src/services/claudeAccountService.js

const { v4: uuidv4 } = require('uuid')
const crypto = require('crypto')
const ProxyHelper = require('../utils/proxyHelper')
const axios = require('axios')
const redis = require('../models/redis')
const config = require('../../config/config')
const logger = require('../utils/logger')
const { maskToken } = require('../utils/tokenMask')
const {
  logRefreshStart,
  logRefreshSuccess,
  logRefreshError,
  logTokenUsage,
  logRefreshSkipped
} = require('../utils/tokenRefreshLogger')
const tokenRefreshService = require('./tokenRefreshService')
const LRUCache = require('../utils/lruCache')
const { formatDateWithTimezone, getISOStringWithTimezone } = require('../utils/dateHelper')

class ClaudeAccountService {
  constructor() {
    this.claudeApiUrl = 'https://console.anthropic.com/v1/oauth/token'
    this.claudeOauthClientId = '9d1c250a-e61b-44d9-88ed-5944d1962f5e'
    let maxWarnings = parseInt(process.env.CLAUDE_5H_WARNING_MAX_NOTIFICATIONS || '', 10)

    if (Number.isNaN(maxWarnings) && config.claude?.fiveHourWarning) {
      maxWarnings = parseInt(config.claude.fiveHourWarning.maxNotificationsPerWindow, 10)
    }

    if (Number.isNaN(maxWarnings) || maxWarnings < 1) {
      maxWarnings = 1
    }

    this.maxFiveHourWarningsPerWindow = Math.min(maxWarnings, 10)

    // 加密相关常量
    this.ENCRYPTION_ALGORITHM = 'aes-256-cbc'
    this.ENCRYPTION_SALT = 'salt'

    // 🚀 性能优化：缓存派生的加密密钥，避免每次重复计算
    // scryptSync 是 CPU 密集型操作，缓存可以减少 95%+ 的 CPU 占用
    this._encryptionKeyCache = null

    // 🔄 解密结果缓存，提高解密性能
    this._decryptCache = new LRUCache(500)

    // 🧹 定期清理缓存（每10分钟）
    setInterval(
      () => {
        this._decryptCache.cleanup()
        logger.info('🧹 Claude decrypt cache cleanup completed', this._decryptCache.getStats())
      },
      10 * 60 * 1000
    )
  }

  // 🏢 创建Claude账户
  async createAccount(options = {}) {
    const {
      name = 'Unnamed Account',
      description = '',
      email = '',
      password = '',
      refreshToken = '',
      claudeAiOauth = null, // Claude标准格式的OAuth数据
      proxy = null, // { type: 'socks5', host: 'localhost', port: 1080, username: '', password: '' }
      isActive = true,
      accountType = 'shared', // 'dedicated' or 'shared'
      platform = 'claude',
      priority = 50, // 调度优先级 (1-100，数字越小优先级越高)
      schedulable = true, // 是否可被调度
      subscriptionInfo = null, // 手动设置的订阅信息
      autoStopOnWarning = false, // 5小时使用量接近限制时自动停止调度
      useUnifiedUserAgent = false, // 是否使用统一Claude Code版本的User-Agent
      useUnifiedClientId = false, // 是否使用统一的客户端标识
      unifiedClientId = '', // 统一的客户端标识
      expiresAt = null // 账户订阅到期时间
    } = options

    const accountId = uuidv4()

    let accountData

    if (claudeAiOauth) {
      // 使用Claude标准格式的OAuth数据
      accountData = {
        id: accountId,
        name,
        description,
        email: this._encryptSensitiveData(email),
        password: this._encryptSensitiveData(password),
        claudeAiOauth: this._encryptSensitiveData(JSON.stringify(claudeAiOauth)),
        accessToken: this._encryptSensitiveData(claudeAiOauth.accessToken),
        refreshToken: this._encryptSensitiveData(claudeAiOauth.refreshToken),
        expiresAt: claudeAiOauth.expiresAt.toString(),
        scopes: claudeAiOauth.scopes.join(' '),
        proxy: proxy ? JSON.stringify(proxy) : '',
        isActive: isActive.toString(),
        accountType, // 账号类型：'dedicated' 或 'shared' 或 'group'
        platform,
        priority: priority.toString(), // 调度优先级
        createdAt: new Date().toISOString(),
        lastUsedAt: '',
        lastRefreshAt: '',
        status: 'active', // 有OAuth数据的账户直接设为active
        errorMessage: '',
        schedulable: schedulable.toString(), // 是否可被调度
        autoStopOnWarning: autoStopOnWarning.toString(), // 5小时使用量接近限制时自动停止调度
        useUnifiedUserAgent: useUnifiedUserAgent.toString(), // 是否使用统一Claude Code版本的User-Agent
        useUnifiedClientId: useUnifiedClientId.toString(), // 是否使用统一的客户端标识
        unifiedClientId: unifiedClientId || '', // 统一的客户端标识
        // 优先使用手动设置的订阅信息，否则使用OAuth数据中的，否则默认为空
        subscriptionInfo: subscriptionInfo
          ? JSON.stringify(subscriptionInfo)
          : claudeAiOauth.subscriptionInfo
            ? JSON.stringify(claudeAiOauth.subscriptionInfo)
            : '',
        // 账户订阅到期时间
        subscriptionExpiresAt: expiresAt || ''
      }
    } else {
      // 兼容旧格式
      accountData = {
        id: accountId,
        name,
        description,
        email: this._encryptSensitiveData(email),
        password: this._encryptSensitiveData(password),
        refreshToken: this._encryptSensitiveData(refreshToken),
        accessToken: '',
        expiresAt: '',
        scopes: '',
        proxy: proxy ? JSON.stringify(proxy) : '',
        isActive: isActive.toString(),
        accountType, // 账号类型：'dedicated' 或 'shared' 或 'group'
        platform,
        priority: priority.toString(), // 调度优先级
        createdAt: new Date().toISOString(),
        lastUsedAt: '',
        lastRefreshAt: '',
        status: 'created', // created, active, expired, error
        errorMessage: '',
        schedulable: schedulable.toString(), // 是否可被调度
        autoStopOnWarning: autoStopOnWarning.toString(), // 5小时使用量接近限制时自动停止调度
        useUnifiedUserAgent: useUnifiedUserAgent.toString(), // 是否使用统一Claude Code版本的User-Agent
        // 手动设置的订阅信息
        subscriptionInfo: subscriptionInfo ? JSON.stringify(subscriptionInfo) : '',
        // 账户订阅到期时间
        subscriptionExpiresAt: expiresAt || ''
      }
    }

    await redis.setClaudeAccount(accountId, accountData)

    logger.success(`🏢 Created Claude account: ${name} (${accountId})`)

    // 如果有 OAuth 数据和 accessToken，且包含 user:profile 权限，尝试获取 profile 信息
    if (claudeAiOauth && claudeAiOauth.accessToken) {
      // 检查是否有 user:profile 权限（标准 OAuth 有，Setup Token 没有）
      const hasProfileScope = claudeAiOauth.scopes && claudeAiOauth.scopes.includes('user:profile')

      if (hasProfileScope) {
        try {
          const agent = this._createProxyAgent(proxy)
          await this.fetchAndUpdateAccountProfile(accountId, claudeAiOauth.accessToken, agent)
          logger.info(`📊 Successfully fetched profile info for new account: ${name}`)
        } catch (profileError) {
          logger.warn(`⚠️ Failed to fetch profile info for new account: ${profileError.message}`)
        }
      } else {
        logger.info(`⏩ Skipping profile fetch for account ${name} (no user:profile scope)`)
      }
    }

    return {
      id: accountId,
      name,
      description,
      email,
      isActive,
      proxy,
      accountType,
      platform,
      priority,
      status: accountData.status,
      createdAt: accountData.createdAt,
      expiresAt: accountData.expiresAt,
      subscriptionExpiresAt:
        accountData.subscriptionExpiresAt && accountData.subscriptionExpiresAt !== ''
          ? accountData.subscriptionExpiresAt
          : null,
      scopes: claudeAiOauth ? claudeAiOauth.scopes : [],
      autoStopOnWarning,
      useUnifiedUserAgent,
      useUnifiedClientId,
      unifiedClientId
    }
  }

  // 🔄 刷新Claude账户token
  async refreshAccountToken(accountId) {
    let lockAcquired = false

    try {
      const accountData = await redis.getClaudeAccount(accountId)

      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      const refreshToken = this._decryptSensitiveData(accountData.refreshToken)

      if (!refreshToken) {
        throw new Error('No refresh token available - manual token update required')
      }

      // 尝试获取分布式锁
      lockAcquired = await tokenRefreshService.acquireRefreshLock(accountId, 'claude')

      if (!lockAcquired) {
        // 如果无法获取锁，说明另一个进程正在刷新
        logger.info(
          `🔒 Token refresh already in progress for account: ${accountData.name} (${accountId})`
        )
        logRefreshSkipped(accountId, accountData.name, 'claude', 'already_locked')

        // 等待一段时间后返回，期望其他进程已完成刷新
        await new Promise((resolve) => setTimeout(resolve, 2000))

        // 重新获取账户数据（可能已被其他进程刷新）
        const updatedData = await redis.getClaudeAccount(accountId)
        if (updatedData && updatedData.accessToken) {
          const accessToken = this._decryptSensitiveData(updatedData.accessToken)
          return {
            success: true,
            accessToken,
            expiresAt: updatedData.expiresAt
          }
        }

        throw new Error('Token refresh in progress by another process')
      }

      // 记录开始刷新
      logRefreshStart(accountId, accountData.name, 'claude', 'manual_refresh')
      logger.info(`🔄 Starting token refresh for account: ${accountData.name} (${accountId})`)

      // 创建代理agent
      const agent = this._createProxyAgent(accountData.proxy)

      const axiosConfig = {
        headers: {
          'Content-Type': 'application/json',
          Accept: 'application/json, text/plain, */*',
          'User-Agent': 'claude-cli/1.0.56 (external, cli)',
          'Accept-Language': 'en-US,en;q=0.9',
          Referer: 'https://claude.ai/',
          Origin: 'https://claude.ai'
        },
        timeout: 30000
      }

      if (agent) {
        axiosConfig.httpAgent = agent
        axiosConfig.httpsAgent = agent
        axiosConfig.proxy = false
      }

      const response = await axios.post(
        this.claudeApiUrl,
        {
          grant_type: 'refresh_token',
          refresh_token: refreshToken,
          client_id: this.claudeOauthClientId
        },
        axiosConfig
      )

      if (response.status === 200) {
        // 记录完整的响应数据到专门的认证详细日志
        logger.authDetail('Token refresh response', response.data)

        // 记录简化版本到主日志
        logger.info('📊 Token refresh response (analyzing for subscription info):', {
          status: response.status,
          hasData: !!response.data,
          dataKeys: response.data ? Object.keys(response.data) : []
        })

        const { access_token, refresh_token, expires_in } = response.data

        // 检查是否有套餐信息
        if (
          response.data.subscription ||
          response.data.plan ||
          response.data.tier ||
          response.data.account_type
        ) {
          const subscriptionInfo = {
            subscription: response.data.subscription,
            plan: response.data.plan,
            tier: response.data.tier,
            accountType: response.data.account_type,
            features: response.data.features,
            limits: response.data.limits
          }
          logger.info('🎯 Found subscription info in refresh response:', subscriptionInfo)

          // 将套餐信息存储在账户数据中
          accountData.subscriptionInfo = JSON.stringify(subscriptionInfo)
        }

        // 更新账户数据
        accountData.accessToken = this._encryptSensitiveData(access_token)
        accountData.refreshToken = this._encryptSensitiveData(refresh_token)
        accountData.expiresAt = (Date.now() + expires_in * 1000).toString()
        accountData.lastRefreshAt = new Date().toISOString()
        accountData.status = 'active'
        accountData.errorMessage = ''

        await redis.setClaudeAccount(accountId, accountData)

        // 刷新成功后，如果有 user:profile 权限，尝试获取账号 profile 信息
        // 检查账户的 scopes 是否包含 user:profile（标准 OAuth 有，Setup Token 没有）
        const hasProfileScope = accountData.scopes && accountData.scopes.includes('user:profile')

        if (hasProfileScope) {
          try {
            await this.fetchAndUpdateAccountProfile(accountId, access_token, agent)
          } catch (profileError) {
            logger.warn(`⚠️ Failed to fetch profile info after refresh: ${profileError.message}`)
          }
        } else {
          logger.debug(
            `⏩ Skipping profile fetch after refresh for account ${accountId} (no user:profile scope)`
          )
        }

        // 记录刷新成功
        logRefreshSuccess(accountId, accountData.name, 'claude', {
          accessToken: access_token,
          refreshToken: refresh_token,
          expiresAt: accountData.expiresAt,
          scopes: accountData.scopes
        })

        logger.success(
          `🔄 Refreshed token for account: ${accountData.name} (${accountId}) - Access Token: ${maskToken(access_token)}`
        )

        return {
          success: true,
          accessToken: access_token,
          expiresAt: accountData.expiresAt
        }
      } else {
        throw new Error(`Token refresh failed with status: ${response.status}`)
      }
    } catch (error) {
      // 记录刷新失败
      const accountData = await redis.getClaudeAccount(accountId)
      if (accountData) {
        logRefreshError(accountId, accountData.name, 'claude', error)
        accountData.status = 'error'
        accountData.errorMessage = error.message
        await redis.setClaudeAccount(accountId, accountData)

        // 发送Webhook通知
        try {
          const webhookNotifier = require('../utils/webhookNotifier')
          await webhookNotifier.sendAccountAnomalyNotification({
            accountId,
            accountName: accountData.name,
            platform: 'claude-oauth',
            status: 'error',
            errorCode: 'CLAUDE_OAUTH_ERROR',
            reason: `Token refresh failed: ${error.message}`
          })
        } catch (webhookError) {
          logger.error('Failed to send webhook notification:', webhookError)
        }
      }

      logger.error(`❌ Failed to refresh token for account ${accountId}:`, error)

      throw error
    } finally {
      // 释放锁
      if (lockAcquired) {
        await tokenRefreshService.releaseRefreshLock(accountId, 'claude')
      }
    }
  }

  // 🔍 获取账户信息
  async getAccount(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)

      if (!accountData || Object.keys(accountData).length === 0) {
        return null
      }

      return accountData
    } catch (error) {
      logger.error('❌ Failed to get Claude account:', error)
      return null
    }
  }

  // 🎯 获取有效的访问token
  async getValidAccessToken(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)

      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      if (accountData.isActive !== 'true') {
        throw new Error('Account is disabled')
      }

      // 检查token是否过期
      const expiresAt = parseInt(accountData.expiresAt)
      const now = Date.now()
      const isExpired = !expiresAt || now >= expiresAt - 60000 // 60秒提前刷新

      // 记录token使用情况
      logTokenUsage(accountId, accountData.name, 'claude', accountData.expiresAt, isExpired)

      if (isExpired) {
        logger.info(`🔄 Token expired/expiring for account ${accountId}, attempting refresh...`)
        try {
          const refreshResult = await this.refreshAccountToken(accountId)
          return refreshResult.accessToken
        } catch (refreshError) {
          logger.warn(`⚠️ Token refresh failed for account ${accountId}: ${refreshError.message}`)
          // 如果刷新失败，仍然尝试使用当前token（可能是手动添加的长期有效token）
          const currentToken = this._decryptSensitiveData(accountData.accessToken)
          if (currentToken) {
            logger.info(`🔄 Using current token for account ${accountId} (refresh failed)`)
            return currentToken
          }
          throw refreshError
        }
      }

      const accessToken = this._decryptSensitiveData(accountData.accessToken)

      if (!accessToken) {
        throw new Error('No access token available')
      }

      // 更新最后使用时间和会话窗口
      accountData.lastUsedAt = new Date().toISOString()
      await this.updateSessionWindow(accountId, accountData)
      await redis.setClaudeAccount(accountId, accountData)

      return accessToken
    } catch (error) {
      logger.error(`❌ Failed to get valid access token for account ${accountId}:`, error)
      throw error
    }
  }

  // 📋 获取所有Claude账户
  async getAllAccounts() {
    try {
      const accounts = await redis.getAllClaudeAccounts()

      // 处理返回数据，移除敏感信息并添加限流状态和会话窗口信息
      const processedAccounts = await Promise.all(
        accounts.map(async (account) => {
          // 获取限流状态信息
          const rateLimitInfo = await this.getAccountRateLimitInfo(account.id)

          // 获取会话窗口信息
          const sessionWindowInfo = await this.getSessionWindowInfo(account.id)

          // 构建 Claude Usage 快照（从 Redis 读取）
          const claudeUsage = this.buildClaudeUsageSnapshot(account)

          // 判断授权类型：检查 scopes 是否包含 OAuth 相关权限
          const scopes = account.scopes && account.scopes.trim() ? account.scopes.split(' ') : []
          const isOAuth = scopes.includes('user:profile') && scopes.includes('user:inference')
          const authType = isOAuth ? 'oauth' : 'setup-token'

          return {
            id: account.id,
            name: account.name,
            description: account.description,
            email: account.email ? this._maskEmail(this._decryptSensitiveData(account.email)) : '',
            isActive: account.isActive === 'true',
            proxy: account.proxy ? JSON.parse(account.proxy) : null,
            status: account.status,
            errorMessage: account.errorMessage,
            accountType: account.accountType || 'shared', // 兼容旧数据，默认为共享
            priority: parseInt(account.priority) || 50, // 兼容旧数据，默认优先级50
            platform: account.platform || 'claude', // 添加平台标识，用于前端区分
            authType, // OAuth 或 Setup Token
            createdAt: account.createdAt,
            lastUsedAt: account.lastUsedAt,
            lastRefreshAt: account.lastRefreshAt,
            expiresAt: account.expiresAt || null,
            subscriptionExpiresAt:
              account.subscriptionExpiresAt && account.subscriptionExpiresAt !== ''
                ? account.subscriptionExpiresAt
                : null,
            // 添加 scopes 字段用于判断认证方式
            // 处理空字符串的情况，避免返回 ['']
            scopes: account.scopes && account.scopes.trim() ? account.scopes.split(' ') : [],
            // 添加 refreshToken 是否存在的标记（不返回实际值）
            hasRefreshToken: !!account.refreshToken,
            // 添加套餐信息（如果存在）
            subscriptionInfo: account.subscriptionInfo
              ? JSON.parse(account.subscriptionInfo)
              : null,
            // 添加限流状态信息
            rateLimitStatus: rateLimitInfo
              ? {
                  isRateLimited: rateLimitInfo.isRateLimited,
                  rateLimitedAt: rateLimitInfo.rateLimitedAt,
                  minutesRemaining: rateLimitInfo.minutesRemaining
                }
              : null,
            // 添加会话窗口信息
            sessionWindow: sessionWindowInfo || {
              hasActiveWindow: false,
              windowStart: null,
              windowEnd: null,
              progress: 0,
              remainingTime: null,
              lastRequestTime: null
            },
            // 添加 Claude Usage 信息（三窗口）
            claudeUsage: claudeUsage || null,
            // 添加调度状态
            schedulable: account.schedulable !== 'false', // 默认为true，兼容历史数据
            // 添加自动停止调度设置
            autoStopOnWarning: account.autoStopOnWarning === 'true', // 默认为false
            // 添加5小时自动停止状态
            fiveHourAutoStopped: account.fiveHourAutoStopped === 'true',
            fiveHourStoppedAt: account.fiveHourStoppedAt || null,
            // 添加统一User-Agent设置
            useUnifiedUserAgent: account.useUnifiedUserAgent === 'true', // 默认为false
            // 添加统一客户端标识设置
            useUnifiedClientId: account.useUnifiedClientId === 'true', // 默认为false
            unifiedClientId: account.unifiedClientId || '', // 统一的客户端标识
            // 添加停止原因
            stoppedReason: account.stoppedReason || null
          }
        })
      )

      return processedAccounts
    } catch (error) {
      logger.error('❌ Failed to get Claude accounts:', error)
      throw error
    }
  }

  // 📋 获取单个账号的概要信息（用于前端展示会话窗口等状态）
  async getAccountOverview(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)

      if (!accountData || Object.keys(accountData).length === 0) {
        return null
      }

      const [sessionWindowInfo, rateLimitInfo] = await Promise.all([
        this.getSessionWindowInfo(accountId),
        this.getAccountRateLimitInfo(accountId)
      ])

      const sessionWindow = sessionWindowInfo || {
        hasActiveWindow: false,
        windowStart: null,
        windowEnd: null,
        progress: 0,
        remainingTime: null,
        lastRequestTime: accountData.lastRequestTime || null,
        sessionWindowStatus: accountData.sessionWindowStatus || null
      }

      const rateLimitStatus = rateLimitInfo
        ? {
            isRateLimited: !!rateLimitInfo.isRateLimited,
            rateLimitedAt: rateLimitInfo.rateLimitedAt || null,
            minutesRemaining: rateLimitInfo.minutesRemaining || 0,
            rateLimitEndAt: rateLimitInfo.rateLimitEndAt || null
          }
        : {
            isRateLimited: false,
            rateLimitedAt: null,
            minutesRemaining: 0,
            rateLimitEndAt: null
          }

      return {
        id: accountData.id,
        accountType: accountData.accountType || 'shared',
        platform: accountData.platform || 'claude',
        isActive: accountData.isActive === 'true',
        schedulable: accountData.schedulable !== 'false',
        sessionWindow,
        rateLimitStatus
      }
    } catch (error) {
      logger.error(`❌ Failed to build Claude account overview for ${accountId}:`, error)
      return null
    }
  }

  // 📝 更新Claude账户
  async updateAccount(accountId, updates) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)

      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      const allowedUpdates = [
        'name',
        'description',
        'email',
        'password',
        'refreshToken',
        'proxy',
        'isActive',
        'claudeAiOauth',
        'accountType',
        'priority',
        'schedulable',
        'subscriptionInfo',
        'autoStopOnWarning',
        'useUnifiedUserAgent',
        'useUnifiedClientId',
        'unifiedClientId',
        'subscriptionExpiresAt'
      ]
      const updatedData = { ...accountData }
      let shouldClearAutoStopFields = false

      // 检查是否新增了 refresh token
      const oldRefreshToken = this._decryptSensitiveData(accountData.refreshToken)

      for (const [field, value] of Object.entries(updates)) {
        if (allowedUpdates.includes(field)) {
          if (['email', 'password', 'refreshToken'].includes(field)) {
            updatedData[field] = this._encryptSensitiveData(value)
          } else if (field === 'proxy') {
            updatedData[field] = value ? JSON.stringify(value) : ''
          } else if (field === 'priority') {
            updatedData[field] = value.toString()
          } else if (field === 'subscriptionInfo') {
            // 处理订阅信息更新
            updatedData[field] = typeof value === 'string' ? value : JSON.stringify(value)
          } else if (field === 'subscriptionExpiresAt') {
            // 处理订阅到期时间，允许 null 值（永不过期）
            updatedData[field] = value ? value.toString() : ''
          } else if (field === 'claudeAiOauth') {
            // 更新 Claude AI OAuth 数据
            if (value) {
              updatedData.claudeAiOauth = this._encryptSensitiveData(JSON.stringify(value))
              updatedData.accessToken = this._encryptSensitiveData(value.accessToken)
              updatedData.refreshToken = this._encryptSensitiveData(value.refreshToken)
              updatedData.expiresAt = value.expiresAt.toString()
              updatedData.scopes = value.scopes.join(' ')
              updatedData.status = 'active'
              updatedData.errorMessage = ''
              updatedData.lastRefreshAt = new Date().toISOString()
            }
          } else {
            updatedData[field] = value !== null && value !== undefined ? value.toString() : ''
          }
        }
      }

      // 如果新增了 refresh token（之前没有，现在有了），更新过期时间为10分钟
      if (updates.refreshToken && !oldRefreshToken && updates.refreshToken.trim()) {
        const newExpiresAt = Date.now() + 10 * 60 * 1000 // 10分钟
        updatedData.expiresAt = newExpiresAt.toString()
        logger.info(
          `🔄 New refresh token added for account ${accountId}, setting expiry to 10 minutes`
        )
      }

      // 如果通过 claudeAiOauth 更新，也要检查是否新增了 refresh token
      if (updates.claudeAiOauth && updates.claudeAiOauth.refreshToken && !oldRefreshToken) {
        // 如果 expiresAt 设置的时间过长（超过1小时），调整为10分钟
        const providedExpiry = parseInt(updates.claudeAiOauth.expiresAt)
        const now = Date.now()
        const oneHour = 60 * 60 * 1000

        if (providedExpiry - now > oneHour) {
          const newExpiresAt = now + 10 * 60 * 1000 // 10分钟
          updatedData.expiresAt = newExpiresAt.toString()
          logger.info(
            `🔄 Adjusted expiry time to 10 minutes for account ${accountId} with refresh token`
          )
        }
      }

      updatedData.updatedAt = new Date().toISOString()

      // 如果是手动修改调度状态，清除所有自动停止相关的字段
      if (Object.prototype.hasOwnProperty.call(updates, 'schedulable')) {
        // 清除所有自动停止的标记，防止自动恢复
        delete updatedData.rateLimitAutoStopped
        delete updatedData.fiveHourAutoStopped
        delete updatedData.fiveHourStoppedAt
        delete updatedData.tempErrorAutoStopped
        // 兼容旧的标记（逐步迁移）
        delete updatedData.autoStoppedAt
        delete updatedData.stoppedReason
        shouldClearAutoStopFields = true

        await this._clearFiveHourWarningMetadata(accountId, updatedData)

        // 如果是手动启用调度，记录日志
        if (updates.schedulable === true || updates.schedulable === 'true') {
          logger.info(`✅ Manually enabled scheduling for account ${accountId}`)
        } else {
          logger.info(`⛔ Manually disabled scheduling for account ${accountId}`)
        }
      }

      // 检查是否手动禁用了账号，如果是则发送webhook通知
      if (updates.isActive === 'false' && accountData.isActive === 'true') {
        try {
          const webhookNotifier = require('../utils/webhookNotifier')
          await webhookNotifier.sendAccountAnomalyNotification({
            accountId,
            accountName: updatedData.name || 'Unknown Account',
            platform: 'claude-oauth',
            status: 'disabled',
            errorCode: 'CLAUDE_OAUTH_MANUALLY_DISABLED',
            reason: 'Account manually disabled by administrator'
          })
        } catch (webhookError) {
          logger.error(
            'Failed to send webhook notification for manual account disable:',
            webhookError
          )
        }
      }

      await redis.setClaudeAccount(accountId, updatedData)

      if (shouldClearAutoStopFields) {
        const fieldsToRemove = [
          'rateLimitAutoStopped',
          'fiveHourAutoStopped',
          'fiveHourStoppedAt',
          'tempErrorAutoStopped',
          'autoStoppedAt',
          'stoppedReason'
        ]
        await this._removeAccountFields(accountId, fieldsToRemove, 'manual_schedule_update')
      }

      logger.success(`📝 Updated Claude account: ${accountId}`)

      return { success: true }
    } catch (error) {
      logger.error('❌ Failed to update Claude account:', error)
      throw error
    }
  }

  // 🗑️ 删除Claude账户
  async deleteAccount(accountId) {
    try {
      // 首先从所有分组中移除此账户
      const accountGroupService = require('./accountGroupService')
      await accountGroupService.removeAccountFromAllGroups(accountId)

      const result = await redis.deleteClaudeAccount(accountId)

      if (result === 0) {
        throw new Error('Account not found')
      }

      logger.success(`🗑️ Deleted Claude account: ${accountId}`)

      return { success: true }
    } catch (error) {
      logger.error('❌ Failed to delete Claude account:', error)
      throw error
    }
  }

  /**
   * 检查账户订阅是否过期
   * @param {Object} account - 账户对象
   * @returns {boolean} - true: 已过期, false: 未过期
   */
  isSubscriptionExpired(account) {
    if (!account.subscriptionExpiresAt) {
      return false // 未设置过期时间，视为永不过期
    }

    const expiryDate = new Date(account.subscriptionExpiresAt)
    const now = new Date()

    if (expiryDate <= now) {
      logger.debug(
        `⏰ Account ${account.name} (${account.id}) expired at ${account.subscriptionExpiresAt}`
      )
      return true
    }

    return false
  }

  // 🎯 智能选择可用账户（支持sticky会话和模型过滤）
  async selectAvailableAccount(sessionHash = null, modelName = null) {
    try {
      const accounts = await redis.getAllClaudeAccounts()

      let activeAccounts = accounts.filter(
        (account) =>
          account.isActive === 'true' &&
          account.status !== 'error' &&
          account.schedulable !== 'false' &&
          !this.isSubscriptionExpired(account)
      )

      // 如果请求的是 Opus 模型，过滤掉 Pro 和 Free 账号
      if (modelName && modelName.toLowerCase().includes('opus')) {
        activeAccounts = activeAccounts.filter((account) => {
          // 检查账号的订阅信息
          if (account.subscriptionInfo) {
            try {
              const info = JSON.parse(account.subscriptionInfo)
              // Pro 和 Free 账号不支持 Opus
              if (info.hasClaudePro === true && info.hasClaudeMax !== true) {
                return false // Claude Pro 不支持 Opus
              }
              if (info.accountType === 'claude_pro' || info.accountType === 'claude_free') {
                return false // 明确标记为 Pro 或 Free 的账号不支持
              }
            } catch (e) {
              // 解析失败，假设为旧数据，默认支持（兼容旧数据为 Max）
              return true
            }
          }
          // 没有订阅信息的账号，默认当作支持（兼容旧数据）
          return true
        })

        if (activeAccounts.length === 0) {
          throw new Error('No Claude accounts available that support Opus model')
        }
      }

      if (activeAccounts.length === 0) {
        throw new Error('No active Claude accounts available')
      }

      // 如果有会话哈希，检查是否有已映射的账户
      if (sessionHash) {
        const mappedAccountId = await redis.getSessionAccountMapping(sessionHash)
        if (mappedAccountId) {
          // 验证映射的账户是否仍然可用
          const mappedAccount = activeAccounts.find((acc) => acc.id === mappedAccountId)
          if (mappedAccount) {
            // 🚀 智能会话续期：剩余时间少于14天时自动续期到15天
            await redis.extendSessionAccountMappingTTL(sessionHash)
            logger.info(
              `🎯 Using sticky session account: ${mappedAccount.name} (${mappedAccountId}) for session ${sessionHash}`
            )
            return mappedAccountId
          } else {
            logger.warn(
              `⚠️ Mapped account ${mappedAccountId} is no longer available, selecting new account`
            )
            // 清理无效的映射
            await redis.deleteSessionAccountMapping(sessionHash)
          }
        }
      }

      // 如果没有映射或映射无效，选择新账户
      // 优先选择最久未使用的账户（负载均衡）
      const sortedAccounts = activeAccounts.sort((a, b) => {
        const aLastUsed = new Date(a.lastUsedAt || 0).getTime()
        const bLastUsed = new Date(b.lastUsedAt || 0).getTime()
        return aLastUsed - bLastUsed // 最久未使用的优先
      })

      const selectedAccountId = sortedAccounts[0].id

      // 如果有会话哈希，建立新的映射
      if (sessionHash) {
        // 从配置获取TTL（小时），转换为秒
        const ttlSeconds = (config.session?.stickyTtlHours || 1) * 60 * 60
        await redis.setSessionAccountMapping(sessionHash, selectedAccountId, ttlSeconds)
        logger.info(
          `🎯 Created new sticky session mapping: ${sortedAccounts[0].name} (${selectedAccountId}) for session ${sessionHash}`
        )
      }

      return selectedAccountId
    } catch (error) {
      logger.error('❌ Failed to select available account:', error)
      throw error
    }
  }

  // 🎯 基于API Key选择账户（支持专属绑定、共享池和模型过滤）
  async selectAccountForApiKey(apiKeyData, sessionHash = null, modelName = null) {
    try {
      // 如果API Key绑定了专属账户，优先使用
      if (apiKeyData.claudeAccountId) {
        const boundAccount = await redis.getClaudeAccount(apiKeyData.claudeAccountId)
        if (
          boundAccount &&
          boundAccount.isActive === 'true' &&
          boundAccount.status !== 'error' &&
          boundAccount.schedulable !== 'false' &&
          !this.isSubscriptionExpired(boundAccount)
        ) {
          logger.info(
            `🎯 Using bound dedicated account: ${boundAccount.name} (${apiKeyData.claudeAccountId}) for API key ${apiKeyData.name}`
          )
          return apiKeyData.claudeAccountId
        } else {
          logger.warn(
            `⚠️ Bound account ${apiKeyData.claudeAccountId} is not available, falling back to shared pool`
          )
        }
      }

      // 如果没有绑定账户或绑定账户不可用，从共享池选择
      const accounts = await redis.getAllClaudeAccounts()

      let sharedAccounts = accounts.filter(
        (account) =>
          account.isActive === 'true' &&
          account.status !== 'error' &&
          account.schedulable !== 'false' &&
          (account.accountType === 'shared' || !account.accountType) && // 兼容旧数据
          !this.isSubscriptionExpired(account)
      )

      // 如果请求的是 Opus 模型，过滤掉 Pro 和 Free 账号
      if (modelName && modelName.toLowerCase().includes('opus')) {
        sharedAccounts = sharedAccounts.filter((account) => {
          // 检查账号的订阅信息
          if (account.subscriptionInfo) {
            try {
              const info = JSON.parse(account.subscriptionInfo)
              // Pro 和 Free 账号不支持 Opus
              if (info.hasClaudePro === true && info.hasClaudeMax !== true) {
                return false // Claude Pro 不支持 Opus
              }
              if (info.accountType === 'claude_pro' || info.accountType === 'claude_free') {
                return false // 明确标记为 Pro 或 Free 的账号不支持
              }
            } catch (e) {
              // 解析失败，假设为旧数据，默认支持（兼容旧数据为 Max）
              return true
            }
          }
          // 没有订阅信息的账号，默认当作支持（兼容旧数据）
          return true
        })

        if (sharedAccounts.length === 0) {
          throw new Error('No shared Claude accounts available that support Opus model')
        }
      }

      if (sharedAccounts.length === 0) {
        throw new Error('No active shared Claude accounts available')
      }

      // 如果有会话哈希，检查是否有已映射的账户
      if (sessionHash) {
        const mappedAccountId = await redis.getSessionAccountMapping(sessionHash)
        if (mappedAccountId) {
          // 验证映射的账户是否仍然在共享池中且可用
          const mappedAccount = sharedAccounts.find((acc) => acc.id === mappedAccountId)
          if (mappedAccount) {
            // 如果映射的账户被限流了，删除映射并重新选择
            const isRateLimited = await this.isAccountRateLimited(mappedAccountId)
            if (isRateLimited) {
              logger.warn(
                `⚠️ Mapped account ${mappedAccountId} is rate limited, selecting new account`
              )
              await redis.deleteSessionAccountMapping(sessionHash)
            } else {
              // 🚀 智能会话续期：剩余时间少于14天时自动续期到15天
              await redis.extendSessionAccountMappingTTL(sessionHash)
              logger.info(
                `🎯 Using sticky session shared account: ${mappedAccount.name} (${mappedAccountId}) for session ${sessionHash}`
              )
              return mappedAccountId
            }
          } else {
            logger.warn(
              `⚠️ Mapped shared account ${mappedAccountId} is no longer available, selecting new account`
            )
            // 清理无效的映射
            await redis.deleteSessionAccountMapping(sessionHash)
          }
        }
      }

      // 将账户分为限流和非限流两组
      const nonRateLimitedAccounts = []
      const rateLimitedAccounts = []

      for (const account of sharedAccounts) {
        const isRateLimited = await this.isAccountRateLimited(account.id)
        if (isRateLimited) {
          const rateLimitInfo = await this.getAccountRateLimitInfo(account.id)
          account._rateLimitInfo = rateLimitInfo // 临时存储限流信息
          rateLimitedAccounts.push(account)
        } else {
          nonRateLimitedAccounts.push(account)
        }
      }

      // 优先从非限流账户中选择
      let candidateAccounts = nonRateLimitedAccounts

      // 如果没有非限流账户，则从限流账户中选择（按限流时间排序，最早限流的优先）
      if (candidateAccounts.length === 0) {
        logger.warn('⚠️ All shared accounts are rate limited, selecting from rate limited pool')
        candidateAccounts = rateLimitedAccounts.sort((a, b) => {
          const aRateLimitedAt = new Date(a._rateLimitInfo.rateLimitedAt).getTime()
          const bRateLimitedAt = new Date(b._rateLimitInfo.rateLimitedAt).getTime()
          return aRateLimitedAt - bRateLimitedAt // 最早限流的优先
        })
      } else {
        // 非限流账户按最后使用时间排序（最久未使用的优先）
        candidateAccounts = candidateAccounts.sort((a, b) => {
          const aLastUsed = new Date(a.lastUsedAt || 0).getTime()
          const bLastUsed = new Date(b.lastUsedAt || 0).getTime()
          return aLastUsed - bLastUsed // 最久未使用的优先
        })
      }

      if (candidateAccounts.length === 0) {
        throw new Error('No available shared Claude accounts')
      }

      const selectedAccountId = candidateAccounts[0].id

      // 如果有会话哈希，建立新的映射
      if (sessionHash) {
        // 从配置获取TTL（小时），转换为秒
        const ttlSeconds = (config.session?.stickyTtlHours || 1) * 60 * 60
        await redis.setSessionAccountMapping(sessionHash, selectedAccountId, ttlSeconds)
        logger.info(
          `🎯 Created new sticky session mapping for shared account: ${candidateAccounts[0].name} (${selectedAccountId}) for session ${sessionHash}`
        )
      }

      logger.info(
        `🎯 Selected shared account: ${candidateAccounts[0].name} (${selectedAccountId}) for API key ${apiKeyData.name}`
      )
      return selectedAccountId
    } catch (error) {
      logger.error('❌ Failed to select account for API key:', error)
      throw error
    }
  }

  // 🌐 创建代理agent（使用统一的代理工具）
  _createProxyAgent(proxyConfig) {
    const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
    if (proxyAgent) {
      logger.info(
        `🌐 Using proxy for Claude request: ${ProxyHelper.getProxyDescription(proxyConfig)}`
      )
    } else if (proxyConfig) {
      logger.debug('🌐 Failed to create proxy agent for Claude')
    } else {
      logger.debug('🌐 No proxy configured for Claude request')
    }
    return proxyAgent
  }

  // 🔐 加密敏感数据
  _encryptSensitiveData(data) {
    if (!data) {
      return ''
    }

    try {
      const key = this._generateEncryptionKey()
      const iv = crypto.randomBytes(16)

      const cipher = crypto.createCipheriv(this.ENCRYPTION_ALGORITHM, key, iv)
      let encrypted = cipher.update(data, 'utf8', 'hex')
      encrypted += cipher.final('hex')

      // 将IV和加密数据一起返回，用:分隔
      return `${iv.toString('hex')}:${encrypted}`
    } catch (error) {
      logger.error('❌ Encryption error:', error)
      return data
    }
  }

  // 🔓 解密敏感数据
  _decryptSensitiveData(encryptedData) {
    if (!encryptedData) {
      return ''
    }

    // 🎯 检查缓存
    const cacheKey = crypto.createHash('sha256').update(encryptedData).digest('hex')
    const cached = this._decryptCache.get(cacheKey)
    if (cached !== undefined) {
      return cached
    }

    try {
      let decrypted = ''

      // 检查是否是新格式（包含IV）
      if (encryptedData.includes(':')) {
        // 新格式：iv:encryptedData
        const parts = encryptedData.split(':')
        if (parts.length === 2) {
          const key = this._generateEncryptionKey()
          const iv = Buffer.from(parts[0], 'hex')
          const encrypted = parts[1]

          const decipher = crypto.createDecipheriv(this.ENCRYPTION_ALGORITHM, key, iv)
          decrypted = decipher.update(encrypted, 'hex', 'utf8')
          decrypted += decipher.final('utf8')

          // 💾 存入缓存（5分钟过期）
          this._decryptCache.set(cacheKey, decrypted, 5 * 60 * 1000)

          // 📊 定期打印缓存统计
          if ((this._decryptCache.hits + this._decryptCache.misses) % 1000 === 0) {
            this._decryptCache.printStats()
          }

          return decrypted
        }
      }

      // 旧格式或格式错误，尝试旧方式解密（向后兼容）
      // 注意：在新版本Node.js中这将失败，但我们会捕获错误
      try {
        const decipher = crypto.createDecipher('aes-256-cbc', config.security.encryptionKey)
        decrypted = decipher.update(encryptedData, 'hex', 'utf8')
        decrypted += decipher.final('utf8')

        // 💾 旧格式也存入缓存
        this._decryptCache.set(cacheKey, decrypted, 5 * 60 * 1000)

        return decrypted
      } catch (oldError) {
        // 如果旧方式也失败，返回原数据
        logger.warn('⚠️ Could not decrypt data, returning as-is:', oldError.message)
        return encryptedData
      }
    } catch (error) {
      logger.error('❌ Decryption error:', error)
      return encryptedData
    }
  }

  // 🔑 生成加密密钥（辅助方法）
  _generateEncryptionKey() {
    // 性能优化：缓存密钥派生结果，避免重复的 CPU 密集计算
    // scryptSync 是故意设计为慢速的密钥派生函数（防暴力破解）
    // 但在高并发场景下，每次都重新计算会导致 CPU 100% 占用
    if (!this._encryptionKeyCache) {
      // 只在第一次调用时计算，后续使用缓存
      // 由于输入参数固定，派生结果永远相同，不影响数据兼容性
      this._encryptionKeyCache = crypto.scryptSync(
        config.security.encryptionKey,
        this.ENCRYPTION_SALT,
        32
      )
      logger.info('🔑 Encryption key derived and cached for performance optimization')
    }
    return this._encryptionKeyCache
  }

  // 🎭 掩码邮箱地址
  _maskEmail(email) {
    if (!email || !email.includes('@')) {
      return email
    }

    const [username, domain] = email.split('@')
    const maskedUsername =
      username.length > 2
        ? `${username.slice(0, 2)}***${username.slice(-1)}`
        : `${username.slice(0, 1)}***`

    return `${maskedUsername}@${domain}`
  }

  // 🔢 安全转换为数字或null
  _toNumberOrNull(value) {
    if (value === undefined || value === null || value === '') {
      return null
    }

    const num = Number(value)
    return Number.isFinite(num) ? num : null
  }

  // 🧹 清理错误账户
  async cleanupErrorAccounts() {
    try {
      const accounts = await redis.getAllClaudeAccounts()
      let cleanedCount = 0

      for (const account of accounts) {
        if (account.status === 'error' && account.lastRefreshAt) {
          const lastRefresh = new Date(account.lastRefreshAt)
          const now = new Date()
          const hoursSinceLastRefresh = (now - lastRefresh) / (1000 * 60 * 60)

          // 如果错误状态超过24小时，尝试重新激活
          if (hoursSinceLastRefresh > 24) {
            account.status = 'created'
            account.errorMessage = ''
            await redis.setClaudeAccount(account.id, account)
            cleanedCount++
          }
        }
      }

      if (cleanedCount > 0) {
        logger.success(`🧹 Reset ${cleanedCount} error accounts`)
      }

      return cleanedCount
    } catch (error) {
      logger.error('❌ Failed to cleanup error accounts:', error)
      return 0
    }
  }

  // 🚫 标记账号为限流状态
  async markAccountRateLimited(accountId, sessionHash = null, rateLimitResetTimestamp = null) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      // 设置限流状态和时间
      const updatedAccountData = { ...accountData }
      updatedAccountData.rateLimitedAt = new Date().toISOString()
      updatedAccountData.rateLimitStatus = 'limited'
      // 限流时停止调度，与 OpenAI 账号保持一致
      updatedAccountData.schedulable = 'false'
      // 使用独立的限流自动停止标记，避免与其他自动停止冲突
      updatedAccountData.rateLimitAutoStopped = 'true'

      // 如果提供了准确的限流重置时间戳（来自API响应头）
      if (rateLimitResetTimestamp) {
        // 将Unix时间戳（秒）转换为毫秒并创建Date对象
        const resetTime = new Date(rateLimitResetTimestamp * 1000)
        updatedAccountData.rateLimitEndAt = resetTime.toISOString()

        // 计算当前会话窗口的开始时间（重置时间减去5小时）
        const windowStartTime = new Date(resetTime.getTime() - 5 * 60 * 60 * 1000)
        updatedAccountData.sessionWindowStart = windowStartTime.toISOString()
        updatedAccountData.sessionWindowEnd = resetTime.toISOString()

        const now = new Date()
        const minutesUntilEnd = Math.ceil((resetTime - now) / (1000 * 60))
        logger.warn(
          `🚫 Account marked as rate limited with accurate reset time: ${accountData.name} (${accountId}) - ${minutesUntilEnd} minutes remaining until ${resetTime.toISOString()}`
        )
      } else {
        // 获取或创建会话窗口（预估方式）
        const windowData = await this.updateSessionWindow(accountId, updatedAccountData)
        Object.assign(updatedAccountData, windowData)

        // 限流结束时间 = 会话窗口结束时间
        if (updatedAccountData.sessionWindowEnd) {
          updatedAccountData.rateLimitEndAt = updatedAccountData.sessionWindowEnd
          const windowEnd = new Date(updatedAccountData.sessionWindowEnd)
          const now = new Date()
          const minutesUntilEnd = Math.ceil((windowEnd - now) / (1000 * 60))
          logger.warn(
            `🚫 Account marked as rate limited until estimated session window ends: ${accountData.name} (${accountId}) - ${minutesUntilEnd} minutes remaining`
          )
        } else {
          // 如果没有会话窗口，使用默认1小时（兼容旧逻辑）
          const oneHourLater = new Date(Date.now() + 60 * 60 * 1000)
          updatedAccountData.rateLimitEndAt = oneHourLater.toISOString()
          logger.warn(
            `🚫 Account marked as rate limited (1 hour default): ${accountData.name} (${accountId})`
          )
        }
      }

      await redis.setClaudeAccount(accountId, updatedAccountData)

      // 如果有会话哈希，删除粘性会话映射
      if (sessionHash) {
        await redis.deleteSessionAccountMapping(sessionHash)
        logger.info(`🗑️ Deleted sticky session mapping for rate limited account: ${accountId}`)
      }

      // 发送Webhook通知
      try {
        const webhookNotifier = require('../utils/webhookNotifier')
        await webhookNotifier.sendAccountAnomalyNotification({
          accountId,
          accountName: accountData.name || 'Claude Account',
          platform: 'claude-oauth',
          status: 'error',
          errorCode: 'CLAUDE_OAUTH_RATE_LIMITED',
          reason: `Account rate limited (429 error). ${rateLimitResetTimestamp ? `Reset at: ${formatDateWithTimezone(rateLimitResetTimestamp)}` : 'Estimated reset in 1-5 hours'}`,
          timestamp: getISOStringWithTimezone(new Date())
        })
      } catch (webhookError) {
        logger.error('Failed to send rate limit webhook notification:', webhookError)
      }

      return { success: true }
    } catch (error) {
      logger.error(`❌ Failed to mark account as rate limited: ${accountId}`, error)
      throw error
    }
  }

  // 🚫 标记账号的 Opus 限流状态（不影响其他模型调度）
  async markAccountOpusRateLimited(accountId, rateLimitResetTimestamp = null) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      const updatedAccountData = { ...accountData }
      const now = new Date()
      updatedAccountData.opusRateLimitedAt = now.toISOString()

      if (rateLimitResetTimestamp) {
        const resetTime = new Date(rateLimitResetTimestamp * 1000)
        updatedAccountData.opusRateLimitEndAt = resetTime.toISOString()
        logger.warn(
          `🚫 Account ${accountData.name} (${accountId}) reached Opus weekly cap, resets at ${resetTime.toISOString()}`
        )
      } else {
        // 如果缺少准确时间戳，保留现有值但记录警告，便于后续人工干预
        logger.warn(
          `⚠️ Account ${accountData.name} (${accountId}) reported Opus limit without reset timestamp`
        )
      }

      await redis.setClaudeAccount(accountId, updatedAccountData)
      return { success: true }
    } catch (error) {
      logger.error(`❌ Failed to mark Opus rate limit for account: ${accountId}`, error)
      throw error
    }
  }

  // ✅ 清除账号的 Opus 限流状态
  async clearAccountOpusRateLimit(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        return { success: true }
      }

      const updatedAccountData = { ...accountData }
      delete updatedAccountData.opusRateLimitedAt
      delete updatedAccountData.opusRateLimitEndAt

      await redis.setClaudeAccount(accountId, updatedAccountData)

      const redisKey = `claude:account:${accountId}`
      if (redis.client && typeof redis.client.hdel === 'function') {
        await redis.client.hdel(redisKey, 'opusRateLimitedAt', 'opusRateLimitEndAt')
      }

      logger.info(`✅ Cleared Opus rate limit state for account ${accountId}`)
      return { success: true }
    } catch (error) {
      logger.error(`❌ Failed to clear Opus rate limit for account: ${accountId}`, error)
      throw error
    }
  }

  // 🔍 检查账号是否处于 Opus 限流状态（自动清理过期标记）
  async isAccountOpusRateLimited(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        return false
      }

      if (!accountData.opusRateLimitEndAt) {
        return false
      }

      const resetTime = new Date(accountData.opusRateLimitEndAt)
      if (Number.isNaN(resetTime.getTime())) {
        await this.clearAccountOpusRateLimit(accountId)
        return false
      }

      const now = new Date()
      if (now >= resetTime) {
        await this.clearAccountOpusRateLimit(accountId)
        return false
      }

      return true
    } catch (error) {
      logger.error(`❌ Failed to check Opus rate limit status for account: ${accountId}`, error)
      return false
    }
  }

  // ♻️ 检查并清理已过期的 Opus 限流标记
  async clearExpiredOpusRateLimit(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        return { success: true }
      }

      if (!accountData.opusRateLimitEndAt) {
        return { success: true }
      }

      const resetTime = new Date(accountData.opusRateLimitEndAt)
      if (Number.isNaN(resetTime.getTime()) || new Date() >= resetTime) {
        await this.clearAccountOpusRateLimit(accountId)
      }

      return { success: true }
    } catch (error) {
      logger.error(`❌ Failed to clear expired Opus rate limit for account: ${accountId}`, error)
      throw error
    }
  }

  // ✅ 移除账号的限流状态
  async removeAccountRateLimit(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      const accountKey = `claude:account:${accountId}`

      // 清除限流状态
      const redisKey = `claude:account:${accountId}`
      await redis.client.hdel(redisKey, 'rateLimitedAt', 'rateLimitStatus', 'rateLimitEndAt')
      delete accountData.rateLimitedAt
      delete accountData.rateLimitStatus
      delete accountData.rateLimitEndAt // 清除限流结束时间

      const hadAutoStop = accountData.rateLimitAutoStopped === 'true'

      // 只恢复因限流而自动停止的账户
      if (hadAutoStop && accountData.schedulable === 'false') {
        accountData.schedulable = 'true'
        logger.info(`✅ Auto-resuming scheduling for account ${accountId} after rate limit cleared`)
        logger.info(
          `📊 Account ${accountId} state after recovery: schedulable=${accountData.schedulable}`
        )
      } else {
        logger.info(
          `ℹ️ Account ${accountId} did not need auto-resume: autoStopped=${accountData.rateLimitAutoStopped}, schedulable=${accountData.schedulable}`
        )
      }

      if (hadAutoStop) {
        await redis.client.hdel(redisKey, 'rateLimitAutoStopped')
        delete accountData.rateLimitAutoStopped
      }
      await redis.setClaudeAccount(accountId, accountData)

      // 显式删除Redis中的限流字段，避免旧标记阻止账号恢复调度
      await redis.client.hdel(
        accountKey,
        'rateLimitedAt',
        'rateLimitStatus',
        'rateLimitEndAt',
        'rateLimitAutoStopped'
      )

      logger.success(`✅ Rate limit removed for account: ${accountData.name} (${accountId})`)

      return { success: true }
    } catch (error) {
      logger.error(`❌ Failed to remove rate limit for account: ${accountId}`, error)
      throw error
    }
  }

  // 🔍 检查账号是否处于限流状态
  async isAccountRateLimited(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        return false
      }

      const now = new Date()

      // 检查是否有限流状态（包括字段缺失但有自动停止标记的情况）
      if (
        (accountData.rateLimitStatus === 'limited' && accountData.rateLimitedAt) ||
        (accountData.rateLimitAutoStopped === 'true' && accountData.rateLimitEndAt)
      ) {
        // 优先使用 rateLimitEndAt（基于会话窗口）
        if (accountData.rateLimitEndAt) {
          const rateLimitEndAt = new Date(accountData.rateLimitEndAt)

          // 如果当前时间超过限流结束时间，自动解除
          if (now >= rateLimitEndAt) {
            await this.removeAccountRateLimit(accountId)
            return false
          }

          return true
        } else if (accountData.rateLimitedAt) {
          // 兼容旧数据：使用1小时限流
          const rateLimitedAt = new Date(accountData.rateLimitedAt)
          const hoursSinceRateLimit = (now - rateLimitedAt) / (1000 * 60 * 60)

          // 如果限流超过1小时，自动解除
          if (hoursSinceRateLimit >= 1) {
            await this.removeAccountRateLimit(accountId)
            return false
          }

          return true
        }
      }

      return false
    } catch (error) {
      logger.error(`❌ Failed to check rate limit status for account: ${accountId}`, error)
      return false
    }
  }

  // 📊 获取账号的限流信息
  async getAccountRateLimitInfo(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        return null
      }

      if (accountData.rateLimitStatus === 'limited' && accountData.rateLimitedAt) {
        const rateLimitedAt = new Date(accountData.rateLimitedAt)
        const now = new Date()
        const minutesSinceRateLimit = Math.floor((now - rateLimitedAt) / (1000 * 60))

        let minutesRemaining
        let rateLimitEndAt

        // 优先使用 rateLimitEndAt（基于会话窗口）
        if (accountData.rateLimitEndAt) {
          ;({ rateLimitEndAt } = accountData)
          const endTime = new Date(accountData.rateLimitEndAt)
          minutesRemaining = Math.max(0, Math.ceil((endTime - now) / (1000 * 60)))
        } else {
          // 兼容旧数据：使用1小时限流
          minutesRemaining = Math.max(0, 60 - minutesSinceRateLimit)
          // 计算预期的结束时间
          const endTime = new Date(rateLimitedAt.getTime() + 60 * 60 * 1000)
          rateLimitEndAt = endTime.toISOString()
        }

        return {
          isRateLimited: minutesRemaining > 0,
          rateLimitedAt: accountData.rateLimitedAt,
          minutesSinceRateLimit,
          minutesRemaining,
          rateLimitEndAt // 新增：限流结束时间
        }
      }

      return {
        isRateLimited: false,
        rateLimitedAt: null,
        minutesSinceRateLimit: 0,
        minutesRemaining: 0,
        rateLimitEndAt: null
      }
    } catch (error) {
      logger.error(`❌ Failed to get rate limit info for account: ${accountId}`, error)
      return null
    }
  }

  // 🕐 更新会话窗口
  async updateSessionWindow(accountId, accountData = null) {
    try {
      // 如果没有传入accountData，从Redis获取
      if (!accountData) {
        accountData = await redis.getClaudeAccount(accountId)
        if (!accountData || Object.keys(accountData).length === 0) {
          throw new Error('Account not found')
        }
      }

      const now = new Date()
      const currentTime = now.getTime()

      let shouldClearSessionStatus = false
      let shouldClearFiveHourFlags = false

      // 检查当前是否有活跃的会话窗口
      if (accountData.sessionWindowStart && accountData.sessionWindowEnd) {
        const windowEnd = new Date(accountData.sessionWindowEnd).getTime()

        // 如果当前时间在窗口内，只更新最后请求时间
        if (currentTime < windowEnd) {
          accountData.lastRequestTime = now.toISOString()
          return accountData
        }

        // 窗口已过期，记录日志
        const windowStart = new Date(accountData.sessionWindowStart)
        logger.info(
          `⏰ Session window expired for account ${accountData.name} (${accountId}): ${windowStart.toISOString()} - ${new Date(windowEnd).toISOString()}`
        )
      }

      // 基于当前时间计算新的会话窗口
      const windowStart = this._calculateSessionWindowStart(now)
      const windowEnd = this._calculateSessionWindowEnd(windowStart)

      // 更新会话窗口信息
      accountData.sessionWindowStart = windowStart.toISOString()
      accountData.sessionWindowEnd = windowEnd.toISOString()
      accountData.lastRequestTime = now.toISOString()

      // 清除会话窗口状态，因为进入了新窗口
      if (accountData.sessionWindowStatus) {
        delete accountData.sessionWindowStatus
        delete accountData.sessionWindowStatusUpdatedAt
        await this._clearFiveHourWarningMetadata(accountId, accountData)
        shouldClearSessionStatus = true
      }

      // 如果账户因为5小时限制被自动停止，现在恢复调度
      if (accountData.fiveHourAutoStopped === 'true' && accountData.schedulable === 'false') {
        logger.info(
          `✅ Auto-resuming scheduling for account ${accountData.name} (${accountId}) - new session window started`
        )
        accountData.schedulable = 'true'
        delete accountData.fiveHourAutoStopped
        delete accountData.fiveHourStoppedAt
        await this._clearFiveHourWarningMetadata(accountId, accountData)
        shouldClearFiveHourFlags = true

        // 发送Webhook通知
        try {
          const webhookNotifier = require('../utils/webhookNotifier')
          await webhookNotifier.sendAccountAnomalyNotification({
            accountId,
            accountName: accountData.name || 'Claude Account',
            platform: 'claude',
            status: 'resumed',
            errorCode: 'CLAUDE_5H_LIMIT_RESUMED',
            reason: '进入新的5小时窗口，已自动恢复调度',
            timestamp: getISOStringWithTimezone(new Date())
          })
        } catch (webhookError) {
          logger.error('Failed to send webhook notification:', webhookError)
        }
      }

      if (shouldClearSessionStatus || shouldClearFiveHourFlags) {
        const fieldsToRemove = []
        if (shouldClearFiveHourFlags) {
          fieldsToRemove.push('fiveHourAutoStopped', 'fiveHourStoppedAt')
        }
        if (shouldClearSessionStatus) {
          fieldsToRemove.push('sessionWindowStatus', 'sessionWindowStatusUpdatedAt')
        }
        await this._removeAccountFields(accountId, fieldsToRemove, 'session_window_refresh')
      }

      logger.info(
        `🕐 Created new session window for account ${accountData.name} (${accountId}): ${windowStart.toISOString()} - ${windowEnd.toISOString()} (from current time)`
      )

      return accountData
    } catch (error) {
      logger.error(`❌ Failed to update session window for account ${accountId}:`, error)
      throw error
    }
  }

  // 🕐 计算会话窗口开始时间
  _calculateSessionWindowStart(requestTime) {
    // 从当前时间开始创建窗口，只将分钟取整到整点
    const windowStart = new Date(requestTime)
    windowStart.setMinutes(0)
    windowStart.setSeconds(0)
    windowStart.setMilliseconds(0)

    return windowStart
  }

  // 🕐 计算会话窗口结束时间
  _calculateSessionWindowEnd(startTime) {
    const endTime = new Date(startTime)
    endTime.setHours(endTime.getHours() + 5) // 加5小时
    return endTime
  }

  async _clearFiveHourWarningMetadata(accountId, accountData = null) {
    if (accountData) {
      delete accountData.fiveHourWarningWindow
      delete accountData.fiveHourWarningCount
      delete accountData.fiveHourWarningLastSentAt
    }

    try {
      if (redis.client && typeof redis.client.hdel === 'function') {
        await redis.client.hdel(
          `claude:account:${accountId}`,
          'fiveHourWarningWindow',
          'fiveHourWarningCount',
          'fiveHourWarningLastSentAt'
        )
      }
    } catch (error) {
      logger.warn(
        `⚠️ Failed to clear five-hour warning metadata for account ${accountId}: ${error.message}`
      )
    }
  }

  // 📊 获取会话窗口信息
  async getSessionWindowInfo(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        return null
      }

      // 如果没有会话窗口信息，返回null
      if (!accountData.sessionWindowStart || !accountData.sessionWindowEnd) {
        return {
          hasActiveWindow: false,
          windowStart: null,
          windowEnd: null,
          progress: 0,
          remainingTime: null,
          lastRequestTime: accountData.lastRequestTime || null,
          sessionWindowStatus: accountData.sessionWindowStatus || null
        }
      }

      const now = new Date()
      const windowStart = new Date(accountData.sessionWindowStart)
      const windowEnd = new Date(accountData.sessionWindowEnd)
      const currentTime = now.getTime()

      // 检查窗口是否已过期
      if (currentTime >= windowEnd.getTime()) {
        return {
          hasActiveWindow: false,
          windowStart: accountData.sessionWindowStart,
          windowEnd: accountData.sessionWindowEnd,
          progress: 100,
          remainingTime: 0,
          lastRequestTime: accountData.lastRequestTime || null,
          sessionWindowStatus: accountData.sessionWindowStatus || null
        }
      }

      // 计算进度百分比
      const totalDuration = windowEnd.getTime() - windowStart.getTime()
      const elapsedTime = currentTime - windowStart.getTime()
      const progress = Math.round((elapsedTime / totalDuration) * 100)

      // 计算剩余时间（分钟）
      const remainingTime = Math.round((windowEnd.getTime() - currentTime) / (1000 * 60))

      return {
        hasActiveWindow: true,
        windowStart: accountData.sessionWindowStart,
        windowEnd: accountData.sessionWindowEnd,
        progress,
        remainingTime,
        lastRequestTime: accountData.lastRequestTime || null,
        sessionWindowStatus: accountData.sessionWindowStatus || null
      }
    } catch (error) {
      logger.error(`❌ Failed to get session window info for account ${accountId}:`, error)
      return null
    }
  }

  // 📊 获取 OAuth Usage 数据
  async fetchOAuthUsage(accountId, accessToken = null, agent = null) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      // 如果没有提供 accessToken，使用 getValidAccessToken 自动检查过期并刷新
      if (!accessToken) {
        accessToken = await this.getValidAccessToken(accountId)
      }

      // 如果没有提供 agent，创建代理
      if (!agent) {
        agent = this._createProxyAgent(accountData.proxy)
      }

      logger.debug(`📊 Fetching OAuth usage for account: ${accountData.name} (${accountId})`)

      // 请求 OAuth usage 接口
      const axiosConfig = {
        headers: {
          Authorization: `Bearer ${accessToken}`,
          'Content-Type': 'application/json',
          Accept: 'application/json',
          'anthropic-beta': 'oauth-2025-04-20',
          'User-Agent': 'claude-cli/1.0.56 (external, cli)',
          'Accept-Language': 'en-US,en;q=0.9'
        },
        timeout: 15000
      }

      if (agent) {
        axiosConfig.httpAgent = agent
        axiosConfig.httpsAgent = agent
        axiosConfig.proxy = false
      }

      const response = await axios.get('https://api.anthropic.com/api/oauth/usage', axiosConfig)

      if (response.status === 200 && response.data) {
        logger.debug('✅ Successfully fetched OAuth usage data:', {
          accountId,
          fiveHour: response.data.five_hour?.utilization,
          sevenDay: response.data.seven_day?.utilization,
          sevenDayOpus: response.data.seven_day_opus?.utilization
        })

        return response.data
      }

      logger.warn(`⚠️ Failed to fetch OAuth usage for account ${accountId}: ${response.status}`)
      return null
    } catch (error) {
      // 403 错误通常表示使用的是 Setup Token 而非 OAuth
      if (error.response?.status === 403) {
        logger.debug(
          `⚠️ OAuth usage API returned 403 for account ${accountId}. This account likely uses Setup Token instead of OAuth.`
        )
        return null
      }

      // 其他错误正常记录
      logger.error(
        `❌ Failed to fetch OAuth usage for account ${accountId}:`,
        error.response?.data || error.message
      )
      return null
    }
  }

  // 📊 构建 Claude Usage 快照（从 Redis 数据）
  buildClaudeUsageSnapshot(accountData) {
    const updatedAt = accountData.claudeUsageUpdatedAt

    const fiveHourUtilization = this._toNumberOrNull(accountData.claudeFiveHourUtilization)
    const fiveHourResetsAt = accountData.claudeFiveHourResetsAt
    const sevenDayUtilization = this._toNumberOrNull(accountData.claudeSevenDayUtilization)
    const sevenDayResetsAt = accountData.claudeSevenDayResetsAt
    const sevenDayOpusUtilization = this._toNumberOrNull(accountData.claudeSevenDayOpusUtilization)
    const sevenDayOpusResetsAt = accountData.claudeSevenDayOpusResetsAt

    const hasFiveHourData = fiveHourUtilization !== null || fiveHourResetsAt
    const hasSevenDayData = sevenDayUtilization !== null || sevenDayResetsAt
    const hasSevenDayOpusData = sevenDayOpusUtilization !== null || sevenDayOpusResetsAt

    if (!updatedAt && !hasFiveHourData && !hasSevenDayData && !hasSevenDayOpusData) {
      return null
    }

    const now = Date.now()

    return {
      updatedAt,
      fiveHour: {
        utilization: fiveHourUtilization,
        resetsAt: fiveHourResetsAt,
        remainingSeconds: fiveHourResetsAt
          ? Math.max(0, Math.floor((new Date(fiveHourResetsAt).getTime() - now) / 1000))
          : null
      },
      sevenDay: {
        utilization: sevenDayUtilization,
        resetsAt: sevenDayResetsAt,
        remainingSeconds: sevenDayResetsAt
          ? Math.max(0, Math.floor((new Date(sevenDayResetsAt).getTime() - now) / 1000))
          : null
      },
      sevenDayOpus: {
        utilization: sevenDayOpusUtilization,
        resetsAt: sevenDayOpusResetsAt,
        remainingSeconds: sevenDayOpusResetsAt
          ? Math.max(0, Math.floor((new Date(sevenDayOpusResetsAt).getTime() - now) / 1000))
          : null
      }
    }
  }

  // 📊 更新 Claude Usage 快照到 Redis
  async updateClaudeUsageSnapshot(accountId, usageData) {
    if (!usageData || typeof usageData !== 'object') {
      return
    }

    const updates = {}

    // 5小时窗口
    if (usageData.five_hour) {
      if (usageData.five_hour.utilization !== undefined) {
        updates.claudeFiveHourUtilization = String(usageData.five_hour.utilization)
      }
      if (usageData.five_hour.resets_at) {
        updates.claudeFiveHourResetsAt = usageData.five_hour.resets_at
      }
    }

    // 7天窗口
    if (usageData.seven_day) {
      if (usageData.seven_day.utilization !== undefined) {
        updates.claudeSevenDayUtilization = String(usageData.seven_day.utilization)
      }
      if (usageData.seven_day.resets_at) {
        updates.claudeSevenDayResetsAt = usageData.seven_day.resets_at
      }
    }

    // 7天Opus窗口
    if (usageData.seven_day_opus) {
      if (usageData.seven_day_opus.utilization !== undefined) {
        updates.claudeSevenDayOpusUtilization = String(usageData.seven_day_opus.utilization)
      }
      if (usageData.seven_day_opus.resets_at) {
        updates.claudeSevenDayOpusResetsAt = usageData.seven_day_opus.resets_at
      }
    }

    if (Object.keys(updates).length === 0) {
      return
    }

    updates.claudeUsageUpdatedAt = new Date().toISOString()

    const accountData = await redis.getClaudeAccount(accountId)
    if (accountData && Object.keys(accountData).length > 0) {
      Object.assign(accountData, updates)
      await redis.setClaudeAccount(accountId, accountData)
      logger.debug(
        `📊 Updated Claude usage snapshot for account ${accountId}:`,
        Object.keys(updates)
      )
    }
  }

  // 📊 获取账号 Profile 信息并更新账号类型
  async fetchAndUpdateAccountProfile(accountId, accessToken = null, agent = null) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      // 检查账户是否有 user:profile 权限
      const hasProfileScope = accountData.scopes && accountData.scopes.includes('user:profile')
      if (!hasProfileScope) {
        logger.warn(
          `⚠️ Account ${accountId} does not have user:profile scope, cannot fetch profile`
        )
        throw new Error('Account does not have user:profile permission')
      }

      // 如果没有提供 accessToken，使用账号存储的 token
      if (!accessToken) {
        accessToken = this._decryptSensitiveData(accountData.accessToken)
        if (!accessToken) {
          throw new Error('No access token available')
        }
      }

      // 如果没有提供 agent，创建代理
      if (!agent) {
        agent = this._createProxyAgent(accountData.proxy)
      }

      logger.info(`📊 Fetching profile info for account: ${accountData.name} (${accountId})`)

      // 请求 profile 接口
      const axiosConfig = {
        headers: {
          Authorization: `Bearer ${accessToken}`,
          'Content-Type': 'application/json',
          Accept: 'application/json',
          'User-Agent': 'claude-cli/1.0.56 (external, cli)',
          'Accept-Language': 'en-US,en;q=0.9'
        },
        timeout: 15000
      }

      if (agent) {
        axiosConfig.httpAgent = agent
        axiosConfig.httpsAgent = agent
        axiosConfig.proxy = false
      }

      const response = await axios.get('https://api.anthropic.com/api/oauth/profile', axiosConfig)

      if (response.status === 200 && response.data) {
        const profileData = response.data

        logger.info('✅ Successfully fetched profile data:', {
          email: profileData.account?.email,
          hasClaudeMax: profileData.account?.has_claude_max,
          hasClaudePro: profileData.account?.has_claude_pro,
          organizationType: profileData.organization?.organization_type
        })

        // 构建订阅信息
        const subscriptionInfo = {
          // 账号信息
          email: profileData.account?.email,
          fullName: profileData.account?.full_name,
          displayName: profileData.account?.display_name,
          hasClaudeMax: profileData.account?.has_claude_max || false,
          hasClaudePro: profileData.account?.has_claude_pro || false,
          accountUuid: profileData.account?.uuid,

          // 组织信息
          organizationName: profileData.organization?.name,
          organizationUuid: profileData.organization?.uuid,
          billingType: profileData.organization?.billing_type,
          rateLimitTier: profileData.organization?.rate_limit_tier,
          organizationType: profileData.organization?.organization_type,

          // 账号类型（基于 has_claude_max 和 has_claude_pro 判断）
          accountType:
            profileData.account?.has_claude_max === true
              ? 'claude_max'
              : profileData.account?.has_claude_pro === true
                ? 'claude_pro'
                : 'free',

          // 更新时间
          profileFetchedAt: new Date().toISOString()
        }

        // 更新账户数据
        accountData.subscriptionInfo = JSON.stringify(subscriptionInfo)
        accountData.profileUpdatedAt = new Date().toISOString()

        // 如果提供了邮箱，更新邮箱字段
        if (profileData.account?.email) {
          accountData.email = this._encryptSensitiveData(profileData.account.email)
        }

        await redis.setClaudeAccount(accountId, accountData)

        logger.success(
          `✅ Updated account profile for ${accountData.name} (${accountId}) - Type: ${subscriptionInfo.accountType}`
        )

        return subscriptionInfo
      } else {
        throw new Error(`Failed to fetch profile with status: ${response.status}`)
      }
    } catch (error) {
      if (error.response?.status === 401) {
        logger.warn(`⚠️ Profile API returned 401 for account ${accountId} - token may be invalid`)
      } else if (error.response?.status === 403) {
        logger.warn(
          `⚠️ Profile API returned 403 for account ${accountId} - insufficient permissions`
        )
      } else {
        logger.error(`❌ Failed to fetch profile for account ${accountId}:`, error.message)
      }
      throw error
    }
  }

  // 🔄 手动更新所有账号的 Profile 信息
  async updateAllAccountProfiles() {
    try {
      logger.info('🔄 Starting batch profile update for all accounts...')

      const accounts = await redis.getAllClaudeAccounts()
      let successCount = 0
      let failureCount = 0
      const results = []

      for (const account of accounts) {
        // 跳过未激活或错误状态的账号
        if (account.isActive !== 'true' || account.status === 'error') {
          logger.info(`⏩ Skipping inactive/error account: ${account.name} (${account.id})`)
          continue
        }

        // 跳过没有 user:profile 权限的账号（Setup Token 账号）
        const hasProfileScope = account.scopes && account.scopes.includes('user:profile')
        if (!hasProfileScope) {
          logger.info(
            `⏩ Skipping account without user:profile scope: ${account.name} (${account.id})`
          )
          results.push({
            accountId: account.id,
            accountName: account.name,
            success: false,
            error: 'No user:profile permission (Setup Token account)'
          })
          continue
        }

        try {
          // 获取有效的 access token
          const accessToken = await this.getValidAccessToken(account.id)
          if (accessToken) {
            const profileInfo = await this.fetchAndUpdateAccountProfile(account.id, accessToken)
            successCount++
            results.push({
              accountId: account.id,
              accountName: account.name,
              success: true,
              accountType: profileInfo.accountType
            })
          }
        } catch (error) {
          failureCount++
          results.push({
            accountId: account.id,
            accountName: account.name,
            success: false,
            error: error.message
          })
          logger.warn(
            `⚠️ Failed to update profile for account ${account.name} (${account.id}): ${error.message}`
          )
        }

        // 添加延迟以避免触发限流
        await new Promise((resolve) => setTimeout(resolve, 1000))
      }

      logger.success(`✅ Profile update completed: ${successCount} success, ${failureCount} failed`)

      return {
        totalAccounts: accounts.length,
        successCount,
        failureCount,
        results
      }
    } catch (error) {
      logger.error('❌ Failed to update account profiles:', error)
      throw error
    }
  }

  // 🔄 初始化所有账户的会话窗口（从历史数据恢复）
  async initializeSessionWindows(forceRecalculate = false) {
    try {
      logger.info('🔄 Initializing session windows for all Claude accounts...')

      const accounts = await redis.getAllClaudeAccounts()
      let validWindowCount = 0
      let expiredWindowCount = 0
      let noWindowCount = 0
      const now = new Date()

      for (const account of accounts) {
        // 如果强制重算，清除现有窗口信息
        if (forceRecalculate && (account.sessionWindowStart || account.sessionWindowEnd)) {
          logger.info(`🔄 Force recalculating window for account ${account.name} (${account.id})`)
          delete account.sessionWindowStart
          delete account.sessionWindowEnd
          delete account.lastRequestTime
          await redis.setClaudeAccount(account.id, account)
        }

        // 检查现有会话窗口
        if (account.sessionWindowStart && account.sessionWindowEnd) {
          const windowEnd = new Date(account.sessionWindowEnd)
          const windowStart = new Date(account.sessionWindowStart)
          const timeUntilExpires = Math.round((windowEnd.getTime() - now.getTime()) / (1000 * 60))

          if (now.getTime() < windowEnd.getTime()) {
            // 窗口仍然有效，保留它
            validWindowCount++
            logger.info(
              `✅ Account ${account.name} (${account.id}) has valid window: ${windowStart.toISOString()} - ${windowEnd.toISOString()} (${timeUntilExpires} minutes remaining)`
            )
          } else {
            // 窗口已过期，清除它
            expiredWindowCount++
            logger.warn(
              `⏰ Account ${account.name} (${account.id}) window expired: ${windowStart.toISOString()} - ${windowEnd.toISOString()}`
            )

            // 清除过期的窗口信息
            delete account.sessionWindowStart
            delete account.sessionWindowEnd
            delete account.lastRequestTime
            await redis.setClaudeAccount(account.id, account)
          }
        } else {
          noWindowCount++
          logger.info(
            `📭 Account ${account.name} (${account.id}) has no session window - will create on next request`
          )
        }
      }

      logger.success('✅ Session window initialization completed:')
      logger.success(`   📊 Total accounts: ${accounts.length}`)
      logger.success(`   ✅ Valid windows: ${validWindowCount}`)
      logger.success(`   ⏰ Expired windows: ${expiredWindowCount}`)
      logger.success(`   📭 No windows: ${noWindowCount}`)

      return {
        total: accounts.length,
        validWindows: validWindowCount,
        expiredWindows: expiredWindowCount,
        noWindows: noWindowCount
      }
    } catch (error) {
      logger.error('❌ Failed to initialize session windows:', error)
      return {
        total: 0,
        validWindows: 0,
        expiredWindows: 0,
        noWindows: 0,
        error: error.message
      }
    }
  }

  // 🚫 通用的账户错误标记方法
  async markAccountError(accountId, errorType, sessionHash = null) {
    const ERROR_CONFIG = {
      unauthorized: {
        status: 'unauthorized',
        errorMessage: 'Account unauthorized (401 errors detected)',
        timestampField: 'unauthorizedAt',
        errorCode: 'CLAUDE_OAUTH_UNAUTHORIZED',
        logMessage: 'unauthorized'
      },
      blocked: {
        status: 'blocked',
        errorMessage: 'Account blocked (403 error detected - account may be suspended by Claude)',
        timestampField: 'blockedAt',
        errorCode: 'CLAUDE_OAUTH_BLOCKED',
        logMessage: 'blocked'
      }
    }

    try {
      const errorConfig = ERROR_CONFIG[errorType]
      if (!errorConfig) {
        throw new Error(`Unsupported error type: ${errorType}`)
      }

      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      // 更新账户状态
      const updatedAccountData = { ...accountData }
      updatedAccountData.status = errorConfig.status
      updatedAccountData.schedulable = 'false' // 设置为不可调度
      updatedAccountData.errorMessage = errorConfig.errorMessage
      updatedAccountData[errorConfig.timestampField] = new Date().toISOString()

      // 保存更新后的账户数据
      await redis.setClaudeAccount(accountId, updatedAccountData)

      // 如果有sessionHash，删除粘性会话映射
      if (sessionHash) {
        await redis.client.del(`sticky_session:${sessionHash}`)
        logger.info(`🗑️ Deleted sticky session mapping for hash: ${sessionHash}`)
      }

      logger.warn(
        `⚠️ Account ${accountData.name} (${accountId}) marked as ${errorConfig.logMessage} and disabled for scheduling`
      )

      // 发送Webhook通知
      try {
        const webhookNotifier = require('../utils/webhookNotifier')
        await webhookNotifier.sendAccountAnomalyNotification({
          accountId,
          accountName: accountData.name,
          platform: 'claude-oauth',
          status: errorConfig.status,
          errorCode: errorConfig.errorCode,
          reason: errorConfig.errorMessage,
          timestamp: getISOStringWithTimezone(new Date())
        })
      } catch (webhookError) {
        logger.error('Failed to send webhook notification:', webhookError)
      }

      return { success: true }
    } catch (error) {
      logger.error(`❌ Failed to mark account ${accountId} as ${errorType}:`, error)
      throw error
    }
  }

  // 🚫 标记账户为未授权状态（401错误）
  async markAccountUnauthorized(accountId, sessionHash = null) {
    return this.markAccountError(accountId, 'unauthorized', sessionHash)
  }

  // 🚫 标记账户为被封锁状态（403错误）
  async markAccountBlocked(accountId, sessionHash = null) {
    return this.markAccountError(accountId, 'blocked', sessionHash)
  }

  // 🔄 重置账户所有异常状态
  async resetAccountStatus(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      // 重置账户状态
      const updatedAccountData = { ...accountData }

      // 根据是否有有效的accessToken来设置status
      if (updatedAccountData.accessToken) {
        updatedAccountData.status = 'active'
      } else {
        updatedAccountData.status = 'created'
      }

      // 恢复可调度状态（管理员手动重置时恢复调度是合理的）
      updatedAccountData.schedulable = 'true'
      // 清除所有自动停止相关的标记
      delete updatedAccountData.rateLimitAutoStopped
      delete updatedAccountData.fiveHourAutoStopped
      delete updatedAccountData.fiveHourStoppedAt
      delete updatedAccountData.tempErrorAutoStopped
      delete updatedAccountData.fiveHourWarningWindow
      delete updatedAccountData.fiveHourWarningCount
      delete updatedAccountData.fiveHourWarningLastSentAt
      // 兼容旧的标记
      delete updatedAccountData.autoStoppedAt
      delete updatedAccountData.stoppedReason

      // 清除错误相关字段
      delete updatedAccountData.errorMessage
      delete updatedAccountData.unauthorizedAt
      delete updatedAccountData.blockedAt
      delete updatedAccountData.rateLimitedAt
      delete updatedAccountData.rateLimitStatus
      delete updatedAccountData.rateLimitEndAt
      delete updatedAccountData.tempErrorAt
      delete updatedAccountData.sessionWindowStart
      delete updatedAccountData.sessionWindowEnd

      // 保存更新后的账户数据
      await redis.setClaudeAccount(accountId, updatedAccountData)

      // 显式从 Redis 中删除这些字段（因为 HSET 不会删除现有字段）
      const fieldsToDelete = [
        'errorMessage',
        'unauthorizedAt',
        'blockedAt',
        'rateLimitedAt',
        'rateLimitStatus',
        'rateLimitEndAt',
        'tempErrorAt',
        'sessionWindowStart',
        'sessionWindowEnd',
        // 新的独立标记
        'rateLimitAutoStopped',
        'fiveHourAutoStopped',
        'fiveHourStoppedAt',
        'fiveHourWarningWindow',
        'fiveHourWarningCount',
        'fiveHourWarningLastSentAt',
        'tempErrorAutoStopped',
        // 兼容旧的标记
        'autoStoppedAt',
        'stoppedReason'
      ]
      await redis.client.hdel(`claude:account:${accountId}`, ...fieldsToDelete)

      // 清除401错误计数
      const errorKey = `claude_account:${accountId}:401_errors`
      await redis.client.del(errorKey)

      // 清除限流状态（如果存在）
      const rateLimitKey = `ratelimit:${accountId}`
      await redis.client.del(rateLimitKey)

      // 清除5xx错误计数
      const serverErrorKey = `claude_account:${accountId}:5xx_errors`
      await redis.client.del(serverErrorKey)

      logger.info(
        `✅ Successfully reset all error states for account ${accountData.name} (${accountId})`
      )

      return {
        success: true,
        account: {
          id: accountId,
          name: accountData.name,
          status: updatedAccountData.status,
          schedulable: updatedAccountData.schedulable === 'true'
        }
      }
    } catch (error) {
      logger.error(`❌ Failed to reset account status for ${accountId}:`, error)
      throw error
    }
  }

  // 🧹 清理临时错误账户
  async cleanupTempErrorAccounts() {
    try {
      const accounts = await redis.getAllClaudeAccounts()
      let cleanedCount = 0
      const TEMP_ERROR_RECOVERY_MINUTES = 5 // 临时错误状态恢复时间（分钟）

      for (const account of accounts) {
        if (account.status === 'temp_error' && account.tempErrorAt) {
          const tempErrorAt = new Date(account.tempErrorAt)
          const now = new Date()
          const minutesSinceTempError = (now - tempErrorAt) / (1000 * 60)

          // 如果临时错误状态超过指定时间，尝试重新激活
          if (minutesSinceTempError > TEMP_ERROR_RECOVERY_MINUTES) {
            account.status = 'active' // 恢复为 active 状态
            // 只恢复因临时错误而自动停止的账户
            if (account.tempErrorAutoStopped === 'true') {
              account.schedulable = 'true' // 恢复为可调度
              delete account.tempErrorAutoStopped
            }
            delete account.errorMessage
            delete account.tempErrorAt
            await redis.setClaudeAccount(account.id, account)

            // 显式从 Redis 中删除这些字段（因为 HSET 不会删除现有字段）
            await redis.client.hdel(
              `claude:account:${account.id}`,
              'errorMessage',
              'tempErrorAt',
              'tempErrorAutoStopped'
            )

            // 同时清除500错误计数
            await this.clearInternalErrors(account.id)
            cleanedCount++
            logger.success(`🧹 Reset temp_error status for account ${account.name} (${account.id})`)
          }
        }
      }

      if (cleanedCount > 0) {
        logger.success(`🧹 Reset ${cleanedCount} temp_error accounts`)
      }

      return cleanedCount
    } catch (error) {
      logger.error('❌ Failed to cleanup temp_error accounts:', error)
      return 0
    }
  }

  // 记录5xx服务器错误
  async recordServerError(accountId, statusCode) {
    try {
      const key = `claude_account:${accountId}:5xx_errors`

      // 增加错误计数，设置5分钟过期时间
      await redis.client.incr(key)
      await redis.client.expire(key, 300) // 5分钟

      logger.info(`📝 Recorded ${statusCode} error for account ${accountId}`)
    } catch (error) {
      logger.error(`❌ Failed to record ${statusCode} error for account ${accountId}:`, error)
    }
  }

  // 记录500内部错误(保留以便向后兼容)
  async recordInternalError(accountId) {
    return this.recordServerError(accountId, 500)
  }

  // 获取5xx错误计数
  async getServerErrorCount(accountId) {
    try {
      const key = `claude_account:${accountId}:5xx_errors`

      const count = await redis.client.get(key)
      return parseInt(count) || 0
    } catch (error) {
      logger.error(`❌ Failed to get 5xx error count for account ${accountId}:`, error)
      return 0
    }
  }

  // 获取500错误计数(保留以便向后兼容)
  async getInternalErrorCount(accountId) {
    return this.getServerErrorCount(accountId)
  }

  // 清除500错误计数
  async clearInternalErrors(accountId) {
    try {
      const key = `claude_account:${accountId}:5xx_errors`

      await redis.client.del(key)
      logger.info(`✅ Cleared 5xx error count for account ${accountId}`)
    } catch (error) {
      logger.error(`❌ Failed to clear 5xx errors for account ${accountId}:`, error)
    }
  }

  // 标记账号为临时错误状态
  async markAccountTempError(accountId, sessionHash = null) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        throw new Error('Account not found')
      }

      // 更新账户状态
      const updatedAccountData = { ...accountData }
      updatedAccountData.status = 'temp_error' // 新增的临时错误状态
      updatedAccountData.schedulable = 'false' // 设置为不可调度
      updatedAccountData.errorMessage = 'Account temporarily disabled due to consecutive 500 errors'
      updatedAccountData.tempErrorAt = new Date().toISOString()
      // 使用独立的临时错误自动停止标记
      updatedAccountData.tempErrorAutoStopped = 'true'

      // 保存更新后的账户数据
      await redis.setClaudeAccount(accountId, updatedAccountData)

      // 设置 5 分钟后自动恢复（一次性定时器）
      setTimeout(
        async () => {
          try {
            const account = await redis.getClaudeAccount(accountId)
            if (account && account.status === 'temp_error' && account.tempErrorAt) {
              // 验证是否确实过了 5 分钟（防止重复定时器）
              const tempErrorAt = new Date(account.tempErrorAt)
              const now = new Date()
              const minutesSince = (now - tempErrorAt) / (1000 * 60)

              if (minutesSince >= 5) {
                // 恢复账户
                account.status = 'active'
                // 只恢复因临时错误而自动停止的账户
                if (account.tempErrorAutoStopped === 'true') {
                  account.schedulable = 'true'
                  delete account.tempErrorAutoStopped
                }
                delete account.errorMessage
                delete account.tempErrorAt

                await redis.setClaudeAccount(accountId, account)

                // 显式删除 Redis 字段
                await redis.client.hdel(
                  `claude:account:${accountId}`,
                  'errorMessage',
                  'tempErrorAt',
                  'tempErrorAutoStopped'
                )

                // 清除 500 错误计数
                await this.clearInternalErrors(accountId)

                logger.success(
                  `✅ Auto-recovered temp_error after 5 minutes: ${account.name} (${accountId})`
                )
              } else {
                logger.debug(
                  `⏰ Temp error timer triggered but only ${minutesSince.toFixed(1)} minutes passed for ${account.name} (${accountId})`
                )
              }
            }
          } catch (error) {
            logger.error(`❌ Failed to auto-recover temp_error account ${accountId}:`, error)
          }
        },
        6 * 60 * 1000
      ) // 6 分钟后执行，确保已过 5 分钟

      // 如果有sessionHash，删除粘性会话映射
      if (sessionHash) {
        await redis.client.del(`sticky_session:${sessionHash}`)
        logger.info(`🗑️ Deleted sticky session mapping for hash: ${sessionHash}`)
      }

      logger.warn(
        `⚠️ Account ${accountData.name} (${accountId}) marked as temp_error and disabled for scheduling`
      )

      // 发送Webhook通知
      try {
        const webhookNotifier = require('../utils/webhookNotifier')
        await webhookNotifier.sendAccountAnomalyNotification({
          accountId,
          accountName: accountData.name,
          platform: 'claude-oauth',
          status: 'temp_error',
          errorCode: 'CLAUDE_OAUTH_TEMP_ERROR',
          reason: 'Account temporarily disabled due to consecutive 500 errors'
        })
      } catch (webhookError) {
        logger.error('Failed to send webhook notification:', webhookError)
      }

      return { success: true }
    } catch (error) {
      logger.error(`❌ Failed to mark account ${accountId} as temp_error:`, error)
      throw error
    }
  }

  // 更新会话窗口状态（allowed, allowed_warning, rejected）
  async updateSessionWindowStatus(accountId, status) {
    try {
      // 参数验证
      if (!accountId || !status) {
        logger.warn(
          `Invalid parameters for updateSessionWindowStatus: accountId=${accountId}, status=${status}`
        )
        return
      }

      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData || Object.keys(accountData).length === 0) {
        logger.warn(`Account not found: ${accountId}`)
        return
      }

      // 验证状态值是否有效
      const validStatuses = ['allowed', 'allowed_warning', 'rejected']
      if (!validStatuses.includes(status)) {
        logger.warn(`Invalid session window status: ${status} for account ${accountId}`)
        return
      }

      const now = new Date()
      const nowIso = now.toISOString()

      // 更新会话窗口状态
      accountData.sessionWindowStatus = status
      accountData.sessionWindowStatusUpdatedAt = nowIso

      // 如果状态是 allowed_warning 且账户设置了自动停止调度
      if (status === 'allowed_warning' && accountData.autoStopOnWarning === 'true') {
        const alreadyAutoStopped =
          accountData.schedulable === 'false' && accountData.fiveHourAutoStopped === 'true'

        if (!alreadyAutoStopped) {
          const windowIdentifier =
            accountData.sessionWindowEnd || accountData.sessionWindowStart || 'unknown'

          let warningCount = 0
          if (accountData.fiveHourWarningWindow === windowIdentifier) {
            const parsedCount = parseInt(accountData.fiveHourWarningCount || '0', 10)
            warningCount = Number.isNaN(parsedCount) ? 0 : parsedCount
          }

          const maxWarningsPerWindow = this.maxFiveHourWarningsPerWindow

          logger.warn(
            `⚠️ Account ${accountData.name} (${accountId}) approaching 5h limit, auto-stopping scheduling`
          )
          accountData.schedulable = 'false'
          // 使用独立的5小时限制自动停止标记
          accountData.fiveHourAutoStopped = 'true'
          accountData.fiveHourStoppedAt = nowIso
          // 设置停止原因，供前端显示
          accountData.stoppedReason = '5小时使用量接近限制，已自动停止调度'

          const canSendWarning = warningCount < maxWarningsPerWindow
          let updatedWarningCount = warningCount

          accountData.fiveHourWarningWindow = windowIdentifier
          if (canSendWarning) {
            updatedWarningCount += 1
            accountData.fiveHourWarningLastSentAt = nowIso
          }
          accountData.fiveHourWarningCount = updatedWarningCount.toString()

          if (canSendWarning) {
            // 发送Webhook通知
            try {
              const webhookNotifier = require('../utils/webhookNotifier')
              await webhookNotifier.sendAccountAnomalyNotification({
                accountId,
                accountName: accountData.name || 'Claude Account',
                platform: 'claude',
                status: 'warning',
                errorCode: 'CLAUDE_5H_LIMIT_WARNING',
                reason: '5小时使用量接近限制，已自动停止调度',
                timestamp: getISOStringWithTimezone(now)
              })
            } catch (webhookError) {
              logger.error('Failed to send webhook notification:', webhookError)
            }
          } else {
            logger.debug(
              `⚠️ Account ${accountData.name} (${accountId}) reached max ${maxWarningsPerWindow} warning notifications for current 5h window, skipping webhook`
            )
          }
        } else {
          logger.debug(
            `⚠️ Account ${accountData.name} (${accountId}) already auto-stopped for 5h limit, skipping duplicate warning`
          )
        }
      }

      await redis.setClaudeAccount(accountId, accountData)

      logger.info(
        `📊 Updated session window status for account ${accountData.name} (${accountId}): ${status}`
      )
    } catch (error) {
      logger.error(`❌ Failed to update session window status for account ${accountId}:`, error)
    }
  }

  // 🚫 标记账号为过载状态（529错误）
  async markAccountOverloaded(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData) {
        throw new Error('Account not found')
      }

      // 获取配置的过载处理时间（分钟）
      const overloadMinutes = config.overloadHandling?.enabled || 0

      if (overloadMinutes === 0) {
        logger.info('⏭️ 529 error handling is disabled')
        return { success: false, error: '529 error handling is disabled' }
      }

      const overloadKey = `account:overload:${accountId}`
      const ttl = overloadMinutes * 60 // 转换为秒

      await redis.setex(
        overloadKey,
        ttl,
        JSON.stringify({
          accountId,
          accountName: accountData.name,
          markedAt: new Date().toISOString(),
          expiresAt: new Date(Date.now() + ttl * 1000).toISOString()
        })
      )

      logger.warn(
        `🚫 Account ${accountData.name} (${accountId}) marked as overloaded for ${overloadMinutes} minutes`
      )

      // 在账号上记录最后一次529错误
      const updates = {
        lastOverloadAt: new Date().toISOString(),
        errorMessage: `529错误 - 过载${overloadMinutes}分钟`
      }

      const updatedAccountData = { ...accountData, ...updates }
      await redis.setClaudeAccount(accountId, updatedAccountData)

      return { success: true, accountName: accountData.name, duration: overloadMinutes }
    } catch (error) {
      logger.error(`❌ Failed to mark account as overloaded: ${accountId}`, error)
      // 不抛出错误，避免影响主请求流程
      return { success: false, error: error.message }
    }
  }

  // ✅ 检查账号是否过载
  async isAccountOverloaded(accountId) {
    try {
      // 如果529处理未启用，直接返回false
      const overloadMinutes = config.overloadHandling?.enabled || 0
      if (overloadMinutes === 0) {
        return false
      }

      const overloadKey = `account:overload:${accountId}`
      const overloadData = await redis.get(overloadKey)

      if (overloadData) {
        // 账号处于过载状态
        return true
      }

      // 账号未过载
      return false
    } catch (error) {
      logger.error(`❌ Failed to check if account is overloaded: ${accountId}`, error)
      return false
    }
  }

  // 🔄 移除账号的过载状态
  async removeAccountOverload(accountId) {
    try {
      const accountData = await redis.getClaudeAccount(accountId)
      if (!accountData) {
        throw new Error('Account not found')
      }

      const overloadKey = `account:overload:${accountId}`
      await redis.del(overloadKey)

      logger.info(`✅ Account ${accountData.name} (${accountId}) overload status removed`)

      // 清理账号上的错误信息
      if (accountData.errorMessage && accountData.errorMessage.includes('529错误')) {
        const updatedAccountData = { ...accountData }
        delete updatedAccountData.errorMessage
        delete updatedAccountData.lastOverloadAt
        await redis.setClaudeAccount(accountId, updatedAccountData)
      }
    } catch (error) {
      logger.error(`❌ Failed to remove overload status for account: ${accountId}`, error)
      // 不抛出错误，移除过载状态失败不应该影响主流程
    }
  }

  /**
   * 检查并恢复因5小时限制被自动停止的账号
   * 用于定时任务自动恢复
   * @returns {Promise<{checked: number, recovered: number, accounts: Array}>}
   */
  async checkAndRecoverFiveHourStoppedAccounts() {
    const result = {
      checked: 0,
      recovered: 0,
      accounts: []
    }

    try {
      const accounts = await this.getAllAccounts()
      const now = new Date()

      for (const account of accounts) {
        // 只检查因5小时限制被自动停止的账号
        // 重要：不恢复手动停止的账号（没有fiveHourAutoStopped标记的）
        if (account.fiveHourAutoStopped === true && account.schedulable === false) {
          result.checked++

          // 使用分布式锁防止并发修改
          const lockKey = `lock:account:${account.id}:recovery`
          const lockValue = `${Date.now()}_${Math.random()}`
          const lockTTL = 5000 // 5秒锁超时

          try {
            // 尝试获取锁
            const lockAcquired = await redis.setAccountLock(lockKey, lockValue, lockTTL)
            if (!lockAcquired) {
              logger.debug(
                `⏭️ Account ${account.name} (${account.id}) is being processed by another instance`
              )
              continue
            }

            // 重新获取账号数据，确保是最新的
            const latestAccount = await redis.getClaudeAccount(account.id)
            if (
              !latestAccount ||
              latestAccount.fiveHourAutoStopped !== 'true' ||
              latestAccount.schedulable !== 'false'
            ) {
              // 账号状态已变化，跳过
              await redis.releaseAccountLock(lockKey, lockValue)
              continue
            }

            // 检查当前时间是否已经进入新的5小时窗口
            let shouldRecover = false
            let newWindowStart = null
            let newWindowEnd = null

            if (latestAccount.sessionWindowEnd) {
              const windowEnd = new Date(latestAccount.sessionWindowEnd)

              // 使用严格的时间比较，添加1分钟缓冲避免边界问题
              if (now.getTime() > windowEnd.getTime() + 60000) {
                shouldRecover = true

                // 计算新的窗口时间（基于窗口结束时间，而不是当前时间）
                // 这样可以保证窗口时间的连续性
                newWindowStart = new Date(windowEnd)
                newWindowStart.setMilliseconds(newWindowStart.getMilliseconds() + 1)
                newWindowEnd = new Date(newWindowStart)
                newWindowEnd.setHours(newWindowEnd.getHours() + 5)

                logger.info(
                  `🔄 Account ${latestAccount.name} (${latestAccount.id}) has entered new session window. ` +
                    `Old window: ${latestAccount.sessionWindowStart} - ${latestAccount.sessionWindowEnd}, ` +
                    `New window: ${newWindowStart.toISOString()} - ${newWindowEnd.toISOString()}`
                )
              }
            } else {
              // 如果没有窗口结束时间，但有停止时间，检查是否已经过了5小时
              if (latestAccount.fiveHourStoppedAt) {
                const stoppedAt = new Date(latestAccount.fiveHourStoppedAt)
                const hoursSinceStopped = (now.getTime() - stoppedAt.getTime()) / (1000 * 60 * 60)

                // 使用严格的5小时判断，加上1分钟缓冲
                if (hoursSinceStopped > 5.017) {
                  // 5小时1分钟
                  shouldRecover = true
                  newWindowStart = this._calculateSessionWindowStart(now)
                  newWindowEnd = this._calculateSessionWindowEnd(newWindowStart)

                  logger.info(
                    `🔄 Account ${latestAccount.name} (${latestAccount.id}) stopped ${hoursSinceStopped.toFixed(2)} hours ago, recovering`
                  )
                }
              }
            }

            if (shouldRecover) {
              // 恢复账号调度
              const updatedAccountData = { ...latestAccount }

              // 恢复调度状态
              updatedAccountData.schedulable = 'true'
              delete updatedAccountData.fiveHourAutoStopped
              delete updatedAccountData.fiveHourStoppedAt
              await this._clearFiveHourWarningMetadata(account.id, updatedAccountData)
              delete updatedAccountData.stoppedReason

              // 更新会话窗口（如果有新窗口）
              if (newWindowStart && newWindowEnd) {
                updatedAccountData.sessionWindowStart = newWindowStart.toISOString()
                updatedAccountData.sessionWindowEnd = newWindowEnd.toISOString()

                // 清除会话窗口状态
                delete updatedAccountData.sessionWindowStatus
                delete updatedAccountData.sessionWindowStatusUpdatedAt
              }

              // 保存更新
              await redis.setClaudeAccount(account.id, updatedAccountData)

              const fieldsToRemove = ['fiveHourAutoStopped', 'fiveHourStoppedAt']
              if (newWindowStart && newWindowEnd) {
                fieldsToRemove.push('sessionWindowStatus', 'sessionWindowStatusUpdatedAt')
              }
              await this._removeAccountFields(account.id, fieldsToRemove, 'five_hour_recovery_task')

              result.recovered++
              result.accounts.push({
                id: latestAccount.id,
                name: latestAccount.name,
                oldWindow: latestAccount.sessionWindowEnd
                  ? {
                      start: latestAccount.sessionWindowStart,
                      end: latestAccount.sessionWindowEnd
                    }
                  : null,
                newWindow:
                  newWindowStart && newWindowEnd
                    ? {
                        start: newWindowStart.toISOString(),
                        end: newWindowEnd.toISOString()
                      }
                    : null
              })

              logger.info(
                `✅ Auto-resumed scheduling for account ${latestAccount.name} (${latestAccount.id}) - 5-hour limit expired`
              )
            }

            // 释放锁
            await redis.releaseAccountLock(lockKey, lockValue)
          } catch (error) {
            // 确保释放锁
            if (lockKey && lockValue) {
              try {
                await redis.releaseAccountLock(lockKey, lockValue)
              } catch (unlockError) {
                logger.error(`Failed to release lock for account ${account.id}:`, unlockError)
              }
            }
            logger.error(
              `❌ Failed to check/recover 5-hour stopped account ${account.name} (${account.id}):`,
              error
            )
          }
        }
      }

      if (result.recovered > 0) {
        logger.info(
          `🔄 5-hour limit recovery completed: ${result.recovered}/${result.checked} accounts recovered`
        )
      }

      return result
    } catch (error) {
      logger.error('❌ Failed to check and recover 5-hour stopped accounts:', error)
      throw error
    }
  }

  async _removeAccountFields(accountId, fields = [], context = 'general_cleanup') {
    if (!Array.isArray(fields) || fields.length === 0) {
      return
    }

    const filteredFields = fields.filter((field) => typeof field === 'string' && field.trim())
    if (filteredFields.length === 0) {
      return
    }

    const accountKey = `claude:account:${accountId}`

    try {
      await redis.client.hdel(accountKey, ...filteredFields)
      logger.debug(
        `🧹 已在 ${context} 阶段为账号 ${accountId} 删除字段 [${filteredFields.join(', ')}]`
      )
    } catch (error) {
      logger.error(
        `❌ 无法在 ${context} 阶段为账号 ${accountId} 删除字段 [${filteredFields.join(', ')}]:`,
        error
      )
    }
  }
}

module.exports = new ClaudeAccountService()