Spaces:

PHhTTPS
/

ProxyCLI

Sleeping

App Files Files Community

PHhTTPS commited on Jan 10

Commit

4998bdc

1 Parent(s): edfae64

Replace hardcoded OAuth secrets with placeholders

Browse files

Files changed (33) hide show

.env.example +34 -0
.github/FUNDING.yml +1 -0
.github/ISSUE_TEMPLATE/bug_report.md +44 -0
.github/workflows/docker-image.yml +46 -0
.github/workflows/pr-path-guard.yml +28 -0
.github/workflows/pr-test-build.yml +23 -0
.github/workflows/release.yaml +39 -0
.goreleaser.yml +39 -0
CC_MIRROR_SETUP.md +64 -0
QUICK_REFERENCE.txt +54 -0
README_CN.md +24 -0
SETUP_GUIDE (Copy).md +353 -0
SETUP_GUIDE.md +353 -0
assets/cubence.png +0 -0
assets/packycode.png +0 -0
auths/.gitkeep +0 -0
docker-build.ps1 +53 -0
docker-build.sh +58 -0
dsa +0 -0
examples/custom-provider/main.go +207 -0
examples/translator/main.go +42 -0
internal/api/middleware/anthropic_auth.go +106 -0
internal/api/middleware/anthropic_auth_test.go +97 -0
internal/api/middleware/anthropic_debug.go +59 -0
scripts/verify_claude_proxy.sh +75 -0
server.log +0 -0
switch-provider.sh +53 -0
test-proxy-config.sh +31 -0
test/amp_management_test.go +915 -0
test/config_migration_test.go +195 -0
test/gemini3_thinking_level_test.go +423 -0
test/model_alias_thinking_suffix_test.go +211 -0
test/thinking_conversion_test.go +798 -0

.env.example ADDED Viewed

	@@ -0,0 +1,34 @@

+# Example environment configuration for CLIProxyAPI.
+# Copy this file to `.env` and uncomment the variables you need.
+#
+# NOTE: Environment variables are only required when using remote storage options.
+# For local file-based storage (default), no environment variables need to be set.
+# ------------------------------------------------------------------------------
+# Management Web UI
+# ------------------------------------------------------------------------------
+# MANAGEMENT_PASSWORD=change-me-to-a-strong-password
+# ------------------------------------------------------------------------------
+# Postgres Token Store (optional)
+# ------------------------------------------------------------------------------
+# PGSTORE_DSN=postgresql://user:pass@localhost:5432/cliproxy
+# PGSTORE_SCHEMA=public
+# PGSTORE_LOCAL_PATH=/var/lib/cliproxy
+# ------------------------------------------------------------------------------
+# Git-Backed Config Store (optional)
+# ------------------------------------------------------------------------------
+# GITSTORE_GIT_URL=https://github.com/your-org/cli-proxy-config.git
+# GITSTORE_GIT_USERNAME=git-user
+# GITSTORE_GIT_TOKEN=ghp_your_personal_access_token
+# GITSTORE_LOCAL_PATH=/data/cliproxy/gitstore
+# ------------------------------------------------------------------------------
+# Object Store Token Store (optional)
+# ------------------------------------------------------------------------------
+# OBJECTSTORE_ENDPOINT=https://s3.your-cloud.example.com
+# OBJECTSTORE_BUCKET=cli-proxy-config
+# OBJECTSTORE_ACCESS_KEY=your_access_key
+# OBJECTSTORE_SECRET_KEY=your_secret_key
+# OBJECTSTORE_LOCAL_PATH=/data/cliproxy/objectstore

.github/FUNDING.yml ADDED Viewed

	@@ -0,0 +1 @@


1	+ github: [router-for-me]

.github/ISSUE_TEMPLATE/bug_report.md ADDED Viewed

	@@ -0,0 +1,44 @@

+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+---
+**Is it a request payload issue?**
+[  ] Yes, this is a request payload issue. I am using a client/cURL to send a request payload, but I received an unexpected error.
+[  ] No, it's another issue.
+**If it's a request payload issue, you MUST know**
+Our team doesn't have any GODs or ORACLEs or MIND READERs. Please make sure to attach the request log or curl payload.
+**Describe the bug**
+A clear and concise description of what the bug is.
+**CLI Type**
+What type of CLI account do you use?  (gemini-cli, gemini, codex, claude code or openai-compatibility)
+**Model Name**
+What model are you using? (example: gemini-2.5-pro, claude-sonnet-4-20250514, gpt-5, etc.)
+**LLM Client**
+What LLM Client are you using? (example: roo-code, cline, claude code, etc.)
+**Request Information**
+The best way is to paste the cURL command of the HTTP request here.
+Alternatively, you can set `request-log: true` in the `config.yaml` file and then upload the detailed log file.
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+**OS Type**
+ - OS: [e.g. macOS]
+ - Version [e.g. 15.6.0]
+**Additional context**
+Add any other context about the problem here.

.github/workflows/docker-image.yml ADDED Viewed

	@@ -0,0 +1,46 @@

+name: docker-image
+on:
+  push:
+    tags:
+      - v*
+env:
+  APP_NAME: CLIProxyAPI
+  DOCKERHUB_REPO: eceasy/cli-proxy-api-plus
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Generate Build Metadata
+        run: |
+          echo VERSION=`git describe --tags --always --dirty` >> $GITHUB_ENV
+          echo COMMIT=`git rev-parse --short HEAD` >> $GITHUB_ENV
+          echo BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` >> $GITHUB_ENV
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          build-args: |
+            VERSION=${{ env.VERSION }}
+            COMMIT=${{ env.COMMIT }}
+            BUILD_DATE=${{ env.BUILD_DATE }}
+          tags: |
+            ${{ env.DOCKERHUB_REPO }}:latest
+            ${{ env.DOCKERHUB_REPO }}:${{ env.VERSION }}

.github/workflows/pr-path-guard.yml ADDED Viewed

	@@ -0,0 +1,28 @@

+name: translator-path-guard
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+jobs:
+  ensure-no-translator-changes:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Detect internal/translator changes
+        id: changed-files
+        uses: tj-actions/changed-files@v45
+        with:
+          files: |
+            internal/translator/**
+      - name: Fail when restricted paths change
+        if: steps.changed-files.outputs.any_changed == 'true'
+        run: |
+          echo "Changes under internal/translator are not allowed in pull requests."
+          echo "You need to create an issue for our maintenance team to make the necessary changes."
+          exit 1

.github/workflows/pr-test-build.yml ADDED Viewed

	@@ -0,0 +1,23 @@

+name: pr-test-build
+on:
+  pull_request:
+permissions:
+  contents: read
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+      - name: Build
+        run: |
+          go build -o test-output ./cmd/server
+          rm -f test-output

.github/workflows/release.yaml ADDED Viewed

	@@ -0,0 +1,39 @@

+name: goreleaser
+on:
+  push:
+    # run only against tags
+    tags:
+      - '*'
+permissions:
+  contents: write
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - run: git fetch --force --tags
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '>=1.24.0'
+          cache: true
+      - name: Generate Build Metadata
+        run: |
+          VERSION=$(git describe --tags --always --dirty)
+          echo "VERSION=${VERSION}" >> $GITHUB_ENV
+          echo COMMIT=`git rev-parse --short HEAD` >> $GITHUB_ENV
+          echo BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` >> $GITHUB_ENV
+      - uses: goreleaser/goreleaser-action@v4
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: ${{ env.VERSION }}
+          COMMIT: ${{ env.COMMIT }}
+          BUILD_DATE: ${{ env.BUILD_DATE }}

.goreleaser.yml ADDED Viewed

	@@ -0,0 +1,39 @@

+builds:
+  - id: "cli-proxy-api-plus"
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+    main: ./cmd/server/
+    binary: cli-proxy-api-plus
+    ldflags:
+      - -s -w -X 'main.Version={{.Version}}-plus' -X 'main.Commit={{.ShortCommit}}' -X 'main.BuildDate={{.Date}}'
+archives:
+  - id: "cli-proxy-api-plus"
+    format: tar.gz
+    format_overrides:
+      - goos: windows
+        format: zip
+    files:
+      - LICENSE
+      - README.md
+      - README_CN.md
+      - config.example.yaml
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'

CC_MIRROR_SETUP.md ADDED Viewed

	@@ -0,0 +1,64 @@

+# Super Claude (CC-Mirror + CLIProxyAPIPlus) Setup Guide
+This document explains your "unshackled" Claude Code setup, which routes requests through your local proxy to use multiple AI providers (Gemini, Kiro, Antigravity) transparently.
+## 🚀 Usage
+**Start the Multi-Agent Claude:**
+```bash
+proxy-claude
+```
+**Run a specific task (Agentic Mode):**
+```bash
+proxy-claude "Analyze the auth middleware and create a task graph for improvements"
+```
+---
+## 🧠 Model Routing (The Magic)
+Your proxy (`config.yaml`) intercepts Claude Code's requests and routes them to your optimized providers:
+| Claude Code Request | Actually Uses... | Why? | Keys Available |
+| :--- | :--- | :--- | :--- |
+| **Haiku** (Fast/Cheap) | **Gemini 2.5 Flash** | Infinite scaling, massive context | **5+ keys** (Gemini + Antigravity) |
+| **Sonnet** (Coding) | **Kiro (AWS)** | High intelligence, best for code | **1 key** (Currently) |
+| **Opus** (Complex) | **Kiro (AWS)** | Maximum reasoning | **1 key** (Shared with Sonnet) |
+*To switch models inside Claude Code, type `/model`.*
+---
+## 🔑 Managing Keys
+### Adding More "Fast" Power (Gemini/Antigravity)
+Just drop new `.json` auth files into your `auth/` folder. The proxy detects them automatically and rotates through them.
+### Adding More "Smart" Power (Kiro/Claude)
+To get the "15 key rotation" for Sonnet/Opus, you need to add more Kiro account files to `auth/`:
+1.  Login to Kiro/AWS on another machine or session.
+2.  Copy the `kiro-auth-token.json` (or similar).
+3.  Paste it into `auth/` with a unique name (e.g., `kiro-account-2.json`).
+---
+## 🛠 Troubleshooting
+**If `proxy-claude` fails:**
+1.  Check the proxy logs:
+    ```bash
+    tail -f server.log
+    ```
+2.  Verify the proxy server is running:
+    ```bash
+    pgrep -f "main.go"
+    ```
+3.  Restart the proxy if needed:
+    ```bash
+    pkill -f "main.go" && go run cmd/server/main.go > server.log 2>&1 &
+    ```
+**Config Location:**
+*   **Proxy Config:** `/home/kek/CLIProxyAPIPlus/config.yaml` (Edit `model-mappings` here)
+*   **Client Config:** `~/.cc-mirror/proxy-claude/config/`

QUICK_REFERENCE.txt ADDED Viewed

	@@ -0,0 +1,54 @@

+╔══════════════════════════════════════════════════════════════╗
+║         CLIProxyAPIPlus - Quick Reference Card                   ║
+╚══════════════════════════════════════════════════════════════╝
+📊 CONFIGURED ACCOUNTS: 15
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  Gemini: 6 accounts
+  Antigravity: 7 accounts
+  Qwen: 1 account
+  OpenRouter: 1 account
+🌐 SERVER INFO
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  URL: http://localhost:8317/v1
+  API Key: sk-client-key-1
+  Status: Running ✅
+⚡ QUICK COMMANDS
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  ~/CLIProxyAPIPlus/proxy models    - List all models
+  ~/CLIProxyAPIPlus/proxy test      - Test API
+  ~/CLIProxyAPIPlus/proxy auth      - Show accounts
+  ~/CLIProxyAPIPlus/proxy status    - Server status
+  ~/CLIProxyAPIPlus/proxy logs     - View logs
+  ~/CLIProxyAPIPlus/proxy restart  - Restart server
+🎯 EXAMPLE REQUEST
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  curl -H "Authorization: Bearer sk-client-key-1" \
+       -H "Content-Type: application/json" \
+       -d '{"model":"gemini-2.5-pro","messages":[{"role":"user","content":"Hi!"}]}' \
+       http://localhost:8317/v1/chat/completions
+🐚 FISH ALIASES (in new terminal)
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  cliproxy-models       - Same as proxy models
+  cliproxy-test         - Same as proxy test
+  cliproxy-auth         - Same as proxy auth
+  cliproxy-status       - Same as proxy status
+  cliproxy-restart     - Same as proxy restart
+🔑 ADD MORE ACCOUNTS
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  gemini-login         - Add Gemini account
+  antigravity-login    - Add Antigravity account
+  qwen-login          - Add Qwen account
+  kiro-login          - Add Kiro account
+📚 DOCUMENTATION
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  Full Guide: ~/CLIProxyAPIPlus/SETUP_GUIDE.md
+  Quick Ref: ~/CLIPROXY_QUICK_REFERENCE.md
+══════════════════════════════════════════════════════════════════

README_CN.md ADDED Viewed

	@@ -0,0 +1,24 @@

+# CLIProxyAPI Plus
+[English](README.md) | 中文
+这是 [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI) 的 Plus 版本，在原有基础上增加了第三方供应商的支持。
+所有的第三方供应商支持都由第三方社区维护者提供，CLIProxyAPI 不提供技术支持。如需取得支持，请与对应的社区维护者联系。
+该 Plus 版本的主线功能与主线功能强制同步。
+## 与主线版本版本差异
+- 新增 GitHub Copilot 支持（OAuth 登录），由[em4go](https://github.com/em4go/CLIProxyAPI/tree/feature/github-copilot-auth)提供
+- 新增 Kiro (AWS CodeWhisperer) 支持 (OAuth 登录), 由[fuko2935](https://github.com/fuko2935/CLIProxyAPI/tree/feature/kiro-integration)、[Ravens2121](https://github.com/Ravens2121/CLIProxyAPIPlus/)提供
+## 贡献
+该项目仅接受第三方供应商支持的 Pull Request。任何非第三方供应商支持的 Pull Request 都将被拒绝。
+如果需要提交任何非第三方供应商支持的 Pull Request，请提交到主线版本。
+## 许可证
+此项目根据 MIT 许可证授权 - 有关详细信息，请参阅 [LICENSE](LICENSE) 文件。

SETUP_GUIDE (Copy).md ADDED Viewed

	@@ -0,0 +1,353 @@

+# CLIProxyAPIPlus Setup Guide - YOUR SETUP
+## 🎉 Setup Complete!
+You have **15 AI accounts** configured and ready to use through a single OpenAI-compatible proxy.
+---
+## 📊 Account Summary
+| Provider | Accounts | Type |
+|-----------|-----------|-------|
+| Gemini | 6 | OAuth |
+| Antigravity | 7 | OAuth |
+| Qwen | 1 | OAuth |
+| OpenRouter | 1 | API Key |
+| **Total** | **15** | |
+### Your Configured Accounts
+- pascal.hintermaier@gmail.com (Gemini)
+- hintermaier.pascal@gmail.com (Gemini, Antigravity)
+- claracouve342@gmail.com (Gemini, Antigravity)
+- hintermaierpascal0@gmail.com (Gemini, Antigravity)
+- rave.riotofficial@gmail.com (Gemini, Antigravity)
+- citrondon666@gmail.com (Gemini, Antigravity)
+- diesmalwichtigsamuel@gmail.com (Antigravity)
+- 1x Qwen account
+- 1x OpenRouter account
+---
+## 🚀 Quick Start
+### Server Status
+- **URL**: http://localhost:8317
+- **Status**: Running ✅
+- **Config**: ~/CLIProxyAPIPlus/config.yaml
+- **Auth**: ~/.cli-proxy-api/
+### Quick Test
+```bash
+~/CLIProxyAPIPlus/proxy test
+```
+### List Models
+```bash
+~/CLIProxyAPIPlus/proxy models
+```
+---
+## 📝 Quick Reference Commands
+### Using the `proxy` Script
+```bash
+~/CLIProxyAPIPlus/proxy <command>
+```
+**Available Commands:**
+- `models` or `m` - List all available models
+- `test` or `t` - Send test request
+- `status` or `s` - Check server status
+- `auth` or `a` - Show configured accounts
+- `logs` or `l` - View recent logs
+- `start` - Start proxy server
+- `stop` - Stop proxy server
+- `restart` or `r` - Restart server
+### Fish Shell Aliases
+These are available in your terminal:
+**Testing:**
+```bash
+cliproxy-models      # List models
+cliproxy-test         # Test request
+cliproxy-status       # Server status
+```
+**Management:**
+```bash
+cliproxy-start        # Start server
+cliproxy-stop         # Stop server
+cliproxy-restart      # Restart server
+cliproxy-logs        # View logs
+cliproxy-auth         # Show accounts
+```
+**Add Accounts:**
+```bash
+gemini-login         # Add Gemini
+antigravity-login    # Add Antigravity
+qwen-login          # Add Qwen
+kiro-login          # Add Kiro
+```
+---
+## 🔧 Configuration
+### Environment Variables
+```bash
+$CLIPROXY_URL    # http://localhost:8317/v1
+$CLIPROXY_KEY    # sk-client-key-1
+```
+### API Keys (from config.yaml)
+- `sk-client-key-1` - Primary API key
+- `sk-client-key-2` - Secondary API key
+### Client Configuration
+#### OpenAI SDK (Python)
+```python
+from openai import OpenAI
+client = OpenAI(
+    base_url="http://localhost:8317/v1",
+    api_key="sk-client-key-1"
+)
+response = client.chat.completions.create(
+    model="gemini-2.5-pro",
+    messages=[{"role": "user", "content": "Hello!"}]
+)
+```
+#### Node.js
+```javascript
+import OpenAI from 'openai';
+const openai = new OpenAI({
+  baseURL: 'http://localhost:8317/v1',
+  apiKey: 'sk-client-key-1'
+});
+const completion = await openai.chat.completions.create({
+  model: 'gemini-2.5-pro',
+  messages: [{ role: 'user', content: 'Hello!' }]
+});
+```
+#### cURL
+```bash
+curl -H "Authorization: Bearer sk-client-key-1" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gemini-2.5-pro",
+    "messages": [{"role": "user", "content": "Hello!"}]
+  }' \
+  http://localhost:8317/v1/chat/completions
+```
+---
+## 🎯 Available Models
+The proxy automatically combines models from all providers. To see all available models:
+```bash
+~/CLIProxyAPIPlus/proxy models
+```
+### Model Aliases
+Some models have shorter aliases configured:
+- `g2.5p` → `gemini-2.5-pro`
+- `g2.5f` → `gemini-2.5-flash`
+- `ag-pro` → Antigravity pro model
+- `qwen-plus` → Qwen coder plus
+---
+## 🔄 Load Balancing
+The proxy uses **round-robin** routing by default. When you make requests:
+1. First request uses Account 1
+2. Second request uses Account 2
+3. Third request uses Account 3
+4. ...and so on
+This automatically distributes load across all your accounts!
+---
+## 📁 File Structure
+```
+~/CLIProxyAPIPlus/
+├── cli-proxy-api-plus          # Main binary
+├── config.yaml                # Configuration file
+├── server.log                 # Server logs
+├── proxy                     # Quick access script
+├── SETUP_GUIDE.md            # This file
+├── README.md                 # Original README
+└── auths/                    # (optional, alternate auth location)
+~/.cli-proxy-api/              # OAuth tokens stored here
+├── *.json                    # Provider tokens
+└── ...
+```
+---
+## 🔑 Account Management
+### Add New Accounts
+**Gemini:**
+```bash
+cd ~/CLIProxyAPIPlus && ./cli-proxy-api-plus -login -incognito
+```
+**Antigravity:**
+```bash
+cd ~/CLIProxyAPIPlus && ./cli-proxy-api-plus -antigravity-login -incognito
+```
+**Qwen:**
+```bash
+cd ~/CLIProxyAPIPlus && ./cli-proxy-api-plus -qwen-login -incognito
+```
+**Kiro (AWS CodeWhisperer):**
+```bash
+cd ~/CLIProxyAPIPlus && ./cli-proxy-api-plus -kiro-aws-login -incognito
+```
+### View Current Accounts
+```bash
+~/CLIProxyAPIPlus/proxy auth
+```
+---
+## 🛠️ Troubleshooting
+### Server Not Running
+```bash
+~/CLIProxyAPIPlus/proxy restart
+```
+### Check Logs
+```bash
+~/CLIProxyAPIPlus/proxy logs
+```
+### Port Already in Use
+```bash
+~/CLIProxyAPIPlus/proxy stop
+sleep 2
+~/CLIProxyAPIPlus/proxy start
+```
+### API Key Errors
+- Make sure to use `Authorization: Bearer sk-client-key-1`
+- Or set correct API key in your client config
+### Browser Not Opening
+- The incognito window might be behind other windows
+- Check for browser notifications
+- OAuth URLs are also printed in terminal
+---
+## 📚 Additional Resources
+### Official Documentation
+- CLIProxyAPI: https://github.com/router-for-me/CLIProxyAPI
+- CLIProxyAPIPlus: https://github.com/router-for-me/CLIProxyAPIPlus
+### API Endpoints
+- `GET /v1/models` - List all models
+- `POST /v1/chat/completions` - Chat completions
+- `POST /v1/completions` - Text completions
+### Management API (requires auth key)
+- Base URL: `http://localhost:8317/v0/management`
+- Auth Key: `admin123` (set in config.yaml)
+- Endpoints: Add/remove accounts, view status, etc.
+---
+## 🎓 Advanced Configuration
+### Edit Config File
+```bash
+nano ~/CLIProxyAPIPlus/config.yaml
+```
+### Key Settings
+- `port: 8317` - Server port
+- `host: ""` - Bind to all interfaces
+- `api-keys` - Client API keys
+- `incognito-browser: true` - Multi-account support
+- `routing.strategy: "round-robin"` - Load balancing
+### Add More Providers
+You can add:
+- Claude (OAuth)
+- OpenAI Codex (OAuth)
+- Vertex (OAuth or API key)
+- Any OpenAI-compatible provider via `openai-compatibility`
+---
+## ✅ Quick Verification
+Run these commands to verify everything works:
+```bash
+# 1. Check server status
+~/CLIProxyAPIPlus/proxy status
+# 2. View all accounts
+~/CLIProxyAPIPlus/proxy auth
+# 3. List available models
+~/CLIProxyAPIPlus/proxy models
+# 4. Test API request
+~/CLIProxyAPIPlus/proxy test
+```
+All should complete successfully! 🎉
+---
+## 📞 Need Help?
+### Common Issues
+- **"Missing API key"** → Add `Authorization: Bearer sk-client-key-1` header
+- **"Connection refused"** → Server not running, run `~/CLIProxyAPIPlus/proxy start`
+- **"Model not found"** → Check `~/CLIProxyAPIPlus/proxy models` for available models
+### Get Support
+- Check logs: `~/CLIProxyAPIPlus/proxy logs`
+- Restart server: `~/CLIProxyAPIPlus/proxy restart`
+- Review config: `nano ~/CLIProxyAPIPlus/config.yaml`
+---
+## 🎉 You're All Set!
+Your CLIProxyAPIPlus proxy is running with 15 AI accounts. Use any OpenAI-compatible client and point it to:
+```
+http://localhost:8317/v1
+```
+The proxy will handle load balancing, account rotation, and provide a unified API endpoint for all your AI providers!
+**Happy coding! 🚀**

SETUP_GUIDE.md ADDED Viewed

	@@ -0,0 +1,353 @@

+# CLIProxyAPIPlus Setup Guide - YOUR SETUP
+## 🎉 Setup Complete!
+You have **15 AI accounts** configured and ready to use through a single OpenAI-compatible proxy.
+---
+## 📊 Account Summary
+| Provider | Accounts | Type |
+|-----------|-----------|-------|
+| Gemini | 6 | OAuth |
+| Antigravity | 7 | OAuth |
+| Qwen | 1 | OAuth |
+| OpenRouter | 1 | API Key |
+| **Total** | **15** | |
+### Your Configured Accounts
+- pascal.hintermaier@gmail.com (Gemini)
+- hintermaier.pascal@gmail.com (Gemini, Antigravity)
+- claracouve342@gmail.com (Gemini, Antigravity)
+- hintermaierpascal0@gmail.com (Gemini, Antigravity)
+- rave.riotofficial@gmail.com (Gemini, Antigravity)
+- citrondon666@gmail.com (Gemini, Antigravity)
+- diesmalwichtigsamuel@gmail.com (Antigravity)
+- 1x Qwen account
+- 1x OpenRouter account
+---
+## 🚀 Quick Start
+### Server Status
+- **URL**: http://localhost:8317
+- **Status**: Running ✅
+- **Config**: ~/CLIProxyAPIPlus/config.yaml
+- **Auth**: ~/.cli-proxy-api/
+### Quick Test
+```bash
+~/CLIProxyAPIPlus/proxy test
+```
+### List Models
+```bash
+~/CLIProxyAPIPlus/proxy models
+```
+---
+## 📝 Quick Reference Commands
+### Using the `proxy` Script
+```bash
+~/CLIProxyAPIPlus/proxy <command>
+```
+**Available Commands:**
+- `models` or `m` - List all available models
+- `test` or `t` - Send test request
+- `status` or `s` - Check server status
+- `auth` or `a` - Show configured accounts
+- `logs` or `l` - View recent logs
+- `start` - Start proxy server
+- `stop` - Stop proxy server
+- `restart` or `r` - Restart server
+### Fish Shell Aliases
+These are available in your terminal:
+**Testing:**
+```bash
+cliproxy-models      # List models
+cliproxy-test         # Test request
+cliproxy-status       # Server status
+```
+**Management:**
+```bash
+cliproxy-start        # Start server
+cliproxy-stop         # Stop server
+cliproxy-restart      # Restart server
+cliproxy-logs        # View logs
+cliproxy-auth         # Show accounts
+```
+**Add Accounts:**
+```bash
+gemini-login         # Add Gemini
+antigravity-login    # Add Antigravity
+qwen-login          # Add Qwen
+kiro-login          # Add Kiro
+```
+---
+## 🔧 Configuration
+### Environment Variables
+```bash
+$CLIPROXY_URL    # http://localhost:8317/v1
+$CLIPROXY_KEY    # sk-client-key-1
+```
+### API Keys (from config.yaml)
+- `sk-client-key-1` - Primary API key
+- `sk-client-key-2` - Secondary API key
+### Client Configuration
+#### OpenAI SDK (Python)
+```python
+from openai import OpenAI
+client = OpenAI(
+    base_url="http://localhost:8317/v1",
+    api_key="sk-client-key-1"
+)
+response = client.chat.completions.create(
+    model="gemini-2.5-pro",
+    messages=[{"role": "user", "content": "Hello!"}]
+)
+```
+#### Node.js
+```javascript
+import OpenAI from 'openai';
+const openai = new OpenAI({
+  baseURL: 'http://localhost:8317/v1',
+  apiKey: 'sk-client-key-1'
+});
+const completion = await openai.chat.completions.create({
+  model: 'gemini-2.5-pro',
+  messages: [{ role: 'user', content: 'Hello!' }]
+});
+```
+#### cURL
+```bash
+curl -H "Authorization: Bearer sk-client-key-1" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gemini-2.5-pro",
+    "messages": [{"role": "user", "content": "Hello!"}]
+  }' \
+  http://localhost:8317/v1/chat/completions
+```
+---
+## 🎯 Available Models
+The proxy automatically combines models from all providers. To see all available models:
+```bash
+~/CLIProxyAPIPlus/proxy models
+```
+### Model Aliases
+Some models have shorter aliases configured:
+- `g2.5p` → `gemini-2.5-pro`
+- `g2.5f` → `gemini-2.5-flash`
+- `ag-pro` → Antigravity pro model
+- `qwen-plus` → Qwen coder plus
+---
+## 🔄 Load Balancing
+The proxy uses **round-robin** routing by default. When you make requests:
+1. First request uses Account 1
+2. Second request uses Account 2
+3. Third request uses Account 3
+4. ...and so on
+This automatically distributes load across all your accounts!
+---
+## 📁 File Structure
+```
+~/CLIProxyAPIPlus/
+├── cli-proxy-api-plus          # Main binary
+├── config.yaml                # Configuration file
+├── server.log                 # Server logs
+├── proxy                     # Quick access script
+├── SETUP_GUIDE.md            # This file
+├── README.md                 # Original README
+└── auths/                    # (optional, alternate auth location)
+~/.cli-proxy-api/              # OAuth tokens stored here
+├── *.json                    # Provider tokens
+└── ...
+```
+---
+## 🔑 Account Management
+### Add New Accounts
+**Gemini:**
+```bash
+cd ~/CLIProxyAPIPlus && ./cli-proxy-api-plus -login -incognito
+```
+**Antigravity:**
+```bash
+cd ~/CLIProxyAPIPlus && ./cli-proxy-api-plus -antigravity-login -incognito
+```
+**Qwen:**
+```bash
+cd ~/CLIProxyAPIPlus && ./cli-proxy-api-plus -qwen-login -incognito
+```
+**Kiro (AWS CodeWhisperer):**
+```bash
+cd ~/CLIProxyAPIPlus && ./cli-proxy-api-plus -kiro-aws-login -incognito
+```
+### View Current Accounts
+```bash
+~/CLIProxyAPIPlus/proxy auth
+```
+---
+## 🛠️ Troubleshooting
+### Server Not Running
+```bash
+~/CLIProxyAPIPlus/proxy restart
+```
+### Check Logs
+```bash
+~/CLIProxyAPIPlus/proxy logs
+```
+### Port Already in Use
+```bash
+~/CLIProxyAPIPlus/proxy stop
+sleep 2
+~/CLIProxyAPIPlus/proxy start
+```
+### API Key Errors
+- Make sure to use `Authorization: Bearer sk-client-key-1`
+- Or set correct API key in your client config
+### Browser Not Opening
+- The incognito window might be behind other windows
+- Check for browser notifications
+- OAuth URLs are also printed in terminal
+---
+## 📚 Additional Resources
+### Official Documentation
+- CLIProxyAPI: https://github.com/router-for-me/CLIProxyAPI
+- CLIProxyAPIPlus: https://github.com/router-for-me/CLIProxyAPIPlus
+### API Endpoints
+- `GET /v1/models` - List all models
+- `POST /v1/chat/completions` - Chat completions
+- `POST /v1/completions` - Text completions
+### Management API (requires auth key)
+- Base URL: `http://localhost:8317/v0/management`
+- Auth Key: `admin123` (set in config.yaml)
+- Endpoints: Add/remove accounts, view status, etc.
+---
+## 🎓 Advanced Configuration
+### Edit Config File
+```bash
+nano ~/CLIProxyAPIPlus/config.yaml
+```
+### Key Settings
+- `port: 8317` - Server port
+- `host: ""` - Bind to all interfaces
+- `api-keys` - Client API keys
+- `incognito-browser: true` - Multi-account support
+- `routing.strategy: "round-robin"` - Load balancing
+### Add More Providers
+You can add:
+- Claude (OAuth)
+- OpenAI Codex (OAuth)
+- Vertex (OAuth or API key)
+- Any OpenAI-compatible provider via `openai-compatibility`
+---
+## ✅ Quick Verification
+Run these commands to verify everything works:
+```bash
+# 1. Check server status
+~/CLIProxyAPIPlus/proxy status
+# 2. View all accounts
+~/CLIProxyAPIPlus/proxy auth
+# 3. List available models
+~/CLIProxyAPIPlus/proxy models
+# 4. Test API request
+~/CLIProxyAPIPlus/proxy test
+```
+All should complete successfully! 🎉
+---
+## 📞 Need Help?
+### Common Issues
+- **"Missing API key"** → Add `Authorization: Bearer sk-client-key-1` header
+- **"Connection refused"** → Server not running, run `~/CLIProxyAPIPlus/proxy start`
+- **"Model not found"** → Check `~/CLIProxyAPIPlus/proxy models` for available models
+### Get Support
+- Check logs: `~/CLIProxyAPIPlus/proxy logs`
+- Restart server: `~/CLIProxyAPIPlus/proxy restart`
+- Review config: `nano ~/CLIProxyAPIPlus/config.yaml`
+---
+## 🎉 You're All Set!
+Your CLIProxyAPIPlus proxy is running with 15 AI accounts. Use any OpenAI-compatible client and point it to:
+```
+http://localhost:8317/v1
+```
+The proxy will handle load balancing, account rotation, and provide a unified API endpoint for all your AI providers!
+**Happy coding! 🚀**

assets/cubence.png ADDED Viewed

assets/packycode.png ADDED Viewed

auths/.gitkeep ADDED Viewed

File without changes

docker-build.ps1 ADDED Viewed

	@@ -0,0 +1,53 @@

+# build.ps1 - Windows PowerShell Build Script
+#
+# This script automates the process of building and running the Docker container
+# with version information dynamically injected at build time.
+# Stop script execution on any error
+$ErrorActionPreference = "Stop"
+# --- Step 1: Choose Environment ---
+Write-Host "Please select an option:"
+Write-Host "1) Run using Pre-built Image (Recommended)"
+Write-Host "2) Build from Source and Run (For Developers)"
+$choice = Read-Host -Prompt "Enter choice [1-2]"
+# --- Step 2: Execute based on choice ---
+switch ($choice) {
+    "1" {
+        Write-Host "--- Running with Pre-built Image ---"
+        docker compose up -d --remove-orphans --no-build
+        Write-Host "Services are starting from remote image."
+        Write-Host "Run 'docker compose logs -f' to see the logs."
+    }
+    "2" {
+        Write-Host "--- Building from Source and Running ---"
+        # Get Version Information
+        $VERSION = (git describe --tags --always --dirty)
+        $COMMIT  = (git rev-parse --short HEAD)
+        $BUILD_DATE = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+        Write-Host "Building with the following info:"
+        Write-Host "  Version: $VERSION"
+        Write-Host "  Commit: $COMMIT"
+        Write-Host "  Build Date: $BUILD_DATE"
+        Write-Host "----------------------------------------"
+        # Build and start the services with a local-only image tag
+        $env:CLI_PROXY_IMAGE = "cli-proxy-api:local"
+        Write-Host "Building the Docker image..."
+        docker compose build --build-arg VERSION=$VERSION --build-arg COMMIT=$COMMIT --build-arg BUILD_DATE=$BUILD_DATE
+        Write-Host "Starting the services..."
+        docker compose up -d --remove-orphans --pull never
+        Write-Host "Build complete. Services are starting."
+        Write-Host "Run 'docker compose logs -f' to see the logs."
+    }
+    default {
+        Write-Host "Invalid choice. Please enter 1 or 2."
+        exit 1
+    }
+}

docker-build.sh ADDED Viewed

	@@ -0,0 +1,58 @@

+#!/usr/bin/env bash
+#
+# build.sh - Linux/macOS Build Script
+#
+# This script automates the process of building and running the Docker container
+# with version information dynamically injected at build time.
+# Exit immediately if a command exits with a non-zero status.
+set -euo pipefail
+# --- Step 1: Choose Environment ---
+echo "Please select an option:"
+echo "1) Run using Pre-built Image (Recommended)"
+echo "2) Build from Source and Run (For Developers)"
+read -r -p "Enter choice [1-2]: " choice
+# --- Step 2: Execute based on choice ---
+case "$choice" in
+  1)
+    echo "--- Running with Pre-built Image ---"
+    docker compose up -d --remove-orphans --no-build
+    echo "Services are starting from remote image."
+    echo "Run 'docker compose logs -f' to see the logs."
+    ;;
+  2)
+    echo "--- Building from Source and Running ---"
+    # Get Version Information
+    VERSION="$(git describe --tags --always --dirty)"
+    COMMIT="$(git rev-parse --short HEAD)"
+    BUILD_DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
+    echo "Building with the following info:"
+    echo "  Version: ${VERSION}"
+    echo "  Commit: ${COMMIT}"
+    echo "  Build Date: ${BUILD_DATE}"
+    echo "----------------------------------------"
+    # Build and start the services with a local-only image tag
+    export CLI_PROXY_IMAGE="cli-proxy-api:local"
+    echo "Building the Docker image..."
+    docker compose build \
+      --build-arg VERSION="${VERSION}" \
+      --build-arg COMMIT="${COMMIT}" \
+      --build-arg BUILD_DATE="${BUILD_DATE}"
+    echo "Starting the services..."
+    docker compose up -d --remove-orphans --pull never
+    echo "Build complete. Services are starting."
+    echo "Run 'docker compose logs -f' to see the logs."
+    ;;
+  *)
+    echo "Invalid choice. Please enter 1 or 2."
+    exit 1
+    ;;
+esac

dsa ADDED Viewed

File without changes

examples/custom-provider/main.go ADDED Viewed

	@@ -0,0 +1,207 @@

+// Package main demonstrates how to create a custom AI provider executor
+// and integrate it with the CLI Proxy API server. This example shows how to:
+// - Create a custom executor that implements the Executor interface
+// - Register custom translators for request/response transformation
+// - Integrate the custom provider with the SDK server
+// - Register custom models in the model registry
+//
+// This example uses a simple echo service (httpbin.org) as the upstream API
+// for demonstration purposes. In a real implementation, you would replace
+// this with your actual AI service provider.
+package main
+import (
+	"bytes"
+	"context"
+	"errors"
+	"io"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+	"github.com/gin-gonic/gin"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/api"
+	sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
+	clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/logging"
+	sdktr "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator"
+)
+const (
+	// providerKey is the identifier for our custom provider.
+	providerKey = "myprov"
+	// fOpenAI represents the OpenAI chat format.
+	fOpenAI = sdktr.Format("openai.chat")
+	// fMyProv represents our custom provider's chat format.
+	fMyProv = sdktr.Format("myprov.chat")
+)
+// init registers trivial translators for demonstration purposes.
+// In a real implementation, you would implement proper request/response
+// transformation logic between OpenAI format and your provider's format.
+func init() {
+	sdktr.Register(fOpenAI, fMyProv,
+		func(model string, raw []byte, stream bool) []byte { return raw },
+		sdktr.ResponseTransform{
+			Stream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) []string {
+				return []string{string(raw)}
+			},
+			NonStream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) string {
+				return string(raw)
+			},
+		},
+	)
+}
+// MyExecutor is a minimal provider implementation for demonstration purposes.
+// It implements the Executor interface to handle requests to a custom AI provider.
+type MyExecutor struct{}
+// Identifier returns the unique identifier for this executor.
+func (MyExecutor) Identifier() string { return providerKey }
+// PrepareRequest optionally injects credentials to raw HTTP requests.
+// This method is called before each request to allow the executor to modify
+// the HTTP request with authentication headers or other necessary modifications.
+//
+// Parameters:
+//   - req: The HTTP request to prepare
+//   - a: The authentication information
+//
+// Returns:
+//   - error: An error if request preparation fails
+func (MyExecutor) PrepareRequest(req *http.Request, a *coreauth.Auth) error {
+	if req == nil || a == nil {
+		return nil
+	}
+	if a.Attributes != nil {
+		if ak := strings.TrimSpace(a.Attributes["api_key"]); ak != "" {
+			req.Header.Set("Authorization", "Bearer "+ak)
+		}
+	}
+	return nil
+}
+func buildHTTPClient(a *coreauth.Auth) *http.Client {
+	if a == nil || strings.TrimSpace(a.ProxyURL) == "" {
+		return http.DefaultClient
+	}
+	u, err := url.Parse(a.ProxyURL)
+	if err != nil || (u.Scheme != "http" && u.Scheme != "https") {
+		return http.DefaultClient
+	}
+	return &http.Client{Transport: &http.Transport{Proxy: http.ProxyURL(u)}}
+}
+func upstreamEndpoint(a *coreauth.Auth) string {
+	if a != nil && a.Attributes != nil {
+		if ep := strings.TrimSpace(a.Attributes["endpoint"]); ep != "" {
+			return ep
+		}
+	}
+	// Demo echo endpoint; replace with your upstream.
+	return "https://httpbin.org/post"
+}
+func (MyExecutor) Execute(ctx context.Context, a *coreauth.Auth, req clipexec.Request, opts clipexec.Options) (clipexec.Response, error) {
+	client := buildHTTPClient(a)
+	endpoint := upstreamEndpoint(a)
+	httpReq, errNew := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(req.Payload))
+	if errNew != nil {
+		return clipexec.Response{}, errNew
+	}
+	httpReq.Header.Set("Content-Type", "application/json")
+	// Inject credentials via PrepareRequest hook.
+	_ = (MyExecutor{}).PrepareRequest(httpReq, a)
+	resp, errDo := client.Do(httpReq)
+	if errDo != nil {
+		return clipexec.Response{}, errDo
+	}
+	defer func() {
+		if errClose := resp.Body.Close(); errClose != nil {
+			// Best-effort close; log if needed in real projects.
+		}
+	}()
+	body, _ := io.ReadAll(resp.Body)
+	return clipexec.Response{Payload: body}, nil
+}
+func (MyExecutor) CountTokens(context.Context, *coreauth.Auth, clipexec.Request, clipexec.Options) (clipexec.Response, error) {
+	return clipexec.Response{}, errors.New("count tokens not implemented")
+}
+func (MyExecutor) ExecuteStream(ctx context.Context, a *coreauth.Auth, req clipexec.Request, opts clipexec.Options) (<-chan clipexec.StreamChunk, error) {
+	ch := make(chan clipexec.StreamChunk, 1)
+	go func() {
+		defer close(ch)
+		ch <- clipexec.StreamChunk{Payload: []byte("data: {\"ok\":true}\n\n")}
+	}()
+	return ch, nil
+}
+func (MyExecutor) Refresh(ctx context.Context, a *coreauth.Auth) (*coreauth.Auth, error) {
+	return a, nil
+}
+func main() {
+	cfg, err := config.LoadConfig("config.yaml")
+	if err != nil {
+		panic(err)
+	}
+	tokenStore := sdkAuth.GetTokenStore()
+	if dirSetter, ok := tokenStore.(interface{ SetBaseDir(string) }); ok {
+		dirSetter.SetBaseDir(cfg.AuthDir)
+	}
+	core := coreauth.NewManager(tokenStore, nil, nil)
+	core.RegisterExecutor(MyExecutor{})
+	hooks := cliproxy.Hooks{
+		OnAfterStart: func(s *cliproxy.Service) {
+			// Register demo models for the custom provider so they appear in /v1/models.
+			models := []*cliproxy.ModelInfo{{ID: "myprov-pro-1", Object: "model", Type: providerKey, DisplayName: "MyProv Pro 1"}}
+			for _, a := range core.List() {
+				if strings.EqualFold(a.Provider, providerKey) {
+					cliproxy.GlobalModelRegistry().RegisterClient(a.ID, providerKey, models)
+				}
+			}
+		},
+	}
+	svc, err := cliproxy.NewBuilder().
+		WithConfig(cfg).
+		WithConfigPath("config.yaml").
+		WithCoreAuthManager(core).
+		WithServerOptions(
+			// Optional: add a simple middleware + custom request logger
+			api.WithMiddleware(func(c *gin.Context) { c.Header("X-Example", "custom-provider"); c.Next() }),
+			api.WithRequestLoggerFactory(func(cfg *config.Config, cfgPath string) logging.RequestLogger {
+				return logging.NewFileRequestLogger(true, "logs", filepath.Dir(cfgPath))
+			}),
+		).
+		WithHooks(hooks).
+		Build()
+	if err != nil {
+		panic(err)
+	}
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	if err := svc.Run(ctx); err != nil && !errors.Is(err, context.Canceled) {
+		panic(err)
+	}
+	_ = os.Stderr // keep os import used (demo only)
+	_ = time.Second
+}

examples/translator/main.go ADDED Viewed

	@@ -0,0 +1,42 @@

+package main
+import (
+	"context"
+	"fmt"
+	"github.com/router-for-me/CLIProxyAPI/v6/sdk/translator"
+	_ "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator/builtin"
+)
+func main() {
+	rawRequest := []byte(`{"messages":[{"content":[{"text":"Hello! Gemini","type":"text"}],"role":"user"}],"model":"gemini-2.5-pro","stream":false}`)
+	fmt.Println("Has gemini->openai response translator:", translator.HasResponseTransformerByFormatName(
+		translator.FormatGemini,
+		translator.FormatOpenAI,
+	))
+	translatedRequest := translator.TranslateRequestByFormatName(
+		translator.FormatOpenAI,
+		translator.FormatGemini,
+		"gemini-2.5-pro",
+		rawRequest,
+		false,
+	)
+	fmt.Printf("Translated request to Gemini format:\n%s\n\n", translatedRequest)
+	claudeResponse := []byte(`{"candidates":[{"content":{"role":"model","parts":[{"thought":true,"text":"Okay, here's what's going through my mind. I need to schedule a meeting"},{"thoughtSignature":"","functionCall":{"name":"schedule_meeting","args":{"topic":"Q3 planning","attendees":["Bob","Alice"],"time":"10:00","date":"2025-03-27"}}}]},"finishReason":"STOP","avgLogprobs":-0.50018133435930523}],"usageMetadata":{"promptTokenCount":117,"candidatesTokenCount":28,"totalTokenCount":474,"trafficType":"PROVISIONED_THROUGHPUT","promptTokensDetails":[{"modality":"TEXT","tokenCount":117}],"candidatesTokensDetails":[{"modality":"TEXT","tokenCount":28}],"thoughtsTokenCount":329},"modelVersion":"gemini-2.5-pro","createTime":"2025-08-15T04:12:55.249090Z","responseId":"x7OeaIKaD6CU48APvNXDyA4"}`)
+	convertedResponse := translator.TranslateNonStreamByFormatName(
+		context.Background(),
+		translator.FormatGemini,
+		translator.FormatOpenAI,
+		"gemini-2.5-pro",
+		rawRequest,
+		translatedRequest,
+		claudeResponse,
+		nil,
+	)
+	fmt.Printf("Converted response for OpenAI clients:\n%s\n", convertedResponse)
+}

internal/api/middleware/anthropic_auth.go ADDED Viewed

	@@ -0,0 +1,106 @@

+package middleware
+import (
+	"net/http"
+	"strings"
+	"github.com/gin-gonic/gin"
+	log "github.com/sirupsen/logrus"
+)
+// AuthenticateAnthropicRequest creates a middleware that authenticates requests
+// for the Anthropic API using multiple methods (Bearer, X-API-Key, Query).
+// It validates the extracted key against the provided list of allowed keys.
+func AuthenticateAnthropicRequest(allowedKeys []string) gin.HandlerFunc {
+	// Convert allowed keys to a map for O(1) lookup
+	allowedKeyMap := make(map[string]struct{})
+	for _, key := range allowedKeys {
+		if key != "" {
+			allowedKeyMap[key] = struct{}{}
+		}
+	}
+	return func(c *gin.Context) {
+		var apiKey string
+		var authMethod string
+		// 1. Check Authorization Header (Bearer)
+		authHeader := c.GetHeader("Authorization")
+		if authHeader != "" {
+			parts := strings.SplitN(authHeader, " ", 2)
+			if len(parts) == 2 && strings.EqualFold(parts[0], "Bearer") {
+				apiKey = strings.TrimSpace(parts[1])
+				authMethod = "Bearer"
+			}
+		}
+		// 2. Check X-API-Key Header
+		if apiKey == "" {
+			apiKey = c.GetHeader("x-api-key")
+			if apiKey != "" {
+				authMethod = "X-API-Key"
+			}
+		}
+		// 3. Check Query Parameter
+		if apiKey == "" {
+			apiKey = c.Query("api_key")
+			if apiKey != "" {
+				authMethod = "QueryParam"
+			}
+		}
+		// Validate
+		if apiKey == "" {
+			log.Debug("Anthropic Auth: No credentials provided")
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+				"error": map[string]string{
+					"type":    "authentication_error",
+					"message": "No API key provided",
+				},
+			})
+			return
+		}
+		// Check if key is allowed
+		valid := false
+		if len(allowedKeyMap) > 0 {
+			if _, ok := allowedKeyMap[apiKey]; ok {
+				valid = true
+			}
+		} else {
+			// If no keys configured in proxy, log warning and deny
+			log.Warn("Anthropic Auth: No allowed keys configured in proxy")
+			valid = false
+		}
+		if !valid {
+			maskedKey := apiKey
+			if len(apiKey) > 4 {
+				maskedKey = apiKey[:4] + "..."
+			}
+			log.WithFields(log.Fields{
+				"method":     authMethod,
+				"key_prefix": maskedKey,
+			}).Debug("Anthropic Auth: Invalid API key")
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+				"error": map[string]string{
+					"type":    "authentication_error",
+					"message": "Invalid API key",
+				},
+			})
+			return
+		}
+		log.WithFields(log.Fields{
+			"method": authMethod,
+		}).Debug("Anthropic Auth: Successful")
+		// Set context variables for downstream handlers
+		c.Set("apiKey", apiKey)
+		c.Set("accessProvider", "anthropic")
+		c.Next()
+	}
+}

internal/api/middleware/anthropic_auth_test.go ADDED Viewed

	@@ -0,0 +1,97 @@

+package middleware
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"github.com/gin-gonic/gin"
+)
+func setupTestRouter(allowedKeys []string) *gin.Engine {
+	gin.SetMode(gin.TestMode)
+	r := gin.New()
+	r.Use(AuthenticateAnthropicRequest(allowedKeys))
+	r.GET("/test", func(c *gin.Context) {
+		apiKey, _ := c.Get("apiKey")
+		c.String(http.StatusOK, "OK: "+apiKey.(string))
+	})
+	return r
+}
+func TestBearerTokenAuth(t *testing.T) {
+	router := setupTestRouter([]string{"valid-key"})
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "/test", nil)
+	req.Header.Set("Authorization", "Bearer valid-key")
+	router.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Errorf("Expected status 200, got %d", w.Code)
+	}
+	if w.Body.String() != "OK: valid-key" {
+		t.Errorf("Expected body 'OK: valid-key', got '%s'", w.Body.String())
+	}
+}
+func TestXAPIKeyAuth(t *testing.T) {
+	router := setupTestRouter([]string{"valid-key"})
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "/test", nil)
+	req.Header.Set("X-API-Key", "valid-key")
+	router.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Errorf("Expected status 200, got %d", w.Code)
+	}
+	if w.Body.String() != "OK: valid-key" {
+		t.Errorf("Expected body 'OK: valid-key', got '%s'", w.Body.String())
+	}
+}
+func TestQueryParamAuth(t *testing.T) {
+	router := setupTestRouter([]string{"valid-key"})
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "/test?api_key=valid-key", nil)
+	router.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Errorf("Expected status 200, got %d", w.Code)
+	}
+	if w.Body.String() != "OK: valid-key" {
+		t.Errorf("Expected body 'OK: valid-key', got '%s'", w.Body.String())
+	}
+}
+func TestNoAuth(t *testing.T) {
+	router := setupTestRouter([]string{"valid-key"})
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "/test", nil)
+	router.ServeHTTP(w, req)
+	if w.Code != http.StatusUnauthorized {
+		t.Errorf("Expected status 401, got %d", w.Code)
+	}
+}
+func TestInvalidKey(t *testing.T) {
+	router := setupTestRouter([]string{"valid-key"})
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "/test", nil)
+	req.Header.Set("Authorization", "Bearer invalid-key")
+	router.ServeHTTP(w, req)
+	if w.Code != http.StatusUnauthorized {
+		t.Errorf("Expected status 401, got %d", w.Code)
+	}
+}

internal/api/middleware/anthropic_debug.go ADDED Viewed

	@@ -0,0 +1,59 @@

+package middleware
+import (
+	"bytes"
+	"io"
+	"strings"
+	"github.com/gin-gonic/gin"
+	log "github.com/sirupsen/logrus"
+)
+// LogAnthropicRequest creates a middleware that logs detailed debug info for Anthropic requests.
+// It logs headers (masking sensitive ones) and a preview of the request body.
+func LogAnthropicRequest() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		path := c.Request.URL.Path
+		method := c.Request.Method
+		userAgent := c.GetHeader("User-Agent")
+		// Check if it's Claude Code
+		isClaudeCode := strings.Contains(userAgent, "claude-code") || strings.Contains(userAgent, "claude-cli")
+		fields := log.Fields{
+			"prefix":         "CLAUDE_CODE_AUTH_DEBUG",
+			"method":         method,
+			"path":           path,
+			"user_agent":     userAgent,
+			"is_claude_code": isClaudeCode,
+		}
+		// Log Headers (masked)
+		headers := make(map[string]string)
+		for k, v := range c.Request.Header {
+			if strings.EqualFold(k, "Authorization") || strings.EqualFold(k, "x-api-key") {
+				headers[k] = "[MASKED]"
+			} else {
+				headers[k] = strings.Join(v, ";")
+			}
+		}
+		fields["headers"] = headers
+		// Peek Body
+		var bodyBytes []byte
+		if c.Request.Body != nil {
+			bodyBytes, _ = io.ReadAll(c.Request.Body)
+			c.Request.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
+			previewLen := 200
+			if len(bodyBytes) < previewLen {
+				previewLen = len(bodyBytes)
+			}
+			fields["body_preview"] = string(bodyBytes[:previewLen])
+		}
+		log.WithFields(fields).Debug("Incoming Anthropic Request")
+		c.Next()
+	}
+}

scripts/verify_claude_proxy.sh ADDED Viewed

	@@ -0,0 +1,75 @@

+#!/usr/bin/env bash
+set -euo pipefail
+# Quick health check for Claude Code through CLIProxyAPIPlus.
+# It validates configuration placeholders, confirms the proxy is reachable,
+# and performs a real /v1/messages call using the provided client key.
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CONFIG_FILE="${CONFIG_FILE:-${ROOT_DIR}/config.yaml}"
+BASE_URL="${BASE_URL:-http://localhost:7860}"
+CLIENT_KEY="${CLIENT_KEY:-${ANTHROPIC_API_KEY:-${CLAUDE_API_KEY:-}}}"
+MODEL="${MODEL:-claude-3-5-haiku-20241022}"
+tmp_body="$(mktemp)"
+cleanup() { rm -f "$tmp_body"; }
+trap cleanup EXIT
+info() { printf '[INFO] %s\n' "$*"; }
+warn() { printf '[WARN] %s\n' "$*" >&2; }
+fatal() { printf '[FAIL] %s\n' "$*" >&2; exit 1; }
+info "Using BASE_URL=${BASE_URL}"
+info "Using MODEL=${MODEL}"
+# 1) Check for placeholder keys in config.yaml
+if [[ -f "$CONFIG_FILE" ]]; then
+  if grep -nE 'DEIN_(CLAUDE|GEMINI|OPENROUTER)_KEY' "$CONFIG_FILE" >/dev/null; then
+    warn "config.yaml still contains placeholder provider keys (DEIN_*). Upstream requests will fail."
+  fi
+else
+  warn "config file not found at ${CONFIG_FILE}"
+fi
+# 2) Ensure we have a client key
+[[ -n "$CLIENT_KEY" ]] || fatal "No client key set. Export CLIENT_KEY or ANTHROPIC_API_KEY or CLAUDE_API_KEY."
+# 3) /v1/models check
+info "Checking /v1/models..."
+models_status=$(curl -sS -o "$tmp_body" -w '%{http_code}' \
+  -H "Authorization: Bearer ${CLIENT_KEY}" \
+  "${BASE_URL}/v1/models") || fatal "curl to /v1/models failed"
+if [[ "$models_status" != "200" ]]; then
+  cat "$tmp_body" >&2
+  fatal "/v1/models returned HTTP ${models_status}"
+fi
+info "/v1/models OK"
+# 4) /v1/messages check
+info "Checking /v1/messages with model=${MODEL}..."
+payload=$(cat <<'JSON'
+{
+  "model": "__MODEL__",
+  "messages": [
+    {"role": "user", "content": "ping"}
+  ],
+  "max_tokens": 16
+}
+JSON
+)
+payload="${payload/__MODEL__/${MODEL}}"
+msg_status=$(curl -sS -o "$tmp_body" -w '%{http_code}' \
+  -X POST "${BASE_URL}/v1/messages" \
+  -H "x-api-key: ${CLIENT_KEY}" \
+  -H "content-type: application/json" \
+  -d "$payload") || fatal "curl to /v1/messages failed"
+if [[ "$msg_status" != "200" ]]; then
+  cat "$tmp_body" >&2
+  fatal "/v1/messages returned HTTP ${msg_status}"
+fi
+info "/v1/messages OK"
+info "Claude proxy looks healthy. You can run Claude Code with:"
+info "ANTHROPIC_API_KEY=${CLIENT_KEY} ANTHROPIC_BASE_URL=${BASE_URL} claude"

server.log ADDED Viewed

The diff for this file is too large to render. See raw diff

switch-provider.sh ADDED Viewed

	@@ -0,0 +1,53 @@

+#!/bin/bash
+# Configuration
+CONFIG_FILE="/home/kek/CLIProxyAPIPlus/config.yaml"
+# Providers
+KIRO_MODEL="kiro-claude-sonnet-4-5-agentic"
+ANTIGRAVITY_MODEL="gemini-claude-sonnet-4-5-thinking"
+GEMINI_MODEL="gemini-2.5-pro"
+# Helper function to update config
+update_config() {
+    local TARGET_MODEL="$1"
+    local PROVIDER_NAME="$2"
+    echo "Switching Claude Sonnet to $PROVIDER_NAME..."
+    # Use sed to replace the 'to:' line for Sonnet mappings
+    # We match the lines specifically to avoid breaking other mappings
+    # 1. Update claude-3-5-sonnet-20241022
+    sed -i "s|to: \"kiro-claude-sonnet-4-5-agentic\"|to: \"$TARGET_MODEL\"|g" "$CONFIG_FILE"
+    sed -i "s|to: \"gemini-claude-sonnet-4-5-thinking\"|to: \"$TARGET_MODEL\"|g" "$CONFIG_FILE"
+    sed -i "s|to: \"gemini-2.5-pro\"|to: \"$TARGET_MODEL\"|g" "$CONFIG_FILE"
+    echo "✅ Switched to $PROVIDER_NAME!"
+    echo "You can now use proxy-claude immediately."
+}
+# Main logic
+case "$1" in
+    kiro)
+        update_config "$KIRO_MODEL" "Kiro (Power Key)"
+        ;;
+    antigravity)
+        update_config "$ANTIGRAVITY_MODEL" "Antigravity (8 Keys)"
+        ;;
+    gemini)
+        update_config "$GEMINI_MODEL" "Gemini Pro (5+ Keys)"
+        ;;
+    *)
+        echo "Usage: ./switch-provider.sh [kiro|antigravity|gemini]"
+        echo ""
+        echo "Current Status:"
+        grep -A 1 "claude-3-5-sonnet-20241022" "$CONFIG_FILE" | grep "to:"
+        echo ""
+        echo "Examples:"
+        echo "  ./switch-provider.sh kiro        -> Switch to Kiro"
+        echo "  ./switch-provider.sh antigravity -> Switch to Antigravity"
+        echo "  ./switch-provider.sh gemini      -> Switch to Gemini Pro"
+        exit 1
+        ;;
+esac

test-proxy-config.sh ADDED Viewed

	@@ -0,0 +1,31 @@

+#!/bin/bash
+# Test script to verify Claude Code proxy configuration
+echo "Testing CLIProxyAPI connection..."
+echo ""
+# Test 1: Check if server is accessible
+echo "1. Testing server endpoint..."
+curl -s http://localhost:7860/v1/models \
+  -H "Authorization: Bearer sk-admin-power-1" \
+  | head -20
+echo ""
+echo ""
+echo "2. Testing with environment variables..."
+export ANTHROPIC_BASE_URL="http://localhost:7860"
+export ANTHROPIC_API_KEY="sk-admin-power-1"
+echo "Environment variables set:"
+echo "  ANTHROPIC_BASE_URL=$ANTHROPIC_BASE_URL"
+echo "  ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY"
+echo ""
+echo "✅ Configuration complete!"
+echo ""
+echo "To use Claude Code with the proxy:"
+echo "  1. The settings are already configured in ~/.claude/settings.json"
+echo "  2. Start a new Claude Code session: claude"
+echo "  3. Your requests will route through the proxy with model mappings:"
+echo "     - Sonnet → kiro-claude-sonnet-4-5-agentic"
+echo "     - Haiku → gemini-2.5-flash"
+echo "     - Opus → gemini-claude-opus-4-5-thinking"

test/amp_management_test.go ADDED Viewed

	@@ -0,0 +1,915 @@

+package test
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"testing"
+	"github.com/gin-gonic/gin"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/api/handlers/management"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+)
+func init() {
+	gin.SetMode(gin.TestMode)
+}
+// newAmpTestHandler creates a test handler with default ampcode configuration.
+func newAmpTestHandler(t *testing.T) (*management.Handler, string) {
+	t.Helper()
+	tmpDir := t.TempDir()
+	configPath := filepath.Join(tmpDir, "config.yaml")
+	cfg := &config.Config{
+		AmpCode: config.AmpCode{
+			UpstreamURL:                   "https://example.com",
+			UpstreamAPIKey:                "test-api-key-12345",
+			RestrictManagementToLocalhost: true,
+			ForceModelMappings:            false,
+			ModelMappings: []config.AmpModelMapping{
+				{From: "gpt-4", To: "gemini-pro"},
+			},
+		},
+	}
+	if err := os.WriteFile(configPath, []byte("port: 8080\n"), 0644); err != nil {
+		t.Fatalf("failed to write config file: %v", err)
+	}
+	h := management.NewHandler(cfg, configPath, nil)
+	return h, configPath
+}
+// setupAmpRouter creates a test router with all ampcode management endpoints.
+func setupAmpRouter(h *management.Handler) *gin.Engine {
+	r := gin.New()
+	mgmt := r.Group("/v0/management")
+	{
+		mgmt.GET("/ampcode", h.GetAmpCode)
+		mgmt.GET("/ampcode/upstream-url", h.GetAmpUpstreamURL)
+		mgmt.PUT("/ampcode/upstream-url", h.PutAmpUpstreamURL)
+		mgmt.DELETE("/ampcode/upstream-url", h.DeleteAmpUpstreamURL)
+		mgmt.GET("/ampcode/upstream-api-key", h.GetAmpUpstreamAPIKey)
+		mgmt.PUT("/ampcode/upstream-api-key", h.PutAmpUpstreamAPIKey)
+		mgmt.DELETE("/ampcode/upstream-api-key", h.DeleteAmpUpstreamAPIKey)
+		mgmt.GET("/ampcode/upstream-api-keys", h.GetAmpUpstreamAPIKeys)
+		mgmt.PUT("/ampcode/upstream-api-keys", h.PutAmpUpstreamAPIKeys)
+		mgmt.PATCH("/ampcode/upstream-api-keys", h.PatchAmpUpstreamAPIKeys)
+		mgmt.DELETE("/ampcode/upstream-api-keys", h.DeleteAmpUpstreamAPIKeys)
+		mgmt.GET("/ampcode/restrict-management-to-localhost", h.GetAmpRestrictManagementToLocalhost)
+		mgmt.PUT("/ampcode/restrict-management-to-localhost", h.PutAmpRestrictManagementToLocalhost)
+		mgmt.GET("/ampcode/model-mappings", h.GetAmpModelMappings)
+		mgmt.PUT("/ampcode/model-mappings", h.PutAmpModelMappings)
+		mgmt.PATCH("/ampcode/model-mappings", h.PatchAmpModelMappings)
+		mgmt.DELETE("/ampcode/model-mappings", h.DeleteAmpModelMappings)
+		mgmt.GET("/ampcode/force-model-mappings", h.GetAmpForceModelMappings)
+		mgmt.PUT("/ampcode/force-model-mappings", h.PutAmpForceModelMappings)
+	}
+	return r
+}
+// TestGetAmpCode verifies GET /v0/management/ampcode returns full ampcode config.
+func TestGetAmpCode(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	var resp map[string]config.AmpCode
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal response: %v", err)
+	}
+	ampcode := resp["ampcode"]
+	if ampcode.UpstreamURL != "https://example.com" {
+		t.Errorf("expected upstream-url %q, got %q", "https://example.com", ampcode.UpstreamURL)
+	}
+	if len(ampcode.ModelMappings) != 1 {
+		t.Errorf("expected 1 model mapping, got %d", len(ampcode.ModelMappings))
+	}
+}
+// TestGetAmpUpstreamURL verifies GET /v0/management/ampcode/upstream-url returns the upstream URL.
+func TestGetAmpUpstreamURL(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-url", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	var resp map[string]string
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal response: %v", err)
+	}
+	if resp["upstream-url"] != "https://example.com" {
+		t.Errorf("expected %q, got %q", "https://example.com", resp["upstream-url"])
+	}
+}
+// TestPutAmpUpstreamURL verifies PUT /v0/management/ampcode/upstream-url updates the upstream URL.
+func TestPutAmpUpstreamURL(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": "https://new-upstream.com"}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-url", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String())
+	}
+}
+// TestDeleteAmpUpstreamURL verifies DELETE /v0/management/ampcode/upstream-url clears the upstream URL.
+func TestDeleteAmpUpstreamURL(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-url", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+}
+// TestGetAmpUpstreamAPIKey verifies GET /v0/management/ampcode/upstream-api-key returns the API key.
+func TestGetAmpUpstreamAPIKey(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-api-key", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	var resp map[string]any
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal response: %v", err)
+	}
+	key := resp["upstream-api-key"].(string)
+	if key != "test-api-key-12345" {
+		t.Errorf("expected key %q, got %q", "test-api-key-12345", key)
+	}
+}
+// TestPutAmpUpstreamAPIKey verifies PUT /v0/management/ampcode/upstream-api-key updates the API key.
+func TestPutAmpUpstreamAPIKey(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": "new-secret-key"}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-api-key", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+}
+func TestPutAmpUpstreamAPIKeys_PersistsAndReturns(t *testing.T) {
+	h, configPath := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value":[{"upstream-api-key":"  u1  ","api-keys":["  k1  ","","k2"]}]}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-api-keys", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String())
+	}
+	// Verify it was persisted to disk
+	loaded, err := config.LoadConfig(configPath)
+	if err != nil {
+		t.Fatalf("failed to load config from disk: %v", err)
+	}
+	if len(loaded.AmpCode.UpstreamAPIKeys) != 1 {
+		t.Fatalf("expected 1 upstream-api-keys entry, got %d", len(loaded.AmpCode.UpstreamAPIKeys))
+	}
+	entry := loaded.AmpCode.UpstreamAPIKeys[0]
+	if entry.UpstreamAPIKey != "u1" {
+		t.Fatalf("expected upstream-api-key u1, got %q", entry.UpstreamAPIKey)
+	}
+	if len(entry.APIKeys) != 2 || entry.APIKeys[0] != "k1" || entry.APIKeys[1] != "k2" {
+		t.Fatalf("expected api-keys [k1 k2], got %#v", entry.APIKeys)
+	}
+	// Verify it is returned by GET /ampcode
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	var resp map[string]config.AmpCode
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal response: %v", err)
+	}
+	if got := resp["ampcode"].UpstreamAPIKeys; len(got) != 1 || got[0].UpstreamAPIKey != "u1" {
+		t.Fatalf("expected upstream-api-keys to be present after update, got %#v", got)
+	}
+}
+func TestDeleteAmpUpstreamAPIKeys_ClearsAll(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	// Seed with one entry
+	putBody := `{"value":[{"upstream-api-key":"u1","api-keys":["k1"]}]}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-api-keys", bytes.NewBufferString(putBody))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String())
+	}
+	deleteBody := `{"value":[]}`
+	req = httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-api-keys", bytes.NewBufferString(deleteBody))
+	req.Header.Set("Content-Type", "application/json")
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-api-keys", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	var resp map[string][]config.AmpUpstreamAPIKeyEntry
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal response: %v", err)
+	}
+	if resp["upstream-api-keys"] != nil && len(resp["upstream-api-keys"]) != 0 {
+		t.Fatalf("expected cleared list, got %#v", resp["upstream-api-keys"])
+	}
+}
+// TestDeleteAmpUpstreamAPIKey verifies DELETE /v0/management/ampcode/upstream-api-key clears the API key.
+func TestDeleteAmpUpstreamAPIKey(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-api-key", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+}
+// TestGetAmpRestrictManagementToLocalhost verifies GET returns the localhost restriction setting.
+func TestGetAmpRestrictManagementToLocalhost(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/restrict-management-to-localhost", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	var resp map[string]bool
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal response: %v", err)
+	}
+	if resp["restrict-management-to-localhost"] != true {
+		t.Error("expected restrict-management-to-localhost to be true")
+	}
+}
+// TestPutAmpRestrictManagementToLocalhost verifies PUT updates the localhost restriction setting.
+func TestPutAmpRestrictManagementToLocalhost(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": false}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/restrict-management-to-localhost", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+}
+// TestGetAmpModelMappings verifies GET /v0/management/ampcode/model-mappings returns all mappings.
+func TestGetAmpModelMappings(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	var resp map[string][]config.AmpModelMapping
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal response: %v", err)
+	}
+	mappings := resp["model-mappings"]
+	if len(mappings) != 1 {
+		t.Fatalf("expected 1 mapping, got %d", len(mappings))
+	}
+	if mappings[0].From != "gpt-4" || mappings[0].To != "gemini-pro" {
+		t.Errorf("unexpected mapping: %+v", mappings[0])
+	}
+}
+// TestPutAmpModelMappings verifies PUT /v0/management/ampcode/model-mappings replaces all mappings.
+func TestPutAmpModelMappings(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": [{"from": "claude-3", "to": "gpt-4o"}, {"from": "gemini", "to": "claude"}]}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String())
+	}
+}
+// TestPatchAmpModelMappings verifies PATCH updates existing mappings and adds new ones.
+func TestPatchAmpModelMappings(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": [{"from": "gpt-4", "to": "updated-model"}, {"from": "new-model", "to": "target"}]}`
+	req := httptest.NewRequest(http.MethodPatch, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String())
+	}
+}
+// TestDeleteAmpModelMappings_Specific verifies DELETE removes specified mappings by "from" field.
+func TestDeleteAmpModelMappings_Specific(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": ["gpt-4"]}`
+	req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+}
+// TestDeleteAmpModelMappings_All verifies DELETE with empty body removes all mappings.
+func TestDeleteAmpModelMappings_All(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+}
+// TestGetAmpForceModelMappings verifies GET returns the force-model-mappings setting.
+func TestGetAmpForceModelMappings(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/force-model-mappings", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	var resp map[string]bool
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal response: %v", err)
+	}
+	if resp["force-model-mappings"] != false {
+		t.Error("expected force-model-mappings to be false")
+	}
+}
+// TestPutAmpForceModelMappings verifies PUT updates the force-model-mappings setting.
+func TestPutAmpForceModelMappings(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": true}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/force-model-mappings", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+}
+// TestPutAmpModelMappings_VerifyState verifies PUT replaces mappings and state is persisted.
+func TestPutAmpModelMappings_VerifyState(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": [{"from": "model-a", "to": "model-b"}, {"from": "model-c", "to": "model-d"}, {"from": "model-e", "to": "model-f"}]}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("PUT failed: status %d, body: %s", w.Code, w.Body.String())
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string][]config.AmpModelMapping
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	mappings := resp["model-mappings"]
+	if len(mappings) != 3 {
+		t.Fatalf("expected 3 mappings, got %d", len(mappings))
+	}
+	expected := map[string]string{"model-a": "model-b", "model-c": "model-d", "model-e": "model-f"}
+	for _, m := range mappings {
+		if expected[m.From] != m.To {
+			t.Errorf("mapping %q -> expected %q, got %q", m.From, expected[m.From], m.To)
+		}
+	}
+}
+// TestPatchAmpModelMappings_VerifyState verifies PATCH merges mappings correctly.
+func TestPatchAmpModelMappings_VerifyState(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": [{"from": "gpt-4", "to": "updated-target"}, {"from": "new-model", "to": "new-target"}]}`
+	req := httptest.NewRequest(http.MethodPatch, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("PATCH failed: status %d", w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string][]config.AmpModelMapping
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	mappings := resp["model-mappings"]
+	if len(mappings) != 2 {
+		t.Fatalf("expected 2 mappings (1 updated + 1 new), got %d", len(mappings))
+	}
+	found := make(map[string]string)
+	for _, m := range mappings {
+		found[m.From] = m.To
+	}
+	if found["gpt-4"] != "updated-target" {
+		t.Errorf("gpt-4 should map to updated-target, got %q", found["gpt-4"])
+	}
+	if found["new-model"] != "new-target" {
+		t.Errorf("new-model should map to new-target, got %q", found["new-model"])
+	}
+}
+// TestDeleteAmpModelMappings_VerifyState verifies DELETE removes specific mappings and keeps others.
+func TestDeleteAmpModelMappings_VerifyState(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	putBody := `{"value": [{"from": "a", "to": "1"}, {"from": "b", "to": "2"}, {"from": "c", "to": "3"}]}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(putBody))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	delBody := `{"value": ["a", "c"]}`
+	req = httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(delBody))
+	req.Header.Set("Content-Type", "application/json")
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("DELETE failed: status %d", w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string][]config.AmpModelMapping
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	mappings := resp["model-mappings"]
+	if len(mappings) != 1 {
+		t.Fatalf("expected 1 mapping remaining, got %d", len(mappings))
+	}
+	if mappings[0].From != "b" || mappings[0].To != "2" {
+		t.Errorf("expected b->2, got %s->%s", mappings[0].From, mappings[0].To)
+	}
+}
+// TestDeleteAmpModelMappings_NonExistent verifies DELETE with non-existent mapping doesn't affect existing ones.
+func TestDeleteAmpModelMappings_NonExistent(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	delBody := `{"value": ["non-existent-model"]}`
+	req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(delBody))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string][]config.AmpModelMapping
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	if len(resp["model-mappings"]) != 1 {
+		t.Errorf("original mapping should remain, got %d mappings", len(resp["model-mappings"]))
+	}
+}
+// TestPutAmpModelMappings_Empty verifies PUT with empty array clears all mappings.
+func TestPutAmpModelMappings_Empty(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": []}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string][]config.AmpModelMapping
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	if len(resp["model-mappings"]) != 0 {
+		t.Errorf("expected 0 mappings, got %d", len(resp["model-mappings"]))
+	}
+}
+// TestPutAmpUpstreamURL_VerifyState verifies PUT updates upstream URL and persists state.
+func TestPutAmpUpstreamURL_VerifyState(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": "https://new-api.example.com"}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-url", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("PUT failed: status %d", w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-url", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string]string
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	if resp["upstream-url"] != "https://new-api.example.com" {
+		t.Errorf("expected %q, got %q", "https://new-api.example.com", resp["upstream-url"])
+	}
+}
+// TestDeleteAmpUpstreamURL_VerifyState verifies DELETE clears upstream URL.
+func TestDeleteAmpUpstreamURL_VerifyState(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-url", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("DELETE failed: status %d", w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-url", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string]string
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	if resp["upstream-url"] != "" {
+		t.Errorf("expected empty string, got %q", resp["upstream-url"])
+	}
+}
+// TestPutAmpUpstreamAPIKey_VerifyState verifies PUT updates API key and persists state.
+func TestPutAmpUpstreamAPIKey_VerifyState(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": "new-secret-api-key-xyz"}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-api-key", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("PUT failed: status %d", w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-api-key", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string]string
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	if resp["upstream-api-key"] != "new-secret-api-key-xyz" {
+		t.Errorf("expected %q, got %q", "new-secret-api-key-xyz", resp["upstream-api-key"])
+	}
+}
+// TestDeleteAmpUpstreamAPIKey_VerifyState verifies DELETE clears API key.
+func TestDeleteAmpUpstreamAPIKey_VerifyState(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-api-key", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("DELETE failed: status %d", w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-api-key", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string]string
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	if resp["upstream-api-key"] != "" {
+		t.Errorf("expected empty string, got %q", resp["upstream-api-key"])
+	}
+}
+// TestPutAmpRestrictManagementToLocalhost_VerifyState verifies PUT updates localhost restriction.
+func TestPutAmpRestrictManagementToLocalhost_VerifyState(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": false}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/restrict-management-to-localhost", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("PUT failed: status %d", w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/restrict-management-to-localhost", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string]bool
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	if resp["restrict-management-to-localhost"] != false {
+		t.Error("expected false after update")
+	}
+}
+// TestPutAmpForceModelMappings_VerifyState verifies PUT updates force-model-mappings setting.
+func TestPutAmpForceModelMappings_VerifyState(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{"value": true}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/force-model-mappings", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("PUT failed: status %d", w.Code)
+	}
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/force-model-mappings", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string]bool
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	if resp["force-model-mappings"] != true {
+		t.Error("expected true after update")
+	}
+}
+// TestPutBoolField_EmptyObject verifies PUT with empty object returns 400.
+func TestPutBoolField_EmptyObject(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	body := `{}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/force-model-mappings", bytes.NewBufferString(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusBadRequest {
+		t.Fatalf("expected status %d for empty object, got %d", http.StatusBadRequest, w.Code)
+	}
+}
+// TestComplexMappingsWorkflow tests a full workflow: PUT, PATCH, DELETE, and GET.
+func TestComplexMappingsWorkflow(t *testing.T) {
+	h, _ := newAmpTestHandler(t)
+	r := setupAmpRouter(h)
+	putBody := `{"value": [{"from": "m1", "to": "t1"}, {"from": "m2", "to": "t2"}, {"from": "m3", "to": "t3"}, {"from": "m4", "to": "t4"}]}`
+	req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(putBody))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	patchBody := `{"value": [{"from": "m2", "to": "t2-updated"}, {"from": "m5", "to": "t5"}]}`
+	req = httptest.NewRequest(http.MethodPatch, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(patchBody))
+	req.Header.Set("Content-Type", "application/json")
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	delBody := `{"value": ["m1", "m3"]}`
+	req = httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(delBody))
+	req.Header.Set("Content-Type", "application/json")
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil)
+	w = httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	var resp map[string][]config.AmpModelMapping
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	mappings := resp["model-mappings"]
+	if len(mappings) != 3 {
+		t.Fatalf("expected 3 mappings (m2, m4, m5), got %d", len(mappings))
+	}
+	expected := map[string]string{"m2": "t2-updated", "m4": "t4", "m5": "t5"}
+	found := make(map[string]string)
+	for _, m := range mappings {
+		found[m.From] = m.To
+	}
+	for from, to := range expected {
+		if found[from] != to {
+			t.Errorf("mapping %s: expected %q, got %q", from, to, found[from])
+		}
+	}
+}
+// TestNilHandlerGetAmpCode verifies handler works with empty config.
+func TestNilHandlerGetAmpCode(t *testing.T) {
+	cfg := &config.Config{}
+	h := management.NewHandler(cfg, "", nil)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+}
+// TestEmptyConfigGetAmpModelMappings verifies GET returns empty array for fresh config.
+func TestEmptyConfigGetAmpModelMappings(t *testing.T) {
+	cfg := &config.Config{}
+	tmpDir := t.TempDir()
+	configPath := filepath.Join(tmpDir, "config.yaml")
+	if err := os.WriteFile(configPath, []byte("port: 8080\n"), 0644); err != nil {
+		t.Fatalf("failed to write config: %v", err)
+	}
+	h := management.NewHandler(cfg, configPath, nil)
+	r := setupAmpRouter(h)
+	req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code)
+	}
+	var resp map[string][]config.AmpModelMapping
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to unmarshal: %v", err)
+	}
+	if len(resp["model-mappings"]) != 0 {
+		t.Errorf("expected 0 mappings, got %d", len(resp["model-mappings"]))
+	}
+}

test/config_migration_test.go ADDED Viewed

	@@ -0,0 +1,195 @@

+package test
+import (
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+)
+func TestLegacyConfigMigration(t *testing.T) {
+	t.Run("onlyLegacyFields", func(t *testing.T) {
+		path := writeConfig(t, `
+port: 8080
+generative-language-api-key:
+  - "legacy-gemini-1"
+openai-compatibility:
+  - name: "legacy-provider"
+    base-url: "https://example.com"
+    api-keys:
+      - "legacy-openai-1"
+amp-upstream-url: "https://amp.example.com"
+amp-upstream-api-key: "amp-legacy-key"
+amp-restrict-management-to-localhost: false
+amp-model-mappings:
+  - from: "old-model"
+    to: "new-model"
+`)
+		cfg, err := config.LoadConfig(path)
+		if err != nil {
+			t.Fatalf("load legacy config: %v", err)
+		}
+		if got := len(cfg.GeminiKey); got != 1 || cfg.GeminiKey[0].APIKey != "legacy-gemini-1" {
+			t.Fatalf("gemini migration mismatch: %+v", cfg.GeminiKey)
+		}
+		if got := len(cfg.OpenAICompatibility); got != 1 {
+			t.Fatalf("expected 1 openai-compat provider, got %d", got)
+		}
+		if entries := cfg.OpenAICompatibility[0].APIKeyEntries; len(entries) != 1 || entries[0].APIKey != "legacy-openai-1" {
+			t.Fatalf("openai-compat migration mismatch: %+v", entries)
+		}
+		if cfg.AmpCode.UpstreamURL != "https://amp.example.com" || cfg.AmpCode.UpstreamAPIKey != "amp-legacy-key" {
+			t.Fatalf("amp migration failed: %+v", cfg.AmpCode)
+		}
+		if cfg.AmpCode.RestrictManagementToLocalhost {
+			t.Fatalf("expected amp restriction to be false after migration")
+		}
+		if got := len(cfg.AmpCode.ModelMappings); got != 1 || cfg.AmpCode.ModelMappings[0].From != "old-model" {
+			t.Fatalf("amp mappings migration mismatch: %+v", cfg.AmpCode.ModelMappings)
+		}
+		updated := readFile(t, path)
+		if strings.Contains(updated, "generative-language-api-key") {
+			t.Fatalf("legacy gemini key still present:\n%s", updated)
+		}
+		if strings.Contains(updated, "amp-upstream-url") || strings.Contains(updated, "amp-restrict-management-to-localhost") {
+			t.Fatalf("legacy amp keys still present:\n%s", updated)
+		}
+		if strings.Contains(updated, "\n    api-keys:") {
+			t.Fatalf("legacy openai compat keys still present:\n%s", updated)
+		}
+	})
+	t.Run("mixedLegacyAndNewFields", func(t *testing.T) {
+		path := writeConfig(t, `
+gemini-api-key:
+  - api-key: "new-gemini"
+generative-language-api-key:
+  - "new-gemini"
+  - "legacy-gemini-only"
+openai-compatibility:
+  - name: "mixed-provider"
+    base-url: "https://mixed.example.com"
+    api-key-entries:
+      - api-key: "new-entry"
+    api-keys:
+      - "legacy-entry"
+      - "new-entry"
+`)
+		cfg, err := config.LoadConfig(path)
+		if err != nil {
+			t.Fatalf("load mixed config: %v", err)
+		}
+		if got := len(cfg.GeminiKey); got != 2 {
+			t.Fatalf("expected 2 gemini entries, got %d: %+v", got, cfg.GeminiKey)
+		}
+		seen := make(map[string]struct{}, len(cfg.GeminiKey))
+		for _, entry := range cfg.GeminiKey {
+			if _, exists := seen[entry.APIKey]; exists {
+				t.Fatalf("duplicate gemini key %q after migration", entry.APIKey)
+			}
+			seen[entry.APIKey] = struct{}{}
+		}
+		provider := cfg.OpenAICompatibility[0]
+		if got := len(provider.APIKeyEntries); got != 2 {
+			t.Fatalf("expected 2 openai entries, got %d: %+v", got, provider.APIKeyEntries)
+		}
+		entrySeen := make(map[string]struct{}, len(provider.APIKeyEntries))
+		for _, entry := range provider.APIKeyEntries {
+			if _, ok := entrySeen[entry.APIKey]; ok {
+				t.Fatalf("duplicate openai key %q after migration", entry.APIKey)
+			}
+			entrySeen[entry.APIKey] = struct{}{}
+		}
+	})
+	t.Run("onlyNewFields", func(t *testing.T) {
+		path := writeConfig(t, `
+gemini-api-key:
+  - api-key: "new-only"
+openai-compatibility:
+  - name: "new-only-provider"
+    base-url: "https://new-only.example.com"
+    api-key-entries:
+      - api-key: "new-only-entry"
+ampcode:
+  upstream-url: "https://amp.new"
+  upstream-api-key: "new-amp-key"
+  restrict-management-to-localhost: true
+  model-mappings:
+    - from: "a"
+      to: "b"
+`)
+		cfg, err := config.LoadConfig(path)
+		if err != nil {
+			t.Fatalf("load new config: %v", err)
+		}
+		if len(cfg.GeminiKey) != 1 || cfg.GeminiKey[0].APIKey != "new-only" {
+			t.Fatalf("unexpected gemini entries: %+v", cfg.GeminiKey)
+		}
+		if len(cfg.OpenAICompatibility) != 1 || len(cfg.OpenAICompatibility[0].APIKeyEntries) != 1 {
+			t.Fatalf("unexpected openai compat entries: %+v", cfg.OpenAICompatibility)
+		}
+		if cfg.AmpCode.UpstreamURL != "https://amp.new" || cfg.AmpCode.UpstreamAPIKey != "new-amp-key" {
+			t.Fatalf("unexpected amp config: %+v", cfg.AmpCode)
+		}
+	})
+	t.Run("duplicateNamesDifferentBase", func(t *testing.T) {
+		path := writeConfig(t, `
+openai-compatibility:
+  - name: "dup-provider"
+    base-url: "https://provider-a"
+    api-keys:
+      - "key-a"
+  - name: "dup-provider"
+    base-url: "https://provider-b"
+    api-keys:
+      - "key-b"
+`)
+		cfg, err := config.LoadConfig(path)
+		if err != nil {
+			t.Fatalf("load duplicate config: %v", err)
+		}
+		if len(cfg.OpenAICompatibility) != 2 {
+			t.Fatalf("expected 2 providers, got %d", len(cfg.OpenAICompatibility))
+		}
+		for _, entry := range cfg.OpenAICompatibility {
+			if len(entry.APIKeyEntries) != 1 {
+				t.Fatalf("expected 1 key entry per provider: %+v", entry)
+			}
+			switch entry.BaseURL {
+			case "https://provider-a":
+				if entry.APIKeyEntries[0].APIKey != "key-a" {
+					t.Fatalf("provider-a key mismatch: %+v", entry.APIKeyEntries)
+				}
+			case "https://provider-b":
+				if entry.APIKeyEntries[0].APIKey != "key-b" {
+					t.Fatalf("provider-b key mismatch: %+v", entry.APIKeyEntries)
+				}
+			default:
+				t.Fatalf("unexpected provider base url: %s", entry.BaseURL)
+			}
+		}
+	})
+}
+func writeConfig(t *testing.T, content string) string {
+	t.Helper()
+	dir := t.TempDir()
+	path := filepath.Join(dir, "config.yaml")
+	if err := os.WriteFile(path, []byte(strings.TrimSpace(content)+"\n"), 0o644); err != nil {
+		t.Fatalf("write temp config: %v", err)
+	}
+	return path
+}
+func readFile(t *testing.T, path string) string {
+	t.Helper()
+	data, err := os.ReadFile(path)
+	if err != nil {
+		t.Fatalf("read temp config: %v", err)
+	}
+	return string(data)
+}

test/gemini3_thinking_level_test.go ADDED Viewed

	@@ -0,0 +1,423 @@

+package test
+import (
+	"fmt"
+	"testing"
+	"time"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
+	"github.com/tidwall/gjson"
+)
+// registerGemini3Models loads Gemini 3 models into the registry for testing.
+func registerGemini3Models(t *testing.T) func() {
+	t.Helper()
+	reg := registry.GetGlobalRegistry()
+	uid := fmt.Sprintf("gemini3-test-%d", time.Now().UnixNano())
+	reg.RegisterClient(uid+"-gemini", "gemini", registry.GetGeminiModels())
+	reg.RegisterClient(uid+"-aistudio", "aistudio", registry.GetAIStudioModels())
+	return func() {
+		reg.UnregisterClient(uid + "-gemini")
+		reg.UnregisterClient(uid + "-aistudio")
+	}
+}
+func TestIsGemini3Model(t *testing.T) {
+	cases := []struct {
+		model    string
+		expected bool
+	}{
+		{"gemini-3-pro-preview", true},
+		{"gemini-3-flash-preview", true},
+		{"gemini_3_pro_preview", true},
+		{"gemini-3-pro", true},
+		{"gemini-3-flash", true},
+		{"GEMINI-3-PRO-PREVIEW", true},
+		{"gemini-2.5-pro", false},
+		{"gemini-2.5-flash", false},
+		{"gpt-5", false},
+		{"claude-sonnet-4-5", false},
+		{"", false},
+	}
+	for _, cs := range cases {
+		t.Run(cs.model, func(t *testing.T) {
+			got := util.IsGemini3Model(cs.model)
+			if got != cs.expected {
+				t.Fatalf("IsGemini3Model(%q) = %v, want %v", cs.model, got, cs.expected)
+			}
+		})
+	}
+}
+func TestIsGemini3ProModel(t *testing.T) {
+	cases := []struct {
+		model    string
+		expected bool
+	}{
+		{"gemini-3-pro-preview", true},
+		{"gemini_3_pro_preview", true},
+		{"gemini-3-pro", true},
+		{"GEMINI-3-PRO-PREVIEW", true},
+		{"gemini-3-flash-preview", false},
+		{"gemini-3-flash", false},
+		{"gemini-2.5-pro", false},
+		{"", false},
+	}
+	for _, cs := range cases {
+		t.Run(cs.model, func(t *testing.T) {
+			got := util.IsGemini3ProModel(cs.model)
+			if got != cs.expected {
+				t.Fatalf("IsGemini3ProModel(%q) = %v, want %v", cs.model, got, cs.expected)
+			}
+		})
+	}
+}
+func TestIsGemini3FlashModel(t *testing.T) {
+	cases := []struct {
+		model    string
+		expected bool
+	}{
+		{"gemini-3-flash-preview", true},
+		{"gemini_3_flash_preview", true},
+		{"gemini-3-flash", true},
+		{"GEMINI-3-FLASH-PREVIEW", true},
+		{"gemini-3-pro-preview", false},
+		{"gemini-3-pro", false},
+		{"gemini-2.5-flash", false},
+		{"", false},
+	}
+	for _, cs := range cases {
+		t.Run(cs.model, func(t *testing.T) {
+			got := util.IsGemini3FlashModel(cs.model)
+			if got != cs.expected {
+				t.Fatalf("IsGemini3FlashModel(%q) = %v, want %v", cs.model, got, cs.expected)
+			}
+		})
+	}
+}
+func TestValidateGemini3ThinkingLevel(t *testing.T) {
+	cases := []struct {
+		name    string
+		model   string
+		level   string
+		wantOK  bool
+		wantVal string
+	}{
+		// Gemini 3 Pro: supports "low", "high"
+		{"pro-low", "gemini-3-pro-preview", "low", true, "low"},
+		{"pro-high", "gemini-3-pro-preview", "high", true, "high"},
+		{"pro-minimal-invalid", "gemini-3-pro-preview", "minimal", false, ""},
+		{"pro-medium-invalid", "gemini-3-pro-preview", "medium", false, ""},
+		// Gemini 3 Flash: supports "minimal", "low", "medium", "high"
+		{"flash-minimal", "gemini-3-flash-preview", "minimal", true, "minimal"},
+		{"flash-low", "gemini-3-flash-preview", "low", true, "low"},
+		{"flash-medium", "gemini-3-flash-preview", "medium", true, "medium"},
+		{"flash-high", "gemini-3-flash-preview", "high", true, "high"},
+		// Case insensitivity
+		{"flash-LOW-case", "gemini-3-flash-preview", "LOW", true, "low"},
+		{"flash-High-case", "gemini-3-flash-preview", "High", true, "high"},
+		{"pro-HIGH-case", "gemini-3-pro-preview", "HIGH", true, "high"},
+		// Invalid levels
+		{"flash-invalid", "gemini-3-flash-preview", "xhigh", false, ""},
+		{"flash-invalid-auto", "gemini-3-flash-preview", "auto", false, ""},
+		{"flash-empty", "gemini-3-flash-preview", "", false, ""},
+		// Non-Gemini 3 models
+		{"non-gemini3", "gemini-2.5-pro", "high", false, ""},
+		{"gpt5", "gpt-5", "high", false, ""},
+	}
+	for _, cs := range cases {
+		t.Run(cs.name, func(t *testing.T) {
+			got, ok := util.ValidateGemini3ThinkingLevel(cs.model, cs.level)
+			if ok != cs.wantOK {
+				t.Fatalf("ValidateGemini3ThinkingLevel(%q, %q) ok = %v, want %v", cs.model, cs.level, ok, cs.wantOK)
+			}
+			if got != cs.wantVal {
+				t.Fatalf("ValidateGemini3ThinkingLevel(%q, %q) = %q, want %q", cs.model, cs.level, got, cs.wantVal)
+			}
+		})
+	}
+}
+func TestThinkingBudgetToGemini3Level(t *testing.T) {
+	cases := []struct {
+		name    string
+		model   string
+		budget  int
+		wantOK  bool
+		wantVal string
+	}{
+		// Gemini 3 Pro: maps to "low" or "high"
+		{"pro-dynamic", "gemini-3-pro-preview", -1, true, "high"},
+		{"pro-zero", "gemini-3-pro-preview", 0, true, "low"},
+		{"pro-small", "gemini-3-pro-preview", 1000, true, "low"},
+		{"pro-medium", "gemini-3-pro-preview", 8000, true, "low"},
+		{"pro-large", "gemini-3-pro-preview", 20000, true, "high"},
+		{"pro-huge", "gemini-3-pro-preview", 50000, true, "high"},
+		// Gemini 3 Flash: maps to "minimal", "low", "medium", "high"
+		{"flash-dynamic", "gemini-3-flash-preview", -1, true, "high"},
+		{"flash-zero", "gemini-3-flash-preview", 0, true, "minimal"},
+		{"flash-tiny", "gemini-3-flash-preview", 500, true, "minimal"},
+		{"flash-small", "gemini-3-flash-preview", 1000, true, "low"},
+		{"flash-medium-val", "gemini-3-flash-preview", 8000, true, "medium"},
+		{"flash-large", "gemini-3-flash-preview", 20000, true, "high"},
+		{"flash-huge", "gemini-3-flash-preview", 50000, true, "high"},
+		// Non-Gemini 3 models should return false
+		{"gemini25-budget", "gemini-2.5-pro", 8000, false, ""},
+		{"gpt5-budget", "gpt-5", 8000, false, ""},
+	}
+	for _, cs := range cases {
+		t.Run(cs.name, func(t *testing.T) {
+			got, ok := util.ThinkingBudgetToGemini3Level(cs.model, cs.budget)
+			if ok != cs.wantOK {
+				t.Fatalf("ThinkingBudgetToGemini3Level(%q, %d) ok = %v, want %v", cs.model, cs.budget, ok, cs.wantOK)
+			}
+			if got != cs.wantVal {
+				t.Fatalf("ThinkingBudgetToGemini3Level(%q, %d) = %q, want %q", cs.model, cs.budget, got, cs.wantVal)
+			}
+		})
+	}
+}
+func TestApplyGemini3ThinkingLevelFromMetadata(t *testing.T) {
+	cleanup := registerGemini3Models(t)
+	defer cleanup()
+	cases := []struct {
+		name         string
+		model        string
+		metadata     map[string]any
+		inputBody    string
+		wantLevel    string
+		wantInclude  bool
+		wantNoChange bool
+	}{
+		{
+			name:        "flash-minimal-from-suffix",
+			model:       "gemini-3-flash-preview",
+			metadata:    map[string]any{"reasoning_effort": "minimal"},
+			inputBody:   `{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}`,
+			wantLevel:   "minimal",
+			wantInclude: true,
+		},
+		{
+			name:        "flash-medium-from-suffix",
+			model:       "gemini-3-flash-preview",
+			metadata:    map[string]any{"reasoning_effort": "medium"},
+			inputBody:   `{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}`,
+			wantLevel:   "medium",
+			wantInclude: true,
+		},
+		{
+			name:        "pro-high-from-suffix",
+			model:       "gemini-3-pro-preview",
+			metadata:    map[string]any{"reasoning_effort": "high"},
+			inputBody:   `{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}`,
+			wantLevel:   "high",
+			wantInclude: true,
+		},
+		{
+			name:         "no-metadata-no-change",
+			model:        "gemini-3-flash-preview",
+			metadata:     nil,
+			inputBody:    `{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}`,
+			wantNoChange: true,
+		},
+		{
+			name:         "non-gemini3-no-change",
+			model:        "gemini-2.5-pro",
+			metadata:     map[string]any{"reasoning_effort": "high"},
+			inputBody:    `{"generationConfig":{"thinkingConfig":{"thinkingBudget":-1}}}`,
+			wantNoChange: true,
+		},
+		{
+			name:         "invalid-level-no-change",
+			model:        "gemini-3-flash-preview",
+			metadata:     map[string]any{"reasoning_effort": "xhigh"},
+			inputBody:    `{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}`,
+			wantNoChange: true,
+		},
+	}
+	for _, cs := range cases {
+		t.Run(cs.name, func(t *testing.T) {
+			input := []byte(cs.inputBody)
+			result := util.ApplyGemini3ThinkingLevelFromMetadata(cs.model, cs.metadata, input)
+			if cs.wantNoChange {
+				if string(result) != cs.inputBody {
+					t.Fatalf("expected no change, but got: %s", string(result))
+				}
+				return
+			}
+			level := gjson.GetBytes(result, "generationConfig.thinkingConfig.thinkingLevel")
+			if !level.Exists() {
+				t.Fatalf("thinkingLevel not set in result: %s", string(result))
+			}
+			if level.String() != cs.wantLevel {
+				t.Fatalf("thinkingLevel = %q, want %q", level.String(), cs.wantLevel)
+			}
+			include := gjson.GetBytes(result, "generationConfig.thinkingConfig.includeThoughts")
+			if cs.wantInclude && (!include.Exists() || !include.Bool()) {
+				t.Fatalf("includeThoughts should be true, got: %s", string(result))
+			}
+		})
+	}
+}
+func TestApplyGemini3ThinkingLevelFromMetadataCLI(t *testing.T) {
+	cleanup := registerGemini3Models(t)
+	defer cleanup()
+	cases := []struct {
+		name         string
+		model        string
+		metadata     map[string]any
+		inputBody    string
+		wantLevel    string
+		wantInclude  bool
+		wantNoChange bool
+	}{
+		{
+			name:        "flash-minimal-from-suffix-cli",
+			model:       "gemini-3-flash-preview",
+			metadata:    map[string]any{"reasoning_effort": "minimal"},
+			inputBody:   `{"request":{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}}`,
+			wantLevel:   "minimal",
+			wantInclude: true,
+		},
+		{
+			name:        "flash-low-from-suffix-cli",
+			model:       "gemini-3-flash-preview",
+			metadata:    map[string]any{"reasoning_effort": "low"},
+			inputBody:   `{"request":{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}}`,
+			wantLevel:   "low",
+			wantInclude: true,
+		},
+		{
+			name:        "pro-low-from-suffix-cli",
+			model:       "gemini-3-pro-preview",
+			metadata:    map[string]any{"reasoning_effort": "low"},
+			inputBody:   `{"request":{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}}`,
+			wantLevel:   "low",
+			wantInclude: true,
+		},
+		{
+			name:         "no-metadata-no-change-cli",
+			model:        "gemini-3-flash-preview",
+			metadata:     nil,
+			inputBody:    `{"request":{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}}`,
+			wantNoChange: true,
+		},
+		{
+			name:         "non-gemini3-no-change-cli",
+			model:        "gemini-2.5-pro",
+			metadata:     map[string]any{"reasoning_effort": "high"},
+			inputBody:    `{"request":{"generationConfig":{"thinkingConfig":{"thinkingBudget":-1}}}}`,
+			wantNoChange: true,
+		},
+	}
+	for _, cs := range cases {
+		t.Run(cs.name, func(t *testing.T) {
+			input := []byte(cs.inputBody)
+			result := util.ApplyGemini3ThinkingLevelFromMetadataCLI(cs.model, cs.metadata, input)
+			if cs.wantNoChange {
+				if string(result) != cs.inputBody {
+					t.Fatalf("expected no change, but got: %s", string(result))
+				}
+				return
+			}
+			level := gjson.GetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel")
+			if !level.Exists() {
+				t.Fatalf("thinkingLevel not set in result: %s", string(result))
+			}
+			if level.String() != cs.wantLevel {
+				t.Fatalf("thinkingLevel = %q, want %q", level.String(), cs.wantLevel)
+			}
+			include := gjson.GetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts")
+			if cs.wantInclude && (!include.Exists() || !include.Bool()) {
+				t.Fatalf("includeThoughts should be true, got: %s", string(result))
+			}
+		})
+	}
+}
+func TestNormalizeGeminiThinkingBudget_Gemini3Conversion(t *testing.T) {
+	cleanup := registerGemini3Models(t)
+	defer cleanup()
+	cases := []struct {
+		name       string
+		model      string
+		inputBody  string
+		wantLevel  string
+		wantBudget bool // if true, expect thinkingBudget instead of thinkingLevel
+	}{
+		{
+			name:      "gemini3-flash-budget-to-level",
+			model:     "gemini-3-flash-preview",
+			inputBody: `{"generationConfig":{"thinkingConfig":{"thinkingBudget":8000}}}`,
+			wantLevel: "medium",
+		},
+		{
+			name:      "gemini3-pro-budget-to-level",
+			model:     "gemini-3-pro-preview",
+			inputBody: `{"generationConfig":{"thinkingConfig":{"thinkingBudget":20000}}}`,
+			wantLevel: "high",
+		},
+		{
+			name:       "gemini25-keeps-budget",
+			model:      "gemini-2.5-pro",
+			inputBody:  `{"generationConfig":{"thinkingConfig":{"thinkingBudget":8000}}}`,
+			wantBudget: true,
+		},
+	}
+	for _, cs := range cases {
+		t.Run(cs.name, func(t *testing.T) {
+			result := util.NormalizeGeminiThinkingBudget(cs.model, []byte(cs.inputBody))
+			if cs.wantBudget {
+				budget := gjson.GetBytes(result, "generationConfig.thinkingConfig.thinkingBudget")
+				if !budget.Exists() {
+					t.Fatalf("thinkingBudget should exist for non-Gemini3 model: %s", string(result))
+				}
+				level := gjson.GetBytes(result, "generationConfig.thinkingConfig.thinkingLevel")
+				if level.Exists() {
+					t.Fatalf("thinkingLevel should not exist for non-Gemini3 model: %s", string(result))
+				}
+			} else {
+				level := gjson.GetBytes(result, "generationConfig.thinkingConfig.thinkingLevel")
+				if !level.Exists() {
+					t.Fatalf("thinkingLevel should exist for Gemini3 model: %s", string(result))
+				}
+				if level.String() != cs.wantLevel {
+					t.Fatalf("thinkingLevel = %q, want %q", level.String(), cs.wantLevel)
+				}
+				budget := gjson.GetBytes(result, "generationConfig.thinkingConfig.thinkingBudget")
+				if budget.Exists() {
+					t.Fatalf("thinkingBudget should be removed for Gemini3 model: %s", string(result))
+				}
+			}
+		})
+	}
+}

test/model_alias_thinking_suffix_test.go ADDED Viewed

	@@ -0,0 +1,211 @@

+package test
+import (
+	"testing"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/runtime/executor"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
+	"github.com/tidwall/gjson"
+)
+// TestModelAliasThinkingSuffix tests the 32 test cases defined in docs/thinking_suffix_test_cases.md
+// These tests verify the thinking suffix parsing and application logic across different providers.
+func TestModelAliasThinkingSuffix(t *testing.T) {
+	tests := []struct {
+		id            int
+		name          string
+		provider      string
+		requestModel  string
+		suffixType    string
+		expectedField string // "thinkingBudget", "thinkingLevel", "budget_tokens", "reasoning_effort", "enable_thinking"
+		expectedValue any
+		upstreamModel string // The upstream model after alias resolution
+		isAlias       bool
+	}{
+		// === 1. Antigravity Provider ===
+		// 1.1 Budget-only models (Gemini 2.5)
+		{1, "antigravity_original_numeric", "antigravity", "gemini-2.5-computer-use-preview-10-2025(1000)", "numeric", "thinkingBudget", 1000, "gemini-2.5-computer-use-preview-10-2025", false},
+		{2, "antigravity_alias_numeric", "antigravity", "gp(1000)", "numeric", "thinkingBudget", 1000, "gemini-2.5-computer-use-preview-10-2025", true},
+		// 1.2 Budget+Levels models (Gemini 3)
+		{3, "antigravity_original_numeric_to_level", "antigravity", "gemini-3-flash-preview(1000)", "numeric", "thinkingLevel", "low", "gemini-3-flash-preview", false},
+		{4, "antigravity_original_level", "antigravity", "gemini-3-flash-preview(low)", "level", "thinkingLevel", "low", "gemini-3-flash-preview", false},
+		{5, "antigravity_alias_numeric_to_level", "antigravity", "gf(1000)", "numeric", "thinkingLevel", "low", "gemini-3-flash-preview", true},
+		{6, "antigravity_alias_level", "antigravity", "gf(low)", "level", "thinkingLevel", "low", "gemini-3-flash-preview", true},
+		// === 2. Gemini CLI Provider ===
+		// 2.1 Budget-only models
+		{7, "gemini_cli_original_numeric", "gemini-cli", "gemini-2.5-pro(8192)", "numeric", "thinkingBudget", 8192, "gemini-2.5-pro", false},
+		{8, "gemini_cli_alias_numeric", "gemini-cli", "g25p(8192)", "numeric", "thinkingBudget", 8192, "gemini-2.5-pro", true},
+		// 2.2 Budget+Levels models
+		{9, "gemini_cli_original_numeric_to_level", "gemini-cli", "gemini-3-flash-preview(1000)", "numeric", "thinkingLevel", "low", "gemini-3-flash-preview", false},
+		{10, "gemini_cli_original_level", "gemini-cli", "gemini-3-flash-preview(low)", "level", "thinkingLevel", "low", "gemini-3-flash-preview", false},
+		{11, "gemini_cli_alias_numeric_to_level", "gemini-cli", "gf(1000)", "numeric", "thinkingLevel", "low", "gemini-3-flash-preview", true},
+		{12, "gemini_cli_alias_level", "gemini-cli", "gf(low)", "level", "thinkingLevel", "low", "gemini-3-flash-preview", true},
+		// === 3. Vertex Provider ===
+		// 3.1 Budget-only models
+		{13, "vertex_original_numeric", "vertex", "gemini-2.5-pro(16384)", "numeric", "thinkingBudget", 16384, "gemini-2.5-pro", false},
+		{14, "vertex_alias_numeric", "vertex", "vg25p(16384)", "numeric", "thinkingBudget", 16384, "gemini-2.5-pro", true},
+		// 3.2 Budget+Levels models
+		{15, "vertex_original_numeric_to_level", "vertex", "gemini-3-flash-preview(1000)", "numeric", "thinkingLevel", "low", "gemini-3-flash-preview", false},
+		{16, "vertex_original_level", "vertex", "gemini-3-flash-preview(low)", "level", "thinkingLevel", "low", "gemini-3-flash-preview", false},
+		{17, "vertex_alias_numeric_to_level", "vertex", "vgf(1000)", "numeric", "thinkingLevel", "low", "gemini-3-flash-preview", true},
+		{18, "vertex_alias_level", "vertex", "vgf(low)", "level", "thinkingLevel", "low", "gemini-3-flash-preview", true},
+		// === 4. AI Studio Provider ===
+		// 4.1 Budget-only models
+		{19, "aistudio_original_numeric", "aistudio", "gemini-2.5-pro(12000)", "numeric", "thinkingBudget", 12000, "gemini-2.5-pro", false},
+		{20, "aistudio_alias_numeric", "aistudio", "ag25p(12000)", "numeric", "thinkingBudget", 12000, "gemini-2.5-pro", true},
+		// 4.2 Budget+Levels models
+		{21, "aistudio_original_numeric_to_level", "aistudio", "gemini-3-flash-preview(1000)", "numeric", "thinkingLevel", "low", "gemini-3-flash-preview", false},
+		{22, "aistudio_original_level", "aistudio", "gemini-3-flash-preview(low)", "level", "thinkingLevel", "low", "gemini-3-flash-preview", false},
+		{23, "aistudio_alias_numeric_to_level", "aistudio", "agf(1000)", "numeric", "thinkingLevel", "low", "gemini-3-flash-preview", true},
+		{24, "aistudio_alias_level", "aistudio", "agf(low)", "level", "thinkingLevel", "low", "gemini-3-flash-preview", true},
+		// === 5. Claude Provider ===
+		{25, "claude_original_numeric", "claude", "claude-sonnet-4-5-20250929(16384)", "numeric", "budget_tokens", 16384, "claude-sonnet-4-5-20250929", false},
+		{26, "claude_alias_numeric", "claude", "cs45(16384)", "numeric", "budget_tokens", 16384, "claude-sonnet-4-5-20250929", true},
+		// === 6. Codex Provider ===
+		{27, "codex_original_level", "codex", "gpt-5(high)", "level", "reasoning_effort", "high", "gpt-5", false},
+		{28, "codex_alias_level", "codex", "g5(high)", "level", "reasoning_effort", "high", "gpt-5", true},
+		// === 7. Qwen Provider ===
+		{29, "qwen_original_level", "qwen", "qwen3-coder-plus(high)", "level", "enable_thinking", true, "qwen3-coder-plus", false},
+		{30, "qwen_alias_level", "qwen", "qcp(high)", "level", "enable_thinking", true, "qwen3-coder-plus", true},
+		// === 8. iFlow Provider ===
+		{31, "iflow_original_level", "iflow", "glm-4.7(high)", "level", "reasoning_effort", "high", "glm-4.7", false},
+		{32, "iflow_alias_level", "iflow", "glm(high)", "level", "reasoning_effort", "high", "glm-4.7", true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Step 1: Parse model suffix (simulates SDK layer normalization)
+			// For "gp(1000)" -> requestedModel="gp", metadata={thinking_budget: 1000}
+			requestedModel, metadata := util.NormalizeThinkingModel(tt.requestModel)
+			// Verify suffix was parsed
+			if metadata == nil && (tt.suffixType == "numeric" || tt.suffixType == "level") {
+				t.Errorf("Case #%d: NormalizeThinkingModel(%q) metadata is nil", tt.id, tt.requestModel)
+				return
+			}
+			// Step 2: Simulate OAuth model mapping
+			// Real flow: applyOAuthModelMapping stores requestedModel (the alias) in metadata
+			if tt.isAlias {
+				if metadata == nil {
+					metadata = make(map[string]any)
+				}
+				metadata[util.ModelMappingOriginalModelMetadataKey] = requestedModel
+			}
+			// Step 3: Verify metadata extraction
+			switch tt.suffixType {
+			case "numeric":
+				budget, _, _, matched := util.ThinkingFromMetadata(metadata)
+				if !matched {
+					t.Errorf("Case #%d: ThinkingFromMetadata did not match", tt.id)
+					return
+				}
+				if budget == nil {
+					t.Errorf("Case #%d: expected budget in metadata", tt.id)
+					return
+				}
+				// For thinkingBudget/budget_tokens, verify the parsed budget value
+				if tt.expectedField == "thinkingBudget" || tt.expectedField == "budget_tokens" {
+					expectedBudget := tt.expectedValue.(int)
+					if *budget != expectedBudget {
+						t.Errorf("Case #%d: budget = %d, want %d", tt.id, *budget, expectedBudget)
+					}
+				}
+				// For thinkingLevel (Gemini 3), verify conversion from budget to level
+				if tt.expectedField == "thinkingLevel" {
+					level, ok := util.ThinkingBudgetToGemini3Level(tt.upstreamModel, *budget)
+					if !ok {
+						t.Errorf("Case #%d: ThinkingBudgetToGemini3Level failed", tt.id)
+						return
+					}
+					expectedLevel := tt.expectedValue.(string)
+					if level != expectedLevel {
+						t.Errorf("Case #%d: converted level = %q, want %q", tt.id, level, expectedLevel)
+					}
+				}
+			case "level":
+				_, _, effort, matched := util.ThinkingFromMetadata(metadata)
+				if !matched {
+					t.Errorf("Case #%d: ThinkingFromMetadata did not match", tt.id)
+					return
+				}
+				if effort == nil {
+					t.Errorf("Case #%d: expected effort in metadata", tt.id)
+					return
+				}
+				if tt.expectedField == "thinkingLevel" || tt.expectedField == "reasoning_effort" {
+					expectedEffort := tt.expectedValue.(string)
+					if *effort != expectedEffort {
+						t.Errorf("Case #%d: effort = %q, want %q", tt.id, *effort, expectedEffort)
+					}
+				}
+			}
+			// Step 4: Test Gemini-specific thinkingLevel conversion for Gemini 3 models
+			if tt.expectedField == "thinkingLevel" && util.IsGemini3Model(tt.upstreamModel) {
+				body := []byte(`{"request":{"contents":[]}}`)
+				// Build metadata simulating real OAuth flow:
+				// - requestedModel (alias like "gf") is stored in model_mapping_original_model
+				// - upstreamModel is passed as the model parameter
+				testMetadata := make(map[string]any)
+				if tt.isAlias {
+					// Real flow: applyOAuthModelMapping stores requestedModel (the alias)
+					testMetadata[util.ModelMappingOriginalModelMetadataKey] = requestedModel
+				}
+				// Copy parsed metadata (thinking_budget, reasoning_effort, etc.)
+				for k, v := range metadata {
+					testMetadata[k] = v
+				}
+				result := util.ApplyGemini3ThinkingLevelFromMetadataCLI(tt.upstreamModel, testMetadata, body)
+				levelVal := gjson.GetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel")
+				expectedLevel := tt.expectedValue.(string)
+				if !levelVal.Exists() {
+					t.Errorf("Case #%d: expected thinkingLevel in result", tt.id)
+				} else if levelVal.String() != expectedLevel {
+					t.Errorf("Case #%d: thinkingLevel = %q, want %q", tt.id, levelVal.String(), expectedLevel)
+				}
+			}
+			// Step 5: Test Gemini 2.5 thinkingBudget application using real ApplyThinkingMetadataCLI flow
+			if tt.expectedField == "thinkingBudget" && util.IsGemini25Model(tt.upstreamModel) {
+				body := []byte(`{"request":{"contents":[]}}`)
+				// Build metadata simulating real OAuth flow:
+				// - requestedModel (alias like "gp") is stored in model_mapping_original_model
+				// - upstreamModel is passed as the model parameter
+				testMetadata := make(map[string]any)
+				if tt.isAlias {
+					// Real flow: applyOAuthModelMapping stores requestedModel (the alias)
+					testMetadata[util.ModelMappingOriginalModelMetadataKey] = requestedModel
+				}
+				// Copy parsed metadata (thinking_budget, reasoning_effort, etc.)
+				for k, v := range metadata {
+					testMetadata[k] = v
+				}
+				// Use the exported ApplyThinkingMetadataCLI which includes the fallback logic
+				result := executor.ApplyThinkingMetadataCLI(body, testMetadata, tt.upstreamModel)
+				budgetVal := gjson.GetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget")
+				expectedBudget := tt.expectedValue.(int)
+				if !budgetVal.Exists() {
+					t.Errorf("Case #%d: expected thinkingBudget in result", tt.id)
+				} else if int(budgetVal.Int()) != expectedBudget {
+					t.Errorf("Case #%d: thinkingBudget = %d, want %d", tt.id, int(budgetVal.Int()), expectedBudget)
+				}
+			}
+		})
+	}
+}

test/thinking_conversion_test.go ADDED Viewed

	@@ -0,0 +1,798 @@

+package test
+import (
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+	_ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/runtime/executor"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
+	sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator"
+	"github.com/tidwall/gjson"
+	"github.com/tidwall/sjson"
+)
+// isOpenAICompatModel returns true if the model is configured as an OpenAI-compatible
+// model that should have reasoning effort passed through even if not in registry.
+// This simulates the allowCompat behavior from OpenAICompatExecutor.
+func isOpenAICompatModel(model string) bool {
+	return model == "openai-compat"
+}
+// registerCoreModels loads representative models across providers into the registry
+// so NormalizeThinkingBudget and level validation use real ranges.
+func registerCoreModels(t *testing.T) func() {
+	t.Helper()
+	reg := registry.GetGlobalRegistry()
+	uid := fmt.Sprintf("thinking-core-%d", time.Now().UnixNano())
+	reg.RegisterClient(uid+"-gemini", "gemini", registry.GetGeminiModels())
+	reg.RegisterClient(uid+"-claude", "claude", registry.GetClaudeModels())
+	reg.RegisterClient(uid+"-openai", "codex", registry.GetOpenAIModels())
+	reg.RegisterClient(uid+"-qwen", "qwen", registry.GetQwenModels())
+	// Custom openai-compatible model with forced thinking suffix passthrough.
+	// No Thinking field - simulates an external model added via openai-compat
+	// where the registry has no knowledge of its thinking capabilities.
+	// The allowCompat flag should preserve reasoning effort for such models.
+	customOpenAIModels := []*registry.ModelInfo{
+		{
+			ID:          "openai-compat",
+			Object:      "model",
+			Created:     1700000000,
+			OwnedBy:     "custom-provider",
+			Type:        "openai",
+			DisplayName: "OpenAI Compatible Model",
+			Description: "OpenAI-compatible model with forced thinking suffix support",
+		},
+	}
+	reg.RegisterClient(uid+"-custom-openai", "codex", customOpenAIModels)
+	return func() {
+		reg.UnregisterClient(uid + "-gemini")
+		reg.UnregisterClient(uid + "-claude")
+		reg.UnregisterClient(uid + "-openai")
+		reg.UnregisterClient(uid + "-qwen")
+		reg.UnregisterClient(uid + "-custom-openai")
+	}
+}
+var (
+	thinkingTestModels = []string{
+		"gpt-5",           // level-based thinking model
+		"gemini-2.5-pro",  // numeric-budget thinking model
+		"qwen3-code-plus", // no thinking support
+		"openai-compat",   // allowCompat=true (OpenAI-compatible channel)
+	}
+	thinkingTestFromProtocols = []string{"openai", "claude", "gemini", "openai-response"}
+	thinkingTestToProtocols   = []string{"gemini", "claude", "openai", "codex"}
+	// Numeric budgets and their level equivalents:
+	// -1 -> auto
+	// 0 -> none
+	// 1..1024 -> low
+	// 1025..8192 -> medium
+	// 8193..24576 -> high
+	// >24576 -> model highest level (right-most in Levels)
+	thinkingNumericSamples = []int{-1, 0, 1023, 1025, 8193, 64000}
+	// Levels and their numeric equivalents:
+	// auto -> -1
+	// none -> 0
+	// minimal -> 512
+	// low -> 1024
+	// medium -> 8192
+	// high -> 24576
+	// xhigh -> 32768
+	// invalid -> invalid (no mapping)
+	thinkingLevelSamples = []string{"auto", "none", "minimal", "low", "medium", "high", "xhigh", "invalid"}
+)
+func buildRawPayload(fromProtocol, modelWithSuffix string) []byte {
+	switch fromProtocol {
+	case "gemini":
+		return []byte(fmt.Sprintf(`{"model":"%s","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, modelWithSuffix))
+	case "openai-response":
+		return []byte(fmt.Sprintf(`{"model":"%s","input":[{"role":"user","content":[{"type":"text","text":"hi"}]}]}`, modelWithSuffix))
+	default: // openai / claude and other chat-style payloads
+		return []byte(fmt.Sprintf(`{"model":"%s","messages":[{"role":"user","content":"hi"}]}`, modelWithSuffix))
+	}
+}
+// normalizeCodexPayload mirrors codex_executor's reasoning + streaming tweaks.
+func normalizeCodexPayload(body []byte, upstreamModel string, allowCompat bool) ([]byte, error) {
+	body = executor.NormalizeThinkingConfig(body, upstreamModel, allowCompat)
+	if err := executor.ValidateThinkingConfig(body, upstreamModel); err != nil {
+		return body, err
+	}
+	body, _ = sjson.SetBytes(body, "model", upstreamModel)
+	body, _ = sjson.SetBytes(body, "stream", true)
+	body, _ = sjson.DeleteBytes(body, "previous_response_id")
+	return body, nil
+}
+// buildBodyForProtocol runs a minimal request through the same translation and
+// thinking pipeline used in executors for the given target protocol.
+func buildBodyForProtocol(t *testing.T, fromProtocol, toProtocol, modelWithSuffix string) ([]byte, error) {
+	t.Helper()
+	normalizedModel, metadata := util.NormalizeThinkingModel(modelWithSuffix)
+	upstreamModel := util.ResolveOriginalModel(normalizedModel, metadata)
+	raw := buildRawPayload(fromProtocol, modelWithSuffix)
+	stream := fromProtocol != toProtocol
+	body := sdktranslator.TranslateRequest(
+		sdktranslator.FromString(fromProtocol),
+		sdktranslator.FromString(toProtocol),
+		normalizedModel,
+		raw,
+		stream,
+	)
+	var err error
+	allowCompat := isOpenAICompatModel(normalizedModel)
+	switch toProtocol {
+	case "gemini":
+		body = executor.ApplyThinkingMetadata(body, metadata, normalizedModel)
+		body = util.ApplyDefaultThinkingIfNeeded(normalizedModel, body)
+		body = util.NormalizeGeminiThinkingBudget(normalizedModel, body)
+		body = util.StripThinkingConfigIfUnsupported(normalizedModel, body)
+	case "claude":
+		if budget, ok := util.ResolveClaudeThinkingConfig(normalizedModel, metadata); ok {
+			body = util.ApplyClaudeThinkingConfig(body, budget)
+		}
+	case "openai":
+		body = executor.ApplyReasoningEffortMetadata(body, metadata, normalizedModel, "reasoning_effort", allowCompat)
+		body = executor.NormalizeThinkingConfig(body, upstreamModel, allowCompat)
+		err = executor.ValidateThinkingConfig(body, upstreamModel)
+	case "codex": // OpenAI responses / codex
+		// Codex does not support allowCompat; always use false.
+		body = executor.ApplyReasoningEffortMetadata(body, metadata, normalizedModel, "reasoning.effort", false)
+		// Mirror CodexExecutor final normalization and model override so tests log the final body.
+		body, err = normalizeCodexPayload(body, upstreamModel, false)
+	default:
+	}
+	// Mirror executor behavior: final payload uses the upstream (base) model name.
+	if upstreamModel != "" {
+		body, _ = sjson.SetBytes(body, "model", upstreamModel)
+	}
+	// For tests we only keep model + thinking-related fields to avoid noise.
+	body = filterThinkingBody(toProtocol, body, upstreamModel, normalizedModel)
+	return body, err
+}
+// filterThinkingBody projects the translated payload down to only model and
+// thinking-related fields for the given target protocol.
+func filterThinkingBody(toProtocol string, body []byte, upstreamModel, normalizedModel string) []byte {
+	if len(body) == 0 {
+		return body
+	}
+	out := []byte(`{}`)
+	// Preserve model if present, otherwise fall back to upstream/normalized model.
+	if m := gjson.GetBytes(body, "model"); m.Exists() {
+		out, _ = sjson.SetBytes(out, "model", m.Value())
+	} else if upstreamModel != "" {
+		out, _ = sjson.SetBytes(out, "model", upstreamModel)
+	} else if normalizedModel != "" {
+		out, _ = sjson.SetBytes(out, "model", normalizedModel)
+	}
+	switch toProtocol {
+	case "gemini":
+		if tc := gjson.GetBytes(body, "generationConfig.thinkingConfig"); tc.Exists() {
+			out, _ = sjson.SetRawBytes(out, "generationConfig.thinkingConfig", []byte(tc.Raw))
+		}
+	case "claude":
+		if tcfg := gjson.GetBytes(body, "thinking"); tcfg.Exists() {
+			out, _ = sjson.SetRawBytes(out, "thinking", []byte(tcfg.Raw))
+		}
+	case "openai":
+		if re := gjson.GetBytes(body, "reasoning_effort"); re.Exists() {
+			out, _ = sjson.SetBytes(out, "reasoning_effort", re.Value())
+		}
+	case "codex":
+		if re := gjson.GetBytes(body, "reasoning.effort"); re.Exists() {
+			out, _ = sjson.SetBytes(out, "reasoning.effort", re.Value())
+		}
+	}
+	return out
+}
+func TestThinkingConversionsAcrossProtocolsAndModels(t *testing.T) {
+	cleanup := registerCoreModels(t)
+	defer cleanup()
+	type scenario struct {
+		name        string
+		modelSuffix string
+	}
+	numericName := func(budget int) string {
+		if budget < 0 {
+			return "numeric-neg1"
+		}
+		return fmt.Sprintf("numeric-%d", budget)
+	}
+	for _, model := range thinkingTestModels {
+		_ = registry.GetGlobalRegistry().GetModelInfo(model)
+		for _, from := range thinkingTestFromProtocols {
+			// Scenario selection follows protocol semantics:
+			// - OpenAI-style protocols (openai/openai-response) express thinking as levels.
+			// - Claude/Gemini-style protocols express thinking as numeric budgets.
+			cases := []scenario{
+				{name: "no-suffix", modelSuffix: model},
+			}
+			if from == "openai" || from == "openai-response" {
+				for _, lvl := range thinkingLevelSamples {
+					cases = append(cases, scenario{
+						name:        "level-" + lvl,
+						modelSuffix: fmt.Sprintf("%s(%s)", model, lvl),
+					})
+				}
+			} else { // claude or gemini
+				for _, budget := range thinkingNumericSamples {
+					budget := budget
+					cases = append(cases, scenario{
+						name:        numericName(budget),
+						modelSuffix: fmt.Sprintf("%s(%d)", model, budget),
+					})
+				}
+			}
+			for _, to := range thinkingTestToProtocols {
+				if from == to {
+					continue
+				}
+				t.Logf("─────────────────────────────────────────────────────────────────────────────────")
+				t.Logf("  %s -> %s | model: %s", from, to, model)
+				t.Logf("─────────────────────────────────────────────────────────────────────────────────")
+				for _, cs := range cases {
+					from := from
+					to := to
+					cs := cs
+					testName := fmt.Sprintf("%s->%s/%s/%s", from, to, model, cs.name)
+					t.Run(testName, func(t *testing.T) {
+						normalizedModel, metadata := util.NormalizeThinkingModel(cs.modelSuffix)
+						expectPresent, expectValue, expectErr := func() (bool, string, bool) {
+							switch to {
+							case "gemini":
+								budget, include, ok := util.ResolveThinkingConfigFromMetadata(normalizedModel, metadata)
+								if !ok || !util.ModelSupportsThinking(normalizedModel) {
+									return false, "", false
+								}
+								if include != nil && !*include {
+									return false, "", false
+								}
+								if budget == nil {
+									return false, "", false
+								}
+								norm := util.NormalizeThinkingBudget(normalizedModel, *budget)
+								return true, fmt.Sprintf("%d", norm), false
+							case "claude":
+								if !util.ModelSupportsThinking(normalizedModel) {
+									return false, "", false
+								}
+								budget, ok := util.ResolveClaudeThinkingConfig(normalizedModel, metadata)
+								if !ok || budget == nil {
+									return false, "", false
+								}
+								return true, fmt.Sprintf("%d", *budget), false
+							case "openai":
+								allowCompat := isOpenAICompatModel(normalizedModel)
+								if !util.ModelSupportsThinking(normalizedModel) && !allowCompat {
+									return false, "", false
+								}
+								// For allowCompat models, pass through effort directly without validation
+								if allowCompat {
+									effort, ok := util.ReasoningEffortFromMetadata(metadata)
+									if ok && strings.TrimSpace(effort) != "" {
+										return true, strings.ToLower(strings.TrimSpace(effort)), false
+									}
+									// Check numeric budget fallback for allowCompat
+									if budget, _, _, matched := util.ThinkingFromMetadata(metadata); matched && budget != nil {
+										if mapped, okMap := util.ThinkingBudgetToEffort(normalizedModel, *budget); okMap && mapped != "" {
+											return true, mapped, false
+										}
+									}
+									return false, "", false
+								}
+								if !util.ModelUsesThinkingLevels(normalizedModel) {
+									// Non-levels models don't support effort strings in openai
+									return false, "", false
+								}
+								effort, ok := util.ReasoningEffortFromMetadata(metadata)
+								if !ok || strings.TrimSpace(effort) == "" {
+									if budget, _, _, matched := util.ThinkingFromMetadata(metadata); matched && budget != nil {
+										if mapped, okMap := util.ThinkingBudgetToEffort(normalizedModel, *budget); okMap {
+											effort = mapped
+											ok = true
+										}
+									}
+								}
+								if !ok || strings.TrimSpace(effort) == "" {
+									return false, "", false
+								}
+								effort = strings.ToLower(strings.TrimSpace(effort))
+								if normalized, okLevel := util.NormalizeReasoningEffortLevel(normalizedModel, effort); okLevel {
+									return true, normalized, false
+								}
+								return false, "", true // validation would fail
+							case "codex":
+								// Codex does not support allowCompat; require thinking-capable level models.
+								if !util.ModelSupportsThinking(normalizedModel) || !util.ModelUsesThinkingLevels(normalizedModel) {
+									return false, "", false
+								}
+								effort, ok := util.ReasoningEffortFromMetadata(metadata)
+								if ok && strings.TrimSpace(effort) != "" {
+									effort = strings.ToLower(strings.TrimSpace(effort))
+									if normalized, okLevel := util.NormalizeReasoningEffortLevel(normalizedModel, effort); okLevel {
+										return true, normalized, false
+									}
+									return false, "", true
+								}
+								if budget, _, _, matched := util.ThinkingFromMetadata(metadata); matched && budget != nil {
+									if mapped, okMap := util.ThinkingBudgetToEffort(normalizedModel, *budget); okMap && mapped != "" {
+										mapped = strings.ToLower(strings.TrimSpace(mapped))
+										if normalized, okLevel := util.NormalizeReasoningEffortLevel(normalizedModel, mapped); okLevel {
+											return true, normalized, false
+										}
+										return false, "", true
+									}
+								}
+								if from != "openai-response" {
+									// Codex translators default reasoning.effort to "medium" when
+									// no explicit thinking suffix/metadata is provided.
+									return true, "medium", false
+								}
+								return false, "", false
+							default:
+								return false, "", false
+							}
+						}()
+						body, err := buildBodyForProtocol(t, from, to, cs.modelSuffix)
+						actualPresent, actualValue := func() (bool, string) {
+							path := ""
+							switch to {
+							case "gemini":
+								path = "generationConfig.thinkingConfig.thinkingBudget"
+							case "claude":
+								path = "thinking.budget_tokens"
+							case "openai":
+								path = "reasoning_effort"
+							case "codex":
+								path = "reasoning.effort"
+							}
+							if path == "" {
+								return false, ""
+							}
+							val := gjson.GetBytes(body, path)
+							if to == "codex" && !val.Exists() {
+								reasoning := gjson.GetBytes(body, "reasoning")
+								if reasoning.Exists() {
+									val = reasoning.Get("effort")
+								}
+							}
+							if !val.Exists() {
+								return false, ""
+							}
+							if val.Type == gjson.Number {
+								return true, fmt.Sprintf("%d", val.Int())
+							}
+							return true, val.String()
+						}()
+						t.Logf("from=%s to=%s model=%s suffix=%s present(expect=%v got=%v) value(expect=%s got=%s) err(expect=%v got=%v) body=%s",
+							from, to, model, cs.modelSuffix, expectPresent, actualPresent, expectValue, actualValue, expectErr, err != nil, string(body))
+						if expectErr {
+							if err == nil {
+								t.Fatalf("expected validation error but got none, body=%s", string(body))
+							}
+							return
+						}
+						if err != nil {
+							t.Fatalf("unexpected error: %v body=%s", err, string(body))
+						}
+						if expectPresent != actualPresent {
+							t.Fatalf("presence mismatch: expect %v got %v body=%s", expectPresent, actualPresent, string(body))
+						}
+						if expectPresent && expectValue != actualValue {
+							t.Fatalf("value mismatch: expect %s got %s body=%s", expectValue, actualValue, string(body))
+						}
+					})
+				}
+			}
+		}
+	}
+}
+// buildRawPayloadWithThinking creates a payload with thinking parameters already in the body.
+// This tests the path where thinking comes from the raw payload, not model suffix.
+func buildRawPayloadWithThinking(fromProtocol, model string, thinkingParam any) []byte {
+	switch fromProtocol {
+	case "gemini":
+		base := fmt.Sprintf(`{"model":"%s","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, model)
+		if budget, ok := thinkingParam.(int); ok {
+			base, _ = sjson.Set(base, "generationConfig.thinkingConfig.thinkingBudget", budget)
+		}
+		return []byte(base)
+	case "openai-response":
+		base := fmt.Sprintf(`{"model":"%s","input":[{"role":"user","content":[{"type":"text","text":"hi"}]}]}`, model)
+		if effort, ok := thinkingParam.(string); ok && effort != "" {
+			base, _ = sjson.Set(base, "reasoning.effort", effort)
+		}
+		return []byte(base)
+	case "openai":
+		base := fmt.Sprintf(`{"model":"%s","messages":[{"role":"user","content":"hi"}]}`, model)
+		if effort, ok := thinkingParam.(string); ok && effort != "" {
+			base, _ = sjson.Set(base, "reasoning_effort", effort)
+		}
+		return []byte(base)
+	case "claude":
+		base := fmt.Sprintf(`{"model":"%s","messages":[{"role":"user","content":"hi"}]}`, model)
+		if budget, ok := thinkingParam.(int); ok {
+			base, _ = sjson.Set(base, "thinking.type", "enabled")
+			base, _ = sjson.Set(base, "thinking.budget_tokens", budget)
+		}
+		return []byte(base)
+	default:
+		return []byte(fmt.Sprintf(`{"model":"%s","messages":[{"role":"user","content":"hi"}]}`, model))
+	}
+}
+// buildBodyForProtocolWithRawThinking translates payload with raw thinking params.
+func buildBodyForProtocolWithRawThinking(t *testing.T, fromProtocol, toProtocol, model string, thinkingParam any) ([]byte, error) {
+	t.Helper()
+	raw := buildRawPayloadWithThinking(fromProtocol, model, thinkingParam)
+	stream := fromProtocol != toProtocol
+	body := sdktranslator.TranslateRequest(
+		sdktranslator.FromString(fromProtocol),
+		sdktranslator.FromString(toProtocol),
+		model,
+		raw,
+		stream,
+	)
+	var err error
+	allowCompat := isOpenAICompatModel(model)
+	switch toProtocol {
+	case "gemini":
+		body = util.ApplyDefaultThinkingIfNeeded(model, body)
+		body = util.NormalizeGeminiThinkingBudget(model, body)
+		body = util.StripThinkingConfigIfUnsupported(model, body)
+	case "claude":
+		// For raw payload, Claude thinking is passed through by translator
+		// No additional processing needed as thinking is already in body
+	case "openai":
+		body = executor.NormalizeThinkingConfig(body, model, allowCompat)
+		err = executor.ValidateThinkingConfig(body, model)
+	case "codex":
+		// Codex does not support allowCompat; always use false.
+		body, err = normalizeCodexPayload(body, model, false)
+	}
+	body, _ = sjson.SetBytes(body, "model", model)
+	body = filterThinkingBody(toProtocol, body, model, model)
+	return body, err
+}
+func TestRawPayloadThinkingConversions(t *testing.T) {
+	cleanup := registerCoreModels(t)
+	defer cleanup()
+	type scenario struct {
+		name          string
+		thinkingParam any // int for budget, string for effort level
+	}
+	numericName := func(budget int) string {
+		if budget < 0 {
+			return "budget-neg1"
+		}
+		return fmt.Sprintf("budget-%d", budget)
+	}
+	for _, model := range thinkingTestModels {
+		supportsThinking := util.ModelSupportsThinking(model)
+		usesLevels := util.ModelUsesThinkingLevels(model)
+		allowCompat := isOpenAICompatModel(model)
+		for _, from := range thinkingTestFromProtocols {
+			var cases []scenario
+			switch from {
+			case "openai", "openai-response":
+				cases = []scenario{
+					{name: "no-thinking", thinkingParam: nil},
+				}
+				for _, lvl := range thinkingLevelSamples {
+					cases = append(cases, scenario{
+						name:          "effort-" + lvl,
+						thinkingParam: lvl,
+					})
+				}
+			case "gemini", "claude":
+				cases = []scenario{
+					{name: "no-thinking", thinkingParam: nil},
+				}
+				for _, budget := range thinkingNumericSamples {
+					budget := budget
+					cases = append(cases, scenario{
+						name:          numericName(budget),
+						thinkingParam: budget,
+					})
+				}
+			}
+			for _, to := range thinkingTestToProtocols {
+				if from == to {
+					continue
+				}
+				t.Logf("═══════════════════════════════════════════════════════════════════════════════")
+				t.Logf("  RAW PAYLOAD: %s -> %s | model: %s", from, to, model)
+				t.Logf("═══════════════════════════════════════════════════════════════════════════════")
+				for _, cs := range cases {
+					from := from
+					to := to
+					cs := cs
+					testName := fmt.Sprintf("raw/%s->%s/%s/%s", from, to, model, cs.name)
+					t.Run(testName, func(t *testing.T) {
+						expectPresent, expectValue, expectErr := func() (bool, string, bool) {
+							if cs.thinkingParam == nil {
+								if to == "codex" && from != "openai-response" && supportsThinking && usesLevels {
+									// Codex translators default reasoning.effort to "medium" for thinking-capable level models
+									return true, "medium", false
+								}
+								return false, "", false
+							}
+							switch to {
+							case "gemini":
+								if !supportsThinking || usesLevels {
+									return false, "", false
+								}
+								// Gemini expects numeric budget (only for non-level models)
+								if budget, ok := cs.thinkingParam.(int); ok {
+									norm := util.NormalizeThinkingBudget(model, budget)
+									return true, fmt.Sprintf("%d", norm), false
+								}
+								// Convert effort level to budget for non-level models only
+								if effort, ok := cs.thinkingParam.(string); ok && effort != "" {
+									// "none" disables thinking - no thinkingBudget in output
+									if strings.ToLower(effort) == "none" {
+										return false, "", false
+									}
+									if budget, okB := util.ThinkingEffortToBudget(model, effort); okB {
+										// ThinkingEffortToBudget already returns normalized budget
+										return true, fmt.Sprintf("%d", budget), false
+									}
+									// Invalid effort does not map to a budget
+									return false, "", false
+								}
+								return false, "", false
+							case "claude":
+								if !supportsThinking || usesLevels {
+									return false, "", false
+								}
+								// Claude expects numeric budget (only for non-level models)
+								if budget, ok := cs.thinkingParam.(int); ok && budget > 0 {
+									norm := util.NormalizeThinkingBudget(model, budget)
+									return true, fmt.Sprintf("%d", norm), false
+								}
+								// Convert effort level to budget for non-level models only
+								if effort, ok := cs.thinkingParam.(string); ok && effort != "" {
+									// "none" and "auto" don't produce budget_tokens
+									lower := strings.ToLower(effort)
+									if lower == "none" || lower == "auto" {
+										return false, "", false
+									}
+									if budget, okB := util.ThinkingEffortToBudget(model, effort); okB {
+										// ThinkingEffortToBudget already returns normalized budget
+										return true, fmt.Sprintf("%d", budget), false
+									}
+									// Invalid effort - claude sets thinking.type:enabled but no budget_tokens
+									return false, "", false
+								}
+								return false, "", false
+							case "openai":
+								if allowCompat {
+									if effort, ok := cs.thinkingParam.(string); ok && strings.TrimSpace(effort) != "" {
+										normalized := strings.ToLower(strings.TrimSpace(effort))
+										return true, normalized, false
+									}
+									if budget, ok := cs.thinkingParam.(int); ok {
+										if mapped, okM := util.ThinkingBudgetToEffort(model, budget); okM && mapped != "" {
+											return true, mapped, false
+										}
+									}
+									return false, "", false
+								}
+								if !supportsThinking || !usesLevels {
+									return false, "", false
+								}
+								if effort, ok := cs.thinkingParam.(string); ok && effort != "" {
+									if normalized, okN := util.NormalizeReasoningEffortLevel(model, effort); okN {
+										return true, normalized, false
+									}
+									return false, "", true // invalid level
+								}
+								if budget, ok := cs.thinkingParam.(int); ok {
+									if mapped, okM := util.ThinkingBudgetToEffort(model, budget); okM && mapped != "" {
+										// Check if the mapped effort is valid for this model
+										if _, validLevel := util.NormalizeReasoningEffortLevel(model, mapped); !validLevel {
+											return true, mapped, true // expect validation error
+										}
+										return true, mapped, false
+									}
+								}
+								return false, "", false
+							case "codex":
+								// Codex does not support allowCompat; require thinking-capable level models.
+								if !supportsThinking || !usesLevels {
+									return false, "", false
+								}
+								if effort, ok := cs.thinkingParam.(string); ok && effort != "" {
+									if normalized, okN := util.NormalizeReasoningEffortLevel(model, effort); okN {
+										return true, normalized, false
+									}
+									return false, "", true
+								}
+								if budget, ok := cs.thinkingParam.(int); ok {
+									if mapped, okM := util.ThinkingBudgetToEffort(model, budget); okM && mapped != "" {
+										// Check if the mapped effort is valid for this model
+										if _, validLevel := util.NormalizeReasoningEffortLevel(model, mapped); !validLevel {
+											return true, mapped, true // expect validation error
+										}
+										return true, mapped, false
+									}
+								}
+								if from != "openai-response" {
+									// Codex translators default reasoning.effort to "medium" for thinking-capable models
+									return true, "medium", false
+								}
+								return false, "", false
+							}
+							return false, "", false
+						}()
+						body, err := buildBodyForProtocolWithRawThinking(t, from, to, model, cs.thinkingParam)
+						actualPresent, actualValue := func() (bool, string) {
+							path := ""
+							switch to {
+							case "gemini":
+								path = "generationConfig.thinkingConfig.thinkingBudget"
+							case "claude":
+								path = "thinking.budget_tokens"
+							case "openai":
+								path = "reasoning_effort"
+							case "codex":
+								path = "reasoning.effort"
+							}
+							if path == "" {
+								return false, ""
+							}
+							val := gjson.GetBytes(body, path)
+							if to == "codex" && !val.Exists() {
+								reasoning := gjson.GetBytes(body, "reasoning")
+								if reasoning.Exists() {
+									val = reasoning.Get("effort")
+								}
+							}
+							if !val.Exists() {
+								return false, ""
+							}
+							if val.Type == gjson.Number {
+								return true, fmt.Sprintf("%d", val.Int())
+							}
+							return true, val.String()
+						}()
+						t.Logf("from=%s to=%s model=%s param=%v present(expect=%v got=%v) value(expect=%s got=%s) err(expect=%v got=%v) body=%s",
+							from, to, model, cs.thinkingParam, expectPresent, actualPresent, expectValue, actualValue, expectErr, err != nil, string(body))
+						if expectErr {
+							if err == nil {
+								t.Fatalf("expected validation error but got none, body=%s", string(body))
+							}
+							return
+						}
+						if err != nil {
+							t.Fatalf("unexpected error: %v body=%s", err, string(body))
+						}
+						if expectPresent != actualPresent {
+							t.Fatalf("presence mismatch: expect %v got %v body=%s", expectPresent, actualPresent, string(body))
+						}
+						if expectPresent && expectValue != actualValue {
+							t.Fatalf("value mismatch: expect %s got %s body=%s", expectValue, actualValue, string(body))
+						}
+					})
+				}
+			}
+		}
+	}
+}
+func TestThinkingBudgetToEffort(t *testing.T) {
+	cleanup := registerCoreModels(t)
+	defer cleanup()
+	cases := []struct {
+		name   string
+		model  string
+		budget int
+		want   string
+		ok     bool
+	}{
+		{name: "dynamic-auto", model: "gpt-5", budget: -1, want: "auto", ok: true},
+		{name: "zero-none", model: "gpt-5", budget: 0, want: "minimal", ok: true},
+		{name: "low-min", model: "gpt-5", budget: 1, want: "low", ok: true},
+		{name: "low-max", model: "gpt-5", budget: 1024, want: "low", ok: true},
+		{name: "medium-min", model: "gpt-5", budget: 1025, want: "medium", ok: true},
+		{name: "medium-max", model: "gpt-5", budget: 8192, want: "medium", ok: true},
+		{name: "high-min", model: "gpt-5", budget: 8193, want: "high", ok: true},
+		{name: "high-max", model: "gpt-5", budget: 24576, want: "high", ok: true},
+		{name: "over-max-clamps-to-highest", model: "gpt-5", budget: 64000, want: "high", ok: true},
+		{name: "over-max-xhigh-model", model: "gpt-5.2", budget: 64000, want: "xhigh", ok: true},
+		{name: "negative-unsupported", model: "gpt-5", budget: -5, want: "", ok: false},
+	}
+	for _, cs := range cases {
+		cs := cs
+		t.Run(cs.name, func(t *testing.T) {
+			got, ok := util.ThinkingBudgetToEffort(cs.model, cs.budget)
+			if ok != cs.ok {
+				t.Fatalf("ok mismatch for model=%s budget=%d: expect %v got %v", cs.model, cs.budget, cs.ok, ok)
+			}
+			if got != cs.want {
+				t.Fatalf("value mismatch for model=%s budget=%d: expect %q got %q", cs.model, cs.budget, cs.want, got)
+			}
+		})
+	}
+}
+func TestThinkingEffortToBudget(t *testing.T) {
+	cleanup := registerCoreModels(t)
+	defer cleanup()
+	cases := []struct {
+		name   string
+		model  string
+		effort string
+		want   int
+		ok     bool
+	}{
+		{name: "none", model: "gemini-2.5-pro", effort: "none", want: 0, ok: true},
+		{name: "auto", model: "gemini-2.5-pro", effort: "auto", want: -1, ok: true},
+		{name: "minimal", model: "gemini-2.5-pro", effort: "minimal", want: 512, ok: true},
+		{name: "low", model: "gemini-2.5-pro", effort: "low", want: 1024, ok: true},
+		{name: "medium", model: "gemini-2.5-pro", effort: "medium", want: 8192, ok: true},
+		{name: "high", model: "gemini-2.5-pro", effort: "high", want: 24576, ok: true},
+		{name: "xhigh", model: "gemini-2.5-pro", effort: "xhigh", want: 32768, ok: true},
+		{name: "empty-unsupported", model: "gemini-2.5-pro", effort: "", want: 0, ok: false},
+		{name: "invalid-unsupported", model: "gemini-2.5-pro", effort: "ultra", want: 0, ok: false},
+		{name: "case-insensitive", model: "gemini-2.5-pro", effort: "LOW", want: 1024, ok: true},
+		{name: "case-insensitive-medium", model: "gemini-2.5-pro", effort: "MEDIUM", want: 8192, ok: true},
+	}
+	for _, cs := range cases {
+		cs := cs
+		t.Run(cs.name, func(t *testing.T) {
+			got, ok := util.ThinkingEffortToBudget(cs.model, cs.effort)
+			if ok != cs.ok {
+				t.Fatalf("ok mismatch for model=%s effort=%s: expect %v got %v", cs.model, cs.effort, cs.ok, ok)
+			}
+			if got != cs.want {
+				t.Fatalf("value mismatch for model=%s effort=%s: expect %d got %d", cs.model, cs.effort, cs.want, got)
+			}
+		})
+	}
+}