
 	if !isMacOS {
-		fmt.Print("Paste your full Google Cookie and press Enter: ")
+		// NOTE: Provide extra guidance for macOS users or anyone unsure about retrieving cookies.
+		fmt.Println("--- Cookie Input ---")
+		fmt.Println(">> Paste your full Google Cookie and press Enter")
+		fmt.Println("Tip: If you are on macOS, or don't know how to get the cookie, just press Enter and follow the prompts.")
+		fmt.Print("Cookie: ")
 		rawCookie, _ := reader.ReadString('\n')
 		rawCookie = strings.TrimSpace(rawCookie)
 		if rawCookie == "" {
-			log.Fatal("Cookie cannot be empty")
-			return
-		}
-
-		// Parse K=V cookie pairs separated by ';'
-		cookieMap := make(map[string]string)
-		parts := strings.Split(rawCookie, ";")
-		for _, p := range parts {
-			p = strings.TrimSpace(p)
-			if p == "" {
-				continue
-			}
-			if eq := strings.Index(p, "="); eq > 0 {
-				k := strings.TrimSpace(p[:eq])
-				v := strings.TrimSpace(p[eq+1:])
-				if k != "" {
-					cookieMap[k] = v
+			// Skip cookie-based parsing; fall back to manual field prompts.
+			fmt.Println("==> No cookie provided. Proceeding with manual input.")
+		} else {
+			cookieProvided = true
+			// Parse K=V cookie pairs separated by ';'
+			cookieMap := make(map[string]string)
+			parts := strings.Split(rawCookie, ";")
+			for _, p := range parts {
+				p = strings.TrimSpace(p)
+				if p == "" {
+					continue
+				}
+				if eq := strings.Index(p, "="); eq > 0 {
+					k := strings.TrimSpace(p[:eq])
+					v := strings.TrimSpace(p[eq+1:])
+					if k != "" {
+						cookieMap[k] = v
+					}
 				}
 			}
-		}
-		secure1psid = strings.TrimSpace(cookieMap["__Secure-1PSID"])
-		secure1psidts = strings.TrimSpace(cookieMap["__Secure-1PSIDTS"])
+			secure1psid = strings.TrimSpace(cookieMap["__Secure-1PSID"])
+			secure1psidts = strings.TrimSpace(cookieMap["__Secure-1PSIDTS"])
 
-		// Build HTTP client with proxy settings respected.
-		httpClient := &http.Client{Timeout: 15 * time.Second}
-		httpClient = util.SetProxy(cfg, httpClient)
+			// Build HTTP client with proxy settings respected.
+			httpClient := &http.Client{Timeout: 15 * time.Second}
+			httpClient = util.SetProxy(cfg, httpClient)
 
-		// Request ListAccounts to extract email as label (use POST per upstream behavior).
-		req, err := http.NewRequest(http.MethodPost, "https://accounts.google.com/ListAccounts", nil)
-		if err != nil {
-			fmt.Printf("Failed to create request: %v\n", err)
-			return
-		}
-		req.Header.Set("Cookie", rawCookie)
-		req.Header.Set("Accept", "application/json, text/plain, */*")
-		req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36")
-		req.Header.Set("Origin", "https://accounts.google.com")
-		req.Header.Set("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8")
-
-		resp, err := httpClient.Do(req)
-
-		if err != nil {
-			fmt.Printf("Request to ListAccounts failed: %v\n", err)
-		} else {
-			defer func() {
-				_ = resp.Body.Close()
-			}()
-			if resp.StatusCode != http.StatusOK {
-				fmt.Printf("ListAccounts returned status code: %d\n", resp.StatusCode)
+			// Request ListAccounts to extract email as label (use POST per upstream behavior).
+			req, err := http.NewRequest(http.MethodPost, "https://accounts.google.com/ListAccounts", nil)
+			if err != nil {
+				fmt.Println("!! Failed to create request:", err)
 			} else {
-				var payload []any
-				if err = json.NewDecoder(resp.Body).Decode(&payload); err != nil {
-					fmt.Printf("Failed to parse ListAccounts response: %v\n", err)
+				req.Header.Set("Cookie", rawCookie)
+				req.Header.Set("Accept", "application/json, text/plain, */*")
+				req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36")
+				req.Header.Set("Origin", "https://accounts.google.com")
+				req.Header.Set("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8")
+
+				resp, err := httpClient.Do(req)
+				if err != nil {
+					fmt.Println("!! Request to ListAccounts failed:", err)
 				} else {
-					// Expected structure like: ["gaia.l.a.r", [["gaia.l.a",1,"Name","email@example.com", ... ]]]
-					if len(payload) >= 2 {
-						if accounts, ok := payload[1].([]any); ok && len(accounts) >= 1 {
-							if first, ok1 := accounts[0].([]any); ok1 && len(first) >= 4 {
-								if em, ok2 := first[3].(string); ok2 {
-									email = strings.TrimSpace(em)
+					defer func() { _ = resp.Body.Close() }()
+					if resp.StatusCode != http.StatusOK {
+						fmt.Printf("!! ListAccounts returned status code: %d\n", resp.StatusCode)
+					} else {
+						var payload []any
+						if err = json.NewDecoder(resp.Body).Decode(&payload); err != nil {
+							fmt.Println("!! Failed to parse ListAccounts response:", err)
+						} else {
+							// Expected structure like: ["gaia.l.a.r", [["gaia.l.a",1,"Name","email@example.com", ... ]]]
+							if len(payload) >= 2 {
+								if accounts, ok := payload[1].([]any); ok && len(accounts) >= 1 {
+									if first, ok1 := accounts[0].([]any); ok1 && len(first) >= 4 {
+										if em, ok2 := first[3].(string); ok2 {
+											email = strings.TrimSpace(em)
+										}
+									}
 								}
 							}
+							if email == "" {
+								fmt.Println("!! Failed to parse email from ListAccounts response")
+							}
 						}
 					}
-					if email == "" {
-						fmt.Println("Failed to parse email from ListAccounts response")
-					}
 				}
 			}
 		}
@@ -111,23 +122,24 @@ func DoGeminiWebAuth(cfg *config.Config) {
 
 	// Fallback: prompt user to input missing values
 	if secure1psid == "" {
-		if !isMacOS {
-			fmt.Print("Cookie missing __Secure-1PSID. ")
+		if cookieProvided && !isMacOS {
+			fmt.Println("!! Cookie missing __Secure-1PSID.")
 		}
 		fmt.Print("Enter __Secure-1PSID: ")
 		v, _ := reader.ReadString('\n')
 		secure1psid = strings.TrimSpace(v)
 	}
 	if secure1psidts == "" {
-		if !isMacOS {
-			fmt.Print("Cookie missing __Secure-1PSID. ")
+		if cookieProvided && !isMacOS {
+			fmt.Println("!! Cookie missing __Secure-1PSIDTS.")
 		}
 		fmt.Print("Enter __Secure-1PSIDTS: ")
 		v, _ := reader.ReadString('\n')
 		secure1psidts = strings.TrimSpace(v)
 	}
 	if secure1psid == "" || secure1psidts == "" {
-		log.Fatal("__Secure-1PSID and __Secure-1PSIDTS cannot be empty")
+		// Use print instead of logger to avoid log redirection.
+		fmt.Println("!! __Secure-1PSID and __Secure-1PSIDTS cannot be empty")
 		return
 	}
 	if isMacOS {
@@ -146,7 +158,7 @@ func DoGeminiWebAuth(cfg *config.Config) {
 	defaultLabel := strings.TrimSuffix(fileName, ".json")
 	label := email
 	if label == "" {
-		fmt.Printf("Enter label for this auth (default: %s): ", defaultLabel)
+		fmt.Print(fmt.Sprintf("Enter label for this auth (default: %s): ", defaultLabel))
 		v, _ := reader.ReadString('\n')
 		v = strings.TrimSpace(v)
 		if v != "" {
@@ -169,9 +181,10 @@ func DoGeminiWebAuth(cfg *config.Config) {
 	store := sdkAuth.GetTokenStore()
 	savedPath, err := store.Save(context.Background(), cfg, record)
 	if err != nil {
-		fmt.Printf("Failed to save Gemini Web token to file: %v\n", err)
+		fmt.Println("!! Failed to save Gemini Web token to file:", err)
 		return
 	}
 
-	fmt.Printf("Successfully saved Gemini Web token to: %s\n", savedPath)
+	fmt.Println("==> Successfully saved Gemini Web token!")
+	fmt.Println("==> Saved to:", savedPath)
 }

internal/config/config.go

@@ -26,6 +26,9 @@ type Config struct {
 	// LoggingToFile controls whether application logs are written to rotating files or stdout.
 	LoggingToFile bool `yaml:"logging-to-file" json:"logging-to-file"`
 
+	// UsageStatisticsEnabled toggles in-memory usage aggregation; when false, usage data is discarded.
+	UsageStatisticsEnabled bool `yaml:"usage-statistics-enabled" json:"usage-statistics-enabled"`
+
 	// ProxyURL is the URL of an optional proxy server to use for outbound requests.
 	ProxyURL string `yaml:"proxy-url" json:"proxy-url"`
 
@@ -206,6 +209,7 @@ func LoadConfig(configFile string) (*Config, error) {
 	var config Config
 	// Set defaults before unmarshal so that absent keys keep defaults.
 	config.LoggingToFile = true
+	config.UsageStatisticsEnabled = true
 	config.GeminiWeb.Context = true
 	if err = yaml.Unmarshal(data, &config); err != nil {
 		return nil, fmt.Errorf("failed to parse config file: %w", err)

internal/misc/credentials.go

@@ -8,6 +8,7 @@ import (
 	log "github.com/sirupsen/logrus"
 )
 
+// Separator used to visually group related log lines.
 var credentialSeparator = strings.Repeat("-", 70)
 
 // LogSavingCredentials emits a consistent log message when persisting auth material.
@@ -21,5 +22,5 @@ func LogSavingCredentials(path string) {
 
 // LogCredentialSeparator adds a visual separator to group auth/key processing logs.
 func LogCredentialSeparator() {
-	log.Info(credentialSeparator)
+	log.Debug(credentialSeparator)
 }

internal/registry/model_registry.go

@@ -9,6 +9,7 @@ import (
 	"sync"
 	"time"
 
+	misc "github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -100,54 +101,265 @@ func (r *ModelRegistry) RegisterClient(clientID, clientProvider string, models [
 	r.mutex.Lock()
 	defer r.mutex.Unlock()
 
-	// Remove any existing registration for this client
-	r.unregisterClientInternal(clientID)
-
 	provider := strings.ToLower(clientProvider)
-	modelIDs := make([]string, 0, len(models))
+	uniqueModelIDs := make([]string, 0, len(models))
+	rawModelIDs := make([]string, 0, len(models))
+	newModels := make(map[string]*ModelInfo, len(models))
+	newCounts := make(map[string]int, len(models))
+	for _, model := range models {
+		if model == nil || model.ID == "" {
+			continue
+		}
+		rawModelIDs = append(rawModelIDs, model.ID)
+		newCounts[model.ID]++
+		if _, exists := newModels[model.ID]; exists {
+			continue
+		}
+		newModels[model.ID] = model
+		uniqueModelIDs = append(uniqueModelIDs, model.ID)
+	}
+
+	if len(uniqueModelIDs) == 0 {
+		// No models supplied; unregister existing client state if present.
+		r.unregisterClientInternal(clientID)
+		delete(r.clientModels, clientID)
+		delete(r.clientProviders, clientID)
+		misc.LogCredentialSeparator()
+		return
+	}
+
 	now := time.Now()
 
-	for _, model := range models {
-		modelIDs = append(modelIDs, model.ID)
-
-		if existing, exists := r.models[model.ID]; exists {
-			// Model already exists, increment count
-			existing.Count++
-			existing.LastUpdated = now
-			if existing.SuspendedClients == nil {
-				existing.SuspendedClients = make(map[string]string)
-			}
-			if provider != "" {
-				if existing.Providers == nil {
-					existing.Providers = make(map[string]int)
-				}
-				existing.Providers[provider]++
-			}
-			log.Debugf("Incremented count for model %s, now %d clients", model.ID, existing.Count)
+	oldModels, hadExisting := r.clientModels[clientID]
+	oldProvider, _ := r.clientProviders[clientID]
+	providerChanged := oldProvider != provider
+	if !hadExisting {
+		// Pure addition path.
+		for _, modelID := range rawModelIDs {
+			model := newModels[modelID]
+			r.addModelRegistration(modelID, provider, model, now)
+		}
+		r.clientModels[clientID] = append([]string(nil), rawModelIDs...)
+		if provider != "" {
+			r.clientProviders[clientID] = provider
 		} else {
-			// New model, create registration
-			registration := &ModelRegistration{
-				Info:                 model,
-				Count:                1,
-				LastUpdated:          now,
-				QuotaExceededClients: make(map[string]*time.Time),
-				SuspendedClients:     make(map[string]string),
-			}
-			if provider != "" {
-				registration.Providers = map[string]int{provider: 1}
-			}
-			r.models[model.ID] = registration
-			log.Debugf("Registered new model %s from provider %s", model.ID, clientProvider)
+			delete(r.clientProviders, clientID)
+		}
+		log.Debugf("Registered client %s from provider %s with %d models", clientID, clientProvider, len(rawModelIDs))
+		misc.LogCredentialSeparator()
+		return
+	}
+
+	oldCounts := make(map[string]int, len(oldModels))
+	for _, id := range oldModels {
+		oldCounts[id]++
+	}
+
+	added := make([]string, 0)
+	for _, id := range uniqueModelIDs {
+		if oldCounts[id] == 0 {
+			added = append(added, id)
 		}
 	}
 
-	r.clientModels[clientID] = modelIDs
+	removed := make([]string, 0)
+	for id := range oldCounts {
+		if newCounts[id] == 0 {
+			removed = append(removed, id)
+		}
+	}
+
+	// Handle provider change for overlapping models before modifications.
+	if providerChanged && oldProvider != "" {
+		for id, newCount := range newCounts {
+			if newCount == 0 {
+				continue
+			}
+			oldCount := oldCounts[id]
+			if oldCount == 0 {
+				continue
+			}
+			toRemove := newCount
+			if oldCount < toRemove {
+				toRemove = oldCount
+			}
+			if reg, ok := r.models[id]; ok && reg.Providers != nil {
+				if count, okProv := reg.Providers[oldProvider]; okProv {
+					if count <= toRemove {
+						delete(reg.Providers, oldProvider)
+					} else {
+						reg.Providers[oldProvider] = count - toRemove
+					}
+				}
+			}
+		}
+	}
+
+	// Apply removals first to keep counters accurate.
+	for _, id := range removed {
+		oldCount := oldCounts[id]
+		for i := 0; i < oldCount; i++ {
+			r.removeModelRegistration(clientID, id, oldProvider, now)
+		}
+	}
+
+	for id, oldCount := range oldCounts {
+		newCount := newCounts[id]
+		if newCount == 0 || oldCount <= newCount {
+			continue
+		}
+		overage := oldCount - newCount
+		for i := 0; i < overage; i++ {
+			r.removeModelRegistration(clientID, id, oldProvider, now)
+		}
+	}
+
+	// Apply additions.
+	for id, newCount := range newCounts {
+		oldCount := oldCounts[id]
+		if newCount <= oldCount {
+			continue
+		}
+		model := newModels[id]
+		diff := newCount - oldCount
+		for i := 0; i < diff; i++ {
+			r.addModelRegistration(id, provider, model, now)
+		}
+	}
+
+	// Update metadata for models that remain associated with the client.
+	addedSet := make(map[string]struct{}, len(added))
+	for _, id := range added {
+		addedSet[id] = struct{}{}
+	}
+	for _, id := range uniqueModelIDs {
+		model := newModels[id]
+		if reg, ok := r.models[id]; ok {
+			reg.Info = cloneModelInfo(model)
+			reg.LastUpdated = now
+			if reg.QuotaExceededClients != nil {
+				delete(reg.QuotaExceededClients, clientID)
+			}
+			if reg.SuspendedClients != nil {
+				delete(reg.SuspendedClients, clientID)
+			}
+			if providerChanged && provider != "" {
+				if _, newlyAdded := addedSet[id]; newlyAdded {
+					continue
+				}
+				overlapCount := newCounts[id]
+				if oldCount := oldCounts[id]; oldCount < overlapCount {
+					overlapCount = oldCount
+				}
+				if overlapCount <= 0 {
+					continue
+				}
+				if reg.Providers == nil {
+					reg.Providers = make(map[string]int)
+				}
+				reg.Providers[provider] += overlapCount
+			}
+		}
+	}
+
+	// Update client bookkeeping.
+	if len(rawModelIDs) > 0 {
+		r.clientModels[clientID] = append([]string(nil), rawModelIDs...)
+	}
 	if provider != "" {
 		r.clientProviders[clientID] = provider
 	} else {
 		delete(r.clientProviders, clientID)
 	}
-	log.Debugf("Registered client %s from provider %s with %d models", clientID, clientProvider, len(models))
+
+	if len(added) == 0 && len(removed) == 0 && !providerChanged {
+		// Only metadata (e.g., display name) changed; skip separator when no log output.
+		return
+	}
+
+	log.Debugf("Reconciled client %s (provider %s) models: +%d, -%d", clientID, provider, len(added), len(removed))
+	misc.LogCredentialSeparator()
+}
+
+func (r *ModelRegistry) addModelRegistration(modelID, provider string, model *ModelInfo, now time.Time) {
+	if model == nil || modelID == "" {
+		return
+	}
+	if existing, exists := r.models[modelID]; exists {
+		existing.Count++
+		existing.LastUpdated = now
+		existing.Info = cloneModelInfo(model)
+		if existing.SuspendedClients == nil {
+			existing.SuspendedClients = make(map[string]string)
+		}
+		if provider != "" {
+			if existing.Providers == nil {
+				existing.Providers = make(map[string]int)
+			}
+			existing.Providers[provider]++
+		}
+		log.Debugf("Incremented count for model %s, now %d clients", modelID, existing.Count)
+		return
+	}
+
+	registration := &ModelRegistration{
+		Info:                 cloneModelInfo(model),
+		Count:                1,
+		LastUpdated:          now,
+		QuotaExceededClients: make(map[string]*time.Time),
+		SuspendedClients:     make(map[string]string),
+	}
+	if provider != "" {
+		registration.Providers = map[string]int{provider: 1}
+	}
+	r.models[modelID] = registration
+	log.Debugf("Registered new model %s from provider %s", modelID, provider)
+}
+
+func (r *ModelRegistry) removeModelRegistration(clientID, modelID, provider string, now time.Time) {
+	registration, exists := r.models[modelID]
+	if !exists {
+		return
+	}
+	registration.Count--
+	registration.LastUpdated = now
+	if registration.QuotaExceededClients != nil {
+		delete(registration.QuotaExceededClients, clientID)
+	}
+	if registration.SuspendedClients != nil {
+		delete(registration.SuspendedClients, clientID)
+	}
+	if registration.Count < 0 {
+		registration.Count = 0
+	}
+	if provider != "" && registration.Providers != nil {
+		if count, ok := registration.Providers[provider]; ok {
+			if count <= 1 {
+				delete(registration.Providers, provider)
+			} else {
+				registration.Providers[provider] = count - 1
+			}
+		}
+	}
+	log.Debugf("Decremented count for model %s, now %d clients", modelID, registration.Count)
+	if registration.Count <= 0 {
+		delete(r.models, modelID)
+		log.Debugf("Removed model %s as no clients remain", modelID)
+	}
+}
+
+func cloneModelInfo(model *ModelInfo) *ModelInfo {
+	if model == nil {
+		return nil
+	}
+	copy := *model
+	if len(model.SupportedGenerationMethods) > 0 {
+		copy.SupportedGenerationMethods = append([]string(nil), model.SupportedGenerationMethods...)
+	}
+	if len(model.SupportedParameters) > 0 {
+		copy.SupportedParameters = append([]string(nil), model.SupportedParameters...)
+	}
+	return &copy
 }
 
 // UnregisterClient removes a client and decrements counts for its models
@@ -207,6 +419,8 @@ func (r *ModelRegistry) unregisterClientInternal(clientID string) {
 		delete(r.clientProviders, clientID)
 	}
 	log.Debugf("Unregistered client %s", clientID)
+	// Separator line after completing client unregistration (after the summary line)
+	misc.LogCredentialSeparator()
 }
 
 // SetModelQuotaExceeded marks a model as quota exceeded for a specific client

internal/runtime/executor/codex_executor.go

@@ -54,8 +54,6 @@ func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, re
 	if util.InArray([]string{"gpt-5", "gpt-5-minimal", "gpt-5-low", "gpt-5-medium", "gpt-5-high"}, req.Model) {
 		body, _ = sjson.SetBytes(body, "model", "gpt-5")
 		switch req.Model {
-		case "gpt-5":
-			body, _ = sjson.DeleteBytes(body, "reasoning.effort")
 		case "gpt-5-minimal":
 			body, _ = sjson.SetBytes(body, "reasoning.effort", "minimal")
 		case "gpt-5-low":
@@ -68,8 +66,6 @@ func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, re
 	} else if util.InArray([]string{"gpt-5-codex", "gpt-5-codex-low", "gpt-5-codex-medium", "gpt-5-codex-high"}, req.Model) {
 		body, _ = sjson.SetBytes(body, "model", "gpt-5-codex")
 		switch req.Model {
-		case "gpt-5-codex":
-			body, _ = sjson.DeleteBytes(body, "reasoning.effort")
 		case "gpt-5-codex-low":
 			body, _ = sjson.SetBytes(body, "reasoning.effort", "low")
 		case "gpt-5-codex-medium":
@@ -147,8 +143,6 @@ func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Au
 	if util.InArray([]string{"gpt-5", "gpt-5-minimal", "gpt-5-low", "gpt-5-medium", "gpt-5-high"}, req.Model) {
 		body, _ = sjson.SetBytes(body, "model", "gpt-5")
 		switch req.Model {
-		case "gpt-5":
-			body, _ = sjson.DeleteBytes(body, "reasoning.effort")
 		case "gpt-5-minimal":
 			body, _ = sjson.SetBytes(body, "reasoning.effort", "minimal")
 		case "gpt-5-low":
@@ -161,8 +155,6 @@ func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Au
 	} else if util.InArray([]string{"gpt-5-codex", "gpt-5-codex-low", "gpt-5-codex-medium", "gpt-5-codex-high"}, req.Model) {
 		body, _ = sjson.SetBytes(body, "model", "gpt-5-codex")
 		switch req.Model {
-		case "gpt-5-codex":
-			body, _ = sjson.DeleteBytes(body, "reasoning.effort")
 		case "gpt-5-codex-low":
 			body, _ = sjson.SetBytes(body, "reasoning.effort", "low")
 		case "gpt-5-codex-medium":

internal/translator/claude/gemini/claude_gemini_request.go

@@ -8,15 +8,24 @@ package gemini
 import (
 	"bytes"
 	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"math/big"
 	"strings"
 
+	"github.com/google/uuid"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
 
+var (
+	user    = ""
+	account = ""
+	session = ""
+)
+
 // ConvertGeminiRequestToClaude parses and transforms a Gemini API request into Claude Code API format.
 // It extracts the model name, system instruction, message contents, and tool declarations
 // from the raw JSON request and returns them in the format expected by the Claude Code API.
@@ -37,8 +46,23 @@ import (
 //   - []byte: The transformed request data in Claude Code API format
 func ConvertGeminiRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte {
 	rawJSON := bytes.Clone(inputRawJSON)
-	// Base Claude Code API template with default max_tokens value
-	out := `{"model":"","max_tokens":32000,"messages":[]}`
+
+	if account == "" {
+		u, _ := uuid.NewRandom()
+		account = u.String()
+	}
+	if session == "" {
+		u, _ := uuid.NewRandom()
+		session = u.String()
+	}
+	if user == "" {
+		sum := sha256.Sum256([]byte(account + session))
+		user = hex.EncodeToString(sum[:])
+	}
+	userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session)
+
+	// Base Claude message payload
+	out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID)
 
 	root := gjson.ParseBytes(rawJSON)
 

internal/translator/claude/openai/chat-completions/claude_openai_request.go

@@ -8,14 +8,24 @@ package chat_completions
 import (
 	"bytes"
 	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
 	"encoding/json"
+	"fmt"
 	"math/big"
 	"strings"
 
+	"github.com/google/uuid"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
 
+var (
+	user    = ""
+	account = ""
+	session = ""
+)
+
 // ConvertOpenAIRequestToClaude parses and transforms an OpenAI Chat Completions API request into Claude Code API format.
 // It extracts the model name, system instruction, message contents, and tool declarations
 // from the raw JSON request and returns them in the format expected by the Claude Code API.
@@ -36,8 +46,22 @@ import (
 func ConvertOpenAIRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte {
 	rawJSON := bytes.Clone(inputRawJSON)
 
+	if account == "" {
+		u, _ := uuid.NewRandom()
+		account = u.String()
+	}
+	if session == "" {
+		u, _ := uuid.NewRandom()
+		session = u.String()
+	}
+	if user == "" {
+		sum := sha256.Sum256([]byte(account + session))
+		user = hex.EncodeToString(sum[:])
+	}
+	userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session)
+
 	// Base Claude Code API template with default max_tokens value
-	out := `{"model":"","max_tokens":32000,"messages":[]}`
+	out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID)
 
 	root := gjson.ParseBytes(rawJSON)
 

internal/translator/claude/openai/responses/claude_openai-responses_request.go

@@ -3,13 +3,23 @@ package responses
 import (
 	"bytes"
 	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
 	"math/big"
 	"strings"
 
+	"github.com/google/uuid"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
 
+var (
+	user    = ""
+	account = ""
+	session = ""
+)
+
 // ConvertOpenAIResponsesRequestToClaude transforms an OpenAI Responses API request
 // into a Claude Messages API request using only gjson/sjson for JSON handling.
 // It supports:
@@ -23,8 +33,22 @@ import (
 func ConvertOpenAIResponsesRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte {
 	rawJSON := bytes.Clone(inputRawJSON)
 
+	if account == "" {
+		u, _ := uuid.NewRandom()
+		account = u.String()
+	}
+	if session == "" {
+		u, _ := uuid.NewRandom()
+		session = u.String()
+	}
+	if user == "" {
+		sum := sha256.Sum256([]byte(account + session))
+		user = hex.EncodeToString(sum[:])
+	}
+	userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session)
+
 	// Base Claude message payload
-	out := `{"model":"","max_tokens":32000,"messages":[]}`
+	out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID)
 
 	root := gjson.ParseBytes(rawJSON)
 

internal/translator/claude/openai/responses/claude_openai-responses_response.go

@@ -32,6 +32,10 @@ type claudeToResponsesState struct {
 	ReasoningBuf       strings.Builder
 	ReasoningPartAdded bool
 	ReasoningIndex     int
+	// usage aggregation
+	InputTokens  int64
+	OutputTokens int64
+	UsageSeen    bool
 }
 
 var dataTag = []byte("data:")
@@ -77,6 +81,19 @@ func ConvertClaudeResponseToOpenAIResponses(ctx context.Context, modelName strin
 			st.FuncArgsBuf = make(map[int]*strings.Builder)
 			st.FuncNames = make(map[int]string)
 			st.FuncCallIDs = make(map[int]string)
+			st.InputTokens = 0
+			st.OutputTokens = 0
+			st.UsageSeen = false
+			if usage := msg.Get("usage"); usage.Exists() {
+				if v := usage.Get("input_tokens"); v.Exists() {
+					st.InputTokens = v.Int()
+					st.UsageSeen = true
+				}
+				if v := usage.Get("output_tokens"); v.Exists() {
+					st.OutputTokens = v.Int()
+					st.UsageSeen = true
+				}
+			}
 			// response.created
 			created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"instructions":""}}`
 			created, _ = sjson.Set(created, "sequence_number", nextSeq())
@@ -227,7 +244,6 @@ func ConvertClaudeResponseToOpenAIResponses(ctx context.Context, modelName strin
 			out = append(out, emitEvent("response.output_item.done", itemDone))
 			st.InFuncBlock = false
 		} else if st.ReasoningActive {
-			// close reasoning
 			full := st.ReasoningBuf.String()
 			textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}`
 			textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq())
@@ -244,7 +260,19 @@ func ConvertClaudeResponseToOpenAIResponses(ctx context.Context, modelName strin
 			st.ReasoningActive = false
 			st.ReasoningPartAdded = false
 		}
+	case "message_delta":
+		if usage := root.Get("usage"); usage.Exists() {
+			if v := usage.Get("output_tokens"); v.Exists() {
+				st.OutputTokens = v.Int()
+				st.UsageSeen = true
+			}
+			if v := usage.Get("input_tokens"); v.Exists() {
+				st.InputTokens = v.Int()
+				st.UsageSeen = true
+			}
+		}
 	case "message_stop":
+
 		completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}`
 		completed, _ = sjson.Set(completed, "sequence_number", nextSeq())
 		completed, _ = sjson.Set(completed, "response.id", st.ResponseID)
@@ -381,6 +409,24 @@ func ConvertClaudeResponseToOpenAIResponses(ctx context.Context, modelName strin
 		if len(outputs) > 0 {
 			completed, _ = sjson.Set(completed, "response.output", outputs)
 		}
+
+		reasoningTokens := int64(0)
+		if st.ReasoningBuf.Len() > 0 {
+			reasoningTokens = int64(st.ReasoningBuf.Len() / 4)
+		}
+		usagePresent := st.UsageSeen || reasoningTokens > 0
+		if usagePresent {
+			completed, _ = sjson.Set(completed, "response.usage.input_tokens", st.InputTokens)
+			completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", 0)
+			completed, _ = sjson.Set(completed, "response.usage.output_tokens", st.OutputTokens)
+			if reasoningTokens > 0 {
+				completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", reasoningTokens)
+			}
+			total := st.InputTokens + st.OutputTokens
+			if total > 0 || st.UsageSeen {
+				completed, _ = sjson.Set(completed, "response.usage.total_tokens", total)
+			}
+		}
 		out = append(out, emitEvent("response.completed", completed))
 	}
 

internal/translator/gemini-cli/openai/chat-completions/cli_openai_request.go

@@ -25,7 +25,6 @@ import (
 // Returns:
 //   - []byte: The transformed request data in Gemini CLI API format
 func ConvertOpenAIRequestToGeminiCLI(modelName string, inputRawJSON []byte, _ bool) []byte {
-	log.Debug("ConvertOpenAIRequestToGeminiCLI")
 	rawJSON := bytes.Clone(inputRawJSON)
 	// Base envelope
 	out := []byte(`{"project":"","request":{"contents":[],"generationConfig":{"thinkingConfig":{"include_thoughts":true}}},"model":"gemini-2.5-pro"}`)

internal/translator/gemini/openai/responses/gemini_openai-responses_response.go

@@ -414,6 +414,25 @@ func ConvertGeminiResponseToOpenAIResponses(_ context.Context, modelName string,
 			completed, _ = sjson.Set(completed, "response.output", outputs)
 		}
 
+		// usage mapping
+		if um := root.Get("usageMetadata"); um.Exists() {
+			// input tokens = prompt + thoughts
+			input := um.Get("promptTokenCount").Int() + um.Get("thoughtsTokenCount").Int()
+			completed, _ = sjson.Set(completed, "response.usage.input_tokens", input)
+			// cached_tokens not provided by Gemini; default to 0 for structure compatibility
+			completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", 0)
+			// output tokens
+			if v := um.Get("candidatesTokenCount"); v.Exists() {
+				completed, _ = sjson.Set(completed, "response.usage.output_tokens", v.Int())
+			}
+			if v := um.Get("thoughtsTokenCount"); v.Exists() {
+				completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", v.Int())
+			}
+			if v := um.Get("totalTokenCount"); v.Exists() {
+				completed, _ = sjson.Set(completed, "response.usage.total_tokens", v.Int())
+			}
+		}
+
 		out = append(out, emitEvent("response.completed", completed))
 	}
 

internal/translator/openai/openai/responses/openai_openai-responses_response.go

@@ -32,6 +32,13 @@ type oaiToResponsesState struct {
 	// function item done state
 	FuncArgsDone map[int]bool
 	FuncItemDone map[int]bool
+	// usage aggregation
+	PromptTokens     int64
+	CachedTokens     int64
+	CompletionTokens int64
+	TotalTokens      int64
+	ReasoningTokens  int64
+	UsageSeen        bool
 }
 
 func emitRespEvent(event string, payload string) string {
@@ -66,6 +73,35 @@ func ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx context.Context,
 		return []string{}
 	}
 
+	if usage := root.Get("usage"); usage.Exists() {
+		if v := usage.Get("prompt_tokens"); v.Exists() {
+			st.PromptTokens = v.Int()
+			st.UsageSeen = true
+		}
+		if v := usage.Get("prompt_tokens_details.cached_tokens"); v.Exists() {
+			st.CachedTokens = v.Int()
+			st.UsageSeen = true
+		}
+		if v := usage.Get("completion_tokens"); v.Exists() {
+			st.CompletionTokens = v.Int()
+			st.UsageSeen = true
+		} else if v := usage.Get("output_tokens"); v.Exists() {
+			st.CompletionTokens = v.Int()
+			st.UsageSeen = true
+		}
+		if v := usage.Get("output_tokens_details.reasoning_tokens"); v.Exists() {
+			st.ReasoningTokens = v.Int()
+			st.UsageSeen = true
+		} else if v := usage.Get("completion_tokens_details.reasoning_tokens"); v.Exists() {
+			st.ReasoningTokens = v.Int()
+			st.UsageSeen = true
+		}
+		if v := usage.Get("total_tokens"); v.Exists() {
+			st.TotalTokens = v.Int()
+			st.UsageSeen = true
+		}
+	}
+
 	nextSeq := func() int { st.Seq++; return st.Seq }
 	var out []string
 
@@ -85,6 +121,12 @@ func ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx context.Context,
 		st.MsgItemDone = make(map[int]bool)
 		st.FuncArgsDone = make(map[int]bool)
 		st.FuncItemDone = make(map[int]bool)
+		st.PromptTokens = 0
+		st.CachedTokens = 0
+		st.CompletionTokens = 0
+		st.TotalTokens = 0
+		st.ReasoningTokens = 0
+		st.UsageSeen = false
 		// response.created
 		created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null}}`
 		created, _ = sjson.Set(created, "sequence_number", nextSeq())
@@ -503,6 +545,19 @@ func ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx context.Context,
 				if len(outputs) > 0 {
 					completed, _ = sjson.Set(completed, "response.output", outputs)
 				}
+				if st.UsageSeen {
+					completed, _ = sjson.Set(completed, "response.usage.input_tokens", st.PromptTokens)
+					completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", st.CachedTokens)
+					completed, _ = sjson.Set(completed, "response.usage.output_tokens", st.CompletionTokens)
+					if st.ReasoningTokens > 0 {
+						completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", st.ReasoningTokens)
+					}
+					total := st.TotalTokens
+					if total == 0 {
+						total = st.PromptTokens + st.CompletionTokens
+					}
+					completed, _ = sjson.Set(completed, "response.usage.total_tokens", total)
+				}
 				out = append(out, emitRespEvent("response.completed", completed))
 			}
 

internal/usage/logger_plugin.go

@@ -7,13 +7,17 @@ import (
 	"context"
 	"fmt"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/gin-gonic/gin"
 	coreusage "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage"
 )
 
+var statisticsEnabled atomic.Bool
+
 func init() {
+	statisticsEnabled.Store(true)
 	coreusage.RegisterPlugin(NewLoggerPlugin())
 }
 
@@ -36,12 +40,21 @@ func NewLoggerPlugin() *LoggerPlugin { return &LoggerPlugin{stats: defaultReques
 //   - ctx: The context for the usage record
 //   - record: The usage record to aggregate
 func (p *LoggerPlugin) HandleUsage(ctx context.Context, record coreusage.Record) {
+	if !statisticsEnabled.Load() {
+		return
+	}
 	if p == nil || p.stats == nil {
 		return
 	}
 	p.stats.Record(ctx, record)
 }
 
+// SetStatisticsEnabled toggles whether in-memory statistics are recorded.
+func SetStatisticsEnabled(enabled bool) { statisticsEnabled.Store(enabled) }
+
+// StatisticsEnabled reports the current recording state.
+func StatisticsEnabled() bool { return statisticsEnabled.Load() }
+
 // RequestStatistics maintains aggregated request metrics in memory.
 type RequestStatistics struct {
 	mu sync.RWMutex
@@ -138,6 +151,9 @@ func (s *RequestStatistics) Record(ctx context.Context, record coreusage.Record)
 	if s == nil {
 		return
 	}
+	if !statisticsEnabled.Load() {
+		return
+	}
 	timestamp := record.RequestedAt
 	if timestamp.IsZero() {
 		timestamp = time.Now()

internal/watcher/watcher.go

@@ -52,6 +52,39 @@ type Watcher struct {
 	dispatchCancel context.CancelFunc
 }
 
+type stableIDGenerator struct {
+	counters map[string]int
+}
+
+func newStableIDGenerator() *stableIDGenerator {
+	return &stableIDGenerator{counters: make(map[string]int)}
+}
+
+func (g *stableIDGenerator) next(kind string, parts ...string) (string, string) {
+	if g == nil {
+		return kind + ":000000000000", "000000000000"
+	}
+	hasher := sha256.New()
+	hasher.Write([]byte(kind))
+	for _, part := range parts {
+		trimmed := strings.TrimSpace(part)
+		hasher.Write([]byte{0})
+		hasher.Write([]byte(trimmed))
+	}
+	digest := hex.EncodeToString(hasher.Sum(nil))
+	if len(digest) < 12 {
+		digest = fmt.Sprintf("%012s", digest)
+	}
+	short := digest[:12]
+	key := kind + ":" + short
+	index := g.counters[key]
+	g.counters[key] = index + 1
+	if index > 0 {
+		short = fmt.Sprintf("%s-%d", short, index)
+	}
+	return fmt.Sprintf("%s:%s", kind, short), short
+}
+
 // AuthUpdateAction represents the type of change detected in auth sources.
 type AuthUpdateAction string
 
@@ -320,6 +353,20 @@ func normalizeAuth(a *coreauth.Auth) *coreauth.Auth {
 	return clone
 }
 
+// computeOpenAICompatModelsHash returns a stable hash for the compatibility models so that
+// changes to the model list trigger auth updates during hot reload.
+func computeOpenAICompatModelsHash(models []config.OpenAICompatibilityModel) string {
+	if len(models) == 0 {
+		return ""
+	}
+	data, err := json.Marshal(models)
+	if err != nil || len(data) == 0 {
+		return ""
+	}
+	sum := sha256.Sum256(data)
+	return hex.EncodeToString(sum[:])
+}
+
 // SetClients sets the file-based clients.
 // SetClients removed
 // SetAPIKeyClients removed
@@ -477,6 +524,12 @@ func (w *Watcher) reloadConfig() bool {
 		if oldConfig.RemoteManagement.AllowRemote != newConfig.RemoteManagement.AllowRemote {
 			log.Debugf("  remote-management.allow-remote: %t -> %t", oldConfig.RemoteManagement.AllowRemote, newConfig.RemoteManagement.AllowRemote)
 		}
+		if oldConfig.LoggingToFile != newConfig.LoggingToFile {
+			log.Debugf("  logging-to-file: %t -> %t", oldConfig.LoggingToFile, newConfig.LoggingToFile)
+		}
+		if oldConfig.UsageStatisticsEnabled != newConfig.UsageStatisticsEnabled {
+			log.Debugf("  usage-statistics-enabled: %t -> %t", oldConfig.UsageStatisticsEnabled, newConfig.UsageStatisticsEnabled)
+		}
 	}
 
 	log.Infof("config successfully reloaded, triggering client reload")
@@ -533,10 +586,15 @@ func (w *Watcher) reloadClients() {
 
 	totalNewClients := authFileCount + glAPIKeyCount + claudeAPIKeyCount + codexAPIKeyCount + openAICompatCount
 
+	// Ensure consumers observe the new configuration before auth updates dispatch.
+	if w.reloadCallback != nil {
+		log.Debugf("triggering server update callback before auth refresh")
+		w.reloadCallback(cfg)
+	}
+
 	w.refreshAuthState()
 
-	log.Infof("full client reload complete - old: %d clients, new: %d clients (%d auth files + %d GL API keys + %d Claude API keys + %d Codex keys + %d OpenAI-compat)",
-		0,
+	log.Infof("full client load complete - %d clients (%d auth files + %d GL API keys + %d Claude API keys + %d Codex keys + %d OpenAI-compat)",
 		totalNewClients,
 		authFileCount,
 		glAPIKeyCount,
@@ -544,12 +602,6 @@ func (w *Watcher) reloadClients() {
 		codexAPIKeyCount,
 		openAICompatCount,
 	)
-
-	// Trigger the callback to update the server
-	if w.reloadCallback != nil {
-		log.Debugf("triggering server update callback")
-		w.reloadCallback(cfg)
-	}
 }
 
 // createClientFromFile creates a single client instance from a given token file path.
@@ -621,6 +673,7 @@ func (w *Watcher) removeClient(path string) {
 func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth {
 	out := make([]*coreauth.Auth, 0, 32)
 	now := time.Now()
+	idGen := newStableIDGenerator()
 	// Also synthesize auth entries for OpenAI-compatibility providers directly from config
 	w.clientsMutex.RLock()
 	cfg := w.config
@@ -628,14 +681,18 @@ func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth {
 	if cfg != nil {
 		// Gemini official API keys -> synthesize auths
 		for i := range cfg.GlAPIKey {
-			k := cfg.GlAPIKey[i]
+			k := strings.TrimSpace(cfg.GlAPIKey[i])
+			if k == "" {
+				continue
+			}
+			id, token := idGen.next("gemini:apikey", k)
 			a := &coreauth.Auth{
-				ID:       fmt.Sprintf("gemini:apikey:%d", i),
+				ID:       id,
 				Provider: "gemini",
 				Label:    "gemini-apikey",
 				Status:   coreauth.StatusActive,
 				Attributes: map[string]string{
-					"source":  fmt.Sprintf("config:gemini#%d", i),
+					"source":  fmt.Sprintf("config:gemini[%s]", token),
 					"api_key": k,
 				},
 				CreatedAt: now,
@@ -646,15 +703,20 @@ func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth {
 		// Claude API keys -> synthesize auths
 		for i := range cfg.ClaudeKey {
 			ck := cfg.ClaudeKey[i]
+			key := strings.TrimSpace(ck.APIKey)
+			if key == "" {
+				continue
+			}
+			id, token := idGen.next("claude:apikey", key, ck.BaseURL)
 			attrs := map[string]string{
-				"source":  fmt.Sprintf("config:claude#%d", i),
-				"api_key": ck.APIKey,
+				"source":  fmt.Sprintf("config:claude[%s]", token),
+				"api_key": key,
 			}
 			if ck.BaseURL != "" {
 				attrs["base_url"] = ck.BaseURL
 			}
 			a := &coreauth.Auth{
-				ID:         fmt.Sprintf("claude:apikey:%d", i),
+				ID:         id,
 				Provider:   "claude",
 				Label:      "claude-apikey",
 				Status:     coreauth.StatusActive,
@@ -667,15 +729,20 @@ func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth {
 		// Codex API keys -> synthesize auths
 		for i := range cfg.CodexKey {
 			ck := cfg.CodexKey[i]
+			key := strings.TrimSpace(ck.APIKey)
+			if key == "" {
+				continue
+			}
+			id, token := idGen.next("codex:apikey", key, ck.BaseURL)
 			attrs := map[string]string{
-				"source":  fmt.Sprintf("config:codex#%d", i),
-				"api_key": ck.APIKey,
+				"source":  fmt.Sprintf("config:codex[%s]", token),
+				"api_key": key,
 			}
 			if ck.BaseURL != "" {
 				attrs["base_url"] = ck.BaseURL
 			}
 			a := &coreauth.Auth{
-				ID:         fmt.Sprintf("codex:apikey:%d", i),
+				ID:         id,
 				Provider:   "codex",
 				Label:      "codex-apikey",
 				Status:     coreauth.StatusActive,
@@ -691,23 +758,32 @@ func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth {
 			if providerName == "" {
 				providerName = "openai-compatibility"
 			}
-			base := compat.BaseURL
+			base := strings.TrimSpace(compat.BaseURL)
 			for j := range compat.APIKeys {
-				key := compat.APIKeys[j]
+				key := strings.TrimSpace(compat.APIKeys[j])
+				if key == "" {
+					continue
+				}
+				idKind := fmt.Sprintf("openai-compatibility:%s", providerName)
+				id, token := idGen.next(idKind, key, base)
+				attrs := map[string]string{
+					"source":       fmt.Sprintf("config:%s[%s]", providerName, token),
+					"base_url":     base,
+					"api_key":      key,
+					"compat_name":  compat.Name,
+					"provider_key": providerName,
+				}
+				if hash := computeOpenAICompatModelsHash(compat.Models); hash != "" {
+					attrs["models_hash"] = hash
+				}
 				a := &coreauth.Auth{
-					ID:       fmt.Sprintf("openai-compatibility:%s:%d", compat.Name, j),
-					Provider: providerName,
-					Label:    compat.Name,
-					Status:   coreauth.StatusActive,
-					Attributes: map[string]string{
-						"source":       fmt.Sprintf("config:%s#%d", compat.Name, j),
-						"base_url":     base,
-						"api_key":      key,
-						"compat_name":  compat.Name,
-						"provider_key": providerName,
-					},
-					CreatedAt: now,
-					UpdatedAt: now,
+					ID:         id,
+					Provider:   providerName,
+					Label:      compat.Name,
+					Status:     coreauth.StatusActive,
+					Attributes: attrs,
+					CreatedAt:  now,
+					UpdatedAt:  now,
 				}
 				out = append(out, a)
 			}

sdk/access/reconcile.go

@@ -0,0 +1,252 @@
+package access
+
+import (
+	"reflect"
+	"sort"
+	"strings"
+
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+)
+
+// ReconcileProviders builds the desired provider list by reusing existing providers when possible
+// and creating or removing providers only when their configuration changed. It returns the final
+// ordered provider slice along with the identifiers of providers that were added, updated, or
+// removed compared to the previous configuration.
+func ReconcileProviders(oldCfg, newCfg *config.Config, existing []Provider) (result []Provider, added, updated, removed []string, err error) {
+	if newCfg == nil {
+		return nil, nil, nil, nil, nil
+	}
+
+	existingMap := make(map[string]Provider, len(existing))
+	for _, provider := range existing {
+		if provider == nil {
+			continue
+		}
+		existingMap[provider.Identifier()] = provider
+	}
+
+	oldCfgMap := accessProviderMap(oldCfg)
+	newEntries := collectProviderEntries(newCfg)
+
+	result = make([]Provider, 0, len(newEntries))
+	finalIDs := make(map[string]struct{}, len(newEntries))
+
+	isInlineProvider := func(id string) bool {
+		return strings.EqualFold(id, config.DefaultAccessProviderName)
+	}
+	appendChange := func(list *[]string, id string) {
+		if isInlineProvider(id) {
+			return
+		}
+		*list = append(*list, id)
+	}
+
+	for _, providerCfg := range newEntries {
+		key := providerIdentifier(providerCfg)
+		if key == "" {
+			continue
+		}
+
+		if oldCfgProvider, ok := oldCfgMap[key]; ok {
+			isAliased := oldCfgProvider == providerCfg
+			if !isAliased && providerConfigEqual(oldCfgProvider, providerCfg) {
+				if existingProvider, okExisting := existingMap[key]; okExisting {
+					result = append(result, existingProvider)
+					finalIDs[key] = struct{}{}
+					continue
+				}
+			}
+		}
+
+		provider, buildErr := buildProvider(providerCfg, newCfg)
+		if buildErr != nil {
+			return nil, nil, nil, nil, buildErr
+		}
+		if _, ok := oldCfgMap[key]; ok {
+			if _, existed := existingMap[key]; existed {
+				appendChange(&updated, key)
+			} else {
+				appendChange(&added, key)
+			}
+		} else {
+			appendChange(&added, key)
+		}
+		result = append(result, provider)
+		finalIDs[key] = struct{}{}
+	}
+
+	if len(result) == 0 && len(newCfg.APIKeys) > 0 {
+		config.SyncInlineAPIKeys(newCfg, newCfg.APIKeys)
+		if providerCfg := newCfg.ConfigAPIKeyProvider(); providerCfg != nil {
+			key := providerIdentifier(providerCfg)
+			if key != "" {
+				if oldCfgProvider, ok := oldCfgMap[key]; ok {
+					isAliased := oldCfgProvider == providerCfg
+					if !isAliased && providerConfigEqual(oldCfgProvider, providerCfg) {
+						if existingProvider, okExisting := existingMap[key]; okExisting {
+							result = append(result, existingProvider)
+						} else {
+							provider, buildErr := buildProvider(providerCfg, newCfg)
+							if buildErr != nil {
+								return nil, nil, nil, nil, buildErr
+							}
+							if _, existed := existingMap[key]; existed {
+								appendChange(&updated, key)
+							} else {
+								appendChange(&added, key)
+							}
+							result = append(result, provider)
+						}
+					} else {
+						provider, buildErr := buildProvider(providerCfg, newCfg)
+						if buildErr != nil {
+							return nil, nil, nil, nil, buildErr
+						}
+						if _, existed := existingMap[key]; existed {
+							appendChange(&updated, key)
+						} else {
+							appendChange(&added, key)
+						}
+						result = append(result, provider)
+					}
+				} else {
+					provider, buildErr := buildProvider(providerCfg, newCfg)
+					if buildErr != nil {
+						return nil, nil, nil, nil, buildErr
+					}
+					appendChange(&added, key)
+					result = append(result, provider)
+				}
+				finalIDs[key] = struct{}{}
+			}
+		}
+	}
+
+	removedSet := make(map[string]struct{})
+	for id := range existingMap {
+		if _, ok := finalIDs[id]; !ok {
+			if isInlineProvider(id) {
+				continue
+			}
+			removedSet[id] = struct{}{}
+		}
+	}
+
+	removed = make([]string, 0, len(removedSet))
+	for id := range removedSet {
+		removed = append(removed, id)
+	}
+
+	sort.Strings(added)
+	sort.Strings(updated)
+	sort.Strings(removed)
+
+	return result, added, updated, removed, nil
+}
+
+func accessProviderMap(cfg *config.Config) map[string]*config.AccessProvider {
+	result := make(map[string]*config.AccessProvider)
+	if cfg == nil {
+		return result
+	}
+	for i := range cfg.Access.Providers {
+		providerCfg := &cfg.Access.Providers[i]
+		if providerCfg.Type == "" {
+			continue
+		}
+		key := providerIdentifier(providerCfg)
+		if key == "" {
+			continue
+		}
+		result[key] = providerCfg
+	}
+	if len(result) == 0 && len(cfg.APIKeys) > 0 {
+		if provider := cfg.ConfigAPIKeyProvider(); provider != nil {
+			if key := providerIdentifier(provider); key != "" {
+				result[key] = provider
+			}
+		}
+	}
+	return result
+}
+
+func collectProviderEntries(cfg *config.Config) []*config.AccessProvider {
+	entries := make([]*config.AccessProvider, 0, len(cfg.Access.Providers))
+	if cfg == nil {
+		return entries
+	}
+	for i := range cfg.Access.Providers {
+		providerCfg := &cfg.Access.Providers[i]
+		if providerCfg.Type == "" {
+			continue
+		}
+		if key := providerIdentifier(providerCfg); key != "" {
+			entries = append(entries, providerCfg)
+		}
+	}
+	return entries
+}
+
+func providerIdentifier(provider *config.AccessProvider) string {
+	if provider == nil {
+		return ""
+	}
+	if name := strings.TrimSpace(provider.Name); name != "" {
+		return name
+	}
+	typ := strings.TrimSpace(provider.Type)
+	if typ == "" {
+		return ""
+	}
+	if strings.EqualFold(typ, config.AccessProviderTypeConfigAPIKey) {
+		return config.DefaultAccessProviderName
+	}
+	return typ
+}
+
+func providerConfigEqual(a, b *config.AccessProvider) bool {
+	if a == nil || b == nil {
+		return a == nil && b == nil
+	}
+	if !strings.EqualFold(strings.TrimSpace(a.Type), strings.TrimSpace(b.Type)) {
+		return false
+	}
+	if strings.TrimSpace(a.SDK) != strings.TrimSpace(b.SDK) {
+		return false
+	}
+	if !stringSetEqual(a.APIKeys, b.APIKeys) {
+		return false
+	}
+	if len(a.Config) != len(b.Config) {
+		return false
+	}
+	if len(a.Config) > 0 && !reflect.DeepEqual(a.Config, b.Config) {
+		return false
+	}
+	return true
+}
+
+func stringSetEqual(a, b []string) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	if len(a) == 0 {
+		return true
+	}
+	seen := make(map[string]int, len(a))
+	for _, val := range a {
+		seen[val]++
+	}
+	for _, val := range b {
+		count := seen[val]
+		if count == 0 {
+			return false
+		}
+		if count == 1 {
+			delete(seen, val)
+		} else {
+			seen[val] = count - 1
+		}
+	}
+	return len(seen) == 0
+}

sdk/cliproxy/auth/selector.go

@@ -2,6 +2,7 @@ package auth
 
 import (
 	"context"
+	"sort"
 	"sync"
 	"time"
 
@@ -36,6 +37,10 @@ func (s *RoundRobinSelector) Pick(ctx context.Context, provider, model string, o
 	if len(available) == 0 {
 		return nil, &Error{Code: "auth_unavailable", Message: "no auth available"}
 	}
+	// Make round-robin deterministic even if caller's candidate order is unstable.
+	if len(available) > 1 {
+		sort.Slice(available, func(i, j int) bool { return available[i].ID < available[j].ID })
+	}
 	key := provider + ":" + model
 	s.mu.Lock()
 	index := s.cursors[key]

sdk/cliproxy/auth/types.go

@@ -128,6 +128,7 @@ func (a *Auth) AccountInfo() (string, string) {
 	if a == nil {
 		return "", ""
 	}
+	// For Gemini Web, prefer explicit cookie label for stability.
 	if strings.ToLower(a.Provider) == "gemini-web" {
 		// Prefer explicit label written into auth file (e.g., gemini-web-<hash>)
 		if a.Metadata != nil {
@@ -145,6 +146,22 @@ func (a *Auth) AccountInfo() (string, string) {
 			}
 		}
 	}
+	// For Gemini CLI, include project ID in the OAuth account info if present.
+	if strings.ToLower(a.Provider) == "gemini-cli" {
+		if a.Metadata != nil {
+			email, _ := a.Metadata["email"].(string)
+			email = strings.TrimSpace(email)
+			if email != "" {
+				if p, ok := a.Metadata["project_id"].(string); ok {
+					p = strings.TrimSpace(p)
+					if p != "" {
+						return "oauth", email + " (" + p + ")"
+					}
+				}
+				return "oauth", email
+			}
+		}
+	}
 	if a.Metadata != nil {
 		if v, ok := a.Metadata["email"].(string); ok {
 			return "oauth", v

sdk/cliproxy/service.go

@@ -18,7 +18,6 @@ import (
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/runtime/executor"
 	_ "github.com/router-for-me/CLIProxyAPI/v6/internal/usage"
-	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/watcher"
 	sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access"
 	_ "github.com/router-for-me/CLIProxyAPI/v6/sdk/access/providers/configapikey"
@@ -111,12 +110,23 @@ func (s *Service) refreshAccessProviders(cfg *config.Config) {
 	if s == nil || s.accessManager == nil || cfg == nil {
 		return
 	}
-	providers, err := sdkaccess.BuildProviders(cfg)
+	s.cfgMu.RLock()
+	oldCfg := s.cfg
+	s.cfgMu.RUnlock()
+
+	existing := s.accessManager.Providers()
+	providers, added, updated, removed, err := sdkaccess.ReconcileProviders(oldCfg, cfg, existing)
 	if err != nil {
-		log.Errorf("failed to rebuild request auth providers: %v", err)
+		log.Errorf("failed to reconcile request auth providers: %v", err)
 		return
 	}
 	s.accessManager.SetProviders(providers)
+	if len(added)+len(updated)+len(removed) > 0 {
+		log.Debugf("auth providers reconciled (added=%d updated=%d removed=%d)", len(added), len(updated), len(removed))
+		log.Debugf("auth provider changes details - added=%v updated=%v removed=%v", added, updated, removed)
+	} else {
+		log.Debug("auth providers unchanged after config reload")
+	}
 }
 
 func (s *Service) ensureAuthUpdateQueue(ctx context.Context) {
@@ -382,17 +392,6 @@ func (s *Service) Run(ctx context.Context) error {
 		log.Infof("core auth auto-refresh started (interval=%s)", interval)
 	}
 
-	authFileCount := util.CountAuthFiles(s.cfg.AuthDir)
-	totalNewClients := authFileCount + apiKeyResult.GeminiKeyCount + apiKeyResult.ClaudeKeyCount + apiKeyResult.CodexKeyCount + apiKeyResult.OpenAICompatCount
-	log.Infof("full client load complete - %d clients (%d auth files + %d GL API keys + %d Claude API keys + %d Codex keys + %d OpenAI-compat)",
-		totalNewClients,
-		authFileCount,
-		apiKeyResult.GeminiKeyCount,
-		apiKeyResult.ClaudeKeyCount,
-		apiKeyResult.CodexKeyCount,
-		apiKeyResult.OpenAICompatCount,
-	)
-
 	select {
 	case <-ctx.Done():
 		log.Debug("service context cancelled, shutting down...")
@@ -509,22 +508,35 @@ func (s *Service) registerModelsForAuth(a *coreauth.Auth) {
 		if s.cfg != nil {
 			providerKey := provider
 			compatName := strings.TrimSpace(a.Provider)
+			isCompatAuth := false
 			if strings.EqualFold(providerKey, "openai-compatibility") {
+				isCompatAuth = true
 				if a.Attributes != nil {
 					if v := strings.TrimSpace(a.Attributes["compat_name"]); v != "" {
 						compatName = v
 					}
 					if v := strings.TrimSpace(a.Attributes["provider_key"]); v != "" {
 						providerKey = strings.ToLower(v)
+						isCompatAuth = true
 					}
 				}
 				if providerKey == "openai-compatibility" && compatName != "" {
 					providerKey = strings.ToLower(compatName)
 				}
+			} else if a.Attributes != nil {
+				if v := strings.TrimSpace(a.Attributes["compat_name"]); v != "" {
+					compatName = v
+					isCompatAuth = true
+				}
+				if v := strings.TrimSpace(a.Attributes["provider_key"]); v != "" {
+					providerKey = strings.ToLower(v)
+					isCompatAuth = true
+				}
 			}
 			for i := range s.cfg.OpenAICompatibility {
 				compat := &s.cfg.OpenAICompatibility[i]
 				if strings.EqualFold(compat.Name, compatName) {
+					isCompatAuth = true
 					// Convert compatibility models to registry models
 					ms := make([]*ModelInfo, 0, len(compat.Models))
 					for j := range compat.Models {
@@ -544,10 +556,18 @@ func (s *Service) registerModelsForAuth(a *coreauth.Auth) {
 							providerKey = "openai-compatibility"
 						}
 						GlobalModelRegistry().RegisterClient(a.ID, providerKey, ms)
+					} else {
+						// Ensure stale registrations are cleared when model list becomes empty.
+						GlobalModelRegistry().UnregisterClient(a.ID)
 					}
 					return
 				}
 			}
+			if isCompatAuth {
+				// No matching provider found or models removed entirely; drop any prior registration.
+				GlobalModelRegistry().UnregisterClient(a.ID)
+				return
+			}
 		}
 	}
 	if len(models) > 0 {