Upload 221 files

.dockerignore

@@ -0,0 +1,78 @@
+# Dependencies
+node_modules/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Environment files
+.env.local
+.env.*.local
+
+# Logs
+logs/
+*.log
+
+# Data files
+data/
+temp/
+
+# Git
+.git/
+.gitignore
+.gitattributes
+
+# GitHub
+.github/
+
+# Documentation
+README.md
+README_EN.md
+CHANGELOG.md
+docs/
+*.md
+
+# Development files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Docker files
+docker-compose.yml
+docker-compose.*.yml
+Dockerfile
+.dockerignore
+
+# Test files
+test/
+tests/
+__tests__/
+*.test.js
+*.spec.js
+coverage/
+.nyc_output/
+
+# Build files
+# dist/  # 前端构建阶段需要复制源文件，所以不能忽略
+build/
+*.pid
+*.seed
+*.pid.lock
+
+# 但可以忽略本地已构建的 dist 目录
+web/admin-spa/dist/
+
+# CI/CD
+.travis.yml
+.gitlab-ci.yml
+azure-pipelines.yml
+
+# Package manager files
+# package-lock.json  # 需要保留此文件以支持 npm ci
+yarn.lock
+pnpm-lock.yaml
+
+# CLI
+cli/

.env.example

@@ -0,0 +1,113 @@
+# 🚀 Claude Relay Service Configuration
+
+# 🌐 服务器配置
+PORT=3000
+HOST=0.0.0.0
+NODE_ENV=production
+
+# 🔐 安全配置
+JWT_SECRET=your-jwt-secret-here
+ADMIN_SESSION_TIMEOUT=86400000
+API_KEY_PREFIX=cr_
+ENCRYPTION_KEY=your-encryption-key-here
+
+# 👤 管理员凭据（可选，不设置则自动生成）
+# ADMIN_USERNAME=cr_admin_custom
+# ADMIN_PASSWORD=your-secure-password
+
+# 📊 Redis 配置
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=
+REDIS_DB=0
+REDIS_ENABLE_TLS=
+
+# 🔗 会话管理配置
+# 粘性会话TTL配置（小时），默认1小时
+STICKY_SESSION_TTL_HOURS=1
+# 续期阈值（分钟），默认0分钟（不续期）
+STICKY_SESSION_RENEWAL_THRESHOLD_MINUTES=15
+
+# 🎯 Claude API 配置
+CLAUDE_API_URL=https://api.anthropic.com/v1/messages
+CLAUDE_API_VERSION=2023-06-01
+CLAUDE_BETA_HEADER=claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14
+
+# 🚫 529错误处理配置
+# 启用529错误处理，0表示禁用，>0表示过载状态持续时间（分钟）
+CLAUDE_OVERLOAD_HANDLING_MINUTES=0
+
+# 🌐 代理配置
+DEFAULT_PROXY_TIMEOUT=600000
+MAX_PROXY_RETRIES=3
+# IP协议族配置：true=IPv4, false=IPv6, 默认IPv4（兼容性更好）
+PROXY_USE_IPV4=true
+
+# ⏱️ 请求超时配置
+REQUEST_TIMEOUT=600000  # 请求超时设置（毫秒），默认10分钟
+
+# 📈 使用限制
+DEFAULT_TOKEN_LIMIT=1000000
+
+# 📝 日志配置
+LOG_LEVEL=info
+LOG_MAX_SIZE=10m
+LOG_MAX_FILES=5
+
+# 🔧 系统配置
+CLEANUP_INTERVAL=3600000
+TOKEN_USAGE_RETENTION=2592000000
+HEALTH_CHECK_INTERVAL=60000
+TIMEZONE_OFFSET=8  # UTC偏移小时数，默认+8（中国时区）
+METRICS_WINDOW=5  # 实时指标统计窗口（分钟），可选1-60，默认5分钟
+
+# 🎨 Web 界面配置
+WEB_TITLE=Claude Relay Service
+WEB_DESCRIPTION=Multi-account Claude API relay service with beautiful management interface
+WEB_LOGO_URL=/assets/logo.png
+
+# 🛠️ 开发配置
+DEBUG=false
+DEBUG_HTTP_TRAFFIC=false  # 启用HTTP请求/响应调试日志（仅开发环境）
+ENABLE_CORS=true
+TRUST_PROXY=true
+
+# 🔒 客户端限制（可选）
+# ALLOW_CUSTOM_CLIENTS=false
+
+# 🔐 LDAP 认证配置
+LDAP_ENABLED=false
+LDAP_URL=ldaps://ldap-1.test1.bj.yxops.net:636
+LDAP_BIND_DN=cn=admin,dc=example,dc=com
+LDAP_BIND_PASSWORD=admin_password
+LDAP_SEARCH_BASE=dc=example,dc=com
+LDAP_SEARCH_FILTER=(uid={{username}})
+LDAP_SEARCH_ATTRIBUTES=dn,uid,cn,mail,givenName,sn
+LDAP_TIMEOUT=5000
+LDAP_CONNECT_TIMEOUT=10000
+
+# 🔒 LDAP TLS/SSL 配置 (用于 ldaps:// URL)
+# 是否忽略证书验证错误 (设置为false可忽略自签名证书错误)
+LDAP_TLS_REJECT_UNAUTHORIZED=true
+# CA 证书文件路径 (可选，用于自定义CA证书)
+# LDAP_TLS_CA_FILE=/path/to/ca-cert.pem
+# 客户端证书文件路径 (可选，用于双向认证)
+# LDAP_TLS_CERT_FILE=/path/to/client-cert.pem
+# 客户端私钥文件路径 (可选，用于双向认证)
+# LDAP_TLS_KEY_FILE=/path/to/client-key.pem
+# 服务器名称 (可选，用于 SNI)
+# LDAP_TLS_SERVERNAME=ldap.example.com
+
+# 🗺️ LDAP 用户属性映射
+LDAP_USER_ATTR_USERNAME=uid
+LDAP_USER_ATTR_DISPLAY_NAME=cn
+LDAP_USER_ATTR_EMAIL=mail
+LDAP_USER_ATTR_FIRST_NAME=givenName
+LDAP_USER_ATTR_LAST_NAME=sn
+
+# 👥 用户管理配置
+USER_MANAGEMENT_ENABLED=false
+DEFAULT_USER_ROLE=user
+USER_SESSION_TIMEOUT=86400000
+MAX_API_KEYS_PER_USER=1
+ALLOW_USER_DELETE_API_KEYS=false

.eslintrc.cjs

@@ -0,0 +1,85 @@
+module.exports = {
+  root: true,
+  env: {
+    node: true,
+    es2021: true,
+    commonjs: true
+  },
+  extends: ['eslint:recommended', 'plugin:prettier/recommended'],
+  parserOptions: {
+    sourceType: 'module',
+    ecmaVersion: 'latest'
+  },
+  plugins: ['prettier'],
+  rules: {
+    // 基础规则
+    'no-console': 'off', // Node.js 项目允许 console
+    'consistent-return': 'off',
+    'no-debugger': process.env.NODE_ENV === 'production' ? 'error' : 'warn',
+    'prettier/prettier': 'error',
+
+    // 变量相关
+    'no-unused-vars': [
+      'error',
+      {
+        argsIgnorePattern: '^_',
+        varsIgnorePattern: '^_',
+        caughtErrors: 'none'
+      }
+    ],
+    'prefer-const': 'error',
+    'no-var': 'error',
+    'no-shadow': 'error',
+
+    // 代码质量
+    eqeqeq: ['error', 'always'],
+    curly: ['error', 'all'],
+    'no-throw-literal': 'error',
+    'prefer-promise-reject-errors': 'error',
+
+    // 代码风格
+    'object-shorthand': 'error',
+    'prefer-template': 'error',
+    'template-curly-spacing': ['error', 'never'],
+
+    // Node.js 特定规则
+    'no-path-concat': 'error',
+    'handle-callback-err': 'error',
+
+    // ES6+ 规则
+    'arrow-body-style': ['error', 'as-needed'],
+    'prefer-arrow-callback': 'error',
+    'prefer-destructuring': [
+      'error',
+      {
+        array: false,
+        object: true
+      }
+    ],
+
+    // 格式化规则（由 Prettier 处理）
+    semi: 'off',
+    quotes: 'off',
+    indent: 'off',
+    'comma-dangle': 'off'
+  },
+  overrides: [
+    {
+      // CLI 和脚本文件
+      files: ['cli/**/*.js', 'scripts/**/*.js'],
+      rules: {
+        'no-process-exit': 'off' // CLI 脚本允许 process.exit
+      }
+    },
+    {
+      // 测试文件
+      files: ['**/*.test.js', '**/*.spec.js', 'tests/**/*.js'],
+      env: {
+        jest: true
+      },
+      rules: {
+        'no-unused-expressions': 'off'
+      }
+    }
+  ]
+}

.github/AUTO_RELEASE_GUIDE.md

@@ -0,0 +1,164 @@
+# 自动版本发布指南
+
+## 📋 概述
+
+本项目配置了自动版本发布功能，每次推送到 `main` 分支时会自动递增版本号并创建 GitHub Release。
+
+## 🚀 工作原理
+
+### 自动版本递增规则
+
+- **版本格式**: `v<major>.<minor>.<patch>` （例如: v1.0.2）
+- **递增规则**: 每次推送到 main 分支，自动递增 patch 版本号
+  - v1.0.1 → v1.0.2
+  - v1.0.9 → v1.0.10
+  - v1.0.99 → v1.0.100
+
+### 触发条件
+
+当满足以下条件时，会自动创建新版本：
+
+1. 推送到 `main` 分支
+2. 有实际的代码变更（不包括纯文档更新）
+3. 自上次发布以来有新的提交
+
+## 📝 使用方法
+
+### 1. 常规开发流程
+
+```bash
+# 在 dev 分支开发
+git checkout dev
+# ... 进行开发 ...
+git add .
+git commit -m "feat: 添加新功能"
+git push origin dev
+
+# 合并到 main 分支
+git checkout main
+git merge dev
+git push origin main  # 这会触发自动发布
+```
+
+### 2. 跳过自动发布
+
+如果你的提交不想触发自动发布，在 commit 消息中添加 `[skip ci]`：
+
+```bash
+git commit -m "docs: 更新文档 [skip ci]"
+```
+
+### 3. 手动控制版本号
+
+如果需要发布大版本或中版本更新：
+
+```bash
+# 大版本更新 (1.0.x → 2.0.0)
+git tag -a v2.0.0 -m "Major release v2.0.0"
+git push origin v2.0.0
+
+# 中版本更新 (1.0.x → 1.1.0)
+git tag -a v1.1.0 -m "Minor release v1.1.0"
+git push origin v1.1.0
+```
+
+## 🔧 配置说明
+
+### 工作流文件
+
+- **位置**: `.github/workflows/auto-release.yml`
+- **功能**:
+  - 获取最新版本标签
+  - 计算下一个版本号
+  - 生成 changelog
+  - 创建 GitHub Release
+  - 更新 CHANGELOG.md 文件
+  - 发送 Telegram 通知（可选）
+
+### Changelog 生成
+
+使用 [git-cliff](https://github.com/orhun/git-cliff) 自动生成更新日志：
+
+- **配置文件**: `.github/cliff.toml`
+- **提交规范**: 遵循 [Conventional Commits](https://www.conventionalcommits.org/)
+  - `feat:` 新功能
+  - `fix:` Bug 修复
+  - `docs:` 文档更新
+  - `chore:` 其他变更
+  - `refactor:` 代码重构
+  - `perf:` 性能优化
+
+## 📊 查看发布历史
+
+1. **GitHub Releases 页面**: 
+   - 访问 `https://github.com/<owner>/<repo>/releases`
+   - 查看所有发布版本和更新内容
+
+2. **CHANGELOG.md**:
+   - 项目根目录的 `CHANGELOG.md` 文件
+   - 包含完整的版本历史
+
+## ❓ 常见问题
+
+### Q: 如何查看当前版本？
+
+```bash
+# 查看最新标签
+git describe --tags --abbrev=0
+
+# 查看所有标签
+git tag -l
+```
+
+### Q: 自动发布失败怎么办？
+
+1. 检查 GitHub Actions 日志
+2. 确认是否有权限创建标签和发布
+3. 检查是否有语法错误
+
+### Q: 如何回滚版本？
+
+自动发布只是创建标签和 Release，不会影响代码：
+
+```bash
+# 回滚到特定版本
+git checkout v1.0.1
+
+# 或者使用 Docker 镜像的特定版本
+docker pull weishaw/claude-relay-service:v1.0.1
+```
+
+### Q: 如何修改版本递增规则？
+
+编辑 `.github/workflows/auto-release.yml` 中的版本计算逻辑：
+
+```yaml
+# 当前是递增 patch 版本
+NEW_PATCH=$((PATCH + 1))
+
+# 可以改为递增 minor 版本
+NEW_MINOR=$((MINOR + 1))
+NEW_PATCH=0
+```
+
+## 📱 Telegram 通知（可选）
+
+自动发布系统支持发送通知到 Telegram 频道。配置后，每次发布新版本都会自动发送通知。
+
+### 快速设置
+
+1. 创建 Telegram Bot（通过 @BotFather）
+2. 将 Bot 添加到频道作为管理员
+3. 获取频道的 Chat ID
+4. 在 GitHub 仓库添加 Secrets：
+   - `TELEGRAM_BOT_TOKEN`
+   - `TELEGRAM_CHAT_ID`
+
+详细设置步骤请参考 [Telegram 通知设置指南](./TELEGRAM_SETUP.md)
+
+## 🔗 相关链接
+
+- [GitHub Actions 工作流使用指南](./WORKFLOW_USAGE.md)
+- [Telegram 通知设置指南](./TELEGRAM_SETUP.md)
+- [Docker Hub 设置指南](./DOCKER_HUB_SETUP.md)
+- [Git Cliff 配置文档](https://git-cliff.org/docs/configuration)

.github/DOCKER_HUB_SETUP.md

@@ -0,0 +1,109 @@
+# Docker Hub 自动发布配置指南
+
+本文档说明如何配置 GitHub Actions 自动构建并发布 Docker 镜像到 Docker Hub。
+
+## 📋 前置要求
+
+1. Docker Hub 账号
+2. GitHub 仓库的管理员权限
+
+## 🔐 配置 GitHub Secrets
+
+在 GitHub 仓库中配置以下 secrets：
+
+1. 进入仓库设置：`Settings` → `Secrets and variables` → `Actions`
+2. 点击 `New repository secret`
+3. 添加以下 secrets：
+
+### 必需的 Secrets
+
+| Secret 名称 | 说明 | 如何获取 |
+|------------|------|---------|
+| `DOCKERHUB_USERNAME` | Docker Hub 用户名 | 你的 Docker Hub 登录用户名 |
+| `DOCKERHUB_TOKEN` | Docker Hub Access Token | 见下方说明 |
+
+### 获取 Docker Hub Access Token
+
+1. 登录 [Docker Hub](https://hub.docker.com/)
+2. 点击右上角头像 → `Account Settings`
+3. 选择 `Security` → `Access Tokens`
+4. 点击 `New Access Token`
+5. 填写描述（如：`GitHub Actions`）
+6. 选择权限：`Read, Write, Delete`
+7. 点击 `Generate`
+8. **立即复制 token**（只显示一次）
+
+## 🚀 工作流程说明
+
+### 触发条件
+
+- **自动触发**：推送到 `main` 分支
+- **版本发布**：创建 `v*` 格式的 tag（如 `v1.0.0`）
+- **手动触发**：在 Actions 页面手动运行
+
+### 镜像标签策略
+
+工作流会自动创建以下标签：
+
+- `latest`：始终指向 main 分支的最新构建
+- `main`：main 分支的构建
+- `v1.0.0`：版本标签（当创建 tag 时）
+- `1.0`：主次版本标签
+- `1`：主版本标签
+- `main-sha-xxxxxxx`：包含 commit SHA 的标签
+
+### 支持的平台
+
+- `linux/amd64`：Intel/AMD 架构
+- `linux/arm64`：ARM64 架构（如 Apple Silicon, 树莓派等）
+
+## 📦 使用发布的镜像
+
+```bash
+# 拉取最新版本
+docker pull weishaw/claude-relay-service:latest
+
+# 拉取特定版本
+docker pull weishaw/claude-relay-service:v1.0.0
+
+# 运行容器
+docker run -d \
+  --name claude-relay \
+  -p 3000:3000 \
+  -v ./data:/app/data \
+  -v ./logs:/app/logs \
+  -e ADMIN_USERNAME=my_admin \
+  -e ADMIN_PASSWORD=my_password \
+  weishaw/claude-relay-service:latest
+```
+
+## 🔍 验证配置
+
+1. 推送代码到 main 分支
+2. 在 GitHub 仓库页面点击 `Actions` 标签
+3. 查看 `Docker Build & Push` 工作流运行状态
+4. 成功后在 Docker Hub 查看镜像
+
+## 🛡️ 安全功能
+
+- **漏洞扫描**：使用 Trivy 自动扫描镜像漏洞
+- **扫描报告**：上传到 GitHub Security 标签页
+- **自动更新 README**：同步更新 Docker Hub 的项目描述
+
+## ❓ 常见问题
+
+### 构建失败
+
+- 检查 secrets 是否正确配置
+- 确认 Docker Hub token 有足够权限
+- 查看 Actions 日志详细错误信息
+
+### 镜像推送失败
+
+- 确认 Docker Hub 用户名正确
+- 检查是否达到 Docker Hub 免费账户限制
+- Token 可能过期，需要重新生成
+
+### 多平台构建慢
+
+这是正常的，因为需要模拟不同架构。可以在不需要时修改 `platforms` 配置。

.github/FUNDING.yml

@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: # Your GitHub username for GitHub Sponsors
+patreon: # Replace with your Patreon username if you have one
+open_collective: # Replace with your Open Collective username if you have one
+ko_fi: # Replace with your Ko-fi username if you have one
+tidelift: # Replace with your Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with your Community Bridge project-name
+liberapay: # Replace with your Liberapay username
+issuehunt: # Replace with your IssueHunt username
+otechie: # Replace with your Otechie username
+custom: ['https://afdian.com/a/claude-relay-service'] # Your custom donation link (Afdian)

.github/RELEASE_PROCESS.md

@@ -0,0 +1,94 @@
+# 发布流程说明
+
+## 概述
+
+本项目采用全自动化的版本管理和发布流程。VERSION文件由GitHub Actions自动维护，无需手动修改。
+
+## 自动发布流程
+
+### 1. 工作原理
+
+1. **代码推送**: 当你推送代码到main分支时
+2. **自动版本更新**: `auto-version-bump.yml`会：
+   - 检测是否有实质性代码变更（排除.md文件、docs/目录等）
+   - 如果有代码变更，自动将版本号+1并更新VERSION文件
+   - 提交VERSION文件更新到main分支
+3. **自动发布**: `release-on-version.yml`会：
+   - 检测到只有VERSION文件变更的提交
+   - 自动创建Git tag
+   - 创建GitHub Release
+   - 构建并推送Docker镜像
+   - 发送Telegram通知（如果配置）
+
+### 2. 工作流文件说明
+
+- **auto-version-bump.yml**: 自动检测代码变更并更新VERSION文件
+- **release-on-version.yml**: 检测VERSION文件单独提交并触发发布
+- **docker-publish.yml**: 在tag创建时构建Docker镜像（备用）
+- **release.yml**: 在tag创建时生成Release（备用）
+
+### 3. 版本号规范
+
+- 使用语义化版本号：`MAJOR.MINOR.PATCH`
+- 默认自动递增PATCH版本（例如：1.1.10 → 1.1.11）
+- VERSION文件只包含版本号，不包含`v`前缀
+- Git tag会自动添加`v`前缀
+
+### 4. 触发条件
+
+**会触发版本更新的文件变更**:
+- 源代码文件（.js, .ts, .jsx, .tsx等）
+- 配置文件（package.json, Dockerfile等）
+- 其他功能性文件
+
+**不会触发版本更新的文件变更**:
+- Markdown文件（*.md）
+- 文档目录（docs/）
+- GitHub配置（.github/）
+- VERSION文件本身
+- .gitignore、LICENSE等
+
+## 使用指南
+
+### 正常开发流程
+
+1. 进行代码开发和修改
+2. 提交并推送到main分支
+3. 系统自动完成版本更新和发布
+
+```bash
+# 正常的开发流程
+git add .
+git commit -m "feat: 添加新功能"
+git push origin main
+
+# GitHub Actions会自动：
+# 1. 检测到代码变更
+# 2. 更新VERSION文件（例如：1.1.10 → 1.1.11）
+# 3. 创建新的release和Docker镜像
+```
+
+### 跳过版本更新
+
+如果只是更新文档或其他非代码文件，系统会自动识别并跳过版本更新。
+
+## 故障排除
+
+### 版本没有自动更新
+
+1. 检查是否有实质性代码变更
+2. 查看GitHub Actions运行日志
+3. 确认推送的是main分支
+
+### 需要手动触发发布
+
+如果需要手动控制版本：
+1. 直接修改VERSION文件
+2. 提交并推送
+3. 系统会检测到VERSION变更并触发发布
+
+## 注意事项
+
+- **不要**在同一个提交中既修改代码又修改VERSION文件
+- **不要**手动创建tag，让系统自动管理
+- 系统会自动避免死循环（GitHub Actions的提交不会触发新的版本更新）

.github/TELEGRAM_SETUP.md

@@ -0,0 +1,110 @@
+# Telegram 自动通知设置指南
+
+## 📋 概述
+
+当 GitHub Actions 自动发布新版本时，系统会自动发送通知到你的 Telegram 频道。
+
+## 🚀 设置步骤
+
+### 1. 创建 Telegram Bot
+
+1. 在 Telegram 中找到 [@BotFather](https://t.me/botfather)
+2. 发送 `/newbot` 命令
+3. 按提示设置 Bot 名称（例如：Claude Relay Updates）
+4. 设置 Bot 用户名（例如：claude_relay_bot）
+5. **保存 Bot Token**（格式类似：`1234567890:ABCdefGHIjklMNOpqrsTUVwxyz`）
+
+### 2. 创建或选择 Telegram 频道
+
+1. 创建一个新频道或使用现有频道
+2. 将你的 Bot 添加为频道管理员：
+   - 进入频道设置
+   - 管理员 → 添加管理员
+   - 搜索你的 Bot 用户名
+   - 赋予发送消息权限
+
+### 3. 获取频道 Chat ID
+
+有几种方法获取频道的 Chat ID：
+
+#### 方法 1：使用 Web Telegram
+1. 打开 https://web.telegram.org
+2. 进入你的频道
+3. 查看 URL，格式为：`https://web.telegram.org/k/#-1234567890`
+4. Chat ID 就是 `#` 后面的数字（包括负号）：`-1234567890`
+
+#### 方法 2：使用 Bot API
+1. 先在频道发送一条消息
+2. 访问：`https://api.telegram.org/bot<YOUR_BOT_TOKEN>/getUpdates`
+3. 找到你的频道消息，查看 `chat.id` 字段
+
+#### 方法 3：使用频道用户名
+如果频道是公开的，可以直接使用 `@频道用户名` 作为 Chat ID
+
+### 4. 添加 GitHub Secrets
+
+1. 访问你的 GitHub 仓库
+2. 进入 Settings → Secrets and variables → Actions
+3. 点击 "New repository secret"
+4. 添加以下两个 Secrets：
+
+   **TELEGRAM_BOT_TOKEN**
+   - Name: `TELEGRAM_BOT_TOKEN`
+   - Value: 你的 Bot Token（例如：`1234567890:ABCdefGHIjklMNOpqrsTUVwxyz`）
+
+   **TELEGRAM_CHAT_ID**
+   - Name: `TELEGRAM_CHAT_ID`
+   - Value: 你的频道 Chat ID（例如：`-1234567890` 或 `@your_channel`）
+
+## ✅ 测试配置
+
+配置完成后，下次推送到 main 分支时，你的 Telegram 频道将收到类似这样的通知：
+
+```
+🚀 Claude Relay Service 新版本发布！
+
+📦 版本号: 1.1.3
+
+📝 更新内容:
+- feat: 添加 Telegram 自动通知功能
+- fix: 修复某个问题
+
+🐳 Docker 部署:
+docker pull weishaw/claude-relay-service:v1.1.3
+docker pull weishaw/claude-relay-service:latest
+
+🔗 相关链接:
+• GitHub Release
+• 完整更新日志
+• Docker Hub
+
+#ClaudeRelay #Update #v1_1_3
+```
+
+## 🔧 自定义通知
+
+如果你想修改通知格式，编辑 `.github/workflows/auto-release.yml` 中的 `Send Telegram Notification` 步骤。
+
+## ❓ 常见问题
+
+### Q: 通知发送失败怎么办？
+
+检查：
+1. Bot Token 是否正确
+2. Bot 是否已添加为频道管理员
+3. Chat ID 是否正确（注意负号）
+4. GitHub Secrets 是否正确配置
+
+### Q: 可以发送到多个频道吗？
+
+可以修改工作流，添加多个通知步骤，或使用逗号分隔多个 Chat ID。
+
+### Q: 通知失败会影响版本发布吗？
+
+不会。通知步骤配置了 `continue-on-error: true`，即使通知失败也不会影响版本发布。
+
+## 🔐 安全提示
+
+- **永远不要**在代码中直接写入 Bot Token
+- 始终使用 GitHub Secrets 存储敏感信息
+- 定期更换 Bot Token 以保证安全

.github/WORKFLOW_USAGE.md

@@ -0,0 +1,129 @@
+# GitHub Actions 工作流使用指南
+
+## 📋 概述
+
+本项目配置了自动化 CI/CD 流程，每次推送到 main 分支都会自动构建并发布 Docker 镜像到 Docker Hub。
+
+## 🚀 工作流程
+
+### 1. Docker 构建和发布 (`docker-publish.yml`)
+
+**功能：**
+- 自动构建多平台 Docker 镜像（amd64, arm64）
+- 推送到 Docker Hub
+- 执行安全漏洞扫描
+- 更新 Docker Hub 描述
+
+**触发条件：**
+- 推送到 `main` 分支
+- 创建版本标签（如 `v1.0.0`）
+- Pull Request（仅构建，不推送）
+- 手动触发
+
+### 2. 发布管理 (`release.yml`)
+
+**功能：**
+- 自动创建 GitHub Release
+- 生成更新日志
+- 关联 Docker 镜像版本
+
+**触发条件：**
+- 创建版本标签（如 `v1.0.0`）
+
+### 3. 自动版本发布 (`auto-release.yml`)
+
+**功能：**
+- 自动递增版本号（patch 版本）
+- 自动创建版本标签
+- 生成 GitHub Release
+- 更新 CHANGELOG.md
+
+**触发条件：**
+- 推送到 `main` 分支（自动触发）
+- 忽略纯文档更新
+
+## 📝 版本发布流程
+
+### 1. 常规更新（推送到 main）
+
+```bash
+git add .
+git commit -m "fix: 修复登录问题"
+git push origin main
+```
+
+**结果：**
+- 自动构建并推送 `latest` 标签到 Docker Hub
+- 更新 `main` 标签
+- **自动递增版本号并创建 Release**（例如：v1.0.1 → v1.0.2）
+- 生成更新日志
+
+### 2. 版本发布
+
+```bash
+# 创建版本标签
+git tag -a v1.0.0 -m "Release version 1.0.0"
+git push origin v1.0.0
+```
+
+**结果：**
+- 构建并推送以下标签到 Docker Hub：
+  - `v1.0.0`（完整版本）
+  - `1.0`（主次版本）
+  - `1`（主版本）
+  - `latest`（最新版本）
+- 创建 GitHub Release
+- 生成更新日志
+
+## 🔧 手动触发构建
+
+1. 访问仓库的 Actions 页面
+2. 选择 "Docker Build & Push" 工作流
+3. 点击 "Run workflow"
+4. 选择分支并运行
+
+## 📊 查看构建状态
+
+- **Actions 页面**：查看所有工作流运行历史
+- **README 徽章**：实时显示构建状态
+- **Docker Hub**：查看镜像标签和拉取次数
+
+## 🛡️ 安全扫描
+
+每次构建都会运行 Trivy 安全扫描：
+- 扫描结果上传到 GitHub Security 标签页
+- 发现高危漏洞会在 Actions 日志中警告
+
+## ❓ 常见问题
+
+### Q: 如何回滚到之前的版本？
+
+```bash
+# 使用特定版本标签
+docker pull weishaw/claude-relay-service:v1.0.0
+
+# 或在 docker-compose.yml 中指定版本
+image: weishaw/claude-relay-service:v1.0.0
+```
+
+### Q: 如何跳过自动构建？
+
+在 commit 消息中添加 `[skip ci]`：
+```bash
+git commit -m "docs: 更新文档 [skip ci]"
+```
+
+### Q: 构建失败如何调试？
+
+1. 查看 Actions 日志详细错误信息
+2. 在本地测试 Docker 构建：
+   ```bash
+   docker build -t test .
+   ```
+
+## 📚 相关文档
+
+- [自动版本发布指南](.github/AUTO_RELEASE_GUIDE.md)
+- [Docker Hub 配置指南](.github/DOCKER_HUB_SETUP.md)
+- [GitHub Actions 文档](https://docs.github.com/en/actions)
+- [Docker 官方文档](https://docs.docker.com/)

.github/cliff.toml

@@ -0,0 +1,68 @@
+# git-cliff configuration file
+# https://git-cliff.org/docs/configuration
+
+[changelog]
+# changelog header
+header = """
+# Changelog
+
+All notable changes to this project will be documented in this file.
+"""
+# template for the changelog body
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% else %}\
+    ## [unreleased]
+{% endif %}\
+{% for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | upper_first }}
+    {% for commit in commits %}
+        - {% if commit.breaking %}[**breaking**] {% endif %}{{ commit.message | upper_first }} ([{{ commit.id | truncate(length=7, end="") }}](https://github.com/Wei-Shaw/claude-relay-service/commit/{{ commit.id }}))
+    {%- endfor %}
+{% endfor %}\n
+"""
+# remove the leading and trailing whitespace from the template
+trim = true
+# changelog footer
+footer = """
+"""
+
+[git]
+# parse the commits based on https://www.conventionalcommits.org
+conventional_commits = true
+# filter out the commits that are not conventional
+filter_unconventional = true
+# process each line of a commit as an individual commit
+split_commits = false
+# regex for preprocessing the commit messages
+commit_preprocessors = [
+    { pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](https://github.com/Wei-Shaw/claude-relay-service/issues/${2}))" },
+]
+# regex for parsing and grouping commits
+commit_parsers = [
+    { message = "^feat", group = "Features" },
+    { message = "^fix", group = "Bug Fixes" },
+    { message = "^docs", group = "Documentation" },
+    { message = "^perf", group = "Performance" },
+    { message = "^refactor", group = "Refactor" },
+    { message = "^style", group = "Styling" },
+    { message = "^test", group = "Testing" },
+    { message = "^chore\\(release\\): prepare for", skip = true },
+    { message = "^chore", group = "Miscellaneous Tasks" },
+    { body = ".*security", group = "Security" },
+]
+# protect breaking changes from being skipped due to matching a skipping commit_parser
+protect_breaking_commits = false
+# filter out the commits that are not matched by commit parsers
+filter_commits = false
+# glob pattern for matching git tags
+tag_pattern = "v[0-9]*"
+# regex for skipping tags
+skip_tags = "v0.1.0-beta.1"
+# regex for ignoring tags
+ignore_tags = ""
+# sort the tags topologically
+topo_order = false
+# sort the commits inside sections by oldest/newest order
+sort_commits = "oldest"

.github/secret_scanning.yml

@@ -0,0 +1,6 @@
+# GitHub Secret Scanning Configuration
+# This file excludes specific paths from secret scanning
+
+paths-ignore:
+  - 'src/services/geminiAccountService.js'
+  - 'data/demo/Gemini-CLI-2-API/gemini-core.js'

.github/workflows/auto-release-pipeline.yml

@@ -0,0 +1,490 @@
+name: Auto Release Pipeline
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  release-pipeline:
+    runs-on: ubuntu-latest
+    # 跳过由GitHub Actions创建的提交，避免死循环
+    if: github.event.pusher.name != 'github-actions[bot]' && !contains(github.event.head_commit.message, '[skip ci]')
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Check if version bump is needed
+      id: check
+      run: |
+        # 检测是否是合并提交
+        PARENT_COUNT=$(git rev-list --parents -n 1 HEAD | wc -w)
+        PARENT_COUNT=$((PARENT_COUNT - 1))
+        echo "Parent count: $PARENT_COUNT"
+        
+        if [ "$PARENT_COUNT" -gt 1 ]; then
+          # 合并提交：获取合并进来的所有文件变更
+          echo "Detected merge commit, getting all merged changes"
+          # 获取合并基准点
+          MERGE_BASE=$(git merge-base HEAD^1 HEAD^2 2>/dev/null || echo "")
+          if [ -n "$MERGE_BASE" ]; then
+            # 获取从合并基准到 HEAD 的所有变更
+            CHANGED_FILES=$(git diff --name-only $MERGE_BASE..HEAD)
+          else
+            # 如果无法获取合并基准，使用第二个父提交
+            CHANGED_FILES=$(git diff --name-only HEAD^2..HEAD)
+          fi
+        else
+          # 普通提交：获取相对于上一个提交的变更
+          CHANGED_FILES=$(git diff --name-only HEAD~1..HEAD 2>/dev/null || git diff --name-only $(git rev-list --max-parents=0 HEAD)..HEAD)
+        fi
+        
+        echo "Changed files:"
+        echo "$CHANGED_FILES"
+        
+        # 检查是否只有无关文件（.md, docs/, .github/等）
+        SIGNIFICANT_CHANGES=false
+        while IFS= read -r file; do
+          # 跳过空行
+          [ -z "$file" ] && continue
+          
+          # 检查是否是需要忽略的文件
+          if [[ ! "$file" =~ \.(md|txt)$ ]] && 
+             [[ ! "$file" =~ ^docs/ ]] && 
+             [[ ! "$file" =~ ^\.github/ ]] &&
+             [[ "$file" != "VERSION" ]] &&
+             [[ "$file" != ".gitignore" ]] &&
+             [[ "$file" != "LICENSE" ]]; then
+            echo "Found significant change in: $file"
+            SIGNIFICANT_CHANGES=true
+            break
+          fi
+        done <<< "$CHANGED_FILES"
+        
+        if [ "$SIGNIFICANT_CHANGES" = true ]; then
+          echo "Significant changes detected, version bump needed"
+          echo "needs_bump=true" >> $GITHUB_OUTPUT
+        else
+          echo "No significant changes, skipping version bump"
+          echo "needs_bump=false" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Get current version
+      if: steps.check.outputs.needs_bump == 'true'
+      id: get_version
+      run: |
+        # 获取最新的tag版本
+        LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
+        echo "Latest tag: $LATEST_TAG"
+        TAG_VERSION=${LATEST_TAG#v}
+        
+        # 获取VERSION文件中的版本
+        FILE_VERSION=$(cat VERSION | tr -d '[:space:]')
+        echo "VERSION file: $FILE_VERSION"
+        
+        # 比较tag版本和文件版本，取较大值
+        function version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
+        
+        if version_gt "$FILE_VERSION" "$TAG_VERSION"; then
+          VERSION="$FILE_VERSION"
+          echo "Using VERSION file: $VERSION (newer than tag)"
+        else
+          VERSION="$TAG_VERSION"
+          echo "Using tag version: $VERSION (newer or equal to file)"
+        fi
+        
+        echo "Current version: $VERSION"
+        echo "current_version=$VERSION" >> $GITHUB_OUTPUT
+
+    - name: Calculate next version
+      if: steps.check.outputs.needs_bump == 'true'
+      id: next_version
+      run: |
+        VERSION="${{ steps.get_version.outputs.current_version }}"
+        
+        # 分割版本号
+        IFS='.' read -r -a version_parts <<< "$VERSION"
+        MAJOR="${version_parts[0]:-0}"
+        MINOR="${version_parts[1]:-0}"
+        PATCH="${version_parts[2]:-0}"
+        
+        # 默认递增patch版本
+        NEW_PATCH=$((PATCH + 1))
+        NEW_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}"
+        
+        echo "New version: $NEW_VERSION"
+        echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
+        echo "new_tag=v$NEW_VERSION" >> $GITHUB_OUTPUT
+
+    - name: Update VERSION file
+      if: steps.check.outputs.needs_bump == 'true'
+      run: |
+        echo "${{ steps.next_version.outputs.new_version }}" > VERSION
+        
+        # 配置git
+        git config user.name "github-actions[bot]"
+        git config user.email "github-actions[bot]@users.noreply.github.com"
+        
+        # 提交VERSION文件 - 添加 [skip ci] 以避免再次触发
+        git add VERSION
+        git commit -m "chore: sync VERSION file with release ${{ steps.next_version.outputs.new_tag }} [skip ci]"
+
+    # 构建前端并推送到 web-dist 分支
+    - name: Setup Node.js
+      if: steps.check.outputs.needs_bump == 'true'
+      uses: actions/setup-node@v4
+      with:
+        node-version: '18'
+        cache: 'npm'
+        cache-dependency-path: web/admin-spa/package-lock.json
+
+    - name: Build Frontend
+      if: steps.check.outputs.needs_bump == 'true'
+      run: |
+        echo "Building frontend for version ${{ steps.next_version.outputs.new_version }}..."
+        cd web/admin-spa
+        npm ci
+        npm run build
+        echo "Frontend build completed"
+
+    - name: Push Frontend Build to web-dist Branch
+      if: steps.check.outputs.needs_bump == 'true'
+      run: |
+        # 创建临时目录
+        TEMP_DIR=$(mktemp -d)
+        echo "Using temp directory: $TEMP_DIR"
+        
+        # 复制构建产物到临时目录
+        cp -r web/admin-spa/dist/* "$TEMP_DIR/"
+        
+        # 检查 web-dist 分支是否存在
+        if git ls-remote --heads origin web-dist | grep -q web-dist; then
+          echo "Checking out existing web-dist branch"
+          git fetch origin web-dist:web-dist
+          git checkout web-dist
+        else
+          echo "Creating new web-dist branch"
+          git checkout --orphan web-dist
+        fi
+        
+        # 清空当前目录（保留 .git）
+        git rm -rf . 2>/dev/null || true
+        
+        # 复制构建产物
+        cp -r "$TEMP_DIR"/* .
+        
+        # 添加 README
+        cat > README.md << EOF
+        # Claude Relay Service - Web Frontend Build
+        
+        This branch contains the pre-built frontend assets for Claude Relay Service.
+        
+        **DO NOT EDIT FILES IN THIS BRANCH DIRECTLY**
+        
+        These files are automatically generated by the CI/CD pipeline.
+        
+        Version: ${{ steps.next_version.outputs.new_version }}
+        Build Date: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
+        EOF
+        
+        # 创建 .gitignore 文件以排除 node_modules
+        cat > .gitignore << EOF
+        node_modules/
+        *.log
+        .DS_Store
+        .env
+        EOF
+        
+        # 只添加必要的文件，排除 node_modules
+        git add --all -- ':!node_modules'
+        git commit -m "chore: update frontend build for v${{ steps.next_version.outputs.new_version }} [skip ci]"
+        git push origin web-dist --force
+        
+        # 切换回主分支
+        git checkout main
+        
+        # 清理临时目录
+        rm -rf "$TEMP_DIR"
+        
+        echo "Frontend build pushed to web-dist branch successfully"
+
+    - name: Install git-cliff
+      if: steps.check.outputs.needs_bump == 'true'
+      run: |
+        wget -q https://github.com/orhun/git-cliff/releases/download/v1.4.0/git-cliff-1.4.0-x86_64-unknown-linux-gnu.tar.gz
+        tar -xzf git-cliff-1.4.0-x86_64-unknown-linux-gnu.tar.gz
+        chmod +x git-cliff-1.4.0/git-cliff
+        sudo mv git-cliff-1.4.0/git-cliff /usr/local/bin/
+
+    - name: Generate changelog
+      if: steps.check.outputs.needs_bump == 'true'
+      id: changelog
+      run: |
+        # 获取上一个tag以来的更新日志
+        LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
+        if [ -n "$LATEST_TAG" ]; then
+          # 排除VERSION文件的提交
+          CHANGELOG=$(git-cliff --config .github/cliff.toml $LATEST_TAG..HEAD --strip header | grep -v "bump version" | sed '/^$/d' || echo "- 代码优化和改进")
+        else
+          CHANGELOG=$(git-cliff --config .github/cliff.toml --strip header || echo "- 初始版本发布")
+        fi
+        echo "content<<EOF" >> $GITHUB_OUTPUT
+        echo "$CHANGELOG" >> $GITHUB_OUTPUT
+        echo "EOF" >> $GITHUB_OUTPUT
+
+    - name: Create and push tag
+      if: steps.check.outputs.needs_bump == 'true'
+      run: |
+        NEW_TAG="${{ steps.next_version.outputs.new_tag }}"
+        git tag -a "$NEW_TAG" -m "Release $NEW_TAG"
+        git push origin HEAD:main "$NEW_TAG"
+
+    - name: Prepare image names
+      id: image_names
+      if: steps.check.outputs.needs_bump == 'true'
+      run: |
+        DOCKER_USERNAME="${{ secrets.DOCKERHUB_USERNAME }}"
+        if [ -z "$DOCKER_USERNAME" ]; then
+          DOCKER_USERNAME="weishaw"
+        fi
+
+        DOCKER_IMAGE=$(echo "${DOCKER_USERNAME}/claude-relay-service" | tr '[:upper:]' '[:lower:]')
+        GHCR_IMAGE=$(echo "ghcr.io/${{ github.repository_owner }}/claude-relay-service" | tr '[:upper:]' '[:lower:]')
+
+        {
+          echo "docker_image=${DOCKER_IMAGE}"
+          echo "ghcr_image=${GHCR_IMAGE}"
+        } >> "$GITHUB_OUTPUT"
+
+    - name: Create GitHub Release
+      if: steps.check.outputs.needs_bump == 'true'
+      uses: softprops/action-gh-release@v1
+      with:
+        tag_name: ${{ steps.next_version.outputs.new_tag }}
+        name: Release ${{ steps.next_version.outputs.new_version }}
+        body: |
+          ## 🐳 Docker 镜像
+          
+          ```bash
+          docker pull ${{ steps.image_names.outputs.docker_image }}:${{ steps.next_version.outputs.new_tag }}
+          docker pull ${{ steps.image_names.outputs.docker_image }}:latest
+          docker pull ${{ steps.image_names.outputs.ghcr_image }}:${{ steps.next_version.outputs.new_tag }}
+          docker pull ${{ steps.image_names.outputs.ghcr_image }}:latest
+          ```
+          
+          ## 📦 主要更新
+          
+          ${{ steps.changelog.outputs.content }}
+          
+          ## 📋 完整更新日志
+          
+          查看 [所有版本](https://github.com/${{ github.repository }}/releases)
+        draft: false
+        prerelease: false
+        generate_release_notes: true
+
+    # 自动清理旧的tags和releases（保持最近50个）
+    - name: Cleanup old tags and releases
+      if: steps.check.outputs.needs_bump == 'true'
+      continue-on-error: true
+      env:
+        TAGS_TO_KEEP: 50
+      run: |
+        echo "🧹 自动清理旧版本，保持最近 $TAGS_TO_KEEP 个tag..."
+        
+        # 获取所有版本tag并按版本号排序（从旧到新）
+        echo "正在获取所有tags..."
+        ALL_TAGS=$(git ls-remote --tags origin | grep -E 'refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$' | awk '{print $2}' | sed 's|refs/tags/||' | sort -V)
+        
+        # 检查是否获取到tags
+        if [ -z "$ALL_TAGS" ]; then
+          echo "⚠️ 未找到任何版本tag"
+          exit 0
+        fi
+        
+        TOTAL_COUNT=$(echo "$ALL_TAGS" | wc -l)
+        
+        echo "📊 当前tag统计："
+        echo "- 总数: $TOTAL_COUNT"
+        echo "- 配置保留: $TAGS_TO_KEEP"
+        
+        if [ "$TOTAL_COUNT" -gt "$TAGS_TO_KEEP" ]; then
+          DELETE_COUNT=$((TOTAL_COUNT - TAGS_TO_KEEP))
+          echo "- 将要删除: $DELETE_COUNT 个最旧的tag"
+          
+          # 获取要删除的tags（最老的）
+          TAGS_TO_DELETE=$(echo "$ALL_TAGS" | head -n "$DELETE_COUNT")
+          
+          # 显示将要删除的版本范围
+          OLDEST_TO_DELETE=$(echo "$TAGS_TO_DELETE" | head -1)
+          NEWEST_TO_DELETE=$(echo "$TAGS_TO_DELETE" | tail -1)
+          echo ""
+          echo "🗑️ 将要删除的版本范围："
+          echo "- 从: $OLDEST_TO_DELETE"
+          echo "- 到: $NEWEST_TO_DELETE"
+          
+          echo ""
+          echo "开始执行删除..."
+          SUCCESS_COUNT=0
+          FAIL_COUNT=0
+          
+          for tag in $TAGS_TO_DELETE; do
+            echo -n "  删除 $tag ... "
+            
+            # 先检查release是否存在
+            if gh release view "$tag" >/dev/null 2>&1; then
+              # Release存在，删除release会同时删除tag
+              if gh release delete "$tag" --yes --cleanup-tag 2>/dev/null; then
+                echo "✅ (release+tag)"
+                SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
+              else
+                echo "❌ (release删除失败)"
+                FAIL_COUNT=$((FAIL_COUNT + 1))
+              fi
+            else
+              # Release不存在，只删除tag
+              if git push origin --delete "$tag" 2>/dev/null; then
+                echo "✅ (仅tag)"
+                SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
+              else
+                echo "⏭️ (已不存在)"
+                FAIL_COUNT=$((FAIL_COUNT + 1))
+              fi
+            fi
+          done
+          
+          echo ""
+          echo "📊 清理结果："
+          echo "- 成功删除: $SUCCESS_COUNT"
+          echo "- 失败/跳过: $FAIL_COUNT"
+          
+          # 重新获取并显示保留的版本范围
+          echo ""
+          echo "正在验证清理结果..."
+          REMAINING_TAGS=$(git ls-remote --tags origin | grep -E 'refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$' | awk '{print $2}' | sed 's|refs/tags/||' | sort -V)
+          REMAINING_COUNT=$(echo "$REMAINING_TAGS" | wc -l)
+          OLDEST=$(echo "$REMAINING_TAGS" | head -1)
+          NEWEST=$(echo "$REMAINING_TAGS" | tail -1)
+          
+          echo "✅ 清理完成！"
+          echo ""
+          echo "📌 当前保留的版本："
+          echo "- 最旧版本: $OLDEST"
+          echo "- 最新版本: $NEWEST"
+          echo "- 版本总数: $REMAINING_COUNT"
+          
+          # 验证是否达到预期
+          if [ "$REMAINING_COUNT" -le "$TAGS_TO_KEEP" ]; then
+            echo "- 状态: ✅ 符合预期（≤$TAGS_TO_KEEP）"
+          else
+            echo "- 状态: ⚠️ 超出预期（某些tag可能删除失败）"
+          fi
+        else
+          echo "✅ 当前tag数量（$TOTAL_COUNT）未超过限制（$TAGS_TO_KEEP），无需清理"
+        fi
+
+    # Docker构建步骤
+    - name: Set up QEMU
+      if: steps.check.outputs.needs_bump == 'true'
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      if: steps.check.outputs.needs_bump == 'true'
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      if: steps.check.outputs.needs_bump == 'true'
+      uses: docker/login-action@v3
+      with:
+        registry: docker.io
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Log in to GitHub Container Registry
+      if: steps.check.outputs.needs_bump == 'true'
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build and push Docker image
+      if: steps.check.outputs.needs_bump == 'true'
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        platforms: linux/amd64,linux/arm64
+        push: true
+        tags: |
+          ${{ steps.image_names.outputs.docker_image }}:${{ steps.next_version.outputs.new_tag }}
+          ${{ steps.image_names.outputs.docker_image }}:latest
+          ${{ steps.image_names.outputs.docker_image }}:${{ steps.next_version.outputs.new_version }}
+          ${{ steps.image_names.outputs.ghcr_image }}:${{ steps.next_version.outputs.new_tag }}
+          ${{ steps.image_names.outputs.ghcr_image }}:latest
+          ${{ steps.image_names.outputs.ghcr_image }}:${{ steps.next_version.outputs.new_version }}
+        labels: |
+          org.opencontainers.image.version=${{ steps.next_version.outputs.new_version }}
+          org.opencontainers.image.revision=${{ github.sha }}
+          org.opencontainers.image.source=https://github.com/${{ github.repository }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Send Telegram Notification
+      if: steps.check.outputs.needs_bump == 'true' && env.TELEGRAM_BOT_TOKEN != '' && env.TELEGRAM_CHAT_ID != ''
+      env:
+        TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
+        TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
+        DOCKER_IMAGE: ${{ steps.image_names.outputs.docker_image }}
+        GHCR_IMAGE: ${{ steps.image_names.outputs.ghcr_image }}
+      continue-on-error: true
+      run: |
+        VERSION="${{ steps.next_version.outputs.new_version }}"
+        TAG="${{ steps.next_version.outputs.new_tag }}"
+        REPO="${{ github.repository }}"
+        
+        # 获取更新内容并限制长度
+        CHANGELOG="${{ steps.changelog.outputs.content }}"
+        CHANGELOG_TRUNCATED=$(echo "$CHANGELOG" | head -c 1000)
+        if [ ${#CHANGELOG} -gt 1000 ]; then
+          CHANGELOG_TRUNCATED="${CHANGELOG_TRUNCATED}..."
+        fi
+        
+        # 构建消息内容
+        MESSAGE="🚀 *Claude Relay Service 新版本发布！*"$'\n'$'\n'
+        MESSAGE+="📦 版本号: \`${VERSION}\`"$'\n'$'\n'
+        MESSAGE+="📝 *更新内容:*"$'\n'
+        MESSAGE+="${CHANGELOG_TRUNCATED}"$'\n'$'\n'
+        MESSAGE+="🐳 *Docker 部署:*"$'\n'
+        MESSAGE+="\`\`\`bash"$'\n'
+        MESSAGE+="docker pull ${DOCKER_IMAGE}:${TAG}"$'\n'
+        MESSAGE+="docker pull ${DOCKER_IMAGE}:latest"$'\n'
+        MESSAGE+="docker pull ${GHCR_IMAGE}:${TAG}"$'\n'
+        MESSAGE+="docker pull ${GHCR_IMAGE}:latest"$'\n'
+        MESSAGE+="\`\`\`"$'\n'$'\n'
+        MESSAGE+="🔗 *相关链接:*"$'\n'
+        MESSAGE+="• [GitHub Release](https://github.com/${REPO}/releases/tag/${TAG})"$'\n'
+        MESSAGE+="• [完整更新日志](https://github.com/${REPO}/releases)"$'\n'
+        MESSAGE+="• [Docker Hub](https://hub.docker.com/r/${DOCKER_IMAGE%/*}/claude-relay-service)"$'\n'
+        MESSAGE+="• [GHCR](https://ghcr.io/${GHCR_IMAGE#ghcr.io/})"$'\n'$'\n'
+        MESSAGE+="#ClaudeRelay #Update #v${VERSION//./_}"
+        
+        # 使用 jq 构建 JSON 并发送
+        jq -n \
+          --arg chat_id "${TELEGRAM_CHAT_ID}" \
+          --arg text "${MESSAGE}" \
+          '{
+            chat_id: $chat_id,
+            text: $text,
+            parse_mode: "Markdown",
+            disable_web_page_preview: false
+          }' | \
+        curl -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
+          -H "Content-Type: application/json" \
+          -d @-

.github/workflows/pr-lint-check.yml

@@ -0,0 +1,320 @@
+name: PR Lint and Format Check
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths:
+      - '**.js'
+      - '**.jsx'
+      - '**.ts'
+      - '**.tsx'
+      - '**.vue'
+      - '**.json'
+      - '**.cjs'
+      - '**.mjs'
+      - '.prettierrc'
+      - '.eslintrc.cjs'
+      - 'package.json'
+      - 'web/admin-spa/**'
+
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
+jobs:
+  lint-and-format:
+    runs-on: ubuntu-latest
+    name: Check Code Quality
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install dependencies
+        run: |
+          npm ci --prefer-offline --no-audit
+          # 安装 web 目录的依赖（如果存在）
+          if [ -d "web/admin-spa" ] && [ -f "web/admin-spa/package.json" ]; then
+            cd web/admin-spa
+            npm ci --prefer-offline --no-audit
+            cd ../..
+          fi
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v41
+        with:
+          files: |
+            **/*.js
+            **/*.jsx
+            **/*.ts
+            **/*.tsx
+            **/*.vue
+            **/*.cjs
+            **/*.mjs
+            **/*.json
+          files_ignore: |
+            node_modules/**
+            dist/**
+            build/**
+            coverage/**
+            .git/**
+            logs/**
+            temp/**
+            tmp/**
+
+      - name: Check Prettier formatting
+        if: steps.changed-files.outputs.any_changed == 'true'
+        id: prettier-check
+        run: |
+          echo "🔍 Checking Prettier formatting for changed files..."
+          echo "Changed files: ${{ steps.changed-files.outputs.all_changed_files }}"
+          
+          # 初始化标志
+          PRETTIER_FAILED=false
+          PRETTIER_OUTPUT=""
+          
+          # 检查每个改变的文件
+          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
+            if [ -f "$file" ]; then
+              echo "Checking: $file"
+              
+              # 根据文件位置选择正确的 prettier 配置
+              if [[ "$file" == web/admin-spa/* ]]; then
+                # 前端文件：进入前端目录运行 prettier
+                cd web/admin-spa
+                RELATIVE_FILE="${file#web/admin-spa/}"
+                if ! npx prettier --check "$RELATIVE_FILE" 2>&1; then
+                  PRETTIER_FAILED=true
+                  DIFF=$(npx prettier "$RELATIVE_FILE" | diff -u "$RELATIVE_FILE" - || true)
+                  if [ -n "$DIFF" ]; then
+                    PRETTIER_OUTPUT="${PRETTIER_OUTPUT}❌ File needs formatting: $file\n"
+                    PRETTIER_OUTPUT="${PRETTIER_OUTPUT}\`\`\`diff\n${DIFF}\n\`\`\`\n\n"
+                  fi
+                else
+                  echo "✅ $file is properly formatted"
+                fi
+                cd ../..
+              else
+                # 后端文件：使用根目录的 prettier
+                if ! npx prettier --check "$file" 2>&1; then
+                  PRETTIER_FAILED=true
+                  DIFF=$(npx prettier "$file" | diff -u "$file" - || true)
+                  if [ -n "$DIFF" ]; then
+                    PRETTIER_OUTPUT="${PRETTIER_OUTPUT}❌ File needs formatting: $file\n"
+                    PRETTIER_OUTPUT="${PRETTIER_OUTPUT}\`\`\`diff\n${DIFF}\n\`\`\`\n\n"
+                  fi
+                else
+                  echo "✅ $file is properly formatted"
+                fi
+              fi
+            fi
+          done
+          
+          # 输出结果
+          if [ "$PRETTIER_FAILED" = true ]; then
+            echo "prettier_failed=true" >> $GITHUB_OUTPUT
+            echo -e "$PRETTIER_OUTPUT" > prettier-report.md
+            echo "❌ Some files are not properly formatted."
+            echo "Please run: npm run format (backend) or cd web/admin-spa && npm run format (frontend)"
+            exit 1
+          else
+            echo "prettier_failed=false" >> $GITHUB_OUTPUT
+            echo "✅ All files are properly formatted"
+          fi
+
+      - name: Run ESLint
+        if: steps.changed-files.outputs.any_changed == 'true'
+        id: eslint-check
+        run: |
+          echo "🔍 Running ESLint on changed files..."
+          
+          # 分离前端和后端文件
+          BACKEND_FILES=""
+          FRONTEND_FILES=""
+          
+          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
+            if [[ "$file" =~ \.(js|jsx|vue|cjs|mjs)$ ]] && [ -f "$file" ]; then
+              if [[ "$file" == web/admin-spa/* ]]; then
+                FRONTEND_FILES="$FRONTEND_FILES ${file#web/admin-spa/}"
+              else
+                BACKEND_FILES="$BACKEND_FILES $file"
+              fi
+            fi
+          done
+          
+          ESLINT_FAILED=false
+          ESLINT_OUTPUT=""
+          
+          # 检查后端文件
+          if [ -n "$BACKEND_FILES" ]; then
+            echo "Linting backend files: $BACKEND_FILES"
+            set +e
+            BACKEND_OUTPUT=$(npx eslint $BACKEND_FILES --format stylish 2>&1)
+            BACKEND_EXIT_CODE=$?
+            set -e
+            
+            if [ $BACKEND_EXIT_CODE -ne 0 ]; then
+              ESLINT_FAILED=true
+              ESLINT_OUTPUT="${ESLINT_OUTPUT}### Backend ESLint Issues\n\`\`\`\n${BACKEND_OUTPUT}\n\`\`\`\n\n"
+            fi
+          fi
+          
+          # 检查前端文件
+          if [ -n "$FRONTEND_FILES" ]; then
+            echo "Linting frontend files: $FRONTEND_FILES"
+            cd web/admin-spa
+            set +e
+            FRONTEND_OUTPUT=$(npx eslint $FRONTEND_FILES --format stylish 2>&1)
+            FRONTEND_EXIT_CODE=$?
+            set -e
+            cd ../..
+            
+            if [ $FRONTEND_EXIT_CODE -ne 0 ]; then
+              ESLINT_FAILED=true
+              ESLINT_OUTPUT="${ESLINT_OUTPUT}### Frontend ESLint Issues\n\`\`\`\n${FRONTEND_OUTPUT}\n\`\`\`\n\n"
+            fi
+          fi
+          
+          # 输出结果
+          if [ "$ESLINT_FAILED" = true ]; then
+            echo "eslint_failed=true" >> $GITHUB_OUTPUT
+            echo "❌ ESLint found issues"
+            
+            # 创建错误报告
+            echo "## ESLint Report" > eslint-report.md
+            echo "$ESLINT_OUTPUT" >> eslint-report.md
+            echo "" >> eslint-report.md
+            echo "Please fix these issues by running:" >> eslint-report.md
+            echo '```bash' >> eslint-report.md
+            echo "# Backend: npm run lint" >> eslint-report.md
+            echo "# Frontend: cd web/admin-spa && npm run lint" >> eslint-report.md
+            echo '```' >> eslint-report.md
+            
+            exit 1
+          else
+            echo "eslint_failed=false" >> $GITHUB_OUTPUT
+            echo "✅ ESLint check passed"
+          fi
+
+      - name: Debug PR Context
+        if: failure()
+        run: |
+          echo "PR Number: ${{ github.event.pull_request.number }}"
+          echo "Repo: ${{ github.repository }}"
+          echo "Event Name: ${{ github.event_name }}"
+          echo "Actor: ${{ github.actor }}"
+
+      - name: Comment PR with results
+        if: failure()
+        continue-on-error: true  # 即使评论失败也继续
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GH_PAT || secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require('fs');
+            let comment = '## 🚨 Code Quality Check Failed\n\n';
+            
+            // 读取 Prettier 报告
+            if (fs.existsSync('prettier-report.md')) {
+              const prettierReport = fs.readFileSync('prettier-report.md', 'utf8');
+              comment += '### Prettier Formatting Issues\n\n';
+              comment += prettierReport;
+              comment += '\n**Fix command:**\n```bash\nnpm run format\n```\n\n';
+            }
+            
+            // 读取 ESLint 报告
+            if (fs.existsSync('eslint-report.md')) {
+              const eslintReport = fs.readFileSync('eslint-report.md', 'utf8');
+              comment += '### ESLint Issues\n\n';
+              comment += eslintReport;
+            }
+            
+            comment += '\n---\n';
+            comment += '💡 **提示**: 在本地运行以下命令来自动修复大部分问题:\n';
+            comment += '```bash\n';
+            comment += '# 后端代码\n';
+            comment += 'npm run format    # 修复后端 Prettier 格式问题\n';
+            comment += 'npm run lint      # 修复后端 ESLint 问题\n';
+            comment += '\n';
+            comment += '# 前端代码\n';
+            comment += 'cd web/admin-spa\n';
+            comment += 'npm run format    # 修复前端 Prettier 格式问题\n';
+            comment += 'npm run lint      # 修复前端 ESLint 问题\n';
+            comment += '```\n';
+            
+            // 查找是否已有机器人评论
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+            
+            const botComment = comments.find(comment => 
+              comment.user.type === 'Bot' && 
+              comment.body.includes('Code Quality Check Failed')
+            );
+            
+            if (botComment) {
+              // 更新现有评论
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+                body: comment
+              });
+            } else {
+              // 创建新评论
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                body: comment
+              });
+            }
+
+      - name: Success comment
+        if: success() && steps.changed-files.outputs.any_changed == 'true'
+        continue-on-error: true  # 即使评论失败也继续
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GH_PAT || secrets.GITHUB_TOKEN }}
+          script: |
+            // 查找是否已有失败的评论
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+            
+            const botComment = comments.find(comment => 
+              comment.user.type === 'Bot' && 
+              comment.body.includes('Code Quality Check Failed')
+            );
+            
+            if (botComment) {
+              // 如果之前有失败评论，更新为成功
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+                body: '## ✅ Code Quality Check Passed\n\nAll files are properly formatted and pass linting checks!'
+              });
+            }

.gitignore

@@ -0,0 +1,251 @@
+# fork add
+docs/
+
+# Dependencies
+node_modules/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# Environment variables
+.env
+.env.*
+!.env.example
+
+# Claude specific directories
+.claude/
+
+# MCP configuration (local only)
+.mcp.json
+.spec-workflow/
+
+# Data directory (contains sensitive information)
+data/
+!data/.gitkeep
+
+# Redis data directory
+redis_data/
+
+# Logs directory
+logs/
+*.log
+startup.log
+app.log
+
+# Configuration files (may contain sensitive data)
+config/config.js
+!config/config.example.js
+
+# Runtime data
+pids/
+*.pid
+*.seed
+*.pid.lock
+
+# Coverage directory used by tools like istanbul
+coverage/
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage
+.grunt
+
+# Bower dependency directory
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# parcel-bundler cache
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+
+# Nuxt.js build / generate output
+.nuxt
+# Gatsby files
+.cache/
+public
+
+# Vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# Temporary folders
+tmp/
+temp/
+.tmp/
+.temp/
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+desktop.ini
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Backup files
+*.bak
+*.backup
+*.backup.*
+.env.backup.*
+config.js.backup.*
+*~
+
+# Archive files (unless specifically needed)
+*.7z
+*.dmg
+*.gz
+*.iso
+*.jar
+*.rar
+*.tar
+*.zip
+
+# Application specific files
+# JWT secrets and encryption keys
+secrets/
+keys/
+certs/
+
+# Database dumps
+*.sql
+*.db
+*.sqlite
+*.sqlite3
+
+# Redis dumps
+dump.rdb
+appendonly.aof
+
+# PM2 files
+ecosystem.config.js
+.pm2/
+
+# Docker files (keep main ones, ignore volumes)
+.docker/
+docker-volumes/
+
+# Monitoring data
+prometheus/
+grafana/
+
+# Test files and coverage
+test-results/
+coverage/
+.nyc_output/
+
+# Documentation build
+docs/build/
+docs/dist/
+
+# Deployment files
+deploy/
+.deploy/
+
+# Package lock files (choose one)
+# Uncomment the one you DON'T want to track
+# package-lock.json
+# yarn.lock
+# pnpm-lock.yaml
+
+# Local development files
+.local/
+local/
+
+# Debug files
+debug.log
+error.log
+access.log
+http-debug*.log
+logs/http-debug-*.log
+
+src/middleware/debugInterceptor.js
+
+# Session files
+sessions/
+
+# Upload directories
+uploads/
+files/
+
+# Cache directories
+.cache/
+cache/
+
+# Build artifacts
+build/
+dist/
+out/
+
+# Runtime files
+*.sock
+
+# Old admin interface (deprecated)
+web/admin/
+web/apiStats/
+
+# Admin SPA build files
+web/admin-spa/dist/

.prettierrc

@@ -0,0 +1,14 @@
+{
+  "semi": false,
+  "trailingComma": "none",
+  "singleQuote": true,
+  "printWidth": 100,
+  "tabWidth": 2,
+  "useTabs": false,
+  "bracketSpacing": true,
+  "arrowParens": "always",
+  "endOfLine": "lf",
+  "quoteProps": "as-needed",
+  "bracketSameLine": false,
+  "proseWrap": "preserve"
+}

CLAUDE.md

@@ -0,0 +1,275 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+这个文件为 Claude Code (claude.ai/code) 提供在此代码库中工作的指导。
+
+## 项目概述
+
+Claude Relay Service 是一个功能完整的 AI API 中转服务，支持 Claude 和 Gemini 双平台。提供多账户管理、API Key 认证、代理配置和现代化 Web 管理界面。该服务作为客户端（如 SillyTavern、Claude Code、Gemini CLI）与 AI API 之间的中间件，提供认证、限流、监控等功能。
+
+## 核心架构
+
+### 关键架构概念
+
+- **代理认证流**: 客户端用自建API Key → 验证 → 获取Claude账户OAuth token → 转发到Anthropic
+- **Token管理**: 自动监控OAuth token过期并刷新，支持10秒提前刷新策略
+- **代理支持**: 每个Claude账户支持独立代理配置，OAuth token交换也通过代理进行
+- **数据加密**: 敏感数据（refreshToken, accessToken）使用AES加密存储在Redis
+
+### 主要服务组件
+
+- **claudeRelayService.js**: 核心代理服务，处理请求转发和流式响应
+- **claudeAccountService.js**: Claude账户管理，OAuth token刷新和账户选择
+- **geminiAccountService.js**: Gemini账户管理，Google OAuth token刷新和账户选择
+- **apiKeyService.js**: API Key管理，验证、限流和使用统计
+- **oauthHelper.js**: OAuth工具，PKCE流程实现和代理支持
+
+### 认证和代理流程
+
+1. 客户端使用自建API Key（cr\_前缀格式）发送请求
+2. authenticateApiKey中间件验证API Key有效性和速率限制
+3. claudeAccountService自动选择可用Claude账户
+4. 检查OAuth access token有效性，过期则自动刷新（使用代理）
+5. 移除客户端API Key，使用OAuth Bearer token转发请求
+6. 通过账户配置的代理发送到Anthropic API
+7. 流式或非流式返回响应，记录使用统计
+
+### OAuth集成
+
+- **PKCE流程**: 完整的OAuth 2.0 PKCE实现，支持代理
+- **自动刷新**: 智能token过期检测和自动刷新机制
+- **代理支持**: OAuth授权和token交换全程支持代理配置
+- **安全存储**: claudeAiOauth数据加密存储，包含accessToken、refreshToken、scopes
+
+## 常用命令
+
+### 基本开发命令
+
+````bash
+# 安装依赖和初始化
+npm install
+npm run setup                  # 生成配置和管理员凭据
+npm run install:web           # 安装Web界面依赖
+
+# 开发和运行
+npm run dev                   # 开发模式（热重载）
+npm start                     # 生产模式
+npm test                      # 运行测试
+npm run lint                  # 代码检查
+
+# Docker部署
+docker-compose up -d          # 推荐方式
+docker-compose --profile monitoring up -d  # 包含监控
+
+# 服务管理
+npm run service:start:daemon  # 后台启动（推荐）
+npm run service:status        # 查看服务状态
+npm run service:logs          # 查看日志
+npm run service:stop          # 停止服务
+
+### 开发环境配置
+必须配置的环境变量：
+- `JWT_SECRET`: JWT密钥（32字符以上随机字符串）
+- `ENCRYPTION_KEY`: 数据加密密钥（32字符固定长度）
+- `REDIS_HOST`: Redis主机地址（默认localhost）
+- `REDIS_PORT`: Redis端口（默认6379）
+- `REDIS_PASSWORD`: Redis密码（可选）
+
+初始化命令：
+```bash
+cp config/config.example.js config/config.js
+cp .env.example .env
+npm run setup  # 自动生成密钥并创建管理员账户
+````
+
+## Web界面功能
+
+### OAuth账户添加流程
+
+1. **基本信息和代理设置**: 配置账户名称、描述和代理参数
+2. **OAuth授权**:
+   - 生成授权URL → 用户打开链接并登录Claude Code账号
+   - 授权后会显示Authorization Code → 复制并粘贴到输入框
+   - 系统自动交换token并创建账户
+
+### 核心管理功能
+
+- **实时仪表板**: 系统统计、账户状态、使用量监控
+- **API Key管理**: 创建、配额设置、使用统计查看
+- **Claude账户管理**: OAuth账户添加、代理配置、状态监控
+- **系统日志**: 实时日志查看，多级别过滤
+- **主题系统**: 支持明亮/暗黑模式切换，自动保存用户偏好设置
+
+## 重要端点
+
+### API转发端点
+
+- `POST /api/v1/messages` - 主要消息处理端点（支持流式）
+- `GET /api/v1/models` - 模型列表（兼容性）
+- `GET /api/v1/usage` - 使用统计查询
+- `GET /api/v1/key-info` - API Key信息
+
+### OAuth管理端点
+
+- `POST /admin/claude-accounts/generate-auth-url` - 生成OAuth授权URL（含代理）
+- `POST /admin/claude-accounts/exchange-code` - 交换authorization code
+- `POST /admin/claude-accounts` - 创建OAuth账户
+
+### 系统端点
+
+- `GET /health` - 健康检查
+- `GET /web` - Web管理界面
+- `GET /admin/dashboard` - 系统概览数据
+
+## 故障排除
+
+### OAuth相关问题
+
+1. **代理配置错误**: 检查代理设置是否正确，OAuth token交换也需要代理
+2. **授权码无效**: 确保复制了完整的Authorization Code���没有遗漏字符
+3. **Token刷新失败**: 检查refreshToken有效性和代理配置
+
+### Gemini Token刷新问题
+
+1. **刷新失败**: 确保 refresh_token 有效且未过期
+2. **错误日志**: 查看 `logs/token-refresh-error.log` 获取详细错误信息
+3. **测试脚本**: 运行 `node scripts/test-gemini-refresh.js` 测试 token 刷新
+
+### 常见开发问题
+
+1. **Redis连接失败**: 确认Redis服务运行，检查连接配置
+2. **管理员登录失败**: 检查init.json同步到Redis，运行npm run setup
+3. **API Key格式错误**: 确保使用cr\_前缀格式
+4. **代理连接问题**: 验证SOCKS5/HTTP代理配置和认证信息
+
+### 调试工具
+
+- **日志系统**: Winston结构化日志，支持不同级别
+- **CLI工具**: 命令行状态查看和管理
+- **Web界面**: 实时日志查看和系统监控
+- **健康检查**: /health端点提供系统状态
+
+## 开发最佳实践
+
+### 代码格式化要求
+
+- **必须使用 Prettier 格式化所有代码**
+- 后端代码（src/）：运行 `npx prettier --write <file>` 格式化
+- 前端代码（web/admin-spa/）：已安装 `prettier-plugin-tailwindcss`，运行 `npx prettier --write <file>` 格式化
+- 提交前检查格式：`npx prettier --check <file>`
+- 格式化所有文件：`npm run format`（如果配置了此脚本）
+
+### 前端开发特殊要求
+
+- **响应式设计**: 必须兼容不同设备尺寸（手机、平板、桌面），使用 Tailwind CSS 响应式前缀（sm:、md:、lg:、xl:）
+- **暗黑模式兼容**: 项目已集成完整的暗黑模式支持，所有新增/修改的UI组件都必须同时兼容明亮模式和暗黑模式
+  - 使用 Tailwind CSS 的 `dark:` 前缀为暗黑模式提供样式
+  - 文本颜色：`text-gray-700 dark:text-gray-200`
+  - 背景颜色：`bg-white dark:bg-gray-800`
+  - 边框颜色：`border-gray-200 dark:border-gray-700`
+  - 状态颜色保持一致：`text-blue-500`、`text-green-600`、`text-red-500` 等
+- **主题切换**: 使用 `stores/theme.js` 中的 `useThemeStore()` 来实现主题切换功能
+- **玻璃态效果**: 保持现有的玻璃态设计风格，在暗黑模式下调整透明度和背景色
+- **图标和交互**: 确保所有图标、按钮、交互元素在两种模式下都清晰可见且易于操作
+
+### 代码修改原则
+
+- 对现有文件进行修改时，首先检查代码库的现有模式和风格
+- 尽可能重用现有的服务和工具函数，避免重复代码
+- 遵循项目现有的错误处理和日志记录模式
+- 敏感数据必须使用加密存储（参考 claudeAccountService.js 中的加密实现）
+
+### 测试和质量保证
+
+- 运行 `npm run lint` 进行代码风格检查（使用 ESLint）
+- 运行 `npm test` 执行测试套件（Jest + SuperTest 配置）
+- 在修改核心服务后，使用 CLI 工具验证功能：`npm run cli status`
+- 检查日志文件 `logs/claude-relay-*.log` 确认服务正常运行
+- 注意：当前项目缺少实际测试文件，建议补充单元测试和集成测试
+
+### 开发工作流
+
+- **功能开发**: 始终从理解现有代码开始，重用已有的服务和模式
+- **调试流程**: 使用 Winston 日志 + Web 界面实时日志查看 + CLI 状态工具
+- **代码审查**: 关注安全性（加密存储）、性能（异步处理）、错误处理
+- **部署前检查**: 运行 lint → 测试 CLI 功能 → 检查日志 → Docker 构建
+
+### 常见文件位置
+
+- 核心服务逻辑：`src/services/` 目录
+- 路由处理：`src/routes/` 目录
+- 中间件：`src/middleware/` 目录
+- 配置管理：`config/config.js`
+- Redis 模型：`src/models/redis.js`
+- 工具函数：`src/utils/` 目录
+- 前端主题管理：`web/admin-spa/src/stores/theme.js`
+- 前端组件：`web/admin-spa/src/components/` 目录
+- 前端页面：`web/admin-spa/src/views/` 目录
+
+### 重要架构决策
+
+- 所有敏感数据（OAuth token、refreshToken）都使用 AES 加密存储在 Redis
+- 每个 Claude 账户支持独立的代理配置，包括 SOCKS5 和 HTTP 代理
+- API Key 使用哈希存储，支持 `cr_` 前缀格式
+- 请求流程：API Key 验证 → 账户选择 → Token 刷新（如需）→ 请求转发
+- 支持流式和非流式响应，客户端断开时自动清理资源
+
+### 核心数据流和性能优化
+
+- **哈希映射优化**: API Key 验证从 O(n) 优化到 O(1) 查找
+- **智能 Usage 捕获**: 从 SSE 流中解析真实的 token 使用数据
+- **多维度统计**: 支持按时间、模型、用户的实时使用统计
+- **异步处理**: 非阻塞的统计记录和日志写入
+- **原子操作**: Redis 管道操作确保数据一致性
+
+### 安全和容错机制
+
+- **多层加密**: API Key 哈希 + OAuth Token AES 加密
+- **零信任验证**: 每个请求都需要完整的认证链
+- **优雅降级**: Redis 连接失败时的回退机制
+- **自动重试**: 指数退避重试策略和错误隔离
+- **资源清理**: 客户端断开时的自动清理机制
+
+## 项目特定注意事项
+
+### Redis 数据��构
+
+- **API Keys**: `api_key:{id}` (详细信息) + `api_key_hash:{hash}` (快速查找)
+- **Claude 账户**: `claude_account:{id}` (加密的 OAuth 数据)
+- **管理员**: `admin:{id}` + `admin_username:{username}` (用户名映射)
+- **会话**: `session:{token}` (JWT 会话管理)
+- **使用统计**: `usage:daily:{date}:{key}:{model}` (多维度统计)
+- **系统信息**: `system_info` (系统状态缓存)
+
+### 流式响应处理
+
+- 支持 SSE (Server-Sent Events) 流式传输
+- 自动从流中解析 usage 数据并记录
+- 客户端断开时通过 AbortController 清理资源
+- 错误时发送适当的 SSE 错误事件
+
+### CLI 工具使用示例
+
+```bash
+# 创建新的 API Key
+npm run cli keys create -- --name "MyApp" --limit 1000
+
+# 查看系统状态
+npm run cli status
+
+# 管理 Claude 账户
+npm run cli accounts list
+npm run cli accounts refresh <accountId>
+
+# 管理员操作
+npm run cli admin create -- --username admin2
+npm run cli admin reset-password -- --username admin
+```
+
+# important-instruction-reminders
+
+Do what has been asked; nothing more, nothing less.
+NEVER create files unless they're absolutely necessary for achieving your goal.
+ALWAYS prefer editing an existing file to creating a new one.
+NEVER proactively create documentation files (\*.md) or README files. Only create documentation files if explicitly requested by the User.

Dockerfile

@@ -0,0 +1,71 @@
+# 🎯 前端构建阶段
+FROM node:18-alpine AS frontend-builder
+
+# 📁 设置工作目录
+WORKDIR /app/web/admin-spa
+
+# 📦 复制前端依赖文件
+COPY web/admin-spa/package*.json ./
+
+# 🔽 安装前端依赖
+RUN npm ci
+
+# 📋 复制前端源代码
+COPY web/admin-spa/ ./
+
+# 🏗️ 构建前端
+RUN npm run build
+
+# 🐳 主应用阶段
+FROM node:18-alpine
+
+# 📋 设置标签
+LABEL maintainer="claude-relay-service@example.com"
+LABEL description="Claude Code API Relay Service"
+LABEL version="1.0.0"
+
+# 🔧 安装系统依赖
+RUN apk add --no-cache \
+    curl \
+    dumb-init \
+    sed \
+    && rm -rf /var/cache/apk/*
+
+# 📁 设置工作目录
+WORKDIR /app
+
+# 📦 复制 package 文件
+COPY package*.json ./
+
+# 🔽 安装依赖 (生产环境)
+RUN npm ci --only=production && \
+    npm cache clean --force
+
+# 📋 复制应用代码
+COPY . .
+
+# 📦 从构建阶段复制前端产物
+COPY --from=frontend-builder /app/web/admin-spa/dist /app/web/admin-spa/dist
+
+# 🔧 复制并设置启动脚本权限
+COPY docker-entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
+# 📁 创建必要目录
+RUN mkdir -p logs data temp
+
+# 🔧 预先创建配置文件
+RUN if [ ! -f "/app/config/config.js" ] && [ -f "/app/config/config.example.js" ]; then \
+        cp /app/config/config.example.js /app/config/config.js; \
+    fi
+
+# 🌐 暴露端口
+EXPOSE 3000
+
+# 🏥 健康检查
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:3000/health || exit 1
+
+# 🚀 启动应用
+ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
+CMD ["node", "src/app.js"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Wesley Liddick
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,259 @@
+# Claude Relay Service Makefile
+# 功能完整的 AI API 中转服务，支持 Claude 和 Gemini 双平台
+
+.PHONY: help install setup dev start test lint clean docker-up docker-down service-start service-stop service-status logs cli-admin cli-keys cli-accounts cli-status
+
+# 默认目标：显示帮助信息
+help:
+	@echo "Claude Relay Service - AI API 中转服务"
+	@echo ""
+	@echo "可用命令："
+	@echo ""
+	@echo "  📦 安装和初始化："
+	@echo "    install        - 安装项目依赖"
+	@echo "    install-web    - 安装Web界面依赖"
+	@echo "    setup          - 生成配置文件和管理员凭据"
+	@echo "    clean          - 清理依赖和构建文件"
+	@echo ""
+	@echo "  🎨 前端构建："
+	@echo "    build-web      - 构建 Web 管理界面"
+	@echo "    build-all      - 构建完整项目（后端+前端）"
+	@echo ""
+	@echo "  🚀 开发和运行："
+	@echo "    dev            - 开发模式运行（热重载）"
+	@echo "    start          - 生产模式运行"
+	@echo "    test           - 运行测试套件"
+	@echo "    lint           - 代码风格检查"
+	@echo ""
+	@echo "  🐳 Docker 部署："
+	@echo "    docker-up      - 启动 Docker 服务"
+	@echo "    docker-up-full - 启动 Docker 服务（包含监控）"
+	@echo "    docker-down    - 停止 Docker 服务"
+	@echo "    docker-logs    - 查看 Docker 日志"
+	@echo ""
+	@echo "  🔧 服务管理："
+	@echo "    service-start  - 前台启动服务"
+	@echo "    service-daemon - 后台启动服务（守护进程）"
+	@echo "    service-stop   - 停止服务"
+	@echo "    service-restart - 重启服务"
+	@echo "    service-restart-daemon - 重启服务（守护进程）"
+	@echo "    service-status - 查看服务状态"
+	@echo "    logs           - 查看应用日志"
+	@echo "    logs-follow    - 实时查看日志"
+	@echo ""
+	@echo "  ⚙️  CLI 管理工具："
+	@echo "    cli-admin      - 管理员操作"
+	@echo "    cli-keys       - API Key 管理"
+	@echo "    cli-accounts   - Claude 账户管理"
+	@echo "    cli-status     - 系统状态查看"
+	@echo ""
+	@echo "  💡 快速开始："
+	@echo "    make setup && make dev"
+	@echo ""
+
+# 安装和初始化
+install:
+	@echo "📦 安装项目依赖..."
+	npm install
+
+install-web:
+	@echo "📦 安装 Web 界面依赖..."
+	npm run install:web
+
+# 前端构建
+build-web:
+	@echo "🎨 构建 Web 管理界面..."
+	npm run build:web
+
+build-all: install install-web build-web
+	@echo "🎉 完整项目构建完成！"
+
+setup:
+	@echo "⚙️  初始化项目配置和管理员凭据..."
+	@if [ ! -f config/config.js ]; then cp config/config.example.js config/config.js; fi
+	@if [ ! -f .env ]; then cp .env.example .env; fi
+	npm run setup
+
+clean:
+	@echo "🧹 清理依赖和构建文件..."
+	rm -rf node_modules
+	rm -rf web/node_modules
+	rm -rf web/admin-spa/dist
+	rm -rf web/admin-spa/node_modules
+	rm -rf logs/*.log
+
+# 开发和运行
+dev:
+	@echo "🚀 启动开发模式（热重载）..."
+	npm run dev
+
+start:
+	@echo "🚀 启动生产模式..."
+	npm start
+
+test:
+	@echo "🧪 运行测试套件..."
+	npm test
+
+lint:
+	@echo "🔍 执行代码风格检查..."
+	npm run lint
+
+# Docker 部署
+docker-up:
+	@echo "🐳 启动 Docker 服务..."
+	docker-compose up -d
+
+docker-up-full:
+	@echo "🐳 启动 Docker 服务（包含监控）..."
+	docker-compose --profile monitoring up -d
+
+docker-down:
+	@echo "🛑 停止 Docker 服务..."
+	docker-compose down
+
+docker-logs:
+	@echo "📋 查看 Docker 服务日志..."
+	docker-compose logs -f
+
+# 服务管理
+service-start:
+	@echo "🚀 前台启动服务..."
+	npm run service:start
+
+service-daemon:
+	@echo "🔧 后台启动服务（守护进程）..."
+	npm run service:start:daemon
+
+service-stop:
+	@echo "🛑 停止服务..."
+	npm run service:stop
+
+service-restart:
+	@echo "🔄 重启服务..."
+	npm run service:restart
+
+service-restart-daemon:
+	@echo "🔄 重启服务（守护进程）..."
+	npm run service:restart:daemon
+
+service-status:
+	@echo "📊 查看服务状态..."
+	npm run service:status
+
+logs:
+	@echo "📋 查看应用日志..."
+	npm run service:logs
+
+logs-follow:
+	@echo "📋 实时查看日志..."
+	npm run service:logs:follow
+
+# CLI 管理工具
+cli-admin:
+	@echo "👤 启动管理员操作 CLI..."
+	npm run cli admin
+
+cli-keys:
+	@echo "🔑 启动 API Key 管理 CLI..."
+	npm run cli keys
+
+cli-accounts:
+	@echo "👥 启动 Claude 账户管理 CLI..."
+	npm run cli accounts
+
+cli-status:
+	@echo "📊 查看系统状态..."
+	npm run cli status
+
+# 开发辅助命令
+check-config:
+	@echo "🔍 检查配置文件..."
+	@if [ ! -f config/config.js ]; then echo "❌ config/config.js 不存在，请运行 'make setup'"; exit 1; fi
+	@if [ ! -f .env ]; then echo "❌ .env 不存在，请运行 'make setup'"; exit 1; fi
+	@echo "✅ 配置文件检查通过"
+
+health-check:
+	@echo "🏥 执行健康检查..."
+	@curl -s http://localhost:3000/health || echo "❌ 服务未运行或不可访问"
+
+# 快���启动组合命令
+quick-start: setup dev
+
+quick-daemon: setup service-daemon
+	@echo "🎉 服务已在后台启动！"
+	@echo "运行 'make service-status' 查看状态"
+	@echo "运行 'make logs-follow' 查看实时日志"
+
+# 全栈开发环境
+dev-full: install install-web build-web setup dev
+	@echo "🚀 全栈开发环境启动！"
+
+# 完整部署流程
+deploy: clean install install-web build-web setup test lint docker-up
+	@echo "🎉 部署完成！"
+	@echo "访问 Web 管理界面: http://localhost:3000/web"
+	@echo "API 端点: http://localhost:3000/api/v1/messages"
+
+# 生产部署准备
+production-build: clean install install-web build-web
+	@echo "🚀 生产环境构建完成！"
+
+# 维护命令
+backup-redis:
+	@echo "💾 备份 Redis 数据..."
+	@docker exec claude-relay-service-redis-1 redis-cli BGSAVE || echo "❌ Redis 备份失败"
+
+restore-redis:
+	@echo "♻️  恢复 Redis 数据..."
+	@echo "请手动恢复 Redis 数据文件"
+
+# 监控和日志
+monitor:
+	@echo "📊 启动监控面板..."
+	@echo "Grafana: http://localhost:3001"
+	@echo "Redis Commander: http://localhost:8081"
+
+tail-logs:
+	@echo "📋 实时查看日志..."
+	tail -f logs/claude-relay-*.log
+
+# 开发工具
+format:
+	@echo "🎨 格式化代码..."
+	npm run lint -- --fix
+
+check-deps:
+	@echo "🔍 检查依赖更新..."
+	npm outdated
+
+update-deps:
+	@echo "⬆️  更新依赖..."
+	npm update
+
+# 测试相关
+test-coverage:
+	@echo "📊 运行测试覆盖率..."
+	npm test -- --coverage
+
+test-watch:
+	@echo "👀 监视模式运行测试..."
+	npm test -- --watch
+
+# Git 相关
+git-status:
+	@echo "📋 Git 状态..."
+	git status --short
+
+git-pull:
+	@echo "⬇️  拉取最新代码..."
+	git pull origin main
+
+# 安全检查
+security-audit:
+	@echo "🔒 执行安全审计..."
+	npm audit
+
+security-fix:
+	@echo "🔧 修复安全漏洞..."
+	npm audit fix

README.md

@@ -1,10 +1,941 @@
+# Claude Relay Service
+
+<div align="center">
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Node.js](https://img.shields.io/badge/Node.js-18+-green.svg)](https://nodejs.org/)
+[![Redis](https://img.shields.io/badge/Redis-6+-red.svg)](https://redis.io/)
+[![Docker](https://img.shields.io/badge/Docker-Ready-blue.svg)](https://www.docker.com/)
+[![Docker Build](https://github.com/Wei-Shaw/claude-relay-service/actions/workflows/auto-release-pipeline.yml/badge.svg)](https://github.com/Wei-Shaw/claude-relay-service/actions/workflows/auto-release-pipeline.yml)
+[![Docker Pulls](https://img.shields.io/docker/pulls/weishaw/claude-relay-service)](https://hub.docker.com/r/weishaw/claude-relay-service)
+
+**🔐 自行搭建Claude API中转服务，支持多账户管理**
+
+[English](README_EN.md) • [快速开始](https://pincc.ai/) • [演示站点](https://demo.pincc.ai/admin-next/login) • [公告频道](https://t.me/claude_relay_service)
+
+</div>
+
+---
+
+## 💎 Claude/Codex 拼车服务推荐
+
+<div align="center">
+
+| 平台 | 类型 | 服务 | 介绍 |
+|:---|:---|:---|:---|
+| **[pincc.ai](https://pincc.ai/)** | 🏆 **官方运营** | <small>✅ Claude Code<br>✅ Codex CLI</small> | 项目直营，提供稳定的 Claude Code / Codex CLI 拼车服务 |
+| **[ctok.ai](https://ctok.ai/)** | 🤝 合作伙伴 | <small>✅ Claude Code<br>✅ Codex CLI</small> | 社区认证，提供 Claude Code / Codex CLI 拼车 |
+
+
+</div>
+
+---
+
+## ⚠️ 重要提醒
+
+**使用本项目前请仔细阅读：**
+
+🚨 **服务条款风险**: 使用本项目可能违反Anthropic的服务条款。请在使用前仔细阅读Anthropic的用户协议，使用本项目的一切风险由用户自行承担。
+
+📖 **免责声明**: 本项目仅供技术学习和研究使用，作者不对因使用本项目导致的账户封禁、服务中断或其他损失承担任何责任。
+
+
+## 🤔 这个项目适合你吗？
+
+- 🌍 **地区限制**: 所在地区无法直接访问Claude Code服务？
+- 🔒 **隐私担忧**: 担心第三方镜像服务会记录或泄露你的对话内容？
+- 👥 **成本分摊**: 想和朋友一起分摊Claude Code Max订阅费用？
+- ⚡ **稳定性**: 第三方镜像站经常故障不稳定，影响效率 ？
+
+如果有以上困惑，那这个项目可能适合你。
+
+### 适合的场景
+
+✅ **找朋友拼车**: 三五好友一起分摊Claude Code Max订阅  
+✅ **隐私敏感**: 不想让第三方镜像看到你的对话内容  
+✅ **技术折腾**: 有基本的技术基础，愿意自己搭建和维护  
+✅ **稳定需求**: 需要长期稳定的Claude访问，不想受制于镜像站  
+✅ **地区受限**: 无法直接访问Claude官方服务
+
 ---
-title: Cc
-emoji: ⚡
-colorFrom: gray
-colorTo: blue
-sdk: docker
-pinned: false
+
+## 💭 为什么要自己搭？
+
+### 现有镜像站可能的问题
+
+- 🕵️ **隐私风险**: 你的对话内容都被人家看得一清二楚，商业机密什么的就别想了
+- 🐌 **性能不稳**: 用的人多了就慢，高峰期经常卡死
+- 💰 **价格不透明**: 不知道实际成本
+
+### 自建的好处
+
+- 🔐 **数据安全**: 所有接口请求都只经过你自己的服务器，直连Anthropic API
+- ⚡ **性能可控**: 就你们几个人用，Max 200刀套餐基本上可以爽用Opus
+- 💰 **成本透明**: 用了多少token一目了然，按官方价格换算了具体费用
+- 📊 **监控完整**: 使用情况、成本分析、性能监控全都有
+
+---
+
+## 🚀 核心功能
+
+### 基础功能
+
+- ✅ **多账户管理**: 可以添加多个Claude账户自动轮换
+- ✅ **自定义API Key**: 给每个人分配独立的Key
+- ✅ **使用统计**: 详细记录每个人用了多少token
+
+### 高级功能
+
+- 🔄 **智能切换**: 账户出问题自动换下一个
+- 🚀 **性能优化**: 连接池、缓存，减少延迟
+- 📊 **监控面板**: Web界面查看所有数据
+- 🛡️ **安全控制**: 访问限制、速率控制、客户端限制
+- 🌐 **代理支持**: 支持HTTP/SOCKS5代理
+
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+## 📋 部署要求
+
+### 硬件要求（最低配置）
+
+- **CPU**: 1核心就够了
+- **内存**: 512MB（建议1GB）
+- **硬盘**: 30GB可用空间
+- **网络**: 能访问到Anthropic API（建议使用US地区的机器）
+- **建议**: 2核4G的基本够了，网络尽量选回国线路快一点的（为了提高速度，建议不要开代理或者设置服务器的IP直连）
+- **经验**: 阿里云、腾讯云的海外主机经测试会被Cloudflare拦截，无法直接访问claude api
+
+### 软件要求
+
+- **Node.js** 18或更高版本
+- **Redis** 6或更高版本
+- **操作系统**: 建议Linux
+
+### 费用估算
+
+- **服务器**: 轻量云服务器，一个月30-60块
+- **Claude订阅**: 看你怎么分摊了
+- **其他**: 域名（可选）
+
+---
+
+## 🚀 脚本部署（推荐）
+
+推荐使用管理脚本进行一键部署，简单快捷，自动处理所有依赖和配置。
+
+### 快速安装
+
+```bash
+curl -fsSL https://pincc.ai/manage.sh -o manage.sh && chmod +x manage.sh && ./manage.sh install
+```
+
+### 脚本功能
+
+- ✅ **一键安装**: 自动检测系统环境，安装 Node.js 18+、Redis 等依赖
+- ✅ **交互式配置**: 友好的配置向导，设置端口、Redis 连接等
+- ✅ **自动启动**: 安装完成后自动启动服务并显示访问地址
+- ✅ **便捷管理**: 通过 `crs` 命令随时管理服务状态
+
+### 管理命令
+
+```bash
+crs install   # 安装服务
+crs start     # 启动服务
+crs stop      # 停止服务
+crs restart   # 重启服务
+crs status    # 查看状态
+crs update    # 更新服务
+crs uninstall # 卸载服务
+```
+
+### 安装示例
+
+```bash
+$ crs install
+
+# 会依次询问：
+安装目录 (默认: ~/claude-relay-service):
+服务端口 (默认: 3000): 8080
+Redis 地址 (默认: localhost):
+Redis 端口 (默认: 6379):
+Redis 密码 (默认: 无密码):
+
+# 安装完成后自动启动并显示：
+服务已成功安装并启动！
+
+访问地址：
+  本地 Web: http://localhost:8080/web
+  公网 Web: http://YOUR_IP:8080/web
+
+管理员账号信息已保存到: data/init.json
+```
+
+### 系统要求
+
+- 支持系统: Ubuntu/Debian、CentOS/RedHat、Arch Linux、macOS
+- 自动安装 Node.js 18+ 和 Redis
+- Redis 使用系统默认位置，数据独立于应用
+
+---
+
+## 📦 手动部署
+
+### 第一步：环境准备
+
+**Ubuntu/Debian用户：**
+
+```bash
+# 安装Node.js
+curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
+sudo apt-get install -y nodejs
+
+# 安装Redis
+sudo apt update
+sudo apt install redis-server
+sudo systemctl start redis-server
+```
+
+**CentOS/RHEL用户：**
+
+```bash
+# 安装Node.js
+curl -fsSL https://rpm.nodesource.com/setup_18.x | sudo bash -
+sudo yum install -y nodejs
+
+# 安装Redis
+sudo yum install redis
+sudo systemctl start redis
+```
+
+### 第二步：下载和配置
+
+```bash
+# 下载项目
+git clone https://github.com/Wei-Shaw//claude-relay-service.git
+cd claude-relay-service
+
+# 安装依赖
+npm install
+
+# 复制配置文件（重要！）
+cp config/config.example.js config/config.js
+cp .env.example .env
+```
+
+### 第三步：配置文件设置
+
+**编辑 `.env` 文件：**
+
+```bash
+# 这两个密钥随便生成，但要记住
+JWT_SECRET=你的超级秘密密钥
+ENCRYPTION_KEY=32位的加密密钥随便写
+
+# Redis配置
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=
+
+```
+
+**编辑 `config/config.js` 文件：**
+
+```javascript
+module.exports = {
+  server: {
+    port: 3000, // 服务端口，可以改
+    host: '0.0.0.0' // 不用改
+  },
+  redis: {
+    host: '127.0.0.1', // Redis地址
+    port: 6379 // Redis端口
+  }
+  // 其他配置保持默认就行
+}
+```
+
+### 第四步：安装前端依赖并构建
+
+```bash
+# 安装前端依赖
+npm run install:web
+
+# 构建前端（生成 dist 目录）
+npm run build:web
+```
+
+### 第五步：启动服务
+
+```bash
+# 初始化
+npm run setup # 会随机生成后台账号密码信息，存储在 data/init.json
+# 或者通过环境变量预设管理员凭据：
+# export ADMIN_USERNAME=cr_admin_custom
+# export ADMIN_PASSWORD=your-secure-password
+
+# 启动服务
+npm run service:start:daemon   # 后台运行
+
+# 查看状态
+npm run service:status
+```
+
+---
+
+## 🐳 Docker 部署
+
+### Docker compose
+
+#### 第一步：下载构建docker-compose.yml文件的脚本并执行
+```bash
+curl -fsSL https://pincc.ai/crs-compose.sh -o crs-compose.sh && chmod +x crs-compose.sh && ./crs-compose.sh
+```
+
+#### 第二步：启动
+```bash
+docker-compose up -d
+```
+
+### Docker Compose 配置
+
+docker-compose.yml 已包含：
+
+- ✅ 自动初始化管理员账号
+- ✅ 数据持久化（logs和data目录自动挂载）
+- ✅ Redis数据库
+- ✅ 健康检查
+- ✅ 自动重启
+
+### 环境变量说明
+
+#### 必填项
+
+- `JWT_SECRET`: JWT密钥，至少32个字符
+- `ENCRYPTION_KEY`: 加密密钥，必须是32个字符
+
+#### 可选项
+
+- `ADMIN_USERNAME`: 管理员用户名（不设置则自动生成）
+- `ADMIN_PASSWORD`: 管理员密码（不设置则自动生成）
+- `LOG_LEVEL`: 日志级别（默认：info）
+- 更多配置项请参考 `.env.example` 文件
+
+### 管理员凭据获取方式
+
+1. **查看容器日志**
+
+   ```bash
+   docker logs claude-relay-service
+   ```
+
+2. **查看挂载的文件**
+
+   ```bash
+   cat ./data/init.json
+   ```
+
+3. **使用环境变量预设**
+   ```bash
+   # 在 .env 文件中设置
+   ADMIN_USERNAME=cr_admin_custom
+   ADMIN_PASSWORD=your-secure-password
+   ```
+
+---
+
+## 🎮 开始使用
+
+### 1. 打开管理界面
+
+浏览器访问：`http://你的服务器IP:3000/web`
+
+管理员账号：
+
+- 自动生成：查看 data/init.json
+- 环境变量预设：通过 ADMIN_USERNAME 和 ADMIN_PASSWORD 设置
+- Docker 部署：查看容器日志 `docker logs claude-relay-service`
+
+### 2. 添加Claude账户
+
+这一步比较关键，需要OAuth授权：
+
+1. 点击「Claude账户」标签
+2. 如果你担心多个账号共用1个IP怕被封禁，可以选择设置静态代理IP（可选）
+3. 点击「添加账户」
+4. 点击「生成授权链接」，会打开一个新页面
+5. 在新页面完成Claude登录和授权
+6. 复制返回的Authorization Code
+7. 粘贴到页面完成添加
+
+**注意**: 如果你在国内，这一步可能需要科学上网。
+
+### 3. 创建API Key
+
+给每个使用者分配一个Key：
+
+1. 点击「API Keys」标签
+2. 点击「创建新Key」
+3. 给Key起个名字，比如「张三的Key」
+4. 设置使用限制（可选）：
+   - **速率限制**: 限制每个时间窗口的请求次数和Token使用量
+   - **并发限制**: 限制同时处理的请求数
+   - **模型限制**: 限制可访问的模型列表
+   - **客户端限制**: 限制只允许特定客户端使用（如ClaudeCode、Gemini-CLI等）
+5. 保存，记下生成的Key
+
+### 4. 开始使用 Claude Code 和 Gemini CLI
+
+现在你可以用自己的服务替换官方API了：
+
+**Claude Code 设置环境变量：**
+
+默认使用标准 Claude 账号池：
+
+```bash
+export ANTHROPIC_BASE_URL="http://127.0.0.1:3000/api/" # 根据实际填写你服务器的ip地址或者域名
+export ANTHROPIC_AUTH_TOKEN="后台创建的API密钥"
+```
+
+**VSCode Claude 插件配置：**
+
+如果使用 VSCode 的 Claude 插件，需要在 `~/.claude/config.json` 文件中配置：
+
+```json
+{
+    "primaryApiKey": "crs"
+}
+```
+
+如果该文件不存在，请手动创建。Windows 用户路径为 `C:\Users\你的用户名\.claude\config.json`。
+
+**Gemini CLI 设置环境变量：**
+
+```bash
+GEMINI_MODEL="gemini-2.5-pro"
+GOOGLE_GEMINI_BASE_URL="http://127.0.0.1:3000/gemini" # 根据实际填写你服务器的ip地址或者域名
+GEMINI_API_KEY="后台创建的API密钥"  # 使用相同的API密钥即可
+```
+**使用 Claude Code：**
+
+```bash
+claude
+```
+
+**使用 Gemini CLI：**
+
+```bash
+gemini  # 或其他 Gemini CLI 命令
+```
+
+**Codex 配置：**
+
+在 `~/.codex/config.toml` 文件**开头**添加以下配置：
+
+```toml
+model_provider = "crs"
+model = "gpt-5-codex"
+model_reasoning_effort = "high"
+disable_response_storage = true
+preferred_auth_method = "apikey"
+
+[model_providers.crs]
+name = "crs"
+base_url = "http://127.0.0.1:3000/openai"  # 根据实际填写你服务器的ip地址或者域名
+wire_api = "responses"
+requires_openai_auth = true
+env_key = "CRS_OAI_KEY"
+```
+
+在 `~/.codex/auth.json` 文件中配置API密钥为 null：
+
+```json
+{
+    "OPENAI_API_KEY": null  
+}
+```
+
+环境变量设置：
+
+```bash
+export CRS_OAI_KEY="后台创建的API密钥"
+```
+
+> ⚠️ 在通过 Nginx 反向代理 CRS 服务并使用 Codex CLI 时，需要在 http 块中添加 underscores_in_headers on;。因为 Nginx 默认会移除带下划线的请求头（如 session_id），一旦该头被丢弃，多账号环境下的粘性会话功能将失效。
+
+**Droid CLI 配置：**
+
+Droid CLI 读取 `~/.factory/config.json`。可以在该文件中添加自定义模型以指向本服务的新端点：
+
+```json
+{
+  "custom_models": [
+    {
+      "model_display_name": "Sonnet 4.5 [crs]",
+      "model": "claude-sonnet-4-5-20250929",
+      "base_url": "http://127.0.0.1:3000/droid/claude",
+      "api_key": "后台创建的API密钥",
+      "provider": "anthropic",
+      "max_tokens": 8192
+    },
+    {
+      "model_display_name": "GPT5-Codex [crs]",
+      "model": "gpt-5-codex",
+      "base_url": "http://127.0.0.1:3000/droid/openai",
+      "api_key": "后台创建的API密钥",
+      "provider": "openai",
+      "max_tokens": 16384
+    }
+  ]
+}
+```
+
+> 💡 将示例中的 `http://127.0.0.1:3000` 替换为你的服务域名或公网地址，并写入后台生成的 API 密钥（cr_ 开头）。
+
+### 5. 第三方工具API接入
+
+本服务支持多种API端点格式，方便接入不同的第三方工具（如Cherry Studio等）。
+
+#### Cherry Studio 接入示例
+
+Cherry Studio支持多种AI服务的接入，下面是不同账号类型的详细配置：
+
+**1. Claude账号接入：**
+
+```
+# API地址
+http://你的服务器:3000/claude
+
+# 模型ID示例
+claude-sonnet-4-5-20250929 # Claude Sonnet 4.5
+claude-opus-4-20250514     # Claude Opus 4
+```
+
+配置步骤：
+- 供应商类型选择"Anthropic"
+- API地址填入：`http://你的服务器:3000/claude`
+- API Key填入：后台创建的API密钥（cr_开头）
+
+**2. Gemini账号接入：**
+
+```
+# API地址
+http://你的服务器:3000/gemini
+
+# 模型ID示例
+gemini-2.5-pro             # Gemini 2.5 Pro
+```
+
+配置步骤：
+- 供应商类型选择"Gemini"
+- API地址填入：`http://你的服务器:3000/gemini`
+- API Key填入：后台创建的API密钥（cr_开头）
+
+**3. Codex接入：**
+
+```
+# API地址
+http://你的服务器:3000/openai
+
+# 模型ID（固定）
+gpt-5                      # Codex使用固定模型ID
+```
+
+配置步骤���
+- 供应商类型选择"Openai-Response"
+- API地址填入：`http://你的服务器:3000/openai`
+- API Key填入：后台创建的API密钥（cr_开头）
+- **重要**：Codex只支持Openai-Response标准
+
+
+**Cherry Studio 地址格式重要说明：**
+
+- ✅ **推荐格式**：`http://你的服务器:3000/claude`（不加结尾 `/`，让 Cherry Studio 自动加上 v1）
+- ✅ **等效格式**：`http://你的服务器:3000/claude/v1/`（手动指定 v1 并加结尾 `/`）
+- 💡 **说明**：这两种格式在 Cherry Studio 中是完全等效的
+- ❌ **错误格式**：`http://你的服务器:3000/claude/`（单独的 `/` 结尾会被 Cherry Studio 忽略 v1 版本）
+
+#### 其他第三方工具接入
+
+**接入要点：**
+
+- 所有账号类型都使用相同的API密钥（在后台统一创建）
+- 根据不同的路由前缀自动识别账号类型
+- `/claude/` - 使用Claude账号池
+- `/droid/claude/` - 使用Droid类型Claude账号池（只建议api调用或Droid Cli中使用）
+- `/gemini/` - 使用Gemini账号池  
+- `/openai/` - 使用Codex账号（只支持Openai-Response格式）
+- `/droid/openai/` - 使用Droid类型OpenAI兼容账号池（只建议api调用或Droid Cli中使用）
+- 支持所有标准API端点（messages、models等）
+
+**重要说明：**
+
+- 确保在后台已添加对应类型的账号（Claude/Gemini/Codex）
+- API密钥可以通用，系统会根据路由自动选择账号类型
+- 建议为不同用户创建不同的API密钥便于使用统计
+
+---
+
+## 🔧 日常维护
+
+### 服务管理
+
+```bash
+# 查看服务状态
+npm run service:status
+
+# 查看日志
+npm run service:logs
+
+# 重启服务
+npm run service:restart:daemon
+
+# 停止服务
+npm run service:stop
+```
+
+### 监控使用情况
+
+- **Web界面**: `http://你的域名:3000/web` - 查看使用统计
+- **健康检查**: `http://你的域名:3000/health` - 确认服务正常
+- **日志文件**: `logs/` 目录下的各种日志文件
+
+### 升级指南
+
+当有新版本发布时，按照以下步骤升级服务：
+
+```bash
+# 1. 进入项目目录
+cd claude-relay-service
+
+# 2. 拉取最新代码
+git pull origin main
+
+# 如果遇到 package-lock.json 冲突，使用远程版本
+git checkout --theirs package-lock.json
+git add package-lock.json
+
+# 3. 安装新的依赖（如果有）
+npm install
+
+# 4. 安装并构建前端
+npm run install:web
+npm run build:web
+
+# 5. 重启服务
+npm run service:restart:daemon
+
+# 6. 检查服务状态
+npm run service:status
+```
+
+**注意事项：**
+
+- 升级前建议备份重要配置文件（.env, config/config.js）
+- 查看更新日志了解是否有破坏性变更
+- 如果有数据库结构变更，会自动迁移
+
+---
+
+## 🔒 客户端限制功能
+
+### 功能说明
+
+客户端限制功能允许你控制每个API Key可以被哪些客户端使用，通过User-Agent识别客户端，提高API的安全性。
+
+### 使用方法
+
+1. **在创建或编辑API Key时启用客户端限制**：
+   - 勾选"启用客户端限制"
+   - 选择允许的客户端（支持多选）
+
+2. **预定义客户端**：
+   - **ClaudeCode**: 官方Claude CLI（匹配 `claude-cli/x.x.x (external, cli)` 格式）
+   - **Gemini-CLI**: Gemini命令行工具（匹配 `GeminiCLI/vx.x.x (platform; arch)` 格式）
+
+3. **调试和诊断**：
+   - 系统会在日志中记录所有请求的User-Agent
+   - 客户端验证失败时会返回403错误并记录详细信息
+   - 通过日志可以查看实际的User-Agent格式，方便配置自定义客户端
+
+
+### 日志示例
+
+认证成功时的日志：
+
+```
+🔓 Authenticated request from key: 测试Key (key-id) in 5ms
+   User-Agent: "claude-cli/1.0.58 (external, cli)"
+```
+
+客户端限制检查日志：
+
+```
+🔍 Checking client restriction for key: key-id (测试Key)
+   User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
+   Allowed clients: claude_code, gemini_cli
+🚫 Client restriction failed for key: key-id (测试Key) from 127.0.0.1, User-Agent: Mozilla/5.0...
+```
+
+### 常见问题处理
+
+**Redis连不上？**
+
+```bash
+# 检查Redis是否启动
+redis-cli ping
+
+# 应该返回 PONG
+```
+
+**OAuth授权失败？**
+
+- 检查代理设置是否正确
+- 确保能正常访问 claude.ai
+- 清除浏览器缓存重试
+
+**API请求失败？**
+
+- 检查API Key是否正确
+- 查看日志文件找错误信息
+- 确认Claude账户状态正常
+
+---
+
+## 🛠️ 进阶
+
+### 反向代理部署指南
+
+在生产环境中，建议通过反向代理进行连接，以便使用自动 HTTPS、安全头部和性能优化。下面提供两种常用方案： **Caddy** 和 **Nginx Proxy Manager (NPM)**。
+
+---
+
+## Caddy 方案
+
+Caddy 是一款自动管理 HTTPS 证书的 Web 服务器，配置简单、性能优秀，很适合不需要 Docker 环境的部署方案。
+
+**1. 安装 Caddy**
+
+```bash
+# Ubuntu/Debian
+sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+sudo apt update
+sudo apt install caddy
+
+# CentOS/RHEL/Fedora
+sudo yum install yum-plugin-copr
+sudo yum copr enable @caddy/caddy
+sudo yum install caddy
+```
+
+**2. Caddy 配置**
+
+编辑 `/etc/caddy/Caddyfile` ：
+
+```caddy
+your-domain.com {
+    # 反向代理到本地服务
+    reverse_proxy 127.0.0.1:3000 {
+        # 支持流式响应或 SSE
+        flush_interval -1
+
+        # 传递真实 IP
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+
+        # 长读/写超时配置
+        transport http {
+            read_timeout 300s
+            write_timeout 300s
+            dial_timeout 30s
+        }
+    }
+
+    # 安全头部
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Frame-Options "DENY"
+        X-Content-Type-Options "nosniff"
+        -Server
+    }
+}
+```
+
+**3. 启动 Caddy**
+
+```bash
+sudo caddy validate --config /etc/caddy/Caddyfile
+sudo systemctl start caddy
+sudo systemctl enable caddy
+sudo systemctl status caddy
+```
+
+**4. 服务配置**
+
+Caddy 会自动管理 HTTPS，因此可以将服务限制在本地进行监听：
+
+```javascript
+// config/config.js
+module.exports = {
+  server: {
+    port: 3000,
+    host: '127.0.0.1' // 只监听本地
+  }
+}
+```
+
+**Caddy 特点**
+
+* 🔒 自动 HTTPS，零配置证书管理
+* 🛡️ 安全默认配置，启用现代 TLS 套件
+* ⚡ HTTP/2 和流式传输支持
+* 🔧 配置文件简洁，易于维护
+
+---
+
+## Nginx Proxy Manager (NPM) 方案
+
+Nginx Proxy Manager 通过图形化界面管理反向代理和 HTTPS 证书，並以 Docker 容器部署。
+
+**1. 在 NPM 创建新的 Proxy Host**
+
+Details 配置如下：
+
+| 项目                    | 设置                      |
+| --------------------- | ----------------------- |
+| Domain Names          | relay.example.com       |
+| Scheme                | http                    |
+| Forward Hostname / IP | 192.168.0.1 (docker 机器 IP) |
+| Forward Port          | 3000                    |
+| Block Common Exploits | ☑️                      |
+| Websockets Support    | ❌ **关闭**                |
+| Cache Assets          | ❌ **关闭**                |
+| Access List           | Publicly Accessible     |
+
+> 注意：
+> - 请确保 Claude Relay Service **监听 host 为 `0.0.0.0` 、容器 IP 或本机 IP**，以便 NPM 实现内网连接。
+> - **Websockets Support 和 Cache Assets 必须关闭**，否则会导致 SSE / 流式响应失败。
+
+**2. Custom locations**
+
+無需添加任何内容，保持为空。
+
+**3. SSL 设置**
+
+* **SSL Certificate**: Request a new SSL Certificate (Let's Encrypt) 或已有证书
+* ☑️ **Force SSL**
+* ☑️ **HTTP/2 Support**
+* ☑️ **HSTS Enabled**
+* ☑️ **HSTS Subdomains**
+
+**4. Advanced 配置**
+
+Custom Nginx Configuration 中添加以下内容：
+
+```nginx
+# 传递真实用户 IP
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+
+# 支持 WebSocket / SSE 等流式通信
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+proxy_buffering off;
+
+# 长连接 / 超时设置（适合 AI 聊天流式传输）
+proxy_read_timeout 300s;
+proxy_send_timeout 300s;
+proxy_connect_timeout 30s;
+
+# ---- 安全性设置 ----
+# 严格 HTTPS 策略 (HSTS)
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+# 阻挡点击劫持与内容嗅探
+add_header X-Frame-Options "DENY" always;
+add_header X-Content-Type-Options "nosniff" always;
+
+# Referrer / Permissions 限制策略
+add_header Referrer-Policy "no-referrer-when-downgrade" always;
+add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
+
+# 隐藏服务器信息（等效于 Caddy 的 `-Server`）
+proxy_hide_header Server;
+
+# ---- 性能微调 ----
+# 关闭代理端缓存，确保即时响应（SSE / Streaming）
+proxy_cache_bypass $http_upgrade;
+proxy_no_cache $http_upgrade;
+proxy_request_buffering off;
+```
+
+**4. 启动和验证**
+
+* 保存后等待 NPM 自动申请 Let's Encrypt 证书（如果有）。
+* Dashboard 中查看 Proxy Host 状态，确保显示为 "Online"。
+* 访问 `https://relay.example.com`，如果显示绿色锁图标即表示 HTTPS 正常。
+
+**NPM 特点**
+
+* 🔒 自动申请和续期证书
+* 🔧 图形化界面，方便管理多服务
+* ⚡ 原生支持 HTTP/2 / HTTPS
+* 🚀 适合 Docker 容器部署
+
+---
+
+上述两种方案均可用于生产部署。
+
+---
+
+## 💡 使用建议
+
+### 账户管理
+
+- **定期检查**: 每周看看账户状态，及时处理异常
+- **合理分配**: 可以给不同的人分配��同的apikey，可以根据不同的apikey来分析用量
+
+### 安全建议
+
+- **使用HTTPS**: 强烈建议使用Caddy反向代理（自动HTTPS），确保数据传输安全
+- **定期备份**: 重要配置和数据要备份
+- **监控日志**: 定期查看异常日志
+- **更新密钥**: 定期更换JWT和加密密钥
+- **防火墙设置**: 只开放必要的端口（80, 443），隐藏直接服务端口
+
+---
+
+## 🆘 遇到问题怎么办？
+
+### 自助排查
+
+1. **查看日志**: `logs/` 目录下的日志文件
+2. **检查配置**: 确认配置文件设置正确
+3. **测试连通性**: 用 curl 测试API是否正常
+4. **重启服务**: 有时候重启一下就好了
+
+### 寻求帮助
+
+- **GitHub Issues**: 提交详细的错误信息
+- **查看文档**: 仔细阅读错误信息和文档
+- **社区讨论**: 看看其他人是否遇到类似问题
+
+---
+
+## 📄 许可证
+
+本项目采用 [MIT许可证](LICENSE)。
+
+---
+
+<div align="center">
+
+**⭐ 觉得有用的话给个Star呗，这是对作者最大的鼓励！**
+
+**🤝 有问题欢迎提Issue，有改进建议欢迎PR**
+
+</div>

README_EN.md

@@ -0,0 +1,560 @@
+# Claude Relay Service
+
+<div align="center">
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Node.js](https://img.shields.io/badge/Node.js-18+-green.svg)](https://nodejs.org/)
+[![Redis](https://img.shields.io/badge/Redis-6+-red.svg)](https://redis.io/)
+[![Docker](https://img.shields.io/badge/Docker-Ready-blue.svg)](https://www.docker.com/)
+
+**🔐 Self-hosted Claude API relay service with multi-account management** 
+
+[中文文档](README.md) • [Preview](https://demo.pincc.ai/admin-next/login) • [Telegram Channel](https://t.me/claude_relay_service)
+
+</div>
+
+---
+
+## ⭐ If You Find It Useful, Please Give It a Star!
+
+> Open source is not easy, your Star is my motivation to continue updating 🚀  
+> Join [Telegram Channel](https://t.me/claude_relay_service) for the latest updates
+
+---
+
+## ⚠️ Important Notice
+
+**Please read carefully before using this project:**
+
+🚨 **Terms of Service Risk**: Using this project may violate Anthropic's terms of service. Please carefully read Anthropic's user agreement before use. All risks from using this project are borne by the user.
+
+📖 **Disclaimer**: This project is for technical learning and research purposes only. The author is not responsible for any account bans, service interruptions, or other losses caused by using this project.
+
+## 🤔 Is This Project Right for You?
+
+- 🌍 **Regional Restrictions**: Can't directly access Claude Code service in your region?
+- 🔒 **Privacy Concerns**: Worried about third-party mirror services logging or leaking your conversation content?
+- 👥 **Cost Sharing**: Want to share Claude Code Max subscription costs with friends?
+- ⚡ **Stability Issues**: Third-party mirror sites often fail and are unstable, affecting efficiency?
+
+If you have any of these concerns, this project might be suitable for you.
+
+### Suitable Scenarios
+
+✅ **Cost Sharing with Friends**: 3-5 friends sharing Claude Code Max subscription, enjoying Opus freely  
+✅ **Privacy Sensitive**: Don't want third-party mirrors to see your conversation content  
+✅ **Technical Tinkering**: Have basic technical skills, willing to build and maintain yourself  
+✅ **Stability Needs**: Need long-term stable Claude access, don't want to be restricted by mirror sites  
+✅ **Regional Restrictions**: Cannot directly access Claude official service  
+
+### Unsuitable Scenarios
+
+❌ **Complete Beginner**: Don't understand technology at all, don't even know how to buy a server  
+❌ **Occasional Use**: Use it only a few times a month, not worth the hassle  
+❌ **Registration Issues**: Cannot register Claude account yourself  
+❌ **Payment Issues**: No payment method to subscribe to Claude Code  
+
+**If you're just an ordinary user with low privacy requirements, just want to casually play around and quickly experience Claude, then choosing a mirror site you're familiar with would be more suitable.**
+
+---
+
+## 💭 Why Build Your Own?
+
+### Potential Issues with Existing Mirror Sites
+
+- 🕵️ **Privacy Risk**: Your conversation content is completely visible to others, forget about business secrets
+- 🐌 **Performance Instability**: Slow when many people use it, often crashes during peak hours
+- 💰 **Price Opacity**: Don't know the actual costs
+
+### Benefits of Self-hosting
+
+- 🔐 **Data Security**: All API requests only go through your own server, direct connection to Anthropic API
+- ⚡ **Controllable Performance**: Only a few of you using it, Max $200 package basically allows you to enjoy Opus freely
+- 💰 **Cost Transparency**: Clear view of how many tokens used, specific costs calculated at official prices
+- 📊 **Complete Monitoring**: Usage statistics, cost analysis, performance monitoring all available
+
+---
+
+## 🚀 Core Features
+
+> 📸 **[Click to view interface preview](docs/preview.md)** - See detailed screenshots of the Web management interface
+
+### Basic Features
+- ✅ **Multi-account Management**: Add multiple Claude accounts for automatic rotation
+- ✅ **Custom API Keys**: Assign independent keys to each person
+- ✅ **Usage Statistics**: Detailed records of how many tokens each person used
+
+### Advanced Features
+- 🔄 **Smart Switching**: Automatically switch to next account when one has issues
+- 🚀 **Performance Optimization**: Connection pooling, caching to reduce latency
+- 📊 **Monitoring Dashboard**: Web interface to view all data
+- 🛡️ **Security Control**: Access restrictions, rate limiting
+- 🌐 **Proxy Support**: Support for HTTP/SOCKS5 proxies
+
+---
+
+## 📋 Deployment Requirements
+
+### Hardware Requirements (Minimum Configuration)
+- **CPU**: 1 core is sufficient
+- **Memory**: 512MB (1GB recommended)
+- **Storage**: 30GB available space
+- **Network**: Access to Anthropic API (recommend US region servers)
+- **Recommendation**: 2 cores 4GB is basically enough, choose network with good return routes to your country (to improve speed, recommend not using proxy or setting server IP for direct connection)
+
+### Software Requirements
+- **Node.js** 18 or higher
+- **Redis** 6 or higher
+- **Operating System**: Linux recommended
+
+### Cost Estimation
+- **Server**: Light cloud server, $5-10 per month
+- **Claude Subscription**: Depends on how you share costs
+- **Others**: Domain name (optional)
+
+---
+
+## 📦 Manual Deployment
+
+### Step 1: Environment Setup
+
+**Ubuntu/Debian users:**
+```bash
+# Install Node.js
+curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
+sudo apt-get install -y nodejs
+
+# Install Redis
+sudo apt update
+sudo apt install redis-server
+sudo systemctl start redis-server
+```
+
+**CentOS/RHEL users:**
+```bash
+# Install Node.js
+curl -fsSL https://rpm.nodesource.com/setup_18.x | sudo bash -
+sudo yum install -y nodejs
+
+# Install Redis
+sudo yum install redis
+sudo systemctl start redis
+```
+
+### Step 2: Download and Configure
+
+```bash
+# Download project
+git clone https://github.com/Wei-Shaw/claude-relay-service.git
+cd claude-relay-service
+
+# Install dependencies
+npm install
+
+# Copy configuration files (Important!)
+cp config/config.example.js config/config.js
+cp .env.example .env
+```
+
+### Step 3: Configuration File Setup
+
+**Edit `.env` file:**
+```bash
+# Generate these two keys randomly, but remember them
+JWT_SECRET=your-super-secret-key
+ENCRYPTION_KEY=32-character-encryption-key-write-randomly
+
+# Redis configuration
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=
+```
+
+**Edit `config/config.js` file:**
+```javascript
+module.exports = {
+  server: {
+    port: 3000,          // Service port, can be changed
+    host: '0.0.0.0'     // Don't change
+  },
+  redis: {
+    host: '127.0.0.1',  // Redis address
+    port: 6379          // Redis port
+  },
+  // Keep other configurations as default
+}
+```
+
+### Step 4: Start Service
+
+```bash
+# Initialize
+npm run setup # Will randomly generate admin account password info, stored in data/init.json
+
+# Start service
+npm run service:start:daemon   # Run in background (recommended)
+
+# Check status
+npm run service:status
+```
+
+---
+
+## 🎮 Getting Started
+
+### 1. Open Management Interface
+
+Browser visit: `http://your-server-IP:3000/web`
+
+Default admin account: Look in data/init.json
+
+### 2. Add Claude Account
+
+This step is quite important, requires OAuth authorization:
+
+1. Click "Claude Accounts" tab
+2. If you're worried about multiple accounts sharing 1 IP getting banned, you can optionally set a static proxy IP
+3. Click "Add Account"
+4. Click "Generate Authorization Link", will open a new page
+5. Complete Claude login and authorization in the new page
+6. Copy the returned Authorization Code
+7. Paste to page to complete addition
+
+**Note**: If you're in China, this step may require VPN.
+
+### 3. Create API Key
+
+Assign a key to each user:
+
+1. Click "API Keys" tab
+2. Click "Create New Key"
+3. Give the key a name, like "Zhang San's Key"
+4. Set usage limits (optional)
+5. Save, note down the generated key
+
+### 4. Start Using Claude Code
+
+Now you can replace the official API with your own service:
+
+**Set environment variables:**
+```bash
+export ANTHROPIC_BASE_URL="http://127.0.0.1:3000/api/" # Fill in your server's IP address or domain according to actual situation
+export ANTHROPIC_AUTH_TOKEN="API key created in the backend"
+```
+
+**Use claude:**
+```bash
+claude
+```
+
+---
+
+## 🔧 Daily Maintenance
+
+### Service Management
+
+```bash
+# Check service status
+npm run service:status
+
+# View logs
+npm run service:logs
+
+# Restart service
+npm run service:restart:daemon
+
+# Stop service
+npm run service:stop
+```
+
+### Monitor Usage
+
+- **Web Interface**: `http://your-domain:3000/web` - View usage statistics
+- **Health Check**: `http://your-domain:3000/health` - Confirm service is normal
+- **Log Files**: Various log files in `logs/` directory
+
+### Upgrade Guide
+
+When a new version is released, follow these steps to upgrade the service:
+
+```bash
+# 1. Navigate to project directory
+cd claude-relay-service
+
+# 2. Pull latest code
+git pull origin main
+
+# If you encounter package-lock.json conflicts, use the remote version
+git checkout --theirs package-lock.json
+git add package-lock.json
+
+# 3. Install new dependencies (if any)
+npm install
+
+# 4. Restart service
+npm run service:restart:daemon
+
+# 5. Check service status
+npm run service:status
+```
+
+**Important Notes:**
+- Before upgrading, it's recommended to backup important configuration files (.env, config/config.js)
+- Check the changelog to understand if there are any breaking changes
+- Database structure changes will be migrated automatically if needed
+
+### Common Issue Resolution
+
+**Can't connect to Redis?**
+```bash
+# Check if Redis is running
+redis-cli ping
+
+# Should return PONG
+```
+
+**OAuth authorization failed?**
+- Check if proxy settings are correct
+- Ensure normal access to claude.ai
+- Clear browser cache and retry
+
+**API request failed?**
+- Check if API Key is correct
+- View log files for error information
+- Confirm Claude account status is normal
+
+---
+
+## 🛠️ Advanced Usage
+
+### Reverse Proxy Deployment Guide
+
+For production environments, it is recommended to use a reverse proxy for automatic HTTPS, security headers, and performance optimization. Two common solutions are provided below: **Caddy** and **Nginx Proxy Manager (NPM)**.
+
+---
+
+## Caddy Solution
+
+Caddy is a web server that automatically manages HTTPS certificates, with simple configuration and excellent performance, ideal for deployments without Docker environments.
+
+**1. Install Caddy**
+
+```bash
+# Ubuntu/Debian
+sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+sudo apt update
+sudo apt install caddy
+
+# CentOS/RHEL/Fedora
+sudo yum install yum-plugin-copr
+sudo yum copr enable @caddy/caddy
+sudo yum install caddy
+```
+
+**2. Caddy Configuration**
+
+Edit `/etc/caddy/Caddyfile`:
+
+```caddy
+your-domain.com {
+    # Reverse proxy to local service
+    reverse_proxy 127.0.0.1:3000 {
+        # Support streaming responses or SSE
+        flush_interval -1
+
+        # Pass real IP
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+
+        # Long read/write timeout configuration
+        transport http {
+            read_timeout 300s
+            write_timeout 300s
+            dial_timeout 30s
+        }
+    }
+
+    # Security headers
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Frame-Options "DENY"
+        X-Content-Type-Options "nosniff"
+        -Server
+    }
+}
+```
+
+**3. Start Caddy**
+
+```bash
+sudo caddy validate --config /etc/caddy/Caddyfile
+sudo systemctl start caddy
+sudo systemctl enable caddy
+sudo systemctl status caddy
+```
+
+**4. Service Configuration**
+
+Since Caddy automatically manages HTTPS, you can restrict the service to listen locally only:
+
+```javascript
+// config/config.js
+module.exports = {
+  server: {
+    port: 3000,
+    host: '127.0.0.1' // Listen locally only
+  }
+}
+```
+
+**Caddy Features**
+
+* 🔒 Automatic HTTPS with zero-configuration certificate management
+* 🛡️ Secure default configuration with modern TLS suites
+* ⚡ HTTP/2 and streaming support
+* 🔧 Concise configuration files, easy to maintain
+
+---
+
+## Nginx Proxy Manager (NPM) Solution
+
+Nginx Proxy Manager manages reverse proxies and HTTPS certificates through a graphical interface, deployed as a Docker container.
+
+**1. Create a New Proxy Host in NPM**
+
+Configure the Details as follows:
+
+| Item                  | Setting                  |
+| --------------------- | ------------------------ |
+| Domain Names          | relay.example.com        |
+| Scheme                | http                     |
+| Forward Hostname / IP | 192.168.0.1 (docker host IP) |
+| Forward Port          | 3000                     |
+| Block Common Exploits | ☑️                       |
+| Websockets Support    | ❌ **Disable**            |
+| Cache Assets          | ❌ **Disable**            |
+| Access List           | Publicly Accessible      |
+
+> Note:
+> - Ensure Claude Relay Service **listens on `0.0.0.0`, container IP, or host IP** to allow NPM internal network connections.
+> - **Websockets Support and Cache Assets must be disabled**, otherwise SSE / streaming responses will fail.
+
+**2. Custom locations**
+
+No content needed, keep it empty.
+
+**3. SSL Settings**
+
+* **SSL Certificate**: Request a new SSL Certificate (Let's Encrypt) or existing certificate
+* ☑️ **Force SSL**
+* ☑️ **HTTP/2 Support**
+* ☑️ **HSTS Enabled**
+* ☑️ **HSTS Subdomains**
+
+**4. Advanced Configuration**
+
+Add the following to Custom Nginx Configuration:
+
+```nginx
+# Pass real user IP
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+
+# Support WebSocket / SSE streaming
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+proxy_buffering off;
+
+# Long connection / timeout settings (for AI chat streaming)
+proxy_read_timeout 300s;
+proxy_send_timeout 300s;
+proxy_connect_timeout 30s;
+
+# ---- Security Settings ----
+# Strict HTTPS policy (HSTS)
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+# Block clickjacking and content sniffing
+add_header X-Frame-Options "DENY" always;
+add_header X-Content-Type-Options "nosniff" always;
+
+# Referrer / Permissions restriction policies
+add_header Referrer-Policy "no-referrer-when-downgrade" always;
+add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
+
+# Hide server information (equivalent to Caddy's `-Server`)
+proxy_hide_header Server;
+
+# ---- Performance Tuning ----
+# Disable proxy caching for real-time responses (SSE / Streaming)
+proxy_cache_bypass $http_upgrade;
+proxy_no_cache $http_upgrade;
+proxy_request_buffering off;
+```
+
+**5. Launch and Verify**
+
+* After saving, wait for NPM to automatically request Let's Encrypt certificate (if applicable).
+* Check Proxy Host status in Dashboard to ensure it shows "Online".
+* Visit `https://relay.example.com`, if the green lock icon appears, HTTPS is working properly.
+
+**NPM Features**
+
+* 🔒 Automatic certificate application and renewal
+* 🔧 Graphical interface for easy multi-service management
+* ⚡ Native HTTP/2 / HTTPS support
+* 🚀 Ideal for Docker container deployments
+
+---
+
+Both solutions are suitable for production deployment. If you use a Docker environment, **Nginx Proxy Manager is more convenient**; if you want to keep software lightweight and automated, **Caddy is a better choice**.
+
+---
+
+## 💡 Usage Recommendations
+
+### Account Management
+- **Regular Checks**: Check account status weekly, handle exceptions promptly
+- **Reasonable Allocation**: Can assign different API keys to different people, analyze usage based on different API keys
+
+### Security Recommendations
+- **Use HTTPS**: Strongly recommend using Caddy reverse proxy (automatic HTTPS) to ensure secure data transmission
+- **Regular Backups**: Back up important configurations and data
+- **Monitor Logs**: Regularly check exception logs
+- **Update Keys**: Regularly change JWT and encryption keys
+- **Firewall Settings**: Only open necessary ports (80, 443), hide direct service ports
+
+---
+
+## 🆘 What to Do When You Encounter Problems?
+
+### Self-troubleshooting
+1. **Check Logs**: Log files in `logs/` directory
+2. **Check Configuration**: Confirm configuration files are set correctly
+3. **Test Connectivity**: Use curl to test if API is normal
+4. **Restart Service**: Sometimes restarting fixes it
+
+### Seeking Help
+- **GitHub Issues**: Submit detailed error information
+- **Read Documentation**: Carefully read error messages and documentation
+- **Community Discussion**: See if others have encountered similar problems
+
+---
+
+## 📄 License
+This project uses the [MIT License](LICENSE).
+
+---
+
+<div align="center">
+
+**⭐ If you find it useful, please give it a Star, this is the greatest encouragement to the author!**
+
+**🤝 Feel free to submit Issues for problems, welcome PRs for improvement suggestions**
+
+</div>

VERSION

@@ -0,0 +1 @@
+1.1.175

cli/index.js

@@ -0,0 +1,1025 @@
+#!/usr/bin/env node
+
+const { Command } = require('commander')
+const inquirer = require('inquirer')
+const chalk = require('chalk')
+const ora = require('ora')
+const { table } = require('table')
+const bcrypt = require('bcryptjs')
+const fs = require('fs')
+const path = require('path')
+
+const redis = require('../src/models/redis')
+const apiKeyService = require('../src/services/apiKeyService')
+const claudeAccountService = require('../src/services/claudeAccountService')
+const bedrockAccountService = require('../src/services/bedrockAccountService')
+
+const program = new Command()
+
+// 🎨 样式
+const styles = {
+  title: chalk.bold.blue,
+  success: chalk.green,
+  error: chalk.red,
+  warning: chalk.yellow,
+  info: chalk.cyan,
+  dim: chalk.dim
+}
+
+// 🔧 初始化
+async function initialize() {
+  const spinner = ora('正在连接 Redis...').start()
+  try {
+    await redis.connect()
+    spinner.succeed('Redis 连接成功')
+  } catch (error) {
+    spinner.fail('Redis 连接失败')
+    console.error(styles.error(error.message))
+    process.exit(1)
+  }
+}
+
+// 🔐 管理员账户管理
+program
+  .command('admin')
+  .description('管理员账户操作')
+  .action(async () => {
+    await initialize()
+
+    // 直接执行创建初始管理员
+    await createInitialAdmin()
+
+    await redis.disconnect()
+  })
+
+// 🔑 API Key 管理
+program
+  .command('keys')
+  .description('API Key 管理操作')
+  .action(async () => {
+    await initialize()
+
+    const { action } = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'action',
+        message: '请选择操作:',
+        choices: [
+          { name: '📋 查看所有 API Keys', value: 'list' },
+          { name: '🔧 修改 API Key 过期时间', value: 'update-expiry' },
+          { name: '🔄 续期即将过期的 API Key', value: 'renew' },
+          { name: '🗑️  删除 API Key', value: 'delete' }
+        ]
+      }
+    ])
+
+    switch (action) {
+      case 'list':
+        await listApiKeys()
+        break
+      case 'update-expiry':
+        await updateApiKeyExpiry()
+        break
+      case 'renew':
+        await renewApiKeys()
+        break
+      case 'delete':
+        await deleteApiKey()
+        break
+    }
+
+    await redis.disconnect()
+  })
+
+// 📊 系统状态
+program
+  .command('status')
+  .description('查看系统状态')
+  .action(async () => {
+    await initialize()
+
+    const spinner = ora('正在获取系统状态...').start()
+
+    try {
+      const [, apiKeys, accounts] = await Promise.all([
+        redis.getSystemStats(),
+        apiKeyService.getAllApiKeys(),
+        claudeAccountService.getAllAccounts()
+      ])
+
+      spinner.succeed('系统状态获取成功')
+
+      console.log(styles.title('\n📊 系统状态概览\n'))
+
+      const statusData = [
+        ['项目', '数量', '状态'],
+        ['API Keys', apiKeys.length, `${apiKeys.filter((k) => k.isActive).length} 活跃`],
+        ['Claude 账户', accounts.length, `${accounts.filter((a) => a.isActive).length} 活跃`],
+        ['Redis 连接', redis.isConnected ? '已连接' : '未连接', redis.isConnected ? '🟢' : '🔴'],
+        ['运行时间', `${Math.floor(process.uptime() / 60)} 分钟`, '🕐']
+      ]
+
+      console.log(table(statusData))
+
+      // 使用统计
+      const totalTokens = apiKeys.reduce((sum, key) => sum + (key.usage?.total?.tokens || 0), 0)
+      const totalRequests = apiKeys.reduce((sum, key) => sum + (key.usage?.total?.requests || 0), 0)
+
+      console.log(styles.title('\n📈 使用统计\n'))
+      console.log(`总 Token 使用量: ${styles.success(totalTokens.toLocaleString())}`)
+      console.log(`总请求数: ${styles.success(totalRequests.toLocaleString())}`)
+    } catch (error) {
+      spinner.fail('获取系统状态失败')
+      console.error(styles.error(error.message))
+    }
+
+    await redis.disconnect()
+  })
+
+// ☁️ Bedrock 账户管理
+program
+  .command('bedrock')
+  .description('Bedrock 账户管理操作')
+  .action(async () => {
+    await initialize()
+
+    const { action } = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'action',
+        message: '请选择操作:',
+        choices: [
+          { name: '📋 查看所有 Bedrock 账户', value: 'list' },
+          { name: '➕ 创建 Bedrock 账户', value: 'create' },
+          { name: '✏️  编辑 Bedrock 账户', value: 'edit' },
+          { name: '🔄 切换账户状态', value: 'toggle' },
+          { name: '🧪 测试账户连接', value: 'test' },
+          { name: '🗑️  删除账户', value: 'delete' }
+        ]
+      }
+    ])
+
+    switch (action) {
+      case 'list':
+        await listBedrockAccounts()
+        break
+      case 'create':
+        await createBedrockAccount()
+        break
+      case 'edit':
+        await editBedrockAccount()
+        break
+      case 'toggle':
+        await toggleBedrockAccount()
+        break
+      case 'test':
+        await testBedrockAccount()
+        break
+      case 'delete':
+        await deleteBedrockAccount()
+        break
+    }
+
+    await redis.disconnect()
+  })
+
+// 实现具体功能函数
+
+async function createInitialAdmin() {
+  console.log(styles.title('\n🔐 创建初始管理员账户\n'))
+
+  // 检查是否已存在 init.json
+  const initFilePath = path.join(__dirname, '..', 'data', 'init.json')
+  if (fs.existsSync(initFilePath)) {
+    const existingData = JSON.parse(fs.readFileSync(initFilePath, 'utf8'))
+    console.log(styles.warning('⚠️  检测到已存在管理员账户！'))
+    console.log(`   用户名: ${existingData.adminUsername}`)
+    console.log(`   创建时间: ${new Date(existingData.initializedAt).toLocaleString()}`)
+
+    const { overwrite } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'overwrite',
+        message: '是否覆盖现有管理员账户？',
+        default: false
+      }
+    ])
+
+    if (!overwrite) {
+      console.log(styles.info('ℹ️  已取消创建'))
+      return
+    }
+  }
+
+  const adminData = await inquirer.prompt([
+    {
+      type: 'input',
+      name: 'username',
+      message: '用户名:',
+      default: 'admin',
+      validate: (input) => input.length >= 3 || '用户名至少3个字符'
+    },
+    {
+      type: 'password',
+      name: 'password',
+      message: '密码:',
+      validate: (input) => input.length >= 8 || '密码至少8个字符'
+    },
+    {
+      type: 'password',
+      name: 'confirmPassword',
+      message: '确认密码:',
+      validate: (input, answers) => input === answers.password || '密码不匹配'
+    }
+  ])
+
+  const spinner = ora('正在创建管理员账户...').start()
+
+  try {
+    // 1. 先更新 init.json（唯一真实数据源）
+    const initData = {
+      initializedAt: new Date().toISOString(),
+      adminUsername: adminData.username,
+      adminPassword: adminData.password, // 保存明文密码
+      version: '1.0.0',
+      updatedAt: new Date().toISOString()
+    }
+
+    // 确保 data 目录存在
+    const dataDir = path.join(__dirname, '..', 'data')
+    if (!fs.existsSync(dataDir)) {
+      fs.mkdirSync(dataDir, { recursive: true })
+    }
+
+    // 写入文件
+    fs.writeFileSync(initFilePath, JSON.stringify(initData, null, 2))
+
+    // 2. 再更新 Redis 缓存
+    const passwordHash = await bcrypt.hash(adminData.password, 12)
+
+    const credentials = {
+      username: adminData.username,
+      passwordHash,
+      createdAt: new Date().toISOString(),
+      lastLogin: null,
+      updatedAt: new Date().toISOString()
+    }
+
+    await redis.setSession('admin_credentials', credentials, 0) // 永不过期
+
+    spinner.succeed('管理员账户创建成功')
+    console.log(`${styles.success('✅')} 用户名: ${adminData.username}`)
+    console.log(`${styles.success('✅')} 密码: ${adminData.password}`)
+    console.log(`${styles.info('ℹ️')} 请妥善保管登录凭据`)
+    console.log(`${styles.info('ℹ️')} 凭据已保存到: ${initFilePath}`)
+    console.log(`${styles.warning('⚠️')} 如果服务正在运行，请重启服务以加载新凭据`)
+  } catch (error) {
+    spinner.fail('创建管理员账户失败')
+    console.error(styles.error(error.message))
+  }
+}
+
+// API Key 管理功能
+async function listApiKeys() {
+  const spinner = ora('正在获取 API Keys...').start()
+
+  try {
+    const apiKeys = await apiKeyService.getAllApiKeys()
+    spinner.succeed(`找到 ${apiKeys.length} 个 API Keys`)
+
+    if (apiKeys.length === 0) {
+      console.log(styles.warning('没有找到任何 API Keys'))
+      return
+    }
+
+    const tableData = [['名称', 'API Key', '状态', '过期时间', '使用量', 'Token限制']]
+
+    apiKeys.forEach((key) => {
+      const now = new Date()
+      const expiresAt = key.expiresAt ? new Date(key.expiresAt) : null
+      let expiryStatus = '永不过期'
+
+      if (expiresAt) {
+        if (expiresAt < now) {
+          expiryStatus = styles.error(`已过期 (${expiresAt.toLocaleDateString()})`)
+        } else {
+          const daysLeft = Math.ceil((expiresAt - now) / (1000 * 60 * 60 * 24))
+          if (daysLeft <= 7) {
+            expiryStatus = styles.warning(`${daysLeft}天后过期 (${expiresAt.toLocaleDateString()})`)
+          } else {
+            expiryStatus = styles.success(`${expiresAt.toLocaleDateString()}`)
+          }
+        }
+      }
+
+      tableData.push([
+        key.name,
+        key.apiKey ? `${key.apiKey.substring(0, 20)}...` : '-',
+        key.isActive ? '🟢 活跃' : '🔴 停用',
+        expiryStatus,
+        `${(key.usage?.total?.tokens || 0).toLocaleString()}`,
+        key.tokenLimit ? key.tokenLimit.toLocaleString() : '无限制'
+      ])
+    })
+
+    console.log(styles.title('\n🔑 API Keys 列表:\n'))
+    console.log(table(tableData))
+  } catch (error) {
+    spinner.fail('获取 API Keys 失败')
+    console.error(styles.error(error.message))
+  }
+}
+
+async function updateApiKeyExpiry() {
+  try {
+    // 获取所有 API Keys
+    const apiKeys = await apiKeyService.getAllApiKeys()
+
+    if (apiKeys.length === 0) {
+      console.log(styles.warning('没有找到任何 API Keys'))
+      return
+    }
+
+    // 选择要修改的 API Key
+    const { selectedKey } = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'selectedKey',
+        message: '选择要修改的 API Key:',
+        choices: apiKeys.map((key) => ({
+          name: `${key.name} (${key.apiKey?.substring(0, 20)}...) - ${key.expiresAt ? new Date(key.expiresAt).toLocaleDateString() : '永不过期'}`,
+          value: key
+        }))
+      }
+    ])
+
+    console.log(`\n当前 API Key: ${selectedKey.name}`)
+    console.log(
+      `当前过期时间: ${selectedKey.expiresAt ? new Date(selectedKey.expiresAt).toLocaleString() : '永不过期'}`
+    )
+
+    // 选择新的过期时间
+    const { expiryOption } = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'expiryOption',
+        message: '选择新的过期时间:',
+        choices: [
+          { name: '⏰ 1分后（测试用）', value: '1m' },
+          { name: '⏰ 1小时后（测试用）', value: '1h' },
+          { name: '📅 1天后', value: '1d' },
+          { name: '📅 7天后', value: '7d' },
+          { name: '📅 30天后', value: '30d' },
+          { name: '📅 90天后', value: '90d' },
+          { name: '📅 365天后', value: '365d' },
+          { name: '♾️  永不过期', value: 'never' },
+          { name: '🎯 自定义日期时间', value: 'custom' }
+        ]
+      }
+    ])
+
+    let newExpiresAt = null
+
+    if (expiryOption === 'never') {
+      newExpiresAt = null
+    } else if (expiryOption === 'custom') {
+      const { customDate, customTime } = await inquirer.prompt([
+        {
+          type: 'input',
+          name: 'customDate',
+          message: '输入日期 (YYYY-MM-DD):',
+          default: new Date().toISOString().split('T')[0],
+          validate: (input) => {
+            const date = new Date(input)
+            return !isNaN(date.getTime()) || '请输入有效的日期格式'
+          }
+        },
+        {
+          type: 'input',
+          name: 'customTime',
+          message: '输入时间 (HH:MM):',
+          default: '00:00',
+          validate: (input) => /^\d{2}:\d{2}$/.test(input) || '请输入有效的时间格式 (HH:MM)'
+        }
+      ])
+
+      newExpiresAt = new Date(`${customDate}T${customTime}:00`).toISOString()
+    } else {
+      // 计算新的过期时间
+      const now = new Date()
+      const durations = {
+        '1m': 60 * 1000,
+        '1h': 60 * 60 * 1000,
+        '1d': 24 * 60 * 60 * 1000,
+        '7d': 7 * 24 * 60 * 60 * 1000,
+        '30d': 30 * 24 * 60 * 60 * 1000,
+        '90d': 90 * 24 * 60 * 60 * 1000,
+        '365d': 365 * 24 * 60 * 60 * 1000
+      }
+
+      newExpiresAt = new Date(now.getTime() + durations[expiryOption]).toISOString()
+    }
+
+    // 确认修改
+    const confirmMsg = newExpiresAt
+      ? `确认将过期时间修改为: ${new Date(newExpiresAt).toLocaleString()}?`
+      : '确认设置为永不过期?'
+
+    const { confirmed } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'confirmed',
+        message: confirmMsg,
+        default: true
+      }
+    ])
+
+    if (!confirmed) {
+      console.log(styles.info('已取消修改'))
+      return
+    }
+
+    // 执行修改
+    const spinner = ora('正在修改过期时间...').start()
+
+    try {
+      await apiKeyService.updateApiKey(selectedKey.id, { expiresAt: newExpiresAt })
+      spinner.succeed('过期时间修改成功')
+
+      console.log(styles.success(`\n✅ API Key "${selectedKey.name}" 的过期时间已更新`))
+      console.log(
+        `新的过期时间: ${newExpiresAt ? new Date(newExpiresAt).toLocaleString() : '永不过期'}`
+      )
+    } catch (error) {
+      spinner.fail('修改失败')
+      console.error(styles.error(error.message))
+    }
+  } catch (error) {
+    console.error(styles.error('操作失败:', error.message))
+  }
+}
+
+async function renewApiKeys() {
+  const spinner = ora('正在查找即将过期的 API Keys...').start()
+
+  try {
+    const apiKeys = await apiKeyService.getAllApiKeys()
+    const now = new Date()
+    const sevenDaysLater = new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000)
+
+    // 筛选即将过期的 Keys（7天内）
+    const expiringKeys = apiKeys.filter((key) => {
+      if (!key.expiresAt) {
+        return false
+      }
+      const expiresAt = new Date(key.expiresAt)
+      return expiresAt > now && expiresAt <= sevenDaysLater
+    })
+
+    spinner.stop()
+
+    if (expiringKeys.length === 0) {
+      console.log(styles.info('没有即将过期的 API Keys（7天内）'))
+      return
+    }
+
+    console.log(styles.warning(`\n找到 ${expiringKeys.length} 个即将过期的 API Keys:\n`))
+
+    expiringKeys.forEach((key, index) => {
+      const daysLeft = Math.ceil((new Date(key.expiresAt) - now) / (1000 * 60 * 60 * 24))
+      console.log(
+        `${index + 1}. ${key.name} - ${daysLeft}天后过期 (${new Date(key.expiresAt).toLocaleDateString()})`
+      )
+    })
+
+    const { renewOption } = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'renewOption',
+        message: '选择续期方式:',
+        choices: [
+          { name: '📅 全部续期30天', value: 'all30' },
+          { name: '📅 全部续期90天', value: 'all90' },
+          { name: '🎯 逐个选择续期', value: 'individual' }
+        ]
+      }
+    ])
+
+    if (renewOption.startsWith('all')) {
+      const days = renewOption === 'all30' ? 30 : 90
+      const renewSpinner = ora(`正在为所有 API Keys 续期 ${days} 天...`).start()
+
+      for (const key of expiringKeys) {
+        try {
+          const newExpiresAt = new Date(
+            new Date(key.expiresAt).getTime() + days * 24 * 60 * 60 * 1000
+          ).toISOString()
+          await apiKeyService.updateApiKey(key.id, { expiresAt: newExpiresAt })
+        } catch (error) {
+          renewSpinner.fail(`续期 ${key.name} 失败: ${error.message}`)
+        }
+      }
+
+      renewSpinner.succeed(`成功续期 ${expiringKeys.length} 个 API Keys`)
+    } else {
+      // 逐个选择续期
+      for (const key of expiringKeys) {
+        console.log(`\n处理: ${key.name}`)
+
+        const { action } = await inquirer.prompt([
+          {
+            type: 'list',
+            name: 'action',
+            message: '选择操作:',
+            choices: [
+              { name: '续期30天', value: '30' },
+              { name: '续期90天', value: '90' },
+              { name: '跳过', value: 'skip' }
+            ]
+          }
+        ])
+
+        if (action !== 'skip') {
+          const days = parseInt(action)
+          const newExpiresAt = new Date(
+            new Date(key.expiresAt).getTime() + days * 24 * 60 * 60 * 1000
+          ).toISOString()
+
+          try {
+            await apiKeyService.updateApiKey(key.id, { expiresAt: newExpiresAt })
+            console.log(styles.success(`✅ 已续期 ${days} 天`))
+          } catch (error) {
+            console.log(styles.error(`❌ 续期失败: ${error.message}`))
+          }
+        }
+      }
+    }
+  } catch (error) {
+    spinner.fail('操作失败')
+    console.error(styles.error(error.message))
+  }
+}
+
+async function deleteApiKey() {
+  try {
+    const apiKeys = await apiKeyService.getAllApiKeys()
+
+    if (apiKeys.length === 0) {
+      console.log(styles.warning('没有找到任何 API Keys'))
+      return
+    }
+
+    const { selectedKeys } = await inquirer.prompt([
+      {
+        type: 'checkbox',
+        name: 'selectedKeys',
+        message: '选择要删除的 API Keys (空格选择，回车确认):',
+        choices: apiKeys.map((key) => ({
+          name: `${key.name} (${key.apiKey?.substring(0, 20)}...)`,
+          value: key.id
+        }))
+      }
+    ])
+
+    if (selectedKeys.length === 0) {
+      console.log(styles.info('未选择任何 API Key'))
+      return
+    }
+
+    const { confirmed } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'confirmed',
+        message: styles.warning(`确认删除 ${selectedKeys.length} 个 API Keys?`),
+        default: false
+      }
+    ])
+
+    if (!confirmed) {
+      console.log(styles.info('已取消删除'))
+      return
+    }
+
+    const spinner = ora('正在删除 API Keys...').start()
+    let successCount = 0
+
+    for (const keyId of selectedKeys) {
+      try {
+        await apiKeyService.deleteApiKey(keyId)
+        successCount++
+      } catch (error) {
+        spinner.fail(`删除失败: ${error.message}`)
+      }
+    }
+
+    spinner.succeed(`成功删除 ${successCount}/${selectedKeys.length} 个 API Keys`)
+  } catch (error) {
+    console.error(styles.error('删除失败:', error.message))
+  }
+}
+
+// async function listClaudeAccounts() {
+//   const spinner = ora('正在获取 Claude 账户...').start();
+
+//   try {
+//     const accounts = await claudeAccountService.getAllAccounts();
+//     spinner.succeed(`找到 ${accounts.length} 个 Claude 账户`);
+
+//     if (accounts.length === 0) {
+//       console.log(styles.warning('没有找到任何 Claude 账户'));
+//       return;
+//     }
+
+//     const tableData = [
+//       ['ID', '名称', '邮箱', '状态', '代理', '最后使用']
+//     ];
+
+//     accounts.forEach(account => {
+//       tableData.push([
+//         account.id.substring(0, 8) + '...',
+//         account.name,
+//         account.email || '-',
+//         account.isActive ? (account.status === 'active' ? '🟢 活跃' : '🟡 待激活') : '🔴 停用',
+//         account.proxy ? '🌐 是' : '-',
+//         account.lastUsedAt ? new Date(account.lastUsedAt).toLocaleDateString() : '-'
+//       ]);
+//     });
+
+//     console.log('\n🏢 Claude 账户列表:\n');
+//     console.log(table(tableData));
+
+//   } catch (error) {
+//     spinner.fail('获取 Claude 账户失败');
+//     console.error(styles.error(error.message));
+//   }
+// }
+
+// ☁️ Bedrock 账户管理函数
+
+async function listBedrockAccounts() {
+  const spinner = ora('正在获取 Bedrock 账户...').start()
+
+  try {
+    const result = await bedrockAccountService.getAllAccounts()
+    if (!result.success) {
+      throw new Error(result.error)
+    }
+
+    const accounts = result.data
+    spinner.succeed(`找到 ${accounts.length} 个 Bedrock 账户`)
+
+    if (accounts.length === 0) {
+      console.log(styles.warning('没有找到任何 Bedrock 账户'))
+      return
+    }
+
+    const tableData = [['ID', '名称', '区域', '模型', '状态', '凭证类型', '创建时间']]
+
+    accounts.forEach((account) => {
+      tableData.push([
+        `${account.id.substring(0, 8)}...`,
+        account.name,
+        account.region,
+        account.defaultModel?.split('.').pop() || 'default',
+        account.isActive ? (account.schedulable ? '🟢 活跃' : '🟡 不可调度') : '🔴 停用',
+        account.credentialType,
+        account.createdAt ? new Date(account.createdAt).toLocaleDateString() : '-'
+      ])
+    })
+
+    console.log('\n☁️ Bedrock 账户列表:\n')
+    console.log(table(tableData))
+  } catch (error) {
+    spinner.fail('获取 Bedrock 账户失败')
+    console.error(styles.error(error.message))
+  }
+}
+
+async function createBedrockAccount() {
+  console.log(styles.title('\n➕ 创建 Bedrock 账户\n'))
+
+  const questions = [
+    {
+      type: 'input',
+      name: 'name',
+      message: '账户名称:',
+      validate: (input) => input.trim() !== ''
+    },
+    {
+      type: 'input',
+      name: 'description',
+      message: '描述 (可选):'
+    },
+    {
+      type: 'list',
+      name: 'region',
+      message: '选择 AWS 区域:',
+      choices: [
+        { name: 'us-east-1 (北弗吉尼亚)', value: 'us-east-1' },
+        { name: 'us-west-2 (俄勒冈)', value: 'us-west-2' },
+        { name: 'eu-west-1 (爱尔兰)', value: 'eu-west-1' },
+        { name: 'ap-southeast-1 (新加坡)', value: 'ap-southeast-1' }
+      ]
+    },
+    {
+      type: 'list',
+      name: 'credentialType',
+      message: '凭证类型:',
+      choices: [
+        { name: '默认凭证链 (环境变量/AWS配置)', value: 'default' },
+        { name: '访问密钥 (Access Key)', value: 'access_key' },
+        { name: 'Bearer Token (API Key)', value: 'bearer_token' }
+      ]
+    }
+  ]
+
+  // 根据凭证类型添加额外问题
+  const answers = await inquirer.prompt(questions)
+
+  if (answers.credentialType === 'access_key') {
+    const credQuestions = await inquirer.prompt([
+      {
+        type: 'input',
+        name: 'accessKeyId',
+        message: 'AWS Access Key ID:',
+        validate: (input) => input.trim() !== ''
+      },
+      {
+        type: 'password',
+        name: 'secretAccessKey',
+        message: 'AWS Secret Access Key:',
+        validate: (input) => input.trim() !== ''
+      },
+      {
+        type: 'input',
+        name: 'sessionToken',
+        message: 'Session Token (可选，用于临时凭证):'
+      }
+    ])
+
+    answers.awsCredentials = {
+      accessKeyId: credQuestions.accessKeyId,
+      secretAccessKey: credQuestions.secretAccessKey
+    }
+
+    if (credQuestions.sessionToken) {
+      answers.awsCredentials.sessionToken = credQuestions.sessionToken
+    }
+  }
+
+  const spinner = ora('正在创建 Bedrock 账户...').start()
+
+  try {
+    const result = await bedrockAccountService.createAccount(answers)
+
+    if (!result.success) {
+      throw new Error(result.error)
+    }
+
+    spinner.succeed('Bedrock 账户创建成功')
+    console.log(styles.success(`账户 ID: ${result.data.id}`))
+    console.log(styles.info(`名称: ${result.data.name}`))
+    console.log(styles.info(`区域: ${result.data.region}`))
+  } catch (error) {
+    spinner.fail('创建 Bedrock 账户失败')
+    console.error(styles.error(error.message))
+  }
+}
+
+async function testBedrockAccount() {
+  const spinner = ora('正在获取 Bedrock 账户...').start()
+
+  try {
+    const result = await bedrockAccountService.getAllAccounts()
+    if (!result.success || result.data.length === 0) {
+      spinner.fail('没有可测试的 Bedrock 账户')
+      return
+    }
+
+    spinner.succeed('账户列表获取成功')
+
+    const choices = result.data.map((account) => ({
+      name: `${account.name} (${account.region})`,
+      value: account.id
+    }))
+
+    const { accountId } = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'accountId',
+        message: '选择要测试的账户:',
+        choices
+      }
+    ])
+
+    const testSpinner = ora('正在测试账户连接...').start()
+
+    const testResult = await bedrockAccountService.testAccount(accountId)
+
+    if (testResult.success) {
+      testSpinner.succeed('账户连接测试成功')
+      console.log(styles.success(`状态: ${testResult.data.status}`))
+      console.log(styles.info(`区域: ${testResult.data.region}`))
+      console.log(styles.info(`可用模��数量: ${testResult.data.modelsCount || 'N/A'}`))
+    } else {
+      testSpinner.fail('账户连接测试失败')
+      console.error(styles.error(testResult.error))
+    }
+  } catch (error) {
+    spinner.fail('测试过程中发生错误')
+    console.error(styles.error(error.message))
+  }
+}
+
+async function toggleBedrockAccount() {
+  const spinner = ora('正在获取 Bedrock 账户...').start()
+
+  try {
+    const result = await bedrockAccountService.getAllAccounts()
+    if (!result.success || result.data.length === 0) {
+      spinner.fail('没有可操作的 Bedrock 账户')
+      return
+    }
+
+    spinner.succeed('账户列表获取成功')
+
+    const choices = result.data.map((account) => ({
+      name: `${account.name} (${account.isActive ? '🟢 活跃' : '🔴 停用'})`,
+      value: account.id
+    }))
+
+    const { accountId } = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'accountId',
+        message: '选择要切换状态的账户:',
+        choices
+      }
+    ])
+
+    const toggleSpinner = ora('正在切换账户状态...').start()
+
+    // 获取当前状态
+    const accountResult = await bedrockAccountService.getAccount(accountId)
+    if (!accountResult.success) {
+      throw new Error('无法获取账户信息')
+    }
+
+    const newStatus = !accountResult.data.isActive
+    const updateResult = await bedrockAccountService.updateAccount(accountId, {
+      isActive: newStatus
+    })
+
+    if (updateResult.success) {
+      toggleSpinner.succeed('账户状态切换成功')
+      console.log(styles.success(`新状态: ${newStatus ? '🟢 活跃' : '🔴 停用'}`))
+    } else {
+      throw new Error(updateResult.error)
+    }
+  } catch (error) {
+    spinner.fail('切换账户状态失败')
+    console.error(styles.error(error.message))
+  }
+}
+
+async function editBedrockAccount() {
+  const spinner = ora('正在获取 Bedrock 账户...').start()
+
+  try {
+    const result = await bedrockAccountService.getAllAccounts()
+    if (!result.success || result.data.length === 0) {
+      spinner.fail('没有可编辑的 Bedrock 账户')
+      return
+    }
+
+    spinner.succeed('账户列表获取成功')
+
+    const choices = result.data.map((account) => ({
+      name: `${account.name} (${account.region})`,
+      value: account.id
+    }))
+
+    const { accountId } = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'accountId',
+        message: '选择要编辑的账户:',
+        choices
+      }
+    ])
+
+    const accountResult = await bedrockAccountService.getAccount(accountId)
+    if (!accountResult.success) {
+      throw new Error('无法获取账户信息')
+    }
+
+    const account = accountResult.data
+
+    const updates = await inquirer.prompt([
+      {
+        type: 'input',
+        name: 'name',
+        message: '账户名称:',
+        default: account.name
+      },
+      {
+        type: 'input',
+        name: 'description',
+        message: '描述:',
+        default: account.description
+      },
+      {
+        type: 'number',
+        name: 'priority',
+        message: '优先级 (1-100):',
+        default: account.priority,
+        validate: (input) => input >= 1 && input <= 100
+      }
+    ])
+
+    const updateSpinner = ora('正在更新账户...').start()
+
+    const updateResult = await bedrockAccountService.updateAccount(accountId, updates)
+
+    if (updateResult.success) {
+      updateSpinner.succeed('账户更新成功')
+    } else {
+      throw new Error(updateResult.error)
+    }
+  } catch (error) {
+    spinner.fail('编辑账户失败')
+    console.error(styles.error(error.message))
+  }
+}
+
+async function deleteBedrockAccount() {
+  const spinner = ora('正在获取 Bedrock 账户...').start()
+
+  try {
+    const result = await bedrockAccountService.getAllAccounts()
+    if (!result.success || result.data.length === 0) {
+      spinner.fail('没有可删除的 Bedrock 账户')
+      return
+    }
+
+    spinner.succeed('账户列表获取成功')
+
+    const choices = result.data.map((account) => ({
+      name: `${account.name} (${account.region})`,
+      value: { id: account.id, name: account.name }
+    }))
+
+    const { account } = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'account',
+        message: '选择要删除的账户:',
+        choices
+      }
+    ])
+
+    const { confirm } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'confirm',
+        message: `确定要删除账户 "${account.name}" 吗？此操作无法撤销！`,
+        default: false
+      }
+    ])
+
+    if (!confirm) {
+      console.log(styles.info('已取消删除'))
+      return
+    }
+
+    const deleteSpinner = ora('正在删除账户...').start()
+
+    const deleteResult = await bedrockAccountService.deleteAccount(account.id)
+
+    if (deleteResult.success) {
+      deleteSpinner.succeed('账户删除成功')
+    } else {
+      throw new Error(deleteResult.error)
+    }
+  } catch (error) {
+    spinner.fail('删除账户失败')
+    console.error(styles.error(error.message))
+  }
+}
+
+// 程序信息
+program.name('claude-relay-cli').description('Claude Relay Service 命令行管理工具').version('1.0.0')
+
+// 解析命令行参数
+program.parse()
+
+// 如果没有提供命令，显示帮助
+if (!process.argv.slice(2).length) {
+  console.log(styles.title('🚀 Claude Relay Service CLI\n'))
+  console.log('使用以下命令管理服务:\n')
+  console.log('  claude-relay-cli admin         - 创建初始管理员账户')
+  console.log('  claude-relay-cli keys          - API Key 管理（查看/修改过期时间/续期/删除）')
+  console.log('  claude-relay-cli bedrock       - Bedrock 账户管理（创建/查看/编辑/测试/删除）')
+  console.log('  claude-relay-cli status        - 查看系统状态')
+  console.log('\n使用 --help 查看详细帮助信息')
+}

config/config.example.js

@@ -0,0 +1,185 @@
+const path = require('path')
+require('dotenv').config()
+
+const config = {
+  // 🌐 服务器配置
+  server: {
+    port: parseInt(process.env.PORT) || 3000,
+    host: process.env.HOST || '0.0.0.0',
+    nodeEnv: process.env.NODE_ENV || 'development',
+    trustProxy: process.env.TRUST_PROXY === 'true'
+  },
+
+  // 🔐 安全配置
+  security: {
+    jwtSecret: process.env.JWT_SECRET || 'CHANGE-THIS-JWT-SECRET-IN-PRODUCTION',
+    adminSessionTimeout: parseInt(process.env.ADMIN_SESSION_TIMEOUT) || 86400000, // 24小时
+    apiKeyPrefix: process.env.API_KEY_PREFIX || 'cr_',
+    encryptionKey: process.env.ENCRYPTION_KEY || 'CHANGE-THIS-32-CHARACTER-KEY-NOW'
+  },
+
+  // 📊 Redis配置
+  redis: {
+    host: process.env.REDIS_HOST || '127.0.0.1',
+    port: parseInt(process.env.REDIS_PORT) || 6379,
+    password: process.env.REDIS_PASSWORD || '',
+    db: parseInt(process.env.REDIS_DB) || 0,
+    connectTimeout: 10000,
+    commandTimeout: 5000,
+    retryDelayOnFailover: 100,
+    maxRetriesPerRequest: 3,
+    lazyConnect: true,
+    enableTLS: process.env.REDIS_ENABLE_TLS === 'true'
+  },
+
+  // 🔗 会话管理配置
+  session: {
+    // 粘性会话TTL配置（小时），默认1小时
+    stickyTtlHours: parseFloat(process.env.STICKY_SESSION_TTL_HOURS) || 1,
+    // 续期阈值（分钟），默认0分钟（不续期）
+    renewalThresholdMinutes: parseInt(process.env.STICKY_SESSION_RENEWAL_THRESHOLD_MINUTES) || 0
+  },
+
+  // 🎯 Claude API配置
+  claude: {
+    apiUrl: process.env.CLAUDE_API_URL || 'https://api.anthropic.com/v1/messages',
+    apiVersion: process.env.CLAUDE_API_VERSION || '2023-06-01',
+    betaHeader:
+      process.env.CLAUDE_BETA_HEADER ||
+      'claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14',
+    overloadHandling: {
+      enabled: (() => {
+        const minutes = parseInt(process.env.CLAUDE_OVERLOAD_HANDLING_MINUTES) || 0
+        // 验证配置值：限制在0-1440分钟(24小时)内
+        return Math.max(0, Math.min(minutes, 1440))
+      })()
+    }
+  },
+
+  // ☁️ Bedrock API配置
+  bedrock: {
+    enabled: process.env.CLAUDE_CODE_USE_BEDROCK === '1',
+    defaultRegion: process.env.AWS_REGION || 'us-east-1',
+    smallFastModelRegion: process.env.ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION,
+    defaultModel: process.env.ANTHROPIC_MODEL || 'us.anthropic.claude-sonnet-4-20250514-v1:0',
+    smallFastModel:
+      process.env.ANTHROPIC_SMALL_FAST_MODEL || 'us.anthropic.claude-3-5-haiku-20241022-v1:0',
+    maxOutputTokens: parseInt(process.env.CLAUDE_CODE_MAX_OUTPUT_TOKENS) || 4096,
+    maxThinkingTokens: parseInt(process.env.MAX_THINKING_TOKENS) || 1024,
+    enablePromptCaching: process.env.DISABLE_PROMPT_CACHING !== '1'
+  },
+
+  // 🌐 代理配置
+  proxy: {
+    timeout: parseInt(process.env.DEFAULT_PROXY_TIMEOUT) || 600000, // 10分钟
+    maxRetries: parseInt(process.env.MAX_PROXY_RETRIES) || 3,
+    // IP协议族配置：true=IPv4, false=IPv6, 默认IPv4（兼容性更好）
+    useIPv4: process.env.PROXY_USE_IPV4 !== 'false' // 默认 true，只有明确设置为 'false' 才使用 IPv6
+  },
+
+  // ⏱️ 请求超时配置
+  requestTimeout: parseInt(process.env.REQUEST_TIMEOUT) || 600000, // 默认 10 分钟
+
+  // 📈 使用限制
+  limits: {
+    defaultTokenLimit: parseInt(process.env.DEFAULT_TOKEN_LIMIT) || 1000000
+  },
+
+  // 📝 日志配置
+  logging: {
+    level: process.env.LOG_LEVEL || 'info',
+    dirname: path.join(__dirname, '..', 'logs'),
+    maxSize: process.env.LOG_MAX_SIZE || '10m',
+    maxFiles: parseInt(process.env.LOG_MAX_FILES) || 5
+  },
+
+  // 🔧 系统配置
+  system: {
+    cleanupInterval: parseInt(process.env.CLEANUP_INTERVAL) || 3600000, // 1小时
+    tokenUsageRetention: parseInt(process.env.TOKEN_USAGE_RETENTION) || 2592000000, // 30天
+    healthCheckInterval: parseInt(process.env.HEALTH_CHECK_INTERVAL) || 60000, // 1分钟
+    timezone: process.env.SYSTEM_TIMEZONE || 'Asia/Shanghai', // 默认UTC+8（中国时区）
+    timezoneOffset: parseInt(process.env.TIMEZONE_OFFSET) || 8 // UTC偏移小时数，默认+8
+  },
+
+  // 🎨 Web界面配置
+  web: {
+    title: process.env.WEB_TITLE || 'Claude Relay Service',
+    description:
+      process.env.WEB_DESCRIPTION ||
+      'Multi-account Claude API relay service with beautiful management interface',
+    logoUrl: process.env.WEB_LOGO_URL || '/assets/logo.png',
+    enableCors: process.env.ENABLE_CORS === 'true',
+    sessionSecret: process.env.WEB_SESSION_SECRET || 'CHANGE-THIS-SESSION-SECRET'
+  },
+
+  // 🔐 LDAP 认证配置
+  ldap: {
+    enabled: process.env.LDAP_ENABLED === 'true',
+    server: {
+      url: process.env.LDAP_URL || 'ldap://localhost:389',
+      bindDN: process.env.LDAP_BIND_DN || 'cn=admin,dc=example,dc=com',
+      bindCredentials: process.env.LDAP_BIND_PASSWORD || 'admin',
+      searchBase: process.env.LDAP_SEARCH_BASE || 'dc=example,dc=com',
+      searchFilter: process.env.LDAP_SEARCH_FILTER || '(uid={{username}})',
+      searchAttributes: process.env.LDAP_SEARCH_ATTRIBUTES
+        ? process.env.LDAP_SEARCH_ATTRIBUTES.split(',')
+        : ['dn', 'uid', 'cn', 'mail', 'givenName', 'sn'],
+      timeout: parseInt(process.env.LDAP_TIMEOUT) || 5000,
+      connectTimeout: parseInt(process.env.LDAP_CONNECT_TIMEOUT) || 10000,
+      // TLS/SSL 配置
+      tls: {
+        // 是否忽略证书错误 (用于自签名证书)
+        rejectUnauthorized: process.env.LDAP_TLS_REJECT_UNAUTHORIZED !== 'false', // 默认验证证书，设置为false则忽略
+        // CA证书文件路径 (可选，用于自定义CA证书)
+        ca: process.env.LDAP_TLS_CA_FILE
+          ? require('fs').readFileSync(process.env.LDAP_TLS_CA_FILE)
+          : undefined,
+        // 客户端证书文件路径 (可选，用于双向认证)
+        cert: process.env.LDAP_TLS_CERT_FILE
+          ? require('fs').readFileSync(process.env.LDAP_TLS_CERT_FILE)
+          : undefined,
+        // 客户端私钥文件路径 (可选，用于双向认证)
+        key: process.env.LDAP_TLS_KEY_FILE
+          ? require('fs').readFileSync(process.env.LDAP_TLS_KEY_FILE)
+          : undefined,
+        // 服务器名称 (用于SNI，可选)
+        servername: process.env.LDAP_TLS_SERVERNAME || undefined
+      }
+    },
+    userMapping: {
+      username: process.env.LDAP_USER_ATTR_USERNAME || 'uid',
+      displayName: process.env.LDAP_USER_ATTR_DISPLAY_NAME || 'cn',
+      email: process.env.LDAP_USER_ATTR_EMAIL || 'mail',
+      firstName: process.env.LDAP_USER_ATTR_FIRST_NAME || 'givenName',
+      lastName: process.env.LDAP_USER_ATTR_LAST_NAME || 'sn'
+    }
+  },
+
+  // 👥 用户管理配置
+  userManagement: {
+    enabled: process.env.USER_MANAGEMENT_ENABLED === 'true',
+    defaultUserRole: process.env.DEFAULT_USER_ROLE || 'user',
+    userSessionTimeout: parseInt(process.env.USER_SESSION_TIMEOUT) || 86400000, // 24小时
+    maxApiKeysPerUser: parseInt(process.env.MAX_API_KEYS_PER_USER) || 1,
+    allowUserDeleteApiKeys: process.env.ALLOW_USER_DELETE_API_KEYS === 'true' // 默认不允许用户删除自己的API Keys
+  },
+
+  // 📢 Webhook通知配置
+  webhook: {
+    enabled: process.env.WEBHOOK_ENABLED !== 'false', // 默认启用
+    urls: process.env.WEBHOOK_URLS
+      ? process.env.WEBHOOK_URLS.split(',').map((url) => url.trim())
+      : [],
+    timeout: parseInt(process.env.WEBHOOK_TIMEOUT) || 10000, // 10秒超时
+    retries: parseInt(process.env.WEBHOOK_RETRIES) || 3 // 重试3次
+  },
+
+  // 🛠️ 开发配置
+  development: {
+    debug: process.env.DEBUG === 'true',
+    hotReload: process.env.HOT_RELOAD === 'true'
+  }
+}
+
+module.exports = config

docker-compose.yml

@@ -0,0 +1,165 @@
+version: '3.8'
+
+# Claude Relay Service Docker Compose 配置
+# 所有配置通过环境变量设置，无需映射 .env 文件
+
+services:
+  # 🚀 Claude Relay Service
+  claude-relay:
+    build: .
+    image: weishaw/claude-relay-service:latest
+    restart: unless-stopped
+    ports:
+      # 绑定地址：生产环境建议使用反向代理，设置 BIND_HOST=127.0.0.1
+      - "${BIND_HOST:-0.0.0.0}:${PORT:-3000}:3000"
+    volumes:
+      - ./logs:/app/logs
+      - ./data:/app/data
+    environment:
+      # 🌐 服务器配置
+      - NODE_ENV=production
+      - PORT=3000
+      - HOST=0.0.0.0
+      
+      # 🔐 安全配置（必填）
+      - JWT_SECRET=${JWT_SECRET}  # 必填：至少32字符的随机字符串
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY}  # 必填：32字符的加密密钥
+      - ADMIN_SESSION_TIMEOUT=${ADMIN_SESSION_TIMEOUT:-86400000}
+      - API_KEY_PREFIX=${API_KEY_PREFIX:-cr_}
+      
+      # 👤 管理员凭据（可选）
+      - ADMIN_USERNAME=${ADMIN_USERNAME:-}
+      - ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
+      
+      # 📊 Redis 配置
+      - REDIS_HOST=redis
+      - REDIS_PORT=6379
+      - REDIS_PASSWORD=${REDIS_PASSWORD:-}
+      - REDIS_DB=${REDIS_DB:-0}
+      - REDIS_ENABLE_TLS=${REDIS_ENABLE_TLS:-}
+      
+      # 🎯 Claude API 配置
+      - CLAUDE_API_URL=${CLAUDE_API_URL:-https://api.anthropic.com/v1/messages}
+      - CLAUDE_API_VERSION=${CLAUDE_API_VERSION:-2023-06-01}
+      - CLAUDE_BETA_HEADER=${CLAUDE_BETA_HEADER:-claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14}
+      
+      # 🌐 代理配置
+      - DEFAULT_PROXY_TIMEOUT=${DEFAULT_PROXY_TIMEOUT:-60000}
+      - MAX_PROXY_RETRIES=${MAX_PROXY_RETRIES:-3}
+      
+      # 📈 使用限制
+      - DEFAULT_TOKEN_LIMIT=${DEFAULT_TOKEN_LIMIT:-1000000}
+      
+      # 📝 日志配置
+      - LOG_LEVEL=${LOG_LEVEL:-info}
+      - LOG_MAX_SIZE=${LOG_MAX_SIZE:-10m}
+      - LOG_MAX_FILES=${LOG_MAX_FILES:-5}
+      
+      # 🔧 系统配置
+      - CLEANUP_INTERVAL=${CLEANUP_INTERVAL:-3600000}
+      - TOKEN_USAGE_RETENTION=${TOKEN_USAGE_RETENTION:-2592000000}
+      - HEALTH_CHECK_INTERVAL=${HEALTH_CHECK_INTERVAL:-60000}
+      - TIMEZONE_OFFSET=${TIMEZONE_OFFSET:-8}
+      
+      # 🎨 Web 界面配置
+      - WEB_TITLE=${WEB_TITLE:-Claude Relay Service}
+      - WEB_DESCRIPTION=${WEB_DESCRIPTION:-Multi-account Claude API relay service}
+      - WEB_LOGO_URL=${WEB_LOGO_URL:-/assets/logo.png}
+      
+      # 🛠️ 开发配置
+      - DEBUG=${DEBUG:-false}
+      - ENABLE_CORS=${ENABLE_CORS:-true}
+      - TRUST_PROXY=${TRUST_PROXY:-true}
+    depends_on:
+      - redis
+    networks:
+      - claude-relay-network
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  # 📊 Redis Database
+  redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+    # 仅在容器网络内部暴露端口，不映射到主机
+    expose:
+      - "6379"
+    # 注意：如需本地调试访问，可取消下行注释（生产环境禁用）
+    # ports:
+    #   - "127.0.0.1:${REDIS_PORT:-6379}:6379"
+    volumes:
+      - ./redis_data:/data
+    command: redis-server --save 60 1 --appendonly yes --appendfsync everysec
+    networks:
+      - claude-relay-network
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  # 📈 Redis Monitoring (Optional)
+  redis-commander:
+    image: rediscommander/redis-commander:latest
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:${REDIS_WEB_PORT:-8081}:8081"
+    environment:
+      - REDIS_HOSTS=local:redis:6379
+    depends_on:
+      - redis
+    networks:
+      - claude-relay-network
+    profiles:
+      - monitoring
+
+  # 📊 Application Monitoring (Optional)
+  prometheus:
+    image: prom/prometheus:latest
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:${PROMETHEUS_PORT:-9090}:9090"
+    volumes:
+      - ./config/prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - prometheus_data:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+      - '--web.console.libraries=/etc/prometheus/console_libraries'
+      - '--web.console.templates=/etc/prometheus/consoles'
+      - '--web.enable-lifecycle'
+    networks:
+      - claude-relay-network
+    profiles:
+      - monitoring
+
+  # 📈 Grafana Dashboard (Optional)
+  grafana:
+    image: grafana/grafana:latest
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:${GRAFANA_PORT:-3001}:3000"
+    environment:
+      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD:-admin123}
+    volumes:
+      - grafana_data:/var/lib/grafana
+      - ./config/grafana:/etc/grafana/provisioning
+    depends_on:
+      - prometheus
+    networks:
+      - claude-relay-network
+    profiles:
+      - monitoring
+
+volumes:
+  prometheus_data:
+    driver: local
+  grafana_data:
+    driver: local
+
+networks:
+  claude-relay-network:
+    driver: bridge

docker-entrypoint.sh

@@ -0,0 +1,65 @@
+#!/bin/sh
+set -e
+
+echo "🚀 Claude Relay Service 启动中..."
+
+# 检查关键环境变量
+if [ -z "$JWT_SECRET" ]; then
+  echo "❌ 错误: JWT_SECRET 环境变量未设置"
+  echo "   请在 docker-compose.yml 中设置 JWT_SECRET"
+  echo "   例如: JWT_SECRET=your-random-secret-key-at-least-32-chars"
+  exit 1
+fi
+
+if [ -z "$ENCRYPTION_KEY" ]; then
+  echo "❌ 错误: ENCRYPTION_KEY 环境变量未设置"
+  echo "   请在 docker-compose.yml 中设置 ENCRYPTION_KEY"
+  echo "   例如: ENCRYPTION_KEY=your-32-character-encryption-key"
+  exit 1
+fi
+
+# 检查并复制配置文件
+if [ ! -f "/app/config/config.js" ]; then
+  echo "📋 检测到 config.js 不存在，从模板创建..."
+  if [ -f "/app/config/config.example.js" ]; then
+    cp /app/config/config.example.js /app/config/config.js
+    echo "✅ config.js 已创建"
+  else
+    echo "❌ 错误: config.example.js 不存在"
+    exit 1
+  fi
+fi
+
+# 显示配置信息
+echo "✅ 环境配置已就绪"
+echo "   JWT_SECRET: [已设置]"
+echo "   ENCRYPTION_KEY: [已设置]"
+echo "   REDIS_HOST: ${REDIS_HOST:-localhost}"
+echo "   PORT: ${PORT:-3000}"
+
+# 检查是否需要初始化
+if [ ! -f "/app/data/init.json" ]; then
+  echo "📋 首次启动，执行初始化设置..."
+  
+  # 如果设置了环境变量，显示提示
+  if [ -n "$ADMIN_USERNAME" ] || [ -n "$ADMIN_PASSWORD" ]; then
+    echo "📌 检测到预设的管理员凭据"
+  fi
+  
+  # 执行初始化脚本
+  node /app/scripts/setup.js
+  
+  echo "✅ 初始化完成"
+else
+  echo "✅ 检测到已有配置，跳过初始化"
+  
+  # 如果 init.json 存在但环境变量也设置了，显示警告
+  if [ -n "$ADMIN_USERNAME" ] || [ -n "$ADMIN_PASSWORD" ]; then
+    echo "⚠️  警告: 检测到环境变量 ADMIN_USERNAME/ADMIN_PASSWORD，但系统已初始化"
+    echo "   如需使用新凭据，请删除 data/init.json 文件后重启容器"
+  fi
+fi
+
+# 启动应用
+echo "🌐 启动 Claude Relay Service..."
+exec "$@"

nodemon.json

@@ -0,0 +1,5 @@
+{
+  "watch": ["src"],
+  "ext": "js,json",
+  "exec": "npm run lint && node src/app.js"
+}

package.json

@@ -0,0 +1,101 @@
+{
+  "name": "claude-relay-service",
+  "version": "1.0.0",
+  "description": "Claude Code API relay service with multi-account management, OpenAI compatibility, and API key authentication",
+  "main": "src/app.js",
+  "scripts": {
+    "start": "npm run lint && node src/app.js",
+    "dev": "nodemon",
+    "build:web": "cd web/admin-spa && npm run build",
+    "install:web": "cd web/admin-spa && npm install",
+    "update:pricing": "node scripts/update-model-pricing.js",
+    "setup": "node scripts/setup.js",
+    "cli": "node cli/index.js",
+    "init:costs": "node src/cli/initCosts.js",
+    "service": "node scripts/manage.js",
+    "service:start": "node scripts/manage.js start",
+    "service:start:daemon": "node scripts/manage.js start -d",
+    "service:start:d": "node scripts/manage.js start -d",
+    "service:daemon": "node scripts/manage.js start -d",
+    "service:stop": "node scripts/manage.js stop",
+    "service:restart": "node scripts/manage.js restart",
+    "service:restart:daemon": "node scripts/manage.js restart -d",
+    "service:logs:follow": "node scripts/manage.js logs -f",
+    "service:restart:d": "node scripts/manage.js restart -d",
+    "service:status": "node scripts/manage.js status",
+    "service:logs": "node scripts/manage.js logs",
+    "monitor": "bash scripts/monitor-enhanced.sh",
+    "status": "bash scripts/status-unified.sh",
+    "status:detail": "bash scripts/status-unified.sh --detail",
+    "test": "jest",
+    "lint": "eslint src/**/*.js cli/**/*.js scripts/**/*.js --fix",
+    "lint:check": "eslint src/**/*.js cli/**/*.js scripts/**/*.js",
+    "format": "prettier --write \"src/**/*.js\" \"cli/**/*.js\" \"scripts/**/*.js\"",
+    "format:check": "prettier --check \"src/**/*.js\" \"cli/**/*.js\" \"scripts/**/*.js\"",
+    "docker:build": "docker build -t claude-relay-service .",
+    "docker:up": "docker-compose up -d",
+    "docker:down": "docker-compose down",
+    "migrate:apikey-expiry": "node scripts/migrate-apikey-expiry.js",
+    "migrate:apikey-expiry:dry": "node scripts/migrate-apikey-expiry.js --dry-run",
+    "migrate:fix-usage-stats": "node scripts/fix-usage-stats.js",
+    "data:export": "node scripts/data-transfer.js export",
+    "data:import": "node scripts/data-transfer.js import",
+    "data:export:sanitized": "node scripts/data-transfer.js export --sanitize",
+    "data:export:enhanced": "node scripts/data-transfer-enhanced.js export",
+    "data:export:encrypted": "node scripts/data-transfer-enhanced.js export --decrypt=false",
+    "data:import:enhanced": "node scripts/data-transfer-enhanced.js import",
+    "data:debug": "node scripts/debug-redis-keys.js",
+    "test:pricing-fallback": "node scripts/test-pricing-fallback.js"
+  },
+  "dependencies": {
+    "@aws-sdk/client-bedrock-runtime": "^3.861.0",
+    "@aws-sdk/credential-providers": "^3.859.0",
+    "axios": "^1.6.0",
+    "bcryptjs": "^2.4.3",
+    "chalk": "^4.1.2",
+    "commander": "^11.1.0",
+    "compression": "^1.7.4",
+    "cors": "^2.8.5",
+    "dotenv": "^16.3.1",
+    "express": "^4.18.2",
+    "google-auth-library": "^10.1.0",
+    "helmet": "^7.1.0",
+    "https-proxy-agent": "^7.0.2",
+    "inquirer": "^8.2.6",
+    "ioredis": "^5.3.2",
+    "ldapjs": "^3.0.7",
+    "morgan": "^1.10.0",
+    "nodemailer": "^7.0.6",
+    "ora": "^5.4.1",
+    "rate-limiter-flexible": "^5.0.5",
+    "socks-proxy-agent": "^8.0.2",
+    "string-similarity": "^4.0.4",
+    "table": "^6.8.1",
+    "uuid": "^9.0.1",
+    "winston": "^3.11.0",
+    "winston-daily-rotate-file": "^4.7.1"
+  },
+  "devDependencies": {
+    "@types/node": "^20.8.9",
+    "eslint": "^8.53.0",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-plugin-prettier": "^5.5.4",
+    "jest": "^29.7.0",
+    "nodemon": "^3.0.1",
+    "prettier": "^3.6.2",
+    "supertest": "^6.3.3"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "keywords": [
+    "claude",
+    "api",
+    "proxy",
+    "relay",
+    "claude-code",
+    "anthropic"
+  ],
+  "author": "Claude Relay Service",
+  "license": "MIT"
+}

resources/model-pricing/README.md

@@ -0,0 +1,37 @@
+# Model Pricing Data
+
+This directory contains a local copy of the LiteLLM model pricing data as a fallback mechanism.
+
+## Source
+The original file is maintained by the LiteLLM project:
+- Repository: https://github.com/BerriAI/litellm
+- File: https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json
+
+## Purpose
+This local copy serves as a fallback when the remote file cannot be downloaded due to:
+- Network restrictions
+- Firewall rules
+- DNS resolution issues
+- GitHub being blocked in certain regions
+- Docker container network limitations
+
+## Update Process
+The pricingService will:
+1. First attempt to download the latest version from GitHub
+2. If download fails, use this local copy as fallback
+3. Log a warning when using the fallback file
+
+## Manual Update
+To manually update this file with the latest pricing data:
+```bash
+curl -s https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json -o model_prices_and_context_window.json
+```
+
+## File Format
+The file contains JSON data with model pricing information including:
+- Model names and identifiers
+- Input/output token costs
+- Context window sizes
+- Model capabilities
+
+Last updated: 2025-08-10

scripts/analyze-log-sessions.js

@@ -0,0 +1,606 @@
+#!/usr/bin/env node
+
+/**
+ * 从日志文件分析Claude账户请求时间的CLI工具
+ * 用于恢复会话窗口数据
+ */
+
+const fs = require('fs')
+const path = require('path')
+const readline = require('readline')
+const zlib = require('zlib')
+const redis = require('../src/models/redis')
+
+class LogSessionAnalyzer {
+  constructor() {
+    // 更新正则表达式以匹配实际的日志格式
+    this.accountUsagePattern =
+      /🎯 Using sticky session shared account: (.+?) \(([a-f0-9-]{36})\) for session ([a-f0-9]+)/
+    this.processingPattern =
+      /📡 Processing streaming API request with usage capture for key: (.+?), account: ([a-f0-9-]{36}), session: ([a-f0-9]+)/
+    this.completedPattern = /🔗 ✅ Request completed in (\d+)ms for key: (.+)/
+    this.usageRecordedPattern =
+      /🔗 📊 Stream usage recorded \(real\) - Model: (.+?), Input: (\d+), Output: (\d+), Cache Create: (\d+), Cache Read: (\d+), Total: (\d+) tokens/
+    this.timestampPattern = /\[(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})\]/
+    this.accounts = new Map()
+    this.requestHistory = []
+    this.sessions = new Map() // 记录会话信息
+  }
+
+  // 解析时间戳
+  parseTimestamp(line) {
+    const match = line.match(this.timestampPattern)
+    if (match) {
+      return new Date(match[1])
+    }
+    return null
+  }
+
+  // 分析单个日志文件
+  async analyzeLogFile(filePath) {
+    console.log(`📖 分析日志文件: ${filePath}`)
+
+    let fileStream = fs.createReadStream(filePath)
+
+    // 如果是gz文件，需要先解压
+    if (filePath.endsWith('.gz')) {
+      console.log('   🗜️  检测到gz压缩文件，正在解压...')
+      fileStream = fileStream.pipe(zlib.createGunzip())
+    }
+
+    const rl = readline.createInterface({
+      input: fileStream,
+      crlfDelay: Infinity
+    })
+
+    let lineCount = 0
+    let requestCount = 0
+    let usageCount = 0
+
+    for await (const line of rl) {
+      lineCount++
+
+      // 解析时间戳
+      const timestamp = this.parseTimestamp(line)
+      if (!timestamp) {
+        continue
+      }
+
+      // 查找账户使用记录
+      const accountUsageMatch = line.match(this.accountUsagePattern)
+      if (accountUsageMatch) {
+        const accountName = accountUsageMatch[1]
+        const accountId = accountUsageMatch[2]
+        const sessionId = accountUsageMatch[3]
+
+        if (!this.accounts.has(accountId)) {
+          this.accounts.set(accountId, {
+            accountId,
+            accountName,
+            requests: [],
+            firstRequest: timestamp,
+            lastRequest: timestamp,
+            totalRequests: 0,
+            sessions: new Set()
+          })
+        }
+
+        const account = this.accounts.get(accountId)
+        account.sessions.add(sessionId)
+
+        if (timestamp < account.firstRequest) {
+          account.firstRequest = timestamp
+        }
+        if (timestamp > account.lastRequest) {
+          account.lastRequest = timestamp
+        }
+      }
+
+      // 查找请求处理记录
+      const processingMatch = line.match(this.processingPattern)
+      if (processingMatch) {
+        const apiKeyName = processingMatch[1]
+        const accountId = processingMatch[2]
+        const sessionId = processingMatch[3]
+
+        if (!this.accounts.has(accountId)) {
+          this.accounts.set(accountId, {
+            accountId,
+            accountName: 'Unknown',
+            requests: [],
+            firstRequest: timestamp,
+            lastRequest: timestamp,
+            totalRequests: 0,
+            sessions: new Set()
+          })
+        }
+
+        const account = this.accounts.get(accountId)
+        account.requests.push({
+          timestamp,
+          apiKeyName,
+          sessionId,
+          type: 'processing'
+        })
+
+        account.sessions.add(sessionId)
+        account.totalRequests++
+        requestCount++
+
+        if (timestamp > account.lastRequest) {
+          account.lastRequest = timestamp
+        }
+
+        // 记录到全局请求历史
+        this.requestHistory.push({
+          timestamp,
+          accountId,
+          apiKeyName,
+          sessionId,
+          type: 'processing'
+        })
+      }
+
+      // 查找请求完成记录
+      const completedMatch = line.match(this.completedPattern)
+      if (completedMatch) {
+        const duration = parseInt(completedMatch[1])
+        const apiKeyName = completedMatch[2]
+
+        // 记录到全局请求历史
+        this.requestHistory.push({
+          timestamp,
+          apiKeyName,
+          duration,
+          type: 'completed'
+        })
+      }
+
+      // 查找使用统计记录
+      const usageMatch = line.match(this.usageRecordedPattern)
+      if (usageMatch) {
+        const model = usageMatch[1]
+        const inputTokens = parseInt(usageMatch[2])
+        const outputTokens = parseInt(usageMatch[3])
+        const cacheCreateTokens = parseInt(usageMatch[4])
+        const cacheReadTokens = parseInt(usageMatch[5])
+        const totalTokens = parseInt(usageMatch[6])
+
+        usageCount++
+
+        // 记录到全局请求历史
+        this.requestHistory.push({
+          timestamp,
+          type: 'usage',
+          model,
+          inputTokens,
+          outputTokens,
+          cacheCreateTokens,
+          cacheReadTokens,
+          totalTokens
+        })
+      }
+    }
+
+    console.log(
+      `   📊 解析完成: ${lineCount} 行, 找到 ${requestCount} 个请求记录, ${usageCount} 个使用统计`
+    )
+  }
+
+  // 分析日志目录中的所有文件
+  async analyzeLogDirectory(logDir = './logs') {
+    console.log(`🔍 扫描日志目录: ${logDir}\n`)
+
+    try {
+      const files = fs.readdirSync(logDir)
+      const logFiles = files
+        .filter(
+          (file) =>
+            file.includes('claude-relay') &&
+            (file.endsWith('.log') ||
+              file.endsWith('.log.1') ||
+              file.endsWith('.log.gz') ||
+              file.match(/\.log\.\d+\.gz$/) ||
+              file.match(/\.log\.\d+$/))
+        )
+        .sort()
+        .reverse() // 最新的文件优先
+
+      if (logFiles.length === 0) {
+        console.log('❌ 没有找到日志文件')
+        return
+      }
+
+      console.log(`📁 找到 ${logFiles.length} 个日志文件:`)
+      logFiles.forEach((file) => console.log(`   - ${file}`))
+      console.log('')
+
+      // 分析每个文件
+      for (const file of logFiles) {
+        const filePath = path.join(logDir, file)
+        await this.analyzeLogFile(filePath)
+      }
+    } catch (error) {
+      console.error(`❌ 读取日志目录失败: ${error.message}`)
+      throw error
+    }
+  }
+
+  // 分析单个日志文件（支持直接传入文件路径）
+  async analyzeSingleFile(filePath) {
+    console.log(`🔍 分析单个日志文件: ${filePath}\n`)
+
+    try {
+      if (!fs.existsSync(filePath)) {
+        console.log('❌ 文件不存在')
+        return
+      }
+
+      await this.analyzeLogFile(filePath)
+    } catch (error) {
+      console.error(`❌ 分析文件失败: ${error.message}`)
+      throw error
+    }
+  }
+
+  // 计算会话窗口
+  calculateSessionWindow(requestTime) {
+    const hour = requestTime.getHours()
+    const windowStartHour = Math.floor(hour / 5) * 5
+
+    const windowStart = new Date(requestTime)
+    windowStart.setHours(windowStartHour, 0, 0, 0)
+
+    const windowEnd = new Date(windowStart)
+    windowEnd.setHours(windowEnd.getHours() + 5)
+
+    return { windowStart, windowEnd }
+  }
+
+  // 分析会话窗口
+  analyzeSessionWindows() {
+    console.log('🕐 分析会话窗口...\n')
+
+    const now = new Date()
+    const results = []
+
+    for (const [accountId, accountData] of this.accounts) {
+      const requests = accountData.requests.sort((a, b) => a.timestamp - b.timestamp)
+
+      // 按会话窗口分组请求
+      const windowGroups = new Map()
+
+      for (const request of requests) {
+        const { windowStart, windowEnd } = this.calculateSessionWindow(request.timestamp)
+        const windowKey = `${windowStart.getTime()}-${windowEnd.getTime()}`
+
+        if (!windowGroups.has(windowKey)) {
+          windowGroups.set(windowKey, {
+            windowStart,
+            windowEnd,
+            requests: [],
+            isActive: now >= windowStart && now < windowEnd
+          })
+        }
+
+        windowGroups.get(windowKey).requests.push(request)
+      }
+
+      // 转换为数组并排序
+      const windowArray = Array.from(windowGroups.values()).sort(
+        (a, b) => b.windowStart - a.windowStart
+      ) // 最新的窗口优先
+
+      const result = {
+        accountId,
+        accountName: accountData.accountName,
+        totalRequests: accountData.totalRequests,
+        firstRequest: accountData.firstRequest,
+        lastRequest: accountData.lastRequest,
+        sessions: accountData.sessions,
+        windows: windowArray,
+        currentActiveWindow: windowArray.find((w) => w.isActive) || null,
+        mostRecentWindow: windowArray[0] || null
+      }
+
+      results.push(result)
+    }
+
+    return results.sort((a, b) => b.lastRequest - a.lastRequest)
+  }
+
+  // 显示分析结果
+  displayResults(results) {
+    console.log('📊 分析结果:\n')
+    console.log('='.repeat(80))
+
+    for (const result of results) {
+      console.log(`🏢 账户: ${result.accountName || 'Unknown'} (${result.accountId})`)
+      console.log(`   总请求数: ${result.totalRequests}`)
+      console.log(`   会话数: ${result.sessions ? result.sessions.size : 0}`)
+      console.log(`   首次请求: ${result.firstRequest.toLocaleString()}`)
+      console.log(`   最后请求: ${result.lastRequest.toLocaleString()}`)
+
+      if (result.currentActiveWindow) {
+        console.log(
+          `   ✅ 当前活跃窗口: ${result.currentActiveWindow.windowStart.toLocaleString()} - ${result.currentActiveWindow.windowEnd.toLocaleString()}`
+        )
+        console.log(`       窗口内请求: ${result.currentActiveWindow.requests.length} 次`)
+        const progress = this.calculateWindowProgress(
+          result.currentActiveWindow.windowStart,
+          result.currentActiveWindow.windowEnd
+        )
+        console.log(`       窗口进度: ${progress}%`)
+      } else if (result.mostRecentWindow) {
+        const window = result.mostRecentWindow
+        console.log(
+          `   ⏰ 最近窗口(已过期): ${window.windowStart.toLocaleString()} - ${window.windowEnd.toLocaleString()}`
+        )
+        console.log(`       窗口内请求: ${window.requests.length} 次`)
+        const hoursAgo = Math.round((new Date() - window.windowEnd) / (1000 * 60 * 60))
+        console.log(`       过期时间: ${hoursAgo} 小时前`)
+      } else {
+        console.log('   ❌ 无会话窗口数据')
+      }
+
+      // 显示最近几个窗口
+      if (result.windows.length > 1) {
+        console.log(`   📈 历史窗口: ${result.windows.length} 个`)
+        const recentWindows = result.windows.slice(0, 3)
+        for (let i = 0; i < recentWindows.length; i++) {
+          const window = recentWindows[i]
+          const status = window.isActive ? '活跃' : '已过期'
+          console.log(
+            `      ${i + 1}. ${window.windowStart.toLocaleString()} - ${window.windowEnd.toLocaleString()} (${status}, ${window.requests.length}次请求)`
+          )
+        }
+      }
+
+      // 显示最近几个会话的API Key使用情况
+      const accountData = this.accounts.get(result.accountId)
+      if (accountData && accountData.requests && accountData.requests.length > 0) {
+        const apiKeyStats = {}
+
+        for (const req of accountData.requests) {
+          if (!apiKeyStats[req.apiKeyName]) {
+            apiKeyStats[req.apiKeyName] = 0
+          }
+          apiKeyStats[req.apiKeyName]++
+        }
+
+        console.log('   🔑 API Key使用统计:')
+        for (const [keyName, count] of Object.entries(apiKeyStats)) {
+          console.log(`      - ${keyName}: ${count} 次`)
+        }
+      }
+
+      console.log('')
+    }
+
+    console.log('='.repeat(80))
+    console.log(`总计: ${results.length} 个账户, ${this.requestHistory.length} 个日志记录\n`)
+  }
+
+  // 计算窗口进度百分比
+  calculateWindowProgress(windowStart, windowEnd) {
+    const now = new Date()
+    const totalDuration = windowEnd.getTime() - windowStart.getTime()
+    const elapsedTime = now.getTime() - windowStart.getTime()
+    return Math.max(0, Math.min(100, Math.round((elapsedTime / totalDuration) * 100)))
+  }
+
+  // 更新Redis中的会话窗口数据
+  async updateRedisSessionWindows(results, dryRun = true) {
+    if (dryRun) {
+      console.log('🧪 模拟模式 - 不会实际更新Redis数据\n')
+    } else {
+      console.log('💾 更新Redis中的会话窗口数据...\n')
+      await redis.connect()
+    }
+
+    let updatedCount = 0
+    let skippedCount = 0
+
+    for (const result of results) {
+      try {
+        const accountData = await redis.getClaudeAccount(result.accountId)
+
+        if (!accountData || Object.keys(accountData).length === 0) {
+          console.log(`⚠️  账户 ${result.accountId} 在Redis中不存在，跳过`)
+          skippedCount++
+          continue
+        }
+
+        console.log(`🔄 处理账户: ${accountData.name || result.accountId}`)
+
+        // 确定要设置的会话窗口
+        let targetWindow = null
+
+        if (result.currentActiveWindow) {
+          targetWindow = result.currentActiveWindow
+          console.log(
+            `   ✅ 使用当前活跃窗口: ${targetWindow.windowStart.toLocaleString()} - ${targetWindow.windowEnd.toLocaleString()}`
+          )
+        } else if (result.mostRecentWindow) {
+          const window = result.mostRecentWindow
+          const now = new Date()
+
+          // 如果最近窗口是在过去24小时内的，可以考虑恢复
+          const hoursSinceWindow = (now - window.windowEnd) / (1000 * 60 * 60)
+
+          if (hoursSinceWindow <= 24) {
+            console.log(
+              `   🕐 最近窗口在24小时内，但已过期: ${window.windowStart.toLocaleString()} - ${window.windowEnd.toLocaleString()}`
+            )
+            console.log(`   ❌ 不恢复已过期窗口（${hoursSinceWindow.toFixed(1)}小时前过期）`)
+          } else {
+            console.log('   ⏰ 最近窗口超过24小时前，不予恢复')
+          }
+        }
+
+        if (targetWindow && !dryRun) {
+          // 更新Redis中的会话窗口数据
+          accountData.sessionWindowStart = targetWindow.windowStart.toISOString()
+          accountData.sessionWindowEnd = targetWindow.windowEnd.toISOString()
+          accountData.lastUsedAt = result.lastRequest.toISOString()
+          accountData.lastRequestTime = result.lastRequest.toISOString()
+
+          await redis.setClaudeAccount(result.accountId, accountData)
+          updatedCount++
+
+          console.log('   ✅ 已更新会话窗口数据')
+        } else if (targetWindow) {
+          updatedCount++
+          console.log(
+            `   🧪 [模拟] 将设置会话窗口: ${targetWindow.windowStart.toLocaleString()} - ${targetWindow.windowEnd.toLocaleString()}`
+          )
+        } else {
+          skippedCount++
+          console.log('   ⏭️  跳过（无有效窗口）')
+        }
+
+        console.log('')
+      } catch (error) {
+        console.error(`❌ 处理账户 ${result.accountId} 时出错: ${error.message}`)
+        skippedCount++
+      }
+    }
+
+    if (!dryRun) {
+      await redis.disconnect()
+    }
+
+    console.log('📊 更新结果:')
+    console.log(`   ✅ 已更新: ${updatedCount}`)
+    console.log(`   ⏭️  已跳过: ${skippedCount}`)
+    console.log(`   📋 总计: ${results.length}`)
+  }
+
+  // 主分析函数
+  async analyze(options = {}) {
+    const { logDir = './logs', singleFile = null, updateRedis = false, dryRun = true } = options
+
+    try {
+      console.log('🔍 Claude账户会话窗口分析工具\n')
+
+      // 分析日志文件
+      if (singleFile) {
+        await this.analyzeSingleFile(singleFile)
+      } else {
+        await this.analyzeLogDirectory(logDir)
+      }
+
+      if (this.accounts.size === 0) {
+        console.log('❌ 没有找到任何Claude账户的请求记录')
+        return []
+      }
+
+      // 分析会话窗口
+      const results = this.analyzeSessionWindows()
+
+      // 显示结果
+      this.displayResults(results)
+
+      // 更新Redis（如果需要）
+      if (updateRedis) {
+        await this.updateRedisSessionWindows(results, dryRun)
+      }
+
+      return results
+    } catch (error) {
+      console.error('❌ 分析失败:', error)
+      throw error
+    }
+  }
+}
+
+// 命令行参数解析
+function parseArgs() {
+  const args = process.argv.slice(2)
+  const options = {
+    logDir: './logs',
+    singleFile: null,
+    updateRedis: false,
+    dryRun: true
+  }
+
+  for (const arg of args) {
+    if (arg.startsWith('--log-dir=')) {
+      options.logDir = arg.split('=')[1]
+    } else if (arg.startsWith('--file=')) {
+      options.singleFile = arg.split('=')[1]
+    } else if (arg === '--update-redis') {
+      options.updateRedis = true
+    } else if (arg === '--no-dry-run') {
+      options.dryRun = false
+    } else if (arg === '--help' || arg === '-h') {
+      showHelp()
+      process.exit(0)
+    }
+  }
+
+  return options
+}
+
+// 显示帮助信息
+function showHelp() {
+  console.log(`
+Claude账户会话窗口日志分析工具
+
+从日志文件中分析Claude账户的请求时间，计算会话窗口，并可选择性地更新Redis数据。
+
+用法:
+  node scripts/analyze-log-sessions.js [选项]
+
+选项:
+  --log-dir=PATH       日志文件目录 (默认: ./logs)
+  --file=PATH          分析单个日志文件
+  --update-redis       更新Redis中的会话窗口数据
+  --no-dry-run         实际执行Redis更新（默认为模拟模式）
+  --help, -h           显示此帮助信息
+
+示例:
+  # 分析默认日志目录
+  node scripts/analyze-log-sessions.js
+
+  # 分析指定目录的日志
+  node scripts/analyze-log-sessions.js --log-dir=/path/to/logs
+
+  # 分析单个日志文件
+  node scripts/analyze-log-sessions.js --file=/path/to/logfile.log
+
+  # 模拟更新Redis数据（不实际更新）
+  node scripts/analyze-log-sessions.js --file=/path/to/logfile.log --update-redis
+
+  # 实际更新Redis数据
+  node scripts/analyze-log-sessions.js --file=/path/to/logfile.log --update-redis --no-dry-run
+
+会话窗口规则:
+  - Claude官方规定每5小时为一个会话窗口
+  - 窗口按整点对齐（如 05:00-10:00, 10:00-15:00）
+  - 只有当前时间在窗口内的才被认为是活跃窗口
+  - 工具会自动识别并恢复活跃的会话窗口
+`)
+}
+
+// 主函数
+async function main() {
+  try {
+    const options = parseArgs()
+
+    const analyzer = new LogSessionAnalyzer()
+    await analyzer.analyze(options)
+
+    console.log('🎉 分析完成')
+  } catch (error) {
+    console.error('💥 程序执行失败:', error)
+    process.exit(1)
+  }
+}
+
+// 如果直接运行此脚本
+if (require.main === module) {
+  main()
+}
+
+module.exports = LogSessionAnalyzer

scripts/check-redis-keys.js

@@ -0,0 +1,53 @@
+/**
+ * 检查 Redis 中的所有键
+ */
+
+const redis = require('../src/models/redis')
+
+async function checkRedisKeys() {
+  console.log('🔍 检查 Redis 中的所有键...\n')
+
+  try {
+    // 确保 Redis 已连接
+    await redis.connect()
+
+    // 获取所有键
+    const allKeys = await redis.client.keys('*')
+    console.log(`找到 ${allKeys.length} 个键\n`)
+
+    // 按类型分组
+    const keysByType = {}
+
+    allKeys.forEach((key) => {
+      const prefix = key.split(':')[0]
+      if (!keysByType[prefix]) {
+        keysByType[prefix] = []
+      }
+      keysByType[prefix].push(key)
+    })
+
+    // 显示各类型的键
+    Object.keys(keysByType)
+      .sort()
+      .forEach((type) => {
+        console.log(`\n📁 ${type}: ${keysByType[type].length} 个`)
+
+        // 显示前 5 个键作为示例
+        const keysToShow = keysByType[type].slice(0, 5)
+        keysToShow.forEach((key) => {
+          console.log(`  - ${key}`)
+        })
+
+        if (keysByType[type].length > 5) {
+          console.log(`  ... 还有 ${keysByType[type].length - 5} 个`)
+        }
+      })
+  } catch (error) {
+    console.error('❌ 错误:', error)
+    console.error(error.stack)
+  } finally {
+    process.exit(0)
+  }
+}
+
+checkRedisKeys()

scripts/data-transfer-enhanced.js

@@ -0,0 +1,1132 @@
+#!/usr/bin/env node
+
+/**
+ * 增强版数据导出/导入工具
+ * 支持加密数据的处理
+ */
+
+const fs = require('fs').promises
+const crypto = require('crypto')
+const redis = require('../src/models/redis')
+const logger = require('../src/utils/logger')
+const readline = require('readline')
+const config = require('../config/config')
+
+// 解析命令行参数
+const args = process.argv.slice(2)
+const command = args[0]
+const params = {}
+
+args.slice(1).forEach((arg) => {
+  const [key, value] = arg.split('=')
+  params[key.replace('--', '')] = value || true
+})
+
+// 创建 readline 接口
+const rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout
+})
+
+async function askConfirmation(question) {
+  return new Promise((resolve) => {
+    rl.question(`${question} (yes/no): `, (answer) => {
+      resolve(answer.toLowerCase() === 'yes' || answer.toLowerCase() === 'y')
+    })
+  })
+}
+
+// Claude 账户解密函数
+function decryptClaudeData(encryptedData) {
+  if (!encryptedData || !config.security.encryptionKey) {
+    return encryptedData
+  }
+
+  try {
+    if (encryptedData.includes(':')) {
+      const parts = encryptedData.split(':')
+      const key = crypto.scryptSync(config.security.encryptionKey, 'salt', 32)
+      const iv = Buffer.from(parts[0], 'hex')
+      const encrypted = parts[1]
+
+      const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv)
+      let decrypted = decipher.update(encrypted, 'hex', 'utf8')
+      decrypted += decipher.final('utf8')
+      return decrypted
+    }
+    return encryptedData
+  } catch (error) {
+    logger.warn(`⚠️  Failed to decrypt data: ${error.message}`)
+    return encryptedData
+  }
+}
+
+// Gemini 账户解密函数
+function decryptGeminiData(encryptedData) {
+  if (!encryptedData || !config.security.encryptionKey) {
+    return encryptedData
+  }
+
+  try {
+    if (encryptedData.includes(':')) {
+      const parts = encryptedData.split(':')
+      const key = crypto.scryptSync(config.security.encryptionKey, 'gemini-account-salt', 32)
+      const iv = Buffer.from(parts[0], 'hex')
+      const encrypted = parts[1]
+
+      const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv)
+      let decrypted = decipher.update(encrypted, 'hex', 'utf8')
+      decrypted += decipher.final('utf8')
+      return decrypted
+    }
+    return encryptedData
+  } catch (error) {
+    logger.warn(`⚠️  Failed to decrypt data: ${error.message}`)
+    return encryptedData
+  }
+}
+
+// API Key 哈希函数（与apiKeyService保持一致）
+function hashApiKey(apiKey) {
+  if (!apiKey || !config.security.encryptionKey) {
+    return apiKey
+  }
+
+  return crypto
+    .createHash('sha256')
+    .update(apiKey + config.security.encryptionKey)
+    .digest('hex')
+}
+
+// 检查是否为明文API Key（通过格式判断，不依赖前缀）
+function isPlaintextApiKey(apiKey) {
+  if (!apiKey || typeof apiKey !== 'string') {
+    return false
+  }
+
+  // SHA256哈希值固定为64个十六进制字符，如果是哈希值则返回false
+  if (apiKey.length === 64 && /^[a-f0-9]+$/i.test(apiKey)) {
+    return false // 已经是哈希值
+  }
+
+  // 其他情况都认为是明文API Key（包括sk-ant-、cr_、自定义前缀等）
+  return true
+}
+
+// 数据加密函数（用于导入）
+function encryptClaudeData(data) {
+  if (!data || !config.security.encryptionKey) {
+    return data
+  }
+
+  const key = crypto.scryptSync(config.security.encryptionKey, 'salt', 32)
+  const iv = crypto.randomBytes(16)
+
+  const cipher = crypto.createCipheriv('aes-256-cbc', key, iv)
+  let encrypted = cipher.update(data, 'utf8', 'hex')
+  encrypted += cipher.final('hex')
+
+  return `${iv.toString('hex')}:${encrypted}`
+}
+
+function encryptGeminiData(data) {
+  if (!data || !config.security.encryptionKey) {
+    return data
+  }
+
+  const key = crypto.scryptSync(config.security.encryptionKey, 'gemini-account-salt', 32)
+  const iv = crypto.randomBytes(16)
+
+  const cipher = crypto.createCipheriv('aes-256-cbc', key, iv)
+  let encrypted = cipher.update(data, 'utf8', 'hex')
+  encrypted += cipher.final('hex')
+
+  return `${iv.toString('hex')}:${encrypted}`
+}
+
+// 导出使用统计数据
+async function exportUsageStats(keyId) {
+  try {
+    const stats = {
+      total: {},
+      daily: {},
+      monthly: {},
+      hourly: {},
+      models: {}
+    }
+
+    // 导出总统计
+    const totalKey = `usage:${keyId}`
+    const totalData = await redis.client.hgetall(totalKey)
+    if (totalData && Object.keys(totalData).length > 0) {
+      stats.total = totalData
+    }
+
+    // 导出每日统计（最近30天）
+    const today = new Date()
+    for (let i = 0; i < 30; i++) {
+      const date = new Date(today)
+      date.setDate(date.getDate() - i)
+      const dateStr = date.toISOString().split('T')[0]
+      const dailyKey = `usage:daily:${keyId}:${dateStr}`
+
+      const dailyData = await redis.client.hgetall(dailyKey)
+      if (dailyData && Object.keys(dailyData).length > 0) {
+        stats.daily[dateStr] = dailyData
+      }
+    }
+
+    // 导出每月统计（最近12个月）
+    for (let i = 0; i < 12; i++) {
+      const date = new Date(today)
+      date.setMonth(date.getMonth() - i)
+      const monthStr = `${date.getFullYear()}-${String(date.getMonth() + 1).padStart(2, '0')}`
+      const monthlyKey = `usage:monthly:${keyId}:${monthStr}`
+
+      const monthlyData = await redis.client.hgetall(monthlyKey)
+      if (monthlyData && Object.keys(monthlyData).length > 0) {
+        stats.monthly[monthStr] = monthlyData
+      }
+    }
+
+    // 导出小时统计（最近24小时）
+    for (let i = 0; i < 24; i++) {
+      const date = new Date(today)
+      date.setHours(date.getHours() - i)
+      const dateStr = date.toISOString().split('T')[0]
+      const hour = String(date.getHours()).padStart(2, '0')
+      const hourKey = `${dateStr}:${hour}`
+      const hourlyKey = `usage:hourly:${keyId}:${hourKey}`
+
+      const hourlyData = await redis.client.hgetall(hourlyKey)
+      if (hourlyData && Object.keys(hourlyData).length > 0) {
+        stats.hourly[hourKey] = hourlyData
+      }
+    }
+
+    // 导出模型统计
+    // 每日模型统计
+    const modelDailyPattern = `usage:${keyId}:model:daily:*`
+    const modelDailyKeys = await redis.client.keys(modelDailyPattern)
+    for (const key of modelDailyKeys) {
+      const match = key.match(/usage:.+:model:daily:(.+):(\d{4}-\d{2}-\d{2})$/)
+      if (match) {
+        const model = match[1]
+        const date = match[2]
+        const data = await redis.client.hgetall(key)
+        if (data && Object.keys(data).length > 0) {
+          if (!stats.models[model]) {
+            stats.models[model] = { daily: {}, monthly: {} }
+          }
+          stats.models[model].daily[date] = data
+        }
+      }
+    }
+
+    // 每月模型统计
+    const modelMonthlyPattern = `usage:${keyId}:model:monthly:*`
+    const modelMonthlyKeys = await redis.client.keys(modelMonthlyPattern)
+    for (const key of modelMonthlyKeys) {
+      const match = key.match(/usage:.+:model:monthly:(.+):(\d{4}-\d{2})$/)
+      if (match) {
+        const model = match[1]
+        const month = match[2]
+        const data = await redis.client.hgetall(key)
+        if (data && Object.keys(data).length > 0) {
+          if (!stats.models[model]) {
+            stats.models[model] = { daily: {}, monthly: {} }
+          }
+          stats.models[model].monthly[month] = data
+        }
+      }
+    }
+
+    return stats
+  } catch (error) {
+    logger.warn(`⚠️  Failed to export usage stats for ${keyId}: ${error.message}`)
+    return null
+  }
+}
+
+// 导入使用统计数据
+async function importUsageStats(keyId, stats) {
+  try {
+    if (!stats) {
+      return
+    }
+
+    const pipeline = redis.client.pipeline()
+    let importCount = 0
+
+    // 导入总统计
+    if (stats.total && Object.keys(stats.total).length > 0) {
+      for (const [field, value] of Object.entries(stats.total)) {
+        pipeline.hset(`usage:${keyId}`, field, value)
+      }
+      importCount++
+    }
+
+    // 导入每日统计
+    if (stats.daily) {
+      for (const [date, data] of Object.entries(stats.daily)) {
+        for (const [field, value] of Object.entries(data)) {
+          pipeline.hset(`usage:daily:${keyId}:${date}`, field, value)
+        }
+        importCount++
+      }
+    }
+
+    // 导入每月统计
+    if (stats.monthly) {
+      for (const [month, data] of Object.entries(stats.monthly)) {
+        for (const [field, value] of Object.entries(data)) {
+          pipeline.hset(`usage:monthly:${keyId}:${month}`, field, value)
+        }
+        importCount++
+      }
+    }
+
+    // 导入小时统计
+    if (stats.hourly) {
+      for (const [hour, data] of Object.entries(stats.hourly)) {
+        for (const [field, value] of Object.entries(data)) {
+          pipeline.hset(`usage:hourly:${keyId}:${hour}`, field, value)
+        }
+        importCount++
+      }
+    }
+
+    // 导入模型统计
+    if (stats.models) {
+      for (const [model, modelStats] of Object.entries(stats.models)) {
+        // 每日模型统计
+        if (modelStats.daily) {
+          for (const [date, data] of Object.entries(modelStats.daily)) {
+            for (const [field, value] of Object.entries(data)) {
+              pipeline.hset(`usage:${keyId}:model:daily:${model}:${date}`, field, value)
+            }
+            importCount++
+          }
+        }
+
+        // 每月模型统计
+        if (modelStats.monthly) {
+          for (const [month, data] of Object.entries(modelStats.monthly)) {
+            for (const [field, value] of Object.entries(data)) {
+              pipeline.hset(`usage:${keyId}:model:monthly:${model}:${month}`, field, value)
+            }
+            importCount++
+          }
+        }
+      }
+    }
+
+    await pipeline.exec()
+    logger.info(`  📊 Imported ${importCount} usage stat entries for API Key ${keyId}`)
+  } catch (error) {
+    logger.warn(`⚠️  Failed to import usage stats for ${keyId}: ${error.message}`)
+  }
+}
+
+// 数据脱敏函数
+function sanitizeData(data, type) {
+  const sanitized = { ...data }
+
+  switch (type) {
+    case 'apikey':
+      if (sanitized.apiKey) {
+        sanitized.apiKey = `${sanitized.apiKey.substring(0, 10)}...[REDACTED]`
+      }
+      break
+
+    case 'claude_account':
+      if (sanitized.email) {
+        sanitized.email = '[REDACTED]'
+      }
+      if (sanitized.password) {
+        sanitized.password = '[REDACTED]'
+      }
+      if (sanitized.accessToken) {
+        sanitized.accessToken = '[REDACTED]'
+      }
+      if (sanitized.refreshToken) {
+        sanitized.refreshToken = '[REDACTED]'
+      }
+      if (sanitized.claudeAiOauth) {
+        sanitized.claudeAiOauth = '[REDACTED]'
+      }
+      if (sanitized.proxyPassword) {
+        sanitized.proxyPassword = '[REDACTED]'
+      }
+      break
+
+    case 'gemini_account':
+      if (sanitized.geminiOauth) {
+        sanitized.geminiOauth = '[REDACTED]'
+      }
+      if (sanitized.accessToken) {
+        sanitized.accessToken = '[REDACTED]'
+      }
+      if (sanitized.refreshToken) {
+        sanitized.refreshToken = '[REDACTED]'
+      }
+      if (sanitized.proxyPassword) {
+        sanitized.proxyPassword = '[REDACTED]'
+      }
+      break
+
+    case 'admin':
+      if (sanitized.password) {
+        sanitized.password = '[REDACTED]'
+      }
+      break
+  }
+
+  return sanitized
+}
+
+// 导出数据
+async function exportData() {
+  try {
+    const outputFile = params.output || `backup-${new Date().toISOString().split('T')[0]}.json`
+    const types = params.types ? params.types.split(',') : ['all']
+    const shouldSanitize = params.sanitize === true
+    const shouldDecrypt = params.decrypt !== false // 默认解密
+
+    logger.info('🔄 Starting data export...')
+    logger.info(`📁 Output file: ${outputFile}`)
+    logger.info(`📋 Data types: ${types.join(', ')}`)
+    logger.info(`🔒 Sanitize sensitive data: ${shouldSanitize ? 'YES' : 'NO'}`)
+    logger.info(`🔓 Decrypt data: ${shouldDecrypt ? 'YES' : 'NO'}`)
+
+    await redis.connect()
+    logger.success('✅ Connected to Redis')
+
+    const exportDataObj = {
+      metadata: {
+        version: '2.0',
+        exportDate: new Date().toISOString(),
+        sanitized: shouldSanitize,
+        decrypted: shouldDecrypt,
+        types
+      },
+      data: {}
+    }
+
+    // 导出 API Keys
+    if (types.includes('all') || types.includes('apikeys')) {
+      logger.info('📤 Exporting API Keys...')
+      const keys = await redis.client.keys('apikey:*')
+      const apiKeys = []
+
+      for (const key of keys) {
+        if (key === 'apikey:hash_map') {
+          continue
+        }
+
+        const data = await redis.client.hgetall(key)
+        if (data && Object.keys(data).length > 0) {
+          // 获取该 API Key 的 ID
+          const keyId = data.id
+
+          // 导出使用统计数据
+          if (keyId && (types.includes('all') || types.includes('stats'))) {
+            data.usageStats = await exportUsageStats(keyId)
+          }
+
+          apiKeys.push(shouldSanitize ? sanitizeData(data, 'apikey') : data)
+        }
+      }
+
+      exportDataObj.data.apiKeys = apiKeys
+      logger.success(`✅ Exported ${apiKeys.length} API Keys`)
+    }
+
+    // 导出 Claude 账户
+    if (types.includes('all') || types.includes('accounts')) {
+      logger.info('📤 Exporting Claude accounts...')
+      const keys = await redis.client.keys('claude:account:*')
+      logger.info(`Found ${keys.length} Claude account keys in Redis`)
+      const accounts = []
+
+      for (const key of keys) {
+        const data = await redis.client.hgetall(key)
+
+        if (data && Object.keys(data).length > 0) {
+          // 解密敏感字段
+          if (shouldDecrypt && !shouldSanitize) {
+            if (data.email) {
+              data.email = decryptClaudeData(data.email)
+            }
+            if (data.password) {
+              data.password = decryptClaudeData(data.password)
+            }
+            if (data.accessToken) {
+              data.accessToken = decryptClaudeData(data.accessToken)
+            }
+            if (data.refreshToken) {
+              data.refreshToken = decryptClaudeData(data.refreshToken)
+            }
+            if (data.claudeAiOauth) {
+              const decrypted = decryptClaudeData(data.claudeAiOauth)
+              try {
+                data.claudeAiOauth = JSON.parse(decrypted)
+              } catch (e) {
+                data.claudeAiOauth = decrypted
+              }
+            }
+          }
+
+          accounts.push(shouldSanitize ? sanitizeData(data, 'claude_account') : data)
+        }
+      }
+
+      exportDataObj.data.claudeAccounts = accounts
+      logger.success(`✅ Exported ${accounts.length} Claude accounts`)
+
+      // 导出 Gemini 账户
+      logger.info('📤 Exporting Gemini accounts...')
+      const geminiKeys = await redis.client.keys('gemini_account:*')
+      logger.info(`Found ${geminiKeys.length} Gemini account keys in Redis`)
+      const geminiAccounts = []
+
+      for (const key of geminiKeys) {
+        const data = await redis.client.hgetall(key)
+
+        if (data && Object.keys(data).length > 0) {
+          // 解密敏感字段
+          if (shouldDecrypt && !shouldSanitize) {
+            if (data.geminiOauth) {
+              const decrypted = decryptGeminiData(data.geminiOauth)
+              try {
+                data.geminiOauth = JSON.parse(decrypted)
+              } catch (e) {
+                data.geminiOauth = decrypted
+              }
+            }
+            if (data.accessToken) {
+              data.accessToken = decryptGeminiData(data.accessToken)
+            }
+            if (data.refreshToken) {
+              data.refreshToken = decryptGeminiData(data.refreshToken)
+            }
+          }
+
+          geminiAccounts.push(shouldSanitize ? sanitizeData(data, 'gemini_account') : data)
+        }
+      }
+
+      exportDataObj.data.geminiAccounts = geminiAccounts
+      logger.success(`✅ Exported ${geminiAccounts.length} Gemini accounts`)
+    }
+
+    // 导出管理员
+    if (types.includes('all') || types.includes('admins')) {
+      logger.info('📤 Exporting admins...')
+      const keys = await redis.client.keys('admin:*')
+      const admins = []
+
+      for (const key of keys) {
+        if (key.includes('admin_username:')) {
+          continue
+        }
+
+        const data = await redis.client.hgetall(key)
+        if (data && Object.keys(data).length > 0) {
+          admins.push(shouldSanitize ? sanitizeData(data, 'admin') : data)
+        }
+      }
+
+      exportDataObj.data.admins = admins
+      logger.success(`✅ Exported ${admins.length} admins`)
+    }
+
+    // 导出全局模型统计（如果需要）
+    if (types.includes('all') || types.includes('stats')) {
+      logger.info('📤 Exporting global model statistics...')
+      const globalStats = {
+        daily: {},
+        monthly: {},
+        hourly: {}
+      }
+
+      // 导出全局每日模型统计
+      const globalDailyPattern = 'usage:model:daily:*'
+      const globalDailyKeys = await redis.client.keys(globalDailyPattern)
+      for (const key of globalDailyKeys) {
+        const match = key.match(/usage:model:daily:(.+):(\d{4}-\d{2}-\d{2})$/)
+        if (match) {
+          const model = match[1]
+          const date = match[2]
+          const data = await redis.client.hgetall(key)
+          if (data && Object.keys(data).length > 0) {
+            if (!globalStats.daily[date]) {
+              globalStats.daily[date] = {}
+            }
+            globalStats.daily[date][model] = data
+          }
+        }
+      }
+
+      // 导出全局每月模型统计
+      const globalMonthlyPattern = 'usage:model:monthly:*'
+      const globalMonthlyKeys = await redis.client.keys(globalMonthlyPattern)
+      for (const key of globalMonthlyKeys) {
+        const match = key.match(/usage:model:monthly:(.+):(\d{4}-\d{2})$/)
+        if (match) {
+          const model = match[1]
+          const month = match[2]
+          const data = await redis.client.hgetall(key)
+          if (data && Object.keys(data).length > 0) {
+            if (!globalStats.monthly[month]) {
+              globalStats.monthly[month] = {}
+            }
+            globalStats.monthly[month][model] = data
+          }
+        }
+      }
+
+      // 导出全局每小时模型统计
+      const globalHourlyPattern = 'usage:model:hourly:*'
+      const globalHourlyKeys = await redis.client.keys(globalHourlyPattern)
+      for (const key of globalHourlyKeys) {
+        const match = key.match(/usage:model:hourly:(.+):(\d{4}-\d{2}-\d{2}:\d{2})$/)
+        if (match) {
+          const model = match[1]
+          const hour = match[2]
+          const data = await redis.client.hgetall(key)
+          if (data && Object.keys(data).length > 0) {
+            if (!globalStats.hourly[hour]) {
+              globalStats.hourly[hour] = {}
+            }
+            globalStats.hourly[hour][model] = data
+          }
+        }
+      }
+
+      exportDataObj.data.globalModelStats = globalStats
+      logger.success('✅ Exported global model statistics')
+    }
+
+    // 写入文件
+    await fs.writeFile(outputFile, JSON.stringify(exportDataObj, null, 2))
+
+    // 显示导出摘要
+    console.log(`\n${'='.repeat(60)}`)
+    console.log('✅ Export Complete!')
+    console.log('='.repeat(60))
+    console.log(`Output file: ${outputFile}`)
+    console.log(`File size: ${(await fs.stat(outputFile)).size} bytes`)
+
+    if (exportDataObj.data.apiKeys) {
+      console.log(`API Keys: ${exportDataObj.data.apiKeys.length}`)
+    }
+    if (exportDataObj.data.claudeAccounts) {
+      console.log(`Claude Accounts: ${exportDataObj.data.claudeAccounts.length}`)
+    }
+    if (exportDataObj.data.geminiAccounts) {
+      console.log(`Gemini Accounts: ${exportDataObj.data.geminiAccounts.length}`)
+    }
+    if (exportDataObj.data.admins) {
+      console.log(`Admins: ${exportDataObj.data.admins.length}`)
+    }
+    console.log('='.repeat(60))
+
+    if (shouldSanitize) {
+      logger.warn('⚠️  Sensitive data has been sanitized in this export.')
+    }
+    if (shouldDecrypt) {
+      logger.info('🔓 Encrypted data has been decrypted for portability.')
+    }
+  } catch (error) {
+    logger.error('💥 Export failed:', error)
+    process.exit(1)
+  } finally {
+    await redis.disconnect()
+    rl.close()
+  }
+}
+
+// 显示帮助信息
+function showHelp() {
+  console.log(`
+Enhanced Data Transfer Tool for Claude Relay Service
+
+This tool handles encrypted data export/import between environments.
+
+Usage:
+  node scripts/data-transfer-enhanced.js <command> [options]
+
+Commands:
+  export    Export data from Redis to a JSON file
+  import    Import data from a JSON file to Redis
+
+Export Options:
+  --output=FILE        Output filename (default: backup-YYYY-MM-DD.json)
+  --types=TYPE,...     Data types: apikeys,accounts,admins,stats,all (default: all)
+                       stats: Include usage statistics with API keys
+  --sanitize           Remove sensitive data from export
+  --decrypt=false      Keep data encrypted (default: true - decrypt for portability)
+
+Import Options:
+  --input=FILE         Input filename (required)
+  --force              Overwrite existing data without asking
+  --skip-conflicts     Skip conflicting data without asking
+
+Important Notes:
+  - The tool automatically handles encryption/decryption during import
+  - If importing decrypted data, it will be re-encrypted automatically
+  - If importing encrypted data, it will be stored as-is
+  - Sanitized exports cannot be properly imported (missing sensitive data)
+  - Automatic handling of plaintext API Keys
+    * Uses your configured API_KEY_PREFIX from config (sk-, cr_, etc.)
+    * Automatically detects plaintext vs hashed API Keys by format
+    * Plaintext API Keys are automatically hashed during import
+    * Hash mappings are created correctly for plaintext keys
+    * Supports custom prefixes and legacy format detection
+    * No manual conversion needed - just import your backup file
+
+Examples:
+  # Export all data with decryption (for migration)
+  node scripts/data-transfer-enhanced.js export
+
+  # Export without decrypting (for backup)
+  node scripts/data-transfer-enhanced.js export --decrypt=false
+
+  # Import data (auto-handles encryption and plaintext API keys)
+  node scripts/data-transfer-enhanced.js import --input=backup.json
+
+  # Import with force overwrite
+  node scripts/data-transfer-enhanced.js import --input=backup.json --force
+`)
+}
+
+// 导入数据
+async function importData() {
+  try {
+    const inputFile = params.input
+    if (!inputFile) {
+      logger.error('❌ Please specify input file with --input=filename.json')
+      process.exit(1)
+    }
+
+    const forceOverwrite = params.force === true
+    const skipConflicts = params['skip-conflicts'] === true
+
+    logger.info('🔄 Starting data import...')
+    logger.info(`📁 Input file: ${inputFile}`)
+    logger.info(
+      `⚡ Mode: ${forceOverwrite ? 'FORCE OVERWRITE' : skipConflicts ? 'SKIP CONFLICTS' : 'ASK ON CONFLICT'}`
+    )
+
+    // 读取文件
+    const fileContent = await fs.readFile(inputFile, 'utf8')
+    const importDataObj = JSON.parse(fileContent)
+
+    // 验证文件格式
+    if (!importDataObj.metadata || !importDataObj.data) {
+      logger.error('❌ Invalid backup file format')
+      process.exit(1)
+    }
+
+    logger.info(`📅 Backup date: ${importDataObj.metadata.exportDate}`)
+    logger.info(`🔒 Sanitized: ${importDataObj.metadata.sanitized ? 'YES' : 'NO'}`)
+    logger.info(`🔓 Decrypted: ${importDataObj.metadata.decrypted ? 'YES' : 'NO'}`)
+
+    if (importDataObj.metadata.sanitized) {
+      logger.warn('⚠️  This backup contains sanitized data. Sensitive fields will be missing!')
+      const proceed = await askConfirmation('Continue with sanitized data?')
+      if (!proceed) {
+        logger.info('❌ Import cancelled')
+        return
+      }
+    }
+
+    // 显示导入摘要
+    console.log(`\n${'='.repeat(60)}`)
+    console.log('📋 Import Summary:')
+    console.log('='.repeat(60))
+    if (importDataObj.data.apiKeys) {
+      console.log(`API Keys to import: ${importDataObj.data.apiKeys.length}`)
+    }
+    if (importDataObj.data.claudeAccounts) {
+      console.log(`Claude Accounts to import: ${importDataObj.data.claudeAccounts.length}`)
+    }
+    if (importDataObj.data.geminiAccounts) {
+      console.log(`Gemini Accounts to import: ${importDataObj.data.geminiAccounts.length}`)
+    }
+    if (importDataObj.data.admins) {
+      console.log(`Admins to import: ${importDataObj.data.admins.length}`)
+    }
+    console.log(`${'='.repeat(60)}\n`)
+
+    // 确认导入
+    const confirmed = await askConfirmation('⚠️  Proceed with import?')
+    if (!confirmed) {
+      logger.info('❌ Import cancelled')
+      return
+    }
+
+    // 连接 Redis
+    await redis.connect()
+    logger.success('✅ Connected to Redis')
+
+    const stats = {
+      imported: 0,
+      skipped: 0,
+      errors: 0
+    }
+
+    // 导入 API Keys
+    if (importDataObj.data.apiKeys) {
+      logger.info('\n📥 Importing API Keys...')
+      for (const apiKey of importDataObj.data.apiKeys) {
+        try {
+          const exists = await redis.client.exists(`apikey:${apiKey.id}`)
+
+          if (exists && !forceOverwrite) {
+            if (skipConflicts) {
+              logger.warn(`⏭️  Skipped existing API Key: ${apiKey.name} (${apiKey.id})`)
+              stats.skipped++
+              continue
+            } else {
+              const overwrite = await askConfirmation(
+                `API Key "${apiKey.name}" (${apiKey.id}) exists. Overwrite?`
+              )
+              if (!overwrite) {
+                stats.skipped++
+                continue
+              }
+            }
+          }
+
+          // 保存使用统计数据以便单独导入
+          const { usageStats } = apiKey
+
+          // 从apiKey对象中删除usageStats字段，避免存储到主键中
+          const apiKeyData = { ...apiKey }
+          delete apiKeyData.usageStats
+
+          // 检查并处理API Key哈希
+          let plainTextApiKey = null
+          let hashedApiKey = null
+
+          if (apiKeyData.apiKey && isPlaintextApiKey(apiKeyData.apiKey)) {
+            // 如果是明文API Key，保存明文并计算哈希
+            plainTextApiKey = apiKeyData.apiKey
+            hashedApiKey = hashApiKey(plainTextApiKey)
+            logger.info(`🔐 Detected plaintext API Key for: ${apiKey.name} (${apiKey.id})`)
+          } else if (apiKeyData.apiKey) {
+            // 如果已经是哈希值，直接使用
+            hashedApiKey = apiKeyData.apiKey
+            logger.info(`🔍 Using existing hashed API Key for: ${apiKey.name} (${apiKey.id})`)
+          }
+
+          // API Key字段始终存储哈希值
+          if (hashedApiKey) {
+            apiKeyData.apiKey = hashedApiKey
+          }
+
+          // 使用 hset 存储到哈希表
+          const pipeline = redis.client.pipeline()
+          for (const [field, value] of Object.entries(apiKeyData)) {
+            pipeline.hset(`apikey:${apiKey.id}`, field, value)
+          }
+          await pipeline.exec()
+
+          // 更新哈希映射：hash_map的key必须是哈希值
+          if (!importDataObj.metadata.sanitized && hashedApiKey) {
+            await redis.client.hset('apikey:hash_map', hashedApiKey, apiKey.id)
+            logger.info(
+              `📝 Updated hash mapping: ${hashedApiKey.substring(0, 8)}... -> ${apiKey.id}`
+            )
+          }
+
+          // 导入使用统计数据
+          if (usageStats) {
+            await importUsageStats(apiKey.id, usageStats)
+          }
+
+          logger.success(`✅ Imported API Key: ${apiKey.name} (${apiKey.id})`)
+          stats.imported++
+        } catch (error) {
+          logger.error(`❌ Failed to import API Key ${apiKey.id}:`, error.message)
+          stats.errors++
+        }
+      }
+    }
+
+    // 导入 Claude 账户
+    if (importDataObj.data.claudeAccounts) {
+      logger.info('\n📥 Importing Claude accounts...')
+      for (const account of importDataObj.data.claudeAccounts) {
+        try {
+          const exists = await redis.client.exists(`claude:account:${account.id}`)
+
+          if (exists && !forceOverwrite) {
+            if (skipConflicts) {
+              logger.warn(`⏭️  Skipped existing Claude account: ${account.name} (${account.id})`)
+              stats.skipped++
+              continue
+            } else {
+              const overwrite = await askConfirmation(
+                `Claude account "${account.name}" (${account.id}) exists. Overwrite?`
+              )
+              if (!overwrite) {
+                stats.skipped++
+                continue
+              }
+            }
+          }
+
+          // 复制账户数据以避免修改原始数据
+          const accountData = { ...account }
+
+          // 如果数据已解密且不是脱敏数据，需要重新加密
+          if (importDataObj.metadata.decrypted && !importDataObj.metadata.sanitized) {
+            logger.info(`🔐 Re-encrypting sensitive data for Claude account: ${account.name}`)
+
+            if (accountData.email) {
+              accountData.email = encryptClaudeData(accountData.email)
+            }
+            if (accountData.password) {
+              accountData.password = encryptClaudeData(accountData.password)
+            }
+            if (accountData.accessToken) {
+              accountData.accessToken = encryptClaudeData(accountData.accessToken)
+            }
+            if (accountData.refreshToken) {
+              accountData.refreshToken = encryptClaudeData(accountData.refreshToken)
+            }
+            if (accountData.claudeAiOauth) {
+              // 如果是对象，先序列化再加密
+              const oauthStr =
+                typeof accountData.claudeAiOauth === 'object'
+                  ? JSON.stringify(accountData.claudeAiOauth)
+                  : accountData.claudeAiOauth
+              accountData.claudeAiOauth = encryptClaudeData(oauthStr)
+            }
+          }
+
+          // 使用 hset 存储到哈希表
+          const pipeline = redis.client.pipeline()
+          for (const [field, value] of Object.entries(accountData)) {
+            if (field === 'claudeAiOauth' && typeof value === 'object') {
+              // 确保对象被序列化
+              pipeline.hset(`claude:account:${account.id}`, field, JSON.stringify(value))
+            } else {
+              pipeline.hset(`claude:account:${account.id}`, field, value)
+            }
+          }
+          await pipeline.exec()
+
+          logger.success(`✅ Imported Claude account: ${account.name} (${account.id})`)
+          stats.imported++
+        } catch (error) {
+          logger.error(`❌ Failed to import Claude account ${account.id}:`, error.message)
+          stats.errors++
+        }
+      }
+    }
+
+    // 导入 Gemini 账户
+    if (importDataObj.data.geminiAccounts) {
+      logger.info('\n📥 Importing Gemini accounts...')
+      for (const account of importDataObj.data.geminiAccounts) {
+        try {
+          const exists = await redis.client.exists(`gemini_account:${account.id}`)
+
+          if (exists && !forceOverwrite) {
+            if (skipConflicts) {
+              logger.warn(`⏭️  Skipped existing Gemini account: ${account.name} (${account.id})`)
+              stats.skipped++
+              continue
+            } else {
+              const overwrite = await askConfirmation(
+                `Gemini account "${account.name}" (${account.id}) exists. Overwrite?`
+              )
+              if (!overwrite) {
+                stats.skipped++
+                continue
+              }
+            }
+          }
+
+          // 复制账户数据以避免修改原始数据
+          const accountData = { ...account }
+
+          // 如果数据已解密且不是脱敏数据，需要重新加密
+          if (importDataObj.metadata.decrypted && !importDataObj.metadata.sanitized) {
+            logger.info(`🔐 Re-encrypting sensitive data for Gemini account: ${account.name}`)
+
+            if (accountData.geminiOauth) {
+              const oauthStr =
+                typeof accountData.geminiOauth === 'object'
+                  ? JSON.stringify(accountData.geminiOauth)
+                  : accountData.geminiOauth
+              accountData.geminiOauth = encryptGeminiData(oauthStr)
+            }
+            if (accountData.accessToken) {
+              accountData.accessToken = encryptGeminiData(accountData.accessToken)
+            }
+            if (accountData.refreshToken) {
+              accountData.refreshToken = encryptGeminiData(accountData.refreshToken)
+            }
+          }
+
+          // 使用 hset 存储到哈希表
+          const pipeline = redis.client.pipeline()
+          for (const [field, value] of Object.entries(accountData)) {
+            pipeline.hset(`gemini_account:${account.id}`, field, value)
+          }
+          await pipeline.exec()
+
+          logger.success(`✅ Imported Gemini account: ${account.name} (${account.id})`)
+          stats.imported++
+        } catch (error) {
+          logger.error(`❌ Failed to import Gemini account ${account.id}:`, error.message)
+          stats.errors++
+        }
+      }
+    }
+
+    // 导入管理员账户
+    if (importDataObj.data.admins) {
+      logger.info('\n📥 Importing admins...')
+      for (const admin of importDataObj.data.admins) {
+        try {
+          const exists = await redis.client.exists(`admin:${admin.id}`)
+
+          if (exists && !forceOverwrite) {
+            if (skipConflicts) {
+              logger.warn(`⏭️  Skipped existing admin: ${admin.username} (${admin.id})`)
+              stats.skipped++
+              continue
+            } else {
+              const overwrite = await askConfirmation(
+                `Admin "${admin.username}" (${admin.id}) exists. Overwrite?`
+              )
+              if (!overwrite) {
+                stats.skipped++
+                continue
+              }
+            }
+          }
+
+          // 使用 hset 存储到哈希表
+          const pipeline = redis.client.pipeline()
+          for (const [field, value] of Object.entries(admin)) {
+            pipeline.hset(`admin:${admin.id}`, field, value)
+          }
+          await pipeline.exec()
+
+          // 更新用户名映射
+          await redis.client.set(`admin_username:${admin.username}`, admin.id)
+
+          logger.success(`✅ Imported admin: ${admin.username} (${admin.id})`)
+          stats.imported++
+        } catch (error) {
+          logger.error(`❌ Failed to import admin ${admin.id}:`, error.message)
+          stats.errors++
+        }
+      }
+    }
+
+    // 导入全局模型统计
+    if (importDataObj.data.globalModelStats) {
+      logger.info('\n📥 Importing global model statistics...')
+      try {
+        const globalStats = importDataObj.data.globalModelStats
+        const pipeline = redis.client.pipeline()
+        let globalStatCount = 0
+
+        // 导入每日统计
+        if (globalStats.daily) {
+          for (const [date, models] of Object.entries(globalStats.daily)) {
+            for (const [model, data] of Object.entries(models)) {
+              for (const [field, value] of Object.entries(data)) {
+                pipeline.hset(`usage:model:daily:${model}:${date}`, field, value)
+              }
+              globalStatCount++
+            }
+          }
+        }
+
+        // 导入每月统计
+        if (globalStats.monthly) {
+          for (const [month, models] of Object.entries(globalStats.monthly)) {
+            for (const [model, data] of Object.entries(models)) {
+              for (const [field, value] of Object.entries(data)) {
+                pipeline.hset(`usage:model:monthly:${model}:${month}`, field, value)
+              }
+              globalStatCount++
+            }
+          }
+        }
+
+        // 导入每小时统计
+        if (globalStats.hourly) {
+          for (const [hour, models] of Object.entries(globalStats.hourly)) {
+            for (const [model, data] of Object.entries(models)) {
+              for (const [field, value] of Object.entries(data)) {
+                pipeline.hset(`usage:model:hourly:${model}:${hour}`, field, value)
+              }
+              globalStatCount++
+            }
+          }
+        }
+
+        await pipeline.exec()
+        logger.success(`✅ Imported ${globalStatCount} global model stat entries`)
+        stats.imported += globalStatCount
+      } catch (error) {
+        logger.error('❌ Failed to import global model stats:', error.message)
+        stats.errors++
+      }
+    }
+
+    // 显示导入结果
+    console.log(`\n${'='.repeat(60)}`)
+    console.log('✅ Import Complete!')
+    console.log('='.repeat(60))
+    console.log(`Successfully imported: ${stats.imported}`)
+    console.log(`Skipped: ${stats.skipped}`)
+    console.log(`Errors: ${stats.errors}`)
+    console.log('='.repeat(60))
+  } catch (error) {
+    logger.error('💥 Import failed:', error)
+    process.exit(1)
+  } finally {
+    await redis.disconnect()
+    rl.close()
+  }
+}
+
+// 主函数
+async function main() {
+  if (!command || command === '--help' || command === 'help') {
+    showHelp()
+    process.exit(0)
+  }
+
+  switch (command) {
+    case 'export':
+      await exportData()
+      break
+
+    case 'import':
+      await importData()
+      break
+
+    default:
+      logger.error(`❌ Unknown command: ${command}`)
+      showHelp()
+      process.exit(1)
+  }
+}
+
+// 运行
+main().catch((error) => {
+  logger.error('💥 Unexpected error:', error)
+  process.exit(1)
+})

scripts/data-transfer.js

@@ -0,0 +1,738 @@
+#!/usr/bin/env node
+
+/**
+ * 数据导出/导入工具
+ *
+ * 使用方法：
+ * 导出: node scripts/data-transfer.js export --output=backup.json [options]
+ * 导入: node scripts/data-transfer.js import --input=backup.json [options]
+ *
+ * 选项：
+ * --types: 要导出/导入的数据类型（apikeys,accounts,admins,all）
+ * --sanitize: 导出时脱敏敏感数据
+ * --force: 导入时强制覆盖已存在的数据
+ * --skip-conflicts: 导入时跳过冲突的数据
+ */
+
+const fs = require('fs').promises
+const redis = require('../src/models/redis')
+const logger = require('../src/utils/logger')
+const readline = require('readline')
+
+// 解析命令行参数
+const args = process.argv.slice(2)
+const command = args[0]
+const params = {}
+
+args.slice(1).forEach((arg) => {
+  const [key, value] = arg.split('=')
+  params[key.replace('--', '')] = value || true
+})
+
+// 创建 readline 接口
+const rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout
+})
+
+async function askConfirmation(question) {
+  return new Promise((resolve) => {
+    rl.question(`${question} (yes/no): `, (answer) => {
+      resolve(answer.toLowerCase() === 'yes' || answer.toLowerCase() === 'y')
+    })
+  })
+}
+
+// 数据脱敏函数
+function sanitizeData(data, type) {
+  const sanitized = { ...data }
+
+  switch (type) {
+    case 'apikey':
+      // 隐藏 API Key 的大部分内容
+      if (sanitized.apiKey) {
+        sanitized.apiKey = `${sanitized.apiKey.substring(0, 10)}...[REDACTED]`
+      }
+      break
+
+    case 'claude_account':
+    case 'gemini_account':
+      // 隐藏 OAuth tokens
+      if (sanitized.accessToken) {
+        sanitized.accessToken = '[REDACTED]'
+      }
+      if (sanitized.refreshToken) {
+        sanitized.refreshToken = '[REDACTED]'
+      }
+      if (sanitized.claudeAiOauth) {
+        sanitized.claudeAiOauth = '[REDACTED]'
+      }
+      // 隐藏代理密码
+      if (sanitized.proxyPassword) {
+        sanitized.proxyPassword = '[REDACTED]'
+      }
+      break
+
+    case 'admin':
+      // 隐藏管理员密码
+      if (sanitized.password) {
+        sanitized.password = '[REDACTED]'
+      }
+      break
+  }
+
+  return sanitized
+}
+
+// CSV 字段映射配置
+const CSV_FIELD_MAPPING = {
+  // 基本信息
+  id: 'ID',
+  name: '名称',
+  description: '描述',
+  isActive: '状态',
+  createdAt: '创建时间',
+  lastUsedAt: '最后使用时间',
+  createdBy: '创建者',
+
+  // API Key 信息
+  apiKey: 'API密钥',
+  tokenLimit: '令牌限制',
+
+  // 过期设置
+  expirationMode: '过期模式',
+  expiresAt: '过期时间',
+  activationDays: '激活天数',
+  activationUnit: '激活单位',
+  isActivated: '已激活',
+  activatedAt: '激活时间',
+
+  // 权限设置
+  permissions: '服务权限',
+
+  // 限制设置
+  rateLimitWindow: '速率窗口(分钟)',
+  rateLimitRequests: '请求次数限制',
+  rateLimitCost: '费用限制(美元)',
+  concurrencyLimit: '并发限制',
+  dailyCostLimit: '日费用限制(美元)',
+  totalCostLimit: '总费用限制(美元)',
+  weeklyOpusCostLimit: '周Opus费用限制(美元)',
+
+  // 账户绑定
+  claudeAccountId: 'Claude专属账户',
+  claudeConsoleAccountId: 'Claude控制台账户',
+  geminiAccountId: 'Gemini专属账户',
+  openaiAccountId: 'OpenAI专属账户',
+  azureOpenaiAccountId: 'Azure OpenAI专属账户',
+  bedrockAccountId: 'Bedrock专属账户',
+
+  // 限制配置
+  enableModelRestriction: '启用模型限制',
+  restrictedModels: '限制的模型',
+  enableClientRestriction: '启用客户端限制',
+  allowedClients: '允许的客户端',
+
+  // 标签和用户
+  tags: '标签',
+  userId: '用户ID',
+  userUsername: '用户名',
+
+  // 其他信息
+  icon: '图标'
+}
+
+// 数据格式化函数
+function formatCSVValue(key, value, shouldSanitize = false) {
+  if (!value || value === '' || value === 'null' || value === 'undefined') {
+    return ''
+  }
+
+  switch (key) {
+    case 'apiKey':
+      if (shouldSanitize && value.length > 10) {
+        return `${value.substring(0, 10)}...[已脱敏]`
+      }
+      return value
+
+    case 'isActive':
+    case 'isActivated':
+    case 'enableModelRestriction':
+    case 'enableClientRestriction':
+      return value === 'true' ? '是' : '否'
+
+    case 'expirationMode':
+      return value === 'activation' ? '首次使用后激活' : value === 'fixed' ? '固定时间' : value
+
+    case 'activationUnit':
+      return value === 'hours' ? '小时' : value === 'days' ? '天' : value
+
+    case 'permissions':
+      switch (value) {
+        case 'all':
+          return '全部服务'
+        case 'claude':
+          return '仅Claude'
+        case 'gemini':
+          return '仅Gemini'
+        case 'openai':
+          return '仅OpenAI'
+        default:
+          return value
+      }
+
+    case 'restrictedModels':
+    case 'allowedClients':
+    case 'tags':
+      try {
+        const parsed = JSON.parse(value)
+        return Array.isArray(parsed) ? parsed.join('; ') : value
+      } catch {
+        return value
+      }
+
+    case 'createdAt':
+    case 'lastUsedAt':
+    case 'activatedAt':
+    case 'expiresAt':
+      if (value) {
+        try {
+          return new Date(value).toLocaleString('zh-CN', {
+            year: 'numeric',
+            month: '2-digit',
+            day: '2-digit',
+            hour: '2-digit',
+            minute: '2-digit',
+            second: '2-digit'
+          })
+        } catch {
+          return value
+        }
+      }
+      return ''
+
+    case 'rateLimitWindow':
+    case 'rateLimitRequests':
+    case 'concurrencyLimit':
+    case 'activationDays':
+    case 'tokenLimit':
+      return value === '0' || value === 0 ? '无限制' : value
+
+    case 'rateLimitCost':
+    case 'dailyCostLimit':
+    case 'totalCostLimit':
+    case 'weeklyOpusCostLimit':
+      return value === '0' || value === 0 ? '无限制' : `$${value}`
+
+    default:
+      return value
+  }
+}
+
+// 转义 CSV 字段
+function escapeCSVField(field) {
+  if (field === null || field === undefined) {
+    return ''
+  }
+
+  const str = String(field)
+
+  // 如果包含逗号、引号或换行符，需要用引号包围
+  if (str.includes(',') || str.includes('"') || str.includes('\n') || str.includes('\r')) {
+    // 先转义引号（双引号变成两个双引号）
+    const escaped = str.replace(/"/g, '""')
+    return `"${escaped}"`
+  }
+
+  return str
+}
+
+// 转换数据为 CSV 格式
+function convertToCSV(exportDataObj, shouldSanitize = false) {
+  if (!exportDataObj.data.apiKeys || exportDataObj.data.apiKeys.length === 0) {
+    throw new Error('CSV format only supports API Keys export. Please use --types=apikeys')
+  }
+
+  const { apiKeys } = exportDataObj.data
+  const fields = Object.keys(CSV_FIELD_MAPPING)
+  const headers = Object.values(CSV_FIELD_MAPPING)
+
+  // 生成标题行
+  const csvLines = [headers.map(escapeCSVField).join(',')]
+
+  // 生成数据行
+  for (const apiKey of apiKeys) {
+    const row = fields.map((field) => {
+      const value = formatCSVValue(field, apiKey[field], shouldSanitize)
+      return escapeCSVField(value)
+    })
+    csvLines.push(row.join(','))
+  }
+
+  return csvLines.join('\n')
+}
+
+// 导出数据
+async function exportData() {
+  try {
+    const format = params.format || 'json'
+    const fileExtension = format === 'csv' ? '.csv' : '.json'
+    const defaultFileName = `backup-${new Date().toISOString().split('T')[0]}${fileExtension}`
+    const outputFile = params.output || defaultFileName
+    const types = params.types ? params.types.split(',') : ['all']
+    const shouldSanitize = params.sanitize === true
+
+    // CSV 格式验证
+    if (format === 'csv' && !types.includes('apikeys') && !types.includes('all')) {
+      logger.error('❌ CSV format only supports API Keys export. Please use --types=apikeys')
+      process.exit(1)
+    }
+
+    logger.info('🔄 Starting data export...')
+    logger.info(`📁 Output file: ${outputFile}`)
+    logger.info(`📋 Data types: ${types.join(', ')}`)
+    logger.info(`📄 Output format: ${format.toUpperCase()}`)
+    logger.info(`🔒 Sanitize sensitive data: ${shouldSanitize ? 'YES' : 'NO'}`)
+
+    // 连接 Redis
+    await redis.connect()
+    logger.success('✅ Connected to Redis')
+
+    const exportDataObj = {
+      metadata: {
+        version: '1.0',
+        exportDate: new Date().toISOString(),
+        sanitized: shouldSanitize,
+        types
+      },
+      data: {}
+    }
+
+    // 导出 API Keys
+    if (types.includes('all') || types.includes('apikeys')) {
+      logger.info('📤 Exporting API Keys...')
+      const keys = await redis.client.keys('apikey:*')
+      const apiKeys = []
+
+      for (const key of keys) {
+        if (key === 'apikey:hash_map') {
+          continue
+        }
+
+        // 使用 hgetall 而不是 get，因为数据存储在哈希表中
+        const data = await redis.client.hgetall(key)
+
+        if (data && Object.keys(data).length > 0) {
+          apiKeys.push(shouldSanitize ? sanitizeData(data, 'apikey') : data)
+        }
+      }
+
+      exportDataObj.data.apiKeys = apiKeys
+      logger.success(`✅ Exported ${apiKeys.length} API Keys`)
+    }
+
+    // 导出 Claude 账户
+    if (types.includes('all') || types.includes('accounts')) {
+      logger.info('📤 Exporting Claude accounts...')
+      // 注意：Claude 账户使用 claude:account: 前缀，不是 claude_account:
+      const keys = await redis.client.keys('claude:account:*')
+      logger.info(`Found ${keys.length} Claude account keys in Redis`)
+      const accounts = []
+
+      for (const key of keys) {
+        // 使用 hgetall 而不是 get，因为数据存储在哈希表中
+        const data = await redis.client.hgetall(key)
+
+        if (data && Object.keys(data).length > 0) {
+          // 解析 JSON 字段（如果存在）
+          if (data.claudeAiOauth) {
+            try {
+              data.claudeAiOauth = JSON.parse(data.claudeAiOauth)
+            } catch (e) {
+              // 保���原样
+            }
+          }
+          accounts.push(shouldSanitize ? sanitizeData(data, 'claude_account') : data)
+        }
+      }
+
+      exportDataObj.data.claudeAccounts = accounts
+      logger.success(`✅ Exported ${accounts.length} Claude accounts`)
+
+      // 导出 Gemini 账户
+      logger.info('📤 Exporting Gemini accounts...')
+      const geminiKeys = await redis.client.keys('gemini_account:*')
+      logger.info(`Found ${geminiKeys.length} Gemini account keys in Redis`)
+      const geminiAccounts = []
+
+      for (const key of geminiKeys) {
+        // 使用 hgetall 而不是 get，因为数据存储在哈希表中
+        const data = await redis.client.hgetall(key)
+
+        if (data && Object.keys(data).length > 0) {
+          geminiAccounts.push(shouldSanitize ? sanitizeData(data, 'gemini_account') : data)
+        }
+      }
+
+      exportDataObj.data.geminiAccounts = geminiAccounts
+      logger.success(`✅ Exported ${geminiAccounts.length} Gemini accounts`)
+    }
+
+    // 导出管理员
+    if (types.includes('all') || types.includes('admins')) {
+      logger.info('📤 Exporting admins...')
+      const keys = await redis.client.keys('admin:*')
+      const admins = []
+
+      for (const key of keys) {
+        if (key.includes('admin_username:')) {
+          continue
+        }
+
+        // 使用 hgetall 而不是 get，因为数据存储在哈希表中
+        const data = await redis.client.hgetall(key)
+
+        if (data && Object.keys(data).length > 0) {
+          admins.push(shouldSanitize ? sanitizeData(data, 'admin') : data)
+        }
+      }
+
+      exportDataObj.data.admins = admins
+      logger.success(`✅ Exported ${admins.length} admins`)
+    }
+
+    // 根据格式写入文件
+    let fileContent
+    if (format === 'csv') {
+      fileContent = convertToCSV(exportDataObj, shouldSanitize)
+      // 添加 UTF-8 BOM 以便 Excel 正确识别中文
+      fileContent = `\ufeff${fileContent}`
+      await fs.writeFile(outputFile, fileContent, 'utf8')
+    } else {
+      await fs.writeFile(outputFile, JSON.stringify(exportDataObj, null, 2))
+    }
+
+    // 显示导出摘要
+    console.log(`\n${'='.repeat(60)}`)
+    console.log('✅ Export Complete!')
+    console.log('='.repeat(60))
+    console.log(`Output file: ${outputFile}`)
+    console.log(`File size: ${(await fs.stat(outputFile)).size} bytes`)
+
+    if (exportDataObj.data.apiKeys) {
+      console.log(`API Keys: ${exportDataObj.data.apiKeys.length}`)
+    }
+    if (exportDataObj.data.claudeAccounts) {
+      console.log(`Claude Accounts: ${exportDataObj.data.claudeAccounts.length}`)
+    }
+    if (exportDataObj.data.geminiAccounts) {
+      console.log(`Gemini Accounts: ${exportDataObj.data.geminiAccounts.length}`)
+    }
+    if (exportDataObj.data.admins) {
+      console.log(`Admins: ${exportDataObj.data.admins.length}`)
+    }
+    console.log('='.repeat(60))
+
+    if (shouldSanitize) {
+      logger.warn('⚠️  Sensitive data has been sanitized in this export.')
+    }
+  } catch (error) {
+    logger.error('💥 Export failed:', error)
+    process.exit(1)
+  } finally {
+    await redis.disconnect()
+    rl.close()
+  }
+}
+
+// 导入数据
+async function importData() {
+  try {
+    const inputFile = params.input
+    if (!inputFile) {
+      logger.error('❌ Please specify input file with --input=filename.json')
+      process.exit(1)
+    }
+
+    const forceOverwrite = params.force === true
+    const skipConflicts = params['skip-conflicts'] === true
+
+    logger.info('🔄 Starting data import...')
+    logger.info(`📁 Input file: ${inputFile}`)
+    logger.info(
+      `⚡ Mode: ${forceOverwrite ? 'FORCE OVERWRITE' : skipConflicts ? 'SKIP CONFLICTS' : 'ASK ON CONFLICT'}`
+    )
+
+    // 读取文件
+    const fileContent = await fs.readFile(inputFile, 'utf8')
+    const importDataObj = JSON.parse(fileContent)
+
+    // 验证文件格式
+    if (!importDataObj.metadata || !importDataObj.data) {
+      logger.error('❌ Invalid backup file format')
+      process.exit(1)
+    }
+
+    logger.info(`📅 Backup date: ${importDataObj.metadata.exportDate}`)
+    logger.info(`🔒 Sanitized: ${importDataObj.metadata.sanitized ? 'YES' : 'NO'}`)
+
+    if (importDataObj.metadata.sanitized) {
+      logger.warn('⚠️  This backup contains sanitized data. Sensitive fields will be missing!')
+      const proceed = await askConfirmation('Continue with sanitized data?')
+      if (!proceed) {
+        logger.info('❌ Import cancelled')
+        return
+      }
+    }
+
+    // 显示导入摘要
+    console.log(`\n${'='.repeat(60)}`)
+    console.log('📋 Import Summary:')
+    console.log('='.repeat(60))
+    if (importDataObj.data.apiKeys) {
+      console.log(`API Keys to import: ${importDataObj.data.apiKeys.length}`)
+    }
+    if (importDataObj.data.claudeAccounts) {
+      console.log(`Claude Accounts to import: ${importDataObj.data.claudeAccounts.length}`)
+    }
+    if (importDataObj.data.geminiAccounts) {
+      console.log(`Gemini Accounts to import: ${importDataObj.data.geminiAccounts.length}`)
+    }
+    if (importDataObj.data.admins) {
+      console.log(`Admins to import: ${importDataObj.data.admins.length}`)
+    }
+    console.log(`${'='.repeat(60)}\n`)
+
+    // 确认导入
+    const confirmed = await askConfirmation('⚠️  Proceed with import?')
+    if (!confirmed) {
+      logger.info('❌ Import cancelled')
+      return
+    }
+
+    // 连接 Redis
+    await redis.connect()
+    logger.success('✅ Connected to Redis')
+
+    const stats = {
+      imported: 0,
+      skipped: 0,
+      errors: 0
+    }
+
+    // 导入 API Keys
+    if (importDataObj.data.apiKeys) {
+      logger.info('\n📥 Importing API Keys...')
+      for (const apiKey of importDataObj.data.apiKeys) {
+        try {
+          const exists = await redis.client.exists(`apikey:${apiKey.id}`)
+
+          if (exists && !forceOverwrite) {
+            if (skipConflicts) {
+              logger.warn(`⏭️  Skipped existing API Key: ${apiKey.name} (${apiKey.id})`)
+              stats.skipped++
+              continue
+            } else {
+              const overwrite = await askConfirmation(
+                `API Key "${apiKey.name}" (${apiKey.id}) exists. Overwrite?`
+              )
+              if (!overwrite) {
+                stats.skipped++
+                continue
+              }
+            }
+          }
+
+          // 使用 hset 存储到哈希表
+          const pipeline = redis.client.pipeline()
+          for (const [field, value] of Object.entries(apiKey)) {
+            pipeline.hset(`apikey:${apiKey.id}`, field, value)
+          }
+          await pipeline.exec()
+
+          // 更新哈希映射
+          if (apiKey.apiKey && !importDataObj.metadata.sanitized) {
+            await redis.client.hset('apikey:hash_map', apiKey.apiKey, apiKey.id)
+          }
+
+          logger.success(`✅ Imported API Key: ${apiKey.name} (${apiKey.id})`)
+          stats.imported++
+        } catch (error) {
+          logger.error(`❌ Failed to import API Key ${apiKey.id}:`, error.message)
+          stats.errors++
+        }
+      }
+    }
+
+    // 导入 Claude 账户
+    if (importDataObj.data.claudeAccounts) {
+      logger.info('\n📥 Importing Claude accounts...')
+      for (const account of importDataObj.data.claudeAccounts) {
+        try {
+          const exists = await redis.client.exists(`claude_account:${account.id}`)
+
+          if (exists && !forceOverwrite) {
+            if (skipConflicts) {
+              logger.warn(`⏭️  Skipped existing Claude account: ${account.name} (${account.id})`)
+              stats.skipped++
+              continue
+            } else {
+              const overwrite = await askConfirmation(
+                `Claude account "${account.name}" (${account.id}) exists. Overwrite?`
+              )
+              if (!overwrite) {
+                stats.skipped++
+                continue
+              }
+            }
+          }
+
+          // 使用 hset 存储到哈希表
+          const pipeline = redis.client.pipeline()
+          for (const [field, value] of Object.entries(account)) {
+            // 如果是对象，需要序列化
+            if (field === 'claudeAiOauth' && typeof value === 'object') {
+              pipeline.hset(`claude_account:${account.id}`, field, JSON.stringify(value))
+            } else {
+              pipeline.hset(`claude_account:${account.id}`, field, value)
+            }
+          }
+          await pipeline.exec()
+          logger.success(`✅ Imported Claude account: ${account.name} (${account.id})`)
+          stats.imported++
+        } catch (error) {
+          logger.error(`❌ Failed to import Claude account ${account.id}:`, error.message)
+          stats.errors++
+        }
+      }
+    }
+
+    // 导入 Gemini 账户
+    if (importDataObj.data.geminiAccounts) {
+      logger.info('\n📥 Importing Gemini accounts...')
+      for (const account of importDataObj.data.geminiAccounts) {
+        try {
+          const exists = await redis.client.exists(`gemini_account:${account.id}`)
+
+          if (exists && !forceOverwrite) {
+            if (skipConflicts) {
+              logger.warn(`⏭️  Skipped existing Gemini account: ${account.name} (${account.id})`)
+              stats.skipped++
+              continue
+            } else {
+              const overwrite = await askConfirmation(
+                `Gemini account "${account.name}" (${account.id}) exists. Overwrite?`
+              )
+              if (!overwrite) {
+                stats.skipped++
+                continue
+              }
+            }
+          }
+
+          // 使用 hset 存储到哈希表
+          const pipeline = redis.client.pipeline()
+          for (const [field, value] of Object.entries(account)) {
+            pipeline.hset(`gemini_account:${account.id}`, field, value)
+          }
+          await pipeline.exec()
+          logger.success(`✅ Imported Gemini account: ${account.name} (${account.id})`)
+          stats.imported++
+        } catch (error) {
+          logger.error(`❌ Failed to import Gemini account ${account.id}:`, error.message)
+          stats.errors++
+        }
+      }
+    }
+
+    // 显示导入结果
+    console.log(`\n${'='.repeat(60)}`)
+    console.log('✅ Import Complete!')
+    console.log('='.repeat(60))
+    console.log(`Successfully imported: ${stats.imported}`)
+    console.log(`Skipped: ${stats.skipped}`)
+    console.log(`Errors: ${stats.errors}`)
+    console.log('='.repeat(60))
+  } catch (error) {
+    logger.error('💥 Import failed:', error)
+    process.exit(1)
+  } finally {
+    await redis.disconnect()
+    rl.close()
+  }
+}
+
+// 显示帮助信息
+function showHelp() {
+  console.log(`
+Data Transfer Tool for Claude Relay Service
+
+This tool allows you to export and import data between environments.
+
+Usage:
+  node scripts/data-transfer.js <command> [options]
+
+Commands:
+  export    Export data from Redis to a JSON file
+  import    Import data from a JSON file to Redis
+
+Export Options:
+  --output=FILE        Output filename (default: backup-YYYY-MM-DD.json/.csv)
+  --types=TYPE,...     Data types to export: apikeys,accounts,admins,all (default: all)
+  --format=FORMAT      Output format: json,csv (default: json)
+  --sanitize           Remove sensitive data from export
+
+Import Options:
+  --input=FILE         Input filename (required)
+  --force              Overwrite existing data without asking
+  --skip-conflicts     Skip conflicting data without asking
+
+Examples:
+  # Export all data
+  node scripts/data-transfer.js export
+
+  # Export only API keys with sanitized data
+  node scripts/data-transfer.js export --types=apikeys --sanitize
+
+  # Import data, skip conflicts
+  node scripts/data-transfer.js import --input=backup.json --skip-conflicts
+
+  # Export specific data types
+  node scripts/data-transfer.js export --types=apikeys,accounts --output=prod-data.json
+  
+  # Export API keys to CSV format
+  node scripts/data-transfer.js export --types=apikeys --format=csv --sanitize
+  
+  # Export to CSV with custom filename
+  node scripts/data-transfer.js export --types=apikeys --format=csv --output=api-keys.csv
+`)
+}
+
+// 主函数
+async function main() {
+  if (!command || command === '--help' || command === 'help') {
+    showHelp()
+    process.exit(0)
+  }
+
+  switch (command) {
+    case 'export':
+      await exportData()
+      break
+
+    case 'import':
+      await importData()
+      break
+
+    default:
+      logger.error(`❌ Unknown command: ${command}`)
+      showHelp()
+      process.exit(1)
+  }
+}
+
+// 运行
+main().catch((error) => {
+  logger.error('💥 Unexpected error:', error)
+  process.exit(1)
+})

scripts/debug-redis-keys.js

@@ -0,0 +1,126 @@
+#!/usr/bin/env node
+
+/**
+ * Redis 键调试工具
+ * 用于查看 Redis 中存储的所有键和数据结构
+ */
+
+const redis = require('../src/models/redis')
+const logger = require('../src/utils/logger')
+
+async function debugRedisKeys() {
+  try {
+    logger.info('🔄 Connecting to Redis...')
+    await redis.connect()
+    logger.success('✅ Connected to Redis')
+
+    // 获取所有键
+    const allKeys = await redis.client.keys('*')
+    logger.info(`\n📊 Total keys in Redis: ${allKeys.length}\n`)
+
+    // 按类型分组
+    const keysByType = {
+      apiKeys: [],
+      claudeAccounts: [],
+      geminiAccounts: [],
+      admins: [],
+      sessions: [],
+      usage: [],
+      other: []
+    }
+
+    // 分类键
+    for (const key of allKeys) {
+      if (key.startsWith('apikey:')) {
+        keysByType.apiKeys.push(key)
+      } else if (key.startsWith('claude_account:')) {
+        keysByType.claudeAccounts.push(key)
+      } else if (key.startsWith('gemini_account:')) {
+        keysByType.geminiAccounts.push(key)
+      } else if (key.startsWith('admin:') || key.startsWith('admin_username:')) {
+        keysByType.admins.push(key)
+      } else if (key.startsWith('session:')) {
+        keysByType.sessions.push(key)
+      } else if (
+        key.includes('usage') ||
+        key.includes('rate_limit') ||
+        key.includes('concurrency')
+      ) {
+        keysByType.usage.push(key)
+      } else {
+        keysByType.other.push(key)
+      }
+    }
+
+    // 显示分类结果
+    console.log('='.repeat(60))
+    console.log('📂 Keys by Category:')
+    console.log('='.repeat(60))
+    console.log(`API Keys: ${keysByType.apiKeys.length}`)
+    console.log(`Claude Accounts: ${keysByType.claudeAccounts.length}`)
+    console.log(`Gemini Accounts: ${keysByType.geminiAccounts.length}`)
+    console.log(`Admins: ${keysByType.admins.length}`)
+    console.log(`Sessions: ${keysByType.sessions.length}`)
+    console.log(`Usage/Rate Limit: ${keysByType.usage.length}`)
+    console.log(`Other: ${keysByType.other.length}`)
+    console.log('='.repeat(60))
+
+    // 详细显示每个类别的键
+    if (keysByType.apiKeys.length > 0) {
+      console.log('\n🔑 API Keys:')
+      for (const key of keysByType.apiKeys.slice(0, 5)) {
+        console.log(`  - ${key}`)
+      }
+      if (keysByType.apiKeys.length > 5) {
+        console.log(`  ... and ${keysByType.apiKeys.length - 5} more`)
+      }
+    }
+
+    if (keysByType.claudeAccounts.length > 0) {
+      console.log('\n🤖 Claude Accounts:')
+      for (const key of keysByType.claudeAccounts) {
+        console.log(`  - ${key}`)
+      }
+    }
+
+    if (keysByType.geminiAccounts.length > 0) {
+      console.log('\n💎 Gemini Accounts:')
+      for (const key of keysByType.geminiAccounts) {
+        console.log(`  - ${key}`)
+      }
+    }
+
+    if (keysByType.other.length > 0) {
+      console.log('\n❓ Other Keys:')
+      for (const key of keysByType.other.slice(0, 10)) {
+        console.log(`  - ${key}`)
+      }
+      if (keysByType.other.length > 10) {
+        console.log(`  ... and ${keysByType.other.length - 10} more`)
+      }
+    }
+
+    // 检查数据类型
+    console.log(`\n${'='.repeat(60)}`)
+    console.log('🔍 Checking Data Types:')
+    console.log('='.repeat(60))
+
+    // 随机检查几个键的类型
+    const sampleKeys = allKeys.slice(0, Math.min(10, allKeys.length))
+    for (const key of sampleKeys) {
+      const type = await redis.client.type(key)
+      console.log(`${key} => ${type}`)
+    }
+  } catch (error) {
+    logger.error('💥 Debug failed:', error)
+  } finally {
+    await redis.disconnect()
+    logger.info('👋 Disconnected from Redis')
+  }
+}
+
+// 运行调试
+debugRedisKeys().catch((error) => {
+  logger.error('💥 Unexpected error:', error)
+  process.exit(1)
+})

scripts/fix-inquirer.js

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+
+/**
+ * 修复 inquirer ESM 问题
+ * 降级到支持 CommonJS 的版本
+ */
+
+const { execSync } = require('child_process')
+
+console.log('🔧 修复 inquirer ESM 兼容性问题...\n')
+
+try {
+  // 卸载当前版本
+  console.log('📦 卸载当前 inquirer 版本...')
+  execSync('npm uninstall inquirer', { stdio: 'inherit' })
+
+  // 安装兼容 CommonJS 的版本 (8.x 是最后支持 CommonJS 的主要版本)
+  console.log('\n📦 安装兼容版本 inquirer@8.2.6...')
+  execSync('npm install inquirer@8.2.6', { stdio: 'inherit' })
+
+  console.log('\n✅ 修复完成！')
+  console.log('\n现在可以正常使用 CLI 工具了：')
+  console.log('  npm run cli admin')
+  console.log('  npm run cli keys')
+  console.log('  npm run cli status')
+} catch (error) {
+  console.error('❌ 修复失败:', error.message)
+  process.exit(1)
+}

scripts/fix-usage-stats.js

@@ -0,0 +1,227 @@
+#!/usr/bin/env node
+
+/**
+ * 数据迁移脚本：修复历史使用统计数据
+ *
+ * 功能：
+ * 1. 统一 totalTokens 和 allTokens 字段
+ * 2. 确保 allTokens 包含所有类型的 tokens
+ * 3. 修复历史数据的不一致性
+ *
+ * 使用方法：
+ * node scripts/fix-usage-stats.js [--dry-run]
+ */
+
+require('dotenv').config()
+const redis = require('../src/models/redis')
+const logger = require('../src/utils/logger')
+
+// 解析命令行参数
+const args = process.argv.slice(2)
+const isDryRun = args.includes('--dry-run')
+
+async function fixUsageStats() {
+  try {
+    logger.info('🔧 开始修复使用统计数据...')
+    if (isDryRun) {
+      logger.info('📝 DRY RUN 模式 - 不会实际修改数据')
+    }
+
+    // 连接到 Redis
+    await redis.connect()
+    logger.success('✅ 已连接到 Redis')
+
+    const client = redis.getClientSafe()
+
+    // 统计信息
+    const stats = {
+      totalKeys: 0,
+      fixedTotalKeys: 0,
+      fixedDailyKeys: 0,
+      fixedMonthlyKeys: 0,
+      fixedModelKeys: 0,
+      errors: 0
+    }
+
+    // 1. 修复 API Key 级别的总统计
+    logger.info('\n📊 修复 API Key 总统计数据...')
+    const apiKeyPattern = 'apikey:*'
+    const apiKeys = await client.keys(apiKeyPattern)
+    stats.totalKeys = apiKeys.length
+
+    for (const apiKeyKey of apiKeys) {
+      const keyId = apiKeyKey.replace('apikey:', '')
+      const usageKey = `usage:${keyId}`
+
+      try {
+        const usageData = await client.hgetall(usageKey)
+        if (usageData && Object.keys(usageData).length > 0) {
+          const inputTokens = parseInt(usageData.totalInputTokens) || 0
+          const outputTokens = parseInt(usageData.totalOutputTokens) || 0
+          const cacheCreateTokens = parseInt(usageData.totalCacheCreateTokens) || 0
+          const cacheReadTokens = parseInt(usageData.totalCacheReadTokens) || 0
+          const currentAllTokens = parseInt(usageData.totalAllTokens) || 0
+
+          // 计算正确的 allTokens
+          const correctAllTokens = inputTokens + outputTokens + cacheCreateTokens + cacheReadTokens
+
+          if (currentAllTokens !== correctAllTokens && correctAllTokens > 0) {
+            logger.info(`  修复 ${keyId}: ${currentAllTokens} -> ${correctAllTokens}`)
+
+            if (!isDryRun) {
+              await client.hset(usageKey, 'totalAllTokens', correctAllTokens)
+            }
+            stats.fixedTotalKeys++
+          }
+        }
+      } catch (error) {
+        logger.error(`  错误处理 ${keyId}: ${error.message}`)
+        stats.errors++
+      }
+    }
+
+    // 2. 修复每日统计数据
+    logger.info('\n📅 修复每日统计数据...')
+    const dailyPattern = 'usage:daily:*'
+    const dailyKeys = await client.keys(dailyPattern)
+
+    for (const dailyKey of dailyKeys) {
+      try {
+        const data = await client.hgetall(dailyKey)
+        if (data && Object.keys(data).length > 0) {
+          const inputTokens = parseInt(data.inputTokens) || 0
+          const outputTokens = parseInt(data.outputTokens) || 0
+          const cacheCreateTokens = parseInt(data.cacheCreateTokens) || 0
+          const cacheReadTokens = parseInt(data.cacheReadTokens) || 0
+          const currentAllTokens = parseInt(data.allTokens) || 0
+
+          const correctAllTokens = inputTokens + outputTokens + cacheCreateTokens + cacheReadTokens
+
+          if (currentAllTokens !== correctAllTokens && correctAllTokens > 0) {
+            if (!isDryRun) {
+              await client.hset(dailyKey, 'allTokens', correctAllTokens)
+            }
+            stats.fixedDailyKeys++
+          }
+        }
+      } catch (error) {
+        logger.error(`  错误处理 ${dailyKey}: ${error.message}`)
+        stats.errors++
+      }
+    }
+
+    // 3. 修复每月统计数据
+    logger.info('\n📆 修复每月统计数据...')
+    const monthlyPattern = 'usage:monthly:*'
+    const monthlyKeys = await client.keys(monthlyPattern)
+
+    for (const monthlyKey of monthlyKeys) {
+      try {
+        const data = await client.hgetall(monthlyKey)
+        if (data && Object.keys(data).length > 0) {
+          const inputTokens = parseInt(data.inputTokens) || 0
+          const outputTokens = parseInt(data.outputTokens) || 0
+          const cacheCreateTokens = parseInt(data.cacheCreateTokens) || 0
+          const cacheReadTokens = parseInt(data.cacheReadTokens) || 0
+          const currentAllTokens = parseInt(data.allTokens) || 0
+
+          const correctAllTokens = inputTokens + outputTokens + cacheCreateTokens + cacheReadTokens
+
+          if (currentAllTokens !== correctAllTokens && correctAllTokens > 0) {
+            if (!isDryRun) {
+              await client.hset(monthlyKey, 'allTokens', correctAllTokens)
+            }
+            stats.fixedMonthlyKeys++
+          }
+        }
+      } catch (error) {
+        logger.error(`  错误处理 ${monthlyKey}: ${error.message}`)
+        stats.errors++
+      }
+    }
+
+    // 4. 修复模型级别的统计数据
+    logger.info('\n🤖 修复模型级别统计数据...')
+    const modelPatterns = [
+      'usage:model:daily:*',
+      'usage:model:monthly:*',
+      'usage:*:model:daily:*',
+      'usage:*:model:monthly:*'
+    ]
+
+    for (const pattern of modelPatterns) {
+      const modelKeys = await client.keys(pattern)
+
+      for (const modelKey of modelKeys) {
+        try {
+          const data = await client.hgetall(modelKey)
+          if (data && Object.keys(data).length > 0) {
+            const inputTokens = parseInt(data.inputTokens) || 0
+            const outputTokens = parseInt(data.outputTokens) || 0
+            const cacheCreateTokens = parseInt(data.cacheCreateTokens) || 0
+            const cacheReadTokens = parseInt(data.cacheReadTokens) || 0
+            const currentAllTokens = parseInt(data.allTokens) || 0
+
+            const correctAllTokens =
+              inputTokens + outputTokens + cacheCreateTokens + cacheReadTokens
+
+            if (currentAllTokens !== correctAllTokens && correctAllTokens > 0) {
+              if (!isDryRun) {
+                await client.hset(modelKey, 'allTokens', correctAllTokens)
+              }
+              stats.fixedModelKeys++
+            }
+          }
+        } catch (error) {
+          logger.error(`  错误处理 ${modelKey}: ${error.message}`)
+          stats.errors++
+        }
+      }
+    }
+
+    // 5. 验证修复结果
+    if (!isDryRun) {
+      logger.info('\n✅ 验证修复结果...')
+
+      // 随机抽样验证
+      const sampleSize = Math.min(5, apiKeys.length)
+      for (let i = 0; i < sampleSize; i++) {
+        const randomIndex = Math.floor(Math.random() * apiKeys.length)
+        const keyId = apiKeys[randomIndex].replace('apikey:', '')
+        const usage = await redis.getUsageStats(keyId)
+
+        logger.info(`  样本 ${keyId}:`)
+        logger.info(`    Total tokens: ${usage.total.tokens}`)
+        logger.info(`    All tokens: ${usage.total.allTokens}`)
+        logger.info(`    一致性: ${usage.total.tokens === usage.total.allTokens ? '✅' : '❌'}`)
+      }
+    }
+
+    // 打印统计结果
+    logger.info('\n📊 修复统计：')
+    logger.info(`  总 API Keys: ${stats.totalKeys}`)
+    logger.info(`  修复的总统计: ${stats.fixedTotalKeys}`)
+    logger.info(`  修复的日统计: ${stats.fixedDailyKeys}`)
+    logger.info(`  修复的月统计: ${stats.fixedMonthlyKeys}`)
+    logger.info(`  修复的模型统计: ${stats.fixedModelKeys}`)
+    logger.info(`  错误数: ${stats.errors}`)
+
+    if (isDryRun) {
+      logger.info('\n💡 这是 DRY RUN - 没有实际修改数据')
+      logger.info('   运行不带 --dry-run 参数来实际执行修复')
+    } else {
+      logger.success('\n✅ 数据修复完成！')
+    }
+  } catch (error) {
+    logger.error('❌ 修复过程出错:', error)
+    process.exit(1)
+  } finally {
+    await redis.disconnect()
+  }
+}
+
+// 执行修复
+fixUsageStats().catch((error) => {
+  logger.error('❌ 未处理的错误:', error)
+  process.exit(1)
+})

scripts/generate-test-data.js

@@ -0,0 +1,280 @@
+#!/usr/bin/env node
+
+/**
+ * 历史数据生成脚本
+ * 用于测试不同时间范围的Token统计功能
+ *
+ * 使用方法：
+ * node scripts/generate-test-data.js [--clean]
+ *
+ * 选项：
+ * --clean: 清除所有测试数据
+ */
+
+const redis = require('../src/models/redis')
+const logger = require('../src/utils/logger')
+
+// 解析命令行参数
+const args = process.argv.slice(2)
+const shouldClean = args.includes('--clean')
+
+// 模拟的模型列表
+const models = [
+  'claude-sonnet-4-20250514',
+  'claude-3-5-sonnet-20241022',
+  'claude-3-5-haiku-20241022',
+  'claude-3-opus-20240229'
+]
+
+// 生成指定日期的数据
+async function generateDataForDate(apiKeyId, date, dayOffset) {
+  const client = redis.getClientSafe()
+  const dateStr = date.toISOString().split('T')[0]
+  const month = `${date.getFullYear()}-${String(date.getMonth() + 1).padStart(2, '0')}`
+
+  // 根据日期偏移量调整数据量（越近的日期数据越多）
+  const requestCount = Math.max(5, 20 - dayOffset * 2) // 5-20个请求
+
+  logger.info(`📊 Generating ${requestCount} requests for ${dateStr}`)
+
+  for (let i = 0; i < requestCount; i++) {
+    // 随机选择模型
+    const model = models[Math.floor(Math.random() * models.length)]
+
+    // 生成随机Token数据
+    const inputTokens = Math.floor(Math.random() * 2000) + 500 // 500-2500
+    const outputTokens = Math.floor(Math.random() * 3000) + 1000 // 1000-4000
+    const cacheCreateTokens = Math.random() > 0.7 ? Math.floor(Math.random() * 1000) : 0 // 30%概率有缓存创建
+    const cacheReadTokens = Math.random() > 0.5 ? Math.floor(Math.random() * 500) : 0 // 50%概率有缓存读取
+
+    const coreTokens = inputTokens + outputTokens
+    const allTokens = inputTokens + outputTokens + cacheCreateTokens + cacheReadTokens
+
+    // 更新各种统计键
+    const totalKey = `usage:${apiKeyId}`
+    const dailyKey = `usage:daily:${apiKeyId}:${dateStr}`
+    const monthlyKey = `usage:monthly:${apiKeyId}:${month}`
+    const modelDailyKey = `usage:model:daily:${model}:${dateStr}`
+    const modelMonthlyKey = `usage:model:monthly:${model}:${month}`
+    const keyModelDailyKey = `usage:${apiKeyId}:model:daily:${model}:${dateStr}`
+    const keyModelMonthlyKey = `usage:${apiKeyId}:model:monthly:${model}:${month}`
+
+    await Promise.all([
+      // 总计数据
+      client.hincrby(totalKey, 'totalTokens', coreTokens),
+      client.hincrby(totalKey, 'totalInputTokens', inputTokens),
+      client.hincrby(totalKey, 'totalOutputTokens', outputTokens),
+      client.hincrby(totalKey, 'totalCacheCreateTokens', cacheCreateTokens),
+      client.hincrby(totalKey, 'totalCacheReadTokens', cacheReadTokens),
+      client.hincrby(totalKey, 'totalAllTokens', allTokens),
+      client.hincrby(totalKey, 'totalRequests', 1),
+
+      // 每日统计
+      client.hincrby(dailyKey, 'tokens', coreTokens),
+      client.hincrby(dailyKey, 'inputTokens', inputTokens),
+      client.hincrby(dailyKey, 'outputTokens', outputTokens),
+      client.hincrby(dailyKey, 'cacheCreateTokens', cacheCreateTokens),
+      client.hincrby(dailyKey, 'cacheReadTokens', cacheReadTokens),
+      client.hincrby(dailyKey, 'allTokens', allTokens),
+      client.hincrby(dailyKey, 'requests', 1),
+
+      // 每月统计
+      client.hincrby(monthlyKey, 'tokens', coreTokens),
+      client.hincrby(monthlyKey, 'inputTokens', inputTokens),
+      client.hincrby(monthlyKey, 'outputTokens', outputTokens),
+      client.hincrby(monthlyKey, 'cacheCreateTokens', cacheCreateTokens),
+      client.hincrby(monthlyKey, 'cacheReadTokens', cacheReadTokens),
+      client.hincrby(monthlyKey, 'allTokens', allTokens),
+      client.hincrby(monthlyKey, 'requests', 1),
+
+      // 模型统计 - 每日
+      client.hincrby(modelDailyKey, 'totalInputTokens', inputTokens),
+      client.hincrby(modelDailyKey, 'totalOutputTokens', outputTokens),
+      client.hincrby(modelDailyKey, 'totalCacheCreateTokens', cacheCreateTokens),
+      client.hincrby(modelDailyKey, 'totalCacheReadTokens', cacheReadTokens),
+      client.hincrby(modelDailyKey, 'totalAllTokens', allTokens),
+      client.hincrby(modelDailyKey, 'requests', 1),
+
+      // 模型统计 - 每月
+      client.hincrby(modelMonthlyKey, 'totalInputTokens', inputTokens),
+      client.hincrby(modelMonthlyKey, 'totalOutputTokens', outputTokens),
+      client.hincrby(modelMonthlyKey, 'totalCacheCreateTokens', cacheCreateTokens),
+      client.hincrby(modelMonthlyKey, 'totalCacheReadTokens', cacheReadTokens),
+      client.hincrby(modelMonthlyKey, 'totalAllTokens', allTokens),
+      client.hincrby(modelMonthlyKey, 'requests', 1),
+
+      // API Key级别的模型统计 - 每日
+      // 同时存储带total前缀和不带前缀的字段，保持兼容性
+      client.hincrby(keyModelDailyKey, 'inputTokens', inputTokens),
+      client.hincrby(keyModelDailyKey, 'outputTokens', outputTokens),
+      client.hincrby(keyModelDailyKey, 'cacheCreateTokens', cacheCreateTokens),
+      client.hincrby(keyModelDailyKey, 'cacheReadTokens', cacheReadTokens),
+      client.hincrby(keyModelDailyKey, 'allTokens', allTokens),
+      client.hincrby(keyModelDailyKey, 'totalInputTokens', inputTokens),
+      client.hincrby(keyModelDailyKey, 'totalOutputTokens', outputTokens),
+      client.hincrby(keyModelDailyKey, 'totalCacheCreateTokens', cacheCreateTokens),
+      client.hincrby(keyModelDailyKey, 'totalCacheReadTokens', cacheReadTokens),
+      client.hincrby(keyModelDailyKey, 'totalAllTokens', allTokens),
+      client.hincrby(keyModelDailyKey, 'requests', 1),
+
+      // API Key级别的模型统计 - 每月
+      client.hincrby(keyModelMonthlyKey, 'inputTokens', inputTokens),
+      client.hincrby(keyModelMonthlyKey, 'outputTokens', outputTokens),
+      client.hincrby(keyModelMonthlyKey, 'cacheCreateTokens', cacheCreateTokens),
+      client.hincrby(keyModelMonthlyKey, 'cacheReadTokens', cacheReadTokens),
+      client.hincrby(keyModelMonthlyKey, 'allTokens', allTokens),
+      client.hincrby(keyModelMonthlyKey, 'totalInputTokens', inputTokens),
+      client.hincrby(keyModelMonthlyKey, 'totalOutputTokens', outputTokens),
+      client.hincrby(keyModelMonthlyKey, 'totalCacheCreateTokens', cacheCreateTokens),
+      client.hincrby(keyModelMonthlyKey, 'totalCacheReadTokens', cacheReadTokens),
+      client.hincrby(keyModelMonthlyKey, 'totalAllTokens', allTokens),
+      client.hincrby(keyModelMonthlyKey, 'requests', 1)
+    ])
+  }
+}
+
+// 清除测试数据
+async function cleanTestData() {
+  const client = redis.getClientSafe()
+  const apiKeyService = require('../src/services/apiKeyService')
+
+  logger.info('🧹 Cleaning test data...')
+
+  // 获取所有API Keys
+  const allKeys = await apiKeyService.getAllApiKeys()
+
+  // 找出所有测试 API Keys
+  const testKeys = allKeys.filter((key) => key.name && key.name.startsWith('Test API Key'))
+
+  for (const testKey of testKeys) {
+    const apiKeyId = testKey.id
+
+    // 获取所有相关的键
+    const patterns = [
+      `usage:${apiKeyId}`,
+      `usage:daily:${apiKeyId}:*`,
+      `usage:monthly:${apiKeyId}:*`,
+      `usage:${apiKeyId}:model:daily:*`,
+      `usage:${apiKeyId}:model:monthly:*`
+    ]
+
+    for (const pattern of patterns) {
+      const keys = await client.keys(pattern)
+      if (keys.length > 0) {
+        await client.del(...keys)
+        logger.info(`🗑️ Deleted ${keys.length} keys matching pattern: ${pattern}`)
+      }
+    }
+
+    // 删除 API Key 本身
+    await apiKeyService.deleteApiKey(apiKeyId)
+    logger.info(`🗑️ Deleted test API Key: ${testKey.name} (${apiKeyId})`)
+  }
+
+  // 清除模型统计
+  const modelPatterns = ['usage:model:daily:*', 'usage:model:monthly:*']
+
+  for (const pattern of modelPatterns) {
+    const keys = await client.keys(pattern)
+    if (keys.length > 0) {
+      await client.del(...keys)
+      logger.info(`🗑️ Deleted ${keys.length} keys matching pattern: ${pattern}`)
+    }
+  }
+}
+
+// 主函数
+async function main() {
+  try {
+    await redis.connect()
+    logger.success('✅ Connected to Redis')
+
+    // 创建测试API Keys
+    const apiKeyService = require('../src/services/apiKeyService')
+    const testApiKeys = []
+    const createdKeys = []
+
+    // 总是创建新的测试 API Keys
+    logger.info('📝 Creating test API Keys...')
+
+    for (let i = 1; i <= 3; i++) {
+      const newKey = await apiKeyService.generateApiKey({
+        name: `Test API Key ${i}`,
+        description: `Test key for historical data generation ${i}`,
+        tokenLimit: 10000000,
+        concurrencyLimit: 10,
+        rateLimitWindow: 60,
+        rateLimitRequests: 100
+      })
+
+      testApiKeys.push(newKey.id)
+      createdKeys.push(newKey)
+      logger.success(`✅ Created test API Key: ${newKey.name} (${newKey.id})`)
+      logger.info(`   🔑 API Key: ${newKey.apiKey}`)
+    }
+
+    if (shouldClean) {
+      await cleanTestData()
+      logger.success('✅ Test data cleaned successfully')
+      return
+    }
+
+    // 生成历史数据
+    const now = new Date()
+
+    for (const apiKeyId of testApiKeys) {
+      logger.info(`\n🔄 Generating data for API Key: ${apiKeyId}`)
+
+      // 生成过去30天的数据
+      for (let dayOffset = 0; dayOffset < 30; dayOffset++) {
+        const date = new Date(now)
+        date.setDate(date.getDate() - dayOffset)
+
+        await generateDataForDate(apiKeyId, date, dayOffset)
+      }
+
+      logger.success(`✅ Generated 30 days of historical data for API Key: ${apiKeyId}`)
+    }
+
+    // 显示统计摘要
+    logger.info('\n📊 Test Data Summary:')
+    logger.info('='.repeat(60))
+
+    for (const apiKeyId of testApiKeys) {
+      const totalKey = `usage:${apiKeyId}`
+      const totalData = await redis.getClientSafe().hgetall(totalKey)
+
+      if (totalData && Object.keys(totalData).length > 0) {
+        logger.info(`\nAPI Key: ${apiKeyId}`)
+        logger.info(`  Total Requests: ${totalData.totalRequests || 0}`)
+        logger.info(`  Total Tokens (Core): ${totalData.totalTokens || 0}`)
+        logger.info(`  Total Tokens (All): ${totalData.totalAllTokens || 0}`)
+        logger.info(`  Input Tokens: ${totalData.totalInputTokens || 0}`)
+        logger.info(`  Output Tokens: ${totalData.totalOutputTokens || 0}`)
+        logger.info(`  Cache Create Tokens: ${totalData.totalCacheCreateTokens || 0}`)
+        logger.info(`  Cache Read Tokens: ${totalData.totalCacheReadTokens || 0}`)
+      }
+    }
+
+    logger.info(`\n${'='.repeat(60)}`)
+    logger.success('\n✅ Test data generation completed!')
+    logger.info('\n📋 Created API Keys:')
+    for (const key of createdKeys) {
+      logger.info(`- ${key.name}: ${key.apiKey}`)
+    }
+    logger.info('\n💡 Tips:')
+    logger.info('- Check the admin panel to see the different time ranges')
+    logger.info('- Use --clean flag to remove all test data and API Keys')
+    logger.info('- The script generates more recent data to simulate real usage patterns')
+  } catch (error) {
+    logger.error('❌ Error:', error)
+  } finally {
+    await redis.disconnect()
+  }
+}
+
+// 运行脚本
+main().catch((error) => {
+  logger.error('💥 Unexpected error:', error)
+  process.exit(1)
+})

scripts/manage-session-windows.js

@@ -0,0 +1,561 @@
+#!/usr/bin/env node
+
+/**
+ * 会话窗口管理脚本
+ * 用于调试、恢复和管理Claude账户的会话窗口
+ */
+
+const redis = require('../src/models/redis')
+const claudeAccountService = require('../src/services/claudeAccountService')
+const readline = require('readline')
+
+// 创建readline接口
+const rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout
+})
+
+// 辅助函数：询问用户输入
+function askQuestion(question) {
+  return new Promise((resolve) => {
+    rl.question(question, resolve)
+  })
+}
+
+// 辅助函数：解析时间输入
+function parseTimeInput(input) {
+  const now = new Date()
+
+  // 如果是 HH:MM 格式
+  const timeMatch = input.match(/^(\d{1,2}):(\d{2})$/)
+  if (timeMatch) {
+    const hour = parseInt(timeMatch[1])
+    const minute = parseInt(timeMatch[2])
+
+    if (hour >= 0 && hour <= 23 && minute >= 0 && minute <= 59) {
+      const time = new Date(now)
+      time.setHours(hour, minute, 0, 0)
+      return time
+    }
+  }
+
+  // 如果是相对时间（如 "2小时前"）
+  const relativeMatch = input.match(/^(\d+)(小时|分钟)前$/)
+  if (relativeMatch) {
+    const amount = parseInt(relativeMatch[1])
+    const unit = relativeMatch[2]
+    const time = new Date(now)
+
+    if (unit === '小时') {
+      time.setHours(time.getHours() - amount)
+    } else if (unit === '分钟') {
+      time.setMinutes(time.getMinutes() - amount)
+    }
+
+    return time
+  }
+
+  // 如果是 ISO 格式或其他日期格式
+  const parsedDate = new Date(input)
+  if (!isNaN(parsedDate.getTime())) {
+    return parsedDate
+  }
+
+  return null
+}
+
+// 辅助函数：显示可用的时间窗口选项
+function showTimeWindowOptions() {
+  const now = new Date()
+  console.log('\n⏰ 可用的5小时时间窗口:')
+
+  for (let hour = 0; hour < 24; hour += 5) {
+    const start = hour
+    const end = hour + 5
+    const startStr = `${String(start).padStart(2, '0')}:00`
+    const endStr = `${String(end).padStart(2, '0')}:00`
+
+    const currentHour = now.getHours()
+    const isActive = currentHour >= start && currentHour < end
+    const status = isActive ? ' 🟢 (当前活跃)' : ''
+
+    console.log(`   ${start / 5 + 1}. ${startStr} - ${endStr}${status}`)
+  }
+  console.log('')
+}
+
+const commands = {
+  // 调试所有账户的会话窗口状态
+  async debug() {
+    console.log('🔍 开始调试会话窗口状态...\n')
+
+    const accounts = await redis.getAllClaudeAccounts()
+    console.log(`📊 找到 ${accounts.length} 个Claude账户\n`)
+
+    const stats = {
+      total: accounts.length,
+      hasWindow: 0,
+      hasLastUsed: 0,
+      canRecover: 0,
+      expired: 0
+    }
+
+    for (const account of accounts) {
+      console.log(`🏢 ${account.name} (${account.id})`)
+      console.log(`   状态: ${account.isActive === 'true' ? '✅ 活跃' : '❌ 禁用'}`)
+
+      if (account.sessionWindowStart && account.sessionWindowEnd) {
+        stats.hasWindow++
+        const windowStart = new Date(account.sessionWindowStart)
+        const windowEnd = new Date(account.sessionWindowEnd)
+        const now = new Date()
+        const isActive = now < windowEnd
+
+        console.log(`   会话窗口: ${windowStart.toLocaleString()} - ${windowEnd.toLocaleString()}`)
+        console.log(`   窗口状态: ${isActive ? '✅ 活跃' : '❌ 已过期'}`)
+
+        // 只有在窗口已过期时才显示可恢复窗口
+        if (!isActive && account.lastUsedAt) {
+          const lastUsed = new Date(account.lastUsedAt)
+          const recoveredWindowStart = claudeAccountService._calculateSessionWindowStart(lastUsed)
+          const recoveredWindowEnd =
+            claudeAccountService._calculateSessionWindowEnd(recoveredWindowStart)
+
+          if (now < recoveredWindowEnd) {
+            stats.canRecover++
+            console.log(
+              `   可恢复窗口: ✅ ${recoveredWindowStart.toLocaleString()} - ${recoveredWindowEnd.toLocaleString()}`
+            )
+          } else {
+            stats.expired++
+            console.log(
+              `   可恢复窗口: ❌ 已过期 (${recoveredWindowStart.toLocaleString()} - ${recoveredWindowEnd.toLocaleString()})`
+            )
+          }
+        }
+      } else {
+        console.log('   会话窗口: ❌ 无')
+
+        // 没有会话窗口时，检查是否有可恢复的窗口
+        if (account.lastUsedAt) {
+          const lastUsed = new Date(account.lastUsedAt)
+          const now = new Date()
+          const windowStart = claudeAccountService._calculateSessionWindowStart(lastUsed)
+          const windowEnd = claudeAccountService._calculateSessionWindowEnd(windowStart)
+
+          if (now < windowEnd) {
+            stats.canRecover++
+            console.log(
+              `   可恢复窗口: ✅ ${windowStart.toLocaleString()} - ${windowEnd.toLocaleString()}`
+            )
+          } else {
+            stats.expired++
+            console.log(
+              `   可恢复窗口: ❌ 已过期 (${windowStart.toLocaleString()} - ${windowEnd.toLocaleString()})`
+            )
+          }
+        }
+      }
+
+      if (account.lastUsedAt) {
+        stats.hasLastUsed++
+        const lastUsed = new Date(account.lastUsedAt)
+        const now = new Date()
+        const minutesAgo = Math.round((now - lastUsed) / (1000 * 60))
+
+        console.log(`   最后使用: ${lastUsed.toLocaleString()} (${minutesAgo}分钟前)`)
+      } else {
+        console.log('   最后使用: ❌ 无记录')
+      }
+
+      console.log('')
+    }
+
+    console.log('📈 汇总统计:')
+    console.log(`   总账户数: ${stats.total}`)
+    console.log(`   有会话窗口: ${stats.hasWindow}`)
+    console.log(`   有使用记录: ${stats.hasLastUsed}`)
+    console.log(`   可以恢复: ${stats.canRecover}`)
+    console.log(`   窗口已过期: ${stats.expired}`)
+  },
+
+  // 初始化会话窗口（默认行为）
+  async init() {
+    console.log('🔄 初始化会话窗口...\n')
+    const result = await claudeAccountService.initializeSessionWindows()
+
+    console.log('\n📊 初始化结果:')
+    console.log(`   总账户数: ${result.total}`)
+    console.log(`   成功初始化: ${result.initialized}`)
+    console.log(`   已跳过（已有窗口）: ${result.skipped}`)
+    console.log(`   窗口已过期: ${result.expired}`)
+    console.log(`   无使用数据: ${result.noData}`)
+
+    if (result.error) {
+      console.log(`   错误: ${result.error}`)
+    }
+  },
+
+  // 强制重新计算所有会话窗口
+  async force() {
+    console.log('🔄 强制重新计算所有会话窗口...\n')
+    const result = await claudeAccountService.initializeSessionWindows(true)
+
+    console.log('\n📊 强制重算结果:')
+    console.log(`   总账户数: ${result.total}`)
+    console.log(`   成功初始化: ${result.initialized}`)
+    console.log(`   窗口已过期: ${result.expired}`)
+    console.log(`   无使用数据: ${result.noData}`)
+
+    if (result.error) {
+      console.log(`   错误: ${result.error}`)
+    }
+  },
+
+  // 清除所有会话窗口
+  async clear() {
+    console.log('🗑️ 清除所有会话窗口...\n')
+
+    const accounts = await redis.getAllClaudeAccounts()
+    let clearedCount = 0
+
+    for (const account of accounts) {
+      if (account.sessionWindowStart || account.sessionWindowEnd) {
+        delete account.sessionWindowStart
+        delete account.sessionWindowEnd
+        delete account.lastRequestTime
+
+        await redis.setClaudeAccount(account.id, account)
+        clearedCount++
+
+        console.log(`✅ 清除账户 ${account.name} (${account.id}) 的会话窗口`)
+      }
+    }
+
+    console.log(`\n📊 清除完成: 共清除 ${clearedCount} 个账户的会话窗口`)
+  },
+
+  // 创建测试会话窗口（将lastUsedAt设置为当前时间）
+  async test() {
+    console.log('🧪 创建测试会话窗口...\n')
+
+    const accounts = await redis.getAllClaudeAccounts()
+    if (accounts.length === 0) {
+      console.log('❌ 没有找到Claude账户')
+      return
+    }
+
+    const now = new Date()
+    let updatedCount = 0
+
+    for (const account of accounts) {
+      if (account.isActive === 'true') {
+        // 设置为当前时间（模拟刚刚使用）
+        account.lastUsedAt = now.toISOString()
+
+        // 计算新的会话窗口
+        const windowStart = claudeAccountService._calculateSessionWindowStart(now)
+        const windowEnd = claudeAccountService._calculateSessionWindowEnd(windowStart)
+
+        account.sessionWindowStart = windowStart.toISOString()
+        account.sessionWindowEnd = windowEnd.toISOString()
+        account.lastRequestTime = now.toISOString()
+
+        await redis.setClaudeAccount(account.id, account)
+        updatedCount++
+
+        console.log(`✅ 为账户 ${account.name} 创建测试会话窗口:`)
+        console.log(`   窗口时间: ${windowStart.toLocaleString()} - ${windowEnd.toLocaleString()}`)
+        console.log(`   最后使用: ${now.toLocaleString()}\n`)
+      }
+    }
+
+    console.log(`📊 测试完成: 为 ${updatedCount} 个活跃账户创建了测试会话窗口`)
+  },
+
+  // 手动设置账户的会话窗口
+  async set() {
+    console.log('🔧 手动设置会话窗口...\n')
+
+    // 获取所有账户
+    const accounts = await redis.getAllClaudeAccounts()
+    if (accounts.length === 0) {
+      console.log('❌ 没有找到Claude账户')
+      return
+    }
+
+    // 显示账户列表
+    console.log('📋 可用的Claude账户:')
+    accounts.forEach((account, index) => {
+      const status = account.isActive === 'true' ? '✅' : '❌'
+      const hasWindow = account.sessionWindowStart ? '🕐' : '➖'
+      console.log(`   ${index + 1}. ${status} ${hasWindow} ${account.name} (${account.id})`)
+    })
+
+    // 让用户选择账户
+    const accountIndex = await askQuestion('\n请选择账户 (输入编号): ')
+    const selectedIndex = parseInt(accountIndex) - 1
+
+    if (selectedIndex < 0 || selectedIndex >= accounts.length) {
+      console.log('❌ 无效的账户编号')
+      return
+    }
+
+    const selectedAccount = accounts[selectedIndex]
+    console.log(`\n🎯 已选择账户: ${selectedAccount.name}`)
+
+    // 显示当前会话窗口状态
+    if (selectedAccount.sessionWindowStart && selectedAccount.sessionWindowEnd) {
+      const windowStart = new Date(selectedAccount.sessionWindowStart)
+      const windowEnd = new Date(selectedAccount.sessionWindowEnd)
+      const now = new Date()
+      const isActive = now >= windowStart && now < windowEnd
+
+      console.log('📊 当前会话窗口:')
+      console.log(`   时间: ${windowStart.toLocaleString()} - ${windowEnd.toLocaleString()}`)
+      console.log(`   状态: ${isActive ? '✅ 活跃' : '❌ 已过期'}`)
+    } else {
+      console.log('📊 当前会话窗口: ❌ 无')
+    }
+
+    // 显示设置选项
+    console.log('\n🛠️ 设置选项:')
+    console.log('   1. 使用预设时间窗口')
+    console.log('   2. 自定义最后使用时间')
+    console.log('   3. 直接设置窗口时间')
+    console.log('   4. 清除会话窗口')
+
+    const option = await askQuestion('\n请选择设置方式 (1-4): ')
+
+    switch (option) {
+      case '1':
+        await setPresetWindow(selectedAccount)
+        break
+      case '2':
+        await setCustomLastUsed(selectedAccount)
+        break
+      case '3':
+        await setDirectWindow(selectedAccount)
+        break
+      case '4':
+        await clearAccountWindow(selectedAccount)
+        break
+      default:
+        console.log('❌ 无效的选项')
+        return
+    }
+  },
+
+  // 显示帮助信息
+  help() {
+    console.log('🔧 会话窗口管理脚本\n')
+    console.log('用法: node scripts/manage-session-windows.js <command>\n')
+    console.log('命令:')
+    console.log('  debug  - 调试所有账户的会话窗口状态')
+    console.log('  init   - 初始化会话窗口（跳过已有窗口的账户）')
+    console.log('  force  - 强制重新计算所有会话窗口')
+    console.log('  test   - 创建测试会话窗口（设置当前时间为使用时间）')
+    console.log('  set    - 手动设置特定账户的会话窗口 🆕')
+    console.log('  clear  - 清除所有会话窗口')
+    console.log('  help   - 显示此帮助信息\n')
+    console.log('示例:')
+    console.log('  node scripts/manage-session-windows.js debug')
+    console.log('  node scripts/manage-session-windows.js set')
+    console.log('  node scripts/manage-session-windows.js test')
+    console.log('  node scripts/manage-session-windows.js force')
+  }
+}
+
+// 设置函数实现
+
+// 使用预设时间窗口
+async function setPresetWindow(account) {
+  showTimeWindowOptions()
+
+  const windowChoice = await askQuestion('请选择时间窗口 (1-5): ')
+  const windowIndex = parseInt(windowChoice) - 1
+
+  if (windowIndex < 0 || windowIndex >= 5) {
+    console.log('❌ 无效的窗口选择')
+    return
+  }
+
+  const now = new Date()
+  const startHour = windowIndex * 5
+
+  // 创建窗口开始时间
+  const windowStart = new Date(now)
+  windowStart.setHours(startHour, 0, 0, 0)
+
+  // 创建窗口结束时间
+  const windowEnd = new Date(windowStart)
+  windowEnd.setHours(windowEnd.getHours() + 5)
+
+  // 如果选择的窗口已经过期，则设置为明天的同一时间段
+  if (windowEnd <= now) {
+    windowStart.setDate(windowStart.getDate() + 1)
+    windowEnd.setDate(windowEnd.getDate() + 1)
+  }
+
+  // 询问是否要设置为当前时间作为最后使用时间
+  const setLastUsed = await askQuestion('是否设置当前时间为最后使用时间? (y/N): ')
+
+  // 更新账户数据
+  account.sessionWindowStart = windowStart.toISOString()
+  account.sessionWindowEnd = windowEnd.toISOString()
+  account.lastRequestTime = now.toISOString()
+
+  if (setLastUsed.toLowerCase() === 'y' || setLastUsed.toLowerCase() === 'yes') {
+    account.lastUsedAt = now.toISOString()
+  }
+
+  await redis.setClaudeAccount(account.id, account)
+
+  console.log('\n✅ 已设置会话窗口:')
+  console.log(`   账户: ${account.name}`)
+  console.log(`   窗口: ${windowStart.toLocaleString()} - ${windowEnd.toLocaleString()}`)
+  console.log(`   状态: ${now >= windowStart && now < windowEnd ? '✅ 活跃' : '⏰ 未来窗口'}`)
+}
+
+// 自定义最后使用时间
+async function setCustomLastUsed(account) {
+  console.log('\n📝 设置最后使用时间:')
+  console.log('支持的时间格式:')
+  console.log('   - HH:MM (如: 14:30)')
+  console.log('   - 相对时间 (如: 2小时前, 30分钟前)')
+  console.log('   - ISO格式 (如: 2025-07-28T14:30:00)')
+
+  const timeInput = await askQuestion('\n请输入最后使用时间: ')
+  const lastUsedTime = parseTimeInput(timeInput)
+
+  if (!lastUsedTime) {
+    console.log('❌ 无效的时间格式')
+    return
+  }
+
+  // 基于最后使用时间计算会话窗口
+  const windowStart = claudeAccountService._calculateSessionWindowStart(lastUsedTime)
+  const windowEnd = claudeAccountService._calculateSessionWindowEnd(windowStart)
+
+  // 更新账户数据
+  account.lastUsedAt = lastUsedTime.toISOString()
+  account.sessionWindowStart = windowStart.toISOString()
+  account.sessionWindowEnd = windowEnd.toISOString()
+  account.lastRequestTime = lastUsedTime.toISOString()
+
+  await redis.setClaudeAccount(account.id, account)
+
+  console.log('\n✅ 已设置会话窗口:')
+  console.log(`   账户: ${account.name}`)
+  console.log(`   最后使用: ${lastUsedTime.toLocaleString()}`)
+  console.log(`   窗口: ${windowStart.toLocaleString()} - ${windowEnd.toLocaleString()}`)
+
+  const now = new Date()
+  console.log(`   状态: ${now >= windowStart && now < windowEnd ? '✅ 活跃' : '❌ 已过期'}`)
+}
+
+// 直接设置窗口时间
+async function setDirectWindow(account) {
+  console.log('\n⏰ 直接设置窗口时间:')
+
+  const startInput = await askQuestion('请输入窗口开始时间 (HH:MM): ')
+  const startTime = parseTimeInput(startInput)
+
+  if (!startTime) {
+    console.log('❌ 无效的开始时间格式')
+    return
+  }
+
+  // 自动计算结束时间（开始时间+5小时）
+  const endTime = new Date(startTime)
+  endTime.setHours(endTime.getHours() + 5)
+
+  // 如果跨天，询问是否确认
+  if (endTime.getDate() !== startTime.getDate()) {
+    const confirm = await askQuestion(`窗口将跨天到次日 ${endTime.getHours()}:00，确认吗? (y/N): `)
+    if (confirm.toLowerCase() !== 'y' && confirm.toLowerCase() !== 'yes') {
+      console.log('❌ 已取消设置')
+      return
+    }
+  }
+
+  const now = new Date()
+
+  // 更新账户数据
+  account.sessionWindowStart = startTime.toISOString()
+  account.sessionWindowEnd = endTime.toISOString()
+  account.lastRequestTime = now.toISOString()
+
+  // 询问是否更新最后使用时间
+  const updateLastUsed = await askQuestion('是否将最后使用时间设置为窗口开始时间? (y/N): ')
+  if (updateLastUsed.toLowerCase() === 'y' || updateLastUsed.toLowerCase() === 'yes') {
+    account.lastUsedAt = startTime.toISOString()
+  }
+
+  await redis.setClaudeAccount(account.id, account)
+
+  console.log('\n✅ 已设置会话窗口:')
+  console.log(`   账户: ${account.name}`)
+  console.log(`   窗口: ${startTime.toLocaleString()} - ${endTime.toLocaleString()}`)
+  console.log(
+    `   状态: ${now >= startTime && now < endTime ? '✅ 活跃' : now < startTime ? '⏰ 未来窗口' : '❌ 已过期'}`
+  )
+}
+
+// 清除账户会话窗口
+async function clearAccountWindow(account) {
+  const confirm = await askQuestion(`确认清除账户 "${account.name}" 的会话窗口吗? (y/N): `)
+
+  if (confirm.toLowerCase() !== 'y' && confirm.toLowerCase() !== 'yes') {
+    console.log('❌ 已取消操作')
+    return
+  }
+
+  // 清除会话窗口相关数据
+  delete account.sessionWindowStart
+  delete account.sessionWindowEnd
+  delete account.lastRequestTime
+
+  await redis.setClaudeAccount(account.id, account)
+
+  console.log(`\n✅ 已清除账户 "${account.name}" 的会话窗口`)
+}
+
+async function main() {
+  const command = process.argv[2] || 'help'
+
+  if (!commands[command]) {
+    console.error(`❌ 未知命令: ${command}`)
+    commands.help()
+    process.exit(1)
+  }
+
+  if (command === 'help') {
+    commands.help()
+    return
+  }
+
+  try {
+    // 连接Redis
+    await redis.connect()
+
+    // 执行命令
+    await commands[command]()
+  } catch (error) {
+    console.error('❌ 执行失败:', error)
+    process.exit(1)
+  } finally {
+    await redis.disconnect()
+    rl.close()
+  }
+}
+
+// 如果直接运行此脚本
+if (require.main === module) {
+  main().then(() => {
+    console.log('\n🎉 操作完成')
+    process.exit(0)
+  })
+}
+
+module.exports = { commands }

scripts/manage.js

@@ -0,0 +1,333 @@
+#!/usr/bin/env node
+
+const { spawn, exec } = require('child_process')
+const fs = require('fs')
+const path = require('path')
+const process = require('process')
+
+const PID_FILE = path.join(__dirname, '..', 'claude-relay-service.pid')
+const LOG_FILE = path.join(__dirname, '..', 'logs', 'service.log')
+const ERROR_LOG_FILE = path.join(__dirname, '..', 'logs', 'service-error.log')
+const APP_FILE = path.join(__dirname, '..', 'src', 'app.js')
+
+class ServiceManager {
+  constructor() {
+    this.ensureLogDir()
+  }
+
+  ensureLogDir() {
+    const logDir = path.dirname(LOG_FILE)
+    if (!fs.existsSync(logDir)) {
+      fs.mkdirSync(logDir, { recursive: true })
+    }
+  }
+
+  getPid() {
+    try {
+      if (fs.existsSync(PID_FILE)) {
+        const pid = parseInt(fs.readFileSync(PID_FILE, 'utf8').trim())
+        return pid
+      }
+    } catch (error) {
+      console.error('读取PID文件失败:', error.message)
+    }
+    return null
+  }
+
+  isProcessRunning(pid) {
+    try {
+      process.kill(pid, 0)
+      return true
+    } catch (error) {
+      return false
+    }
+  }
+
+  writePid(pid) {
+    try {
+      fs.writeFileSync(PID_FILE, pid.toString())
+      console.log(`✅ PID ${pid} 已保存到 ${PID_FILE}`)
+    } catch (error) {
+      console.error('写入PID文件失败:', error.message)
+    }
+  }
+
+  removePidFile() {
+    try {
+      if (fs.existsSync(PID_FILE)) {
+        fs.unlinkSync(PID_FILE)
+        console.log('🗑️  已清理PID文件')
+      }
+    } catch (error) {
+      console.error('清理PID文件失败:', error.message)
+    }
+  }
+
+  getStatus() {
+    const pid = this.getPid()
+    if (pid && this.isProcessRunning(pid)) {
+      return { running: true, pid }
+    }
+    return { running: false, pid: null }
+  }
+
+  start(daemon = false) {
+    const status = this.getStatus()
+    if (status.running) {
+      console.log(`⚠️  服务已在运行中 (PID: ${status.pid})`)
+      return false
+    }
+
+    console.log('🚀 启动 Claude Relay Service...')
+
+    if (daemon) {
+      // 后台运行模式 - 使用nohup实现真正的后台运行
+      const { exec: execChild } = require('child_process')
+
+      const command = `nohup node "${APP_FILE}" > "${LOG_FILE}" 2> "${ERROR_LOG_FILE}" & echo $!`
+
+      execChild(command, (error, stdout) => {
+        if (error) {
+          console.error('❌ 后台启动失败:', error.message)
+          return
+        }
+
+        const pid = parseInt(stdout.trim())
+        if (pid && !isNaN(pid)) {
+          this.writePid(pid)
+          console.log(`🔄 服务已在后台启动 (PID: ${pid})`)
+          console.log(`📝 日志文件: ${LOG_FILE}`)
+          console.log(`❌ 错误日志: ${ERROR_LOG_FILE}`)
+          console.log('✅ 终端现在可以安全关闭')
+        } else {
+          console.error('❌ 无法获取进程ID')
+        }
+      })
+
+      // 给exec一点时间执行
+      setTimeout(() => {
+        process.exit(0)
+      }, 1000)
+    } else {
+      // 前台运行模式
+      const child = spawn('node', [APP_FILE], {
+        stdio: 'inherit'
+      })
+
+      console.log(`🔄 服务已启动 (PID: ${child.pid})`)
+
+      this.writePid(child.pid)
+
+      // 监听进程退出
+      child.on('exit', (code, signal) => {
+        this.removePidFile()
+        if (code !== 0) {
+          console.log(`💥 进程退出 (代码: ${code}, 信号: ${signal})`)
+        }
+      })
+
+      child.on('error', (error) => {
+        console.error('❌ 启动失败:', error.message)
+        this.removePidFile()
+      })
+    }
+
+    return true
+  }
+
+  stop() {
+    const status = this.getStatus()
+    if (!status.running) {
+      console.log('⚠️  服务未在运行')
+      this.removePidFile() // 清理可能存在的过期PID文件
+      return false
+    }
+
+    console.log(`🛑 停止服务 (PID: ${status.pid})...`)
+
+    try {
+      // 优雅关闭：先发送SIGTERM
+      process.kill(status.pid, 'SIGTERM')
+
+      // 等待进程退出
+      let attempts = 0
+      const maxAttempts = 30 // 30秒超时
+
+      const checkExit = setInterval(() => {
+        attempts++
+        if (!this.isProcessRunning(status.pid)) {
+          clearInterval(checkExit)
+          console.log('✅ 服务已停止')
+          this.removePidFile()
+          return
+        }
+
+        if (attempts >= maxAttempts) {
+          clearInterval(checkExit)
+          console.log('⚠️  优雅关闭超时，强制终止进程...')
+          try {
+            process.kill(status.pid, 'SIGKILL')
+            console.log('✅ 服务已强制停止')
+          } catch (error) {
+            console.error('❌ 强制停止失败:', error.message)
+          }
+          this.removePidFile()
+        }
+      }, 1000)
+    } catch (error) {
+      console.error('❌ 停止服务失败:', error.message)
+      this.removePidFile()
+      return false
+    }
+
+    return true
+  }
+
+  restart(daemon = false) {
+    console.log('🔄 重启服务...')
+    this.stop()
+    // 等待停止完成
+    setTimeout(() => {
+      this.start(daemon)
+    }, 2000)
+
+    return true
+  }
+
+  status() {
+    const status = this.getStatus()
+    if (status.running) {
+      console.log(`✅ 服务正在运行 (PID: ${status.pid})`)
+
+      // 显示进程信息
+      exec(`ps -p ${status.pid} -o pid,ppid,pcpu,pmem,etime,cmd --no-headers`, (error, stdout) => {
+        if (!error && stdout.trim()) {
+          console.log('\n📊 进程信息:')
+          console.log('PID\tPPID\tCPU%\tMEM%\tTIME\t\tCOMMAND')
+          console.log(stdout.trim())
+        }
+      })
+    } else {
+      console.log('❌ 服务未运行')
+    }
+    return status.running
+  }
+
+  logs(lines = 50) {
+    console.log(`📖 最近 ${lines} 行日志:\n`)
+
+    exec(`tail -n ${lines} ${LOG_FILE}`, (error, stdout) => {
+      if (error) {
+        console.error('读取日志失败:', error.message)
+        return
+      }
+      console.log(stdout)
+    })
+  }
+
+  help() {
+    console.log(`
+🔧 Claude Relay Service 进程管理器
+
+用法: npm run service <command> [options]
+
+重要提示：
+  如果要传递参数，请在npm run命令中使用 -- 分隔符
+  npm run service <command> -- [options]
+
+命令:
+  start [-d|--daemon]   启动服务 (-d: 后台运行)
+  stop                  停止服务
+  restart [-d|--daemon] 重启服务 (-d: 后台运行)
+  status                查看服务状态
+  logs [lines]          查看日志 (默认50行)
+  help                  显示帮助信息
+
+命令缩写:
+  s, start              启动服务
+  r, restart            重启服务
+  st, status            查看状态
+  l, log, logs          查看日志
+  halt, stop            停止服务
+  h, help               显示帮助
+
+示例:
+  npm run service start              # 前台启动
+  npm run service -- start -d        # 后台启动（正确方式）
+  npm run service:start:d            # 后台启动（推荐快捷方式）
+  npm run service:daemon             # 后台启动（推荐快捷方式）
+  npm run service stop               # 停止服务
+  npm run service -- restart -d      # 后台重启（正确方式）
+  npm run service:restart:d          # 后台重启（推荐快捷方式）
+  npm run service status             # 查看状态
+  npm run service logs               # 查看日志
+  npm run service -- logs 100        # 查看最近100行日志
+
+推荐的快捷方式（无需 -- 分隔符）:
+  npm run service:start:d            # 等同于 npm run service -- start -d
+  npm run service:restart:d          # 等同于 npm run service -- restart -d
+  npm run service:daemon             # 等同于 npm run service -- start -d
+
+直接使用脚本（推荐）:
+  node scripts/manage.js start -d    # 后台启动
+  node scripts/manage.js restart -d  # 后台重启
+  node scripts/manage.js status      # 查看状态
+  node scripts/manage.js logs 100    # 查看最近100行日志
+
+文件位置:
+  PID文件: ${PID_FILE}
+  日志文件: ${LOG_FILE}
+  错误日志: ${ERROR_LOG_FILE}
+        `)
+  }
+}
+
+// 主程序
+function main() {
+  const manager = new ServiceManager()
+  const args = process.argv.slice(2)
+  const command = args[0]
+  const isDaemon = args.includes('-d') || args.includes('--daemon')
+
+  switch (command) {
+    case 'start':
+    case 's':
+      manager.start(isDaemon)
+      break
+    case 'stop':
+    case 'halt':
+      manager.stop()
+      break
+    case 'restart':
+    case 'r':
+      manager.restart(isDaemon)
+      break
+    case 'status':
+    case 'st':
+      manager.status()
+      break
+    case 'logs':
+    case 'log':
+    case 'l': {
+      const lines = parseInt(args[1]) || 50
+      manager.logs(lines)
+      break
+    }
+    case 'help':
+    case '--help':
+    case '-h':
+    case 'h':
+      manager.help()
+      break
+    default:
+      console.log('❌ 未知命令:', command)
+      manager.help()
+      process.exit(1)
+  }
+}
+
+if (require.main === module) {
+  main()
+}
+
+module.exports = ServiceManager

scripts/manage.sh

@@ -0,0 +1,1757 @@
+#!/bin/bash
+
+# Claude Relay Service 管理脚本
+# 用于安装、更新、卸载、启动、停止、重启服务
+# 可以使用 crs 快捷命令调用
+
+# 颜色定义
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;36m'  # 改为青色（Cyan），更易读
+MAGENTA='\033[0;35m'
+BOLD='\033[1m'
+NC='\033[0m' # No Color
+
+# 默认配置
+DEFAULT_INSTALL_DIR="$HOME/claude-relay-service"
+DEFAULT_REDIS_HOST="localhost"
+DEFAULT_REDIS_PORT="6379"
+DEFAULT_REDIS_PASSWORD=""
+DEFAULT_APP_PORT="3000"
+
+# 全局变量
+INSTALL_DIR=""
+APP_DIR=""
+REDIS_HOST=""
+REDIS_PORT=""
+REDIS_PASSWORD=""
+APP_PORT=""
+PUBLIC_IP_CACHE_FILE="/tmp/.crs_public_ip_cache"
+PUBLIC_IP_CACHE_DURATION=3600  # 1小时缓存
+
+# 打印带颜色的消息
+print_info() {
+    echo -e "${BLUE}[INFO]${NC} $1"
+}
+
+print_success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+# 检测操作系统
+detect_os() {
+    if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+        if [ -f /etc/debian_version ]; then
+            OS="debian"
+            PACKAGE_MANAGER="apt-get"
+        elif [ -f /etc/redhat-release ]; then
+            OS="redhat"
+            PACKAGE_MANAGER="yum"
+        elif [ -f /etc/arch-release ]; then
+            OS="arch"
+            PACKAGE_MANAGER="pacman"
+        else
+            OS="unknown"
+        fi
+    elif [[ "$OSTYPE" == "darwin"* ]]; then
+        OS="macos"
+        PACKAGE_MANAGER="brew"
+    else
+        OS="unknown"
+    fi
+}
+
+# 检查命令是否存在
+command_exists() {
+    command -v "$1" >/dev/null 2>&1
+}
+
+# 检查端口是否被占用
+check_port() {
+    local port=$1
+    if command_exists lsof; then
+        lsof -i ":$port" >/dev/null 2>&1
+    elif command_exists netstat; then
+        netstat -tuln | grep ":$port " >/dev/null 2>&1
+    elif command_exists ss; then
+        ss -tuln | grep ":$port " >/dev/null 2>&1
+    else
+        return 1
+    fi
+}
+
+# 生成随机字符串
+generate_random_string() {
+    local length=$1
+    if command_exists openssl; then
+        openssl rand -hex $((length/2))
+    else
+        cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1
+    fi
+}
+
+# 获取公网IP
+get_public_ip() {
+    local cached_ip=""
+    local cache_age=0
+    
+    # 检查缓存
+    if [ -f "$PUBLIC_IP_CACHE_FILE" ]; then
+        local current_time=$(date +%s)
+        local cache_time=$(stat -c %Y "$PUBLIC_IP_CACHE_FILE" 2>/dev/null || stat -f %m "$PUBLIC_IP_CACHE_FILE" 2>/dev/null || echo 0)
+        cache_age=$((current_time - cache_time))
+        
+        if [ $cache_age -lt $PUBLIC_IP_CACHE_DURATION ]; then
+            cached_ip=$(cat "$PUBLIC_IP_CACHE_FILE" 2>/dev/null)
+            if [ -n "$cached_ip" ]; then
+                echo "$cached_ip"
+                return 0
+            fi
+        fi
+    fi
+    
+    # 获取新的公网IP
+    local public_ip=""
+    if command_exists curl; then
+        public_ip=$(curl -s --connect-timeout 5 https://ipinfo.io/json | grep -o '"ip":"[^"]*"' | cut -d'"' -f4 2>/dev/null)
+    elif command_exists wget; then
+        public_ip=$(wget -qO- --timeout=5 https://ipinfo.io/json | grep -o '"ip":"[^"]*"' | cut -d'"' -f4 2>/dev/null)
+    fi
+    
+    # 如果获取失败，尝试备用API
+    if [ -z "$public_ip" ]; then
+        if command_exists curl; then
+            public_ip=$(curl -s --connect-timeout 5 https://api.ipify.org 2>/dev/null)
+        elif command_exists wget; then
+            public_ip=$(wget -qO- --timeout=5 https://api.ipify.org 2>/dev/null)
+        fi
+    fi
+    
+    # 保存到缓存
+    if [ -n "$public_ip" ]; then
+        echo "$public_ip" > "$PUBLIC_IP_CACHE_FILE"
+        echo "$public_ip"
+    else
+        echo "localhost"
+    fi
+}
+
+# 检查Node.js版本
+check_node_version() {
+    if ! command_exists node; then
+        return 1
+    fi
+    
+    local node_version=$(node -v | sed 's/v//')
+    local major_version=$(echo $node_version | cut -d. -f1)
+    
+    if [ "$major_version" -lt 18 ]; then
+        return 1
+    fi
+    
+    return 0
+}
+
+# 安装Node.js 18+
+install_nodejs() {
+    print_info "开始安装 Node.js 18+"
+    
+    case $OS in
+        "debian")
+            # 使用 NodeSource 仓库
+            curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
+            sudo $PACKAGE_MANAGER install -y nodejs
+            ;;
+        "redhat")
+            curl -fsSL https://rpm.nodesource.com/setup_18.x | sudo bash -
+            sudo $PACKAGE_MANAGER install -y nodejs
+            ;;
+        "arch")
+            sudo $PACKAGE_MANAGER -S --noconfirm nodejs npm
+            ;;
+        "macos")
+            if ! command_exists brew; then
+                print_error "请先安装 Homebrew: https://brew.sh"
+                return 1
+            fi
+            brew install node@18
+            ;;
+        *)
+            print_error "不支持的操作系统，请手动安装 Node.js 18+"
+            return 1
+            ;;
+    esac
+    
+    # 验证安装
+    if check_node_version; then
+        print_success "Node.js 安装成功: $(node -v)"
+        return 0
+    else
+        print_error "Node.js 安装失败或版本不符合要求"
+        return 1
+    fi
+}
+
+# 安装基础依赖
+install_dependencies() {
+    print_info "检查并安装基础依赖..."
+    
+    local deps_to_install=()
+    
+    # 检查 git
+    if ! command_exists git; then
+        deps_to_install+=("git")
+    fi
+    
+    # 检查其他基础工具
+    case $OS in
+        "debian"|"redhat")
+            if ! command_exists curl; then
+                deps_to_install+=("curl")
+            fi
+            if ! command_exists wget; then
+                deps_to_install+=("wget")
+            fi
+            if ! command_exists lsof; then
+                deps_to_install+=("lsof")
+            fi
+            ;;
+    esac
+    
+    # 安装缺失的依赖
+    if [ ${#deps_to_install[@]} -gt 0 ]; then
+        print_info "需要安装: ${deps_to_install[*]}"
+        case $OS in
+            "debian")
+                sudo $PACKAGE_MANAGER update
+                sudo $PACKAGE_MANAGER install -y "${deps_to_install[@]}"
+                ;;
+            "redhat")
+                sudo $PACKAGE_MANAGER install -y "${deps_to_install[@]}"
+                ;;
+            "arch")
+                sudo $PACKAGE_MANAGER -S --noconfirm "${deps_to_install[@]}"
+                ;;
+            "macos")
+                brew install "${deps_to_install[@]}"
+                ;;
+        esac
+    fi
+    
+    # 检查 Node.js
+    if ! check_node_version; then
+        print_warning "未检测到 Node.js 18+ 版本"
+        install_nodejs || return 1
+    else
+        print_success "Node.js 版本检查通过: $(node -v)"
+    fi
+    
+    # 检查 npm
+    if ! command_exists npm; then
+        print_error "npm 未安装"
+        return 1
+    else
+        print_success "npm 版本: $(npm -v)"
+    fi
+    
+    return 0
+}
+
+# 检查Redis
+check_redis() {
+    print_info "检查 Redis 配置..."
+    
+    # 交互式询问Redis配置
+    echo -e "\n${BLUE}Redis 配置${NC}"
+    echo -n "Redis 地址 (默认: $DEFAULT_REDIS_HOST): "
+    read input
+    REDIS_HOST=${input:-$DEFAULT_REDIS_HOST}
+    
+    echo -n "Redis 端口 (默认: $DEFAULT_REDIS_PORT): "
+    read input
+    REDIS_PORT=${input:-$DEFAULT_REDIS_PORT}
+    
+    echo -n "Redis 密码 (默认: 无密码): "
+    read -s input
+    echo
+    REDIS_PASSWORD=${input:-$DEFAULT_REDIS_PASSWORD}
+    
+    # 测试Redis连接
+    print_info "测试 Redis 连接..."
+    if command_exists redis-cli; then
+        local redis_args=(-h "$REDIS_HOST" -p "$REDIS_PORT")
+        if [ -n "$REDIS_PASSWORD" ]; then
+            redis_args+=(-a "$REDIS_PASSWORD")
+        fi
+
+        if redis-cli "${redis_args[@]}" ping 2>/dev/null | grep -q "PONG"; then
+            print_success "Redis 连接成功"
+            return 0
+        else
+            print_error "Redis 连接失败"
+            return 1
+        fi
+    else
+        print_warning "redis-cli 未安装，跳过连接测试"
+        # 仅检查端口是否开放
+        if check_port $REDIS_PORT; then
+            print_info "检测到端口 $REDIS_PORT 已开放"
+            return 0
+        else
+            print_warning "端口 $REDIS_PORT 未开放，请确保 Redis 正在运行"
+            return 1
+        fi
+    fi
+}
+
+# 安装本地Redis（可选）
+install_local_redis() {
+    print_info "是否需要在本地安装 Redis？(y/N): "
+    read -n 1 install_redis
+    echo
+    
+    if [[ ! "$install_redis" =~ ^[Yy]$ ]]; then
+        return 0
+    fi
+    
+    case $OS in
+        "debian")
+            sudo $PACKAGE_MANAGER update
+            sudo $PACKAGE_MANAGER install -y redis-server
+            sudo systemctl start redis-server
+            sudo systemctl enable redis-server
+            ;;
+        "redhat")
+            sudo $PACKAGE_MANAGER install -y redis
+            sudo systemctl start redis
+            sudo systemctl enable redis
+            ;;
+        "arch")
+            sudo $PACKAGE_MANAGER -S --noconfirm redis
+            sudo systemctl start redis
+            sudo systemctl enable redis
+            ;;
+        "macos")
+            brew install redis
+            brew services start redis
+            ;;
+        *)
+            print_error "不支持的操作系统，请手动安装 Redis"
+            return 1
+            ;;
+    esac
+    
+    print_success "Redis 安装完成"
+    return 0
+}
+
+
+# 检查是否已安装
+check_installation() {
+    if [ -d "$APP_DIR" ] && [ -f "$APP_DIR/package.json" ]; then
+        return 0
+    fi
+    return 1
+}
+
+# 安装服务
+install_service() {
+    print_info "开始安装 Claude Relay Service..."
+    
+    # 询问安装目录
+    echo -n "安装目录 (默认: $DEFAULT_INSTALL_DIR): "
+    read input
+    INSTALL_DIR=${input:-$DEFAULT_INSTALL_DIR}
+    APP_DIR="$INSTALL_DIR/app"
+    
+    # 询问服务端口
+    echo -n "服务端口 (默认: $DEFAULT_APP_PORT): "
+    read input
+    APP_PORT=${input:-$DEFAULT_APP_PORT}
+    
+    # 检查端口是否被占用
+    if check_port $APP_PORT; then
+        print_warning "端口 $APP_PORT 已被占用"
+        echo -n "是否继续？(y/N): "
+        read -n 1 continue_install
+        echo
+        if [[ ! "$continue_install" =~ ^[Yy]$ ]]; then
+            return 1
+        fi
+    fi
+    
+    # 检查是否已安装
+    if check_installation; then
+        print_warning "检测到已安装的服务"
+        echo -n "是否要重新安装？(y/N): "
+        read -n 1 reinstall
+        echo
+        if [[ ! "$reinstall" =~ ^[Yy]$ ]]; then
+            return 0
+        fi
+    fi
+    
+    # 创建安装目录
+    mkdir -p "$INSTALL_DIR"
+    
+    # 克隆项目
+    print_info "克隆项目代码..."
+    if [ -d "$APP_DIR" ]; then
+        rm -rf "$APP_DIR"
+    fi
+    
+    if ! git clone https://github.com/Wei-Shaw/claude-relay-service.git "$APP_DIR"; then
+        print_error "克隆项目失败"
+        return 1
+    fi
+    
+    # 进入项目目录
+    cd "$APP_DIR"
+    
+    # 安装npm依赖
+    print_info "安装项目依赖..."
+    npm install
+    
+    # 确保脚本有执行权限（仅在权限不正确时设置）
+    if [ -f "$APP_DIR/scripts/manage.sh" ] && [ ! -x "$APP_DIR/scripts/manage.sh" ]; then
+        chmod +x "$APP_DIR/scripts/manage.sh"
+        print_success "已设置脚本执行权限"
+    fi
+    
+    # 创建配置文件
+    print_info "创建配置文件..."
+    
+    # 复制示例配置
+    if [ -f "config/config.example.js" ]; then
+        cp config/config.example.js config/config.js
+    fi
+    
+    # 创建.env文件
+    cat > .env << EOF
+# 环境变量配置
+NODE_ENV=production
+PORT=$APP_PORT
+
+# JWT配置
+JWT_SECRET=$(generate_random_string 64)
+
+# 加密配置
+ENCRYPTION_KEY=$(generate_random_string 32)
+
+# Redis配置
+REDIS_HOST=$REDIS_HOST
+REDIS_PORT=$REDIS_PORT
+REDIS_PASSWORD=$REDIS_PASSWORD
+
+# 日志配置
+LOG_LEVEL=info
+EOF
+    
+    # 运行setup命令
+    print_info "运行初始化设置..."
+    npm run setup
+    
+    # 获取预构建的前端文件
+    print_info "获取预构建的前端文件..."
+    
+    # 创建目标目录
+    mkdir -p web/admin-spa/dist
+    
+    # 从 web-dist 分支获取构建好的文件
+    if git ls-remote --heads origin web-dist | grep -q web-dist; then
+        print_info "从 web-dist 分支下载前端文件..."
+        
+        # 创建临时目录用于 clone
+        TEMP_CLONE_DIR=$(mktemp -d)
+        
+        # 使用 sparse-checkout 来只获取需要的文件
+        git clone --depth 1 --branch web-dist --single-branch \
+            https://github.com/Wei-Shaw/claude-relay-service.git \
+            "$TEMP_CLONE_DIR" 2>/dev/null || {
+            # 如果 HTTPS 失败，尝试使用当前仓库的 remote URL
+            REPO_URL=$(git config --get remote.origin.url)
+            git clone --depth 1 --branch web-dist --single-branch "$REPO_URL" "$TEMP_CLONE_DIR"
+        }
+        
+        # 复制文件到目标目录（排除 .git 和 README.md）
+        rsync -av --exclude='.git' --exclude='README.md' "$TEMP_CLONE_DIR/" web/admin-spa/dist/ 2>/dev/null || {
+            # 如果没有 rsync，使用 cp
+            cp -r "$TEMP_CLONE_DIR"/* web/admin-spa/dist/ 2>/dev/null
+            rm -rf web/admin-spa/dist/.git 2>/dev/null
+            rm -f web/admin-spa/dist/README.md 2>/dev/null
+        }
+        
+        # 清理临时目录
+        rm -rf "$TEMP_CLONE_DIR"
+        
+        print_success "前端文件下载完成"
+    else
+        print_warning "web-dist 分支不存在，尝试本地构建..."
+        
+        # 检查是否有 Node.js 和 npm
+        if command_exists npm; then
+            # 回退到原始构建方式
+            if [ -f "web/admin-spa/package.json" ]; then
+                print_info "开始本地构建前端..."
+                cd web/admin-spa
+                npm install
+                npm run build
+                cd ../..
+                print_success "前端本地构建完成"
+            else
+                print_error "无法找到前端项目文件"
+            fi
+        else
+            print_error "无法获取前端文件，且本地环境不支持构建"
+            print_info "请确保仓库已正确配置 web-dist 分支"
+        fi
+    fi
+    
+    # 创建软链接
+    create_symlink
+    
+    print_success "安装完成！"
+    
+    # 自动启动服务
+    print_info "正在启动服务..."
+    start_service
+    
+    # 等待服务启动
+    sleep 3
+    
+    # 显示状态
+    show_status
+    
+    # 获取公网IP
+    local public_ip=$(get_public_ip)
+    
+    echo -e "\n${GREEN}服务已成功安装并启动！${NC}"
+    echo -e "\n${YELLOW}访问地址：${NC}"
+    echo -e "  本地 Web: ${GREEN}http://localhost:$APP_PORT/web${NC}"
+    echo -e "  本地 API: ${GREEN}http://localhost:$APP_PORT/api/v1${NC}"
+    if [ "$public_ip" != "localhost" ]; then
+        echo -e "  公网 Web: ${GREEN}http://$public_ip:$APP_PORT/web${NC}"
+        echo -e "  公网 API: ${GREEN}http://$public_ip:$APP_PORT/api/v1${NC}"
+    fi
+    echo -e "\n${YELLOW}管理命令：${NC}"
+    echo "  查看状态: crs status"
+    echo "  停止服务: crs stop"
+    echo "  重启服务: crs restart"
+}
+
+
+# 更新服务
+update_service() {
+    if ! check_installation; then
+        print_error "服务未安装，请先运行: $0 install"
+        return 1
+    fi
+    
+    print_info "更新 Claude Relay Service..."
+    
+    cd "$APP_DIR"
+    
+    # 保存当前运行状态
+    local was_running=false
+    if pgrep -f "node.*src/app.js" > /dev/null; then
+        was_running=true
+        print_info "检测到服务正在运行，将在更新后自动重启..."
+        stop_service
+    fi
+    
+    # 备份配置文件（只备份.env，config.js可从example恢复）
+    print_info "备份配置文件..."
+    if [ -f ".env" ]; then
+        cp .env .env.backup.$(date +%Y%m%d%H%M%S)
+    fi
+    
+    # 检查本地修改
+    print_info "检查本地文件修改..."
+    local has_changes=false
+    if git status --porcelain | grep -v "^??" | grep -q .; then
+        has_changes=true
+        print_warning "检测到本地文件已修改："
+        git status --short | grep -v "^??"
+        echo ""
+        echo -e "${YELLOW}警告：更新将使用远程版本覆盖本地修改！${NC}"
+        
+        # 创建本地修改的备份
+        local backup_branch="backup-$(date +%Y%m%d-%H%M%S)"
+        print_info "创建本地修改备份分支: $backup_branch"
+        git stash push -m "Backup before update $(date +%Y-%m-%d)" >/dev/null 2>&1
+        git branch "$backup_branch" 2>/dev/null || true
+        
+        echo -e "${GREEN}已创建备份分支: $backup_branch${NC}"
+        echo "如需恢复，可执行: git checkout $backup_branch"
+        echo ""
+        
+        echo -n "是否继续更新？(y/N): "
+        read -n 1 confirm_update
+        echo
+        
+        if [[ ! "$confirm_update" =~ ^[Yy]$ ]]; then
+            print_info "已取消更新"
+            # 恢复 stash 的修改
+            git stash pop >/dev/null 2>&1 || true
+            # 如果之前在运行，重新启动服务
+            if [ "$was_running" = true ]; then
+                print_info "重新启动服务..."
+                start_service
+            fi
+            return 0
+        fi
+    fi
+    
+    # 获取最新代码（强制使用远程版本）
+    print_info "获取最新代码..."
+    
+    # 先获取远程更新
+    if ! git fetch origin main; then
+        print_error "获取远程代码失败，请检查网络连接"
+        return 1
+    fi
+    
+    # 强制重置到远程版本
+    print_info "应用远程更新..."
+    if ! git reset --hard origin/main; then
+        print_error "重置到远程版本失败"
+        # 尝试恢复
+        print_info "尝试恢复..."
+        git reset --hard HEAD
+        return 1
+    fi
+    
+    # 清理未跟踪的文件（可选，保留用户新建的文件）
+    # git clean -fd  # 注释掉，避免删除用户的新文件
+    
+    print_success "代码已更新到最新版本"
+    
+    # 更新依赖
+    print_info "更新依赖..."
+    npm install
+    
+    # 确保脚本有执行权限（仅在权限不正确时设置）
+    if [ -f "$APP_DIR/scripts/manage.sh" ] && [ ! -x "$APP_DIR/scripts/manage.sh" ]; then
+        chmod +x "$APP_DIR/scripts/manage.sh"
+    fi
+    
+    # 获取最新的预构建前端文件
+    print_info "更新前端文件..."
+    
+    # 创建目标目录
+    mkdir -p web/admin-spa/dist
+    
+    # 清理旧的前端文件（保留用户自定义文件）
+    if [ -d "web/admin-spa/dist" ]; then
+        print_info "清理旧的前端文件..."
+        # 只删除已知的前端文件，保留用户可能添加的自定义文件
+        rm -rf web/admin-spa/dist/assets 2>/dev/null
+        rm -f web/admin-spa/dist/index.html 2>/dev/null
+        rm -f web/admin-spa/dist/favicon.ico 2>/dev/null
+    fi
+    
+    # 从 web-dist 分支获取构建好的文件
+    if git ls-remote --heads origin web-dist | grep -q web-dist; then
+        print_info "从 web-dist 分支下载最新前端文件..."
+        
+        # 创建临时目录用于 clone
+        TEMP_CLONE_DIR=$(mktemp -d)
+        
+        # 添加错误处理
+        if [ ! -d "$TEMP_CLONE_DIR" ]; then
+            print_error "无法创建临时目录"
+            return 1
+        fi
+        
+        # 使用 sparse-checkout 来只获取需要的文件，添加重试机制
+        local clone_success=false
+        for attempt in 1 2 3; do
+            print_info "尝试下载前端文件 (第 $attempt 次)..."
+            
+            if git clone --depth 1 --branch web-dist --single-branch \
+                https://github.com/Wei-Shaw/claude-relay-service.git \
+                "$TEMP_CLONE_DIR" 2>/dev/null; then
+                clone_success=true
+                break
+            fi
+            
+            # 如果 HTTPS 失败，尝试使用当前仓库的 remote URL
+            REPO_URL=$(git config --get remote.origin.url)
+            if git clone --depth 1 --branch web-dist --single-branch "$REPO_URL" "$TEMP_CLONE_DIR" 2>/dev/null; then
+                clone_success=true
+                break
+            fi
+            
+            if [ $attempt -lt 3 ]; then
+                print_warning "下载失败，等待 2 秒后重试..."
+                sleep 2
+            fi
+        done
+        
+        if [ "$clone_success" = false ]; then
+            print_error "无法下载前端文件"
+            rm -rf "$TEMP_CLONE_DIR"
+            return 1
+        fi
+        
+        # 复制文件到目标目录（排除 .git 和 README.md）
+        rsync -av --exclude='.git' --exclude='README.md' "$TEMP_CLONE_DIR/" web/admin-spa/dist/ 2>/dev/null || {
+            # 如果没有 rsync，使用 cp
+            cp -r "$TEMP_CLONE_DIR"/* web/admin-spa/dist/ 2>/dev/null
+            rm -rf web/admin-spa/dist/.git 2>/dev/null
+            rm -f web/admin-spa/dist/README.md 2>/dev/null
+        }
+        
+        # 清理临时目录
+        rm -rf "$TEMP_CLONE_DIR"
+        
+        print_success "前端文件更新完成"
+    else
+        print_warning "web-dist 分支不存在，尝试本地构建..."
+        
+        # 检查是否有 Node.js 和 npm
+        if command_exists npm; then
+            # 回退到原始构建方式
+            if [ -f "web/admin-spa/package.json" ]; then
+                print_info "开始本地构建前端..."
+                cd web/admin-spa
+                npm install
+                npm run build
+                cd ../..
+                print_success "前端本地构建完成"
+            else
+                print_error "无法找到前端项目文件"
+            fi
+        else
+            print_error "无法获取前端文件，且本地环境不支持构建"
+            print_info "请确保仓库已正确配置 web-dist 分支"
+        fi
+    fi
+    
+    # 更新软链接到最新版本
+    create_symlink
+    
+    # 如果之前在运行，则重新启动服务
+    if [ "$was_running" = true ]; then
+        print_info "重新启动服务..."
+        start_service
+    fi
+    
+    print_success "更新完成！"
+    
+    # 显示更新摘要
+    echo ""
+    echo -e "${BLUE}=== 更新摘要 ===${NC}"
+    
+    # 显示版本信息
+    if [ -f "$APP_DIR/VERSION" ]; then
+        echo -e "当前版本: ${GREEN}$(cat "$APP_DIR/VERSION")${NC}"
+    fi
+    
+    # 显示最新的提交信息
+    local latest_commit=$(git log -1 --oneline 2>/dev/null)
+    if [ -n "$latest_commit" ]; then
+        echo -e "最新提交: ${GREEN}$latest_commit${NC}"
+    fi
+    
+    # 显示备份信息
+    echo -e "\n${YELLOW}配置文件备份：${NC}"
+    ls -la .env.backup.* 2>/dev/null | tail -3 || echo "  无备份文件"
+    
+    # 提醒用户检查配置
+    echo -e "\n${YELLOW}提示：${NC}"
+    echo "  - 配置文件已自动备份"
+    echo "  - 如有本地修改已保存到备份分支"
+    echo "  - 建议检查 .env 和 config/config.js 配置"
+    
+    echo -e "\n${BLUE}==================${NC}"
+}
+
+# 卸载服务
+uninstall_service() {
+    if [ -z "$INSTALL_DIR" ]; then
+        echo -n "请输入安装目录 (默认: $DEFAULT_INSTALL_DIR): "
+        read input
+        INSTALL_DIR=${input:-$DEFAULT_INSTALL_DIR}
+        APP_DIR="$INSTALL_DIR/app"
+    fi
+    
+    if [ ! -d "$INSTALL_DIR" ]; then
+        print_error "安装目录不存在"
+        return 1
+    fi
+    
+    print_warning "即将卸载 Claude Relay Service"
+    echo -n "确定要卸载吗？(y/N): "
+    read -n 1 confirm
+    echo
+    
+    if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
+        return 0
+    fi
+    
+    # 停止服务
+    stop_service
+    
+    # 备份数据
+    echo -n "是否备份数据？(y/N): "
+    read -n 1 backup
+    echo
+    
+    if [[ "$backup" =~ ^[Yy]$ ]]; then
+        local backup_dir="$HOME/claude-relay-backup-$(date +%Y%m%d%H%M%S)"
+        mkdir -p "$backup_dir"
+        
+        # Redis使用系统默认位置，不需要备份
+        
+        # 备份配置文件
+        if [ -f "$APP_DIR/.env" ]; then
+            cp "$APP_DIR/.env" "$backup_dir/"
+        fi
+        if [ -f "$APP_DIR/config/config.js" ]; then
+            cp "$APP_DIR/config/config.js" "$backup_dir/"
+        fi
+        
+        print_success "数据已备份到: $backup_dir"
+    fi
+    
+    # 删除安装目录
+    rm -rf "$INSTALL_DIR"
+    
+    print_success "卸载完成！"
+}
+
+# 启动服务
+start_service() {
+    if ! check_installation; then
+        print_error "服务未安装，请先运行: $0 install"
+        return 1
+    fi
+    
+    print_info "启动服务..."
+    
+    cd "$APP_DIR"
+    
+    # 检查是否已运行
+    if pgrep -f "node.*src/app.js" > /dev/null; then
+        print_warning "服务已在运行"
+        return 0
+    fi
+    
+    # 确保日志目录存在
+    mkdir -p "$APP_DIR/logs"
+    
+    # 检查pm2是否可用并且不是从package.json脚本调用的
+    if command_exists pm2 && [ "$1" != "--no-pm2" ]; then
+        print_info "使用 pm2 启动服务..."
+        # 直接使用pm2启动，避免循环调用
+        pm2 start "$APP_DIR/src/app.js" --name "claude-relay" --log "$APP_DIR/logs/pm2.log" 2>/dev/null
+        sleep 2
+        
+        # 检查是否启动成功
+        if pm2 list 2>/dev/null | grep -q "claude-relay"; then
+            print_success "服务已通过 pm2 启动"
+            pm2 save 2>/dev/null || true
+        else
+            print_warning "pm2 启动失败，尝试直接启动..."
+            start_service_direct
+        fi
+    else
+        start_service_direct
+    fi
+    
+    sleep 2
+    
+    # 验证服务是否成功启动
+    if pgrep -f "node.*src/app.js" > /dev/null; then
+        show_status
+    else
+        print_error "服务启动失败，请查看日志: $APP_DIR/logs/service.log"
+        if [ -f "$APP_DIR/logs/service.log" ]; then
+            echo "最近的错误日志："
+            tail -n 20 "$APP_DIR/logs/service.log"
+        fi
+        return 1
+    fi
+}
+
+# 直接启动服务（不使用pm2）
+start_service_direct() {
+    print_info "使用后台进程启动服务..."
+    
+    # 使用setsid创建新会话，确保进程完全脱离终端
+    if command_exists setsid; then
+        # setsid方式（推荐）
+        setsid nohup node "$APP_DIR/src/app.js" > "$APP_DIR/logs/service.log" 2>&1 < /dev/null &
+        local pid=$!
+        sleep 1
+        
+        # 获取实际的子进程PID
+        local real_pid=$(pgrep -f "node.*src/app.js" | head -1)
+        if [ -n "$real_pid" ]; then
+            echo $real_pid > "$APP_DIR/.pid"
+            print_success "服务已在后台启动 (PID: $real_pid)"
+        else
+            echo $pid > "$APP_DIR/.pid"
+            print_success "服务已在后台启动 (PID: $pid)"
+        fi
+    else
+        # 备用方式：使用nohup和disown
+        nohup node "$APP_DIR/src/app.js" > "$APP_DIR/logs/service.log" 2>&1 < /dev/null &
+        local pid=$!
+        disown $pid 2>/dev/null || true
+        echo $pid > "$APP_DIR/.pid"
+        print_success "服务已在后台启动 (PID: $pid)"
+    fi
+}
+
+# 停止服务
+stop_service() {
+    print_info "停止服务..."
+    
+    # 尝试使用pm2停止
+    if command_exists pm2 && [ -n "$APP_DIR" ] && [ -d "$APP_DIR" ]; then
+        cd "$APP_DIR" 2>/dev/null
+        pm2 stop claude-relay 2>/dev/null || true
+        pm2 delete claude-relay 2>/dev/null || true
+    fi
+    
+    # 使用PID文件停止
+    if [ -f "$APP_DIR/.pid" ]; then
+        local pid=$(cat "$APP_DIR/.pid")
+        if kill -0 $pid 2>/dev/null; then
+            kill $pid
+            rm -f "$APP_DIR/.pid"
+        fi
+    fi
+    
+    # 强制停止所有相关进程
+    pkill -f "node.*src/app.js" 2>/dev/null || true
+    
+    # 等待进程完全退出（最多等待10秒）
+    local wait_count=0
+    while pgrep -f "node.*src/app.js" > /dev/null; do
+        if [ $wait_count -ge 10 ]; then
+            print_warning "进程停止超时，尝试强制终止..."
+            pkill -9 -f "node.*src/app.js" 2>/dev/null || true
+            sleep 1
+            break
+        fi
+        sleep 1
+        wait_count=$((wait_count + 1))
+    done
+    
+    # 最终确认进程已停止
+    if pgrep -f "node.*src/app.js" > /dev/null; then
+        print_error "无法完全停止服务进程"
+        return 1
+    fi
+    
+    print_success "服务已停止"
+}
+
+# 重启服务
+restart_service() {
+    print_info "重启服务..."
+    
+    # 停止服务并检查结果
+    if ! stop_service; then
+        print_error "停止服务失败"
+        return 1
+    fi
+    
+    # 短暂等待，确保端口释放
+    sleep 1
+    
+    # 启动服务，如果失败则重试
+    local retry_count=0
+    while [ $retry_count -lt 3 ]; do
+        # 清除可能的僵尸进程检测
+        if ! pgrep -f "node.*src/app.js" > /dev/null; then
+            # 进程确实已停止，可以启动
+            if start_service; then
+                return 0
+            fi
+        fi
+        
+        retry_count=$((retry_count + 1))
+        if [ $retry_count -lt 3 ]; then
+            print_warning "启动失败，等待2秒后重试（第 $retry_count 次）..."
+            sleep 2
+        fi
+    done
+    
+    print_error "重启服务失败"
+    return 1
+}
+
+# 更新模型价格
+update_model_pricing() {
+    if ! check_installation; then
+        print_error "服务未安装，请先运行: $0 install"
+        return 1
+    fi
+    
+    print_info "更新模型价格数据..."
+    
+    cd "$APP_DIR"
+    
+    # 运行更新脚本
+    if npm run update:pricing; then
+        print_success "模型价格数据更新完成"
+        
+        # 显示更新后的信息
+        if [ -f "data/model_pricing.json" ]; then
+            local model_count=$(grep -o '"[^"]*"\s*:' data/model_pricing.json | wc -l)
+            local file_size=$(du -h data/model_pricing.json | cut -f1)
+            echo -e "\n更新信息:"
+            echo -e "  模型数量: ${GREEN}$model_count${NC}"
+            echo -e "  文件大小: ${GREEN}$file_size${NC}"
+            echo -e "  文件位置: $APP_DIR/data/model_pricing.json"
+        fi
+    else
+        print_error "模型价格数据更新失败"
+        return 1
+    fi
+}
+
+# 切换分支
+switch_branch() {
+    if ! check_installation; then
+        print_error "服务未安装，请先运行: $0 install"
+        return 1
+    fi
+    
+    cd "$APP_DIR"
+    
+    # 获取当前分支
+    local current_branch=$(git branch --show-current 2>/dev/null)
+    if [ -z "$current_branch" ]; then
+        print_error "无法获取当前分支信息"
+        return 1
+    fi
+    
+    print_info "当前分支: ${GREEN}$current_branch${NC}"
+    
+    # 获取所有远程分支
+    print_info "获取远程分支列表..."
+    git fetch origin --prune >/dev/null 2>&1
+    
+    # 显示可用分支
+    echo -e "\n${YELLOW}可用分支：${NC}"
+    local branches=$(git branch -r | grep -v HEAD | sed 's/origin\///' | sed 's/^ *//')
+    local branch_array=()
+    local i=1
+    
+    while IFS= read -r branch; do
+        if [ "$branch" = "$current_branch" ]; then
+            echo -e "  $i) $branch ${GREEN}(当前)${NC}"
+        else
+            echo "  $i) $branch"
+        fi
+        branch_array+=("$branch")
+        ((i++))
+    done <<< "$branches"
+    
+    echo ""
+    echo -n "请选择要切换的分支 (输入编号或分支名，0 取消): "
+    read branch_choice
+    
+    # 处理用户输入
+    local target_branch=""
+    if [ "$branch_choice" = "0" ]; then
+        print_info "已取消切换"
+        return 0
+    elif [[ "$branch_choice" =~ ^[0-9]+$ ]]; then
+        # 用户输入的是编号
+        local index=$((branch_choice - 1))
+        if [ $index -ge 0 ] && [ $index -lt ${#branch_array[@]} ]; then
+            target_branch="${branch_array[$index]}"
+        else
+            print_error "无效的编号"
+            return 1
+        fi
+    else
+        # 用户输入的是分支名
+        target_branch="$branch_choice"
+        # 验证分支是否存在
+        if ! echo "$branches" | grep -q "^$target_branch$"; then
+            print_error "分支 '$target_branch' 不存在"
+            return 1
+        fi
+    fi
+    
+    # 如果是同一个分支，无需切换
+    if [ "$target_branch" = "$current_branch" ]; then
+        print_info "已经在分支 $target_branch 上"
+        return 0
+    fi
+    
+    print_info "准备切换到分支: ${GREEN}$target_branch${NC}"
+    
+    # 保存当前运行状态
+    local was_running=false
+    if pgrep -f "node.*src/app.js" > /dev/null; then
+        was_running=true
+        print_info "检测到服务正在运行，将在切换后自动重启..."
+        stop_service
+    fi
+    
+    # 处理本地修改（主要是权限变更导致的）
+    print_info "检查本地修改..."
+    
+    # 先重置所有权限相关的修改（特别是manage.sh的权限）
+    git status --porcelain | while read -r line; do
+        local file=$(echo "$line" | awk '{print $2}')
+        if [ -n "$file" ]; then
+            # 检查是否只是权限变更
+            if git diff --summary "$file" 2>/dev/null | grep -q "mode change"; then
+                print_info "重置文件权限变更: $file"
+                git checkout HEAD -- "$file" 2>/dev/null || true
+            fi
+        fi
+    done
+    
+    # 检查是否还有其他实质性修改
+    if git status --porcelain | grep -v "^??" | grep -q .; then
+        print_warning "检测到本地文件修改："
+        git status --short | grep -v "^??"
+        echo ""
+        echo -n "是否要保存这些修改？(y/N): "
+        read -n 1 save_changes
+        echo
+        
+        if [[ "$save_changes" =~ ^[Yy]$ ]]; then
+            # 暂存修改
+            print_info "暂存本地修改..."
+            git stash push -m "Branch switch from $current_branch to $target_branch $(date +%Y-%m-%d)" >/dev/null 2>&1
+        else
+            # 丢弃修改
+            print_info "丢弃本地修改..."
+            git reset --hard HEAD >/dev/null 2>&1
+        fi
+    fi
+    
+    # 切换分支
+    print_info "切换分支..."
+    
+    # 检查本地是否已有该分支
+    if git show-ref --verify --quiet "refs/heads/$target_branch"; then
+        # 本地已有分支，切换并更新
+        if ! git checkout "$target_branch" 2>/dev/null; then
+            print_error "切换分支失败"
+            return 1
+        fi
+        
+        # 更新到最新
+        print_info "更新到远程最新版本..."
+        git pull origin "$target_branch" --rebase 2>/dev/null || {
+            # 如果rebase失败，使用reset
+            print_warning "更新失败，强制同步到远程版本..."
+            git fetch origin "$target_branch"
+            git reset --hard "origin/$target_branch"
+        }
+    else
+        # 创建并切换到新分支
+        if ! git checkout -b "$target_branch" "origin/$target_branch" 2>/dev/null; then
+            print_error "创建并切换分支失败"
+            return 1
+        fi
+    fi
+    
+    print_success "已切换到分支: $target_branch"
+    
+    # 确保脚本有执行权限（切换分支后必须执行）
+    if [ -f "$APP_DIR/scripts/manage.sh" ]; then
+        chmod +x "$APP_DIR/scripts/manage.sh"
+        print_info "已设置脚本执行权限"
+    fi
+    
+    # 更新依赖（如果package.json有变化）
+    if git diff "$current_branch..$target_branch" --name-only | grep -q "package.json"; then
+        print_info "检测到 package.json 变化，更新依赖..."
+        npm install
+    fi
+    
+    # 更新前端文件（如果切换到不同版本）
+    if [ "$target_branch" != "$current_branch" ]; then
+        print_info "更新前端文件..."
+        
+        # 创建目标目录
+        mkdir -p web/admin-spa/dist
+        
+        # 清理旧的前端文件
+        if [ -d "web/admin-spa/dist" ]; then
+            rm -rf web/admin-spa/dist/* 2>/dev/null || true
+        fi
+        
+        # 尝试从对应的 web-dist 分支获取前端文件
+        if git ls-remote --heads origin "web-dist-$target_branch" | grep -q "web-dist-$target_branch"; then
+            print_info "从 web-dist-$target_branch 分支下载前端文件..."
+            local web_branch="web-dist-$target_branch"
+        elif git ls-remote --heads origin web-dist | grep -q web-dist; then
+            print_info "从 web-dist 分支下载前端文件..."
+            local web_branch="web-dist"
+        else
+            print_warning "未找到预构建的前端文件"
+            web_branch=""
+        fi
+        
+        if [ -n "$web_branch" ]; then
+            # 创建临时目录用于 clone
+            TEMP_CLONE_DIR=$(mktemp -d)
+            
+            # 下载前端文件
+            if git clone --depth 1 --branch "$web_branch" --single-branch \
+                https://github.com/Wei-Shaw/claude-relay-service.git \
+                "$TEMP_CLONE_DIR" 2>/dev/null; then
+                
+                # 复制文件到目标目录
+                rsync -av --exclude='.git' --exclude='README.md' "$TEMP_CLONE_DIR/" web/admin-spa/dist/ 2>/dev/null || {
+                    cp -r "$TEMP_CLONE_DIR"/* web/admin-spa/dist/ 2>/dev/null
+                    rm -rf web/admin-spa/dist/.git 2>/dev/null
+                    rm -f web/admin-spa/dist/README.md 2>/dev/null
+                }
+                
+                print_success "前端文件更新完成"
+            else
+                print_warning "下载前端文件失败"
+            fi
+            
+            # 清理临时目录
+            rm -rf "$TEMP_CLONE_DIR"
+        fi
+    fi
+    
+    # 检查是否有暂存的修改可以恢复
+    if [[ "$save_changes" =~ ^[Yy]$ ]] && git stash list | grep -q "Branch switch from $current_branch to $target_branch"; then
+        echo ""
+        echo -n "是否要恢复之前暂存的修改？(y/N): "
+        read -n 1 restore_stash
+        echo
+        
+        if [[ "$restore_stash" =~ ^[Yy]$ ]]; then
+            print_info "恢复暂存的修改..."
+            git stash pop >/dev/null 2>&1 || print_warning "恢复修改时出现冲突，请手动解决"
+        fi
+    fi
+    
+    # 如果之前在运行，则重新启动服务
+    if [ "$was_running" = true ]; then
+        print_info "重新启动服务..."
+        start_service
+    fi
+    
+    # 显示切换后的信息
+    echo ""
+    echo -e "${GREEN}=== 分支切换完成 ===${NC}"
+    echo -e "当前分支: ${GREEN}$target_branch${NC}"
+    
+    # 显示版本信息
+    if [ -f "$APP_DIR/VERSION" ]; then
+        echo -e "当前版本: ${GREEN}$(cat "$APP_DIR/VERSION")${NC}"
+    fi
+    
+    # 显示最新提交
+    local latest_commit=$(git log -1 --oneline 2>/dev/null)
+    if [ -n "$latest_commit" ]; then
+        echo -e "最新提交: ${GREEN}$latest_commit${NC}"
+    fi
+    
+    echo ""
+    print_info "提示：如遇到问题，可以运行 'crs update' 强制更新到最新版本"
+}
+
+# 显示状态
+show_status() {
+    echo -e "\n${BLUE}=== Claude Relay Service 状态 ===${NC}"
+    
+    # 获取实际端口
+    local actual_port="$APP_PORT"
+    if [ -z "$actual_port" ] && [ -f "$APP_DIR/.env" ]; then
+        actual_port=$(grep "^PORT=" "$APP_DIR/.env" 2>/dev/null | cut -d'=' -f2)
+    fi
+    actual_port=${actual_port:-3000}
+    
+    # 检查进程
+    local pid=$(pgrep -f "node.*src/app.js" | head -1)
+    if [ -n "$pid" ]; then
+        echo -e "服务状态: ${GREEN}运行中${NC}"
+        echo "进程 PID: $pid"
+        
+        # 显示进程信息
+        if command_exists ps; then
+            local proc_info=$(ps -p $pid -o comm,etime,rss --no-headers 2>/dev/null)
+            if [ -n "$proc_info" ]; then
+                echo "进程信息: $proc_info"
+            fi
+        fi
+        echo "服务端口: $actual_port"
+        
+        # 获取公网IP
+        local public_ip=$(get_public_ip)
+        
+        # 显示访问地址
+        echo -e "\n访问地址:"
+        echo -e "  本地 Web: ${GREEN}http://localhost:$actual_port/web${NC}"
+        echo -e "  本地 API: ${GREEN}http://localhost:$actual_port/api/v1${NC}"
+        if [ "$public_ip" != "localhost" ]; then
+            echo -e "  公网 Web: ${GREEN}http://$public_ip:$actual_port/web${NC}"
+            echo -e "  公网 API: ${GREEN}http://$public_ip:$actual_port/api/v1${NC}"
+        fi
+    else
+        echo -e "服务状态: ${RED}未运行${NC}"
+    fi
+    
+    # 显示安装信息
+    if [ -n "$INSTALL_DIR" ] && [ -d "$INSTALL_DIR" ]; then
+        echo -e "\n安装目录: $INSTALL_DIR"
+    elif [ -d "$DEFAULT_INSTALL_DIR" ]; then
+        echo -e "\n安装目录: $DEFAULT_INSTALL_DIR"
+    fi
+    
+    # Redis状态
+    if command_exists redis-cli; then
+        echo -e "\nRedis 状态:"
+        local redis_cmd="redis-cli"
+        if [ -n "$REDIS_HOST" ]; then
+            redis_cmd="$redis_cmd -h $REDIS_HOST"
+        fi
+        if [ -n "$REDIS_PORT" ]; then
+            redis_cmd="$redis_cmd -p $REDIS_PORT"
+        fi
+        if [ -n "$REDIS_PASSWORD" ]; then
+            redis_cmd="$redis_cmd -a '$REDIS_PASSWORD'"
+        fi
+        
+        if $redis_cmd ping 2>/dev/null | grep -q "PONG"; then
+            echo -e "  连接状态: ${GREEN}正常${NC}"
+        else
+            echo -e "  连接状态: ${RED}异常${NC}"
+        fi
+    fi
+    
+    echo -e "\n${BLUE}===========================${NC}"
+}
+
+# 显示帮助
+show_help() {
+    echo "Claude Relay Service 管理脚本"
+    echo ""
+    echo "用法: $0 [命令]"
+    echo ""
+    echo "命令:"
+    echo "  install        - 安装服务"
+    echo "  update         - 更新服务"
+    echo "  uninstall      - 卸载服务"
+    echo "  start          - 启动服务"
+    echo "  stop           - 停止服务"
+    echo "  restart        - 重启服务"
+    echo "  status         - 查看状态"
+    echo "  switch-branch  - 切换分支"
+    echo "  update-pricing - 更新模型价格数据"
+    echo "  symlink        - 创建 crs 快捷命令"
+    echo "  help           - 显示帮助"
+    echo ""
+}
+
+# 交互式菜单
+show_menu() {
+    clear
+    echo -e "${BOLD}======================================${NC}"
+    echo -e "${BOLD}  Claude Relay Service (CRS) 管理工具  ${NC}"
+    echo -e "${BOLD}======================================${NC}"
+    echo ""
+    
+    # 显示当前状态
+    echo -e "${YELLOW}当前状态：${NC}"
+    if check_installation; then
+        echo -e "  安装状态: ${GREEN}已安装${NC} (目录: $INSTALL_DIR)"
+        
+        # 获取实际端口
+        local actual_port="$APP_PORT"
+        if [ -z "$actual_port" ] && [ -f "$APP_DIR/.env" ]; then
+            actual_port=$(grep "^PORT=" "$APP_DIR/.env" 2>/dev/null | cut -d'=' -f2)
+        fi
+        actual_port=${actual_port:-3000}
+        
+        # 检查服务状态
+        local pid=$(pgrep -f "node.*src/app.js" | head -1)
+        if [ -n "$pid" ]; then
+            echo -e "  运行状态: ${GREEN}运行中${NC}"
+            echo -e "  进程 PID: $pid"
+            echo -e "  服务端口: $actual_port"
+            
+            # 获取公网IP
+            local public_ip=$(get_public_ip)
+            if [ "$public_ip" != "localhost" ]; then
+                echo -e "  公网地址: ${GREEN}http://$public_ip:$actual_port/web${NC}"
+            else
+                echo -e "  Web 界面: ${GREEN}http://localhost:$actual_port/web${NC}"
+            fi
+        else
+            echo -e "  运行状态: ${RED}未运行${NC}"
+        fi
+    else
+        echo -e "  安装状态: ${RED}未安装${NC}"
+    fi
+    
+    # Redis状态
+    if command_exists redis-cli && [ -n "$REDIS_HOST" ]; then
+        local redis_cmd="redis-cli -h $REDIS_HOST -p ${REDIS_PORT:-6379}"
+        if [ -n "$REDIS_PASSWORD" ]; then
+            redis_cmd="$redis_cmd -a '$REDIS_PASSWORD'"
+        fi
+        
+        if $redis_cmd ping 2>/dev/null | grep -q "PONG"; then
+            echo -e "  Redis 状态: ${GREEN}连接正常${NC}"
+        else
+            echo -e "  Redis 状态: ${RED}连接异常${NC}"
+        fi
+    fi
+    
+    echo ""
+    echo -e "${BOLD}--------------------------------------${NC}"
+    echo -e "${YELLOW}请选择操作：${NC}"
+    echo ""
+    
+    if ! check_installation; then
+        echo "  1) 安装服务"
+        echo "  2) 退出"
+        echo ""
+        echo -n "请输入选项 [1-2]: "
+    else
+        echo "  1) 查看状态"
+        echo "  2) 启动服务"
+        echo "  3) 停止服务"
+        echo "  4) 重启服务"
+        echo "  5) 更新服务"
+        echo "  6) 切换分支"
+        echo "  7) 更新模型价格"
+        echo "  8) 卸载服务"
+        echo "  9) 退出"
+        echo ""
+        echo -n "请输入选项 [1-9]: "
+    fi
+}
+
+# 处理菜单选择
+handle_menu_choice() {
+    local choice=$1
+    
+    if ! check_installation; then
+        case $choice in
+            1)
+                echo ""
+                # 检查依赖
+                if ! install_dependencies; then
+                    print_error "依赖安装失败"
+                    echo -n "按回车键继续..."
+                    read
+                    return 1
+                fi
+                
+                # 检查Redis
+                if ! check_redis; then
+                    print_warning "Redis 连接失败"
+                    install_local_redis
+                    
+                    # 重新测试连接
+                    REDIS_HOST="localhost"
+                    REDIS_PORT="6379"
+                    if ! check_redis; then
+                        print_error "Redis 配置失败，请手动安装并配置 Redis"
+                        echo -n "按回车键继续..."
+                        read
+                        return 1
+                    fi
+                fi
+                
+                # 安装服务
+                install_service
+                
+                # 创建软链接
+                create_symlink
+                
+                echo -n "按回车键继续..."
+                read
+                ;;
+            2)
+                echo "退出管理工具"
+                exit 0
+                ;;
+            *)
+                print_error "无效选项"
+                sleep 1
+                ;;
+        esac
+    else
+        case $choice in
+            1)
+                echo ""
+                show_status
+                echo -n "按回车键继续..."
+                read
+                ;;
+            2)
+                echo ""
+                start_service
+                echo -n "按回车键继续..."
+                read
+                ;;
+            3)
+                echo ""
+                stop_service
+                echo -n "按回车键继续..."
+                read
+                ;;
+            4)
+                echo ""
+                restart_service
+                echo -n "按回车键继续..."
+                read
+                ;;
+            5)
+                echo ""
+                update_service
+                echo -n "按回车键继续..."
+                read
+                ;;
+            6)
+                echo ""
+                switch_branch
+                echo -n "按回车键继续..."
+                read
+                ;;
+            7)
+                echo ""
+                update_model_pricing
+                echo -n "按回车键继续..."
+                read
+                ;;
+            8)
+                echo ""
+                uninstall_service
+                if [ $? -eq 0 ]; then
+                    exit 0
+                fi
+                ;;
+            9)
+                echo "退出管理工具"
+                exit 0
+                ;;
+            *)
+                print_error "无效选项"
+                sleep 1
+                ;;
+        esac
+    fi
+}
+
+# 创建软链接
+create_symlink() {
+    # 获取脚本的绝对路径
+    local script_path=""
+    
+    # 优先使用项目中的 manage.sh（在 app/scripts 目录下）
+    if [ -n "$APP_DIR" ] && [ -f "$APP_DIR/scripts/manage.sh" ]; then
+        script_path="$APP_DIR/scripts/manage.sh"
+        # 确保脚本有执行权限
+        chmod +x "$script_path" 2>/dev/null || sudo chmod +x "$script_path" 2>/dev/null || true
+    elif [ -f "/app/scripts/manage.sh" ] && [ "$(basename "$0")" = "manage.sh" ]; then
+        # Docker 容器中的路径
+        script_path="/app/scripts/manage.sh"
+    elif command_exists realpath; then
+        script_path="$(realpath "$0")"
+    elif command_exists readlink && readlink -f "$0" >/dev/null 2>&1; then
+        script_path="$(readlink -f "$0")"
+    else
+        # 备用方法：使用pwd和脚本名
+        script_path="$(cd "$(dirname "$0")" && pwd)/$(basename "$0")"
+    fi
+    
+    local symlink_path="/usr/bin/crs"
+    
+    print_info "创建命令行快捷方式..."
+    print_info "APP_DIR: $APP_DIR"
+    print_info "脚本路径: $script_path"
+    
+    # 检查脚本文件是否存在
+    if [ ! -f "$script_path" ]; then
+        print_error "找不到脚本文件: $script_path"
+        print_info "当前目录: $(pwd)"
+        print_info "脚本参数 \$0: $0"
+        if [ -n "$APP_DIR" ]; then
+            print_info "检查项目目录结构:"
+            ls -la "$APP_DIR/" 2>/dev/null | head -5
+            if [ -d "$APP_DIR/scripts" ]; then
+                print_info "scripts 目录内容:"
+                ls -la "$APP_DIR/scripts/" 2>/dev/null | grep manage.sh
+            fi
+        fi
+        return 1
+    fi
+    
+    # 如果已存在，直接删除并重新创建（默认使用代码中的最新版本）
+    if [ -L "$symlink_path" ] || [ -f "$symlink_path" ]; then
+        print_info "更新已存在的软链接..."
+        sudo rm -f "$symlink_path" 2>/dev/null || {
+            print_error "删除旧文件失败"
+            return 1
+        }
+    fi
+    
+    # 创建软链接
+    if sudo ln -s "$script_path" "$symlink_path"; then
+        print_success "已创建快捷命令 'crs'"
+        echo "您现在可以在任何地方使用 'crs' 命令管理服务"
+        
+        # 验证软链接
+        if [ -L "$symlink_path" ]; then
+            print_info "软链接验证成功"
+        else
+            print_warning "软链接验证失败"
+        fi
+    else
+        print_error "创建软链接失败"
+        print_info "请手动执行以下命令："
+        echo "  sudo ln -s '$script_path' '$symlink_path'"
+        return 1
+    fi
+}
+
+# 加载已安装的配置
+load_config() {
+    # 尝试找到安装目录
+    if [ -z "$INSTALL_DIR" ]; then
+        if [ -d "$DEFAULT_INSTALL_DIR" ]; then
+            INSTALL_DIR="$DEFAULT_INSTALL_DIR"
+        fi
+    fi
+    
+    if [ -n "$INSTALL_DIR" ]; then
+        # 检查是否使用了标准的安装结构（项目在 app 子目录）
+        if [ -d "$INSTALL_DIR/app" ] && [ -f "$INSTALL_DIR/app/package.json" ]; then
+            APP_DIR="$INSTALL_DIR/app"
+        # 检查是否直接克隆了项目（项目在根目录）
+        elif [ -f "$INSTALL_DIR/package.json" ]; then
+            APP_DIR="$INSTALL_DIR"
+        else
+            APP_DIR="$INSTALL_DIR/app"
+        fi
+        
+        # 加载.env配置
+        if [ -f "$APP_DIR/.env" ]; then
+            export $(cat "$APP_DIR/.env" | grep -v '^#' | xargs)
+            # 特别加载端口配置
+            APP_PORT=$(grep "^PORT=" "$APP_DIR/.env" 2>/dev/null | cut -d'=' -f2)
+        fi
+    fi
+}
+
+# 主函数
+main() {
+    # 检测操作系统
+    detect_os
+    
+    if [ "$OS" == "unknown" ]; then
+        print_error "不支持的操作系统"
+        exit 1
+    fi
+    
+    # 加载配置
+    load_config
+    
+    # 处理命令
+    case "$1" in
+        install)
+            # 检查依赖
+            if ! install_dependencies; then
+                print_error "依赖安装失败"
+                exit 1
+            fi
+            
+            # 检查Redis
+            if ! check_redis; then
+                print_warning "Redis 连接失败"
+                install_local_redis
+                
+                # 重新测试连接
+                REDIS_HOST="localhost"
+                REDIS_PORT="6379"
+                if ! check_redis; then
+                    print_error "Redis 配置失败，请手动安装并配置 Redis"
+                    exit 1
+                fi
+            fi
+            
+            # 安装服务
+            install_service
+            
+            # 创建软链接
+            create_symlink
+            ;;
+        update)
+            update_service
+            ;;
+        uninstall)
+            uninstall_service
+            ;;
+        start)
+            start_service
+            ;;
+        stop)
+            stop_service
+            ;;
+        restart)
+            restart_service
+            ;;
+        status)
+            show_status
+            ;;
+        switch-branch)
+            switch_branch
+            ;;
+        update-pricing)
+            update_model_pricing
+            ;;
+        symlink)
+            # 单独创建软链接
+            # 确保 APP_DIR 已设置
+            if [ -z "$APP_DIR" ]; then
+                print_error "请先安装项目后再创建软链接"
+                print_info "运行: $0 install"
+                exit 1
+            fi
+            create_symlink
+            ;;
+        help)
+            show_help
+            ;;
+        "")
+            # 无参数时显示交互式菜单
+            while true; do
+                show_menu
+                read choice
+                handle_menu_choice "$choice"
+            done
+            ;;
+        *)
+            print_error "未知命令: $1"
+            echo ""
+            show_help
+            ;;
+    esac
+}
+
+# 运行主函数
+main "$@"

scripts/migrate-apikey-expiry.js

@@ -0,0 +1,192 @@
+#!/usr/bin/env node
+
+/**
+ * 数据迁移脚本：为现有 API Key 设置默认有效期
+ *
+ * 使用方法：
+ * node scripts/migrate-apikey-expiry.js [--days=30] [--dry-run]
+ *
+ * 参数：
+ * --days: 设置默认有效期天数（默认30天）
+ * --dry-run: 仅模拟运行，不实际修改数据
+ */
+
+const redis = require('../src/models/redis')
+const logger = require('../src/utils/logger')
+const readline = require('readline')
+
+// 解析命令行参数
+const args = process.argv.slice(2)
+const params = {}
+args.forEach((arg) => {
+  const [key, value] = arg.split('=')
+  params[key.replace('--', '')] = value || true
+})
+
+const DEFAULT_DAYS = params.days ? parseInt(params.days) : 30
+const DRY_RUN = params['dry-run'] === true
+
+// 创建 readline 接口用于用户确认
+const rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout
+})
+
+async function askConfirmation(question) {
+  return new Promise((resolve) => {
+    rl.question(`${question} (yes/no): `, (answer) => {
+      resolve(answer.toLowerCase() === 'yes' || answer.toLowerCase() === 'y')
+    })
+  })
+}
+
+async function migrateApiKeys() {
+  try {
+    logger.info('🔄 Starting API Key expiry migration...')
+    logger.info(`📅 Default expiry period: ${DEFAULT_DAYS} days`)
+    logger.info(`🔍 Mode: ${DRY_RUN ? 'DRY RUN (no changes will be made)' : 'LIVE RUN'}`)
+
+    // 连接 Redis
+    await redis.connect()
+    logger.success('✅ Connected to Redis')
+
+    // 获取所有 API Keys
+    const apiKeys = await redis.getAllApiKeys()
+    logger.info(`📊 Found ${apiKeys.length} API Keys in total`)
+
+    // 统计信息
+    const stats = {
+      total: apiKeys.length,
+      needsMigration: 0,
+      alreadyHasExpiry: 0,
+      migrated: 0,
+      errors: 0
+    }
+
+    // 需要迁移的 Keys
+    const keysToMigrate = []
+
+    // 分析每个 API Key
+    for (const key of apiKeys) {
+      if (!key.expiresAt || key.expiresAt === 'null' || key.expiresAt === '') {
+        keysToMigrate.push(key)
+        stats.needsMigration++
+        logger.info(`📌 API Key "${key.name}" (${key.id}) needs migration`)
+      } else {
+        stats.alreadyHasExpiry++
+        const expiryDate = new Date(key.expiresAt)
+        logger.info(
+          `✓ API Key "${key.name}" (${key.id}) already has expiry: ${expiryDate.toLocaleString()}`
+        )
+      }
+    }
+
+    if (keysToMigrate.length === 0) {
+      logger.success('✨ No API Keys need migration!')
+      return
+    }
+
+    // 显示迁移摘要
+    console.log(`\n${'='.repeat(60)}`)
+    console.log('📋 Migration Summary:')
+    console.log('='.repeat(60))
+    console.log(`Total API Keys: ${stats.total}`)
+    console.log(`Already have expiry: ${stats.alreadyHasExpiry}`)
+    console.log(`Need migration: ${stats.needsMigration}`)
+    console.log(`Default expiry: ${DEFAULT_DAYS} days from now`)
+    console.log(`${'='.repeat(60)}\n`)
+
+    // 如果不是 dry run，请求确认
+    if (!DRY_RUN) {
+      const confirmed = await askConfirmation(
+        `⚠️  This will set expiry dates for ${keysToMigrate.length} API Keys. Continue?`
+      )
+
+      if (!confirmed) {
+        logger.warn('❌ Migration cancelled by user')
+        return
+      }
+    }
+
+    // 计算新的过期时间
+    const newExpiryDate = new Date()
+    newExpiryDate.setDate(newExpiryDate.getDate() + DEFAULT_DAYS)
+    const newExpiryISO = newExpiryDate.toISOString()
+
+    logger.info(`\n🚀 Starting migration... New expiry date: ${newExpiryDate.toLocaleString()}`)
+
+    // 执行迁移
+    for (const key of keysToMigrate) {
+      try {
+        if (!DRY_RUN) {
+          // 直接更新 Redis 中的数据
+          // 使用 hset 更新单个字段
+          await redis.client.hset(`apikey:${key.id}`, 'expiresAt', newExpiryISO)
+          logger.success(`✅ Migrated: "${key.name}" (${key.id})`)
+        } else {
+          logger.info(`[DRY RUN] Would migrate: "${key.name}" (${key.id})`)
+        }
+        stats.migrated++
+      } catch (error) {
+        logger.error(`❌ Error migrating "${key.name}" (${key.id}):`, error.message)
+        stats.errors++
+      }
+    }
+
+    // 显示最终结果
+    console.log(`\n${'='.repeat(60)}`)
+    console.log('✅ Migration Complete!')
+    console.log('='.repeat(60))
+    console.log(`Successfully migrated: ${stats.migrated}`)
+    console.log(`Errors: ${stats.errors}`)
+    console.log(`New expiry date: ${newExpiryDate.toLocaleString()}`)
+    console.log(`${'='.repeat(60)}\n`)
+
+    if (DRY_RUN) {
+      logger.warn('⚠️  This was a DRY RUN. No actual changes were made.')
+      logger.info('💡 Run without --dry-run flag to apply changes.')
+    }
+  } catch (error) {
+    logger.error('💥 Migration failed:', error)
+    process.exit(1)
+  } finally {
+    // 清理
+    rl.close()
+    await redis.disconnect()
+    logger.info('👋 Disconnected from Redis')
+  }
+}
+
+// 显示帮助信息
+if (params.help) {
+  console.log(`
+API Key Expiry Migration Script
+
+This script adds expiry dates to existing API Keys that don't have one.
+
+Usage:
+  node scripts/migrate-apikey-expiry.js [options]
+
+Options:
+  --days=NUMBER    Set default expiry days (default: 30)
+  --dry-run        Simulate the migration without making changes
+  --help           Show this help message
+
+Examples:
+  # Set 30-day expiry for all API Keys without expiry
+  node scripts/migrate-apikey-expiry.js
+
+  # Set 90-day expiry
+  node scripts/migrate-apikey-expiry.js --days=90
+
+  # Test run without making changes
+  node scripts/migrate-apikey-expiry.js --dry-run
+`)
+  process.exit(0)
+}
+
+// 运行迁移
+migrateApiKeys().catch((error) => {
+  logger.error('💥 Unexpected error:', error)
+  process.exit(1)
+})

scripts/monitor-enhanced.sh

@@ -0,0 +1,273 @@
+#!/bin/bash
+
+# Claude Relay Service - 增强版实时监控脚本
+# 结合并发监控和系统状态的完整监控方案
+
+# 加载环境变量
+if [ -f .env ]; then
+    export $(grep -v '^#' .env | xargs)
+fi
+
+echo "🔍 Claude Relay Service - 增强版实时监控"
+echo "按 Ctrl+C 退出 | 按 's' 切换详细/简单模式"
+echo "========================================"
+
+# 获取服务配置
+SERVICE_HOST=${HOST:-127.0.0.1}
+SERVICE_PORT=${PORT:-3000}
+
+# 如果HOST是0.0.0.0，客户端应该连接localhost
+if [ "$SERVICE_HOST" = "0.0.0.0" ]; then
+    SERVICE_HOST="127.0.0.1"
+fi
+
+SERVICE_URL="http://${SERVICE_HOST}:${SERVICE_PORT}"
+
+# 获取Redis配置
+REDIS_HOST=${REDIS_HOST:-127.0.0.1}
+REDIS_PORT=${REDIS_PORT:-6379}
+REDIS_CMD="redis-cli -h $REDIS_HOST -p $REDIS_PORT"
+
+if [ ! -z "$REDIS_PASSWORD" ]; then
+    REDIS_CMD="redis-cli -h $REDIS_HOST -p $REDIS_PORT -a $REDIS_PASSWORD"
+fi
+
+# 检查Redis连接
+if ! $REDIS_CMD ping > /dev/null 2>&1; then
+    echo "❌ Redis连接失败，请检查Redis服务是否运行"
+    echo "   配置: $REDIS_HOST:$REDIS_PORT"
+    exit 1
+fi
+
+# 显示模式: simple(简单) / detailed(详细)
+DISPLAY_MODE="simple"
+
+# 获取API Key详细信息
+get_api_key_info() {
+    local api_key_id=$1
+    local api_key_name=$($REDIS_CMD hget "apikey:$api_key_id" name 2>/dev/null)
+    local concurrency_limit=$($REDIS_CMD hget "apikey:$api_key_id" concurrencyLimit 2>/dev/null)
+    local token_limit=$($REDIS_CMD hget "apikey:$api_key_id" tokenLimit 2>/dev/null)
+    local created_at=$($REDIS_CMD hget "apikey:$api_key_id" createdAt 2>/dev/null)
+    
+    if [ -z "$api_key_name" ]; then
+        api_key_name="Unknown"
+    fi
+    
+    if [ -z "$concurrency_limit" ] || [ "$concurrency_limit" = "0" ]; then
+        concurrency_limit="无限制"
+    fi
+    
+    if [ -z "$token_limit" ] || [ "$token_limit" = "0" ]; then
+        token_limit="无限制"
+    else
+        token_limit=$(printf "%'d" $token_limit)
+    fi
+    
+    echo "$api_key_name|$concurrency_limit|$token_limit|$created_at"
+}
+
+# 获取使用统计信息
+get_usage_stats() {
+    local api_key_id=$1
+    local today=$(date '+%Y-%m-%d')
+    local current_month=$(date '+%Y-%m')
+    
+    # 获取总体使用量
+    local total_requests=$($REDIS_CMD hget "usage:$api_key_id" totalRequests 2>/dev/null)
+    local total_tokens=$($REDIS_CMD hget "usage:$api_key_id" totalTokens 2>/dev/null)
+    
+    # 获取今日使用量
+    local daily_requests=$($REDIS_CMD hget "usage:daily:$api_key_id:$today" requests 2>/dev/null)
+    local daily_tokens=$($REDIS_CMD hget "usage:daily:$api_key_id:$today" tokens 2>/dev/null)
+    
+    total_requests=${total_requests:-0}
+    total_tokens=${total_tokens:-0}
+    daily_requests=${daily_requests:-0}
+    daily_tokens=${daily_tokens:-0}
+    
+    echo "$total_requests|$total_tokens|$daily_requests|$daily_tokens"
+}
+
+# 格式化数字
+format_number() {
+    local num=$1
+    if [ "$num" -ge 1000000 ]; then
+        echo "$(echo "scale=1; $num / 1000000" | bc 2>/dev/null)M"
+    elif [ "$num" -ge 1000 ]; then
+        echo "$(echo "scale=1; $num / 1000" | bc 2>/dev/null)K"
+    else
+        echo "$num"
+    fi
+}
+
+# 获取系统信息
+get_system_info() {
+    # Redis信息
+    local redis_info=$($REDIS_CMD info server 2>/dev/null)
+    local redis_memory_info=$($REDIS_CMD info memory 2>/dev/null)
+    
+    local redis_version=$(echo "$redis_info" | grep redis_version | cut -d: -f2 | tr -d '\r' 2>/dev/null)
+    local redis_uptime=$(echo "$redis_info" | grep uptime_in_seconds | cut -d: -f2 | tr -d '\r' 2>/dev/null)
+    local used_memory=$(echo "$redis_memory_info" | grep used_memory_human | cut -d: -f2 | tr -d '\r' 2>/dev/null)
+    
+    local redis_uptime_hours=0
+    if [ ! -z "$redis_uptime" ]; then
+        redis_uptime_hours=$((redis_uptime / 3600))
+    fi
+    
+    # 服务状态
+    local service_status="unknown"
+    local service_uptime="0"
+    if command -v curl > /dev/null 2>&1; then
+        local health_response=$(curl -s ${SERVICE_URL}/health 2>/dev/null)
+        if [ $? -eq 0 ]; then
+            service_status=$(echo "$health_response" | grep -o '"status":"[^"]*"' | cut -d'"' -f4 | head -1)
+            service_uptime=$(echo "$health_response" | grep -o '"uptime":[^,}]*' | cut -d: -f2 | head -1)
+        fi
+    fi
+    
+    local service_uptime_hours="0"
+    if [ ! -z "$service_uptime" ] && [ "$service_uptime" != "null" ]; then
+        service_uptime_hours=$(echo "scale=1; $service_uptime / 3600" | bc 2>/dev/null)
+    fi
+    
+    echo "$redis_version|$redis_uptime_hours|$used_memory|$service_status|$service_uptime_hours"
+}
+
+# 主监控函数
+monitor_enhanced() {
+    while true; do
+        clear
+        echo "🔍 Claude Relay Service - 增强版实时监控 | $(date '+%Y-%m-%d %H:%M:%S')"
+        echo "模式: $DISPLAY_MODE | 服务: $SERVICE_URL | Redis: $REDIS_HOST:$REDIS_PORT"
+        echo "========================================"
+        
+        # 获取系统信息
+        local system_info=$(get_system_info)
+        local redis_version=$(echo "$system_info" | cut -d'|' -f1)
+        local redis_uptime=$(echo "$system_info" | cut -d'|' -f2)
+        local redis_memory=$(echo "$system_info" | cut -d'|' -f3)
+        local service_status=$(echo "$system_info" | cut -d'|' -f4)
+        local service_uptime=$(echo "$system_info" | cut -d'|' -f5)
+        
+        # 系统状态概览
+        echo "🏥 系统状态概览："
+        if [ "$service_status" = "healthy" ]; then
+            echo "  ✅ 服务: 健康 (运行 ${service_uptime}h)"
+        else
+            echo "  ⚠️  服务: 异常 ($service_status)"
+        fi
+        echo "  📊 Redis: v${redis_version} (运行 ${redis_uptime}h, 内存 ${redis_memory})"
+        echo ""
+        
+        # 获取并发信息
+        local concurrency_keys=$($REDIS_CMD --scan --pattern "concurrency:*" 2>/dev/null)
+        local total_concurrent=0
+        local active_keys=0
+        local concurrent_details=""
+        
+        if [ ! -z "$concurrency_keys" ]; then
+            for key in $concurrency_keys; do
+                local count=$($REDIS_CMD get "$key" 2>/dev/null)
+                if [ ! -z "$count" ] && [ "$count" -gt 0 ]; then
+                    local api_key_id=${key#concurrency:}
+                    local key_info=$(get_api_key_info "$api_key_id")
+                    local key_name=$(echo "$key_info" | cut -d'|' -f1)
+                    local concurrency_limit=$(echo "$key_info" | cut -d'|' -f2)
+                    
+                    concurrent_details="${concurrent_details}${key_name}:${count}/${concurrency_limit} "
+                    total_concurrent=$((total_concurrent + count))
+                    active_keys=$((active_keys + 1))
+                fi
+            done
+        fi
+        
+        # 并发状态显示
+        echo "📊 当前并发状态："
+        if [ $total_concurrent -eq 0 ]; then
+            echo "  💤 无活跃并发连接"
+        else
+            echo "  🔥 总并发: $total_concurrent 个连接 ($active_keys 个API Key)"
+            if [ "$DISPLAY_MODE" = "detailed" ]; then
+                echo "  📋 详情: $concurrent_details"
+            fi
+        fi
+        echo ""
+        
+        # API Key统计
+        local total_keys=$($REDIS_CMD keys "apikey:*" 2>/dev/null | grep -v "apikey:hash_map" | wc -l)
+        local total_accounts=$($REDIS_CMD keys "claude:account:*" 2>/dev/null | wc -l)
+        
+        echo "📋 资源统计："
+        echo "  🔑 API Keys: $total_keys 个"
+        echo "  🏢 Claude账户: $total_accounts 个"
+        
+        # 详细模式显示更多信息
+        if [ "$DISPLAY_MODE" = "detailed" ]; then
+            echo ""
+            echo "📈 使用统计 (今日/总计)："
+            
+            # 获取所有API Key
+            local api_keys=$($REDIS_CMD keys "apikey:*" 2>/dev/null | grep -v "apikey:hash_map")
+            local total_daily_requests=0
+            local total_daily_tokens=0
+            local total_requests=0
+            local total_tokens=0
+            
+            if [ ! -z "$api_keys" ]; then
+                for key in $api_keys; do
+                    local api_key_id=${key#apikey:}
+                    local key_info=$(get_api_key_info "$api_key_id")
+                    local key_name=$(echo "$key_info" | cut -d'|' -f1)
+                    local usage_info=$(get_usage_stats "$api_key_id")
+                    
+                    local key_total_requests=$(echo "$usage_info" | cut -d'|' -f1)
+                    local key_total_tokens=$(echo "$usage_info" | cut -d'|' -f2)
+                    local key_daily_requests=$(echo "$usage_info" | cut -d'|' -f3)
+                    local key_daily_tokens=$(echo "$usage_info" | cut -d'|' -f4)
+                    
+                    total_daily_requests=$((total_daily_requests + key_daily_requests))
+                    total_daily_tokens=$((total_daily_tokens + key_daily_tokens))
+                    total_requests=$((total_requests + key_total_requests))
+                    total_tokens=$((total_tokens + key_total_tokens))
+                    
+                    if [ $((key_daily_requests + key_total_requests)) -gt 0 ]; then
+                        echo "  📱 $key_name: ${key_daily_requests}req/$(format_number $key_daily_tokens) | ${key_total_requests}req/$(format_number $key_total_tokens)"
+                    fi
+                done
+            fi
+            
+            echo "  🌍 系统总计: ${total_daily_requests}req/$(format_number $total_daily_tokens) | ${total_requests}req/$(format_number $total_tokens)"
+        fi
+        
+        echo ""
+        echo "🔄 刷新间隔: 5秒 | 按 Ctrl+C 退出 | 按 Enter 切换详细/简单模式"
+        
+        # 非阻塞读取用户输入
+        read -t 5 user_input
+        if [ $? -eq 0 ]; then
+            case "$user_input" in
+                "s"|"S"|"")
+                    if [ "$DISPLAY_MODE" = "simple" ]; then
+                        DISPLAY_MODE="detailed"
+                    else
+                        DISPLAY_MODE="simple"
+                    fi
+                    ;;
+            esac
+        fi
+    done
+}
+
+# 信号处理
+cleanup() {
+    echo ""
+    echo "👋 监控已停止"
+    exit 0
+}
+
+trap cleanup SIGINT SIGTERM
+
+# 开始监控
+monitor_enhanced

scripts/setup.js

@@ -0,0 +1,128 @@
+const fs = require('fs')
+const path = require('path')
+const crypto = require('crypto')
+const chalk = require('chalk')
+const ora = require('ora')
+
+const config = require('../config/config')
+
+async function setup() {
+  console.log(chalk.blue.bold('\n🚀 Claude Relay Service 初始化设置\n'))
+
+  const spinner = ora('正在进行初始化设置...').start()
+
+  try {
+    // 1. 创建必要目录
+    const directories = ['logs', 'data', 'temp']
+
+    directories.forEach((dir) => {
+      const dirPath = path.join(__dirname, '..', dir)
+      if (!fs.existsSync(dirPath)) {
+        fs.mkdirSync(dirPath, { recursive: true })
+      }
+    })
+
+    // 2. 生成环境配置文件
+    if (!fs.existsSync(path.join(__dirname, '..', '.env'))) {
+      const envTemplate = fs.readFileSync(path.join(__dirname, '..', '.env.example'), 'utf8')
+
+      // 生成随机密钥
+      const jwtSecret = crypto.randomBytes(64).toString('hex')
+      const encryptionKey = crypto.randomBytes(32).toString('hex')
+
+      const envContent = envTemplate
+        .replace('your-jwt-secret-here', jwtSecret)
+        .replace('your-encryption-key-here', encryptionKey)
+
+      fs.writeFileSync(path.join(__dirname, '..', '.env'), envContent)
+    }
+
+    // 3. 生成或使用环境变量中的管理员凭据
+    const adminUsername =
+      process.env.ADMIN_USERNAME || `cr_admin_${crypto.randomBytes(4).toString('hex')}`
+    const adminPassword =
+      process.env.ADMIN_PASSWORD ||
+      crypto
+        .randomBytes(16)
+        .toString('base64')
+        .replace(/[^a-zA-Z0-9]/g, '')
+        .substring(0, 16)
+
+    // 如果使用了环境变量，显示提示
+    if (process.env.ADMIN_USERNAME || process.env.ADMIN_PASSWORD) {
+      console.log(chalk.yellow('\n📌 使用环境变量中的管理员凭据'))
+    }
+
+    // 4. 创建初始化完成标记文件
+    const initData = {
+      initializedAt: new Date().toISOString(),
+      adminUsername,
+      adminPassword,
+      version: '1.0.0'
+    }
+
+    fs.writeFileSync(
+      path.join(__dirname, '..', 'data', 'init.json'),
+      JSON.stringify(initData, null, 2)
+    )
+
+    spinner.succeed('初始化设置完成')
+
+    console.log(chalk.green('\n✅ 设置完成！\n'))
+    console.log(chalk.yellow('📋 重要信息：\n'))
+    console.log(`   管理员用户名: ${chalk.cyan(adminUsername)}`)
+    console.log(`   管理员密码:   ${chalk.cyan(adminPassword)}`)
+
+    // 如果是自动生成的凭据，强调需要保存
+    if (!process.env.ADMIN_USERNAME && !process.env.ADMIN_PASSWORD) {
+      console.log(chalk.red('\n⚠️  请立即保存这些凭据！首次登录后建议修改密码。'))
+      console.log(
+        chalk.yellow(
+          '\n💡 提示: 也可以通过环境变量 ADMIN_USERNAME 和 ADMIN_PASSWORD 预设管理员凭据。\n'
+        )
+      )
+    } else {
+      console.log(chalk.green('\n✅ 已使用预设的管理员凭据。\n'))
+    }
+
+    console.log(chalk.blue('🚀 启动服务：\n'))
+    console.log('   npm start              - 启动生产服务')
+    console.log('   npm run dev            - 启动开发服务')
+    console.log('   npm run cli admin      - 管理员CLI工具\n')
+
+    console.log(chalk.blue('🌐 访问地址：\n'))
+    console.log(`   Web管理界面: http://localhost:${config.server.port}/web`)
+    console.log(`   API端点:     http://localhost:${config.server.port}/api/v1/messages`)
+    console.log(`   健康检查:    http://localhost:${config.server.port}/health\n`)
+  } catch (error) {
+    spinner.fail('初始化设置失败')
+    console.error(chalk.red('❌ 错误:'), error.message)
+    process.exit(1)
+  }
+}
+
+// 检查是否已初始化
+function checkInitialized() {
+  const initFile = path.join(__dirname, '..', 'data', 'init.json')
+  if (fs.existsSync(initFile)) {
+    const initData = JSON.parse(fs.readFileSync(initFile, 'utf8'))
+    console.log(chalk.yellow('⚠️  服务已经初始化过了！'))
+    console.log(`   初始化时间: ${new Date(initData.initializedAt).toLocaleString()}`)
+    console.log(`   管理员用户名: ${initData.adminUsername}`)
+    console.log('\n如需重新初始化，请删除 data/init.json 文件后再运行此命令。')
+    console.log(chalk.red('\n⚠️  重要提示：'))
+    console.log('   1. 删除 init.json 文件后运行 npm run setup')
+    console.log('   2. 生成新的账号密码后，需要重启服务才能生效')
+    console.log('   3. 使用 npm run service:restart 重启服务\n')
+    return true
+  }
+  return false
+}
+
+if (require.main === module) {
+  if (!checkInitialized()) {
+    setup()
+  }
+}
+
+module.exports = { setup, checkInitialized }

scripts/status-unified.sh

@@ -0,0 +1,262 @@
+#!/bin/bash
+
+# Claude Relay Service - 统一状态检查脚本
+# 提供完整的系统状态概览
+
+# 加载环境变量
+if [ -f .env ]; then
+    export $(grep -v '^#' .env | xargs)
+fi
+
+# 参数处理
+DETAIL_MODE=false
+if [ "$1" = "--detail" ] || [ "$1" = "-d" ]; then
+    DETAIL_MODE=true
+fi
+
+echo "🔍 Claude Relay Service - 系统状态检查"
+if [ "$DETAIL_MODE" = true ]; then
+    echo "模式: 详细信息"
+else
+    echo "模式: 概览 (使用 --detail 查看详细信息)"
+fi
+echo "========================================"
+
+# 获取服务配置
+SERVICE_HOST=${HOST:-127.0.0.1}
+SERVICE_PORT=${PORT:-3000}
+
+if [ "$SERVICE_HOST" = "0.0.0.0" ]; then
+    SERVICE_HOST="127.0.0.1"
+fi
+
+SERVICE_URL="http://${SERVICE_HOST}:${SERVICE_PORT}"
+
+# 获取Redis配置
+REDIS_HOST=${REDIS_HOST:-127.0.0.1}
+REDIS_PORT=${REDIS_PORT:-6379}
+REDIS_CMD="redis-cli -h $REDIS_HOST -p $REDIS_PORT"
+
+if [ ! -z "$REDIS_PASSWORD" ]; then
+    REDIS_CMD="redis-cli -h $REDIS_HOST -p $REDIS_PORT -a $REDIS_PASSWORD"
+fi
+
+# 检查Redis连接
+echo "🔍 连接检查："
+if $REDIS_CMD ping > /dev/null 2>&1; then
+    echo "  ✅ Redis连接正常 ($REDIS_HOST:$REDIS_PORT)"
+else
+    echo "  ❌ Redis连接失败 ($REDIS_HOST:$REDIS_PORT)"
+    exit 1
+fi
+
+# 检查服务状态
+if command -v curl > /dev/null 2>&1; then
+    health_response=$(curl -s ${SERVICE_URL}/health 2>/dev/null)
+    if [ $? -eq 0 ]; then
+        health_status=$(echo "$health_response" | grep -o '"status":"[^"]*"' | cut -d'"' -f4 | head -1)
+        if [ "$health_status" = "healthy" ]; then
+            echo "  ✅ 服务状态正常 ($SERVICE_URL)"
+        else
+            echo "  ⚠️  服务状态异常: $health_status ($SERVICE_URL)"
+        fi
+    else
+        echo "  ❌ 服务无法访问 ($SERVICE_URL)"
+    fi
+else
+    echo "  ⚠️  curl命令不可用，无法检查服务状态"
+fi
+
+echo ""
+
+# 格式化数字函数
+format_number() {
+    local num=$1
+    if [ "$num" -ge 1000000 ]; then
+        echo "$(echo "scale=1; $num / 1000000" | bc 2>/dev/null)M"
+    elif [ "$num" -ge 1000 ]; then
+        echo "$(echo "scale=1; $num / 1000" | bc 2>/dev/null)K"
+    else
+        echo "$num"
+    fi
+}
+
+# 系统信息
+echo "🏥 系统信息："
+
+# Redis信息
+redis_info=$($REDIS_CMD info server 2>/dev/null)
+redis_memory_info=$($REDIS_CMD info memory 2>/dev/null)
+
+redis_version=$(echo "$redis_info" | grep redis_version | cut -d: -f2 | tr -d '\r' 2>/dev/null)
+redis_uptime=$(echo "$redis_info" | grep uptime_in_seconds | cut -d: -f2 | tr -d '\r' 2>/dev/null)
+used_memory=$(echo "$redis_memory_info" | grep used_memory_human | cut -d: -f2 | tr -d '\r' 2>/dev/null)
+
+if [ ! -z "$redis_version" ]; then
+    echo "  📊 Redis版本: $redis_version"
+fi
+
+if [ ! -z "$redis_uptime" ]; then
+    uptime_hours=$((redis_uptime / 3600))
+    echo "  ⏱️  Redis运行时间: $uptime_hours 小时"
+fi
+
+if [ ! -z "$used_memory" ]; then
+    echo "  💾 Redis内存使用: $used_memory"
+fi
+
+# 服务信息
+if command -v curl > /dev/null 2>&1; then
+    health_response=$(curl -s ${SERVICE_URL}/health 2>/dev/null)
+    if [ $? -eq 0 ]; then
+        uptime=$(echo "$health_response" | grep -o '"uptime":[^,}]*' | cut -d: -f2 | head -1)
+        
+        if [ ! -z "$uptime" ] && [ "$uptime" != "null" ]; then
+            uptime_hours=$(echo "scale=1; $uptime / 3600" | bc 2>/dev/null)
+            if [ ! -z "$uptime_hours" ]; then
+                echo "  ⏰ 服务运行时间: $uptime_hours 小时"
+            fi
+        fi
+        
+        # 检查端口
+        if netstat -ln 2>/dev/null | grep -q ":${SERVICE_PORT} "; then
+            echo "  🔌 端口${SERVICE_PORT}: 正在监听"
+        else
+            echo "  ❌ 端口${SERVICE_PORT}: 未监听"
+        fi
+    fi
+fi
+
+echo ""
+
+# 并发状态
+echo "📊 并发状态："
+concurrency_keys=$($REDIS_CMD --scan --pattern "concurrency:*" 2>/dev/null)
+
+if [ -z "$concurrency_keys" ]; then
+    echo "  💤 当前无活跃并发连接"
+else
+    total_concurrent=0
+    active_keys=0
+    
+    for key in $concurrency_keys; do
+        count=$($REDIS_CMD get "$key" 2>/dev/null)
+        if [ ! -z "$count" ] && [ "$count" -gt 0 ]; then
+            api_key_id=${key#concurrency:}
+            
+            if [ "$DETAIL_MODE" = true ]; then
+                api_key_name=$($REDIS_CMD hget "apikey:$api_key_id" name 2>/dev/null)
+                concurrency_limit=$($REDIS_CMD hget "apikey:$api_key_id" concurrencyLimit 2>/dev/null)
+                
+                if [ -z "$api_key_name" ]; then
+                    api_key_name="Unknown"
+                fi
+                
+                if [ -z "$concurrency_limit" ] || [ "$concurrency_limit" = "0" ]; then
+                    limit_text="无限制"
+                else
+                    limit_text="$concurrency_limit"
+                fi
+                
+                echo "  🔑 $api_key_name: $count 个并发 (限制: $limit_text)"
+            fi
+            
+            total_concurrent=$((total_concurrent + count))
+            active_keys=$((active_keys + 1))
+        fi
+    done
+    
+    echo "  📈 总计: $total_concurrent 个活跃并发连接 ($active_keys 个API Key)"
+fi
+
+echo ""
+
+# 资源统计
+echo "📋 资源统计："
+
+total_keys=$($REDIS_CMD keys "apikey:*" 2>/dev/null | grep -v "apikey:hash_map" | wc -l)
+total_accounts=$($REDIS_CMD keys "claude:account:*" 2>/dev/null | wc -l)
+
+echo "  🔑 API Key总数: $total_keys"
+echo "  🏢 Claude账户数: $total_accounts"
+
+# 详细模式下的使用统计
+if [ "$DETAIL_MODE" = true ]; then
+    echo ""
+    echo "📈 使用统计："
+    
+    today=$(date '+%Y-%m-%d')
+    current_month=$(date '+%Y-%m')
+    
+    # 系统总体统计
+    total_daily_requests=0
+    total_daily_tokens=0
+    total_requests=0
+    total_tokens=0
+    
+    api_keys=$($REDIS_CMD keys "apikey:*" 2>/dev/null | grep -v "apikey:hash_map")
+    
+    if [ ! -z "$api_keys" ]; then
+        echo "  📱 API Key详情："
+        
+        for key in $api_keys; do
+            api_key_id=${key#apikey:}
+            
+            # API Key基本信息
+            api_key_name=$($REDIS_CMD hget "apikey:$api_key_id" name 2>/dev/null)
+            token_limit=$($REDIS_CMD hget "apikey:$api_key_id" tokenLimit 2>/dev/null)
+            created_at=$($REDIS_CMD hget "apikey:$api_key_id" createdAt 2>/dev/null)
+            
+            # 使用统计
+            key_total_requests=$($REDIS_CMD hget "usage:$api_key_id" totalRequests 2>/dev/null)
+            key_total_tokens=$($REDIS_CMD hget "usage:$api_key_id" totalTokens 2>/dev/null)
+            key_daily_requests=$($REDIS_CMD hget "usage:daily:$api_key_id:$today" requests 2>/dev/null)
+            key_daily_tokens=$($REDIS_CMD hget "usage:daily:$api_key_id:$today" tokens 2>/dev/null)
+            
+            # 默认值处理
+            api_key_name=${api_key_name:-"Unknown"}
+            token_limit=${token_limit:-0}
+            key_total_requests=${key_total_requests:-0}
+            key_total_tokens=${key_total_tokens:-0}
+            key_daily_requests=${key_daily_requests:-0}
+            key_daily_tokens=${key_daily_tokens:-0}
+            
+            # 格式化Token限制
+            if [ "$token_limit" = "0" ]; then
+                limit_text="无限制"
+            else
+                limit_text=$(format_number $token_limit)
+            fi
+            
+            # 创建时间格式化
+            if [ ! -z "$created_at" ]; then
+                created_date=$(echo "$created_at" | cut -d'T' -f1)
+            else
+                created_date="未知"
+            fi
+            
+            echo "    • $api_key_name (创建: $created_date, 限制: $limit_text)"
+            echo "      今日: ${key_daily_requests}请求 / $(format_number $key_daily_tokens)tokens"
+            echo "      总计: ${key_total_requests}请求 / $(format_number $key_total_tokens)tokens"
+            echo ""
+            
+            # 累计统计
+            total_daily_requests=$((total_daily_requests + key_daily_requests))
+            total_daily_tokens=$((total_daily_tokens + key_daily_tokens))
+            total_requests=$((total_requests + key_total_requests))
+            total_tokens=$((total_tokens + key_total_tokens))
+        done
+    fi
+    
+    echo "  🌍 系统总计:"
+    echo "    今日: ${total_daily_requests}请求 / $(format_number $total_daily_tokens)tokens"
+    echo "    总计: ${total_requests}请求 / $(format_number $total_tokens)tokens"
+fi
+
+echo ""
+echo "✅ 状态检查完成 - $(date '+%Y-%m-%d %H:%M:%S')"
+
+if [ "$DETAIL_MODE" = false ]; then
+    echo ""
+    echo "💡 使用 'npm run status -- --detail' 查看详细信息"
+fi

scripts/test-account-display.js

@@ -0,0 +1,143 @@
+/**
+ * 测试账号显示问题是否已修复
+ */
+
+const axios = require('axios')
+const config = require('../config/config')
+
+// 从 init.json 读取管理员凭据
+const fs = require('fs')
+const path = require('path')
+
+async function testAccountDisplay() {
+  console.log('🔍 测试账号显示问题...\n')
+
+  try {
+    // 读取管理员凭据
+    const initPath = path.join(__dirname, '..', 'config', 'init.json')
+    if (!fs.existsSync(initPath)) {
+      console.error('❌ 找不到 init.json 文件，请运行 npm run setup')
+      process.exit(1)
+    }
+
+    const initData = JSON.parse(fs.readFileSync(initPath, 'utf8'))
+    const adminUser = initData.admins?.[0]
+    if (!adminUser) {
+      console.error('❌ 没有找到管理员账号')
+      process.exit(1)
+    }
+
+    const baseURL = `http://localhost:${config.server.port}`
+
+    // 登录获取 token
+    console.log('🔐 登录管理员账号...')
+    const loginResp = await axios.post(`${baseURL}/admin/login`, {
+      username: adminUser.username,
+      password: adminUser.password
+    })
+
+    if (!loginResp.data.success) {
+      console.error('❌ 登录失败')
+      process.exit(1)
+    }
+
+    const { token } = loginResp.data
+    console.log('✅ 登录成功\n')
+
+    // 设置请求头
+    const headers = {
+      Authorization: `Bearer ${token}`,
+      'Content-Type': 'application/json'
+    }
+
+    // 获取 Claude OAuth 账号
+    console.log('📋 获取 Claude OAuth 账号...')
+    const claudeResp = await axios.get(`${baseURL}/admin/claude-accounts`, { headers })
+    const claudeAccounts = claudeResp.data.data || []
+
+    console.log(`找到 ${claudeAccounts.length} 个 Claude OAuth 账号`)
+
+    // 分类显示
+    const claudeDedicated = claudeAccounts.filter((a) => a.accountType === 'dedicated')
+    const claudeGroup = claudeAccounts.filter((a) => a.accountType === 'group')
+    const claudeShared = claudeAccounts.filter((a) => a.accountType === 'shared')
+
+    console.log(`- 专属账号: ${claudeDedicated.length} 个`)
+    console.log(`- 分组账号: ${claudeGroup.length} 个`)
+    console.log(`- 共享账号: ${claudeShared.length} 个`)
+
+    // 检查 platform 字段
+    console.log('\n检查 platform 字段:')
+    claudeAccounts.slice(0, 3).forEach((acc) => {
+      console.log(`- ${acc.name}: platform=${acc.platform}, accountType=${acc.accountType}`)
+    })
+
+    // 获取 Claude Console 账号
+    console.log('\n📋 获取 Claude Console 账号...')
+    const consoleResp = await axios.get(`${baseURL}/admin/claude-console-accounts`, { headers })
+    const consoleAccounts = consoleResp.data.data || []
+
+    console.log(`找到 ${consoleAccounts.length} 个 Claude Console 账号`)
+
+    // 分类显示
+    const consoleDedicated = consoleAccounts.filter((a) => a.accountType === 'dedicated')
+    const consoleGroup = consoleAccounts.filter((a) => a.accountType === 'group')
+    const consoleShared = consoleAccounts.filter((a) => a.accountType === 'shared')
+
+    console.log(`- 专属账号: ${consoleDedicated.length} 个`)
+    console.log(`- 分组账号: ${consoleGroup.length} 个`)
+    console.log(`- 共享账号: ${consoleShared.length} 个`)
+
+    // 检查 platform 字段
+    console.log('\n检查 platform 字段:')
+    consoleAccounts.slice(0, 3).forEach((acc) => {
+      console.log(`- ${acc.name}: platform=${acc.platform}, accountType=${acc.accountType}`)
+    })
+
+    // 获取账号分组
+    console.log('\n📋 获取账号分组...')
+    const groupsResp = await axios.get(`${baseURL}/admin/account-groups`, { headers })
+    const groups = groupsResp.data.data || []
+
+    console.log(`找到 ${groups.length} 个账号分组`)
+
+    const claudeGroups = groups.filter((g) => g.platform === 'claude')
+    const geminiGroups = groups.filter((g) => g.platform === 'gemini')
+
+    console.log(`- Claude 分组: ${claudeGroups.length} 个`)
+    console.log(`- Gemini 分组: ${geminiGroups.length} 个`)
+
+    // 测试结果总结
+    console.log('\n📊 测试结果总结:')
+    console.log('✅ Claude OAuth 账号已包含 platform 字段')
+    console.log('✅ Claude Console 账号已包含 platform 字段')
+    console.log('✅ 账号分组功能正常')
+
+    const totalDedicated = claudeDedicated.length + consoleDedicated.length
+    const totalGroups = claudeGroups.length
+
+    if (totalDedicated > 0) {
+      console.log(`\n✅ 共有 ${totalDedicated} 个专属账号应该显示在下拉框中`)
+    } else {
+      console.log('\n⚠️  没有找到专属账号，请在账号管理页面设置账号类型为"专属账户"')
+    }
+
+    if (totalGroups > 0) {
+      console.log(`✅ 共有 ${totalGroups} 个分组应该显示在下拉框中`)
+    }
+
+    console.log('\n💡 请在浏览器中测试创建/编辑 API Key，检查下拉框是否正确显示三个类别：')
+    console.log('   1. 调度分组')
+    console.log('   2. Claude OAuth 账号')
+    console.log('   3. Claude Console 账号')
+  } catch (error) {
+    console.error('❌ 测试失败:', error.message)
+    if (error.response) {
+      console.error('响应数据:', error.response.data)
+    }
+  } finally {
+    process.exit(0)
+  }
+}
+
+testAccountDisplay()

scripts/test-api-response.js

@@ -0,0 +1,141 @@
+/**
+ * 测试 API 响应中的账号数据
+ */
+
+const redis = require('../src/models/redis')
+const claudeAccountService = require('../src/services/claudeAccountService')
+const claudeConsoleAccountService = require('../src/services/claudeConsoleAccountService')
+const accountGroupService = require('../src/services/accountGroupService')
+
+async function testApiResponse() {
+  console.log('🔍 测试 API 响应数据...\n')
+
+  try {
+    // 确保 Redis 已连接
+    await redis.connect()
+
+    // 1. 测试 Claude OAuth 账号服务
+    console.log('📋 测试 Claude OAuth 账号服务...')
+    const claudeAccounts = await claudeAccountService.getAllAccounts()
+    console.log(`找到 ${claudeAccounts.length} 个 Claude OAuth 账号`)
+
+    // 检查前3个账号的数据结构
+    console.log('\n账号数据结构示例:')
+    claudeAccounts.slice(0, 3).forEach((acc) => {
+      console.log(`\n账号: ${acc.name}`)
+      console.log(`  - ID: ${acc.id}`)
+      console.log(`  - accountType: ${acc.accountType}`)
+      console.log(`  - platform: ${acc.platform}`)
+      console.log(`  - status: ${acc.status}`)
+      console.log(`  - isActive: ${acc.isActive}`)
+    })
+
+    // 统计专属账号
+    const claudeDedicated = claudeAccounts.filter((a) => a.accountType === 'dedicated')
+    const claudeGroup = claudeAccounts.filter((a) => a.accountType === 'group')
+
+    console.log('\n统计结果:')
+    console.log(`  - 专属账号: ${claudeDedicated.length} 个`)
+    console.log(`  - 分组账号: ${claudeGroup.length} 个`)
+
+    // 2. 测试 Claude Console 账号服务
+    console.log('\n\n📋 测试 Claude Console 账号服务...')
+    const consoleAccounts = await claudeConsoleAccountService.getAllAccounts()
+    console.log(`找到 ${consoleAccounts.length} 个 Claude Console 账号`)
+
+    // 检查前3个账号的数据结构
+    console.log('\n账号数据结构示例:')
+    consoleAccounts.slice(0, 3).forEach((acc) => {
+      console.log(`\n账号: ${acc.name}`)
+      console.log(`  - ID: ${acc.id}`)
+      console.log(`  - accountType: ${acc.accountType}`)
+      console.log(`  - platform: ${acc.platform}`)
+      console.log(`  - status: ${acc.status}`)
+      console.log(`  - isActive: ${acc.isActive}`)
+    })
+
+    // 统计专属账号
+    const consoleDedicated = consoleAccounts.filter((a) => a.accountType === 'dedicated')
+    const consoleGroup = consoleAccounts.filter((a) => a.accountType === 'group')
+
+    console.log('\n统计结果:')
+    console.log(`  - 专属账号: ${consoleDedicated.length} 个`)
+    console.log(`  - 分组账号: ${consoleGroup.length} 个`)
+
+    // 3. 测试账号分组服务
+    console.log('\n\n📋 测试账号分组服务...')
+    const groups = await accountGroupService.getAllGroups()
+    console.log(`找到 ${groups.length} 个账号分组`)
+
+    // 显示分组信息
+    groups.forEach((group) => {
+      console.log(`\n分组: ${group.name}`)
+      console.log(`  - ID: ${group.id}`)
+      console.log(`  - platform: ${group.platform}`)
+      console.log(`  - memberCount: ${group.memberCount}`)
+    })
+
+    // 4. 验证结果
+    console.log('\n\n📊 验证结果:')
+
+    // 检查 platform 字段
+    const claudeWithPlatform = claudeAccounts.filter((a) => a.platform === 'claude')
+    const consoleWithPlatform = consoleAccounts.filter((a) => a.platform === 'claude-console')
+
+    if (claudeWithPlatform.length === claudeAccounts.length) {
+      console.log('✅ 所有 Claude OAuth 账号都有正确的 platform 字段')
+    } else {
+      console.log(
+        `⚠️  只有 ${claudeWithPlatform.length}/${claudeAccounts.length} 个 Claude OAuth 账号有正确的 platform 字段`
+      )
+    }
+
+    if (consoleWithPlatform.length === consoleAccounts.length) {
+      console.log('✅ 所有 Claude Console 账号都有正确的 platform 字段')
+    } else {
+      console.log(
+        `⚠️  只有 ${consoleWithPlatform.length}/${consoleAccounts.length} 个 Claude Console 账号有正确的 platform 字段`
+      )
+    }
+
+    // 总结
+    const totalDedicated = claudeDedicated.length + consoleDedicated.length
+    const totalGroup = claudeGroup.length + consoleGroup.length
+    const totalGroups = groups.filter((g) => g.platform === 'claude').length
+
+    console.log('\n📈 总结:')
+    console.log(
+      `- 专属账号总数: ${totalDedicated} 个 (Claude OAuth: ${claudeDedicated.length}, Console: ${consoleDedicated.length})`
+    )
+    console.log(
+      `- 分组账号总数: ${totalGroup} 个 (Claude OAuth: ${claudeGroup.length}, Console: ${consoleGroup.length})`
+    )
+    console.log(`- 账号分组总数: ${totalGroups} 个`)
+
+    if (totalDedicated + totalGroups > 0) {
+      console.log('\n✅ 前端下拉框应该能够显示:')
+      if (totalGroups > 0) {
+        console.log('   - 调度分组')
+      }
+      if (claudeDedicated.length > 0) {
+        console.log('   - Claude OAuth 专属账号 (仅 dedicated 类型)')
+      }
+      if (consoleDedicated.length > 0) {
+        console.log('   - Claude Console 专属账号 (仅 dedicated 类型)')
+      }
+    } else {
+      console.log('\n⚠️  没有找到任何专属账号或分组，请检查账号配置')
+    }
+
+    console.log('\n💡 说明:')
+    console.log('- 专属账号下拉框只显示 accountType="dedicated" 的账号')
+    console.log('- accountType="group" 的账号通过分组调度，不在专属账号中显示')
+  } catch (error) {
+    console.error('❌ 测试失败:', error)
+    console.error(error.stack)
+  } finally {
+    process.exit(0)
+  }
+}
+
+testApiResponse()

scripts/test-bedrock-models.js

@@ -0,0 +1,33 @@
+#!/usr/bin/env node
+
+const bedrockRelayService = require('../src/services/bedrockRelayService')
+
+async function testBedrockModels() {
+  try {
+    console.log('🧪 测试Bedrock模型配置...')
+
+    // 测试可用模型列表
+    const models = await bedrockRelayService.getAvailableModels()
+    console.log(`📋 找到 ${models.length} 个可用模型:`)
+    models.forEach((model) => {
+      console.log(`  - ${model.id} (${model.name})`)
+    })
+
+    // 测试默认模型
+    console.log(`\n🎯 系统默认模型: ${bedrockRelayService.defaultModel}`)
+    console.log(`🎯 系统默认小模型: ${bedrockRelayService.defaultSmallModel}`)
+
+    console.log('\n✅ Bedrock模型配置测试完成')
+    process.exit(0)
+  } catch (error) {
+    console.error('❌ Bedrock模型测试失败:', error)
+    process.exit(1)
+  }
+}
+
+// 如果直接运行此脚本
+if (require.main === module) {
+  testBedrockModels()
+}
+
+module.exports = { testBedrockModels }

scripts/test-dedicated-accounts.js

@@ -0,0 +1,133 @@
+/**
+ * 测试专属账号显示问题
+ */
+
+const redis = require('../src/models/redis')
+
+async function testDedicatedAccounts() {
+  console.log('🔍 检查专属账号...\n')
+
+  try {
+    // 确保 Redis 已连接
+    await redis.connect()
+
+    // 获取所有 Claude 账号
+    const claudeKeys = await redis.client.keys('claude:account:*')
+    console.log(`找到 ${claudeKeys.length} 个 Claude 账号\n`)
+
+    const dedicatedAccounts = []
+    const groupAccounts = []
+    const sharedAccounts = []
+
+    for (const key of claudeKeys) {
+      const account = await redis.client.hgetall(key)
+      const accountType = account.accountType || 'shared'
+
+      const accountInfo = {
+        id: account.id,
+        name: account.name,
+        accountType,
+        status: account.status,
+        isActive: account.isActive,
+        createdAt: account.createdAt
+      }
+
+      if (accountType === 'dedicated') {
+        dedicatedAccounts.push(accountInfo)
+      } else if (accountType === 'group') {
+        groupAccounts.push(accountInfo)
+      } else {
+        sharedAccounts.push(accountInfo)
+      }
+    }
+
+    console.log('📊 账号统计:')
+    console.log(`- 专属账号: ${dedicatedAccounts.length} 个`)
+    console.log(`- 分组账号: ${groupAccounts.length} 个`)
+    console.log(`- 共享账号: ${sharedAccounts.length} 个`)
+    console.log('')
+
+    if (dedicatedAccounts.length > 0) {
+      console.log('✅ 专属账号列表:')
+      dedicatedAccounts.forEach((acc) => {
+        console.log(`  - ${acc.name} (ID: ${acc.id}, 状态: ${acc.status})`)
+      })
+      console.log('')
+    } else {
+      console.log('⚠️  没有找到专属账号！')
+      console.log('💡 提示: 请确保在账号管理页面将账号类型设置为"专属账户"')
+      console.log('')
+    }
+
+    if (groupAccounts.length > 0) {
+      console.log('📁 分组账号列表:')
+      groupAccounts.forEach((acc) => {
+        console.log(`  - ${acc.name} (ID: ${acc.id}, 状态: ${acc.status})`)
+      })
+      console.log('')
+    }
+
+    // 检查分组
+    const groupKeys = await redis.client.keys('account_group:*')
+    console.log(`\n找到 ${groupKeys.length} 个账号分组`)
+
+    if (groupKeys.length > 0) {
+      console.log('📋 分组列表:')
+      for (const key of groupKeys) {
+        const group = await redis.client.hgetall(key)
+        console.log(
+          `  - ${group.name} (平台: ${group.platform}, 成员数: ${group.memberCount || 0})`
+        )
+      }
+    }
+
+    // 检查 Claude Console 账号
+    const consoleKeys = await redis.client.keys('claude_console_account:*')
+    console.log(`\n找到 ${consoleKeys.length} 个 Claude Console 账号`)
+
+    const dedicatedConsoleAccounts = []
+    const groupConsoleAccounts = []
+
+    for (const key of consoleKeys) {
+      const account = await redis.client.hgetall(key)
+      const accountType = account.accountType || 'shared'
+
+      if (accountType === 'dedicated') {
+        dedicatedConsoleAccounts.push({
+          id: account.id,
+          name: account.name,
+          accountType,
+          status: account.status
+        })
+      } else if (accountType === 'group') {
+        groupConsoleAccounts.push({
+          id: account.id,
+          name: account.name,
+          accountType,
+          status: account.status
+        })
+      }
+    }
+
+    if (dedicatedConsoleAccounts.length > 0) {
+      console.log('\n✅ Claude Console 专属账号:')
+      dedicatedConsoleAccounts.forEach((acc) => {
+        console.log(`  - ${acc.name} (ID: ${acc.id}, 状态: ${acc.status})`)
+      })
+    }
+
+    if (groupConsoleAccounts.length > 0) {
+      console.log('\n📁 Claude Console 分组账号:')
+      groupConsoleAccounts.forEach((acc) => {
+        console.log(`  - ${acc.name} (ID: ${acc.id}, 状态: ${acc.status})`)
+      })
+    }
+  } catch (error) {
+    console.error('❌ 错误:', error)
+    console.error(error.stack)
+  } finally {
+    process.exit(0)
+  }
+}
+
+testDedicatedAccounts()