Initial commit: KiroProxy project

KiroProxy/.github/workflows/build.yml

@@ -0,0 +1,245 @@
+name: Build Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+env:
+  APP_NAME: KiroProxy
+
+jobs:
+  build-linux:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Get version from tag
+        id: version
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+          else
+            VERSION=$(grep -oP '__version__ = "\K[^"]+' kiro_proxy/__init__.py)
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "Version: $VERSION"
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install pyinstaller
+          
+      - name: Build binary
+        run: python build.py
+        
+      - name: Install packaging tools
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y ruby ruby-dev rubygems build-essential rpm libfuse2
+          sudo gem install --no-document fpm
+          
+      - name: Create packages
+        run: |
+          mkdir -p release
+          VERSION=${{ steps.version.outputs.VERSION }}
+          
+          # Binary (standalone)
+          cp dist/KiroProxy release/KiroProxy-${VERSION}-linux-x86_64
+          chmod +x release/KiroProxy-${VERSION}-linux-x86_64
+          
+          # tar.gz
+          tar -czvf release/KiroProxy-${VERSION}-linux-x86_64.tar.gz -C dist KiroProxy
+          
+          # deb package
+          fpm -s dir -t deb \
+            -n kiroproxy \
+            -v ${VERSION} \
+            --description "Kiro API Proxy Server" \
+            --license "MIT" \
+            --architecture amd64 \
+            --maintainer "petehsu" \
+            --url "https://github.com/petehsu/KiroProxy" \
+            -p release/kiroproxy_${VERSION}_amd64.deb \
+            dist/KiroProxy=/usr/local/bin/KiroProxy
+          
+          # rpm package
+          fpm -s dir -t rpm \
+            -n kiroproxy \
+            -v ${VERSION} \
+            --description "Kiro API Proxy Server" \
+            --license "MIT" \
+            --architecture x86_64 \
+            --maintainer "petehsu" \
+            --url "https://github.com/petehsu/KiroProxy" \
+            -p release/kiroproxy-${VERSION}-1.x86_64.rpm \
+            dist/KiroProxy=/usr/local/bin/KiroProxy
+            
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: KiroProxy-Linux
+          path: release/*
+
+  build-windows:
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Get version from tag
+        id: version
+        shell: bash
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+          else
+            VERSION=$(grep -oP '__version__ = "\K[^"]+' kiro_proxy/__init__.py)
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "Version: $VERSION"
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install pyinstaller
+          
+      - name: Build
+        run: python build.py
+        
+      - name: Create packages
+        shell: pwsh
+        run: |
+          $VERSION = "${{ steps.version.outputs.VERSION }}"
+          New-Item -ItemType Directory -Force -Path release
+          
+          # exe (standalone)
+          Copy-Item dist/KiroProxy.exe release/KiroProxy-${VERSION}-windows-x86_64.exe
+          
+          # zip
+          Compress-Archive -Path dist/KiroProxy.exe -DestinationPath release/KiroProxy-${VERSION}-windows-x86_64.zip
+          
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: KiroProxy-Windows
+          path: release/*
+
+  build-macos:
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Get version from tag
+        id: version
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+          else
+            VERSION=$(grep -oP '__version__ = "\K[^"]+' kiro_proxy/__init__.py || echo "1.0.0")
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "Version: $VERSION"
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install pyinstaller
+          
+      - name: Generate icon
+        run: |
+          mkdir -p assets/icon.iconset
+          for size in 16 32 64 128 256 512; do
+            sips -z $size $size assets/icon.png --out assets/icon.iconset/icon_${size}x${size}.png
+          done
+          iconutil -c icns assets/icon.iconset -o assets/icon.icns
+          
+      - name: Build
+        run: python build.py
+        
+      - name: Create packages
+        run: |
+          VERSION=${{ steps.version.outputs.VERSION }}
+          mkdir -p release
+          
+          # Binary (standalone)
+          cp dist/KiroProxy release/KiroProxy-${VERSION}-macos-x86_64
+          chmod +x release/KiroProxy-${VERSION}-macos-x86_64
+          
+          # zip
+          cd dist && zip -r ../release/KiroProxy-${VERSION}-macos-x86_64.zip KiroProxy && cd ..
+          
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: KiroProxy-macOS
+          path: release/*
+
+  release:
+    needs: [build-linux, build-windows, build-macos]
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+    
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Get version from tag
+        id: version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/v}
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          
+      - name: Download all artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+          
+      - name: List artifacts
+        run: find artifacts -type f
+          
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: KiroProxy v${{ steps.version.outputs.VERSION }}
+          body: |
+            ## Downloads
+            
+            | Platform | File | Description |
+            |----------|------|-------------|
+            | **Linux** | `KiroProxy-${{ steps.version.outputs.VERSION }}-linux-x86_64` | Standalone binary |
+            | | `KiroProxy-${{ steps.version.outputs.VERSION }}-linux-x86_64.tar.gz` | Compressed archive |
+            | | `kiroproxy_${{ steps.version.outputs.VERSION }}_amd64.deb` | Debian/Ubuntu package |
+            | | `kiroproxy-${{ steps.version.outputs.VERSION }}-1.x86_64.rpm` | Fedora/RHEL/CentOS package |
+            | **Windows** | `KiroProxy-${{ steps.version.outputs.VERSION }}-windows-x86_64.exe` | Standalone executable |
+            | | `KiroProxy-${{ steps.version.outputs.VERSION }}-windows-x86_64.zip` | Compressed archive |
+            | **macOS** | `KiroProxy-${{ steps.version.outputs.VERSION }}-macos-x86_64` | Standalone binary |
+            | | `KiroProxy-${{ steps.version.outputs.VERSION }}-macos-x86_64.zip` | Compressed archive |
+          files: |
+            artifacts/KiroProxy-Linux/*
+            artifacts/KiroProxy-Windows/*
+            artifacts/KiroProxy-macOS/*
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

KiroProxy/.gitignore

@@ -0,0 +1,54 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+venv/
+.venv/
+*.egg-info/
+.hypothesis/
+.pytest_cache/
+
+# Build
+build/
+dist/
+release/
+*.spec
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# HAR files (contain sensitive data)
+*.har
+
+# Logs
+*.log
+
+# Test files
+[0-9].txt
+[0-9][0-9].txt
+线索*.txt
+
+# Temp analysis files
+flows
+flows_*
+traffic.mitm
+*.mitm
+analyze_har.py
+parse_*.py
+*_analysis.txt
+*_check.txt
+hex_dump.txt
+parsed_*.txt
+response.txt
+参考.txt
+
+# Other projects
+Antigravity-Manager/
+cc-switch/

KiroProxy/README.md

@@ -0,0 +1,423 @@
+<p align="center">
+  <img src="assets/icon.svg" width="80" height="96" alt="Kiro Proxy">
+</p>
+
+<h1 align="center">Kiro API Proxy</h1>
+
+<p align="center">
+  Kiro IDE API 反向代理服务器，支持多账号轮询、Token 自动刷新、配额管理
+</p>
+
+<p align="center">
+  <a href="#功能特性">功能</a> •
+  <a href="#快速开始">快速开始</a> •
+  <a href="#cli-配置">CLI 配置</a> •
+  <a href="#api-端点">API</a> •
+  <a href="#许可证">许可证</a>
+</p>
+
+---
+
+> **⚠️ 测试说明**
+> 
+> 本项目支持 **Claude Code**、**Codex CLI**、**Gemini CLI** 三种客户端，工具调用功能已全面支持。
+
+## 功能特性
+
+### 核心功能
+- **多协议支持** - OpenAI / Anthropic / Gemini 三种协议兼容
+- **完整工具调用** - 三种协议的工具调用功能全面支持
+- **图片理解** - 支持 Claude Code / Codex CLI 图片输入
+- **网络搜索** - 支持 Claude Code / Codex CLI 网络搜索工具
+- **思考功能** - 支持 Claude 的扩展思考功能（Extended Thinking）
+- **多账号轮询（默认随机）** - 每次请求随机切换账号，分散压力，避免单账号 RPM 过高
+- **会话粘性（可选）** - 非 `random` 策略下，同一会话 60 秒内使用同一账号，保持上下文
+- **Web UI** - 简洁的管理界面，支持监控、日志、设置
+
+### v1.7.1 新功能
+- **Windows 支持补强** - 注册表浏览器检测 + PATH 回退，兼容便携版
+- **打包资源修复** - PyInstaller 打包后可正常加载图标与内置文档
+- **Token 扫描稳定性** - Windows 路径编码处理修复
+
+### v1.6.3 新功能
+- **命令行工具 (CLI)** - 无 GUI 服务器也能轻松管理
+  - `python run.py accounts list` - 列出账号
+  - `python run.py accounts export/import` - 导出/导入账号
+  - `python run.py accounts add` - 交互式添加 Token
+  - `python run.py accounts scan` - 扫描本地 Token
+  - `python run.py login google/github` - 命令行登录
+  - `python run.py login remote` - 生成远程登录链接
+- **远程登录链接** - 在有浏览器的机器上完成授权，Token 自动同步
+- **账号导入导出** - 跨机器迁移账号配置
+- **手动添加 Token** - 直接粘贴 accessToken/refreshToken
+
+### v1.6.2 新功能
+- **Codex CLI 完整支持** - 使用 OpenAI Responses API (`/v1/responses`)
+  - 完整工具调用支持（shell、file 等所有工具）
+  - 图片输入支持（`input_image` 类型）
+  - 网络搜索支持（`web_search` 工具）
+  - 错误代码映射（rate_limit、context_length 等）
+- **Claude Code 增强** - 图片理解和网络搜索完整支持
+  - 支持 Anthropic 和 OpenAI 两种图片格式
+  - 支持 `web_search` / `web_search_20250305` 工具
+
+### v1.6.1 新功能
+- **请求限速** - 通过限制请求频率降低账号封禁风险
+  - 每账号最小请求间隔
+  - 每账号每分钟最大请求数
+  - 全局每分钟最大请求数
+  - WebUI 设置页面可配置
+- **账号封禁检测** - 自动检测 TEMPORARILY_SUSPENDED 错误
+  - 友好的错误日志输出
+  - 自动禁用被封禁账号
+  - 自动切换到其他可用账号
+- **统一错误处理** - 三种协议使用统一的错误分类和处理
+
+### v1.6.0 功能
+- **历史消息管理** - 4 种策略处理对话长度限制，可自由组合
+  - 自动截断：发送前优先保留最新上下文并摘要前文，必要时按数量/字符数截断
+  - 智能摘要：用 AI 生成早期对话摘要，保留关键信息
+  - 摘要缓存：历史变化不大时复用最近摘要，减少重复 LLM 调用（默认启用）
+  - 错误重试：遇到长度错误时自动截断重试（默认启用）
+  - 预估检测：预估 token 数量，超限预先截断
+- **Gemini 工具调用** - 完整支持 functionDeclarations/functionCall/functionResponse
+- **设置页面** - WebUI 新增设置标签页，可配置历史消息管理策略
+
+### v1.5.0 功能
+- **用量查询** - 查询账号配额使用情况，显示已用/余额/使用率
+- **多登录方式** - 支持 Google / GitHub / AWS Builder ID 三种登录方式
+- **流量监控** - 完整的 LLM 请求监控，支持搜索、过滤、导出
+- **浏览器选择** - 自动检测已安装浏览器，支持无痕模式
+- **文档中心** - 内置帮助文档，左侧目录 + 右侧 Markdown 渲染
+
+### v1.4.0 功能
+- **Token 预刷新** - 后台每 5 分钟检查，提前 15 分钟自动刷新
+- **健康检查** - 每 10 分钟检测账号可用性，自动标记状态
+- **请求统计增强** - 按账号/模型统计，24 小时趋势
+- **请求重试机制** - 网络错误/5xx 自动重试，指数退避
+
+## 工具调用支持
+
+| 功能 | Anthropic (Claude Code) | OpenAI (Codex CLI) | Gemini |
+|------|------------------------|-------------------|--------|
+| 工具定义 | ✅ `tools` | ✅ `tools.function` | ✅ `functionDeclarations` |
+| 工具调用响应 | ✅ `tool_use` | ✅ `tool_calls` | ✅ `functionCall` |
+| 工具结果 | ✅ `tool_result` | �� `tool` 角色消息 | ✅ `functionResponse` |
+| 强制工具调用 | ✅ `tool_choice` | ✅ `tool_choice` | ✅ `toolConfig.mode` |
+| 工具数量限制 | ✅ 50 个 | ✅ 50 个 | ✅ 50 个 |
+| 历史消息修复 | ✅ | ✅ | ✅ |
+| 图片理解 | ✅ | ✅ | ❌ |
+| 网络搜索 | ✅ | ✅ | ❌ |
+
+## 已知限制
+
+### 对话长度限制
+
+Kiro API 有输入长度限制。当对话历史过长时，会返回错误：
+
+```
+Input is too long. (CONTENT_LENGTH_EXCEEDS_THRESHOLD)
+```
+
+#### 自动处理（v1.6.0+）
+
+代理内置了历史消息管理功能，可在「设置」页面配置：
+
+- **错误重试**（默认）：遇到长度错误时自动截断并重试
+- **智能摘要**：用 AI 生成早期对话摘要，保留关键信息
+- **摘要缓存**（默认）：历史变化不大时复用最近摘要，减少重复 LLM 调用
+- **自动截断**：每次请求前优先保留最新上下文并摘要前文，必要时按数量/字符数截断
+- **预估检测**：预估 token 数量，超限预先截断
+
+摘要缓存可通过以下配置项调整（默认值）：
+- `summary_cache_enabled`: `true`
+- `summary_cache_min_delta_messages`: `3`
+- `summary_cache_min_delta_chars`: `4000`
+- `summary_cache_max_age_seconds`: `180`
+
+#### 手动处理
+
+1. 在 Claude Code 中输入 `/clear` 清空对话历史
+2. 告诉 AI 你之前在做什么，它会读取代码文件恢复上下文
+
+## 快速开始
+
+### 方式一：下载预编译版本
+
+从 [Releases](../../releases) 下载对应平台的安装包，解压后直接运行。
+
+### 方式二：从源码运行
+
+```bash
+# 克隆项目
+git clone https://github.com/yourname/kiro-proxy.git
+cd kiro-proxy
+
+# 创建虚拟环境
+python -m venv venv
+source venv/bin/activate  # Windows: venv\Scripts\activate
+
+# 安装依赖
+pip install -r requirements.txt
+
+# 运行
+python run.py
+
+# 或指定端口
+python run.py 8081
+```
+
+启动后访问 http://localhost:8080
+
+### 命令行工具 (CLI)
+
+无 GUI 服务器可使用 CLI 管理账号：
+
+```bash
+# 账号管理
+python run.py accounts list              # 列出账号
+python run.py accounts export -o acc.json  # 导出账号
+python run.py accounts import acc.json   # 导入账号
+python run.py accounts add               # 交互式添加 Token
+python run.py accounts scan --auto       # 扫描并自动添加本地 Token
+
+# 登录
+python run.py login google               # Google 登录
+python run.py login github               # GitHub 登录
+python run.py login remote --host myserver.com:8080  # 生成远程登录链接
+
+# 服务
+python run.py serve                      # 启动服务 (默认 8080)
+python run.py serve -p 8081              # 指定端口
+python run.py status                     # 查看状态
+```
+
+### 登录获取 Token
+
+**方式一：在线登录（推荐）**
+1. 打开 Web UI，点击「在线登录」
+2. 选择登录方式：Google / GitHub / AWS Builder ID
+3. 在浏览器中完成授权
+4. 账号自动添加
+
+**方式二：扫描 Token**
+1. 打开 Kiro IDE，使用 Google/GitHub 账号登录
+2. 登录成功后 token 自动保存到 `~/.aws/sso/cache/`
+3. 在 Web UI 点击「扫描 Token」添加账号
+
+## CLI 配置
+
+### 模型对照表
+
+| Kiro 模型 | 能力 | Claude Code | Codex |
+|-----------|------|-------------|-------|
+| `claude-sonnet-4` | ⭐⭐⭐ 推荐 | `claude-sonnet-4` | `gpt-4o` |
+| `claude-sonnet-4.5` | ⭐⭐⭐⭐ 更强 | `claude-sonnet-4.5` | `gpt-4o` |
+| `claude-haiku-4.5` | ⚡ 快速 | `claude-haiku-4.5` | `gpt-4o-mini` |
+
+### Claude Code 配置
+
+```
+名称: Kiro Proxy
+API Key: any
+Base URL: http://localhost:8080
+模型: claude-sonnet-4
+```
+
+### Codex 配置
+
+Codex CLI 使用 OpenAI Responses API，配置如下：
+
+```bash
+# 设置环境变量
+export OPENAI_API_KEY=any
+export OPENAI_BASE_URL=http://localhost:8080/v1
+
+# 运行 Codex
+codex
+```
+
+或在 `~/.codex/config.toml` 中配置：
+
+```toml
+[providers.openai]
+api_key = "any"
+base_url = "http://localhost:8080/v1"
+```
+
+## 思考功能支持
+
+### 什么是思考功能
+
+思考功能（Extended Thinking）允许 Claude 在生成回答前展示其思考过程，帮助用户理解 AI 的推理步骤。
+
+### 如何使用
+
+在请求中添加 `thinking`（或对应协议的 thinking 配置）即可启用：
+
+```json
+{
+  "model": "claude-sonnet-4.5",
+  "messages": [
+    {
+      "role": "user",
+      "content": "解释一下量子计算的原理"
+    }
+  ],
+  "thinking": {
+    "thinking_type": "enabled",
+    "budget_tokens": 20000
+  },
+  "stream": true
+}
+```
+
+OpenAI Chat Completions (`POST /v1/chat/completions`) 也支持：
+
+```json
+{
+  "model": "gpt-4o",
+  "messages": [{"role": "user", "content": "解释一下量子计算的原理"}],
+  "thinking": { "type": "enabled" },
+  "stream": true
+}
+```
+
+OpenAI Responses (`POST /v1/responses`) 也支持：
+
+```json
+{
+  "model": "gpt-4o",
+  "input": "解释一下量子计算的原理",
+  "thinking": { "type": "enabled" }
+}
+```
+
+Gemini generateContent (`POST /v1/models/{model}:generateContent`) 也支持：
+
+```json
+{
+  "contents": [{"role": "user", "parts": [{"text": "解释一下量子计算的原理"}]}],
+  "generationConfig": {
+    "thinkingConfig": { "includeThoughts": true }
+  }
+}
+```
+
+### 参数说明
+
+- `thinking_type`: 思考类型，设为 `"enabled"` 启用思考功能
+- `budget_tokens`: 思考过程的 token 预算（不传则视为无限制）
+
+### 响应格式
+
+启用思考功能后，流式响应会包含两种内容块：
+
+1. **思考块**（type: "thinking"）：展示 AI 的思考过程
+2. **文本块**（type: "text"）：最终的回答内容
+
+示例响应：
+```
+data: {"type":"content_block_start","index":1,"content_block":{"type":"thinking","thinking":""}}
+data: {"type":"content_block_delta","index":1,"delta":{"type":"thinking_delta","thinking":"让我思考一下量子计算的原理..."}}
+data: {"type":"content_block_stop","index":1}
+data: {"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}
+data: {"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":"量子计算是一种..."}}
+data: {"type":"content_block_stop","index":0}
+```
+
+## API 端点
+
+| 协议 | 端点 | 用途 |
+|------|------|------|
+| OpenAI | `POST /v1/chat/completions` | Chat Completions API |
+| OpenAI | `POST /v1/responses` | Responses API (Codex CLI) |
+| OpenAI | `GET /v1/models` | 模型列表 |
+| Anthropic | `POST /v1/messages` | Claude Code |
+| Anthropic | `POST /v1/messages/count_tokens` | Token 计数 |
+| Gemini | `POST /v1/models/{model}:generateContent` | Gemini CLI |
+
+### 管理 API
+
+| 端点 | 方法 | 说明 |
+|------|------|------|
+| `/api/accounts` | GET | 获取所有账号状态 |
+| `/api/accounts/{id}` | GET | 获取账号详情 |
+| `/api/accounts/{id}/usage` | GET | 获取账号用量信息 |
+| `/api/accounts/{id}/refresh` | POST | 刷新账号 Token |
+| `/api/accounts/{id}/restore` | POST | 恢复账号（从冷却状态） |
+| `/api/accounts/refresh-all` | POST | 刷新所有即将过期的 Token |
+| `/api/flows` | GET | 获取流量记录 |
+| `/api/flows/stats` | GET | 获取流量统计 |
+| `/api/flows/{id}` | GET | 获取流量详情 |
+| `/api/quota` | GET | 获取配额状态 |
+| `/api/stats` | GET | 获取统计信息 |
+| `/api/health-check` | POST | 手动触发健康检查 |
+| `/api/browsers` | GET | 获取可用浏览器列表 |
+| `/api/docs` | GET | 获取文档列表 |
+| `/api/docs/{id}` | GET | 获取文档内容 |
+
+## 项目结构
+
+```
+kiro_proxy/
+├── main.py                    # FastAPI 应用入口
+├── config.py                  # 全局配置
+├── converters.py              # 协议转换
+│
+├── core/                      # 核心模块
+│   ├── account.py            # 账号管理
+│   ├── state.py              # 全局状态
+│   ├── persistence.py        # 配置持久化
+│   ├── scheduler.py          # 后台任务调度
+│   ├── stats.py              # 请求统计
+│   ├── retry.py              # 重试机制
+│   ├── browser.py            # 浏览器检测
+│   ├── flow_monitor.py       # 流量监控
+│   └── usage.py              # 用量查询
+│
+├── credential/                # 凭证管理
+│   ├── types.py              # KiroCredentials
+│   ├── fingerprint.py        # Machine ID 生成
+│   ├── quota.py              # 配额管理器
+│   └── refresher.py          # Token 刷新
+│
+├── auth/                      # 认证模块
+│   └── device_flow.py        # Device Code Flow / Social Auth
+│
+├── handlers/                  # API 处理器
+│   ├── anthropic.py          # /v1/messages
+│   ├── openai.py             # /v1/chat/completions
+│   ├── responses.py          # /v1/responses (Codex CLI)
+│   ├── gemini.py             # /v1/models/{model}:generateContent
+│   └── admin.py              # 管理 API
+│
+├── cli.py                     # 命令行工具
+│
+├── docs/                      # 内置文档
+│   ├── 01-quickstart.md      # 快速开始
+│   ├── 02-features.md        # 功能特性
+│   ├── 03-faq.md             # 常见问题
+│   └── 04-api.md             # API 参考
+│
+└── web/
+    └── html.py               # Web UI (组件化单文件)
+```
+
+## 构建
+
+```bash
+# 安装构建依赖
+pip install pyinstaller
+
+# 构建
+python build.py
+```
+
+输出文件在 `dist/` 目录。
+
+## 免责声明
+
+本项目仅供学习研究，禁止商用。使用本项目产生的任何后果由使用者自行承担，与作者无关。
+
+本项目与 Kiro / AWS / Anthropic 官方无关。

KiroProxy/build.py

@@ -0,0 +1,219 @@
+#!/usr/bin/env python3
+"""
+Kiro Proxy Cross-platform Build Script
+Supports: Windows / macOS / Linux
+
+Usage:
+    python build.py          # Build for current platform
+    python build.py --all    # Show all platform instructions
+"""
+
+import os
+import sys
+import shutil
+import subprocess
+from pathlib import Path
+
+from kiro_proxy import __version__ as VERSION
+
+APP_NAME = "KiroProxy"
+MAIN_SCRIPT = "run.py"
+ICON_DIR = Path("assets")
+
+def get_platform():
+    if sys.platform == "win32":
+        return "windows"
+    elif sys.platform == "darwin":
+        return "macos"
+    else:
+        return "linux"
+
+def ensure_pyinstaller():
+    try:
+        import PyInstaller
+        print(f"[OK] PyInstaller {PyInstaller.__version__} installed")
+    except ImportError:
+        print("[..] Installing PyInstaller...")
+        subprocess.run([sys.executable, "-m", "pip", "install", "pyinstaller"], check=True)
+
+def clean_build():
+    for d in ["build", "dist", f"{APP_NAME}.spec"]:
+        if os.path.isdir(d):
+            shutil.rmtree(d)
+        elif os.path.isfile(d):
+            os.remove(d)
+    print("[OK] Cleaned build directories")
+
+def build_app():
+    platform = get_platform()
+    print(f"\n{'='*50}")
+    print(f"  Building {APP_NAME} v{VERSION} - {platform}")
+    print(f"{'='*50}\n")
+    
+    ensure_pyinstaller()
+    clean_build()
+    
+    args = [
+        sys.executable, "-m", "PyInstaller",
+        "--name", APP_NAME,
+        "--onefile",
+        "--clean",
+        "--noconfirm",
+    ]
+    
+    icon_file = None
+    if platform == "windows" and (ICON_DIR / "icon.ico").exists():
+        icon_file = ICON_DIR / "icon.ico"
+    elif platform == "macos" and (ICON_DIR / "icon.icns").exists():
+        icon_file = ICON_DIR / "icon.icns"
+    elif (ICON_DIR / "icon.png").exists():
+        icon_file = ICON_DIR / "icon.png"
+    
+    if icon_file:
+        args.extend(["--icon", str(icon_file)])
+        print(f"[OK] Using icon: {icon_file}")
+    
+    # 添加资源文件打包
+    if (ICON_DIR).exists():
+        if platform == "windows":
+            args.extend(["--add-data", f"{ICON_DIR};assets"])
+        else:
+            args.extend(["--add-data", f"{ICON_DIR}:assets"])
+        print(f"[OK] Adding assets directory")
+    
+    # 添加文档文件打包
+    docs_dir = Path("kiro_proxy/docs")
+    if docs_dir.exists():
+        if platform == "windows":
+            args.extend(["--add-data", f"{docs_dir};kiro_proxy/docs"])
+        else:
+            args.extend(["--add-data", f"{docs_dir}:kiro_proxy/docs"])
+        print(f"[OK] Adding docs directory")
+    
+    hidden_imports = [
+        "uvicorn.logging",
+        "uvicorn.protocols.http",
+        "uvicorn.protocols.http.auto",
+        "uvicorn.protocols.http.h11_impl",
+        "uvicorn.protocols.websockets",
+        "uvicorn.protocols.websockets.auto",
+        "uvicorn.lifespan",
+        "uvicorn.lifespan.on",
+        "httpx",
+        "httpx._transports",
+        "httpx._transports.default",
+        "anyio",
+        "anyio._backends",
+        "anyio._backends._asyncio",
+    ]
+    for imp in hidden_imports:
+        args.extend(["--hidden-import", imp])
+    
+    args.append(MAIN_SCRIPT)
+    args = [a for a in args if a]
+    
+    print(f"[..] Running: {' '.join(args)}\n")
+    result = subprocess.run(args)
+    
+    if result.returncode == 0:
+        if platform == "windows":
+            output = Path("dist") / f"{APP_NAME}.exe"
+        else:
+            output = Path("dist") / APP_NAME
+        
+        if output.exists():
+            size_mb = output.stat().st_size / (1024 * 1024)
+            print(f"\n{'='*50}")
+            print(f"  [OK] Build successful!")
+            print(f"  Output: {output}")
+            print(f"  Size: {size_mb:.1f} MB")
+            print(f"{'='*50}")
+            
+            create_release_package(platform, output)
+        else:
+            print("[FAIL] Build failed: output file not found")
+            sys.exit(1)
+    else:
+        print("[FAIL] Build failed")
+        sys.exit(1)
+
+def create_release_package(platform, binary_path):
+    release_dir = Path("release")
+    release_dir.mkdir(exist_ok=True)
+    
+    if platform == "windows":
+        archive_name = f"{APP_NAME}-{VERSION}-Windows"
+        shutil.copy(binary_path, release_dir / f"{APP_NAME}.exe")
+        shutil.make_archive(
+            str(release_dir / archive_name),
+            "zip",
+            release_dir,
+            f"{APP_NAME}.exe"
+        )
+        (release_dir / f"{APP_NAME}.exe").unlink()
+        print(f"  Release: release/{archive_name}.zip")
+        
+    elif platform == "macos":
+        archive_name = f"{APP_NAME}-{VERSION}-macOS"
+        shutil.copy(binary_path, release_dir / APP_NAME)
+        os.chmod(release_dir / APP_NAME, 0o755)
+        shutil.make_archive(
+            str(release_dir / archive_name),
+            "zip",
+            release_dir,
+            APP_NAME
+        )
+        (release_dir / APP_NAME).unlink()
+        print(f"  Release: release/{archive_name}.zip")
+        
+    else:
+        archive_name = f"{APP_NAME}-{VERSION}-Linux"
+        shutil.copy(binary_path, release_dir / APP_NAME)
+        os.chmod(release_dir / APP_NAME, 0o755)
+        shutil.make_archive(
+            str(release_dir / archive_name),
+            "gztar",
+            release_dir,
+            APP_NAME
+        )
+        (release_dir / APP_NAME).unlink()
+        print(f"  Release: release/{archive_name}.tar.gz")
+
+def show_all_platforms():
+    print(f"""
+{'='*60}
+  Kiro Proxy Cross-platform Build Instructions
+{'='*60}
+
+This script must run on the target platform.
+
+[Windows]
+  Run on Windows:
+    python build.py
+  
+  Output: release/KiroProxy-{VERSION}-Windows.zip
+
+[macOS]
+  Run on macOS:
+    python build.py
+  
+  Output: release/KiroProxy-{VERSION}-macOS.zip
+
+[Linux]
+  Run on Linux:
+    python build.py
+  
+  Output: release/KiroProxy-{VERSION}-Linux.tar.gz
+
+[GitHub Actions]
+  Push to GitHub and Actions will build all platforms.
+  See .github/workflows/build.yml
+
+{'='*60}
+""")
+
+if __name__ == "__main__":
+    if "--all" in sys.argv or "-a" in sys.argv:
+        show_all_platforms()
+    else:
+        build_app()

KiroProxy/examples/quota_display_example.py

@@ -0,0 +1,95 @@
+"""展示额度重置时间功能的示例"""
+import json
+from datetime import datetime
+
+
+def generate_quota_display_example():
+    """生成额度显示示例"""
+    
+    # 模拟账号的额度信息（从 API 获取）
+    quota_data = {
+        "subscription_title": "Kiro Pro",
+        "usage_limit": 700.0,
+        "current_usage": 150.0,
+        "balance": 550.0,
+        "usage_percent": 21.4,
+        "is_low_balance": False,
+        "is_exhausted": False,
+        "balance_status": "normal",
+        
+        # 免费试用信息
+        "free_trial_limit": 500.0,
+        "free_trial_usage": 100.0,
+        "free_trial_expiry": "2026-02-13T23:59:59Z",
+        "trial_expiry_text": "2026-02-13",
+        
+        # 奖励信息
+        "bonus_limit": 150.0,
+        "bonus_usage": 25.0,
+        "bonus_expiries": ["2026-03-01T23:59:59Z", "2026-02-28T23:59:59Z"],
+        "active_bonuses": 2,
+        
+        # 重置时间
+        "next_reset_date": "2026-02-01T00:00:00Z",
+        "reset_date_text": "2026-02-01",
+        
+        # 更新时间
+        "updated_at": "2分钟前",
+        "error": None
+    }
+    
+    # 生成 HTML 显示片段（类似在 Web 界面中的显示）
+    html_template = """
+<div class="account-quota-section">
+  <div class="quota-header">
+    <span>已用/总额</span>
+    <span>{current_usage:.1f} / {usage_limit:.1f}</span>
+  </div>
+  <div class="progress-bar">
+    <div class="progress-fill" style="width: {usage_percent:.1f}%"></div>
+  </div>
+  <div class="quota-detail">
+    <span>试用: {free_trial_usage:.0f}/{free_trial_limit:.0f}</span>
+    <span>奖励: {bonus_usage:.0f}/{bonus_limit:.0f} ({active_bonuses}个)</span>
+    <span>更新: {updated_at}</span>
+  </div>
+  <div class="quota-reset-info">
+    <span>🔄 重置: {reset_date_text}</span>
+    <span>🎁 试用过期: {trial_expiry_text}</span>
+  </div>
+</div>
+    """.format(**quota_data)
+    
+    print("=== 额度信息展示示例 ===")
+    print(html_template)
+    
+    # 生成卡片式展示
+    card_template = """
+<div class="quota-card">
+  <h3>主配额</h3>
+  <div class="quota-amount">{current_usage:.0f} / {usage_limit:.0f}</div>
+  <div class="quota-reset">2026-02-01 重置</div>
+</div>
+<div class="quota-card">
+  <h3>免费试用</h3>
+  <div class="quota-amount">{free_trial_usage:.0f} / {free_trial_limit:.0f}</div>
+  <div class="quota-expiry">ACTIVE</div>
+  <div class="quota-reset">2026-02-13 过期</div>
+</div>
+<div class="quota-card">
+  <h3>奖励总计</h3>
+  <div class="quota-amount">{bonus_usage:.0f} / {bonus_limit:.0f}</div>
+  <div class="quota-expiry">{active_bonuses}个生效奖励</div>
+</div>
+    """.format(**quota_data)
+    
+    print("\n=== 卡片式展示（如图所示）===")
+    print(card_template)
+    
+    # 生成 JSON 数据
+    print("\n=== JSON 数据格式 ===")
+    print(json.dumps(quota_data, indent=2, ensure_ascii=False))
+
+
+if __name__ == "__main__":
+    generate_quota_display_example()

KiroProxy/examples/test_quota_display.html

@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <title>额度重置时间测试</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            padding: 20px;
+            background: #f5f5f5;
+        }
+        .account-card {
+            background: white;
+            border-radius: 10px;
+            padding: 20px;
+            margin-bottom: 20px;
+            box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+        }
+        .quota-header {
+            display: flex;
+            justify-content: space-between;
+            margin-bottom: 10px;
+            font-weight: bold;
+        }
+        .progress-bar {
+            background: #e0e0e0;
+            border-radius: 4px;
+            height: 10px;
+            margin-bottom: 10px;
+            overflow: hidden;
+        }
+        .progress-fill {
+            background: #4CAF50;
+            height: 100%;
+            transition: width 0.3s;
+        }
+        .quota-detail {
+            display: flex;
+            gap: 20px;
+            font-size: 0.9em;
+            color: #666;
+            margin-bottom: 10px;
+        }
+        .quota-reset-info {
+            display: flex;
+            gap: 20px;
+            font-size: 0.8em;
+            color: #888;
+        }
+        .badge {
+            padding: 2px 8px;
+            border-radius: 4px;
+            font-size: 0.8em;
+        }
+        .badge.success { background: #4CAF50; color: white; }
+        .badge.error { background: #f44336; color: white; }
+    </style>
+</head>
+<body>
+    <h1>额度重置时间测试</h1>
+    <div id="accountsContainer"></div>
+
+    <script>
+        async function loadAccounts() {
+            try {
+                const response = await fetch('http://localhost:8080/api/accounts/status');
+                const data = await response.json();
+                
+                const container = document.getElementById('accountsContainer');
+                container.innerHTML = '';
+                
+                data.accounts.forEach(account => {
+                    const quota = account.quota;
+                    if (!quota) return;
+                    
+                    const usedPercent = quota.usage_limit > 0 ? (quota.current_usage / quota.usage_limit * 100) : 0;
+                    const isExhausted = quota.is_exhausted;
+                    
+                    const card = document.createElement('div');
+                    card.className = 'account-card';
+                    card.innerHTML = `
+                        <h3>${account.name} <span class="badge ${isExhausted ? 'error' : 'success'}">${isExhausted ? '额度耗尽' : '正常'}</span></h3>
+                        <div class="quota-header">
+                            <span>已用/总额</span>
+                            <span>${quota.current_usage.toFixed(1)} / ${quota.usage_limit.toFixed(1)}</span>
+                        </div>
+                        <div class="progress-bar">
+                            <div class="progress-fill" style="width: ${usedPercent}%"></div>
+                        </div>
+                        <div class="quota-detail">
+                            <span>试用: ${quota.free_trial_usage.toFixed(0)}/${quota.free_trial_limit.toFixed(0)}</span>
+                            <span>奖励: ${quota.bonus_usage.toFixed(0)}/${quota.bonus_limit.toFixed(0)} (${quota.active_bonuses}个)</span>
+                            <span>更新: ${quota.updated_at || '未知'}</span>
+                        </div>
+                        ${quota.reset_date_text || quota.trial_expiry_text ? `
+                        <div class="quota-reset-info">
+                            ${quota.reset_date_text ? `<span>🔄 重置: ${quota.reset_date_text}</span>` : ''}
+                            ${quota.trial_expiry_text ? `<span>🎁 试用过期: ${quota.trial_expiry_text}</span>` : ''}
+                        </div>
+                        ` : ''}
+                    `;
+                    
+                    container.appendChild(card);
+                });
+            } catch (error) {
+                console.error('加载失败:', error);
+                document.getElementById('accountsContainer').innerHTML = '<p>加载失败，请确保服务器正在运行</p>';
+            }
+        }
+        
+        // 页面加载时获取数据
+        loadAccounts();
+        
+        // 每30秒刷新一次
+        setInterval(loadAccounts, 30000);
+    </script>
+</body>
+</html>

KiroProxy/kiro_proxy/__init__.py

@@ -0,0 +1,2 @@
+# Kiro API Proxy
+__version__ = "1.7.1"

KiroProxy/kiro_proxy/__main__.py

@@ -0,0 +1,5 @@
+from .cli import main
+
+
+if __name__ == "__main__":
+    main()

KiroProxy/kiro_proxy/auth/__init__.py

@@ -0,0 +1,32 @@
+"""Kiro 认证模块"""
+from .device_flow import (
+    start_device_flow,
+    poll_device_flow,
+    cancel_device_flow,
+    get_login_state,
+    save_credentials_to_file,
+    DeviceFlowState,
+    # Social Auth
+    start_social_auth,
+    exchange_social_auth_token,
+    cancel_social_auth,
+    get_social_auth_state,
+    start_callback_server,
+    wait_for_callback,
+)
+
+__all__ = [
+    "start_device_flow",
+    "poll_device_flow",
+    "cancel_device_flow",
+    "get_login_state",
+    "save_credentials_to_file",
+    "DeviceFlowState",
+    # Social Auth
+    "start_social_auth",
+    "exchange_social_auth_token",
+    "cancel_social_auth",
+    "get_social_auth_state",
+    "start_callback_server",
+    "wait_for_callback",
+]

KiroProxy/kiro_proxy/auth/device_flow.py

@@ -0,0 +1,603 @@
+"""Kiro Device Code Flow 登录
+
+实现 AWS OIDC Device Authorization Flow:
+1. 注册 OIDC 客户端 -> 获取 clientId + clientSecret
+2. 发起设备授权 -> 获取 deviceCode + userCode + verificationUri
+3. 用户在浏览器中输入 userCode 完成授权
+4. 轮询 Token -> 获取 accessToken + refreshToken
+
+Social Auth (Google/GitHub):
+1. 生成 PKCE code_verifier 和 code_challenge
+2. 构建登录 URL，打开浏览器
+3. 启动本地回调服务器接收授权码
+4. 用授权码交换 Token
+"""
+import json
+import time
+import httpx
+import secrets
+import hashlib
+import base64
+import asyncio
+from pathlib import Path
+from dataclasses import dataclass, asdict
+from typing import Optional, Tuple
+from datetime import datetime, timezone
+
+
+@dataclass
+class DeviceFlowState:
+    """设备授权流程状态"""
+    client_id: str
+    client_secret: str
+    device_code: str
+    user_code: str
+    verification_uri: str
+    interval: int
+    expires_at: int
+    region: str
+    started_at: float
+
+
+@dataclass
+class SocialAuthState:
+    """Social Auth 登录状态"""
+    provider: str  # Google / Github
+    code_verifier: str
+    code_challenge: str
+    oauth_state: str
+    expires_at: int
+    started_at: float
+
+
+# 全局登录状态
+_login_state: Optional[DeviceFlowState] = None
+_social_auth_state: Optional[SocialAuthState] = None
+_callback_server = None
+
+# Kiro OIDC 配置
+KIRO_START_URL = "https://view.awsapps.com/start"
+KIRO_AUTH_ENDPOINT = "https://prod.us-east-1.auth.desktop.kiro.dev"
+KIRO_SCOPES = [
+    "codewhisperer:completions",
+    "codewhisperer:analysis",
+    "codewhisperer:conversations",
+    "codewhisperer:transformations",
+    "codewhisperer:taskassist",
+]
+
+
+def get_login_state() -> Optional[dict]:
+    """获取当前登录状态"""
+    global _login_state
+    if _login_state is None:
+        return None
+    
+    # 检查是否过期
+    if time.time() > _login_state.expires_at:
+        _login_state = None
+        return None
+    
+    return {
+        "user_code": _login_state.user_code,
+        "verification_uri": _login_state.verification_uri,
+        "expires_in": int(_login_state.expires_at - time.time()),
+        "interval": _login_state.interval,
+    }
+
+
+async def start_device_flow(region: str = "us-east-1") -> Tuple[bool, dict]:
+    """
+    启动设备授权流程
+    
+    Returns:
+        (success, result_or_error)
+    """
+    global _login_state
+    
+    oidc_base = f"https://oidc.{region}.amazonaws.com"
+    
+    async with httpx.AsyncClient(timeout=30) as client:
+        # Step 1: 注册 OIDC 客户端
+        print(f"[DeviceFlow] Step 1: 注册 OIDC 客户端...")
+        
+        reg_body = {
+            "clientName": "Kiro Proxy",
+            "clientType": "public",
+            "scopes": KIRO_SCOPES,
+            "grantTypes": ["urn:ietf:params:oauth:grant-type:device_code", "refresh_token"],
+            "issuerUrl": KIRO_START_URL
+        }
+        
+        try:
+            reg_resp = await client.post(
+                f"{oidc_base}/client/register",
+                json=reg_body,
+                headers={"Content-Type": "application/json"}
+            )
+        except Exception as e:
+            return False, {"error": f"注册客户端请求失败: {e}"}
+        
+        if reg_resp.status_code != 200:
+            return False, {"error": f"注册客户端失败: {reg_resp.text}"}
+        
+        reg_data = reg_resp.json()
+        client_id = reg_data.get("clientId")
+        client_secret = reg_data.get("clientSecret")
+        
+        if not client_id or not client_secret:
+            return False, {"error": "注册响应缺少 clientId 或 clientSecret"}
+        
+        print(f"[DeviceFlow] 客户端注册成功: {client_id[:20]}...")
+        
+        # Step 2: 发起设备授权
+        print(f"[DeviceFlow] Step 2: 发起设备授权...")
+        
+        auth_body = {
+            "clientId": client_id,
+            "clientSecret": client_secret,
+            "startUrl": KIRO_START_URL
+        }
+        
+        try:
+            auth_resp = await client.post(
+                f"{oidc_base}/device_authorization",
+                json=auth_body,
+                headers={"Content-Type": "application/json"}
+            )
+        except Exception as e:
+            return False, {"error": f"设备授权请求失败: {e}"}
+        
+        if auth_resp.status_code != 200:
+            return False, {"error": f"设备授权失败: {auth_resp.text}"}
+        
+        auth_data = auth_resp.json()
+        device_code = auth_data.get("deviceCode")
+        user_code = auth_data.get("userCode")
+        verification_uri = auth_data.get("verificationUriComplete") or auth_data.get("verificationUri")
+        interval = auth_data.get("interval", 5)
+        expires_in = auth_data.get("expiresIn", 600)
+        
+        if not device_code or not user_code or not verification_uri:
+            return False, {"error": "设备授权响应缺少必要字��"}
+        
+        print(f"[DeviceFlow] 设备码获取成功: {user_code}")
+        
+        # 保存状态
+        _login_state = DeviceFlowState(
+            client_id=client_id,
+            client_secret=client_secret,
+            device_code=device_code,
+            user_code=user_code,
+            verification_uri=verification_uri,
+            interval=interval,
+            expires_at=int(time.time() + expires_in),
+            region=region,
+            started_at=time.time()
+        )
+        
+        return True, {
+            "user_code": user_code,
+            "verification_uri": verification_uri,
+            "expires_in": expires_in,
+            "interval": interval,
+        }
+
+
+async def poll_device_flow() -> Tuple[bool, dict]:
+    """
+    轮询设备授权状态
+    
+    Returns:
+        (success, result_or_error)
+        - success=True, result={"completed": True, "credentials": {...}} 授权完成
+        - success=True, result={"completed": False, "status": "pending"} 等待中
+        - success=False, result={"error": "..."} 错误
+    """
+    global _login_state
+    
+    if _login_state is None:
+        return False, {"error": "没有进行中的登录"}
+    
+    # 检查是否过期
+    if time.time() > _login_state.expires_at:
+        _login_state = None
+        return False, {"error": "授权已过期，请重新开始"}
+    
+    oidc_base = f"https://oidc.{_login_state.region}.amazonaws.com"
+    
+    token_body = {
+        "clientId": _login_state.client_id,
+        "clientSecret": _login_state.client_secret,
+        "grantType": "urn:ietf:params:oauth:grant-type:device_code",
+        "deviceCode": _login_state.device_code
+    }
+    
+    async with httpx.AsyncClient(timeout=30) as client:
+        try:
+            token_resp = await client.post(
+                f"{oidc_base}/token",
+                json=token_body,
+                headers={"Content-Type": "application/json"}
+            )
+        except Exception as e:
+            return False, {"error": f"Token 请求失败: {e}"}
+        
+        if token_resp.status_code == 200:
+            # 授权成功
+            token_data = token_resp.json()
+            
+            credentials = {
+                "accessToken": token_data.get("accessToken"),
+                "refreshToken": token_data.get("refreshToken"),
+                "expiresAt": datetime.now(timezone.utc).isoformat(),
+                "clientId": _login_state.client_id,
+                "clientSecret": _login_state.client_secret,
+                "region": _login_state.region,
+                "authMethod": "idc",
+            }
+            
+            # 计算过期时间
+            if expires_in := token_data.get("expiresIn"):
+                from datetime import timedelta
+                expires_at = datetime.now(timezone.utc) + timedelta(seconds=expires_in)
+                credentials["expiresAt"] = expires_at.isoformat()
+            
+            # 清除状态
+            _login_state = None
+            
+            print(f"[DeviceFlow] 授权成功！")
+            return True, {"completed": True, "credentials": credentials}
+        
+        # 检查错误类型
+        try:
+            error_data = token_resp.json()
+            error_code = error_data.get("error", "")
+        except:
+            error_code = ""
+        
+        if error_code == "authorization_pending":
+            # 用户还未完成授权
+            return True, {"completed": False, "status": "pending"}
+        elif error_code == "slow_down":
+            # 请求太频繁
+            return True, {"completed": False, "status": "slow_down"}
+        elif error_code == "expired_token":
+            _login_state = None
+            return False, {"error": "授权已过期，请重新开始"}
+        elif error_code == "access_denied":
+            _login_state = None
+            return False, {"error": "用户拒绝授权"}
+        else:
+            return False, {"error": f"Token 请求失败: {token_resp.text}"}
+
+
+def cancel_device_flow() -> bool:
+    """取消设备授权流程"""
+    global _login_state
+    if _login_state is not None:
+        _login_state = None
+        return True
+    return False
+
+
+async def save_credentials_to_file(credentials: dict, name: str = "kiro-proxy-auth") -> str:
+    """
+    保存凭证到文件
+    
+    支持的字段:
+    - accessToken, refreshToken, profileArn, expiresAt
+    - clientId, clientSecret (IDC 认证)
+    - region, authMethod, provider
+    
+    Returns:
+        保存的文件路径
+    """
+    from ..config import TOKEN_DIR
+    TOKEN_DIR.mkdir(parents=True, exist_ok=True)
+    
+    # 生成文件名
+    file_path = TOKEN_DIR / f"{name}.json"
+    
+    # 如果文件已存在，合并现有数据
+    existing = {}
+    if file_path.exists():
+        try:
+            with open(file_path, "r") as f:
+                existing = json.load(f)
+        except Exception:
+            pass
+    
+    # 更新凭证（只更新非空值）
+    for key, value in credentials.items():
+        if value is not None:
+            existing[key] = value
+    
+    with open(file_path, "w") as f:
+        json.dump(existing, f, indent=2)
+    
+    print(f"[DeviceFlow] 凭证已保存到: {file_path}")
+    return str(file_path)
+
+
+# ==================== Social Auth (Google/GitHub) ====================
+
+def _generate_code_verifier() -> str:
+    """生成 PKCE code_verifier"""
+    return secrets.token_urlsafe(64)[:128]
+
+
+def _generate_code_challenge(verifier: str) -> str:
+    """生成 PKCE code_challenge (SHA256)"""
+    digest = hashlib.sha256(verifier.encode()).digest()
+    return base64.urlsafe_b64encode(digest).rstrip(b'=').decode()
+
+
+def _generate_oauth_state() -> str:
+    """生成 OAuth state"""
+    return secrets.token_urlsafe(32)
+
+
+def get_social_auth_state() -> Optional[dict]:
+    """获取当前 Social Auth 状态"""
+    global _social_auth_state
+    if _social_auth_state is None:
+        return None
+    
+    if time.time() > _social_auth_state.expires_at:
+        _social_auth_state = None
+        return None
+    
+    return {
+        "provider": _social_auth_state.provider,
+        "expires_in": int(_social_auth_state.expires_at - time.time()),
+    }
+
+
+async def start_social_auth(provider: str, redirect_uri: str = None) -> Tuple[bool, dict]:
+    """
+    启动 Social Auth 登录 (Google/GitHub)
+    
+    Args:
+        provider: "google" 或 "github"
+        redirect_uri: 回调地址，默认使用 Kiro 官方回调地址
+    
+    Returns:
+        (success, result_or_error)
+    """
+    global _social_auth_state
+    
+    # 验证 provider
+    provider_normalized = provider.lower()
+    if provider_normalized == "google":
+        provider_normalized = "Google"
+    elif provider_normalized == "github":
+        provider_normalized = "Github"
+    else:
+        return False, {"error": f"不支持的登录提供商: {provider}"}
+    
+    print(f"[SocialAuth] 开始 {provider_normalized} 登录流程")
+    
+    # 生成 PKCE
+    code_verifier = _generate_code_verifier()
+    code_challenge = _generate_code_challenge(code_verifier)
+    oauth_state = _generate_oauth_state()
+    
+    # 回调地址 - 使用 Kiro 官方的回调地址（已在 Cognito 中注册）
+    # 参考 Kiro-account-manager: kiro://kiro.kiroAgent/authenticate-success
+    if redirect_uri is None:
+        redirect_uri = "kiro://kiro.kiroAgent/authenticate-success"
+    
+    # 构建登录 URL (使用 /login 端点，参考 Kiro-account-manager)
+    from urllib.parse import quote, urlencode
+    
+    # 使用 urlencode 确保参数正确编码
+    params = {
+        "idp": provider_normalized,
+        "redirect_uri": redirect_uri,
+        "code_challenge": code_challenge,
+        "code_challenge_method": "S256",
+        "state": oauth_state,
+    }
+    login_url = f"{KIRO_AUTH_ENDPOINT}/login?{urlencode(params)}"
+    
+    print(f"[SocialAuth] ========== Social Auth 登录 ==========")
+    print(f"[SocialAuth] Provider: {provider_normalized}")
+    print(f"[SocialAuth] Redirect URI: {redirect_uri}")
+    print(f"[SocialAuth] Code Challenge: {code_challenge[:20]}...")
+    print(f"[SocialAuth] State: {oauth_state}")
+    print(f"[SocialAuth] 登录 URL: {login_url}")
+    print(f"[SocialAuth] =========================================")
+    
+    # 保存状态（10 分钟过期）
+    _social_auth_state = SocialAuthState(
+        provider=provider_normalized,
+        code_verifier=code_verifier,
+        code_challenge=code_challenge,
+        oauth_state=oauth_state,
+        expires_at=int(time.time() + 600),
+        started_at=time.time(),
+    )
+    
+    return True, {
+        "login_url": login_url,
+        "state": oauth_state,
+        "provider": provider_normalized,
+        "redirect_uri": redirect_uri,
+    }
+
+
+async def exchange_social_auth_token(code: str, state: str, redirect_uri: str = None) -> Tuple[bool, dict]:
+    """
+    用授权码交换 Token
+    
+    参考 Kiro-account-manager 实现:
+    - 端点: https://prod.us-east-1.auth.desktop.kiro.dev/oauth/token
+    - 请求体: {code, code_verifier, redirect_uri}
+    - 响应: {accessToken, refreshToken, profileArn, expiresIn}
+    
+    Args:
+        code: 授权码
+        state: OAuth state
+        redirect_uri: 回调地址（需要与 start_social_auth 中使用的一致）
+    
+    Returns:
+        (success, result_or_error)
+    """
+    global _social_auth_state
+    
+    if _social_auth_state is None:
+        return False, {"error": "没有进行中的社交登录"}
+    
+    # 验证 state
+    if state != _social_auth_state.oauth_state:
+        _social_auth_state = None
+        return False, {"error": "OAuth state 不匹配"}
+    
+    # 检查过期
+    if time.time() > _social_auth_state.expires_at:
+        _social_auth_state = None
+        return False, {"error": "登录已过期，请重新开始"}
+    
+    print(f"[SocialAuth] 交换 Token...")
+    
+    # 回调地址 - 需要与 start_social_auth 中使��的一致
+    # 使用 Kiro 官方的回调地址
+    if redirect_uri is None:
+        redirect_uri = "kiro://kiro.kiroAgent/authenticate-success"
+    
+    # 交换 Token (参考 Kiro-account-manager 的请求格式)
+    token_body = {
+        "code": code,
+        "code_verifier": _social_auth_state.code_verifier,
+        "redirect_uri": redirect_uri,
+    }
+    
+    async with httpx.AsyncClient(timeout=30) as client:
+        try:
+            token_resp = await client.post(
+                f"{KIRO_AUTH_ENDPOINT}/oauth/token",
+                json=token_body,
+                headers={"Content-Type": "application/json"}
+            )
+        except Exception as e:
+            _social_auth_state = None
+            return False, {"error": f"Token 请求失败: {e}"}
+        
+        if token_resp.status_code != 200:
+            error_text = token_resp.text
+            _social_auth_state = None
+            return False, {"error": f"Token 交换失败: {error_text}"}
+        
+        token_data = token_resp.json()
+        
+        # 解析响应 (参考 Kiro-account-manager 的响应格式)
+        # 响应字段: accessToken, refreshToken, profileArn, expiresIn
+        provider = _social_auth_state.provider
+        
+        credentials = {
+            "accessToken": token_data.get("accessToken") or token_data.get("access_token"),
+            "refreshToken": token_data.get("refreshToken") or token_data.get("refresh_token"),
+            "profileArn": token_data.get("profileArn"),
+            "expiresAt": datetime.now(timezone.utc).isoformat(),
+            "authMethod": "social",
+            "provider": provider,  # 保存 provider 字段
+        }
+        
+        # 计算过期时间
+        expires_in = token_data.get("expiresIn") or token_data.get("expires_in")
+        if expires_in:
+            from datetime import timedelta
+            expires_at = datetime.now(timezone.utc) + timedelta(seconds=expires_in)
+            credentials["expiresAt"] = expires_at.isoformat()
+        
+        _social_auth_state = None
+        
+        print(f"[SocialAuth] {provider} 登录成功！")
+        return True, {"completed": True, "credentials": credentials, "provider": provider}
+
+
+def cancel_social_auth() -> bool:
+    """取消 Social Auth 登录"""
+    global _social_auth_state
+    if _social_auth_state is not None:
+        _social_auth_state = None
+        return True
+    return False
+
+
+# ==================== 回调服务器 ====================
+
+_callback_result = None
+_callback_event = None
+
+async def start_callback_server() -> Tuple[bool, dict]:
+    """启动本地回调服务器"""
+    global _callback_result, _callback_event
+    
+    from aiohttp import web
+    
+    _callback_result = None
+    _callback_event = asyncio.Event()
+    
+    async def handle_callback(request):
+        global _callback_result
+        code = request.query.get("code")
+        state = request.query.get("state")
+        error = request.query.get("error")
+        
+        if error:
+            _callback_result = {"error": error}
+        elif code and state:
+            _callback_result = {"code": code, "state": state}
+        else:
+            _callback_result = {"error": "缺少授权码"}
+        
+        _callback_event.set()
+        
+        # 返回成功页面
+        html = """
+        <html>
+        <head><title>登录成功</title></head>
+        <body style="font-family:sans-serif;text-align:center;padding:50px">
+            <h1>✅ 登录成功</h1>
+            <p>您可以关闭此窗口并返回 Kiro Proxy</p>
+            <script>setTimeout(()=>window.close(),2000)</script>
+        </body>
+        </html>
+        """
+        return web.Response(text=html, content_type="text/html")
+    
+    app = web.Application()
+    app.router.add_get("/kiro-social-callback", handle_callback)
+    
+    runner = web.AppRunner(app)
+    await runner.setup()
+    
+    try:
+        site = web.TCPSite(runner, "127.0.0.1", 19823)
+        await site.start()
+        print("[SocialAuth] 回调服务器已启动: http://127.0.0.1:19823")
+        return True, {"port": 19823}
+    except Exception as e:
+        return False, {"error": f"启动回调服务器失败: {e}"}
+
+
+async def wait_for_callback(timeout: int = 300) -> Tuple[bool, dict]:
+    """等待回调"""
+    global _callback_result, _callback_event
+    
+    if _callback_event is None:
+        return False, {"error": "回调服务器未启动"}
+    
+    try:
+        await asyncio.wait_for(_callback_event.wait(), timeout=timeout)
+        
+        if _callback_result and "code" in _callback_result:
+            return True, _callback_result
+        elif _callback_result and "error" in _callback_result:
+            return False, _callback_result
+        else:
+            return False, {"error": "未收到有效回调"}
+    except asyncio.TimeoutError:
+        return False, {"error": "等待回调超时"}

KiroProxy/kiro_proxy/cli.py

@@ -0,0 +1,375 @@
+#!/usr/bin/env python3
+"""Kiro Proxy CLI - 轻量命令行工具"""
+import argparse
+import asyncio
+import json
+import sys
+from pathlib import Path
+
+from . import __version__
+
+
+def cmd_serve(args):
+    """启动代理服务"""
+    from .main import run
+    run(port=args.port)
+
+
+def cmd_accounts_list(args):
+    """列出所有账号"""
+    from .core import state
+    accounts = state.get_accounts_status()
+    if not accounts:
+        print("暂无账号")
+        return
+    print(f"{'ID':<10} {'名称':<20} {'状态':<10} {'请求数':<8}")
+    print("-" * 50)
+    for acc in accounts:
+        print(f"{acc['id']:<10} {acc['name']:<20} {acc['status']:<10} {acc['request_count']:<8}")
+
+
+def cmd_accounts_export(args):
+    """导出账号配置"""
+    from .core import state
+    accounts_data = []
+    for acc in state.accounts:
+        creds = acc.get_credentials()
+        if creds:
+            accounts_data.append({
+                "name": acc.name,
+                "enabled": acc.enabled,
+                "credentials": {
+                    "accessToken": creds.access_token,
+                    "refreshToken": creds.refresh_token,
+                    "expiresAt": creds.expires_at,
+                    "region": creds.region,
+                    "authMethod": creds.auth_method,
+                }
+            })
+    
+    output = {"accounts": accounts_data, "version": "1.0"}
+    
+    if args.output:
+        Path(args.output).write_text(json.dumps(output, indent=2, ensure_ascii=False))
+        print(f"已导出 {len(accounts_data)} 个账号到 {args.output}")
+    else:
+        print(json.dumps(output, indent=2, ensure_ascii=False))
+
+
+def cmd_accounts_import(args):
+    """导入账号配置"""
+    import uuid
+    from .core import state, Account
+    from .auth import save_credentials_to_file
+    
+    data = json.loads(Path(args.file).read_text())
+    accounts_data = data.get("accounts", [])
+    imported = 0
+    
+    for acc_data in accounts_data:
+        creds = acc_data.get("credentials", {})
+        if not creds.get("accessToken"):
+            print(f"跳过 {acc_data.get('name', '未知')}: 缺少 accessToken")
+            continue
+        
+        # 保存凭证到文件
+        file_path = asyncio.run(save_credentials_to_file({
+            "accessToken": creds.get("accessToken"),
+            "refreshToken": creds.get("refreshToken"),
+            "expiresAt": creds.get("expiresAt"),
+            "region": creds.get("region", "us-east-1"),
+            "authMethod": creds.get("authMethod", "social"),
+        }, f"imported-{uuid.uuid4().hex[:8]}"))
+        
+        account = Account(
+            id=uuid.uuid4().hex[:8],
+            name=acc_data.get("name", "导入账号"),
+            token_path=file_path,
+            enabled=acc_data.get("enabled", True)
+        )
+        state.accounts.append(account)
+        account.load_credentials()
+        imported += 1
+        print(f"已导入: {account.name}")
+    
+    state._save_accounts()
+    print(f"\n共导入 {imported} 个账号")
+
+
+def cmd_accounts_add(args):
+    """手动添加 Token"""
+    import uuid
+    from .core import state, Account
+    from .auth import save_credentials_to_file
+    
+    print("手动添加 Kiro 账号")
+    print("-" * 40)
+    
+    name = input("账号名称 [我的账号]: ").strip() or "我的账号"
+    print("\n请粘贴 Access Token:")
+    access_token = input().strip()
+    
+    if not access_token:
+        print("错误: Access Token 不能为空")
+        return
+    
+    print("\n请粘贴 Refresh Token (可选，直接回车跳过):")
+    refresh_token = input().strip() or None
+    
+    # 保存凭证
+    file_path = asyncio.run(save_credentials_to_file({
+        "accessToken": access_token,
+        "refreshToken": refresh_token,
+        "region": "us-east-1",
+        "authMethod": "social",
+    }, f"manual-{uuid.uuid4().hex[:8]}"))
+    
+    account = Account(
+        id=uuid.uuid4().hex[:8],
+        name=name,
+        token_path=file_path
+    )
+    state.accounts.append(account)
+    account.load_credentials()
+    state._save_accounts()
+    
+    print(f"\n✅ 账号已添加: {name} (ID: {account.id})")
+
+
+def cmd_accounts_scan(args):
+    """扫描本地 Token"""
+    import uuid
+    from .core import state, Account
+    from .config import TOKEN_DIR
+    
+    # 扫描新目录
+    found = []
+    if TOKEN_DIR.exists():
+        for f in TOKEN_DIR.glob("*.json"):
+            try:
+                data = json.loads(f.read_text())
+                if "accessToken" in data:
+                    already = any(a.token_path == str(f) for a in state.accounts)
+                    found.append({"path": str(f), "name": f.stem, "already": already})
+            except:
+                pass
+    
+    # 兼容旧目录
+    sso_cache = Path.home() / ".aws/sso/cache"
+    if sso_cache.exists():
+        for f in sso_cache.glob("*.json"):
+            try:
+                data = json.loads(f.read_text())
+                if "accessToken" in data:
+                    already = any(a.token_path == str(f) for a in state.accounts)
+                    found.append({"path": str(f), "name": f.stem + " (旧目录)", "already": already})
+            except:
+                pass
+    
+    if not found:
+        print("未找到 Token 文件")
+        print(f"Token 目录: {TOKEN_DIR}")
+        return
+    
+    print(f"找到 {len(found)} 个 Token:\n")
+    for i, t in enumerate(found):
+        status = "[已添加]" if t["already"] else ""
+        print(f"  {i+1}. {t['name']} {status}")
+    
+    if args.auto:
+        # 自动添加所有未添加的
+        added = 0
+        for t in found:
+            if not t["already"]:
+                account = Account(
+                    id=uuid.uuid4().hex[:8],
+                    name=t["name"],
+                    token_path=t["path"]
+                )
+                state.accounts.append(account)
+                account.load_credentials()
+                added += 1
+        state._save_accounts()
+        print(f"\n已添加 {added} 个账号")
+    else:
+        print("\n使用 --auto 自动添加所有未添加的账号")
+
+
+def cmd_login_remote(args):
+    """生成远程登录链接"""
+    import uuid
+    import time
+    
+    session_id = uuid.uuid4().hex
+    host = args.host or "localhost:8080"
+    scheme = "https" if args.https else "http"
+    
+    print("远程登录链接")
+    print("-" * 40)
+    print(f"\n将以下链接发送到有浏览器的机器上完成登录:\n")
+    print(f"  {scheme}://{host}/remote-login/{session_id}")
+    print(f"\n链接有效期 10 分钟")
+    print("\n登录完成后，在那台机器上导出账号，然后在这里导入:")
+    print(f"  python -m kiro_proxy accounts import xxx.json")
+
+
+def cmd_login_social(args):
+    """Social 登录 (Google/GitHub)"""
+    from .auth import start_social_auth
+    
+    provider = args.provider
+    print(f"启动 {provider.title()} 登录...")
+    
+    success, result = asyncio.run(start_social_auth(provider))
+    if not success:
+        print(f"错误: {result.get('error', '未知错误')}")
+        return
+    
+    print(f"\n请在浏览器中打开以下链接完成授权:\n")
+    print(f"  {result['login_url']}")
+    print(f"\n授权完成后，将浏览器地址栏中的完整 URL 粘贴到这里:")
+    callback_url = input().strip()
+    
+    if not callback_url:
+        print("已取消")
+        return
+    
+    try:
+        from urllib.parse import urlparse, parse_qs
+        parsed = urlparse(callback_url)
+        params = parse_qs(parsed.query)
+        code = params.get("code", [None])[0]
+        oauth_state = params.get("state", [None])[0]
+        
+        if not code or not oauth_state:
+            print("错误: 无效的回调 URL")
+            return
+        
+        from .auth import exchange_social_auth_token
+        success, result = asyncio.run(exchange_social_auth_token(code, oauth_state))
+        
+        if success and result.get("completed"):
+            import uuid
+            from .core import state, Account
+            from .auth import save_credentials_to_file
+            
+            credentials = result["credentials"]
+            file_path = asyncio.run(save_credentials_to_file(
+                credentials, f"cli-{provider}"
+            ))
+            
+            account = Account(
+                id=uuid.uuid4().hex[:8],
+                name=f"{provider.title()} 登录",
+                token_path=file_path
+            )
+            state.accounts.append(account)
+            account.load_credentials()
+            state._save_accounts()
+            
+            print(f"\n✅ 登录成功! 账号已添加: {account.name}")
+        else:
+            print(f"错误: {result.get('error', '登录失败')}")
+    except Exception as e:
+        print(f"错误: {e}")
+
+
+def cmd_status(args):
+    """查看服务状态"""
+    from .core import state
+    stats = state.get_stats()
+    
+    print("Kiro Proxy 状态")
+    print("-" * 40)
+    print(f"运行时间: {stats['uptime_seconds']} 秒")
+    print(f"总请求数: {stats['total_requests']}")
+    print(f"错误数: {stats['total_errors']}")
+    print(f"错误率: {stats['error_rate']}")
+    print(f"账号总数: {stats['accounts_total']}")
+    print(f"可用账号: {stats['accounts_available']}")
+    print(f"冷却中: {stats['accounts_cooldown']}")
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        prog="kiro-proxy",
+        description="Kiro API Proxy CLI"
+    )
+    parser.add_argument("-v", "--version", action="version", version=__version__)
+    
+    subparsers = parser.add_subparsers(dest="command", help="命令")
+    
+    # serve
+    serve_parser = subparsers.add_parser("serve", help="启动代理服务")
+    serve_parser.add_argument("-p", "--port", type=int, default=8080, help="端口号")
+    serve_parser.set_defaults(func=cmd_serve)
+    
+    # status
+    status_parser = subparsers.add_parser("status", help="查看状态")
+    status_parser.set_defaults(func=cmd_status)
+    
+    # accounts
+    accounts_parser = subparsers.add_parser("accounts", help="账号管理")
+    accounts_sub = accounts_parser.add_subparsers(dest="accounts_cmd")
+    
+    # accounts list
+    list_parser = accounts_sub.add_parser("list", help="列出账号")
+    list_parser.set_defaults(func=cmd_accounts_list)
+    
+    # accounts export
+    export_parser = accounts_sub.add_parser("export", help="导出账号")
+    export_parser.add_argument("-o", "--output", help="输出文件")
+    export_parser.set_defaults(func=cmd_accounts_export)
+    
+    # accounts import
+    import_parser = accounts_sub.add_parser("import", help="导入账号")
+    import_parser.add_argument("file", help="JSON 文件路径")
+    import_parser.set_defaults(func=cmd_accounts_import)
+    
+    # accounts add
+    add_parser = accounts_sub.add_parser("add", help="手动添加 Token")
+    add_parser.set_defaults(func=cmd_accounts_add)
+    
+    # accounts scan
+    scan_parser = accounts_sub.add_parser("scan", help="扫描本地 Token")
+    scan_parser.add_argument("--auto", action="store_true", help="自动添加")
+    scan_parser.set_defaults(func=cmd_accounts_scan)
+    
+    # login
+    login_parser = subparsers.add_parser("login", help="登录")
+    login_sub = login_parser.add_subparsers(dest="login_cmd")
+    
+    # login remote
+    remote_parser = login_sub.add_parser("remote", help="生成远程登录链接")
+    remote_parser.add_argument("--host", help="服务器地址 (如 example.com:8080)")
+    remote_parser.add_argument("--https", action="store_true", help="使用 HTTPS")
+    remote_parser.set_defaults(func=cmd_login_remote)
+    
+    # login google
+    google_parser = login_sub.add_parser("google", help="Google 登录")
+    google_parser.set_defaults(func=cmd_login_social, provider="google")
+    
+    # login github
+    github_parser = login_sub.add_parser("github", help="GitHub 登录")
+    github_parser.set_defaults(func=cmd_login_social, provider="github")
+    
+    args = parser.parse_args()
+    
+    if not args.command:
+        parser.print_help()
+        return
+    
+    if args.command == "accounts" and not args.accounts_cmd:
+        accounts_parser.print_help()
+        return
+    
+    if args.command == "login" and not args.login_cmd:
+        login_parser.print_help()
+        return
+    
+    if hasattr(args, "func"):
+        args.func(args)
+
+
+if __name__ == "__main__":
+    main()

KiroProxy/kiro_proxy/config.py

@@ -0,0 +1,133 @@
+"""配置模块"""
+from pathlib import Path
+
+KIRO_API_URL = "https://q.us-east-1.amazonaws.com/generateAssistantResponse"
+MODELS_URL = "https://q.us-east-1.amazonaws.com/ListAvailableModels"
+
+# 统一数据目录 (所有配置文件都在这里)
+DATA_DIR = Path.home() / ".kiro-proxy"
+
+# Token 存储目录
+TOKEN_DIR = DATA_DIR / "tokens"
+
+# 默认 Token 路径 (兼容旧代码)
+TOKEN_PATH = TOKEN_DIR / "kiro-auth-token.json"
+
+# 配额管理配置
+QUOTA_COOLDOWN_SECONDS = 300  # 配额超限冷却时间（秒）
+
+# 模型映射
+MODEL_MAPPING = {
+    # Claude 3.5 -> Kiro Claude 4
+    "claude-3-5-sonnet-20241022": "claude-sonnet-4",
+    "claude-3-5-sonnet-latest": "claude-sonnet-4",
+    "claude-3-5-sonnet": "claude-sonnet-4",
+    "claude-3-5-haiku-20241022": "claude-haiku-4.5",
+    "claude-3-5-haiku-latest": "claude-haiku-4.5",
+    # Claude 3
+    "claude-3-opus-20240229": "claude-sonnet-4.5",
+    "claude-3-opus-latest": "claude-sonnet-4.5",
+    "claude-3-sonnet-20240229": "claude-sonnet-4",
+    "claude-3-haiku-20240307": "claude-haiku-4.5",
+    # Claude 4
+    "claude-4-sonnet": "claude-sonnet-4",
+    "claude-4-opus": "claude-sonnet-4.5",
+    # OpenAI GPT -> Claude
+    "gpt-4o": "claude-sonnet-4",
+    "gpt-4o-mini": "claude-haiku-4.5",
+    "gpt-4-turbo": "claude-sonnet-4",
+    "gpt-4": "claude-sonnet-4",
+    "gpt-3.5-turbo": "claude-haiku-4.5",
+    # OpenAI o1 -> Claude Opus
+    "o1": "claude-sonnet-4.5",
+    "o1-preview": "claude-sonnet-4.5",
+    "o1-mini": "claude-sonnet-4",
+    # Gemini -> Claude
+    "gemini-2.0-flash": "claude-sonnet-4",
+    "gemini-2.0-flash-thinking": "claude-sonnet-4.5",
+    "gemini-1.5-pro": "claude-sonnet-4.5",
+    "gemini-1.5-flash": "claude-sonnet-4",
+    # 别名
+    "sonnet": "claude-sonnet-4",
+    "haiku": "claude-haiku-4.5",
+    "opus": "claude-sonnet-4.5",
+}
+
+KIRO_MODELS = {"auto", "claude-sonnet-4.5", "claude-sonnet-4", "claude-haiku-4.5"}
+
+def get_best_model_by_tier(tier: str, available_models: set = None) -> str:
+    """根据等级获取最佳可用模型（等级对等 + 智能降级）"""
+    if available_models is None:
+        available_models = KIRO_MODELS
+
+    # 等级对等映射 + 降级路径
+    TIER_PRIORITIES = {
+        # Opus: 最强 → 次强 → 快速 → 自动
+        "opus": ["claude-sonnet-4.5", "claude-sonnet-4", "claude-haiku-4.5", "auto"],
+
+        # Sonnet: 高性能 → 最强 → 标准 → 快速 → 自动
+        "sonnet": ["claude-sonnet-4.5", "claude-sonnet-4", "claude-haiku-4.5", "auto"],
+
+        # Haiku: 快速 → 标准 → 高性能 → 自动
+        "haiku": ["claude-haiku-4.5", "claude-sonnet-4", "claude-sonnet-4.5", "auto"],
+    }
+
+    priorities = TIER_PRIORITIES.get(tier, TIER_PRIORITIES["sonnet"])
+
+    # 选择第一个可用的模型
+    for model in priorities:
+        if model in available_models:
+            return model
+
+    return "auto"  # 最终回退
+
+
+def detect_model_tier(model: str) -> str:
+    """智能检测模型等级"""
+    if not model:
+        return "sonnet"  # 默认中等
+
+    model_lower = model.lower()
+
+    # 特殊模型优先检测（避免被通用关键词误判）
+    if "gemini" in model_lower:
+        if any(keyword in model_lower for keyword in ["1.5-pro", "pro"]):
+            return "opus"
+        elif any(keyword in model_lower for keyword in ["2.0", "flash"]):
+            return "sonnet"  # Gemini 2.0 和 flash 系列归为 sonnet
+
+    # 等级关键词检测（优先级从高到低）
+    # Opus 等级 - 最强模型
+    if any(keyword in model_lower for keyword in ["opus", "o1", "max", "ultra", "premium"]):
+        return "opus"
+
+    # Haiku 等级 - 快速模型（需要排除 sonnet 中的 3.5）
+    if any(keyword in model_lower for keyword in ["haiku", "mini", "light", "fast", "turbo"]):
+        return "haiku"
+    # 特殊处理：gpt-3.5 系列属于 haiku
+    if "3.5" in model_lower and "sonnet" not in model_lower:
+        return "haiku"
+
+    # Sonnet 等级 - 平衡模型
+    if any(keyword in model_lower for keyword in ["sonnet", "4o", "4", "standard", "base"]):
+        return "sonnet"
+
+    return "sonnet"  # 默认中等
+
+
+def map_model_name(model: str, available_models: set = None) -> str:
+    """将外部模型名称映射到 Kiro 支持的名称（支持动态模型选择）"""
+    if not model:
+        return "auto"
+
+    # 1. 精确匹配优先
+    if model in MODEL_MAPPING:
+        return MODEL_MAPPING[model]
+    if model in KIRO_MODELS:
+        return model
+
+    # 2. 智能等级检测 + 动态选择
+    tier = detect_model_tier(model)
+    best_model = get_best_model_by_tier(tier, available_models)
+
+    return best_model

KiroProxy/kiro_proxy/converters/__init__.py

@@ -0,0 +1,1196 @@
+"""协议转换模块 - Anthropic/OpenAI/Gemini <-> Kiro
+
+增强版：参考 proxycast 实现
+- 工具数量限制（最多 50 个）
+- 工具描述截断（最多 500 字符）
+- 历史消息交替修复
+- OpenAI tool 角色消息处理
+- tool_choice: required 支持
+- web_search 特殊工具支持
+- tool_results 去重
+"""
+import json
+import hashlib
+import re
+from typing import List, Dict, Any, Tuple, Optional
+
+# 常量
+MAX_TOOLS = 50
+MAX_TOOL_DESCRIPTION_LENGTH = 500
+
+
+def generate_session_id(messages: list) -> str:
+    """基于消息内容生成会话ID"""
+    content = json.dumps(messages[:3], sort_keys=True)
+    return hashlib.sha256(content.encode()).hexdigest()[:16]
+
+
+def extract_images_from_content(content) -> Tuple[str, List[dict]]:
+    """从消息内容中提取文本和图片
+    
+    Returns:
+        (text_content, images_list)
+    """
+    if isinstance(content, str):
+        return content, []
+    
+    if not isinstance(content, list):
+        return str(content) if content else "", []
+    
+    text_parts = []
+    images = []
+    
+    for block in content:
+        if isinstance(block, str):
+            text_parts.append(block)
+        elif isinstance(block, dict):
+            block_type = block.get("type", "")
+            
+            if block_type == "text":
+                text_parts.append(block.get("text", ""))
+            
+            elif block_type == "image":
+                # Anthropic 格式
+                source = block.get("source", {})
+                media_type = source.get("media_type", "image/jpeg")
+                data = source.get("data", "")
+                
+                fmt = "jpeg"
+                if "png" in media_type:
+                    fmt = "png"
+                elif "gif" in media_type:
+                    fmt = "gif"
+                elif "webp" in media_type:
+                    fmt = "webp"
+                
+                if data:
+                    images.append({
+                        "format": fmt,
+                        "source": {"bytes": data}
+                    })
+            
+            elif block_type == "image_url":
+                # OpenAI 格式
+                image_url = block.get("image_url", {})
+                url = image_url.get("url", "")
+                
+                if url.startswith("data:"):
+                    match = re.match(r'data:image/(\w+);base64,(.+)', url)
+                    if match:
+                        fmt = match.group(1)
+                        data = match.group(2)
+                        images.append({
+                            "format": fmt,
+                            "source": {"bytes": data}
+                        })
+    
+    return "\n".join(text_parts), images
+
+
+def truncate_description(desc: str, max_length: int = MAX_TOOL_DESCRIPTION_LENGTH) -> str:
+    """截断工具描述"""
+    if len(desc) <= max_length:
+        return desc
+    return desc[:max_length - 3] + "..."
+
+
+# ==================== Anthropic 转换 ====================
+
+def convert_anthropic_tools_to_kiro(tools: List[dict]) -> List[dict]:
+    """将 Anthropic 工具格式转换为 Kiro 格式
+    
+    增强：
+    - 限制最多 50 个工具
+    - 截断过长的描述
+    - 支持 web_search 特殊工具
+    """
+    kiro_tools = []
+    function_count = 0
+    
+    for tool in tools:
+        name = tool.get("name", "")
+        
+        # 特殊工具：web_search
+        if name in ("web_search", "web_search_20250305"):
+            kiro_tools.append({
+                "webSearchTool": {
+                    "type": "web_search"
+                }
+            })
+            continue
+        
+        # 限制工具数量
+        if function_count >= MAX_TOOLS:
+            continue
+        function_count += 1
+        
+        description = tool.get("description", f"Tool: {name}")
+        description = truncate_description(description)
+        
+        input_schema = tool.get("input_schema", {"type": "object", "properties": {}})
+        
+        kiro_tools.append({
+            "toolSpecification": {
+                "name": name,
+                "description": description,
+                "inputSchema": {
+                    "json": input_schema
+                }
+            }
+        })
+    
+    return kiro_tools
+
+
+def fix_history_alternation(history: List[dict], model_id: str = "claude-sonnet-4") -> List[dict]:
+    """修复历史记录，确保 user/assistant 严格交替，并验证 toolUses/toolResults 配对
+    
+    Kiro API 规则：
+    1. 消息必须严格交替：user -> assistant -> user -> assistant
+    2. 当 assistant 有 toolUses 时，下一条 user 必须有对应的 toolResults
+    3. 当 assistant 没有 toolUses 时，下一条 user 不能有 toolResults
+    """
+    if not history:
+        return history
+    
+    # 深拷贝以避免修改原始数据
+    import copy
+    history = copy.deepcopy(history)
+    
+    fixed = []
+    
+    for i, item in enumerate(history):
+        is_user = "userInputMessage" in item
+        is_assistant = "assistantResponseMessage" in item
+        
+        if is_user:
+            # 检查上一条是否也是 user
+            if fixed and "userInputMessage" in fixed[-1]:
+                # 检查当前消息是否有 tool_results
+                user_msg = item["userInputMessage"]
+                ctx = user_msg.get("userInputMessageContext", {})
+                has_tool_results = bool(ctx.get("toolResults"))
+                
+                if has_tool_results:
+                    # 合并 tool_results 到上一条 user 消息
+                    new_results = ctx["toolResults"]
+                    last_user = fixed[-1]["userInputMessage"]
+                    
+                    if "userInputMessageContext" not in last_user:
+                        last_user["userInputMessageContext"] = {}
+                    
+                    last_ctx = last_user["userInputMessageContext"]
+                    if "toolResults" in last_ctx and last_ctx["toolResults"]:
+                        last_ctx["toolResults"].extend(new_results)
+                    else:
+                        last_ctx["toolResults"] = new_results
+                    continue
+                else:
+                    # 插入一个占位 assistant 消息（不带 toolUses）
+                    fixed.append({
+                        "assistantResponseMessage": {
+                            "content": "I understand."
+                        }
+                    })
+            
+            # 验证 toolResults 与前一个 assistant 的 toolUses 配对
+            if fixed and "assistantResponseMessage" in fixed[-1]:
+                last_assistant = fixed[-1]["assistantResponseMessage"]
+                has_tool_uses = bool(last_assistant.get("toolUses"))
+                
+                user_msg = item["userInputMessage"]
+                ctx = user_msg.get("userInputMessageContext", {})
+                has_tool_results = bool(ctx.get("toolResults"))
+                
+                if has_tool_uses and not has_tool_results:
+                    # assistant 有 toolUses 但 user 没有 toolResults
+                    # 这是不允许的：不要删除 toolUses（否则会破坏后续上下文/导致 tool_use 轮次丢失）
+                    # 改为在本条 user 前插入一个“工具结果占位” user 消息，与 toolUses 严格配对。
+                    placeholder_results = []
+                    for tu in (last_assistant.get("toolUses") or []):
+                        tuid = ""
+                        if isinstance(tu, dict):
+                            tuid = tu.get("toolUseId") or ""
+                        if tuid:
+                            placeholder_results.append({
+                                "content": [{"text": ""}],
+                                "status": "success",
+                                "toolUseId": tuid,
+                            })
+                    fixed.append({
+                        "userInputMessage": {
+                            "content": "Tool results provided.",
+                            "modelId": model_id,
+                            "origin": "AI_EDITOR",
+                            "userInputMessageContext": {
+                                "toolResults": placeholder_results
+                            }
+                        }
+                    })
+                elif not has_tool_uses and has_tool_results:
+                    # assistant 没有 toolUses 但 user 有 toolResults
+                    # 这是不允许的，需要清除 user 的 toolResults
+                    item["userInputMessage"].pop("userInputMessageContext", None)
+            
+            fixed.append(item)
+        
+        elif is_assistant:
+            # 检查上一条是否也是 assistant
+            if fixed and "assistantResponseMessage" in fixed[-1]:
+                # 插入一个占位 user 消息（不带 toolResults）
+                fixed.append({
+                    "userInputMessage": {
+                        "content": "Continue",
+                        "modelId": model_id,
+                        "origin": "AI_EDITOR"
+                    }
+                })
+            
+            # 如果历史为空，先插入一个 user 消息
+            if not fixed:
+                fixed.append({
+                    "userInputMessage": {
+                        "content": "Continue",
+                        "modelId": model_id,
+                        "origin": "AI_EDITOR"
+                    }
+                })
+            
+            fixed.append(item)
+    
+    # 确保以 assistant 结尾（如果最后是 user，添加占位 assistant）
+    if fixed and "userInputMessage" in fixed[-1]:
+        # 不需要清除 toolResults，因为它是与前一个 assistant 的 toolUses 配对的
+        # 占位 assistant 只是为了满足交替规则
+        fixed.append({
+            "assistantResponseMessage": {
+                "content": "I understand."
+            }
+        })
+    
+    return fixed
+
+
+def convert_anthropic_messages_to_kiro(messages: List[dict], system="") -> Tuple[str, List[dict], List[dict]]:
+    """将 Anthropic 消息格式转换为 Kiro 格式
+    
+    Returns:
+        (user_content, history, tool_results)
+    """
+    history = []
+    user_content = ""
+    current_tool_results = []
+
+    def _strip_thinking(text: str) -> str:
+        if text is None:
+            return ""
+        if not isinstance(text, str):
+            text = str(text)
+        if not text:
+            return ""
+        cleaned = text
+        while True:
+            start = find_real_thinking_start_tag(cleaned)
+            if start == -1:
+                break
+            end = find_real_thinking_end_tag(cleaned, start + len("<thinking>"))
+            if end == -1:
+                cleaned = cleaned[:start].rstrip()
+                break
+            before = cleaned[:start].rstrip()
+            after = cleaned[end + len("</thinking>"):].lstrip()
+            if before and after:
+                cleaned = before + "\n" + after
+            else:
+                cleaned = before or after
+        return cleaned.strip()
+    
+    # 处理 system
+    system_text = ""
+    if isinstance(system, list):
+        for block in system:
+            if isinstance(block, dict) and block.get("type") == "text":
+                system_text += block.get("text", "") + "\n"
+            elif isinstance(block, str):
+                system_text += block + "\n"
+        system_text = system_text.strip()
+    elif isinstance(system, str):
+        system_text = system
+
+    system_text = _strip_thinking(system_text)
+    
+    for i, msg in enumerate(messages):
+        role = msg.get("role", "")
+        content = msg.get("content", "")
+        is_last = (i == len(messages) - 1)
+        
+        # 处理 content 列表
+        tool_results = []
+        text_parts = []
+        
+        if isinstance(content, list):
+            for block in content:
+                if isinstance(block, dict):
+                    if block.get("type") == "text":
+                        text_parts.append(block.get("text", ""))
+                    elif block.get("type") == "tool_result":
+                        tr_content = block.get("content", "")
+                        if isinstance(tr_content, list):
+                            tr_text_parts = []
+                            for tc in tr_content:
+                                if isinstance(tc, dict) and tc.get("type") == "text":
+                                    tr_text_parts.append(tc.get("text", ""))
+                                elif isinstance(tc, str):
+                                    tr_text_parts.append(tc)
+                            tr_content = "\n".join(tr_text_parts)
+                        
+                        # 处理 is_error
+                        status = "error" if block.get("is_error") else "success"
+                        
+                        tool_results.append({
+                            "content": [{"text": str(tr_content)}],
+                            "status": status,
+                            "toolUseId": block.get("tool_use_id", "")
+                        })
+                elif isinstance(block, str):
+                    text_parts.append(block)
+            
+            content = "\n".join(text_parts) if text_parts else ""
+
+        content = _strip_thinking(content)
+        
+        # 处理工具结果
+        if tool_results:
+            # 去重
+            seen_ids = set()
+            unique_results = []
+            for tr in tool_results:
+                if tr["toolUseId"] not in seen_ids:
+                    seen_ids.add(tr["toolUseId"])
+                    unique_results.append(tr)
+            tool_results = unique_results
+            
+            if is_last:
+                current_tool_results = tool_results
+                user_content = content if content else "Tool results provided."
+            else:
+                history.append({
+                    "userInputMessage": {
+                        "content": content if content else "Tool results provided.",
+                        "modelId": "claude-sonnet-4",
+                        "origin": "AI_EDITOR",
+                        "userInputMessageContext": {
+                            "toolResults": tool_results
+                        }
+                    }
+                })
+            continue
+        
+        if role == "user":
+            if system_text and not history:
+                content = f"{system_text}\n\n{content}" if content else system_text
+
+            content = _strip_thinking(content)
+            
+            if is_last:
+                user_content = content if content else "Continue"
+            else:
+                history.append({
+                    "userInputMessage": {
+                        "content": content if content else "Continue",
+                        "modelId": "claude-sonnet-4",
+                        "origin": "AI_EDITOR"
+                    }
+                })
+        
+        elif role == "assistant":
+            tool_uses = []
+            assistant_text = ""
+            
+            if isinstance(msg.get("content"), list):
+                text_parts = []
+                for block in msg["content"]:
+                    if isinstance(block, dict):
+                        if block.get("type") == "tool_use":
+                            tool_uses.append({
+                                "toolUseId": block.get("id", ""),
+                                "name": block.get("name", ""),
+                                "input": block.get("input", {})
+                            })
+                        elif block.get("type") == "text":
+                            text_parts.append(block.get("text", ""))
+                assistant_text = "\n".join(text_parts)
+            else:
+                assistant_text = content if isinstance(content, str) else ""
+
+            assistant_text = _strip_thinking(assistant_text)
+
+            if not assistant_text and not tool_uses:
+                continue
+            
+            # 确保 assistant 消息有内容
+            if not assistant_text:
+                assistant_text = "I understand."
+            
+            assistant_msg = {
+                "assistantResponseMessage": {
+                    "content": assistant_text
+                }
+            }
+            # 只有在有 toolUses 时才添加这个字段
+            if tool_uses:
+                assistant_msg["assistantResponseMessage"]["toolUses"] = tool_uses
+            
+            history.append(assistant_msg)
+    
+    # 修复历史交替
+    history = fix_history_alternation(history)
+    
+    return user_content, history, current_tool_results
+
+
+def convert_kiro_response_to_anthropic(result: dict, model: str, msg_id: str) -> dict:
+    """将 Kiro 响应转换为 Anthropic 格式"""
+    content = []
+    text = "".join(result["content"])
+    if text:
+        content.append({"type": "text", "text": text})
+    
+    for tool_use in result["tool_uses"]:
+        content.append(tool_use)
+    
+    return {
+        "id": msg_id,
+        "type": "message",
+        "role": "assistant",
+        "content": content,
+        "model": model,
+        "stop_reason": result["stop_reason"],
+        "stop_sequence": None,
+        "usage": {"input_tokens": 100, "output_tokens": 100}
+    }
+
+
+# ==================== OpenAI 转换 ====================
+
+def is_tool_choice_required(tool_choice) -> bool:
+    """检查 tool_choice 是否为 required"""
+    if isinstance(tool_choice, dict):
+        t = tool_choice.get("type", "")
+        return t in ("any", "tool", "required")
+    elif isinstance(tool_choice, str):
+        return tool_choice in ("required", "any")
+    return False
+
+
+def convert_openai_tools_to_kiro(tools: List[dict]) -> List[dict]:
+    """将 OpenAI 工具格式转换为 Kiro 格式"""
+    kiro_tools = []
+    function_count = 0
+    
+    for tool in tools:
+        tool_type = tool.get("type", "function")
+        
+        # 特殊工具
+        if tool_type == "web_search":
+            kiro_tools.append({
+                "webSearchTool": {
+                    "type": "web_search"
+                }
+            })
+            continue
+        
+        if tool_type != "function":
+            continue
+        
+        # 限制工具数量
+        if function_count >= MAX_TOOLS:
+            continue
+        function_count += 1
+        
+        func = tool.get("function", {})
+        name = func.get("name", "")
+        description = func.get("description", f"Tool: {name}")
+        description = truncate_description(description)
+        parameters = func.get("parameters", {"type": "object", "properties": {}})
+        
+        kiro_tools.append({
+            "toolSpecification": {
+                "name": name,
+                "description": description,
+                "inputSchema": {
+                    "json": parameters
+                }
+            }
+        })
+    
+    return kiro_tools
+
+
+def convert_openai_messages_to_kiro(
+    messages: List[dict], 
+    model: str,
+    tools: List[dict] = None,
+    tool_choice = None
+) -> Tuple[str, List[dict], List[dict], List[dict]]:
+    """将 OpenAI 消息格式转换为 Kiro 格式
+    
+    增强：
+    - 支持 tool 角色消息
+    - 支持 assistant 的 tool_calls
+    - 支持 tool_choice: required
+    - 历史交替修复
+    
+    Returns:
+        (user_content, history, tool_results, kiro_tools)
+    """
+    system_content = ""
+    history = []
+    user_content = ""
+    current_tool_results = []
+    pending_tool_results = []  # 待处理的 tool 消息
+    
+    # 处理 tool_choice: required
+    tool_instruction = ""
+    if is_tool_choice_required(tool_choice) and tools:
+        tool_instruction = "\n\n[CRITICAL INSTRUCTION] You MUST use one of the provided tools to respond. Do NOT respond with plain text. Call a tool function immediately."
+    
+    for i, msg in enumerate(messages):
+        role = msg.get("role", "")
+        content = msg.get("content", "")
+        is_last = (i == len(messages) - 1)
+        
+        # 提取文本内容
+        if isinstance(content, list):
+            content = " ".join([c.get("text", "") for c in content if c.get("type") == "text"])
+        if not content:
+            content = ""
+        
+        if role == "system":
+            system_content = content + tool_instruction
+        
+        elif role == "tool":
+            # OpenAI tool 角色消息 -> Kiro toolResults
+            tool_call_id = msg.get("tool_call_id", "")
+            pending_tool_results.append({
+                "content": [{"text": str(content)}],
+                "status": "success",
+                "toolUseId": tool_call_id
+            })
+        
+        elif role == "user":
+            # 如果有待处理的 tool results，先处理
+            if pending_tool_results:
+                # 去重
+                seen_ids = set()
+                unique_results = []
+                for tr in pending_tool_results:
+                    if tr["toolUseId"] not in seen_ids:
+                        seen_ids.add(tr["toolUseId"])
+                        unique_results.append(tr)
+                
+                if is_last:
+                    current_tool_results = unique_results
+                else:
+                    history.append({
+                        "userInputMessage": {
+                            "content": "Tool results provided.",
+                            "modelId": model,
+                            "origin": "AI_EDITOR",
+                            "userInputMessageContext": {
+                                "toolResults": unique_results
+                            }
+                        }
+                    })
+                pending_tool_results = []
+            
+            # 合并 system prompt
+            if system_content and not history:
+                content = f"{system_content}\n\n{content}"
+            
+            if is_last:
+                user_content = content
+            else:
+                history.append({
+                    "userInputMessage": {
+                        "content": content,
+                        "modelId": model,
+                        "origin": "AI_EDITOR"
+                    }
+                })
+        
+        elif role == "assistant":
+            # 如果有待处理的 tool results，先创建 user 消息
+            if pending_tool_results:
+                seen_ids = set()
+                unique_results = []
+                for tr in pending_tool_results:
+                    if tr["toolUseId"] not in seen_ids:
+                        seen_ids.add(tr["toolUseId"])
+                        unique_results.append(tr)
+                
+                history.append({
+                    "userInputMessage": {
+                        "content": "Tool results provided.",
+                        "modelId": model,
+                        "origin": "AI_EDITOR",
+                        "userInputMessageContext": {
+                            "toolResults": unique_results
+                        }
+                    }
+                })
+                pending_tool_results = []
+            
+            # 处理 tool_calls
+            tool_uses = []
+            tool_calls = msg.get("tool_calls", [])
+            for tc in tool_calls:
+                func = tc.get("function", {})
+                args_str = func.get("arguments", "{}")
+                try:
+                    args = json.loads(args_str)
+                except:
+                    args = {}
+                
+                tool_uses.append({
+                    "toolUseId": tc.get("id", ""),
+                    "name": func.get("name", ""),
+                    "input": args
+                })
+            
+            assistant_text = content if content else "I understand."
+            
+            assistant_msg = {
+                "assistantResponseMessage": {
+                    "content": assistant_text
+                }
+            }
+            # 只有在有 toolUses 时才添加这个字段
+            if tool_uses:
+                assistant_msg["assistantResponseMessage"]["toolUses"] = tool_uses
+            
+            history.append(assistant_msg)
+    
+    # 处理末尾的 tool results
+    if pending_tool_results:
+        seen_ids = set()
+        unique_results = []
+        for tr in pending_tool_results:
+            if tr["toolUseId"] not in seen_ids:
+                seen_ids.add(tr["toolUseId"])
+                unique_results.append(tr)
+        current_tool_results = unique_results
+        if not user_content:
+            user_content = "Tool results provided."
+    
+    # 如果没有用户消息
+    if not user_content:
+        user_content = messages[-1].get("content", "") if messages else "Continue"
+        if isinstance(user_content, list):
+            user_content = " ".join([c.get("text", "") for c in user_content if c.get("type") == "text"])
+        if not user_content:
+            user_content = "Continue"
+    
+    # 历史不包含最后一条用户消息
+    if history and "userInputMessage" in history[-1]:
+        history = history[:-1]
+    
+    # 修复历史交替
+    history = fix_history_alternation(history, model)
+    
+    # 转换工具
+    kiro_tools = convert_openai_tools_to_kiro(tools) if tools else []
+    
+    return user_content, history, current_tool_results, kiro_tools
+
+
+def convert_kiro_response_to_openai(result: dict, model: str, msg_id: str) -> dict:
+    """将 Kiro 响应转换为 OpenAI 格式"""
+    text = "".join(result["content"])
+    tool_calls = []
+    
+    for tool_use in result.get("tool_uses", []):
+        if tool_use.get("type") == "tool_use":
+            tool_calls.append({
+                "id": tool_use.get("id", ""),
+                "type": "function",
+                "function": {
+                    "name": tool_use.get("name", ""),
+                    "arguments": json.dumps(tool_use.get("input", {}))
+                }
+            })
+    
+    # 映射 stop_reason
+    stop_reason = result.get("stop_reason", "stop")
+    finish_reason = "tool_calls" if tool_calls else "stop"
+    if stop_reason == "max_tokens":
+        finish_reason = "length"
+    
+    message = {
+        "role": "assistant",
+        "content": text if text else None
+    }
+    if tool_calls:
+        message["tool_calls"] = tool_calls
+    
+    return {
+        "id": msg_id,
+        "object": "chat.completion",
+        "model": model,
+        "choices": [{
+            "index": 0,
+            "message": message,
+            "finish_reason": finish_reason
+        }],
+        "usage": {
+            "prompt_tokens": 100,
+            "completion_tokens": 100,
+            "total_tokens": 200
+        }
+    }
+
+
+# ==================== Gemini 转换 ====================
+
+def convert_gemini_tools_to_kiro(tools: List[dict]) -> List[dict]:
+    """将 Gemini 工具格式转换为 Kiro 格式
+    
+    Gemini 工具格式：
+    {
+        "functionDeclarations": [
+            {
+                "name": "get_weather",
+                "description": "Get weather info",
+                "parameters": {...}
+            }
+        ]
+    }
+    """
+    kiro_tools = []
+    function_count = 0
+    
+    for tool in tools:
+        # Gemini 的工具定义在 functionDeclarations 中
+        declarations = tool.get("functionDeclarations", [])
+        
+        for func in declarations:
+            # 限制工具数量
+            if function_count >= MAX_TOOLS:
+                break
+            function_count += 1
+            
+            name = func.get("name", "")
+            description = func.get("description", f"Tool: {name}")
+            description = truncate_description(description)
+            parameters = func.get("parameters", {"type": "object", "properties": {}})
+            
+            kiro_tools.append({
+                "toolSpecification": {
+                    "name": name,
+                    "description": description,
+                    "inputSchema": {
+                        "json": parameters
+                    }
+                }
+            })
+    
+    return kiro_tools
+
+
+def convert_gemini_contents_to_kiro(
+    contents: List[dict], 
+    system_instruction: dict, 
+    model: str,
+    tools: List[dict] = None,
+    tool_config: dict = None
+) -> Tuple[str, List[dict], List[dict], List[dict]]:
+    """将 Gemini 消息格式转换为 Kiro 格式
+    
+    增强：
+    - 支持 functionCall 和 functionResponse
+    - 支持 tool_config
+    
+    Returns:
+        (user_content, history, tool_results, kiro_tools)
+    """
+    history = []
+    user_content = ""
+    current_tool_results = []
+    pending_tool_results = []
+    
+    # 处理 system instruction
+    system_text = ""
+    if system_instruction:
+        parts = system_instruction.get("parts", [])
+        system_text = " ".join(p.get("text", "") for p in parts if "text" in p)
+    
+    # 处理 tool_config（类似 tool_choice）
+    tool_instruction = ""
+    if tool_config:
+        mode = tool_config.get("functionCallingConfig", {}).get("mode", "")
+        if mode in ("ANY", "REQUIRED"):
+            tool_instruction = "\n\n[CRITICAL INSTRUCTION] You MUST use one of the provided tools to respond. Do NOT respond with plain text."
+    
+    for i, content in enumerate(contents):
+        role = content.get("role", "user")
+        parts = content.get("parts", [])
+        is_last = (i == len(contents) - 1)
+        
+        # 提取文本和工具调用
+        text_parts = []
+        tool_calls = []
+        tool_responses = []
+        
+        for part in parts:
+            if "text" in part:
+                text_parts.append(part["text"])
+            elif "functionCall" in part:
+                # Gemini 的工具调用
+                fc = part["functionCall"]
+                tool_calls.append({
+                    "toolUseId": fc.get("name", "") + "_" + str(i),  # Gemini 没有 ID，生成一个
+                    "name": fc.get("name", ""),
+                    "input": fc.get("args", {})
+                })
+            elif "functionResponse" in part:
+                # Gemini 的工具响应
+                fr = part["functionResponse"]
+                response_content = fr.get("response", {})
+                if isinstance(response_content, dict):
+                    response_text = json.dumps(response_content)
+                else:
+                    response_text = str(response_content)
+                
+                tool_responses.append({
+                    "content": [{"text": response_text}],
+                    "status": "success",
+                    "toolUseId": fr.get("name", "") + "_" + str(i - 1)  # 匹配上一个调用
+                })
+        
+        text = " ".join(text_parts)
+        
+        if role == "user":
+            # 处理待处理的 tool responses
+            if pending_tool_results:
+                seen_ids = set()
+                unique_results = []
+                for tr in pending_tool_results:
+                    if tr["toolUseId"] not in seen_ids:
+                        seen_ids.add(tr["toolUseId"])
+                        unique_results.append(tr)
+                
+                history.append({
+                    "userInputMessage": {
+                        "content": "Tool results provided.",
+                        "modelId": model,
+                        "origin": "AI_EDITOR",
+                        "userInputMessageContext": {
+                            "toolResults": unique_results
+                        }
+                    }
+                })
+                pending_tool_results = []
+            
+            # 处理 functionResponse（用户消息中的工具响应）
+            if tool_responses:
+                pending_tool_results.extend(tool_responses)
+            
+            # 合并 system prompt
+            if system_text and not history:
+                text = f"{system_text}{tool_instruction}\n\n{text}"
+            
+            if is_last:
+                user_content = text
+                if pending_tool_results:
+                    current_tool_results = pending_tool_results
+                    pending_tool_results = []
+            else:
+                if text:
+                    history.append({
+                        "userInputMessage": {
+                            "content": text,
+                            "modelId": model,
+                            "origin": "AI_EDITOR"
+                        }
+                    })
+        
+        elif role == "model":
+            # 处理待处理的 tool responses
+            if pending_tool_results:
+                seen_ids = set()
+                unique_results = []
+                for tr in pending_tool_results:
+                    if tr["toolUseId"] not in seen_ids:
+                        seen_ids.add(tr["toolUseId"])
+                        unique_results.append(tr)
+                
+                history.append({
+                    "userInputMessage": {
+                        "content": "Tool results provided.",
+                        "modelId": model,
+                        "origin": "AI_EDITOR",
+                        "userInputMessageContext": {
+                            "toolResults": unique_results
+                        }
+                    }
+                })
+                pending_tool_results = []
+            
+            assistant_text = text if text else "I understand."
+            
+            assistant_msg = {
+                "assistantResponseMessage": {
+                    "content": assistant_text
+                }
+            }
+            # 只有在有 toolUses 时才添加这个字段
+            if tool_calls:
+                assistant_msg["assistantResponseMessage"]["toolUses"] = tool_calls
+            
+            history.append(assistant_msg)
+    
+    # 处理末尾的 tool results
+    if pending_tool_results:
+        current_tool_results = pending_tool_results
+        if not user_content:
+            user_content = "Tool results provided."
+    
+    # 如果没有用户消息
+    if not user_content:
+        if contents:
+            last_parts = contents[-1].get("parts", [])
+            user_content = " ".join(p.get("text", "") for p in last_parts if "text" in p)
+        if not user_content:
+            user_content = "Continue"
+    
+    # 修复历史交替
+    history = fix_history_alternation(history, model)
+    
+    # 移除最后一条（当前用户消息）
+    if history and "userInputMessage" in history[-1]:
+        history = history[:-1]
+    
+    # 转换工具
+    kiro_tools = convert_gemini_tools_to_kiro(tools) if tools else []
+    
+    return user_content, history, current_tool_results, kiro_tools
+
+
+def convert_kiro_response_to_gemini(result: dict, model: str) -> dict:
+    """将 Kiro 响应转换为 Gemini 格式"""
+    text = "".join(result.get("content", []))
+    tool_uses = result.get("tool_uses", [])
+    
+    parts = []
+    
+    # 添加文本部分
+    if text:
+        parts.append({"text": text})
+    
+    # 添加工具调用
+    for tool_use in tool_uses:
+        if tool_use.get("type") == "tool_use":
+            parts.append({
+                "functionCall": {
+                    "name": tool_use.get("name", ""),
+                    "args": tool_use.get("input", {})
+                }
+            })
+    
+    # 映射 stop_reason
+    stop_reason = result.get("stop_reason", "STOP")
+    finish_reason = "STOP"
+    if tool_uses:
+        finish_reason = "TOOL_CALLS"
+    elif stop_reason == "max_tokens":
+        finish_reason = "MAX_TOKENS"
+    
+    return {
+        "candidates": [{
+            "content": {
+                "parts": parts,
+                "role": "model"
+            },
+            "finishReason": finish_reason,
+            "index": 0
+        }],
+        "usageMetadata": {
+            "promptTokenCount": 100,
+            "candidatesTokenCount": 100,
+            "totalTokenCount": 200
+        }
+    }
+
+
+# ==================== 思考功能支持 ====================
+
+def generate_thinking_prefix(thinking_type: str = "enabled", budget_tokens: int = 20000) -> str:
+    """生成思考模式的前缀 XML 标签
+    
+    Args:
+        thinking_type: 思考类型，通常为 "enabled"
+        budget_tokens: 思考的 token 预算
+        
+    Returns:
+        XML 格式的思考标签字符串
+    """
+    if thinking_type != "enabled":
+        return ""
+    
+    return f"<thinking_mode>enabled</thinking_mode>\n<max_thinking_length>{budget_tokens}</max_thinking_length>"
+
+
+def has_thinking_tags(text: str) -> bool:
+    """检查文本是否已包含思考标签
+    
+    Args:
+        text: 要检查的文本
+        
+    Returns:
+        如果包含思考标签返回 True
+    """
+    return "<thinking_mode>" in text and "</thinking_mode>" in text
+
+
+def inject_thinking_tags_to_system(system, thinking_type: str = "enabled", budget_tokens: int = 20000):
+    """将思考标签注入到系统消息中
+    
+    Args:
+        system: 原始系统消息 (可以是字符串或列表)
+        thinking_type: 思考类型
+        budget_tokens: 思考的 token 预算
+        
+    Returns:
+        注入思考标签后的系统消息 (保持原始类型)
+    """
+    # 生成思考前缀
+    thinking_prefix = generate_thinking_prefix(thinking_type, budget_tokens)
+    
+    if not thinking_prefix:
+        return system
+    
+    # 处理 system 为列表的情况 (Anthropic API 支持 system 为 content blocks 列表)
+    if isinstance(system, list):
+        # 将列表转换为字符串
+        system_text = ""
+        for block in system:
+            if isinstance(block, dict) and block.get("type") == "text":
+                system_text += block.get("text", "") + "\n"
+            elif isinstance(block, str):
+                system_text += block + "\n"
+        system_text = system_text.strip()
+        
+        if not system_text:
+            return thinking_prefix
+        
+        if has_thinking_tags(system_text):
+            return system
+        
+        # 返回字符串形式
+        return f"{thinking_prefix}\n\n{system_text}"
+    
+    # 处理 system 为字符串的情况
+    if not system or not str(system).strip():
+        return thinking_prefix
+    
+    # 如果已经包含思考标签，不再重复注入
+    if has_thinking_tags(str(system)):
+        return system
+    
+    # 将思考标签插入到系统消息开头
+    return f"{thinking_prefix}\n\n{system}"
+
+
+def find_real_thinking_start_tag(text: str, pos: int = 0) -> int:
+    """查找真正的 <thinking> 标签位置，忽略被引号包围的情况
+    
+    Args:
+        text: 要搜索的文本
+        pos: 开始搜索的位置
+        
+    Returns:
+        找到的标签位置，如果没找到返回 -1
+    """
+    while True:
+        idx = text.find("<thinking>", pos)
+        if idx == -1:
+            return -1
+        
+        # 检查是否被引号包围
+        # 向前查找最近的引号
+        prev_quote = max(
+            text.rfind("`", 0, idx),
+            text.rfind("'", 0, idx),
+            text.rfind('"', 0, idx)
+        )
+        
+        # 如果有引号且引号后没有换行，说明是被包围的
+        if prev_quote != -1:
+            # 检查引号到标签之间是否有换行
+            between = text[prev_quote + 1:idx]
+            if "\n" not in between:
+                pos = idx + len("<thinking>")
+                continue
+        
+        return idx
+
+
+def find_real_thinking_end_tag(text: str, pos: int = 0) -> int:
+    """查找真正的 </thinking> 标签位置，忽略被引号包围的情况
+    
+    Args:
+        text: 要搜索的文本
+        pos: 开始搜索的位置
+        
+    Returns:
+        找到的标签位置，如果没找到返回 -1
+    """
+    while True:
+        idx = text.find("</thinking>", pos)
+        if idx == -1:
+            return -1
+        
+        # 检查是否被引号包围
+        # 向前查找最近的引号
+        prev_quote = max(
+            text.rfind("`", 0, idx),
+            text.rfind("'", 0, idx),
+            text.rfind('"', 0, idx)
+        )
+        
+        # 如果有引号且引号后没有换行，说明是被包围的
+        if prev_quote != -1:
+            # 检查引号到标签之间是否有换行
+            between = text[prev_quote + 1:idx]
+            if "\n" not in between:
+                pos = idx + len("</thinking>")
+                continue
+        
+        return idx
+
+
+def extract_thinking_from_content(content: str) -> Tuple[str, str]:
+    """从内容中提取思考部分和正文部分
+    
+    Args:
+        content: 原始内容
+        
+    Returns:
+        (thinking_content, text_content)
+    """
+    thinking_start = find_real_thinking_start_tag(content)
+    thinking_end = find_real_thinking_end_tag(content)
+    
+    if thinking_start == -1 or thinking_end == -1:
+        return "", content
+    
+    # 提取思考内容（去掉标签）
+    thinking_content = content[thinking_start + len("<thinking>"):thinking_end].strip()
+    
+    # 提取正文内容（去掉思考部分）
+    text_content = content[:thinking_start].strip()
+    after_thinking = content[thinking_end + len("</thinking>"):].strip()
+    if after_thinking:
+        text_content += "\n" + after_thinking
+    
+    return thinking_content, text_content

KiroProxy/kiro_proxy/core/__init__.py

@@ -0,0 +1,55 @@
+"""核心模块"""
+from .state import state, ProxyState, RequestLog
+from .account import Account
+from .persistence import load_config, save_config, CONFIG_FILE
+from .retry import RetryableRequest, is_retryable_error, RETRYABLE_STATUS_CODES
+from .scheduler import scheduler
+from .stats import stats_manager
+from .browser import detect_browsers, open_url, get_browsers_info
+from .flow_monitor import flow_monitor, FlowMonitor, LLMFlow, FlowState, TokenUsage
+from .usage import get_usage_limits, get_account_usage, UsageInfo
+from .history_manager import (
+    HistoryManager, HistoryConfig, TruncateStrategy,
+    get_history_config, set_history_config, update_history_config,
+    is_content_length_error
+)
+from .error_handler import (
+    ErrorType, KiroError, classify_error, is_account_suspended,
+    get_anthropic_error_response, format_error_log
+)
+from .rate_limiter import RateLimiter, RateLimitConfig, rate_limiter, get_rate_limiter
+
+# 新增模块
+from .quota_cache import QuotaCache, CachedQuota, get_quota_cache
+from .account_selector import AccountSelector, SelectionStrategy, get_account_selector
+from .quota_scheduler import QuotaScheduler, get_quota_scheduler
+from .refresh_manager import (
+    RefreshManager, RefreshProgress, RefreshConfig,
+    get_refresh_manager, reset_refresh_manager
+)
+from .kiro_api import kiro_api_request, get_user_info, get_user_email
+
+__all__ = [
+    "state", "ProxyState", "RequestLog", "Account", 
+    "load_config", "save_config", "CONFIG_FILE",
+    "RetryableRequest", "is_retryable_error", "RETRYABLE_STATUS_CODES",
+    "scheduler", "stats_manager",
+    "detect_browsers", "open_url", "get_browsers_info",
+    "flow_monitor", "FlowMonitor", "LLMFlow", "FlowState", "TokenUsage",
+    "get_usage_limits", "get_account_usage", "UsageInfo",
+    "HistoryManager", "HistoryConfig", "TruncateStrategy",
+    "get_history_config", "set_history_config", "update_history_config",
+    "is_content_length_error",
+    "ErrorType", "KiroError", "classify_error", "is_account_suspended",
+    "get_anthropic_error_response", "format_error_log",
+    "RateLimiter", "RateLimitConfig", "rate_limiter", "get_rate_limiter",
+    # 新增导出
+    "QuotaCache", "CachedQuota", "get_quota_cache",
+    "AccountSelector", "SelectionStrategy", "get_account_selector",
+    "QuotaScheduler", "get_quota_scheduler",
+    # RefreshManager 导出
+    "RefreshManager", "RefreshProgress", "RefreshConfig",
+    "get_refresh_manager", "reset_refresh_manager",
+    # Kiro API 导出
+    "kiro_api_request", "get_user_info", "get_user_email",
+]

KiroProxy/kiro_proxy/core/account.py

@@ -0,0 +1,287 @@
+"""账号管理"""
+import json
+import time
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Optional
+
+from ..credential import (
+    KiroCredentials, TokenRefresher, CredentialStatus,
+    generate_machine_id, quota_manager
+)
+
+
+@dataclass
+class Account:
+    """账号信息"""
+    id: str
+    name: str
+    token_path: str
+    enabled: bool = True
+    # 是否因额度耗尽被自动禁用（用于区分手动禁用，避免被自动启用）
+    auto_disabled: bool = False
+    request_count: int = 0
+    error_count: int = 0
+    last_used: Optional[float] = None
+    status: CredentialStatus = CredentialStatus.ACTIVE
+    
+    _credentials: Optional[KiroCredentials] = field(default=None, repr=False)
+    _machine_id: Optional[str] = field(default=None, repr=False)
+    
+    def is_available(self) -> bool:
+        """检查账号是否可用"""
+        if not self.enabled:
+            return False
+        if self.status in (CredentialStatus.DISABLED, CredentialStatus.UNHEALTHY, CredentialStatus.SUSPENDED):
+            return False
+        if not quota_manager.is_available(self.id):
+            return False
+        
+        # 检查额度是否耗尽
+        from .quota_cache import get_quota_cache
+        quota_cache = get_quota_cache()
+        quota = quota_cache.get(self.id)
+        if quota and quota.is_exhausted:
+            return False
+        
+        return True
+    
+    def is_active(self) -> bool:
+        """检查账号是否活跃（最近60秒内使用过）"""
+        from .quota_scheduler import get_quota_scheduler
+        scheduler = get_quota_scheduler()
+        return scheduler.is_active(self.id)
+    
+    def get_priority_order(self) -> Optional[int]:
+        """获取优先级顺序（从1开始），非优先账号返回 None"""
+        from .account_selector import get_account_selector
+        selector = get_account_selector()
+        return selector.get_priority_order(self.id)
+    
+    def is_priority(self) -> bool:
+        """检查是否为优先账号"""
+        return self.get_priority_order() is not None
+    
+    def load_credentials(self) -> Optional[KiroCredentials]:
+        """加载凭证信息"""
+        try:
+            self._credentials = KiroCredentials.from_file(self.token_path)
+            
+            if self._credentials.client_id_hash and not self._credentials.client_id:
+                self._merge_client_credentials()
+            
+            return self._credentials
+        except Exception as e:
+            print(f"[Account] 加载凭证失败 {self.id}: {e}")
+            return None
+    
+    def _merge_client_credentials(self):
+        """合并 clientIdHash 对应的凭证文件"""
+        if not self._credentials or not self._credentials.client_id_hash:
+            return
+        
+        cache_dir = Path(self.token_path).parent
+        hash_file = cache_dir / f"{self._credentials.client_id_hash}.json"
+        
+        if hash_file.exists():
+            try:
+                with open(hash_file) as f:
+                    data = json.load(f)
+                if not self._credentials.client_id:
+                    self._credentials.client_id = data.get("clientId")
+                if not self._credentials.client_secret:
+                    self._credentials.client_secret = data.get("clientSecret")
+            except Exception:
+                pass
+    
+    def get_credentials(self) -> Optional[KiroCredentials]:
+        """获取凭证（带缓存）"""
+        if self._credentials is None:
+            self.load_credentials()
+        return self._credentials
+    
+    def get_token(self) -> str:
+        """获取 access_token"""
+        creds = self.get_credentials()
+        if creds and creds.access_token:
+            return creds.access_token
+        
+        try:
+            with open(self.token_path) as f:
+                return json.load(f).get("accessToken", "")
+        except Exception:
+            return ""
+    
+    def get_machine_id(self) -> str:
+        """获取基于此账号的 Machine ID"""
+        if self._machine_id:
+            return self._machine_id
+        
+        creds = self.get_credentials()
+        if creds:
+            self._machine_id = generate_machine_id(creds.profile_arn, creds.client_id)
+        else:
+            self._machine_id = generate_machine_id()
+        
+        return self._machine_id
+    
+    def is_token_expired(self) -> bool:
+        """检查 token 是否过期"""
+        creds = self.get_credentials()
+        return creds.is_expired() if creds else True
+    
+    def is_token_expiring_soon(self, minutes: int = 10) -> bool:
+        """检查 token 是否即将过期"""
+        creds = self.get_credentials()
+        return creds.is_expiring_soon(minutes) if creds else False
+    
+    async def refresh_token(self) -> tuple:
+        """刷新 token"""
+        creds = self.get_credentials()
+        if not creds:
+            return False, "无法加载凭证"
+        
+        refresher = TokenRefresher(creds)
+        success, result = await refresher.refresh()
+        
+        if success:
+            creds.save_to_file(self.token_path)
+            self._credentials = creds
+            self.status = CredentialStatus.ACTIVE
+            return True, "Token 刷新成功"
+        else:
+            self.status = CredentialStatus.UNHEALTHY
+            return False, result
+    
+    def mark_quota_exceeded(self, reason: str = "Rate limited"):
+        """标记配额超限（进入冷却并避免被继续选中）
+
+        429 错误自动冷却 5 分钟，无需手动配置
+        """
+        quota_manager.mark_exceeded(self.id, reason)
+        self.status = CredentialStatus.COOLDOWN
+        self.error_count += 1
+
+    def get_status_info(self) -> dict:
+        """获取状态信息"""
+        cooldown_remaining = quota_manager.get_cooldown_remaining(self.id)
+        creds = self.get_credentials()
+        
+        # 获取额度信息
+        from .quota_cache import get_quota_cache
+        quota_cache = get_quota_cache()
+        quota = quota_cache.get(self.id)
+        
+        quota_info = None
+        if quota:
+            # 计算相对时间
+            updated_ago = ""
+            if quota.updated_at > 0:
+                seconds_ago = time.time() - quota.updated_at
+                if seconds_ago < 60:
+                    updated_ago = f"{int(seconds_ago)}秒前"
+                elif seconds_ago < 3600:
+                    updated_ago = f"{int(seconds_ago / 60)}分钟前"
+                else:
+                    updated_ago = f"{int(seconds_ago / 3600)}小时前"
+            
+            # 格式化重置时间
+            reset_date_text = None
+            if quota.next_reset_date:
+                try:
+                    # 处理时间戳格式
+                    if isinstance(quota.next_reset_date, (int, float)):
+                        from datetime import datetime
+                        reset_dt = datetime.fromtimestamp(quota.next_reset_date)
+                        reset_date_text = reset_dt.strftime('%Y-%m-%d')
+                    else:
+                        # 处理 ISO 格式
+                        from datetime import datetime
+                        reset_dt = datetime.fromisoformat(quota.next_reset_date.replace('Z', '+00:00'))
+                        reset_date_text = reset_dt.strftime('%Y-%m-%d')
+                except:
+                    reset_date_text = str(quota.next_reset_date)
+            
+            # 格式化免费试用过期时间
+            trial_expiry_text = None
+            if quota.free_trial_expiry:
+                try:
+                    # 处理时间戳格式
+                    if isinstance(quota.free_trial_expiry, (int, float)):
+                        from datetime import datetime
+                        expiry_dt = datetime.fromtimestamp(quota.free_trial_expiry)
+                        trial_expiry_text = expiry_dt.strftime('%Y-%m-%d')
+                    else:
+                        # 处理 ISO 格式
+                        from datetime import datetime
+                        expiry_dt = datetime.fromisoformat(quota.free_trial_expiry.replace('Z', '+00:00'))
+                        trial_expiry_text = expiry_dt.strftime('%Y-%m-%d')
+                except:
+                    trial_expiry_text = str(quota.free_trial_expiry)
+            
+            # 计算生效奖励数
+            active_bonuses = len([e for e in (quota.bonus_expiries or []) if e])
+            
+            quota_info = {
+                "balance": quota.balance,
+                "usage_limit": quota.usage_limit,
+                "current_usage": quota.current_usage,
+                "usage_percent": quota.usage_percent,
+                "is_low_balance": quota.is_low_balance,
+                "is_exhausted": quota.is_exhausted,  # 额度是否耗尽
+                "is_suspended": getattr(quota, 'is_suspended', False),  # 账号是否被封禁
+                "balance_status": quota.balance_status,  # 额度状态: normal, low, exhausted
+                "subscription_title": quota.subscription_title,
+                "free_trial_limit": quota.free_trial_limit,
+                "free_trial_usage": quota.free_trial_usage,
+                "bonus_limit": quota.bonus_limit,
+                "bonus_usage": quota.bonus_usage,
+                "updated_at": updated_ago,
+                "updated_timestamp": quota.updated_at,
+                "error": quota.error,
+                # 新增重置时间字段
+                "next_reset_date": quota.next_reset_date,
+                "reset_date_text": reset_date_text,  # 格式化后的重置日期
+                "free_trial_expiry": quota.free_trial_expiry,
+                "trial_expiry_text": trial_expiry_text,  # 格式化后的试用过期日期
+                "bonus_expiries": quota.bonus_expiries or [],
+                "active_bonuses": active_bonuses,  # 生效奖励数量
+            }
+        
+        # 计算最后使用时间
+        last_used_ago = None
+        if self.last_used:
+            seconds_ago = time.time() - self.last_used
+            if seconds_ago < 60:
+                last_used_ago = f"{int(seconds_ago)}秒前"
+            elif seconds_ago < 3600:
+                last_used_ago = f"{int(seconds_ago / 60)}分钟前"
+            else:
+                last_used_ago = f"{int(seconds_ago / 3600)}小时前"
+        
+        return {
+            "id": self.id,
+            "name": self.name,
+            "enabled": self.enabled,
+            "status": self.status.value,
+            "available": self.is_available(),
+            "request_count": self.request_count,
+            "error_count": self.error_count,
+            "error_rate": f"{(self.error_count / max(1, self.request_count) * 100):.1f}%",
+            "cooldown_remaining": cooldown_remaining,
+            "token_expired": self.is_token_expired() if creds else None,
+            "token_expiring_soon": self.is_token_expiring_soon() if creds else None,
+            "token_expires_at": creds.expires_at if creds else None,  # Token 过期时间戳
+            "auth_method": creds.auth_method if creds else None,
+            "has_refresh_token": bool(creds and creds.refresh_token),
+            "idc_config_complete": bool(creds and creds.client_id and creds.client_secret) if creds and creds.auth_method == "idc" else None,
+            # 新增字段
+            "quota": quota_info,
+            "is_priority": self.is_priority(),
+            "priority_order": self.get_priority_order(),
+            "is_active": self.is_active(),
+            "last_used": self.last_used,
+            "last_used_ago": last_used_ago,
+            # Provider 字段 (Google/Github)
+            "provider": creds.provider if creds else None,
+        }

KiroProxy/kiro_proxy/core/account_selector.py

@@ -0,0 +1,390 @@
+"""账号选择器模块
+
+实现基于剩余额度的智能账号选择策略，支持优先账号配置。
+"""
+import json
+import random
+import time
+from enum import Enum
+from pathlib import Path
+from typing import Optional, List, Set, TYPE_CHECKING
+from threading import Lock
+
+if TYPE_CHECKING:
+    from .account import Account
+    from .quota_cache import QuotaCache
+
+
+class SelectionStrategy(Enum):
+    """选择策略"""
+    LOWEST_BALANCE = "lowest_balance"    # 剩余额度最少优先
+    ROUND_ROBIN = "round_robin"          # 轮询
+    LEAST_REQUESTS = "least_requests"    # 请求最少优先
+    RANDOM = "random"                    # 随机选择（分散压力）
+
+
+class AccountSelector:
+    """账号选择器
+    
+    根据配置的策略选择最合适的账号，支持优先账号配置。
+    """
+    
+    def __init__(self, quota_cache: 'QuotaCache', priority_file: Optional[str] = None):
+        """
+        初始化账号选择器
+        
+        Args:
+            quota_cache: 额度缓存实例
+            priority_file: 优先账号配置文件路径
+        """
+        self.quota_cache = quota_cache
+        self._priority_accounts: List[str] = []
+        # 默认使用随机策略，避免单账号 RPM 过高导致封禁风险
+        self._strategy = SelectionStrategy.RANDOM
+        self._lock = Lock()
+        self._round_robin_index = 0
+        self._last_random_account_id: Optional[str] = None
+        
+        # 设置优先账号配置文件路径
+        if priority_file:
+            self._priority_file = Path(priority_file)
+        else:
+            from ..config import DATA_DIR
+            self._priority_file = DATA_DIR / "priority.json"
+        
+        # 加载优先账号配置
+        self._load_priority_config()
+    
+    @property
+    def strategy(self) -> SelectionStrategy:
+        """获取当前选择策略"""
+        return self._strategy
+    
+    @strategy.setter
+    def strategy(self, value: SelectionStrategy):
+        """设置选择策略"""
+        self._strategy = value
+        self._save_priority_config()
+    
+    def select(self, 
+               available_accounts: List['Account'],
+               session_id: Optional[str] = None) -> Optional['Account']:
+        """选择最合适的账号
+        
+        Args:
+            available_accounts: 可用账号列表
+            session_id: 会话ID（用于会话粘性，暂未实现）
+            
+        Returns:
+            选中的账号，如果没有可用账号则返回 None
+        """
+        if not available_accounts:
+            return None
+        
+        with self._lock:
+            # 1. 首先检查优先账号
+            if self._priority_accounts:
+                for priority_id in self._priority_accounts:
+                    for account in available_accounts:
+                        if account.id == priority_id and account.is_available():
+                            return account
+            
+            # 2. 根据策略选择
+            if self._strategy == SelectionStrategy.LOWEST_BALANCE:
+                return self._select_lowest_balance(available_accounts)
+            elif self._strategy == SelectionStrategy.ROUND_ROBIN:
+                return self._select_round_robin(available_accounts)
+            elif self._strategy == SelectionStrategy.LEAST_REQUESTS:
+                return self._select_least_requests(available_accounts)
+            elif self._strategy == SelectionStrategy.RANDOM:
+                return self._select_random(available_accounts)
+            
+            # 默认返回第一个可用账号
+            return available_accounts[0] if available_accounts else None
+    
+    def _select_lowest_balance(self, accounts: List['Account']) -> Optional['Account']:
+        """选择剩余额度最少的账号"""
+        available = [a for a in accounts if a.is_available()]
+        if not available:
+            return None
+        
+        def get_balance_and_requests(account: 'Account') -> tuple:
+            """获取账号的余额和请求数，用于排序"""
+            quota = self.quota_cache.get(account.id)
+            balance = quota.balance if quota and not quota.has_error() else float('inf')
+            return (balance, account.request_count)
+        
+        # 按余额升序，余额相同时按请求数升序
+        return min(available, key=get_balance_and_requests)
+    
+    def _select_round_robin(self, accounts: List['Account']) -> Optional['Account']:
+        """轮询选择账号"""
+        available = [a for a in accounts if a.is_available()]
+        if not available:
+            return None
+        
+        self._round_robin_index = self._round_robin_index % len(available)
+        account = available[self._round_robin_index]
+        self._round_robin_index += 1
+        return account
+    
+    def _select_least_requests(self, accounts: List['Account']) -> Optional['Account']:
+        """选择请求数最少的账号"""
+        available = [a for a in accounts if a.is_available()]
+        if not available:
+            return None
+        return min(available, key=lambda a: a.request_count)
+
+    def _select_random(self, accounts: List['Account']) -> Optional['Account']:
+        """随机选择账号（分散请求压力）"""
+        available = [a for a in accounts if a.is_available()]
+        if not available:
+            return None
+
+        # 尽量避免连续两次命中同一账号（在有多个可用账号时）
+        if self._last_random_account_id and len(available) > 1:
+            candidates = [a for a in available if a.id != self._last_random_account_id]
+            if candidates:
+                selected = random.choice(candidates)
+            else:
+                selected = random.choice(available)
+        else:
+            selected = random.choice(available)
+
+        self._last_random_account_id = selected.id
+        return selected
+    
+    def set_priority_accounts(self, account_ids: List[str], 
+                              valid_account_ids: Optional[Set[str]] = None) -> tuple:
+        """设置优先账号列表（按顺序）
+        
+        Args:
+            account_ids: 优先账号ID列表（按顺序）
+            valid_account_ids: 有效账号ID集合（用于验证）
+            
+        Returns:
+            (success, message)
+        """
+        with self._lock:
+            if not account_ids:
+                self._priority_accounts = []
+                self._strategy = SelectionStrategy.RANDOM
+                self._save_priority_config()
+                return True, "已清除优先账号"
+            
+            # 去重（保持顺序）
+            unique_ids: List[str] = []
+            seen: Set[str] = set()
+            for aid in account_ids:
+                if aid in seen:
+                    continue
+                seen.add(aid)
+                unique_ids.append(aid)
+            
+            # 验证账号是否存在
+            if valid_account_ids:
+                for aid in unique_ids:
+                    if aid not in valid_account_ids:
+                        return False, f"账号不存在: {aid}"
+            
+            self._priority_accounts = unique_ids
+            self._save_priority_config()
+            if len(unique_ids) == 1:
+                return True, f"已设置优先账号: {unique_ids[0]}"
+            return True, f"已设置优先账号: {', '.join(unique_ids)}"
+    
+    def set_priority_account(self, account_id: Optional[str],
+                             valid_account_ids: Optional[Set[str]] = None) -> tuple:
+        """设置优先账号（单个）
+        
+        Args:
+            account_id: 账号ID，None 表示清除
+            valid_account_ids: 有效账号ID集合（用于验证）
+            
+        Returns:
+            (success, message)
+        """
+        if account_id is None:
+            return self.set_priority_accounts([], valid_account_ids)
+        return self.set_priority_accounts([account_id], valid_account_ids)
+    
+    def add_priority_account(self, account_id: str, 
+                             position: int = -1,
+                             valid_account_ids: Optional[Set[str]] = None) -> tuple:
+        """添加优先账号（可指定插入位置）
+        
+        Args:
+            account_id: 账号ID
+            position: 插入位置（0-based），-1 表示追加到末尾
+            valid_account_ids: 有效账号ID集合（用于验证）
+            
+        Returns:
+            (success, message)
+        """
+        with self._lock:
+            if valid_account_ids and account_id not in valid_account_ids:
+                return False, f"账号不存在: {account_id}"
+
+            if account_id in self._priority_accounts:
+                self._priority_accounts.remove(account_id)
+
+            if position is None or position < 0 or position >= len(self._priority_accounts):
+                self._priority_accounts.append(account_id)
+            else:
+                self._priority_accounts.insert(position, account_id)
+
+            self._save_priority_config()
+            return True, f"已添加优先账号: {account_id}"
+    
+    def remove_priority_account(self, account_id: str = None) -> tuple:
+        """移除优先账号
+        
+        Args:
+            account_id: 账号ID（可选，不传则清除所有）
+            
+        Returns:
+            (success, message)
+        """
+        with self._lock:
+            if not self._priority_accounts:
+                return False, "没有设置优先账号"
+            
+            if account_id:
+                if account_id not in self._priority_accounts:
+                    return False, f"账号 {account_id} 不是优先账号"
+
+                self._priority_accounts.remove(account_id)
+                if not self._priority_accounts:
+                    self._strategy = SelectionStrategy.RANDOM
+                self._save_priority_config()
+                return True, f"已移除优先账号: {account_id}"
+
+            self._priority_accounts = []
+            self._strategy = SelectionStrategy.RANDOM
+            self._save_priority_config()
+            return True, "已清除优先账号"
+
+    def reorder_priority(self, account_ids: List[str]) -> tuple:
+        """重新排序优先账号列表
+
+        Args:
+            account_ids: 新的优先账号顺序（必须与当前优先账号集合一致）
+
+        Returns:
+            (success, message)
+        """
+        with self._lock:
+            if not self._priority_accounts:
+                return False, "没有设置优先账号"
+
+            if not account_ids:
+                return False, "账号列表不能为空"
+
+            if len(account_ids) != len(self._priority_accounts):
+                return False, "账号数量不匹配"
+
+            if len(set(account_ids)) != len(account_ids):
+                return False, "账号列表包含重复项"
+
+            if set(account_ids) != set(self._priority_accounts):
+                return False, "账号列表与当前优先账号不匹配"
+
+            self._priority_accounts = list(account_ids)
+            self._save_priority_config()
+            return True, "已更新优先账号顺序"
+    
+    def get_priority_account(self) -> Optional[str]:
+        """获取优先账号（单个）"""
+        with self._lock:
+            return self._priority_accounts[0] if self._priority_accounts else None
+    
+    def get_priority_accounts(self) -> List[str]:
+        """获取优先账号列表"""
+        with self._lock:
+            return list(self._priority_accounts)
+    
+    def is_priority_account(self, account_id: str) -> bool:
+        """检查账号是否为优先账号"""
+        with self._lock:
+            return account_id in self._priority_accounts
+    
+    def get_priority_order(self, account_id: str) -> Optional[int]:
+        """获取账号的优先级顺序（从1开始）"""
+        with self._lock:
+            if account_id in self._priority_accounts:
+                return self._priority_accounts.index(account_id) + 1
+            return None
+    
+    def _load_priority_config(self) -> bool:
+        """从文件加载优先账号配置"""
+        if not self._priority_file.exists():
+            return False
+        
+        try:
+            with open(self._priority_file, 'r', encoding='utf-8') as f:
+                data = json.load(f)
+            
+            self._priority_accounts = data.get("priority_accounts", [])
+            strategy_str = data.get("strategy", SelectionStrategy.RANDOM.value)
+            try:
+                self._strategy = SelectionStrategy(strategy_str)
+            except ValueError:
+                self._strategy = SelectionStrategy.RANDOM
+
+            # 兼容旧版本：历史默认策略为 lowest_balance，但无优先账号时更需要分散压力
+            if not self._priority_accounts and self._strategy == SelectionStrategy.LOWEST_BALANCE:
+                self._strategy = SelectionStrategy.RANDOM
+                self._save_priority_config()
+            
+            print(f"[AccountSelector] 加载优先账号配置: {len(self._priority_accounts)} 个优先账号")
+            return True
+            
+        except Exception as e:
+            print(f"[AccountSelector] 加载优先账号配置失败: {e}")
+            return False
+    
+    def _save_priority_config(self) -> bool:
+        """保存优先账号配置到文件"""
+        try:
+            self._priority_file.parent.mkdir(parents=True, exist_ok=True)
+            
+            data = {
+                "version": "1.0",
+                "priority_accounts": self._priority_accounts,
+                "strategy": self._strategy.value
+            }
+            
+            temp_file = self._priority_file.with_suffix('.tmp')
+            with open(temp_file, 'w', encoding='utf-8') as f:
+                json.dump(data, f, indent=2, ensure_ascii=False)
+            temp_file.replace(self._priority_file)
+            
+            return True
+            
+        except Exception as e:
+            print(f"[AccountSelector] 保存优先账号配置失败: {e}")
+            return False
+    
+    def get_status(self) -> dict:
+        """获取选择器状态"""
+        with self._lock:
+            return {
+                "strategy": self._strategy.value,
+                "priority_accounts": list(self._priority_accounts),
+                "priority_count": len(self._priority_accounts)
+            }
+
+
+# 全局选择器实例
+_account_selector: Optional[AccountSelector] = None
+
+
+def get_account_selector(quota_cache: Optional['QuotaCache'] = None) -> AccountSelector:
+    """获取全局选择器实例"""
+    global _account_selector
+    if _account_selector is None:
+        if quota_cache is None:
+            from .quota_cache import get_quota_cache
+            quota_cache = get_quota_cache()
+        _account_selector = AccountSelector(quota_cache)
+    return _account_selector

KiroProxy/kiro_proxy/core/browser.py

@@ -0,0 +1,186 @@
+"""浏览器检测和打开"""
+import os
+import shlex
+import shutil
+import subprocess
+import platform
+from dataclasses import dataclass
+from typing import List, Optional
+
+
+@dataclass
+class BrowserInfo:
+    id: str
+    name: str
+    path: str
+    supports_incognito: bool
+    incognito_arg: str = ""
+
+
+# 浏览器配置
+BROWSER_CONFIGS = {
+    "chrome": {
+        "names": ["google-chrome", "google-chrome-stable", "chrome", "chromium", "chromium-browser"],
+        "display": "Chrome",
+        "incognito": "--incognito",
+    },
+    "firefox": {
+        "names": ["firefox", "firefox-esr"],
+        "display": "Firefox",
+        "incognito": "--private-window",
+    },
+    "edge": {
+        "names": ["microsoft-edge", "microsoft-edge-stable", "msedge"],
+        "display": "Edge",
+        "incognito": "--inprivate",
+    },
+    "brave": {
+        "names": ["brave", "brave-browser"],
+        "display": "Brave",
+        "incognito": "--incognito",
+    },
+    "opera": {
+        "names": ["opera"],
+        "display": "Opera",
+        "incognito": "--private",
+    },
+    "vivaldi": {
+        "names": ["vivaldi", "vivaldi-stable"],
+        "display": "Vivaldi",
+        "incognito": "--incognito",
+    },
+}
+
+
+def detect_browsers() -> List[BrowserInfo]:
+    """检测系统安装的浏览器"""
+    browsers = []
+    system = platform.system().lower()
+
+    if system == "windows":
+        import winreg
+
+        def normalize_exe_path(raw: str) -> Optional[str]:
+            if not raw:
+                return None
+            expanded = os.path.expandvars(raw.strip())
+            try:
+                parts = shlex.split(expanded, posix=False)
+            except ValueError:
+                parts = [expanded]
+            candidate = (parts[0] if parts else expanded).strip().strip('"')
+            if os.path.exists(candidate):
+                return candidate
+            lower = expanded.lower()
+            exe_idx = lower.find(".exe")
+            if exe_idx != -1:
+                candidate = expanded[:exe_idx + 4].strip().strip('"')
+                if os.path.exists(candidate):
+                    return candidate
+            return None
+
+        def get_reg_path(exe_name: str) -> Optional[str]:
+            name = f"{exe_name}.exe"
+            for root in (winreg.HKEY_LOCAL_MACHINE, winreg.HKEY_CURRENT_USER):
+                try:
+                    with winreg.OpenKey(root, rf"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\{name}") as key:
+                        value, _ = winreg.QueryValueEx(key, "")
+                        path = normalize_exe_path(value)
+                        if path:
+                            return path
+                except (FileNotFoundError, OSError, WindowsError):
+                    pass
+            return None
+
+        for browser_id, config in BROWSER_CONFIGS.items():
+            path = None
+            for exe_name in config["names"]:
+                path = get_reg_path(exe_name)
+                if path:
+                    break
+            if not path:
+                for exe_name in config["names"]:
+                    path = shutil.which(exe_name)
+                    if path:
+                        break
+            if path:
+                browsers.append(BrowserInfo(
+                    id=browser_id,
+                    name=config["display"],
+                    path=path,
+                    supports_incognito=bool(config.get("incognito")),
+                    incognito_arg=config.get("incognito", ""),
+                ))
+    else:
+        for browser_id, config in BROWSER_CONFIGS.items():
+            for name in config["names"]:
+                path = shutil.which(name)
+                if path:
+                    browsers.append(BrowserInfo(
+                        id=browser_id,
+                        name=config["display"],
+                        path=path,
+                        supports_incognito=bool(config.get("incognito")),
+                        incognito_arg=config.get("incognito", ""),
+                    ))
+                    break
+    
+    # 添加默认浏览器选项
+    if browsers:
+        browsers.insert(0, BrowserInfo(
+            id="default",
+            name="默认浏览器",
+            path="xdg-open" if system == "linux" else "open",
+            supports_incognito=False,
+            incognito_arg="",
+        ))
+    
+    return browsers
+
+
+def open_url(url: str, browser_id: str = "default", incognito: bool = False) -> bool:
+    """用指定浏览器打开 URL"""
+    browsers = detect_browsers()
+    browser = next((b for b in browsers if b.id == browser_id), None)
+    
+    if not browser:
+        # 降级到默认
+        browser = browsers[0] if browsers else None
+    
+    if not browser:
+        return False
+    
+    try:
+        if browser.id == "default":
+            # 使用系统默认浏览器
+            system = platform.system().lower()
+            if system == "linux":
+                subprocess.Popen(["xdg-open", url], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+            elif system == "darwin":
+                subprocess.Popen(["open", url], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+            else:
+                os.startfile(url)
+        else:
+            # 使用指定浏览器
+            args = [browser.path]
+            if incognito and browser.supports_incognito and browser.incognito_arg:
+                args.append(browser.incognito_arg)
+            args.append(url)
+            subprocess.Popen(args, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+        
+        return True
+    except Exception as e:
+        print(f"[Browser] 打开失败: {e}")
+        return False
+
+
+def get_browsers_info() -> List[dict]:
+    """获取浏览器信息列表"""
+    return [
+        {
+            "id": b.id,
+            "name": b.name,
+            "supports_incognito": b.supports_incognito,
+        }
+        for b in detect_browsers()
+    ]

KiroProxy/kiro_proxy/core/error_handler.py

@@ -0,0 +1,188 @@
+"""错误处理模块 - 统一的错误分类和处理
+
+检测各种 Kiro API 错误类型：
+- 账号封禁 (TEMPORARILY_SUSPENDED)
+- 配额超限 (Rate Limit)
+- 内容过长 (CONTENT_LENGTH_EXCEEDS_THRESHOLD)
+- 认证失败 (Unauthorized)
+- 服务不可用 (Service Unavailable)
+"""
+import re
+from enum import Enum
+from dataclasses import dataclass
+from typing import Optional, Tuple
+
+
+class ErrorType(str, Enum):
+    """错误类型"""
+    ACCOUNT_SUSPENDED = "account_suspended"      # 账号被封禁
+    RATE_LIMITED = "rate_limited"                # 配额超限
+    CONTENT_TOO_LONG = "content_too_long"        # 内容过长
+    AUTH_FAILED = "auth_failed"                  # 认证失败
+    SERVICE_UNAVAILABLE = "service_unavailable"  # 服务不可用
+    MODEL_UNAVAILABLE = "model_unavailable"      # 模型不可用
+    UNKNOWN = "unknown"                          # 未知错误
+
+
+@dataclass
+class KiroError:
+    """Kiro API 错误"""
+    type: ErrorType
+    status_code: int
+    message: str
+    user_message: str  # 用户友好的消息
+    should_disable_account: bool = False  # 是否应该禁用账号
+    should_switch_account: bool = False   # 是否应该切换账号
+    should_retry: bool = False            # 是否应该重试
+    cooldown_seconds: int = 0             # 冷却时间
+
+
+def classify_error(status_code: int, error_text: str) -> KiroError:
+    """分类 Kiro API 错误
+
+    Args:
+        status_code: HTTP 状态码
+        error_text: 错误响应文本
+
+    Returns:
+        KiroError 对象
+    """
+    error_lower = error_text.lower()
+
+    # 1. 账号封禁检测 (最严重)
+    # 检测: AccountSuspendedException, 423 状态码, temporarily_suspended, suspended
+    is_suspended = (
+        status_code == 423 or
+        "accountsuspendedexception" in error_lower or
+        "temporarily_suspended" in error_lower or
+        "suspended" in error_lower
+    )
+
+    if is_suspended:
+        # 提取 User ID
+        user_id_match = re.search(r'User ID \(([^)]+)\)', error_text)
+        user_id = user_id_match.group(1) if user_id_match else "unknown"
+
+        return KiroError(
+            type=ErrorType.ACCOUNT_SUSPENDED,
+            status_code=status_code,
+            message=error_text,
+            user_message=f"⚠️ 账号已被封禁 (User ID: {user_id})。请联系 AWS 支持解封: https://support.aws.amazon.com/#/contacts/kiro",
+            should_disable_account=True,
+            should_switch_account=True,
+        )
+    
+    # 2. 402 Payment Required - 额度用尽（不触发冷却，仅切换账号）
+    if status_code == 402 or "payment required" in error_lower or "insufficient" in error_lower:
+        return KiroError(
+            type=ErrorType.RATE_LIMITED,
+            status_code=status_code,
+            message=error_text,
+            user_message="账号额度已用尽，已切换到其他账号",
+            should_switch_account=False,  # 不自动切换，让上层逻辑处理
+            cooldown_seconds=0,  # 不触发冷却
+        )
+    
+    # 3. 配额超限检测 (仅 429 触发冷却)
+    if status_code == 429:
+        return KiroError(
+            type=ErrorType.RATE_LIMITED,
+            status_code=status_code,
+            message=error_text,
+            user_message="请求过于频繁，账号已进入冷却期",
+            should_switch_account=True,
+            cooldown_seconds=30,  # 基础冷却时间，实际由 QuotaManager 动态管理
+        )
+    
+    # 4. 内容过长检测
+    if "content_length_exceeds_threshold" in error_lower or (
+        "too long" in error_lower and ("input" in error_lower or "content" in error_lower)
+    ):
+        return KiroError(
+            type=ErrorType.CONTENT_TOO_LONG,
+            status_code=status_code,
+            message=error_text,
+            user_message="对话历史过长，请使用 /clear 清空对话",
+            should_retry=True,
+        )
+    
+    # 5. 认证失败检测
+    if status_code == 401 or "unauthorized" in error_lower or "invalid token" in error_lower:
+        return KiroError(
+            type=ErrorType.AUTH_FAILED,
+            status_code=status_code,
+            message=error_text,
+            user_message="Token 已过期或无效，请刷新 Token",
+            should_switch_account=True,
+        )
+    
+    # 6. 模型不可用检测
+    if "model_temporarily_unavailable" in error_lower or "unexpectedly high load" in error_lower:
+        return KiroError(
+            type=ErrorType.MODEL_UNAVAILABLE,
+            status_code=status_code,
+            message=error_text,
+            user_message="模型暂时不可用，请稍后重试",
+            should_retry=True,
+        )
+    
+    # 7. 服务不可用检测
+    if status_code in (502, 503, 504) or "service unavailable" in error_lower:
+        return KiroError(
+            type=ErrorType.SERVICE_UNAVAILABLE,
+            status_code=status_code,
+            message=error_text,
+            user_message="服务暂时不可用，请稍后重试",
+            should_retry=True,
+        )
+    
+    # 8. 未知错误
+    return KiroError(
+        type=ErrorType.UNKNOWN,
+        status_code=status_code,
+        message=error_text,
+        user_message=f"API 错误 ({status_code})",
+    )
+
+
+def is_account_suspended(status_code: int, error_text: str) -> bool:
+    """检查是否为账号封禁错误"""
+    error = classify_error(status_code, error_text)
+    return error.type == ErrorType.ACCOUNT_SUSPENDED
+
+
+def get_anthropic_error_response(error: KiroError) -> dict:
+    """生成 Anthropic 格式的错误响应"""
+    error_type_map = {
+        ErrorType.ACCOUNT_SUSPENDED: "authentication_error",
+        ErrorType.RATE_LIMITED: "rate_limit_error",
+        ErrorType.CONTENT_TOO_LONG: "invalid_request_error",
+        ErrorType.AUTH_FAILED: "authentication_error",
+        ErrorType.SERVICE_UNAVAILABLE: "api_error",
+        ErrorType.MODEL_UNAVAILABLE: "overloaded_error",
+        ErrorType.UNKNOWN: "api_error",
+    }
+    
+    return {
+        "type": "error",
+        "error": {
+            "type": error_type_map.get(error.type, "api_error"),
+            "message": error.user_message
+        }
+    }
+
+
+def format_error_log(error: KiroError, account_id: str = None) -> str:
+    """格式化错误日志"""
+    lines = [
+        f"[{error.type.value.upper()}]",
+        f"  Status: {error.status_code}",
+        f"  Message: {error.user_message}",
+    ]
+    if account_id:
+        lines.insert(1, f"  Account: {account_id}")
+    if error.should_disable_account:
+        lines.append("  Action: 账号已被禁用")
+    elif error.should_switch_account:
+        lines.append("  Action: 切换到其他账号")
+    return "\n".join(lines)

KiroProxy/kiro_proxy/core/flow_monitor.py

@@ -0,0 +1,572 @@
+"""Flow Monitor - LLM 流量监控
+
+记录完整的请求/响应数据，支持查询、过滤、导出。
+"""
+import json
+import time
+import uuid
+from pathlib import Path
+from dataclasses import dataclass, field, asdict
+from typing import Optional, List, Dict, Any
+from datetime import datetime, timezone
+from collections import deque
+from enum import Enum
+
+
+class FlowState(str, Enum):
+    """Flow 状态"""
+    PENDING = "pending"      # 等待响应
+    STREAMING = "streaming"  # 流式传输中
+    COMPLETED = "completed"  # 完成
+    ERROR = "error"          # 错误
+
+
+@dataclass
+class Message:
+    """消息"""
+    role: str  # user/assistant/system/tool
+    content: Any  # str 或 list
+    name: Optional[str] = None  # tool name
+    tool_call_id: Optional[str] = None
+
+
+@dataclass
+class TokenUsage:
+    """Token 使用量"""
+    input_tokens: int = 0
+    output_tokens: int = 0
+    cache_read_tokens: int = 0
+    cache_write_tokens: int = 0
+    
+    @property
+    def total_tokens(self) -> int:
+        return self.input_tokens + self.output_tokens
+
+
+@dataclass
+class FlowRequest:
+    """请求数据"""
+    method: str
+    path: str
+    headers: Dict[str, str]
+    body: Dict[str, Any]
+    
+    # 解析后的字段
+    model: str = ""
+    messages: List[Message] = field(default_factory=list)
+    system: str = ""
+    tools: List[Dict] = field(default_factory=list)
+    stream: bool = False
+    max_tokens: int = 0
+    temperature: float = 1.0
+
+
+@dataclass
+class FlowResponse:
+    """响应数据"""
+    status_code: int
+    headers: Dict[str, str] = field(default_factory=dict)
+    body: Any = None
+    
+    # 解析后的字段
+    content: str = ""
+    tool_calls: List[Dict] = field(default_factory=list)
+    stop_reason: str = ""
+    usage: TokenUsage = field(default_factory=TokenUsage)
+    
+    # 流式响应
+    chunks: List[str] = field(default_factory=list)
+    chunk_count: int = 0
+
+
+@dataclass
+class FlowError:
+    """错误信息"""
+    type: str  # rate_limit_error, api_error, etc.
+    message: str
+    status_code: int = 0
+    raw: str = ""
+
+
+@dataclass 
+class FlowTiming:
+    """时间信息"""
+    created_at: float = 0
+    first_byte_at: Optional[float] = None
+    completed_at: Optional[float] = None
+    
+    @property
+    def ttfb_ms(self) -> Optional[float]:
+        """Time to first byte"""
+        if self.first_byte_at and self.created_at:
+            return (self.first_byte_at - self.created_at) * 1000
+        return None
+    
+    @property
+    def duration_ms(self) -> Optional[float]:
+        """Total duration"""
+        if self.completed_at and self.created_at:
+            return (self.completed_at - self.created_at) * 1000
+        return None
+
+
+@dataclass
+class LLMFlow:
+    """完整的 LLM 请求流"""
+    id: str
+    state: FlowState
+    
+    # 路由信息
+    protocol: str  # anthropic, openai, gemini
+    account_id: Optional[str] = None
+    account_name: Optional[str] = None
+    
+    # 请求/响应
+    request: Optional[FlowRequest] = None
+    response: Optional[FlowResponse] = None
+    error: Optional[FlowError] = None
+    
+    # 时间
+    timing: FlowTiming = field(default_factory=FlowTiming)
+    
+    # 元数据
+    tags: List[str] = field(default_factory=list)
+    notes: str = ""
+    bookmarked: bool = False
+    
+    # 重试信息
+    retry_count: int = 0
+    parent_flow_id: Optional[str] = None
+    
+    def to_dict(self) -> dict:
+        """转换为字典"""
+        d = {
+            "id": self.id,
+            "state": self.state.value,
+            "protocol": self.protocol,
+            "account_id": self.account_id,
+            "account_name": self.account_name,
+            "timing": {
+                "created_at": self.timing.created_at,
+                "first_byte_at": self.timing.first_byte_at,
+                "completed_at": self.timing.completed_at,
+                "ttfb_ms": self.timing.ttfb_ms,
+                "duration_ms": self.timing.duration_ms,
+            },
+            "tags": self.tags,
+            "notes": self.notes,
+            "bookmarked": self.bookmarked,
+            "retry_count": self.retry_count,
+        }
+        
+        if self.request:
+            d["request"] = {
+                "method": self.request.method,
+                "path": self.request.path,
+                "model": self.request.model,
+                "stream": self.request.stream,
+                "message_count": len(self.request.messages),
+                "has_tools": bool(self.request.tools),
+                "has_system": bool(self.request.system),
+            }
+        
+        if self.response:
+            d["response"] = {
+                "status_code": self.response.status_code,
+                "content_length": len(self.response.content),
+                "has_tool_calls": bool(self.response.tool_calls),
+                "stop_reason": self.response.stop_reason,
+                "chunk_count": self.response.chunk_count,
+                "usage": asdict(self.response.usage),
+            }
+        
+        if self.error:
+            d["error"] = asdict(self.error)
+        
+        return d
+    
+    def to_full_dict(self) -> dict:
+        """转换为完整字典（包含请求/响应体）"""
+        d = self.to_dict()
+        
+        if self.request:
+            d["request"]["headers"] = self.request.headers
+            d["request"]["body"] = self.request.body
+            d["request"]["messages"] = [asdict(m) if hasattr(m, '__dataclass_fields__') else m for m in self.request.messages]
+            d["request"]["system"] = self.request.system
+            d["request"]["tools"] = self.request.tools
+        
+        if self.response:
+            d["response"]["headers"] = self.response.headers
+            d["response"]["body"] = self.response.body
+            d["response"]["content"] = self.response.content
+            d["response"]["tool_calls"] = self.response.tool_calls
+            d["response"]["chunks"] = self.response.chunks[-10:]  # 只保留最后10个chunk
+        
+        return d
+
+
+class FlowStore:
+    """Flow 存储"""
+    
+    def __init__(self, max_flows: int = 500, persist_dir: Optional[Path] = None):
+        self.flows: deque[LLMFlow] = deque(maxlen=max_flows)
+        self.flow_map: Dict[str, LLMFlow] = {}
+        self.persist_dir = persist_dir
+        self.max_flows = max_flows
+        
+        # 统计
+        self.total_flows = 0
+        self.total_tokens_in = 0
+        self.total_tokens_out = 0
+    
+    def add(self, flow: LLMFlow):
+        """添加 Flow"""
+        # 如果队列满了，移除最旧的
+        if len(self.flows) >= self.max_flows:
+            old = self.flows[0]
+            if old.id in self.flow_map:
+                del self.flow_map[old.id]
+        
+        self.flows.append(flow)
+        self.flow_map[flow.id] = flow
+        self.total_flows += 1
+    
+    def get(self, flow_id: str) -> Optional[LLMFlow]:
+        """获取 Flow"""
+        return self.flow_map.get(flow_id)
+    
+    def update(self, flow_id: str, **kwargs):
+        """更新 Flow"""
+        flow = self.flow_map.get(flow_id)
+        if flow:
+            for k, v in kwargs.items():
+                if hasattr(flow, k):
+                    setattr(flow, k, v)
+    
+    def query(
+        self,
+        protocol: Optional[str] = None,
+        model: Optional[str] = None,
+        account_id: Optional[str] = None,
+        state: Optional[FlowState] = None,
+        has_error: Optional[bool] = None,
+        bookmarked: Optional[bool] = None,
+        min_duration_ms: Optional[float] = None,
+        max_duration_ms: Optional[float] = None,
+        start_time: Optional[float] = None,
+        end_time: Optional[float] = None,
+        search: Optional[str] = None,
+        limit: int = 100,
+        offset: int = 0,
+    ) -> List[LLMFlow]:
+        """查询 Flows"""
+        results = []
+        
+        for flow in reversed(self.flows):
+            # 过滤条件
+            if protocol and flow.protocol != protocol:
+                continue
+            if model and flow.request and flow.request.model != model:
+                continue
+            if account_id and flow.account_id != account_id:
+                continue
+            if state and flow.state != state:
+                continue
+            if has_error is not None:
+                if has_error and not flow.error:
+                    continue
+                if not has_error and flow.error:
+                    continue
+            if bookmarked is not None and flow.bookmarked != bookmarked:
+                continue
+            if min_duration_ms and flow.timing.duration_ms and flow.timing.duration_ms < min_duration_ms:
+                continue
+            if max_duration_ms and flow.timing.duration_ms and flow.timing.duration_ms > max_duration_ms:
+                continue
+            if start_time and flow.timing.created_at < start_time:
+                continue
+            if end_time and flow.timing.created_at > end_time:
+                continue
+            if search:
+                # 简单搜索：在内容中查找
+                found = False
+                if flow.request and search.lower() in json.dumps(flow.request.body).lower():
+                    found = True
+                if flow.response and search.lower() in flow.response.content.lower():
+                    found = True
+                if not found:
+                    continue
+            
+            results.append(flow)
+        
+        return results[offset:offset + limit]
+    
+    def get_stats(self) -> dict:
+        """获取统计信息"""
+        completed = [f for f in self.flows if f.state == FlowState.COMPLETED]
+        errors = [f for f in self.flows if f.state == FlowState.ERROR]
+        
+        # 按模型统计
+        model_stats = {}
+        for f in self.flows:
+            if f.request:
+                model = f.request.model or "unknown"
+                if model not in model_stats:
+                    model_stats[model] = {"count": 0, "errors": 0, "tokens_in": 0, "tokens_out": 0}
+                model_stats[model]["count"] += 1
+                if f.error:
+                    model_stats[model]["errors"] += 1
+                if f.response and f.response.usage:
+                    model_stats[model]["tokens_in"] += f.response.usage.input_tokens
+                    model_stats[model]["tokens_out"] += f.response.usage.output_tokens
+        
+        # 计算平均延迟
+        durations = [f.timing.duration_ms for f in completed if f.timing.duration_ms]
+        avg_duration = sum(durations) / len(durations) if durations else 0
+        
+        return {
+            "total_flows": self.total_flows,
+            "active_flows": len(self.flows),
+            "completed": len(completed),
+            "errors": len(errors),
+            "error_rate": f"{len(errors) / max(1, len(self.flows)) * 100:.1f}%",
+            "avg_duration_ms": round(avg_duration, 2),
+            "total_tokens_in": self.total_tokens_in,
+            "total_tokens_out": self.total_tokens_out,
+            "by_model": model_stats,
+        }
+    
+    def export_jsonl(self, flows: List[LLMFlow]) -> str:
+        """导出为 JSONL 格式"""
+        lines = []
+        for f in flows:
+            lines.append(json.dumps(f.to_full_dict(), ensure_ascii=False))
+        return "\n".join(lines)
+    
+    def export_markdown(self, flow: LLMFlow) -> str:
+        """导出单个 Flow 为 Markdown"""
+        lines = [
+            f"# Flow {flow.id}",
+            "",
+            f"- **Protocol**: {flow.protocol}",
+            f"- **State**: {flow.state.value}",
+            f"- **Account**: {flow.account_name or flow.account_id or 'N/A'}",
+            f"- **Created**: {datetime.fromtimestamp(flow.timing.created_at).isoformat()}",
+        ]
+        
+        if flow.timing.duration_ms:
+            lines.append(f"- **Duration**: {flow.timing.duration_ms:.0f}ms")
+        
+        if flow.request:
+            lines.extend([
+                "",
+                "## Request",
+                "",
+                f"- **Model**: {flow.request.model}",
+                f"- **Stream**: {flow.request.stream}",
+                f"- **Messages**: {len(flow.request.messages)}",
+            ])
+            
+            if flow.request.system:
+                lines.extend(["", "### System", "", f"```\n{flow.request.system}\n```"])
+            
+            lines.extend(["", "### Messages", ""])
+            for msg in flow.request.messages:
+                content = msg.content if isinstance(msg.content, str) else json.dumps(msg.content, ensure_ascii=False)
+                lines.append(f"**{msg.role}**: {content[:500]}{'...' if len(content) > 500 else ''}")
+                lines.append("")
+        
+        if flow.response:
+            lines.extend([
+                "## Response",
+                "",
+                f"- **Status**: {flow.response.status_code}",
+                f"- **Stop Reason**: {flow.response.stop_reason}",
+            ])
+            
+            if flow.response.usage:
+                lines.append(f"- **Tokens**: {flow.response.usage.input_tokens} in / {flow.response.usage.output_tokens} out")
+            
+            if flow.response.content:
+                lines.extend(["", "### Content", "", f"```\n{flow.response.content[:2000]}\n```"])
+        
+        if flow.error:
+            lines.extend([
+                "",
+                "## Error",
+                "",
+                f"- **Type**: {flow.error.type}",
+                f"- **Message**: {flow.error.message}",
+            ])
+        
+        return "\n".join(lines)
+
+
+class FlowMonitor:
+    """Flow 监控器"""
+    
+    def __init__(self, max_flows: int = 500):
+        self.store = FlowStore(max_flows=max_flows)
+    
+    def create_flow(
+        self,
+        protocol: str,
+        method: str,
+        path: str,
+        headers: Dict[str, str],
+        body: Dict[str, Any],
+        account_id: Optional[str] = None,
+        account_name: Optional[str] = None,
+    ) -> str:
+        """创建新的 Flow"""
+        flow_id = uuid.uuid4().hex[:12]
+        
+        # 解析请求
+        request = FlowRequest(
+            method=method,
+            path=path,
+            headers={k: v for k, v in headers.items() if k.lower() not in ["authorization"]},
+            body=body,
+            model=body.get("model", ""),
+            stream=body.get("stream", False),
+            system=body.get("system", ""),
+            tools=body.get("tools", []),
+            max_tokens=body.get("max_tokens", 0),
+            temperature=body.get("temperature", 1.0),
+        )
+        
+        # 解析消息
+        messages = body.get("messages", [])
+        for msg in messages:
+            request.messages.append(Message(
+                role=msg.get("role", "user"),
+                content=msg.get("content", ""),
+                name=msg.get("name"),
+                tool_call_id=msg.get("tool_call_id"),
+            ))
+        
+        flow = LLMFlow(
+            id=flow_id,
+            state=FlowState.PENDING,
+            protocol=protocol,
+            account_id=account_id,
+            account_name=account_name,
+            request=request,
+            timing=FlowTiming(created_at=time.time()),
+        )
+        
+        self.store.add(flow)
+        return flow_id
+    
+    def start_streaming(self, flow_id: str):
+        """标记开始流式传输"""
+        flow = self.store.get(flow_id)
+        if flow:
+            flow.state = FlowState.STREAMING
+            flow.timing.first_byte_at = time.time()
+            if not flow.response:
+                flow.response = FlowResponse(status_code=200)
+    
+    def add_chunk(self, flow_id: str, chunk: str):
+        """添加流式响应块"""
+        flow = self.store.get(flow_id)
+        if flow and flow.response:
+            flow.response.chunks.append(chunk)
+            flow.response.chunk_count += 1
+            flow.response.content += chunk
+    
+    def complete_flow(
+        self,
+        flow_id: str,
+        status_code: int,
+        content: str = "",
+        tool_calls: List[Dict] = None,
+        stop_reason: str = "",
+        usage: Optional[TokenUsage] = None,
+        headers: Dict[str, str] = None,
+    ):
+        """完成 Flow"""
+        flow = self.store.get(flow_id)
+        if not flow:
+            return
+        
+        flow.state = FlowState.COMPLETED
+        flow.timing.completed_at = time.time()
+        
+        if not flow.response:
+            flow.response = FlowResponse(status_code=status_code)
+        
+        flow.response.status_code = status_code
+        flow.response.content = content or flow.response.content
+        flow.response.tool_calls = tool_calls or []
+        flow.response.stop_reason = stop_reason
+        flow.response.headers = headers or {}
+        
+        if usage:
+            flow.response.usage = usage
+            self.store.total_tokens_in += usage.input_tokens
+            self.store.total_tokens_out += usage.output_tokens
+    
+    def fail_flow(self, flow_id: str, error_type: str, message: str, status_code: int = 0, raw: str = ""):
+        """标记 Flow 失败"""
+        flow = self.store.get(flow_id)
+        if not flow:
+            return
+        
+        flow.state = FlowState.ERROR
+        flow.timing.completed_at = time.time()
+        flow.error = FlowError(
+            type=error_type,
+            message=message,
+            status_code=status_code,
+            raw=raw[:1000],  # 限制长度
+        )
+    
+    def bookmark_flow(self, flow_id: str, bookmarked: bool = True):
+        """书签 Flow"""
+        flow = self.store.get(flow_id)
+        if flow:
+            flow.bookmarked = bookmarked
+    
+    def add_note(self, flow_id: str, note: str):
+        """添加备注"""
+        flow = self.store.get(flow_id)
+        if flow:
+            flow.notes = note
+    
+    def add_tag(self, flow_id: str, tag: str):
+        """添加标签"""
+        flow = self.store.get(flow_id)
+        if flow and tag not in flow.tags:
+            flow.tags.append(tag)
+    
+    def get_flow(self, flow_id: str) -> Optional[LLMFlow]:
+        """获取 Flow"""
+        return self.store.get(flow_id)
+    
+    def query(self, **kwargs) -> List[LLMFlow]:
+        """查询 Flows"""
+        return self.store.query(**kwargs)
+    
+    def get_stats(self) -> dict:
+        """获取统计"""
+        return self.store.get_stats()
+    
+    def export(self, flow_ids: List[str] = None, format: str = "jsonl") -> str:
+        """导出 Flows"""
+        if flow_ids:
+            flows = [self.store.get(fid) for fid in flow_ids if self.store.get(fid)]
+        else:
+            flows = list(self.store.flows)
+        
+        if format == "jsonl":
+            return self.store.export_jsonl(flows)
+        elif format == "markdown" and len(flows) == 1:
+            return self.store.export_markdown(flows[0])
+        else:
+            return json.dumps([f.to_dict() for f in flows], ensure_ascii=False, indent=2)
+
+
+# 全局实例
+flow_monitor = FlowMonitor(max_flows=500)

KiroProxy/kiro_proxy/core/history_manager.py

@@ -0,0 +1,829 @@
+"""历史消息管理器 - 错误触发压缩版
+
+自动化管理对话历史长度，收到超限错误时智能压缩而非强硬截断：
+1. 无预检测 - 不再依赖阈值，正常发送请求
+2. 错误触发 - 收到 CONTENT_LENGTH_EXCEEDS_THRESHOLD 错误后自动压缩
+3. 智能压缩 - 保留最近消息 + 摘要早期对话，目标 20K-50K 字符
+4. 自动重试 - 压缩后自动重试请求
+"""
+import json
+import time
+from typing import List, Dict, Any, Tuple, Optional, Callable
+from dataclasses import dataclass, field
+from collections import OrderedDict
+from enum import Enum
+
+
+@dataclass
+class SummaryCacheEntry:
+    summary: str
+    old_history_hash: str
+    updated_at: float
+
+
+class SummaryCache:
+    """摘要缓存"""
+
+    def __init__(self, max_entries: int = 64):
+        self._entries: "OrderedDict[str, SummaryCacheEntry]" = OrderedDict()
+        self._max_entries = max_entries
+
+    def get(self, key: str, old_history_hash: str, max_age: int = 300) -> Optional[str]:
+        entry = self._entries.get(key)
+        if not entry:
+            return None
+        if time.time() - entry.updated_at > max_age:
+            self._entries.pop(key, None)
+            return None
+        if entry.old_history_hash != old_history_hash:
+            return None
+        self._entries.move_to_end(key)
+        return entry.summary
+
+    def set(self, key: str, summary: str, old_history_hash: str):
+        self._entries[key] = SummaryCacheEntry(
+            summary=summary,
+            old_history_hash=old_history_hash,
+            updated_at=time.time()
+        )
+        self._entries.move_to_end(key)
+        if len(self._entries) > self._max_entries:
+            self._entries.popitem(last=False)
+
+
+@dataclass
+class CompressionCacheEntry:
+    """压缩结果缓存条目"""
+    compressed_history: List[dict]
+    original_hash: str
+    compressed_chars: int
+    updated_at: float
+
+
+class CompressionCache:
+    """全局压缩结果缓存
+    
+    解决 Claude Code CLI 反复压缩问题：
+    - 客户端每次请求都发送完整原始历史
+    - 缓存压缩结果，避免对相同内容重复压缩
+    - 基于原始历史的 hash 匹配
+    """
+
+    def __init__(self, max_entries: int = 32, max_age: int = 600):
+        self._entries: "OrderedDict[str, CompressionCacheEntry]" = OrderedDict()
+        self._max_entries = max_entries
+        self._max_age = max_age  # 缓存有效期（秒），默认 10 分钟
+
+    def get(self, original_hash: str) -> Optional[List[dict]]:
+        """获取缓存的压缩结果"""
+        entry = self._entries.get(original_hash)
+        if not entry:
+            return None
+        if time.time() - entry.updated_at > self._max_age:
+            self._entries.pop(original_hash, None)
+            return None
+        self._entries.move_to_end(original_hash)
+        print(f"[CompressionCache] 命中缓存，跳过重复压缩 (原始 hash: {original_hash[:16]}...)")
+        return entry.compressed_history
+
+    def set(self, original_hash: str, compressed_history: List[dict], compressed_chars: int):
+        """缓存压缩结果"""
+        self._entries[original_hash] = CompressionCacheEntry(
+            compressed_history=compressed_history,
+            original_hash=original_hash,
+            compressed_chars=compressed_chars,
+            updated_at=time.time()
+        )
+        self._entries.move_to_end(original_hash)
+        if len(self._entries) > self._max_entries:
+            self._entries.popitem(last=False)
+        print(f"[CompressionCache] 缓存压缩结果 (原始 hash: {original_hash[:16]}..., 压缩后: {compressed_chars} 字符)")
+
+    def clear(self):
+        """清空缓存"""
+        self._entries.clear()
+
+
+# 全局压缩缓存实例
+_compression_cache = CompressionCache()
+
+
+class TruncateStrategy(str, Enum):
+    """压缩策略（保留用于兼容）"""
+    NONE = "none"
+    AUTO_TRUNCATE = "auto_truncate"
+    SMART_SUMMARY = "smart_summary"
+    ERROR_RETRY = "error_retry"
+    PRE_ESTIMATE = "pre_estimate"
+
+
+# 自动管理的常量（不再使用阈值触发，仅在错误后压缩）
+# AUTO_COMPRESS_THRESHOLD 已废弃，不再用于预检测
+SAFE_CHAR_LIMIT = 35000            # 压缩后的目标字符数 (20K-50K 范围的中间值)
+SAFE_CHAR_LIMIT_MIN = 20000        # 压缩目标下限
+SAFE_CHAR_LIMIT_MAX = 50000        # 压缩目标上限
+MIN_KEEP_MESSAGES = 6              # 最少保留的最近消息数
+MAX_KEEP_MESSAGES = 20             # 最多保留的最近消息数
+SUMMARY_MAX_LENGTH = 3000          # 摘要最大长度
+
+
+@dataclass
+class HistoryConfig:
+    """历史消息配置（简化版，大部分参数自动管理）"""
+    # 启用的策略
+    strategies: List[TruncateStrategy] = field(default_factory=lambda: [TruncateStrategy.ERROR_RETRY])
+    
+    # 以下参数保留用于兼容，但实际使用自动值
+    max_messages: int = 30
+    max_chars: int = 150000
+    summary_keep_recent: int = 10
+    summary_threshold: int = 100000
+    summary_max_length: int = 2000
+    retry_max_messages: int = 20
+    max_retries: int = 3
+    estimate_threshold: int = 180000
+    chars_per_token: float = 3.0
+    summary_cache_enabled: bool = True
+    summary_cache_min_delta_messages: int = 3
+    summary_cache_min_delta_chars: int = 4000
+    summary_cache_max_age_seconds: int = 300
+    add_warning_header: bool = True
+    
+    def to_dict(self) -> dict:
+        return {
+            "strategies": [s.value for s in self.strategies],
+            "max_messages": self.max_messages,
+            "max_chars": self.max_chars,
+            "summary_keep_recent": self.summary_keep_recent,
+            "summary_threshold": self.summary_threshold,
+            "summary_max_length": self.summary_max_length,
+            "retry_max_messages": self.retry_max_messages,
+            "max_retries": self.max_retries,
+            "estimate_threshold": self.estimate_threshold,
+            "chars_per_token": self.chars_per_token,
+            "summary_cache_enabled": self.summary_cache_enabled,
+            "summary_cache_min_delta_messages": self.summary_cache_min_delta_messages,
+            "summary_cache_min_delta_chars": self.summary_cache_min_delta_chars,
+            "summary_cache_max_age_seconds": self.summary_cache_max_age_seconds,
+            "add_warning_header": self.add_warning_header,
+        }
+    
+    @classmethod
+    def from_dict(cls, data: dict) -> "HistoryConfig":
+        strategies = [TruncateStrategy(s) for s in data.get("strategies", ["error_retry"])]
+        return cls(
+            strategies=strategies,
+            max_messages=data.get("max_messages", 30),
+            max_chars=data.get("max_chars", 150000),
+            summary_keep_recent=data.get("summary_keep_recent", 10),
+            summary_threshold=data.get("summary_threshold", 100000),
+            summary_max_length=data.get("summary_max_length", 2000),
+            retry_max_messages=data.get("retry_max_messages", 20),
+            max_retries=data.get("max_retries", 3),
+            estimate_threshold=data.get("estimate_threshold", 180000),
+            chars_per_token=data.get("chars_per_token", 3.0),
+            summary_cache_enabled=data.get("summary_cache_enabled", True),
+            summary_cache_min_delta_messages=data.get("summary_cache_min_delta_messages", 3),
+            summary_cache_min_delta_chars=data.get("summary_cache_min_delta_chars", 4000),
+            summary_cache_max_age_seconds=data.get("summary_cache_max_age_seconds", 300),
+            add_warning_header=data.get("add_warning_header", True),
+        )
+
+
+_summary_cache = SummaryCache()
+
+
+class HistoryManager:
+    """历史消息管理器 - 错误触发压缩版
+    
+    不再依赖阈值预检测，仅在收到上下文超限错误后触发压缩。
+    压缩目标为 20K-50K 字符范围。
+    """
+    
+    def __init__(self, config: HistoryConfig = None, cache_key: Optional[str] = None):
+        self.config = config or HistoryConfig()
+        self._truncated = False
+        self._truncate_info = ""
+        self.cache_key = cache_key
+        self._retry_count = 0
+    
+    @property
+    def was_truncated(self) -> bool:
+        return self._truncated
+    
+    @property
+    def truncate_info(self) -> str:
+        return self._truncate_info
+    
+    def reset(self):
+        self._truncated = False
+        self._truncate_info = ""
+
+    def set_cache_key(self, key: Optional[str]):
+        self.cache_key = key
+
+    def _hash_history(self, history: List[dict]) -> str:
+        """生成历史消息的简单哈希"""
+        return f"{len(history)}:{len(json.dumps(history, ensure_ascii=False))}"
+
+    def estimate_tokens(self, text: str) -> int:
+        return int(len(text) / self.config.chars_per_token)
+    
+    def estimate_history_size(self, history: List[dict]) -> Tuple[int, int]:
+        char_count = len(json.dumps(history, ensure_ascii=False))
+        return len(history), char_count
+
+    def estimate_request_chars(self, history: List[dict], user_content: str = "") -> Tuple[int, int, int]:
+        history_chars = len(json.dumps(history, ensure_ascii=False))
+        user_chars = len(user_content or "")
+        return history_chars, user_chars, history_chars + user_chars
+    
+    def _extract_text(self, content) -> str:
+        if isinstance(content, str):
+            return content
+        if isinstance(content, list):
+            texts = []
+            for item in content:
+                if isinstance(item, dict) and item.get("type") == "text":
+                    texts.append(item.get("text", ""))
+                elif isinstance(item, str):
+                    texts.append(item)
+            return "\n".join(texts)
+        if isinstance(content, dict):
+            return content.get("text", "") or content.get("content", "")
+        return str(content) if content else ""
+
+    
+    def _format_for_summary(self, history: List[dict]) -> str:
+        """格式化历史消息用于生成摘要"""
+        lines = []
+        for msg in history:
+            role = "unknown"
+            content = ""
+            if "userInputMessage" in msg:
+                role = "user"
+                content = msg.get("userInputMessage", {}).get("content", "")
+            elif "assistantResponseMessage" in msg:
+                role = "assistant"
+                content = msg.get("assistantResponseMessage", {}).get("content", "")
+            else:
+                role = msg.get("role", "unknown")
+                content = self._extract_text(msg.get("content", ""))
+            # 截断过长的单条消息
+            if len(content) > 800:
+                content = content[:800] + "..."
+            lines.append(f"[{role}]: {content}")
+        return "\n".join(lines)
+
+    def _calculate_keep_count(self, history: List[dict], target_chars: int) -> int:
+        """计算应该保留多少条最近消息"""
+        if not history:
+            return 0
+        
+        # 从后往前累计，找到合适的保留数量
+        total = 0
+        count = 0
+        for msg in reversed(history):
+            msg_chars = len(json.dumps(msg, ensure_ascii=False))
+            if total + msg_chars > target_chars and count >= MIN_KEEP_MESSAGES:
+                break
+            total += msg_chars
+            count += 1
+            if count >= MAX_KEEP_MESSAGES:
+                break
+        
+        return max(MIN_KEEP_MESSAGES, min(count, len(history) - 1))
+
+    def _build_compressed_history(
+        self,
+        summary: str,
+        recent_history: List[dict],
+        label: str = ""
+    ) -> List[dict]:
+        """构建压缩后的历史（摘要 + 最近消息）"""
+        # 确保 recent_history 以 user 消息开头
+        if recent_history and "assistantResponseMessage" in recent_history[0]:
+            recent_history = recent_history[1:]
+        
+        # 清理孤立的 toolResults
+        tool_use_ids = set()
+        for msg in recent_history:
+            if "assistantResponseMessage" in msg:
+                for tu in msg["assistantResponseMessage"].get("toolUses", []) or []:
+                    if tu.get("toolUseId"):
+                        tool_use_ids.add(tu["toolUseId"])
+        
+        # 清理第一条 user 消息的 toolResults（因为前面没有对应的 toolUse）
+        if recent_history and "userInputMessage" in recent_history[0]:
+            recent_history[0]["userInputMessage"].pop("userInputMessageContext", None)
+        
+        # 过滤其他消息中孤立的 toolResults
+        if tool_use_ids:
+            for msg in recent_history:
+                if "userInputMessage" in msg:
+                    ctx = msg.get("userInputMessage", {}).get("userInputMessageContext", {})
+                    results = ctx.get("toolResults")
+                    if results:
+                        filtered = [r for r in results if r.get("toolUseId") in tool_use_ids]
+                        if filtered:
+                            ctx["toolResults"] = filtered
+                        else:
+                            ctx.pop("toolResults", None)
+                        if not ctx:
+                            msg["userInputMessage"].pop("userInputMessageContext", None)
+        else:
+            for msg in recent_history:
+                if "userInputMessage" in msg:
+                    msg["userInputMessage"].pop("userInputMessageContext", None)
+
+        
+        # 获取 model_id
+        model_id = "claude-sonnet-4"
+        for msg in reversed(recent_history):
+            if "userInputMessage" in msg:
+                model_id = msg["userInputMessage"].get("modelId", model_id)
+                break
+            if "assistantResponseMessage" in msg:
+                model_id = msg["assistantResponseMessage"].get("modelId", model_id)
+                break
+        
+        # 检测消息格式
+        is_kiro_format = any("userInputMessage" in h or "assistantResponseMessage" in h for h in recent_history)
+        
+        if is_kiro_format:
+            result = [
+                {
+                    "userInputMessage": {
+                        "content": f"[Earlier conversation summary]\n{summary}\n\n[Continuing from recent context...]",
+                        "modelId": model_id,
+                        "origin": "AI_EDITOR",
+                    }
+                },
+                {
+                    "assistantResponseMessage": {
+                        "content": "I understand the context from the summary. Let's continue."
+                    }
+                }
+            ]
+        else:
+            result = [
+                {"role": "user", "content": f"[Earlier conversation summary]\n{summary}\n\n[Continuing from recent context...]"},
+                {"role": "assistant", "content": "I understand the context from the summary. Let's continue."}
+            ]
+        
+        result.extend(recent_history)
+        
+        if label:
+            print(f"[HistoryManager] {label}: {len(recent_history)} recent + summary")
+        
+        return result
+
+    async def _generate_summary(self, history: List[dict], api_caller: Callable) -> Optional[str]:
+        """生成历史消息摘要"""
+        if not history or not api_caller:
+            return None
+        
+        formatted = self._format_for_summary(history)
+        if len(formatted) > 15000:
+            formatted = formatted[:15000] + "\n...(truncated)"
+        
+        prompt = f"""请简洁总结以下对话的关键信息：
+1. 用户的主要目标
+2. 已完成的重要操作和决策
+3. 当前工作状态和关键上下文
+
+对话历史：
+{formatted}
+
+请用中文输出摘要，控制在 {SUMMARY_MAX_LENGTH} 字符以内，重点保留对后续对话有用的信息："""
+        
+        try:
+            summary = await api_caller(prompt)
+            if summary and len(summary) > SUMMARY_MAX_LENGTH:
+                summary = summary[:SUMMARY_MAX_LENGTH] + "..."
+            return summary
+        except Exception as e:
+            print(f"[HistoryManager] 生成摘要失败: {e}")
+            return None
+
+
+    async def smart_compress(
+        self,
+        history: List[dict],
+        api_caller: Callable,
+        target_chars: int = SAFE_CHAR_LIMIT,
+        retry_level: int = 0
+    ) -> List[dict]:
+        """智能压缩历史消息
+        
+        核心逻辑：保留最近消息 + 摘要早期对话
+        压缩目标为 20K-50K 字符范围
+        
+        Args:
+            history: 历史消息
+            api_caller: 用于生成摘要的 API 调用函数
+            target_chars: 目标字符数 (默认 35K，范围 20K-50K)
+            retry_level: 重试级别（越高保留越少）
+        """
+        if not history:
+            return history
+        
+        current_chars = len(json.dumps(history, ensure_ascii=False))
+        
+        # 确保目标在 20K-50K 范围内
+        target_chars = max(SAFE_CHAR_LIMIT_MIN, min(target_chars, SAFE_CHAR_LIMIT_MAX))
+        
+        # 如果已经在目标范围内，不需要压缩
+        if current_chars <= target_chars:
+            return history
+        
+        # 根据重试级别调整保留数量
+        adjusted_target = int(target_chars * (0.85 ** retry_level))
+        adjusted_target = max(SAFE_CHAR_LIMIT_MIN, adjusted_target)  # 确保不低于下限
+        
+        keep_count = self._calculate_keep_count(history, adjusted_target)
+        
+        # 确保至少保留一些消息用于摘要
+        if keep_count >= len(history):
+            keep_count = max(MIN_KEEP_MESSAGES, len(history) - 2)
+        
+        old_history = history[:-keep_count] if keep_count < len(history) else []
+        recent_history = history[-keep_count:] if keep_count > 0 else history
+        
+        if not old_history:
+            # 没有可摘要的历史，直接返回
+            return recent_history
+        
+        # 尝试从缓存获取摘要
+        cache_key = f"{self.cache_key}:{keep_count}" if self.cache_key else None
+        old_hash = self._hash_history(old_history)
+        
+        cached_summary = None
+        if cache_key and self.config.summary_cache_enabled:
+            cached_summary = _summary_cache.get(cache_key, old_hash, self.config.summary_cache_max_age_seconds)
+        
+        if cached_summary:
+            result = self._build_compressed_history(cached_summary, recent_history, "压缩(缓存)")
+            result_chars = len(json.dumps(result, ensure_ascii=False))
+            self._truncated = True
+            self._truncate_info = f"智能压缩(缓存): {len(history)} -> {len(result)} 条消息, {current_chars} -> {result_chars} 字符"
+            return result
+        
+        # 生成新摘要
+        summary = await self._generate_summary(old_history, api_caller)
+        
+        if summary:
+            if cache_key and self.config.summary_cache_enabled:
+                _summary_cache.set(cache_key, summary, old_hash)
+            
+            result = self._build_compressed_history(summary, recent_history, "智能压缩")
+            result_chars = len(json.dumps(result, ensure_ascii=False))
+            self._truncated = True
+            self._truncate_info = f"智能压缩: {len(history)} -> {len(result)} 条消息, {current_chars} -> {result_chars} 字符 (摘要 {len(summary)} 字符)"
+            return result
+        
+        # 摘要失败，回退到简单截断
+        self._truncated = True
+        result_chars = len(json.dumps(recent_history, ensure_ascii=False))
+        self._truncate_info = f"摘要失败，保留最近 {len(recent_history)} 条消息, {current_chars} -> {result_chars} 字符"
+        return recent_history
+
+
+    def needs_compression(self, history: List[dict], user_content: str = "") -> bool:
+        """检查是否需要压缩
+        
+        注意：此方法现在始终返回 False，不再基于阈值预检测。
+        压缩仅在收到上下文超限错误后触发。
+        保留此方法是为了兼容旧 API。
+        """
+        # 不再基于阈��预检测，始终返回 False
+        # 压缩将在收到 CONTENT_LENGTH_EXCEEDS_THRESHOLD 错误后触发
+        return False
+
+    async def pre_process_async(
+        self, 
+        history: List[dict], 
+        user_content: str = "",
+        api_caller: Callable = None
+    ) -> List[dict]:
+        """预处理历史消息
+        
+        注意：不再进行发送前自动压缩。
+        压缩仅在收到上下文超限错误后触发。
+        """
+        self.reset()
+        
+        if not history:
+            return history
+        
+        # 不再进行预压缩，直接返回原始历史
+        # 压缩将在收到错误后由 handle_length_error_async 处理
+        return history
+    
+    def pre_process(self, history: List[dict], user_content: str = "") -> List[dict]:
+        """预处理历史消息（同步版本）
+        
+        注意：不再进行发送前自动压缩。
+        压缩仅在收到上下文超限错误后触发。
+        """
+        self.reset()
+        
+        if not history:
+            return history
+        
+        # 不再进行预压缩，直接返回原始历史
+        return history
+
+    async def handle_length_error_async(
+        self,
+        history: List[dict],
+        retry_count: int = 0,
+        api_caller: Optional[Callable] = None
+    ) -> Tuple[List[dict], bool]:
+        """处理长度超限错误（智能压缩后重试）
+        
+        这是唯一触发压缩的入口点。当收到上下文超限错误时调用此方法。
+        压缩目标为 20K-50K 字符范围。
+        
+        防止无限循环：
+        - 追踪压缩状态，避免重复压缩相同内容
+        - 压缩前检查大小，如果已经很小则不再压缩
+        - 达到最大重试次数后返回清晰错误
+        
+        Args:
+            history: 历史消息
+            retry_count: 当前重试次数
+            api_caller: API 调用函数
+        
+        Returns:
+            (compressed_history, should_retry)
+        """
+        max_retries = self.config.max_retries
+        
+        if retry_count >= max_retries:
+            print(f"[HistoryManager] 已达最大重试次数 ({max_retries})，建议清空对话")
+            self._truncate_info = f"已达最大压缩次数 ({max_retries})，请清空对话或减少消息数量"
+            return history, False
+        
+        if not history:
+            return history, False
+        
+        self.reset()
+        
+        current_chars = len(json.dumps(history, ensure_ascii=False))
+        current_hash = self._hash_history(history)
+        
+        print(f"[HistoryManager] 收到上下文超限错误，当前大小: {current_chars} 字符")
+        
+        # 优先检查全局压缩缓存（解决 Claude Code CLI 反复压缩问题）
+        cached_result = _compression_cache.get(current_hash)
+        if cached_result is not None:
+            cached_chars = len(json.dumps(cached_result, ensure_ascii=False))
+            self._truncated = True
+            self._truncate_info = f"使用缓存的压缩结果: {len(history)} -> {len(cached_result)} 条消息, {current_chars} -> {cached_chars} 字符"
+            print(f"[HistoryManager] {self._truncate_info}")
+            return cached_result, True
+        
+        print(f"[HistoryManager] 开始压缩...")
+        
+        # 防止无限循环：检查是否已经压缩过相同内容（实例级缓存）
+        instance_cache_key = f"compression:{current_hash}:{retry_count}"
+        if hasattr(self, '_instance_compression_cache') and instance_cache_key in self._instance_compression_cache:
+            print(f"[HistoryManager] 检测到重复压缩请求，跳过")
+            self._truncate_info = "内容已压缩到最小，无法继续压缩，请清空对话"
+            return history, False
+        
+        # 初始化实例级压缩缓存
+        if not hasattr(self, '_instance_compression_cache'):
+            self._instance_compression_cache = {}
+        
+        # 根据重试次数计算目标大小 (20K-50K 范围)
+        # 第一次重试: 目标 35K (中间值)
+        # 第二次重试: 目标 25K
+        # 第三次重试: 目标 20K (下限)
+        if retry_count == 0:
+            target_chars = SAFE_CHAR_LIMIT  # 35K
+        elif retry_count == 1:
+            target_chars = 25000
+        else:
+            target_chars = SAFE_CHAR_LIMIT_MIN  # 20K
+        
+        # 防止无限循环：如果当前大小已经小于目标，不再压缩
+        if current_chars <= target_chars:
+            print(f"[HistoryManager] 当前大小 ({current_chars}) 已小于目标 ({target_chars})，无法继续压缩")
+            self._truncate_info = f"内容已压缩到 {current_chars} 字符，仍然超限，请清空对话"
+            return history, False
+        
+        print(f"[HistoryManager] 第 {retry_count + 1} 次重试，目标压缩到 {target_chars} 字符")
+        
+        if api_caller:
+            compressed = await self.smart_compress(
+                history, api_caller, 
+                target_chars=target_chars,
+                retry_level=retry_count
+            )
+            compressed_chars = len(json.dumps(compressed, ensure_ascii=False))
+            
+            # 防止无限循环：检查压缩是否有效
+            if compressed_chars >= current_chars * 0.95:  # 压缩效果不足 5%
+                print(f"[HistoryManager] 压缩效果不足，无法继续压缩")
+                self._truncate_info = f"压缩效果不足，请清空对话或减少消息数量"
+                return history, False
+            
+            # 防止无限循环：检查压缩后是否仍然过大
+            if compressed_chars > 50000 and retry_count >= max_retries - 1:
+                print(f"[HistoryManager] 压缩后仍然过大 ({compressed_chars})，建议清空对话")
+                self._truncate_info = f"压缩后仍有 {compressed_chars} 字符，请清空对话"
+                return compressed, False
+            
+            if len(compressed) < len(history):
+                # 保存到全局压缩缓存（解决 Claude Code CLI 反复压缩问题）
+                _compression_cache.set(current_hash, compressed, compressed_chars)
+                
+                # 记录实例级压缩缓存（防止同一请求内的重复压缩）
+                self._instance_compression_cache[instance_cache_key] = True
+                # 清理旧缓存（保留最近 10 条）
+                if len(self._instance_compression_cache) > 10:
+                    oldest_key = next(iter(self._instance_compression_cache))
+                    del self._instance_compression_cache[oldest_key]
+                
+                self._truncated = True
+                self._truncate_info = f"错误后压缩 (第 {retry_count + 1} 次): {len(history)} -> {len(compressed)} 条消息, {current_chars} -> {compressed_chars} 字符"
+                print(f"[HistoryManager] {self._truncate_info}")
+                return compressed, True
+        else:
+            # 无 api_caller，简单截断
+            keep_count = max(MIN_KEEP_MESSAGES, int(len(history) * (0.5 ** (retry_count + 1))))
+            if keep_count < len(history):
+                truncated = history[-keep_count:]
+                self._truncated = True
+                truncated_chars = len(json.dumps(truncated, ensure_ascii=False))
+                
+                # 防止无限循环：检查截断是否有效
+                if truncated_chars >= current_chars * 0.95:
+                    print(f"[HistoryManager] 截断效果不足，无法继续压缩")
+                    self._truncate_info = f"截断效果不足，请清空对话"
+                    return history, False
+                
+                self._truncate_info = f"错误后截断 (第 {retry_count + 1} 次): {len(history)} -> {len(truncated)} 条消息, {current_chars} -> {truncated_chars} 字符"
+                print(f"[HistoryManager] {self._truncate_info}")
+                return truncated, True
+        
+        return history, False
+
+
+    def handle_length_error(self, history: List[dict], retry_count: int = 0) -> Tuple[List[dict], bool]:
+        """处理长度超限错误（同步版本，简单截断）"""
+        max_retries = self.config.max_retries
+        
+        if retry_count >= max_retries:
+            return history, False
+        
+        if not history:
+            return history, False
+        
+        self.reset()
+        
+        # 根据重试次数逐步减少
+        keep_ratio = 0.5 ** (retry_count + 1)
+        keep_count = max(MIN_KEEP_MESSAGES, int(len(history) * keep_ratio))
+        
+        if keep_count < len(history):
+            truncated = history[-keep_count:]
+            self._truncated = True
+            self._truncate_info = f"错误重试截断 (第 {retry_count + 1} 次): {len(history)} -> {len(truncated)} 条消息"
+            return truncated, True
+        
+        return history, False
+    
+    def get_warning_header(self) -> Optional[str]:
+        if not self.config.add_warning_header or not self._truncated:
+            return None
+        return self._truncate_info
+
+    # ========== 兼容旧 API ==========
+    
+    def truncate_by_count(self, history: List[dict], max_count: int) -> List[dict]:
+        """按消息数量截断（兼容）"""
+        if len(history) <= max_count:
+            return history
+        original_count = len(history)
+        truncated = history[-max_count:]
+        self._truncated = True
+        self._truncate_info = f"按数量截断: {original_count} -> {len(truncated)} 条消息"
+        return truncated
+    
+    def truncate_by_chars(self, history: List[dict], max_chars: int) -> List[dict]:
+        """按字符数截断（兼容）"""
+        total_chars = len(json.dumps(history, ensure_ascii=False))
+        if total_chars <= max_chars:
+            return history
+        
+        original_count = len(history)
+        result = []
+        current_chars = 0
+        
+        for msg in reversed(history):
+            msg_chars = len(json.dumps(msg, ensure_ascii=False))
+            if current_chars + msg_chars > max_chars and result:
+                break
+            result.insert(0, msg)
+            current_chars += msg_chars
+        
+        if len(result) < original_count:
+            self._truncated = True
+            self._truncate_info = f"按字符数截断: {original_count} -> {len(result)} 条消息"
+        
+        return result
+
+    def should_pre_truncate(self, history: List[dict], user_content: str) -> bool:
+        """兼容旧 API"""
+        return self.needs_compression(history, user_content)
+    
+    def should_summarize(self, history: List[dict]) -> bool:
+        """兼容旧 API"""
+        return self.needs_compression(history)
+
+    def should_smart_summarize(self, history: List[dict]) -> bool:
+        """兼容旧 API"""
+        return self.needs_compression(history)
+
+    def should_auto_truncate_summarize(self, history: List[dict]) -> bool:
+        """兼容旧 API"""
+        return self.needs_compression(history)
+
+    def should_pre_summary_for_error_retry(self, history: List[dict], user_content: str = "") -> bool:
+        """兼容旧 API"""
+        return self.needs_compression(history, user_content)
+
+    async def compress_with_summary(self, history: List[dict], api_caller: Callable) -> List[dict]:
+        """兼容旧 API"""
+        return await self.smart_compress(history, api_caller)
+
+    async def compress_before_auto_truncate(self, history: List[dict], api_caller: Callable) -> List[dict]:
+        """兼容旧 API"""
+        return await self.smart_compress(history, api_caller)
+
+    async def generate_summary(self, history: List[dict], api_caller: Callable) -> Optional[str]:
+        """兼容旧 API"""
+        return await self._generate_summary(history, api_caller)
+
+    def summarize_history_structure(self, history: List[dict], max_items: int = 12) -> str:
+        """生成历史结构摘要（调试用）"""
+        if not history:
+            return "len=0"
+        
+        def entry_kind(msg):
+            if "userInputMessage" in msg:
+                return "U"
+            if "assistantResponseMessage" in msg:
+                return "A"
+            role = msg.get("role")
+            return "U" if role == "user" else ("A" if role == "assistant" else "?")
+        
+        kinds = [entry_kind(msg) for msg in history]
+        if len(kinds) <= max_items:
+            seq = "".join(kinds)
+        else:
+            head = max_items // 2
+            tail = max_items - head
+            seq = f"{''.join(kinds[:head])}...{''.join(kinds[-tail:])}"
+        
+        return f"len={len(history)} seq={seq}"
+
+
+
+# ========== 全局配置 ==========
+
+_history_config = HistoryConfig()
+
+
+def get_history_config() -> HistoryConfig:
+    """获取历史消息配置"""
+    return _history_config
+
+
+def set_history_config(config: HistoryConfig):
+    """设置历史消息配置"""
+    global _history_config
+    _history_config = config
+
+
+def update_history_config(data: dict):
+    """更新历史消息配置"""
+    global _history_config
+    _history_config = HistoryConfig.from_dict(data)
+
+
+def is_content_length_error(status_code: int, error_text: str) -> bool:
+    """检查是否为内容长度超限错误"""
+    if "CONTENT_LENGTH_EXCEEDS_THRESHOLD" in error_text:
+        return True
+    if "Input is too long" in error_text:
+        return True
+    lowered = error_text.lower()
+    if "too long" in lowered and ("input" in lowered or "content" in lowered or "message" in lowered):
+        return True
+    if "context length" in lowered or "token limit" in lowered:
+        return True
+    return False

KiroProxy/kiro_proxy/core/kiro_api.py

@@ -0,0 +1,146 @@
+"""Kiro Web Portal API 调用模块
+
+调用 Kiro 的 Web Portal API 获取用户信息，使用 CBOR 编码。
+参考: chaogei/Kiro-account-manager
+"""
+import uuid
+import httpx
+from typing import Optional, Tuple, Any, Dict
+
+try:
+    import cbor2
+    HAS_CBOR = True
+except ImportError:
+    HAS_CBOR = False
+    print("[KiroAPI] 警告: cbor2 未安装，部分功能不可用。请运行: pip install cbor2")
+
+
+# Kiro Web Portal API 基础 URL
+KIRO_API_BASE = "https://app.kiro.dev/service/KiroWebPortalService/operation"
+
+
+async def kiro_api_request(
+    operation: str,
+    body: Dict[str, Any],
+    access_token: str,
+    idp: str = "Google",
+) -> Tuple[bool, Any]:
+    """
+    调用 Kiro Web Portal API
+    
+    Args:
+        operation: API 操作名称，如 "GetUserUsageAndLimits"
+        body: 请求体（会被 CBOR 编码）
+        access_token: Bearer token
+        idp: 身份提供商 ("Google" 或 "Github")
+    
+    Returns:
+        (success, response_data or error_dict)
+    """
+    if not HAS_CBOR:
+        return False, {"error": "cbor2 未安装"}
+    
+    if not access_token:
+        return False, {"error": "缺少 access token"}
+    
+    url = f"{KIRO_API_BASE}/{operation}"
+    
+    # CBOR 编码请求体
+    try:
+        encoded_body = cbor2.dumps(body)
+    except Exception as e:
+        return False, {"error": f"CBOR 编码失败: {e}"}
+    
+    headers = {
+        "accept": "application/cbor",
+        "content-type": "application/cbor",
+        "smithy-protocol": "rpc-v2-cbor",
+        "amz-sdk-invocation-id": str(uuid.uuid4()),
+        "amz-sdk-request": "attempt=1; max=1",
+        "x-amz-user-agent": "aws-sdk-js/1.0.0 kiro-proxy/1.0.0",
+        "authorization": f"Bearer {access_token}",
+        "cookie": f"Idp={idp}; AccessToken={access_token}",
+    }
+    
+    try:
+        async with httpx.AsyncClient(timeout=15, verify=False) as client:
+            response = await client.post(url, content=encoded_body, headers=headers)
+            
+            if response.status_code != 200:
+                return False, {"error": f"API 请求失败: {response.status_code}"}
+            
+            # CBOR 解码响应
+            try:
+                data = cbor2.loads(response.content)
+                return True, data
+            except Exception as e:
+                return False, {"error": f"CBOR 解码失败: {e}"}
+                
+    except httpx.TimeoutException:
+        return False, {"error": "请求超时"}
+    except Exception as e:
+        return False, {"error": f"请求失败: {str(e)}"}
+
+
+async def get_user_info(
+    access_token: str,
+    idp: str = "Google",
+) -> Tuple[bool, Dict[str, Any]]:
+    """
+    获取用户信息（包括邮箱）
+    
+    Args:
+        access_token: Bearer token
+        idp: 身份提供商 ("Google" 或 "Github")
+    
+    Returns:
+        (success, user_info or error_dict)
+        user_info 包含: email, userId 等
+    """
+    success, result = await kiro_api_request(
+        operation="GetUserUsageAndLimits",
+        body={"isEmailRequired": True, "origin": "KIRO_IDE"},
+        access_token=access_token,
+        idp=idp,
+    )
+    
+    if not success:
+        return False, result
+    
+    # 提取用户信息
+    user_info = result.get("userInfo", {})
+    return True, {
+        "email": user_info.get("email"),
+        "userId": user_info.get("userId"),
+        "raw": result,
+    }
+
+
+async def get_user_email(
+    access_token: str,
+    provider: str = "Google",
+) -> Optional[str]:
+    """
+    获取用户邮箱地址
+    
+    Args:
+        access_token: Bearer token
+        provider: 登录提供商 ("Google" 或 "Github")
+    
+    Returns:
+        邮箱地址，失败返回 None
+    """
+    # 标准化 provider 名称
+    idp = provider
+    if provider and provider.lower() == "google":
+        idp = "Google"
+    elif provider and provider.lower() == "github":
+        idp = "Github"
+    
+    success, result = await get_user_info(access_token, idp)
+    
+    if success:
+        return result.get("email")
+    
+    print(f"[KiroAPI] 获取邮箱失败: {result.get('error', '未知错误')}")
+    return None

KiroProxy/kiro_proxy/core/persistence.py

@@ -0,0 +1,69 @@
+"""配置持久化"""
+import json
+from pathlib import Path
+from typing import List, Dict, Any
+
+# 统一使用 config.py 中的 DATA_DIR
+from ..config import DATA_DIR
+
+# 配置文件路径
+CONFIG_DIR = DATA_DIR
+CONFIG_FILE = CONFIG_DIR / "config.json"
+
+
+def ensure_config_dir():
+    """确保配置目录存在"""
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+
+
+def save_accounts(accounts: List[Dict[str, Any]]) -> bool:
+    """保存账号配置"""
+    try:
+        ensure_config_dir()
+        config = load_config()
+        config["accounts"] = accounts
+        with open(CONFIG_FILE, "w", encoding="utf-8") as f:
+            json.dump(config, f, indent=2, ensure_ascii=False)
+        return True
+    except Exception as e:
+        print(f"[Persistence] 保存配置失败: {e}")
+        return False
+
+
+def load_accounts() -> List[Dict[str, Any]]:
+    """加载账号配置"""
+    config = load_config()
+    return config.get("accounts", [])
+
+
+def load_config() -> Dict[str, Any]:
+    """加载完整配置"""
+    try:
+        if CONFIG_FILE.exists():
+            with open(CONFIG_FILE, "r", encoding="utf-8") as f:
+                return json.load(f)
+    except Exception as e:
+        print(f"[Persistence] 加载配置失败: {e}")
+    return {}
+
+
+def save_config(config: Dict[str, Any]) -> bool:
+    """保存完整配置"""
+    try:
+        ensure_config_dir()
+        with open(CONFIG_FILE, "w", encoding="utf-8") as f:
+            json.dump(config, f, indent=2, ensure_ascii=False)
+        return True
+    except Exception as e:
+        print(f"[Persistence] 保存配置失败: {e}")
+        return False
+
+
+def export_config() -> Dict[str, Any]:
+    """导出配置（用于备份）"""
+    return load_config()
+
+
+def import_config(config: Dict[str, Any]) -> bool:
+    """导入配置（用于恢复）"""
+    return save_config(config)

KiroProxy/kiro_proxy/core/protocol_handler.py

@@ -0,0 +1,318 @@
+"""自定义协议处理器
+
+在 Windows 上注册 kiro:// 协议，用于处理 OAuth 回调。
+"""
+import sys
+import os
+import asyncio
+import threading
+from pathlib import Path
+from typing import Optional, Callable
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from urllib.parse import urlparse, parse_qs, urlencode
+import socket
+
+
+# 回调服务器端口
+CALLBACK_PORT = 19823
+
+# 全局回调结果
+_callback_result = None
+_callback_event = None
+_callback_server = None
+_server_thread = None
+
+
+class CallbackHandler(BaseHTTPRequestHandler):
+    """处理 OAuth 回调的 HTTP 请求处理器"""
+    
+    def log_message(self, format, *args):
+        """禁用日志输出"""
+        pass
+    
+    def do_GET(self):
+        global _callback_result, _callback_event
+        
+        # 解析 URL
+        parsed = urlparse(self.path)
+        params = parse_qs(parsed.query)
+        
+        # 检查是否是回调路径
+        if parsed.path == '/kiro-callback' or parsed.path == '/' or 'code' in params:
+            code = params.get('code', [None])[0]
+            state = params.get('state', [None])[0]
+            error = params.get('error', [None])[0]
+            
+            print(f"[ProtocolHandler] 收到回调: code={code[:20] if code else None}..., state={state}, error={error}")
+            
+            if error:
+                _callback_result = {"error": error}
+            elif code and state:
+                _callback_result = {"code": code, "state": state}
+            else:
+                _callback_result = {"error": "缺少授权码"}
+            
+            # 触发事件
+            if _callback_event:
+                _callback_event.set()
+            
+            # 返回成功页面
+            self.send_response(200)
+            self.send_header('Content-type', 'text/html; charset=utf-8')
+            self.end_headers()
+            
+            html = """
+            <!DOCTYPE html>
+            <html>
+            <head>
+                <meta charset="utf-8">
+                <title>登录成功</title>
+                <style>
+                    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; 
+                           display: flex; justify-content: center; align-items: center; height: 100vh; 
+                           margin: 0; background: #1a1a2e; color: #fff; }
+                    .container { text-align: center; padding: 2rem; }
+                    h1 { color: #4ade80; margin-bottom: 1rem; }
+                    p { color: #9ca3af; }
+                </style>
+            </head>
+            <body>
+                <div class="container">
+                    <h1>✅ 登录成功</h1>
+                    <p>您可以关闭此窗口并返回 Kiro Proxy</p>
+                    <script>setTimeout(function(){window.close();}, 3000);</script>
+                </div>
+            </body>
+            </html>
+            """
+            self.wfile.write(html.encode('utf-8'))
+        else:
+            self.send_response(404)
+            self.end_headers()
+
+
+def is_port_available(port: int) -> bool:
+    """检查端口是否可用"""
+    try:
+        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+            s.bind(('127.0.0.1', port))
+            return True
+    except OSError:
+        return False
+
+
+def start_callback_server() -> tuple:
+    """启动回调服务器
+    
+    Returns:
+        (success, port or error)
+    """
+    global _callback_server, _callback_result, _callback_event, _server_thread
+    
+    # 如果服务器已经在运行，直接返回成功
+    if _callback_server is not None and _server_thread is not None and _server_thread.is_alive():
+        print(f"[ProtocolHandler] 回调服务器已在运行: http://127.0.0.1:{CALLBACK_PORT}")
+        return True, CALLBACK_PORT
+    
+    _callback_result = None
+    _callback_event = threading.Event()
+    
+    # 检查端口
+    if not is_port_available(CALLBACK_PORT):
+        # 端口被占用，可能是之前的服务器还在运行
+        print(f"[ProtocolHandler] 端口 {CALLBACK_PORT} 已被占用，尝试复用")
+        return True, CALLBACK_PORT
+    
+    try:
+        _callback_server = HTTPServer(('127.0.0.1', CALLBACK_PORT), CallbackHandler)
+        
+        # 在后台线程运行服务器
+        _server_thread = threading.Thread(target=_callback_server.serve_forever, daemon=True)
+        _server_thread.start()
+        
+        print(f"[ProtocolHandler] 回调服务器已启动: http://127.0.0.1:{CALLBACK_PORT}")
+        return True, CALLBACK_PORT
+    except Exception as e:
+        return False, str(e)
+
+
+def stop_callback_server():
+    """停止回调服务器"""
+    global _callback_server, _server_thread
+    
+    if _callback_server:
+        try:
+            _callback_server.shutdown()
+        except:
+            pass
+        _callback_server = None
+        _server_thread = None
+        print("[ProtocolHandler] 回调服务���已停止")
+
+
+def wait_for_callback(timeout: int = 300) -> tuple:
+    """等待回调
+    
+    Args:
+        timeout: 超时时间（秒）
+    
+    Returns:
+        (success, result or error)
+    """
+    global _callback_result, _callback_event
+    
+    if _callback_event is None:
+        return False, {"error": "回调服务器未启动"}
+    
+    # 等待回调
+    if _callback_event.wait(timeout=timeout):
+        if _callback_result and "code" in _callback_result:
+            return True, _callback_result
+        elif _callback_result and "error" in _callback_result:
+            return False, _callback_result
+        else:
+            return False, {"error": "未收到有效回调"}
+    else:
+        return False, {"error": "等待回调超时"}
+
+
+def get_callback_result() -> Optional[dict]:
+    """获取回调结果（非阻塞）"""
+    global _callback_result
+    return _callback_result
+
+
+def clear_callback_result():
+    """清除回调结果"""
+    global _callback_result, _callback_event
+    _callback_result = None
+    if _callback_event:
+        _callback_event.clear()
+
+
+# Windows 协议注册
+def register_protocol_windows() -> tuple:
+    """在 Windows 上注册 kiro:// 协议
+    
+    注册后，当浏览器重定向到 kiro:// URL 时，Windows 会调用我们的脚本，
+    脚本将参数重定向到本地 HTTP 服务器。
+    
+    Returns:
+        (success, message)
+    """
+    if sys.platform != 'win32':
+        return False, "仅支持 Windows"
+    
+    try:
+        import winreg
+        
+        # 获取当前 Python 解释器路径
+        python_exe = sys.executable
+        
+        # 创建一个处理脚本
+        script_dir = Path.home() / ".kiro-proxy"
+        script_dir.mkdir(parents=True, exist_ok=True)
+        script_path = script_dir / "protocol_redirect.pyw"
+        
+        # 写入重定向脚本 (.pyw 不显示控制台窗口)
+        script_content = f'''# -*- coding: utf-8 -*-
+# Kiro Protocol Redirect Script
+import sys
+import webbrowser
+from urllib.parse import urlparse, parse_qs, urlencode
+
+if len(sys.argv) > 1:
+    url = sys.argv[1]
+    
+    # 解析 kiro:// URL
+    # 格式: kiro://kiro.kiroAgent/authenticate-success?code=xxx&state=xxx
+    if url.startswith('kiro://'):
+        # 提取查询参数
+        query_start = url.find('?')
+        if query_start > -1:
+            query_string = url[query_start + 1:]
+            # 重定向到本地 HTTP 服务器
+            redirect_url = "http://127.0.0.1:{CALLBACK_PORT}/kiro-callback?" + query_string
+            webbrowser.open(redirect_url)
+'''
+        script_path.write_text(script_content, encoding='utf-8')
+        
+        # 获取 pythonw.exe 路径（无控制台窗口）
+        python_dir = Path(python_exe).parent
+        pythonw_exe = python_dir / "pythonw.exe"
+        if not pythonw_exe.exists():
+            pythonw_exe = python_exe  # 降级使用 python.exe
+        
+        # 注册协议
+        key_path = r"SOFTWARE\\Classes\\kiro"
+        
+        # 创建主键
+        key = winreg.CreateKey(winreg.HKEY_CURRENT_USER, key_path)
+        winreg.SetValue(key, "", winreg.REG_SZ, "URL:Kiro Protocol")
+        winreg.SetValueEx(key, "URL Protocol", 0, winreg.REG_SZ, "")
+        winreg.CloseKey(key)
+        
+        # 创建 DefaultIcon 键
+        icon_key = winreg.CreateKey(winreg.HKEY_CURRENT_USER, key_path + r"\\DefaultIcon")
+        winreg.SetValue(icon_key, "", winreg.REG_SZ, f"{python_exe},0")
+        winreg.CloseKey(icon_key)
+        
+        # 创建 shell\\open\\command 键
+        cmd_key = winreg.CreateKey(winreg.HKEY_CURRENT_USER, key_path + r"\\shell\\open\\command")
+        cmd = f'"{pythonw_exe}" "{script_path}" "%1"'
+        winreg.SetValue(cmd_key, "", winreg.REG_SZ, cmd)
+        winreg.CloseKey(cmd_key)
+        
+        print(f"[ProtocolHandler] 已注册 kiro:// 协议")
+        print(f"[ProtocolHandler] 脚本路径: {script_path}")
+        print(f"[ProtocolHandler] 命令: {cmd}")
+        return True, "协议注册成功"
+        
+    except Exception as e:
+        import traceback
+        traceback.print_exc()
+        return False, f"注册失败: {e}"
+
+
+def unregister_protocol_windows() -> tuple:
+    """取消注册 kiro:// 协议"""
+    if sys.platform != 'win32':
+        return False, "仅支持 Windows"
+    
+    try:
+        import winreg
+        
+        def delete_key_recursive(key, subkey):
+            try:
+                open_key = winreg.OpenKey(key, subkey, 0, winreg.KEY_ALL_ACCESS)
+                info = winreg.QueryInfoKey(open_key)
+                for i in range(info[0]):
+                    child = winreg.EnumKey(open_key, 0)
+                    delete_key_recursive(open_key, child)
+                winreg.CloseKey(open_key)
+                winreg.DeleteKey(key, subkey)
+            except WindowsError:
+                pass
+        
+        delete_key_recursive(winreg.HKEY_CURRENT_USER, r"SOFTWARE\\Classes\\kiro")
+        
+        print("[ProtocolHandler] 已取消注册 kiro:// 协议")
+        return True, "协议取消注册成功"
+        
+    except Exception as e:
+        return False, f"取消注册失败: {e}"
+
+
+def is_protocol_registered() -> bool:
+    """检查 kiro:// 协议是否已注册"""
+    if sys.platform != 'win32':
+        return False
+    
+    try:
+        import winreg
+        key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, r"SOFTWARE\\Classes\\kiro")
+        winreg.CloseKey(key)
+        return True
+    except WindowsError:
+        return False
+

KiroProxy/kiro_proxy/core/quota_cache.py

@@ -0,0 +1,397 @@
+"""额度缓存管理模块
+
+提供账号额度信息的内存缓存和文件持久化功能。
+"""
+import json
+import time
+import asyncio
+from dataclasses import dataclass, field, asdict
+from enum import Enum
+from pathlib import Path
+from typing import Optional, Dict, Any
+from threading import Lock
+
+
+# 默认缓存过期时间（秒）
+DEFAULT_CACHE_MAX_AGE = 300  # 5分钟
+
+# 低余额阈值
+LOW_BALANCE_THRESHOLD = 0.2
+
+
+class BalanceStatus(Enum):
+    """额度状态枚举
+    
+    用于区分账号的额度状态：
+    - NORMAL: 正常（剩余额度 > 20%）
+    - LOW: 低额度（0 < 剩余额度 <= 20%）
+    - EXHAUSTED: 无额度（剩余额度 <= 0）
+    """
+    NORMAL = "normal"       # 正常（>20%）
+    LOW = "low"             # 低额度（0-20%）
+    EXHAUSTED = "exhausted" # 无额度（<=0）
+
+
+@dataclass
+class CachedQuota:
+    """缓存的额度信息"""
+    account_id: str
+    usage_limit: float = 0.0          # 总额度
+    current_usage: float = 0.0        # 已用额度
+    balance: float = 0.0              # 剩余额度
+    usage_percent: float = 0.0        # 使用百分比
+    balance_status: str = "normal"    # 额度状态: normal, low, exhausted
+    is_low_balance: bool = False      # 是否低额度（兼容旧字段）
+    is_exhausted: bool = False        # 是否无额度
+    is_suspended: bool = False        # 是否被封禁
+    subscription_title: str = ""      # 订阅类型
+    free_trial_limit: float = 0.0     # 免费试用额度
+    free_trial_usage: float = 0.0     # 免费试用已用
+    bonus_limit: float = 0.0          # 奖励额度
+    bonus_usage: float = 0.0          # 奖励已用
+    updated_at: float = 0.0           # 更新时间戳
+    error: Optional[str] = None       # 错误信息(如果获取失败)
+    
+    # 重置和过期时间
+    next_reset_date: Optional[str] = None    # 下次重置时间
+    free_trial_expiry: Optional[str] = None  # 免费试用过期时间
+    bonus_expiries: list = None              # 奖励过期时间列表
+    
+    def __post_init__(self):
+        """初始化后计算额度状态"""
+        self._update_balance_status()
+    
+    def _update_balance_status(self) -> None:
+        """更新额度状态"""
+        if self.error is not None:
+            # 有错误时不更新状态
+            return
+        
+        if self.balance <= 0:
+            self.balance_status = BalanceStatus.EXHAUSTED.value
+            self.is_exhausted = True
+            self.is_low_balance = False
+        elif self.usage_limit > 0:
+            remaining_percent = (self.balance / self.usage_limit) * 100
+            if remaining_percent <= LOW_BALANCE_THRESHOLD * 100:
+                self.balance_status = BalanceStatus.LOW.value
+                self.is_low_balance = True
+                self.is_exhausted = False
+            else:
+                self.balance_status = BalanceStatus.NORMAL.value
+                self.is_low_balance = False
+                self.is_exhausted = False
+        else:
+            self.balance_status = BalanceStatus.NORMAL.value
+            self.is_low_balance = False
+            self.is_exhausted = False
+    
+    @classmethod
+    def from_usage_info(cls, account_id: str, usage_info: 'UsageInfo') -> 'CachedQuota':
+        """从 UsageInfo 创建 CachedQuota"""
+        usage_percent = (usage_info.current_usage / usage_info.usage_limit * 100) if usage_info.usage_limit > 0 else 0.0
+        quota = cls(
+            account_id=account_id,
+            usage_limit=usage_info.usage_limit,
+            current_usage=usage_info.current_usage,
+            balance=usage_info.balance,
+            usage_percent=round(usage_percent, 2),
+            is_low_balance=usage_info.is_low_balance,
+            subscription_title=usage_info.subscription_title,
+            free_trial_limit=usage_info.free_trial_limit,
+            free_trial_usage=usage_info.free_trial_usage,
+            bonus_limit=usage_info.bonus_limit,
+            bonus_usage=usage_info.bonus_usage,
+            updated_at=time.time(),
+            error=None,
+            next_reset_date=usage_info.next_reset_date,
+            free_trial_expiry=usage_info.free_trial_expiry,
+            bonus_expiries=usage_info.bonus_expiries or [],
+        )
+        # 重新计算状态以确保一致性
+        quota._update_balance_status()
+        return quota
+    
+    @classmethod
+    def from_error(cls, account_id: str, error: str) -> 'CachedQuota':
+        """创建错误状态的缓存"""
+        # 检查是否为账号封禁错误
+        is_suspended = (
+            "temporarily_suspended" in error.lower() or
+            "suspended" in error.lower() or
+            "accountsuspendedexception" in error.lower()
+        )
+        
+        quota = cls(
+            account_id=account_id,
+            updated_at=time.time(),
+            error=error
+        )
+        
+        # 如果是封禁错误，标记为特殊状态
+        if is_suspended:
+            quota.is_suspended = True
+        
+        return quota
+    
+    @classmethod
+    def from_dict(cls, data: Dict[str, Any]) -> 'CachedQuota':
+        """从字典创建"""
+        quota = cls(
+            account_id=data.get("account_id", ""),
+            usage_limit=data.get("usage_limit", 0.0),
+            current_usage=data.get("current_usage", 0.0),
+            balance=data.get("balance", 0.0),
+            usage_percent=data.get("usage_percent", 0.0),
+            balance_status=data.get("balance_status", "normal"),
+            is_low_balance=data.get("is_low_balance", False),
+            is_exhausted=data.get("is_exhausted", False),
+            is_suspended=data.get("is_suspended", False),
+            subscription_title=data.get("subscription_title", ""),
+            free_trial_limit=data.get("free_trial_limit", 0.0),
+            free_trial_usage=data.get("free_trial_usage", 0.0),
+            bonus_limit=data.get("bonus_limit", 0.0),
+            bonus_usage=data.get("bonus_usage", 0.0),
+            updated_at=data.get("updated_at", 0.0),
+            error=data.get("error"),
+            next_reset_date=data.get("next_reset_date"),
+            free_trial_expiry=data.get("free_trial_expiry"),
+            bonus_expiries=data.get("bonus_expiries", []),
+        )
+        # 重新计算状态以确保一致性
+        quota._update_balance_status()
+        return quota
+    
+    def to_dict(self) -> Dict[str, Any]:
+        """转换为字典"""
+        return asdict(self)
+    
+    def has_error(self) -> bool:
+        """是否有错误"""
+        return self.error is not None
+    
+    def is_available(self) -> bool:
+        """额度是否可用（未耗尽且无错误）"""
+        return not self.is_exhausted and not self.has_error()
+    
+    def get_balance_status_enum(self) -> BalanceStatus:
+        """获取额度状态枚举"""
+        try:
+            return BalanceStatus(self.balance_status)
+        except ValueError:
+            return BalanceStatus.NORMAL
+
+
+class QuotaCache:
+    """额度缓存管理器
+    
+    提供线程安全的额度缓存操作，支持内存缓存和文件持久化。
+    """
+    
+    def __init__(self, cache_file: Optional[str] = None):
+        """
+        初始化缓存管理器
+        
+        Args:
+            cache_file: 缓存文件路径，None 则使用默认路径
+        """
+        self._cache: Dict[str, CachedQuota] = {}
+        self._lock = Lock()
+        self._save_lock = asyncio.Lock()
+        
+        # 设置缓存文件路径
+        if cache_file:
+            self._cache_file = Path(cache_file)
+        else:
+            from ..config import DATA_DIR
+            self._cache_file = DATA_DIR / "quota_cache.json"
+        
+        # 启动时加载缓存
+        self.load_from_file()
+    
+    def get(self, account_id: str) -> Optional[CachedQuota]:
+        """获取账号的缓存额度
+        
+        Args:
+            account_id: 账号ID
+            
+        Returns:
+            缓存的额度信息，不存在则返回 None
+        """
+        with self._lock:
+            return self._cache.get(account_id)
+    
+    def set(self, account_id: str, quota: CachedQuota) -> None:
+        """设置账号的额度缓存
+        
+        Args:
+            account_id: 账号ID
+            quota: 额度信息
+        """
+        with self._lock:
+            self._cache[account_id] = quota
+    
+    def is_stale(self, account_id: str, max_age_seconds: int = DEFAULT_CACHE_MAX_AGE) -> bool:
+        """检查缓存是否过期
+        
+        Args:
+            account_id: 账号ID
+            max_age_seconds: 最大缓存时间（秒）
+            
+        Returns:
+            True 表示缓存过期或不存在
+        """
+        with self._lock:
+            quota = self._cache.get(account_id)
+            if quota is None:
+                return True
+            return (time.time() - quota.updated_at) > max_age_seconds
+    
+    def get_all(self) -> Dict[str, CachedQuota]:
+        """获取所有缓存
+        
+        Returns:
+            所有账号的额度缓存副本
+        """
+        with self._lock:
+            return dict(self._cache)
+    
+    def remove(self, account_id: str) -> None:
+        """移除账号缓存
+        
+        Args:
+            account_id: 账号ID
+        """
+        with self._lock:
+            self._cache.pop(account_id, None)
+    
+    def clear(self) -> None:
+        """清空所有缓存"""
+        with self._lock:
+            self._cache.clear()
+    
+    def load_from_file(self) -> bool:
+        """从文件加载缓存
+        
+        Returns:
+            是否加载成功
+        """
+        if not self._cache_file.exists():
+            return False
+        
+        try:
+            with open(self._cache_file, 'r', encoding='utf-8') as f:
+                data = json.load(f)
+            
+            # 验证版本
+            version = data.get("version", "1.0")
+            accounts_data = data.get("accounts", {})
+            
+            with self._lock:
+                self._cache.clear()
+                for account_id, quota_data in accounts_data.items():
+                    quota_data["account_id"] = account_id
+                    self._cache[account_id] = CachedQuota.from_dict(quota_data)
+            
+            print(f"[QuotaCache] 从文件加载 {len(self._cache)} 个账号的额度缓存")
+            return True
+            
+        except json.JSONDecodeError as e:
+            print(f"[QuotaCache] 缓存文件格式错误: {e}")
+            return False
+        except Exception as e:
+            print(f"[QuotaCache] 加载缓存失败: {e}")
+            return False
+    
+    def save_to_file(self) -> bool:
+        """保存缓存到文件（同步版本）
+        
+        Returns:
+            是否保存成功
+        """
+        try:
+            # 确保目录存在
+            self._cache_file.parent.mkdir(parents=True, exist_ok=True)
+            
+            with self._lock:
+                accounts_data = {}
+                for account_id, quota in self._cache.items():
+                    quota_dict = quota.to_dict()
+                    quota_dict.pop("account_id", None)  # 避免重复存储
+                    accounts_data[account_id] = quota_dict
+            
+            data = {
+                "version": "1.0",
+                "updated_at": time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()),
+                "accounts": accounts_data
+            }
+            
+            # 写入临时文件后重命名，确保原子性
+            temp_file = self._cache_file.with_suffix('.tmp')
+            with open(temp_file, 'w', encoding='utf-8') as f:
+                json.dump(data, f, indent=2, ensure_ascii=False)
+            temp_file.replace(self._cache_file)
+            
+            return True
+            
+        except Exception as e:
+            print(f"[QuotaCache] 保存缓存失败: {e}")
+            return False
+    
+    async def save_to_file_async(self) -> bool:
+        """异步保存缓存到文件
+        
+        Returns:
+            是否保存成功
+        """
+        async with self._save_lock:
+            # 在线程池中执行同步保存
+            loop = asyncio.get_event_loop()
+            return await loop.run_in_executor(None, self.save_to_file)
+    
+    def get_summary(self) -> Dict[str, Any]:
+        """获取缓存汇总信息
+        
+        Returns:
+            汇总统计信息
+        """
+        with self._lock:
+            total_balance = 0.0
+            total_usage = 0.0
+            total_limit = 0.0
+            error_count = 0
+            stale_count = 0
+            
+            current_time = time.time()
+            
+            for quota in self._cache.values():
+                if quota.has_error():
+                    error_count += 1
+                else:
+                    total_balance += quota.balance
+                    total_usage += quota.current_usage
+                    total_limit += quota.usage_limit
+                
+                if (current_time - quota.updated_at) > DEFAULT_CACHE_MAX_AGE:
+                    stale_count += 1
+            
+            return {
+                "total_accounts": len(self._cache),
+                "total_balance": round(total_balance, 2),
+                "total_usage": round(total_usage, 2),
+                "total_limit": round(total_limit, 2),
+                "error_count": error_count,
+                "stale_count": stale_count
+            }
+
+
+# 全局缓存实例
+_quota_cache: Optional[QuotaCache] = None
+
+
+def get_quota_cache() -> QuotaCache:
+    """获取全局缓存实例"""
+    global _quota_cache
+    if _quota_cache is None:
+        _quota_cache = QuotaCache()
+    return _quota_cache

KiroProxy/kiro_proxy/core/quota_scheduler.py

@@ -0,0 +1,321 @@
+"""额度更新调度器模块
+
+实现启动时并发获取所有账号额度、定时更新活跃账号额度的功能。
+"""
+import asyncio
+import time
+from typing import Optional, Set, Dict, List, TYPE_CHECKING
+from threading import Lock
+
+if TYPE_CHECKING:
+    from .account import Account
+
+from .quota_cache import QuotaCache, CachedQuota, get_quota_cache
+from .usage import get_account_usage
+
+
+# 默认更新间隔（秒）
+DEFAULT_UPDATE_INTERVAL = 60
+
+# 活跃账号判定时间窗口（秒）
+# 需要覆盖一次更新周期，避免低频请求时“永远错过”定时刷新
+ACTIVE_WINDOW_SECONDS = 120
+
+
+class QuotaScheduler:
+    """额度更新调度器
+    
+    负责启动时并发获取所有账号额度，以及定时更新活跃账号的额度。
+    """
+    
+    def __init__(self, 
+                 quota_cache: Optional[QuotaCache] = None,
+                 update_interval: int = DEFAULT_UPDATE_INTERVAL):
+        """
+        初始化调度器
+        
+        Args:
+            quota_cache: 额度缓存实例
+            update_interval: 更新间隔（秒）
+        """
+        self.quota_cache = quota_cache or get_quota_cache()
+        self.update_interval = update_interval
+        
+        self._active_accounts: Dict[str, float] = {}  # account_id -> last_used_timestamp
+        self._lock = Lock()
+        self._task: Optional[asyncio.Task] = None
+        self._running = False
+        self._last_full_refresh: Optional[float] = None
+        self._accounts_getter = None  # 获取账号列表的回调函数
+    
+    def set_accounts_getter(self, getter):
+        """设置获取账号列表的回调函数
+        
+        Args:
+            getter: 返回账号列表的可调用对象
+        """
+        self._accounts_getter = getter
+    
+    def _get_accounts(self) -> List['Account']:
+        """获取账号列表"""
+        if self._accounts_getter:
+            return self._accounts_getter()
+        return []
+    
+    async def start(self) -> None:
+        """启动调度器"""
+        if self._running:
+            return
+        
+        self._running = True
+        print("[QuotaScheduler] 启动额度更新调度器")
+        
+        # 启动时刷新所有账号额度
+        await self.refresh_all()
+        
+        # 启动定时更新任务
+        self._task = asyncio.create_task(self._update_loop())
+    
+    async def stop(self) -> None:
+        """停止调度器"""
+        self._running = False
+        
+        if self._task:
+            self._task.cancel()
+            try:
+                await self._task
+            except asyncio.CancelledError:
+                pass
+            self._task = None
+        
+        print("[QuotaScheduler] 额度更新调度器已停止")
+    
+    async def refresh_all(self) -> Dict[str, bool]:
+        """刷新所有账号额度
+        
+        Returns:
+            账号ID -> 是否成功的字典
+        """
+        accounts = self._get_accounts()
+        if not accounts:
+            print("[QuotaScheduler] 没有账号需要刷新")
+            return {}
+        
+        # 刷新所有账号（包括禁用的，以便检查是否可以解禁）
+        print(f"[QuotaScheduler] 开始刷新 {len(accounts)} 个账号的额度...")
+        
+        # 并发获取所有账号额度
+        tasks = [self._refresh_account_internal(acc) for acc in accounts]
+        results = await asyncio.gather(*tasks, return_exceptions=True)
+        
+        # 统计结果
+        success_count = 0
+        fail_count = 0
+        result_dict = {}
+        
+        for acc, result in zip(accounts, results):
+            if isinstance(result, Exception):
+                result_dict[acc.id] = False
+                fail_count += 1
+            else:
+                result_dict[acc.id] = result
+                if result:
+                    success_count += 1
+                else:
+                    fail_count += 1
+        
+        self._last_full_refresh = time.time()
+        
+        # 保存缓存
+        await self.quota_cache.save_to_file_async()
+        
+        # 保存账号配置（因为可能有启用/禁用状态变化）
+        self._save_accounts_config()
+        
+        print(f"[QuotaScheduler] 额度刷新完成: 成功 {success_count}, 失败 {fail_count}")
+        return result_dict
+    
+    def _save_accounts_config(self):
+        """保存账号配置"""
+        try:
+            from .state import state
+            state._save_accounts()
+        except Exception as e:
+            print(f"[QuotaScheduler] 保存账号配置失败: {e}")
+    
+    async def refresh_account(self, account_id: str) -> bool:
+        """刷新单个账号额度
+        
+        Args:
+            account_id: 账号ID
+            
+        Returns:
+            是否成功
+        """
+        accounts = self._get_accounts()
+        account = next((acc for acc in accounts if acc.id == account_id), None)
+        
+        if not account:
+            print(f"[QuotaScheduler] 账号不存在: {account_id}")
+            return False
+        
+        success = await self._refresh_account_internal(account)
+        
+        if success:
+            await self.quota_cache.save_to_file_async()
+            self._save_accounts_config()
+        
+        return success
+    
+    async def _refresh_account_internal(self, account: 'Account') -> bool:
+        """内部刷新账号额度方法
+        
+        Args:
+            account: 账号对象
+            
+        Returns:
+            是否成功
+        """
+        try:
+            success, result = await get_account_usage(account)
+            
+            if success:
+                quota = CachedQuota.from_usage_info(account.id, result)
+                self.quota_cache.set(account.id, quota)
+                
+                # 额度为 0 时自动禁用账号
+                if quota.is_exhausted:
+                    if account.enabled:
+                        account.enabled = False
+                        # 标记为自动禁用，避免与手动禁用混淆
+                        if hasattr(account, "auto_disabled"):
+                            account.auto_disabled = True
+                        print(f"[QuotaScheduler] 账号 {account.id} ({account.name}) 额度已用尽，自动禁用")
+                else:
+                    # 有额度时自动解禁账号（仅对自动禁用的账号生效，避免覆盖手动禁用/封禁）
+                    if (not account.enabled) and getattr(account, "auto_disabled", False):
+                        account.enabled = True
+                        account.auto_disabled = False
+                        print(f"[QuotaScheduler] 账号 {account.id} ({account.name}) 有可用额度，自动启用")
+                
+                return True
+            else:
+                error_msg = result.get("error", "Unknown error") if isinstance(result, dict) else str(result)
+                quota = CachedQuota.from_error(account.id, error_msg)
+                self.quota_cache.set(account.id, quota)
+                print(f"[QuotaScheduler] 获取账号 {account.id} 额度失败: {error_msg}")
+                return False
+                
+        except Exception as e:
+            error_msg = str(e)
+            quota = CachedQuota.from_error(account.id, error_msg)
+            self.quota_cache.set(account.id, quota)
+            print(f"[QuotaScheduler] 获取账号 {account.id} 额度异常: {error_msg}")
+            return False
+    
+    def mark_active(self, account_id: str) -> None:
+        """标记账号为活跃
+        
+        Args:
+            account_id: 账号ID
+        """
+        with self._lock:
+            self._active_accounts[account_id] = time.time()
+    
+    def is_active(self, account_id: str) -> bool:
+        """检查账号是否活跃
+        
+        Args:
+            account_id: 账号ID
+            
+        Returns:
+            是否在活跃时间窗口内
+        """
+        with self._lock:
+            last_used = self._active_accounts.get(account_id)
+            if last_used is None:
+                return False
+            return (time.time() - last_used) < ACTIVE_WINDOW_SECONDS
+    
+    def get_active_accounts(self) -> Set[str]:
+        """获取活跃账号列表
+        
+        Returns:
+            活跃账号ID集合
+        """
+        current_time = time.time()
+        with self._lock:
+            return {
+                account_id 
+                for account_id, last_used in self._active_accounts.items()
+                if (current_time - last_used) < ACTIVE_WINDOW_SECONDS
+            }
+    
+    def cleanup_inactive(self) -> None:
+        """清理不活跃的账号记录"""
+        current_time = time.time()
+        with self._lock:
+            self._active_accounts = {
+                account_id: last_used
+                for account_id, last_used in self._active_accounts.items()
+                if (current_time - last_used) < ACTIVE_WINDOW_SECONDS * 2
+            }
+    
+    async def _update_loop(self) -> None:
+        """定时更新循环"""
+        while self._running:
+            try:
+                await asyncio.sleep(self.update_interval)
+                
+                if not self._running:
+                    break
+                
+                # 获取活跃账号
+                active_ids = self.get_active_accounts()
+                
+                if active_ids:
+                    print(f"[QuotaScheduler] 更新 {len(active_ids)} 个活跃账号的额度...")
+                    
+                    accounts = self._get_accounts()
+                    active_accounts = [acc for acc in accounts if acc.id in active_ids]
+                    
+                    # 并发更新
+                    tasks = [self._refresh_account_internal(acc) for acc in active_accounts]
+                    await asyncio.gather(*tasks, return_exceptions=True)
+                    
+                    # 保存缓存
+                    await self.quota_cache.save_to_file_async()
+                
+                # 清理不活跃记录
+                self.cleanup_inactive()
+                
+            except asyncio.CancelledError:
+                break
+            except Exception as e:
+                print(f"[QuotaScheduler] 更新循环异常: {e}")
+    
+    def get_last_full_refresh(self) -> Optional[float]:
+        """获取最后一次全量刷新时间"""
+        return self._last_full_refresh
+    
+    def get_status(self) -> dict:
+        """获取调度器状态"""
+        return {
+            "running": self._running,
+            "update_interval": self.update_interval,
+            "active_accounts": list(self.get_active_accounts()),
+            "active_count": len(self.get_active_accounts()),
+            "last_full_refresh": self._last_full_refresh
+        }
+
+
+# 全局调度器实例
+_quota_scheduler: Optional[QuotaScheduler] = None
+
+
+def get_quota_scheduler() -> QuotaScheduler:
+    """获取全局调度器实例"""
+    global _quota_scheduler
+    if _quota_scheduler is None:
+        _quota_scheduler = QuotaScheduler()
+    return _quota_scheduler

KiroProxy/kiro_proxy/core/rate_limiter.py

@@ -0,0 +1,125 @@
+"""请求限速器 - 降低账号封禁风险
+
+通过限制请求频率来降低被检测为异常活动的风险：
+- 每账号请求间隔
+- 全局请求限制
+- 突发请求检测
+
+注意：429 冷却时间已改为自动管理（固定5分钟），不再需要手动配置
+"""
+import time
+from dataclasses import dataclass, field
+from typing import Dict, Optional
+from collections import deque
+
+
+@dataclass
+class RateLimitConfig:
+    """限速配置"""
+    # 每账号最小请求间隔（秒）
+    min_request_interval: float = 0.5
+
+    # 每账号每分钟最大请求数
+    max_requests_per_minute: int = 60
+
+    # 全局每分钟最大请求数
+    global_max_requests_per_minute: int = 120
+
+    # 是否启用限速
+    enabled: bool = False
+
+
+@dataclass
+class AccountRateState:
+    """账号限速状态"""
+    last_request_time: float = 0
+    request_times: deque = field(default_factory=lambda: deque(maxlen=100))
+
+    def get_requests_in_window(self, window_seconds: int = 60) -> int:
+        """获取时间窗口内的请求数"""
+        now = time.time()
+        cutoff = now - window_seconds
+        return sum(1 for t in self.request_times if t > cutoff)
+
+
+class RateLimiter:
+    """请求限速器"""
+
+    def __init__(self, config: RateLimitConfig = None):
+        self.config = config or RateLimitConfig()
+        self._account_states: Dict[str, AccountRateState] = {}
+        self._global_requests: deque = deque(maxlen=1000)
+
+    def _get_account_state(self, account_id: str) -> AccountRateState:
+        """获取账号状态"""
+        if account_id not in self._account_states:
+            self._account_states[account_id] = AccountRateState()
+        return self._account_states[account_id]
+
+    def can_request(self, account_id: str) -> tuple:
+        """检查是否可以发送请求
+
+        Returns:
+            (can_request, wait_seconds, reason)
+        """
+        if not self.config.enabled:
+            return True, 0, None
+
+        now = time.time()
+        state = self._get_account_state(account_id)
+
+        # 检查最小请求间隔
+        time_since_last = now - state.last_request_time
+        if time_since_last < self.config.min_request_interval:
+            wait = self.config.min_request_interval - time_since_last
+            return False, wait, f"请求过快，请等待 {wait:.1f} 秒"
+
+        # 检查每账号每分钟限制
+        account_rpm = state.get_requests_in_window(60)
+        if account_rpm >= self.config.max_requests_per_minute:
+            return False, 2, f"账号请求过于频繁 ({account_rpm}/分钟)"
+
+        # 检查全局每分钟限制
+        global_rpm = sum(1 for t in self._global_requests if t > now - 60)
+        if global_rpm >= self.config.global_max_requests_per_minute:
+            return False, 1, f"全局请求过于频繁 ({global_rpm}/分钟)"
+
+        return True, 0, None
+
+    def record_request(self, account_id: str):
+        """记录请求"""
+        now = time.time()
+        state = self._get_account_state(account_id)
+        state.last_request_time = now
+        state.request_times.append(now)
+        self._global_requests.append(now)
+
+    def get_stats(self) -> dict:
+        """获取统计信息"""
+        now = time.time()
+        return {
+            "enabled": self.config.enabled,
+            "global_rpm": sum(1 for t in self._global_requests if t > now - 60),
+            "accounts": {
+                aid: {
+                    "rpm": state.get_requests_in_window(60),
+                    "last_request": now - state.last_request_time if state.last_request_time else None
+                }
+                for aid, state in self._account_states.items()
+            }
+        }
+
+    def update_config(self, **kwargs):
+        """更新配置"""
+        for key, value in kwargs.items():
+            if hasattr(self.config, key):
+                setattr(self.config, key, value)
+
+
+# 全局实例
+rate_limiter = RateLimiter()
+
+
+def get_rate_limiter() -> RateLimiter:
+    """获取限速器实例"""
+    return rate_limiter

KiroProxy/kiro_proxy/core/refresh_manager.py

@@ -0,0 +1,888 @@
+"""Token 刷新管理模块
+
+提供 Token 批量刷新的管理功能，包括：
+- 刷新进度跟踪
+- 并发控制
+- 重试机制配置
+- 全局锁防止重复刷新
+- Token 过期检测和自动刷新
+- 指数退避重试策略
+"""
+import time
+import asyncio
+from dataclasses import dataclass, field, asdict
+from typing import Optional, Dict, Any, List, Tuple, Callable, TYPE_CHECKING
+from threading import Lock
+
+if TYPE_CHECKING:
+    from .account import Account
+
+
+@dataclass
+class RefreshProgress:
+    """刷新进度信息
+    
+    用于跟踪批量 Token 刷新操作的进度状态。
+    
+    Attributes:
+        total: 需要刷新的账号总数
+        completed: 已完成处理的账号数（包括成功和失败）
+        success: 刷新成功的账号数
+        failed: 刷新失败的账号数
+        current_account: 当前正在处理的账号ID
+        status: 刷新状态 - running(进行中), completed(已完成), error(出错)
+        started_at: 刷新开始时间戳
+        message: 状态消息，用于显示当前操作或错误信息
+    """
+    total: int = 0
+    completed: int = 0
+    success: int = 0
+    failed: int = 0
+    current_account: Optional[str] = None
+    status: str = "running"  # running, completed, error
+    started_at: float = field(default_factory=time.time)
+    message: Optional[str] = None
+    
+    def to_dict(self) -> Dict[str, Any]:
+        """转换为字典格式
+        
+        Returns:
+            包含所有进度信息的字典
+        """
+        return asdict(self)
+    
+    @property
+    def progress_percent(self) -> float:
+        """计算完成百分比
+        
+        Returns:
+            完成百分比（0-100）
+        """
+        if self.total == 0:
+            return 0.0
+        return round((self.completed / self.total) * 100, 2)
+    
+    @property
+    def elapsed_seconds(self) -> float:
+        """计算已用时间（秒）
+        
+        Returns:
+            从开始到现在的秒数
+        """
+        return time.time() - self.started_at
+    
+    def is_running(self) -> bool:
+        """检查是否正在运行
+        
+        Returns:
+            True 表示正在运行
+        """
+        return self.status == "running"
+    
+    def is_completed(self) -> bool:
+        """检查是否已完成
+        
+        Returns:
+            True 表示已完成（成功或出错）
+        """
+        return self.status in ("completed", "error")
+
+
+@dataclass
+class RefreshConfig:
+    """刷新配置
+    
+    控制 Token 刷新行为的配置参数。
+    
+    Attributes:
+        max_retries: 单个账号刷新失败时的最大重试次数
+        retry_base_delay: 重试基础延迟时间（秒），实际延迟会指数增长
+        concurrency: 并发刷新的账号数量
+        token_refresh_before_expiry: Token 过期前多少秒开始刷新（默认5分钟）
+        auto_refresh_interval: 自动刷新检查间隔（秒）
+    """
+    max_retries: int = 3
+    retry_base_delay: float = 1.0
+    concurrency: int = 3
+    token_refresh_before_expiry: int = 300  # 5分钟
+    auto_refresh_interval: int = 60  # 1分钟
+    
+    def to_dict(self) -> Dict[str, Any]:
+        """转换为字典格式
+        
+        Returns:
+            包含所有配置项的字典
+        """
+        return asdict(self)
+    
+    @classmethod
+    def from_dict(cls, data: Dict[str, Any]) -> 'RefreshConfig':
+        """从字典创建配置实例
+        
+        Args:
+            data: 配置字典
+            
+        Returns:
+            RefreshConfig 实例
+        """
+        return cls(
+            max_retries=data.get("max_retries", 3),
+            retry_base_delay=data.get("retry_base_delay", 1.0),
+            concurrency=data.get("concurrency", 3),
+            token_refresh_before_expiry=data.get("token_refresh_before_expiry", 300),
+            auto_refresh_interval=data.get("auto_refresh_interval", 60)
+        )
+    
+    def validate(self) -> bool:
+        """验证配置有效性
+        
+        Returns:
+            True 表示配置有效
+            
+        Raises:
+            ValueError: 配置值无效时抛出
+        """
+        if self.max_retries < 0:
+            raise ValueError("max_retries 不能为负数")
+        if self.retry_base_delay <= 0:
+            raise ValueError("retry_base_delay 必须大于0")
+        if self.concurrency < 1:
+            raise ValueError("concurrency 必须至少为1")
+        if self.token_refresh_before_expiry < 0:
+            raise ValueError("token_refresh_before_expiry 不能为负数")
+        if self.auto_refresh_interval < 1:
+            raise ValueError("auto_refresh_interval 必须至少为1秒")
+        return True
+
+
+class RefreshManager:
+    """Token 刷新管理器
+    
+    管理 Token 批量刷新操作，提供：
+    - 全局锁机制防止重复刷新
+    - 进度跟踪
+    - 配置管理
+    - 自动 Token 刷新定时器
+    
+    使用示例:
+        manager = get_refresh_manager()
+        if not manager.is_refreshing():
+            # 开始刷新操作
+            pass
+    """
+    
+    def __init__(self, config: Optional[RefreshConfig] = None):
+        """初始化刷新管理器
+        
+        Args:
+            config: 刷新配置，None 则使用默认配置
+        """
+        # 配置
+        self._config = config or RefreshConfig()
+        
+        # 线程锁（用于同步访问状态）
+        self._lock = Lock()
+        
+        # 异步锁（用于防止并发刷新操作）
+        self._async_lock = asyncio.Lock()
+        
+        # 刷新状态
+        self._is_refreshing: bool = False
+        self._progress: Optional[RefreshProgress] = None
+        
+        # 上次刷新完成时间
+        self._last_refresh_time: Optional[float] = None
+        
+        # 自动刷新定时器
+        self._auto_refresh_task: Optional[asyncio.Task] = None
+        self._auto_refresh_running: bool = False
+        
+        # 获取账号列表的回调函数
+        self._accounts_getter: Optional[Callable] = None
+    
+    @property
+    def config(self) -> RefreshConfig:
+        """获取当前配置
+        
+        Returns:
+            当前的刷新配置
+        """
+        with self._lock:
+            return self._config
+    
+    def is_refreshing(self) -> bool:
+        """检查是否正在刷新
+        
+        Returns:
+            True 表示正在进行刷新操作
+        """
+        with self._lock:
+            return self._is_refreshing
+    
+    def get_progress(self) -> Optional[RefreshProgress]:
+        """获取当前刷新进度
+        
+        Returns:
+            当前进度信息，如果没有进行中的刷新则返回 None
+        """
+        with self._lock:
+            return self._progress
+    
+    def get_progress_dict(self) -> Optional[Dict[str, Any]]:
+        """获取当前刷新进度（字典格式）
+        
+        Returns:
+            进度信息字典，如果没有进行中的刷新则返回 None
+        """
+        with self._lock:
+            if self._progress is None:
+                return None
+            return self._progress.to_dict()
+    
+    def update_config(self, **kwargs) -> None:
+        """更新配置参数
+        
+        支持的参数:
+            max_retries: 最大重试次数
+            retry_base_delay: 重试基础延迟
+            concurrency: 并发数
+            token_refresh_before_expiry: Token 过期前刷新时间
+            auto_refresh_interval: 自动刷新检查间隔
+        
+        Args:
+            **kwargs: 要更新的配置项
+            
+        Raises:
+            ValueError: 配置值无效时抛出
+        """
+        with self._lock:
+            # 创建新配置
+            new_config = RefreshConfig(
+                max_retries=kwargs.get("max_retries", self._config.max_retries),
+                retry_base_delay=kwargs.get("retry_base_delay", self._config.retry_base_delay),
+                concurrency=kwargs.get("concurrency", self._config.concurrency),
+                token_refresh_before_expiry=kwargs.get(
+                    "token_refresh_before_expiry", 
+                    self._config.token_refresh_before_expiry
+                ),
+                auto_refresh_interval=kwargs.get(
+                    "auto_refresh_interval", 
+                    self._config.auto_refresh_interval
+                )
+            )
+            
+            # 验证配置
+            new_config.validate()
+            
+            # 应用新配置
+            self._config = new_config
+    
+    def _start_refresh(self, total: int, message: Optional[str] = None) -> RefreshProgress:
+        """开始刷新操作（内部方法）
+        
+        Args:
+            total: 需要刷新的账号总数
+            message: 初始状态消息
+            
+        Returns:
+            新创建的进度对象
+        """
+        with self._lock:
+            self._is_refreshing = True
+            self._progress = RefreshProgress(
+                total=total,
+                completed=0,
+                success=0,
+                failed=0,
+                current_account=None,
+                status="running",
+                started_at=time.time(),
+                message=message or "开始刷新"
+            )
+            return self._progress
+    
+    def _update_progress(
+        self,
+        current_account: Optional[str] = None,
+        success: bool = False,
+        failed: bool = False,
+        message: Optional[str] = None
+    ) -> None:
+        """更新刷新进度（内部方法）
+        
+        Args:
+            current_account: 当前处理的账号ID
+            success: 是否成功完成一个账号
+            failed: 是否失败一个账号
+            message: 状态消息
+        """
+        with self._lock:
+            if self._progress is None:
+                return
+            
+            if current_account is not None:
+                self._progress.current_account = current_account
+            
+            if success:
+                self._progress.success += 1
+                self._progress.completed += 1
+            elif failed:
+                self._progress.failed += 1
+                self._progress.completed += 1
+            
+            if message is not None:
+                self._progress.message = message
+    
+    def _finish_refresh(self, status: str = "completed", message: Optional[str] = None) -> None:
+        """完成刷新操作（内部方法）
+        
+        Args:
+            status: 最终状态 - completed 或 error
+            message: 最终状态消息
+        """
+        with self._lock:
+            self._is_refreshing = False
+            self._last_refresh_time = time.time()
+            
+            if self._progress is not None:
+                self._progress.status = status
+                self._progress.current_account = None
+                if message is not None:
+                    self._progress.message = message
+                elif status == "completed":
+                    self._progress.message = (
+                        f"刷新完成: 成功 {self._progress.success}, "
+                        f"失败 {self._progress.failed}"
+                    )
+    
+    def get_last_refresh_time(self) -> Optional[float]:
+        """获取上次刷新完成时间
+        
+        Returns:
+            上次刷新完成的时间戳，如果从未刷新则返回 None
+        """
+        with self._lock:
+            return self._last_refresh_time
+    
+    def get_status(self) -> Dict[str, Any]:
+        """获取管理器状态
+        
+        Returns:
+            包含管理器状态信息的字典
+        """
+        with self._lock:
+            return {
+                "is_refreshing": self._is_refreshing,
+                "progress": self._progress.to_dict() if self._progress else None,
+                "last_refresh_time": self._last_refresh_time,
+                "config": self._config.to_dict()
+            }
+    
+    async def acquire_refresh_lock(self) -> bool:
+        """尝试获取刷新锁
+        
+        用于在开始刷新操作前获取异步锁，防止并发刷新。
+        
+        Returns:
+            True 表示成功获取锁，False 表示已有刷新在进行
+        """
+        if self._async_lock.locked():
+            return False
+        
+        await self._async_lock.acquire()
+        return True
+    
+    def release_refresh_lock(self) -> None:
+        """释放刷新锁
+        
+        在刷新操作完成后调用，释放异步锁。
+        """
+        if self._async_lock.locked():
+            self._async_lock.release()
+    
+    def should_refresh_token(self, account: 'Account') -> bool:
+        """判断是否需要刷新 Token
+        
+        检查账号的 Token 是否即将过期（过期前5分钟）或已过期。
+        
+        Args:
+            account: 账号对象
+            
+        Returns:
+            True 表示需要刷新 Token
+        """
+        creds = account.get_credentials()
+        if creds is None:
+            return True  # 无法获取凭证，需要刷新
+        
+        # 检查是否已过期或即将过期
+        minutes_before = self._config.token_refresh_before_expiry // 60
+        return creds.is_expired() or creds.is_expiring_soon(minutes=minutes_before)
+    
+    async def refresh_token_if_needed(self, account: 'Account') -> Tuple[bool, str]:
+        """如果需要则刷新 Token
+        
+        检查账号 Token 状态，如果即将过期或已过期则刷新。
+        
+        Args:
+            account: 账号对象
+            
+        Returns:
+            (success, message) 元组
+            - success: True 表示 Token 有效（无需刷新或刷新成功）
+            - message: 状态消息
+        """
+        if not self.should_refresh_token(account):
+            return True, "Token 有效，无需刷新"
+        
+        print(f"[RefreshManager] 账号 {account.id} Token 即将过期，开始刷新...")
+        
+        success, result = await account.refresh_token()
+        
+        if success:
+            print(f"[RefreshManager] 账号 {account.id} Token 刷新成功")
+            return True, "Token 刷新成功"
+        else:
+            print(f"[RefreshManager] 账号 {account.id} Token 刷新失败: {result}")
+            return False, f"Token 刷新失败: {result}"
+    
+    async def refresh_account_with_token(
+        self, 
+        account: 'Account',
+        get_quota_func: Optional[Callable] = None
+    ) -> Tuple[bool, str]:
+        """刷新单个账号（先刷新 Token，再获取额度）
+        
+        Args:
+            account: 账号对象
+            get_quota_func: 获取额度的异步函数，接受 account 参数
+            
+        Returns:
+            (success, message) 元组
+        """
+        # 1. 先刷新 Token（如果需要）
+        token_success, token_msg = await self.refresh_token_if_needed(account)
+        
+        if not token_success:
+            return False, token_msg
+        
+        # 2. 获取额度（如果提供了获取函数）
+        if get_quota_func:
+            try:
+                quota_success, quota_result = await get_quota_func(account)
+                if quota_success:
+                    return True, "刷新成功"
+                else:
+                    error_msg = quota_result.get("error", "Unknown error") if isinstance(quota_result, dict) else str(quota_result)
+                    return False, f"获取额度失败: {error_msg}"
+            except Exception as e:
+                return False, f"获取额度异常: {str(e)}"
+        
+        return True, token_msg
+    
+    async def retry_with_backoff(
+        self,
+        func: Callable,
+        *args,
+        max_retries: Optional[int] = None,
+        **kwargs
+    ) -> Tuple[bool, Any]:
+        """带指数退避的重试
+        
+        执行异步函数，失败时使用指数退避策略重试。
+        
+        Args:
+            func: 要执行的异步函数
+            *args: 传递给函数的位置参数
+            max_retries: 最大重试次数，None 则使用配置值
+            **kwargs: 传递给函数的关键字参数
+            
+        Returns:
+            (success, result) 元组
+            - success: True 表示执行成功
+            - result: 成功时为函数返回值，失败时为错误信息
+        """
+        retries = max_retries if max_retries is not None else self._config.max_retries
+        base_delay = self._config.retry_base_delay
+        
+        last_error = None
+        
+        for attempt in range(retries + 1):
+            try:
+                result = await func(*args, **kwargs)
+                
+                # 检查返回值格式
+                if isinstance(result, tuple) and len(result) == 2:
+                    success, data = result
+                    if success:
+                        return True, data
+                    else:
+                        last_error = data
+                        # 检查是否是 429 错误
+                        if self._is_rate_limit_error(data):
+                            delay = self._get_rate_limit_delay(attempt, base_delay)
+                        else:
+                            delay = base_delay * (2 ** attempt)
+                else:
+                    # 函数返回非元组，视为成功
+                    return True, result
+                    
+            except Exception as e:
+                last_error = str(e)
+                delay = base_delay * (2 ** attempt)
+            
+            # 如果还有重试机会，等待后重试
+            if attempt < retries:
+                print(f"[RefreshManager] 第 {attempt + 1} 次尝试失败，{delay:.1f}秒后重试...")
+                await asyncio.sleep(delay)
+        
+        return False, last_error
+    
+    def _is_rate_limit_error(self, error: Any) -> bool:
+        """检查是否是限流错误（429）
+        
+        Args:
+            error: 错误信息
+            
+        Returns:
+            True 表示是限流错误
+        """
+        if isinstance(error, str):
+            return "429" in error or "rate limit" in error.lower() or "请求过于频繁" in error
+        return False
+    
+    def _get_rate_limit_delay(self, attempt: int, base_delay: float) -> float:
+        """获取限流错误的等待时间
+        
+        429 错误使用更长的等待时间。
+        
+        Args:
+            attempt: 当前尝试次数（从0开始）
+            base_delay: 基础延迟
+            
+        Returns:
+            等待时间（秒）
+        """
+        # 429 错误使用 3 倍的基础延迟
+        return base_delay * 3 * (2 ** attempt)
+    
+    async def refresh_all_with_token(
+        self,
+        accounts: List['Account'],
+        get_quota_func: Optional[Callable] = None,
+        skip_disabled: bool = True,
+        skip_error: bool = True
+    ) -> RefreshProgress:
+        """刷新所有账号（先刷新 Token，再获取额度）
+        
+        使用全局锁防止并发刷新，支持进度跟踪。
+        
+        Args:
+            accounts: 账号列表
+            get_quota_func: 获取额度的异步函数
+            skip_disabled: 是否跳过已禁用的账号
+            skip_error: 是否跳过已处于错误状态的账号
+            
+        Returns:
+            刷新进度信息
+        """
+        # 尝试获取锁
+        if not await self.acquire_refresh_lock():
+            # 已有刷新在进行
+            progress = self.get_progress()
+            if progress:
+                return progress
+            # 返回一个错误状态的进度
+            return RefreshProgress(
+                total=0,
+                status="error",
+                message="刷新操作正在进行中"
+            )
+        
+        try:
+            # 过滤账号
+            accounts_to_refresh = []
+            for acc in accounts:
+                if skip_disabled and not acc.enabled:
+                    continue
+                if skip_error and acc.status.value in ("unhealthy", "suspended"):
+                    continue
+                accounts_to_refresh.append(acc)
+            
+            total = len(accounts_to_refresh)
+            
+            # 开始刷新
+            self._start_refresh(total, f"开始刷新 {total} 个账号")
+            
+            if total == 0:
+                self._finish_refresh("completed", "没有需要刷新的账号")
+                return self.get_progress()
+            
+            # 使用信号量控制并发
+            semaphore = asyncio.Semaphore(self._config.concurrency)
+            
+            async def refresh_one(account: 'Account'):
+                async with semaphore:
+                    self._update_progress(
+                        current_account=account.id,
+                        message=f"正在刷新: {account.name}"
+                    )
+                    
+                    # 使用重试机制刷新
+                    success, result = await self.retry_with_backoff(
+                        self.refresh_account_with_token,
+                        account,
+                        get_quota_func
+                    )
+                    
+                    if success:
+                        self._update_progress(success=True)
+                    else:
+                        self._update_progress(failed=True)
+                    
+                    return success, result
+            
+            # 并发执行
+            tasks = [refresh_one(acc) for acc in accounts_to_refresh]
+            await asyncio.gather(*tasks, return_exceptions=True)
+            
+            # 完成
+            self._finish_refresh("completed")
+            return self.get_progress()
+            
+        except Exception as e:
+            self._finish_refresh("error", f"刷新异常: {str(e)}")
+            return self.get_progress()
+            
+        finally:
+            self.release_refresh_lock()
+    
+    def _is_auth_error(self, error: Any) -> bool:
+        """检查是否是认证错误（401）
+        
+        Args:
+            error: 错误信息
+            
+        Returns:
+            True 表示是认证错误
+        """
+        if isinstance(error, str):
+            return "401" in error or "unauthorized" in error.lower() or "凭证已过期" in error or "需要重新登录" in error
+        return False
+    
+    async def execute_with_auth_retry(
+        self,
+        account: 'Account',
+        func: Callable,
+        *args,
+        **kwargs
+    ) -> Tuple[bool, Any]:
+        """执行操作，遇到 401 错误时自动刷新 Token 并重试
+        
+        Args:
+            account: 账号对象
+            func: 要执行的异步函数
+            *args: 传递给函数的位置参数
+            **kwargs: 传递给函数的关键字参数
+            
+        Returns:
+            (success, result) 元组
+        """
+        try:
+            result = await func(*args, **kwargs)
+            
+            # 检查返回值
+            if isinstance(result, tuple) and len(result) == 2:
+                success, data = result
+                if success:
+                    return True, data
+                
+                # 检查是否是 401 错误
+                if self._is_auth_error(data):
+                    print(f"[RefreshManager] 账号 {account.id} 遇到 401 错误，尝试刷新 Token...")
+                    
+                    # 刷新 Token
+                    refresh_success, refresh_msg = await account.refresh_token()
+                    
+                    if refresh_success:
+                        print(f"[RefreshManager] Token 刷新成功，重试请求...")
+                        # 重试原请求
+                        retry_result = await func(*args, **kwargs)
+                        if isinstance(retry_result, tuple) and len(retry_result) == 2:
+                            return retry_result
+                        return True, retry_result
+                    else:
+                        return False, f"Token 刷新失败: {refresh_msg}"
+                
+                return False, data
+            
+            return True, result
+            
+        except Exception as e:
+            error_str = str(e)
+            
+            # 检查异常是否是 401 错误
+            if self._is_auth_error(error_str):
+                print(f"[RefreshManager] 账号 {account.id} 遇到 401 异常，尝试刷新 Token...")
+                
+                refresh_success, refresh_msg = await account.refresh_token()
+                
+                if refresh_success:
+                    print(f"[RefreshManager] Token 刷新成功，重试请求...")
+                    try:
+                        retry_result = await func(*args, **kwargs)
+                        if isinstance(retry_result, tuple) and len(retry_result) == 2:
+                            return retry_result
+                        return True, retry_result
+                    except Exception as retry_e:
+                        return False, f"重试失败: {str(retry_e)}"
+                else:
+                    return False, f"Token 刷新失败: {refresh_msg}"
+            
+            return False, error_str
+    
+    def set_accounts_getter(self, getter: Callable) -> None:
+        """设置获取账号列表的回调函数
+        
+        Args:
+            getter: 返回账号列表的可调用对象
+        """
+        self._accounts_getter = getter
+    
+    def _get_accounts(self) -> List['Account']:
+        """获取账号列表"""
+        if self._accounts_getter:
+            return self._accounts_getter()
+        return []
+    
+    async def start_auto_refresh(self) -> None:
+        """启动自动 Token 刷新定时器
+        
+        定期检查所有账号的 Token 状态，自动刷新即将过期的 Token。
+        启动前会清除已存在的定时器，防止重复启动。
+        """
+        # 先停止已存在的定时器
+        await self.stop_auto_refresh()
+        
+        self._auto_refresh_running = True
+        self._auto_refresh_task = asyncio.create_task(self._auto_refresh_loop())
+        print(f"[RefreshManager] 自动 Token 刷新定时器已启动，检查间隔: {self._config.auto_refresh_interval}秒")
+    
+    async def stop_auto_refresh(self) -> None:
+        """停止自动 Token 刷新定时器"""
+        self._auto_refresh_running = False
+        
+        if self._auto_refresh_task:
+            self._auto_refresh_task.cancel()
+            try:
+                await self._auto_refresh_task
+            except asyncio.CancelledError:
+                pass
+            self._auto_refresh_task = None
+            print("[RefreshManager] 自动 Token 刷新定时器已停止")
+    
+    def is_auto_refresh_running(self) -> bool:
+        """检查自动刷新定时器是否在运行
+        
+        Returns:
+            True 表示定时器正在运行
+        """
+        return self._auto_refresh_running and self._auto_refresh_task is not None
+    
+    async def _auto_refresh_loop(self) -> None:
+        """自动刷新循环
+        
+        定期检查所有账号的 Token 状态，刷新即将过期的 Token。
+        跳过已禁用或错误状态的账号，单个失败不影响其他账号。
+        """
+        while self._auto_refresh_running:
+            try:
+                await asyncio.sleep(self._config.auto_refresh_interval)
+                
+                if not self._auto_refresh_running:
+                    break
+                
+                accounts = self._get_accounts()
+                if not accounts:
+                    continue
+                
+                # 检查需要刷新的账号
+                accounts_to_refresh = []
+                for account in accounts:
+                    # 跳过已禁用的账号
+                    if not account.enabled:
+                        continue
+                    
+                    # 跳过错误状态的账号
+                    if hasattr(account, 'status') and account.status.value in ("unhealthy", "suspended", "disabled"):
+                        continue
+                    
+                    # 检查是否需要刷新 Token
+                    if self.should_refresh_token(account):
+                        accounts_to_refresh.append(account)
+                
+                if accounts_to_refresh:
+                    print(f"[RefreshManager] 发现 {len(accounts_to_refresh)} 个账号需要刷新 Token")
+                    
+                    # 逐个刷新，单个失败不影响其他
+                    for account in accounts_to_refresh:
+                        try:
+                            success, message = await self.refresh_token_if_needed(account)
+                            if not success:
+                                print(f"[RefreshManager] 账号 {account.id} 自动刷新失败: {message}")
+                        except Exception as e:
+                            print(f"[RefreshManager] 账号 {account.id} 自动刷新异常: {e}")
+                            # 继续处理其他账号
+                
+            except asyncio.CancelledError:
+                break
+            except Exception as e:
+                print(f"[RefreshManager] 自动刷新循环异常: {e}")
+                # 继续运行，不因异常停止
+    
+    def get_auto_refresh_status(self) -> Dict[str, Any]:
+        """获取自动刷新状态
+        
+        Returns:
+            包含自动刷新状态信息的字典
+        """
+        return {
+            "running": self.is_auto_refresh_running(),
+            "interval": self._config.auto_refresh_interval,
+            "token_refresh_before_expiry": self._config.token_refresh_before_expiry
+        }
+
+
+# 全局刷新管理器实例
+_refresh_manager: Optional[RefreshManager] = None
+_manager_lock = Lock()
+
+
+def get_refresh_manager() -> RefreshManager:
+    """获取全局刷新管理器实例
+    
+    使用单例模式，确保全局只有一个刷新管理器实例。
+    
+    Returns:
+        全局 RefreshManager 实例
+    """
+    global _refresh_manager
+    
+    if _refresh_manager is None:
+        with _manager_lock:
+            # 双重检查锁定
+            if _refresh_manager is None:
+                _refresh_manager = RefreshManager()
+    
+    return _refresh_manager
+
+
+def reset_refresh_manager() -> None:
+    """重置全局刷新管理器
+    
+    主要用于测试场景，重置全局实例。
+    """
+    global _refresh_manager
+    
+    with _manager_lock:
+        _refresh_manager = None

KiroProxy/kiro_proxy/core/retry.py

@@ -0,0 +1,117 @@
+"""请求重试机制"""
+import asyncio
+from typing import Callable, Any, Optional, Set
+from functools import wraps
+
+# 可重试的状态码
+RETRYABLE_STATUS_CODES: Set[int] = {
+    408,  # Request Timeout
+    500,  # Internal Server Error
+    502,  # Bad Gateway
+    503,  # Service Unavailable
+    504,  # Gateway Timeout
+}
+
+# 不可重试的状态码（直接返回错误）
+NON_RETRYABLE_STATUS_CODES: Set[int] = {
+    400,  # Bad Request
+    401,  # Unauthorized
+    403,  # Forbidden
+    404,  # Not Found
+    422,  # Unprocessable Entity
+}
+
+
+def is_retryable_error(status_code: Optional[int], error: Optional[Exception] = None) -> bool:
+    """判断是否为可重试的错误"""
+    # 网络错误可重试
+    if error:
+        error_name = type(error).__name__.lower()
+        if any(kw in error_name for kw in ['timeout', 'connect', 'network', 'reset']):
+            return True
+    
+    # 特定状态码可重试
+    if status_code and status_code in RETRYABLE_STATUS_CODES:
+        return True
+    
+    return False
+
+
+def is_non_retryable_error(status_code: Optional[int]) -> bool:
+    """判断是否为不可重试的错误"""
+    return status_code in NON_RETRYABLE_STATUS_CODES if status_code else False
+
+
+async def retry_async(
+    func: Callable,
+    max_retries: int = 2,
+    base_delay: float = 0.5,
+    max_delay: float = 5.0,
+    on_retry: Optional[Callable[[int, Exception], None]] = None
+) -> Any:
+    """
+    异步重试装饰器
+    
+    Args:
+        func: 要执行的异步函数
+        max_retries: 最大重试次数
+        base_delay: 基础延迟（秒）
+        max_delay: 最大延迟（秒）
+        on_retry: 重试时的回调函数
+    """
+    last_error = None
+    
+    for attempt in range(max_retries + 1):
+        try:
+            return await func()
+        except Exception as e:
+            last_error = e
+            
+            # 检查是否可重试
+            status_code = getattr(e, 'status_code', None)
+            if is_non_retryable_error(status_code):
+                raise
+            
+            if attempt < max_retries and is_retryable_error(status_code, e):
+                # 指数退避
+                delay = min(base_delay * (2 ** attempt), max_delay)
+                
+                if on_retry:
+                    on_retry(attempt + 1, e)
+                else:
+                    print(f"[Retry] 第 {attempt + 1} 次重试，延迟 {delay:.1f}s，错误: {type(e).__name__}")
+                
+                await asyncio.sleep(delay)
+            else:
+                raise
+    
+    raise last_error
+
+
+class RetryableRequest:
+    """可重试的请求上下文"""
+    
+    def __init__(self, max_retries: int = 2, base_delay: float = 0.5):
+        self.max_retries = max_retries
+        self.base_delay = base_delay
+        self.attempt = 0
+        self.last_error = None
+    
+    def should_retry(self, status_code: Optional[int] = None, error: Optional[Exception] = None) -> bool:
+        """判断是否应该重试"""
+        self.attempt += 1
+        self.last_error = error
+        
+        if self.attempt > self.max_retries:
+            return False
+        
+        if is_non_retryable_error(status_code):
+            return False
+        
+        return is_retryable_error(status_code, error)
+    
+    async def wait(self):
+        """等待重试延迟"""
+        delay = min(self.base_delay * (2 ** (self.attempt - 1)), 5.0)
+        print(f"[Retry] 第 {self.attempt} 次重试，延迟 {delay:.1f}s")
+        await asyncio.sleep(delay)

KiroProxy/kiro_proxy/core/scheduler.py

@@ -0,0 +1,125 @@
+"""后台任务调度器"""
+import asyncio
+from typing import Optional
+from datetime import datetime
+
+
+class BackgroundScheduler:
+    """后台任务调度器
+    
+    负责：
+    - Token 过期预刷新
+    - 账号健康检查
+    - 统计数据更新
+    """
+    
+    def __init__(self):
+        self._task: Optional[asyncio.Task] = None
+        self._running = False
+        self._refresh_interval = 300  # 5 分钟检查一次
+        self._health_check_interval = 600  # 10 分钟健康检查
+        self._last_health_check = 0
+    
+    async def start(self):
+        """启动后台任务"""
+        if self._running:
+            return
+        self._running = True
+        self._task = asyncio.create_task(self._run())
+        print("[Scheduler] 后台任务已启动")
+    
+    async def stop(self):
+        """停止后台任务"""
+        self._running = False
+        if self._task:
+            self._task.cancel()
+            try:
+                await self._task
+            except asyncio.CancelledError:
+                pass
+        print("[Scheduler] 后台任务已停止")
+    
+    async def _run(self):
+        """主循环"""
+        from . import state
+        import time
+        
+        while self._running:
+            try:
+                # Token 预刷新
+                await self._refresh_expiring_tokens(state)
+                
+                # 健康检查
+                now = time.time()
+                if now - self._last_health_check > self._health_check_interval:
+                    await self._health_check(state)
+                    self._last_health_check = now
+                
+                await asyncio.sleep(self._refresh_interval)
+                
+            except asyncio.CancelledError:
+                break
+            except Exception as e:
+                print(f"[Scheduler] 错误: {e}")
+                await asyncio.sleep(60)
+    
+    async def _refresh_expiring_tokens(self, state):
+        """刷新即将过期的 Token"""
+        for acc in state.accounts:
+            if not acc.enabled:
+                continue
+            
+            # 提前 15 分钟刷新
+            if acc.is_token_expiring_soon(15):
+                print(f"[Scheduler] Token 即将过期，预刷新: {acc.name}")
+                success, msg = await acc.refresh_token()
+                if success:
+                    print(f"[Scheduler] Token 刷新成功: {acc.name}")
+                else:
+                    print(f"[Scheduler] Token 刷新失败: {acc.name} - {msg}")
+    
+    async def _health_check(self, state):
+        """健康检查"""
+        import httpx
+        from ..config import MODELS_URL
+        from ..credential import CredentialStatus
+        
+        for acc in state.accounts:
+            if not acc.enabled:
+                continue
+            
+            try:
+                token = acc.get_token()
+                if not token:
+                    acc.status = CredentialStatus.UNHEALTHY
+                    continue
+                
+                headers = {
+                    "Authorization": f"Bearer {token}",
+                    "content-type": "application/json"
+                }
+                
+                async with httpx.AsyncClient(verify=False, timeout=10) as client:
+                    resp = await client.get(
+                        MODELS_URL, 
+                        headers=headers,
+                        params={"origin": "AI_EDITOR"}
+                    )
+                    
+                    if resp.status_code == 200:
+                        if acc.status == CredentialStatus.UNHEALTHY:
+                            acc.status = CredentialStatus.ACTIVE
+                            print(f"[HealthCheck] 账号恢复健康: {acc.name}")
+                    elif resp.status_code == 401:
+                        acc.status = CredentialStatus.UNHEALTHY
+                        print(f"[HealthCheck] 账号认证失败: {acc.name}")
+                    elif resp.status_code == 429:
+                        # 配额超限，不改变状态
+                        pass
+                        
+            except Exception as e:
+                print(f"[HealthCheck] 检查失败 {acc.name}: {e}")
+
+
+# 全局调度器实例
+scheduler = BackgroundScheduler()

KiroProxy/kiro_proxy/core/state.py

@@ -0,0 +1,280 @@
+"""全局状态管理"""
+import time
+from collections import deque
+from dataclasses import dataclass
+from typing import Optional, List, Dict
+from pathlib import Path
+
+from ..config import TOKEN_PATH
+from ..credential import quota_manager, CredentialStatus
+from .account import Account
+from .persistence import load_accounts, save_accounts
+from .quota_cache import get_quota_cache
+from .account_selector import get_account_selector, SelectionStrategy
+from .quota_scheduler import get_quota_scheduler
+
+
+@dataclass
+class RequestLog:
+    """请求日志"""
+    id: str
+    timestamp: float
+    method: str
+    path: str
+    model: str
+    account_id: Optional[str]
+    status: int
+    duration_ms: float
+    tokens_in: int = 0
+    tokens_out: int = 0
+    error: Optional[str] = None
+
+
+class ProxyState:
+    """全局状态管理"""
+    
+    def __init__(self):
+        self.accounts: List[Account] = []
+        self.request_logs: deque = deque(maxlen=1000)
+        self.total_requests: int = 0
+        self.total_errors: int = 0
+        self.session_locks: Dict[str, str] = {}
+        self.session_timestamps: Dict[str, float] = {}
+        self.start_time: float = time.time()
+        self._load_accounts()
+    
+    def _load_accounts(self):
+        """从配置文件加载账号"""
+        saved = load_accounts()
+        if saved:
+            for acc_data in saved:
+                # 验证 token 文件存在
+                if Path(acc_data.get("token_path", "")).exists():
+                    self.accounts.append(Account(
+                        id=acc_data["id"],
+                        name=acc_data["name"],
+                        token_path=acc_data["token_path"],
+                        enabled=acc_data.get("enabled", True),
+                        auto_disabled=acc_data.get("auto_disabled", False),
+                    ))
+            print(f"[State] 从配置加载 {len(self.accounts)} 个账号")
+        
+        # 如果没有账号，尝试添加默认账号
+        if not self.accounts and TOKEN_PATH.exists():
+            self.accounts.append(Account(
+                id="default",
+                name="默认账号",
+                token_path=str(TOKEN_PATH)
+            ))
+            self._save_accounts()
+    
+    def _save_accounts(self):
+        """保存账号到配置文件"""
+        accounts_data = [
+            {
+                "id": acc.id,
+                "name": acc.name,
+                "token_path": acc.token_path,
+                "enabled": acc.enabled,
+                "auto_disabled": getattr(acc, "auto_disabled", False),
+            }
+            for acc in self.accounts
+        ]
+        save_accounts(accounts_data)
+    
+    def get_available_account(self, session_id: Optional[str] = None) -> Optional[Account]:
+        """获取可用账号（支持会话粘性和智能选择）"""
+        quota_manager.cleanup_expired()
+
+        selector = get_account_selector()
+        has_priority = bool(selector.get_priority_accounts())
+        use_session_sticky = bool(session_id) and not has_priority and selector.strategy != SelectionStrategy.RANDOM
+        
+        # 会话粘性
+        if use_session_sticky and session_id in self.session_locks:
+            account_id = self.session_locks[session_id]
+            ts = self.session_timestamps.get(session_id, 0)
+            if time.time() - ts < 60:
+                for acc in self.accounts:
+                    if acc.id == account_id and acc.is_available():
+                        self.session_timestamps[session_id] = time.time()
+                        return acc
+        
+        # 使用 AccountSelector 选择账号
+        account = selector.select(self.accounts, session_id)
+        
+        if account and use_session_sticky:
+            self.session_locks[session_id] = account.id
+            self.session_timestamps[session_id] = time.time()
+
+        # 标记为活跃账号，便于额度调度器定期更新
+        if account:
+            try:
+                get_quota_scheduler().mark_active(account.id)
+            except Exception:
+                pass
+        
+        return account
+    
+    def mark_account_used(self, account_id: str) -> None:
+        """标记账号被使用"""
+        scheduler = get_quota_scheduler()
+        scheduler.mark_active(account_id)
+        
+        for acc in self.accounts:
+            if acc.id == account_id:
+                acc.last_used = time.time()
+                break
+    
+    def get_next_available_account(self, exclude_id: str) -> Optional[Account]:
+        """获取下一个可用账号（排除指定账号）"""
+        available = [a for a in self.accounts if a.is_available() and a.id != exclude_id]
+        if not available:
+            return None
+        account = min(available, key=lambda a: a.request_count)
+        try:
+            get_quota_scheduler().mark_active(account.id)
+        except Exception:
+            pass
+        return account
+    
+    def mark_rate_limited(self, account_id: str, duration_seconds: int = 60):
+        """标记账号限流"""
+        for acc in self.accounts:
+            if acc.id == account_id:
+                acc.mark_quota_exceeded("Rate limited")
+                break
+    
+    def mark_quota_exceeded(self, account_id: str, reason: str = "Quota exceeded"):
+        """标记账号配额超限"""
+        for acc in self.accounts:
+            if acc.id == account_id:
+                acc.mark_quota_exceeded(reason)
+                break
+    
+    async def refresh_account_token(self, account_id: str) -> tuple:
+        """刷新指定账号的 token"""
+        for acc in self.accounts:
+            if acc.id == account_id:
+                return await acc.refresh_token()
+        return False, "账号不存在"
+    
+    async def refresh_expiring_tokens(self) -> List[dict]:
+        """刷新所有即将过期的 token"""
+        results = []
+        for acc in self.accounts:
+            if acc.enabled and acc.is_token_expiring_soon(10):
+                success, msg = await acc.refresh_token()
+                results.append({
+                    "account_id": acc.id,
+                    "success": success,
+                    "message": msg
+                })
+        return results
+    
+    def add_log(self, log: RequestLog):
+        """添加请求日志"""
+        self.request_logs.append(log)
+        self.total_requests += 1
+        if log.error:
+            self.total_errors += 1
+    
+    def get_stats(self) -> dict:
+        """获取统计信息"""
+        uptime = time.time() - self.start_time
+        
+        # 获取额度汇总
+        quota_cache = get_quota_cache()
+        quota_summary = quota_cache.get_summary()
+        
+        # 获取选择器状态
+        selector = get_account_selector()
+        selector_status = selector.get_status()
+        
+        # 获取调度器状态
+        scheduler = get_quota_scheduler()
+        scheduler_status = scheduler.get_status()
+        
+        return {
+            "uptime_seconds": int(uptime),
+            "total_requests": self.total_requests,
+            "total_errors": self.total_errors,
+            "error_rate": f"{(self.total_errors / max(1, self.total_requests) * 100):.1f}%",
+            "accounts_total": len(self.accounts),
+            "accounts_available": len([a for a in self.accounts if a.is_available()]),
+            "accounts_cooldown": len([a for a in self.accounts if a.status == CredentialStatus.COOLDOWN]),
+            "recent_logs": len(self.request_logs),
+            # 新增字段
+            "quota_summary": quota_summary,
+            "selector": selector_status,
+            "scheduler": scheduler_status,
+        }
+    
+    def get_accounts_status(self) -> List[dict]:
+        """获取所有账号状态"""
+        return [acc.get_status_info() for acc in self.accounts]
+
+    def get_accounts_summary(self) -> dict:
+        """获取账号汇总统计"""
+        quota_cache = get_quota_cache()
+        selector = get_account_selector()
+        scheduler = get_quota_scheduler()
+        
+        total_balance = 0.0
+        total_usage = 0.0
+        total_limit = 0.0
+        
+        available_count = 0
+        cooldown_count = 0
+        unhealthy_count = 0
+        disabled_count = 0
+        
+        for acc in self.accounts:
+            if not acc.enabled:
+                disabled_count += 1
+            elif acc.status == CredentialStatus.COOLDOWN:
+                cooldown_count += 1
+            elif acc.status == CredentialStatus.UNHEALTHY:
+                unhealthy_count += 1
+            elif acc.is_available():
+                available_count += 1
+            
+            quota = quota_cache.get(acc.id)
+            if quota and not quota.has_error():
+                total_balance += quota.balance
+                total_usage += quota.current_usage
+                total_limit += quota.usage_limit
+        
+        last_refresh = scheduler.get_last_full_refresh()
+        last_refresh_ago = None
+        if last_refresh:
+            seconds_ago = time.time() - last_refresh
+            if seconds_ago < 60:
+                last_refresh_ago = f"{int(seconds_ago)}秒前"
+            elif seconds_ago < 3600:
+                last_refresh_ago = f"{int(seconds_ago / 60)}分钟前"
+            else:
+                last_refresh_ago = f"{int(seconds_ago / 3600)}小时前"
+        
+        return {
+            "total_accounts": len(self.accounts),
+            "available_accounts": available_count,
+            "cooldown_accounts": cooldown_count,
+            "unhealthy_accounts": unhealthy_count,
+            "disabled_accounts": disabled_count,
+            "total_balance": round(total_balance, 2),
+            "total_usage": round(total_usage, 2),
+            "total_limit": round(total_limit, 2),
+            "last_refresh": last_refresh_ago,
+            "last_refresh_timestamp": last_refresh,
+            "strategy": selector.strategy.value,
+            "priority_accounts": selector.get_priority_accounts(),
+        }
+    
+    def get_valid_account_ids(self) -> set:
+        """获取所有有效账号ID集合"""
+        return {acc.id for acc in self.accounts if acc.enabled}
+
+
+# 全局状态实例
+state = ProxyState()

KiroProxy/kiro_proxy/core/stats.py

@@ -0,0 +1,130 @@
+"""请求统计增强"""
+from collections import defaultdict
+from dataclasses import dataclass, field
+from typing import Dict, List
+import time
+
+
+@dataclass
+class AccountStats:
+    """账号统计"""
+    total_requests: int = 0
+    total_errors: int = 0
+    total_tokens_in: int = 0
+    total_tokens_out: int = 0
+    last_request_time: float = 0
+    
+    def record(self, success: bool, tokens_in: int = 0, tokens_out: int = 0):
+        self.total_requests += 1
+        if not success:
+            self.total_errors += 1
+        self.total_tokens_in += tokens_in
+        self.total_tokens_out += tokens_out
+        self.last_request_time = time.time()
+    
+    @property
+    def error_rate(self) -> float:
+        if self.total_requests == 0:
+            return 0
+        return self.total_errors / self.total_requests
+
+
+@dataclass
+class ModelStats:
+    """模型统计"""
+    total_requests: int = 0
+    total_errors: int = 0
+    total_latency_ms: float = 0
+    
+    def record(self, success: bool, latency_ms: float):
+        self.total_requests += 1
+        if not success:
+            self.total_errors += 1
+        self.total_latency_ms += latency_ms
+    
+    @property
+    def avg_latency_ms(self) -> float:
+        if self.total_requests == 0:
+            return 0
+        return self.total_latency_ms / self.total_requests
+
+
+class StatsManager:
+    """统计管理器"""
+    
+    def __init__(self):
+        self.by_account: Dict[str, AccountStats] = defaultdict(AccountStats)
+        self.by_model: Dict[str, ModelStats] = defaultdict(ModelStats)
+        self.hourly_requests: Dict[int, int] = defaultdict(int)  # hour -> count
+    
+    def record_request(
+        self,
+        account_id: str,
+        model: str,
+        success: bool,
+        latency_ms: float,
+        tokens_in: int = 0,
+        tokens_out: int = 0
+    ):
+        """记录请求"""
+        # 按账号统计
+        self.by_account[account_id].record(success, tokens_in, tokens_out)
+        
+        # 按模型统计
+        self.by_model[model].record(success, latency_ms)
+        
+        # 按小时统计
+        hour = int(time.time() // 3600)
+        self.hourly_requests[hour] += 1
+        
+        # 清理旧数据（保留 24 小时）
+        self._cleanup_hourly()
+    
+    def _cleanup_hourly(self):
+        """清理超过 24 小时的数据"""
+        current_hour = int(time.time() // 3600)
+        cutoff = current_hour - 24
+        self.hourly_requests = defaultdict(
+            int,
+            {h: c for h, c in self.hourly_requests.items() if h > cutoff}
+        )
+    
+    def get_account_stats(self, account_id: str) -> dict:
+        """获取账号统计"""
+        stats = self.by_account.get(account_id, AccountStats())
+        return {
+            "total_requests": stats.total_requests,
+            "total_errors": stats.total_errors,
+            "error_rate": f"{stats.error_rate * 100:.1f}%",
+            "total_tokens_in": stats.total_tokens_in,
+            "total_tokens_out": stats.total_tokens_out,
+            "last_request": stats.last_request_time
+        }
+    
+    def get_model_stats(self, model: str) -> dict:
+        """获取模型统计"""
+        stats = self.by_model.get(model, ModelStats())
+        return {
+            "total_requests": stats.total_requests,
+            "total_errors": stats.total_errors,
+            "avg_latency_ms": round(stats.avg_latency_ms, 2)
+        }
+    
+    def get_all_stats(self) -> dict:
+        """获取所有统计"""
+        return {
+            "by_account": {
+                acc_id: self.get_account_stats(acc_id)
+                for acc_id in self.by_account
+            },
+            "by_model": {
+                model: self.get_model_stats(model)
+                for model in self.by_model
+            },
+            "hourly_requests": dict(self.hourly_requests),
+            "requests_last_24h": sum(self.hourly_requests.values())
+        }
+
+
+# 全局统计实例
+stats_manager = StatsManager()

KiroProxy/kiro_proxy/core/thinking.py

@@ -0,0 +1,456 @@
+"""Thinking / Extended Thinking helpers.
+
+This project implements "thinking" at the proxy layer by:
+1) Making a separate Kiro request to generate internal reasoning text.
+2) Injecting that reasoning back into the main user prompt (hidden) to improve quality.
+3) Optionally returning the reasoning to clients in protocol-appropriate formats.
+
+Notes:
+- Kiro's upstream API doesn't expose a native "thinking budget" knob, so `budget_tokens`
+  is enforced only via prompt instructions (best-effort).
+- If the client does not provide a budget, we treat it as "unlimited" (no prompt limit).
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Any, AsyncIterator, Optional
+
+import json
+
+import httpx
+
+from ..config import KIRO_API_URL
+from ..kiro_api import build_kiro_request, parse_event_stream
+
+
+@dataclass(frozen=True)
+class ThinkingConfig:
+    enabled: bool
+    budget_tokens: Optional[int] = None  # None == unlimited
+
+
+def _coerce_bool(value: Any) -> Optional[bool]:
+    if isinstance(value, bool):
+        return value
+    if isinstance(value, (int, float)):
+        return bool(value)
+    if isinstance(value, str):
+        v = value.strip().lower()
+        if v in {"true", "1", "yes", "y", "on", "enabled"}:
+            return True
+        if v in {"false", "0", "no", "n", "off", "disabled"}:
+            return False
+    return None
+
+
+def _coerce_int(value: Any) -> Optional[int]:
+    if value is None:
+        return None
+    if isinstance(value, bool):
+        return None
+    if isinstance(value, int):
+        return value
+    if isinstance(value, float):
+        return int(value)
+    if isinstance(value, str):
+        v = value.strip()
+        if not v:
+            return None
+        try:
+            return int(v)
+        except ValueError:
+            return None
+    return None
+
+
+def normalize_thinking_config(raw: Any) -> ThinkingConfig:
+    """Normalize multiple "thinking" shapes into a single config.
+
+    Supported shapes (best-effort):
+    - None / missing: disabled
+    - bool: enabled/disabled
+    - str: "enabled"/"disabled"
+    - dict:
+        - {"type": "enabled", "budget_tokens": 20000} (Anthropic style)
+        - {"thinking_type": "enabled", "budget_tokens": 20000} (legacy)
+        - {"enabled": true, "budget_tokens": 20000}
+        - {"includeThoughts": true, "thinkingBudget": 20000} (Gemini-ish)
+    """
+    if raw is None:
+        return ThinkingConfig(enabled=False, budget_tokens=None)
+
+    bool_value = _coerce_bool(raw)
+    if bool_value is not None and not isinstance(raw, dict):
+        return ThinkingConfig(enabled=bool_value, budget_tokens=None)
+
+    if isinstance(raw, dict):
+        mode = raw.get("type") or raw.get("thinking_type") or raw.get("mode")
+        enabled = None
+        if isinstance(mode, str):
+            enabled = _coerce_bool(mode)
+        if enabled is None:
+            enabled = _coerce_bool(raw.get("enabled"))
+        if enabled is None:
+            enabled = _coerce_bool(raw.get("includeThoughts") or raw.get("include_thoughts"))
+        if enabled is None:
+            enabled = False
+
+        budget_tokens = None
+        for key in (
+            "budget_tokens",
+            "budgetTokens",
+            "thinkingBudget",
+            "thinking_budget",
+            "max_thinking_length",
+            "maxThinkingLength",
+        ):
+            if key in raw:
+                budget_tokens = _coerce_int(raw.get(key))
+                break
+        if budget_tokens is not None and budget_tokens <= 0:
+            budget_tokens = None
+
+        return ThinkingConfig(enabled=bool(enabled), budget_tokens=budget_tokens)
+
+    if isinstance(raw, str):
+        enabled = _coerce_bool(raw)
+        return ThinkingConfig(enabled=bool(enabled), budget_tokens=None)
+
+    return ThinkingConfig(enabled=False, budget_tokens=None)
+
+
+def map_openai_reasoning_effort_to_budget(effort: Any) -> Optional[int]:
+    """Map OpenAI-style reasoning effort into a best-effort budget.
+
+    We keep this generous; if effort is "high", treat as unlimited.
+    """
+    if not isinstance(effort, str):
+        return None
+    v = effort.strip().lower()
+    if v in {"high"}:
+        return None
+    if v in {"medium"}:
+        return 20000
+    if v in {"low"}:
+        return 10000
+    return None
+
+
+def extract_thinking_config_from_openai_body(body: dict) -> tuple[ThinkingConfig, bool]:
+    """Extract thinking config from OpenAI ChatCompletions/Responses-style bodies."""
+    if not isinstance(body, dict):
+        return ThinkingConfig(False, None), False
+
+    if "thinking" in body:
+        return normalize_thinking_config(body.get("thinking")), True
+
+    # OpenAI Responses API style
+    reasoning = body.get("reasoning")
+    if "reasoning" in body:
+        if isinstance(reasoning, dict):
+            effort = reasoning.get("effort")
+            if isinstance(effort, str) and effort.strip().lower() in {"low", "medium", "high"}:
+                return ThinkingConfig(True, map_openai_reasoning_effort_to_budget(effort)), True
+        cfg = normalize_thinking_config(reasoning)
+        return cfg, True
+
+    effort = body.get("reasoning_effort")
+    if "reasoning_effort" in body and isinstance(effort, str) and effort.strip().lower() in {"low", "medium", "high"}:
+        return ThinkingConfig(True, map_openai_reasoning_effort_to_budget(effort)), True
+
+    return ThinkingConfig(False, None), False
+
+
+def extract_thinking_config_from_gemini_body(body: dict) -> tuple[ThinkingConfig, bool]:
+    """Extract thinking config from Gemini generateContent bodies (best-effort)."""
+    if not isinstance(body, dict):
+        return ThinkingConfig(False, None), False
+
+    if "thinking" in body:
+        return normalize_thinking_config(body.get("thinking")), True
+
+    if "thinkingConfig" in body:
+        return normalize_thinking_config(body.get("thinkingConfig")), True
+
+    gen_cfg = body.get("generationConfig")
+    if isinstance(gen_cfg, dict):
+        if "thinkingConfig" in gen_cfg:
+            raw = gen_cfg.get("thinkingConfig")
+            cfg = normalize_thinking_config(raw)
+            if cfg.enabled:
+                return cfg, True
+            # Budget without explicit includeThoughts/mode: treat as enabled (client guidance exists)
+            if isinstance(raw, dict) and any(
+                k in raw for k in ("thinkingBudget", "budgetTokens", "budget_tokens", "max_thinking_length")
+            ):
+                return ThinkingConfig(True, cfg.budget_tokens), True
+            return cfg, True
+
+    return ThinkingConfig(False, None), False
+
+
+def infer_thinking_from_anthropic_messages(messages: list[dict]) -> bool:
+    """推断历史消息中是否包含思维链内容，用于在客户端未明确指定时自动启用思维链"""
+    for msg in messages or []:
+        content = msg.get("content")
+        if not isinstance(content, list):
+            continue
+        for block in content:
+            if isinstance(block, dict):
+                # 检查标准的 thinking 块
+                if block.get("type") == "thinking":
+                    return True
+                # 检查文本块中嵌入的 <thinking> 标签（assistant 消息中可能存在）
+                if block.get("type") == "text" and msg.get("role") == "assistant":
+                    text = block.get("text", "")
+                    if isinstance(text, str) and "<thinking>" in text and "</thinking>" in text:
+                        return True
+    return False
+
+
+def infer_thinking_from_openai_messages(messages: list[dict]) -> bool:
+    for msg in messages or []:
+        content = msg.get("content", "")
+        if isinstance(content, str):
+            if "<thinking>" in content and "</thinking>" in content:
+                return True
+            continue
+        if isinstance(content, list):
+            for part in content:
+                if isinstance(part, dict) and part.get("type") == "text":
+                    text = part.get("text", "")
+                    if "<thinking>" in text and "</thinking>" in text:
+                        return True
+    return False
+
+
+def infer_thinking_from_openai_responses_input(input_data: Any) -> bool:
+    """Infer thinking from OpenAI Responses API `input` payloads (best-effort)."""
+    if isinstance(input_data, str):
+        return "<thinking>" in input_data and "</thinking>" in input_data
+
+    if not isinstance(input_data, list):
+        return False
+
+    for item in input_data:
+        if not isinstance(item, dict):
+            continue
+        if item.get("type") != "message":
+            continue
+
+        content_list = item.get("content", []) or []
+        for c in content_list:
+            if isinstance(c, str):
+                if "<thinking>" in c and "</thinking>" in c:
+                    return True
+                continue
+            if not isinstance(c, dict):
+                continue
+            c_type = c.get("type")
+            if c_type in {"input_text", "output_text", "text"}:
+                text = c.get("text", "")
+                if isinstance(text, str) and "<thinking>" in text and "</thinking>" in text:
+                    return True
+    return False
+
+
+def infer_thinking_from_gemini_contents(contents: list[dict]) -> bool:
+    for item in contents or []:
+        for part in item.get("parts", []) or []:
+            if isinstance(part, dict) and isinstance(part.get("text"), str):
+                text = part["text"]
+                if "<thinking>" in text and "</thinking>" in text:
+                    return True
+    return False
+
+
+import re
+
+_THINKING_PATTERN = re.compile(r"<thinking>.*?</thinking>\s*", re.DOTALL)
+
+
+def strip_thinking_from_text(text: str) -> str:
+    """Remove <thinking> blocks from text."""
+    if not text or not isinstance(text, str):
+        return text
+    return _THINKING_PATTERN.sub("", text).strip()
+
+
+def strip_thinking_from_history(history: list) -> list:
+    """Return a copy of history with <thinking> blocks removed from all messages."""
+    if not history:
+        return []
+    
+    cleaned = []
+    for msg in history:
+        if not isinstance(msg, dict):
+            cleaned.append(msg)
+            continue
+        
+        new_msg = msg.copy()
+        content = msg.get("content")
+        
+        if isinstance(content, str):
+            new_msg["content"] = strip_thinking_from_text(content)
+        elif isinstance(content, list):
+            new_content = []
+            for part in content:
+                if isinstance(part, dict) and part.get("type") == "text":
+                    new_part = part.copy()
+                    new_part["text"] = strip_thinking_from_text(part.get("text", ""))
+                    new_content.append(new_part)
+                else:
+                    new_content.append(part)
+            new_msg["content"] = new_content
+        
+        cleaned.append(new_msg)
+    
+    return cleaned
+
+
+def format_thinking_block(thinking_content: str) -> str:
+    if thinking_content is None:
+        return ""
+    thinking_content = str(thinking_content).strip()
+    if not thinking_content:
+        return ""
+    return f"<thinking>\n{thinking_content}\n</thinking>"
+
+
+def build_thinking_prompt(user_content: str, *, budget_tokens: Optional[int]) -> str:
+    """Build a separate prompt using Tree of Thoughts approach.
+    
+    Use multiple expert perspectives to analyze the problem deeply.
+    """
+    if user_content is None:
+        user_content = ""
+
+    budget_str = ""
+    if budget_tokens:
+        budget_str = f" Budget: {budget_tokens} tokens."
+    
+    return (
+        f"Think deeply and comprehensively about this problem.{budget_str}\n\n"
+        "Use the following approach:\n"
+        "1. Break down the problem into components\n"
+        "2. Consider multiple perspectives and solutions\n"
+        "3. Evaluate trade-offs and edge cases\n"
+        "4. Synthesize your analysis into a coherent response\n\n"
+        f"{user_content}"
+    )
+
+def build_user_prompt_with_thinking(user_content: str, thinking_content: str) -> str:
+    """Inject thinking into the main prompt.
+    
+    Minimal injection to avoid context pollution.
+    """
+    if user_content is None:
+        user_content = ""
+
+    thinking_block = format_thinking_block(thinking_content)
+    if not thinking_block:
+        return user_content
+
+    return f"{thinking_block}\n\n{user_content}"
+
+
+async def iter_aws_event_stream_text(byte_iter: AsyncIterator[bytes]) -> AsyncIterator[str]:
+    """Yield incremental text content from AWS event-stream chunks."""
+    buffer = b""
+
+    async for chunk in byte_iter:
+        buffer += chunk
+
+        while len(buffer) >= 12:
+            total_len = int.from_bytes(buffer[0:4], "big")
+
+            if total_len <= 0:
+                return
+            if len(buffer) < total_len:
+                break
+
+            headers_len = int.from_bytes(buffer[4:8], "big")
+            payload_start = 12 + headers_len
+            payload_end = total_len - 4
+
+            if payload_start < payload_end:
+                try:
+                    payload = json.loads(buffer[payload_start:payload_end].decode("utf-8"))
+                    content = None
+                    if "assistantResponseEvent" in payload:
+                        content = payload["assistantResponseEvent"].get("content")
+                    elif "content" in payload and "toolUseId" not in payload:
+                        content = payload.get("content")
+                    if content:
+                        yield content
+                except Exception:
+                    pass
+
+            buffer = buffer[total_len:]
+
+
+async def fetch_thinking_text(
+    *,
+    headers: dict,
+    model: str,
+    user_content: str,
+    history: list,
+    images: list | None = None,
+    tool_results: list | None = None,
+    budget_tokens: Optional[int] = None,
+    timeout_s: float = 600.0,
+) -> str:
+    """Non-streaming helper to get thinking content (best-effort)."""
+    thinking_prompt = build_thinking_prompt(user_content, budget_tokens=budget_tokens)
+    clean_history = strip_thinking_from_history(history)
+    thinking_request = build_kiro_request(
+        thinking_prompt,
+        model,
+        clean_history,
+        tools=None,
+        images=images,
+        tool_results=tool_results,
+    )
+
+    try:
+        async with httpx.AsyncClient(verify=False, timeout=timeout_s) as client:
+            resp = await client.post(KIRO_API_URL, json=thinking_request, headers=headers)
+            if resp.status_code != 200:
+                return ""
+            return parse_event_stream(resp.content)
+    except Exception:
+        return ""
+
+
+async def stream_thinking_text(
+    *,
+    headers: dict,
+    model: str,
+    user_content: str,
+    history: list,
+    images: list | None = None,
+    tool_results: list | None = None,
+    budget_tokens: Optional[int] = None,
+    timeout_s: float = 600.0,
+) -> AsyncIterator[str]:
+    """Streaming helper to yield thinking content incrementally (best-effort)."""
+    thinking_prompt = build_thinking_prompt(user_content, budget_tokens=budget_tokens)
+    clean_history = strip_thinking_from_history(history)
+    thinking_request = build_kiro_request(
+        thinking_prompt,
+        model,
+        clean_history,
+        tools=None,
+        images=images,
+        tool_results=tool_results,
+    )
+
+    async with httpx.AsyncClient(verify=False, timeout=timeout_s) as client:
+        async with client.stream(
+            "POST", KIRO_API_URL, json=thinking_request, headers=headers
+        ) as response:
+            if response.status_code != 200:
+                return
+            async for piece in iter_aws_event_stream_text(response.aiter_bytes()):
+                yield piece

KiroProxy/kiro_proxy/core/usage.py

@@ -0,0 +1,235 @@
+"""Kiro 用量查询服务
+
+通过调用 AWS Q 的 getUsageLimits API 获取用户的用量信息。
+"""
+import uuid
+import httpx
+from dataclasses import dataclass
+from typing import Optional, Tuple
+
+
+# API 端点
+USAGE_LIMITS_URL = "https://q.us-east-1.amazonaws.com/getUsageLimits"
+
+# 低余额阈值 (20%)
+LOW_BALANCE_THRESHOLD = 0.2
+
+
+@dataclass
+class UsageInfo:
+    """用量信息"""
+    subscription_title: str = ""
+    usage_limit: float = 0.0
+    current_usage: float = 0.0
+    balance: float = 0.0
+    is_low_balance: bool = False
+    
+    # 详细信息
+    free_trial_limit: float = 0.0
+    free_trial_usage: float = 0.0
+    bonus_limit: float = 0.0
+    bonus_usage: float = 0.0
+    
+    # 重置和过期时间
+    next_reset_date: Optional[str] = None  # 下次重置时间
+    free_trial_expiry: Optional[str] = None  # 免费试用过期时间
+    bonus_expiries: list = None  # 奖励过期时间列表
+    
+    def __post_init__(self):
+        if self.bonus_expiries is None:
+            self.bonus_expiries = []
+
+
+def build_usage_api_url(auth_method: str, profile_arn: Optional[str] = None) -> str:
+    """构造 API 请求 URL"""
+    url = f"{USAGE_LIMITS_URL}?origin=AI_EDITOR&resourceType=AGENTIC_REQUEST"
+    
+    # Social 认证需要 profileArn
+    if auth_method == "social" and profile_arn:
+        from urllib.parse import quote
+        url += f"&profileArn={quote(profile_arn)}"
+    
+    return url
+
+
+def build_usage_headers(
+    access_token: str,
+    machine_id: str,
+    kiro_version: str = "1.0.0"
+) -> dict:
+    """构造请求头"""
+    import platform
+    os_name = platform.system().lower()
+    
+    return {
+        "Authorization": f"Bearer {access_token}",
+        "User-Agent": f"aws-sdk-js/1.0.0 ua/2.1 os/{os_name} lang/python api/codewhispererruntime#1.0.0 m/N,E KiroIDE-{kiro_version}-{machine_id}",
+        "x-amz-user-agent": f"aws-sdk-js/1.0.0 KiroIDE-{kiro_version}-{machine_id}",
+        "amz-sdk-invocation-id": str(uuid.uuid4()),
+        "amz-sdk-request": "attempt=1; max=1",
+        "Connection": "close",
+    }
+
+
+def calculate_balance(response: dict) -> UsageInfo:
+    """从 API 响应计算余额
+    
+    注意：只计算 resourceType 为 CREDIT 的额度，忽略其他类型（如 AGENTIC_REQUEST）
+    """
+    subscription_info = response.get("subscriptionInfo", {})
+    usage_breakdown_list = response.get("usageBreakdownList", [])
+    
+    total_limit = 0.0
+    total_usage = 0.0
+    free_trial_limit = 0.0
+    free_trial_usage = 0.0
+    bonus_limit = 0.0
+    bonus_usage = 0.0
+    
+    # 重置和过期时间
+    next_reset_date = response.get("nextDateReset")  # 下次重置时间
+    free_trial_expiry = None
+    bonus_expiries = []
+    
+    # 只查找 CREDIT 类型的额度
+    credit_breakdown = None
+    for breakdown in usage_breakdown_list:
+        resource_type = breakdown.get("resourceType", "")
+        display_name = breakdown.get("displayName", "")
+        if resource_type == "CREDIT" or display_name == "Credits":
+            credit_breakdown = breakdown
+            break
+    
+    if credit_breakdown:
+        # 基本额度 (优先使用带精度的值)
+        total_limit = credit_breakdown.get("usageLimitWithPrecision", 0.0) or credit_breakdown.get("usageLimit", 0.0)
+        total_usage = credit_breakdown.get("currentUsageWithPrecision", 0.0) or credit_breakdown.get("currentUsage", 0.0)
+        
+        # 免费试用额度 (只有状态为 ACTIVE 时才计算)
+        free_trial = credit_breakdown.get("freeTrialInfo")
+        if free_trial and free_trial.get("freeTrialStatus") == "ACTIVE":
+            ft_limit = free_trial.get("usageLimitWithPrecision", 0.0) or free_trial.get("usageLimit", 0.0)
+            ft_usage = free_trial.get("currentUsageWithPrecision", 0.0) or free_trial.get("currentUsage", 0.0)
+            total_limit += ft_limit
+            total_usage += ft_usage
+            free_trial_limit = ft_limit
+            free_trial_usage = ft_usage
+            # 获取免费试用过期时间
+            free_trial_expiry = free_trial.get("freeTrialExpiry")
+        
+        # 奖励额度 (只计算状态为 ACTIVE 的奖励)
+        bonuses = credit_breakdown.get("bonuses", [])
+        for bonus in bonuses or []:
+            if bonus.get("status") == "ACTIVE":
+                b_limit = bonus.get("usageLimitWithPrecision", 0.0) or bonus.get("usageLimit", 0.0)
+                b_usage = bonus.get("currentUsageWithPrecision", 0.0) or bonus.get("currentUsage", 0.0)
+                total_limit += b_limit
+                total_usage += b_usage
+                bonus_limit += b_limit
+                bonus_usage += b_usage
+                # 获取奖励过期时间
+                expires_at = bonus.get("expiresAt")
+                if expires_at:
+                    bonus_expiries.append(expires_at)
+    
+    balance = total_limit - total_usage
+    is_low = (balance / total_limit) < LOW_BALANCE_THRESHOLD if total_limit > 0 else False
+    
+    return UsageInfo(
+        subscription_title=subscription_info.get("subscriptionTitle", "Unknown"),
+        usage_limit=total_limit,
+        current_usage=total_usage,
+        balance=balance,
+        is_low_balance=is_low,
+        free_trial_limit=free_trial_limit,
+        free_trial_usage=free_trial_usage,
+        bonus_limit=bonus_limit,
+        bonus_usage=bonus_usage,
+        next_reset_date=next_reset_date,
+        free_trial_expiry=free_trial_expiry,
+        bonus_expiries=bonus_expiries,
+    )
+
+
+async def get_usage_limits(
+    access_token: str,
+    auth_method: str = "social",
+    profile_arn: Optional[str] = None,
+    machine_id: str = "",
+    kiro_version: str = "1.0.0",
+) -> Tuple[bool, UsageInfo | dict]:
+    """
+    获取 Kiro 用量信息
+    
+    Args:
+        access_token: Bearer token
+        auth_method: 认证方式 ("social" 或 "idc")
+        profile_arn: Social 认证需要的 profileArn
+        machine_id: 设备 ID
+        kiro_version: Kiro 版本号
+    
+    Returns:
+        (success, UsageInfo or error_dict)
+    """
+    if not access_token:
+        return False, {"error": "缺少 access token"}
+    
+    if not machine_id:
+        return False, {"error": "缺少 machine ID"}
+    
+    # 构造 URL 和请求头
+    url = build_usage_api_url(auth_method, profile_arn)
+    headers = build_usage_headers(access_token, machine_id, kiro_version)
+    
+    try:
+        async with httpx.AsyncClient(timeout=10, verify=False) as client:
+            response = await client.get(url, headers=headers)
+            
+            if response.status_code != 200:
+                return False, {"error": f"API 请求失败: {response.status_code} - {response.text[:200]}"}
+            
+            data = response.json()
+            usage_info = calculate_balance(data)
+            return True, usage_info
+            
+    except httpx.TimeoutException:
+        return False, {"error": "请求超时"}
+    except Exception as e:
+        return False, {"error": f"请求失败: {str(e)}"}
+
+
+async def get_account_usage(account) -> Tuple[bool, UsageInfo | dict]:
+    """
+    获取指定账号的用量信息
+    
+    Args:
+        account: Account 对象
+    
+    Returns:
+        (success, UsageInfo or error_dict)
+    """
+    from ..credential import get_kiro_version
+    from .refresh_manager import get_refresh_manager
+    
+    creds = account.get_credentials()
+    if not creds:
+        return False, {"error": "无法获取凭证"}
+
+    # 先刷新 Token（如即将过期/已过期），避免额度获取失败
+    refresh_manager = get_refresh_manager()
+    if refresh_manager.should_refresh_token(account):
+        token_success, token_msg = await refresh_manager.refresh_token_if_needed(account)
+        if not token_success:
+            return False, {"error": f"Token 刷新失败: {token_msg}"}
+
+    token = account.get_token()
+    if not token:
+        return False, {"error": "无法获取 token"}
+    
+    return await get_usage_limits(
+        access_token=token,
+        auth_method=creds.auth_method or "social",
+        profile_arn=creds.profile_arn,
+        machine_id=account.get_machine_id(),
+        kiro_version=get_kiro_version(),
+    )

KiroProxy/kiro_proxy/credential/__init__.py

@@ -0,0 +1,17 @@
+"""凭证管理模块"""
+from .fingerprint import generate_machine_id, get_kiro_version, get_system_info
+from .quota import QuotaManager, QuotaRecord, quota_manager
+from .refresher import TokenRefresher
+from .types import KiroCredentials, CredentialStatus
+
+__all__ = [
+    "generate_machine_id",
+    "get_kiro_version", 
+    "get_system_info",
+    "QuotaManager",
+    "QuotaRecord",
+    "quota_manager",
+    "TokenRefresher",
+    "KiroCredentials",
+    "CredentialStatus",
+]

KiroProxy/kiro_proxy/credential/fingerprint.py

@@ -0,0 +1,131 @@
+"""设备指纹生成"""
+import hashlib
+import platform
+import subprocess
+import time
+from pathlib import Path
+from typing import Optional
+
+
+def get_raw_machine_id() -> Optional[str]:
+    """获取系统原始 Machine ID"""
+    system = platform.system()
+    
+    try:
+        if system == "Darwin":
+            result = subprocess.run(
+                ["ioreg", "-rd1", "-c", "IOPlatformExpertDevice"],
+                capture_output=True, text=True, timeout=5
+            )
+            for line in result.stdout.split("\n"):
+                if "IOPlatformUUID" in line:
+                    return line.split("=")[1].strip().strip('"').lower()
+        
+        elif system == "Linux":
+            for path in ["/etc/machine-id", "/var/lib/dbus/machine-id"]:
+                if Path(path).exists():
+                    return Path(path).read_text().strip().lower()
+        
+        elif system == "Windows":
+            result = subprocess.run(
+                ["wmic", "csproduct", "get", "UUID"],
+                capture_output=True, text=True, timeout=5,
+                creationflags=0x08000000
+            )
+            lines = [l.strip() for l in result.stdout.split("\n") if l.strip()]
+            if len(lines) > 1:
+                return lines[1].lower()
+    except Exception:
+        pass
+    
+    return None
+
+
+def generate_machine_id(
+    profile_arn: Optional[str] = None, 
+    client_id: Optional[str] = None
+) -> str:
+    """生成基于凭证的唯一 Machine ID
+    
+    每个凭证生成独立的 Machine ID，避免多账号共用同一指纹被检测。
+    优先级：profileArn > clientId > 系统硬件 ID
+    添加时间因子：按小时变化，避免指纹完全固化。
+    """
+    unique_key = None
+    if profile_arn:
+        unique_key = profile_arn
+    elif client_id:
+        unique_key = client_id
+    else:
+        unique_key = get_raw_machine_id() or "KIRO_DEFAULT_MACHINE"
+    
+    hour_slot = int(time.time()) // 3600
+    
+    hasher = hashlib.sha256()
+    hasher.update(unique_key.encode())
+    hasher.update(hour_slot.to_bytes(8, 'little'))
+    
+    return hasher.hexdigest()
+
+
+def get_kiro_version() -> str:
+    """获取 Kiro IDE 版本号
+    
+    优先检测本地安装的 Kiro，否则使用默认版本 (与 kiro.rs 保持一致)
+    """
+    if platform.system() == "Darwin":
+        kiro_paths = [
+            "/Applications/Kiro.app/Contents/Info.plist",
+            str(Path.home() / "Applications/Kiro.app/Contents/Info.plist"),
+        ]
+        for plist_path in kiro_paths:
+            try:
+                result = subprocess.run(
+                    ["defaults", "read", plist_path, "CFBundleShortVersionString"],
+                    capture_output=True, text=True, timeout=5
+                )
+                version = result.stdout.strip()
+                if version:
+                    return version
+            except Exception:
+                pass
+    
+    # 默认版本与 kiro.rs 保持一致
+    return "0.8.0"
+
+
+def get_system_info() -> tuple:
+    """获取系统运行时信息 (os_name, node_version)
+    
+    node_version 与 kiro.rs 保持一致
+    """
+    system = platform.system()
+    
+    if system == "Darwin":
+        try:
+            result = subprocess.run(
+                ["sw_vers", "-productVersion"], 
+                capture_output=True, text=True, timeout=5
+            )
+            version = result.stdout.strip() or "14.0"
+            os_name = f"macos#{version}"
+        except Exception:
+            os_name = "macos#14.0"
+    elif system == "Linux":
+        try:
+            result = subprocess.run(
+                ["uname", "-r"], 
+                capture_output=True, text=True, timeout=5
+            )
+            version = result.stdout.strip() or "5.15.0"
+            os_name = f"linux#{version}"
+        except Exception:
+            os_name = "linux#5.15.0"
+    elif system == "Windows":
+        os_name = "windows#10.0"
+    else:
+        os_name = "other#1.0"
+    
+    # Node 版本与 kiro.rs 保持一致
+    node_version = "22.11.0"
+    return os_name, node_version

KiroProxy/kiro_proxy/credential/quota.py

@@ -0,0 +1,100 @@
+"""配额管理"""
+import time
+from dataclasses import dataclass
+from typing import Dict, Optional
+
+
+@dataclass
+class QuotaRecord:
+    """配额超限记录"""
+    credential_id: str
+    exceeded_at: float
+    cooldown_until: float
+    reason: str
+
+
+class QuotaManager:
+    """配额管理器
+
+    管理凭证的配额超限状态：
+    - 仅在收到 429 错误时触发冷却
+    - 自动管理冷却时间：固定 5 分钟（300秒）
+    - 自动清理过期的冷却状态
+    """
+
+    # 固定冷却时间（秒）- 429 错误自动冷却 5 分钟
+    COOLDOWN_SECONDS = 300
+
+    def __init__(self):
+        self.exceeded_records: Dict[str, QuotaRecord] = {}
+
+    def is_429_error(self, status_code: Optional[int]) -> bool:
+        """检查是否为 429 错误（仅 429 触发冷却）"""
+        return status_code == 429
+
+    def is_quota_exceeded_error(self, status_code: Optional[int], error_message: str) -> bool:
+        """检查是否为配额超限错误（仅用于判断是否切换账号，不触发冷却）"""
+        # 仅 429 才算配额超限
+        return status_code == 429
+
+    def mark_exceeded(self, credential_id: str, reason: str) -> QuotaRecord:
+        """标记凭证为配额超限（仅 429 时调用）
+
+        自动管理冷却时间：固定 5 分钟（300秒）
+        """
+        now = time.time()
+
+        record = QuotaRecord(
+            credential_id=credential_id,
+            exceeded_at=now,
+            cooldown_until=now + self.COOLDOWN_SECONDS,
+            reason=reason
+        )
+        self.exceeded_records[credential_id] = record
+
+        print(f"[QuotaManager] 账号 {credential_id} 遇到 429 错误，自动冷却 {self.COOLDOWN_SECONDS} 秒（5分钟）")
+        return record
+
+    def is_available(self, credential_id: str) -> bool:
+        """检查凭证是否可用"""
+        record = self.exceeded_records.get(credential_id)
+        if not record:
+            return True
+
+        if time.time() >= record.cooldown_until:
+            del self.exceeded_records[credential_id]
+            return True
+
+        return False
+
+    def get_cooldown_remaining(self, credential_id: str) -> Optional[int]:
+        """获取剩余冷却时间（秒）"""
+        record = self.exceeded_records.get(credential_id)
+        if not record:
+            return None
+
+        remaining = record.cooldown_until - time.time()
+        if remaining <= 0:
+            del self.exceeded_records[credential_id]
+            return None
+
+        return int(remaining)
+
+    def cleanup_expired(self) -> int:
+        """清理过期的冷却记录"""
+        now = time.time()
+        expired = [k for k, v in self.exceeded_records.items() if now >= v.cooldown_until]
+        for k in expired:
+            del self.exceeded_records[k]
+        return len(expired)
+
+    def restore(self, credential_id: str) -> bool:
+        """手动恢复凭证"""
+        if credential_id in self.exceeded_records:
+            del self.exceeded_records[credential_id]
+            return True
+        return False
+
+
+# 全局实例 - 429 自动冷却 5 分钟
+quota_manager = QuotaManager()

KiroProxy/kiro_proxy/credential/refresher.py

@@ -0,0 +1,195 @@
+"""Token 刷新器"""
+import httpx
+from datetime import datetime, timezone, timedelta
+from typing import Tuple
+
+from .types import KiroCredentials
+from .fingerprint import generate_machine_id, get_kiro_version
+
+
+# Kiro Auth 端点
+KIRO_AUTH_ENDPOINT = "https://prod.us-east-1.auth.desktop.kiro.dev"
+
+
+class TokenRefresher:
+    """Token 刷新器"""
+    
+    def __init__(self, credentials: KiroCredentials):
+        self.credentials = credentials
+    
+    def get_refresh_url(self) -> str:
+        """获取刷新 URL"""
+        region = self.credentials.region or "us-east-1"
+        auth_method = (self.credentials.auth_method or "social").lower()
+        
+        if auth_method == "idc":
+            # IDC (AWS Builder ID) 使用 OIDC 端点
+            return f"https://oidc.{region}.amazonaws.com/token"
+        else:
+            # Social (Google/GitHub) 使用 Kiro Auth 端点
+            return f"{KIRO_AUTH_ENDPOINT}/refreshToken"
+    
+    def validate_refresh_token(self) -> Tuple[bool, str]:
+        """验证 refresh_token 有效性"""
+        refresh_token = self.credentials.refresh_token
+        
+        if not refresh_token:
+            return False, "缺少 refresh_token"
+        
+        if len(refresh_token.strip()) == 0:
+            return False, "refresh_token 为空"
+        
+        if len(refresh_token) < 100 or refresh_token.endswith("..."):
+            return False, f"refresh_token 已被截断（长度: {len(refresh_token)}）"
+        
+        return True, ""
+    
+    def _get_machine_id(self) -> str:
+        """获取 Machine ID"""
+        return generate_machine_id(
+            self.credentials.profile_arn, 
+            self.credentials.client_id
+        )
+    
+    async def refresh_social_token(self) -> Tuple[bool, str]:
+        """
+        刷新 Social Token (Google/GitHub)
+        
+        参考 Kiro-account-manager 实现:
+        - 端点: https://prod.us-east-1.auth.desktop.kiro.dev/refreshToken
+        - 请求体: {"refreshToken": refresh_token}
+        - 响应: {accessToken, refreshToken, expiresIn}
+        """
+        refresh_url = f"{KIRO_AUTH_ENDPOINT}/refreshToken"
+        
+        body = {"refreshToken": self.credentials.refresh_token}
+        headers = {
+            "Content-Type": "application/json",
+            "User-Agent": "kiro-proxy/1.0.0",
+            "Accept": "application/json",
+        }
+        
+        try:
+            async with httpx.AsyncClient(verify=False, timeout=30) as client:
+                resp = await client.post(refresh_url, json=body, headers=headers)
+                
+                if resp.status_code != 200:
+                    error_text = resp.text
+                    if resp.status_code == 401:
+                        return False, "凭证已过期或无效，需要重新登录"
+                    elif resp.status_code == 429:
+                        return False, "请求过于频繁，请稍后重试"
+                    else:
+                        return False, f"刷新失败: {resp.status_code} - {error_text[:200]}"
+                
+                data = resp.json()
+                
+                new_token = data.get("accessToken")
+                if not new_token:
+                    return False, "响应中没有 accessToken"
+                
+                # 更新凭证
+                self.credentials.access_token = new_token
+                
+                # 更新 refreshToken（如果服务器返回了新的）
+                if rt := data.get("refreshToken"):
+                    self.credentials.refresh_token = rt
+                
+                # 更新过期时间
+                if expires_in := data.get("expiresIn"):
+                    expires_at = datetime.now(timezone.utc) + timedelta(seconds=expires_in)
+                    self.credentials.expires_at = expires_at.isoformat()
+                
+                self.credentials.last_refresh = datetime.now(timezone.utc).isoformat()
+                
+                print(f"[TokenRefresher] Social token 刷新成功，过期时间: {expires_in}s")
+                return True, new_token
+                
+        except Exception as e:
+            return False, f"刷新异常: {str(e)}"
+    
+    async def refresh_idc_token(self) -> Tuple[bool, str]:
+        """
+        刷新 IDC Token (AWS Builder ID)
+        
+        使用 AWS OIDC 端点刷新
+        """
+        region = self.credentials.region or "us-east-1"
+        refresh_url = f"https://oidc.{region}.amazonaws.com/token"
+        
+        if not self.credentials.client_id or not self.credentials.client_secret:
+            return False, "IdC 认证缺少 client_id 或 client_secret"
+        
+        machine_id = self._get_machine_id()
+        kiro_version = get_kiro_version()
+        
+        body = {
+            "refreshToken": self.credentials.refresh_token,
+            "clientId": self.credentials.client_id,
+            "clientSecret": self.credentials.client_secret,
+            "grantType": "refresh_token"
+        }
+        headers = {
+            "Content-Type": "application/json",
+            "x-amz-user-agent": f"aws-sdk-js/3.738.0 KiroIDE-{kiro_version}-{machine_id}",
+            "User-Agent": "node",
+        }
+        
+        try:
+            async with httpx.AsyncClient(verify=False, timeout=30) as client:
+                resp = await client.post(refresh_url, json=body, headers=headers)
+                
+                if resp.status_code != 200:
+                    error_text = resp.text
+                    if resp.status_code == 401:
+                        return False, "凭证已过期或无效，需要重新登录"
+                    elif resp.status_code == 429:
+                        return False, "请求过于频繁，请稍后重试"
+                    else:
+                        return False, f"刷新失败: {resp.status_code} - {error_text[:200]}"
+                
+                data = resp.json()
+                
+                new_token = data.get("accessToken") or data.get("access_token")
+                if not new_token:
+                    return False, "响应中没有 access_token"
+                
+                # 更新凭证
+                self.credentials.access_token = new_token
+                
+                if rt := data.get("refreshToken") or data.get("refresh_token"):
+                    self.credentials.refresh_token = rt
+                
+                if arn := data.get("profileArn"):
+                    self.credentials.profile_arn = arn
+                
+                if expires_in := data.get("expiresIn") or data.get("expires_in"):
+                    expires_at = datetime.now(timezone.utc) + timedelta(seconds=expires_in)
+                    self.credentials.expires_at = expires_at.isoformat()
+                
+                self.credentials.last_refresh = datetime.now(timezone.utc).isoformat()
+                
+                print(f"[TokenRefresher] IDC token 刷新成功")
+                return True, new_token
+                
+        except Exception as e:
+            return False, f"刷新异常: {str(e)}"
+    
+    async def refresh(self) -> Tuple[bool, str]:
+        """
+        刷新 token，根据 authMethod 分发到正确的刷新方法
+        
+        Returns:
+            (success, new_token_or_error)
+        """
+        is_valid, error = self.validate_refresh_token()
+        if not is_valid:
+            return False, error
+        
+        auth_method = (self.credentials.auth_method or "social").lower()
+        
+        if auth_method == "idc":
+            return await self.refresh_idc_token()
+        else:
+            # social 或其他默认使用 social 刷新
+            return await self.refresh_social_token()

KiroProxy/kiro_proxy/credential/types.py

@@ -0,0 +1,121 @@
+"""凭证数据类型"""
+import json
+import time
+from dataclasses import dataclass
+from datetime import datetime, timezone, timedelta
+from enum import Enum
+from pathlib import Path
+from typing import Optional
+
+
+class CredentialStatus(Enum):
+    """凭证状态"""
+    ACTIVE = "active"
+    COOLDOWN = "cooldown"
+    UNHEALTHY = "unhealthy"
+    DISABLED = "disabled"
+    SUSPENDED = "suspended"  # 账号被封禁
+
+
+@dataclass
+class KiroCredentials:
+    """Kiro 凭证信息"""
+    access_token: Optional[str] = None
+    refresh_token: Optional[str] = None
+    client_id: Optional[str] = None
+    client_secret: Optional[str] = None
+    profile_arn: Optional[str] = None
+    expires_at: Optional[str] = None
+    region: str = "us-east-1"
+    auth_method: str = "social"
+    provider: Optional[str] = None  # Google / Github (社交登录提供商)
+    client_id_hash: Optional[str] = None
+    last_refresh: Optional[str] = None
+    
+    @classmethod
+    def from_file(cls, path: str) -> "KiroCredentials":
+        """从文件加载凭证"""
+        with open(path) as f:
+            data = json.load(f)
+        
+        return cls(
+            access_token=data.get("accessToken"),
+            refresh_token=data.get("refreshToken"),
+            client_id=data.get("clientId"),
+            client_secret=data.get("clientSecret"),
+            profile_arn=data.get("profileArn"),
+            expires_at=data.get("expiresAt") or data.get("expire"),
+            region=data.get("region", "us-east-1"),
+            auth_method=data.get("authMethod", "social"),
+            provider=data.get("provider"),
+            client_id_hash=data.get("clientIdHash"),
+            last_refresh=data.get("lastRefresh"),
+        )
+    
+    def to_dict(self) -> dict:
+        """转换为字典"""
+        result = {
+            "accessToken": self.access_token,
+            "refreshToken": self.refresh_token,
+            "clientId": self.client_id,
+            "clientSecret": self.client_secret,
+            "profileArn": self.profile_arn,
+            "expiresAt": self.expires_at,
+            "region": self.region,
+            "authMethod": self.auth_method,
+            "clientIdHash": self.client_id_hash,
+            "lastRefresh": self.last_refresh,
+        }
+        # 只有社交登录才添加 provider 字段
+        if self.provider:
+            result["provider"] = self.provider
+        return result
+    
+    def save_to_file(self, path: str):
+        """保存凭证到文件"""
+        existing = {}
+        if Path(path).exists():
+            try:
+                with open(path) as f:
+                    existing = json.load(f)
+            except Exception:
+                pass
+        
+        existing.update({k: v for k, v in self.to_dict().items() if v is not None})
+        
+        with open(path, "w") as f:
+            json.dump(existing, f, indent=2)
+    
+    def is_expired(self) -> bool:
+        """检查 token 是否已过期"""
+        if not self.expires_at:
+            return True
+        
+        try:
+            if "T" in self.expires_at:
+                expires = datetime.fromisoformat(self.expires_at.replace("Z", "+00:00"))
+                now = datetime.now(timezone.utc)
+                return expires <= now + timedelta(minutes=5)
+            
+            expires_ts = int(self.expires_at)
+            now_ts = int(time.time())
+            return now_ts >= (expires_ts - 300)
+        except Exception:
+            return True
+    
+    def is_expiring_soon(self, minutes: int = 10) -> bool:
+        """检查 token 是否即将过期"""
+        if not self.expires_at:
+            return False
+        
+        try:
+            if "T" in self.expires_at:
+                expires = datetime.fromisoformat(self.expires_at.replace("Z", "+00:00"))
+                now = datetime.now(timezone.utc)
+                return expires < now + timedelta(minutes=minutes)
+            
+            expires_ts = int(self.expires_at)
+            now_ts = int(time.time())
+            return now_ts >= (expires_ts - minutes * 60)
+        except Exception:
+            return False

KiroProxy/kiro_proxy/docs/01-quickstart.md

@@ -0,0 +1,143 @@
+# 快速开始
+
+## 安装运行
+
+### 方式一：下载预编译版本
+
+从 [Releases](https://github.com/yourname/kiro-proxy/releases) 下载对应平台的安装包：
+
+- **Windows**: `kiro-proxy-windows.zip`
+- **macOS**: `kiro-proxy-macos.zip`
+- **Linux**: `kiro-proxy-linux.tar.gz`
+
+解压后双击运行即可。
+
+### 方式二：从源码运行
+
+```bash
+# 克隆项目
+git clone https://github.com/yourname/kiro-proxy.git
+cd kiro-proxy
+
+# 创建虚拟环境
+python -m venv venv
+source venv/bin/activate  # Windows: venv\Scripts\activate
+
+# 安装依赖
+pip install -r requirements.txt
+
+# 运行（默认端口 8080）
+python run.py
+
+# 指定端口
+python run.py 8081
+```
+
+启动成功后，访问 http://localhost:8080 打开管理界面。
+
+---
+
+## 获取 Kiro 账号
+
+Kiro Proxy 需要 Kiro 账号的 Token 才能工作。有两种方式获取：
+
+### 方式一：在线登录（推荐）
+
+1. 打开 Web UI，点击「账号」标签页
+2. 点击「在线登录」按钮
+3. 选择登录方式：
+   - **Google** - 使用 Google 账号
+   - **GitHub** - 使用 GitHub 账号
+   - **AWS** - 使用 AWS Builder ID
+4. 在弹出的浏览器中完成授权
+5. 授权成功后，账号自动添加到代理
+
+### 方式二：扫描本地 Token
+
+如果你已经在 Kiro IDE 中登录过：
+
+1. 打开 Kiro IDE，确保已登录
+2. 回到 Web UI，点击「扫描 Token」
+3. 系统会扫描 `~/.aws/sso/cache/` 目录
+4. 选择要添加的 Token 文件
+
+---
+
+## 配置 AI 客户端
+
+### Claude Code (VSCode 插件)
+
+这是最推荐的使用方式，工具调用功能已验证可用。
+
+1. 安装 Claude Code 插件
+2. 打开设置，添加自定义 Provider：
+
+```
+名称: Kiro Proxy
+API Provider: Anthropic
+API Key: any（随便填一个）
+Base URL: http://localhost:8080
+模型: claude-sonnet-4
+```
+
+3. 选择 Kiro Proxy 作为当前 Provider
+
+### Codex CLI
+
+OpenAI 官方命令行工具。
+
+```bash
+# 安装
+npm install -g @openai/codex
+
+# 配置 (~/.codex/config.toml)
+model = "gpt-4o"
+model_provider = "kiro"
+
+[model_providers.kiro]
+name = "Kiro Proxy"
+base_url = "http://localhost:8080/v1"
+```
+
+### Gemini CLI
+
+```bash
+# 设置环境变量
+export GEMINI_API_BASE=http://localhost:8080/v1
+
+# 或在配置文件中设置
+base_url = "http://localhost:8080/v1"
+model = "gemini-pro"
+```
+
+### 其他兼容客户端
+
+任何支持 OpenAI 或 Anthropic API 的客户端都可以使用：
+
+- **Base URL**: `http://localhost:8080` 或 `http://localhost:8080/v1`
+- **API Key**: 任意值（代理不验证）
+- **模型**: 见下方模型对照表
+
+---
+
+## 模型对照表
+
+Kiro 支持以下模型，你可以使用 Kiro 原生名称或映射名称：
+
+| Kiro 模型 | 能力 | 可用名称（任选其一） |
+|-----------|------|---------------------|
+| `claude-sonnet-4` | ⭐⭐⭐ 推荐，性价比最高 | `gpt-4o`, `gpt-4`, `gpt-4-turbo`, `claude-3-5-sonnet-20241022`, `claude-3-5-sonnet-latest`, `sonnet` |
+| `claude-sonnet-4.5` | ⭐⭐⭐⭐ 更强，适合复杂任务 | `gemini-1.5-pro`, `o1`, `o1-preview`, `claude-3-opus-20240229`, `claude-3-opus-latest`, `claude-4-opus`, `opus` |
+| `claude-haiku-4.5` | ⚡ 快速，适合简单任务 | `gpt-4o-mini`, `gpt-3.5-turbo`, `claude-3-5-haiku-20241022`, `haiku` |
+| `auto` | 🤖 自动选择 | `auto` |
+
+### 各客户端推荐配置
+
+| 客户端 | 推荐模型名 | 实际使用 |
+|--------|-----------|---------|
+| Claude Code | `claude-sonnet-4` 或 `claude-sonnet-4.5` | 直接使用 Kiro 模型名 |
+| Codex CLI | `gpt-4o` | 映射到 claude-sonnet-4 |
+| Gemini CLI | `gemini-1.5-pro` | 映射到 claude-sonnet-4.5 |
+| 其他 OpenAI 客户端 | `gpt-4o` | 映射到 claude-sonnet-4 |
+
+> 💡 **提示**：不确定用什么模型？直接用 `claude-sonnet-4` 或 `gpt-4o`，性价比最高。

KiroProxy/kiro_proxy/docs/02-features.md

@@ -0,0 +1,225 @@
+# 功能特性
+
+## 多协议支持
+
+Kiro Proxy 支持三种主流 AI API 协议，可以适配不同的客户端：
+
+| 协议 | 端点 | 适用客户端 |
+|------|------|------------|
+| OpenAI | `/v1/chat/completions` | Codex CLI, ChatGPT 客户端 |
+| Anthropic | `/v1/messages` | Claude Code, Claude 客户端 |
+| Gemini | `/v1/models/{model}:generateContent` | Gemini CLI |
+
+代理会自动将请求转换为 Kiro API 格式，响应转换回对应协议格式。
+
+---
+
+## 工具调用支持
+
+完整支持三种协议的工具调用功能：
+
+### Anthropic 协议（Claude Code）
+
+- `tools` 定义和 `tool_result` 响应完整支持
+- `tool_choice: required` 支持（通过 prompt 注入）
+- `web_search` 特殊工具自动识别
+- 工具数量限制（最多 50 个）
+- 描述截断（超过 500 字符自动截断）
+
+### OpenAI 协议（Codex CLI）
+
+- `tools` 定义（function 类型）
+- `tool_calls` 响应处理
+- `tool` 角色消息转换
+- `tool_choice: required/any` 支持
+- 工具数量限制和描述截断
+
+### Gemini 协议
+
+- `functionDeclarations` 工具定义
+- `functionCall` 响应处理
+- `functionResponse` 工具结果
+- `toolConfig.functionCallingConfig.mode` 支持（ANY/REQUIRED）
+- 工具数量限制和描述截断
+
+### 历史消息修复
+
+Kiro API 要求消息必须严格交替（user → assistant → user → assistant），代理会自动：
+
+- 检测并修复连续的同角色消息
+- 合并重复的 tool_results
+- 插入占位消息保持交替
+
+---
+
+## 多账号管理
+
+### 账号轮询
+
+支持添加多个 Kiro 账号，代理会自动轮询使用（默认随机）：
+
+- 每次请求随机选择一个可用账号（尽量避免连续命中同一账号）
+- 自动跳过冷却中或不健康的账号
+- 分散请求压力，降低单账号 RPM 过高导致封禁风险
+
+### 会话粘性（可选）
+
+为了保持对话上下文的连贯性，在非 `random` 策略下会启用会话粘性：
+
+- 同一会话 ID 在 60 秒内会使用同一账号
+- 超过 60 秒或账号不可用时才切换
+- 会话 ID 由请求内容生成；可通过 `~/.kiro-proxy/priority.json` 中的 `strategy` 调整策略
+
+### 账号状态
+
+每个账号有四种状态：
+
+| 状态 | 说明 | 颜色 |
+|------|------|------|
+| Active | 正常可用 | 绿色 |
+| Cooldown | 触发限流，冷却中 | 黄色 |
+| Unhealthy | 健康检查失败 | 红色 |
+| Disabled | 手动禁用 | 灰色 |
+
+---
+
+## Token 自动刷新
+
+### 自动检测
+
+- 后台每 5 分钟检查所有账号的 Token 状态
+- 检测 Token 是否即将过期（15 分钟内）
+
+### 自动刷新
+
+- 发现即将过期的 Token 自动刷新
+- 支持 Social 认证（Google/GitHub）的 refresh_token
+- 刷新失败会标记账号为不健康
+
+### 手动刷新
+
+- 在账号卡片点击「刷新 Token」
+- 或点击「刷新所有 Token」批量刷新
+
+---
+
+## 配额管理
+
+### 429 自动处理
+
+当 Kiro API 返回 429 (Too Many Requests) 时：
+
+1. 自动将该账号标记为 Cooldown 状态
+2. 设置 5 分钟冷却时间
+3. 立即切换到其他可用账号重试
+4. 冷却结束后自动恢复
+
+### 手动恢复
+
+如果需要提前恢复账号：
+
+1. 在「监控」页面查看配额状态
+2. 点击账号旁的「恢复」按钮
+
+---
+
+## 流量监控
+
+### 请求记录
+
+记录所有经过代理的 LLM 请求：
+
+- 请求时间、模型、账号
+- 输入/输出 Token 数量
+- 响应时间、状态码
+- 完整的请求和响应内容
+
+### 搜索过滤
+
+- 按协议筛选（OpenAI/Anthropic/Gemini）
+- 按状态筛选（完成/错误/进行中）
+- 关键词搜索
+
+### 导出功能
+
+- 支持导出为 JSON 格式
+- 可选择导出全部或指定记录
+
+---
+
+## 登录方式
+
+### Google 登录
+
+使用 Google 账号通过 OAuth 授权登录。
+
+### GitHub 登录
+
+使用 GitHub 账号通过 OAuth 授权登录。
+
+### AWS Builder ID
+
+使用 AWS Builder ID 通过 Device Code Flow 登录：
+
+1. 点击 AWS 登录按钮
+2. 复制显示的授权码
+3. 在浏览器中打开授权页面
+4. 输入授权码完成登录
+
+---
+
+## 历史消息管理
+
+### 对话长度限制
+
+Kiro API 有输入长度限制，当对话历史过长时会返回 `CONTENT_LENGTH_EXCEEDS_THRESHOLD` 错误。
+
+代理内置了多种策略自动处理这个问题：
+
+### 可用策略
+
+| 策略 | 说明 | 触发时机 |
+|------|------|----------|
+| 自动截断 | 优先保留最新上下文并摘要前文，必要时截断 | 每次请求前 |
+| 智能摘要 | 用 AI 生成早期对话摘要 | 超过阈值时 |
+| 错误重试 | 遇到长度错误时截断重试 | 收到错误后 |
+| 预估检测 | 预估 token 数量，超限预先截断 | 每次请求前 |
+
+### 配置选项
+
+在「设置」页面可以配置：
+
+- **最大消息数** - 自动截断时保留的消息数量（默认 30）
+- **最大字符数** - 自动截断时的字符数限制（默认 150000）
+- **重试保留数** - 错误重试时保留的消息数（默认 20）
+- **最大重试次数** - 错误重试的最大次数（默认 2）
+- **摘要保留数** - 智能摘要时保留的最近消息数（默认 10）
+- **摘要阈值** - 触发智能摘要的字符数阈值（默认 100000）
+- **添加警告** - 截断时是否在日志中记录
+
+### 推荐配置
+
+- **默认**：只启用「错误重试」，遇到问题时自动处理
+- **保守**：启用「智能摘要 + 错误重试」，保留关键信息
+- **激进**：启用「自动截断 + 预估检测」，预防性截断
+
+---
+
+## 配置持久化
+
+### 自动保存
+
+账号配置自动保存到 `~/.kiro-proxy/config.json`：
+
+- 账号列表和状态
+- 启用/禁用设置
+- Token 文件路径
+
+### 重启恢复
+
+重启代理后自动加载保存的配置，无需重新添加账号。
+
+### 导入导出
+
+- 「导出配置」下载当前配置
+- 「导入配置」从文件恢复