diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index 1619030a..00000000
--- a/.gitattributes
+++ /dev/null
@@ -1,17 +0,0 @@
-# 默认按 git 自动识别二进制
-* text=auto
-
-# Linux 容器内执行的脚本必须是 LF
-*.sh text eol=lf
-deploy/mysql-init/** text eol=lf
-
-# Go / SQL / yaml 默认 LF（跨平台一致）
-*.go    text eol=lf
-*.sql   text eol=lf
-*.yaml  text eol=lf
-*.yml   text eol=lf
-
-# Windows 端工具脚本保持 CRLF
-*.ps1   text eol=crlf
-*.bat   text eol=crlf
-*.cmd   text eol=crlf
diff --git a/.gitignore b/.gitignore
index bdc7a06a..be988b4e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,49 +1,87 @@
-# Secrets
-.env
-.env.*
-!.env.example
-*.local
-
-# Node
-node_modules/
-**/node_modules/
-.pnpm-store/
-dist/
-.next/
-.turbo/
-
-# Build
-**/bin/
-**/coverage/
-*.log
+# =============================================================================
+# Go
+# =============================================================================
+*.exe
+*.dll
+*.so
+*.dylib
+*.test
 *.out
-*.bin
-*.tsbuildinfo
-*.tar.gz
-
-# Local caches / scratch files
-.gocache/
-.tmp/
-**/.gocache/
-
-# Local operation artifacts
-backend/img/
-sub2api-account-*.json
-scripts/deploy_web_fix.py
-tools/check_remote_*.py
-tools/inspect_*_trace.py
+/bin/
+/dist/
+/deploy/bin/
 
-# OS
-.DS_Store
-Thumbs.db
+# =============================================================================
+# 本地配置 / 密钥(绝对不能进仓库)
+# =============================================================================
+/configs/config.yaml
+/configs/*.local.yaml
+/deploy/.env
+.env
+.env.local
 
+# =============================================================================
 # IDE
+# =============================================================================
 .idea/
 .vscode/
 *.swp
+*.swo
 
-# Cursor 私有规则不入仓（项目规则保留）
-# .cursor/rules/ 已纳入版本控制（项目级）
+# =============================================================================
+# 日志 & 数据
+# =============================================================================
+/logs/
+/deploy/logs/
+*.log
+/data/
+/uploads/
+/storage/
+
+# =============================================================================
+# 前端
+# =============================================================================
+/web/node_modules/
+/web/dist/
+/web/.cache/
+/web/.vite/
+
+# =============================================================================
+# Python(仅 legacy 参考)
+# =============================================================================
+__pycache__/
+*.pyc
+*.pyo
+.venv/
+venv/
+
+# =============================================================================
+# 打包产物 / 临时目录(不要提交到开源仓库)
+# =============================================================================
+*.tgz
+*.tar.gz
+/_tmp/
+/tmp/
+
+# 历史部署产物(运维自己 build 即可,不要带进仓库)
+/deploy/bin/
+/deploy/logs/
+/deploy/updates/
+/deploy/web/
+
+# =============================================================================
+# 杂项
+# =============================================================================
+.DS_Store
+Thumbs.db
+*.bak
+*.tmp
+*_backup_*
 
-# 大图素材原档（按需）
-/assets/raw/
+# =============================================================================
+# 根目录随手放的哈希命名图片 / HAR(README 正式图放 docs/screenshots/)
+# =============================================================================
+/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]*.png
+/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]*.jpg
+/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]*.har
+!/docs/**
diff --git a/API_NOTES.md b/API_NOTES.md
new file mode 100644
index 00000000..4fe518c4
--- /dev/null
+++ b/API_NOTES.md
@@ -0,0 +1,277 @@
+# ChatGPT 图像生成 & 额度查询接口备忘录
+
+> 本文记录我们目前复用的 `chatgpt.com` 后端接口，及其请求/响应关键字段。  
+> 所有接口都走同一个 `Bearer {AUTH_TOKEN}`，host 固定 `https://chatgpt.com`。  
+> 运行环境：`curl_cffi` + `impersonate="chrome124"`（chrome131 有时 TLS 握手失败，chrome124 稳定）。
+
+---
+
+## 0. 通用请求头
+
+绝大多数接口共用下面这套头，区别只在于 `referer` / `x-openai-target-*`：
+
+```
+authorization: Bearer <AT>
+accept: */*
+accept-language: zh-CN,zh;q=0.9,en;q=0.8
+content-type: application/json
+origin: https://chatgpt.com
+referer: https://chatgpt.com/                           # 或 /c/{conversation_id}
+user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+             (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
+oai-language: zh-CN
+oai-device-id: <UUID>                                   # 首次 GET / 后从 cookie 取
+oai-client-version: prod-be885abbfcfe7b1f511e88b3003d9ee44757fbad
+oai-client-build-number: 5955942
+```
+
+> `AUTH_TOKEN` 是 Bearer JWT，有效期约 10 天。过期后要用户重新登录页面从 network 里抓。
+
+---
+
+## 1. 额度查询（重点！）
+
+### `POST /backend-api/conversation/init`
+
+用途：**新建会话前注册 + 返回当前账号各类功能剩余额度**。  
+这就是网页左下角"今日还剩 XX 张图"数字的来源。
+
+请求体：
+
+```json
+{
+  "gizmo_id": null,
+  "requested_default_model": null,
+  "conversation_id": null,
+  "timezone_offset_min": -480,
+  "system_hints": ["picture_v2"]
+}
+```
+
+响应体（200）：
+
+```json
+{
+  "type": "conversation_detail_metadata",
+  "banner_info": null,
+  "blocked_features": [],
+  "model_limits": [],
+  "limits_progress": [
+    { "feature_name": "deep_research",      "remaining": 25, "reset_after": "…" },
+    { "feature_name": "odyssey",            "remaining": 40, "reset_after": "…" },
+    { "feature_name": "file_upload",        "remaining": 80, "reset_after": "…" },
+    { "feature_name": "paste_text_to_file", "remaining": 80, "reset_after": "…" },
+    { "feature_name": "image_gen",          "remaining": 68, "reset_after": "2026-04-17T18:15:51Z" }
+  ],
+  "default_model_slug": "gpt-5-3",
+  "atlas_mode_enabled": null
+}
+```
+
+关键字段：
+
+| 字段 | 含义 |
+|---|---|
+| `limits_progress[].feature_name == "image_gen"` | **生图额度**。Plus 每日满额约 100~120 次 |
+| `limits_progress[].remaining` | 当前剩余次数（抓包时是 105/112，当前是 68） |
+| `limits_progress[].reset_after` | 下次重置时间（UTC，通常每日一次） |
+| `blocked_features` | 被风控限制的功能列表，正常为空 `[]` |
+| `default_model_slug` | 账号默认模型（普通 Plus = `gpt-5-3`） |
+
+用法：
+- 每次 `run_once` 开头单独调一次即可做额度监控，**不消耗额度**（只在新建会话时必调，复用会话时可不调）。
+- 独立脚本：`_check_image_gen_quota.py`。
+
+---
+
+## 2. 生图完整调用链
+
+按顺序编号：
+
+```
+[1] GET  /                                            → 拿 oai-did cookie
+[2] POST /backend-api/sentinel/chat-requirements      → 拿 chat_token (+可选 POW 挑战)
+[3] POST /backend-api/conversation/init               → 注册 + 查余额（见 §1）
+[4] POST /backend-api/f/conversation/prepare          → 拿 conduit_token（灰度分桶关键）
+[5] POST /backend-api/f/conversation    (SSE)         → 正式下发 prompt，流式拿 file_id
+[6] GET  /backend-api/conversation/{conv_id}          → 轮询补齐最终 file-service URL
+[7] GET  /backend-api/files/{file_id}/download        → 拿短期签名 URL
+[8] GET  <signed_url>                                 → 下载图片 bytes
+```
+
+> 复用现有会话（`FIXED_CONVERSATION_ID` 有值）时跳过 `[3]`，但 `[4][5]` 仍需每次调。
+
+---
+
+### [2] `POST /backend-api/sentinel/chat-requirements`
+
+作用：拿 `chat_token`（写进 `openai-sentinel-chat-requirements-token`），以及判断是否要做 POW / Turnstile。
+
+请求体：
+
+```json
+{ "p": "gAAAAAC...<get_requirements_token 生成>" }
+```
+
+响应关键字段：
+
+```json
+{
+  "token": "...chat_token...",
+  "proofofwork": {
+    "required": true,
+    "seed": "...",
+    "difficulty": "0fffff"
+  }
+}
+```
+
+如果 `proofofwork.required=true`，需用本地 SHA3-512 暴力算 `openai-sentinel-proof-token`（见 `gen_image.py` 的 `generate_proof_token`）。
+
+---
+
+### [4] `POST /backend-api/f/conversation/prepare`
+
+作用：**灰度桶分配**。服务器在这里决定本次请求走哪套生图后端（DALL-E 3 preview 或 IMG2 gray-bucket），返回一个 `conduit_token` 代表分桶决策。
+
+请求头额外需要：
+
+```
+openai-sentinel-chat-requirements-token: <chat_token>
+openai-sentinel-proof-token: <proof_token>     # 若 POW required
+```
+
+请求体：
+
+```json
+{
+  "model": "auto",
+  "system_hints": ["picture_v2"],
+  "timezone_offset_min": -480,
+  "conversation_id": null,              // 或已有会话 id
+  "message_id": "<前端生成 UUID>",
+  "supports_buffering": true
+}
+```
+
+响应体：
+
+```json
+{ "conduit_token": "ct_...." }
+```
+
+`conduit_token` 要在 `[5]` 里通过请求头 `x-conduit-token` 传回去。
+
+---
+
+### [5] `POST /backend-api/f/conversation` (SSE)
+
+作用：正式提交 prompt 并接收流式响应，里面会陆续下发 `image_gen_task_id` / 初始 `file_id`。
+
+请求头额外需要：
+
+```
+openai-sentinel-chat-requirements-token: <chat_token>
+openai-sentinel-proof-token: <proof_token>
+x-conduit-token: <conduit_token>             # 关键！否则不进灰度桶
+accept: text/event-stream
+```
+
+请求体骨架（精简）：
+
+```json
+{
+  "action": "next",
+  "messages": [{
+      "id": "<msg_uuid>",
+      "author": { "role": "user" },
+      "content": { "content_type": "text", "parts": ["<prompt>"] },
+      "metadata": {}
+  }],
+  "parent_message_id": "<head_or_new_uuid>",
+  "model": "auto",
+  "conversation_id": null,
+  "system_hints": ["picture_v2"],            // ← 必须，开启图像工具
+  "force_paragen": false,
+  "force_rate_limit": false,
+  "timezone_offset_min": -480,
+  "reset_rate_limits": false,
+  "supports_buffering": true
+}
+```
+
+SSE 事件里要抓的字段：
+
+| 字段 | 位置 | 作用 |
+|---|---|---|
+| `conversation_id` | `message.metadata` 或顶层 | 后续轮询用 |
+| `image_gen_task_id` | `message.metadata.image_gen_async` | 确认任务已发起 |
+| `author.name` | tool 消息 | **判灰度关键**：<br>· `dalle.text2im` / `t2uay3k.sj1i4kz` → DALL-E 3 preview<br>· IMG2 灰度时会是不同名字（需进一步抓包确认） |
+| `content.parts[].asset_pointer` | assistant 消息 | `file-service://file-XXX` 或 `sediment://...` |
+
+---
+
+### [6] `GET /backend-api/conversation/{conversation_id}`
+
+作用：SSE 结束后轮询补齐最终 file-service URL（尤其灰度会出第二张高清图）。
+
+响应：完整会话 JSON，结构里 `mapping` 是消息树。
+
+polling 策略（见 `poll_conversation_for_images`）：
+- 使用 **baseline diff**：请求前先记录 "现有 tool 消息 id 集合"，轮询时只看新增的。
+- `sediment://` 代表中间产物，`file-service://` 代表最终版。
+- 如果出现 2 条以上新 tool 消息且最新 `sediment` 连续 4 轮不变 → IMG2 已稳定。
+- 单 tool 消息 + 30s 内没出第二条 → `preview_only`（非灰度）。
+- 最大等待 900s；连续 3 次 429 直接中止。
+
+---
+
+### [7] `GET /backend-api/files/{file_id}/download`
+
+响应：
+
+```json
+{ "status": "success", "download_url": "https://files.oaiusercontent.com/…签名URL…" }
+```
+
+---
+
+## 3. 其他已观察到的接口（非必用）
+
+| 接口 | 方法 | 用途 | 响应 |
+|---|---|---|---|
+| `/backend-api/image-gen/image-paragen-display` | POST | **前端上报**：告诉后端"已展示 N 张图" | 204 空 |
+| `/backend-api/conversation/{id}/async-status` | POST `{"status":null}` | 异步任务健康检查 | `{"status":"OK"}` |
+| `/backend-api/accounts/check/v4-2023-04-27` | GET | 账号 features/entitlements | 用来查 `gpt_image_1` / `image_gen_better_text` 等灰度 flag |
+| `/backend-api/files/library` | POST | 用户图像库列表 | 不用于本流程 |
+| `/backend-api/models` | GET | 当前账号可用模型 | 诊断用 |
+| `/backend-api/me` | GET | 用户基本信息 | 诊断用 |
+
+---
+
+## 4. 关键排查经验
+
+1. **额度**：看 `/conversation/init` 响应 `limits_progress[image_gen].remaining`。  
+   Plus 日配额约 100~120，每日 UTC 18:15 附近重置一次。
+2. **灰度桶**：`conduit_token` 每次请求都可能不同，服务端随机分桶。  
+   当前账号 `accounts/check` 的 features 里 **缺 `gpt_image_1` / `image_gen_better_text` / `image_gen_v2`**，属于"非白名单账号"，灰度命中率极低；HAR 抓包那次是偶发灰度。
+3. **风控**：`blocked_features` 为空且 HTTP 未出现 403，就说明没被封。429 是瞬时限流，退避后即可恢复。
+4. **TLS**：`curl_cffi` 用 `impersonate="chrome124"` 稳定；`chrome131` 偶发 `TLS connect error`。
+5. **网络**：arxlabs.io 代理不稳时直接关掉 `PROXY_TEMPLATE`，走本机 Mihomo/Clash Verge TUN 直连更靠谱。
+
+---
+
+## 5. 相关脚本索引
+
+| 脚本 | 用途 |
+|---|---|
+| `gen_image.py` | 主生图流程（含重试/轮询/下载） |
+| `_check_image_gen_quota.py` | **仅查 `image_gen` 余额**，不消耗额度 |
+| `_dump_acc.py` | 完整 dump `/accounts/check`，用于看 feature flag |
+| `_check_quota.py` | 遍历多个诊断接口（me/models/accounts/check） |
+| `_scan_har_gen.py` / `_scan_har_quota.py` | 扫 HAR 找接口/关键字段 |
+| `_har_gen_endpoints.py` / `_dump_init.py` | Dump HAR 里特定接口的完整请求响应 |
+
+---
+
+_最后更新：2026-04-17_
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 00000000..8e42a351
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,34 @@
+MIT License
+
+Copyright (c) 2026 gpt2api contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+================================================================================
+
+IMPORTANT — ADDITIONAL DISCLAIMER
+
+This project reverse-engineers the private APIs of chatgpt.com and is provided
+for educational and research purposes only. Use of this software may violate
+OpenAI's Terms of Service and the laws of your jurisdiction. The authors and
+contributors accept no responsibility for account bans, legal consequences, or
+any other damages arising from the use of this software.
+
+You are solely responsible for complying with all applicable laws, terms of
+service, and regulations in your use of this project.
diff --git a/Makefile b/Makefile
new file mode 100644
index 00000000..ce46c75b
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,60 @@
+.PHONY: help run build tidy test fmt vet lint migrate-up migrate-down migrate-status docker-up docker-down docker-logs
+
+SHELL := /bin/sh
+APP_NAME := gpt2api
+BIN_DIR := bin
+
+CONFIG ?= configs/config.yaml
+DSN ?= $(shell awk '/mysql:/,/^[^ ]/' $(CONFIG) | grep -E "^\s*dsn:" | head -1 | sed 's/.*dsn:\s*//;s/"//g')
+
+help:
+	@echo "Targets:"
+	@echo "  run              - go run cmd/server"
+	@echo "  build            - build binary to bin/$(APP_NAME)"
+	@echo "  tidy             - go mod tidy"
+	@echo "  test             - go test ./..."
+	@echo "  fmt              - gofmt -w"
+	@echo "  vet              - go vet ./..."
+	@echo "  migrate-up       - goose up"
+	@echo "  migrate-down     - goose down"
+	@echo "  migrate-status   - goose status"
+	@echo "  docker-up        - docker compose up -d"
+	@echo "  docker-down      - docker compose down"
+	@echo "  docker-logs      - docker compose logs -f"
+
+run:
+	go run ./cmd/server
+
+build:
+	@mkdir -p $(BIN_DIR)
+	go build -ldflags "-s -w" -o $(BIN_DIR)/$(APP_NAME) ./cmd/server
+
+tidy:
+	go mod tidy
+
+test:
+	go test ./...
+
+fmt:
+	gofmt -w .
+
+vet:
+	go vet ./...
+
+migrate-up:
+	goose -dir sql/migrations mysql "$(DSN)" up
+
+migrate-down:
+	goose -dir sql/migrations mysql "$(DSN)" down
+
+migrate-status:
+	goose -dir sql/migrations mysql "$(DSN)" status
+
+docker-up:
+	docker compose -f deploy/docker-compose.yml up -d
+
+docker-down:
+	docker compose -f deploy/docker-compose.yml down
+
+docker-logs:
+	docker compose -f deploy/docker-compose.yml logs -f
diff --git a/PROGRESS.md b/PROGRESS.md
deleted file mode 100644
index b674205b..00000000
--- a/PROGRESS.md
+++ /dev/null
@@ -1,435 +0,0 @@
-# gpt2api 开发进度看板
-
-> 最近更新：2026-04-27（UX 调优后）
-> 主文档：`[README.md](./README.md)` · 规范：`[docs/](./docs/)` · 常驻 AI 规则：`.cursor/rules/`
->
-> **项目定位**：基于 GPT / GROK 双账号池的高并发 AIGC 平台，OpenAI 协议兼容；前端 React + Tailwind，后端 Go + MySQL + Redis。
-> **皮肤规范**：默认主题 = 「克莱因蓝（Klein Blue · IKB `#002FA7`）」，仅作为视觉皮肤通过 `packages/theme` token 集中管理，可在 `tokens.css` 切换为其它色板而不影响业务代码。代码内部 module/包名 `@kleinai/`* 保留作为既有命名空间，不外露给最终用户。
-
----
-
-## ⚡ 本地起服务（Sprint 9 已具备完整可观察形态）
-
-提供两种启动模式，按需选择：
-
-### 模式 A · 全容器（推荐：零本地依赖、最贴近线上）
-
-> MySQL / Redis / 4 个 Go 后端 / 2 个前端静态站全部跑容器，前端容器内 nginx 统一反代到后端。
-
-```powershell
-# 首次构建镜像（≈ 5–8 分钟，分别打 backend / user-web / admin-web 三个镜像）
-cd deploy
-$env:KLEIN_DEV_MYSQL_PORT='23306'   # 仅当 13306 被 Hyper-V 占用时设置
-docker compose -f docker-compose.dev-full.yml up -d --build
-
-# 之后日常启动 / 关停
-docker compose -f docker-compose.dev-full.yml up -d
-docker compose -f docker-compose.dev-full.yml down            # 仅停容器
-docker compose -f docker-compose.dev-full.yml down -v         # 同时清数据卷
-```
-
-
-| 入口            | 地址                                                               | 默认账号                 |
-| ------------- | ---------------------------------------------------------------- | -------------------- |
-| 用户端           | [http://localhost:17080](http://localhost:17080)                 | 注册即用                 |
-| 管理后台          | [http://localhost:17088](http://localhost:17088)                 | `admin` / `admin123` |
-| OpenAI 兼容（直连） | [http://localhost:17200/v1](http://localhost:17200/v1)           | 用户 KEY 管理生成 sk-...   |
-| OpenAI 兼容（反代） | [http://localhost:17080/v1](http://localhost:17080/v1)           | 同上（推荐前端调用）           |
-| 用户 API（直连）    | [http://localhost:17180/healthz](http://localhost:17180/healthz) | -                    |
-| 后台 API（直连）    | [http://localhost:17188/healthz](http://localhost:17188/healthz) | -                    |
-
-
-### 模式 B · 半容器（适合改 Go / 改 React 边写边热更新）
-
-> 仅 MySQL / Redis 跑容器，4 个 Go 后端 + 2 个 Vite 跑主机，省去镜像构建时间。
-
-```powershell
-pwsh ./scripts/dev-up.ps1
-# 该脚本会：
-#   1. docker compose -f deploy/docker-compose.dev.yml up -d
-#   2. 等 MySQL 健康
-#   3. 复制 backend/.env.example → backend/.env.local（首次）
-#   4. 在 4 个新窗口拉起 api / admin / openai / worker
-
-# 起前端（首次需 pnpm install）
-cd frontend
-pnpm install
-pnpm --filter @kleinai/user  dev   # → http://localhost:5173
-pnpm --filter @kleinai/admin dev   # → http://localhost:5174
-
-# 关停
-pwsh ./scripts/dev-down.ps1
-```
-
-> 两种模式默认都用 `KLEIN_PROVIDER_GPT/GROK=mock`，无需真实 OpenAI / GROK 凭证即可走通生成全流程。
-> 切真实通道：模式 A 改 `deploy/docker-compose.dev-full.yml` 里的 `KLEIN_PROVIDER_*=real`；模式 B 改 `backend/.env.local`。
-> 真实凭证一律走 **管理后台 → Token 管理** 入库（AES-256-GCM 落盘）。
-
-**Windows 上 13306 / 16379 端口被 Hyper-V 占用怎么办？**
-
-```powershell
-# 查看 TCP 排除范围
-netsh interface ipv4 show excludedportrange protocol=tcp
-# 临时释放（需管理员，重启后失效）
-net stop winnat
-net start winnat
-# 或：模式 A 直接 $env:KLEIN_DEV_MYSQL_PORT='23306' 后再 up
-# 或：模式 B 改 deploy/docker-compose.dev.yml + backend/.env.local 的 DSN
-```
-
----
-
-## 总览
-
-
-| 模块             | 状态     | 负责  | 备注                                                   |
-| -------------- | ------ | --- | ---------------------------------------------------- |
-| **规范文档**       | ✅ Done | -   | 6 篇规范 + README                                       |
-| **AI 常驻规则**    | ✅ Done | -   | `.cursor/rules/` 4 份规则                               |
-| **后端脚手架**      | ✅ Done | -   | 4 个 cmd 二进制 + healthz / readyz                       |
-| **前端脚手架**      | ✅ Done | -   | pnpm monorepo + 用户端 / 后台 骨架                          |
-| **部署脚手架**      | ✅ Done | -   | docker-compose + 3 份 nginx + Dockerfile              |
-| **账号体系**       | ✅ Done | -   | 注册 / 登录 / refresh / me / 改密                          |
-| **账号池核心**      | ✅ Done | -   | 增删改查 + 批量导入 + RR 调度 + AES 加密                         |
-| **API Key 管理** | ✅ Done | -   | 用户 CRUD + OpenAI 兼容鉴权                                |
-| **计费引擎**       | ✅ Done | -   | 钱包 / 预扣 / 结算 / 退款 + CDK 兑换                           |
-| **生成调度**       | ✅ Done | -   | 真实 GPT / GROK provider + AES 解密凭证 + env 切换 mock/real |
-| **前后端联调**      | ✅ Done | -   | user 全部页面接入真实 API；admin 主流程接入                        |
-| **管理后台联调**     | ✅ Done | -   | 登录 / 仪表盘 / 账号池 CRUD + 批量导入 / CDK 批次                  |
-
-
-图例：✅ 完成 · 🚧 进行中 · ⏳ 待开始 · ⛔ 阻塞 · 🐛 待修复
-
----
-
-## Sprint 0 · 规范与基础（已完成）
-
-- 编写 6 份开发规范（`docs/01 ~ 06`）
-- 项目根 README
-- Cursor AI 常驻规则 `.cursor/rules/`
-  - `00-core.mdc`（始终生效）
-  - `10-backend.mdc`（backend/**）
-  - `20-frontend.mdc`（frontend/**）
-  - `30-deploy.mdc`（deploy/**、Dockerfile）
-- PROGRESS 看板
-
----
-
-## Sprint 1 · 后端脚手架（已完成）
-
-> 目标：4 个 cmd 二进制能起服务、返回 healthz；MySQL / Redis 连接通；核心表迁移完成。
-
-- 仓库结构 `backend/`：cmd / internal / pkg / configs / migrations / scripts
-- `go.mod` + 依赖锁定
-- `Makefile`：build / run-api / run-admin / run-openai / run-worker / migrate-up / migrate-down / lint / test
-- `.env.example` + `configs/config.yaml`
-- 基础包 `pkg/`：config / logger / database / snowflake / jwtx / crypto / errcode / response / ratelimit / httpc / version
-- 中间件 `internal/middleware/`：recovery / requestid / access_log / cors / auth / ratelimit / security
-- 入口 `cmd/`：api / admin / openai / worker
-- 数据库迁移 `migrations/` 10 个文件覆盖核心域
-
----
-
-## Sprint 2 · 前端脚手架（已完成）
-
-- `frontend/` pnpm workspace + tsconfig.base + eslint / prettier
-- `packages/theme`：tokens.css + tailwind.preset.ts + animations
-- `apps/user`：Vite + React Router + AuthLayout / AppLayout + 登录 / 注册 / 创作 / 历史 / 计费 / KEY / 邀请 / 设置
-- `apps/admin`：AdminLayout + 后台登录 + 仪表盘 + Token 管理骨架
-
----
-
-## Sprint 3 · 部署脚手架（已完成）
-
-- `deploy/docker-compose.yml`（基础）
-- `deploy/env/.env.example`
-- `deploy/nginx/`：`user.conf` / `admin.conf` / `openai.conf`
-- `backend/Dockerfile`（多阶段、distroless）
-- `frontend/apps/user/Dockerfile` + `frontend/apps/admin/Dockerfile`
-
----
-
-## Sprint 4 · 账号体系 + 账号池 MVP（已完成）
-
-- 用户：注册 / 登录 / 刷新 / me / 改密
-- 账号池：
-  - 单条 CRUD + 启用 / 停用 / 解除熔断
-  - 批量导入（每行一条；支持 `name@@cred` / `cred@base_url` / `cred`）
-  - 调度器 RoundRobin / WeightedRR + 30s 缓存
-  - 凭证 AES-256-GCM 加密存储
-  - 分组管理 / 健康检查 worker（待补）
-- 管理后台：账号池列表 / 详情 / 批量导入 / 池状态接口
-
----
-
-## Sprint 5 · API Key + OpenAI 兼容鉴权（已完成）
-
-- `api_key` 模型 + repo（hash + salt + last4）
-- 用户端 CRUD：list / create（明文仅返回一次）/ toggle / delete
-- `AuthAPIKey` 中间件：`Authorization: Bearer sk-klein-xxx`
-- OpenAI 兼容服务挂入鉴权 + scope 校验
-
----
-
-## Sprint 6 · 计费引擎（已完成）
-
-- `wallet_log` + `consume_record` + `refund_record`
-- BillingService：PreDeduct / Settle / FailRefund / GrantPoints
-- CDK 服务：批次生成 + 用户兑换（事务 + 余量 + per_user_limit）
-- 用户端：钱包流水 / CDK 兑换 接口
-- 管理后台：CDK 批次创建接口
-- 充值订单（支付宝 / 微信 / Stripe）—— 后续接入
-- 优惠码 / 邀请返点 —— 后续接入
-
----
-
-## Sprint 7 · 生成调度（已完成）
-
-- `generation_task` / `generation_result` 模型 + repo
-- `provider.Provider` 接口 + `mock` 实现
-- `GenerationService`：幂等 + 预扣 + 池调度 + 失败退款
-- 用户端 `/api/v1/gen/{image,video}` + 任务详情 + 历史
-- OpenAI 兼容 `/v1/{images,videos}/generations`（同步等待）
-- 真实 GPT / GROK 适配（Sprint 9 已完成，见下方）
-- WebSocket / SSE 进度推送 —— Sprint 10
-
----
-
-## Sprint 8 · 前后端联调（已完成 stub）
-
-> 目标：用户端真实跑通 注册 → 登录 → 兑换 CDK → 创建生成 → 查看历史 → 管理 KEY 全链路。
-
-- `apps/user/src/lib/api.ts` axios 客户端（baseURL / token / 401 / 错误码）
-- `apps/user/src/lib/services.ts` 领域 API 封装
-- `apps/user/src/lib/types.ts` + `format.ts` 类型与展示工具
-- `stores/auth.ts` zustand + `stores/toast.ts` + `components/Toaster`
-- `routes/RequireAuth` 路由守卫 + 401 自动跳登录
-- 登录 / 注册页对接 `/auth/`*（zod 表单校验 + 自动跳转）
-- AppLayout 顶栏对接 `/users/me`（实时余额、退出登录）
-- 创作中心 · 图像 对接 `/gen/image` + 轮询任务 + 余额刷新
-- 创作中心 · 视频 对接 `/gen/video` + 轮询任务 + 余额刷新
-- 生成历史对接 `/gen/history`（图/视频筛选、分页加载）
-- KEY 管理对接 `/keys/`*（创建一次性明文展示、停启用、删除）
-- 余额明细对接 `/billing/logs` + `/billing/cdk/redeem`
-- 设置页对接 `/users/password` + 资料展示 + 主题切换
-- 邀请页展示真实邀请码 + 一键复制
-- 调用说明页基于 `VITE_OPENAI_BASE_URL` 生成示例 + 一键复制
-- `vite.config.ts` 增加 `/api` → 17180、`/v1` → 17200 代理
-
----
-
-## Sprint 9.6 · UI/UX Pro 规范化（已完成）
-
-> 目标：把已联调的页面从「能用」升级到「整套规范」。引入「设计 token + 共享组件层」架构，前后台高频页面全量替换为统一字号、间距、按钮、卡片、表格、空状态、徽标、对话框组件；本地 `index.css` 仅留站点级覆盖。
-
-- **Design Tokens（`packages/theme/src/tokens.css`）**：8pt 间距栅格 + `clamp()` 流式字号（display/h1-h4/body/small/tiny）+ `tracking-`* / `weight-*` 排印变量 + 控件高度变量 `ctl-h-{xs,sm,md,lg,xl}` + 控件 padding 变量；阴影增加 `shadow-4 / shadow-inset / focus-ring / focus-ring-danger`；动画 `--ease-* / --duration-*` 标准化；语义颜色补 `success-soft / warning-soft / danger-soft / info-soft`。
-- **共享组件层（`packages/theme/src/components.css`，~720 行）**：
-  - 排印：`text-display / text-h1..h4 / text-body / text-small / text-tiny / text-overline / text-mono / gradient-text`
-  - 按钮：`btn` + `btn-primary|secondary|outline|ghost|danger|danger-ghost|link` × `btn-xs|sm|md|lg|xl` + `btn-icon|btn-block`，旧 `.btn-klein` 作为 alias 保留
-  - 表单：`field / field-label / field-hint / field-error / input / select / textarea / input-affix / checkbox / radio`，`.input-klein` alias
-  - 卡片：`card / card-flat / card-elevated / card-glass / card-gradient / card-tinted / card-section / dialog-surface`，`.glass-card` alias
-  - 数据展示：`stat-grid / stat-tile(-accent) / stat-label / stat-value / stat-delta`、`data-table` 全表样式、`list-row`
-  - 状态/标记：`badge(-success|warning|danger|klein|solid|outline) / chip(-active|outline) / kbd / progress / tabs / tab`
-  - 空态/骨架：`empty-state(-icon|title|desc) / skeleton(-text)`
-  - 页面骨架：`page / page-narrow / page-wide / page-header / page-title / page-subtitle / section / section-header / section-title`
-- **Tailwind preset**：暴露所有新 token 为原子类（`bg-info-soft`、`text-tiny`、`font-extra`、`tracking-wide`、`shadow-4`、`duration-base`、`ease-out` 等）。
-- **入口收敛**：在 `apps/{user,admin}/src/index.css` 顶部 `@import '@kleinai/theme/components.css'`，确保 `@layer components` 与 `@apply` 在同一 PostCSS 上下文；本地 `index.css` 只保留 `body line-height` 与 `.creative-pane / .admin-pane` 等页面级覆盖。
-- **页面重构**（用户端）：`LoginPage / RegisterPage / CreateImagePage / CreateVideoPage / HistoryPage / BillingPage / KeysPage / SettingsPage / DocsPage / InvitePage / AppLayout / LoginGate` 全量切换 `btn / btn-{variant} / field / input / card / page-* / badge / progress / tabs / kbd / empty-state`。
-- **页面重构**（管理端）：`Dashboard / TokenAccounts / CDK / Login / AdminLayout / _placeholder` 同步升级；`TokenAccountsPage` 表格切到 `data-table`，状态徽标切到 `badge badge-{success|warning|danger}`；`_placeholder` 改为带图标的 `empty-state`，所有占位页（用户管理 / 充值消费 / 优惠码 / 系统配置 / 请求日志）拥有一致空态外观。
-- **构建验证**：`pnpm typecheck` & `pnpm build` 全绿；docker `user-web` / `admin-web` 镜像在 `docker-compose.dev-full.yml` 上重新构建并热替换，仅 `28KB` (admin) / `38KB` (user) gzipped CSS。
-
----
-
-## Sprint 9.5 · UX & 品牌微调（已完成）
-
-> 目标：把项目从「Klein Blue 主题站」收敛为「gpt2api · AIGC 平台」，主题降级为默认皮肤；首页开放浏览，生成动作未登录时弹浮层。
-
-- **品牌降级**：用户可见文案统一改为 `gpt2api`，`Logo` 标识改为 `gpt2api`（`g2a` 角标）。代码 module path（`@kleinai/`*、Go module）保留不变，避免 churn。
-- **首页开放**：`/`、`/create/image`、`/create/video`、`/docs` 不再要求登录，未登录用户可直接体验生成 UI；受保护路由（历史 / 余额 / KEY / 邀请 / 设置）外层挂 `<RequireAuth>`，未登录访问会回到首页并自动弹登录浮层。
-- **登录浮层**：新增 `<LoginGate />` 全局浮层 + `useLoginGateStore` 状态机 + `useEnsureLoggedIn(action)` Hook。生成按钮、受保护导航、401 拦截均通过浮层完成「断点续做」，无需中断当前页面状态。
-- **响应式**：
-  - 用户端侧栏宽度改 `clamp(220px,18vw,260px)`，避免 1024px 上吃宽度过多。
-  - 创作页三栏改为 `lg`（≥1024px）双栏 + `2xl`（≥1536px）三栏；中等屏幕将「当前任务进度」合并到结果区头部。
-  - 后台 `<AdminLayout>` 补齐移动端抽屉 + 顶栏汉堡按钮，header 加 `truncate` / `flex-shrink-0`，避免昵称撑爆。
-- **空白页修复**：`apps/admin` 的 `BrowserRouter basename="/admin"` 与 nginx 的根挂载路径冲突 → 改成无 basename；401 跳转改为 `/login`。
-- **PROGRESS / README 改写**：明确「克莱因蓝是默认皮肤而非项目身份」；默认账号 `admin / admin123`、用户端注册即用。
-
----
-
-## Sprint 9 · 真实 Provider + 后台联调（已完成）
-
-> 目标：替换 mock provider，跑通真实 GPT / GROK 调用；管理后台前端联调账号池 / CDK。
-
-### Provider 真实化
-
-- `provider.Request` 加入 `Credential` / `BaseURL`，避免 provider 持有 AES
-- `GenerationService` 注入 AES，调用前解密 `account.credential_enc`
-- `provider/gpt`：OpenAI 兼容 `/v1/images/generations`，同步返回
-  - URL / b64 双兼容；4xx/5xx 失败时自动熔断账号
-- `provider/grok`：通用「异步任务 + 轮询」协议
-  - 同步直返 / 异步 `task_id` 自动适配
-  - 内置 12 min 超时 + 3s→10s 指数 backoff
-- `provider/factory`：env 驱动 `KLEIN_PROVIDER_GPT/GROK = mock|real`，零代码切换
-- `.env.example` 增加 provider 模式与 base url 配置
-- `go build ./... && go vet ./...` 全绿
-
-### 管理后台前端
-
-- `lib/api`（独立 token KEY = `klein:admin:token`）+ `lib/types` + `lib/format` + `lib/services`
-- `stores/auth` + `stores/toast` + `components/Toaster`
-- `routes/RequireAuth` 路由守卫；401 自动清 token + 跳 `/admin/login`
-- 登录页：zod + react-hook-form + `/admin/api/v1/auth/login`
-- AdminLayout 顶栏：当前管理员信息 + 角色 + 退出登录
-- **仪表盘**：实时拉 `accounts/stats` + 列表 total，渲染 GPT / GROK 池水位
-- **Token 管理**：列表（筛选 + 关键字 + 分页）+ 状态切换 + 删除
-- **Token 管理**：新增账号 Dialog（明文凭证，提交后端加密）
-- **Token 管理**：批量导入 Dialog（粘贴文本，每行一条，三种格式自动识别）
-- **CDK 批次**：批次号 / 名称 / 单码点数 / 数量 / per_user_limit / 过期 — 提交并展示结果
-- `pnpm --filter @kleinai/admin typecheck` + `build` 全绿
-
-### 仍开口
-
-- 真实 webhook 回调 + 写 `generation_result`（异步 worker，Sprint 10）
-- 管理后台：CDK 列表 + 导出 CSV（下一轮）
-- 管理后台：用户管理（封禁 / 加点 / 修改套餐，下一轮，需补后端 API）
-- 管理后台：充值消费 / 优惠码 / 请求日志（下一轮，目前为占位页）
-
----
-
-## Sprint 9.5 · 账号池高级能力（已完成）
-
-> 目标：把已写好的 `AccountTestService / OpenAIOAuthService / SystemConfigService / ProxyService` 接入 router，并在管理后台做完代理管理 + 系统配置两块拼图。
-
-### 后端
-
-- `router.MountAdmin` 装配补齐：
-  - `POST /admin/api/v1/accounts/:id/test`、`POST /accounts/:id/refresh`、`POST /accounts/batch-refresh`
-  - 整组 `proxies`：`GET / POST / PUT / DELETE / POST /:id/test`
-  - 整组 `system`：`GET /system/settings`、`PUT /system/settings`
-  - `accountAdmin.SetTestService(testSvc)` 回填，使 Test/Refresh 走得通
-- 复用既有服务（无新增逻辑）：
-  - `AccountTestService.Test`：GPT/GROK `GET /v1/models` 探活
-  - `AccountTestService.RefreshOAuth`：`auth.openai.com/oauth/token` refresh_token grant，写回 `access_token_enc / access_token_expires_at / last_refresh_at`
-  - `AccountTestService.maybeRefresh`：access_token 距过期阈值内自动刷新
-  - `AccountTestService.TestProxy`：通过代理探测 `https://www.google.com/generate_204` 测延迟
-  - `SystemConfigService`：30s 内存缓存 + 类型化便捷方法（`GlobalProxyEnabled / RefreshBeforeHours / OpenAIClientID / OpenAITokenURL`）
-
-### 后台前端
-
-- `lib/types`：补 `AccountItem` 上 OAuth/Test 字段；新增 `AccountTestResp / AccountRefreshResp / AccountBatchRefreshResp / ProxyItem / ProxyCreateBody / ProxyUpdateBody / ProxyTestResp / SystemSettings`
-- `lib/services`：补 `accountsApi.test / refresh / batchRefresh`；新增 `proxiesApi`、`systemApi`
-- **Token 管理页**升级：
-  - 顶栏新增「批量刷新 OAuth」按钮（按当前 provider 过滤）
-  - 表格新列「OAuth / 最近测试」：RT / AT 徽标 + access_token 倒计时 + last_test 状态/延迟/相对时间
-  - 操作列新增「测试连通」按钮（所有账号）+「刷新 access_token」按钮（仅 OAuth 账号）
-- **代理管理**新页（`/proxies`）：列表（启用/禁用 tabs + 关键字 + 分页）+ 新增/编辑 Dialog + 启停 + 删除 + 测试连通
-- **系统配置**新页（`/config`）替代占位页：
-  - 「全局代理」分区：开关 + 下拉选择已启用的代理
-  - 「OAuth 调度」分区：刷新窗口（小时）/ OpenAI client_id / Token Endpoint
-  - 「完整配置（只读）」JSON 视图便于诊断
-- 侧边栏新增「代理管理」入口
-
-### 验收
-
-- `go vet ./... && go build ./...` 全绿
-- `pnpm --filter @kleinai/admin typecheck` 全绿
-- 容器 `klein-admin-dev` 重建后 GIN 启动日志已注册全部新路由
-- `curl /admin/api/v1/{accounts,proxies,system/settings}` 返回 401（已挂中间件）
-
-### 9.5 修订（hotfix · 2026-04-27 晚）
-
-> 用户在管理后台试新增 / 批量导入账号时点出 5 个真实问题，本轮一并修齐：
-
-- **数据库 schema 漂移**：`migrations/20260427130011_init_proxy_oauth.sql` 中 `oauth_meta` 列 `AFTER` 与 `COMMENT` 顺序倒置，MySQL 8.0 拒绝执行；旧库（已建在 9.5 之前）的 mysql 容器 `docker-entrypoint-initdb.d` 不会重跑，导致 `account` 表缺 `proxy_id / oauth_meta / access_token_enc / refresh_token_enc / access_token_expires_at / last_refresh_at / last_test_*` 共 10 列 + 缺 5 条 `system_config` 默认值。已修正迁移并对运行中库手动补齐。
-- **批量导入 OAuth 行为不一致**：`AccountAdminService.BatchImport` 漏写 `refresh_token_enc`，与单条 `Create` 不同；现一并写入，使后续 `RefreshOAuth` 行为对齐。
-- **DTO 缺 `proxy_id`**：`AccountBatchImportReq` 加 `ProxyID *uint64`，让批量导入也能直接绑代理。
-- **新增账号 / 批量导入 UI 字段不全**：
-  - `CreateDialog` 增加：绑定代理下拉（取 `proxies.list status=1`）、`rpm_limit / tpm_limit / daily_quota / monthly_quota` 折叠区块、按 `auth_type` 切换的 placeholder + hint（API Key / Cookie / OAuth `refresh_token` 各自文案）
-  - `ImportDialog` 增加：默认绑定代理下拉、按 `auth_type` 切换的多行示例（API Key/Cookie/OAuth）
-  - `base_url` 字段统一经 `normalizeBaseURL()` 自动补 `https://`，规避后端 `binding:"omitempty,url"` 校验对 `api.openai.com` 这类裸域的 400
-- **端到端验证**：登录后 `POST /accounts`（OAuth + 限速字段）、`POST /accounts/import`（OAuth × 3 行）、`GET /accounts?keyword=e2e` 全部 200，`has_refresh_token=true` 在所有 OAuth 行上正确回传。
-
----
-
-## 🟡 剩余未开发清单（截至 2026-04-27 23:00）
-
-> 已落地的功能可在本地容器中观察。以下为后续 Sprint 待补部分。
-
-### 后端
-
-
-| 模块          | 子项                            | 优先级 | 备注                              |
-| ----------- | ----------------------------- | --- | ------------------------------- |
-| Worker      | 改造为 asynq 真实异步消费              | P1  | 现在是 inline goroutine，单机够用，多副本需要 |
-| 进度推送        | WebSocket / SSE 把 task 状态推到前端 | P1  | 现在用 1.5s 轮询                     |
-| Webhook     | provider 异步回调端点               | P1  | 配合 grok 真异步任务                   |
-| 用户管理        | 列表 / 封禁 / 加点 / 改套餐 API        | P1  | 后台前端已留位                         |
-| 充值订单        | 微信 / 支付宝 / Stripe 通道          | P1  | 现在只能 CDK                        |
-| 优惠码         | promo_code 表 + CRUD + 校验      | P2  | CDK 已通；优惠码用于折扣                  |
-| 请求日志        | 持久化 + 后台查询 API                | P2  | 目前只有 access log 文件              |
-| 邀请返点        | 首充返点 + 终身分润落账                 | P2  | 表已建，逻辑未串                        |
-| 健康检查 worker | 自动探测账号池 + 解熔断                 | P2  | 现在只有手动                          |
-
-
-### 后台前端（占位页待对接）
-
-
-| 页面                  | 状态               |
-| ------------------- | ---------------- |
-| 用户管理（列表 / 编辑 / 封禁）  | ⏳ 待对接（需上方后端 API） |
-| 充值消费记录              | ⏳ 待对接            |
-| 优惠码                 | ⏳ 待对接            |
-| 兑换码 CDK 列表 + CSV 导出 | ⏳ 待对接（创建已通）      |
-| 系统配置                | ✅ Sprint 9.5 已上线（代理 / OAuth / 完整 KV 视图） |
-| 代理管理                | ✅ Sprint 9.5 已上线（CRUD + 测试 + 全局开关） |
-| 请求日志                | ⏳ 待对接            |
-
-
-### 部署 / 运维
-
-
-| 项目                         | 状态                  |
-| -------------------------- | ------------------- |
-| 自签 / Let's Encrypt 证书脚本    | ⏳ 生产 nginx.conf 已留位 |
-| K8s manifests / Helm chart | ⏳ Sprint 10         |
-| Prometheus + Grafana 接入    | ⏳ Sprint 10         |
-| OpenTelemetry trace 接入     | ⏳ Sprint 10         |
-
-
----
-
-## Sprint 10 · 上线准备
-
-- 性能压测（k6）
-- 安全演练（越权 / 注入 / 限流绕过）
-- 监控 / 告警接入
-- 灰度发布脚本
-- Runbook 演练
-
----
-
-## 决策记录（ADR-Lite）
-
-
-| 编号  | 决策                                                                        | 时间         | 备注                           |
-| --- | ------------------------------------------------------------------------- | ---------- | ---------------------------- |
-| 001 | 默认皮肤采用克莱因蓝 IKB `#002FA7` + 电光蓝 `#1E3DFF` 高光（仅视觉，可换）                       | 2026-04-27 | 替代之前的紫色方案；非项目身份              |
-| 002 | 4 个二进制独立部署                                                                | 2026-04-27 | api/admin/openai/worker 解耦扩缩 |
-| 003 | 端口段 17000-17999；MySQL 13306 / Redis 16379                                 | 2026-04-27 | 避开常用端口                       |
-| 004 | 点数最小单位 0.01，DB int64 *100 存储                                              | 2026-04-27 | 避免浮点精度                       |
-| 005 | 用户 API Key 仅创建时返回明文                                                       | 2026-04-27 | DB 仅存 SHA256+salt+last4      |
-| 006 | provider 不持有 AES，credential 由 GenerationService 解密后注入 Request             | 2026-04-27 | 简化 provider 实现，集中密钥使用        |
-| 007 | provider 默认 `mock`，env `KLEIN_PROVIDER_GPT/GROK=real` 切真实通道               | 2026-04-27 | 本地 / CI 友好，生产显式启用            |
-| 008 | 后台 token 与用户 token 分别落 localStorage（`klein:token` vs `klein:admin:token`） | 2026-04-27 | 同源同浏览器隔离会话                   |
-| 009 | 前端首页对未登录用户开放，生成等关键动作通过 `<LoginGate>` 浮层断点续做                               | 2026-04-27 | 避免「打开就是登录页」的硬墙体验             |
-| 010 | 用户可见品牌名 = `gpt2api`；代码 module/CSS 类（`@kleinai/`*、`klein-*`）保留为内部命名空间      | 2026-04-27 | 把克莱因蓝降级为默认皮肤而非身份             |
-
-
----
-
-## 风险与待办
-
-- ⚠️ Grok 视频接口协议尚未对齐，需要在 Sprint 6 前完成调研，确认是否走第三方代理
-- ⚠️ 支付通道优先支持 微信 + 支付宝；境外支付（Stripe）作为 Sprint 7 末尾扩展
-- ⚠️ 账号池凭证加密密钥的运维流程（KMS / 手动）需在上线前敲定
-
diff --git a/README.md b/README.md
index e447cdf9..e4fc1d73 100644
--- a/README.md
+++ b/README.md
@@ -1,184 +1,920 @@
-# gpt2api / KleinAI
+# gpt2api
 
-> 一个面向 GPT / GROK 账号池的 AIGC 聚合平台，提供图片、文字、视频的一站式生成能力。  
-> 前台面向创作，后台面向运营，开放 OpenAI 兼容接口，方便直接接入现有 SDK。
+> 基于逆向 **chatgpt.com** 的 OpenAI 兼容 SaaS 网关 —— 多账号池 / 代理池 / **IMG2 终稿直出** / **批量出图** / **本地 2K/4K 高清放大** / **高并发调度** / 积分计费 / 管理后台一体化。
 
-## 2.0 是什么
+<p align="center">
+  <a href="https://github.com/432539/gpt2api/stargazers"><img alt="stars" src="https://img.shields.io/github/stars/432539/gpt2api?style=flat-square"></a>
+  <a href="https://github.com/432539/gpt2api/releases"><img alt="release" src="https://img.shields.io/github/v/release/432539/gpt2api?style=flat-square"></a>
+  <a href="https://golang.org/"><img alt="go" src="https://img.shields.io/badge/Go-1.22%2B-00ADD8?style=flat-square&logo=go"></a>
+  <a href="https://vuejs.org/"><img alt="vue" src="https://img.shields.io/badge/Vue-3-4FC08D?style=flat-square&logo=vue.js"></a>
+  <a href="https://github.com/432539/gpt2api/blob/main/LICENSE"><img alt="license" src="https://img.shields.io/badge/License-MIT-green?style=flat-square"></a>
+</p>
 
-`v2.0.0` 不是简单重排界面，而是一次完整的能力升级：
+- **仓库地址**:<https://github.com/432539/gpt2api>
+- **技术交流 QQ 群**:`382446`(入群请注明「gpt2api」)
 
-- 统一文字、图片、视频三条生成链路
-- 统一账号池、代理、刷新、熔断、轮换、用量检测
-- 统一 OpenAI 兼容 API，前端和第三方 SDK 都能直接接
-- 统一后台运营能力：用户、账单、CDK、优惠码、模型价格、请求日志、上游日志
-- 统一部署方式：单机 Docker Compose 可跑，后续可平滑迁移到 K8s
+---
 
-## 界面预览
+## 目录
 
-### 用户创作端
+- [一、项目定位](#一项目定位)
+- [📸 界面预览](#-界面预览)
+- [二、核心特性](#二核心特性)
+- [三、技术栈](#三技术栈)
+- [四、架构概览](#四架构概览)
+- [五、快速开始(Docker 一键部署)](#五快速开始docker-一键部署)
+- [六、配置说明](#六配置说明)
+- [七、API 使用示例](#七api-使用示例)
+- [八、重点能力详解](#八重点能力详解)
+  - [8.1 IMG2 出图](#81-img2-出图)
+  - [8.2 4K / 2K 高清输出(本地 Catmull-Rom 放大)](#82-4k--2k-高清输出本地-catmull-rom-放大)
+  - [8.3 批量出图 / 多张聚合](#83-批量出图--多张聚合)
+  - [8.4 高性能高并发调度](#84-高性能高并发调度)
+- [九、管理后台功能概览](#九管理后台功能概览)
+- [十、目录结构](#十目录结构)
+- [十一、二次开发 / 定制](#十一二次开发--定制)
+- [十二、FAQ](#十二faq)
+- [十三、Roadmap](#十三roadmap)
+- [十四、参与贡献](#十四参与贡献)
+- [十五、免责声明与风险提示](#十五免责声明与风险提示)
+- [十六、License](#十六license)
 
-![gpt2api 用户创作端](docs/ffaa6c7c-ee8b-4a1f-bdcc-df93c8d91abf.png)
+---
 
-### 管理后台
+## 一、项目定位
 
-![gpt2api 管理后台](docs/7f76a99c-1100-4216-970b-624ff135808d.png)
+`gpt2api` 是一个**自建的 ChatGPT → OpenAI 兼容网关**,把 `chatgpt.com` Plus / Team / Codex 账号的能力,以 **完全兼容 OpenAI API** 的形式(`/v1/chat/completions` / `/v1/images/generations`)开放给下游调用方,同时配套一整套 SaaS 运营后台。
 
-## 核心能力
+适合的场景:
 
-- 账号池管理：GPT / GROK 账号批量导入、刷新、检测、熔断、轮换
-- 创作中心：文字对话、文生图、图生图、文生视频、图生视频
-- 异步任务：图片和视频支持任务查询、历史记录、预览、下载
-- OpenAI 兼容 API：
-  - `GET /v1/models`
-  - `POST /v1/chat/completions`
-  - `POST /v1/images/generations`
-  - `POST /v1/images/edits`
-  - `GET /v1/images/generations/:task_id`
-  - `POST /v1/video/generations`
-  - `GET /v1/video/generations/:task_id`
-- 管理后台：仪表盘、Token 管理、代理管理、用户管理、充值消费、优惠码、CDK、系统配置、模型价格、请求日志
-- 运营能力：充值套餐、扣费规则、模型映射、自动刷新、上游日志追踪
-- 部署能力：支持本地开发、单机部署、反向代理、SSL 证书自动更新
+- 你手头有一批 ChatGPT Plus / Team / Codex 账号,想对外提供稳定的 **GPT Image / DALL·E 3 / IMG2 高清大图**服务;
+- 想给公司 / 团队内部开通 OpenAI 风格的代理网关,把所有调用统计、计费、审计集中管理;
+- 想低成本搭一个带积分 / 套餐 / 易支付的 AI API 中台,面向 C 端或 B 端开发者售卖。
 
-## 2.0 设计目标
+> 本项目当前版本**聚焦图片模型**(详见 [8.1 IMG2 出图](#81-img2-出图)、[8.2 4K/2K 高清输出](#82-4k--2k-高清输出本地-catmull-rom-放大) 与 [8.3 批量出图](#83-批量出图--多张聚合))。文字通路(`/v1/chat/completions`)代码层完整保留,但因 `chatgpt.com` 新 sentinel 协议存在短期不稳定因素,UI 入口已在当前版本关闭,恢复只需改一行 feature flag,详见 [十一、二次开发](#十一二次开发--定制)。
 
-1. 前台简洁统一，图片 / 文字 / 视频三个入口标准化
-2. 后台更适合运营，所有配置尽量表单化，不依赖 JSON 手填
-3. 账号与请求逻辑稳定，支持自动重试、换号、熔断、分批刷新
-4. 上游问题可追踪，失败时能看到完整 provider 日志
-5. 部署简单，能在一台 Linux 服务器上直接跑起来
+---
 
-## 技术栈
+## 📸 界面预览
 
-- 后端：Go 1.24 + Gin + GORM + MySQL + Redis
-- 前端：React 18 + Vite + TypeScript + Tailwind
-- 部署：Docker / Docker Compose / Nginx / Caddy
-- 外部依赖：FlareSolverr、代理、对象存储（可选）
+> 截图来自 **在线体验(Playground)** 页 · `gpt-image-2` / `picture_v2`(IMG2 终稿)· `9:16` 比例 · 单次调用一张 prompt 批量出图。
+
+### 在线体验 · 文生图 / 批量出图
 
-## 仓库结构
+<p align="center">
+  <img src="docs/screenshots/playground-batch.png" alt="gpt2api 在线体验 · 文生图 · IMG2 批量出图" width="960">
+</p>
+
+- 左侧:模型选择、画面比例(1:1 / 16:9 / **9:16**)、张数、PROMPT 输入、prompt 预设库;
+- 右侧:**同一个任务聚合返回多张高清终稿**(IMG2 命中时单次 `/f/conversation` 一次性产出 2 张,再配合"张数 N"即可成批扩图);
+- 点击任意一张可进入全屏放大预览 ↓。
+
+### 管理后台 · 单图放大预览
+
+<p align="center">
+  <img src="docs/screenshots/playground-preview.png" alt="gpt2api 管理后台 · 图片全屏预览 · 左侧完整菜单" width="960">
+</p>
+
+- 左侧:**个人中心 / 后台管理** 双分区菜单 —— API Keys、使用记录、账单与充值、在线体验、接口文档、用户管理、GPT 账号池、代理管理、模型配置、用户分组、用量统计、全局 Keys、审计日志、数据备份、系统设置,一个台子全搞定;
+- 中间:全屏放大查看终稿,直接右键"图片另存为"。所有图片 URL 都是内置 `/p/img/:task/:idx` **HMAC 签名代理**,绕过 `chatgpt.com` `estuary/content` 的 403 防盗链。
+
+---
+
+## 二、核心特性
+
+| 分类 | 能力 |
+|------|------|
+| **上游协议** | 完整逆向 `chatgpt.com` `f/conversation` 两步 sentinel(`/prepare` + `/finalize`)、PoW、`conduit_token`、全套 `oai-*` / `Sec-Ch-Ua-*` 指纹头 |
+| **图片生成** | 文生图、**图生图 / 多图参考**、**IMG2 正式版直出**(速度优先,SSE 够数即返回,最长 300s 补齐轮询兜底)、**本地 2K/4K PNG 高清放大**(Catmull-Rom 插值,按需触发 + 进程内 LRU)、轮询 + SSE 直出双通道 |
+| **账号池** | JSON / AT / RT / ST 四种方式批量导入,**自动刷新**、**额度探测**、**风控熔断**、按账号稳定绑定 `oai-device-id` / `oai-session-id` |
+| **代理池** | 支持 HTTP / SOCKS5,健康分自动探测,按账号强绑定代理,避免 IP 指纹混用 |
+| **调度器** | 串行 lease + Redis 分布式锁,`min_interval_sec` 单号最小间隔、`daily_usage_ratio` 日熔断、`cooldown_429_sec` 限速退避 |
+| **OpenAI 兼容** | `/v1/chat/completions`(保留)、`/v1/images/generations`、`/v1/images/edits`、`/v1/images/tasks/:id`、`/v1/models` |
+| **下游 Key** | 独立于用户账号的 `sk-` Key,支持 **RPM / TPM / 日配额 / IP 白名单 / 模型白名单** |
+| **计费** | 积分钱包 + 预扣结算、分组倍率(VIP / 内部 / 渠道)、充值套餐、**易支付(EPay)**接入 |
+| **安全** | AES-256-GCM 加密 AT / cookies、JWT 登录、RBAC 权限、**管理员写操作全链路审计**、高危操作 `X-Admin-Confirm` 二次确认 |
+| **运维** | 数据库一键备份 / 恢复(`mysqldump` + gzip)、上传单文件限额、备份保留策略 |
+| **图片防盗链** | 内置签名代理 `/p/img/:task/:idx`,HMAC 签名 + 过期时间,绕过 `chatgpt.com` `estuary/content` 的 403 |
+| **前端** | Vue 3 + Element Plus 单页控制台,账户池 / 代理池 / 模型 / 用户 / 积分 / 审计 / 备份 / 系统设置全覆盖 |
+
+---
+
+## 三、技术栈
+
+**后端**
+
+- Go 1.22+
+- Gin(HTTP 框架) / sqlx(MySQL 访问) / Viper(配置) / Zap(日志)
+- MySQL 8.0(业务数据 + 审计 + 账变) / Redis 7(分布式锁 / 限流 / 缓存)
+- `refraction-networking/utls`(TLS 指纹,用于规避 `chatgpt.com` JA3 检测)
+- `golang-jwt/jwt` / `golang.org/x/crypto`(鉴权 + 密码学)
+- Goose(数据库迁移)
+
+**前端**
+
+- Vue 3 + Vite 5 + TypeScript 5
+- Element Plus 2.7(组件库)
+- Pinia(状态管理) / `pinia-plugin-persistedstate`
+- Vue Router 4
+- Axios
+
+**部署**
+
+- Docker Compose(MySQL + Redis + server,可选 nginx)
+- 默认单机;水平扩展见 [`deploy/README.md`](deploy/README.md)
+
+---
+
+## 四、架构概览
+
+```mermaid
+flowchart LR
+  subgraph Client["下游调用方"]
+    SDK["OpenAI SDK / curl / 自家业务"]
+  end
+
+  subgraph Gateway["gpt2api Server :8080"]
+    direction TB
+    API["Gin Router<br/>/v1/* · /api/*"]
+    Auth["APIKey / JWT<br/>RPM · TPM · IP 白名单"]
+    Billing["积分预扣<br/>分组倍率"]
+    Scheduler["账号调度器<br/>Redis 锁 · lease · 熔断"]
+    Upstream["ChatGPT Client<br/>utls · sentinel v2 · 多 header 指纹"]
+    ImgProxy["图片签名代理<br/>/p/img/:id/:n"]
+  end
 
-```text
-.
-├── backend/     # Go 后端：API / Admin / OpenAI 兼容 / Worker
-├── frontend/    # 用户前台 + 管理后台
-├── deploy/      # Docker Compose、Nginx、Caddy、环境变量
-├── docs/        # 开发、API、部署、前端规范
-└── README.md
+  subgraph Pool["资源池"]
+    Accounts[("GPT 账号池<br/>AT / RT / ST")]
+    Proxies[("代理池<br/>HTTP / SOCKS5")]
+    Models[("模型配置<br/>对外 slug ⇄ 上游 slug")]
+  end
+
+  subgraph Storage["持久化"]
+    MySQL[(MySQL 8.0<br/>用户 · 账号 · 账变 · 审计)]
+    Redis[(Redis 7<br/>分布式锁 · 限流)]
+  end
+
+  subgraph UpstreamAPI["chatgpt.com"]
+    Sentinel[/chat-requirements prepare + finalize/]
+    FConv[/f/conversation/]
+    Estuary[/estuary/content/]
+  end
+
+  SDK -- "Bearer sk-xxx" --> API
+  API --> Auth --> Billing --> Scheduler
+  Scheduler --> Accounts
+  Scheduler --> Proxies
+  Scheduler --> Models
+  Scheduler --> Upstream
+  Upstream --> Sentinel
+  Upstream --> FConv
+  Upstream --> Estuary
+  Estuary -. "fid / sid" .-> ImgProxy
+  ImgProxy --> SDK
+  Gateway <--> MySQL
+  Gateway <--> Redis
 ```
 
-## 端口说明
+**数据流(一次文生图调用)**:
 
-### 对外端口
+1. 下游 `POST /v1/images/generations` 携带 `Authorization: Bearer sk-xxx`;
+2. Gateway 校验 Key → 查下游限流(RPM/TPM/日配额)→ 预扣积分;
+3. Scheduler 从账号池挑一个 `idle` 且满足 `min_interval_sec` 的账号,拿 Redis 锁建立 lease;
+4. 通过账号绑定的代理,走 `utls` TLS 指纹,按真实 Edge 143 浏览器的 header/payload 访问 `chatgpt.com`;
+5. 两步 sentinel 换 chat-requirements token → `/f/conversation/prepare` 拿 `conduit_token` → SSE 上游生图;
+6. 解析 tool message 拿 `fids` / `sids`,够 N 张立即短路下载,不够再短轮询最多 300s 补齐;
+7. 所有图片 URL 经 HMAC 签名,返回 `https://<your-domain>/p/img/<task>/<idx>?exp=…&sig=…`;
+8. 扣费结算 + 写 usage_logs + 释放 lease + 更新账号状态。
 
-- `17080`：用户前台
-- `17088`：管理后台
-- `17200`：OpenAI 兼容 API
+---
 
-### 本机调试端口
+## 五、快速开始(Docker 一键部署)
 
-- `17180`：用户后端 API
-- `17188`：管理后台 API
-- `17200`：OpenAI 兼容 API
-- `23306`：MySQL
-- `16379`：Redis
-- `18191`：FlareSolverr
+> ⚠️ **本项目的 Dockerfile 是"宿主预编译 + 容器运行"架构**(为规避国内拉 `proxy.golang.org` / npm registry 卡死的问题)。容器内**不做** `go build` / `npm install`,完全依赖宿主机先产出二进制和前端产物。  
+> 因此步骤是:**准备环境 → 克隆仓库 → 本地预编译 → docker compose build + up**。直接 `docker compose up --build` 会报 `deploy/bin/gpt2api: not found`。
 
-## 快速部署
+### 1. 准备环境
 
-下面是推荐的线上部署方式，和当前仓库的 `deploy/docker-compose.server.yml` 对齐。
+**宿主机(打包机)需要安装**:
 
-### 1. 准备环境
+| 软件 | 最低版本 | 用途 |
+|------|---------|------|
+| **Go** | 1.22+ | 交叉编译 `gpt2api` + `goose` 二进制 |
+| **Node.js** | 18+(推荐 20 LTS)| 编译前端 Vite 产物 |
+| **Docker** | 24+ | 构建 + 运行镜像 |
+| **docker compose** | v2 插件 | 启动 mysql / redis / server 编排 |
+| **git** | 任意 | 克隆仓库 |
 
-- 一台 Linux 服务器
-- Docker 和 Docker Compose
-- 1 个域名或 3 个子域名
-- 80 / 443 端口可用
-- MySQL / Redis 空间充足
+> Windows 用户装 Go + Node + Docker Desktop 即可;Linux 服务器一条 `apt install -y golang-go nodejs npm docker.io docker-compose-plugin` 基本够用。  
+> 打包机与运行机**不必是同一台**,`build-local.sh/ps1` 默认交叉编译成 `linux/amd64`,产出拷到服务器上也能直接 `docker compose build` 起。
 
-### 2. 拉取代码
+**运行环境需要**:
+
+- 一个能直连 `chatgpt.com` 的 VPS,或者至少一个可用的 HTTP / SOCKS5 代理;
+- 至少 1 个 ChatGPT Plus / Team / Codex 账号(能导出 AT / RT / ST 或 JSON 会话信息)。
+
+### 2. 克隆仓库
 
 ```bash
 git clone https://github.com/432539/gpt2api.git
 cd gpt2api
 ```
 
-### 3. 配置环境
+### 3. 本地预编译(**必做,容器内不会帮你 build**)
+
+这一步会产出三个东西,镜像 COPY 进去就能直接起:
 
-复制环境变量模板并修改：
+| 产物 | 路径 | 由谁产出 |
+|------|------|---------|
+| 后端二进制(linux/amd64) | `deploy/bin/gpt2api` | `go build ./cmd/server` |
+| 迁移工具(linux/amd64) | `deploy/bin/goose` | `go build github.com/pressly/goose/v3/cmd/goose@v3.20.0` |
+| 前端产物 | `web/dist/` | `cd web && npm install && npm run build` |
+
+仓库已经把**这三步打包到一个脚本**,一条命令搞定:
+
+**Linux / macOS / WSL:**
 
 ```bash
-cp deploy/env/.env.example deploy/env/.env.prod
+bash deploy/build-local.sh
+# 增量:只编译缺失的 goose。第一次会自动 npm install(首次慢,之后秒级)
+# 强制重编译 goose:bash deploy/build-local.sh --force
 ```
 
-重点检查这些项：
+**Windows PowerShell:**
+
+```powershell
+powershell -NoProfile -File deploy\build-local.ps1
+# 强制重编译 goose:powershell -NoProfile -File deploy\build-local.ps1 -Force
+```
 
-- 数据库连接
-- Redis 地址
-- JWT 密钥
-- AES 密钥
-- 域名 / CORS
-- OpenAI / GROK 基础地址
-- 代理与 FlareSolverr 地址
+脚本结束后应当能看到:
 
-### 4. 启动服务
+```text
+[build-local] done. artifacts:
+-rwxr-xr-x ... deploy/bin/gpt2api       ~32M
+-rwxr-xr-x ... deploy/bin/goose         ~34M
+-rw-r--r-- ... web/dist/index.html
+```
+
+> 改完后端代码后**只需重跑 `build-local` 再 `docker compose build server`**;改前端只跑 `npm run build` + `docker compose build server` 即可。  
+> 有同事反馈 `go get` / `npm install` 慢,可以先 `go env -w GOPROXY=https://goproxy.cn,direct` 和 `npm config set registry https://registry.npmmirror.com`。
+
+### 4. 配置 `.env` 与启动容器
 
 ```bash
 cd deploy
-docker compose -f docker-compose.server.yml up -d --build
+cp .env.example .env
+```
+
+**必改** `.env` 中的三项:
+
+```env
+JWT_SECRET=请改成 >=32 位随机串
+CRYPTO_AES_KEY=请改成严格 64 位 hex(32 字节 AES-256)
+MYSQL_ROOT_PASSWORD=你自己的强密码
+MYSQL_PASSWORD=你自己的强密码
 ```
 
-### 5. 检查状态
+生成两个随机值的快捷命令:
 
 ```bash
-docker compose -f docker-compose.server.yml ps
-docker logs -f klein-api-dev
-docker logs -f klein-admin-dev
-docker logs -f klein-openai-dev
-docker logs -f klein-worker-dev
+openssl rand -hex 32   # CRYPTO_AES_KEY(64 位 hex)
+openssl rand -base64 48 | tr -d '=/+' | cut -c1-48   # JWT_SECRET
 ```
 
-### 6. 访问地址
+启动:
+
+```bash
+docker compose build server    # 首次或后端/前端代码有更新后执行
+docker compose up -d
+docker compose logs -f server
+```
+
+启动过程里 `server` 会自动:
+
+1. 等 `mysql` 健康;
+2. 跑 `goose up` 应用全部迁移(用户 / 账号 / 审计 / 备份元数据等十余张表);
+3. 启动 HTTP 服务 `:8080`。
+
+> ### ⚠️ 没有默认账号 / 密码 —— 首位注册者自动成为管理员
+>
+> **本项目 *不* 预置任何"默认管理员账号"或"默认密码"。** 部署起来后请按以下步骤走:
+>
+> 1. 浏览器打开 **`http://<服务器IP>:8080/register`**
+> 2. 用自己的邮箱 + 自设密码完成第一次注册
+> 3. **这第一个账号会自动拿到 `admin` 角色**(见 `internal/auth/service.go` 的 `Register` Bootstrap 规则)
+> 4. 之后再注册的账号都是普通用户
+> 5. 首位 admin 登录后,强烈建议去**管理后台 → 系统设置**把"允许开放注册"关掉,避免被陌生人占用
+>
+> 如果你在网上看到"Admin123456" / "admin@smoke.test" 这类字样,那是 `scripts/smoke.mjs` 冒烟测试脚本自己创建测试账号时用的参数,**与部署默认凭证无关**。
 
-- 用户前台：`http(s)://你的域名:17080`
-- 管理后台：`http(s)://你的域名:17088`
-- OpenAI 兼容 API：`http(s)://你的域名:17200/v1`
+### 5. 首次登录
 
-## 生产建议
+- 前端站点地址:`http://<服务器IP>:8080/`
+- 按上面的 ⚠️ 框完成首位 admin 注册即可登录。
+- 忘记管理员密码、或需要把某个普通用户提权为 admin,见「FAQ · 管理员密码找回 / 提权」。
 
-- 前台、后台、API 分域名部署更清晰
-- 管理后台建议限制来源 IP
-- OpenAI 兼容接口建议走独立域名
-- 80 / 443 端口建议由 Caddy 或 Nginx 统一接管 SSL
-- 图片和视频素材建议落 OSS 或本地缓存，避免直接暴露上游地址
+### 6. 日常更新流程速查
 
-## 开发方式
+| 场景 | 命令 |
+|------|------|
+| **仅改了前端** | `cd web && npm run build` → `cd ../deploy && docker compose build server && docker compose up -d server` |
+| **仅改了后端** | `bash deploy/build-local.sh`(前端 `npm run build` 无代价也会重跑)→ `cd deploy && docker compose build server && docker compose up -d server` |
+| **拉 main 新版** | `git pull` → `bash deploy/build-local.sh` → `docker compose build server && docker compose up -d server` |
+| **只重启不重建** | `docker compose restart server` |
+| **想回滚上一版** | `docker compose down server` → 恢复 `deploy/bin/gpt2api` + `web/dist` 备份 → `docker compose build server && docker compose up -d server` |
+
+### 7. 五分钟跑通第一次生图
+
+1. **管理后台 → 代理管理** → 新建一个代理(或批量导入),确认健康分为绿色;
+2. **管理后台 → GPT账号** → 批量导入 JSON / AT / RT / ST,绑定上一步的代理;
+3. **管理后台 → 模型配置** → 确认有 `gpt-image-2` 等图像模型且已启用;
+4. **管理后台 → 用户管理** → 给自己(或业务账号)加点积分;
+5. **个人中心 → 在线体验** → 文生图 tab → 输入 prompt → 点生成;
+6. 观察 `docker compose logs -f server` 里 `image runner` 系列日志,看到 `image runner result summary refs=[...] signed_count=N` 就是成功出图。
+
+---
+
+## 六、配置说明
+
+**核心配置文件:`configs/config.yaml`**(Docker 部署时通过环境变量 `GPT2API_*` 覆盖)。完整字段见 [`configs/config.example.yaml`](configs/config.example.yaml)。
+
+| 段落 | 关键字段 | 说明 |
+|------|---------|------|
+| `app` | `listen`, `base_url` | HTTP 监听地址 / 对外 base URL(签名图片代理用) |
+| `mysql` | `dsn`, `max_open_conns` | MySQL 连接,生产推荐 500 + |
+| `redis` | `addr`, `pool_size` | Redis,生产推荐 pool=500(锁 / 限流 / 令牌桶) |
+| `jwt` | `secret`, `*_ttl_sec` | **生产必须覆盖** `secret` |
+| `crypto` | `aes_key` | **生产必须覆盖**,32 字节 hex,用于加密账号 AT / cookies |
+| `scheduler` | `min_interval_sec` | **单账号最小间隔秒**,对抗风控核心参数 |
+| `scheduler` | `daily_usage_ratio` | 单号日消耗熔断阈值(0~1,0.6 = 消耗超过日额度 60% 自动下线) |
+| `scheduler` | `cooldown_429_sec` | 连续 429 冷却时间 |
+| `upstream` | `request_timeout_sec` | 上游 chatgpt.com 请求超时(图片建议 60+) |
+| `upstream` | `sse_read_timeout_sec` | SSE 读超时,批量出图场景建议 300+ |
+| `epay` | `gateway_url`, `pid`, `key` | 易支付网关,用于积分充值 |
+
+**环境变量覆盖规则**:任何 `configs/config.yaml` 字段都可以用 `GPT2API_XXX_YYY` 覆盖。例如 `app.listen` → `GPT2API_APP_LISTEN`。
+
+---
+
+## 七、API 使用示例
+
+> 所有 API 完全兼容 OpenAI 官方 SDK,把 `base_url` 换成你的部署地址即可。
+
+### 7.1 生图(同步,单张)
 
 ```bash
-cd deploy
-docker compose -f docker-compose.dev-full.yml up -d --build
+curl https://your-domain.com/v1/images/generations \
+  -H "Authorization: Bearer sk-xxx" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gpt-image-2",
+    "prompt": "a cute orange cat playing with yarn, studio ghibli style",
+    "n": 1,
+    "size": "1024x1024"
+  }'
+```
+
+**返回**(已经是 HMAC 签名的图片代理地址,可直接 `<img src>` 嵌入):
+
+```json
+{
+  "created": 1776582860,
+  "data": [
+    {
+      "url": "https://your-domain.com/p/img/img_2631ffad.../0?exp=...&sig=..."
+    }
+  ]
+}
+```
+
+**可选:本地 2K / 4K 高清放大** —— 在 body 里加 `"upscale": "2k"` 或 `"upscale": "4k"`,后端会在图片代理 URL 首次被请求时对原图做 Catmull-Rom 插值放大并以 PNG 返回(长边 2560 / 3840 等比缩)。算法本地执行,不调用任何外部服务;首次 ~0.5~1.5s,之后进程内 LRU 毫秒级命中。**请注意这是传统插值算法,不是 AI 超分**,不会补出新纹理。详见 [8.2 4K / 2K 高清输出](#82-4k--2k-高清输出本地-catmull-rom-放大)。
+
+### 7.2 图生图 / 多图参考(项目扩展字段)
+
+```bash
+curl https://your-domain.com/v1/images/generations \
+  -H "Authorization: Bearer sk-xxx" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gpt-image-2",
+    "prompt": "将这两张图合成为赛博朋克风格的海报",
+    "n": 2,
+    "size": "1792x1024",
+    "reference_images": [
+      "https://example.com/ref1.jpg",
+      "data:image/png;base64,iVBORw0KG..."
+    ]
+  }'
+```
+
+### 7.3 Python(OpenAI SDK)
+
+```python
+from openai import OpenAI
+
+client = OpenAI(
+    base_url="https://your-domain.com/v1",
+    api_key="sk-xxx",
+)
+
+resp = client.images.generate(
+    model="gpt-image-2",
+    prompt="cyberpunk alley in the rain, cinematic lighting",
+    n=2,
+    size="1792x1024",
+)
+for img in resp.data:
+    print(img.url)
+```
+
+### 7.4 异步(适合慢 prompt / 批量场景)
+
+```bash
+# 提交任务
+curl -X POST https://your-domain.com/v1/images/generations \
+  -H "Authorization: Bearer sk-xxx" \
+  -H "Content-Type: application/json" \
+  -d '{"model":"gpt-image-2","prompt":"...", "async":true}'
+# 返回 {"task_id":"img_xxx","status":"queued"}
+
+# 轮询结果
+curl https://your-domain.com/v1/images/tasks/img_xxx \
+  -H "Authorization: Bearer sk-xxx"
 ```
 
-本地开发时，前后端都可以单独启动，也可以只拉起 MySQL / Redis。
+---
+
+## 八、重点能力详解
+
+### 8.1 IMG2 出图
+
+`chatgpt.com` 的 **IMG2 管线已正式上线**:Plus / Team 账号单次调用可返回 1~2 张高清图,体感就是**出图更快、画质更好**。`gpt2api` 的生图链路已全面对齐正式版协议,不再做"灰度命中判定 / preview_only 重试"这类节流:
+
+- **速度优先**:SSE 里出现 `file-service` / `sediment` 引用立即下载,**不等齐 N 张**;
+- **单轮单账号**:一次 `f/conversation` SSE 之后最多再短轮询 300 秒补齐(per-attempt 总上限 6 分钟,外层 handler 上限 7 分钟),超时仍有 ≥ 1 张也按成功返回;
+- **硬错误才切账号**:只有 `rate_limited` / `no_available_account` / `auth_required` 才会触发一次跨账号重试,其他错误直接暴露给调用方便于排障。
+
+#### 如何判断本次成功出图?
+
+`gpt2api` 在图片生成的每一个关键节点都打了结构化日志,观察 `docker compose logs -f server` 中的 `image runner` 系列:
+
+```text
+image runner SSE parsed                  sse_fids=[file_xxx,file_yyy] finish_type=stop image_gen_task_id=...
+image runner enough refs from SSE, skip polling   # SSE 阶段已够数,0 次轮询
+image runner poll done                   poll_status=success poll_fids=[file_xxx]
+image runner result summary              refs=[...] signed_count=2
+```
+
+如果 Poll 超时(默认 300 秒内没拿到任何图),会直接落到 `poll_timeout`,不再悄悄换账号重试。
+
+#### 数据库里复盘
+
+每张图片都会被持久化到 `image_tasks` 表,带上 `account_id` / `status` / `image_urls`:
+
+```sql
+SELECT
+  account_id,
+  COUNT(*)                                AS total,
+  SUM(status = 'success')                 AS success,
+  ROUND(SUM(status = 'success') * 100 / COUNT(*), 2) AS success_rate_pct,
+  ROUND(AVG(JSON_LENGTH(image_urls)), 2)  AS avg_imgs_per_task
+FROM image_tasks
+WHERE created_at > NOW() - INTERVAL 1 DAY
+GROUP BY account_id
+ORDER BY success_rate_pct DESC;
+```
+
+### 8.2 4K / 2K 高清输出(本地 Catmull-Rom 放大)
+
+`chatgpt.com` 原生只提供 `1024×1024` / `1792×1024` / `1024×1792` 三档原图。面板 / API 都支持一个扩展字段 `upscale`,在**拿到原图后**由网关在本地把画面放大到 2K / 4K 后以 PNG 返回。
+
+#### 档位与尺寸
+
+| `upscale` | 长边 | 举例(原 1024×1024) | 举例(原 1792×1024) |
+|-----------|------|---------------------|---------------------|
+| `""`(默认) | 原图 | 1024×1024 | 1792×1024 |
+| `"2k"` | 2560 | 2560×2560 | 2560×1463 |
+| `"4k"` | 3840 | 3840×3840 | 3840×2194 |
+
+短边按原比例等比缩,不做裁切;**若原图长边已经 ≥ 目标,直接透传原字节**(避免重复有损编码)。
+
+#### 工作原理
+
+1. 生图时 `upscale` 只写进 `image_tasks.upscale`,**不改变**与上游 `chatgpt.com` 的交互,也不影响生图速度;
+2. 图片代理 URL `/p/img/:task_id/:idx` 被请求时,后端按 `task.upscale` 决定是否放大:
+   - 查进程内 **LRU 缓存**(默认 512MB,约 50 张 4K PNG);
+   - 未命中 → 拉原图 → `image.Decode` → `golang.org/x/image/draw.CatmullRom` → `png.Encode`(BestSpeed) → 写入 LRU;
+   - 命中 → 毫秒级直接返回字节。
+3. 放大计算有**并发信号量**限制(默认 `NumCPU`),避免 4K 请求风暴把 CPU 打满影响主生图链路;
+4. 放大失败自动**回落到原图**,不给用户白屏。
+
+响应头 `X-Upscale` 便于排障:
+
+```text
+X-Upscale: 4k;cache=miss   # 首次放大
+X-Upscale: 4k;cache=hit    # 命中缓存
+X-Upscale: 4k;noop         # 原图长边已足够大,未重新编码
+X-Upscale: 4k;err          # 放大失败,已回落到原图
+```
+
+#### API 调用
+
+```bash
+curl https://your-domain.com/v1/images/generations \
+  -H "Authorization: Bearer sk-xxx" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gpt-image-2",
+    "prompt": "a futuristic city at dusk, cinematic light",
+    "n": 1,
+    "size": "1792x1024",
+    "upscale": "4k"
+  }'
+```
+
+`/v1/images/edits`(multipart/form-data)同样支持 `upscale` 字段。
+
+#### 面板操作
+
+**个人中心 → 在线体验 → 文生图 / 图生图**,左侧表单新增「**输出尺寸**」单选:原图 / 2K 高清 / 4K 高清,默认原图。切换后重新生成的图代理 URL 会自动走对应放大档位。
+
+#### 取舍与注意事项
+
+- **不是 AI 超分**:Catmull-Rom 是传统双三次插值,只会把画面变"更大、更平滑",不会补出新的毛发、纹理、细节。对"原图本身细节不足"的画面,4K 的视觉收益有限;
+- **4K 文件较大**:单张 4K PNG 通常 5~15MB。首屏仅加载 1~2 张没问题,大批量下载请考虑改调 `"2k"` 或直接用原图;
+- **原图 1792 → 4K 仅 2.14x**;而方形 1024 → 4K 是 3.75x,**方形档位的视觉"放大感"最强**,效果差异也最明显;
+- 若需要真正的"补细节"效果,请接入 Real-ESRGAN / SwinIR 等 AI 超分模型,那是另一个工程量级(需要模型权重 + GPU / ONNX Runtime),不在当前项目范围。
+
+### 8.3 批量出图 / 多张聚合
+
+`gpt2api` 支持三种"批量"场景:
+
+| 场景 | 调用方式 | 实际并发 |
+|------|---------|---------|
+| **单请求 N 张** | `{"n": 4}` | 1 个账号跑 1 个会话,**IMG2 命中时会把 2 张放到同一 tool message,框架自动聚合到 `image_urls`** |
+| **多请求并发** | SDK 线程池同时发 K 个请求 | K 个账号 lease 并行,受限于账号池数 × `min_interval_sec` |
+| **纯异步任务池** | `{"async": true}` 提交 + 轮询 | 后端 Worker 池消费,适合 1000+ 条 prompt 的大批量场景 |
+
+**单请求多张(`n`)**:IMG2 终稿通道下,`n=2` 通常一次就到位;`n>2` 会被框架拆成多轮 follow-up 请求在**同一会话**里完成,共享一个 account lease,避免占用多个账号。
+
+**多请求并发(脚本示例)**:
+
+```python
+import concurrent.futures
+from openai import OpenAI
+
+client = OpenAI(base_url="https://your-domain.com/v1", api_key="sk-xxx")
+
+prompts = ["..." for _ in range(100)]   # 100 条 prompt
+
+def one(p):
+    return client.images.generate(model="gpt-image-2", prompt=p, n=1, size="1024x1024")
+
+with concurrent.futures.ThreadPoolExecutor(max_workers=32) as ex:
+    for r in ex.map(one, prompts):
+        print(r.data[0].url)
+```
+
+**账号池够大时,脚本端只需控制 `max_workers`,后端会自动按 `min_interval_sec` 给每个账号排队**,不会因为并发撞风控。
+
+### 8.4 高性能高并发调度
+
+#### 并发目标
+
+| 场景 | 典型配置 | 能力 |
+|------|---------|------|
+| 图片生成(IMG2,账号池 100+) | `min_interval_sec=60` | **单机 >= 1000 并发图**(受账号池规模线性缩放) |
+| 文字 SSE(沉睡中,见第一节) | `min_interval_sec=30` | 单机 >= 2000 并发 SSE |
+| 下游 RPM/TPM 限流 | Redis 令牌桶 | 单 Key 5000 RPM 无压力 |
+
+#### 调度核心参数(`configs/config.yaml → scheduler`)
+
+```yaml
+scheduler:
+  min_interval_sec: 60          # 单账号最小间隔秒(对抗同号高频 → 429)
+  daily_usage_ratio: 0.6        # 单号日配额消耗超过 60% 自动熔断下线
+  lock_ttl_sec: 1200            # Redis 账号锁 TTL,lease 超时自动释放
+  cooldown_429_sec: 600         # 连续 429 时该账号冷却时间
+  warned_pause_hours: 24        # 收到"警告页"后的账号强制停用时长
+```
+
+#### 为什么能稳住高并发?
+
+1. **串行 lease + Redis 锁**:每个账号同一时刻只有 1 个请求在飞,`min_interval_sec` 保证两次请求之间的最小间隔,风控曲线平滑;
+2. **代理强绑定**:每个账号锁死一个代理,IP 指纹不混用,触发风控的只是个别账号,其它账号不受牵连;
+3. **熔断自恢复**:账号消耗到阈值 / 收到 429 / 拿到警告页,自动进入冷却,冷却结束自动复活,无需人工干预;
+4. **横向扩展**:`docker compose up --scale server=3` 即可多副本;Redis 锁天然跨节点,MySQL + backups 卷共享即可;
+5. **观测友好**:`usage_logs` + `image_tasks` 两张表足以做任意维度(账号 / 用户 / 模型 / 时段)的下钻分析;后台「用量统计」已内置可视化。
+
+#### 压测建议
+
+- 用 `vegeta` / `wrk2` 对 `/v1/images/generations` 做恒定 QPS 压测,观察 `usage_logs.status` 分布;
+- 对比调节 `min_interval_sec` 在 `30 / 60 / 90` 的成功率曲线,每批至少 500 样本;
+- Redis `pool_size` 和 MySQL `max_open_conns` 生产都推荐至少 500,否则会成为瓶颈。
+
+---
+
+## 九、管理后台功能概览
+
+| 页面 | 路径 | 核心能力 |
+|------|------|---------|
+| 个人总览 | `/personal/dashboard` | 积分余额、14 天请求趋势、热门模型、最近请求/账变 |
+| 在线体验 | `/personal/play` | 浏览器内 Playground,文生图 / 图生图,实时扣费 |
+| 接口文档 | `/personal/docs` | curl / Python SDK 代码片段、历史任务列表 |
+| API Keys | `/personal/keys` | 创建 / 禁用 / 限流 Key |
+| 使用记录 | `/personal/usage` | 本人的请求日志 / 积分流水 |
+| 账单与充值 | `/personal/billing` | 套餐购买、易支付下单 |
+| 用户管理 | `/admin/users` | 用户 CRUD、角色、状态、分组 |
+| 积分管理 | `/admin/credits` | 手动调账、账变流水 |
+| 充值订单 | `/admin/recharges` | 充值流水、套餐管理 |
+| GPT 账号池 | `/admin/accounts` | JSON / AT / RT / ST 批量导入、刷新、探测、熔断 |
+| 代理管理 | `/admin/proxies` | HTTP / SOCKS5、健康分探测 |
+| 模型配置 | `/admin/models` | 对外 slug → 上游 slug 映射、每张图 / 每 1M token 计费 |
+| 用户分组 | `/admin/groups` | 分组倍率(VIP / 内部 / 渠道) |
+| 全局 Keys | `/admin/keys` | 跨用户管控所有下游 Key |
+| 用量统计 | `/admin/usage` | 全站成功率 / Token / 积分收入 |
+| 审计日志 | `/admin/audit` | 管理员所有写操作自动落审计 |
+| 数据备份 | `/admin/backup` | `mysqldump` 一键备份 / 恢复 |
+| 系统设置 | `/admin/settings` | 站点名 / 邮件 / 易支付 / 网关调度参数 |
+
+---
+
+## 十、目录结构
+
+```text
+gpt2api/
+├── cmd/server/                 # 主入口
+├── configs/                    # 配置示例
+├── deploy/                     # Docker / compose / entrypoint / nginx
+├── docs/                       # 补充文档
+├── internal/                   # 后端核心(所有业务代码,Go 风格私有包)
+│   ├── account/                  # 账号池:导入 / 刷新 / 探测 / DAO
+│   ├── apikey/                   # 下游 Key
+│   ├── audit/                    # 审计日志中间件
+│   ├── auth/                     # 登录 / JWT
+│   ├── backup/                   # 数据库备份 / 恢复
+│   ├── billing/                  # 积分预扣 / 结算
+│   ├── gateway/                  # OpenAI 兼容入口(chat / images / images_proxy)
+│   ├── image/                    # 图片任务 Runner / 异步任务 / DAO
+│   ├── middleware/               # CORS / JWT / Recover / RequestID / RateLimit
+│   ├── model/                    # 模型配置(slug 映射 + 价格)
+│   ├── proxy/                    # 代理池 + 健康分探测
+│   ├── ratelimit/                # Redis 令牌桶
+│   ├── rbac/                     # 权限常量
+│   ├── recharge/                 # 充值 / 套餐 / EPay 对接
+│   ├── scheduler/                # 账号调度器(核心)
+│   ├── server/                   # Router 装配
+│   ├── settings/                 # 动态系统设置
+│   ├── upstream/chatgpt/         # ChatGPT 逆向客户端(sentinel / fchat / image / pow / headers)
+│   ├── usage/                    # 请求日志 / 统计
+│   └── user/                     # 用户模块
+├── pkg/                        # 可被外部复用的纯工具包
+├── sql/migrations/             # Goose 迁移
+├── web/                        # 前端 Vue 3 源码
+│   ├── src/
+│   │   ├── api/                  # axios 封装
+│   │   ├── config/               # feature flag(含 ENABLE_CHAT_MODEL)
+│   │   ├── stores/               # pinia
+│   │   ├── views/personal/       # 用户侧页面
+│   │   ├── views/admin/          # 管理员页面
+│   │   └── router/
+│   └── dist/                     # 构建产物(Dockerfile 会 COPY 进镜像)
+├── API_NOTES.md                # chatgpt.com 逆向接口备忘
+├── RISK_AND_SAAS.md            # 风控 / 防封号原则
+└── README.md                   # 当前文档
+```
+
+---
+
+## 十一、二次开发 / 定制
+
+### 后端
+
+```bash
+# 本机拉依赖
+go mod tidy
+# 跑迁移(先启 MySQL)
+make migrate-up
+# 本地热跑
+make run
+```
+
+加一个新的后端接口:
+
+1. `internal/xxx/handler.go` 加方法;
+2. `internal/server/router.go` 注册路由;
+3. 如果是写操作,配合 `audit.Middleware` 自动写审计。
+
+### 前端
+
+```bash
+cd web
+npm install
+npm run dev          # http://localhost:5173,自动代理到 :8080
+npm run build        # 构建到 web/dist/,供后端 SPA 路由挂载
+```
+
+**恢复文字模型 UI**(当前版本默认关闭):
+
+```ts
+// web/src/config/feature.ts
+export const ENABLE_CHAT_MODEL = true    // ← 改这里,重新 build
+```
+
+所有涉及文字入口的页面(在线体验 / 接口文档 / 用量统计 / 模型配置 …)会自动重新出现。
+
+### 自定义模型 slug 映射
+
+chatgpt.com 的实际上游 slug 会随账号等级微调(例如 Plus 用 `gpt-5-3`,免费用 `gpt-5`),映射表集中在 `internal/gateway/chat.go` 的 `mapUpstreamModelSlug`。图片模型的映射在 `admin/Models.vue` 的「模型配置」页面里可视化编辑。
+
+---
+
+## 十二、FAQ
+
+<details>
+<summary><b>Q1. 为什么要强制绑定代理?</b></summary>
+
+`chatgpt.com` 对 IP × 账号 × TLS 指纹 × 设备指纹做联合风控。同一个出口 IP 跑多个账号,会被识别为同一批"多开"用户,整批被封。每个账号锁死一个代理是目前最稳的防封号方案。
+</details>
+
+<details>
+<summary><b>Q2. 出图偶尔 poll_timeout 怎么办?</b></summary>
+
+IMG2 正式上线后,`gpt2api` 默认 SSE 解析完成后最多短轮询 **300 秒**补齐图片(per-attempt 硬上限 6 分钟,handler 硬上限 7 分钟)。如果依然没拿到任何 `file-service` / `sediment` 引用,会直接抛 `poll_timeout` 给调用方,**不会再悄悄换账号重试**(那样只会吞掉用户时间)。常见处理:
+
+1. 在「管理后台 → GPT账号」对该账号做「全部探测」,确认代理 / 账号本身可用;
+2. 把长期 `poll_timeout` 的账号绑定到更快的代理,或移出主力池;
+3. 如果想在网关层面做"失败切账号"的托底重试,自行在客户端实现即可——这符合"出错就让上层看到"的设计原则。
+</details>
+
+<details>
+<summary><b>Q3. 文字模型为什么默认关闭?</b></summary>
+
+`chatgpt.com` 新 sentinel(`/prepare` + `/finalize`)对文字通路引入了 Turnstile 挑战,项目已实现完整的两步 sentinel + conduit token + 全套 header 指纹,但 Turnstile 本身需要外部 solver 才能稳定返回 `turnstile` 字段。当前版本默认走**单步回退**,适合图片(图片通路容忍度高),对文字则存在静默拒绝。接入 Turnstile solver 后把 `ENABLE_CHAT_MODEL` 改回 `true` 即可恢复。
+</details>
+
+<details>
+<summary><b>Q4. 部署后图片 403 / 图片刷不出来?</b></summary>
+
+`chatgpt.com` 的 `estuary/content` 图片 CDN 有防盗链。本项目已内置带 HMAC 签名的图片代理(`/p/img/...`),所有返回给下游的 `image_urls` 都已经是**代理后的签名 URL**。如果你仍然拿到了 `chatgpt.com` 原始 URL,说明是老版本,拉取 main 分支重建即可。
+</details>
+
+<details>
+<summary><b>Q5. MySQL / Redis 能用公有云托管吗?</b></summary>
+
+可以。修改 `.env` / `configs/config.yaml` 的 DSN 与 `redis.addr` 即可。Redis 建议至少 Redis 7,且开启 AOF;MySQL 建议 8.0+,`max_connections >= 500`。
+</details>
+
+<details>
+<summary><b>Q6. 如何横向扩展到多节点?</b></summary>
+
+`docker compose up -d --scale server=3` + 前面挂 Nginx / Traefik 做 L7。Redis 分布式锁天然支持多副本;MySQL 和 JWT / AES 密钥统一即可;`backups` 卷改成共享存储(NFS / S3 fuse)。详见 [`deploy/README.md`](deploy/README.md#单节点-vs-多节点)。
+</details>
+
+<details>
+<summary><b>Q7. 支持 ChatGPT Codex / GPT-5 / Claude / Gemini 吗?</b></summary>
+
+当前聚焦 `chatgpt.com` 逆向(涵盖 GPT-5 / GPT-5-3 / gpt-image-2 / Codex 等)。Claude / Gemini 需要接入各自原生 API 或其对应的逆向客户端,不在当前仓库范围内。
+</details>
+
+<details>
+<summary><b>Q8. 管理员密码找回 / 把某个普通用户提权为 admin?</b></summary>
+
+本项目没有内置默认 admin 账号(见「5. 首次登录」的 Bootstrap 说明),忘记密码时有两种救急手段:
+
+**① 提权已有用户为 admin**(前提:你记得该账号的密码)
+
+```bash
+# 替换成你的 MySQL 容器名 / 用户名 / 密码 / 目标邮箱
+docker exec -e MYSQL_PWD='<your_mysql_password>' gpt2api-mysql \
+  mysql -ugpt2api gpt2api \
+  -e "UPDATE users SET role='admin' WHERE email='you@example.com';"
+```
+
+**② 重置某个用户的密码为已知明文**
+
+项目用 `golang.org/x/crypto/bcrypt`(cost=10)保存密码哈希,重置流程:
+
+```bash
+# 1) 在任意一台装了 Go 的机器上,用下面这段一次性小脚本把明文转成 bcrypt hash
+cd /tmp && mkdir bcgen && cd bcgen && go mod init bcgen \
+  && go get golang.org/x/crypto/bcrypt
+cat > main.go <<'EOF'
+package main
+import ("fmt"; "os"; "golang.org/x/crypto/bcrypt")
+func main() {
+  h, _ := bcrypt.GenerateFromPassword([]byte(os.Args[1]), 10)
+  fmt.Println(string(h))
+}
+EOF
+go run . 'MyNewPassword@123'
+# 输出例如:$2a$10$ljpcvSGUybg8vN4Bd3zjBu1YlQipf/gkeWMOflGUvw7EoTfM4/t.i
+
+# 2) 把这个 hash 写进 users.password_hash(整行原样粘贴,带 $2a$...)
+docker exec -e MYSQL_PWD='<your_mysql_password>' gpt2api-mysql \
+  mysql -ugpt2api gpt2api -e "UPDATE users \
+    SET password_hash='\$2a\$10\$ljpcvSGUybg8vN4Bd3zjBu1YlQipf/gkeWMOflGUvw7EoTfM4/t.i' \
+    WHERE email='you@example.com';"
+
+# 3) 用新密码 MyNewPassword@123 登录即可。
+```
+
+bcrypt 同明文每次生成的 hash 不同都能互相校验,上面的 hash 字符串**只能对应明文 `MyNewPassword@123`**,换明文必须重跑 Step 1。
+</details>
+
+<details>
+<summary><b>Q9. 4K 出图看着像"糊了放大",没有更多细节?</b></summary>
+
+这是预期行为。`gpt2api` 的 4K / 2K 是**本地 Catmull-Rom 插值放大**,属于传统算法:只会让图像尺寸变大、边缘更平滑,**不会像 AI 超分那样补出新的纹理 / 毛发 / 发丝细节**。适合的场景:
+
+- 打印 / 海报 / 大屏展示,需要物理像素够大;
+- 原图已经细节充分(例如 `1792×1024` 的复杂场景),仅仅是想铺满 4K 显示器;
+- 不想引入额外的 GPU / 超分模型推理成本。
+
+如果你确实需要"补细节",请自行接入 Real-ESRGAN / SwinIR / GFPGAN 等 AI 超分模型(通常需要 GPU 或 ONNX Runtime),或等待后续 Roadmap 里的 M14。详细原理见 [8.2 4K / 2K 高清输出](#82-4k--2k-高清输出本地-catmull-rom-放大)。
+</details>
+
+<details>
+<summary><b>Q10. GPT 账号池批量删除后再导入报 <code>Error 1062 Duplicate entry xxx for key 'oai_accounts.uk_email'</code>?</b></summary>
+
+这是 **v0.x 初期 schema 的遗留 bug**,已在迁移 `20260423000004_accounts_uk_email_soft_delete_aware.sql` 修复。升级后重导不再冲突,无需手工清理。
+
+**为什么会冲突?** `oai_accounts` 的删除是软删除(只置 `deleted_at`,不真删行),方便审计回溯;但初始 schema 对 `email` 建的是**纯列**唯一索引 `uk_email`,没考虑"软删应当释放 email 槽位"。结果软删后那个 email 仍占着唯一键,再导入同 email 立刻 1062。
+
+**修复做法**:MySQL 原生不支持 Postgres 那种 `CREATE UNIQUE INDEX ... WHERE deleted_at IS NULL` 的部分索引,所以引入一个 STORED 生成列:
+
+```sql
+active_email = CASE WHEN deleted_at IS NULL THEN email ELSE NULL END
+UNIQUE KEY uk_active_email (active_email)
+```
+
+MySQL 的唯一索引允许多个 NULL 共存:活行 `active_email = email` → 唯一性生效;软删行 `active_email = NULL` → 互不冲突,也不和活行冲突。再导入同 email 完全放行。
+
+**升级步骤**:`git pull` → `docker compose build server` → `docker compose up -d`,容器内 goose 会自动跑这条迁移。老库那些被软删卡住的行**迁移生效后自动"让位"**,不需要你手工 `UPDATE` 或 `DELETE` 清理。
+</details>
+
+---
+
+## 十三、Roadmap
+
+- [x] M1 骨架:配置 / 迁移 / 鉴权 / RBAC
+- [x] M2 账号池 + 调度器
+- [x] M3 生图 runner + IMG2 支持
+- [x] M4 下游 Key 全特性(RPM/TPM/IP/模型白名单)
+- [x] M5 积分钱包 + 易支付充值
+- [x] M6 管理后台(Vue 3)
+- [x] M7 风控熔断 + 图片签名代理
+- [x] M8 IMG2 终稿直出 + 多图聚合
+- [x] M9 本地 2K/4K 高清放大(Catmull-Rom + LRU 缓存)
+- [ ] M10 Turnstile solver 接入 → 恢复文字通路
+- [ ] M11 图片任务大批量 Worker 池
+- [ ] M12 账号分组(按出图成功率 / 地区分配)
+- [ ] M13 Prometheus 指标 + Grafana 大盘
+- [ ] M14 对接 Real-ESRGAN 等 AI 超分作为 4K 放大的可选后端
+
+---
+
+## 十四、参与贡献
+
+欢迎 PR / Issue。提交前请:
+
+1. `go vet ./... && go test ./...` 全绿;
+2. `cd web && npm run build` 能通过;
+3. Commit 用中文或英文均可,但请**明确写清楚动机**(是 fix 还是 feature,涉及哪个模块);
+4. 涉及上游协议改动的 PR,请在 PR 描述里附上 HAR / curl 证据,不凭感觉改指纹。
+
+**代码规范**:
+
+- Go:标准 `gofmt`,包名小写;业务代码放 `internal/`,纯工具放 `pkg/`;
+- Vue / TS:`vue-tsc --noEmit` 必须通过;文件名 PascalCase,组件 `<script setup lang="ts">`。
+
+---
+
+## 十五、免责声明与风险提示
+
+> 本项目仅用于**技术学习与研究**。使用者应自行承担以下风险并遵守当地法律法规:
+
+1. **账号封禁风险**:逆向 `chatgpt.com` 违反 OpenAI ToS,账号可能被限制 / 封禁,项目不对任何账号损失负责;
+2. **法律合规风险**:在某些司法辖区绕过服务商地理限制 / 二次售卖 API 服务可能触犯相关法律,请使用者自行评估;
+3. **上游变更风险**:chatgpt.com 协议随时可能调整,本项目无法保证 100% 可用,遇到问题请及时升级或通过 QQ 群反馈;
+4. **数据安全**:生产环境务必修改默认密钥、开启 HTTPS、定期备份、限制后台 IP 访问;
+5. **禁止用途**:禁止用于生成违法、暴力、色情、未成年人相关内容或以此从事诈骗 / 欺诈活动。
 
-## 文档
+作者不保证项目适合任何特定用途,也不对任何直接或间接损失负责。**使用即视为同意本免责条款。**
 
-- [开发规范](docs/01-开发规范-总览.md)
-- [后端规范](docs/02-后端规范.md)
-- [数据库设计](docs/03-数据库设计.md)
-- [API 规范](docs/04-API规范.md)
-- [前端规范](docs/05-前端规范.md)
-- [部署与运维规范](docs/06-部署与运维规范.md)
+---
 
-## 开源地址
+## 十六、License
 
-- [https://github.com/432539/gpt2api](https://github.com/432539/gpt2api)
+[MIT](LICENSE) © 2026 gpt2api contributors.
 
-## 版本与历史
+---
 
-- 当前默认版本：`v2.0.0`
-- `v1.0.x` 保留为历史稳定版本，可通过 Git tag / 分支继续查看
-- 后续发布建议采用 `v2.0.x` 继续演进，避免覆盖旧版说明
+## 技术交流
 
-## Stars
+- **QQ 群**:`382446`(入群请注明「gpt2api」/「github」)
+- **Issue**:<https://github.com/432539/gpt2api/issues>
+- **Discussions**:<https://github.com/432539/gpt2api/discussions>
 
-[![GitHub stars](https://img.shields.io/github/stars/432539/gpt2api?style=flat-square)](https://github.com/432539/gpt2api)
+如果这个项目对你有帮助,请给个 ⭐ Star;二次开发或商用遇到问题,欢迎进群交流。
diff --git a/assets/dashboard-sample.png b/assets/dashboard-sample.png
new file mode 100644
index 00000000..ca038fea
Binary files /dev/null and b/assets/dashboard-sample.png differ
diff --git a/backend/.env.example b/backend/.env.example
deleted file mode 100644
index 8ba155ee..00000000
--- a/backend/.env.example
+++ /dev/null
@@ -1,53 +0,0 @@
-# KleinAI Backend 环境变量样例（生产/预发请通过 KMS / Secret 注入，不要 commit）
-# 复制为 .env.local（已 gitignore）后修改
-
-# 运行环境
-KLEIN_ENV=dev                      # local | dev | staging | prod
-
-# 监听端口（参考 docs/01 - 端口规范）
-KLEIN_API_PORT=17180
-KLEIN_ADMIN_PORT=17188
-KLEIN_OPENAI_PORT=17200
-KLEIN_WS_PORT=17280
-KLEIN_PPROF_PORT=17590
-
-# 数据库（MySQL 13306）
-KLEIN_DB_DSN=klein:klein123@tcp(127.0.0.1:13306)/klein_ai?charset=utf8mb4&parseTime=True&loc=Local
-
-# Redis（16379）
-KLEIN_REDIS_ADDR=127.0.0.1:16379
-KLEIN_REDIS_PASSWORD=
-KLEIN_REDIS_DB=0
-
-# JWT（≥ 32 字节，生产请用 openssl rand -hex 32 重新生成）
-KLEIN_JWT_SECRET=please-change-me-32bytes-min-secret-xx
-KLEIN_JWT_REFRESH_SECRET=please-change-me-32bytes-min-refresh-xx
-KLEIN_JWT_ACCESS_TTL=2h
-KLEIN_JWT_REFRESH_TTL=336h
-
-# 加密账号池凭证（AES-256-GCM）
-KLEIN_AES_KEY=00000000000000000000000000000000  # 32 字节 hex / base64
-
-# 第三方 Provider 默认 base
-KLEIN_OPENAI_BASE=https://api.openai.com
-KLEIN_GROK_BASE=https://api.x.ai
-
-# Provider 模式：mock（本地默认）| real（生产开启真实 HTTP 调用）
-KLEIN_PROVIDER_GPT=mock
-KLEIN_PROVIDER_GROK=mock
-# 真实模式下的默认 base url（账号未单独配置时使用）
-KLEIN_GPT_BASE_URL=https://api.openai.com
-KLEIN_GROK_BASE_URL=https://api.x.ai
-
-# 雪花机器 ID（多副本部署需保证不同）
-KLEIN_NODE_ID=1
-
-# 日志
-KLEIN_LOG_LEVEL=info
-KLEIN_LOG_DIR=./logs
-KLEIN_LOG_MAX_SIZE_MB=200
-KLEIN_LOG_MAX_AGE_DAYS=30
-KLEIN_LOG_COMPRESS=true
-
-# CORS 白名单（逗号分隔）
-KLEIN_CORS_ORIGINS=http://localhost:5173,http://localhost:5174,https://klein.example,https://admin.klein.example
diff --git a/backend/.gitignore b/backend/.gitignore
deleted file mode 100644
index 33c90e1f..00000000
--- a/backend/.gitignore
+++ /dev/null
@@ -1,25 +0,0 @@
-# env / secrets
-.env
-.env.*
-!.env.example
-*.local
-
-# build
-/bin/
-/dist/
-
-# logs
-/logs/
-*.log
-
-# coverage
-*.out
-coverage.html
-
-# IDE
-.idea/
-.vscode/
-*.swp
-
-# misc
-*.exe
diff --git a/backend/Dockerfile b/backend/Dockerfile
deleted file mode 100644
index ae04ff1f..00000000
--- a/backend/Dockerfile
+++ /dev/null
@@ -1,50 +0,0 @@
-# ----- 多阶段构建：构建 4 个独立二进制并打入同一镜像 -----
-FROM golang:1.24-alpine AS builder
-
-ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
-
-WORKDIR /src
-
-RUN apk add --no-cache git ca-certificates tzdata
-
-COPY go.mod go.sum ./
-RUN go mod download
-
-COPY . .
-
-ARG VERSION=dev
-ARG BUILD_TIME=unknown
-
-RUN go build -trimpath -ldflags="-s -w \
-        -X github.com/kleinai/backend/pkg/version.Build=${VERSION} \
-        -X github.com/kleinai/backend/pkg/version.Time=${BUILD_TIME}" \
-    -o /out/api    ./cmd/api  && \
-    go build -trimpath -ldflags="-s -w \
-        -X github.com/kleinai/backend/pkg/version.Build=${VERSION}" \
-    -o /out/admin  ./cmd/admin && \
-    go build -trimpath -ldflags="-s -w \
-        -X github.com/kleinai/backend/pkg/version.Build=${VERSION}" \
-    -o /out/openai ./cmd/openai && \
-    go build -trimpath -ldflags="-s -w \
-        -X github.com/kleinai/backend/pkg/version.Build=${VERSION}" \
-    -o /out/worker ./cmd/worker
-
-# ----- 运行阶段：distroless · 非 root -----
-FROM gcr.io/distroless/static-debian12:nonroot
-
-WORKDIR /app
-
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /usr/share/zoneinfo                 /usr/share/zoneinfo
-COPY --from=builder /out/api                            /app/api
-COPY --from=builder /out/admin                          /app/admin
-COPY --from=builder /out/openai                         /app/openai
-COPY --from=builder /out/worker                         /app/worker
-COPY --from=builder /src/configs                        /app/configs
-
-ENV TZ=Asia/Shanghai
-USER 65532:65532
-
-EXPOSE 17180 17188 17200
-
-ENTRYPOINT ["/app/api"]
diff --git a/backend/Makefile b/backend/Makefile
deleted file mode 100644
index 314bfcd1..00000000
--- a/backend/Makefile
+++ /dev/null
@@ -1,74 +0,0 @@
-# KleinAI Backend Makefile
-# 端口约定：api=17180  admin=17188  openai=17200  pprof=17590
-
-ENV ?= dev
-APP_PKG := github.com/kleinai/backend
-LDFLAGS := -s -w -X $(APP_PKG)/pkg/version.Build=$(shell git rev-parse --short HEAD 2>/dev/null || echo dev) \
-                 -X $(APP_PKG)/pkg/version.Time=$(shell date -u +%Y-%m-%dT%H:%M:%SZ)
-
-GO ?= go
-GOFLAGS ?= -trimpath
-BIN_DIR := bin
-
-.PHONY: help tidy lint vet test build run-api run-admin run-openai run-worker \
-        migrate-up migrate-down docker fmt clean
-
-help:
-	@echo "KleinAI backend make targets:"
-	@echo "  tidy         go mod tidy"
-	@echo "  fmt          gofmt + goimports"
-	@echo "  lint         golangci-lint"
-	@echo "  vet          go vet"
-	@echo "  test         go test ./... -race"
-	@echo "  build        编译全部 4 个二进制到 bin/"
-	@echo "  run-api      启动用户端 API（:17180）"
-	@echo "  run-admin    启动管理后台 API（:17188）"
-	@echo "  run-openai   启动 OpenAI 兼容 API（:17200）"
-	@echo "  run-worker   启动异步任务消费者"
-	@echo "  migrate-up   数据库向上迁移"
-	@echo "  migrate-down 回滚一个版本"
-
-tidy:
-	$(GO) mod tidy
-
-fmt:
-	$(GO) fmt ./...
-	@command -v goimports >/dev/null && goimports -w . || echo "goimports not installed"
-
-lint:
-	@command -v golangci-lint >/dev/null && golangci-lint run ./... || echo "golangci-lint not installed; run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest"
-
-vet:
-	$(GO) vet ./...
-
-test:
-	$(GO) test ./... -race -count=1
-
-build:
-	@mkdir -p $(BIN_DIR)
-	$(GO) build $(GOFLAGS) -ldflags="$(LDFLAGS)" -o $(BIN_DIR)/api    ./cmd/api
-	$(GO) build $(GOFLAGS) -ldflags="$(LDFLAGS)" -o $(BIN_DIR)/admin  ./cmd/admin
-	$(GO) build $(GOFLAGS) -ldflags="$(LDFLAGS)" -o $(BIN_DIR)/openai ./cmd/openai
-	$(GO) build $(GOFLAGS) -ldflags="$(LDFLAGS)" -o $(BIN_DIR)/worker ./cmd/worker
-
-run-api:
-	KLEIN_ENV=$(ENV) $(GO) run ./cmd/api
-
-run-admin:
-	KLEIN_ENV=$(ENV) $(GO) run ./cmd/admin
-
-run-openai:
-	KLEIN_ENV=$(ENV) $(GO) run ./cmd/openai
-
-run-worker:
-	KLEIN_ENV=$(ENV) $(GO) run ./cmd/worker
-
-migrate-up:
-	@command -v goose >/dev/null || { echo "install: go install github.com/pressly/goose/v3/cmd/goose@latest"; exit 1; }
-	goose -dir migrations mysql "$(KLEIN_DB_DSN)" up
-
-migrate-down:
-	goose -dir migrations mysql "$(KLEIN_DB_DSN)" down
-
-clean:
-	rm -rf $(BIN_DIR)
diff --git a/backend/cmd/admin/main.go b/backend/cmd/admin/main.go
deleted file mode 100644
index d722d018..00000000
--- a/backend/cmd/admin/main.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Command admin 管理后台 API 服务（监听 :17188）。
-//
-// 路由前缀：/admin/api/v1
-// 详见 docs/04-API规范.md §3。
-package main
-
-import (
-	"fmt"
-	"net/http"
-	"strconv"
-
-	"github.com/kleinai/backend/internal/bootstrap"
-	"github.com/kleinai/backend/internal/router"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-const serviceName = "admin"
-
-func main() {
-	deps, err := bootstrap.Init(serviceName)
-	if err != nil {
-		panic(err)
-	}
-	defer logger.Sync()
-
-	r := router.New(router.Options{ServiceName: serviceName, Deps: deps})
-	router.MountAdmin(r, deps)
-
-	srv := &http.Server{
-		Addr:         ":" + strconv.Itoa(deps.Cfg.Server.AdminPort),
-		Handler:      r,
-		ReadTimeout:  deps.Cfg.Server.ReadTimeout,
-		WriteTimeout: deps.Cfg.Server.WriteTimeout,
-	}
-
-	if err := bootstrap.Run(srv, deps.Cfg.Server.ShutdownTimeout); err != nil {
-		fmt.Println("server exit error:", err)
-	}
-}
diff --git a/backend/cmd/api/main.go b/backend/cmd/api/main.go
deleted file mode 100644
index 8d1eaec3..00000000
--- a/backend/cmd/api/main.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Command api 用户端 API 服务（监听 :17180）。
-//
-// 路由前缀：/api/v1
-// 详见 docs/04-API规范.md §2。
-package main
-
-import (
-	"fmt"
-	"net/http"
-	"strconv"
-
-	"github.com/kleinai/backend/internal/bootstrap"
-	"github.com/kleinai/backend/internal/router"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-const serviceName = "api"
-
-func main() {
-	deps, err := bootstrap.Init(serviceName)
-	if err != nil {
-		panic(err)
-	}
-	defer logger.Sync()
-
-	r := router.New(router.Options{ServiceName: serviceName, Deps: deps})
-	router.MountAPI(r, deps)
-
-	srv := &http.Server{
-		Addr:         ":" + strconv.Itoa(deps.Cfg.Server.APIPort),
-		Handler:      r,
-		ReadTimeout:  deps.Cfg.Server.ReadTimeout,
-		WriteTimeout: deps.Cfg.Server.WriteTimeout,
-	}
-
-	if err := bootstrap.Run(srv, deps.Cfg.Server.ShutdownTimeout); err != nil {
-		fmt.Println("server exit error:", err)
-	}
-}
diff --git a/backend/cmd/openai/main.go b/backend/cmd/openai/main.go
deleted file mode 100644
index 7f39d8a9..00000000
--- a/backend/cmd/openai/main.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// Command openai OpenAI 兼容协议 API（监听 :17200）。
-//
-// 路由前缀：/v1
-// 详见 docs/04-API规范.md §4。
-package main
-
-import (
-	"fmt"
-	"net/http"
-	"strconv"
-
-	"github.com/kleinai/backend/internal/bootstrap"
-	"github.com/kleinai/backend/internal/router"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-const serviceName = "openai"
-
-func main() {
-	deps, err := bootstrap.Init(serviceName)
-	if err != nil {
-		panic(err)
-	}
-	defer logger.Sync()
-
-	r := router.New(router.Options{ServiceName: serviceName, Deps: deps})
-	router.MountOpenAI(r, deps)
-
-	srv := &http.Server{
-		Addr:         ":" + strconv.Itoa(deps.Cfg.Server.OpenAIPort),
-		Handler:      r,
-		ReadTimeout:  deps.Cfg.Server.ReadTimeout,
-		WriteTimeout: 600, // 视频生成长任务，下方再覆盖
-	}
-	srv.WriteTimeout = deps.Cfg.Server.WriteTimeout * 10
-
-	if err := bootstrap.Run(srv, deps.Cfg.Server.ShutdownTimeout); err != nil {
-		fmt.Println("server exit error:", err)
-	}
-}
diff --git a/backend/cmd/worker/main.go b/backend/cmd/worker/main.go
deleted file mode 100644
index 2539567a..00000000
--- a/backend/cmd/worker/main.go
+++ /dev/null
@@ -1,104 +0,0 @@
-// Command worker 异步任务消费者（asynq）。
-//
-// 监听队列：critical / default / low
-// 详见 docs/02-后端规范.md §8。
-package main
-
-import (
-	"context"
-	"os/signal"
-	"syscall"
-
-	"github.com/hibiken/asynq"
-	"go.uber.org/zap"
-
-	"github.com/kleinai/backend/internal/bootstrap"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-const serviceName = "worker"
-
-// Task type 常量（与发布端保持一致）。
-const (
-	TaskGenImage    = "gen:image"
-	TaskGenVideo    = "gen:video"
-	TaskPoolHealth  = "pool:health"
-	TaskBillSettle  = "bill:settle"
-	TaskEmailSend   = "email:send"
-	TaskWebhookSend = "webhook:notify"
-)
-
-func main() {
-	deps, err := bootstrap.Init(serviceName)
-	if err != nil {
-		panic(err)
-	}
-	defer logger.Sync()
-
-	if deps.Cfg.Redis.Addr == "" {
-		logger.L().Fatal("worker requires redis")
-	}
-
-	if deps.DB != nil {
-		sysCfgSvc := service.NewSystemConfigService(repo.NewSystemConfigRepo(deps.DB))
-		proxySvc := service.NewProxyService(repo.NewProxyRepo(deps.DB), deps.AES)
-		service.NewGrokCFRefreshService(sysCfgSvc, proxySvc).Start(context.Background())
-	}
-
-	srv := asynq.NewServer(
-		asynq.RedisClientOpt{
-			Addr:     deps.Cfg.Redis.Addr,
-			Password: deps.Cfg.Redis.Password,
-			DB:       deps.Cfg.Redis.DB,
-		},
-		asynq.Config{
-			Concurrency: 16,
-			Queues: map[string]int{
-				"critical": 6,
-				"default":  3,
-				"low":      1,
-			},
-			Logger:          &asynqZap{l: logger.L()},
-			ShutdownTimeout: deps.Cfg.Server.ShutdownTimeout,
-			HealthCheckFunc: func(err error) {
-				if err != nil {
-					logger.L().Warn("asynq health", zap.Error(err))
-				}
-			},
-		},
-	)
-
-	mux := asynq.NewServeMux()
-
-	// TODO Sprint 5+: 注册具体任务 handler
-	mux.HandleFunc(TaskPoolHealth, func(ctx context.Context, t *asynq.Task) error {
-		logger.FromCtx(ctx).Info("pool health tick", zap.String("task", t.Type()))
-		return nil
-	})
-
-	go func() {
-		if err := srv.Run(mux); err != nil {
-			logger.L().Fatal("asynq run", zap.Error(err))
-		}
-	}()
-
-	logger.L().Info("worker started", zap.String("redis", deps.Cfg.Redis.Addr))
-
-	ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
-	defer stop()
-	<-ctx.Done()
-
-	srv.Shutdown()
-	logger.L().Info("worker shutdown done")
-}
-
-// asynqZap 把 asynq 日志转 zap。
-type asynqZap struct{ l *zap.Logger }
-
-func (a *asynqZap) Debug(args ...any) { a.l.Sugar().Debug(args...) }
-func (a *asynqZap) Info(args ...any)  { a.l.Sugar().Info(args...) }
-func (a *asynqZap) Warn(args ...any)  { a.l.Sugar().Warn(args...) }
-func (a *asynqZap) Error(args ...any) { a.l.Sugar().Error(args...) }
-func (a *asynqZap) Fatal(args ...any) { a.l.Sugar().Fatal(args...) }
diff --git a/backend/configs/config.dev.yaml b/backend/configs/config.dev.yaml
deleted file mode 100644
index 46758b1b..00000000
--- a/backend/configs/config.dev.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-app:
-  env: dev
-
-logger:
-  level: debug
-  console: true
diff --git a/backend/configs/config.prod.yaml b/backend/configs/config.prod.yaml
deleted file mode 100644
index 7972e2ba..00000000
--- a/backend/configs/config.prod.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-app:
-  env: prod
-
-logger:
-  level: info
-  console: false
-
-ratelimit:
-  ip_per_minute: 1200
diff --git a/backend/configs/config.yaml b/backend/configs/config.yaml
deleted file mode 100644
index c30e83e3..00000000
--- a/backend/configs/config.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-# KleinAI 默认配置（不含敏感信息）
-# 优先级：环境变量 > config.${KLEIN_ENV}.yaml > 本文件
-
-app:
-  name: kleinai
-  env: dev
-
-server:
-  api_port: 17180
-  admin_port: 17188
-  openai_port: 17200
-  ws_port: 17280
-  pprof_port: 17590
-  read_timeout: 30s
-  write_timeout: 60s
-  shutdown_timeout: 15s
-
-mysql:
-  dsn: ""                    # 由环境变量 KLEIN_DB_DSN 注入
-  max_open_conns: 100
-  max_idle_conns: 20
-  conn_max_lifetime: 1h
-  slow_threshold: 200ms
-
-redis:
-  addr: ""                   # 由环境变量 KLEIN_REDIS_ADDR 注入
-  password: ""
-  db: 0
-  pool_size: 50
-
-jwt:
-  access_ttl: 2h
-  refresh_ttl: 336h          # 14d
-
-logger:
-  level: info
-  dir: ./logs
-  max_size_mb: 200
-  max_age_days: 30
-  compress: true
-  console: true              # dev 输出到控制台
-
-snowflake:
-  node_id: 1
-
-cors:
-  origins:
-    - http://localhost:5173
-    - http://localhost:5174
-
-ratelimit:
-  ip_per_minute: 1000
-  user_per_minute: 600
-  apikey_per_minute: 60
-
-pool:
-  strategy: round_robin      # round_robin | weighted | least_used | lowest_err_rate
-  cooldown_seconds: 600
-  fail_threshold: 5
-  health_check_seconds: 300
-
-provider:
-  openai_base: https://api.openai.com
-  grok_base: https://api.x.ai
-  request_timeout: 120s
-  retry: 1
-
-billing:
-  point_unit: 100            # 1 点 = 100（最小单位 0.01）
-
-cdn:
-  base: https://cdn.klein.example
diff --git a/backend/go.mod b/backend/go.mod
deleted file mode 100644
index d9a49966..00000000
--- a/backend/go.mod
+++ /dev/null
@@ -1,75 +0,0 @@
-module github.com/kleinai/backend
-
-go 1.24
-
-require (
-	github.com/bwmarrin/snowflake v0.3.0
-	github.com/gin-contrib/cors v1.7.2
-	github.com/gin-gonic/gin v1.10.0
-	github.com/go-redis/redis_rate/v10 v10.0.1
-	github.com/go-resty/resty/v2 v2.13.1
-	github.com/golang-jwt/jwt/v5 v5.2.1
-	github.com/google/uuid v1.6.0
-	github.com/hibiken/asynq v0.24.1
-	github.com/redis/go-redis/v9 v9.5.3
-	github.com/refraction-networking/utls v1.8.2
-	github.com/spf13/viper v1.19.0
-	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.36.0
-	golang.org/x/net v0.38.0
-	gopkg.in/natefinch/lumberjack.v2 v2.2.1
-	gorm.io/driver/mysql v1.5.7
-	gorm.io/gorm v1.25.10
-)
-
-require (
-	github.com/andybalholm/brotli v1.0.6 // indirect
-	github.com/bytedance/sonic v1.11.6 // indirect
-	github.com/bytedance/sonic/loader v0.1.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/cloudflare/circl v1.5.0 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
-	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
-	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/go-playground/locales v0.14.1 // indirect
-	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.22.0 // indirect
-	github.com/go-sql-driver/mysql v1.7.0 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/jinzhu/inflection v1.0.0 // indirect
-	github.com/jinzhu/now v1.1.5 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.4 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
-	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
-	github.com/robfig/cron/v3 v3.0.1 // indirect
-	github.com/sagikazarmark/locafero v0.4.0 // indirect
-	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
-	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.11.0 // indirect
-	github.com/spf13/cast v1.6.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.12 // indirect
-	go.uber.org/multierr v1.10.0 // indirect
-	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	google.golang.org/protobuf v1.34.1 // indirect
-	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-)
diff --git a/backend/go.sum b/backend/go.sum
deleted file mode 100644
index ab439386..00000000
--- a/backend/go.sum
+++ /dev/null
@@ -1,264 +0,0 @@
-github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
-github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w=
-github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
-github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
-github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
-github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
-github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
-github.com/bwmarrin/snowflake v0.3.0 h1:xm67bEhkKh6ij1790JB83OujPR5CzNe8QuQqAgISZN0=
-github.com/bwmarrin/snowflake v0.3.0/go.mod h1:NdZxfVWX+oR6y2K0o6qAYv6gIOP9rjG0/E9WsDpxqwE=
-github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
-github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
-github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
-github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
-github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
-github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
-github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
-github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
-github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
-github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
-github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
-github.com/gin-contrib/cors v1.7.2 h1:oLDHxdg8W/XDoN/8zamqk/Drgt4oVZDvaV0YmvVICQw=
-github.com/gin-contrib/cors v1.7.2/go.mod h1:SUJVARKgQ40dmrzgXEVxj2m7Ig1v1qIboQkPDTQ9t2E=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
-github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
-github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
-github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
-github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
-github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
-github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
-github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
-github.com/go-redis/redis_rate/v10 v10.0.1 h1:calPxi7tVlxojKunJwQ72kwfozdy25RjA0bCj1h0MUo=
-github.com/go-redis/redis_rate/v10 v10.0.1/go.mod h1:EMiuO9+cjRkR7UvdvwMO7vbgqJkltQHtwbdIQvaBKIU=
-github.com/go-resty/resty/v2 v2.13.1 h1:x+LHXBI2nMB1vqndymf26quycC4aggYJ7DECYbiz03g=
-github.com/go-resty/resty/v2 v2.13.1/go.mod h1:GznXlLxkq6Nh4sU59rPmUw3VtgpO3aS96ORAI6Q7d+0=
-github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
-github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
-github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
-github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
-github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hibiken/asynq v0.24.1 h1:+5iIEAyA9K/lcSPvx3qoPtsKJeKI5u9aOIvUmSsazEw=
-github.com/hibiken/asynq v0.24.1/go.mod h1:u5qVeSbrnfT+vtG5Mq8ZPzQu/BmCKMHvTGb91uy9Tts=
-github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
-github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
-github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
-github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
-github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
-github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
-github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
-github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
-github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
-github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
-github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/redis/go-redis/v9 v9.0.3/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
-github.com/redis/go-redis/v9 v9.5.3 h1:fOAp1/uJG+ZtcITgZOfYFmTKPE7n4Vclj1wZFgRciUU=
-github.com/redis/go-redis/v9 v9.5.3/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
-github.com/refraction-networking/utls v1.6.7 h1:zVJ7sP1dJx/WtVuITug3qYUq034cDq9B2MR1K67ULZM=
-github.com/refraction-networking/utls v1.6.7/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0=
-github.com/refraction-networking/utls v1.8.2 h1:j4Q1gJj0xngdeH+Ox/qND11aEfhpgoEvV+S9iJ2IdQo=
-github.com/refraction-networking/utls v1.8.2/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
-github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
-github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
-github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
-github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
-github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
-github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
-github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
-github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
-github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
-github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
-github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
-github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
-github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
-github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
-github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
-go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
-go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
-golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
-golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
-gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
-gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/mysql v1.5.7 h1:MndhOPYOfEp2rHKgkZIhJ16eVUIRf2HmzgoPmh7FCWo=
-gorm.io/driver/mysql v1.5.7/go.mod h1:sEtPWMiqiN1N1cMXoXmBbd8C6/l+TESwriotuRRpkDM=
-gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
-gorm.io/gorm v1.25.10 h1:dQpO+33KalOA+aFYGlK+EfxcI5MbO7EP2yYygwh9h+s=
-gorm.io/gorm v1.25.10/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
-nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
-rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
diff --git a/backend/internal/bootstrap/bootstrap.go b/backend/internal/bootstrap/bootstrap.go
deleted file mode 100644
index 2d9b2615..00000000
--- a/backend/internal/bootstrap/bootstrap.go
+++ /dev/null
@@ -1,155 +0,0 @@
-// Package bootstrap 集中初始化所有基础设施，供 cmd/* 复用。
-package bootstrap
-
-import (
-	"context"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"net/http"
-	"os/signal"
-	"strings"
-	"syscall"
-	"time"
-
-	"github.com/redis/go-redis/v9"
-	"go.uber.org/zap"
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/pkg/config"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/database"
-	"github.com/kleinai/backend/pkg/jwtx"
-	"github.com/kleinai/backend/pkg/logger"
-	"github.com/kleinai/backend/pkg/ratelimit"
-	"github.com/kleinai/backend/pkg/snowflake"
-	"github.com/kleinai/backend/pkg/version"
-)
-
-// Deps 启动后向业务层注入的依赖集合。
-type Deps struct {
-	Cfg     *config.Config
-	DB      *gorm.DB
-	Redis   *redis.Client
-	JWT     *jwtx.Manager
-	Limiter *ratelimit.Limiter
-	AES     *crypto.AESGCM
-}
-
-// Init 完整初始化（config / logger / mysql / redis / jwt / aes / snowflake）。
-func Init(serviceName string) (*Deps, error) {
-	cfg, err := config.Load()
-	if err != nil {
-		return nil, fmt.Errorf("load config: %w", err)
-	}
-
-	if err := logger.Init(cfg); err != nil {
-		return nil, fmt.Errorf("init logger: %w", err)
-	}
-	logger.L().Info("kleinai starting",
-		zap.String("service", serviceName),
-		zap.String("env", cfg.App.Env),
-		zap.String("version", version.Info()),
-	)
-
-	if err := snowflake.Init(cfg.Snowflake.NodeID); err != nil {
-		return nil, err
-	}
-
-	jwtMgr, err := jwtx.New(cfg.JWT.Secret, cfg.JWT.RefreshSecret, cfg.JWT.AccessTTL, cfg.JWT.RefreshTTL)
-	if err != nil {
-		return nil, fmt.Errorf("init jwt: %w", err)
-	}
-
-	aes, err := initAES(cfg.AESKey)
-	if err != nil {
-		return nil, fmt.Errorf("init aes: %w", err)
-	}
-
-	db, err := database.NewMySQL(&cfg.MySQL)
-	if err != nil {
-		// dev 下允许暂时跑空依赖（仅 healthz 可用），但日志告警
-		if cfg.IsDev() {
-			logger.L().Warn("mysql unavailable, running in degraded mode", zap.Error(err))
-			db = nil
-		} else {
-			return nil, err
-		}
-	}
-
-	rdb, err := database.NewRedis(&cfg.Redis)
-	if err != nil {
-		if cfg.IsDev() {
-			logger.L().Warn("redis unavailable, running in degraded mode", zap.Error(err))
-			rdb = nil
-		} else {
-			return nil, err
-		}
-	}
-
-	var limiter *ratelimit.Limiter
-	if rdb != nil {
-		limiter = ratelimit.New(rdb)
-	}
-
-	return &Deps{
-		Cfg:     cfg,
-		DB:      db,
-		Redis:   rdb,
-		JWT:     jwtMgr,
-		Limiter: limiter,
-		AES:     aes,
-	}, nil
-}
-
-func initAES(raw string) (*crypto.AESGCM, error) {
-	if raw == "" {
-		return nil, nil
-	}
-	key, err := decodeAESKey(raw)
-	if err != nil {
-		return nil, err
-	}
-	return crypto.NewAESGCM(key)
-}
-
-func decodeAESKey(raw string) ([]byte, error) {
-	raw = strings.TrimSpace(raw)
-	if b, err := hex.DecodeString(raw); err == nil && len(b) == 32 {
-		return b, nil
-	}
-	if len(raw) == 32 {
-		return []byte(raw), nil
-	}
-	return nil, errors.New("KLEIN_AES_KEY must be 32 bytes raw or 64 hex chars")
-}
-
-// Run 优雅启停 HTTP 服务。
-func Run(srv *http.Server, shutdownTimeout time.Duration) error {
-	errCh := make(chan error, 1)
-	go func() {
-		logger.L().Info("http listening", zap.String("addr", srv.Addr))
-		if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
-			errCh <- err
-		}
-	}()
-
-	ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
-	defer stop()
-
-	select {
-	case err := <-errCh:
-		return err
-	case <-ctx.Done():
-		logger.L().Info("shutting down http server")
-	}
-
-	shutdownCtx, cancel := context.WithTimeout(context.Background(), shutdownTimeout)
-	defer cancel()
-	if err := srv.Shutdown(shutdownCtx); err != nil {
-		return fmt.Errorf("shutdown: %w", err)
-	}
-	logger.Sync()
-	logger.L().Info("graceful shutdown done")
-	return nil
-}
diff --git a/backend/internal/dto/account.go b/backend/internal/dto/account.go
deleted file mode 100644
index 71066b14..00000000
--- a/backend/internal/dto/account.go
+++ /dev/null
@@ -1,216 +0,0 @@
-// Package dto 入参 / 出参 DTO。
-package dto
-
-// AccountCreateReq 创建账号。credential 为明文（api_key / cookie / 或 OAuth 仅 RT 时的唯一字段）。
-// OAuth（GPT）推荐与 sora2ok 一致：access_token（AT）+ refresh_token（RT）+ session_token（ST，可选）+ client_id（可选）；
-// 仍可只填 credential 作为仅 RT 的旧版表单。
-type AccountCreateReq struct {
-	Provider     string  `json:"provider"      binding:"required,oneof=gpt grok"`
-	Name         string  `json:"name"          binding:"required,min=1,max=128"`
-	AuthType     string  `json:"auth_type"     binding:"required,oneof=api_key cookie oauth"`
-	Credential   string  `json:"credential"    binding:"omitempty"`
-	AccessToken  string  `json:"access_token"  binding:"omitempty"`
-	RefreshToken string  `json:"refresh_token" binding:"omitempty"`
-	SessionToken string  `json:"session_token" binding:"omitempty"`
-	ClientID     string  `json:"client_id"     binding:"omitempty,max=128"`
-	BaseURL      string  `json:"base_url"      binding:"omitempty,url"`
-	ProxyID      *uint64 `json:"proxy_id"      binding:"omitempty"`
-	Weight       int     `json:"weight"        binding:"omitempty,min=1,max=1000"`
-	RPMLimit     int     `json:"rpm_limit"     binding:"omitempty,min=0"`
-	TPMLimit     int     `json:"tpm_limit"     binding:"omitempty,min=0"`
-	DailyQuota   int     `json:"daily_quota"   binding:"omitempty,min=0"`
-	MonthlyQuota int     `json:"monthly_quota" binding:"omitempty,min=0"`
-	Remark       string  `json:"remark"        binding:"omitempty,max=255"`
-}
-
-// AccountUpdateReq 更新账号；任意字段留空表示不变。
-// OAuth 账号可使用 access_token / refresh_token / session_token / client_id 替换原值。
-type AccountUpdateReq struct {
-	Name         *string `json:"name"          binding:"omitempty,min=1,max=128"`
-	Credential   *string `json:"credential"`
-	AccessToken  *string `json:"access_token"`
-	RefreshToken *string `json:"refresh_token"`
-	SessionToken *string `json:"session_token"`
-	ClientID     *string `json:"client_id"     binding:"omitempty,max=128"`
-	BaseURL      *string `json:"base_url"      binding:"omitempty,url"`
-	ProxyID      *uint64 `json:"proxy_id"      binding:"omitempty"`
-	Weight       *int    `json:"weight"        binding:"omitempty,min=1,max=1000"`
-	RPMLimit     *int    `json:"rpm_limit"     binding:"omitempty,min=0"`
-	TPMLimit     *int    `json:"tpm_limit"     binding:"omitempty,min=0"`
-	DailyQuota   *int    `json:"daily_quota"   binding:"omitempty,min=0"`
-	MonthlyQuota *int    `json:"monthly_quota" binding:"omitempty,min=0"`
-	Status       *int8   `json:"status"        binding:"omitempty,oneof=-1 0 1 2"`
-	Remark       *string `json:"remark"        binding:"omitempty,max=255"`
-}
-
-// AccountBatchImportReq 批量导入。
-//
-// 文本输入示例（每行一条）：
-//
-//	sk-xxxxx
-//	sk-yyyyy@https://api.example.com
-//	namedbob@@sk-zzzzz
-//
-// 当 auth_type=oauth 时，每行的 credential 实际为 OpenAI Codex CLI 的 refresh_token。
-//
-// format=sub2api：兼容 sub2api / Codex 等导出的 JSON（顶层含 accounts[]）。
-// 单次请求 accounts 建议 ≤500 条，大块导入请前端分批 POST。
-type AccountBatchImportReq struct {
-	Format   string `json:"format"    binding:"omitempty,oneof=lines sub2api"`
-	Provider string `json:"provider"  binding:"required,oneof=gpt grok"`
-	// lines 模式必填；sub2api 可省略（由每条 account.type / platform 推导）
-	AuthType string  `json:"auth_type" binding:"omitempty,oneof=api_key cookie oauth"`
-	BaseURL  string  `json:"base_url"  binding:"omitempty,url"`
-	ProxyID  *uint64 `json:"proxy_id" binding:"omitempty"`
-	Weight   int     `json:"weight"    binding:"omitempty,min=1,max=1000"`
-	// lines 模式：多行文本
-	Text string `json:"text"`
-	// sub2api 模式：解析后的账号切片
-	Accounts []Sub2APIAccountItem `json:"accounts"`
-}
-
-// Sub2APIAccountItem sub2api 导出 JSON 中单条账号（字段名与常见导出保持一致）。
-type Sub2APIAccountItem struct {
-	Name        string        `json:"name"`
-	Platform    string        `json:"platform"`
-	Type        string        `json:"type"`
-	Priority    int           `json:"priority"`
-	Concurrency int           `json:"concurrency"`
-	Credentials *Sub2APICreds `json:"credentials"`
-}
-
-// BatchImportResult 批量导入结果。
-type BatchImportResult struct {
-	Imported int `json:"imported"`
-	Skipped  int `json:"skipped"`
-}
-
-// Sub2APICreds sub2api credentials 对象。
-type Sub2APICreds struct {
-	AccessToken      string `json:"access_token"`
-	RefreshToken     string `json:"refresh_token"`
-	ClientID         string `json:"client_id"`
-	IDToken          string `json:"id_token"`
-	Email            string `json:"email"`
-	ChatgptAccountID string `json:"chatgpt_account_id"`
-	ChatgptUserID    string `json:"chatgpt_user_id"`
-	OrganizationID   string `json:"organization_id"`
-	PlanType         string `json:"plan_type"`
-}
-
-// AccountTestResp 账号连通性测试结果。
-type AccountTestResp struct {
-	OK                  bool   `json:"ok"`
-	LatencyMs           int    `json:"latency_ms"`
-	Error               string `json:"error,omitempty"`
-	PlanType            string `json:"plan_type,omitempty"`
-	DefaultModel        string `json:"default_model,omitempty"`
-	ImageQuotaRemaining int    `json:"image_quota_remaining,omitempty"`
-	ImageQuotaTotal     int    `json:"image_quota_total,omitempty"`
-	ImageQuotaResetAt   int64  `json:"image_quota_reset_at,omitempty"`
-}
-
-// AccountRefreshResp OAuth RT 刷新结果。
-type AccountRefreshResp struct {
-	OK           bool  `json:"ok"`
-	ExpiresIn    int64 `json:"expires_in,omitempty"`
-	RefreshedAt  int64 `json:"refreshed_at"`
-	HasRefreshTK bool  `json:"has_refresh_token"`
-}
-
-// AccountListReq 列表过滤。
-type AccountBatchProbeResp struct {
-	Probed    int      `json:"probed"`
-	FailedIDs []uint64 `json:"failed_ids"`
-	Page      int      `json:"page"`
-	PageSize  int      `json:"page_size"`
-	Total     int64    `json:"total"`
-	HasMore   bool     `json:"has_more"`
-	NextPage  int      `json:"next_page,omitempty"`
-}
-
-// AccountBatchRefreshResp 批量刷新 OAuth 结果。
-type AccountBatchRefreshResp struct {
-	Refreshed int      `json:"refreshed"`
-	FailedIDs []uint64 `json:"failed_ids"`
-	Page      int      `json:"page"`
-	PageSize  int      `json:"page_size"`
-	Total     int64    `json:"total"`
-	HasMore   bool     `json:"has_more"`
-	NextPage  int      `json:"next_page,omitempty"`
-}
-
-type AccountListReq struct {
-	Provider string `form:"provider"  binding:"omitempty,oneof=gpt grok"`
-	Status   *int8  `form:"status"`
-	Keyword  string `form:"keyword"   binding:"omitempty,max=64"`
-	Page     int    `form:"page"      binding:"omitempty,min=1"`
-	PageSize int    `form:"page_size" binding:"omitempty,min=1,max=1000"`
-}
-
-// AccountResp 输出，已脱敏 credential。
-type AccountResp struct {
-	ID                  uint64 `json:"id"`
-	Provider            string `json:"provider"`
-	Name                string `json:"name"`
-	AuthType            string `json:"auth_type"`
-	CredentialMask      string `json:"credential_mask"`
-	BaseURL             string `json:"base_url,omitempty"`
-	ProxyID             uint64 `json:"proxy_id,omitempty"`
-	Weight              int    `json:"weight"`
-	RPMLimit            int    `json:"rpm_limit"`
-	TPMLimit            int    `json:"tpm_limit"`
-	DailyQuota          int    `json:"daily_quota"`
-	MonthlyQuota        int    `json:"monthly_quota"`
-	Status              int8   `json:"status"`
-	CooldownUntil       int64  `json:"cooldown_until,omitempty"`
-	LastUsedAt          int64  `json:"last_used_at,omitempty"`
-	LastError           string `json:"last_error,omitempty"`
-	ErrorCount          int    `json:"error_count"`
-	SuccessCount        uint64 `json:"success_count"`
-	Remark              string `json:"remark,omitempty"`
-	HasRefreshToken     bool   `json:"has_refresh_token"`
-	HasAccessToken      bool   `json:"has_access_token"`
-	AccessTokenExpireAt int64  `json:"access_token_expire_at,omitempty"`
-	LastRefreshAt       int64  `json:"last_refresh_at,omitempty"`
-	LastTestAt          int64  `json:"last_test_at,omitempty"`
-	LastTestStatus      int8   `json:"last_test_status"`
-	LastTestLatencyMs   int    `json:"last_test_latency_ms"`
-	LastTestError       string `json:"last_test_error,omitempty"`
-	PlanType            string `json:"plan_type,omitempty"`
-	DefaultModel        string `json:"default_model,omitempty"`
-	ImageQuotaRemaining int    `json:"image_quota_remaining,omitempty"`
-	ImageQuotaTotal     int    `json:"image_quota_total,omitempty"`
-	ImageQuotaResetAt   int64  `json:"image_quota_reset_at,omitempty"`
-	CreatedAt           int64  `json:"created_at"`
-	UpdatedAt           int64  `json:"updated_at"`
-}
-
-// AccountBatchDeleteReq 按 ID 批量软删（最多 2000 条）。
-type AccountBatchDeleteReq struct {
-	IDs []uint64 `json:"ids" binding:"required,min=1,max=2000,dive,min=1"`
-}
-
-// AccountPurgeReq 按条件批量软删。
-// invalid：status∈{0,2} 或 last_test_status=失败。
-// all：当前列表中未软删的全部账号；须 confirm=DELETE_ALL_ACCOUNTS。
-type AccountPurgeReq struct {
-	Scope    string `json:"scope" binding:"required,oneof=all invalid zero_quota"`
-	Provider string `json:"provider" binding:"omitempty,oneof=gpt grok"`
-	Confirm  string `json:"confirm"`
-}
-
-// AccountBulkOpResult 批量删除结果。
-type AccountBulkOpResult struct {
-	Deleted int64 `json:"deleted"`
-}
-
-// AccountSecretsResp 仅管理员可见，返回单个账号的明文凭证。
-// 用于编辑面板回显已存值；解密失败的字段返回空串。
-type AccountSecretsResp struct {
-	Credential   string `json:"credential,omitempty"`
-	AccessToken  string `json:"access_token,omitempty"`
-	RefreshToken string `json:"refresh_token,omitempty"`
-	SessionToken string `json:"session_token,omitempty"`
-	ClientID     string `json:"client_id,omitempty"`
-}
diff --git a/backend/internal/dto/admin_billing.go b/backend/internal/dto/admin_billing.go
deleted file mode 100644
index 1334dffa..00000000
--- a/backend/internal/dto/admin_billing.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package dto
-
-type AdminWalletLogListReq struct {
-	Keyword   string `form:"keyword" binding:"omitempty,max=128"`
-	UserID    uint64 `form:"user_id" binding:"omitempty,min=1"`
-	BizType   string `form:"biz_type" binding:"omitempty,max=32"`
-	Direction *int   `form:"direction" binding:"omitempty,oneof=-1 1"`
-	Page      int    `form:"page" binding:"omitempty,min=1"`
-	PageSize  int    `form:"page_size" binding:"omitempty,min=1,max=200"`
-}
-
-type AdminWalletLogResp struct {
-	ID           uint64 `json:"id"`
-	CreatedAt    int64  `json:"created_at"`
-	UserID       uint64 `json:"user_id"`
-	UserLabel    string `json:"user_label"`
-	Direction    int8   `json:"direction"`
-	BizType      string `json:"biz_type"`
-	BizID        string `json:"biz_id"`
-	Points       int64  `json:"points"`
-	PointsBefore int64  `json:"points_before"`
-	PointsAfter  int64  `json:"points_after"`
-	Remark       string `json:"remark,omitempty"`
-}
diff --git a/backend/internal/dto/admin_dashboard.go b/backend/internal/dto/admin_dashboard.go
deleted file mode 100644
index ca2a7af7..00000000
--- a/backend/internal/dto/admin_dashboard.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package dto
-
-type AdminDashboardOverviewResp struct {
-	GeneratedToday    int64                   `json:"generated_today"`
-	GeneratedTotal    int64                   `json:"generated_total"`
-	ImageToday        int64                   `json:"image_today"`
-	ImageTotal        int64                   `json:"image_total"`
-	VideoToday        int64                   `json:"video_today"`
-	VideoTotal        int64                   `json:"video_total"`
-	TextTokensToday   int64                   `json:"text_tokens_today"`
-	TextTokensTotal   int64                   `json:"text_tokens_total"`
-	CostPointsToday   int64                   `json:"cost_points_today"`
-	CostPointsTotal   int64                   `json:"cost_points_total"`
-	WalletSpendToday  int64                   `json:"wallet_spend_today"`
-	WalletSpendTotal  int64                   `json:"wallet_spend_total"`
-	UsersTotal        int64                   `json:"users_total"`
-	UsersToday        int64                   `json:"users_today"`
-	ActiveUsersToday  int64                   `json:"active_users_today"`
-	SuccessRateToday  float64                 `json:"success_rate_today"`
-	AccountProviders  []*DashboardProviderRow `json:"account_providers"`
-	RecentGenerations []*DashboardRecentTask  `json:"recent_generations"`
-	Trend             []*DashboardTrendPoint  `json:"trend"`
-}
-
-type DashboardProviderRow struct {
-	Provider       string `json:"provider"`
-	Total          int64  `json:"total"`
-	Enabled        int64  `json:"enabled"`
-	Available      int64  `json:"available"`
-	Broken         int64  `json:"broken"`
-	TestOK         int64  `json:"test_ok"`
-	QuotaRemaining int64  `json:"quota_remaining"`
-	QuotaTotal     int64  `json:"quota_total"`
-	QuotaUsed      int64  `json:"quota_used"`
-	SuccessCount   int64  `json:"success_count"`
-	ErrorCount     int64  `json:"error_count"`
-}
-
-type DashboardRecentTask struct {
-	TaskID     string `json:"task_id"`
-	CreatedAt  int64  `json:"created_at"`
-	UserLabel  string `json:"user_label"`
-	Kind       string `json:"kind"`
-	ModelCode  string `json:"model_code"`
-	Count      int    `json:"count"`
-	Status     int8   `json:"status"`
-	CostPoints int64  `json:"cost_points"`
-}
-
-type DashboardTrendPoint struct {
-	Date       string `json:"date"`
-	Generated  int64  `json:"generated"`
-	CostPoints int64  `json:"cost_points"`
-}
diff --git a/backend/internal/dto/admin_log.go b/backend/internal/dto/admin_log.go
deleted file mode 100644
index 0e11c127..00000000
--- a/backend/internal/dto/admin_log.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package dto
-
-type AdminGenerationLogListReq struct {
-	Keyword  string `form:"keyword" binding:"omitempty,max=128"`
-	Kind     string `form:"kind" binding:"omitempty,oneof=image video chat text"`
-	Status   *int   `form:"status" binding:"omitempty,oneof=0 1 2 3 4"`
-	Page     int    `form:"page" binding:"omitempty,min=1"`
-	PageSize int    `form:"page_size" binding:"omitempty,min=1,max=200"`
-}
-
-type AdminGenerationLogResp struct {
-	TaskID     string `json:"task_id"`
-	CreatedAt  int64  `json:"created_at"`
-	UserID     uint64 `json:"user_id"`
-	UserLabel  string `json:"user_label"`
-	APIKeyID   uint64 `json:"api_key_id,omitempty"`
-	KeyLabel   string `json:"key_label,omitempty"`
-	Kind       string `json:"kind"`
-	ModelCode  string `json:"model_code"`
-	Prompt     string `json:"prompt"`
-	Status     int8   `json:"status"`
-	DurationMs int64  `json:"duration_ms,omitempty"`
-	CostPoints int64  `json:"cost_points"`
-	PreviewURL string `json:"preview_url,omitempty"`
-	Error      string `json:"error,omitempty"`
-}
-
-type AdminGenerationLogPurgeReq struct {
-	Days int `json:"days" binding:"required,min=1,max=3650"`
-}
-
-type AdminGenerationLogPurgeResp struct {
-	Deleted int64 `json:"deleted"`
-}
-
-type AdminGenerationUpstreamLogResp struct {
-	ID              uint64  `json:"id"`
-	TaskID          string  `json:"task_id"`
-	Provider        string  `json:"provider"`
-	AccountID       *uint64 `json:"account_id,omitempty"`
-	Stage           string  `json:"stage"`
-	Method          string  `json:"method,omitempty"`
-	URL             string  `json:"url,omitempty"`
-	StatusCode      int     `json:"status_code"`
-	DurationMs      int64   `json:"duration_ms"`
-	RequestExcerpt  string  `json:"request_excerpt,omitempty"`
-	ResponseExcerpt string  `json:"response_excerpt,omitempty"`
-	Error           string  `json:"error,omitempty"`
-	Meta            string  `json:"meta,omitempty"`
-	CreatedAt       int64   `json:"created_at"`
-}
diff --git a/backend/internal/dto/admin_promo.go b/backend/internal/dto/admin_promo.go
deleted file mode 100644
index 7d6febce..00000000
--- a/backend/internal/dto/admin_promo.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package dto
-
-type AdminPromoListReq struct {
-	Keyword      string `form:"keyword" binding:"omitempty,max=128"`
-	Status       *int   `form:"status" binding:"omitempty,oneof=0 1"`
-	DiscountType *int   `form:"discount_type" binding:"omitempty,oneof=1 2 3"`
-	Page         int    `form:"page" binding:"omitempty,min=1"`
-	PageSize     int    `form:"page_size" binding:"omitempty,min=1,max=200"`
-}
-
-type AdminPromoResp struct {
-	ID           uint64 `json:"id"`
-	Code         string `json:"code"`
-	Name         string `json:"name"`
-	DiscountType int8   `json:"discount_type"`
-	DiscountVal  int64  `json:"discount_val"`
-	MinAmount    int64  `json:"min_amount"`
-	ApplyTo      string `json:"apply_to"`
-	TotalQty     int    `json:"total_qty"`
-	UsedQty      int    `json:"used_qty"`
-	PerUserLimit int    `json:"per_user_limit"`
-	StartAt      int64  `json:"start_at"`
-	EndAt        int64  `json:"end_at"`
-	Status       int8   `json:"status"`
-	CreatedAt    int64  `json:"created_at"`
-	UpdatedAt    int64  `json:"updated_at"`
-}
-
-type AdminPromoCreateReq struct {
-	Code         string `json:"code" binding:"required,max=32"`
-	Name         string `json:"name" binding:"required,max=64"`
-	DiscountType int8   `json:"discount_type" binding:"required,oneof=1 2 3"`
-	DiscountVal  int64  `json:"discount_val" binding:"required,min=1"`
-	MinAmount    int64  `json:"min_amount" binding:"omitempty,min=0"`
-	ApplyTo      string `json:"apply_to" binding:"omitempty,max=64"`
-	TotalQty     int    `json:"total_qty" binding:"omitempty,min=0"`
-	PerUserLimit int    `json:"per_user_limit" binding:"omitempty,min=0"`
-	StartAt      int64  `json:"start_at" binding:"omitempty,min=0"`
-	EndAt        int64  `json:"end_at" binding:"required,min=1"`
-	Status       *int8  `json:"status" binding:"omitempty,oneof=0 1"`
-}
-
-type AdminPromoUpdateReq struct {
-	Code         *string `json:"code" binding:"omitempty,max=32"`
-	Name         *string `json:"name" binding:"omitempty,max=64"`
-	DiscountType *int8   `json:"discount_type" binding:"omitempty,oneof=1 2 3"`
-	DiscountVal  *int64  `json:"discount_val" binding:"omitempty,min=1"`
-	MinAmount    *int64  `json:"min_amount" binding:"omitempty,min=0"`
-	ApplyTo      *string `json:"apply_to" binding:"omitempty,max=64"`
-	TotalQty     *int    `json:"total_qty" binding:"omitempty,min=0"`
-	PerUserLimit *int    `json:"per_user_limit" binding:"omitempty,min=0"`
-	StartAt      *int64  `json:"start_at" binding:"omitempty,min=0"`
-	EndAt        *int64  `json:"end_at" binding:"omitempty,min=1"`
-	Status       *int8   `json:"status" binding:"omitempty,oneof=0 1"`
-}
diff --git a/backend/internal/dto/admin_user.go b/backend/internal/dto/admin_user.go
deleted file mode 100644
index baf4e522..00000000
--- a/backend/internal/dto/admin_user.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package dto
-
-// AdminUserListReq is the admin-side user list query.
-type AdminUserListReq struct {
-	Keyword  string `form:"keyword" binding:"omitempty,max=128"`
-	Status   *int   `form:"status" binding:"omitempty,oneof=0 1"`
-	Page     int    `form:"page" binding:"omitempty,min=1"`
-	PageSize int    `form:"page_size" binding:"omitempty,min=1,max=200"`
-}
-
-type AdminUserResp struct {
-	ID            uint64  `json:"id"`
-	UUID          string  `json:"uuid"`
-	Email         string  `json:"email,omitempty"`
-	Phone         string  `json:"phone,omitempty"`
-	Username      string  `json:"username,omitempty"`
-	Avatar        string  `json:"avatar,omitempty"`
-	Points        int64   `json:"points"`
-	FrozenPoints  int64   `json:"frozen_points"`
-	TotalRecharge int64   `json:"total_recharge"`
-	PlanCode      string  `json:"plan_code"`
-	PlanExpireAt  int64   `json:"plan_expire_at,omitempty"`
-	InviterID     *uint64 `json:"inviter_id,omitempty"`
-	InviteCode    string  `json:"invite_code"`
-	Status        int8    `json:"status"`
-	RegisterIP    string  `json:"register_ip,omitempty"`
-	LastLoginAt   int64   `json:"last_login_at,omitempty"`
-	LastLoginIP   string  `json:"last_login_ip,omitempty"`
-	CreatedAt     int64   `json:"created_at"`
-	UpdatedAt     int64   `json:"updated_at"`
-}
-
-type AdminUserCreateReq struct {
-	Account  string `json:"account" binding:"required,max=128"`
-	Password string `json:"password" binding:"required,min=6,max=72"`
-	Username string `json:"username" binding:"omitempty,max=64"`
-	Points   int64  `json:"points" binding:"omitempty,min=0"`
-	Status   *int8  `json:"status" binding:"omitempty,oneof=0 1"`
-}
-
-type AdminUserUpdateReq struct {
-	Email        *string `json:"email" binding:"omitempty,max=128"`
-	Phone        *string `json:"phone" binding:"omitempty,max=20"`
-	Username     *string `json:"username" binding:"omitempty,max=64"`
-	Avatar       *string `json:"avatar" binding:"omitempty,max=255"`
-	Password     *string `json:"password" binding:"omitempty,min=6,max=72"`
-	Status       *int8   `json:"status" binding:"omitempty,oneof=0 1"`
-	PlanCode     *string `json:"plan_code" binding:"omitempty,max=32"`
-	PlanExpireAt *int64  `json:"plan_expire_at" binding:"omitempty,min=0"`
-}
-
-type AdminUserAdjustPointsReq struct {
-	Action string `json:"action" binding:"required,oneof=recharge deduct"`
-	Points int64  `json:"points" binding:"required,min=1"`
-	Remark string `json:"remark" binding:"omitempty,max=255"`
-}
-
-type AdminUserAdjustPointsResp struct {
-	PointsBefore int64 `json:"points_before"`
-	PointsAfter  int64 `json:"points_after"`
-}
diff --git a/backend/internal/dto/apikey.go b/backend/internal/dto/apikey.go
deleted file mode 100644
index 65eedcec..00000000
--- a/backend/internal/dto/apikey.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Package dto API Key 入参 / 出参。
-package dto
-
-// APIKeyCreateReq 创建 Key。
-type APIKeyCreateReq struct {
-	Name       string `json:"name"        binding:"required,min=1,max=64"`
-	Scope      string `json:"scope"       binding:"omitempty,max=255"`
-	RPMLimit   int    `json:"rpm_limit"   binding:"omitempty,min=0,max=10000"`
-	DailyQuota int    `json:"daily_quota" binding:"omitempty,min=0"`
-	ExpireDays int    `json:"expire_days" binding:"omitempty,min=0,max=3650"`
-}
-
-// APIKeyCreateResp 创建返回（含明文，仅一次）。
-type APIKeyCreateResp struct {
-	ID        uint64 `json:"id"`
-	Name      string `json:"name"`
-	Plain     string `json:"plain"`
-	Prefix    string `json:"prefix"`
-	Last4     string `json:"last4"`
-	Scope     string `json:"scope"`
-	CreatedAt int64  `json:"created_at"`
-}
-
-// APIKeyResp 列表 / 详情返回（已脱敏）。
-type APIKeyResp struct {
-	ID         uint64 `json:"id"`
-	Name       string `json:"name"`
-	Prefix     string `json:"prefix"`
-	Last4      string `json:"last4"`
-	Mask       string `json:"mask"`
-	Scope      string `json:"scope"`
-	RPMLimit   int    `json:"rpm_limit"`
-	DailyQuota int    `json:"daily_quota"`
-	Status     int8   `json:"status"`
-	ExpireAt   int64  `json:"expire_at,omitempty"`
-	LastUsedAt int64  `json:"last_used_at,omitempty"`
-	CreatedAt  int64  `json:"created_at"`
-}
diff --git a/backend/internal/dto/auth.go b/backend/internal/dto/auth.go
deleted file mode 100644
index bf2af615..00000000
--- a/backend/internal/dto/auth.go
+++ /dev/null
@@ -1,51 +0,0 @@
-// Package dto 接口出入参，仅做形状定义与校验，不含业务逻辑。
-package dto
-
-// RegisterReq 注册请求。
-type RegisterReq struct {
-	Account    string `json:"account"     binding:"required,min=3,max=64"`     // 邮箱 / 手机 / 用户名
-	Password   string `json:"password"    binding:"required,min=8,max=64"`
-	Code       string `json:"code"        binding:"omitempty,len=6"`           // 短信 / 邮箱验证码
-	InviteCode string `json:"invite_code" binding:"omitempty,max=16"`
-}
-
-// LoginReq 登录请求。
-type LoginReq struct {
-	Account  string `json:"account"  binding:"required,min=3,max=64"`
-	Password string `json:"password" binding:"required,min=6,max=64"`
-}
-
-// RefreshReq 刷新请求。
-type RefreshReq struct {
-	RefreshToken string `json:"refresh_token" binding:"required"`
-}
-
-// ChangePasswordReq 改密请求。
-type ChangePasswordReq struct {
-	OldPassword string `json:"old_password" binding:"required,min=6,max=64"`
-	NewPassword string `json:"new_password" binding:"required,min=8,max=64"`
-}
-
-// TokenPair 颁发的 token 对。
-type TokenPair struct {
-	AccessToken      string `json:"access_token"`
-	RefreshToken     string `json:"refresh_token"`
-	TokenType        string `json:"token_type"`
-	AccessExpireIn   int64  `json:"access_expire_in"`
-	RefreshExpireIn  int64  `json:"refresh_expire_in"`
-}
-
-// MeResp 当前用户信息。
-type MeResp struct {
-	UID         uint64  `json:"uid"`
-	UUID        string  `json:"uuid"`
-	Username    *string `json:"username,omitempty"`
-	Email       *string `json:"email,omitempty"`
-	Phone       *string `json:"phone,omitempty"`
-	Avatar      *string `json:"avatar,omitempty"`
-	Points      int64   `json:"points"`
-	FrozenPts   int64   `json:"frozen_points"`
-	PlanCode    string  `json:"plan_code"`
-	InviteCode  string  `json:"invite_code"`
-	CreatedAt   int64   `json:"created_at"`
-}
diff --git a/backend/internal/dto/billing.go b/backend/internal/dto/billing.go
deleted file mode 100644
index 90042495..00000000
--- a/backend/internal/dto/billing.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Package dto 计费相关 DTO。
-package dto
-
-// CDKRedeemReq 兑换 CDK。
-type CDKRedeemReq struct {
-	Code string `json:"code" binding:"required,min=4,max=32"`
-}
-
-// WalletLogResp 钱包流水响应（一行）。
-type WalletLogResp struct {
-	ID           uint64 `json:"id"`
-	Direction    int8   `json:"direction"`
-	BizType      string `json:"biz_type"`
-	BizID        string `json:"biz_id"`
-	Points       int64  `json:"points"`
-	PointsBefore int64  `json:"points_before"`
-	PointsAfter  int64  `json:"points_after"`
-	Remark       string `json:"remark,omitempty"`
-	CreatedAt    int64  `json:"created_at"`
-}
-
-// CDKBatchCreateReq 管理后台创建 CDK 批次。
-type CDKBatchCreateReq struct {
-	BatchNo      string `json:"batch_no"       binding:"required,min=4,max=32"`
-	Name         string `json:"name"           binding:"required,min=1,max=64"`
-	Points       int64  `json:"points"         binding:"required,min=1"`
-	Qty          int    `json:"qty"            binding:"required,min=1,max=100000"`
-	PerUserLimit int    `json:"per_user_limit" binding:"omitempty,min=0"`
-	ExpireAt     int64  `json:"expire_at"      binding:"omitempty,min=0"` // unix
-}
diff --git a/backend/internal/dto/generation.go b/backend/internal/dto/generation.go
deleted file mode 100644
index 10e39f6b..00000000
--- a/backend/internal/dto/generation.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// Package dto 生成任务 DTO。
-package dto
-
-// CreateImageReq 创建生图任务。
-type CreateImageReq struct {
-	ModelCode string         `json:"model"        binding:"required,max=64"`
-	Prompt    string         `json:"prompt"       binding:"required,min=1,max=4000"`
-	NegPrompt string         `json:"neg_prompt"   binding:"omitempty,max=4000"`
-	Mode      string         `json:"mode"         binding:"omitempty,oneof=t2i i2i"`
-	Count     int            `json:"count"        binding:"omitempty,min=1,max=4"`
-	Ratio     string         `json:"ratio"        binding:"omitempty"`
-	Quality   string         `json:"quality"      binding:"omitempty,oneof=draft standard hd"`
-	RefAssets []string       `json:"ref_assets"   binding:"omitempty"`
-	Params    map[string]any `json:"params"       binding:"omitempty"`
-}
-
-// CreateVideoReq 创建生视频任务。
-type CreateVideoReq struct {
-	ModelCode string         `json:"model"        binding:"required,max=64"`
-	Prompt    string         `json:"prompt"       binding:"required,min=1,max=4000"`
-	Mode      string         `json:"mode"         binding:"omitempty,oneof=t2v i2v"`
-	Duration  int            `json:"duration"     binding:"omitempty,min=2,max=60"`
-	Ratio     string         `json:"ratio"        binding:"omitempty"`
-	Quality   string         `json:"quality"      binding:"omitempty,oneof=draft standard hd"`
-	RefAssets []string       `json:"ref_assets"   binding:"omitempty"`
-	Params    map[string]any `json:"params"       binding:"omitempty"`
-}
-
-// CreateTextReq 创建文字创作任务。
-type CreateTextReq struct {
-	ModelCode string   `json:"model"      binding:"omitempty,max=64"`
-	Prompt    string   `json:"prompt"     binding:"required,min=1,max=5000"`
-	MaxTokens int      `json:"max_tokens" binding:"omitempty,min=1,max=8000"`
-	Images    []string `json:"images"     binding:"omitempty"`
-}
-
-// TextGenerationResp 文字创作响应。
-type TextGenerationResp struct {
-	ID               string `json:"id"`
-	ModelCode        string `json:"model"`
-	Content          string `json:"content"`
-	PromptTokens     int    `json:"prompt_tokens"`
-	CompletionTokens int    `json:"completion_tokens"`
-	TotalTokens      int    `json:"total_tokens"`
-}
-
-// GenerationTaskResp 任务响应（精简）。
-type GenerationTaskResp struct {
-	TaskID     string                 `json:"task_id"`
-	Kind       string                 `json:"kind"`
-	Status     int8                   `json:"status"`
-	Progress   int8                   `json:"progress"`
-	ModelCode  string                 `json:"model"`
-	Prompt     string                 `json:"prompt,omitempty"`
-	CostPoints int64                  `json:"cost_points"`
-	Error      string                 `json:"error,omitempty"`
-	Results    []GenerationResultResp `json:"results,omitempty"`
-	CreatedAt  int64                  `json:"created_at"`
-}
-
-// GenerationResultResp 单条结果。
-type GenerationResultResp struct {
-	URL        string `json:"url"`
-	ThumbURL   string `json:"thumb_url,omitempty"`
-	Width      int    `json:"width,omitempty"`
-	Height     int    `json:"height,omitempty"`
-	DurationMs int    `json:"duration_ms,omitempty"`
-}
diff --git a/backend/internal/dto/proxy.go b/backend/internal/dto/proxy.go
deleted file mode 100644
index 5cb217be..00000000
--- a/backend/internal/dto/proxy.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package dto
-
-// ProxyCreateReq 创建代理。
-type ProxyCreateReq struct {
-	Name     string `json:"name"     binding:"required,min=1,max=128"`
-	Protocol string `json:"protocol" binding:"required,oneof=http https socks5 socks5h"`
-	Host     string `json:"host"     binding:"required,min=1,max=255"`
-	Port     uint16 `json:"port"     binding:"required,min=1,max=65535"`
-	Username string `json:"username" binding:"omitempty,max=255"`
-	Password string `json:"password" binding:"omitempty,max=255"`
-	Remark   string `json:"remark"   binding:"omitempty,max=255"`
-}
-
-// ProxyUpdateReq 更新代理。
-type ProxyUpdateReq struct {
-	Name     *string `json:"name"     binding:"omitempty,min=1,max=128"`
-	Protocol *string `json:"protocol" binding:"omitempty,oneof=http https socks5 socks5h"`
-	Host     *string `json:"host"     binding:"omitempty,min=1,max=255"`
-	Port     *uint16 `json:"port"     binding:"omitempty,min=1,max=65535"`
-	Username *string `json:"username" binding:"omitempty,max=255"`
-	Password *string `json:"password" binding:"omitempty,max=255"`
-	Status   *int8   `json:"status"   binding:"omitempty,oneof=0 1"`
-	Remark   *string `json:"remark"   binding:"omitempty,max=255"`
-}
-
-// ProxyListReq 列表过滤。
-type ProxyListReq struct {
-	Status   *int8  `form:"status"`
-	Keyword  string `form:"keyword"   binding:"omitempty,max=64"`
-	Page     int    `form:"page"      binding:"omitempty,min=1"`
-	PageSize int    `form:"page_size" binding:"omitempty,min=1,max=200"`
-}
-
-// ProxyResp 出参（密码不返回）。
-type ProxyResp struct {
-	ID           uint64 `json:"id"`
-	Name         string `json:"name"`
-	Protocol     string `json:"protocol"`
-	Host         string `json:"host"`
-	Port         uint16 `json:"port"`
-	Username     string `json:"username,omitempty"`
-	HasPassword  bool   `json:"has_password"`
-	Status       int8   `json:"status"`
-	LastCheckAt  int64  `json:"last_check_at,omitempty"`
-	LastCheckOK  int8   `json:"last_check_ok"`
-	LastCheckMs  int    `json:"last_check_ms"`
-	LastError    string `json:"last_error,omitempty"`
-	Remark       string `json:"remark,omitempty"`
-	CreatedAt    int64  `json:"created_at"`
-	UpdatedAt    int64  `json:"updated_at"`
-}
-
-// ProxyTestResp 代理测试响应。
-type ProxyTestResp struct {
-	OK        bool   `json:"ok"`
-	LatencyMs int    `json:"latency_ms"`
-	Error     string `json:"error,omitempty"`
-}
diff --git a/backend/internal/handler/admin_account_handler.go b/backend/internal/handler/admin_account_handler.go
deleted file mode 100644
index 1655cd29..00000000
--- a/backend/internal/handler/admin_account_handler.go
+++ /dev/null
@@ -1,255 +0,0 @@
-// Package handler 管理后台 - 账号池 handler。
-package handler
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// AdminAccountHandler /admin/api/v1/accounts 资源 handler。
-type AdminAccountHandler struct {
-	svc  *service.AccountAdminService
-	pool *service.AccountPool
-}
-
-// NewAdminAccountHandler 构造。
-func NewAdminAccountHandler(svc *service.AccountAdminService, pool *service.AccountPool) *AdminAccountHandler {
-	return &AdminAccountHandler{svc: svc, pool: pool}
-}
-
-// List GET /admin/api/v1/accounts
-func (h *AdminAccountHandler) List(c *gin.Context) {
-	var req dto.AccountListReq
-	if err := c.ShouldBindQuery(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	items, total, err := h.svc.List(c.Request.Context(), &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	page, pageSize := req.Page, req.PageSize
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 {
-		pageSize = 20
-	}
-	response.Page(c, items, total, page, pageSize)
-}
-
-// Create POST /admin/api/v1/accounts
-func (h *AdminAccountHandler) Create(c *gin.Context) {
-	var req dto.AccountCreateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	uid := middleware.UID(c)
-	a, err := h.svc.Create(c.Request.Context(), uid, &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{"id": a.ID})
-}
-
-// Update PUT /admin/api/v1/accounts/:id
-func (h *AdminAccountHandler) Update(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	var req dto.AccountUpdateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	if err := h.svc.Update(c.Request.Context(), id, &req); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
-
-// Delete DELETE /admin/api/v1/accounts/:id
-func (h *AdminAccountHandler) Delete(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	if err := h.svc.Delete(c.Request.Context(), id); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
-
-// BatchImport POST /admin/api/v1/accounts/import
-func (h *AdminAccountHandler) BatchImport(c *gin.Context) {
-	const maxSub2APIChunk = 500
-	var req dto.AccountBatchImportReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	format := strings.ToLower(strings.TrimSpace(req.Format))
-	if format == "" {
-		if len(req.Accounts) > 0 {
-			format = "sub2api"
-		} else {
-			format = "lines"
-		}
-	}
-	req.Format = format
-	switch format {
-	case "sub2api":
-		if len(req.Accounts) == 0 {
-			response.Fail(c, errcode.InvalidParam.WithMsg("sub2api 导入需提供非空 accounts"))
-			return
-		}
-		if len(req.Accounts) > maxSub2APIChunk {
-			response.Fail(c, errcode.InvalidParam.WithMsg(fmt.Sprintf("单次最多导入 %d 条，请拆分多次请求", maxSub2APIChunk)))
-			return
-		}
-	case "lines":
-		// ok
-	default:
-		response.Fail(c, errcode.InvalidParam.WithMsg("format 仅支持 lines / sub2api"))
-		return
-	}
-	uid := middleware.UID(c)
-	res, err := h.svc.BatchImport(c.Request.Context(), uid, &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, res)
-}
-
-// BatchDelete POST /admin/api/v1/accounts/batch-delete
-func (h *AdminAccountHandler) BatchDelete(c *gin.Context) {
-	var req dto.AccountBatchDeleteReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	n, err := h.svc.BatchDeleteByIDs(c.Request.Context(), req.IDs)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, dto.AccountBulkOpResult{Deleted: n})
-}
-
-// Purge POST /admin/api/v1/accounts/purge
-func (h *AdminAccountHandler) Purge(c *gin.Context) {
-	var req dto.AccountPurgeReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	n, err := h.svc.PurgeAccounts(c.Request.Context(), &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, dto.AccountBulkOpResult{Deleted: n})
-}
-
-// PoolStats GET /admin/api/v1/accounts/stats
-func (h *AdminAccountHandler) PoolStats(c *gin.Context) {
-	response.OK(c, gin.H{"pool": h.pool.Stats()})
-}
-
-// Test POST /admin/api/v1/accounts/:id/test
-func (h *AdminAccountHandler) Test(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	res, err := h.svc.Test(c.Request.Context(), id)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, res)
-}
-
-// Secrets GET /admin/api/v1/accounts/:id/secrets
-//
-// 仅管理员可见，返回单个账号的明文凭证（解密后），用于编辑面板回显。
-func (h *AdminAccountHandler) Secrets(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	res, err := h.svc.GetSecrets(c.Request.Context(), id)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, res)
-}
-
-// RefreshOAuth POST /admin/api/v1/accounts/:id/refresh
-func (h *AdminAccountHandler) RefreshOAuth(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	res, err := h.svc.RefreshOAuth(c.Request.Context(), id)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, res)
-}
-
-// BatchRefresh POST /admin/api/v1/accounts/batch-refresh
-//
-// Body: { "provider": "gpt" } 留空表示全部。
-func (h *AdminAccountHandler) BatchRefresh(c *gin.Context) {
-	var body struct {
-		Provider string `json:"provider"`
-		Page     int    `json:"page"`
-		PageSize int    `json:"page_size"`
-	}
-	_ = c.ShouldBindJSON(&body)
-	res, err := h.svc.BatchRefreshOAuth(c.Request.Context(), body.Provider, body.Page, body.PageSize)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, res)
-}
-
-func (h *AdminAccountHandler) BatchProbeQuota(c *gin.Context) {
-	var body struct {
-		Provider string `json:"provider"`
-		Page     int    `json:"page"`
-		PageSize int    `json:"page_size"`
-	}
-	_ = c.ShouldBindJSON(&body)
-	res, err := h.svc.BatchProbeQuota(c.Request.Context(), body.Provider, body.Page, body.PageSize)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, res)
-}
diff --git a/backend/internal/handler/admin_auth_handler.go b/backend/internal/handler/admin_auth_handler.go
deleted file mode 100644
index 9f835289..00000000
--- a/backend/internal/handler/admin_auth_handler.go
+++ /dev/null
@@ -1,84 +0,0 @@
-// Package handler 管理后台 - auth handler。
-package handler
-
-import (
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// AdminAuthHandler 后台认证 handler。
-type AdminAuthHandler struct {
-	auth *service.AdminAuthService
-	repo *repo.AdminRepo
-}
-
-// NewAdminAuthHandler 构造。
-func NewAdminAuthHandler(auth *service.AdminAuthService, r *repo.AdminRepo) *AdminAuthHandler {
-	return &AdminAuthHandler{auth: auth, repo: r}
-}
-
-// Login POST /admin/api/v1/auth/login
-func (h *AdminAuthHandler) Login(c *gin.Context) {
-	var req dto.LoginReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	u, tok, err := h.auth.Login(c.Request.Context(), &req, c.ClientIP())
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{
-		"id":       u.ID,
-		"username": u.Username,
-		"nickname": u.Nickname,
-		"role_id":  u.RoleID,
-		"token":    tok,
-	})
-}
-
-// Me GET /admin/api/v1/auth/me
-func (h *AdminAuthHandler) Me(c *gin.Context) {
-	uid := middleware.MustUID(c)
-	u, err := h.repo.GetByID(c.Request.Context(), uid)
-	if err != nil {
-		response.Fail(c, errcode.UserNotFound)
-		return
-	}
-	role, _ := h.repo.GetRoleByID(c.Request.Context(), u.RoleID)
-	roleCode, roleName := "", ""
-	if role != nil {
-		roleCode, roleName = role.Code, role.Name
-	}
-	response.OK(c, gin.H{
-		"id":        u.ID,
-		"username":  u.Username,
-		"nickname":  u.Nickname,
-		"email":     u.Email,
-		"role_id":   u.RoleID,
-		"role_code": roleCode,
-		"role_name": roleName,
-	})
-}
-
-// ChangePassword POST /admin/api/v1/auth/password
-func (h *AdminAuthHandler) ChangePassword(c *gin.Context) {
-	uid := middleware.MustUID(c)
-	var req dto.ChangePasswordReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	if err := h.auth.ChangePassword(c.Request.Context(), uid, &req); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{"ok": true})
-}
diff --git a/backend/internal/handler/admin_billing_handler.go b/backend/internal/handler/admin_billing_handler.go
deleted file mode 100644
index 45c7ba80..00000000
--- a/backend/internal/handler/admin_billing_handler.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package handler
-
-import (
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-type AdminBillingHandler struct {
-	wallet *repo.WalletRepo
-}
-
-func NewAdminBillingHandler(wallet *repo.WalletRepo) *AdminBillingHandler {
-	return &AdminBillingHandler{wallet: wallet}
-}
-
-func (h *AdminBillingHandler) WalletLogs(c *gin.Context) {
-	var req dto.AdminWalletLogListReq
-	if err := c.ShouldBindQuery(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	rows, total, err := h.wallet.ListAdminLogs(c.Request.Context(), repo.AdminWalletLogFilter{
-		Keyword:   req.Keyword,
-		UserID:    req.UserID,
-		BizType:   req.BizType,
-		Direction: req.Direction,
-		Page:      req.Page,
-		PageSize:  req.PageSize,
-	})
-	if err != nil {
-		response.Fail(c, errcode.DBError.Wrap(err))
-		return
-	}
-	out := make([]*dto.AdminWalletLogResp, 0, len(rows))
-	for _, row := range rows {
-		item := &dto.AdminWalletLogResp{
-			ID:           row.ID,
-			CreatedAt:    row.CreatedAt.Unix(),
-			UserID:       row.UserID,
-			UserLabel:    row.UserLabel,
-			Direction:    row.Direction,
-			BizType:      row.BizType,
-			BizID:        row.BizID,
-			Points:       row.Points,
-			PointsBefore: row.PointsBefore,
-			PointsAfter:  row.PointsAfter,
-		}
-		if row.Remark != nil {
-			item.Remark = *row.Remark
-		}
-		out = append(out, item)
-	}
-	page, pageSize := req.Page, req.PageSize
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 {
-		pageSize = 20
-	}
-	response.Page(c, out, total, page, pageSize)
-}
diff --git a/backend/internal/handler/admin_cdk_handler.go b/backend/internal/handler/admin_cdk_handler.go
deleted file mode 100644
index 602520d8..00000000
--- a/backend/internal/handler/admin_cdk_handler.go
+++ /dev/null
@@ -1,49 +0,0 @@
-// Package handler 管理后台 - CDK handler。
-package handler
-
-import (
-	"time"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// AdminCDKHandler 管理后台 CDK 批次 handler。
-type AdminCDKHandler struct {
-	svc *service.CDKService
-}
-
-// NewAdminCDKHandler 构造。
-func NewAdminCDKHandler(svc *service.CDKService) *AdminCDKHandler {
-	return &AdminCDKHandler{svc: svc}
-}
-
-// CreateBatch POST /admin/api/v1/cdk/batches
-func (h *AdminCDKHandler) CreateBatch(c *gin.Context) {
-	var req dto.CDKBatchCreateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	var expire *time.Time
-	if req.ExpireAt > 0 {
-		t := time.Unix(req.ExpireAt, 0).UTC()
-		expire = &t
-	}
-	uid := middleware.UID(c)
-	batch, err := h.svc.GenerateBatch(c.Request.Context(), uid, req.BatchNo, req.Name, req.Points, req.Qty, req.PerUserLimit, expire)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{
-		"id":        batch.ID,
-		"batch_no":  batch.BatchNo,
-		"total_qty": batch.TotalQty,
-	})
-}
diff --git a/backend/internal/handler/admin_dashboard_handler.go b/backend/internal/handler/admin_dashboard_handler.go
deleted file mode 100644
index 2a45c9f8..00000000
--- a/backend/internal/handler/admin_dashboard_handler.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package handler
-
-import (
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-type AdminDashboardHandler struct {
-	repo *repo.DashboardRepo
-}
-
-func NewAdminDashboardHandler(r *repo.DashboardRepo) *AdminDashboardHandler {
-	return &AdminDashboardHandler{repo: r}
-}
-
-func (h *AdminDashboardHandler) Overview(c *gin.Context) {
-	resp, err := h.repo.Overview(c.Request.Context())
-	if err != nil {
-		response.Fail(c, errcode.DBError.Wrap(err))
-		return
-	}
-	response.OK(c, resp)
-}
diff --git a/backend/internal/handler/admin_log_handler.go b/backend/internal/handler/admin_log_handler.go
deleted file mode 100644
index 8af15515..00000000
--- a/backend/internal/handler/admin_log_handler.go
+++ /dev/null
@@ -1,304 +0,0 @@
-package handler
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-type AdminLogHandler struct {
-	gen *repo.GenerationRepo
-	acc *repo.AccountRepo
-	aes *crypto.AESGCM
-}
-
-func NewAdminLogHandler(gen *repo.GenerationRepo, acc *repo.AccountRepo, aes *crypto.AESGCM) *AdminLogHandler {
-	return &AdminLogHandler{gen: gen, acc: acc, aes: aes}
-}
-
-func (h *AdminLogHandler) GenerationLogs(c *gin.Context) {
-	var req dto.AdminGenerationLogListReq
-	if err := c.ShouldBindQuery(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	rows, total, err := h.gen.ListAdminLogs(c.Request.Context(), repo.AdminGenerationLogFilter{
-		Keyword:  req.Keyword,
-		Kind:     req.Kind,
-		Status:   req.Status,
-		Page:     req.Page,
-		PageSize: req.PageSize,
-	})
-	if err != nil {
-		response.Fail(c, errcode.DBError.Wrap(err))
-		return
-	}
-	out := make([]*dto.AdminGenerationLogResp, 0, len(rows))
-	for _, r := range rows {
-		item := &dto.AdminGenerationLogResp{
-			TaskID:     r.TaskID,
-			CreatedAt:  r.CreatedAt.Unix(),
-			UserID:     r.UserID,
-			UserLabel:  r.UserLabel,
-			Kind:       r.Kind,
-			ModelCode:  r.ModelCode,
-			Prompt:     r.Prompt,
-			Status:     r.Status,
-			CostPoints: r.CostPoints,
-		}
-		if r.APIKeyID != nil {
-			item.APIKeyID = *r.APIKeyID
-		}
-		if r.KeyLabel != nil {
-			item.KeyLabel = *r.KeyLabel
-		}
-		if r.DurationMs != nil {
-			item.DurationMs = *r.DurationMs
-		}
-		if r.PreviewURL != nil && *r.PreviewURL != "" {
-			item.PreviewURL = fmt.Sprintf("/admin/api/v1/logs/generations/%s/preview", r.TaskID)
-		}
-		if r.Error != nil {
-			item.Error = *r.Error
-		}
-		out = append(out, item)
-	}
-	page, pageSize := req.Page, req.PageSize
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 {
-		pageSize = 20
-	}
-	response.Page(c, out, total, page, pageSize)
-}
-
-func (h *AdminLogHandler) GenerationUpstreamLogs(c *gin.Context) {
-	taskID := strings.TrimSpace(c.Param("task_id"))
-	if taskID == "" {
-		response.Fail(c, errcode.InvalidParam.WithMsg("empty task_id"))
-		return
-	}
-	rows, err := h.gen.ListUpstreamLogs(c.Request.Context(), taskID)
-	if err != nil {
-		response.Fail(c, errcode.DBError.Wrap(err))
-		return
-	}
-	out := make([]*dto.AdminGenerationUpstreamLogResp, 0, len(rows))
-	for _, r := range rows {
-		item := &dto.AdminGenerationUpstreamLogResp{
-			ID:         r.ID,
-			TaskID:     r.TaskID,
-			Provider:   r.Provider,
-			AccountID:  r.AccountID,
-			Stage:      r.Stage,
-			StatusCode: r.StatusCode,
-			DurationMs: r.DurationMs,
-			CreatedAt:  r.CreatedAt.Unix(),
-		}
-		if r.Method != nil {
-			item.Method = *r.Method
-		}
-		if r.URL != nil {
-			item.URL = *r.URL
-		}
-		if r.RequestExcerpt != nil {
-			item.RequestExcerpt = *r.RequestExcerpt
-		}
-		if r.ResponseExcerpt != nil {
-			item.ResponseExcerpt = *r.ResponseExcerpt
-		}
-		if r.Error != nil {
-			item.Error = *r.Error
-		}
-		if r.Meta != nil {
-			item.Meta = *r.Meta
-		}
-		out = append(out, item)
-	}
-	response.OK(c, out)
-}
-
-// GenerationPreview proxies a request-log preview through the admin origin.
-func (h *AdminLogHandler) GenerationPreview(c *gin.Context) {
-	taskID := strings.TrimSpace(c.Param("task_id"))
-	t, err := h.gen.GetByTaskID(c.Request.Context(), taskID)
-	if err != nil {
-		response.Fail(c, errcode.ResourceMissing)
-		return
-	}
-	results, err := h.gen.ListResultsByTask(c.Request.Context(), taskID)
-	if err != nil || len(results) == 0 {
-		response.Fail(c, errcode.ResourceMissing)
-		return
-	}
-	r := results[0]
-	rawURL := r.URL
-	if t.Kind != "video" && r.ThumbURL != nil && *r.ThumbURL != "" {
-		rawURL = *r.ThumbURL
-	}
-	if t.Kind == "video" && c.Query("thumb") == "1" && r.ThumbURL != nil && *r.ThumbURL != "" {
-		rawURL = *r.ThumbURL
-	}
-	h.servePreviewURL(c, t, rawURL)
-}
-
-func (h *AdminLogHandler) servePreviewURL(c *gin.Context, t *model.GenerationTask, rawURL string) {
-	rawURL = strings.TrimSpace(rawURL)
-	if rawURL == "" {
-		response.Fail(c, errcode.ResourceMissing)
-		return
-	}
-	if strings.HasPrefix(rawURL, "/api/v1/gen/cached/") {
-		serveAdminCachedAsset(c, strings.TrimPrefix(rawURL, "/api/v1/gen/cached/"))
-		return
-	}
-	if strings.HasPrefix(rawURL, "/admin/api/v1/") {
-		response.Fail(c, errcode.ResourceMissing)
-		return
-	}
-	target := adminNormalizeGrokAssetURL(rawURL)
-	if strings.HasPrefix(target, "http://") || strings.HasPrefix(target, "https://") {
-		if !strings.Contains(target, "assets.grok.com") {
-			c.Redirect(http.StatusFound, target)
-			return
-		}
-		cookie, err := h.grokCookieForTask(c.Request.Context(), t)
-		if err != nil {
-			response.Fail(c, errcode.GPTUnavailable.WithMsg("资源下载凭证不可用"))
-			return
-		}
-		proxyRemoteAsset(c, target, cookie, rawURL)
-		return
-	}
-	response.Fail(c, errcode.ResourceMissing)
-}
-
-func serveAdminCachedAsset(c *gin.Context, rel string) {
-	rel = strings.TrimLeft(rel, "/")
-	if rel == "" || strings.Contains(rel, "..") {
-		response.Fail(c, errcode.InvalidParam.WithMsg("invalid asset path"))
-		return
-	}
-	root := strings.TrimSpace(os.Getenv("KLEIN_STORAGE_ROOT"))
-	if root == "" {
-		root = "/app/storage/public"
-	}
-	c.Header("Cache-Control", "public, max-age=86400")
-	c.File(filepath.Join(root, filepath.FromSlash(rel)))
-}
-
-func proxyRemoteAsset(c *gin.Context, target, cookie, rawURL string) {
-	req, err := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, target, nil)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	req.Header.Set("Cookie", cookie)
-	req.Header.Set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36")
-	req.Header.Set("Referer", "https://grok.com/")
-	req.Header.Set("Accept", "*/*")
-	resp, err := (&http.Client{Timeout: 2 * time.Minute}).Do(req)
-	if err != nil {
-		response.Fail(c, errcode.GPTUnavailable.Wrap(err))
-		return
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode/100 != 2 {
-		response.Fail(c, errcode.GPTUnavailable.WithMsg(fmt.Sprintf("资源下载失败 HTTP %d", resp.StatusCode)))
-		return
-	}
-	contentType := resp.Header.Get("Content-Type")
-	if contentType == "" {
-		contentType = "application/octet-stream"
-	}
-	c.Header("Content-Type", contentType)
-	c.Header("Cache-Control", "private, max-age=300")
-	c.Header("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, adminAssetName(rawURL)))
-	c.Status(http.StatusOK)
-	_, _ = io.Copy(c.Writer, resp.Body)
-}
-
-func adminNormalizeGrokAssetURL(v string) string {
-	v = strings.TrimSpace(v)
-	if v == "" || strings.HasPrefix(v, "http://") || strings.HasPrefix(v, "https://") || strings.HasPrefix(v, "data:") {
-		return v
-	}
-	return "https://assets.grok.com/" + strings.TrimLeft(v, "/")
-}
-
-func (h *AdminLogHandler) grokCookieForTask(ctx context.Context, t *model.GenerationTask) (string, error) {
-	if t.AccountID == nil || h.acc == nil || h.aes == nil {
-		return "", fmt.Errorf("missing account")
-	}
-	acc, err := h.acc.GetByID(ctx, *t.AccountID)
-	if err != nil {
-		return "", err
-	}
-	plain, err := h.aes.Decrypt(acc.CredentialEnc)
-	if err != nil {
-		return "", err
-	}
-	cred := strings.TrimSpace(string(plain))
-	if strings.Contains(cred, "=") {
-		if !strings.Contains(cred, "sso-rw=") {
-			if token := adminCookieValue(cred, "sso"); token != "" {
-				cred = strings.TrimRight(cred, "; ") + "; sso-rw=" + token
-			}
-		}
-		return cred, nil
-	}
-	return "sso=" + cred + "; sso-rw=" + cred, nil
-}
-
-func adminCookieValue(cookie, name string) string {
-	prefix := name + "="
-	for _, part := range strings.Split(cookie, ";") {
-		part = strings.TrimSpace(part)
-		if strings.HasPrefix(part, prefix) {
-			return strings.TrimPrefix(part, prefix)
-		}
-	}
-	return ""
-}
-
-func adminAssetName(rawURL string) string {
-	name := "asset"
-	if i := strings.LastIndex(rawURL, "/"); i >= 0 && i+1 < len(rawURL) {
-		name = rawURL[i+1:]
-	}
-	name = strings.TrimSpace(strings.Split(name, "?")[0])
-	if name == "" {
-		return "asset"
-	}
-	return name
-}
-
-func (h *AdminLogHandler) PurgeGenerationLogs(c *gin.Context) {
-	var req dto.AdminGenerationLogPurgeReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	before := time.Now().UTC().AddDate(0, 0, -req.Days)
-	deleted, err := h.gen.SoftDeleteAdminLogsBefore(c.Request.Context(), before)
-	if err != nil {
-		response.Fail(c, errcode.DBError.Wrap(err))
-		return
-	}
-	response.OK(c, &dto.AdminGenerationLogPurgeResp{Deleted: deleted})
-}
diff --git a/backend/internal/handler/admin_promo_handler.go b/backend/internal/handler/admin_promo_handler.go
deleted file mode 100644
index 2aeec3b2..00000000
--- a/backend/internal/handler/admin_promo_handler.go
+++ /dev/null
@@ -1,87 +0,0 @@
-package handler
-
-import (
-	"strconv"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-type AdminPromoHandler struct {
-	svc *service.AdminPromoService
-}
-
-func NewAdminPromoHandler(svc *service.AdminPromoService) *AdminPromoHandler {
-	return &AdminPromoHandler{svc: svc}
-}
-
-func (h *AdminPromoHandler) List(c *gin.Context) {
-	var req dto.AdminPromoListReq
-	if err := c.ShouldBindQuery(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	rows, total, err := h.svc.List(c.Request.Context(), &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	page, pageSize := req.Page, req.PageSize
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 {
-		pageSize = 20
-	}
-	response.Page(c, rows, total, page, pageSize)
-}
-
-func (h *AdminPromoHandler) Create(c *gin.Context) {
-	var req dto.AdminPromoCreateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	row, err := h.svc.Create(c.Request.Context(), &req, middleware.MustUID(c))
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{"id": row.ID})
-}
-
-func (h *AdminPromoHandler) Update(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	var req dto.AdminPromoUpdateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	if err := h.svc.Update(c.Request.Context(), id, &req); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
-
-func (h *AdminPromoHandler) Delete(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	if err := h.svc.Delete(c.Request.Context(), id); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
diff --git a/backend/internal/handler/admin_proxy_handler.go b/backend/internal/handler/admin_proxy_handler.go
deleted file mode 100644
index b9a74ddf..00000000
--- a/backend/internal/handler/admin_proxy_handler.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package handler
-
-import (
-	"strconv"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// AdminProxyHandler /admin/api/v1/proxies 资源 handler。
-type AdminProxyHandler struct {
-	svc     *service.ProxyService
-	testSvc *service.AccountTestService // 复用 TestProxy 探测能力
-}
-
-// NewAdminProxyHandler 构造。
-func NewAdminProxyHandler(svc *service.ProxyService, t *service.AccountTestService) *AdminProxyHandler {
-	return &AdminProxyHandler{svc: svc, testSvc: t}
-}
-
-// List GET /admin/api/v1/proxies
-func (h *AdminProxyHandler) List(c *gin.Context) {
-	var req dto.ProxyListReq
-	if err := c.ShouldBindQuery(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	items, total, err := h.svc.List(c.Request.Context(), &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	page, pageSize := req.Page, req.PageSize
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 {
-		pageSize = 50
-	}
-	response.Page(c, items, total, page, pageSize)
-}
-
-// Create POST /admin/api/v1/proxies
-func (h *AdminProxyHandler) Create(c *gin.Context) {
-	var req dto.ProxyCreateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	uid := middleware.UID(c)
-	p, err := h.svc.Create(c.Request.Context(), uid, &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{"id": p.ID})
-}
-
-// Update PUT /admin/api/v1/proxies/:id
-func (h *AdminProxyHandler) Update(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	var req dto.ProxyUpdateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	if err := h.svc.Update(c.Request.Context(), id, &req); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
-
-// Delete DELETE /admin/api/v1/proxies/:id
-func (h *AdminProxyHandler) Delete(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	if err := h.svc.Delete(c.Request.Context(), id); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
-
-// Test POST /admin/api/v1/proxies/:id/test
-//
-// 通过 https://www.google.com/generate_204 探测代理可达性。
-func (h *AdminProxyHandler) Test(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	if h.testSvc == nil {
-		response.Fail(c, errcode.Internal.WithMsg("测试服务未启用"))
-		return
-	}
-	p, err := h.svc.GetByID(c.Request.Context(), id)
-	if err != nil {
-		response.Fail(c, errcode.ResourceMissing)
-		return
-	}
-	res, err := h.testSvc.TestProxy(c.Request.Context(), p)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, res)
-}
diff --git a/backend/internal/handler/admin_system_handler.go b/backend/internal/handler/admin_system_handler.go
deleted file mode 100644
index a6b6f1a9..00000000
--- a/backend/internal/handler/admin_system_handler.go
+++ /dev/null
@@ -1,177 +0,0 @@
-package handler
-
-import (
-	"io/fs"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// AdminSystemHandler /admin/api/v1/system 资源 handler。
-type AdminSystemHandler struct {
-	svc *service.SystemConfigService
-}
-
-// NewAdminSystemHandler 构造。
-func NewAdminSystemHandler(svc *service.SystemConfigService) *AdminSystemHandler {
-	return &AdminSystemHandler{svc: svc}
-}
-
-// GetSettings GET /admin/api/v1/system/settings
-func (h *AdminSystemHandler) GetSettings(c *gin.Context) {
-	all, err := h.svc.GetAll(c.Request.Context())
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, all)
-}
-
-// UpdateSettings PUT /admin/api/v1/system/settings
-//
-// Body: { "<key>": <any-json>, ... }
-func (h *AdminSystemHandler) UpdateSettings(c *gin.Context) {
-	var body map[string]any
-	if err := c.ShouldBindJSON(&body); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	if len(body) == 0 {
-		response.OK(c, gin.H{"updated": 0})
-		return
-	}
-	uid := middleware.UID(c)
-	if err := h.svc.UpsertMany(c.Request.Context(), body, uid); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{"updated": len(body)})
-}
-
-// CacheStats GET /admin/api/v1/system/cache
-func (h *AdminSystemHandler) CacheStats(c *gin.Context) {
-	root, err := generatedCacheRoot()
-	if err != nil {
-		response.Fail(c, errcode.Internal.Wrap(err))
-		return
-	}
-	files, bytes, err := walkCache(root, nil)
-	if err != nil {
-		response.Fail(c, errcode.Internal.Wrap(err))
-		return
-	}
-	response.OK(c, gin.H{
-		"root":  root,
-		"files": files,
-		"bytes": bytes,
-	})
-}
-
-// CleanCache DELETE /admin/api/v1/system/cache
-func (h *AdminSystemHandler) CleanCache(c *gin.Context) {
-	var body struct {
-		Days int  `json:"days"`
-		All  bool `json:"all"`
-	}
-	if err := c.ShouldBindJSON(&body); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	if !body.All && body.Days <= 0 {
-		response.Fail(c, errcode.InvalidParam.WithMsg("days must be greater than 0"))
-		return
-	}
-	root, err := generatedCacheRoot()
-	if err != nil {
-		response.Fail(c, errcode.Internal.Wrap(err))
-		return
-	}
-	cutoff := time.Now().Add(-time.Duration(body.Days) * 24 * time.Hour)
-	deletedFiles, deletedBytes, err := cleanCache(root, body.All, cutoff)
-	if err != nil {
-		response.Fail(c, errcode.Internal.Wrap(err))
-		return
-	}
-	_, remainBytes, _ := walkCache(root, nil)
-	response.OK(c, gin.H{
-		"deleted_files": deletedFiles,
-		"deleted_bytes": deletedBytes,
-		"remain_bytes":  remainBytes,
-	})
-}
-
-func generatedCacheRoot() (string, error) {
-	root := strings.TrimSpace(os.Getenv("KLEIN_STORAGE_ROOT"))
-	if root == "" {
-		root = "/app/storage/public"
-	}
-	root = filepath.Clean(root)
-	cacheRoot := filepath.Clean(filepath.Join(root, "generated"))
-	if root == "." || cacheRoot == "." || !strings.HasPrefix(cacheRoot, root) {
-		return "", os.ErrInvalid
-	}
-	return cacheRoot, nil
-}
-
-func walkCache(root string, visit func(path string, info fs.FileInfo) error) (int64, int64, error) {
-	var files int64
-	var bytes int64
-	if _, err := os.Stat(root); os.IsNotExist(err) {
-		return 0, 0, nil
-	}
-	err := filepath.WalkDir(root, func(path string, d fs.DirEntry, err error) error {
-		if err != nil {
-			return err
-		}
-		if d.IsDir() {
-			return nil
-		}
-		info, err := d.Info()
-		if err != nil {
-			return err
-		}
-		files++
-		bytes += info.Size()
-		if visit != nil {
-			return visit(path, info)
-		}
-		return nil
-	})
-	return files, bytes, err
-}
-
-func cleanCache(root string, all bool, cutoff time.Time) (int64, int64, error) {
-	var deletedFiles int64
-	var deletedBytes int64
-	_, _, err := walkCache(root, func(path string, info fs.FileInfo) error {
-		if !all && info.ModTime().After(cutoff) {
-			return nil
-		}
-		size := info.Size()
-		if err := os.Remove(path); err != nil && !os.IsNotExist(err) {
-			return err
-		}
-		deletedFiles++
-		deletedBytes += size
-		return nil
-	})
-	if err != nil {
-		return deletedFiles, deletedBytes, err
-	}
-	_ = filepath.WalkDir(root, func(path string, d fs.DirEntry, err error) error {
-		if err != nil || path == root || !d.IsDir() {
-			return nil
-		}
-		_ = os.Remove(path)
-		return nil
-	})
-	return deletedFiles, deletedBytes, nil
-}
diff --git a/backend/internal/handler/admin_user_handler.go b/backend/internal/handler/admin_user_handler.go
deleted file mode 100644
index 1c6b01a4..00000000
--- a/backend/internal/handler/admin_user_handler.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package handler
-
-import (
-	"strconv"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-type AdminUserHandler struct {
-	svc *service.AdminUserService
-}
-
-func NewAdminUserHandler(svc *service.AdminUserService) *AdminUserHandler {
-	return &AdminUserHandler{svc: svc}
-}
-
-func (h *AdminUserHandler) List(c *gin.Context) {
-	var req dto.AdminUserListReq
-	if err := c.ShouldBindQuery(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	items, total, err := h.svc.List(c.Request.Context(), &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	page, pageSize := req.Page, req.PageSize
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 {
-		pageSize = 20
-	}
-	response.Page(c, items, total, page, pageSize)
-}
-
-func (h *AdminUserHandler) Create(c *gin.Context) {
-	var req dto.AdminUserCreateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	u, err := h.svc.Create(c.Request.Context(), &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{"id": u.ID})
-}
-
-func (h *AdminUserHandler) Update(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	var req dto.AdminUserUpdateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	if err := h.svc.Update(c.Request.Context(), id, &req); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
-
-func (h *AdminUserHandler) AdjustPoints(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	var req dto.AdminUserAdjustPointsReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	res, err := h.svc.AdjustPoints(c.Request.Context(), id, &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, res)
-}
diff --git a/backend/internal/handler/apikey_handler.go b/backend/internal/handler/apikey_handler.go
deleted file mode 100644
index 0d79b7a4..00000000
--- a/backend/internal/handler/apikey_handler.go
+++ /dev/null
@@ -1,82 +0,0 @@
-// Package handler API Key handler。
-package handler
-
-import (
-	"strconv"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// APIKeyHandler 用户端 API Key handler。
-type APIKeyHandler struct {
-	svc *service.APIKeyService
-}
-
-// NewAPIKeyHandler 构造。
-func NewAPIKeyHandler(svc *service.APIKeyService) *APIKeyHandler {
-	return &APIKeyHandler{svc: svc}
-}
-
-// Create POST /api/v1/keys
-func (h *APIKeyHandler) Create(c *gin.Context) {
-	var req dto.APIKeyCreateReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	uid := middleware.MustUID(c)
-	resp, err := h.svc.Create(c.Request.Context(), uid, &req)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, resp)
-}
-
-// List GET /api/v1/keys
-func (h *APIKeyHandler) List(c *gin.Context) {
-	uid := middleware.MustUID(c)
-	items, err := h.svc.List(c.Request.Context(), uid)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{"list": items})
-}
-
-// Toggle POST /api/v1/keys/:id/toggle?enable=1
-func (h *APIKeyHandler) Toggle(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	enable := c.DefaultQuery("enable", "1") == "1"
-	uid := middleware.MustUID(c)
-	if err := h.svc.Toggle(c.Request.Context(), uid, id, enable); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
-
-// Delete DELETE /api/v1/keys/:id
-func (h *APIKeyHandler) Delete(c *gin.Context) {
-	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam)
-		return
-	}
-	uid := middleware.MustUID(c)
-	if err := h.svc.Delete(c.Request.Context(), uid, id); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
diff --git a/backend/internal/handler/auth_handler.go b/backend/internal/handler/auth_handler.go
deleted file mode 100644
index 5fc9d043..00000000
--- a/backend/internal/handler/auth_handler.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// Package handler HTTP 入参解析、调 service、出参响应。禁止访问 db。
-package handler
-
-import (
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// AuthHandler 用户端 auth handler。
-type AuthHandler struct {
-	auth *service.AuthService
-	user *service.UserService
-}
-
-// NewAuthHandler 构造。
-func NewAuthHandler(a *service.AuthService, u *service.UserService) *AuthHandler {
-	return &AuthHandler{auth: a, user: u}
-}
-
-// Register POST /api/v1/auth/register
-func (h *AuthHandler) Register(c *gin.Context) {
-	var req dto.RegisterReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	u, tok, err := h.auth.Register(c.Request.Context(), &req, c.ClientIP())
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{
-		"uid":         u.ID,
-		"uuid":        u.UUID,
-		"invite_code": u.InviteCode,
-		"token":       tok,
-	})
-}
-
-// Login POST /api/v1/auth/login
-func (h *AuthHandler) Login(c *gin.Context) {
-	var req dto.LoginReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	u, tok, err := h.auth.Login(c.Request.Context(), &req, c.ClientIP())
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{
-		"uid":   u.ID,
-		"uuid":  u.UUID,
-		"token": tok,
-	})
-}
-
-// Refresh POST /api/v1/auth/refresh
-func (h *AuthHandler) Refresh(c *gin.Context) {
-	var req dto.RefreshReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	tok, err := h.auth.Refresh(c.Request.Context(), req.RefreshToken)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, tok)
-}
-
-// Logout POST /api/v1/auth/logout
-// 当前为无状态实现，前端清空 token 即可；预留接口。
-func (h *AuthHandler) Logout(c *gin.Context) {
-	response.OK(c, nil)
-}
-
-// Me GET /api/v1/users/me
-func (h *AuthHandler) Me(c *gin.Context) {
-	uid := middleware.MustUID(c)
-	me, err := h.user.Me(c.Request.Context(), uid)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, me)
-}
-
-// ChangePassword POST /api/v1/users/password
-func (h *AuthHandler) ChangePassword(c *gin.Context) {
-	var req dto.ChangePasswordReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	uid := middleware.MustUID(c)
-	if err := h.auth.ChangePassword(c.Request.Context(), uid, &req); err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, nil)
-}
diff --git a/backend/internal/handler/billing_handler.go b/backend/internal/handler/billing_handler.go
deleted file mode 100644
index 51dbfe58..00000000
--- a/backend/internal/handler/billing_handler.go
+++ /dev/null
@@ -1,76 +0,0 @@
-// Package handler 用户端计费 handler。
-package handler
-
-import (
-	"strconv"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// BillingHandler 用户端计费 handler。
-type BillingHandler struct {
-	billing *service.BillingService
-	cdk     *service.CDKService
-}
-
-// NewBillingHandler 构造。
-func NewBillingHandler(b *service.BillingService, cdk *service.CDKService) *BillingHandler {
-	return &BillingHandler{billing: b, cdk: cdk}
-}
-
-// Logs GET /api/v1/billing/logs?page=&page_size=
-func (h *BillingHandler) Logs(c *gin.Context) {
-	uid := middleware.MustUID(c)
-	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
-	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
-	logs, total, err := h.billing.ListWalletLogs(c.Request.Context(), uid, page, pageSize)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	out := make([]*dto.WalletLogResp, 0, len(logs))
-	for _, l := range logs {
-		r := &dto.WalletLogResp{
-			ID:           l.ID,
-			Direction:    l.Direction,
-			BizType:      l.BizType,
-			BizID:        l.BizID,
-			Points:       l.Points,
-			PointsBefore: l.PointsBefore,
-			PointsAfter:  l.PointsAfter,
-			CreatedAt:    l.CreatedAt.Unix(),
-		}
-		if l.Remark != nil {
-			r.Remark = *l.Remark
-		}
-		out = append(out, r)
-	}
-	response.Page(c, out, total, page, pageSize)
-}
-
-// RedeemCDK POST /api/v1/billing/cdk/redeem
-func (h *BillingHandler) RedeemCDK(c *gin.Context) {
-	var req dto.CDKRedeemReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	uid := middleware.MustUID(c)
-	pts, err := h.cdk.Redeem(c.Request.Context(), uid, req.Code)
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, gin.H{
-		"points":  pts,
-		"biz":     model.BizCDK,
-		"message": "兑换成功",
-	})
-}
diff --git a/backend/internal/handler/generation_handler.go b/backend/internal/handler/generation_handler.go
deleted file mode 100644
index 205f4c3e..00000000
--- a/backend/internal/handler/generation_handler.go
+++ /dev/null
@@ -1,618 +0,0 @@
-// Package handler 用户端生成任务 handler。
-package handler
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/provider"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// GenerationHandler 生成任务 handler。
-type GenerationHandler struct {
-	svc     *service.GenerationService
-	chatSvc *service.ChatService
-	repo    *repo.GenerationRepo
-	accRepo *repo.AccountRepo
-	cfg     *service.SystemConfigService
-	aes     *crypto.AESGCM
-}
-
-// NewGenerationHandler 构造。
-func NewGenerationHandler(svc *service.GenerationService, chatSvc *service.ChatService, r *repo.GenerationRepo, accRepo *repo.AccountRepo, cfg *service.SystemConfigService, aes *crypto.AESGCM) *GenerationHandler {
-	return &GenerationHandler{svc: svc, chatSvc: chatSvc, repo: r, accRepo: accRepo, cfg: cfg, aes: aes}
-}
-
-type publicModelResp struct {
-	ModelCode        string `json:"model_code"`
-	Name             string `json:"name"`
-	Kind             string `json:"kind"`
-	Provider         string `json:"provider"`
-	UpstreamModel    string `json:"upstream_model,omitempty"`
-	UnitPoints       int64  `json:"unit_points"`
-	InputUnitPoints  int64  `json:"input_unit_points,omitempty"`
-	OutputUnitPoints int64  `json:"output_unit_points,omitempty"`
-	Enabled          bool   `json:"enabled"`
-}
-
-// Models GET /api/v1/models
-func (h *GenerationHandler) Models(c *gin.Context) {
-	response.OK(c, gin.H{"list": h.publicModels(c.Request.Context())})
-}
-
-// CachedAsset GET /api/v1/gen/cached/*path
-func (h *GenerationHandler) CachedAsset(c *gin.Context) {
-	p := strings.TrimLeft(c.Param("path"), "/")
-	if p == "" || strings.Contains(p, "..") || strings.HasPrefix(p, "/") {
-		response.Fail(c, errcode.InvalidParam.WithMsg("invalid asset path"))
-		return
-	}
-	root := strings.TrimSpace(os.Getenv("KLEIN_STORAGE_ROOT"))
-	if root == "" {
-		root = "/app/storage/public"
-	}
-	c.Header("Cache-Control", "public, max-age=86400")
-	c.File(filepath.Join(root, filepath.FromSlash(p)))
-}
-
-// CreateImage POST /api/v1/gen/image
-func (h *GenerationHandler) CreateImage(c *gin.Context) {
-	var req dto.CreateImageReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	uid := middleware.MustUID(c)
-
-	params := req.Params
-	if params == nil {
-		params = map[string]any{}
-	}
-	if req.Ratio != "" {
-		params["ratio"] = req.Ratio
-		params["aspect_ratio"] = req.Ratio
-	}
-	if req.Quality != "" {
-		params["quality"] = req.Quality
-	}
-
-	mode := req.Mode
-	if mode == "" {
-		if len(req.RefAssets) > 0 {
-			mode = "i2i"
-		} else {
-			mode = "t2i"
-		}
-	}
-	count := req.Count
-	if count <= 0 {
-		count = 1
-	}
-
-	t, err := h.svc.Create(c.Request.Context(), service.CreateRequest{
-		UserID:    uid,
-		Kind:      provider.KindImage,
-		Mode:      provider.Mode(mode),
-		ModelCode: req.ModelCode,
-		Provider:  model.ProviderGPT,
-		Prompt:    req.Prompt,
-		NegPrompt: req.NegPrompt,
-		Params:    params,
-		RefAssets: req.RefAssets,
-		Count:     count,
-		IdemKey:   c.GetHeader("Idempotency-Key"),
-		ClientIP:  c.ClientIP(),
-	})
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, taskToResp(t, nil))
-}
-
-// CreateVideo POST /api/v1/gen/video
-func (h *GenerationHandler) CreateVideo(c *gin.Context) {
-	var req dto.CreateVideoReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	uid := middleware.MustUID(c)
-
-	params := req.Params
-	if params == nil {
-		params = map[string]any{}
-	}
-	if req.Ratio != "" {
-		params["ratio"] = req.Ratio
-		params["aspect_ratio"] = req.Ratio
-	}
-	if req.Quality != "" {
-		params["quality"] = req.Quality
-	}
-	if req.Duration > 0 {
-		params["duration"] = float64(normalizeVideoDuration(req.Duration))
-	}
-
-	mode := req.Mode
-	if mode == "" {
-		if len(req.RefAssets) > 0 {
-			mode = "i2v"
-		} else {
-			mode = "t2v"
-		}
-	}
-
-	t, err := h.svc.Create(c.Request.Context(), service.CreateRequest{
-		UserID:    uid,
-		Kind:      provider.KindVideo,
-		Mode:      provider.Mode(mode),
-		ModelCode: req.ModelCode,
-		Provider:  model.ProviderGROK,
-		Prompt:    req.Prompt,
-		Params:    params,
-		RefAssets: req.RefAssets,
-		Count:     1,
-		IdemKey:   c.GetHeader("Idempotency-Key"),
-		ClientIP:  c.ClientIP(),
-	})
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	response.OK(c, taskToResp(t, nil))
-}
-
-// CreateText POST /api/v1/gen/text
-func (h *GenerationHandler) CreateText(c *gin.Context) {
-	var req dto.CreateTextReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	if h.chatSvc == nil {
-		response.Fail(c, errcode.ResourceMissing.WithMsg("文字创作服务未启用"))
-		return
-	}
-	if strings.TrimSpace(req.ModelCode) == "" {
-		req.ModelCode = "grok-4.20-fast"
-	}
-	if req.MaxTokens <= 0 {
-		req.MaxTokens = 1200
-	}
-	content := any(req.Prompt)
-	if len(req.Images) > 0 {
-		parts := []map[string]any{{"type": "text", "text": req.Prompt}}
-		for _, u := range req.Images {
-			if strings.TrimSpace(u) != "" {
-				parts = append(parts, map[string]any{"type": "image_url", "image_url": map[string]any{"url": strings.TrimSpace(u)}})
-			}
-		}
-		content = parts
-	}
-	raw, status, err := h.chatSvc.Complete(c.Request.Context(), service.ChatCallRequest{
-		UserID:   middleware.MustUID(c),
-		ClientIP: c.ClientIP(),
-		IdemKey:  c.GetHeader("Idempotency-Key"),
-		Body: map[string]any{
-			"model":      req.ModelCode,
-			"messages":   []map[string]any{{"role": "user", "content": content}},
-			"max_tokens": req.MaxTokens,
-		},
-	})
-	if err != nil {
-		response.Fail(c, err)
-		return
-	}
-	if status >= 400 {
-		response.Fail(c, errcode.GPTUnavailable.WithMsg(string(raw)))
-		return
-	}
-	response.OK(c, parseTextGenerationResp(raw, req.ModelCode))
-}
-
-// Get GET /api/v1/gen/tasks/:task_id
-func (h *GenerationHandler) Get(c *gin.Context) {
-	id := c.Param("task_id")
-	uid := middleware.MustUID(c)
-	t, err := h.repo.GetByTaskID(c.Request.Context(), id)
-	if err != nil || t.UserID != uid {
-		response.Fail(c, errcode.ResourceMissing)
-		return
-	}
-	results, _ := h.repo.ListResultsByTask(c.Request.Context(), id)
-	response.OK(c, taskToResp(t, results))
-}
-
-// List GET /api/v1/gen/history?kind=image|video&page=&page_size=
-func (h *GenerationHandler) List(c *gin.Context) {
-	uid := middleware.MustUID(c)
-	kind := c.Query("kind")
-	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
-	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
-
-	if h.svc != nil {
-		h.svc.ReapStaleTasks(c.Request.Context(), uid)
-	}
-	items, total, err := h.repo.ListByUser(c.Request.Context(), uid, kind, page, pageSize)
-	if err != nil {
-		response.Fail(c, errcode.DBError.Wrap(err))
-		return
-	}
-	out := make([]*dto.GenerationTaskResp, 0, len(items))
-	for _, t := range items {
-		results, _ := h.repo.ListResultsByTask(c.Request.Context(), t.TaskID)
-		out = append(out, taskToResp(t, results))
-	}
-	response.Page(c, out, total, page, pageSize)
-}
-
-// DeleteHistory DELETE /api/v1/gen/history?scope=all|before_3d|before_7d|failed
-func (h *GenerationHandler) DeleteHistory(c *gin.Context) {
-	uid := middleware.MustUID(c)
-	scope := strings.ToLower(strings.TrimSpace(c.DefaultQuery("scope", "all")))
-	var (
-		deleted int64
-		err     error
-	)
-	switch scope {
-	case "all":
-		deleted, err = h.repo.SoftDeleteByUser(c.Request.Context(), uid, false)
-	case "before_3d":
-		deleted, err = h.repo.SoftDeleteByUserBefore(c.Request.Context(), uid, time.Now().UTC().AddDate(0, 0, -3))
-	case "before_7d":
-		deleted, err = h.repo.SoftDeleteByUserBefore(c.Request.Context(), uid, time.Now().UTC().AddDate(0, 0, -7))
-	case "failed":
-		deleted, err = h.repo.SoftDeleteByUser(c.Request.Context(), uid, true)
-	default:
-		response.Fail(c, errcode.InvalidParam.WithMsg("scope must be all, before_3d, before_7d or failed"))
-		return
-	}
-	if err != nil {
-		response.Fail(c, errcode.DBError.Wrap(err))
-		return
-	}
-	response.OK(c, gin.H{"deleted": deleted})
-}
-
-// Asset GET /api/v1/gen/assets/:task_id/:seq?thumb=1
-func (h *GenerationHandler) Asset(c *gin.Context) {
-	taskID := strings.TrimSpace(c.Param("task_id"))
-	seq, _ := strconv.Atoi(c.Param("seq"))
-	t, err := h.repo.GetByTaskID(c.Request.Context(), taskID)
-	if err != nil {
-		response.Fail(c, errcode.ResourceMissing)
-		return
-	}
-	result, err := h.repo.GetResultByTaskSeq(c.Request.Context(), taskID, seq)
-	if err != nil {
-		response.Fail(c, errcode.ResourceMissing)
-		return
-	}
-	rawURL := result.URL
-	if c.Query("thumb") == "1" {
-		if result.ThumbURL != nil && *result.ThumbURL != "" {
-			rawURL = *result.ThumbURL
-		} else if derived := deriveGrokPreviewImageURL(result.URL); derived != "" {
-			rawURL = derived
-		}
-	}
-	target := normalizeGrokAssetURL(rawURL)
-	if target == "" {
-		response.Fail(c, errcode.ResourceMissing)
-		return
-	}
-	cookie, err := h.grokCookieForTask(c.Request.Context(), t)
-	if err != nil {
-		response.Fail(c, errcode.GPTUnavailable.WithMsg("资源下载凭证不可用"))
-		return
-	}
-	req, err := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, target, nil)
-	if err != nil {
-		response.Fail(c, errcode.InvalidParam.Wrap(err))
-		return
-	}
-	req.Header.Set("Cookie", cookie)
-	req.Header.Set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36")
-	req.Header.Set("Referer", "https://grok.com/")
-	req.Header.Set("Accept", "*/*")
-	client := &http.Client{Timeout: 2 * time.Minute}
-	resp, err := client.Do(req)
-	if err != nil {
-		response.Fail(c, errcode.GPTUnavailable.Wrap(err))
-		return
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode/100 != 2 {
-		response.Fail(c, errcode.GPTUnavailable.WithMsg(fmt.Sprintf("资源下载失败 HTTP %d", resp.StatusCode)))
-		return
-	}
-	contentType := resp.Header.Get("Content-Type")
-	if contentType == "" {
-		contentType = "application/octet-stream"
-	}
-	c.Header("Content-Type", contentType)
-	c.Header("Cache-Control", "private, max-age=300")
-	if disp := assetDisposition(rawURL); disp != "" {
-		c.Header("Content-Disposition", disp)
-	}
-	c.Status(http.StatusOK)
-	_, _ = io.Copy(c.Writer, resp.Body)
-}
-
-// === helpers ===
-
-func parseTextGenerationResp(raw []byte, fallbackModel string) *dto.TextGenerationResp {
-	var obj struct {
-		ID      string `json:"id"`
-		Model   string `json:"model"`
-		Choices []struct {
-			Message struct {
-				Content string `json:"content"`
-			} `json:"message"`
-		} `json:"choices"`
-		Usage struct {
-			PromptTokens     int `json:"prompt_tokens"`
-			CompletionTokens int `json:"completion_tokens"`
-			TotalTokens      int `json:"total_tokens"`
-		} `json:"usage"`
-	}
-	_ = json.Unmarshal(raw, &obj)
-	content := ""
-	if len(obj.Choices) > 0 {
-		content = obj.Choices[0].Message.Content
-	}
-	if obj.Model == "" {
-		obj.Model = fallbackModel
-	}
-	return &dto.TextGenerationResp{
-		ID:               obj.ID,
-		ModelCode:        obj.Model,
-		Content:          content,
-		PromptTokens:     obj.Usage.PromptTokens,
-		CompletionTokens: obj.Usage.CompletionTokens,
-		TotalTokens:      obj.Usage.TotalTokens,
-	}
-}
-
-func taskToResp(t *model.GenerationTask, results []*model.GenerationResult) *dto.GenerationTaskResp {
-	r := &dto.GenerationTaskResp{
-		TaskID:     t.TaskID,
-		Kind:       t.Kind,
-		Status:     t.Status,
-		Progress:   t.Progress,
-		ModelCode:  t.ModelCode,
-		Prompt:     t.Prompt,
-		CostPoints: t.CostPoints,
-		CreatedAt:  t.CreatedAt.Unix(),
-	}
-	if t.Error != nil {
-		r.Error = *t.Error
-	}
-	for _, gr := range results {
-		row := dto.GenerationResultResp{URL: generationResultURL(t.TaskID, int(gr.Seq), gr.URL, false)}
-		if gr.ThumbURL != nil {
-			row.ThumbURL = generationResultURL(t.TaskID, int(gr.Seq), *gr.ThumbURL, true)
-		} else if t.Kind == string(provider.KindVideo) {
-			if derived := deriveGrokPreviewImageURL(gr.URL); derived != "" {
-				row.ThumbURL = generationResultURL(t.TaskID, int(gr.Seq), derived, true)
-			}
-		}
-		if gr.Width != nil {
-			row.Width = *gr.Width
-		}
-		if gr.Height != nil {
-			row.Height = *gr.Height
-		}
-		if gr.DurationMs != nil {
-			row.DurationMs = *gr.DurationMs
-		}
-		r.Results = append(r.Results, row)
-	}
-	return r
-}
-
-func normalizeVideoDuration(sec int) int {
-	for _, v := range []int{6, 10} {
-		if sec <= v {
-			return v
-		}
-	}
-	return 10
-}
-
-func generationAssetURL(taskID string, seq int, thumb bool) string {
-	u := fmt.Sprintf("/api/v1/gen/assets/%s/%d", url.PathEscape(taskID), seq)
-	if thumb {
-		u += "?thumb=1"
-	}
-	return u
-}
-
-func generationResultURL(taskID string, seq int, rawURL string, thumb bool) string {
-	v := strings.TrimSpace(rawURL)
-	if v == "" {
-		return ""
-	}
-	if strings.HasPrefix(v, "/api/v1/gen/cached/") || strings.HasPrefix(v, "data:") {
-		return v
-	}
-	if strings.HasPrefix(v, "http://") || strings.HasPrefix(v, "https://") {
-		if !strings.Contains(v, "assets.grok.com") {
-			return v
-		}
-		return generationAssetURL(taskID, seq, thumb)
-	}
-	return generationAssetURL(taskID, seq, thumb)
-}
-
-func deriveGrokPreviewImageURL(videoURL string) string {
-	v := strings.TrimSpace(videoURL)
-	if v == "" {
-		return ""
-	}
-	lower := strings.ToLower(v)
-	if !strings.Contains(lower, "assets.grok.com") && !strings.Contains(lower, "generated_video") && !strings.Contains(lower, "/generated/") {
-		return ""
-	}
-	for _, marker := range []string{"/generated_video.mp4", "/generated_video.webm", "/generated_video"} {
-		if idx := strings.LastIndex(lower, marker); idx >= 0 {
-			return v[:idx] + "/preview_image.jpg"
-		}
-	}
-	if strings.HasSuffix(lower, ".mp4") || strings.HasSuffix(lower, ".webm") {
-		if idx := strings.LastIndex(v, "/"); idx >= 0 {
-			return v[:idx] + "/preview_image.jpg"
-		}
-	}
-	return ""
-}
-
-func normalizeGrokAssetURL(v string) string {
-	v = strings.TrimSpace(v)
-	if v == "" || strings.HasPrefix(v, "http://") || strings.HasPrefix(v, "https://") || strings.HasPrefix(v, "data:") || strings.HasPrefix(v, "/api/") {
-		return v
-	}
-	if strings.HasPrefix(v, "/") {
-		v = strings.TrimLeft(v, "/")
-	}
-	return "https://assets.grok.com/" + v
-}
-
-func (h *GenerationHandler) grokCookieForTask(ctx context.Context, t *model.GenerationTask) (string, error) {
-	if t.AccountID == nil || h.accRepo == nil || h.aes == nil {
-		return "", fmt.Errorf("missing account")
-	}
-	acc, err := h.accRepo.GetByID(ctx, *t.AccountID)
-	if err != nil {
-		return "", err
-	}
-	plain, err := h.aes.Decrypt(acc.CredentialEnc)
-	if err != nil {
-		return "", err
-	}
-	cred := strings.TrimSpace(string(plain))
-	if strings.Contains(cred, "=") {
-		if !strings.Contains(cred, "sso-rw=") {
-			token := extractSSOValue(cred)
-			if token != "" {
-				cred = strings.TrimRight(cred, "; ") + "; sso-rw=" + token
-			}
-		}
-		return cred, nil
-	}
-	return "sso=" + cred + "; sso-rw=" + cred, nil
-}
-
-func extractSSOValue(cookie string) string {
-	for _, part := range strings.Split(cookie, ";") {
-		part = strings.TrimSpace(part)
-		if strings.HasPrefix(part, "sso=") {
-			return strings.TrimPrefix(part, "sso=")
-		}
-	}
-	return strings.TrimSpace(cookie)
-}
-
-func assetDisposition(rawURL string) string {
-	lower := strings.ToLower(rawURL)
-	name := "asset"
-	if i := strings.LastIndex(rawURL, "/"); i >= 0 && i+1 < len(rawURL) {
-		name = rawURL[i+1:]
-	}
-	if strings.Contains(lower, ".mp4") || strings.Contains(lower, "generated_video") {
-		return fmt.Sprintf(`inline; filename="%s"`, name)
-	}
-	return fmt.Sprintf(`inline; filename="%s"`, name)
-}
-
-func (h *GenerationHandler) publicModels(ctx context.Context) []publicModelResp {
-	raw := ""
-	if h.cfg != nil {
-		raw = h.cfg.GetString(ctx, "billing.model_prices", "")
-	}
-	var rows []publicModelResp
-	seen := map[string]bool{}
-	if raw != "" {
-		var stored []struct {
-			ModelCode        string `json:"model_code"`
-			Name             string `json:"name"`
-			Kind             string `json:"kind"`
-			Provider         string `json:"provider"`
-			UpstreamModel    string `json:"upstream_model"`
-			UnitPoints       int64  `json:"unit_points"`
-			InputUnitPoints  int64  `json:"input_unit_points"`
-			OutputUnitPoints int64  `json:"output_unit_points"`
-			Enabled          *bool  `json:"enabled"`
-		}
-		if err := json.Unmarshal([]byte(raw), &stored); err == nil {
-			for _, row := range stored {
-				if row.ModelCode == "" || row.Kind == "" {
-					continue
-				}
-				seen[row.ModelCode] = true
-				enabled := true
-				if row.Enabled != nil {
-					enabled = *row.Enabled
-				}
-				if !enabled {
-					continue
-				}
-				rows = append(rows, publicModelResp{
-					ModelCode:        row.ModelCode,
-					Name:             fallbackString(row.Name, row.ModelCode),
-					Kind:             row.Kind,
-					Provider:         row.Provider,
-					UpstreamModel:    row.UpstreamModel,
-					UnitPoints:       row.UnitPoints,
-					InputUnitPoints:  row.InputUnitPoints,
-					OutputUnitPoints: row.OutputUnitPoints,
-					Enabled:          true,
-				})
-			}
-		}
-	}
-	for _, row := range defaultPublicModels() {
-		if !seen[row.ModelCode] {
-			rows = append(rows, row)
-		}
-	}
-	return rows
-}
-
-func defaultPublicModels() []publicModelResp {
-	return []publicModelResp{
-		{ModelCode: "grok-4.20-fast", Name: "Grok Fast", Kind: "text", Provider: "grok", UpstreamModel: "grok-4.20-fast", InputUnitPoints: 100, OutputUnitPoints: 300, Enabled: true},
-		{ModelCode: "grok-4.20-auto", Name: "Grok Auto", Kind: "text", Provider: "grok", UpstreamModel: "grok-4.20-auto", InputUnitPoints: 150, OutputUnitPoints: 450, Enabled: true},
-		{ModelCode: "grok-4.20-expert", Name: "Grok Expert", Kind: "text", Provider: "grok", UpstreamModel: "grok-4.20-expert", InputUnitPoints: 200, OutputUnitPoints: 600, Enabled: true},
-		{ModelCode: "grok-4.20-heavy", Name: "Grok Heavy", Kind: "text", Provider: "grok", UpstreamModel: "grok-4.20-heavy", InputUnitPoints: 400, OutputUnitPoints: 1200, Enabled: true},
-		{ModelCode: "gpt-image-2", Name: "GPT Image 2", Kind: "image", Provider: "gpt", UpstreamModel: "gpt-image-2", UnitPoints: 0, Enabled: true},
-		{ModelCode: "grok-imagine-video", Name: "Grok Imagine 视频", Kind: "video", Provider: "grok", UpstreamModel: "grok-imagine-video", UnitPoints: 2000, Enabled: true},
-	}
-}
-
-func fallbackString(v, fallback string) string {
-	if strings.TrimSpace(v) != "" {
-		return v
-	}
-	return fallback
-}
diff --git a/backend/internal/handler/openai_handler.go b/backend/internal/handler/openai_handler.go
deleted file mode 100644
index c0906e25..00000000
--- a/backend/internal/handler/openai_handler.go
+++ /dev/null
@@ -1,569 +0,0 @@
-// Package handler OpenAI / NewAPI compatible downstream protocol handlers.
-package handler
-
-import (
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/provider"
-	grokweb "github.com/kleinai/backend/internal/provider/grok"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/internal/service"
-)
-
-// OpenAIHandler serves /v1 compatible downstream APIs.
-type OpenAIHandler struct {
-	svc     *service.GenerationService
-	chatSvc *service.ChatService
-	repo    *repo.GenerationRepo
-}
-
-// NewOpenAIHandler constructs OpenAIHandler.
-func NewOpenAIHandler(svc *service.GenerationService, chatSvc *service.ChatService, r *repo.GenerationRepo) *OpenAIHandler {
-	return &OpenAIHandler{svc: svc, chatSvc: chatSvc, repo: r}
-}
-
-type modelItem struct {
-	ID       string         `json:"id"`
-	Object   string         `json:"object"`
-	OwnedBy  string         `json:"owned_by"`
-	Kind     string         `json:"kind,omitempty"`
-	Endpoint string         `json:"endpoint,omitempty"`
-	Meta     map[string]any `json:"meta,omitempty"`
-}
-
-// Models GET /v1/models.
-func (h *OpenAIHandler) Models(c *gin.Context) {
-	data := []modelItem{
-		{ID: "gpt-4o-mini", Object: "model", OwnedBy: "kleinai", Kind: "text", Endpoint: "/v1/chat/completions"},
-		{ID: "gpt-image-2", Object: "model", OwnedBy: "openai", Kind: "image", Endpoint: "/v1/images/generations", Meta: gin.H{"edits": true, "mode": "responses_image_generation"}},
-		{ID: "grok-imagine-video", Object: "model", OwnedBy: "grok", Kind: "video", Endpoint: "/v1/video/generations", Meta: gin.H{"modes": []string{"text_to_video", "image_to_video", "multi_image_to_video"}}},
-		{ID: "vid-v1", Object: "model", OwnedBy: "kleinai", Kind: "video", Endpoint: "/v1/video/generations", Meta: gin.H{"alias_of": "grok-imagine-video"}},
-		{ID: "vid-i2v", Object: "model", OwnedBy: "kleinai", Kind: "video", Endpoint: "/v1/video/generations", Meta: gin.H{"alias_of": "grok-imagine-video"}},
-	}
-	for _, id := range grokweb.ChatModelIDs() {
-		data = append(data, modelItem{ID: id, Object: "model", OwnedBy: "grok", Kind: "text", Endpoint: "/v1/chat/completions"})
-	}
-	c.JSON(http.StatusOK, gin.H{
-		"object": "list",
-		"data":   data,
-	})
-}
-
-// ChatCompletions POST /v1/chat/completions.
-func (h *OpenAIHandler) ChatCompletions(c *gin.Context) {
-	if !middleware.APIKeyScopeAllow(c, "chat") {
-		jsonError(c, http.StatusForbidden, "scope_not_allowed", "current api key does not allow chat completions")
-		return
-	}
-	k := middleware.APIKeyFromCtx(c)
-	if k == nil {
-		jsonError(c, http.StatusUnauthorized, "invalid_api_key", "api key required")
-		return
-	}
-	var body map[string]any
-	if err := c.ShouldBindJSON(&body); err != nil {
-		jsonError(c, http.StatusBadRequest, "invalid_request_error", err.Error())
-		return
-	}
-	if _, ok := body["messages"]; !ok {
-		jsonError(c, http.StatusBadRequest, "invalid_request_error", "messages is required")
-		return
-	}
-	req := service.ChatCallRequest{
-		UserID:   k.UserID,
-		APIKeyID: &k.ID,
-		ClientIP: c.ClientIP(),
-		IdemKey:  c.GetHeader("Idempotency-Key"),
-		Body:     body,
-	}
-	if stream, _ := body["stream"].(bool); stream {
-		if err := h.chatSvc.Stream(c.Request.Context(), req, c.Writer); err != nil {
-			jsonError(c, http.StatusBadGateway, "upstream_error", err.Error())
-		}
-		return
-	}
-	raw, status, err := h.chatSvc.Complete(c.Request.Context(), req)
-	if err != nil {
-		jsonError(c, status, "chat_completion_failed", err.Error())
-		return
-	}
-	c.Data(status, "application/json; charset=utf-8", raw)
-}
-
-type imageReq struct {
-	Model          string         `json:"model"`
-	Prompt         string         `json:"prompt"`
-	N              int            `json:"n"`
-	Count          int            `json:"count"`
-	Size           string         `json:"size"`
-	Quality        string         `json:"quality"`
-	Style          string         `json:"style"`
-	ResponseFormat string         `json:"response_format"`
-	Image          string         `json:"image"`
-	Images         []string       `json:"images"`
-	RefAssets      []string       `json:"ref_assets"`
-	Async          bool           `json:"async"`
-	CallbackURL    string         `json:"callback_url"`
-	Params         map[string]any `json:"params"`
-}
-
-// ImageGenerations POST /v1/images/generations.
-func (h *OpenAIHandler) ImageGenerations(c *gin.Context) {
-	h.createImage(c, false)
-}
-
-// ImageEdits POST /v1/images/edits.
-func (h *OpenAIHandler) ImageEdits(c *gin.Context) {
-	h.createImage(c, true)
-}
-
-func (h *OpenAIHandler) createImage(c *gin.Context, edit bool) {
-	if !middleware.APIKeyScopeAllow(c, "image") {
-		jsonError(c, http.StatusForbidden, "scope_not_allowed", "current api key does not allow image generation")
-		return
-	}
-	req, err := bindImageReq(c)
-	if err != nil {
-		jsonError(c, http.StatusBadRequest, "invalid_request_error", err.Error())
-		return
-	}
-	if strings.TrimSpace(req.Prompt) == "" {
-		jsonError(c, http.StatusBadRequest, "invalid_request_error", "prompt is required")
-		return
-	}
-	if req.Model == "" {
-		req.Model = "gpt-image-2"
-	}
-	count := req.N
-	if count <= 0 {
-		count = req.Count
-	}
-	if count <= 0 {
-		count = 1
-	}
-	if count > 4 {
-		jsonError(c, http.StatusBadRequest, "invalid_request_error", "n/count must be less than or equal to 4")
-		return
-	}
-
-	refs := collectRefs(req.Image, req.Images, req.RefAssets)
-	if edit && len(refs) == 0 {
-		jsonError(c, http.StatusBadRequest, "invalid_request_error", "image is required for image edits")
-		return
-	}
-	mode := provider.ModeT2I
-	if len(refs) > 0 {
-		mode = provider.ModeI2I
-	}
-	params := mergeParams(req.Params, gin.H{
-		"size":            req.Size,
-		"quality":         req.Quality,
-		"style":           req.Style,
-		"response_format": req.ResponseFormat,
-		"callback_url":    req.CallbackURL,
-	})
-	if edit {
-		params["operation"] = "edit"
-	}
-
-	t, ok := h.createTask(c, service.CreateRequest{
-		Kind:      provider.KindImage,
-		Mode:      mode,
-		ModelCode: req.Model,
-		Provider:  model.ProviderGPT,
-		Prompt:    req.Prompt,
-		Params:    params,
-		RefAssets: refs,
-		Count:     count,
-	})
-	if !ok {
-		return
-	}
-	if req.Async {
-		c.JSON(http.StatusOK, taskEnvelope(t, nil))
-		return
-	}
-	h.respondTaskResult(c, t, 60*time.Second)
-}
-
-type videoReq struct {
-	Model       string         `json:"model"`
-	Prompt      string         `json:"prompt"`
-	N           int            `json:"n"`
-	Duration    int            `json:"duration"`
-	Size        string         `json:"size"`
-	Ratio       string         `json:"ratio"`
-	AspectRatio string         `json:"aspect_ratio"`
-	Quality     string         `json:"quality"`
-	FPS         int            `json:"fps"`
-	Image       string         `json:"image"`
-	Images      []string       `json:"images"`
-	RefAssets   []string       `json:"ref_assets"`
-	Async       *bool          `json:"async"`
-	CallbackURL string         `json:"callback_url"`
-	Params      map[string]any `json:"params"`
-}
-
-// VideoGenerations POST /v1/video/generations.
-func (h *OpenAIHandler) VideoGenerations(c *gin.Context) {
-	if !middleware.APIKeyScopeAllow(c, "video") {
-		jsonError(c, http.StatusForbidden, "scope_not_allowed", "current api key does not allow video generation")
-		return
-	}
-	var req videoReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		jsonError(c, http.StatusBadRequest, "invalid_request_error", err.Error())
-		return
-	}
-	if strings.TrimSpace(req.Prompt) == "" {
-		jsonError(c, http.StatusBadRequest, "invalid_request_error", "prompt is required")
-		return
-	}
-	if req.Model == "" {
-		req.Model = "grok-imagine-video"
-	}
-	if req.N <= 0 {
-		req.N = 1
-	}
-	if req.N > 4 {
-		jsonError(c, http.StatusBadRequest, "invalid_request_error", "n must be less than or equal to 4")
-		return
-	}
-	refs := collectRefs(req.Image, req.Images, req.RefAssets)
-	mode := provider.ModeT2V
-	if len(refs) > 0 {
-		mode = provider.ModeI2V
-	}
-	aspect := req.AspectRatio
-	if aspect == "" {
-		aspect = req.Ratio
-	}
-	params := mergeParams(req.Params, gin.H{
-		"duration":     float64(req.Duration),
-		"size":         req.Size,
-		"aspect_ratio": aspect,
-		"quality":      req.Quality,
-		"fps":          req.FPS,
-		"callback_url": req.CallbackURL,
-	})
-
-	t, ok := h.createTask(c, service.CreateRequest{
-		Kind:      provider.KindVideo,
-		Mode:      mode,
-		ModelCode: grokweb.NormalizeVideoModel(req.Model),
-		Provider:  model.ProviderGROK,
-		Prompt:    req.Prompt,
-		Params:    params,
-		RefAssets: refs,
-		Count:     req.N,
-	})
-	if !ok {
-		return
-	}
-	async := true
-	if req.Async != nil {
-		async = *req.Async
-	}
-	if async {
-		c.JSON(http.StatusOK, taskEnvelope(t, nil))
-		return
-	}
-	h.respondTaskResult(c, t, 10*time.Minute)
-}
-
-// GetImageTask GET /v1/images/generations/:task_id.
-func (h *OpenAIHandler) GetImageTask(c *gin.Context) {
-	h.getTask(c, provider.KindImage)
-}
-
-// GetVideoTask GET /v1/video/generations/:task_id.
-func (h *OpenAIHandler) GetVideoTask(c *gin.Context) {
-	h.getTask(c, provider.KindVideo)
-}
-
-func (h *OpenAIHandler) getTask(c *gin.Context, kind provider.Kind) {
-	taskID := strings.TrimSpace(c.Param("task_id"))
-	t, err := h.repo.GetByTaskID(c.Request.Context(), taskID)
-	if err != nil {
-		jsonError(c, http.StatusNotFound, "not_found", "task not found")
-		return
-	}
-	k := middleware.APIKeyFromCtx(c)
-	if k == nil || t.UserID != k.UserID || t.Kind != string(kind) {
-		jsonError(c, http.StatusNotFound, "not_found", "task not found")
-		return
-	}
-	results, _ := h.repo.ListResultsByTask(c.Request.Context(), t.TaskID)
-	c.JSON(http.StatusOK, taskEnvelope(t, results))
-}
-
-func (h *OpenAIHandler) createTask(c *gin.Context, req service.CreateRequest) (*model.GenerationTask, bool) {
-	k := middleware.APIKeyFromCtx(c)
-	if k == nil {
-		jsonError(c, http.StatusUnauthorized, "invalid_api_key", "api key required")
-		return nil, false
-	}
-	req.UserID = k.UserID
-	req.APIKeyID = &k.ID
-	req.IdemKey = c.GetHeader("Idempotency-Key")
-	req.ClientIP = c.ClientIP()
-	t, err := h.svc.Create(c.Request.Context(), req)
-	if err != nil {
-		jsonError(c, http.StatusBadRequest, "billing_or_pool_error", err.Error())
-		return nil, false
-	}
-	return t, true
-}
-
-func (h *OpenAIHandler) respondTaskResult(c *gin.Context, t *model.GenerationTask, timeout time.Duration) {
-	fresh, results := h.waitTask(c, t.TaskID, timeout)
-	if fresh == nil {
-		c.JSON(http.StatusAccepted, taskEnvelope(t, nil))
-		return
-	}
-	if fresh.Status == model.GenStatusFailed || fresh.Status == model.GenStatusRefunded {
-		msg := "generation failed"
-		if fresh.Error != nil && *fresh.Error != "" {
-			msg = *fresh.Error
-		}
-		jsonError(c, http.StatusBadRequest, "generation_failed", msg)
-		return
-	}
-	if fresh.Kind == string(provider.KindVideo) {
-		c.JSON(http.StatusOK, videoResultEnvelope(fresh, results))
-		return
-	}
-	c.JSON(http.StatusOK, imageResultEnvelope(fresh, results))
-}
-
-func (h *OpenAIHandler) waitTask(c *gin.Context, taskID string, timeout time.Duration) (*model.GenerationTask, []*model.GenerationResult) {
-	deadline := time.Now().Add(timeout)
-	for time.Now().Before(deadline) {
-		t, err := h.repo.GetByTaskID(c.Request.Context(), taskID)
-		if err == nil && (t.Status == model.GenStatusSucceeded || t.Status == model.GenStatusFailed || t.Status == model.GenStatusRefunded) {
-			items, _ := h.repo.ListResultsByTask(c.Request.Context(), taskID)
-			return t, items
-		}
-		select {
-		case <-c.Request.Context().Done():
-			return nil, nil
-		case <-time.After(500 * time.Millisecond):
-		}
-	}
-	return nil, nil
-}
-
-func bindImageReq(c *gin.Context) (*imageReq, error) {
-	ct := c.GetHeader("Content-Type")
-	if strings.Contains(strings.ToLower(ct), "multipart/form-data") {
-		if err := c.Request.ParseMultipartForm(32 << 20); err != nil {
-			return nil, err
-		}
-		req := &imageReq{
-			Model:          c.PostForm("model"),
-			Prompt:         c.PostForm("prompt"),
-			Size:           c.PostForm("size"),
-			Quality:        c.PostForm("quality"),
-			Style:          c.PostForm("style"),
-			ResponseFormat: c.PostForm("response_format"),
-			Image:          c.PostForm("image"),
-			CallbackURL:    c.PostForm("callback_url"),
-		}
-		req.N, _ = strconv.Atoi(c.DefaultPostForm("n", "1"))
-		req.Count, _ = strconv.Atoi(c.DefaultPostForm("count", "0"))
-		req.Async = parseBool(c.PostForm("async"))
-		req.Images = c.PostFormArray("images")
-		req.RefAssets = c.PostFormArray("ref_assets")
-		if req.Image == "" && len(req.Images) == 0 {
-			if _, _, err := c.Request.FormFile("image"); err == nil {
-				return nil, fmt.Errorf("multipart file upload is not supported yet; use image URL or images[] URL")
-			}
-		}
-		return req, nil
-	}
-	var req imageReq
-	if err := c.ShouldBindJSON(&req); err != nil {
-		return nil, err
-	}
-	return &req, nil
-}
-
-func imageResultEnvelope(t *model.GenerationTask, results []*model.GenerationResult) gin.H {
-	data := make([]gin.H, 0, len(results))
-	for _, r := range results {
-		row := gin.H{"url": normalizeOpenAIResultURL(r.URL)}
-		if r.Width != nil {
-			row["width"] = *r.Width
-		}
-		if r.Height != nil {
-			row["height"] = *r.Height
-		}
-		data = append(data, row)
-	}
-	return gin.H{
-		"created": t.CreatedAt.Unix(),
-		"data":    data,
-		"task_id": t.TaskID,
-		"usage":   usageEnvelope(t),
-	}
-}
-
-func videoResultEnvelope(t *model.GenerationTask, results []*model.GenerationResult) gin.H {
-	data := make([]gin.H, 0, len(results))
-	for _, r := range results {
-		row := gin.H{"url": normalizeOpenAIResultURL(r.URL)}
-		if r.ThumbURL != nil {
-			row["cover_url"] = normalizeOpenAIResultURL(*r.ThumbURL)
-		}
-		if r.DurationMs != nil {
-			row["duration_ms"] = *r.DurationMs
-		}
-		if r.Width != nil {
-			row["width"] = *r.Width
-		}
-		if r.Height != nil {
-			row["height"] = *r.Height
-		}
-		data = append(data, row)
-	}
-	return gin.H{
-		"id":      t.TaskID,
-		"object":  "video.generation",
-		"created": t.CreatedAt.Unix(),
-		"model":   t.ModelCode,
-		"data":    data,
-		"usage":   usageEnvelope(t),
-	}
-}
-
-func taskEnvelope(t *model.GenerationTask, results []*model.GenerationResult) gin.H {
-	out := gin.H{
-		"id":       t.TaskID,
-		"task_id":  t.TaskID,
-		"object":   t.Kind + ".generation.task",
-		"status":   statusName(t.Status),
-		"progress": t.Progress,
-		"created":  t.CreatedAt.Unix(),
-		"model":    t.ModelCode,
-		"kind":     t.Kind,
-		"mode":     t.Mode,
-		"usage":    usageEnvelope(t),
-		"error":    nil,
-	}
-	if t.Error != nil && *t.Error != "" {
-		out["error"] = gin.H{"message": *t.Error}
-	}
-	if len(results) > 0 {
-		if t.Kind == string(provider.KindVideo) {
-			out["result"] = videoResultEnvelope(t, results)
-		} else {
-			out["result"] = imageResultEnvelope(t, results)
-		}
-	}
-	return out
-}
-
-func normalizeOpenAIResultURL(v string) string {
-	v = strings.TrimSpace(v)
-	if v == "" || strings.HasPrefix(v, "http://") || strings.HasPrefix(v, "https://") || strings.HasPrefix(v, "data:") || strings.HasPrefix(v, "/api/") {
-		return v
-	}
-	return "https://assets.grok.com/" + strings.TrimLeft(v, "/")
-}
-
-func usageEnvelope(t *model.GenerationTask) gin.H {
-	return gin.H{
-		"total_cost":   t.CostPoints,
-		"total_points": float64(t.CostPoints) / 100,
-	}
-}
-
-func statusName(status int8) string {
-	switch status {
-	case model.GenStatusPending:
-		return "queued"
-	case model.GenStatusRunning:
-		return "running"
-	case model.GenStatusSucceeded:
-		return "succeeded"
-	case model.GenStatusFailed:
-		return "failed"
-	case model.GenStatusRefunded:
-		return "refunded"
-	default:
-		return "unknown"
-	}
-}
-
-func collectRefs(one string, many []string, refs []string) []string {
-	out := make([]string, 0, 1+len(many)+len(refs))
-	if strings.TrimSpace(one) != "" {
-		out = append(out, strings.TrimSpace(one))
-	}
-	for _, v := range many {
-		if strings.TrimSpace(v) != "" {
-			out = append(out, strings.TrimSpace(v))
-		}
-	}
-	for _, v := range refs {
-		if strings.TrimSpace(v) != "" {
-			out = append(out, strings.TrimSpace(v))
-		}
-	}
-	return out
-}
-
-func mergeParams(base map[string]any, vals map[string]any) map[string]any {
-	out := map[string]any{}
-	for k, v := range base {
-		out[k] = v
-	}
-	for k, v := range vals {
-		switch x := v.(type) {
-		case string:
-			if strings.TrimSpace(x) != "" {
-				out[k] = x
-			}
-		case int:
-			if x > 0 {
-				out[k] = x
-			}
-		case float64:
-			if x > 0 {
-				out[k] = x
-			}
-		default:
-			if v != nil {
-				out[k] = v
-			}
-		}
-	}
-	return out
-}
-
-func parseBool(v string) bool {
-	switch strings.ToLower(strings.TrimSpace(v)) {
-	case "1", "true", "yes", "on":
-		return true
-	default:
-		return false
-	}
-}
-
-func jsonError(c *gin.Context, status int, kind, msg string) {
-	c.AbortWithStatusJSON(status, gin.H{
-		"error": gin.H{
-			"type":    kind,
-			"code":    kind,
-			"message": msg,
-		},
-	})
-}
diff --git a/backend/internal/middleware/access_log.go b/backend/internal/middleware/access_log.go
deleted file mode 100644
index d48ab9a7..00000000
--- a/backend/internal/middleware/access_log.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package middleware
-
-import (
-	"time"
-
-	"github.com/gin-gonic/gin"
-	"go.uber.org/zap"
-
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-// AccessLog 记录 HTTP 访问日志（结构化 JSON）。
-func AccessLog() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		start := time.Now()
-		c.Next()
-
-		latency := time.Since(start)
-		l := logger.FromCtx(c.Request.Context())
-
-		fields := []zap.Field{
-			zap.String("method", c.Request.Method),
-			zap.String("path", c.Request.URL.Path),
-			zap.String("query", c.Request.URL.RawQuery),
-			zap.Int("status", c.Writer.Status()),
-			zap.Duration("latency", latency),
-			zap.Int("size", c.Writer.Size()),
-			zap.String("ip", c.ClientIP()),
-			zap.String("ua", c.Request.UserAgent()),
-		}
-
-		if len(c.Errors) > 0 {
-			fields = append(fields, zap.String("errors", c.Errors.String()))
-			l.Error("http", fields...)
-			return
-		}
-
-		switch {
-		case c.Writer.Status() >= 500:
-			l.Error("http", fields...)
-		case c.Writer.Status() >= 400:
-			l.Warn("http", fields...)
-		default:
-			l.Info("http", fields...)
-		}
-	}
-}
diff --git a/backend/internal/middleware/apikey.go b/backend/internal/middleware/apikey.go
deleted file mode 100644
index 75826d70..00000000
--- a/backend/internal/middleware/apikey.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"strings"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-const (
-	CtxAPIKey  ctxKey = "kc:apikey"
-	CtxKeyUID  ctxKey = "kc:apikey_uid"
-	CtxKeyScope ctxKey = "kc:apikey_scope"
-)
-
-// AuthAPIKey OpenAI 兼容服务鉴权：Authorization: Bearer sk-klein-xxxx。
-func AuthAPIKey(svc *service.APIKeyService) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		auth := c.GetHeader("Authorization")
-		if !strings.HasPrefix(auth, "Bearer ") {
-			response.Fail(c, errcode.APIKeyInvalid)
-			return
-		}
-		plain := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer "))
-		k, err := svc.Verify(c.Request.Context(), plain)
-		if err != nil {
-			response.Fail(c, err)
-			return
-		}
-		ctx := context.WithValue(c.Request.Context(), CtxAPIKey, k)
-		ctx = context.WithValue(ctx, CtxKeyUID, k.UserID)
-		ctx = context.WithValue(ctx, CtxKeyScope, k.Scope)
-		c.Request = c.Request.WithContext(ctx)
-		c.Set(string(CtxAPIKey), k)
-		c.Set(string(CtxKeyUID), k.UserID)
-		c.Set(string(CtxKeyScope), k.Scope)
-		c.Next()
-	}
-}
-
-// APIKeyFromCtx 从 ctx / gin.Context 中取出 *model.APIKey；若无返回 nil。
-func APIKeyFromCtx(c *gin.Context) *model.APIKey {
-	if v, ok := c.Get(string(CtxAPIKey)); ok {
-		if k, ok2 := v.(*model.APIKey); ok2 {
-			return k
-		}
-	}
-	if v := c.Request.Context().Value(CtxAPIKey); v != nil {
-		if k, ok := v.(*model.APIKey); ok {
-			return k
-		}
-	}
-	return nil
-}
-
-// APIKeyScopeAllow 检查 scope 是否允许给定 action（image / video / chat）。
-func APIKeyScopeAllow(c *gin.Context, action string) bool {
-	scope := ""
-	if v, ok := c.Get(string(CtxKeyScope)); ok {
-		scope, _ = v.(string)
-	}
-	if scope == "" || scope == "*" {
-		return true
-	}
-	for _, s := range strings.Split(scope, ",") {
-		if strings.TrimSpace(s) == action {
-			return true
-		}
-	}
-	return false
-}
diff --git a/backend/internal/middleware/auth.go b/backend/internal/middleware/auth.go
deleted file mode 100644
index 92648555..00000000
--- a/backend/internal/middleware/auth.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"strings"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/jwtx"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-type ctxKey string
-
-const (
-	CtxUID     ctxKey = "kc:uid"
-	CtxClaims  ctxKey = "kc:claims"
-	CtxSubject ctxKey = "kc:sub"
-)
-
-// AuthJWT 校验 Bearer token。expectSub 用于区分用户端 / 管理后台。
-func AuthJWT(mgr *jwtx.Manager, expectSub jwtx.Subject) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		auth := c.GetHeader("Authorization")
-		if !strings.HasPrefix(auth, "Bearer ") {
-			response.Fail(c, errcode.Unauthorized)
-			return
-		}
-		tok := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer "))
-		claims, err := mgr.ParseAccess(tok)
-		if err != nil {
-			response.Fail(c, errcode.TokenExpired.Wrap(err))
-			return
-		}
-		if claims.Subject != expectSub {
-			response.Fail(c, errcode.TokenInvalid)
-			return
-		}
-
-		ctx := context.WithValue(c.Request.Context(), CtxUID, claims.UID)
-		ctx = context.WithValue(ctx, CtxClaims, claims)
-		ctx = context.WithValue(ctx, CtxSubject, claims.Subject)
-		c.Request = c.Request.WithContext(ctx)
-		c.Set(string(CtxUID), claims.UID)
-		c.Set(string(CtxClaims), claims)
-		c.Next()
-	}
-}
-
-// MustUID 从 ctx / gin.Context 取 UID（若不存在则 panic，确保中间件已生效）。
-func MustUID(c *gin.Context) uint64 {
-	if v, ok := c.Get(string(CtxUID)); ok {
-		if uid, ok2 := v.(uint64); ok2 {
-			return uid
-		}
-	}
-	if v := c.Request.Context().Value(CtxUID); v != nil {
-		if uid, ok := v.(uint64); ok {
-			return uid
-		}
-	}
-	panic("uid missing in context; AuthJWT middleware not applied?")
-}
-
-// UID 安全版（不存在时返回 0）。
-func UID(c *gin.Context) uint64 {
-	if v, ok := c.Get(string(CtxUID)); ok {
-		if uid, ok2 := v.(uint64); ok2 {
-			return uid
-		}
-	}
-	return 0
-}
-
-// MustClaims 取 claims。
-func MustClaims(c *gin.Context) *jwtx.Claims {
-	if v, ok := c.Get(string(CtxClaims)); ok {
-		if cl, ok2 := v.(*jwtx.Claims); ok2 {
-			return cl
-		}
-	}
-	panic("claims missing in context")
-}
diff --git a/backend/internal/middleware/cors.go b/backend/internal/middleware/cors.go
deleted file mode 100644
index f974590a..00000000
--- a/backend/internal/middleware/cors.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package middleware
-
-import (
-	"time"
-
-	"github.com/gin-contrib/cors"
-	"github.com/gin-gonic/gin"
-)
-
-// CORS 配置跨域；origins 必须是显式白名单，不允许 *。
-func CORS(origins []string) gin.HandlerFunc {
-	if len(origins) == 0 {
-		origins = []string{"http://localhost:5173", "http://localhost:5174"}
-	}
-	return cors.New(cors.Config{
-		AllowOrigins:     origins,
-		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
-		AllowHeaders:     []string{"Origin", "Content-Type", "Accept", "Authorization", "X-Request-Id", "X-Admin-Token", "Idempotency-Key", "X-Klein-Sign", "X-Klein-Ts"},
-		ExposeHeaders:    []string{"X-Request-Id", "Retry-After", "X-RateLimit-Limit", "X-RateLimit-Remaining", "X-RateLimit-Reset"},
-		AllowCredentials: true,
-		MaxAge:           12 * time.Hour,
-	})
-}
diff --git a/backend/internal/middleware/ratelimit.go b/backend/internal/middleware/ratelimit.go
deleted file mode 100644
index 0edcbf86..00000000
--- a/backend/internal/middleware/ratelimit.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package middleware
-
-import (
-	"strconv"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/ratelimit"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// RateLimitIP IP 限流。
-func RateLimitIP(limiter *ratelimit.Limiter, ratePerMin int) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		key := "ratelimit:ip:" + c.ClientIP()
-		applyLimit(c, limiter, key, ratePerMin)
-	}
-}
-
-// RateLimitUser 已登录用户限流（依赖 AuthJWT 在前）。
-func RateLimitUser(limiter *ratelimit.Limiter, ratePerMin int) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		uid := UID(c)
-		if uid == 0 {
-			c.Next()
-			return
-		}
-		key := "ratelimit:user:" + strconv.FormatUint(uid, 10)
-		applyLimit(c, limiter, key, ratePerMin)
-	}
-}
-
-func applyLimit(c *gin.Context, limiter *ratelimit.Limiter, key string, ratePerMin int) {
-	if ratePerMin <= 0 {
-		c.Next()
-		return
-	}
-	res, err := limiter.Allow(c.Request.Context(), key, ratePerMin)
-	if err != nil {
-		// 限流出错不阻断业务
-		c.Next()
-		return
-	}
-	c.Header("X-RateLimit-Limit", strconv.Itoa(ratePerMin))
-	c.Header("X-RateLimit-Remaining", strconv.Itoa(res.Remaining))
-	c.Header("X-RateLimit-Reset", strconv.Itoa(int(res.ResetAfter.Seconds())))
-	if res.Allowed <= 0 {
-		c.Header("Retry-After", strconv.Itoa(ratelimit.RetryAfterSeconds(res.RetryAfter)))
-		response.Fail(c, errcode.RateLimited)
-		c.Abort()
-		return
-	}
-	c.Next()
-}
diff --git a/backend/internal/middleware/recovery.go b/backend/internal/middleware/recovery.go
deleted file mode 100644
index 2c9246a1..00000000
--- a/backend/internal/middleware/recovery.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Package middleware 提供 HTTP 中间件集合。
-package middleware
-
-import (
-	"net/http"
-	"runtime/debug"
-
-	"github.com/gin-gonic/gin"
-	"go.uber.org/zap"
-
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/logger"
-	"github.com/kleinai/backend/pkg/response"
-)
-
-// Recovery 捕获 panic 并返回 500，同时记录堆栈。
-func Recovery() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		defer func() {
-			if rec := recover(); rec != nil {
-				logger.FromCtx(c.Request.Context()).Error("panic recovered",
-					zap.Any("panic", rec),
-					zap.ByteString("stack", debug.Stack()),
-					zap.String("path", c.Request.URL.Path),
-				)
-				if !c.Writer.Written() {
-					response.Fail(c, errcode.Internal)
-					c.AbortWithStatus(http.StatusInternalServerError)
-				}
-			}
-		}()
-		c.Next()
-	}
-}
diff --git a/backend/internal/middleware/requestid.go b/backend/internal/middleware/requestid.go
deleted file mode 100644
index 9d9a6577..00000000
--- a/backend/internal/middleware/requestid.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package middleware
-
-import (
-	"github.com/gin-gonic/gin"
-	"github.com/google/uuid"
-	"go.uber.org/zap"
-
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-const HeaderRequestID = "X-Request-Id"
-
-// RequestID 注入 / 透传 trace_id，并把带 trace_id 的 logger 放进 ctx。
-func RequestID() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		id := c.GetHeader(HeaderRequestID)
-		if id == "" {
-			id = uuid.NewString()
-		}
-		c.Header(HeaderRequestID, id)
-		c.Request.Header.Set(HeaderRequestID, id)
-
-		ctx := logger.Inject(c.Request.Context(), zap.String("trace_id", id))
-		c.Request = c.Request.WithContext(ctx)
-		c.Set(HeaderRequestID, id)
-		c.Next()
-	}
-}
diff --git a/backend/internal/middleware/security.go b/backend/internal/middleware/security.go
deleted file mode 100644
index 451c7beb..00000000
--- a/backend/internal/middleware/security.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package middleware
-
-import "github.com/gin-gonic/gin"
-
-// SecurityHeaders 设置安全相关响应头。
-func SecurityHeaders() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		h := c.Writer.Header()
-		h.Set("X-Frame-Options", "SAMEORIGIN")
-		h.Set("X-Content-Type-Options", "nosniff")
-		h.Set("Referrer-Policy", "strict-origin-when-cross-origin")
-		h.Set("Permissions-Policy", "camera=(), microphone=(), geolocation=()")
-		c.Next()
-	}
-}
diff --git a/backend/internal/model/account.go b/backend/internal/model/account.go
deleted file mode 100644
index fd42d9cc..00000000
--- a/backend/internal/model/account.go
+++ /dev/null
@@ -1,117 +0,0 @@
-// Package model 定义 GORM 实体。
-package model
-
-import "time"
-
-// Provider 提供商。
-const (
-	ProviderGPT  = "gpt"
-	ProviderGROK = "grok"
-)
-
-// AuthType 认证类型。
-const (
-	AuthTypeAPIKey = "api_key"
-	AuthTypeCookie = "cookie"
-	AuthTypeOAuth  = "oauth"
-)
-
-// Account 状态：1启用 0停用 2熔断 -1禁用。
-const (
-	AccountStatusEnabled  = 1
-	AccountStatusDisabled = 0
-	AccountStatusBroken   = 2
-	AccountStatusBanned   = -1
-)
-
-// 测试结果：0未测 1OK 2失败。
-const (
-	AccountTestUnknown = 0
-	AccountTestOK      = 1
-	AccountTestFail    = 2
-)
-
-// Account 第三方账号实体。表 `account`。
-type Account struct {
-	ID                   uint64     `gorm:"primaryKey;column:id" json:"id"`
-	Provider             string     `gorm:"column:provider;size:32;not null;index:idx_provider_status,priority:1" json:"provider"`
-	Name                 string     `gorm:"column:name;size:128;not null" json:"name"`
-	AuthType             string     `gorm:"column:auth_type;size:32;not null" json:"auth_type"`
-	CredentialEnc        []byte     `gorm:"column:credential_enc;type:blob;not null" json:"-"`
-	OAuthMeta            *string    `gorm:"column:oauth_meta;type:json" json:"oauth_meta,omitempty"`
-	AccessTokenEnc       []byte     `gorm:"column:access_token_enc;type:blob" json:"-"`
-	RefreshTokenEnc      []byte     `gorm:"column:refresh_token_enc;type:blob" json:"-"`
-	SessionTokenEnc      []byte     `gorm:"column:session_token_enc;type:blob" json:"-"`
-	AccessTokenExpiresAt *time.Time `gorm:"column:access_token_expires_at" json:"access_token_expires_at,omitempty"`
-	LastRefreshAt        *time.Time `gorm:"column:last_refresh_at" json:"last_refresh_at,omitempty"`
-	BaseURL              *string    `gorm:"column:base_url;size:255" json:"base_url,omitempty"`
-	ProxyID              *uint64    `gorm:"column:proxy_id" json:"proxy_id,omitempty"`
-	ModelWhitelist       *string    `gorm:"column:model_whitelist;type:json" json:"model_whitelist,omitempty"`
-	Weight               int        `gorm:"column:weight;not null;default:10" json:"weight"`
-	RPMLimit             int        `gorm:"column:rpm_limit;not null;default:0" json:"rpm_limit"`
-	TPMLimit             int        `gorm:"column:tpm_limit;not null;default:0" json:"tpm_limit"`
-	DailyQuota           int        `gorm:"column:daily_quota;not null;default:0" json:"daily_quota"`
-	MonthlyQuota         int        `gorm:"column:monthly_quota;not null;default:0" json:"monthly_quota"`
-	Status               int8       `gorm:"column:status;not null;default:1;index:idx_provider_status,priority:2" json:"status"`
-	CooldownUntil        *time.Time `gorm:"column:cooldown_until" json:"cooldown_until,omitempty"`
-	LastUsedAt           *time.Time `gorm:"column:last_used_at" json:"last_used_at,omitempty"`
-	LastError            *string    `gorm:"column:last_error;size:255" json:"last_error,omitempty"`
-	LastTestAt           *time.Time `gorm:"column:last_test_at" json:"last_test_at,omitempty"`
-	LastTestStatus       int8       `gorm:"column:last_test_status;not null;default:0" json:"last_test_status"`
-	LastTestLatencyMs    int        `gorm:"column:last_test_latency_ms;not null;default:0" json:"last_test_latency_ms"`
-	LastTestError        *string    `gorm:"column:last_test_error;size:255" json:"last_test_error,omitempty"`
-	ErrorCount           int        `gorm:"column:error_count;not null;default:0" json:"error_count"`
-	SuccessCount         uint64     `gorm:"column:success_count;not null;default:0" json:"success_count"`
-	Remark               *string    `gorm:"column:remark;size:255" json:"remark,omitempty"`
-	CreatedBy            *uint64    `gorm:"column:created_by" json:"created_by,omitempty"`
-	CreatedAt            time.Time  `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-	UpdatedAt            time.Time  `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-	DeletedAt            *time.Time `gorm:"column:deleted_at;index" json:"-"`
-}
-
-// IsOAuth 判断是否 OAuth 账号（含 RT 刷新逻辑）。
-func (a *Account) IsOAuth() bool {
-	return a.AuthType == AuthTypeOAuth
-}
-
-// TableName 表名。
-func (Account) TableName() string { return "account" }
-
-// Available 是否处于可调度状态。
-func (a *Account) Available(now time.Time) bool {
-	if a.Status != AccountStatusEnabled {
-		return false
-	}
-	if a.CooldownUntil != nil && now.Before(*a.CooldownUntil) {
-		return false
-	}
-	return true
-}
-
-// AccountGroup 账号池分组。
-type AccountGroup struct {
-	ID        uint64     `gorm:"primaryKey;column:id" json:"id"`
-	Provider  string     `gorm:"column:provider;size:32;not null" json:"provider"`
-	Code      string     `gorm:"column:code;size:64;not null;uniqueIndex:uk_provider_code,priority:2" json:"code"`
-	Name      string     `gorm:"column:name;size:128;not null" json:"name"`
-	Strategy  string     `gorm:"column:strategy;size:32;not null;default:round_robin" json:"strategy"`
-	Status    int8       `gorm:"column:status;not null;default:1" json:"status"`
-	Remark    *string    `gorm:"column:remark;size:255" json:"remark,omitempty"`
-	CreatedAt time.Time  `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-	UpdatedAt time.Time  `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-	DeletedAt *time.Time `gorm:"column:deleted_at" json:"-"`
-}
-
-// TableName 表名。
-func (AccountGroup) TableName() string { return "account_group" }
-
-// AccountGroupMember 账号-分组成员。
-type AccountGroupMember struct {
-	GroupID   uint64    `gorm:"primaryKey;column:group_id" json:"group_id"`
-	AccountID uint64    `gorm:"primaryKey;column:account_id" json:"account_id"`
-	Weight    int       `gorm:"column:weight;not null;default:10" json:"weight"`
-	CreatedAt time.Time `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-}
-
-// TableName 表名。
-func (AccountGroupMember) TableName() string { return "account_group_member" }
diff --git a/backend/internal/model/admin.go b/backend/internal/model/admin.go
deleted file mode 100644
index 64e18a2d..00000000
--- a/backend/internal/model/admin.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Package model 管理后台实体。
-package model
-
-import "time"
-
-// AdminUser 后台账号。
-type AdminUser struct {
-	ID          uint64     `gorm:"primaryKey;column:id" json:"id"`
-	Username    string     `gorm:"column:username;size:64;not null;uniqueIndex" json:"username"`
-	Password    string     `gorm:"column:password;size:72;not null" json:"-"`
-	Nickname    *string    `gorm:"column:nickname;size:64" json:"nickname,omitempty"`
-	Email       *string    `gorm:"column:email;size:128" json:"email,omitempty"`
-	RoleID      uint64     `gorm:"column:role_id;not null;index" json:"role_id"`
-	Status      int8       `gorm:"column:status;not null;default:1" json:"status"`
-	LastLoginAt *time.Time `gorm:"column:last_login_at" json:"last_login_at,omitempty"`
-	LastLoginIP *string    `gorm:"column:last_login_ip;size:45" json:"-"`
-	CreatedAt   time.Time  `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-	UpdatedAt   time.Time  `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-	DeletedAt   *time.Time `gorm:"column:deleted_at" json:"-"`
-}
-
-// TableName 表名。
-func (AdminUser) TableName() string { return "admin_user" }
-
-// IsActive 是否可登录。
-func (a *AdminUser) IsActive() bool { return a.Status == 1 }
-
-// AdminRole 后台角色。
-type AdminRole struct {
-	ID        uint64    `gorm:"primaryKey;column:id" json:"id"`
-	Name      string    `gorm:"column:name;size:64;not null" json:"name"`
-	Code      string    `gorm:"column:code;size:32;not null;uniqueIndex" json:"code"`
-	Remark    *string   `gorm:"column:remark;size:255" json:"remark,omitempty"`
-	CreatedAt time.Time `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-	UpdatedAt time.Time `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-}
-
-// TableName 表名。
-func (AdminRole) TableName() string { return "admin_role" }
diff --git a/backend/internal/model/apikey.go b/backend/internal/model/apikey.go
deleted file mode 100644
index 2be15ab5..00000000
--- a/backend/internal/model/apikey.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// Package model API Key 实体。
-package model
-
-import "time"
-
-// APIKey 用户 API Key。表 `api_key`。
-//
-// DB 中只保存：prefix（前缀展示）、hash（SHA256(plaintext+salt)）、salt、last4。
-// 明文仅在创建时返回一次。
-type APIKey struct {
-	ID         uint64     `gorm:"primaryKey;column:id" json:"id"`
-	UserID     uint64     `gorm:"column:user_id;not null;index:idx_user_status,priority:1" json:"user_id"`
-	Name       string     `gorm:"column:name;size:64;not null" json:"name"`
-	Prefix     string     `gorm:"column:prefix;size:16;not null" json:"prefix"`
-	Hash       string     `gorm:"column:hash;size:64;not null;uniqueIndex" json:"-"`
-	Salt       string     `gorm:"column:salt;size:32;not null" json:"-"`
-	Last4      string     `gorm:"column:last4;size:4;not null" json:"last4"`
-	Scope      string     `gorm:"column:scope;size:255;not null;default:chat,image,video" json:"scope"`
-	RPMLimit   int        `gorm:"column:rpm_limit;not null;default:60" json:"rpm_limit"`
-	DailyQuota int        `gorm:"column:daily_quota;not null;default:0" json:"daily_quota"`
-	ExpireAt   *time.Time `gorm:"column:expire_at" json:"expire_at,omitempty"`
-	LastUsedAt *time.Time `gorm:"column:last_used_at" json:"last_used_at,omitempty"`
-	Status     int8       `gorm:"column:status;not null;default:1;index:idx_user_status,priority:2" json:"status"`
-	CreatedAt  time.Time  `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-	UpdatedAt  time.Time  `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-	DeletedAt  *time.Time `gorm:"column:deleted_at" json:"-"`
-}
-
-// TableName 表名。
-func (APIKey) TableName() string { return "api_key" }
-
-// IsActive Key 当前是否可用。
-func (k *APIKey) IsActive(now time.Time) bool {
-	if k.Status != 1 {
-		return false
-	}
-	if k.ExpireAt != nil && now.After(*k.ExpireAt) {
-		return false
-	}
-	return true
-}
diff --git a/backend/internal/model/billing.go b/backend/internal/model/billing.go
deleted file mode 100644
index f6478f9d..00000000
--- a/backend/internal/model/billing.go
+++ /dev/null
@@ -1,72 +0,0 @@
-// Package model 计费相关实体（钱包流水 / 充值 / 消费 / 退款）。
-package model
-
-import "time"
-
-// 业务类型常量。
-const (
-	BizRecharge = "recharge"
-	BizConsume  = "consume"
-	BizRefund   = "refund"
-	BizCDK      = "cdk"
-	BizPromo    = "promo"
-	BizInvite   = "invite_reward"
-	BizGift     = "gift"
-)
-
-// WalletLog 点数流水（总账）。
-type WalletLog struct {
-	ID            uint64    `gorm:"primaryKey;column:id" json:"id"`
-	UserID        uint64    `gorm:"column:user_id;not null;index:idx_user_created,priority:1" json:"user_id"`
-	Direction     int8      `gorm:"column:direction;not null" json:"direction"` // 1 收入 -1 支出
-	BizType       string    `gorm:"column:biz_type;size:32;not null;index:idx_biz,priority:1" json:"biz_type"`
-	BizID         string    `gorm:"column:biz_id;size:64;not null;index:idx_biz,priority:2" json:"biz_id"`
-	Points        int64     `gorm:"column:points;not null" json:"points"`
-	PointsBefore  int64     `gorm:"column:points_before;not null" json:"points_before"`
-	PointsAfter   int64     `gorm:"column:points_after;not null" json:"points_after"`
-	Remark        *string   `gorm:"column:remark;size:255" json:"remark,omitempty"`
-	CreatedAt     time.Time `gorm:"column:created_at;autoCreateTime;index:idx_user_created,priority:2" json:"created_at"`
-}
-
-// TableName 表名。
-func (WalletLog) TableName() string { return "wallet_log" }
-
-// 消费状态。
-const (
-	ConsumeStatusFrozen   = 0
-	ConsumeStatusSettled  = 1
-	ConsumeStatusRefunded = 2
-)
-
-// ConsumeRecord 消费记录。
-type ConsumeRecord struct {
-	ID          uint64    `gorm:"primaryKey;column:id" json:"id"`
-	TaskID      string    `gorm:"column:task_id;size:26;not null;uniqueIndex:uk_task" json:"task_id"`
-	UserID      uint64    `gorm:"column:user_id;not null;index:idx_user_created,priority:1" json:"user_id"`
-	Kind        string    `gorm:"column:kind;size:16;not null" json:"kind"`
-	ModelCode   string    `gorm:"column:model_code;size:64;not null" json:"model_code"`
-	Count       int       `gorm:"column:count;not null" json:"count"`
-	UnitPoints  int64     `gorm:"column:unit_points;not null" json:"unit_points"`
-	TotalPoints int64     `gorm:"column:total_points;not null" json:"total_points"`
-	Status      int8      `gorm:"column:status;not null" json:"status"`
-	AccountID   *uint64   `gorm:"column:account_id" json:"account_id,omitempty"`
-	CreatedAt   time.Time `gorm:"column:created_at;autoCreateTime;index:idx_user_created,priority:2" json:"created_at"`
-	UpdatedAt   time.Time `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-}
-
-// TableName 表名。
-func (ConsumeRecord) TableName() string { return "consume_record" }
-
-// RefundRecord 退款记录。
-type RefundRecord struct {
-	ID        uint64    `gorm:"primaryKey;column:id" json:"id"`
-	TaskID    string    `gorm:"column:task_id;size:26;not null;index" json:"task_id"`
-	UserID    uint64    `gorm:"column:user_id;not null;index" json:"user_id"`
-	Points    int64     `gorm:"column:points;not null" json:"points"`
-	Reason    string    `gorm:"column:reason;size:255;not null" json:"reason"`
-	Operator  string    `gorm:"column:operator;size:64;not null;default:system" json:"operator"`
-	CreatedAt time.Time `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-}
-
-// TableName 表名。
-func (RefundRecord) TableName() string { return "refund_record" }
diff --git a/backend/internal/model/generation.go b/backend/internal/model/generation.go
deleted file mode 100644
index 0914232f..00000000
--- a/backend/internal/model/generation.go
+++ /dev/null
@@ -1,86 +0,0 @@
-// Package model 生成任务相关实体。
-package model
-
-import "time"
-
-// 生成任务状态。
-const (
-	GenStatusPending   = 0
-	GenStatusRunning   = 1
-	GenStatusSucceeded = 2
-	GenStatusFailed    = 3
-	GenStatusRefunded  = 4
-)
-
-// GenerationTask 生成任务（不区分 image / video，由 kind 区分）。
-type GenerationTask struct {
-	ID           uint64     `gorm:"primaryKey;column:id" json:"id"`
-	TaskID       string     `gorm:"column:task_id;size:26;not null;uniqueIndex:uk_task_id" json:"task_id"`
-	UserID       uint64     `gorm:"column:user_id;not null;uniqueIndex:uk_user_idem,priority:1;index:idx_user_kind_status,priority:1" json:"user_id"`
-	Kind         string     `gorm:"column:kind;size:16;not null;index:idx_user_kind_status,priority:2" json:"kind"`
-	Mode         string     `gorm:"column:mode;size:16;not null" json:"mode"`
-	ModelCode    string     `gorm:"column:model_code;size:64;not null" json:"model_code"`
-	Prompt       string     `gorm:"column:prompt;type:text;not null" json:"prompt"`
-	NegPrompt    *string    `gorm:"column:neg_prompt;type:text" json:"neg_prompt,omitempty"`
-	Params       string     `gorm:"column:params;type:json;not null" json:"params"`
-	RefAssets    *string    `gorm:"column:ref_assets;type:json" json:"ref_assets,omitempty"`
-	Count        int        `gorm:"column:count;not null;default:1" json:"count"`
-	CostPoints   int64      `gorm:"column:cost_points;not null" json:"cost_points"`
-	IdemKey      string     `gorm:"column:idem_key;size:64;not null;uniqueIndex:uk_user_idem,priority:2" json:"idem_key"`
-	AccountID    *uint64    `gorm:"column:account_id" json:"account_id,omitempty"`
-	Provider     string     `gorm:"column:provider;size:32;not null" json:"provider"`
-	Status       int8       `gorm:"column:status;not null;default:0;index:idx_user_kind_status,priority:3;index:idx_status_created,priority:1" json:"status"`
-	Progress     int8       `gorm:"column:progress;not null;default:0" json:"progress"`
-	Error        *string    `gorm:"column:error;size:255" json:"error,omitempty"`
-	StartedAt    *time.Time `gorm:"column:started_at" json:"started_at,omitempty"`
-	FinishedAt   *time.Time `gorm:"column:finished_at" json:"finished_at,omitempty"`
-	ClientIP     *string    `gorm:"column:client_ip;size:45" json:"-"`
-	FromAPIKeyID *uint64    `gorm:"column:from_api_key_id" json:"from_api_key_id,omitempty"`
-	CreatedAt    time.Time  `gorm:"column:created_at;autoCreateTime;index:idx_status_created,priority:2" json:"created_at"`
-	UpdatedAt    time.Time  `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-	DeletedAt    *time.Time `gorm:"column:deleted_at" json:"-"`
-}
-
-// TableName 表名。
-func (GenerationTask) TableName() string { return "generation_task" }
-
-// GenerationResult 生成结果。
-type GenerationResult struct {
-	ID         uint64    `gorm:"primaryKey;column:id" json:"id"`
-	TaskID     string    `gorm:"column:task_id;size:26;not null;index" json:"task_id"`
-	UserID     uint64    `gorm:"column:user_id;not null" json:"user_id"`
-	Kind       string    `gorm:"column:kind;size:16;not null" json:"kind"`
-	Seq        int8      `gorm:"column:seq;not null;default:0" json:"seq"`
-	URL        string    `gorm:"column:url;size:512;not null" json:"url"`
-	ThumbURL   *string   `gorm:"column:thumb_url;size:512" json:"thumb_url,omitempty"`
-	Width      *int      `gorm:"column:width" json:"width,omitempty"`
-	Height     *int      `gorm:"column:height" json:"height,omitempty"`
-	DurationMs *int      `gorm:"column:duration_ms" json:"duration_ms,omitempty"`
-	SizeBytes  *int64    `gorm:"column:size_bytes" json:"size_bytes,omitempty"`
-	Meta       *string   `gorm:"column:meta;type:json" json:"meta,omitempty"`
-	IsPublic   int8      `gorm:"column:is_public;not null;default:0" json:"is_public"`
-	CreatedAt  time.Time `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-}
-
-// TableName 表名。
-func (GenerationResult) TableName() string { return "generation_result" }
-
-// GenerationUpstreamLog records provider-side request/response diagnostics.
-type GenerationUpstreamLog struct {
-	ID              uint64    `gorm:"primaryKey;column:id" json:"id"`
-	TaskID          string    `gorm:"column:task_id;size:26;not null;index:idx_task_id" json:"task_id"`
-	Provider        string    `gorm:"column:provider;size:32;not null" json:"provider"`
-	AccountID       *uint64   `gorm:"column:account_id" json:"account_id,omitempty"`
-	Stage           string    `gorm:"column:stage;size:64;not null" json:"stage"`
-	Method          string    `gorm:"column:method;size:12" json:"method,omitempty"`
-	URL             string    `gorm:"column:url;size:512" json:"url,omitempty"`
-	StatusCode      int       `gorm:"column:status_code" json:"status_code"`
-	DurationMs      int64     `gorm:"column:duration_ms" json:"duration_ms"`
-	RequestExcerpt  *string   `gorm:"column:request_excerpt;type:mediumtext" json:"request_excerpt,omitempty"`
-	ResponseExcerpt *string   `gorm:"column:response_excerpt;type:mediumtext" json:"response_excerpt,omitempty"`
-	Error           *string   `gorm:"column:error;type:text" json:"error,omitempty"`
-	Meta            *string   `gorm:"column:meta;type:json" json:"meta,omitempty"`
-	CreatedAt       time.Time `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-}
-
-func (GenerationUpstreamLog) TableName() string { return "generation_upstream_log" }
diff --git a/backend/internal/model/promo.go b/backend/internal/model/promo.go
deleted file mode 100644
index ba068046..00000000
--- a/backend/internal/model/promo.go
+++ /dev/null
@@ -1,96 +0,0 @@
-// Package model 优惠码 / 兑换码模型。
-package model
-
-import "time"
-
-// 优惠码 / CDK 状态。
-const (
-	PromoStatusEnabled  = 1
-	PromoStatusDisabled = 0
-
-	CDKStatusUnused   = 0
-	CDKStatusUsed     = 1
-	CDKStatusInvalid  = 2
-)
-
-// 优惠码折扣类型。
-const (
-	PromoTypeAmount   = 1 // 满减（CNY *100）
-	PromoTypeDiscount = 2 // 折扣（百分比）
-	PromoTypeGift     = 3 // 赠点
-)
-
-// PromoCode 优惠码。
-type PromoCode struct {
-	ID            uint64    `gorm:"primaryKey;column:id" json:"id"`
-	Code          string    `gorm:"column:code;size:32;not null;uniqueIndex" json:"code"`
-	Name          string    `gorm:"column:name;size:64;not null" json:"name"`
-	DiscountType  int8      `gorm:"column:discount_type;not null" json:"discount_type"`
-	DiscountVal   int64     `gorm:"column:discount_val;not null" json:"discount_val"`
-	MinAmount     int64     `gorm:"column:min_amount;not null;default:0" json:"min_amount"`
-	ApplyTo       string    `gorm:"column:apply_to;size:64;not null;default:all" json:"apply_to"`
-	TotalQty      int       `gorm:"column:total_qty;not null;default:0" json:"total_qty"`
-	UsedQty       int       `gorm:"column:used_qty;not null;default:0" json:"used_qty"`
-	PerUserLimit  int       `gorm:"column:per_user_limit;not null;default:1" json:"per_user_limit"`
-	StartAt       time.Time `gorm:"column:start_at;not null" json:"start_at"`
-	EndAt         time.Time `gorm:"column:end_at;not null" json:"end_at"`
-	Status        int8      `gorm:"column:status;not null;default:1" json:"status"`
-	CreatedBy     *uint64   `gorm:"column:created_by" json:"created_by,omitempty"`
-	CreatedAt     time.Time `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-	UpdatedAt     time.Time `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-}
-
-// TableName 表名。
-func (PromoCode) TableName() string { return "promo_code" }
-
-// Active 当前是否可用。
-func (p *PromoCode) Active(now time.Time) bool {
-	return p.Status == PromoStatusEnabled && now.After(p.StartAt) && now.Before(p.EndAt)
-}
-
-// PromoCodeUse 优惠码使用记录。
-type PromoCodeUse struct {
-	ID        uint64    `gorm:"primaryKey;column:id" json:"id"`
-	PromoID   uint64    `gorm:"column:promo_id;not null;uniqueIndex:uk_promo_user_order,priority:1" json:"promo_id"`
-	Code      string    `gorm:"column:code;size:32;not null" json:"code"`
-	UserID    uint64    `gorm:"column:user_id;not null;uniqueIndex:uk_promo_user_order,priority:2" json:"user_id"`
-	OrderNo   *string   `gorm:"column:order_no;size:32;uniqueIndex:uk_promo_user_order,priority:3" json:"order_no,omitempty"`
-	Discount  int64     `gorm:"column:discount;not null" json:"discount"`
-	CreatedAt time.Time `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-}
-
-// TableName 表名。
-func (PromoCodeUse) TableName() string { return "promo_code_use" }
-
-// RedeemCodeBatch CDK 批次。
-type RedeemCodeBatch struct {
-	ID            uint64     `gorm:"primaryKey;column:id" json:"id"`
-	BatchNo       string     `gorm:"column:batch_no;size:32;not null;uniqueIndex" json:"batch_no"`
-	Name          string     `gorm:"column:name;size:64;not null" json:"name"`
-	RewardType    string     `gorm:"column:reward_type;size:32;not null" json:"reward_type"`
-	RewardValue   string     `gorm:"column:reward_value;type:json;not null" json:"reward_value"`
-	TotalQty      int        `gorm:"column:total_qty;not null" json:"total_qty"`
-	UsedQty       int        `gorm:"column:used_qty;not null;default:0" json:"used_qty"`
-	PerUserLimit  int        `gorm:"column:per_user_limit;not null;default:1" json:"per_user_limit"`
-	ExpireAt      *time.Time `gorm:"column:expire_at" json:"expire_at,omitempty"`
-	Status        int8       `gorm:"column:status;not null;default:1" json:"status"`
-	CreatedBy     *uint64    `gorm:"column:created_by" json:"created_by,omitempty"`
-	CreatedAt     time.Time  `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-}
-
-// TableName 表名。
-func (RedeemCodeBatch) TableName() string { return "redeem_code_batch" }
-
-// RedeemCode CDK 单个码。
-type RedeemCode struct {
-	ID        uint64     `gorm:"primaryKey;column:id" json:"id"`
-	BatchID   uint64     `gorm:"column:batch_id;not null;index:idx_batch_status,priority:1" json:"batch_id"`
-	Code      string     `gorm:"column:code;size:32;not null;uniqueIndex" json:"code"`
-	Status    int8       `gorm:"column:status;not null;default:0;index:idx_batch_status,priority:2" json:"status"`
-	UsedBy    *uint64    `gorm:"column:used_by" json:"used_by,omitempty"`
-	UsedAt    *time.Time `gorm:"column:used_at" json:"used_at,omitempty"`
-	CreatedAt time.Time  `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-}
-
-// TableName 表名。
-func (RedeemCode) TableName() string { return "redeem_code" }
diff --git a/backend/internal/model/proxy.go b/backend/internal/model/proxy.go
deleted file mode 100644
index 546dc00b..00000000
--- a/backend/internal/model/proxy.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package model
-
-import "time"
-
-// Proxy 协议常量。
-const (
-	ProxyProtoHTTP    = "http"
-	ProxyProtoHTTPS   = "https"
-	ProxyProtoSOCKS5  = "socks5"
-	ProxyProtoSOCKS5H = "socks5h"
-)
-
-// Proxy 状态。
-const (
-	ProxyStatusEnabled  = 1
-	ProxyStatusDisabled = 0
-)
-
-// 测试结果。
-const (
-	ProxyCheckUnknown = 0
-	ProxyCheckOK      = 1
-	ProxyCheckFail    = 2
-)
-
-// Proxy 出站代理实体。表 `proxy`。
-type Proxy struct {
-	ID           uint64     `gorm:"primaryKey;column:id" json:"id"`
-	Name         string     `gorm:"column:name;size:128;not null" json:"name"`
-	Protocol     string     `gorm:"column:protocol;size:16;not null" json:"protocol"`
-	Host         string     `gorm:"column:host;size:255;not null" json:"host"`
-	Port         uint16     `gorm:"column:port;not null" json:"port"`
-	Username     *string    `gorm:"column:username;size:255" json:"username,omitempty"`
-	PasswordEnc  []byte     `gorm:"column:password_enc;type:blob" json:"-"`
-	Status       int8       `gorm:"column:status;not null;default:1" json:"status"`
-	LastCheckAt  *time.Time `gorm:"column:last_check_at" json:"last_check_at,omitempty"`
-	LastCheckOK  int8       `gorm:"column:last_check_ok;not null;default:0" json:"last_check_ok"`
-	LastCheckMs  int        `gorm:"column:last_check_ms;not null;default:0" json:"last_check_ms"`
-	LastError    *string    `gorm:"column:last_error;size:255" json:"last_error,omitempty"`
-	Remark       *string    `gorm:"column:remark;size:255" json:"remark,omitempty"`
-	CreatedBy    *uint64    `gorm:"column:created_by" json:"created_by,omitempty"`
-	CreatedAt    time.Time  `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-	UpdatedAt    time.Time  `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-	DeletedAt    *time.Time `gorm:"column:deleted_at;index" json:"-"`
-}
-
-// TableName 表名。
-func (Proxy) TableName() string { return "proxy" }
diff --git a/backend/internal/model/system_config.go b/backend/internal/model/system_config.go
deleted file mode 100644
index ae329a71..00000000
--- a/backend/internal/model/system_config.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package model
-
-import "time"
-
-// SystemConfig 系统全局 KV 配置。表 `system_config`。
-// `value` 字段为 JSON 文本（存任意 JSON 标量 / 对象）。
-type SystemConfig struct {
-	Key       string    `gorm:"primaryKey;column:key;size:64" json:"key"`
-	Value     string    `gorm:"column:value;type:json;not null" json:"value"`
-	Remark    *string   `gorm:"column:remark;size:255" json:"remark,omitempty"`
-	UpdatedBy *uint64   `gorm:"column:updated_by" json:"updated_by,omitempty"`
-	UpdatedAt time.Time `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-}
-
-// TableName 表名。
-func (SystemConfig) TableName() string { return "system_config" }
diff --git a/backend/internal/model/user.go b/backend/internal/model/user.go
deleted file mode 100644
index 9dcc1c80..00000000
--- a/backend/internal/model/user.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// Package model 定义 GORM 实体。字段必须带 gorm tag。
-package model
-
-import "time"
-
-// User 用户实体。表 `user`。
-type User struct {
-	ID            uint64     `gorm:"primaryKey;column:id" json:"id"`
-	UUID          string     `gorm:"column:uuid;size:36;uniqueIndex" json:"uuid"`
-	Email         *string    `gorm:"column:email;size:128;uniqueIndex" json:"email,omitempty"`
-	Phone         *string    `gorm:"column:phone;size:20;uniqueIndex" json:"phone,omitempty"`
-	Username      *string    `gorm:"column:username;size:64" json:"username,omitempty"`
-	Avatar        *string    `gorm:"column:avatar;size:255" json:"avatar,omitempty"`
-	Password      string     `gorm:"column:password;size:72;not null" json:"-"`
-	Points        int64      `gorm:"column:points;not null;default:0" json:"points"`
-	FrozenPoints  int64      `gorm:"column:frozen_points;not null;default:0" json:"frozen_points"`
-	TotalRecharge int64      `gorm:"column:total_recharge;not null;default:0" json:"total_recharge"`
-	PlanCode      string     `gorm:"column:plan_code;size:32;not null;default:free" json:"plan_code"`
-	PlanExpireAt  *time.Time `gorm:"column:plan_expire_at" json:"plan_expire_at,omitempty"`
-	InviterID     *uint64    `gorm:"column:inviter_id" json:"inviter_id,omitempty"`
-	InviteCode    string     `gorm:"column:invite_code;size:16;uniqueIndex" json:"invite_code"`
-	Status        int8       `gorm:"column:status;not null;default:1" json:"status"`
-	RegisterIP    *string    `gorm:"column:register_ip;size:45" json:"-"`
-	LastLoginAt   *time.Time `gorm:"column:last_login_at" json:"last_login_at,omitempty"`
-	LastLoginIP   *string    `gorm:"column:last_login_ip;size:45" json:"-"`
-	CreatedAt     time.Time  `gorm:"column:created_at;autoCreateTime" json:"created_at"`
-	UpdatedAt     time.Time  `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
-	DeletedAt     *time.Time `gorm:"column:deleted_at;index" json:"-"`
-}
-
-// TableName 自定义表名。
-func (User) TableName() string { return "user" }
-
-// IsActive 用户是否可正常登录使用。
-func (u *User) IsActive() bool { return u.Status == 1 }
diff --git a/backend/internal/provider/factory/factory.go b/backend/internal/provider/factory/factory.go
deleted file mode 100644
index c68e85f7..00000000
--- a/backend/internal/provider/factory/factory.go
+++ /dev/null
@@ -1,48 +0,0 @@
-// Package factory 根据环境变量选择 真实 / mock provider。
-//
-// env：
-//   KLEIN_PROVIDER_GPT  = "real" | "mock"   (默认 mock)
-//   KLEIN_PROVIDER_GROK = "real" | "mock"   (默认 mock)
-//   KLEIN_GPT_BASE_URL  = 默认 base url（账号未配置 base_url 时使用）
-//   KLEIN_GROK_BASE_URL = 默认 base url
-//
-// 这样可以做：开发期 mock，生产期 real，无需改代码。
-package factory
-
-import (
-	"os"
-	"strings"
-
-	"github.com/kleinai/backend/internal/provider"
-	"github.com/kleinai/backend/internal/provider/gpt"
-	"github.com/kleinai/backend/internal/provider/grok"
-	"github.com/kleinai/backend/internal/provider/mock"
-)
-
-// Build 根据环境变量构造 provider 集。
-func Build() map[string]provider.Provider {
-	return map[string]provider.Provider{
-		"gpt":  buildGPT(),
-		"grok": buildGrok(),
-	}
-}
-
-func buildGPT() provider.Provider {
-	mode := strings.ToLower(strings.TrimSpace(os.Getenv("KLEIN_PROVIDER_GPT")))
-	switch mode {
-	case "real", "live", "prod":
-		return gpt.New(strings.TrimSpace(os.Getenv("KLEIN_GPT_BASE_URL")))
-	default:
-		return mock.New("gpt")
-	}
-}
-
-func buildGrok() provider.Provider {
-	mode := strings.ToLower(strings.TrimSpace(os.Getenv("KLEIN_PROVIDER_GROK")))
-	switch mode {
-	case "real", "live", "prod":
-		return grok.New(strings.TrimSpace(os.Getenv("KLEIN_GROK_BASE_URL")))
-	default:
-		return mock.New("grok")
-	}
-}
diff --git a/backend/internal/provider/gpt/gpt.go b/backend/internal/provider/gpt/gpt.go
deleted file mode 100644
index 68471dc0..00000000
--- a/backend/internal/provider/gpt/gpt.go
+++ /dev/null
@@ -1,2380 +0,0 @@
-// Package gpt 实现 OpenAI 兼容的图像生成 provider（GPT 账号池 → /v1/images/generations）。
-//
-// 协议：完全对齐 OpenAI Images API，可对接 OpenAI 官方 / Azure / 任意网关。
-//
-//	POST {base_url}/v1/images/generations
-//	Header: Authorization: Bearer {api_key}
-//	Body  : {"model","prompt","n","size","response_format"}
-//	Resp  : {"created":int,"data":[{"url":"..."} | {"b64_json":"..."}]}
-//
-// 错误处理：
-//   - 4xx 标记账号失败并 30s 冷却（避免雪崩）；
-//   - 5xx 标记账号失败并 5min 冷却；
-//   - 超时同上。
-package gpt
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"image"
-	_ "image/gif"
-	_ "image/jpeg"
-	_ "image/png"
-	"io"
-	"math/rand"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"regexp"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/kleinai/backend/internal/provider"
-	"github.com/kleinai/backend/pkg/outbound"
-	"golang.org/x/crypto/sha3"
-)
-
-const (
-	defaultBaseURL = "https://api.openai.com"
-	defaultTimeout = 6 * time.Minute
-)
-
-// Provider 实现 provider.Provider。
-type Provider struct {
-	client     *http.Client
-	defaultURL string
-	name       string
-}
-
-// New 构造。defaultBase 为空时使用 OpenAI 官方域名。
-func New(defaultBase string) *Provider {
-	if defaultBase == "" {
-		defaultBase = defaultBaseURL
-	}
-	return &Provider{
-		client: &http.Client{
-			Timeout: defaultTimeout,
-		},
-		defaultURL: strings.TrimRight(defaultBase, "/"),
-		name:       "gpt",
-	}
-}
-
-// Name impl。
-func (p *Provider) Name() string { return p.name }
-
-type imgReq struct {
-	Model          string `json:"model"`
-	Prompt         string `json:"prompt"`
-	N              int    `json:"n,omitempty"`
-	Size           string `json:"size,omitempty"`
-	Quality        string `json:"quality,omitempty"`
-	Style          string `json:"style,omitempty"`
-	ResponseFormat string `json:"response_format,omitempty"`
-}
-
-type imgRespItem struct {
-	URL     string `json:"url"`
-	B64JSON string `json:"b64_json,omitempty"`
-}
-type imgResp struct {
-	Created int           `json:"created"`
-	Data    []imgRespItem `json:"data"`
-	Error   *struct {
-		Message string `json:"message"`
-		Type    string `json:"type"`
-		Code    string `json:"code"`
-	} `json:"error,omitempty"`
-}
-
-type responseInputItem struct {
-	Type     string           `json:"type"`
-	Role     string           `json:"role"`
-	Content  []map[string]any `json:"content"`
-	MetaData map[string]any   `json:"metadata,omitempty"`
-}
-
-type responseReq struct {
-	Instructions      string           `json:"instructions"`
-	Stream            bool             `json:"stream"`
-	Reasoning         map[string]any   `json:"reasoning,omitempty"`
-	ParallelToolCalls bool             `json:"parallel_tool_calls"`
-	Include           []string         `json:"include,omitempty"`
-	Model             string           `json:"model"`
-	Store             bool             `json:"store"`
-	ToolChoice        any              `json:"tool_choice,omitempty"`
-	Input             any              `json:"input"`
-	Tools             []map[string]any `json:"tools"`
-}
-
-type responseCompletedEvent struct {
-	Type     string `json:"type"`
-	Response struct {
-		Output []responseOutputItem `json:"output"`
-	} `json:"response"`
-	Error *struct {
-		Message string `json:"message"`
-		Type    string `json:"type"`
-		Code    string `json:"code"`
-	} `json:"error,omitempty"`
-}
-
-type responseOutputItem struct {
-	Type          string `json:"type"`
-	Result        string `json:"result"`
-	B64JSON       string `json:"b64_json"`
-	ImageB64      string `json:"image_b64"`
-	URL           string `json:"url"`
-	OutputFormat  string `json:"output_format"`
-	Size          string `json:"size"`
-	RevisedPrompt string `json:"revised_prompt"`
-	Content       []struct {
-		Type     string `json:"type"`
-		Result   string `json:"result"`
-		B64JSON  string `json:"b64_json"`
-		ImageB64 string `json:"image_b64"`
-		URL      string `json:"url"`
-	} `json:"content"`
-}
-
-// Generate impl。仅支持 KindImage。
-func (p *Provider) Generate(ctx context.Context, req *provider.Request) (*provider.Result, error) {
-	if req.Kind != provider.KindImage {
-		return nil, fmt.Errorf("gpt provider only supports image kind, got %s", req.Kind)
-	}
-	if req.Credential == "" {
-		return nil, fmt.Errorf("gpt provider missing credential")
-	}
-	if isGPTImage2(req.ModelCode) {
-		if shouldUseWebImage2(req) {
-			return p.generateImage2Web(ctx, req)
-		}
-		return p.generateImage2(ctx, req)
-	}
-
-	base := req.BaseURL
-	if base == "" {
-		base = p.defaultURL
-	}
-	base = strings.TrimRight(base, "/")
-	url := base + "/v1/images/generations"
-
-	count := req.Count
-	if count <= 0 {
-		count = 1
-	}
-
-	body := imgReq{
-		Model:          req.ModelCode,
-		Prompt:         req.Prompt,
-		N:              count,
-		Size:           imageSize(req.Params, "1024x1024"),
-		Quality:        strParam(req.Params, "quality", ""),
-		Style:          strParam(req.Params, "style", ""),
-		ResponseFormat: "url",
-	}
-	payload, _ := json.Marshal(body)
-
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
-	if err != nil {
-		return nil, err
-	}
-	httpReq.Header.Set("Authorization", "Bearer "+req.Credential)
-	httpReq.Header.Set("Content-Type", "application/json")
-	httpReq.Header.Set("User-Agent", "kleinai/1.0")
-
-	start := time.Now()
-	client, err := p.httpClient(req.ProxyURL)
-	if err != nil {
-		return nil, err
-	}
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return nil, fmt.Errorf("gpt http: %w", err)
-	}
-	defer resp.Body.Close()
-
-	raw, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode >= 400 {
-		return nil, fmt.Errorf("gpt %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-
-	var out imgResp
-	if err := json.Unmarshal(raw, &out); err != nil {
-		return nil, fmt.Errorf("gpt decode: %w (raw=%s)", err, snippet(raw, 240))
-	}
-	if out.Error != nil && out.Error.Message != "" {
-		return nil, fmt.Errorf("gpt: %s", out.Error.Message)
-	}
-	if len(out.Data) == 0 {
-		return nil, fmt.Errorf("gpt returned 0 image")
-	}
-
-	width, height := parseSize(body.Size)
-	assets := make([]provider.Asset, 0, len(out.Data))
-	for _, d := range out.Data {
-		a := provider.Asset{
-			URL:    d.URL,
-			Width:  width,
-			Height: height,
-			Mime:   "image/png",
-		}
-		if a.URL == "" && d.B64JSON != "" {
-			// 大多数网关会直接给 URL；b64 模式 caller 应自行落 OSS 后再回填。
-			a.URL = "data:image/png;base64," + d.B64JSON
-		}
-		assets = append(assets, a)
-	}
-
-	return &provider.Result{
-		TaskID:  req.TaskID,
-		Assets:  assets,
-		Latency: time.Since(start),
-	}, nil
-}
-
-type webRequirement struct {
-	Token      string
-	ProofToken string
-	SOToken    string
-}
-
-type webUploadMeta struct {
-	FileID        string
-	LibraryFileID string
-	FileName      string
-	FileSize      int
-	Mime          string
-	Width         int
-	Height        int
-}
-
-func (p *Provider) generateImage2Web(ctx context.Context, req *provider.Request) (*provider.Result, error) {
-	base := strings.TrimRight(req.BaseURL, "/")
-	if base == "" || isCodexBase(base) || strings.Contains(base, "api.openai.com") {
-		base = "https://chatgpt.com"
-	}
-	count := req.Count
-	if count <= 0 {
-		count = 1
-	}
-	size := imageSize(req.Params, "1024x1024")
-	ratio := webRatioFromSize(size, strParam(req.Params, "ratio", strParam(req.Params, "aspect_ratio", "1:1")))
-	prompt := webImagePromptV2(req.Prompt, ratio, size)
-	webModel := webImageModelSlug(req)
-	client, err := p.httpClient(req.ProxyURL)
-	if err != nil {
-		return nil, err
-	}
-	fp := newWebFP()
-	start := time.Now()
-	logUpstream(ctx, req, provider.UpstreamLogEntry{
-		Provider: "gpt",
-		Stage:    "web.start",
-		Meta: map[string]any{
-			"route":     "chatgpt_web",
-			"model":     webModel,
-			"ratio":     ratio,
-			"count":     count,
-			"ref_count": len(req.RefAssets),
-		},
-	})
-	if err := p.webBootstrap(ctx, client, base, fp); err != nil {
-		logUpstream(ctx, req, provider.UpstreamLogEntry{Provider: "gpt", Stage: "web.bootstrap", Method: "GET", URL: base + "/", Error: err.Error()})
-		return nil, err
-	}
-	reqs, err := p.webRequirements(ctx, client, base, fp, req.Credential)
-	if err != nil {
-		logUpstream(ctx, req, provider.UpstreamLogEntry{Provider: "gpt", Stage: "web.requirements", Method: "POST", URL: base + "/backend-api/sentinel/chat-requirements", Error: err.Error()})
-		return nil, err
-	}
-	logUpstream(ctx, req, provider.UpstreamLogEntry{
-		Provider: "gpt",
-		Stage:    "web.requirements",
-		Method:   "POST",
-		URL:      base + "/backend-api/sentinel/chat-requirements",
-		Meta:     map[string]any{"has_token": reqs.Token != "", "has_proof_token": reqs.ProofToken != "", "has_so_token": reqs.SOToken != ""},
-	})
-	refs := make([]webUploadMeta, 0, len(req.RefAssets))
-	for i, ref := range req.RefAssets {
-		meta, err := p.webUploadImage(ctx, client, base, fp, req.Credential, strings.TrimSpace(ref), fmt.Sprintf("image_%d.png", i+1))
-		if err != nil {
-			logUpstream(ctx, req, provider.UpstreamLogEntry{Provider: "gpt", Stage: "web.upload", Method: "POST", URL: base + "/backend-api/files", Error: err.Error(), Meta: map[string]any{"ref_index": i + 1}})
-			return nil, err
-		}
-		logUpstream(ctx, req, provider.UpstreamLogEntry{
-			Provider: "gpt",
-			Stage:    "web.upload",
-			Method:   "POST",
-			URL:      base + "/backend-api/files",
-			Meta: map[string]any{
-				"file_id":   meta.FileID,
-				"mime":      meta.Mime,
-				"size":      meta.FileSize,
-				"width":     meta.Width,
-				"height":    meta.Height,
-				"ref_index": i + 1,
-			},
-		})
-		refs = append(refs, meta)
-	}
-	width, height := parseSize(size)
-	assets := make([]provider.Asset, 0, count)
-	lastDiag := ""
-	for i := 0; i < count && len(assets) < count; i++ {
-		conduit, err := p.webPrepareImageConversation(ctx, client, base, fp, req.Credential, reqs, prompt, webModel, refs)
-		if err != nil {
-			logUpstream(ctx, req, provider.UpstreamLogEntry{Provider: "gpt", Stage: "web.prepare", Method: "POST", URL: base + "/backend-api/f/conversation/prepare", Error: err.Error()})
-			return nil, err
-		}
-		logUpstream(ctx, req, provider.UpstreamLogEntry{Provider: "gpt", Stage: "web.prepare", Method: "POST", URL: base + "/backend-api/f/conversation/prepare", Meta: map[string]any{"has_conduit": conduit != ""}})
-		conversationID, fileIDs, sedimentIDs, directURLs, lastText, err := p.webStartImageGeneration(ctx, client, base, fp, req.Credential, reqs, conduit, prompt, webModel, refs)
-		if err != nil {
-			logUpstream(ctx, req, provider.UpstreamLogEntry{Provider: "gpt", Stage: "web.conversation", Method: "POST", URL: base + "/backend-api/f/conversation", Error: err.Error()})
-			return nil, err
-		}
-		fileIDs, sedimentIDs, directURLs = filterWebGeneratedAssetIDs(fileIDs, sedimentIDs, directURLs, refs)
-		logUpstream(ctx, req, provider.UpstreamLogEntry{
-			Provider:        "gpt",
-			Stage:           "web.conversation",
-			Method:          "POST",
-			URL:             base + "/backend-api/f/conversation",
-			ResponseExcerpt: lastText,
-			Meta: map[string]any{
-				"conversation_id": conversationID,
-				"file_ids":        fileIDs,
-				"sediment_ids":    sedimentIDs,
-				"direct_urls":     len(directURLs),
-			},
-		})
-		var urls, downloadErrs []string
-		deadline := time.Now().Add(9 * time.Minute)
-		pollCount := 0
-		for {
-			if conversationID != "" {
-				pollFileIDs, pollSedimentIDs, pollURLs, _ := p.webConversationImageIDs(ctx, client, base, fp, req.Credential, conversationID, refs)
-				pollCount++
-				addUniqueString(&fileIDs, pollFileIDs...)
-				addUniqueString(&sedimentIDs, pollSedimentIDs...)
-				addUniqueString(&directURLs, pollURLs...)
-				if pollCount == 1 || pollCount%6 == 0 {
-					libFileIDs, _ := p.webLibraryImageIDs(ctx, client, base, fp, req.Credential, conversationID, refs)
-					addUniqueString(&fileIDs, libFileIDs...)
-				}
-			}
-			urls = p.webResolveImageURLs(ctx, client, base, fp, req.Credential, conversationID, fileIDs, sedimentIDs, refs)
-			addUniqueWebAssetURLs(&urls, directURLs...)
-			if pollCount == 1 || pollCount%12 == 0 {
-				logUpstream(ctx, req, provider.UpstreamLogEntry{
-					Provider:        "gpt",
-					Stage:           "web.poll",
-					ResponseExcerpt: snippet([]byte(lastText), 160),
-					Meta: map[string]any{
-						"poll_count":      pollCount,
-						"conversation_id": conversationID,
-						"file_ids":        len(fileIDs),
-						"sediment_ids":    len(sedimentIDs),
-						"direct_urls":     len(directURLs),
-						"resolved_urls":   len(urls),
-						"download_errors": len(downloadErrs),
-					},
-				})
-			}
-			for _, u := range urls {
-				dataURL, mime, err := p.webDownloadAsDataURL(ctx, client, base, fp, req.Credential, u)
-				if err != nil {
-					errText := fmt.Sprintf("%s: %v", sanitizeDiagURL(u), err)
-					before := len(downloadErrs)
-					addUniqueString(&downloadErrs, errText)
-					if len(downloadErrs) > before && len(downloadErrs) <= 3 {
-						logUpstream(ctx, req, provider.UpstreamLogEntry{Provider: "gpt", Stage: "web.download", Method: "GET", URL: sanitizeDiagURL(u), Error: errText})
-					}
-					continue
-				}
-				logUpstream(ctx, req, provider.UpstreamLogEntry{
-					Provider: "gpt",
-					Stage:    "web.download",
-					Method:   "GET",
-					URL:      sanitizeDiagURL(u),
-					Meta:     map[string]any{"mime": mime, "poll_count": pollCount},
-				})
-				assets = append(assets, provider.Asset{
-					URL:    dataURL,
-					Width:  width,
-					Height: height,
-					Mime:   mime,
-					Meta:   map[string]any{"provider_route": "chatgpt_web", "size": "1K", "ratio": ratio},
-				})
-				if len(assets) >= count {
-					break
-				}
-			}
-			if len(assets) >= count || conversationID == "" || time.Now().After(deadline) {
-				break
-			}
-			select {
-			case <-ctx.Done():
-				lastDiag = webImage2Diag(conversationID, fileIDs, sedimentIDs, directURLs, urls, downloadErrs, lastText)
-				logUpstream(ctx, req, provider.UpstreamLogEntry{
-					Provider:        "gpt",
-					Stage:           "web.wait_timeout",
-					ResponseExcerpt: lastDiag,
-					Error:           ctx.Err().Error(),
-					Meta: map[string]any{
-						"poll_count":      pollCount,
-						"asset_count":     len(assets),
-						"resolved_urls":   len(urls),
-						"download_errors": downloadErrs,
-					},
-				})
-				return nil, fmt.Errorf("gpt image2 web wait: %w", ctx.Err())
-			case <-time.After(5 * time.Second):
-			}
-		}
-		lastDiag = webImage2Diag(conversationID, fileIDs, sedimentIDs, directURLs, urls, downloadErrs, lastText)
-		logUpstream(ctx, req, provider.UpstreamLogEntry{
-			Provider:        "gpt",
-			Stage:           "web.resolve",
-			ResponseExcerpt: lastDiag,
-			Meta: map[string]any{
-				"poll_count":      pollCount,
-				"resolved_urls":   len(urls),
-				"download_errors": downloadErrs,
-				"asset_count":     len(assets),
-			},
-		})
-		if len(assets) == 0 && conversationID == "" && lastText != "" {
-			return nil, fmt.Errorf("gpt image2 web produced text instead of image: %s", snippet([]byte(lastText), 220))
-		}
-	}
-	if len(assets) == 0 {
-		if lastDiag != "" {
-			logUpstream(ctx, req, provider.UpstreamLogEntry{Provider: "gpt", Stage: "web.failed", ResponseExcerpt: lastDiag})
-			return nil, fmt.Errorf("gpt image2 web returned 0 image (%s)", lastDiag)
-		}
-		logUpstream(ctx, req, provider.UpstreamLogEntry{Provider: "gpt", Stage: "web.failed", ResponseExcerpt: "gpt image2 web returned 0 image"})
-		return nil, fmt.Errorf("gpt image2 web returned 0 image")
-	}
-	return &provider.Result{TaskID: req.TaskID, Assets: assets, Latency: time.Since(start)}, nil
-}
-
-func (p *Provider) generateImage2(ctx context.Context, req *provider.Request) (*provider.Result, error) {
-	base := strings.TrimRight(req.BaseURL, "/")
-	if base == "" {
-		base = p.defaultURL
-	}
-	url := responseEndpoint(base)
-	count := req.Count
-	if count <= 0 {
-		count = 1
-	}
-	modelCode := req.ModelCode
-	mainModel := strParam(req.Params, "main_model", mainModelForImage2(modelCode))
-	toolModel := imageToolModel(modelCode)
-	size := imageSize(req.Params, "1024x1024")
-	action := "generate"
-	if req.Mode == provider.ModeI2I || len(req.RefAssets) > 0 || strings.EqualFold(strParam(req.Params, "operation", ""), "edit") {
-		action = "edit"
-	}
-	content := []map[string]any{{"type": "input_text", "text": req.Prompt}}
-	for _, ref := range req.RefAssets {
-		ref = strings.TrimSpace(ref)
-		if ref == "" {
-			continue
-		}
-		content = append(content, map[string]any{"type": "input_image", "image_url": ref})
-	}
-	input := []responseInputItem{{Type: "message", Role: "user", Content: content}}
-	tool := map[string]any{
-		"type":   "image_generation",
-		"action": action,
-		"model":  toolModel,
-		"size":   size,
-	}
-	if quality := imageQuality(req.Params); quality != "" {
-		tool["quality"] = quality
-	}
-	copyParam(tool, req.Params, "background")
-	copyParam(tool, req.Params, "output_format")
-	copyParam(tool, req.Params, "output_compression")
-	copyParam(tool, req.Params, "partial_images")
-	copyParam(tool, req.Params, "moderation")
-	copyParam(tool, req.Params, "input_fidelity")
-	if mask := firstStringParam(req.Params, "mask", "mask_image_url"); mask != "" {
-		tool["input_image_mask"] = map[string]string{"image_url": mask}
-	}
-	body := responseReq{
-		Instructions:      "You are an image generation assistant. Follow the user's prompt and return the generated image.",
-		Stream:            true,
-		Reasoning:         map[string]any{"effort": "medium", "summary": "auto"},
-		ParallelToolCalls: true,
-		Include:           []string{"reasoning.encrypted_content"},
-		Model:             mainModel,
-		Store:             false,
-		ToolChoice:        "auto",
-		Input:             input,
-		Tools:             []map[string]any{tool},
-	}
-
-	start := time.Now()
-	client, err := p.httpClient(req.ProxyURL)
-	if err != nil {
-		return nil, err
-	}
-	width, height := parseSize(size)
-	assets := make([]provider.Asset, 0, count)
-	logUpstream(ctx, req, provider.UpstreamLogEntry{
-		Provider: "gpt",
-		Stage:    "codex.start",
-		Method:   "POST",
-		URL:      url,
-		Meta: map[string]any{
-			"model":          modelCode,
-			"main_model":     mainModel,
-			"tool_model":     toolModel,
-			"size":           size,
-			"count":          count,
-			"action":         action,
-			"ref_count":      len(req.RefAssets),
-			"proxy":          req.ProxyURL != "",
-			"has_toolchoice": true,
-		},
-	})
-	for i := 0; i < count && len(assets) < count; i++ {
-		attemptBody := body
-		retriedWithoutToolChoice := false
-		for {
-			payload, _ := json.Marshal(attemptBody)
-			httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
-			if err != nil {
-				return nil, err
-			}
-			httpReq.Header.Set("Authorization", "Bearer "+req.Credential)
-			httpReq.Header.Set("Content-Type", "application/json")
-			httpReq.Header.Set("Accept", "text/event-stream")
-			httpReq.Header.Set("User-Agent", userAgentForEndpoint(url))
-			if isCodexEndpoint(url) {
-				httpReq.Header.Set("Originator", "codex-tui")
-				httpReq.Header.Set("Connection", "Keep-Alive")
-			}
-			resp, err := client.Do(httpReq)
-			if err != nil {
-				logUpstream(ctx, req, provider.UpstreamLogEntry{
-					Provider:       "gpt",
-					Stage:          "codex.request",
-					Method:         "POST",
-					URL:            url,
-					RequestExcerpt: snippet(payload, 600),
-					Error:          err.Error(),
-					Meta: map[string]any{
-						"model":      modelCode,
-						"size":       size,
-						"count":      count,
-						"tool_model": toolModel,
-						"action":     action,
-					},
-				})
-				return nil, fmt.Errorf("gpt image2 http: %w", err)
-			}
-			if resp.StatusCode >= 400 {
-				raw, _ := io.ReadAll(resp.Body)
-				_ = resp.Body.Close()
-				if retriedWithoutToolChoice {
-					logUpstream(ctx, req, provider.UpstreamLogEntry{
-						Provider:        "gpt",
-						Stage:           "codex.response",
-						Method:          "POST",
-						URL:             url,
-						StatusCode:      resp.StatusCode,
-						RequestExcerpt:  snippet(payload, 600),
-						ResponseExcerpt: snippet(raw, 600),
-						Meta: map[string]any{
-							"model":      modelCode,
-							"size":       size,
-							"count":      count,
-							"tool_model": toolModel,
-							"action":     action,
-						},
-					})
-				}
-				if !retriedWithoutToolChoice && shouldRetryImage2WithoutToolChoice(raw) {
-					logUpstream(ctx, req, provider.UpstreamLogEntry{
-						Provider:        "gpt",
-						Stage:           "codex.retry",
-						Method:          "POST",
-						URL:             url,
-						StatusCode:      resp.StatusCode,
-						RequestExcerpt:  snippet(payload, 600),
-						ResponseExcerpt: snippet(raw, 600),
-						Meta: map[string]any{
-							"reason": "tool_choice_fallback",
-						},
-					})
-					attemptBody.ToolChoice = nil
-					retriedWithoutToolChoice = true
-					continue
-				}
-				logUpstream(ctx, req, provider.UpstreamLogEntry{
-					Provider:        "gpt",
-					Stage:           "codex.failed",
-					Method:          "POST",
-					URL:             url,
-					StatusCode:      resp.StatusCode,
-					RequestExcerpt:  snippet(payload, 600),
-					ResponseExcerpt: snippet(raw, 600),
-					Meta: map[string]any{
-						"model":      modelCode,
-						"size":       size,
-						"count":      count,
-						"tool_model": toolModel,
-						"action":     action,
-					},
-				})
-				return nil, fmt.Errorf("gpt image2 %d: %s", resp.StatusCode, snippet(raw, 320))
-			}
-			completed, err := parseCompletedResponse(resp.Body)
-			_ = resp.Body.Close()
-			if err != nil {
-				logUpstream(ctx, req, provider.UpstreamLogEntry{
-					Provider:       "gpt",
-					Stage:          "codex.decode",
-					Method:         "POST",
-					URL:            url,
-					RequestExcerpt: snippet(payload, 600),
-					Error:          err.Error(),
-					Meta: map[string]any{
-						"model":      modelCode,
-						"size":       size,
-						"count":      count,
-						"tool_model": toolModel,
-						"action":     action,
-					},
-				})
-				return nil, err
-			}
-			if completed.Error != nil && completed.Error.Message != "" {
-				logUpstream(ctx, req, provider.UpstreamLogEntry{
-					Provider:        "gpt",
-					Stage:           "codex.failed",
-					Method:          "POST",
-					URL:             url,
-					RequestExcerpt:  snippet(payload, 600),
-					ResponseExcerpt: completed.Error.Message,
-					Meta: map[string]any{
-						"model":      modelCode,
-						"size":       size,
-						"count":      count,
-						"tool_model": toolModel,
-						"action":     action,
-					},
-				})
-				return nil, fmt.Errorf("gpt image2: %s", completed.Error.Message)
-			}
-			for _, out := range completed.Response.Output {
-				imageData, imageURL := outputImagePayload(out)
-				if out.Type != "image_generation_call" && imageData == "" && imageURL == "" {
-					continue
-				}
-				mime := mimeForImageFormat(out.OutputFormat)
-				assetWidth, assetHeight := width, height
-				if out.Size != "" {
-					assetWidth, assetHeight = parseSize(out.Size)
-				}
-				assetURL := imageURL
-				if assetURL == "" {
-					assetURL = "data:" + mime + ";base64," + imageData
-				}
-				assets = append(assets, provider.Asset{
-					URL:    assetURL,
-					Width:  assetWidth,
-					Height: assetHeight,
-					Mime:   mime,
-					Meta:   map[string]any{"revised_prompt": out.RevisedPrompt, "provider_action": action, "size": size},
-				})
-				logUpstream(ctx, req, provider.UpstreamLogEntry{
-					Provider:        "gpt",
-					Stage:           "codex.asset",
-					Method:          "POST",
-					URL:             url,
-					RequestExcerpt:  snippet(payload, 600),
-					ResponseExcerpt: assetURL,
-					Meta: map[string]any{
-						"model":       modelCode,
-						"size":        size,
-						"count":       count,
-						"tool_model":  toolModel,
-						"action":      action,
-						"asset_index": len(assets),
-					},
-				})
-				if len(assets) >= count {
-					break
-				}
-			}
-			break
-		}
-	}
-	if len(assets) == 0 {
-		logUpstream(ctx, req, provider.UpstreamLogEntry{
-			Provider:        "gpt",
-			Stage:           "codex.failed",
-			Method:          "POST",
-			URL:             url,
-			ResponseExcerpt: "gpt image2 returned 0 image",
-			Meta: map[string]any{
-				"model":      modelCode,
-				"size":       size,
-				"count":      count,
-				"tool_model": toolModel,
-				"action":     action,
-			},
-		})
-		return nil, fmt.Errorf("gpt image2 returned 0 image")
-	}
-	logUpstream(ctx, req, provider.UpstreamLogEntry{
-		Provider: "gpt",
-		Stage:    "codex.success",
-		Method:   "POST",
-		URL:      url,
-		Meta: map[string]any{
-			"model":      modelCode,
-			"size":       size,
-			"count":      count,
-			"tool_model": toolModel,
-			"action":     action,
-			"assets":     len(assets),
-		},
-	})
-	return &provider.Result{TaskID: req.TaskID, Assets: assets, Latency: time.Since(start)}, nil
-}
-
-type webFP struct {
-	UserAgent     string
-	DeviceID      string
-	SessionID     string
-	ClientVersion string
-	BuildNumber   string
-	SecCHUA       string
-}
-
-func newWebFP() webFP {
-	return webFP{
-		UserAgent:     "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 Edg/143.0.0.0",
-		DeviceID:      uuid.NewString(),
-		SessionID:     uuid.NewString(),
-		ClientVersion: "prod-be885abbfcfe7b1f511e88b3003d9ee44757fbad",
-		BuildNumber:   "5955942",
-		SecCHUA:       `"Microsoft Edge";v="143", "Chromium";v="143", "Not A(Brand";v="24"`,
-	}
-}
-
-func (p *Provider) webBootstrap(ctx context.Context, client *http.Client, base string, fp webFP) error {
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodGet, base+"/", nil)
-	if err != nil {
-		return err
-	}
-	for k, v := range webBaseHeaders(fp, "", "") {
-		httpReq.Header.Set(k, v)
-	}
-	httpReq.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8")
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return fmt.Errorf("gpt image2 web bootstrap: %w", err)
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode >= 400 {
-		raw, _ := io.ReadAll(io.LimitReader(resp.Body, 320))
-		return fmt.Errorf("gpt image2 web bootstrap %d: %s", resp.StatusCode, string(raw))
-	}
-	io.Copy(io.Discard, io.LimitReader(resp.Body, 512*1024))
-	return nil
-}
-
-func (p *Provider) webRequirements(ctx context.Context, client *http.Client, base string, fp webFP, token string) (webRequirement, error) {
-	path := "/backend-api/sentinel/chat-requirements"
-	body := map[string]string{"p": buildLegacyRequirementsToken(fp.UserAgent)}
-	payload, _ := json.Marshal(body)
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, base+path, bytes.NewReader(payload))
-	if err != nil {
-		return webRequirement{}, err
-	}
-	for k, v := range webBaseHeaders(fp, token, path) {
-		httpReq.Header.Set(k, v)
-	}
-	httpReq.Header.Set("Content-Type", "application/json")
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return webRequirement{}, fmt.Errorf("gpt image2 web requirements: %w", err)
-	}
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode >= 400 {
-		return webRequirement{}, fmt.Errorf("gpt image2 web requirements %d: %s", resp.StatusCode, snippet(raw, 320))
-	}
-	var out struct {
-		Token       string `json:"token"`
-		SOToken     string `json:"so_token"`
-		ProofOfWork struct {
-			Required   bool   `json:"required"`
-			Seed       string `json:"seed"`
-			Difficulty string `json:"difficulty"`
-		} `json:"proofofwork"`
-		Arkose struct {
-			Required bool `json:"required"`
-		} `json:"arkose"`
-	}
-	if err := json.Unmarshal(raw, &out); err != nil {
-		return webRequirement{}, fmt.Errorf("gpt image2 web requirements decode: %w", err)
-	}
-	if out.Arkose.Required {
-		return webRequirement{}, fmt.Errorf("gpt image2 web requires arkose")
-	}
-	if out.Token == "" {
-		return webRequirement{}, fmt.Errorf("gpt image2 web requirements missing token")
-	}
-	proof := ""
-	if out.ProofOfWork.Required && out.ProofOfWork.Seed != "" && out.ProofOfWork.Difficulty != "" {
-		proof = buildProofToken(out.ProofOfWork.Seed, out.ProofOfWork.Difficulty, fp.UserAgent)
-	}
-	return webRequirement{Token: out.Token, ProofToken: proof, SOToken: out.SOToken}, nil
-}
-
-func (p *Provider) webPrepareImageConversation(ctx context.Context, client *http.Client, base string, fp webFP, token string, reqs webRequirement, prompt, modelSlug string, refs []webUploadMeta) (string, error) {
-	path := "/backend-api/f/conversation/prepare"
-	body := map[string]any{
-		"action":                 "next",
-		"fork_from_shared_post":  false,
-		"parent_message_id":      "client-created-root",
-		"model":                  modelSlug,
-		"client_prepare_state":   "none",
-		"timezone_offset_min":    -480,
-		"timezone":               "Asia/Shanghai",
-		"conversation_mode":      map[string]any{"kind": "primary_assistant"},
-		"system_hints":           []string{"picture_v2"},
-		"attachment_mime_types":  []string{"image/png"},
-		"supports_buffering":     true,
-		"supported_encodings":    []string{"v1"},
-		"client_contextual_info": map[string]any{"app_name": "chatgpt.com"},
-		"thinking_effort":        "standard",
-	}
-	payload, _ := json.Marshal(body)
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, base+path, bytes.NewReader(payload))
-	if err != nil {
-		return "", err
-	}
-	for k, v := range webImageHeaders(fp, token, path, reqs, "", "*/*") {
-		httpReq.Header.Set(k, v)
-	}
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return "", fmt.Errorf("gpt image2 web prepare: %w", err)
-	}
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode >= 400 {
-		return "", fmt.Errorf("gpt image2 web prepare %d: %s", resp.StatusCode, snippet(raw, 320))
-	}
-	var out struct {
-		ConduitToken string `json:"conduit_token"`
-	}
-	if err := json.Unmarshal(raw, &out); err != nil {
-		return "", fmt.Errorf("gpt image2 web prepare decode: %w", err)
-	}
-	if out.ConduitToken == "" {
-		return "", fmt.Errorf("gpt image2 web prepare missing conduit token")
-	}
-	return out.ConduitToken, nil
-}
-
-func (p *Provider) webStartImageGeneration(ctx context.Context, client *http.Client, base string, fp webFP, token string, reqs webRequirement, conduit, prompt, modelSlug string, refs []webUploadMeta) (string, []string, []string, []string, string, error) {
-	path := "/backend-api/f/conversation"
-	content, metadata := webImageMessageContent(prompt, refs)
-	messageID := uuid.NewString()
-	body := map[string]any{
-		"action":                   "next",
-		"fork_from_shared_post":    false,
-		"parent_message_id":        "client-created-root",
-		"model":                    modelSlug,
-		"client_prepare_state":     "success",
-		"timezone_offset_min":      -480,
-		"timezone":                 "Asia/Shanghai",
-		"conversation_mode":        map[string]any{"kind": "primary_assistant"},
-		"enable_message_followups": true,
-		"system_hints":             []string{},
-		"supports_buffering":       true,
-		"supported_encodings":      []string{"v1"},
-		"client_contextual_info": map[string]any{
-			"is_dark_mode": false, "time_since_loaded": 51, "page_height": 1111, "page_width": 1731,
-			"pixel_ratio": 1.5, "screen_height": 1440, "screen_width": 2560, "app_name": "chatgpt.com",
-		},
-		"paragen_cot_summary_display_override": "allow",
-		"force_parallel_switch":                "auto",
-		"thinking_effort":                      "standard",
-		"messages": []map[string]any{{
-			"id":          messageID,
-			"author":      map[string]string{"role": "user"},
-			"create_time": time.Now().Unix(),
-			"content":     content,
-			"metadata":    metadata,
-		}},
-	}
-	payload, _ := json.Marshal(body)
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, base+path, bytes.NewReader(payload))
-	if err != nil {
-		return "", nil, nil, nil, "", err
-	}
-	for k, v := range webImageHeaders(fp, token, path, reqs, conduit, "text/event-stream") {
-		httpReq.Header.Set(k, v)
-	}
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return "", nil, nil, nil, "", fmt.Errorf("gpt image2 web conversation: %w", err)
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode >= 400 {
-		raw, _ := io.ReadAll(resp.Body)
-		return "", nil, nil, nil, "", fmt.Errorf("gpt image2 web conversation %d: %s", resp.StatusCode, snippet(raw, 320))
-	}
-	conversationID, fileIDs, sedimentIDs, directURLs, lastText, err := parseWebImageSSE(resp.Body)
-	if err != nil {
-		return "", nil, nil, nil, "", err
-	}
-	return conversationID, fileIDs, sedimentIDs, directURLs, lastText, nil
-}
-
-func webImageMessageContent(prompt string, refs []webUploadMeta) (map[string]any, map[string]any) {
-	parts := make([]any, 0, len(refs)+1)
-	attachments := make([]map[string]any, 0, len(refs))
-	for _, ref := range refs {
-		parts = append(parts, map[string]any{
-			"content_type":  "image_asset_pointer",
-			"asset_pointer": "sediment://file_" + strings.TrimPrefix(ref.FileID, "file_"),
-			"width":         ref.Width,
-			"height":        ref.Height,
-			"size_bytes":    ref.FileSize,
-		})
-		attachment := map[string]any{
-			"id":           ref.FileID,
-			"mime_type":    ref.Mime,
-			"name":         ref.FileName,
-			"size":         ref.FileSize,
-			"width":        ref.Width,
-			"height":       ref.Height,
-			"source":       "library",
-			"is_big_paste": false,
-		}
-		if ref.LibraryFileID != "" {
-			attachment["library_file_id"] = ref.LibraryFileID
-		}
-		attachments = append(attachments, attachment)
-	}
-	if len(refs) > 0 {
-		parts = append(parts, prompt)
-	}
-	content := map[string]any{"content_type": "text", "parts": []string{prompt}}
-	if len(refs) > 0 {
-		content = map[string]any{"content_type": "multimodal_text", "parts": parts}
-	}
-	metadata := map[string]any{
-		"developer_mode_connector_ids": []string{},
-		"selected_github_repos":        []string{},
-		"selected_all_github_repos":    false,
-		"system_hints":                 []string{"picture_v2"},
-		"serialization_metadata":       map[string]any{"custom_symbol_offsets": []any{}},
-	}
-	if len(attachments) > 0 {
-		metadata["attachments"] = attachments
-	}
-	return content, metadata
-}
-
-func (p *Provider) webPollImageResults(ctx context.Context, client *http.Client, base string, fp webFP, token, conversationID string, timeout time.Duration, refs []webUploadMeta) ([]string, []string, []string, error) {
-	if conversationID == "" {
-		return nil, nil, nil, nil
-	}
-	deadline := time.Now().Add(timeout)
-	var lastErr error
-	for time.Now().Before(deadline) {
-		fileIDs, sedimentIDs, directURLs, err := p.webConversationImageIDs(ctx, client, base, fp, token, conversationID, refs)
-		if err == nil && (len(fileIDs) > 0 || len(sedimentIDs) > 0 || len(directURLs) > 0) {
-			return fileIDs, sedimentIDs, directURLs, nil
-		}
-		lastErr = err
-		time.Sleep(4 * time.Second)
-	}
-	return nil, nil, nil, lastErr
-}
-
-func (p *Provider) webConversationImageIDs(ctx context.Context, client *http.Client, base string, fp webFP, token, conversationID string, refs []webUploadMeta) ([]string, []string, []string, error) {
-	path := "/backend-api/conversation/" + conversationID
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodGet, base+path, nil)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-	for k, v := range webBaseHeaders(fp, token, path) {
-		httpReq.Header.Set(k, v)
-	}
-	httpReq.Header.Set("Accept", "application/json")
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode >= 400 {
-		return nil, nil, nil, fmt.Errorf("gpt image2 web poll %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	fileIDs, sedimentIDs := extractWebImageToolIDs(raw)
-	_, _, _, directURLs := extractWebImageIDs(string(raw))
-	fileIDs, sedimentIDs, directURLs = filterWebGeneratedAssetIDs(fileIDs, sedimentIDs, directURLs, refs)
-	return fileIDs, sedimentIDs, directURLs, nil
-}
-
-func (p *Provider) webLibraryImageIDs(ctx context.Context, client *http.Client, base string, fp webFP, token, conversationID string, refs []webUploadMeta) ([]string, error) {
-	path := "/backend-api/files/library"
-	body := map[string]any{"limit": 20, "cursor": nil}
-	payload, _ := json.Marshal(body)
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, base+path, bytes.NewReader(payload))
-	if err != nil {
-		return nil, err
-	}
-	for k, v := range webBaseHeaders(fp, token, path) {
-		httpReq.Header.Set(k, v)
-	}
-	httpReq.Header.Set("Content-Type", "application/json")
-	httpReq.Header.Set("Accept", "application/json")
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode >= 400 {
-		return nil, fmt.Errorf("gpt image2 web library %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	var out struct {
-		Items []struct {
-			FileID               string `json:"file_id"`
-			MimeType             string `json:"mime_type"`
-			LibraryFileCategory  string `json:"library_file_category"`
-			State                string `json:"state"`
-			OriginationThreadID  string `json:"origination_thread_id"`
-			OriginationMessageID string `json:"origination_message_id"`
-		} `json:"items"`
-	}
-	if err := json.Unmarshal(raw, &out); err != nil {
-		return nil, err
-	}
-	var ids []string
-	for _, item := range out.Items {
-		if item.FileID == "" || item.OriginationThreadID != conversationID {
-			continue
-		}
-		if item.State != "" && !strings.EqualFold(item.State, "ready") {
-			continue
-		}
-		if item.LibraryFileCategory != "" && !strings.EqualFold(item.LibraryFileCategory, "image") {
-			continue
-		}
-		if item.MimeType != "" && !strings.HasPrefix(strings.ToLower(item.MimeType), "image/") {
-			continue
-		}
-		addUniqueString(&ids, item.FileID)
-	}
-	ids, _, _ = filterWebGeneratedAssetIDs(ids, nil, nil, refs)
-	return ids, nil
-}
-
-func (p *Provider) webResolveImageURLs(ctx context.Context, client *http.Client, base string, fp webFP, token, conversationID string, fileIDs, sedimentIDs []string, refs []webUploadMeta) []string {
-	var out []string
-	seen := map[string]bool{}
-	exclude := map[string]bool{}
-	for _, ref := range refs {
-		if ref.FileID != "" {
-			exclude[ref.FileID] = true
-		}
-		if ref.LibraryFileID != "" {
-			exclude[ref.LibraryFileID] = true
-		}
-	}
-	for _, id := range fileIDs {
-		if id == "" || id == "file_upload" || seen["file:"+id] || exclude[id] {
-			continue
-		}
-		seen["file:"+id] = true
-		path := "/backend-api/files/download/" + id
-		if conversationID != "" {
-			path += "?conversation_id=" + url.QueryEscape(conversationID) + "&inline=false"
-		}
-		if u := p.webDownloadURL(ctx, client, base, fp, token, path); u != "" {
-			out = append(out, u)
-		}
-	}
-	if conversationID == "" {
-		return out
-	}
-	for _, id := range sedimentIDs {
-		if id == "" || seen["sed:"+id] || exclude[id] {
-			continue
-		}
-		seen["sed:"+id] = true
-		if u := p.webDownloadURL(ctx, client, base, fp, token, "/backend-api/conversation/"+conversationID+"/attachment/"+id+"/download"); u != "" {
-			out = append(out, u)
-		}
-	}
-	return out
-}
-
-func filterWebGeneratedAssetIDs(fileIDs, sedimentIDs, directURLs []string, refs []webUploadMeta) ([]string, []string, []string) {
-	exclude := map[string]bool{}
-	for _, ref := range refs {
-		if ref.FileID != "" {
-			exclude[ref.FileID] = true
-		}
-		if ref.LibraryFileID != "" {
-			exclude[ref.LibraryFileID] = true
-		}
-	}
-	filter := func(in []string) []string {
-		out := make([]string, 0, len(in))
-		seen := map[string]bool{}
-		for _, v := range in {
-			if v == "" || exclude[v] || seen[v] {
-				continue
-			}
-			seen[v] = true
-			out = append(out, v)
-		}
-		return out
-	}
-	return filter(fileIDs), filter(sedimentIDs), filter(directURLs)
-}
-
-func (p *Provider) webDownloadURL(ctx context.Context, client *http.Client, base string, fp webFP, token, path string) string {
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodGet, base+path, nil)
-	if err != nil {
-		return ""
-	}
-	for k, v := range webBaseHeaders(fp, token, path) {
-		httpReq.Header.Set(k, v)
-	}
-	httpReq.Header.Set("Accept", "application/json")
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return ""
-	}
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode >= 400 {
-		return ""
-	}
-	var out map[string]any
-	if json.Unmarshal(raw, &out) != nil {
-		return ""
-	}
-	for _, k := range []string{"download_url", "url"} {
-		if s, ok := out[k].(string); ok && s != "" {
-			return s
-		}
-	}
-	return ""
-}
-
-func (p *Provider) webDownloadAsDataURL(ctx context.Context, client *http.Client, base string, fp webFP, token, rawURL string) (string, string, error) {
-	downloadURL := rawURL
-	if strings.HasPrefix(downloadURL, "/") {
-		downloadURL = strings.TrimRight(base, "/") + downloadURL
-	}
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, nil)
-	if err != nil {
-		return "", "", err
-	}
-	if shouldUseWebDownloadHeaders(base, downloadURL) {
-		targetPath := "/"
-		if parsed, err := url.Parse(downloadURL); err == nil && parsed.Path != "" {
-			targetPath = parsed.Path
-		}
-		for k, v := range webBaseHeaders(fp, token, targetPath) {
-			httpReq.Header.Set(k, v)
-		}
-		httpReq.Header.Set("Accept", "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8")
-	}
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return "", "", err
-	}
-	defer resp.Body.Close()
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return "", "", err
-	}
-	if resp.StatusCode >= 400 {
-		return "", "", fmt.Errorf("download image %d: %s", resp.StatusCode, snippet(data, 160))
-	}
-	if len(data) == 0 {
-		return "", "", fmt.Errorf("download image empty body")
-	}
-	mime := resp.Header.Get("Content-Type")
-	if idx := strings.Index(mime, ";"); idx >= 0 {
-		mime = mime[:idx]
-	}
-	if mime == "" || !strings.HasPrefix(mime, "image/") {
-		mime = http.DetectContentType(data)
-	}
-	return "data:" + mime + ";base64," + base64.StdEncoding.EncodeToString(data), mime, nil
-}
-
-func (p *Provider) webUploadImage(ctx context.Context, client *http.Client, base string, fp webFP, token, ref, name string) (webUploadMeta, error) {
-	data, mime, err := readRefImage(ctx, client, ref)
-	if err != nil {
-		return webUploadMeta{}, err
-	}
-	width, height := 1024, 1024
-	if cfg, _, err := image.DecodeConfig(bytes.NewReader(data)); err == nil {
-		width, height = cfg.Width, cfg.Height
-	}
-	path := "/backend-api/files"
-	metaBody := map[string]any{"file_name": name, "file_size": len(data), "use_case": "multimodal", "width": width, "height": height}
-	payload, _ := json.Marshal(metaBody)
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, base+path, bytes.NewReader(payload))
-	if err != nil {
-		return webUploadMeta{}, err
-	}
-	for k, v := range webBaseHeaders(fp, token, path) {
-		httpReq.Header.Set(k, v)
-	}
-	httpReq.Header.Set("Content-Type", "application/json")
-	httpReq.Header.Set("Accept", "application/json")
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return webUploadMeta{}, err
-	}
-	raw, _ := io.ReadAll(resp.Body)
-	_ = resp.Body.Close()
-	if resp.StatusCode >= 400 {
-		return webUploadMeta{}, fmt.Errorf("gpt image2 web upload meta %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	var meta struct {
-		FileID    string `json:"file_id"`
-		UploadURL string `json:"upload_url"`
-	}
-	if err := json.Unmarshal(raw, &meta); err != nil {
-		return webUploadMeta{}, err
-	}
-	if meta.FileID == "" || meta.UploadURL == "" {
-		return webUploadMeta{}, fmt.Errorf("gpt image2 web upload missing file metadata")
-	}
-	putReq, err := http.NewRequestWithContext(ctx, http.MethodPut, meta.UploadURL, bytes.NewReader(data))
-	if err != nil {
-		return webUploadMeta{}, err
-	}
-	putReq.Header.Set("Content-Type", mime)
-	putReq.Header.Set("x-ms-blob-type", "BlockBlob")
-	putReq.Header.Set("x-ms-version", "2020-04-08")
-	putReq.Header.Set("Origin", base)
-	putReq.Header.Set("Referer", base+"/")
-	putReq.Header.Set("User-Agent", fp.UserAgent)
-	resp, err = client.Do(putReq)
-	if err != nil {
-		return webUploadMeta{}, err
-	}
-	raw, _ = io.ReadAll(resp.Body)
-	_ = resp.Body.Close()
-	if resp.StatusCode >= 400 {
-		return webUploadMeta{}, fmt.Errorf("gpt image2 web upload blob %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	path = "/backend-api/files/" + meta.FileID + "/uploaded"
-	doneReq, err := http.NewRequestWithContext(ctx, http.MethodPost, base+path, strings.NewReader("{}"))
-	if err != nil {
-		return webUploadMeta{}, err
-	}
-	for k, v := range webBaseHeaders(fp, token, path) {
-		doneReq.Header.Set(k, v)
-	}
-	doneReq.Header.Set("Content-Type", "application/json")
-	resp, err = client.Do(doneReq)
-	if err != nil {
-		return webUploadMeta{}, err
-	}
-	raw, _ = io.ReadAll(resp.Body)
-	_ = resp.Body.Close()
-	if resp.StatusCode >= 400 {
-		return webUploadMeta{}, fmt.Errorf("gpt image2 web upload confirm %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	libraryFileID, err := p.webProcessUploadStream(ctx, client, base, fp, token, meta.FileID, name)
-	if err != nil {
-		return webUploadMeta{}, err
-	}
-	return webUploadMeta{FileID: meta.FileID, LibraryFileID: libraryFileID, FileName: name, FileSize: len(data), Mime: mime, Width: width, Height: height}, nil
-}
-
-func (p *Provider) webProcessUploadStream(ctx context.Context, client *http.Client, base string, fp webFP, token, fileID, fileName string) (string, error) {
-	path := "/backend-api/files/process_upload_stream"
-	body := map[string]any{
-		"file_id":                  fileID,
-		"use_case":                 "multimodal",
-		"index_for_retrieval":      false,
-		"file_name":                fileName,
-		"library_persistence_mode": "opportunistic",
-		"metadata":                 map[string]any{"store_in_library": true},
-		"entry_surface":            "chat_composer",
-	}
-	payload, _ := json.Marshal(body)
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, base+path, bytes.NewReader(payload))
-	if err != nil {
-		return "", err
-	}
-	for k, v := range webBaseHeaders(fp, token, path) {
-		httpReq.Header.Set(k, v)
-	}
-	httpReq.Header.Set("Content-Type", "application/json")
-	httpReq.Header.Set("Accept", "text/event-stream")
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return "", err
-	}
-	defer resp.Body.Close()
-	raw, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return "", err
-	}
-	if resp.StatusCode >= 400 {
-		return "", fmt.Errorf("gpt image2 web process upload %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	libraryFileID := ""
-	scanner := bufio.NewScanner(bytes.NewReader(raw))
-	scanner.Buffer(make([]byte, 0, 64*1024), 8*1024*1024)
-	for scanner.Scan() {
-		line := strings.TrimSpace(scanner.Text())
-		if line == "" {
-			continue
-		}
-		var ev struct {
-			Extra struct {
-				MetadataObjectID string `json:"metadata_object_id"`
-			} `json:"extra"`
-			Event string `json:"event"`
-		}
-		if json.Unmarshal([]byte(line), &ev) == nil && ev.Extra.MetadataObjectID != "" {
-			libraryFileID = ev.Extra.MetadataObjectID
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return "", err
-	}
-	return libraryFileID, nil
-}
-
-// === helpers ===
-
-func strParam(p map[string]any, key, def string) string {
-	if p == nil {
-		return def
-	}
-	if v, ok := p[key]; ok {
-		if s, ok := v.(string); ok && s != "" {
-			return s
-		}
-	}
-	return def
-}
-
-func (p *Provider) httpClient(proxyURL string) (*http.Client, error) {
-	if strings.TrimSpace(proxyURL) == "" {
-		return p.client, nil
-	}
-	return outbound.NewClient(outbound.Options{
-		ProxyURL: proxyURL,
-		Timeout:  defaultTimeout,
-		Mode:     outbound.ModeUTLS,
-		Profile:  outbound.ProfileChrome,
-	})
-}
-
-func firstStringParam(p map[string]any, keys ...string) string {
-	for _, key := range keys {
-		if v := strParam(p, key, ""); v != "" {
-			return v
-		}
-	}
-	return ""
-}
-
-func copyParam(dst map[string]any, src map[string]any, key string) {
-	if src == nil {
-		return
-	}
-	if v, ok := src[key]; ok {
-		switch t := v.(type) {
-		case string:
-			if t != "" {
-				dst[key] = t
-			}
-		default:
-			dst[key] = v
-		}
-	}
-}
-
-func shouldUseWebImage2(req *provider.Request) bool {
-	tier := strings.ToUpper(strings.TrimSpace(strParam(req.Params, "resolution", strParam(req.Params, "size_tier", ""))))
-	if tier == "" {
-		size := strParam(req.Params, "size", "")
-		w, h := parseSize(size)
-		if size == "" || w*h <= 1500000 {
-			return true
-		}
-		return false
-	}
-	return tier == "1K" || tier == "1"
-}
-
-func isGPTImage2(model string) bool {
-	return imageToolModel(model) == "gpt-image-2"
-}
-
-func imageToolModel(model string) string {
-	model = strings.TrimSpace(model)
-	if idx := strings.LastIndex(model, "/"); idx >= 0 {
-		model = model[idx+1:]
-	}
-	return model
-}
-
-func shouldRetryImage2WithoutToolChoice(raw []byte) bool {
-	msg := strings.ToLower(string(raw))
-	return strings.Contains(msg, "tool choice") &&
-		strings.Contains(msg, "image_generation") &&
-		strings.Contains(msg, "not found") &&
-		strings.Contains(msg, "tools")
-}
-
-func webImage2Diag(conversationID string, fileIDs, sedimentIDs, directURLs, urls, downloadErrs []string, text string) string {
-	return fmt.Sprintf("conversation_id=%s file_ids=%d sediment_ids=%d direct_urls=%d resolved_urls=%d download_errors=%d first_download_error=%s text=%s", conversationID, len(fileIDs), len(sedimentIDs), len(directURLs), len(urls), len(downloadErrs), firstString(downloadErrs), snippet([]byte(text), 120))
-}
-
-func mainModelForImage2(model string) string {
-	model = strings.TrimSpace(model)
-	if idx := strings.LastIndex(model, "/"); idx > 0 {
-		return model[:idx] + "/gpt-5.5"
-	}
-	return "gpt-5.5"
-}
-
-func responseEndpoint(base string) string {
-	base = strings.TrimRight(strings.TrimSpace(base), "/")
-	if strings.HasSuffix(base, "/responses") {
-		return base
-	}
-	if strings.Contains(base, "/backend-api/codex") {
-		return base + "/responses"
-	}
-	return base + "/v1/responses"
-}
-
-func isCodexBase(base string) bool {
-	return strings.Contains(strings.ToLower(base), "/backend-api/codex")
-}
-
-func isCodexEndpoint(url string) bool {
-	return strings.Contains(strings.ToLower(url), "chatgpt.com/backend-api/codex")
-}
-
-func userAgentForEndpoint(url string) string {
-	if isCodexEndpoint(url) {
-		return "codex-tui/0.118.0 (Mac OS 26.3.1; arm64) iTerm.app/3.6.9 (codex-tui; 0.118.0)"
-	}
-	return "kleinai/1.0"
-}
-
-func imageSize(params map[string]any, def string) string {
-	if size := strParam(params, "size", ""); size != "" {
-		return size
-	}
-	ratio := strParam(params, "ratio", strParam(params, "aspect_ratio", "1:1"))
-	tier := strings.ToUpper(strParam(params, "resolution", strParam(params, "size_tier", "1K")))
-	sizes := map[string]map[string]string{
-		"1K": {
-			"1:1":  "1024x1024",
-			"3:2":  "1216x832",
-			"2:3":  "832x1216",
-			"4:3":  "1152x864",
-			"3:4":  "864x1152",
-			"5:4":  "1120x896",
-			"4:5":  "896x1120",
-			"16:9": "1344x768",
-			"9:16": "768x1344",
-			"21:9": "1536x640",
-		},
-		"2K": {
-			"1:1":  "1248x1248",
-			"3:2":  "1536x1024",
-			"2:3":  "1024x1536",
-			"4:3":  "1440x1088",
-			"3:4":  "1088x1440",
-			"5:4":  "1392x1120",
-			"4:5":  "1120x1392",
-			"16:9": "1664x928",
-			"9:16": "928x1664",
-			"21:9": "1904x816",
-		},
-		"4K": {
-			"1:1":  "2480x2480",
-			"3:2":  "3056x2032",
-			"2:3":  "2032x3056",
-			"4:3":  "2880x2160",
-			"3:4":  "2160x2880",
-			"5:4":  "2784x2224",
-			"4:5":  "2224x2784",
-			"16:9": "3312x1872",
-			"9:16": "1872x3312",
-			"21:9": "3808x1632",
-		},
-	}
-	if byRatio, ok := sizes[tier]; ok {
-		if size := byRatio[ratio]; size != "" {
-			return size
-		}
-		return byRatio["1:1"]
-	}
-	if byRatio := sizes["1K"]; byRatio != nil {
-		if size := byRatio[ratio]; size != "" {
-			return size
-		}
-	}
-	return def
-}
-
-func imageQuality(params map[string]any) string {
-	switch strings.ToLower(strParam(params, "quality", "")) {
-	case "draft", "low":
-		return "low"
-	case "standard", "medium":
-		return "medium"
-	case "hd", "high":
-		return "high"
-	default:
-		return ""
-	}
-}
-
-func webImageModelSlug(req *provider.Request) string {
-	if req != nil {
-		if v := strParam(req.Params, "web_model", ""); v != "" {
-			return v
-		}
-	}
-	return "gpt-5-5-thinking"
-}
-
-func webBaseHeaders(fp webFP, token, path string) map[string]string {
-	h := map[string]string{
-		"User-Agent":                 fp.UserAgent,
-		"Origin":                     "https://chatgpt.com",
-		"Referer":                    "https://chatgpt.com/",
-		"Accept-Language":            "zh-CN,zh;q=0.9,en;q=0.8,en-US;q=0.7",
-		"Cache-Control":              "no-cache",
-		"Pragma":                     "no-cache",
-		"Priority":                   "u=1, i",
-		"Sec-Ch-Ua":                  fp.SecCHUA,
-		"Sec-Ch-Ua-Arch":             `"x86"`,
-		"Sec-Ch-Ua-Bitness":          `"64"`,
-		"Sec-Ch-Ua-Mobile":           "?0",
-		"Sec-Ch-Ua-Model":            `""`,
-		"Sec-Ch-Ua-Platform":         `"Windows"`,
-		"Sec-Ch-Ua-Platform-Version": `"19.0.0"`,
-		"Sec-Fetch-Dest":             "empty",
-		"Sec-Fetch-Mode":             "cors",
-		"Sec-Fetch-Site":             "same-origin",
-		"OAI-Device-Id":              fp.DeviceID,
-		"OAI-Session-Id":             fp.SessionID,
-		"OAI-Language":               "zh-CN",
-		"OAI-Client-Version":         fp.ClientVersion,
-		"OAI-Client-Build-Number":    fp.BuildNumber,
-		"X-OpenAI-Target-Path":       path,
-		"X-OpenAI-Target-Route":      path,
-	}
-	if token != "" {
-		h["Authorization"] = "Bearer " + token
-	}
-	return h
-}
-
-func webImageHeaders(fp webFP, token, path string, reqs webRequirement, conduit, accept string) map[string]string {
-	h := webBaseHeaders(fp, token, path)
-	h["Content-Type"] = "application/json"
-	h["Accept"] = accept
-	h["OpenAI-Sentinel-Chat-Requirements-Token"] = reqs.Token
-	if reqs.ProofToken != "" {
-		h["OpenAI-Sentinel-Proof-Token"] = reqs.ProofToken
-	}
-	if reqs.SOToken != "" {
-		h["OpenAI-Sentinel-SO-Token"] = reqs.SOToken
-	}
-	if conduit != "" {
-		h["X-Conduit-Token"] = conduit
-	}
-	if accept == "text/event-stream" {
-		h["X-Oai-Turn-Trace-Id"] = uuid.NewString()
-	}
-	return h
-}
-
-func webImagePrompt(prompt, ratio string) string {
-	prompt = strings.TrimSpace(prompt)
-	ratio = strings.TrimSpace(ratio)
-	if ratio == "" || ratio == "1:1" {
-		return prompt
-	}
-	hints := map[string]string{
-		"16:9": "输出一张 16:9 横屏构图的图片。",
-		"9:16": "输出一张 9:16 竖屏构图的图片。",
-		"4:3":  "输出一张 4:3 比例的图片。",
-		"3:4":  "输出一张 3:4 竖向比例的图片。",
-	}
-	if h, ok := hints[ratio]; ok {
-		return prompt + "\n\n" + h
-	}
-	return prompt + "\n\n输出图片，宽高比为 " + ratio + "。"
-}
-
-func webImagePromptV2(prompt, ratio, size string) string {
-	prompt = strings.TrimSpace(prompt)
-	if prompt == "" {
-		prompt = "生成一张高质量图片"
-	}
-	ratio = webRatioFromSize(size, ratio)
-	ratio = strings.TrimSpace(ratio)
-	if ratio == "" || ratio == "1:1" {
-		return prompt
-	}
-	return prompt + "\n\n将宽高比设为 " + ratio
-}
-
-func webRatioFromSize(size, fallback string) string {
-	size = strings.TrimSpace(size)
-	if size == "" {
-		return strings.TrimSpace(fallback)
-	}
-	switch size {
-	case "1024x1024", "1248x1248", "2480x2480":
-		return "1:1"
-	case "1216x832", "1536x1024", "3056x2032":
-		return "3:2"
-	case "832x1216", "1024x1536", "2032x3056":
-		return "2:3"
-	case "1152x864", "1440x1088", "2880x2160":
-		return "4:3"
-	case "864x1152", "1088x1440", "2160x2880":
-		return "3:4"
-	case "1120x896", "1392x1120", "2784x2224":
-		return "5:4"
-	case "896x1120", "1120x1392", "2224x2784":
-		return "4:5"
-	case "1344x768", "1664x928", "3312x1872":
-		return "16:9"
-	case "768x1344", "928x1664", "1872x3312":
-		return "9:16"
-	case "1536x640", "1904x816", "3808x1632":
-		return "21:9"
-	default:
-		return strings.TrimSpace(fallback)
-	}
-}
-
-func readRefImage(ctx context.Context, client *http.Client, ref string) ([]byte, string, error) {
-	if ref == "" {
-		return nil, "", fmt.Errorf("empty reference image")
-	}
-	if strings.HasPrefix(ref, "data:") {
-		header, data, ok := strings.Cut(ref, ",")
-		if !ok {
-			return nil, "", fmt.Errorf("invalid data url image")
-		}
-		raw, err := base64.StdEncoding.DecodeString(data)
-		if err != nil {
-			return nil, "", err
-		}
-		mime := strings.TrimPrefix(strings.Split(strings.TrimPrefix(header, "data:"), ";")[0], "data:")
-		if mime == "" {
-			mime = http.DetectContentType(raw)
-		}
-		return raw, mime, nil
-	}
-	if strings.HasPrefix(ref, "/api/v1/gen/cached/") {
-		rel := strings.TrimPrefix(ref, "/api/v1/gen/cached/")
-		if rel == "" || strings.Contains(rel, "..") || strings.HasPrefix(rel, "/") || strings.HasPrefix(rel, `\`) {
-			return nil, "", fmt.Errorf("invalid cached reference image")
-		}
-		root := strings.TrimSpace(os.Getenv("KLEIN_STORAGE_ROOT"))
-		if root == "" {
-			root = "/app/storage/public"
-		}
-		raw, err := os.ReadFile(filepath.Join(root, filepath.FromSlash(rel)))
-		if err != nil {
-			return nil, "", fmt.Errorf("read cached reference image: %w", err)
-		}
-		if len(raw) == 0 {
-			return nil, "", fmt.Errorf("empty cached reference image")
-		}
-		return raw, http.DetectContentType(raw), nil
-	}
-	u, err := url.Parse(ref)
-	if err != nil || (u.Scheme != "http" && u.Scheme != "https") {
-		return nil, "", fmt.Errorf("reference image must be data/http url")
-	}
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodGet, ref, nil)
-	if err != nil {
-		return nil, "", err
-	}
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return nil, "", err
-	}
-	defer resp.Body.Close()
-	data, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode >= 400 {
-		return nil, "", fmt.Errorf("reference image download %d: %s", resp.StatusCode, snippet(data, 160))
-	}
-	mime := resp.Header.Get("Content-Type")
-	if idx := strings.Index(mime, ";"); idx >= 0 {
-		mime = mime[:idx]
-	}
-	if mime == "" || !strings.HasPrefix(mime, "image/") {
-		mime = http.DetectContentType(data)
-	}
-	return data, mime, nil
-}
-
-func parseWebImageSSE(r io.Reader) (string, []string, []string, []string, string, error) {
-	scanner := bufio.NewScanner(r)
-	scanner.Buffer(make([]byte, 0, 64*1024), 16*1024*1024)
-	var dataLines []string
-	conversationID := ""
-	lastText := ""
-	var fileIDs, sedimentIDs, directURLs []string
-	flush := func() {
-		if len(dataLines) == 0 {
-			return
-		}
-		data := strings.TrimSpace(strings.Join(dataLines, "\n"))
-		dataLines = nil
-		if data == "" || data == "[DONE]" {
-			return
-		}
-		cid, _, _, _ := extractWebImageIDs(data)
-		if cid != "" && conversationID == "" {
-			conversationID = cid
-		}
-		if toolFileIDs, toolSedimentIDs := extractWebImageToolIDs([]byte(data)); len(toolFileIDs) > 0 || len(toolSedimentIDs) > 0 {
-			addUniqueString(&fileIDs, toolFileIDs...)
-			addUniqueString(&sedimentIDs, toolSedimentIDs...)
-		}
-		addUniqueWebAssetURLs(&directURLs, extractWebImageDirectURLs(data)...)
-		if text := extractWebAssistantText(data); text != "" {
-			lastText = text
-		}
-
-		var ev responseCompletedEvent
-		_ = json.Unmarshal([]byte(data), &ev)
-		var direct struct {
-			Output []responseOutputItem `json:"output"`
-			Item   responseOutputItem   `json:"item"`
-		}
-		if err := json.Unmarshal([]byte(data), &direct); err == nil {
-			if len(ev.Response.Output) == 0 && len(direct.Output) > 0 {
-				ev.Type = "response.completed"
-				ev.Response.Output = direct.Output
-			}
-			if direct.Item.Type != "" && ev.Type == "" {
-				ev.Type = "response.output_item.done"
-			}
-		}
-		switch ev.Type {
-		case "response.output_item.done":
-			if direct.Item.Type != "" {
-				if dataURL, imageURL := outputImagePayload(direct.Item); dataURL != "" || imageURL != "" {
-					if imageURL != "" {
-						addUniqueWebAssetURLs(&directURLs, imageURL)
-					} else {
-						mime := mimeForImageFormat(direct.Item.OutputFormat)
-						if mime == "" {
-							mime = "image/png"
-						}
-						addUniqueString(&directURLs, "data:"+mime+";base64,"+dataURL)
-					}
-				}
-			}
-		case "response.completed":
-			for _, out := range ev.Response.Output {
-				if dataURL, imageURL := outputImagePayload(out); dataURL != "" || imageURL != "" {
-					if imageURL != "" {
-						addUniqueWebAssetURLs(&directURLs, imageURL)
-						continue
-					}
-					mime := mimeForImageFormat(out.OutputFormat)
-					if mime == "" {
-						mime = "image/png"
-					}
-					addUniqueString(&directURLs, "data:"+mime+";base64,"+dataURL)
-				}
-			}
-		case "response.image_generation_call.partial_image":
-			var partial struct {
-				OutputFormat string `json:"output_format"`
-				PartialB64   string `json:"partial_image_b64"`
-			}
-			if err := json.Unmarshal([]byte(data), &partial); err == nil && partial.PartialB64 != "" {
-				mime := mimeForImageFormat(partial.OutputFormat)
-				if mime == "" {
-					mime = "image/png"
-				}
-				addUniqueString(&directURLs, "data:"+mime+";base64,"+partial.PartialB64)
-			}
-		}
-	}
-	for scanner.Scan() {
-		line := scanner.Text()
-		if line == "" {
-			flush()
-			continue
-		}
-		if strings.HasPrefix(line, "data:") {
-			dataLines = append(dataLines, strings.TrimSpace(strings.TrimPrefix(line, "data:")))
-		}
-	}
-	flush()
-	if err := scanner.Err(); err != nil {
-		return "", nil, nil, nil, "", fmt.Errorf("gpt image2 web stream read: %w", err)
-	}
-	return conversationID, fileIDs, sedimentIDs, directURLs, lastText, nil
-}
-
-var (
-	webConversationIDRe = regexp.MustCompile(`"conversation_id"\s*:\s*"([^"]+)"`)
-	webFileIDRe         = regexp.MustCompile(`file[-_][A-Za-z0-9][A-Za-z0-9_-]{7,}`)
-	webSedimentIDRe     = regexp.MustCompile(`sediment://([A-Za-z0-9_-]+)`)
-	webAssetURLRe       = regexp.MustCompile(`https:\\?/\\?/(?:files\.oaiusercontent\.com|oaidalleapiprodscus\.blob\.core\.windows\.net)[^"\\]+`)
-)
-
-func extractWebImageIDs(payload string) (string, []string, []string, []string) {
-	conversationID := ""
-	if m := webConversationIDRe.FindStringSubmatch(payload); len(m) > 1 {
-		conversationID = m[1]
-	}
-	var fileIDs, sedimentIDs, directURLs []string
-	for _, id := range webFileIDRe.FindAllString(payload, -1) {
-		addUniqueString(&fileIDs, id)
-	}
-	for _, m := range webSedimentIDRe.FindAllStringSubmatch(payload, -1) {
-		if len(m) > 1 {
-			addUniqueString(&sedimentIDs, m[1])
-		}
-	}
-	for _, raw := range webAssetURLRe.FindAllString(payload, -1) {
-		u := strings.ReplaceAll(raw, `\/`, `/`)
-		u = strings.ReplaceAll(u, `\u0026`, `&`)
-		if strings.Contains(u, "openaiassets.blob.core.windows.net/$web/chatgpt/") {
-			continue
-		}
-		addUniqueWebAssetURLs(&directURLs, u)
-	}
-	return conversationID, fileIDs, sedimentIDs, directURLs
-}
-
-func extractWebImageDirectURLs(payload string) []string {
-	_, _, _, directURLs := extractWebImageIDs(payload)
-	return directURLs
-}
-
-func extractWebImageToolIDs(raw []byte) ([]string, []string) {
-	var v any
-	if err := json.Unmarshal(raw, &v); err != nil {
-		return nil, nil
-	}
-	var fileIDs, sedimentIDs []string
-	walkWebImageToolMessages(v, &fileIDs, &sedimentIDs)
-	return fileIDs, sedimentIDs
-}
-
-func walkWebImageToolMessages(v any, fileIDs, sedimentIDs *[]string) {
-	switch t := v.(type) {
-	case map[string]any:
-		if msg, ok := asWebMessageMap(t); ok && isWebImageAssetMessage(msg) {
-			extractWebAssetPointersFromMessage(msg, fileIDs, sedimentIDs)
-		}
-		for _, val := range t {
-			walkWebImageToolMessages(val, fileIDs, sedimentIDs)
-		}
-	case []any:
-		for _, val := range t {
-			walkWebImageToolMessages(val, fileIDs, sedimentIDs)
-		}
-	}
-}
-
-func asWebMessageMap(m map[string]any) (map[string]any, bool) {
-	if msg, ok := m["message"].(map[string]any); ok {
-		return msg, true
-	}
-	if _, ok := m["author"].(map[string]any); ok {
-		return m, true
-	}
-	return nil, false
-}
-
-func isWebImageAssetMessage(msg map[string]any) bool {
-	author, _ := msg["author"].(map[string]any)
-	metadata, _ := msg["metadata"].(map[string]any)
-	content, _ := msg["content"].(map[string]any)
-	role := strings.ToLower(strings.TrimSpace(fmt.Sprint(author["role"])))
-	taskType := strings.ToLower(strings.TrimSpace(fmt.Sprint(metadata["async_task_type"])))
-	contentType := strings.ToLower(strings.TrimSpace(fmt.Sprint(content["content_type"])))
-	if role != "tool" && role != "assistant" {
-		return false
-	}
-	if taskType == "" {
-		taskType = strings.ToLower(strings.TrimSpace(fmt.Sprint(metadata["task_type"])))
-	}
-	if taskType != "" && !strings.Contains(taskType, "image") && !strings.Contains(taskType, "picture") {
-		return false
-	}
-	return strings.Contains(contentType, "text") || strings.Contains(contentType, "image")
-}
-
-func extractWebAssetPointersFromMessage(msg map[string]any, fileIDs, sedimentIDs *[]string) {
-	content, _ := msg["content"].(map[string]any)
-	walkWebAssetPointers(content, fileIDs, sedimentIDs)
-}
-
-func walkWebAssetPointers(v any, fileIDs, sedimentIDs *[]string) {
-	switch t := v.(type) {
-	case map[string]any:
-		if ptr := strings.TrimSpace(fmt.Sprint(t["asset_pointer"])); ptr != "" {
-			addWebAssetPointer(ptr, fileIDs, sedimentIDs)
-		}
-		for _, val := range t {
-			walkWebAssetPointers(val, fileIDs, sedimentIDs)
-		}
-	case []any:
-		for _, val := range t {
-			walkWebAssetPointers(val, fileIDs, sedimentIDs)
-		}
-	case string:
-		addWebAssetPointer(t, fileIDs, sedimentIDs)
-	}
-}
-
-func addWebAssetPointer(ptr string, fileIDs, sedimentIDs *[]string) {
-	switch {
-	case strings.HasPrefix(ptr, "file-service://"):
-		id := strings.TrimPrefix(ptr, "file-service://")
-		if id != "" && id != "file_upload" {
-			addUniqueString(fileIDs, id)
-		}
-	case strings.HasPrefix(ptr, "sediment://"):
-		id := strings.TrimPrefix(ptr, "sediment://")
-		if id != "" {
-			addUniqueString(sedimentIDs, id)
-		}
-	}
-}
-
-func extractWebAssistantText(payload string) string {
-	var ev any
-	if err := json.Unmarshal([]byte(payload), &ev); err != nil {
-		return ""
-	}
-	return findFirstStringByKey(ev, "parts")
-}
-
-func findFirstStringByKey(v any, key string) string {
-	switch t := v.(type) {
-	case map[string]any:
-		if val, ok := t[key]; ok {
-			if arr, ok := val.([]any); ok {
-				for _, item := range arr {
-					if s, ok := item.(string); ok && strings.TrimSpace(s) != "" {
-						return strings.TrimSpace(s)
-					}
-				}
-			}
-		}
-		for _, val := range t {
-			if s := findFirstStringByKey(val, key); s != "" {
-				return s
-			}
-		}
-	case []any:
-		for _, val := range t {
-			if s := findFirstStringByKey(val, key); s != "" {
-				return s
-			}
-		}
-	}
-	return ""
-}
-
-func addUniqueString(dst *[]string, vals ...string) {
-	for _, v := range vals {
-		if v == "" {
-			continue
-		}
-		exists := false
-		for _, cur := range *dst {
-			if cur == v {
-				exists = true
-				break
-			}
-		}
-		if !exists {
-			*dst = append(*dst, v)
-		}
-	}
-}
-
-func addUniqueWebAssetURLs(dst *[]string, vals ...string) {
-	for _, v := range vals {
-		if isGeneratedWebAssetURL(v) {
-			addUniqueString(dst, v)
-		}
-	}
-}
-
-func isGeneratedWebAssetURL(rawURL string) bool {
-	u, err := url.Parse(strings.TrimSpace(rawURL))
-	if err != nil || u.Host == "" {
-		return false
-	}
-	host := strings.ToLower(u.Host)
-	path := strings.ToLower(u.EscapedPath())
-	if strings.Contains(host, "openaiassets.blob.core.windows.net") {
-		return false
-	}
-	if strings.Contains(path, "/$web/chatgpt/") ||
-		strings.Contains(path, "filled-plus-icon") ||
-		strings.Contains(path, "icon") ||
-		strings.Contains(path, "logo") {
-		return false
-	}
-	return strings.Contains(host, "files.oaiusercontent.com") ||
-		strings.Contains(host, "oaidalleapiprodscus.blob.core.windows.net") ||
-		(strings.HasSuffix(host, ".blob.core.windows.net") && !strings.Contains(path, "/$web/"))
-}
-
-func firstString(vals []string) string {
-	if len(vals) == 0 {
-		return ""
-	}
-	return vals[0]
-}
-
-func sanitizeDiagURL(rawURL string) string {
-	u, err := url.Parse(rawURL)
-	if err != nil {
-		return snippet([]byte(rawURL), 180)
-	}
-	u.RawQuery = ""
-	u.Fragment = ""
-	return u.String()
-}
-
-func shouldUseWebDownloadHeaders(base, rawURL string) bool {
-	u, err := url.Parse(rawURL)
-	if err != nil {
-		return false
-	}
-	if u.Scheme == "" && strings.HasPrefix(u.Path, "/backend-api/") {
-		return true
-	}
-	if !strings.Contains(u.Path, "/backend-api/") {
-		return false
-	}
-	b, err := url.Parse(base)
-	if err != nil || b.Host == "" {
-		return strings.Contains(u.Host, "chatgpt.com")
-	}
-	return strings.EqualFold(u.Host, b.Host)
-}
-
-func logUpstream(ctx context.Context, req *provider.Request, entry provider.UpstreamLogEntry) {
-	if req == nil || req.UpstreamLog == nil {
-		return
-	}
-	if entry.Provider == "" {
-		entry.Provider = "gpt"
-	}
-	req.UpstreamLog(ctx, entry)
-}
-
-func buildLegacyRequirementsToken(userAgent string) string {
-	seed := fmt.Sprintf("%0.16f", rand.Float64())
-	config := []any{
-		3000 + rand.Intn(3)*1000,
-		time.Now().In(time.FixedZone("EST", -5*3600)).Format("Mon Jan 02 2006 15:04:05") + " GMT-0500 (Eastern Standard Time)",
-		4294705152,
-		0,
-		userAgent,
-		"https://chatgpt.com/backend-api/sentinel/sdk.js",
-		"",
-		"en-US",
-		"en-US,es-US,en,es",
-		0,
-		"webdriver≭false",
-		"location",
-		"window",
-		float64(time.Now().UnixNano()) / 1e6,
-		uuid.NewString(),
-		"",
-		16,
-		float64(time.Now().UnixNano()) / 1e6,
-	}
-	answer, _ := powGenerate(seed, "0fffff", config)
-	return "gAAAAAC" + answer
-}
-
-func buildProofToken(seed, difficulty, userAgent string) string {
-	config := []any{
-		3000 + rand.Intn(3)*1000,
-		time.Now().In(time.FixedZone("EST", -5*3600)).Format("Mon Jan 02 2006 15:04:05") + " GMT-0500 (Eastern Standard Time)",
-		4294705152,
-		0,
-		userAgent,
-		"https://chatgpt.com/backend-api/sentinel/sdk.js",
-		"",
-		"en-US",
-		"en-US,es-US,en,es",
-		0,
-		"webdriver≭false",
-		"location",
-		"window",
-		float64(time.Now().UnixNano()) / 1e6,
-		uuid.NewString(),
-		"",
-		16,
-		float64(time.Now().UnixNano()) / 1e6,
-	}
-	answer, solved := powGenerate(seed, difficulty, config)
-	if !solved {
-		return "gAAAAAB" + base64.StdEncoding.EncodeToString([]byte(`"`+seed+`"`))
-	}
-	return "gAAAAAB" + answer
-}
-
-func powGenerate(seed, difficulty string, config []any) (string, bool) {
-	target := difficulty
-	diffBytes, err := hexToBytes(target)
-	if err != nil || len(diffBytes) == 0 {
-		return base64.StdEncoding.EncodeToString([]byte(`"` + seed + `"`)), false
-	}
-	static1 := mustJSON(config[:3])
-	static1 = strings.TrimSuffix(static1, "]") + ","
-	static2 := "," + strings.TrimPrefix(strings.TrimSuffix(mustJSON(config[4:9]), "]"), "[") + ","
-	static3 := "," + strings.TrimPrefix(mustJSON(config[10:]), "[")
-	seedBytes := []byte(seed)
-	for i := 0; i < 500000; i++ {
-		final := static1 + fmt.Sprint(i) + static2 + fmt.Sprint(i>>1) + static3
-		encoded := base64.StdEncoding.EncodeToString([]byte(final))
-		h := sha3.Sum512(append(seedBytes, []byte(encoded)...))
-		if bytes.Compare(h[:len(diffBytes)], diffBytes) <= 0 {
-			return encoded, true
-		}
-	}
-	return base64.StdEncoding.EncodeToString([]byte(`"` + seed + `"`)), false
-}
-
-func mustJSON(v any) string {
-	b, _ := json.Marshal(v)
-	return string(b)
-}
-
-func hexToBytes(s string) ([]byte, error) {
-	if len(s)%2 == 1 {
-		s = "0" + s
-	}
-	out := make([]byte, len(s)/2)
-	for i := 0; i < len(out); i++ {
-		var x byte
-		for j := 0; j < 2; j++ {
-			c := s[i*2+j]
-			x <<= 4
-			switch {
-			case c >= '0' && c <= '9':
-				x |= c - '0'
-			case c >= 'a' && c <= 'f':
-				x |= c - 'a' + 10
-			case c >= 'A' && c <= 'F':
-				x |= c - 'A' + 10
-			default:
-				return nil, fmt.Errorf("invalid hex")
-			}
-		}
-		out[i] = x
-	}
-	return out, nil
-}
-
-func outputImagePayload(out responseOutputItem) (string, string) {
-	if out.Result != "" {
-		return out.Result, ""
-	}
-	if out.B64JSON != "" {
-		return out.B64JSON, ""
-	}
-	if out.ImageB64 != "" {
-		return out.ImageB64, ""
-	}
-	if out.URL != "" {
-		return "", out.URL
-	}
-	for _, content := range out.Content {
-		if content.Result != "" {
-			return content.Result, ""
-		}
-		if content.B64JSON != "" {
-			return content.B64JSON, ""
-		}
-		if content.ImageB64 != "" {
-			return content.ImageB64, ""
-		}
-		if content.URL != "" {
-			return "", content.URL
-		}
-	}
-	return "", ""
-}
-
-func parseCompletedResponse(r io.Reader) (*responseCompletedEvent, error) {
-	scanner := bufio.NewScanner(r)
-	scanner.Buffer(make([]byte, 0, 64*1024), 16*1024*1024)
-	var dataLines []string
-	var last *responseCompletedEvent
-	var outputItems []responseOutputItem
-	var partialItems []responseOutputItem
-	flush := func() error {
-		if len(dataLines) == 0 {
-			return nil
-		}
-		data := strings.TrimSpace(strings.Join(dataLines, "\n"))
-		dataLines = nil
-		if data == "" || data == "[DONE]" {
-			return nil
-		}
-		var ev responseCompletedEvent
-		err := json.Unmarshal([]byte(data), &ev)
-		var direct struct {
-			Output []responseOutputItem `json:"output"`
-			Item   responseOutputItem   `json:"item"`
-		}
-		if err2 := json.Unmarshal([]byte(data), &direct); err2 == nil {
-			if len(ev.Response.Output) == 0 && len(direct.Output) > 0 {
-				ev.Type = "response.completed"
-				ev.Response.Output = direct.Output
-			}
-			if direct.Item.Type != "" && ev.Type == "" {
-				ev.Type = "response.output_item.done"
-			}
-		}
-		if err != nil && len(ev.Response.Output) == 0 && direct.Item.Type == "" {
-			return err
-		}
-		switch ev.Type {
-		case "response.output_item.done":
-			if direct.Item.Type != "" {
-				outputItems = append(outputItems, direct.Item)
-			}
-		case "response.image_generation_call.partial_image":
-			var partial struct {
-				OutputFormat string `json:"output_format"`
-				PartialB64   string `json:"partial_image_b64"`
-			}
-			if err := json.Unmarshal([]byte(data), &partial); err == nil && partial.PartialB64 != "" {
-				partialItems = append(partialItems, responseOutputItem{
-					Type:         "image_generation_call",
-					Result:       partial.PartialB64,
-					OutputFormat: partial.OutputFormat,
-				})
-			}
-		}
-		if ev.Type == "response.completed" || len(ev.Response.Output) > 0 || ev.Error != nil {
-			last = &ev
-		}
-		return nil
-	}
-	for scanner.Scan() {
-		line := scanner.Text()
-		if line == "" {
-			if err := flush(); err != nil {
-				return nil, fmt.Errorf("gpt image2 stream decode: %w", err)
-			}
-			continue
-		}
-		if strings.HasPrefix(line, "data:") {
-			dataLines = append(dataLines, strings.TrimSpace(strings.TrimPrefix(line, "data:")))
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return nil, fmt.Errorf("gpt image2 stream read: %w", err)
-	}
-	if err := flush(); err != nil {
-		return nil, fmt.Errorf("gpt image2 stream decode: %w", err)
-	}
-	if last == nil {
-		last = &responseCompletedEvent{Type: "response.completed"}
-	}
-	if len(last.Response.Output) == 0 && len(outputItems) > 0 {
-		last.Response.Output = outputItems
-	}
-	if len(last.Response.Output) == 0 && len(partialItems) > 0 {
-		last.Response.Output = partialItems
-	}
-	return last, nil
-}
-
-func mimeForImageFormat(format string) string {
-	switch strings.ToLower(strings.TrimSpace(format)) {
-	case "jpeg", "jpg":
-		return "image/jpeg"
-	case "webp":
-		return "image/webp"
-	default:
-		return "image/png"
-	}
-}
-
-func parseSize(size string) (int, int) {
-	if size == "" {
-		return 1024, 1024
-	}
-	parts := strings.SplitN(size, "x", 2)
-	if len(parts) != 2 {
-		return 1024, 1024
-	}
-	var w, h int
-	fmt.Sscanf(parts[0], "%d", &w)
-	fmt.Sscanf(parts[1], "%d", &h)
-	if w <= 0 {
-		w = 1024
-	}
-	if h <= 0 {
-		h = 1024
-	}
-	return w, h
-}
-
-func snippet(b []byte, n int) string {
-	if len(b) <= n {
-		return string(b)
-	}
-	r := []rune(string(b))
-	if len(r) <= n {
-		return string(r)
-	}
-	return string(r[:n]) + "...(truncated)"
-}
diff --git a/backend/internal/provider/gpt/web_trace_test.go b/backend/internal/provider/gpt/web_trace_test.go
deleted file mode 100644
index 8b436734..00000000
--- a/backend/internal/provider/gpt/web_trace_test.go
+++ /dev/null
@@ -1,153 +0,0 @@
-package gpt
-
-import (
-	"strings"
-	"testing"
-)
-
-func TestExtractWebImageToolIDs(t *testing.T) {
-	raw := `{
-		"conversation_id":"conv_123",
-		"messages":[
-			{
-				"message":{
-					"author":{"role":"tool"},
-					"metadata":{"async_task_type":"image_gen"},
-					"content":{
-						"content_type":"multimodal_text",
-						"parts":[
-							{"asset_pointer":"file-service://file_abc12345"},
-							{"asset_pointer":"sediment://sed_xyz98765"},
-							"file-service://file_def67890"
-						]
-					}
-				}
-			}
-		]
-	}`
-	fileIDs, sedimentIDs := extractWebImageToolIDs([]byte(raw))
-	if len(fileIDs) != 2 {
-		t.Fatalf("expected 2 file ids, got %v", fileIDs)
-	}
-	if len(sedimentIDs) != 1 || sedimentIDs[0] != "sed_xyz98765" {
-		t.Fatalf("expected sediment id, got %v", sedimentIDs)
-	}
-}
-
-func TestParseWebImageSSE(t *testing.T) {
-	raw := strings.NewReader(strings.Join([]string{
-		`data: {"type":"server_ste_metadata","conversation_id":"conv_456","metadata":{"tool_invoked":true,"turn_use_case":"image"}}`,
-		"",
-		`data: {"type":"response.completed","response":{"output":[{"type":"image_generation_call","result":"ZmFrZS1iNjQ=","output_format":"png"}]}}`,
-		"",
-	}, "\n"))
-
-	conversationID, fileIDs, sedimentIDs, directURLs, lastText, err := parseWebImageSSE(raw)
-	if err != nil {
-		t.Fatalf("parseWebImageSSE error: %v", err)
-	}
-	if conversationID != "conv_456" {
-		t.Fatalf("unexpected conversation id: %s", conversationID)
-	}
-	if len(fileIDs) != 0 || len(sedimentIDs) != 0 {
-		t.Fatalf("unexpected ids: file=%v sediment=%v", fileIDs, sedimentIDs)
-	}
-	if len(directURLs) != 1 {
-		t.Fatalf("expected 1 direct url, got %v", directURLs)
-	}
-	if lastText != "" {
-		t.Fatalf("unexpected text: %q", lastText)
-	}
-}
-
-func TestParseWebImageSSEIgnoresUploadedReferenceIDs(t *testing.T) {
-	raw := strings.NewReader(strings.Join([]string{
-		`data: {"conversation_id":"conv_ref","message":{"author":{"role":"user"},"content":{"content_type":"multimodal_text","parts":[{"asset_pointer":"file-service://file_reference12345"},"make it transparent"]}}}`,
-		"",
-	}, "\n"))
-
-	conversationID, fileIDs, sedimentIDs, directURLs, _, err := parseWebImageSSE(raw)
-	if err != nil {
-		t.Fatalf("parseWebImageSSE error: %v", err)
-	}
-	if conversationID != "conv_ref" {
-		t.Fatalf("unexpected conversation id: %s", conversationID)
-	}
-	if len(fileIDs) != 0 || len(sedimentIDs) != 0 || len(directURLs) != 0 {
-		t.Fatalf("reference image should not be treated as output: file=%v sediment=%v urls=%v", fileIDs, sedimentIDs, directURLs)
-	}
-}
-
-func TestExtractWebImageToolIDsAcceptsAssistantImageMessages(t *testing.T) {
-	raw := []byte(`{
-		"conversation_id":"conv_assistant",
-		"messages":[
-			{
-				"message":{
-					"author":{"role":"assistant"},
-					"metadata":{"async_task_type":"image_generation"},
-					"content":{
-						"content_type":"multimodal_text",
-						"parts":[
-							{"kind":"text","text":"done"},
-							{"nested":{"asset_pointer":"file-service://file_out123456"}},
-							["sediment://sed_out987654"]
-						]
-					}
-				}
-			}
-		]
-	}`)
-	fileIDs, sedimentIDs := extractWebImageToolIDs(raw)
-	if len(fileIDs) != 1 || fileIDs[0] != "file_out123456" {
-		t.Fatalf("expected assistant image file id, got %v", fileIDs)
-	}
-	if len(sedimentIDs) != 1 || sedimentIDs[0] != "sed_out987654" {
-		t.Fatalf("expected assistant sediment id, got %v", sedimentIDs)
-	}
-}
-
-func TestWebImageMessageContentReferenceOrder(t *testing.T) {
-	content, metadata := webImageMessageContent("make it transparent", []webUploadMeta{{
-		FileID:        "file_ref123456",
-		LibraryFileID: "libfile_ref123456",
-		FileName:      "image_1.png",
-		Mime:          "image/png",
-		FileSize:      1234,
-		Width:         512,
-		Height:        512,
-	}})
-
-	if content["content_type"] != "multimodal_text" {
-		t.Fatalf("unexpected content type: %v", content["content_type"])
-	}
-	parts, ok := content["parts"].([]any)
-	if !ok || len(parts) != 2 {
-		t.Fatalf("unexpected parts: %#v", content["parts"])
-	}
-	ref, ok := parts[0].(map[string]any)
-	if !ok || ref["asset_pointer"] != "sediment://file_ref123456" {
-		t.Fatalf("reference image should be first, got %#v", parts[0])
-	}
-	if parts[1] != "make it transparent" {
-		t.Fatalf("prompt should be last, got %#v", parts[1])
-	}
-	attachments, ok := metadata["attachments"].([]map[string]any)
-	if !ok || len(attachments) != 1 || attachments[0]["id"] != "file_ref123456" {
-		t.Fatalf("unexpected attachments: %#v", metadata["attachments"])
-	}
-	if attachments[0]["source"] != "library" || attachments[0]["library_file_id"] != "libfile_ref123456" {
-		t.Fatalf("unexpected attachment metadata: %#v", attachments[0])
-	}
-}
-
-func TestExtractWebImageDirectURLsIgnoresChatGPTStaticAssets(t *testing.T) {
-	raw := `{
-		"url":"https://openaiassets.blob.core.windows.net/$web/chatgpt/filled-plus-icon.png",
-		"image":"https://files.oaiusercontent.com/file-real-output.png?se=1"
-	}`
-	urls := extractWebImageDirectURLs(raw)
-	if len(urls) != 1 || !strings.Contains(urls[0], "files.oaiusercontent.com") {
-		t.Fatalf("expected only generated asset URL, got %#v", urls)
-	}
-}
diff --git a/backend/internal/provider/grok/grok.go b/backend/internal/provider/grok/grok.go
deleted file mode 100644
index 2b0c06eb..00000000
--- a/backend/internal/provider/grok/grok.go
+++ /dev/null
@@ -1,316 +0,0 @@
-// Package grok 实现 GROK 风格的视频生成 provider。
-//
-// GROK 公开 API 仍在演进中，本 provider 采用一个通用的"异步任务 + 轮询"协议，
-// 你可以把 base_url 指到任意兼容网关（kleinai-gateway / FAL / Runway 风格）：
-//
-//	POST {base_url}/v1/videos/generations
-//	     Authorization: Bearer {api_key}
-//	     Body: {"model","prompt","duration","aspect_ratio","ref_images":[]}
-//	     Resp 200 either:
-//	       A. {"task_id":"abc","status":"queued"}            // 异步
-//	       B. {"data":[{"url":"https://..."}], "duration_ms":... } // 同步直返
-//
-//	GET {base_url}/v1/videos/tasks/{task_id}
-//	     Resp: {"task_id","status":"queued|running|succeeded|failed",
-//	            "data":[{"url":"...","duration_ms":...}], "error":""}
-//
-// 调度器内置超时：默认 12min，单次轮询间隔 3s（指数 backoff 上限 10s）。
-package grok
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/kleinai/backend/internal/provider"
-)
-
-const (
-	defaultBaseURL    = webBaseURL
-	httpTimeout       = 30 * time.Second
-	pollMaxDur        = 12 * time.Minute
-	pollInitialPeriod = 3 * time.Second
-	pollMaxPeriod     = 10 * time.Second
-)
-
-// Provider 实现 provider.Provider。
-type Provider struct {
-	client     *http.Client
-	defaultURL string
-	name       string
-	web        *WebClient
-}
-
-// New 构造。
-func New(defaultBase string) *Provider {
-	if defaultBase == "" {
-		defaultBase = defaultBaseURL
-	}
-	return &Provider{
-		client: &http.Client{
-			Timeout: httpTimeout,
-		},
-		defaultURL: strings.TrimRight(defaultBase, "/"),
-		name:       "grok",
-		web:        NewWebClient(defaultBase),
-	}
-}
-
-// Name impl。
-func (p *Provider) Name() string { return p.name }
-
-type vidCreateReq struct {
-	Model       string   `json:"model"`
-	Prompt      string   `json:"prompt"`
-	NegPrompt   string   `json:"negative_prompt,omitempty"`
-	Duration    int      `json:"duration,omitempty"`
-	AspectRatio string   `json:"aspect_ratio,omitempty"`
-	N           int      `json:"n,omitempty"`
-	RefImages   []string `json:"ref_images,omitempty"`
-}
-
-type vidAsset struct {
-	URL        string `json:"url"`
-	ThumbURL   string `json:"thumb_url,omitempty"`
-	Width      int    `json:"width,omitempty"`
-	Height     int    `json:"height,omitempty"`
-	DurationMs int    `json:"duration_ms,omitempty"`
-	Mime       string `json:"mime,omitempty"`
-}
-
-type vidResp struct {
-	TaskID string     `json:"task_id,omitempty"`
-	Status string     `json:"status,omitempty"`
-	Data   []vidAsset `json:"data,omitempty"`
-	Error  string     `json:"error,omitempty"`
-}
-
-// Generate 视频生成；自动识别同步 / 异步响应。
-func (p *Provider) Generate(ctx context.Context, req *provider.Request) (*provider.Result, error) {
-	if req.Kind != provider.KindVideo {
-		return nil, fmt.Errorf("grok provider only supports video kind, got %s", req.Kind)
-	}
-	if req.Credential == "" {
-		return nil, fmt.Errorf("grok provider missing credential")
-	}
-	base := req.BaseURL
-	if base == "" {
-		base = p.defaultURL
-	}
-	if base == "" || strings.Contains(base, "grok.com") || strings.Contains(base, "api.x.ai") {
-		web := p.web
-		if req.ProxyURL != "" || req.BaseURL != "" {
-			web = NewWebClientWithProxy(req.BaseURL, req.ProxyURL)
-		}
-		web = web.WithUpstreamLogger(req.UpstreamLog)
-		count := req.Count
-		if count <= 0 {
-			count = 1
-		}
-		assets := make([]provider.Asset, 0, count)
-		for i := 0; i < count; i++ {
-			items, err := web.GenerateVideo(ctx, req.Credential, VideoRequest{
-				ModelCode:   NormalizeVideoModel(req.ModelCode),
-				Prompt:      req.Prompt,
-				Refs:        req.RefAssets,
-				DurationSec: intParam(req.Params, "duration", 6),
-				Size:        strParam(req.Params, "size", ""),
-				AspectRatio: strParam(req.Params, "aspect_ratio", ""),
-				Quality:     strParam(req.Params, "quality", ""),
-				Count:       1,
-			})
-			if err != nil {
-				return nil, err
-			}
-			for _, it := range items {
-				assets = append(assets, provider.Asset{
-					URL:        it.URL,
-					ThumbURL:   it.ThumbURL,
-					Width:      it.Width,
-					Height:     it.Height,
-					DurationMs: it.DurationMs,
-					Mime:       "video/mp4",
-				})
-			}
-		}
-		return &provider.Result{TaskID: req.TaskID, Assets: assets}, nil
-	}
-
-	base = strings.TrimRight(base, "/")
-
-	count := req.Count
-	if count <= 0 {
-		count = 1
-	}
-	dur := normalizeVideoDuration(intParam(req.Params, "duration", 6))
-	aspect := strParam(req.Params, "aspect_ratio", "16:9")
-
-	body := vidCreateReq{
-		Model:       req.ModelCode,
-		Prompt:      req.Prompt,
-		NegPrompt:   req.NegPrompt,
-		Duration:    dur,
-		AspectRatio: aspect,
-		N:           count,
-		RefImages:   req.RefAssets,
-	}
-	payload, _ := json.Marshal(body)
-
-	start := time.Now()
-	createResp, err := p.do(ctx, http.MethodPost, base+"/v1/videos/generations", payload, req.Credential)
-	if err != nil {
-		return nil, err
-	}
-
-	// 同步直返
-	if len(createResp.Data) > 0 {
-		return &provider.Result{
-			TaskID:  req.TaskID,
-			Assets:  toAssets(createResp.Data, dur),
-			Latency: time.Since(start),
-		}, nil
-	}
-	if createResp.TaskID == "" {
-		return nil, fmt.Errorf("grok empty task_id and empty data")
-	}
-
-	// 异步：内部轮询
-	period := pollInitialPeriod
-	deadline := time.Now().Add(pollMaxDur)
-	for {
-		select {
-		case <-ctx.Done():
-			return nil, ctx.Err()
-		case <-time.After(period):
-		}
-		if time.Now().After(deadline) {
-			return nil, fmt.Errorf("grok task %s timeout", createResp.TaskID)
-		}
-		st, err := p.do(ctx, http.MethodGet, base+"/v1/videos/tasks/"+createResp.TaskID, nil, req.Credential)
-		if err != nil {
-			return nil, err
-		}
-		switch strings.ToLower(st.Status) {
-		case "succeeded", "success", "completed", "done":
-			if len(st.Data) == 0 {
-				return nil, fmt.Errorf("grok task %s succeeded but empty data", createResp.TaskID)
-			}
-			return &provider.Result{
-				TaskID:  req.TaskID,
-				Assets:  toAssets(st.Data, dur),
-				Latency: time.Since(start),
-			}, nil
-		case "failed", "error", "cancelled":
-			msg := st.Error
-			if msg == "" {
-				msg = "grok task failed"
-			}
-			return nil, fmt.Errorf("grok task %s: %s", createResp.TaskID, msg)
-		}
-		// queued / running / processing → 继续轮询
-		period *= 2
-		if period > pollMaxPeriod {
-			period = pollMaxPeriod
-		}
-	}
-}
-
-func (p *Provider) do(ctx context.Context, method, url string, payload []byte, key string) (*vidResp, error) {
-	var rdr io.Reader
-	if payload != nil {
-		rdr = bytes.NewReader(payload)
-	}
-	httpReq, err := http.NewRequestWithContext(ctx, method, url, rdr)
-	if err != nil {
-		return nil, err
-	}
-	httpReq.Header.Set("Authorization", "Bearer "+key)
-	if payload != nil {
-		httpReq.Header.Set("Content-Type", "application/json")
-	}
-	httpReq.Header.Set("User-Agent", "kleinai/1.0")
-
-	resp, err := p.client.Do(httpReq)
-	if err != nil {
-		return nil, fmt.Errorf("grok http: %w", err)
-	}
-	defer resp.Body.Close()
-
-	raw, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode >= 400 {
-		return nil, fmt.Errorf("grok %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	var out vidResp
-	if err := json.Unmarshal(raw, &out); err != nil {
-		return nil, fmt.Errorf("grok decode: %w (raw=%s)", err, snippet(raw, 240))
-	}
-	return &out, nil
-}
-
-func toAssets(items []vidAsset, durSec int) []provider.Asset {
-	out := make([]provider.Asset, 0, len(items))
-	for _, it := range items {
-		a := provider.Asset{
-			URL:        it.URL,
-			ThumbURL:   it.ThumbURL,
-			Width:      it.Width,
-			Height:     it.Height,
-			DurationMs: it.DurationMs,
-			Mime:       it.Mime,
-		}
-		if a.DurationMs == 0 && durSec > 0 {
-			a.DurationMs = durSec * 1000
-		}
-		if a.Mime == "" {
-			a.Mime = "video/mp4"
-		}
-		if a.Width == 0 || a.Height == 0 {
-			a.Width, a.Height = 1280, 720
-		}
-		out = append(out, a)
-	}
-	return out
-}
-
-// === helpers ===
-
-func strParam(p map[string]any, key, def string) string {
-	if p == nil {
-		return def
-	}
-	if v, ok := p[key]; ok {
-		if s, ok := v.(string); ok && s != "" {
-			return s
-		}
-	}
-	return def
-}
-
-func intParam(p map[string]any, key string, def int) int {
-	if p == nil {
-		return def
-	}
-	if v, ok := p[key]; ok {
-		switch n := v.(type) {
-		case float64:
-			return int(n)
-		case int:
-			return n
-		case int64:
-			return int(n)
-		}
-	}
-	return def
-}
-
-func snippet(b []byte, n int) string {
-	if len(b) <= n {
-		return string(b)
-	}
-	return string(b[:n]) + "...(truncated)"
-}
diff --git a/backend/internal/provider/grok/web_client.go b/backend/internal/provider/grok/web_client.go
deleted file mode 100644
index e3ce5dc5..00000000
--- a/backend/internal/provider/grok/web_client.go
+++ /dev/null
@@ -1,1473 +0,0 @@
-package grok
-
-import (
-	"bufio"
-	"bytes"
-	"compress/gzip"
-	"context"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"image"
-	"image/color"
-	"image/draw"
-	_ "image/gif"
-	"image/jpeg"
-	_ "image/png"
-	"io"
-	"mime"
-	"net/http"
-	"os"
-	"path/filepath"
-	"regexp"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/google/uuid"
-
-	"github.com/kleinai/backend/internal/provider"
-	"github.com/kleinai/backend/pkg/outbound"
-)
-
-var grokCFCache = struct {
-	sync.Mutex
-	state  grokRuntimeCFState
-	loaded time.Time
-}{}
-
-type grokRuntimeCFState struct {
-	Cookies     string `json:"cookies"`
-	CFClearance string `json:"cf_clearance"`
-	UserAgent   string `json:"user_agent"`
-	Browser     string `json:"browser"`
-	UpdatedAt   int64  `json:"updated_at"`
-}
-
-const (
-	webBaseURL             = "https://grok.com"
-	chatEndpoint           = "/rest/app-chat/conversations/new"
-	uploadEndpoint         = "/rest/app-chat/upload-file"
-	mediaEndpoint          = "/rest/media/post/create"
-	mediaGetEndpoint       = "/rest/media/post/get"
-	videoModelName         = "imagine-video-gen"
-	grokUA                 = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
-	imageMediaType         = "MEDIA_POST_TYPE_IMAGE"
-	videoMediaType         = "MEDIA_POST_TYPE_VIDEO"
-	defaultVideoSize       = "1280x720"
-	defaultVideoMode       = "custom"
-	defaultVideoResolution = "480p"
-)
-
-type chatModelParams struct {
-	upstream string
-	mode     string
-}
-
-var chatModels = map[string]chatModelParams{
-	"grok-3":          {upstream: "grok-3", mode: "MODEL_MODE_GROK_3"},
-	"grok-3-mini":     {upstream: "grok-3", mode: "MODEL_MODE_GROK_3_MINI_THINKING"},
-	"grok-3-thinking": {upstream: "grok-3", mode: "MODEL_MODE_GROK_3_THINKING"},
-	"grok-4":          {upstream: "grok-4", mode: "MODEL_MODE_GROK_4"},
-	"grok-4-thinking": {upstream: "grok-4", mode: "MODEL_MODE_GROK_4_THINKING"},
-	"grok-4-heavy":    {upstream: "grok-4", mode: "MODEL_MODE_HEAVY"},
-	"grok-4.1-mini":   {upstream: "grok-4-1-thinking-1129", mode: "MODEL_MODE_GROK_4_1_MINI_THINKING"},
-	"grok-4.1-fast":   {upstream: "grok-4-1-thinking-1129", mode: "MODEL_MODE_FAST"},
-	"grok-4.1-expert": {upstream: "grok-4-1-thinking-1129", mode: "MODEL_MODE_EXPERT"},
-	"grok-4.1-thinking": {
-		upstream: "grok-4-1-thinking-1129",
-		mode:     "MODEL_MODE_GROK_4_1_THINKING",
-	},
-	"grok-4.20-beta": {upstream: "grok-420", mode: "MODEL_MODE_GROK_420"},
-
-	// Backward-compatible aliases used by the current frontend.
-	"grok-4.20-fast":   {upstream: "grok-4-1-thinking-1129", mode: "MODEL_MODE_FAST"},
-	"grok-4.20-auto":   {upstream: "grok-4", mode: "MODEL_MODE_GROK_4"},
-	"grok-4.20-expert": {upstream: "grok-4-1-thinking-1129", mode: "MODEL_MODE_EXPERT"},
-	"grok-4.20-heavy":  {upstream: "grok-4", mode: "MODEL_MODE_HEAVY"},
-	"grok-4.3-beta":    {upstream: "grok-420", mode: "MODEL_MODE_GROK_420"},
-}
-
-// ChatModelIDs returns downstream chat models backed by Grok Web.
-func ChatModelIDs() []string {
-	return []string{
-		"grok-4.20-fast",
-		"grok-4.20-auto",
-		"grok-4.20-expert",
-		"grok-4.20-heavy",
-		"grok-4.3-beta",
-		"grok-3",
-	}
-}
-
-func IsChatModel(modelCode string) bool {
-	_, ok := chatModels[strings.ToLower(strings.TrimSpace(modelCode))]
-	return ok
-}
-
-func ModeForChatModel(modelCode string) string {
-	if params, ok := chatModels[strings.ToLower(strings.TrimSpace(modelCode))]; ok {
-		return params.mode
-	}
-	return "MODEL_MODE_FAST"
-}
-
-func UpstreamForChatModel(modelCode string) string {
-	if params, ok := chatModels[strings.ToLower(strings.TrimSpace(modelCode))]; ok {
-		return params.upstream
-	}
-	return strings.TrimSpace(modelCode)
-}
-
-func NormalizeVideoModel(modelCode string) string {
-	switch strings.ToLower(strings.TrimSpace(modelCode)) {
-	case "", "vid-v1", "vid-i2v", "grok-video", "grok-i2v", "grok-imagine-video":
-		return "grok-imagine-video"
-	default:
-		return modelCode
-	}
-}
-
-type WebClient struct {
-	baseURL        string
-	proxyURL       string
-	upstreamLogger provider.UpstreamLogger
-}
-
-func NewWebClient(base string) *WebClient {
-	return NewWebClientWithProxy(base, "")
-}
-
-func NewWebClientWithProxy(base, proxyURL string) *WebClient {
-	base = strings.TrimRight(strings.TrimSpace(base), "/")
-	if base == "" || strings.Contains(base, "api.x.ai") {
-		base = webBaseURL
-	}
-	return &WebClient{baseURL: base, proxyURL: strings.TrimSpace(proxyURL)}
-}
-
-func (c *WebClient) WithUpstreamLogger(logger provider.UpstreamLogger) *WebClient {
-	if c == nil {
-		return nil
-	}
-	clone := *c
-	clone.upstreamLogger = logger
-	return &clone
-}
-
-type OpenAIUsage struct {
-	PromptTokens     int `json:"prompt_tokens"`
-	CompletionTokens int `json:"completion_tokens"`
-	TotalTokens      int `json:"total_tokens"`
-}
-
-type ChatResult struct {
-	Raw    []byte
-	Status int
-	Usage  *OpenAIUsage
-}
-
-func (c *WebClient) logUpstream(ctx context.Context, entry provider.UpstreamLogEntry) {
-	if c == nil || c.upstreamLogger == nil {
-		return
-	}
-	if entry.Provider == "" {
-		entry.Provider = "grok"
-	}
-	c.upstreamLogger(ctx, entry)
-}
-
-func (c *WebClient) ChatComplete(ctx context.Context, token, modelCode string, body map[string]any) (*ChatResult, error) {
-	prompt, files := buildGrokPromptAndFiles(body)
-	reqBody := c.chatPayload(prompt, modelCode)
-	if len(files) > 0 {
-		attachments, err := c.uploadChatFiles(ctx, token, files)
-		if err != nil {
-			return nil, err
-		}
-		reqBody["fileAttachments"] = attachments
-	}
-	resp, err := c.doJSONStream(ctx, token, chatEndpoint, reqBody, 10*time.Minute)
-	if err != nil {
-		return nil, err
-	}
-	resp.Body = decodeResponseBody(resp)
-	defer resp.Body.Close()
-	if resp.StatusCode/100 != 2 {
-		raw, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
-		return &ChatResult{Raw: raw, Status: resp.StatusCode}, nil
-	}
-	rawText, _, _, _, err := collectGrokStream(resp.Body, nil)
-	if err != nil {
-		return nil, err
-	}
-	rawText = cleanGrokText(rawText)
-	usage := estimateOpenAIUsage(prompt, rawText)
-	raw, _ := json.Marshal(map[string]any{
-		"id":      "chatcmpl_" + shortID(),
-		"object":  "chat.completion",
-		"created": time.Now().Unix(),
-		"model":   modelCode,
-		"choices": []map[string]any{{
-			"index":         0,
-			"message":       map[string]any{"role": "assistant", "content": rawText},
-			"finish_reason": "stop",
-		}},
-		"usage": usage,
-	})
-	return &ChatResult{Raw: raw, Status: http.StatusOK, Usage: usage}, nil
-}
-
-func (c *WebClient) ChatStream(ctx context.Context, token, modelCode string, body map[string]any, w io.Writer, flusher http.Flusher) (*OpenAIUsage, error) {
-	prompt, files := buildGrokPromptAndFiles(body)
-	reqBody := c.chatPayload(prompt, modelCode)
-	if len(files) > 0 {
-		attachments, err := c.uploadChatFiles(ctx, token, files)
-		if err != nil {
-			return nil, err
-		}
-		reqBody["fileAttachments"] = attachments
-	}
-	resp, err := c.doJSONStream(ctx, token, chatEndpoint, reqBody, 10*time.Minute)
-	if err != nil {
-		return nil, err
-	}
-	resp.Body = decodeResponseBody(resp)
-	defer resp.Body.Close()
-	if resp.StatusCode/100 != 2 {
-		raw, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
-		return nil, fmt.Errorf("grok chat HTTP %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	var full strings.Builder
-	_, _, _, _, err = collectGrokStream(resp.Body, func(delta string) {
-		if delta == "" {
-			return
-		}
-		if looksLikeXAIToolMarkup(delta) {
-			return
-		}
-		full.WriteString(delta)
-		payload, _ := json.Marshal(map[string]any{
-			"id":      "chatcmpl_" + shortID(),
-			"object":  "chat.completion.chunk",
-			"created": time.Now().Unix(),
-			"model":   modelCode,
-			"choices": []map[string]any{{"index": 0, "delta": map[string]any{"content": delta}}},
-		})
-		_, _ = io.WriteString(w, "data: "+string(payload)+"\n\n")
-		if flusher != nil {
-			flusher.Flush()
-		}
-	})
-	if err != nil {
-		return nil, err
-	}
-	usage := estimateOpenAIUsage(prompt, full.String())
-	payload, _ := json.Marshal(map[string]any{
-		"id":      "chatcmpl_" + shortID(),
-		"object":  "chat.completion.chunk",
-		"created": time.Now().Unix(),
-		"model":   modelCode,
-		"choices": []map[string]any{},
-		"usage":   usage,
-	})
-	_, _ = io.WriteString(w, "data: "+string(payload)+"\n\n")
-	_, _ = io.WriteString(w, "data: [DONE]\n\n")
-	if flusher != nil {
-		flusher.Flush()
-	}
-	return usage, nil
-}
-
-type VideoRequest struct {
-	ModelCode   string
-	Prompt      string
-	Refs        []string
-	DurationSec int
-	Size        string
-	AspectRatio string
-	Quality     string
-	Count       int
-}
-
-type VideoAsset struct {
-	URL        string
-	ThumbURL   string
-	Width      int
-	Height     int
-	DurationMs int
-}
-
-type uploadedVideoRef struct {
-	fileID   string
-	assetURL string
-}
-
-func (c *WebClient) GenerateVideo(ctx context.Context, token string, req VideoRequest) ([]VideoAsset, error) {
-	if req.DurationSec <= 0 {
-		req.DurationSec = 6
-	}
-	req.DurationSec = normalizeVideoDuration(req.DurationSec)
-	if req.Size == "" && strings.TrimSpace(req.AspectRatio) == "" {
-		req.Size = defaultVideoSize
-	}
-	aspect, resolution, width, height := videoConfig(req.Size, req.AspectRatio)
-	c.logUpstream(ctx, provider.UpstreamLogEntry{
-		Provider: "grok",
-		Stage:    "video.start",
-		Meta: map[string]any{
-			"model":          req.ModelCode,
-			"duration_sec":   req.DurationSec,
-			"aspect_ratio":   aspect,
-			"resolution":     resolution,
-			"size":           req.Size,
-			"refs_count":     len(req.Refs),
-			"has_proxy":      c.proxyURL != "",
-			"has_ref_prompt": strings.TrimSpace(req.Prompt) != "",
-		},
-	})
-
-	parentPostID := ""
-	refs := make([]uploadedVideoRef, 0, len(req.Refs))
-	for _, ref := range req.Refs {
-		ref = strings.TrimSpace(ref)
-		if ref == "" {
-			continue
-		}
-		uploaded, err := c.prepareVideoRef(ctx, token, ref)
-		if err != nil {
-			c.logUpstream(ctx, provider.UpstreamLogEntry{
-				Provider: "grok",
-				Stage:    "video.ref",
-				Error:    err.Error(),
-				Meta:     map[string]any{"ref_index": len(refs) + 1, "ref": sanitizeDiagURL(ref)},
-			})
-			return nil, err
-		}
-		if uploaded.assetURL != "" {
-			refs = append(refs, uploaded)
-		}
-	}
-	if len(refs) == 1 {
-		imagePostID, err := c.createMediaPost(ctx, token, imageMediaType, "", refs[0].assetURL)
-		if err != nil {
-			c.logUpstream(ctx, provider.UpstreamLogEntry{Provider: "grok", Stage: "video.parent_post", Error: err.Error(), Meta: map[string]any{"media_type": imageMediaType, "refs_count": len(refs), "has_media_url": refs[0].assetURL != ""}})
-			return nil, err
-		}
-		parentPostID = imagePostID
-	}
-	if len(refs) != 1 {
-		var err error
-		parentPostID, err = c.createMediaPost(ctx, token, videoMediaType, req.Prompt, "")
-		if err != nil {
-			c.logUpstream(ctx, provider.UpstreamLogEntry{Provider: "grok", Stage: "video.parent_post", Error: err.Error(), Meta: map[string]any{"media_type": videoMediaType, "refs_count": len(refs)}})
-			return nil, err
-		}
-	}
-
-	message := strings.TrimSpace(req.Prompt)
-	if message == "" {
-		message = "Generate a video"
-	}
-	fileAttachments := []any{}
-	if len(refs) == 1 {
-		message = strings.TrimSpace(refs[0].assetURL + "  " + message)
-	} else if len(refs) > 1 {
-		mentions := make([]string, 0, len(refs))
-		for _, ref := range refs {
-			if ref.fileID != "" {
-				mentions = append(mentions, "@"+ref.fileID)
-				fileAttachments = append(fileAttachments, ref.fileID)
-			}
-		}
-		if len(mentions) > 0 {
-			message = strings.TrimSpace(strings.Join(mentions, " ") + " " + message)
-		}
-	}
-	message = strings.TrimSpace(message + " --mode=" + defaultVideoMode)
-	payload := c.chatPayload(message, "grok-3")
-	payload["fileAttachments"] = fileAttachments
-	payload["modelMode"] = defaultVideoMode
-	payload["enableImageGeneration"] = true
-	payload["returnImageBytes"] = false
-	payload["toolOverrides"] = map[string]any{"videoGen": true}
-	payload["responseMetadata"] = map[string]any{
-		"modelConfigOverride": map[string]any{
-			"modelMap": map[string]any{
-				"videoGenModelConfig": map[string]any{
-					"parentPostId":   parentPostID,
-					"aspectRatio":    aspect,
-					"videoLength":    req.DurationSec,
-					"resolutionName": resolution,
-					"isVideoEdit":    false,
-					"mode":           defaultVideoMode,
-					"originalPrompt": strings.TrimSpace(req.Prompt),
-				},
-			},
-		},
-	}
-	cfg := payload["responseMetadata"].(map[string]any)["modelConfigOverride"].(map[string]any)["modelMap"].(map[string]any)["videoGenModelConfig"].(map[string]any)
-	if len(refs) > 1 {
-		imageReferences := make([]string, 0, len(refs))
-		for _, ref := range refs {
-			if ref.assetURL != "" {
-				imageReferences = append(imageReferences, ref.assetURL)
-			}
-		}
-		cfg["isReferenceToVideo"] = true
-		cfg["imageReferences"] = imageReferences
-	}
-
-	resp, err := c.doJSONStream(ctx, token, chatEndpoint, payload, 15*time.Minute)
-	if err != nil {
-		c.logUpstream(ctx, provider.UpstreamLogEntry{
-			Provider:       "grok",
-			Stage:          "video.conversation",
-			Method:         "POST",
-			URL:            c.baseURL + chatEndpoint,
-			RequestExcerpt: jsonSnippet(payload, 600),
-			Error:          err.Error(),
-			Meta:           map[string]any{"refs_count": len(refs), "duration_sec": req.DurationSec, "resolution": resolution, "aspect_ratio": aspect},
-		})
-		return nil, err
-	}
-	resp.Body = decodeResponseBody(resp)
-	defer resp.Body.Close()
-	if resp.StatusCode/100 != 2 {
-		raw, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
-		c.logUpstream(ctx, provider.UpstreamLogEntry{
-			Provider:        "grok",
-			Stage:           "video.conversation",
-			Method:          "POST",
-			URL:             c.baseURL + chatEndpoint,
-			StatusCode:      resp.StatusCode,
-			RequestExcerpt:  jsonSnippet(payload, 600),
-			ResponseExcerpt: snippet(raw, 600),
-			Meta:            map[string]any{"refs_count": len(refs), "duration_sec": req.DurationSec, "resolution": resolution, "aspect_ratio": aspect},
-		})
-		return nil, fmt.Errorf("grok video HTTP %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	var assets []VideoAsset
-	_, videoURL, thumbURL, videoPostID, err := collectGrokStream(resp.Body, func(_ string) {})
-	if err != nil {
-		c.logUpstream(ctx, provider.UpstreamLogEntry{
-			Provider: "grok",
-			Stage:    "video.stream",
-			Error:    err.Error(),
-			Meta:     map[string]any{"refs_count": len(refs), "duration_sec": req.DurationSec, "resolution": resolution, "aspect_ratio": aspect},
-		})
-		return nil, err
-	}
-	if videoURL == "" && videoPostID != "" {
-		videoURL, thumbURL, err = c.fetchVideoAssetFromPost(ctx, token, videoPostID, thumbURL)
-		if err != nil {
-			c.logUpstream(ctx, provider.UpstreamLogEntry{
-				Provider: "grok",
-				Stage:    "video.post_fetch",
-				Error:    err.Error(),
-				Meta:     map[string]any{"post_id": videoPostID, "fallback_thumb": sanitizeDiagURL(thumbURL)},
-			})
-			return nil, err
-		}
-	}
-	if videoURL != "" {
-		if thumbURL == "" {
-			thumbURL = derivePreviewImageURL(videoURL)
-		}
-		assets = append(assets, VideoAsset{URL: videoURL, ThumbURL: thumbURL, Width: width, Height: height, DurationMs: req.DurationSec * 1000})
-	}
-	if len(assets) == 0 {
-		c.logUpstream(ctx, provider.UpstreamLogEntry{
-			Provider: "grok",
-			Stage:    "video.failed",
-			Error:    "grok video finished without video url",
-			Meta:     map[string]any{"refs_count": len(refs), "duration_sec": req.DurationSec, "resolution": resolution, "aspect_ratio": aspect, "parent_post_id": parentPostID},
-		})
-		return nil, fmt.Errorf("grok video finished without video url")
-	}
-	c.logUpstream(ctx, provider.UpstreamLogEntry{
-		Provider: "grok",
-		Stage:    "video.success",
-		Meta:     map[string]any{"assets": len(assets), "duration_sec": req.DurationSec, "resolution": resolution, "aspect_ratio": aspect, "parent_post_id": parentPostID},
-	})
-	return assets, nil
-}
-
-func (c *WebClient) fetchVideoAssetFromPost(ctx context.Context, token, postID, fallbackThumb string) (string, string, error) {
-	postID = strings.TrimSpace(postID)
-	if postID == "" {
-		return "", "", nil
-	}
-	var lastErr error
-	for attempt := 0; attempt < 4; attempt++ {
-		if attempt > 0 {
-			select {
-			case <-ctx.Done():
-				return "", "", ctx.Err()
-			case <-time.After(time.Duration(attempt*5) * time.Second):
-			}
-		}
-		resp, err := c.doJSON(ctx, token, mediaGetEndpoint, map[string]any{"id": postID}, 45*time.Second)
-		if err != nil {
-			lastErr = err
-			continue
-		}
-		resp.Body = decodeResponseBody(resp)
-		raw, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
-		_ = resp.Body.Close()
-		if resp.StatusCode/100 != 2 {
-			lastErr = fmt.Errorf("grok media post get HTTP %d: %s", resp.StatusCode, snippet(raw, 240))
-			continue
-		}
-		var obj any
-		if err := json.Unmarshal(raw, &obj); err != nil {
-			lastErr = err
-			continue
-		}
-		videoURL := firstVideoURL(obj)
-		if videoURL != "" {
-			thumbURL := firstStringByKeys(obj, []string{"thumbnailImageUrl", "thumbnailUrl", "coverUrl"})
-			if thumbURL == "" {
-				thumbURL = fallbackThumb
-			}
-			return normalizeAssetURL(videoURL), normalizeAssetURL(thumbURL), nil
-		}
-		lastErr = fmt.Errorf("grok media post get missing video url")
-	}
-	return "", fallbackThumb, lastErr
-}
-
-func (c *WebClient) prepareVideoRef(ctx context.Context, token, ref string) (uploadedVideoRef, error) {
-	ref = strings.TrimSpace(ref)
-	if ref == "" {
-		return uploadedVideoRef{}, nil
-	}
-	if strings.HasPrefix(ref, "data:") {
-		fileID, assetURL, err := c.uploadDataURLMeta(ctx, token, ref)
-		if err != nil {
-			return uploadedVideoRef{}, err
-		}
-		return uploadedVideoRef{fileID: fileID, assetURL: assetURL}, nil
-	}
-	if strings.HasPrefix(ref, "/api/v1/gen/cached/") {
-		fileID, assetURL, err := c.uploadCachedLocalImageMeta(ctx, token, ref)
-		if err != nil {
-			return uploadedVideoRef{}, err
-		}
-		return uploadedVideoRef{fileID: fileID, assetURL: assetURL}, nil
-	}
-	if !isGrokAssetURL(ref) {
-		fileID, assetURL, err := c.uploadRemoteImageMeta(ctx, token, ref)
-		if err != nil {
-			return uploadedVideoRef{}, err
-		}
-		return uploadedVideoRef{fileID: fileID, assetURL: assetURL}, nil
-	}
-	return uploadedVideoRef{assetURL: normalizeAssetURL(ref)}, nil
-}
-
-func (c *WebClient) chatPayload(message, modelCode string) map[string]any {
-	upstreamModel := UpstreamForChatModel(modelCode)
-	return map[string]any{
-		"deviceEnvInfo":               map[string]any{"darkModeEnabled": false, "devicePixelRatio": 2, "screenHeight": 1329, "screenWidth": 2056, "viewportHeight": 1083, "viewportWidth": 2056},
-		"disableMemory":               true,
-		"disableSearch":               true,
-		"disableSelfHarmShortCircuit": false,
-		"disableTextFollowUps":        false,
-		"enableImageGeneration":       true,
-		"enableImageStreaming":        true,
-		"enableSideBySide":            true,
-		"fileAttachments":             []any{},
-		"forceConcise":                false,
-		"forceSideBySide":             false,
-		"imageAttachments":            []any{},
-		"imageGenerationCount":        2,
-		"isAsyncChat":                 false,
-		"isReasoning":                 false,
-		"message":                     message,
-		"modelMode":                   ModeForChatModel(modelCode),
-		"modelName":                   upstreamModel,
-		"responseMetadata":            map[string]any{"requestModelDetails": map[string]any{"modelId": upstreamModel}},
-		"returnImageBytes":            false,
-		"returnRawGrokInXaiRequest":   false,
-		"sendFinalMetadata":           true,
-		"temporary":                   true,
-		"toolOverrides":               map[string]any{"webSearch": false, "xSearch": false, "x_keyword_search": false},
-		"enable420":                   upstreamModel == "grok-420",
-	}
-}
-
-func (c *WebClient) doJSONStream(ctx context.Context, token, endpoint string, body map[string]any, timeout time.Duration) (*http.Response, error) {
-	payload, _ := json.Marshal(body)
-	client, err := outbound.NewClient(outbound.Options{Timeout: timeout, ProxyURL: c.proxyURL, Mode: outbound.ModeUTLS, Profile: outbound.ProfileChrome})
-	if err != nil {
-		return nil, err
-	}
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.baseURL+endpoint, bytes.NewReader(payload))
-	if err != nil {
-		return nil, err
-	}
-	setGrokHeaders(req, token)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "text/event-stream, application/json, */*")
-	return client.Do(req)
-}
-
-func (c *WebClient) createMediaPost(ctx context.Context, token, mediaType, prompt, mediaURL string) (string, error) {
-	body := map[string]any{"mediaType": mediaType, "prompt": prompt}
-	if mediaURL != "" {
-		body["mediaUrl"] = mediaURL
-	}
-	resp, err := c.doJSON(ctx, token, mediaEndpoint, body, 30*time.Second)
-	if err != nil {
-		return "", err
-	}
-	resp.Body = decodeResponseBody(resp)
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
-	if resp.StatusCode/100 != 2 {
-		return "", fmt.Errorf("grok media post HTTP %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	var obj map[string]any
-	_ = json.Unmarshal(raw, &obj)
-	for _, key := range []string{"postId", "id", "mediaPostId"} {
-		if s, _ := obj[key].(string); s != "" {
-			return s, nil
-		}
-	}
-	if s := firstStringByKey(obj, "id"); s != "" {
-		return s, nil
-	}
-	return "", fmt.Errorf("grok media post missing id: %s", snippet(raw, 240))
-}
-
-func (c *WebClient) doJSON(ctx context.Context, token, endpoint string, body map[string]any, timeout time.Duration) (*http.Response, error) {
-	payload, _ := json.Marshal(body)
-	client, err := outbound.NewClient(outbound.Options{Timeout: timeout, ProxyURL: c.proxyURL, Mode: outbound.ModeUTLS, Profile: outbound.ProfileChrome})
-	if err != nil {
-		return nil, err
-	}
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.baseURL+endpoint, bytes.NewReader(payload))
-	if err != nil {
-		return nil, err
-	}
-	setGrokHeaders(req, token)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "application/json, */*")
-	return client.Do(req)
-}
-
-func (c *WebClient) uploadDataURL(ctx context.Context, token, dataURL string) (string, error) {
-	_, url, err := c.uploadDataURLMeta(ctx, token, dataURL)
-	if err != nil {
-		return "", err
-	}
-	return url, nil
-}
-
-func (c *WebClient) uploadDataURLMeta(ctx context.Context, token, dataURL string) (string, string, error) {
-	comma := strings.Index(dataURL, ",")
-	if comma < 0 {
-		return "", "", fmt.Errorf("invalid data url")
-	}
-	meta, b64 := dataURL[:comma], dataURL[comma+1:]
-	mimeType := "image/png"
-	if strings.HasPrefix(meta, "data:") {
-		if semi := strings.Index(meta, ";"); semi > len("data:") {
-			mimeType = meta[len("data:"):semi]
-		}
-	}
-	data, err := base64.StdEncoding.DecodeString(b64)
-	if err != nil {
-		return "", "", fmt.Errorf("decode data url: %w", err)
-	}
-	return c.uploadImageBytesMeta(ctx, token, mimeType, data)
-}
-
-func (c *WebClient) uploadCachedLocalImageMeta(ctx context.Context, token, cachedURL string) (string, string, error) {
-	rel := strings.TrimPrefix(strings.TrimSpace(cachedURL), "/api/v1/gen/cached/")
-	if rel == "" || strings.Contains(rel, "..") || strings.HasPrefix(rel, "/") || strings.HasPrefix(rel, `\`) {
-		return "", "", fmt.Errorf("invalid cached reference path")
-	}
-	root := strings.TrimSpace(os.Getenv("KLEIN_STORAGE_ROOT"))
-	if root == "" {
-		root = "/app/storage/public"
-	}
-	filePath := filepath.Join(root, filepath.FromSlash(rel))
-	data, err := os.ReadFile(filePath)
-	if err != nil {
-		return "", "", fmt.Errorf("read cached reference image: %w", err)
-	}
-	if len(data) == 0 {
-		return "", "", fmt.Errorf("empty cached reference image")
-	}
-	mimeType := mime.TypeByExtension(filepath.Ext(filePath))
-	if mimeType == "" {
-		mimeType = detectImageMime(data)
-	}
-	return c.uploadImageBytesMeta(ctx, token, mimeType, data)
-}
-
-func (c *WebClient) uploadRemoteImageMeta(ctx context.Context, token, imageURL string) (string, string, error) {
-	imageURL = strings.TrimSpace(imageURL)
-	if imageURL == "" {
-		return "", "", fmt.Errorf("empty image url")
-	}
-	client, err := outbound.NewClient(outbound.Options{Timeout: 90 * time.Second, ProxyURL: c.proxyURL, Mode: outbound.ModeUTLS, Profile: outbound.ProfileChrome})
-	if err != nil {
-		return "", "", err
-	}
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, imageURL, nil)
-	if err != nil {
-		return "", "", err
-	}
-	req.Header.Set("Accept", "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8")
-	resp, err := client.Do(req)
-	if err != nil {
-		return "", "", fmt.Errorf("download reference image: %w", err)
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode/100 != 2 {
-		raw, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))
-		return "", "", fmt.Errorf("download reference image HTTP %d: %s", resp.StatusCode, snippet(raw, 180))
-	}
-	raw, err := io.ReadAll(io.LimitReader(resp.Body, 25<<20))
-	if err != nil {
-		return "", "", fmt.Errorf("read reference image: %w", err)
-	}
-	if len(raw) == 0 {
-		return "", "", fmt.Errorf("empty reference image")
-	}
-	mimeType := strings.TrimSpace(strings.Split(resp.Header.Get("Content-Type"), ";")[0])
-	if mimeType == "" || !strings.HasPrefix(strings.ToLower(mimeType), "image/") {
-		mimeType = detectImageMime(raw)
-	}
-	if !strings.HasPrefix(strings.ToLower(mimeType), "image/") {
-		return "", "", fmt.Errorf("reference is not image: %s", mimeType)
-	}
-	return c.uploadImageBytesMeta(ctx, token, mimeType, raw)
-}
-
-func (c *WebClient) uploadImageBytesMeta(ctx context.Context, token, mimeType string, data []byte) (string, string, error) {
-	mimeType = strings.TrimSpace(mimeType)
-	if mimeType == "" {
-		mimeType = detectImageMime(data)
-	}
-	if !strings.HasPrefix(strings.ToLower(mimeType), "image/") || strings.EqualFold(mimeType, "application/octet-stream") {
-		if detected := detectImageMime(data); strings.HasPrefix(strings.ToLower(detected), "image/") {
-			mimeType = detected
-		}
-	}
-	if !strings.HasPrefix(strings.ToLower(mimeType), "image/") {
-		return "", "", fmt.Errorf("unsupported image mime: %s", mimeType)
-	}
-	if shouldNormalizeGrokUpload() {
-		if normalized, ok := normalizeImageForGrokUpload(data); ok {
-			data = normalized
-			mimeType = "image/jpeg"
-		}
-	}
-	exts, _ := mime.ExtensionsByType(mimeType)
-	ext := ".png"
-	if len(exts) > 0 {
-		ext = exts[0]
-	}
-	client, err := outbound.NewClient(outbound.Options{Timeout: 2 * time.Minute, ProxyURL: c.proxyURL, Mode: outbound.ModeUTLS, Profile: outbound.ProfileChrome})
-	if err != nil {
-		return "", "", err
-	}
-	payload, _ := json.Marshal(map[string]any{
-		"fileName":     "image" + filepath.Ext(ext),
-		"fileMimeType": mimeType,
-		"content":      base64.StdEncoding.EncodeToString(data),
-	})
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.baseURL+uploadEndpoint, bytes.NewReader(payload))
-	if err != nil {
-		return "", "", err
-	}
-	setGrokHeaders(req, token)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "*/*")
-	resp, err := client.Do(req)
-	if err != nil {
-		return "", "", err
-	}
-	resp.Body = decodeResponseBody(resp)
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
-	if resp.StatusCode/100 != 2 {
-		return "", "", fmt.Errorf("grok upload HTTP %d: %s", resp.StatusCode, snippet(raw, 240))
-	}
-	var obj map[string]any
-	_ = json.Unmarshal(raw, &obj)
-	fileID := firstStringByKeys(obj, []string{"fileMetadataId", "file_id", "fileId", "id"})
-	for _, key := range []string{"fileUri", "file_uri", "fileUrl", "url", "mediaUrl"} {
-		if s, _ := obj[key].(string); s != "" {
-			return fileID, normalizeAssetURL(s), nil
-		}
-	}
-	return fileID, normalizeAssetURL(firstStringByKey(obj, "url")), nil
-}
-
-func (c *WebClient) uploadChatFiles(ctx context.Context, token string, files []string) ([]any, error) {
-	out := make([]any, 0, len(files))
-	for _, item := range files {
-		item = strings.TrimSpace(item)
-		if item == "" {
-			continue
-		}
-		if strings.HasPrefix(item, "data:") {
-			fileID, fileURL, err := c.uploadDataURLMeta(ctx, token, item)
-			if err != nil {
-				return nil, err
-			}
-			if fileID != "" {
-				out = append(out, fileID)
-			} else if fileURL != "" {
-				out = append(out, fileURL)
-			}
-			continue
-		}
-		out = append(out, item)
-	}
-	return out, nil
-}
-
-func jsonSnippet(v any, limit int) string {
-	raw, _ := json.Marshal(v)
-	return snippet(raw, limit)
-}
-
-func sanitizeDiagURL(rawURL string) string {
-	rawURL = strings.TrimSpace(rawURL)
-	if rawURL == "" {
-		return ""
-	}
-	if i := strings.Index(rawURL, "?"); i >= 0 {
-		rawURL = rawURL[:i]
-	}
-	return rawURL
-}
-
-func normalizeAssetURL(v string) string {
-	v = strings.TrimSpace(v)
-	if v == "" || strings.HasPrefix(v, "http://") || strings.HasPrefix(v, "https://") {
-		return v
-	}
-	if strings.HasPrefix(v, "/") {
-		return "https://assets.grok.com" + v
-	}
-	return "https://assets.grok.com/" + v
-}
-
-func isGrokAssetURL(v string) bool {
-	v = strings.ToLower(strings.TrimSpace(v))
-	return strings.Contains(v, "://assets.grok.com/") || strings.Contains(v, "://imagine-public.x.ai/")
-}
-
-func detectImageMime(data []byte) string {
-	if len(data) >= 12 {
-		switch {
-		case bytes.HasPrefix(data, []byte{0x89, 'P', 'N', 'G', '\r', '\n', 0x1a, '\n'}):
-			return "image/png"
-		case bytes.HasPrefix(data, []byte{0xff, 0xd8, 0xff}):
-			return "image/jpeg"
-		case bytes.HasPrefix(data, []byte("GIF87a")) || bytes.HasPrefix(data, []byte("GIF89a")):
-			return "image/gif"
-		case bytes.HasPrefix(data, []byte("RIFF")) && bytes.Equal(data[8:12], []byte("WEBP")):
-			return "image/webp"
-		case bytes.Equal(data[4:8], []byte("ftyp")) && (bytes.Equal(data[8:12], []byte("avif")) || bytes.Equal(data[8:12], []byte("avis"))):
-			return "image/avif"
-		case bytes.Equal(data[4:8], []byte("ftyp")) && (bytes.Equal(data[8:12], []byte("heic")) || bytes.Equal(data[8:12], []byte("heix")) || bytes.Equal(data[8:12], []byte("hevc")) || bytes.Equal(data[8:12], []byte("hevx"))):
-			return "image/heic"
-		}
-	}
-	if len(data) >= 4 {
-		switch {
-		case bytes.HasPrefix(data, []byte("BM")):
-			return "image/bmp"
-		case bytes.HasPrefix(data, []byte("II*\x00")) || bytes.HasPrefix(data, []byte("MM\x00*")):
-			return "image/tiff"
-		}
-	}
-	return http.DetectContentType(data)
-}
-
-func setGrokHeaders(req *http.Request, token string) {
-	cookie := buildGrokCookie(token)
-	ua := grokUserAgent()
-	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8")
-	req.Header.Set("Accept-Encoding", "gzip")
-	req.Header.Set("Baggage", "sentry-environment=production,sentry-release=d6add6fb0460641fd482d767a335ef72b9b6abb8,sentry-public_key=b311e0f2690c81f25e2c4cf6d4f7ce1c")
-	req.Header.Set("Cache-Control", "no-cache")
-	req.Header.Set("Cookie", cookie)
-	req.Header.Set("Origin", webBaseURL)
-	req.Header.Set("Pragma", "no-cache")
-	req.Header.Set("Priority", "u=1, i")
-	req.Header.Set("Referer", webBaseURL+"/")
-	req.Header.Set("User-Agent", ua)
-	req.Header.Set("Sec-Ch-Ua", grokSecCHUA(ua))
-	req.Header.Set("Sec-Ch-Ua-Arch", "x86")
-	req.Header.Set("Sec-Ch-Ua-Bitness", "64")
-	req.Header.Set("Sec-Ch-Ua-Mobile", "?0")
-	req.Header.Set("Sec-Ch-Ua-Model", "")
-	req.Header.Set("Sec-Ch-Ua-Platform", grokSecPlatform(ua))
-	req.Header.Set("Sec-Fetch-Dest", "empty")
-	req.Header.Set("Sec-Fetch-Mode", "cors")
-	req.Header.Set("Sec-Fetch-Site", "same-origin")
-	req.Header.Set("X-Statsig-ID", grokStatsigID())
-	req.Header.Set("X-XAI-Request-ID", uuid.NewString())
-}
-
-func normalizeGrokToken(cred string) string {
-	cred = strings.TrimSpace(cred)
-	if strings.Contains(cred, "sso=") {
-		parts := strings.Split(cred, ";")
-		for _, p := range parts {
-			p = strings.TrimSpace(p)
-			if strings.HasPrefix(p, "sso=") {
-				return strings.TrimPrefix(p, "sso=")
-			}
-		}
-	}
-	return cred
-}
-
-func buildGrokCookie(cred string) string {
-	cred = strings.TrimSpace(cred)
-	state := readGrokRuntimeCFState()
-	cf := strings.TrimSpace(firstNonEmpty(state.CFClearance, os.Getenv("KLEIN_GROK_CF_CLEARANCE")))
-	extraCookies := normalizeCookieEnv(firstNonEmpty(state.Cookies, os.Getenv("KLEIN_GROK_CF_COOKIES")))
-	if strings.Contains(cred, "=") {
-		if !strings.Contains(cred, "sso-rw=") {
-			token := normalizeGrokToken(cred)
-			if token != "" {
-				cred = strings.TrimRight(cred, "; ") + "; sso-rw=" + token
-			}
-		}
-		if cf != "" && !strings.Contains(cred, "cf_clearance=") {
-			cred = strings.TrimRight(cred, "; ") + "; cf_clearance=" + cf
-		}
-		return appendMissingCookies(cred, extraCookies)
-	}
-	cookie := "sso=" + cred + "; sso-rw=" + cred
-	if cf != "" {
-		cookie += "; cf_clearance=" + cf
-	}
-	return appendMissingCookies(cookie, extraCookies)
-}
-
-func readGrokRuntimeCFState() grokRuntimeCFState {
-	grokCFCache.Lock()
-	defer grokCFCache.Unlock()
-	if time.Since(grokCFCache.loaded) < 30*time.Second {
-		return grokCFCache.state
-	}
-	grokCFCache.loaded = time.Now()
-	grokCFCache.state = grokRuntimeCFState{}
-	path := strings.TrimSpace(os.Getenv("KLEIN_GROK_CF_STATE_PATH"))
-	if path == "" {
-		path = "/app/storage/grok_cf.json"
-	}
-	raw, err := os.ReadFile(path)
-	if err != nil {
-		return grokCFCache.state
-	}
-	_ = json.Unmarshal(raw, &grokCFCache.state)
-	return grokCFCache.state
-}
-
-func grokUserAgent() string {
-	state := readGrokRuntimeCFState()
-	if ua := strings.TrimSpace(firstNonEmpty(state.UserAgent, os.Getenv("KLEIN_GROK_USER_AGENT"))); ua != "" {
-		return ua
-	}
-	return grokUA
-}
-
-func grokSecCHUA(ua string) string {
-	v := "136"
-	if m := regexp.MustCompile(`(?:Chrome|Chromium)/(\d+)`).FindStringSubmatch(ua); len(m) == 2 {
-		v = m[1]
-	}
-	return fmt.Sprintf(`"Google Chrome";v="%s", "Chromium";v="%s", "Not(A:Brand";v="24"`, v, v)
-}
-
-func grokSecPlatform(ua string) string {
-	ua = strings.ToLower(ua)
-	switch {
-	case strings.Contains(ua, "windows"):
-		return `"Windows"`
-	case strings.Contains(ua, "mac os"):
-		return `"macOS"`
-	case strings.Contains(ua, "linux"):
-		return `"Linux"`
-	default:
-		return `"Windows"`
-	}
-}
-
-func grokStatsigID() string {
-	if !envBool("KLEIN_GROK_DYNAMIC_STATSIG", true) {
-		return "ZTpUeXBlRXJyb3I6IENhbm5vdCByZWFkIHByb3BlcnRpZXMgb2YgdW5kZWZpbmVkIChyZWFkaW5nICdjaGlsZE5vZGVzJyk="
-	}
-	messages := []string{
-		"Cannot read properties of undefined (reading 'childNodes')",
-		"Cannot read properties of null (reading 'parentNode')",
-		"Cannot read properties of undefined (reading 'firstChild')",
-	}
-	msg := messages[int(time.Now().UnixNano()%int64(len(messages)))]
-	return base64.StdEncoding.EncodeToString([]byte("e:TypeError: " + msg))
-}
-
-func firstNonEmpty(values ...string) string {
-	for _, v := range values {
-		if strings.TrimSpace(v) != "" {
-			return v
-		}
-	}
-	return ""
-}
-
-func envBool(key string, fallback bool) bool {
-	v := strings.ToLower(strings.TrimSpace(os.Getenv(key)))
-	switch v {
-	case "1", "true", "yes", "on":
-		return true
-	case "0", "false", "no", "off":
-		return false
-	default:
-		return fallback
-	}
-}
-
-func shouldNormalizeGrokUpload() bool {
-	return envBool("KLEIN_GROK_UPLOAD_NORMALIZE_JPEG", true)
-}
-
-func normalizeImageForGrokUpload(data []byte) ([]byte, bool) {
-	img, _, err := image.Decode(bytes.NewReader(data))
-	if err != nil || img == nil {
-		return nil, false
-	}
-	b := img.Bounds()
-	canvas := image.NewRGBA(image.Rect(0, 0, b.Dx(), b.Dy()))
-	draw.Draw(canvas, canvas.Bounds(), &image.Uniform{C: color.White}, image.Point{}, draw.Src)
-	draw.Draw(canvas, canvas.Bounds(), img, b.Min, draw.Over)
-	var buf bytes.Buffer
-	if err := jpeg.Encode(&buf, canvas, &jpeg.Options{Quality: 92}); err != nil {
-		return nil, false
-	}
-	return buf.Bytes(), true
-}
-
-func normalizeCookieEnv(v string) string {
-	v = strings.TrimSpace(v)
-	if v == "" {
-		return ""
-	}
-	v = strings.TrimPrefix(v, "Cookie:")
-	v = strings.TrimSpace(v)
-	return strings.TrimRight(v, "; ")
-}
-
-func appendMissingCookies(cookie, extra string) string {
-	if extra == "" {
-		return cookie
-	}
-	out := strings.TrimRight(strings.TrimSpace(cookie), "; ")
-	for _, part := range strings.Split(extra, ";") {
-		part = strings.TrimSpace(part)
-		if part == "" {
-			continue
-		}
-		name := part
-		if i := strings.Index(part, "="); i >= 0 {
-			name = strings.TrimSpace(part[:i])
-		}
-		if name == "" || strings.Contains(out, name+"=") {
-			continue
-		}
-		if out != "" {
-			out += "; "
-		}
-		out += part
-	}
-	return out
-}
-
-func decodeResponseBody(resp *http.Response) io.ReadCloser {
-	if resp == nil || resp.Body == nil {
-		return nil
-	}
-	switch strings.ToLower(strings.TrimSpace(resp.Header.Get("Content-Encoding"))) {
-	case "gzip":
-		zr, err := gzip.NewReader(resp.Body)
-		if err == nil {
-			resp.Header.Del("Content-Encoding")
-			return &joinedReadCloser{Reader: zr, closers: []io.Closer{zr, resp.Body}}
-		}
-	}
-	return resp.Body
-}
-
-type joinedReadCloser struct {
-	io.Reader
-	closers []io.Closer
-}
-
-func (r *joinedReadCloser) Close() error {
-	var first error
-	for _, closer := range r.closers {
-		if err := closer.Close(); err != nil && first == nil {
-			first = err
-		}
-	}
-	return first
-}
-
-func collectGrokStream(r io.Reader, onText func(string)) (string, string, string, string, error) {
-	var out strings.Builder
-	videoURL := ""
-	thumbURL := ""
-	videoPostID := ""
-	sc := bufio.NewScanner(r)
-	sc.Buffer(make([]byte, 0, 64*1024), 4*1024*1024)
-	for sc.Scan() {
-		line := strings.TrimSpace(sc.Text())
-		if line == "" {
-			continue
-		}
-		if strings.HasPrefix(line, "data:") {
-			line = strings.TrimSpace(strings.TrimPrefix(line, "data:"))
-		}
-		if line == "" || line == "[DONE]" {
-			continue
-		}
-		var obj any
-		if err := json.Unmarshal([]byte(line), &obj); err != nil {
-			continue
-		}
-		if errMsg := firstStringByKey(obj, "error"); errMsg != "" {
-			return out.String(), videoURL, thumbURL, videoPostID, fmt.Errorf("grok stream error: %s", errMsg)
-		}
-		if s := firstStringByKeys(obj, []string{"videoPostId", "video_post_id", "assetId", "asset_id", "videoId", "video_id", "postId", "post_id"}); s != "" {
-			videoPostID = s
-		}
-		if u := firstVideoURL(obj); u != "" {
-			videoURL = normalizeAssetURL(u)
-			if videoPostID == "" {
-				videoPostID = extractUUID(videoURL)
-			}
-		}
-		if u := firstStringByKeys(obj, []string{"thumbnailImageUrl", "thumbnailUrl", "coverUrl"}); u != "" {
-			thumbURL = normalizeAssetURL(u)
-		}
-		delta := extractTextDelta(obj)
-		if delta != "" {
-			out.WriteString(delta)
-			if onText != nil {
-				onText(delta)
-			}
-		}
-	}
-	return out.String(), videoURL, thumbURL, videoPostID, sc.Err()
-}
-
-func firstVideoURL(v any) string {
-	for _, key := range []string{"videoUrl", "videoURL", "video_url", "mediaUrl", "result_url"} {
-		if s := firstStringByKey(v, key); isVideoURLCandidate(s) {
-			return s
-		}
-	}
-	return firstVideoString(v)
-}
-
-func firstVideoString(v any) string {
-	switch x := v.(type) {
-	case map[string]any:
-		for _, child := range x {
-			if s := firstVideoString(child); s != "" {
-				return s
-			}
-		}
-	case []any:
-		for _, child := range x {
-			if s := firstVideoString(child); s != "" {
-				return s
-			}
-		}
-	case string:
-		if isVideoURLCandidate(x) {
-			return x
-		}
-	}
-	return ""
-}
-
-func isVideoURLCandidate(s string) bool {
-	s = strings.TrimSpace(s)
-	if s == "" {
-		return false
-	}
-	lower := strings.ToLower(s)
-	if strings.Contains(lower, "preview_image") || strings.Contains(lower, "thumbnail") ||
-		strings.HasSuffix(lower, ".jpg") || strings.HasSuffix(lower, ".jpeg") ||
-		strings.HasSuffix(lower, ".png") || strings.HasSuffix(lower, ".webp") {
-		return false
-	}
-	return strings.Contains(lower, ".mp4") ||
-		strings.Contains(lower, ".webm") ||
-		strings.Contains(lower, "generated_video") ||
-		strings.Contains(lower, "/video/")
-}
-
-func derivePreviewImageURL(videoURL string) string {
-	v := strings.TrimSpace(videoURL)
-	if v == "" {
-		return ""
-	}
-	lower := strings.ToLower(v)
-	for _, marker := range []string{"/generated_video.mp4", "/generated_video.webm", "/generated_video"} {
-		if idx := strings.LastIndex(lower, marker); idx >= 0 {
-			return v[:idx] + "/preview_image.jpg"
-		}
-	}
-	if strings.HasSuffix(lower, ".mp4") || strings.HasSuffix(lower, ".webm") {
-		if idx := strings.LastIndex(v, "/"); idx >= 0 {
-			return v[:idx] + "/preview_image.jpg"
-		}
-	}
-	return ""
-}
-
-var uuidRe = regexp.MustCompile(`(?i)[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`)
-
-func extractUUID(s string) string {
-	matches := uuidRe.FindAllString(strings.TrimSpace(s), -1)
-	if len(matches) == 0 {
-		return ""
-	}
-	return matches[len(matches)-1]
-}
-
-func extractTextDelta(v any) string {
-	switch x := v.(type) {
-	case map[string]any:
-		for _, k := range []string{"token", "responseToken", "text"} {
-			if s, ok := x[k].(string); ok && looksLikeTextDelta(s) {
-				return s
-			}
-		}
-		for _, child := range x {
-			if s := extractTextDelta(child); s != "" {
-				return s
-			}
-		}
-	case []any:
-		for _, child := range x {
-			if s := extractTextDelta(child); s != "" {
-				return s
-			}
-		}
-	}
-	return ""
-}
-
-func looksLikeTextDelta(s string) bool {
-	if s == "" || strings.HasPrefix(s, "http://") || strings.HasPrefix(s, "https://") {
-		return false
-	}
-	return true
-}
-
-var xaiToolCardPattern = regexp.MustCompile(`(?s)<xai:tool_usage_card>.*?</xai:tool_usage_card>`)
-
-func cleanGrokText(s string) string {
-	if s == "" {
-		return ""
-	}
-	s = xaiToolCardPattern.ReplaceAllString(s, "")
-	lines := strings.Split(s, "\n")
-	out := make([]string, 0, len(lines))
-	for _, line := range lines {
-		if looksLikeXAIToolMarkup(line) {
-			continue
-		}
-		out = append(out, line)
-	}
-	return strings.TrimSpace(strings.Join(out, "\n"))
-}
-
-func looksLikeXAIToolMarkup(s string) bool {
-	s = strings.TrimSpace(s)
-	return strings.HasPrefix(s, "<xai:") ||
-		strings.HasPrefix(s, "</xai:") ||
-		strings.Contains(s, "<xai:tool_usage_card") ||
-		strings.Contains(s, "<xai:tool_name>") ||
-		strings.Contains(s, "<xai:tool_args>")
-}
-
-func firstStringByKeys(v any, keys []string) string {
-	for _, key := range keys {
-		if s := firstStringByKey(v, key); s != "" {
-			return s
-		}
-	}
-	return ""
-}
-
-func firstStringByKey(v any, key string) string {
-	switch x := v.(type) {
-	case map[string]any:
-		if s, ok := x[key].(string); ok && s != "" {
-			return s
-		}
-		for _, child := range x {
-			if s := firstStringByKey(child, key); s != "" {
-				return s
-			}
-		}
-	case []any:
-		for _, child := range x {
-			if s := firstStringByKey(child, key); s != "" {
-				return s
-			}
-		}
-	}
-	return ""
-}
-
-func buildGrokPrompt(body map[string]any) string {
-	prompt, _ := buildGrokPromptAndFiles(body)
-	return prompt
-}
-
-func buildGrokPromptAndFiles(body map[string]any) (string, []string) {
-	msgs := normalizeAnySlice(body["messages"])
-	if len(msgs) == 0 {
-		return "", nil
-	}
-	var b strings.Builder
-	var files []string
-	for _, item := range msgs {
-		m, _ := item.(map[string]any)
-		role, _ := m["role"].(string)
-		content, imgs := messageContentAndFiles(m["content"])
-		files = append(files, imgs...)
-		if strings.TrimSpace(content) == "" {
-			continue
-		}
-		if role == "" {
-			role = "user"
-		}
-		b.WriteString(role)
-		b.WriteString(": ")
-		b.WriteString(content)
-		b.WriteString("\n")
-	}
-	return strings.TrimSpace(b.String()), files
-}
-
-func messageContent(v any) string {
-	content, _ := messageContentAndFiles(v)
-	return content
-}
-
-func messageContentAndFiles(v any) (string, []string) {
-	switch c := v.(type) {
-	case string:
-		return c, nil
-	case []map[string]any:
-		items := make([]any, 0, len(c))
-		for _, item := range c {
-			items = append(items, item)
-		}
-		return messageContentAndFiles(items)
-	case []any:
-		parts := make([]string, 0, len(c))
-		files := make([]string, 0, 4)
-		for _, p := range c {
-			m, _ := p.(map[string]any)
-			if m == nil {
-				continue
-			}
-			typ, _ := m["type"].(string)
-			if s, _ := m["text"].(string); s != "" {
-				parts = append(parts, s)
-			}
-			if typ == "image_url" {
-				if im, _ := m["image_url"].(map[string]any); im != nil {
-					if u, _ := im["url"].(string); strings.TrimSpace(u) != "" {
-						files = append(files, strings.TrimSpace(u))
-					}
-				}
-			}
-		}
-		return strings.Join(parts, "\n"), files
-	default:
-		b, _ := json.Marshal(c)
-		return string(b), nil
-	}
-}
-
-func normalizeAnySlice(v any) []any {
-	switch x := v.(type) {
-	case []any:
-		return x
-	case []map[string]any:
-		out := make([]any, 0, len(x))
-		for _, item := range x {
-			out = append(out, item)
-		}
-		return out
-	default:
-		return nil
-	}
-}
-
-func estimateOpenAIUsage(prompt, completion string) *OpenAIUsage {
-	u := &OpenAIUsage{
-		PromptTokens:     len([]rune(prompt))/4 + 1,
-		CompletionTokens: len([]rune(completion))/4 + 1,
-	}
-	u.TotalTokens = u.PromptTokens + u.CompletionTokens
-	return u
-}
-
-func normalizeVideoDuration(sec int) int {
-	for _, v := range []int{6, 10} {
-		if sec <= v {
-			return v
-		}
-	}
-	return 10
-}
-
-func videoConfig(size, aspect string) (string, string, int, int) {
-	switch strings.TrimSpace(aspect) {
-	case "9:16":
-		return "9:16", defaultVideoResolution, 720, 1280
-	case "1:1":
-		return "1:1", defaultVideoResolution, 1024, 1024
-	case "16:9":
-		return "16:9", defaultVideoResolution, 1280, 720
-	}
-	switch size {
-	case "720x1280", "1024x1792":
-		return "9:16", defaultVideoResolution, 720, 1280
-	case "1024x1024":
-		return "1:1", defaultVideoResolution, 1024, 1024
-	case "1280x720", "1792x1024":
-		return "16:9", defaultVideoResolution, 1280, 720
-	}
-	return "16:9", defaultVideoResolution, 1280, 720
-}
-
-func shortID() string {
-	id := strings.ReplaceAll(uuid.NewString(), "-", "")
-	if len(id) > 26 {
-		return id[:26]
-	}
-	return id
-}
diff --git a/backend/internal/provider/mock/mock.go b/backend/internal/provider/mock/mock.go
deleted file mode 100644
index cf0baca2..00000000
--- a/backend/internal/provider/mock/mock.go
+++ /dev/null
@@ -1,89 +0,0 @@
-// Package mock 提供方 stub：直接返回示意性 URL，不发起真实第三方请求。
-//
-// 用途：
-//   1. 本地开发未配真实账号时打通整链路；
-//   2. 测试 / CI；
-//   3. 演示。
-package mock
-
-import (
-	"context"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/kleinai/backend/internal/provider"
-)
-
-// New 构造。kind 标识自身角色（gpt / grok）。
-func New(name string) *Provider {
-	return &Provider{name: name}
-}
-
-// Provider 实现 provider.Provider。
-type Provider struct {
-	name string
-}
-
-// Name impl。
-func (p *Provider) Name() string { return p.name }
-
-// Generate 模拟生成：sleep 一会儿，返回若干虚拟 URL。
-func (p *Provider) Generate(ctx context.Context, req *provider.Request) (*provider.Result, error) {
-	delay := 500 * time.Millisecond
-	if req.Kind == provider.KindVideo {
-		delay = 2 * time.Second
-	}
-	select {
-	case <-ctx.Done():
-		return nil, ctx.Err()
-	case <-time.After(delay):
-	}
-
-	count := req.Count
-	if count <= 0 {
-		count = 1
-	}
-	assets := make([]provider.Asset, 0, count)
-	for i := 0; i < count; i++ {
-		switch req.Kind {
-		case provider.KindImage:
-			assets = append(assets, provider.Asset{
-				URL:    mockImageURL(req.TaskID, i),
-				Width:  1024,
-				Height: 1024,
-				Mime:   "image/png",
-			})
-		case provider.KindVideo:
-			assets = append(assets, provider.Asset{
-				URL:        mockVideoURL(req.TaskID, i),
-				DurationMs: 4000,
-				Width:      1280,
-				Height:     720,
-				Mime:       "video/mp4",
-			})
-		}
-	}
-
-	return &provider.Result{
-		TaskID:  req.TaskID,
-		Assets:  assets,
-		Latency: delay,
-	}, nil
-}
-
-func mockImageURL(taskID string, seq int) string {
-	id := strings.ToLower(taskID)
-	if id == "" {
-		id = "demo"
-	}
-	return fmt.Sprintf("https://picsum.photos/seed/%s-%d/1024/1024", id, seq)
-}
-
-func mockVideoURL(taskID string, seq int) string {
-	id := strings.ToLower(taskID)
-	if id == "" {
-		id = "demo"
-	}
-	return fmt.Sprintf("https://kleinai.dev/mock/video/%s-%d.mp4", id, seq)
-}
diff --git a/backend/internal/provider/provider.go b/backend/internal/provider/provider.go
deleted file mode 100644
index 07876215..00000000
--- a/backend/internal/provider/provider.go
+++ /dev/null
@@ -1,94 +0,0 @@
-// Package provider 第三方生成提供方抽象（GPT 生图 / GROK 生视频 等）。
-//
-// 真正的协议适配在子包内（gpt / grok / mock），调度器只依赖接口。
-package provider
-
-import (
-	"context"
-	"time"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-// Kind 生成类型。
-type Kind string
-
-const (
-	KindChat  Kind = "chat"
-	KindImage Kind = "image"
-	KindVideo Kind = "video"
-)
-
-// Mode 生成模式。
-type Mode string
-
-const (
-	ModeT2I Mode = "t2i"
-	ModeI2I Mode = "i2i"
-	ModeT2V Mode = "t2v"
-	ModeI2V Mode = "i2v"
-)
-
-// Request 通用生成请求。
-type Request struct {
-	TaskID    string
-	Kind      Kind
-	Mode      Mode
-	ModelCode string
-	Prompt    string
-	NegPrompt string
-	Params    map[string]any
-	RefAssets []string
-	Count     int
-	Account   *model.Account
-	// Credential 是 Account.CredentialEnc 解密后的明文（API Key / Cookie / OAuth Token）。
-	// 调用方负责解密，provider 不再持有 AESGCM。
-	Credential string
-	// BaseURL 优先级：account.base_url > provider 默认。
-	BaseURL  string
-	ProxyURL string
-	// UpstreamLog records provider stage diagnostics for admin troubleshooting.
-	UpstreamLog UpstreamLogger
-}
-
-type UpstreamLogEntry struct {
-	Provider        string
-	Stage           string
-	Method          string
-	URL             string
-	StatusCode      int
-	DurationMs      int64
-	RequestExcerpt  string
-	ResponseExcerpt string
-	Error           string
-	Meta            map[string]any
-}
-
-type UpstreamLogger func(ctx context.Context, entry UpstreamLogEntry)
-
-// Asset 单个生成资产（一张图 / 一段视频）。
-type Asset struct {
-	URL        string
-	ThumbURL   string
-	Width      int
-	Height     int
-	DurationMs int
-	SizeBytes  int64
-	Mime       string
-	Meta       map[string]any
-}
-
-// Result 通用生成结果。
-type Result struct {
-	TaskID  string
-	Assets  []Asset
-	Latency time.Duration
-}
-
-// Provider 提供方接口。
-type Provider interface {
-	// Name 返回 provider 标识，例如 "gpt" / "grok"。
-	Name() string
-	// Generate 同步发起一次生成（worker 内部使用）。
-	Generate(ctx context.Context, req *Request) (*Result, error)
-}
diff --git a/backend/internal/repo/account_repo.go b/backend/internal/repo/account_repo.go
deleted file mode 100644
index c17a4791..00000000
--- a/backend/internal/repo/account_repo.go
+++ /dev/null
@@ -1,194 +0,0 @@
-// Package repo 数据访问层。
-package repo
-
-import (
-	"context"
-	"time"
-
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-// AccountRepo 账号池仓储。
-type AccountRepo struct{ db *gorm.DB }
-
-// NewAccountRepo 构造。
-func NewAccountRepo(db *gorm.DB) *AccountRepo { return &AccountRepo{db: db} }
-
-// Create 创建。
-func (r *AccountRepo) Create(ctx context.Context, a *model.Account) error {
-	return r.db.WithContext(ctx).Create(a).Error
-}
-
-// BatchCreate 批量插入；忽略空切片。
-func (r *AccountRepo) BatchCreate(ctx context.Context, items []*model.Account) error {
-	if len(items) == 0 {
-		return nil
-	}
-	return r.db.WithContext(ctx).CreateInBatches(items, 200).Error
-}
-
-// GetByID 主键查询。
-func (r *AccountRepo) GetByID(ctx context.Context, id uint64) (*model.Account, error) {
-	var a model.Account
-	err := r.db.WithContext(ctx).
-		Where("id = ? AND deleted_at IS NULL", id).First(&a).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &a, nil
-}
-
-// AccountListFilter 列表过滤参数。
-type AccountListFilter struct {
-	Provider string
-	Status   *int8
-	Keyword  string
-	Page     int
-	PageSize int
-}
-
-// List 分页列表。
-func (r *AccountRepo) List(ctx context.Context, f AccountListFilter) ([]*model.Account, int64, error) {
-	if f.Page <= 0 {
-		f.Page = 1
-	}
-	if f.PageSize <= 0 || f.PageSize > 1000 {
-		f.PageSize = 20
-	}
-	q := r.db.WithContext(ctx).Model(&model.Account{}).Where("deleted_at IS NULL")
-	if f.Provider != "" {
-		q = q.Where("provider = ?", f.Provider)
-	}
-	if f.Status != nil {
-		q = q.Where("status = ?", *f.Status)
-	}
-	if f.Keyword != "" {
-		k := "%" + f.Keyword + "%"
-		q = q.Where("(name LIKE ? OR remark LIKE ?)", k, k)
-	}
-	var total int64
-	if err := q.Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-	var items []*model.Account
-	if err := q.Order("id DESC").
-		Offset((f.Page - 1) * f.PageSize).Limit(f.PageSize).
-		Find(&items).Error; err != nil {
-		return nil, 0, err
-	}
-	return items, total, nil
-}
-
-// Update 部分字段更新。
-func (r *AccountRepo) Update(ctx context.Context, id uint64, fields map[string]any) error {
-	if len(fields) == 0 {
-		return nil
-	}
-	return r.db.WithContext(ctx).Model(&model.Account{}).
-		Where("id = ?", id).Updates(fields).Error
-}
-
-// SoftDelete 软删除。
-func (r *AccountRepo) SoftDelete(ctx context.Context, id uint64) error {
-	return r.db.WithContext(ctx).Model(&model.Account{}).
-		Where("id = ?", id).Update("deleted_at", time.Now().UTC()).Error
-}
-
-// SoftDeleteMany 按 ID 列表批量软删（仅未删除行）。
-func (r *AccountRepo) SoftDeleteMany(ctx context.Context, ids []uint64) (int64, error) {
-	if len(ids) == 0 {
-		return 0, nil
-	}
-	now := time.Now().UTC()
-	res := r.db.WithContext(ctx).Model(&model.Account{}).
-		Where("id IN ? AND deleted_at IS NULL", ids).
-		Update("deleted_at", now)
-	return res.RowsAffected, res.Error
-}
-
-// SoftDeleteInvalid 软删：已禁用、熔断、或最近连通测试失败。
-func (r *AccountRepo) SoftDeleteInvalid(ctx context.Context, provider string) (int64, error) {
-	now := time.Now().UTC()
-	q := r.db.WithContext(ctx).Model(&model.Account{}).Where("deleted_at IS NULL").
-		Where("(last_test_status = ? OR status IN (?, ?))",
-			model.AccountTestFail, model.AccountStatusDisabled, model.AccountStatusBroken)
-	if provider != "" {
-		q = q.Where("provider = ?", provider)
-	}
-	res := q.Update("deleted_at", now)
-	return res.RowsAffected, res.Error
-}
-
-// SoftDeleteAll 软删当前条件下所有账号（未删行）。provider 空表示两池全量。
-// SoftDeleteZeroQuota soft-deletes accounts that have been quota-probed and have no remaining image quota.
-func (r *AccountRepo) SoftDeleteZeroQuota(ctx context.Context, provider string) (int64, error) {
-	now := time.Now().UTC()
-	q := r.db.WithContext(ctx).Model(&model.Account{}).Where("deleted_at IS NULL").
-		Where("oauth_meta IS NOT NULL").
-		Where("JSON_EXTRACT(oauth_meta, '$.image_quota_remaining') IS NOT NULL").
-		Where("CAST(JSON_UNQUOTE(JSON_EXTRACT(oauth_meta, '$.image_quota_remaining')) AS SIGNED) <= 0")
-	if provider != "" {
-		q = q.Where("provider = ?", provider)
-	}
-	res := q.Update("deleted_at", now)
-	return res.RowsAffected, res.Error
-}
-
-func (r *AccountRepo) SoftDeleteAll(ctx context.Context, provider string) (int64, error) {
-	now := time.Now().UTC()
-	q := r.db.WithContext(ctx).Model(&model.Account{}).Where("deleted_at IS NULL")
-	if provider != "" {
-		q = q.Where("provider = ?", provider)
-	}
-	res := q.Update("deleted_at", now)
-	return res.RowsAffected, res.Error
-}
-
-// AvailableByProvider 拿出给定 provider 下当前可用的账号（用于调度器装载）。
-func (r *AccountRepo) AvailableByProvider(ctx context.Context, provider string) ([]*model.Account, error) {
-	var items []*model.Account
-	now := time.Now().UTC()
-	err := r.db.WithContext(ctx).
-		Where("provider = ? AND deleted_at IS NULL", provider).
-		Where("(status = ? OR (status = ? AND cooldown_until IS NOT NULL AND cooldown_until <= ?))", model.AccountStatusEnabled, model.AccountStatusBroken, now).
-		Where("cooldown_until IS NULL OR cooldown_until <= ?", now).
-		Where("access_token_expires_at IS NULL OR access_token_expires_at > ?", now).
-		Order("id ASC").
-		Find(&items).Error
-	return items, err
-}
-
-// MarkUsed 标记调度成功。
-func (r *AccountRepo) MarkUsed(ctx context.Context, id uint64) error {
-	now := time.Now().UTC()
-	return r.db.WithContext(ctx).Model(&model.Account{}).
-		Where("id = ?", id).Updates(map[string]any{
-		"last_used_at":   now,
-		"success_count":  gorm.Expr("success_count + 1"),
-		"error_count":    0,
-		"status":         model.AccountStatusEnabled,
-		"cooldown_until": nil,
-		"last_error":     nil,
-	}).Error
-}
-
-// MarkFailed 标记调度失败 / 进入熔断。
-func (r *AccountRepo) MarkFailed(ctx context.Context, id uint64, reason string, cooldown time.Duration) error {
-	now := time.Now().UTC()
-	fields := map[string]any{
-		"error_count": gorm.Expr("error_count + 1"),
-		"last_error":  reason,
-	}
-	if cooldown > 0 {
-		until := now.Add(cooldown)
-		fields["cooldown_until"] = until
-		fields["status"] = model.AccountStatusBroken
-	} else {
-		fields["cooldown_until"] = nil
-		fields["status"] = model.AccountStatusEnabled
-	}
-	return r.db.WithContext(ctx).Model(&model.Account{}).
-		Where("id = ?", id).Updates(fields).Error
-}
diff --git a/backend/internal/repo/admin_repo.go b/backend/internal/repo/admin_repo.go
deleted file mode 100644
index d03be568..00000000
--- a/backend/internal/repo/admin_repo.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// Package repo 管理后台仓储。
-package repo
-
-import (
-	"context"
-	"time"
-
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-// AdminRepo 后台账号仓储。
-type AdminRepo struct{ db *gorm.DB }
-
-// NewAdminRepo 构造。
-func NewAdminRepo(db *gorm.DB) *AdminRepo { return &AdminRepo{db: db} }
-
-// GetByUsername 用户名查询。
-func (r *AdminRepo) GetByUsername(ctx context.Context, username string) (*model.AdminUser, error) {
-	var u model.AdminUser
-	err := r.db.WithContext(ctx).
-		Where("username = ? AND deleted_at IS NULL", username).First(&u).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &u, nil
-}
-
-// GetByID 主键查询。
-func (r *AdminRepo) GetByID(ctx context.Context, id uint64) (*model.AdminUser, error) {
-	var u model.AdminUser
-	err := r.db.WithContext(ctx).
-		Where("id = ? AND deleted_at IS NULL", id).First(&u).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &u, nil
-}
-
-// UpdateLogin 写入最后登录信息。
-func (r *AdminRepo) UpdateLogin(ctx context.Context, id uint64, ip string) error {
-	return r.db.WithContext(ctx).Model(&model.AdminUser{}).
-		Where("id = ?", id).Updates(map[string]any{
-		"last_login_at": time.Now().UTC(),
-		"last_login_ip": ip,
-	}).Error
-}
-
-// GetRoleByID 角色查询。
-func (r *AdminRepo) GetRoleByID(ctx context.Context, id uint64) (*model.AdminRole, error) {
-	var role model.AdminRole
-	if err := r.db.WithContext(ctx).Where("id = ?", id).First(&role).Error; err != nil {
-		return nil, mapErr(err)
-	}
-	return &role, nil
-}
-
-// UpdatePassword updates the admin user's password hash.
-func (r *AdminRepo) UpdatePassword(ctx context.Context, id uint64, hash string) error {
-	return r.db.WithContext(ctx).Model(&model.AdminUser{}).
-		Where("id = ? AND deleted_at IS NULL", id).
-		Update("password", hash).Error
-}
diff --git a/backend/internal/repo/apikey_repo.go b/backend/internal/repo/apikey_repo.go
deleted file mode 100644
index 30bcfab8..00000000
--- a/backend/internal/repo/apikey_repo.go
+++ /dev/null
@@ -1,84 +0,0 @@
-// Package repo API Key 仓储。
-package repo
-
-import (
-	"context"
-	"time"
-
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-// APIKeyRepo API Key 数据访问层。
-type APIKeyRepo struct{ db *gorm.DB }
-
-// NewAPIKeyRepo 构造。
-func NewAPIKeyRepo(db *gorm.DB) *APIKeyRepo { return &APIKeyRepo{db: db} }
-
-// Create 创建。
-func (r *APIKeyRepo) Create(ctx context.Context, k *model.APIKey) error {
-	return r.db.WithContext(ctx).Create(k).Error
-}
-
-// GetByHash 通过 hash 查 key（用于鉴权）。
-func (r *APIKeyRepo) GetByHash(ctx context.Context, hash string) (*model.APIKey, error) {
-	var k model.APIKey
-	err := r.db.WithContext(ctx).
-		Where("hash = ? AND deleted_at IS NULL", hash).First(&k).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &k, nil
-}
-
-// ListByUser 用户拥有的 keys。
-func (r *APIKeyRepo) ListByUser(ctx context.Context, userID uint64) ([]*model.APIKey, error) {
-	var items []*model.APIKey
-	err := r.db.WithContext(ctx).
-		Where("user_id = ? AND deleted_at IS NULL", userID).
-		Order("id DESC").
-		Find(&items).Error
-	return items, err
-}
-
-// GetByID 主键查（含 user_id 校验）。
-func (r *APIKeyRepo) GetByID(ctx context.Context, userID, id uint64) (*model.APIKey, error) {
-	var k model.APIKey
-	err := r.db.WithContext(ctx).
-		Where("id = ? AND user_id = ? AND deleted_at IS NULL", id, userID).First(&k).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &k, nil
-}
-
-// UpdateStatus 启用 / 禁用。
-func (r *APIKeyRepo) UpdateStatus(ctx context.Context, userID, id uint64, status int8) error {
-	return r.db.WithContext(ctx).Model(&model.APIKey{}).
-		Where("id = ? AND user_id = ?", id, userID).
-		Update("status", status).Error
-}
-
-// SoftDelete 软删除。
-func (r *APIKeyRepo) SoftDelete(ctx context.Context, userID, id uint64) error {
-	return r.db.WithContext(ctx).Model(&model.APIKey{}).
-		Where("id = ? AND user_id = ?", id, userID).
-		Update("deleted_at", time.Now().UTC()).Error
-}
-
-// MarkUsed 异步：更新 last_used_at（不阻塞鉴权）。
-func (r *APIKeyRepo) MarkUsed(ctx context.Context, id uint64) error {
-	return r.db.WithContext(ctx).Model(&model.APIKey{}).
-		Where("id = ?", id).
-		Update("last_used_at", time.Now().UTC()).Error
-}
-
-// ListByLast4 通过 last4 + status=1 拿候选（鉴权用）。
-func (r *APIKeyRepo) ListByLast4(ctx context.Context, last4 string) ([]*model.APIKey, error) {
-	var items []*model.APIKey
-	err := r.db.WithContext(ctx).
-		Where("last4 = ? AND status = 1 AND deleted_at IS NULL", last4).
-		Find(&items).Error
-	return items, err
-}
diff --git a/backend/internal/repo/dashboard_repo.go b/backend/internal/repo/dashboard_repo.go
deleted file mode 100644
index 992e33d7..00000000
--- a/backend/internal/repo/dashboard_repo.go
+++ /dev/null
@@ -1,234 +0,0 @@
-package repo
-
-import (
-	"context"
-	"time"
-
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/dto"
-)
-
-type DashboardRepo struct{ db *gorm.DB }
-
-func NewDashboardRepo(db *gorm.DB) *DashboardRepo { return &DashboardRepo{db: db} }
-
-type dashboardGenerationAgg struct {
-	GeneratedToday  int64
-	GeneratedTotal  int64
-	ImageToday      int64
-	ImageTotal      int64
-	VideoToday      int64
-	VideoTotal      int64
-	TextTokensToday int64
-	TextTokensTotal int64
-	CostToday       int64
-	CostTotal       int64
-	SuccessToday    int64
-	FinishedToday   int64
-}
-
-type dashboardWalletAgg struct {
-	SpendToday int64
-	SpendTotal int64
-}
-
-type dashboardUserAgg struct {
-	UsersTotal       int64
-	UsersToday       int64
-	ActiveUsersToday int64
-}
-
-type dashboardProviderRow struct {
-	Provider       string
-	Total          int64
-	Enabled        int64
-	Available      int64
-	Broken         int64
-	TestOK         int64
-	QuotaRemaining int64
-	QuotaTotal     int64
-	SuccessCount   int64
-	ErrorCount     int64
-}
-
-type dashboardRecentRow struct {
-	TaskID     string
-	CreatedAt  time.Time
-	UserLabel  string
-	Kind       string
-	ModelCode  string
-	Count      int
-	Status     int8
-	CostPoints int64
-}
-
-type dashboardTrendRow struct {
-	Date           string
-	GeneratedCount int64
-	CostPoints     int64
-}
-
-func (r *DashboardRepo) Overview(ctx context.Context) (*dto.AdminDashboardOverviewResp, error) {
-	var gen dashboardGenerationAgg
-	genSQL := `SELECT
-  COUNT(CASE WHEN DATE(created_at) = CURDATE() THEN 1 END) AS generated_today,
-  COUNT(1) AS generated_total,
-  COALESCE(SUM(CASE WHEN kind = 'image' AND DATE(created_at) = CURDATE() THEN count ELSE 0 END), 0) AS image_today,
-  COALESCE(SUM(CASE WHEN kind = 'image' THEN count ELSE 0 END), 0) AS image_total,
-  COALESCE(SUM(CASE WHEN kind = 'video' AND DATE(created_at) = CURDATE() THEN count ELSE 0 END), 0) AS video_today,
-  COALESCE(SUM(CASE WHEN kind = 'video' THEN count ELSE 0 END), 0) AS video_total,
-  COALESCE(SUM(CASE WHEN DATE(created_at) = CURDATE() THEN CEIL(CHAR_LENGTH(prompt) / 4) ELSE 0 END), 0) AS text_tokens_today,
-  COALESCE(SUM(CEIL(CHAR_LENGTH(prompt) / 4)), 0) AS text_tokens_total,
-  COALESCE(SUM(CASE WHEN DATE(created_at) = CURDATE() THEN cost_points ELSE 0 END), 0) AS cost_today,
-  COALESCE(SUM(cost_points), 0) AS cost_total,
-  COUNT(CASE WHEN DATE(created_at) = CURDATE() AND status = 2 THEN 1 END) AS success_today,
-  COUNT(CASE WHEN DATE(created_at) = CURDATE() AND status IN (2,3,4) THEN 1 END) AS finished_today
-FROM generation_task
-WHERE deleted_at IS NULL`
-	if err := r.db.WithContext(ctx).Raw(genSQL).Scan(&gen).Error; err != nil {
-		return nil, err
-	}
-
-	var wallet dashboardWalletAgg
-	walletSQL := `SELECT
-  COALESCE(SUM(CASE WHEN DATE(created_at) = CURDATE() AND direction < 0 THEN ABS(points) ELSE 0 END), 0) AS spend_today,
-  COALESCE(SUM(CASE WHEN direction < 0 THEN ABS(points) ELSE 0 END), 0) AS spend_total
-FROM wallet_log`
-	if err := r.db.WithContext(ctx).Raw(walletSQL).Scan(&wallet).Error; err != nil {
-		return nil, err
-	}
-
-	var users dashboardUserAgg
-	userSQL := `SELECT
-  COUNT(1) AS users_total,
-  COUNT(CASE WHEN DATE(created_at) = CURDATE() THEN 1 END) AS users_today,
-  COUNT(CASE WHEN DATE(last_login_at) = CURDATE() THEN 1 END) AS active_users_today
-FROM ` + "`user`" + `
-WHERE deleted_at IS NULL`
-	if err := r.db.WithContext(ctx).Raw(userSQL).Scan(&users).Error; err != nil {
-		return nil, err
-	}
-
-	var providers []*dashboardProviderRow
-	providerSQL := `SELECT
-  provider,
-  COUNT(1) AS total,
-  COALESCE(SUM(CASE WHEN status = 1 THEN 1 ELSE 0 END), 0) AS enabled,
-  COALESCE(SUM(CASE WHEN status = 1 AND (cooldown_until IS NULL OR cooldown_until <= UTC_TIMESTAMP()) THEN 1 ELSE 0 END), 0) AS available,
-  COALESCE(SUM(CASE WHEN status = 2 THEN 1 ELSE 0 END), 0) AS broken,
-  COALESCE(SUM(CASE WHEN last_test_status = 1 THEN 1 ELSE 0 END), 0) AS test_ok,
-  COALESCE(SUM(CAST(COALESCE(JSON_UNQUOTE(JSON_EXTRACT(oauth_meta, '$.image_quota_remaining')), '0') AS SIGNED)), 0) AS quota_remaining,
-  COALESCE(SUM(CAST(COALESCE(JSON_UNQUOTE(JSON_EXTRACT(oauth_meta, '$.image_quota_total')), '0') AS SIGNED)), 0) AS quota_total,
-  COALESCE(SUM(success_count), 0) AS success_count,
-  COALESCE(SUM(error_count), 0) AS error_count
-FROM account
-WHERE deleted_at IS NULL
-GROUP BY provider
-ORDER BY provider ASC`
-	if err := r.db.WithContext(ctx).Raw(providerSQL).Scan(&providers).Error; err != nil {
-		return nil, err
-	}
-
-	var recent []*dashboardRecentRow
-	recentSQL := `SELECT
-  t.task_id,
-  t.created_at,
-  COALESCE(NULLIF(u.username, ''), NULLIF(u.email, ''), NULLIF(u.phone, ''), CONCAT('用户 #', t.user_id)) AS user_label,
-  t.kind,
-  t.model_code,
-  t.count,
-  t.status,
-  t.cost_points
-FROM generation_task t
-LEFT JOIN ` + "`user`" + ` u ON u.id = t.user_id
-WHERE t.deleted_at IS NULL
-ORDER BY t.id DESC
-LIMIT 8`
-	if err := r.db.WithContext(ctx).Raw(recentSQL).Scan(&recent).Error; err != nil {
-		return nil, err
-	}
-
-	var trendRows []*dashboardTrendRow
-	trendSQL := `SELECT
-  DATE(created_at) AS date,
-  COUNT(1) AS generated_count,
-  COALESCE(SUM(cost_points), 0) AS cost_points
-FROM generation_task
-WHERE deleted_at IS NULL AND created_at >= DATE_SUB(CURDATE(), INTERVAL 6 DAY)
-GROUP BY DATE(created_at)
-ORDER BY DATE(created_at) ASC`
-	if err := r.db.WithContext(ctx).Raw(trendSQL).Scan(&trendRows).Error; err != nil {
-		return nil, err
-	}
-	trendMap := map[string]*dashboardTrendRow{}
-	for _, row := range trendRows {
-		trendMap[row.Date] = row
-	}
-
-	resp := &dto.AdminDashboardOverviewResp{
-		GeneratedToday:    gen.GeneratedToday,
-		GeneratedTotal:    gen.GeneratedTotal,
-		ImageToday:        gen.ImageToday,
-		ImageTotal:        gen.ImageTotal,
-		VideoToday:        gen.VideoToday,
-		VideoTotal:        gen.VideoTotal,
-		TextTokensToday:   gen.TextTokensToday,
-		TextTokensTotal:   gen.TextTokensTotal,
-		CostPointsToday:   gen.CostToday,
-		CostPointsTotal:   gen.CostTotal,
-		WalletSpendToday:  wallet.SpendToday,
-		WalletSpendTotal:  wallet.SpendTotal,
-		UsersTotal:        users.UsersTotal,
-		UsersToday:        users.UsersToday,
-		ActiveUsersToday:  users.ActiveUsersToday,
-		AccountProviders:  make([]*dto.DashboardProviderRow, 0, len(providers)),
-		RecentGenerations: make([]*dto.DashboardRecentTask, 0, len(recent)),
-		Trend:             make([]*dto.DashboardTrendPoint, 0, 7),
-	}
-	if gen.FinishedToday > 0 {
-		resp.SuccessRateToday = float64(gen.SuccessToday) / float64(gen.FinishedToday)
-	}
-	for _, p := range providers {
-		quotaUsed := p.QuotaTotal - p.QuotaRemaining
-		if quotaUsed < 0 {
-			quotaUsed = 0
-		}
-		resp.AccountProviders = append(resp.AccountProviders, &dto.DashboardProviderRow{
-			Provider:       p.Provider,
-			Total:          p.Total,
-			Enabled:        p.Enabled,
-			Available:      p.Available,
-			Broken:         p.Broken,
-			TestOK:         p.TestOK,
-			QuotaRemaining: p.QuotaRemaining,
-			QuotaTotal:     p.QuotaTotal,
-			QuotaUsed:      quotaUsed,
-			SuccessCount:   p.SuccessCount,
-			ErrorCount:     p.ErrorCount,
-		})
-	}
-	for _, row := range recent {
-		resp.RecentGenerations = append(resp.RecentGenerations, &dto.DashboardRecentTask{
-			TaskID:     row.TaskID,
-			CreatedAt:  row.CreatedAt.Unix(),
-			UserLabel:  row.UserLabel,
-			Kind:       row.Kind,
-			ModelCode:  row.ModelCode,
-			Count:      row.Count,
-			Status:     row.Status,
-			CostPoints: row.CostPoints,
-		})
-	}
-	now := time.Now()
-	for i := 6; i >= 0; i-- {
-		day := now.AddDate(0, 0, -i).Format("2006-01-02")
-		point := &dto.DashboardTrendPoint{Date: day}
-		if row := trendMap[day]; row != nil {
-			point.Generated = row.GeneratedCount
-			point.CostPoints = row.CostPoints
-		}
-		resp.Trend = append(resp.Trend, point)
-	}
-	return resp, nil
-}
diff --git a/backend/internal/repo/generation_repo.go b/backend/internal/repo/generation_repo.go
deleted file mode 100644
index 010fb400..00000000
--- a/backend/internal/repo/generation_repo.go
+++ /dev/null
@@ -1,399 +0,0 @@
-// Package repo 生成任务仓储。
-package repo
-
-import (
-	"context"
-	"errors"
-	"sort"
-	"strings"
-	"time"
-
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-// GenerationRepo 生成任务仓储。
-type GenerationRepo struct{ db *gorm.DB }
-
-type AdminGenerationLogFilter struct {
-	Keyword  string
-	Kind     string
-	Status   *int
-	Page     int
-	PageSize int
-}
-
-type AdminGenerationLogRow struct {
-	TaskID     string
-	CreatedAt  time.Time
-	UserID     uint64
-	UserLabel  string
-	APIKeyID   *uint64
-	KeyLabel   *string
-	Kind       string
-	ModelCode  string
-	Prompt     string
-	Status     int8
-	DurationMs *int64
-	CostPoints int64
-	PreviewURL *string
-	Error      *string
-}
-
-type AdminGenerationUpstreamLogRow struct {
-	ID              uint64
-	TaskID          string
-	Provider        string
-	AccountID       *uint64
-	Stage           string
-	Method          *string
-	URL             *string
-	StatusCode      int
-	DurationMs      int64
-	RequestExcerpt  *string
-	ResponseExcerpt *string
-	Error           *string
-	Meta            *string
-	CreatedAt       time.Time
-}
-
-// NewGenerationRepo 构造。
-func NewGenerationRepo(db *gorm.DB) *GenerationRepo { return &GenerationRepo{db: db} }
-
-func (r *GenerationRepo) CreateUpstreamLog(ctx context.Context, log *model.GenerationUpstreamLog) error {
-	if log == nil || log.TaskID == "" {
-		return nil
-	}
-	return r.db.WithContext(ctx).Create(log).Error
-}
-
-func (r *GenerationRepo) ListUpstreamLogs(ctx context.Context, taskID string) ([]*AdminGenerationUpstreamLogRow, error) {
-	var rows []*AdminGenerationUpstreamLogRow
-	err := r.db.WithContext(ctx).Table("generation_upstream_log").
-		Where("task_id = ?", taskID).
-		Order("id ASC").
-		Find(&rows).Error
-	return rows, err
-}
-
-func (r *GenerationRepo) ListAdminLogs(ctx context.Context, f AdminGenerationLogFilter) ([]*AdminGenerationLogRow, int64, error) {
-	if f.Page <= 0 {
-		f.Page = 1
-	}
-	if f.PageSize <= 0 || f.PageSize > 200 {
-		f.PageSize = 20
-	}
-
-	where := []string{"t.deleted_at IS NULL"}
-	args := []any{}
-	if f.Kind != "" {
-		where = append(where, "t.kind = ?")
-		args = append(args, f.Kind)
-	}
-	if f.Status != nil {
-		where = append(where, "t.status = ?")
-		args = append(args, *f.Status)
-	}
-	if kw := strings.TrimSpace(f.Keyword); kw != "" {
-		like := "%" + kw + "%"
-		where = append(where, `(t.task_id = ? OR CAST(t.user_id AS CHAR) = ? OR t.model_code LIKE ? OR t.prompt LIKE ? OR u.email LIKE ? OR u.phone LIKE ? OR u.username LIKE ? OR k.name LIKE ? OR k.last4 = ?)`)
-		args = append(args, kw, kw, like, like, like, like, like, like, kw)
-	}
-	whereSQL := strings.Join(where, " AND ")
-
-	var total int64
-	countSQL := `SELECT COUNT(1)
-FROM generation_task t
-LEFT JOIN ` + "`user`" + ` u ON u.id = t.user_id
-LEFT JOIN api_key k ON k.id = t.from_api_key_id
-WHERE ` + whereSQL
-	if err := r.db.WithContext(ctx).Raw(countSQL, args...).Scan(&total).Error; err != nil {
-		return nil, 0, err
-	}
-
-	queryArgs := append([]any{}, args...)
-	queryArgs = append(queryArgs, (f.Page-1)*f.PageSize, f.PageSize)
-	querySQL := `SELECT
-  t.task_id,
-  t.created_at,
-  t.user_id,
-  COALESCE(NULLIF(u.username, ''), NULLIF(u.email, ''), NULLIF(u.phone, ''), CONCAT('用户 #', t.user_id)) AS user_label,
-  t.from_api_key_id AS api_key_id,
-  CASE WHEN k.id IS NULL THEN NULL ELSE CONCAT(k.name, ' · ', k.prefix, '…', k.last4) END AS key_label,
-  t.kind,
-  t.model_code,
-  t.prompt,
-  t.status,
-  CASE
-    WHEN t.started_at IS NULL THEN NULL
-    ELSE TIMESTAMPDIFF(MICROSECOND, t.started_at, COALESCE(t.finished_at, t.updated_at)) DIV 1000
-  END AS duration_ms,
-  t.cost_points,
-  (SELECT COALESCE(r.thumb_url, r.url) FROM generation_result r WHERE r.task_id = t.task_id AND r.deleted_at IS NULL ORDER BY r.seq ASC, r.id ASC LIMIT 1) AS preview_url,
-  t.error
-FROM generation_task t
-LEFT JOIN ` + "`user`" + ` u ON u.id = t.user_id
-LEFT JOIN api_key k ON k.id = t.from_api_key_id
-WHERE ` + whereSQL + `
-ORDER BY t.id DESC
-LIMIT ?, ?`
-	var rows []*AdminGenerationLogRow
-	if err := r.db.WithContext(ctx).Raw(querySQL, queryArgs...).Scan(&rows).Error; err != nil {
-		return nil, 0, err
-	}
-	return rows, total, nil
-}
-
-// SoftDeleteAdminLogsBefore marks generation logs and their result rows as deleted.
-func (r *GenerationRepo) SoftDeleteAdminLogsBefore(ctx context.Context, before time.Time) (int64, error) {
-	now := time.Now().UTC()
-	var deleted int64
-	err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		var taskIDs []string
-		if err := tx.Model(&model.GenerationTask{}).
-			Where("deleted_at IS NULL AND created_at < ?", before).
-			Pluck("task_id", &taskIDs).Error; err != nil {
-			return err
-		}
-		if len(taskIDs) == 0 {
-			return nil
-		}
-		taskRes := tx.Model(&model.GenerationTask{}).
-			Where("deleted_at IS NULL AND task_id IN ?", taskIDs).
-			Update("deleted_at", now)
-		if taskRes.Error != nil {
-			return taskRes.Error
-		}
-		deleted = taskRes.RowsAffected
-		if err := tx.Table("generation_result").
-			Where("deleted_at IS NULL AND task_id IN ?", taskIDs).
-			Update("deleted_at", now).Error; err != nil {
-			return err
-		}
-		return nil
-	})
-	return deleted, err
-}
-
-// Create 创建任务。
-func (r *GenerationRepo) Create(ctx context.Context, t *model.GenerationTask) error {
-	return r.db.WithContext(ctx).Create(t).Error
-}
-
-// GetByTaskID 通过 task_id 查询。
-func (r *GenerationRepo) GetByTaskID(ctx context.Context, taskID string) (*model.GenerationTask, error) {
-	var t model.GenerationTask
-	err := r.db.WithContext(ctx).
-		Where("task_id = ? AND deleted_at IS NULL", taskID).First(&t).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &t, nil
-}
-
-// GetByIdem 幂等查询：(user_id, idem_key)。
-func (r *GenerationRepo) GetByIdem(ctx context.Context, userID uint64, idem string) (*model.GenerationTask, error) {
-	var t model.GenerationTask
-	err := r.db.WithContext(ctx).
-		Where("user_id = ? AND idem_key = ? AND deleted_at IS NULL", userID, idem).First(&t).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &t, nil
-}
-
-// SetRunning 标记任务进入运行态。
-func (r *GenerationRepo) SetRunning(ctx context.Context, taskID string, accountID uint64) error {
-	now := time.Now().UTC()
-	return r.db.WithContext(ctx).Model(&model.GenerationTask{}).
-		Where("task_id = ? AND status = ?", taskID, model.GenStatusPending).
-		Updates(map[string]any{
-			"status":     model.GenStatusRunning,
-			"account_id": accountID,
-			"started_at": now,
-			"progress":   5,
-		}).Error
-}
-
-// UpdateProgress 更新进度（0-100）。
-func (r *GenerationRepo) UpdateProgress(ctx context.Context, taskID string, progress int8) error {
-	if progress < 0 {
-		progress = 0
-	}
-	if progress > 100 {
-		progress = 100
-	}
-	return r.db.WithContext(ctx).Model(&model.GenerationTask{}).
-		Where("task_id = ?", taskID).Update("progress", progress).Error
-}
-
-// SetSucceeded 任务成功 + 写入结果。
-func (r *GenerationRepo) SetSucceeded(ctx context.Context, taskID string, results []*model.GenerationResult) error {
-	if taskID == "" {
-		return errors.New("empty task_id")
-	}
-	now := time.Now().UTC()
-	return r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		if err := tx.Model(&model.GenerationTask{}).
-			Where("task_id = ?", taskID).
-			Updates(map[string]any{
-				"status":      model.GenStatusSucceeded,
-				"progress":    100,
-				"finished_at": now,
-			}).Error; err != nil {
-			return err
-		}
-		if len(results) > 0 {
-			return tx.CreateInBatches(results, 100).Error
-		}
-		return nil
-	})
-}
-
-// SetFailed 任务失败。
-func (r *GenerationRepo) SetFailed(ctx context.Context, taskID, reason string) error {
-	now := time.Now().UTC()
-	return r.db.WithContext(ctx).Model(&model.GenerationTask{}).
-		Where("task_id = ?", taskID).
-		Updates(map[string]any{
-			"status":      model.GenStatusFailed,
-			"error":       truncateStr(reason, 240),
-			"finished_at": now,
-		}).Error
-}
-
-// UpdateCost updates final task cost after usage-based billing.
-func (r *GenerationRepo) UpdateCost(ctx context.Context, taskID string, cost int64) error {
-	if cost < 0 {
-		cost = 0
-	}
-	return r.db.WithContext(ctx).Model(&model.GenerationTask{}).
-		Where("task_id = ?", taskID).
-		Update("cost_points", cost).Error
-}
-
-// ListByUser 用户任务列表。
-func (r *GenerationRepo) ListByUser(ctx context.Context, userID uint64, kind string, page, pageSize int) ([]*model.GenerationTask, int64, error) {
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 || pageSize > 100 {
-		pageSize = 20
-	}
-	q := r.db.WithContext(ctx).Model(&model.GenerationTask{}).
-		Where("user_id = ? AND deleted_at IS NULL", userID)
-	if kind == "media" {
-		q = q.Where("kind IN ?", []string{"image", "video"})
-	} else if kind != "" {
-		q = q.Where("kind = ?", kind)
-	}
-	var total int64
-	if err := q.Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-	var ids []uint64
-	if err := q.Select("id").Order("id DESC").Offset((page-1)*pageSize).Limit(pageSize).Pluck("id", &ids).Error; err != nil {
-		return nil, 0, err
-	}
-	if len(ids) == 0 {
-		return []*model.GenerationTask{}, total, nil
-	}
-	var items []*model.GenerationTask
-	if err := r.db.WithContext(ctx).Where("id IN ?", ids).Find(&items).Error; err != nil {
-		return nil, 0, err
-	}
-	order := make(map[uint64]int, len(ids))
-	for i, id := range ids {
-		order[id] = i
-	}
-	sort.SliceStable(items, func(i, j int) bool { return order[items[i].ID] < order[items[j].ID] })
-	return items, total, nil
-}
-
-// ListResultsByTask 查询结果列表。
-func (r *GenerationRepo) ListResultsByTask(ctx context.Context, taskID string) ([]*model.GenerationResult, error) {
-	var items []*model.GenerationResult
-	err := r.db.WithContext(ctx).
-		Where("task_id = ? AND deleted_at IS NULL", taskID).Order("seq ASC, id ASC").Find(&items).Error
-	return items, err
-}
-
-// GetResultByTaskSeq returns one result row by task and sequence.
-func (r *GenerationRepo) GetResultByTaskSeq(ctx context.Context, taskID string, seq int) (*model.GenerationResult, error) {
-	var item model.GenerationResult
-	err := r.db.WithContext(ctx).
-		Where("task_id = ? AND seq = ? AND deleted_at IS NULL", taskID, seq).
-		First(&item).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &item, nil
-}
-
-// SoftDeleteByUser marks a user's generation tasks and results as deleted.
-func (r *GenerationRepo) SoftDeleteByUser(ctx context.Context, userID uint64, failedOnly bool) (int64, error) {
-	now := time.Now().UTC()
-	var deleted int64
-	err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		q := tx.Model(&model.GenerationTask{}).
-			Where("user_id = ? AND deleted_at IS NULL", userID)
-		if failedOnly {
-			q = q.Where("status = ?", model.GenStatusFailed)
-		}
-		var taskIDs []string
-		if err := q.Pluck("task_id", &taskIDs).Error; err != nil {
-			return err
-		}
-		if len(taskIDs) == 0 {
-			return nil
-		}
-		taskRes := tx.Model(&model.GenerationTask{}).
-			Where("user_id = ? AND deleted_at IS NULL AND task_id IN ?", userID, taskIDs).
-			Update("deleted_at", now)
-		if taskRes.Error != nil {
-			return taskRes.Error
-		}
-		deleted = taskRes.RowsAffected
-		return tx.Table("generation_result").
-			Where("deleted_at IS NULL AND task_id IN ?", taskIDs).
-			Update("deleted_at", now).Error
-	})
-	return deleted, err
-}
-
-// SoftDeleteByUserBefore marks a user's generation tasks before the cutoff as deleted.
-func (r *GenerationRepo) SoftDeleteByUserBefore(ctx context.Context, userID uint64, before time.Time) (int64, error) {
-	now := time.Now().UTC()
-	var deleted int64
-	err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		var taskIDs []string
-		if err := tx.Model(&model.GenerationTask{}).
-			Where("user_id = ? AND deleted_at IS NULL AND created_at < ?", userID, before).
-			Pluck("task_id", &taskIDs).Error; err != nil {
-			return err
-		}
-		if len(taskIDs) == 0 {
-			return nil
-		}
-		taskRes := tx.Model(&model.GenerationTask{}).
-			Where("user_id = ? AND deleted_at IS NULL AND task_id IN ?", userID, taskIDs).
-			Update("deleted_at", now)
-		if taskRes.Error != nil {
-			return taskRes.Error
-		}
-		deleted = taskRes.RowsAffected
-		return tx.Table("generation_result").
-			Where("deleted_at IS NULL AND task_id IN ?", taskIDs).
-			Update("deleted_at", now).Error
-	})
-	return deleted, err
-}
-
-func truncateStr(s string, n int) string {
-	r := []rune(s)
-	if len(r) <= n {
-		return s
-	}
-	return string(r[:n])
-}
diff --git a/backend/internal/repo/promo_repo.go b/backend/internal/repo/promo_repo.go
deleted file mode 100644
index 4b646a47..00000000
--- a/backend/internal/repo/promo_repo.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package repo
-
-import (
-	"context"
-	"strings"
-
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-type PromoRepo struct{ db *gorm.DB }
-
-func NewPromoRepo(db *gorm.DB) *PromoRepo { return &PromoRepo{db: db} }
-
-type PromoListFilter struct {
-	Keyword      string
-	Status       *int
-	DiscountType *int
-	Page         int
-	PageSize     int
-}
-
-func (r *PromoRepo) List(ctx context.Context, f PromoListFilter) ([]*model.PromoCode, int64, error) {
-	if f.Page <= 0 {
-		f.Page = 1
-	}
-	if f.PageSize <= 0 || f.PageSize > 200 {
-		f.PageSize = 20
-	}
-	q := r.db.WithContext(ctx).Model(&model.PromoCode{})
-	if f.Status != nil {
-		q = q.Where("status = ?", *f.Status)
-	}
-	if f.DiscountType != nil {
-		q = q.Where("discount_type = ?", *f.DiscountType)
-	}
-	if kw := strings.TrimSpace(f.Keyword); kw != "" {
-		like := "%" + kw + "%"
-		q = q.Where("CAST(id AS CHAR) = ? OR code LIKE ? OR name LIKE ?", kw, like, like)
-	}
-	var total int64
-	if err := q.Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-	var rows []*model.PromoCode
-	err := q.Order("id DESC").Offset((f.Page - 1) * f.PageSize).Limit(f.PageSize).Find(&rows).Error
-	return rows, total, err
-}
-
-func (r *PromoRepo) Create(ctx context.Context, row *model.PromoCode) error {
-	return r.db.WithContext(ctx).Create(row).Error
-}
-
-func (r *PromoRepo) Update(ctx context.Context, id uint64, fields map[string]any) error {
-	if len(fields) == 0 {
-		return nil
-	}
-	return r.db.WithContext(ctx).Model(&model.PromoCode{}).Where("id = ?", id).Updates(fields).Error
-}
-
-func (r *PromoRepo) Delete(ctx context.Context, id uint64) error {
-	return r.db.WithContext(ctx).Delete(&model.PromoCode{}, id).Error
-}
diff --git a/backend/internal/repo/proxy_repo.go b/backend/internal/repo/proxy_repo.go
deleted file mode 100644
index e5f2196d..00000000
--- a/backend/internal/repo/proxy_repo.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package repo
-
-import (
-	"context"
-	"time"
-
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-// ProxyRepo 代理仓储。
-type ProxyRepo struct{ db *gorm.DB }
-
-// NewProxyRepo 构造。
-func NewProxyRepo(db *gorm.DB) *ProxyRepo { return &ProxyRepo{db: db} }
-
-// Create 新增。
-func (r *ProxyRepo) Create(ctx context.Context, p *model.Proxy) error {
-	return r.db.WithContext(ctx).Create(p).Error
-}
-
-// GetByID 主键查询（未软删）。
-func (r *ProxyRepo) GetByID(ctx context.Context, id uint64) (*model.Proxy, error) {
-	var p model.Proxy
-	err := r.db.WithContext(ctx).
-		Where("id = ? AND deleted_at IS NULL", id).First(&p).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &p, nil
-}
-
-// ProxyListFilter 列表过滤。
-type ProxyListFilter struct {
-	Status   *int8
-	Keyword  string
-	Page     int
-	PageSize int
-}
-
-// List 分页列表。
-func (r *ProxyRepo) List(ctx context.Context, f ProxyListFilter) ([]*model.Proxy, int64, error) {
-	if f.Page <= 0 {
-		f.Page = 1
-	}
-	if f.PageSize <= 0 || f.PageSize > 200 {
-		f.PageSize = 50
-	}
-	q := r.db.WithContext(ctx).Model(&model.Proxy{}).Where("deleted_at IS NULL")
-	if f.Status != nil {
-		q = q.Where("status = ?", *f.Status)
-	}
-	if f.Keyword != "" {
-		k := "%" + f.Keyword + "%"
-		q = q.Where("(name LIKE ? OR host LIKE ? OR remark LIKE ?)", k, k, k)
-	}
-	var total int64
-	if err := q.Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-	var items []*model.Proxy
-	if err := q.Order("id DESC").
-		Offset((f.Page - 1) * f.PageSize).Limit(f.PageSize).
-		Find(&items).Error; err != nil {
-		return nil, 0, err
-	}
-	return items, total, nil
-}
-
-// ListEnabled 取所有启用代理（用于下拉、调度）。
-func (r *ProxyRepo) ListEnabled(ctx context.Context) ([]*model.Proxy, error) {
-	var items []*model.Proxy
-	err := r.db.WithContext(ctx).
-		Where("status = ? AND deleted_at IS NULL", model.ProxyStatusEnabled).
-		Order("id ASC").Find(&items).Error
-	return items, err
-}
-
-// Update 部分字段更新。
-func (r *ProxyRepo) Update(ctx context.Context, id uint64, fields map[string]any) error {
-	if len(fields) == 0 {
-		return nil
-	}
-	return r.db.WithContext(ctx).Model(&model.Proxy{}).
-		Where("id = ?", id).Updates(fields).Error
-}
-
-// SoftDelete 软删除。
-func (r *ProxyRepo) SoftDelete(ctx context.Context, id uint64) error {
-	return r.db.WithContext(ctx).Model(&model.Proxy{}).
-		Where("id = ?", id).Update("deleted_at", time.Now().UTC()).Error
-}
-
-// MarkCheck 记录探测结果。
-func (r *ProxyRepo) MarkCheck(ctx context.Context, id uint64, ok bool, latencyMs int, errMsg string) error {
-	now := time.Now().UTC()
-	st := model.ProxyCheckOK
-	if !ok {
-		st = model.ProxyCheckFail
-	}
-	fields := map[string]any{
-		"last_check_at":  now,
-		"last_check_ok":  st,
-		"last_check_ms":  latencyMs,
-		"last_error":     errMsg,
-	}
-	return r.db.WithContext(ctx).Model(&model.Proxy{}).
-		Where("id = ?", id).Updates(fields).Error
-}
diff --git a/backend/internal/repo/system_config_repo.go b/backend/internal/repo/system_config_repo.go
deleted file mode 100644
index 98b9888b..00000000
--- a/backend/internal/repo/system_config_repo.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package repo
-
-import (
-	"context"
-
-	"gorm.io/gorm"
-	"gorm.io/gorm/clause"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-// SystemConfigRepo system_config 仓储。
-type SystemConfigRepo struct{ db *gorm.DB }
-
-// NewSystemConfigRepo 构造。
-func NewSystemConfigRepo(db *gorm.DB) *SystemConfigRepo { return &SystemConfigRepo{db: db} }
-
-// GetAll 全表。
-func (r *SystemConfigRepo) GetAll(ctx context.Context) ([]*model.SystemConfig, error) {
-	var rows []*model.SystemConfig
-	err := r.db.WithContext(ctx).Find(&rows).Error
-	return rows, err
-}
-
-// GetByKey 单 key。
-func (r *SystemConfigRepo) GetByKey(ctx context.Context, key string) (*model.SystemConfig, error) {
-	var row model.SystemConfig
-	err := r.db.WithContext(ctx).Where("`key` = ?", key).First(&row).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &row, nil
-}
-
-// GetMany 批量获取，未存在的 key 返回空。
-func (r *SystemConfigRepo) GetMany(ctx context.Context, keys []string) (map[string]string, error) {
-	if len(keys) == 0 {
-		return map[string]string{}, nil
-	}
-	var rows []*model.SystemConfig
-	if err := r.db.WithContext(ctx).Where("`key` IN ?", keys).Find(&rows).Error; err != nil {
-		return nil, err
-	}
-	out := make(map[string]string, len(rows))
-	for _, r := range rows {
-		out[r.Key] = r.Value
-	}
-	return out, nil
-}
-
-// Upsert 插入或更新。
-func (r *SystemConfigRepo) Upsert(ctx context.Context, key, value string, updatedBy *uint64, remark *string) error {
-	row := &model.SystemConfig{Key: key, Value: value, UpdatedBy: updatedBy, Remark: remark}
-	return r.db.WithContext(ctx).
-		Clauses(clause.OnConflict{
-			Columns: []clause.Column{{Name: "key"}},
-			DoUpdates: clause.AssignmentColumns([]string{"value", "updated_by", "updated_at"}),
-		}).
-		Create(row).Error
-}
-
-// UpsertMany 批量 upsert（同事务）。
-func (r *SystemConfigRepo) UpsertMany(ctx context.Context, kvs map[string]string, updatedBy *uint64) error {
-	if len(kvs) == 0 {
-		return nil
-	}
-	rows := make([]*model.SystemConfig, 0, len(kvs))
-	for k, v := range kvs {
-		rows = append(rows, &model.SystemConfig{Key: k, Value: v, UpdatedBy: updatedBy})
-	}
-	return r.db.WithContext(ctx).
-		Clauses(clause.OnConflict{
-			Columns:   []clause.Column{{Name: "key"}},
-			DoUpdates: clause.AssignmentColumns([]string{"value", "updated_by", "updated_at"}),
-		}).
-		Create(&rows).Error
-}
diff --git a/backend/internal/repo/user_repo.go b/backend/internal/repo/user_repo.go
deleted file mode 100644
index c5ccf15b..00000000
--- a/backend/internal/repo/user_repo.go
+++ /dev/null
@@ -1,143 +0,0 @@
-// Package repo 数据访问层。零业务判断；禁止 SELECT *。
-package repo
-
-import (
-	"context"
-	"errors"
-	"strings"
-	"time"
-
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-// UserRepo 用户表访问。
-type UserRepo struct{ db *gorm.DB }
-
-// NewUserRepo 构造。
-func NewUserRepo(db *gorm.DB) *UserRepo { return &UserRepo{db: db} }
-
-type UserListFilter struct {
-	Keyword  string
-	Status   *int
-	Page     int
-	PageSize int
-}
-
-func (r *UserRepo) Create(ctx context.Context, u *model.User) error {
-	return r.db.WithContext(ctx).Create(u).Error
-}
-
-func (r *UserRepo) GetByID(ctx context.Context, id uint64) (*model.User, error) {
-	var u model.User
-	err := r.db.WithContext(ctx).Where("id = ? AND deleted_at IS NULL", id).First(&u).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &u, nil
-}
-
-func (r *UserRepo) GetByEmail(ctx context.Context, email string) (*model.User, error) {
-	var u model.User
-	err := r.db.WithContext(ctx).Where("email = ? AND deleted_at IS NULL", email).First(&u).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &u, nil
-}
-
-func (r *UserRepo) GetByPhone(ctx context.Context, phone string) (*model.User, error) {
-	var u model.User
-	err := r.db.WithContext(ctx).Where("phone = ? AND deleted_at IS NULL", phone).First(&u).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &u, nil
-}
-
-// GetByAccount 按邮箱 / 手机 / 用户名匹配（仅一种命中）。
-func (r *UserRepo) GetByAccount(ctx context.Context, account string) (*model.User, error) {
-	account = strings.TrimSpace(account)
-	if account == "" {
-		return nil, ErrNotFound
-	}
-	var u model.User
-	tx := r.db.WithContext(ctx).
-		Where("(email = ? OR phone = ? OR username = ?) AND deleted_at IS NULL",
-			account, account, account)
-	if err := tx.First(&u).Error; err != nil {
-		return nil, mapErr(err)
-	}
-	return &u, nil
-}
-
-func (r *UserRepo) GetByInviteCode(ctx context.Context, code string) (*model.User, error) {
-	var u model.User
-	err := r.db.WithContext(ctx).Where("invite_code = ? AND deleted_at IS NULL", code).First(&u).Error
-	if err != nil {
-		return nil, mapErr(err)
-	}
-	return &u, nil
-}
-
-func (r *UserRepo) List(ctx context.Context, f UserListFilter) ([]*model.User, int64, error) {
-	if f.Page <= 0 {
-		f.Page = 1
-	}
-	if f.PageSize <= 0 || f.PageSize > 200 {
-		f.PageSize = 20
-	}
-	q := r.db.WithContext(ctx).Model(&model.User{}).Where("deleted_at IS NULL")
-	if f.Status != nil {
-		q = q.Where("status = ?", *f.Status)
-	}
-	if kw := strings.TrimSpace(f.Keyword); kw != "" {
-		like := "%" + kw + "%"
-		q = q.Where("CAST(id AS CHAR) = ? OR uuid = ? OR email LIKE ? OR phone LIKE ? OR username LIKE ? OR invite_code = ?",
-			kw, kw, like, like, like, kw)
-	}
-	var total int64
-	if err := q.Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-	var items []*model.User
-	err := q.Order("id DESC").Offset((f.Page - 1) * f.PageSize).Limit(f.PageSize).Find(&items).Error
-	return items, total, err
-}
-
-func (r *UserRepo) Update(ctx context.Context, id uint64, fields map[string]any) error {
-	if len(fields) == 0 {
-		return nil
-	}
-	return r.db.WithContext(ctx).Model(&model.User{}).
-		Where("id = ? AND deleted_at IS NULL", id).
-		Updates(fields).Error
-}
-
-func (r *UserRepo) UpdateLogin(ctx context.Context, id uint64, ip string) error {
-	now := time.Now().UTC()
-	return r.db.WithContext(ctx).Model(&model.User{}).
-		Where("id = ?", id).
-		Updates(map[string]any{
-			"last_login_at": now,
-			"last_login_ip": ip,
-		}).Error
-}
-
-func (r *UserRepo) UpdatePassword(ctx context.Context, id uint64, hash string) error {
-	return r.db.WithContext(ctx).Model(&model.User{}).
-		Where("id = ?", id).
-		Update("password", hash).Error
-}
-
-// ErrNotFound 显式语义。
-var ErrNotFound = errors.New("repo: not found")
-
-// mapErr 把 gorm.ErrRecordNotFound 映射为 ErrNotFound。
-func mapErr(err error) error {
-	if errors.Is(err, gorm.ErrRecordNotFound) {
-		return ErrNotFound
-	}
-	return err
-}
diff --git a/backend/internal/repo/wallet_repo.go b/backend/internal/repo/wallet_repo.go
deleted file mode 100644
index 29c9a832..00000000
--- a/backend/internal/repo/wallet_repo.go
+++ /dev/null
@@ -1,342 +0,0 @@
-// Package repo 钱包流水仓储。
-package repo
-
-import (
-	"context"
-	"errors"
-	"strings"
-	"time"
-
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-)
-
-// WalletRepo 钱包 / 流水仓储。
-type WalletRepo struct{ db *gorm.DB }
-
-// NewWalletRepo 构造。
-func NewWalletRepo(db *gorm.DB) *WalletRepo { return &WalletRepo{db: db} }
-
-// ErrInsufficient 余额不足。
-var ErrInsufficient = errors.New("repo: insufficient points")
-
-// Income 在事务中给用户加点 + 写入流水。
-func (r *WalletRepo) Income(ctx context.Context, userID uint64, biz, bizID string, points int64, remark string) (*model.WalletLog, error) {
-	if points <= 0 {
-		return nil, errors.New("income points must >0")
-	}
-	var log *model.WalletLog
-	err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		u, err := lockUser(tx, userID)
-		if err != nil {
-			return err
-		}
-		before := u.Points
-		after := before + points
-		if err := tx.Model(&model.User{}).Where("id = ?", userID).
-			UpdateColumn("points", after).Error; err != nil {
-			return err
-		}
-		log = &model.WalletLog{
-			UserID:       userID,
-			Direction:    1,
-			BizType:      biz,
-			BizID:        bizID,
-			Points:       points,
-			PointsBefore: before,
-			PointsAfter:  after,
-		}
-		if remark != "" {
-			log.Remark = &remark
-		}
-		return tx.Create(log).Error
-	})
-	return log, err
-}
-
-// Freeze 预冻结：从 points 扣，写入 frozen_points + wallet_log（dir=-1 / status=frozen 由 service 控制）。
-//
-// 失败原因：
-//   - ErrInsufficient: 余额不足
-//
-// Adjust changes available points and writes a wallet log. Positive points add balance,
-// negative points deduct balance. When addTotalRecharge is true, positive points are
-// also accumulated into user.total_recharge.
-func (r *WalletRepo) Adjust(ctx context.Context, userID uint64, biz, bizID string, points int64, remark string, addTotalRecharge bool) (*model.WalletLog, error) {
-	if points == 0 {
-		return nil, errors.New("adjust points must not be 0")
-	}
-	var log *model.WalletLog
-	err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		u, err := lockUser(tx, userID)
-		if err != nil {
-			return err
-		}
-		before := u.Points
-		after := before + points
-		if after < 0 {
-			return ErrInsufficient
-		}
-		updates := map[string]any{"points": after}
-		if addTotalRecharge && points > 0 {
-			updates["total_recharge"] = gorm.Expr("total_recharge + ?", points)
-		}
-		if err := tx.Model(&model.User{}).Where("id = ?", userID).UpdateColumns(updates).Error; err != nil {
-			return err
-		}
-		direction := int8(1)
-		if points < 0 {
-			direction = -1
-		}
-		log = &model.WalletLog{
-			UserID:       userID,
-			Direction:    direction,
-			BizType:      biz,
-			BizID:        bizID,
-			Points:       points,
-			PointsBefore: before,
-			PointsAfter:  after,
-		}
-		if remark != "" {
-			log.Remark = &remark
-		}
-		return tx.Create(log).Error
-	})
-	return log, err
-}
-
-func (r *WalletRepo) Freeze(ctx context.Context, userID uint64, biz, bizID string, points int64, remark string) (*model.WalletLog, error) {
-	if points <= 0 {
-		return nil, errors.New("freeze points must >0")
-	}
-	var log *model.WalletLog
-	err := r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		u, err := lockUser(tx, userID)
-		if err != nil {
-			return err
-		}
-		if u.Points < points {
-			return ErrInsufficient
-		}
-		before := u.Points
-		after := before - points
-		if err := tx.Model(&model.User{}).Where("id = ?", userID).
-			UpdateColumns(map[string]any{
-				"points":        after,
-				"frozen_points": gorm.Expr("frozen_points + ?", points),
-			}).Error; err != nil {
-			return err
-		}
-		log = &model.WalletLog{
-			UserID:       userID,
-			Direction:    -1,
-			BizType:      biz,
-			BizID:        bizID,
-			Points:       -points,
-			PointsBefore: before,
-			PointsAfter:  after,
-		}
-		if remark != "" {
-			log.Remark = &remark
-		}
-		return tx.Create(log).Error
-	})
-	return log, err
-}
-
-// Settle 结算：将之前 freeze 的 points 从 frozen_points 中清掉（落地为消费）。
-func (r *WalletRepo) Settle(ctx context.Context, userID uint64, points int64) error {
-	if points <= 0 {
-		return nil
-	}
-	return r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		u, err := lockUser(tx, userID)
-		if err != nil {
-			return err
-		}
-		newFrozen := u.FrozenPoints - points
-		if newFrozen < 0 {
-			newFrozen = 0
-		}
-		return tx.Model(&model.User{}).Where("id = ?", userID).
-			Update("frozen_points", newFrozen).Error
-	})
-}
-
-// RefundFrozenPart returns part of frozen points to available balance.
-func (r *WalletRepo) RefundFrozenPart(ctx context.Context, userID uint64, taskID, reason string, points int64) error {
-	if points <= 0 {
-		return nil
-	}
-	return r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		u, err := lockUser(tx, userID)
-		if err != nil {
-			return err
-		}
-		if points > u.FrozenPoints {
-			points = u.FrozenPoints
-		}
-		before := u.Points
-		after := before + points
-		newFrozen := u.FrozenPoints - points
-		if err := tx.Model(&model.User{}).Where("id = ?", userID).
-			UpdateColumns(map[string]any{
-				"points":        after,
-				"frozen_points": newFrozen,
-			}).Error; err != nil {
-			return err
-		}
-		remarkCopy := reason
-		log := &model.WalletLog{
-			UserID:       userID,
-			Direction:    1,
-			BizType:      model.BizRefund,
-			BizID:        taskID,
-			Points:       points,
-			PointsBefore: before,
-			PointsAfter:  after,
-			Remark:       &remarkCopy,
-		}
-		if err := tx.Create(log).Error; err != nil {
-			return err
-		}
-		return tx.Create(&model.RefundRecord{
-			TaskID:    taskID,
-			UserID:    userID,
-			Points:    points,
-			Reason:    reason,
-			Operator:  "system",
-			CreatedAt: time.Now().UTC(),
-		}).Error
-	})
-}
-
-// Refund 退款：把 freeze 的 points 还回 points + 写入 wallet_log + 写 refund_record。
-func (r *WalletRepo) Refund(ctx context.Context, userID uint64, taskID, reason string, points int64) error {
-	if points <= 0 {
-		return nil
-	}
-	return r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		u, err := lockUser(tx, userID)
-		if err != nil {
-			return err
-		}
-		newFrozen := u.FrozenPoints - points
-		if newFrozen < 0 {
-			newFrozen = 0
-		}
-		before := u.Points
-		after := before + points
-		if err := tx.Model(&model.User{}).Where("id = ?", userID).
-			UpdateColumns(map[string]any{
-				"points":        after,
-				"frozen_points": newFrozen,
-			}).Error; err != nil {
-			return err
-		}
-		remarkCopy := reason
-		log := &model.WalletLog{
-			UserID:       userID,
-			Direction:    1,
-			BizType:      model.BizRefund,
-			BizID:        taskID,
-			Points:       points,
-			PointsBefore: before,
-			PointsAfter:  after,
-			Remark:       &remarkCopy,
-		}
-		if err := tx.Create(log).Error; err != nil {
-			return err
-		}
-		return tx.Create(&model.RefundRecord{
-			TaskID:    taskID,
-			UserID:    userID,
-			Points:    points,
-			Reason:    reason,
-			Operator:  "system",
-			CreatedAt: time.Now().UTC(),
-		}).Error
-	})
-}
-
-// ListUserLogs 钱包流水分页。
-func (r *WalletRepo) ListUserLogs(ctx context.Context, userID uint64, page, pageSize int) ([]*model.WalletLog, int64, error) {
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 || pageSize > 200 {
-		pageSize = 20
-	}
-	q := r.db.WithContext(ctx).Model(&model.WalletLog{}).Where("user_id = ?", userID)
-	var total int64
-	if err := q.Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-	var items []*model.WalletLog
-	err := q.Order("id DESC").
-		Offset((page - 1) * pageSize).Limit(pageSize).
-		Find(&items).Error
-	return items, total, err
-}
-
-type AdminWalletLogFilter struct {
-	Keyword   string
-	UserID    uint64
-	BizType   string
-	Direction *int
-	Page      int
-	PageSize  int
-}
-
-type AdminWalletLogRow struct {
-	model.WalletLog
-	UserLabel string `gorm:"column:user_label"`
-}
-
-func (r *WalletRepo) ListAdminLogs(ctx context.Context, f AdminWalletLogFilter) ([]*AdminWalletLogRow, int64, error) {
-	if f.Page <= 0 {
-		f.Page = 1
-	}
-	if f.PageSize <= 0 || f.PageSize > 200 {
-		f.PageSize = 20
-	}
-	q := r.db.WithContext(ctx).Table("wallet_log wl").
-		Joins("LEFT JOIN user u ON u.id = wl.user_id")
-	if f.UserID > 0 {
-		q = q.Where("wl.user_id = ?", f.UserID)
-	}
-	if f.Direction != nil {
-		q = q.Where("wl.direction = ?", *f.Direction)
-	}
-	if bt := strings.TrimSpace(f.BizType); bt != "" {
-		q = q.Where("wl.biz_type = ?", bt)
-	}
-	if kw := strings.TrimSpace(f.Keyword); kw != "" {
-		like := "%" + kw + "%"
-		q = q.Where("CAST(wl.id AS CHAR) = ? OR CAST(wl.user_id AS CHAR) = ? OR wl.biz_id LIKE ? OR wl.remark LIKE ? OR u.email LIKE ? OR u.phone LIKE ? OR u.username LIKE ?",
-			kw, kw, like, like, like, like, like)
-	}
-	var total int64
-	if err := q.Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-	var rows []*AdminWalletLogRow
-	err := q.Select("wl.*, COALESCE(NULLIF(u.email, ''), NULLIF(u.phone, ''), NULLIF(u.username, ''), u.uuid, CAST(wl.user_id AS CHAR)) AS user_label").
-		Order("wl.id DESC").
-		Offset((f.Page - 1) * f.PageSize).Limit(f.PageSize).
-		Scan(&rows).Error
-	return rows, total, err
-}
-
-// === helpers ===
-
-// lockUser SELECT ... FOR UPDATE。
-func lockUser(tx *gorm.DB, userID uint64) (*model.User, error) {
-	var u model.User
-	if err := tx.Set("gorm:query_option", "FOR UPDATE").
-		Where("id = ?", userID).First(&u).Error; err != nil {
-		return nil, err
-	}
-	return &u, nil
-}
diff --git a/backend/internal/router/admin.go b/backend/internal/router/admin.go
deleted file mode 100644
index 22cdb22d..00000000
--- a/backend/internal/router/admin.go
+++ /dev/null
@@ -1,161 +0,0 @@
-// Package router 管理后台路由。
-package router
-
-import (
-	"time"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/bootstrap"
-	"github.com/kleinai/backend/internal/handler"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/jwtx"
-)
-
-// MountAdmin 在 root 上挂载 /admin/api/v1。
-// 这里提供 AccountPool 实例，供后续 worker / openai 服务可能复用（暂存内部）。
-func MountAdmin(r *gin.Engine, deps *bootstrap.Deps) *service.AccountPool {
-	v1 := r.Group("/admin/api/v1")
-
-	v1.GET("/ping", func(c *gin.Context) {
-		c.JSON(200, gin.H{"pong": true, "scope": "admin"})
-	})
-
-	if deps.DB == nil {
-		return nil
-	}
-	if deps.AES == nil {
-		// 没有 AES 也禁止挂载账号池接口（凭证必须加密）
-		return nil
-	}
-
-	// === repos ===
-	adminRepo := repo.NewAdminRepo(deps.DB)
-	userRepo := repo.NewUserRepo(deps.DB)
-	accountRepo := repo.NewAccountRepo(deps.DB)
-	walletRepo := repo.NewWalletRepo(deps.DB)
-	generationRepo := repo.NewGenerationRepo(deps.DB)
-	proxyRepo := repo.NewProxyRepo(deps.DB)
-	sysCfgRepo := repo.NewSystemConfigRepo(deps.DB)
-	promoRepo := repo.NewPromoRepo(deps.DB)
-	dashboardRepo := repo.NewDashboardRepo(deps.DB)
-
-	// === pool ===
-	pool := service.NewAccountPool(accountRepo, 30*time.Second)
-
-	// === services ===
-	adminAuth := service.NewAdminAuthService(adminRepo, deps.JWT)
-	adminUserSvc := service.NewAdminUserService(userRepo, walletRepo)
-	accountAdmin := service.NewAccountAdminService(accountRepo, pool, deps.AES)
-	billingSvc := service.NewBillingService(deps.DB, walletRepo)
-	cdkSvc := service.NewCDKService(deps.DB, billingSvc)
-	promoSvc := service.NewAdminPromoService(promoRepo)
-	sysCfgSvc := service.NewSystemConfigService(sysCfgRepo)
-	proxySvc := service.NewProxyService(proxyRepo, deps.AES)
-	openaiOAuth := service.NewOpenAIOAuthService(sysCfgSvc)
-	accountTest := service.NewAccountTestService(accountRepo, proxySvc, sysCfgSvc, openaiOAuth, deps.AES)
-	// 把测试服务注入 AccountAdminService，使 Test/Refresh/BatchRefresh 走得通。
-	accountAdmin.SetTestService(accountTest)
-
-	// === handlers ===
-	authH := handler.NewAdminAuthHandler(adminAuth, adminRepo)
-	userH := handler.NewAdminUserHandler(adminUserSvc)
-	accountH := handler.NewAdminAccountHandler(accountAdmin, pool)
-	cdkH := handler.NewAdminCDKHandler(cdkSvc)
-	billingH := handler.NewAdminBillingHandler(walletRepo)
-	promoH := handler.NewAdminPromoHandler(promoSvc)
-	proxyH := handler.NewAdminProxyHandler(proxySvc, accountTest)
-	sysH := handler.NewAdminSystemHandler(sysCfgSvc)
-	logH := handler.NewAdminLogHandler(generationRepo, accountRepo, deps.AES)
-	dashboardH := handler.NewAdminDashboardHandler(dashboardRepo)
-
-	// auth 公开
-	auth := v1.Group("/auth")
-	if deps.Limiter != nil {
-		auth.Use(middleware.RateLimitIP(deps.Limiter, 30))
-	}
-	auth.POST("/login", authH.Login)
-	v1.GET("/logs/generations/:task_id/preview", logH.GenerationPreview)
-
-	// 登录后接口
-	authed := v1.Group("/")
-	authed.Use(middleware.AuthJWT(deps.JWT, jwtx.SubjectAdmin))
-	{
-		authed.GET("/auth/me", authH.Me)
-		authed.POST("/auth/password", authH.ChangePassword)
-		authed.GET("/dashboard/overview", dashboardH.Overview)
-
-		users := authed.Group("/users")
-		{
-			users.GET("", userH.List)
-			users.POST("", userH.Create)
-			users.PUT("/:id", userH.Update)
-			users.POST("/:id/points", userH.AdjustPoints)
-		}
-
-		acc := authed.Group("/accounts")
-		{
-			acc.GET("", accountH.List)
-			acc.POST("", accountH.Create)
-			acc.POST("/import", accountH.BatchImport)
-			acc.POST("/batch-delete", accountH.BatchDelete)
-			acc.POST("/purge", accountH.Purge)
-			acc.POST("/batch-refresh", accountH.BatchRefresh)
-			acc.POST("/batch-probe", accountH.BatchProbeQuota)
-			acc.GET("/stats", accountH.PoolStats)
-			acc.PUT("/:id", accountH.Update)
-			acc.DELETE("/:id", accountH.Delete)
-			acc.POST("/:id/test", accountH.Test)
-			acc.POST("/:id/refresh", accountH.RefreshOAuth)
-			acc.GET("/:id/secrets", accountH.Secrets)
-		}
-
-		// 代理管理：CRUD + 连通性测试
-		proxies := authed.Group("/proxies")
-		{
-			proxies.GET("", proxyH.List)
-			proxies.POST("", proxyH.Create)
-			proxies.PUT("/:id", proxyH.Update)
-			proxies.DELETE("/:id", proxyH.Delete)
-			proxies.POST("/:id/test", proxyH.Test)
-		}
-
-		// 系统配置：通用 KV（代理全局开关 / OAuth 客户端 / refresh 阈值等）
-		sys := authed.Group("/system")
-		{
-			sys.GET("/settings", sysH.GetSettings)
-			sys.PUT("/settings", sysH.UpdateSettings)
-			sys.GET("/cache", sysH.CacheStats)
-			sys.DELETE("/cache", sysH.CleanCache)
-		}
-
-		cdk := authed.Group("/cdk")
-		{
-			cdk.POST("/batches", cdkH.CreateBatch)
-		}
-
-		billing := authed.Group("/billing")
-		{
-			billing.GET("/wallet-logs", billingH.WalletLogs)
-		}
-
-		promo := authed.Group("/promo")
-		{
-			promo.GET("/codes", promoH.List)
-			promo.POST("/codes", promoH.Create)
-			promo.PUT("/codes/:id", promoH.Update)
-			promo.DELETE("/codes/:id", promoH.Delete)
-		}
-
-		logs := authed.Group("/logs")
-		{
-			logs.GET("/generations", logH.GenerationLogs)
-			logs.GET("/generations/:task_id/upstream", logH.GenerationUpstreamLogs)
-			logs.DELETE("/generations", logH.PurgeGenerationLogs)
-		}
-	}
-
-	return pool
-}
diff --git a/backend/internal/router/api.go b/backend/internal/router/api.go
deleted file mode 100644
index 2d67bf5c..00000000
--- a/backend/internal/router/api.go
+++ /dev/null
@@ -1,104 +0,0 @@
-// Package router api 服务路由组装。
-package router
-
-import (
-	"time"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/bootstrap"
-	"github.com/kleinai/backend/internal/handler"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/provider/factory"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/internal/service"
-	"github.com/kleinai/backend/pkg/jwtx"
-)
-
-// MountAPI 在 root 上挂载用户端 /api/v1 全部业务路由。
-// 注意：未配置 DB 时（dev 降级）会跳过依赖 DB 的路由，仅保留 /ping。
-func MountAPI(r *gin.Engine, deps *bootstrap.Deps) {
-	v1 := r.Group("/api/v1")
-
-	v1.GET("/ping", func(c *gin.Context) {
-		c.JSON(200, gin.H{"pong": true})
-	})
-
-	if deps.DB == nil {
-		return
-	}
-
-	userRepo := repo.NewUserRepo(deps.DB)
-	apiKeyRepo := repo.NewAPIKeyRepo(deps.DB)
-	walletRepo := repo.NewWalletRepo(deps.DB)
-	accountRepo := repo.NewAccountRepo(deps.DB)
-	genRepo := repo.NewGenerationRepo(deps.DB)
-	sysCfgRepo := repo.NewSystemConfigRepo(deps.DB)
-	proxyRepo := repo.NewProxyRepo(deps.DB)
-
-	authSvc := service.NewAuthService(deps.DB, userRepo, deps.JWT)
-	userSvc := service.NewUserService(userRepo)
-	keySvc := service.NewAPIKeyService(apiKeyRepo)
-	billingSvc := service.NewBillingService(deps.DB, walletRepo)
-	cdkSvc := service.NewCDKService(deps.DB, billingSvc)
-	sysCfgSvc := service.NewSystemConfigService(sysCfgRepo)
-	proxySvc := service.NewProxyService(proxyRepo, deps.AES)
-
-	pool := service.NewAccountPool(accountRepo, 30*time.Second)
-	providers := factory.Build()
-	genSvc := service.NewGenerationService(deps.DB, genRepo, pool, billingSvc, providers, service.ConfigPriceFn(sysCfgSvc), deps.AES, proxySvc, sysCfgSvc)
-	chatSvc := service.NewChatService(deps.DB, genRepo, pool, billingSvc, sysCfgSvc, deps.AES, proxySvc)
-
-	authH := handler.NewAuthHandler(authSvc, userSvc)
-	keyH := handler.NewAPIKeyHandler(keySvc)
-	billH := handler.NewBillingHandler(billingSvc, cdkSvc)
-	genH := handler.NewGenerationHandler(genSvc, chatSvc, genRepo, accountRepo, sysCfgSvc, deps.AES)
-
-	v1.GET("/models", genH.Models)
-	v1.GET("/gen/cached/*path", genH.CachedAsset)
-	v1.GET("/gen/assets/:task_id/:seq", genH.Asset)
-
-	auth := v1.Group("/auth")
-	{
-		// 注册 / 登录限流：每 IP 每分钟 30 次
-		if deps.Limiter != nil {
-			auth.Use(middleware.RateLimitIP(deps.Limiter, 30))
-		}
-		auth.POST("/register", authH.Register)
-		auth.POST("/login", authH.Login)
-		auth.POST("/refresh", authH.Refresh)
-		auth.POST("/logout", authH.Logout)
-	}
-
-	// 需要登录的用户接口
-	authed := v1.Group("/")
-	authed.Use(middleware.AuthJWT(deps.JWT, jwtx.SubjectUser))
-	{
-		authed.GET("/users/me", authH.Me)
-		authed.POST("/users/password", authH.ChangePassword)
-
-		keys := authed.Group("/keys")
-		{
-			keys.GET("", keyH.List)
-			keys.POST("", keyH.Create)
-			keys.POST("/:id/toggle", keyH.Toggle)
-			keys.DELETE("/:id", keyH.Delete)
-		}
-
-		bill := authed.Group("/billing")
-		{
-			bill.GET("/logs", billH.Logs)
-			bill.POST("/cdk/redeem", billH.RedeemCDK)
-		}
-
-		gen := authed.Group("/gen")
-		{
-			gen.POST("/image", genH.CreateImage)
-			gen.POST("/text", genH.CreateText)
-			gen.POST("/video", genH.CreateVideo)
-			gen.GET("/tasks/:task_id", genH.Get)
-			gen.GET("/history", genH.List)
-			gen.DELETE("/history", genH.DeleteHistory)
-		}
-	}
-}
diff --git a/backend/internal/router/common.go b/backend/internal/router/common.go
deleted file mode 100644
index cbd12a68..00000000
--- a/backend/internal/router/common.go
+++ /dev/null
@@ -1,78 +0,0 @@
-// Package router 提供通用 gin Engine 构造（含基础中间件 + healthz）。
-package router
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/bootstrap"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/pkg/version"
-)
-
-// Options 路由构造选项。
-type Options struct {
-	ServiceName string
-	Deps        *bootstrap.Deps
-}
-
-// New 返回带基础中间件 + 健康检查 + ready 检查的 gin.Engine。
-func New(opt Options) *gin.Engine {
-	if opt.Deps.Cfg.IsProd() {
-		gin.SetMode(gin.ReleaseMode)
-	}
-
-	r := gin.New()
-	r.Use(
-		middleware.Recovery(),
-		middleware.RequestID(),
-		middleware.AccessLog(),
-		middleware.SecurityHeaders(),
-		middleware.CORS(opt.Deps.Cfg.CORS.Origins),
-	)
-
-	r.GET("/healthz", func(c *gin.Context) {
-		c.JSON(http.StatusOK, gin.H{
-			"service": opt.ServiceName,
-			"env":     opt.Deps.Cfg.App.Env,
-			"version": version.Build,
-			"time":    time.Now().UTC().Format(time.RFC3339),
-		})
-	})
-
-	r.GET("/readyz", func(c *gin.Context) {
-		ready := true
-		details := gin.H{}
-		if opt.Deps.DB != nil {
-			if sqlDB, err := opt.Deps.DB.DB(); err == nil {
-				if err := sqlDB.PingContext(c.Request.Context()); err != nil {
-					ready, details["mysql"] = false, err.Error()
-				} else {
-					details["mysql"] = "ok"
-				}
-			} else {
-				ready, details["mysql"] = false, err.Error()
-			}
-		} else {
-			ready, details["mysql"] = false, "not initialized"
-		}
-		if opt.Deps.Redis != nil {
-			if err := opt.Deps.Redis.Ping(c.Request.Context()).Err(); err != nil {
-				ready, details["redis"] = false, err.Error()
-			} else {
-				details["redis"] = "ok"
-			}
-		} else {
-			ready, details["redis"] = false, "not initialized"
-		}
-		status := http.StatusOK
-		if !ready {
-			status = http.StatusServiceUnavailable
-		}
-		c.JSON(status, gin.H{"ready": ready, "details": details})
-	})
-
-	return r
-}
diff --git a/backend/internal/router/openai.go b/backend/internal/router/openai.go
deleted file mode 100644
index 7924e69d..00000000
--- a/backend/internal/router/openai.go
+++ /dev/null
@@ -1,72 +0,0 @@
-// Package router OpenAI 兼容服务路由。
-package router
-
-import (
-	"time"
-
-	"github.com/gin-gonic/gin"
-
-	"github.com/kleinai/backend/internal/bootstrap"
-	"github.com/kleinai/backend/internal/handler"
-	"github.com/kleinai/backend/internal/middleware"
-	"github.com/kleinai/backend/internal/provider/factory"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/internal/service"
-)
-
-// MountOpenAI 挂载 /v1（OpenAI 兼容）。
-//
-// 公开路由（无需鉴权）：
-//
-//	GET  /v1/health
-//
-// 受 API Key 保护：
-//
-//	GET  /v1/models
-//	POST /v1/chat/completions
-//	POST /v1/images/generations
-//	POST /v1/images/edits
-//	GET  /v1/images/generations/:task_id
-//	POST /v1/video/generations
-//	GET  /v1/video/generations/:task_id
-func MountOpenAI(r *gin.Engine, deps *bootstrap.Deps) {
-	v1 := r.Group("/v1")
-	v1.GET("/health", func(c *gin.Context) { c.JSON(200, gin.H{"ok": true}) })
-
-	if deps.DB == nil {
-		// 降级：DB 未连，受 KEY 保护的路由不挂载
-		return
-	}
-
-	apiKeyRepo := repo.NewAPIKeyRepo(deps.DB)
-	walletRepo := repo.NewWalletRepo(deps.DB)
-	accountRepo := repo.NewAccountRepo(deps.DB)
-	genRepo := repo.NewGenerationRepo(deps.DB)
-	sysCfgRepo := repo.NewSystemConfigRepo(deps.DB)
-	proxyRepo := repo.NewProxyRepo(deps.DB)
-
-	keySvc := service.NewAPIKeyService(apiKeyRepo)
-	billingSvc := service.NewBillingService(deps.DB, walletRepo)
-	sysCfgSvc := service.NewSystemConfigService(sysCfgRepo)
-	proxySvc := service.NewProxyService(proxyRepo, deps.AES)
-	pool := service.NewAccountPool(accountRepo, 30*time.Second)
-	providers := factory.Build()
-	genSvc := service.NewGenerationService(deps.DB, genRepo, pool, billingSvc, providers, service.ConfigPriceFn(sysCfgSvc), deps.AES, proxySvc, sysCfgSvc)
-	chatSvc := service.NewChatService(deps.DB, genRepo, pool, billingSvc, sysCfgSvc, deps.AES, proxySvc)
-	openaiH := handler.NewOpenAIHandler(genSvc, chatSvc, genRepo)
-
-	guard := v1.Group("/")
-	guard.Use(middleware.AuthAPIKey(keySvc))
-	{
-		guard.GET("/models", openaiH.Models)
-		guard.POST("/chat/completions", openaiH.ChatCompletions)
-		guard.POST("/images/generations", openaiH.ImageGenerations)
-		guard.GET("/images/generations/:task_id", openaiH.GetImageTask)
-		guard.POST("/images/edits", openaiH.ImageEdits)
-		guard.POST("/video/generations", openaiH.VideoGenerations)
-		guard.GET("/video/generations/:task_id", openaiH.GetVideoTask)
-		// Backward-compatible alias kept for older clients.
-		guard.POST("/videos/generations", openaiH.VideoGenerations)
-		guard.GET("/videos/generations/:task_id", openaiH.GetVideoTask)
-	}
-}
diff --git a/backend/internal/service/account_admin_service.go b/backend/internal/service/account_admin_service.go
deleted file mode 100644
index 2f6d56b3..00000000
--- a/backend/internal/service/account_admin_service.go
+++ /dev/null
@@ -1,969 +0,0 @@
-// Package service 账号池管理后台业务。
-package service
-
-import (
-	"context"
-	"encoding/json"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/jwtpayload"
-)
-
-const grokTokenTTL = 72 * time.Hour
-
-// AccountAdminService 管理后台对账号池的增删改查 + 批量导入。
-type AccountAdminService struct {
-	repo    *repo.AccountRepo
-	pool    *AccountPool
-	aes     *crypto.AESGCM
-	testSvc *AccountTestService // 可空：未注入则 Test/Refresh 返回不可用
-}
-
-// NewAccountAdminService 构造。aes 必须非空。
-func NewAccountAdminService(r *repo.AccountRepo, pool *AccountPool, aes *crypto.AESGCM) *AccountAdminService {
-	return &AccountAdminService{repo: r, pool: pool, aes: aes}
-}
-
-// SetTestService 注入测试服务（路由层装配后回填，避免循环依赖）。
-func (s *AccountAdminService) SetTestService(t *AccountTestService) { s.testSvc = t }
-
-// Create 创建单个账号。
-// OAuth（GPT）对齐常见工具：access_token + refresh_token + session_token（可选）+ client_id（可选）；
-// credential 仍可单独填 refresh_token（旧版单框）。
-func (s *AccountAdminService) Create(ctx context.Context, adminID uint64, req *dto.AccountCreateReq) (*model.Account, error) {
-	weight := req.Weight
-	if weight <= 0 {
-		weight = 10
-	}
-
-	var credPlain string
-	switch req.AuthType {
-	case model.AuthTypeOAuth:
-		at := strings.TrimSpace(req.AccessToken)
-		rt := strings.TrimSpace(req.RefreshToken)
-		legacy := strings.TrimSpace(req.Credential)
-		if rt == "" {
-			rt = legacy
-		}
-		if at == "" && rt == "" {
-			return nil, errcode.InvalidParam.WithMsg("OAuth 请至少填写 access_token、refresh_token 或凭证其一")
-		}
-		if rt != "" {
-			credPlain = rt
-		} else {
-			credPlain = " "
-		}
-	default:
-		credPlain = strings.TrimSpace(req.Credential)
-		if req.Provider == model.ProviderGROK && req.AuthType == model.AuthTypeCookie {
-			credPlain = normalizeGrokSSOToken(credPlain)
-		}
-		if credPlain == "" {
-			return nil, errcode.InvalidParam.WithMsg("请填写凭证")
-		}
-	}
-
-	enc, err := s.aes.Encrypt([]byte(credPlain))
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	a := &model.Account{
-		Provider:      req.Provider,
-		Name:          req.Name,
-		AuthType:      req.AuthType,
-		CredentialEnc: enc,
-		Weight:        weight,
-		RPMLimit:      req.RPMLimit,
-		TPMLimit:      req.TPMLimit,
-		DailyQuota:    req.DailyQuota,
-		MonthlyQuota:  req.MonthlyQuota,
-		Status:        model.AccountStatusEnabled,
-		CreatedBy:     &adminID,
-	}
-	if req.BaseURL != "" {
-		a.BaseURL = strPtr(req.BaseURL)
-	}
-	if req.ProxyID != nil && *req.ProxyID > 0 {
-		a.ProxyID = req.ProxyID
-	}
-	if req.Remark != "" {
-		a.Remark = strPtr(req.Remark)
-	}
-	if req.AuthType == model.AuthTypeOAuth {
-		rt := strings.TrimSpace(req.RefreshToken)
-		if rt == "" {
-			rt = strings.TrimSpace(req.Credential)
-		}
-		if rt != "" {
-			rtEnc, err := s.aes.Encrypt([]byte(rt))
-			if err != nil {
-				return nil, errcode.Internal.Wrap(err)
-			}
-			a.RefreshTokenEnc = rtEnc
-		}
-		if at := strings.TrimSpace(req.AccessToken); at != "" {
-			atEnc, err := s.aes.Encrypt([]byte(at))
-			if err != nil {
-				return nil, errcode.Internal.Wrap(err)
-			}
-			a.AccessTokenEnc = atEnc
-			if exp, ok := jwtpayload.ExpUnixFromJWT(at); ok {
-				t := time.Unix(exp, 0).UTC()
-				a.AccessTokenExpiresAt = &t
-			}
-		}
-		if st := strings.TrimSpace(req.SessionToken); st != "" {
-			stEnc, err := s.aes.Encrypt([]byte(st))
-			if err != nil {
-				return nil, errcode.Internal.Wrap(err)
-			}
-			a.SessionTokenEnc = stEnc
-		}
-		if req.ClientID != "" {
-			b, _ := json.Marshal(map[string]any{"client_id": req.ClientID})
-			ms := string(b)
-			a.OAuthMeta = &ms
-		}
-	}
-	if req.Provider == model.ProviderGROK && req.AuthType == model.AuthTypeCookie {
-		exp := time.Now().UTC().Add(grokTokenTTL)
-		a.AccessTokenExpiresAt = &exp
-	}
-	if err := s.repo.Create(ctx, a); err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	s.pool.Reload(req.Provider)
-	return a, nil
-}
-
-// Update 部分更新。
-func (s *AccountAdminService) Update(ctx context.Context, id uint64, req *dto.AccountUpdateReq) error {
-	cur, err := s.repo.GetByID(ctx, id)
-	if err != nil {
-		return errcode.ResourceMissing
-	}
-
-	fields := map[string]any{}
-	if req.Name != nil {
-		fields["name"] = *req.Name
-	}
-	if req.Credential != nil && *req.Credential != "" {
-		credPlain := strings.TrimSpace(*req.Credential)
-		if cur.Provider == model.ProviderGROK && cur.AuthType == model.AuthTypeCookie {
-			credPlain = normalizeGrokSSOToken(credPlain)
-		}
-		enc, err := s.aes.Encrypt([]byte(credPlain))
-		if err != nil {
-			return errcode.Internal.Wrap(err)
-		}
-		fields["credential_enc"] = enc
-		// OAuth 凭证更新时同步刷新 refresh_token_enc，并清掉旧 access_token
-		if cur.AuthType == model.AuthTypeOAuth {
-			fields["refresh_token_enc"] = enc
-			fields["access_token_enc"] = nil
-			fields["access_token_expires_at"] = nil
-		}
-	}
-	// OAuth 三件套：单独更新（仅 OAuth 账号生效；非 OAuth 静默忽略）
-	if cur.AuthType == model.AuthTypeOAuth {
-		if req.AccessToken != nil {
-			at := strings.TrimSpace(*req.AccessToken)
-			if at == "" {
-				fields["access_token_enc"] = nil
-				fields["access_token_expires_at"] = nil
-			} else {
-				enc, err := s.aes.Encrypt([]byte(at))
-				if err != nil {
-					return errcode.Internal.Wrap(err)
-				}
-				fields["access_token_enc"] = enc
-				if exp, ok := jwtpayload.ExpUnixFromJWT(at); ok {
-					t := time.Unix(exp, 0).UTC()
-					fields["access_token_expires_at"] = t
-				} else {
-					fields["access_token_expires_at"] = nil
-				}
-			}
-		}
-		if req.RefreshToken != nil {
-			rt := strings.TrimSpace(*req.RefreshToken)
-			if rt == "" {
-				fields["refresh_token_enc"] = nil
-			} else {
-				enc, err := s.aes.Encrypt([]byte(rt))
-				if err != nil {
-					return errcode.Internal.Wrap(err)
-				}
-				fields["refresh_token_enc"] = enc
-				// credential_enc 同步用 RT，确保旧逻辑可用
-				fields["credential_enc"] = enc
-			}
-		}
-		if req.SessionToken != nil {
-			st := strings.TrimSpace(*req.SessionToken)
-			if st == "" {
-				fields["session_token_enc"] = nil
-			} else {
-				enc, err := s.aes.Encrypt([]byte(st))
-				if err != nil {
-					return errcode.Internal.Wrap(err)
-				}
-				fields["session_token_enc"] = enc
-			}
-		}
-		if req.ClientID != nil {
-			cid := strings.TrimSpace(*req.ClientID)
-			if cid == "" {
-				fields["oauth_meta"] = nil
-			} else {
-				b, _ := json.Marshal(map[string]any{"client_id": cid})
-				ms := string(b)
-				fields["oauth_meta"] = ms
-			}
-		}
-	}
-	if req.BaseURL != nil {
-		fields["base_url"] = *req.BaseURL
-	}
-	if req.ProxyID != nil {
-		if *req.ProxyID == 0 {
-			fields["proxy_id"] = nil
-		} else {
-			fields["proxy_id"] = *req.ProxyID
-		}
-	}
-	if req.Weight != nil {
-		fields["weight"] = *req.Weight
-	}
-	if req.RPMLimit != nil {
-		fields["rpm_limit"] = *req.RPMLimit
-	}
-	if req.TPMLimit != nil {
-		fields["tpm_limit"] = *req.TPMLimit
-	}
-	if req.DailyQuota != nil {
-		fields["daily_quota"] = *req.DailyQuota
-	}
-	if req.MonthlyQuota != nil {
-		fields["monthly_quota"] = *req.MonthlyQuota
-	}
-	if req.Status != nil {
-		fields["status"] = *req.Status
-	}
-	if req.Remark != nil {
-		fields["remark"] = *req.Remark
-	}
-	if err := s.repo.Update(ctx, id, fields); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	s.pool.Reload(cur.Provider)
-	return nil
-}
-
-// Delete 软删除并刷新池。
-func (s *AccountAdminService) Delete(ctx context.Context, id uint64) error {
-	cur, err := s.repo.GetByID(ctx, id)
-	if err != nil {
-		return errcode.ResourceMissing
-	}
-	if err := s.repo.SoftDelete(ctx, id); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	s.pool.Reload(cur.Provider)
-	return nil
-}
-
-func (s *AccountAdminService) reloadPoolGPTAndGrok() {
-	s.pool.Reload(model.ProviderGPT)
-	s.pool.Reload(model.ProviderGROK)
-}
-
-// BatchDeleteByIDs 批量软删账号。
-func (s *AccountAdminService) BatchDeleteByIDs(ctx context.Context, ids []uint64) (int64, error) {
-	n, err := s.repo.SoftDeleteMany(ctx, ids)
-	if err != nil {
-		return 0, errcode.DBError.Wrap(err)
-	}
-	if n > 0 {
-		s.reloadPoolGPTAndGrok()
-	}
-	return n, nil
-}
-
-// GetSecrets 解密返回单个账号的明文凭证（管理员专用，用于编辑面板回显）。
-// 解密失败的字段返回空串，不阻断响应。
-func (s *AccountAdminService) GetSecrets(ctx context.Context, id uint64) (*dto.AccountSecretsResp, error) {
-	a, err := s.repo.GetByID(ctx, id)
-	if err != nil {
-		return nil, errcode.ResourceMissing
-	}
-	out := &dto.AccountSecretsResp{}
-	if len(a.CredentialEnc) > 0 {
-		if b, err := s.aes.Decrypt(a.CredentialEnc); err == nil {
-			out.Credential = string(b)
-		}
-	}
-	if len(a.AccessTokenEnc) > 0 {
-		if b, err := s.aes.Decrypt(a.AccessTokenEnc); err == nil {
-			out.AccessToken = string(b)
-		}
-	}
-	if len(a.RefreshTokenEnc) > 0 {
-		if b, err := s.aes.Decrypt(a.RefreshTokenEnc); err == nil {
-			out.RefreshToken = string(b)
-		}
-	}
-	if len(a.SessionTokenEnc) > 0 {
-		if b, err := s.aes.Decrypt(a.SessionTokenEnc); err == nil {
-			out.SessionToken = string(b)
-		}
-	}
-	if a.OAuthMeta != nil && *a.OAuthMeta != "" {
-		var m map[string]any
-		if err := json.Unmarshal([]byte(*a.OAuthMeta), &m); err == nil {
-			if v, ok := m["client_id"].(string); ok {
-				out.ClientID = v
-			}
-		}
-	}
-	return out, nil
-}
-
-// PurgeAccounts 按条件批量软删：invalid 或 all（须 confirm）。
-func (s *AccountAdminService) PurgeAccounts(ctx context.Context, req *dto.AccountPurgeReq) (int64, error) {
-	var (
-		n   int64
-		err error
-	)
-	switch req.Scope {
-	case "invalid":
-		n, err = s.repo.SoftDeleteInvalid(ctx, req.Provider)
-	case "zero_quota":
-		n, err = s.repo.SoftDeleteZeroQuota(ctx, req.Provider)
-	case "all":
-		if req.Confirm != "DELETE_ALL_ACCOUNTS" {
-			return 0, errcode.InvalidParam.WithMsg("清空全部账号须在 confirm 填入 DELETE_ALL_ACCOUNTS")
-		}
-		n, err = s.repo.SoftDeleteAll(ctx, req.Provider)
-	default:
-		return 0, errcode.InvalidParam.WithMsg("scope 仅支持 all / invalid")
-	}
-	if err != nil {
-		return 0, errcode.DBError.Wrap(err)
-	}
-	if n > 0 {
-		s.reloadPoolGPTAndGrok()
-	}
-	return n, nil
-}
-
-// List 列表分页。
-func (s *AccountAdminService) List(ctx context.Context, req *dto.AccountListReq) ([]*dto.AccountResp, int64, error) {
-	items, total, err := s.repo.List(ctx, repo.AccountListFilter{
-		Provider: req.Provider,
-		Status:   req.Status,
-		Keyword:  req.Keyword,
-		Page:     req.Page,
-		PageSize: req.PageSize,
-	})
-	if err != nil {
-		return nil, 0, errcode.DBError.Wrap(err)
-	}
-	resp := make([]*dto.AccountResp, 0, len(items))
-	for _, it := range items {
-		resp = append(resp, accountToResp(it, s.aes))
-	}
-	return resp, total, nil
-}
-
-// BatchImport 文本行导入（format=lines）或 sub2api JSON 分片导入（format=sub2api）。
-func (s *AccountAdminService) BatchImport(ctx context.Context, adminID uint64, req *dto.AccountBatchImportReq) (*dto.BatchImportResult, error) {
-	format := strings.ToLower(strings.TrimSpace(req.Format))
-	if format == "" {
-		format = "lines"
-	}
-	if format == "sub2api" {
-		return s.batchImportSub2API(ctx, adminID, req)
-	}
-	if strings.TrimSpace(req.AuthType) == "" {
-		return nil, errcode.InvalidParam.WithMsg("auth_type 不能为空")
-	}
-	if strings.TrimSpace(req.Text) == "" {
-		return nil, errcode.InvalidParam.WithMsg("text 不能为空")
-	}
-
-	weight := req.Weight
-	if weight <= 0 {
-		weight = 10
-	}
-	isOAuth := req.AuthType == model.AuthTypeOAuth
-	lines := strings.Split(req.Text, "\n")
-	items := make([]*model.Account, 0, len(lines))
-	for _, raw := range lines {
-		line := strings.TrimSpace(raw)
-		if line == "" || strings.HasPrefix(line, "#") {
-			continue
-		}
-		name, cred, base := parseImportLine(line, req.BaseURL)
-		if req.Provider == model.ProviderGROK && req.AuthType == model.AuthTypeCookie {
-			name, cred, base = parseGrokCookieImportLine(line, req.BaseURL)
-		}
-		name = clampImportAccountName(name)
-		if cred == "" {
-			continue
-		}
-		if req.Provider == model.ProviderGROK && req.AuthType == model.AuthTypeCookie {
-			cred = normalizeGrokSSOToken(cred)
-			if name == "" {
-				name = "grok-" + shortTokenName(cred)
-			}
-		}
-		enc, err := s.aes.Encrypt([]byte(cred))
-		if err != nil {
-			return nil, errcode.Internal.Wrap(err)
-		}
-		a := &model.Account{
-			Provider:      req.Provider,
-			Name:          name,
-			AuthType:      req.AuthType,
-			CredentialEnc: enc,
-			Weight:        weight,
-			Status:        model.AccountStatusEnabled,
-			CreatedBy:     &adminID,
-		}
-		if base != "" {
-			b := base
-			a.BaseURL = &b
-		}
-		if req.ProxyID != nil && *req.ProxyID > 0 {
-			pid := *req.ProxyID
-			a.ProxyID = &pid
-		}
-		if req.Provider == model.ProviderGROK && req.AuthType == model.AuthTypeCookie {
-			exp := time.Now().UTC().Add(grokTokenTTL)
-			a.AccessTokenExpiresAt = &exp
-		}
-		if isOAuth {
-			rtEnc, err := s.aes.Encrypt([]byte(cred))
-			if err != nil {
-				return nil, errcode.Internal.Wrap(err)
-			}
-			a.RefreshTokenEnc = rtEnc
-		}
-		items = append(items, a)
-	}
-	if err := s.repo.BatchCreate(ctx, items); err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	s.pool.Reload(req.Provider)
-	return &dto.BatchImportResult{Imported: len(items), Skipped: 0}, nil
-}
-
-func (s *AccountAdminService) batchImportSub2API(ctx context.Context, adminID uint64, req *dto.AccountBatchImportReq) (*dto.BatchImportResult, error) {
-	defWeight := req.Weight
-	if defWeight <= 0 {
-		defWeight = 10
-	}
-	var items []*model.Account
-	skipped := 0
-	for _, item := range req.Accounts {
-		t := strings.ToLower(strings.TrimSpace(item.Type))
-		if t == "api_key" || t == "cookie" {
-			skipped++
-			continue
-		}
-		if item.Credentials == nil {
-			skipped++
-			continue
-		}
-		rt := strings.TrimSpace(item.Credentials.RefreshToken)
-		at := strings.TrimSpace(item.Credentials.AccessToken)
-		if rt == "" && at == "" {
-			skipped++
-			continue
-		}
-		credPlain := rt
-		if credPlain == "" {
-			credPlain = " "
-		}
-		prov := mapSub2APIPlatform(item.Platform)
-		if prov == "" {
-			prov = req.Provider
-		}
-		name := clampImportAccountName(item.Name)
-		if name == "" {
-			name = "sub2api-import"
-		}
-		w := defWeight
-		if item.Priority > 0 {
-			w = item.Priority
-			if w > 1000 {
-				w = 1000
-			}
-		}
-
-		credEnc, err := s.aes.Encrypt([]byte(credPlain))
-		if err != nil {
-			return nil, errcode.Internal.Wrap(err)
-		}
-		a := &model.Account{
-			Provider:      prov,
-			Name:          name,
-			AuthType:      model.AuthTypeOAuth,
-			CredentialEnc: credEnc,
-			Weight:        w,
-			Status:        model.AccountStatusEnabled,
-			CreatedBy:     &adminID,
-		}
-		if rt != "" {
-			rtEnc, err := s.aes.Encrypt([]byte(rt))
-			if err != nil {
-				return nil, errcode.Internal.Wrap(err)
-			}
-			a.RefreshTokenEnc = rtEnc
-		}
-		if norm := strings.TrimSpace(req.BaseURL); norm != "" {
-			b := norm
-			low := strings.ToLower(b)
-			if !strings.HasPrefix(low, "http://") && !strings.HasPrefix(low, "https://") {
-				b = "https://" + b
-			}
-			a.BaseURL = &b
-		}
-		if req.ProxyID != nil && *req.ProxyID > 0 {
-			pid := *req.ProxyID
-			a.ProxyID = &pid
-		}
-		meta := map[string]any{
-			"source":             "sub2api",
-			"email":              item.Credentials.Email,
-			"chatgpt_account_id": item.Credentials.ChatgptAccountID,
-			"chatgpt_user_id":    item.Credentials.ChatgptUserID,
-			"organization_id":    item.Credentials.OrganizationID,
-			"plan_type":          item.Credentials.PlanType,
-		}
-		if cid := accountClientIDFromImport(item.Credentials); cid != "" {
-			meta["client_id"] = cid
-		}
-		if mb, err := json.Marshal(meta); err == nil {
-			ms := string(mb)
-			a.OAuthMeta = &ms
-		}
-
-		if at != "" {
-			atEnc, err := s.aes.Encrypt([]byte(at))
-			if err != nil {
-				return nil, errcode.Internal.Wrap(err)
-			}
-			a.AccessTokenEnc = atEnc
-			if exp, ok := jwtpayload.ExpUnixFromJWT(at); ok {
-				t := time.Unix(exp, 0).UTC()
-				a.AccessTokenExpiresAt = &t
-			}
-		}
-		if idt := strings.TrimSpace(item.Credentials.IDToken); idt != "" {
-			idEnc, err := s.aes.Encrypt([]byte(idt))
-			if err != nil {
-				return nil, errcode.Internal.Wrap(err)
-			}
-			a.SessionTokenEnc = idEnc
-		}
-
-		items = append(items, a)
-	}
-	if len(items) == 0 {
-		return &dto.BatchImportResult{Imported: 0, Skipped: skipped}, nil
-	}
-	if err := s.repo.BatchCreate(ctx, items); err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	seen := map[string]struct{}{}
-	for _, it := range items {
-		seen[it.Provider] = struct{}{}
-	}
-	for p := range seen {
-		s.pool.Reload(p)
-	}
-	return &dto.BatchImportResult{Imported: len(items), Skipped: skipped}, nil
-}
-
-func mapSub2APIPlatform(p string) string {
-	switch strings.ToLower(strings.TrimSpace(p)) {
-	case "openai":
-		return model.ProviderGPT
-	case "grok", "x-ai", "xai":
-		return model.ProviderGROK
-	default:
-		return ""
-	}
-}
-
-func accountClientIDFromImport(c *dto.Sub2APICreds) string {
-	if c == nil {
-		return ""
-	}
-	if cid := strings.TrimSpace(c.ClientID); cid != "" {
-		return cid
-	}
-	if cid, ok := jwtpayload.StringClaimFromJWT(c.AccessToken, "client_id"); ok {
-		return cid
-	}
-	if cid, ok := jwtpayload.StringClaimFromJWT(c.IDToken, "azp"); ok {
-		return cid
-	}
-	return ""
-}
-
-// Test 触发账号连通性测试。
-func (s *AccountAdminService) Test(ctx context.Context, id uint64) (*dto.AccountTestResp, error) {
-	if s.testSvc == nil {
-		return nil, errcode.Internal.WithMsg("测试服务未启用")
-	}
-	a, err := s.repo.GetByID(ctx, id)
-	if err != nil {
-		return nil, errcode.ResourceMissing
-	}
-	return s.testSvc.Test(ctx, a)
-}
-
-// RefreshOAuth 刷新 OAuth 账号 RT。
-func (s *AccountAdminService) RefreshOAuth(ctx context.Context, id uint64) (*dto.AccountRefreshResp, error) {
-	if s.testSvc == nil {
-		return nil, errcode.Internal.WithMsg("刷新服务未启用")
-	}
-	a, err := s.repo.GetByID(ctx, id)
-	if err != nil {
-		return nil, errcode.ResourceMissing
-	}
-	resp, err := s.testSvc.RefreshOAuth(ctx, a)
-	if err != nil {
-		return nil, err
-	}
-	s.pool.Reload(a.Provider)
-	return resp, nil
-}
-
-// BatchRefreshOAuth 批量刷新（按 provider）。返回成功数和失败 ID 列表。
-func (s *AccountAdminService) BatchRefreshOAuth(ctx context.Context, provider string, page, pageSize int) (*dto.AccountBatchRefreshResp, error) {
-	if s.testSvc == nil {
-		return nil, errcode.Internal.WithMsg("刷新服务未启用")
-	}
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 {
-		pageSize = 50
-	}
-	if pageSize > 1000 {
-		pageSize = 1000
-	}
-	items, total, err := s.repo.List(ctx, repo.AccountListFilter{
-		Provider: provider,
-		Page:     page,
-		PageSize: pageSize,
-	})
-	if err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	ok := 0
-	failed := []uint64{}
-	var mu sync.Mutex
-	sem := make(chan struct{}, 4)
-	var wg sync.WaitGroup
-	for _, acc := range items {
-		a := acc
-		if !a.IsOAuth() {
-			continue
-		}
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			select {
-			case sem <- struct{}{}:
-			case <-ctx.Done():
-				mu.Lock()
-				failed = append(failed, a.ID)
-				mu.Unlock()
-				return
-			}
-			defer func() { <-sem }()
-			if _, err := s.testSvc.RefreshOAuth(ctx, a); err != nil {
-				mu.Lock()
-				failed = append(failed, a.ID)
-				mu.Unlock()
-				return
-			}
-			mu.Lock()
-			ok++
-			mu.Unlock()
-		}()
-	}
-	wg.Wait()
-	if provider != "" {
-		s.pool.Reload(provider)
-	}
-	hasMore := page*pageSize < int(total)
-	nextPage := 0
-	if hasMore {
-		nextPage = page + 1
-	}
-	return &dto.AccountBatchRefreshResp{
-		Refreshed: ok,
-		FailedIDs: failed,
-		Page:      page,
-		PageSize:  pageSize,
-		Total:     total,
-		HasMore:   hasMore,
-		NextPage:  nextPage,
-	}, nil
-}
-
-func (s *AccountAdminService) BatchProbeQuota(ctx context.Context, provider string, page, pageSize int) (*dto.AccountBatchProbeResp, error) {
-	if s.testSvc == nil {
-		return nil, errcode.Internal.WithMsg("quota probe service disabled")
-	}
-	if page <= 0 {
-		page = 1
-	}
-	if pageSize <= 0 {
-		pageSize = 20
-	}
-	if pageSize > 1000 {
-		pageSize = 1000
-	}
-	probed := 0
-	failed := []uint64{}
-
-	items, total, err := s.repo.List(ctx, repo.AccountListFilter{
-		Provider: provider,
-		Page:     page,
-		PageSize: pageSize,
-	})
-	if err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	for _, a := range items {
-		if !accountSupportsQuotaProbe(a) {
-			continue
-		}
-		res, err := s.testSvc.Test(ctx, a)
-		if err != nil || res == nil || !res.OK {
-			failed = append(failed, a.ID)
-			continue
-		}
-		probed++
-	}
-	if provider != "" {
-		s.pool.Reload(provider)
-	} else {
-		s.reloadPoolGPTAndGrok()
-	}
-	hasMore := page*pageSize < int(total)
-	nextPage := 0
-	if hasMore {
-		nextPage = page + 1
-	}
-	return &dto.AccountBatchProbeResp{
-		Probed:    probed,
-		FailedIDs: failed,
-		Page:      page,
-		PageSize:  pageSize,
-		Total:     total,
-		HasMore:   hasMore,
-		NextPage:  nextPage,
-	}, nil
-}
-
-func accountSupportsQuotaProbe(a *model.Account) bool {
-	if a == nil {
-		return false
-	}
-	switch a.Provider {
-	case model.ProviderGPT:
-		return a.AuthType == model.AuthTypeOAuth
-	case model.ProviderGROK:
-		return a.AuthType == model.AuthTypeCookie
-	default:
-		return false
-	}
-}
-
-// === helpers ===
-
-// clampImportAccountName 截断到库表 name 上限（utf8mb4 VARCHAR(128)）。
-func clampImportAccountName(s string) string {
-	s = strings.TrimSpace(s)
-	if s == "" {
-		return ""
-	}
-	r := []rune(s)
-	if len(r) <= 128 {
-		return s
-	}
-	return string(r[:128])
-}
-
-func parseImportLine(line, defaultBase string) (name, cred, base string) {
-	base = defaultBase
-	if i := strings.Index(line, "@@"); i > 0 {
-		name = strings.TrimSpace(line[:i])
-		cred = strings.TrimSpace(line[i+2:])
-		return
-	}
-	if i := strings.Index(line, "@http"); i > 0 {
-		cred = strings.TrimSpace(line[:i])
-		base = strings.TrimSpace(line[i+1:])
-		return
-	}
-	cred = line
-	if cred != "" {
-		// 用 credential 末 6 位做默认 name
-		if l := len(cred); l > 6 {
-			name = "auto-" + cred[l-6:]
-		} else {
-			name = "auto-" + cred
-		}
-	}
-	return
-}
-
-func parseGrokCookieImportLine(line, defaultBase string) (name, cred, base string) {
-	base = defaultBase
-	line = strings.TrimSpace(line)
-	if line == "" {
-		return
-	}
-	if parts := strings.Split(line, "----"); len(parts) >= 3 {
-		name = strings.TrimSpace(parts[0])
-		cred = strings.TrimSpace(parts[2])
-		return
-	}
-	if i := strings.Index(line, "@@"); i > 0 {
-		name = strings.TrimSpace(line[:i])
-		cred = strings.TrimSpace(line[i+2:])
-		return
-	}
-	cred = line
-	if cred != "" {
-		name = "grok-" + shortTokenName(cred)
-	}
-	return
-}
-
-func accountToResp(a *model.Account, _ *crypto.AESGCM) *dto.AccountResp {
-	r := &dto.AccountResp{
-		ID:                a.ID,
-		Provider:          a.Provider,
-		Name:              a.Name,
-		AuthType:          a.AuthType,
-		CredentialMask:    maskCredential(a.CredentialEnc),
-		Weight:            a.Weight,
-		RPMLimit:          a.RPMLimit,
-		TPMLimit:          a.TPMLimit,
-		DailyQuota:        a.DailyQuota,
-		MonthlyQuota:      a.MonthlyQuota,
-		Status:            a.Status,
-		ErrorCount:        a.ErrorCount,
-		SuccessCount:      a.SuccessCount,
-		HasRefreshToken:   len(a.RefreshTokenEnc) > 0,
-		HasAccessToken:    len(a.AccessTokenEnc) > 0,
-		LastTestStatus:    a.LastTestStatus,
-		LastTestLatencyMs: a.LastTestLatencyMs,
-		CreatedAt:         a.CreatedAt.Unix(),
-		UpdatedAt:         a.UpdatedAt.Unix(),
-	}
-	if a.BaseURL != nil {
-		r.BaseURL = *a.BaseURL
-	}
-	if a.ProxyID != nil {
-		r.ProxyID = *a.ProxyID
-	}
-	if a.LastUsedAt != nil {
-		r.LastUsedAt = a.LastUsedAt.Unix()
-	}
-	if a.CooldownUntil != nil {
-		r.CooldownUntil = a.CooldownUntil.Unix()
-	}
-	if a.LastError != nil {
-		r.LastError = *a.LastError
-	}
-	if a.Remark != nil {
-		r.Remark = *a.Remark
-	}
-	if a.AccessTokenExpiresAt != nil {
-		r.AccessTokenExpireAt = a.AccessTokenExpiresAt.Unix()
-	}
-	if a.LastRefreshAt != nil {
-		r.LastRefreshAt = a.LastRefreshAt.Unix()
-	}
-	if a.LastTestAt != nil {
-		r.LastTestAt = a.LastTestAt.Unix()
-	}
-	if a.LastTestError != nil {
-		r.LastTestError = *a.LastTestError
-	}
-	fillAccountProbeFields(r, a)
-	return r
-}
-
-// maskCredential 凭证密文不可解密返回前端，仅给一个掩码占位。
-func maskCredential(enc []byte) string {
-	if len(enc) < 4 {
-		return "******"
-	}
-	return "******" // 只暴露存在性
-}
-
-func fillAccountProbeFields(r *dto.AccountResp, a *model.Account) {
-	meta := accountOAuthMeta(a)
-	if v, ok := meta["plan_type"].(string); ok {
-		r.PlanType = strings.TrimSpace(v)
-	}
-	if v, ok := meta["default_model_slug"].(string); ok {
-		r.DefaultModel = strings.TrimSpace(v)
-	}
-	r.ImageQuotaRemaining = intFromMeta(meta, "image_quota_remaining")
-	r.ImageQuotaTotal = intFromMeta(meta, "image_quota_total")
-	r.ImageQuotaResetAt = int64FromMeta(meta, "image_quota_reset_at")
-}
-
-func intFromMeta(meta map[string]any, key string) int {
-	switch v := meta[key].(type) {
-	case int:
-		return v
-	case int64:
-		return int(v)
-	case float64:
-		return int(v)
-	case json.Number:
-		n, _ := v.Int64()
-		return int(n)
-	default:
-		return 0
-	}
-}
-
-func int64FromMeta(meta map[string]any, key string) int64 {
-	switch v := meta[key].(type) {
-	case int64:
-		return v
-	case int:
-		return int64(v)
-	case float64:
-		return int64(v)
-	case json.Number:
-		n, _ := v.Int64()
-		return n
-	default:
-		return 0
-	}
-}
-
-func strPtr(s string) *string { return &s }
diff --git a/backend/internal/service/account_pool.go b/backend/internal/service/account_pool.go
deleted file mode 100644
index b765f088..00000000
--- a/backend/internal/service/account_pool.go
+++ /dev/null
@@ -1,303 +0,0 @@
-// Package service 账号池调度。
-//
-// 职责：
-//  1. 周期性从 DB 装载可用账号到内存（带 TTL 缓存）；
-//  2. 提供 Pick(provider) 返回当前应调度的账号（RoundRobin / WeightedRR）；
-//  3. 调度结果回写：MarkUsed / MarkFailed（含熔断冷却）。
-//
-// 不在本组件内做：HTTP 调用 / 计费 / 任务编排。
-package service
-
-import (
-	"context"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"go.uber.org/zap"
-
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-// AccountPool 多 provider 共用一个池实例，内部按 provider 分桶。
-type AccountPool struct {
-	repo     *repo.AccountRepo
-	cacheTTL time.Duration
-	mu       sync.RWMutex
-	buckets  map[string]*providerBucket // key: provider
-	busyMu   sync.Mutex
-	busy     map[uint64]struct{}
-}
-
-type providerBucket struct {
-	loadedAt time.Time
-	items    []*model.Account
-	cursor   uint64 // RR 游标
-	weights  []int  // 权重展开缓存
-	wIdx     []int  // weights -> items 索引
-}
-
-// NewAccountPool 构造。
-func NewAccountPool(r *repo.AccountRepo, cacheTTL time.Duration) *AccountPool {
-	if cacheTTL <= 0 {
-		cacheTTL = 30 * time.Second
-	}
-	return &AccountPool{
-		repo:     r,
-		cacheTTL: cacheTTL,
-		buckets:  make(map[string]*providerBucket),
-		busy:     make(map[uint64]struct{}),
-	}
-}
-
-// Pick 取一个可用账号。strategy: round_robin / weighted_rr / random（默认 round_robin）。
-func (p *AccountPool) Pick(ctx context.Context, provider, strategy string) (*model.Account, error) {
-	return p.PickWhere(ctx, provider, strategy, nil)
-}
-
-// PickWhere 按 provider 取一个满足 predicate 的可用账号。
-func (p *AccountPool) PickWhere(ctx context.Context, provider, strategy string, predicate func(*model.Account) bool) (*model.Account, error) {
-	bucket, err := p.getBucket(ctx, provider)
-	if err != nil {
-		return nil, err
-	}
-	if len(bucket.items) == 0 {
-		return nil, errcode.NoAvailableAcc
-	}
-	if predicate != nil {
-		filtered := &providerBucket{loadedAt: bucket.loadedAt}
-		for _, it := range bucket.items {
-			if predicate(it) {
-				filtered.items = append(filtered.items, it)
-			}
-		}
-		for i, it := range filtered.items {
-			w := it.Weight
-			if w <= 0 {
-				w = 1
-			}
-			for j := 0; j < w; j++ {
-				filtered.weights = append(filtered.weights, w)
-				filtered.wIdx = append(filtered.wIdx, i)
-			}
-		}
-		bucket = filtered
-	}
-	if len(bucket.items) == 0 {
-		return nil, errcode.NoAvailableAcc
-	}
-
-	switch strategy {
-	case "weighted_rr":
-		return p.pickWeighted(bucket), nil
-	default:
-		return p.pickRR(bucket), nil
-	}
-}
-
-// ReserveWhere 选取并占用一个账号，确保同一个账号不会被并发复用。
-func (p *AccountPool) ReserveWhere(ctx context.Context, provider, strategy string, predicate func(*model.Account) bool) (*model.Account, error) {
-	bucket, err := p.getBucket(ctx, provider)
-	if err != nil {
-		return nil, err
-	}
-	if len(bucket.items) == 0 {
-		return nil, errcode.NoAvailableAcc
-	}
-	if predicate != nil {
-		filtered := &providerBucket{loadedAt: bucket.loadedAt}
-		for _, it := range bucket.items {
-			if predicate(it) {
-				filtered.items = append(filtered.items, it)
-			}
-		}
-		for i, it := range filtered.items {
-			w := it.Weight
-			if w <= 0 {
-				w = 1
-			}
-			for j := 0; j < w; j++ {
-				filtered.weights = append(filtered.weights, w)
-				filtered.wIdx = append(filtered.wIdx, i)
-			}
-		}
-		bucket = filtered
-	}
-	if len(bucket.items) == 0 {
-		return nil, errcode.NoAvailableAcc
-	}
-	for i := 0; i < len(bucket.items); i++ {
-		var acc *model.Account
-		switch strategy {
-		case "weighted_rr":
-			acc = p.pickWeighted(bucket)
-		default:
-			acc = p.pickRR(bucket)
-		}
-		if acc == nil {
-			break
-		}
-		if p.tryReserve(acc.ID) {
-			return acc, nil
-		}
-	}
-	return nil, errcode.NoAvailableAcc
-}
-
-// MarkUsed 调度成功回写。
-func (p *AccountPool) MarkUsed(ctx context.Context, accountID uint64) {
-	if err := p.repo.MarkUsed(ctx, accountID); err != nil {
-		logger.FromCtx(ctx).Warn("account.mark_used", zap.Uint64("id", accountID), zap.Error(err))
-	}
-}
-
-// MarkFailed 调度失败回写：reason 写入 last_error；cooldown>0 时进入熔断。
-func (p *AccountPool) MarkFailed(ctx context.Context, accountID uint64, reason string, cooldown time.Duration) {
-	if err := p.repo.MarkFailed(ctx, accountID, truncate(reason, 240), cooldown); err != nil {
-		logger.FromCtx(ctx).Warn("account.mark_failed", zap.Uint64("id", accountID), zap.Error(err))
-	}
-	if cooldown > 0 {
-		// 熔断后强制下一次取重新加载
-		p.invalidate(accountIDProvider(p, accountID))
-	}
-}
-
-// MarkTransientFailed records an upstream path failure without increasing
-// error_count or placing the account into cooldown.
-func (p *AccountPool) MarkTransientFailed(ctx context.Context, accountID uint64, reason string) {
-	if accountID == 0 {
-		return
-	}
-	if err := p.repo.Update(ctx, accountID, map[string]any{
-		"last_error": truncate(reason, 240),
-	}); err != nil {
-		logger.FromCtx(ctx).Warn("account.mark_transient_failed", zap.Uint64("id", accountID), zap.Error(err))
-	}
-}
-
-// Release 释放账号占用。
-func (p *AccountPool) Release(accountID uint64) {
-	if accountID == 0 {
-		return
-	}
-	p.busyMu.Lock()
-	delete(p.busy, accountID)
-	p.busyMu.Unlock()
-}
-
-// Reload 强制重新装载某 provider（管理后台 CRUD 后调用）。
-func (p *AccountPool) Reload(provider string) { p.invalidate(provider) }
-
-// Stats 返回各 provider 当前池中可用数量（用于仪表盘）。
-func (p *AccountPool) Stats() map[string]int {
-	p.mu.RLock()
-	defer p.mu.RUnlock()
-	out := make(map[string]int, len(p.buckets))
-	for k, b := range p.buckets {
-		out[k] = len(b.items)
-	}
-	return out
-}
-
-// === internal ===
-
-func (p *AccountPool) getBucket(ctx context.Context, provider string) (*providerBucket, error) {
-	p.mu.RLock()
-	b, ok := p.buckets[provider]
-	p.mu.RUnlock()
-	if ok && time.Since(b.loadedAt) < p.cacheTTL {
-		return b, nil
-	}
-	return p.loadBucket(ctx, provider)
-}
-
-func (p *AccountPool) loadBucket(ctx context.Context, provider string) (*providerBucket, error) {
-	items, err := p.repo.AvailableByProvider(ctx, provider)
-	if err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	b := &providerBucket{
-		loadedAt: time.Now(),
-		items:    items,
-	}
-	for i, it := range items {
-		w := it.Weight
-		if w <= 0 {
-			w = 1
-		}
-		for j := 0; j < w; j++ {
-			b.weights = append(b.weights, w)
-			b.wIdx = append(b.wIdx, i)
-		}
-	}
-	p.mu.Lock()
-	p.buckets[provider] = b
-	p.mu.Unlock()
-	return b, nil
-}
-
-func (p *AccountPool) pickRR(b *providerBucket) *model.Account {
-	n := uint64(len(b.items))
-	if n == 0 {
-		return nil
-	}
-	idx := atomic.AddUint64(&b.cursor, 1) % n
-	return b.items[idx]
-}
-
-func (p *AccountPool) pickWeighted(b *providerBucket) *model.Account {
-	n := uint64(len(b.wIdx))
-	if n == 0 {
-		return nil
-	}
-	idx := atomic.AddUint64(&b.cursor, 1) % n
-	return b.items[b.wIdx[idx]]
-}
-
-func (p *AccountPool) tryReserve(accountID uint64) bool {
-	if accountID == 0 {
-		return false
-	}
-	p.busyMu.Lock()
-	defer p.busyMu.Unlock()
-	if _, ok := p.busy[accountID]; ok {
-		return false
-	}
-	p.busy[accountID] = struct{}{}
-	return true
-}
-
-func (p *AccountPool) invalidate(provider string) {
-	if provider == "" {
-		return
-	}
-	p.mu.Lock()
-	delete(p.buckets, provider)
-	p.mu.Unlock()
-}
-
-// accountIDProvider 通过 ID 反查 provider（仅供失败回写后的 invalidate 使用）。
-// 为避免额外 SQL，从内存桶中查找；找不到则忽略。
-func accountIDProvider(p *AccountPool, id uint64) string {
-	p.mu.RLock()
-	defer p.mu.RUnlock()
-	for prov, b := range p.buckets {
-		for _, it := range b.items {
-			if it.ID == id {
-				return prov
-			}
-		}
-	}
-	return ""
-}
-
-func truncate(s string, n int) string {
-	r := []rune(s)
-	if len(r) <= n {
-		return s
-	}
-	return string(r[:n])
-}
diff --git a/backend/internal/service/account_test_service.go b/backend/internal/service/account_test_service.go
deleted file mode 100644
index 5d673adb..00000000
--- a/backend/internal/service/account_test_service.go
+++ /dev/null
@@ -1,1047 +0,0 @@
-package service
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/jwtpayload"
-	"github.com/kleinai/backend/pkg/outbound"
-)
-
-type flexStringList []string
-
-func (l *flexStringList) UnmarshalJSON(data []byte) error {
-	trimmed := strings.TrimSpace(string(data))
-	if trimmed == "" || trimmed == "null" {
-		*l = nil
-		return nil
-	}
-
-	var raw any
-	if err := json.Unmarshal(data, &raw); err != nil {
-		*l = []string{strings.TrimSpace(trimmed)}
-		return nil
-	}
-
-	out := make([]string, 0, 4)
-	collectFlexStrings(&out, raw)
-	*l = out
-	return nil
-}
-
-func (l flexStringList) Slice() []string {
-	if len(l) == 0 {
-		return nil
-	}
-	return append([]string(nil), l...)
-}
-
-func collectFlexStrings(dst *[]string, v any) {
-	switch t := v.(type) {
-	case string:
-		s := strings.TrimSpace(t)
-		if s != "" {
-			*dst = append(*dst, s)
-		}
-	case []any:
-		for _, it := range t {
-			collectFlexStrings(dst, it)
-		}
-	case map[string]any:
-		for _, it := range t {
-			collectFlexStrings(dst, it)
-		}
-	case json.Number:
-		s := strings.TrimSpace(t.String())
-		if s != "" {
-			*dst = append(*dst, s)
-		}
-	case bool:
-		*dst = append(*dst, fmt.Sprint(t))
-	case nil:
-		return
-	default:
-		s := strings.TrimSpace(fmt.Sprint(t))
-		if s != "" && s != "<nil>" {
-			*dst = append(*dst, s)
-		}
-	}
-}
-
-type AccountTestService struct {
-	accountRepo *repo.AccountRepo
-	proxySvc    *ProxyService
-	cfgSvc      *SystemConfigService
-	openaiOAuth *OpenAIOAuthService
-	aes         *crypto.AESGCM
-}
-
-func NewAccountTestService(
-	r *repo.AccountRepo,
-	proxySvc *ProxyService,
-	cfgSvc *SystemConfigService,
-	openaiOAuth *OpenAIOAuthService,
-	aes *crypto.AESGCM,
-) *AccountTestService {
-	return &AccountTestService{
-		accountRepo: r,
-		proxySvc:    proxySvc,
-		cfgSvc:      cfgSvc,
-		openaiOAuth: openaiOAuth,
-		aes:         aes,
-	}
-}
-
-func (s *AccountTestService) resolveProxyURL(ctx context.Context, account *model.Account) (string, error) {
-	pid := uint64(0)
-	if account.ProxyID != nil {
-		pid = *account.ProxyID
-	} else if s.cfgSvc.GlobalProxyEnabled(ctx) {
-		pid = s.cfgSvc.GlobalProxyID(ctx)
-	}
-	if pid == 0 {
-		return "", nil
-	}
-	p, err := s.proxySvc.GetByID(ctx, pid)
-	if err != nil {
-		return "", err
-	}
-	if p == nil || p.Status != model.ProxyStatusEnabled {
-		return "", nil
-	}
-	u, err := s.proxySvc.BuildURL(p)
-	if err != nil {
-		return "", err
-	}
-	if u == nil {
-		return "", nil
-	}
-	return u.String(), nil
-}
-
-func (s *AccountTestService) decryptCredential(account *model.Account) (string, error) {
-	if len(account.CredentialEnc) == 0 {
-		return "", errors.New("账号未配置凭证")
-	}
-	plain, err := s.aes.Decrypt(account.CredentialEnc)
-	if err != nil {
-		return "", fmt.Errorf("瑙ｅ瘑鍑瘉澶辫触: %w", err)
-	}
-	return strings.TrimSpace(string(plain)), nil
-}
-
-func (s *AccountTestService) decryptAccessToken(account *model.Account) (string, error) {
-	if len(account.AccessTokenEnc) == 0 {
-		return "", nil
-	}
-	plain, err := s.aes.Decrypt(account.AccessTokenEnc)
-	if err != nil {
-		return "", err
-	}
-	return strings.TrimSpace(string(plain)), nil
-}
-
-func (s *AccountTestService) decryptSessionToken(account *model.Account) string {
-	if len(account.SessionTokenEnc) == 0 {
-		return ""
-	}
-	plain, err := s.aes.Decrypt(account.SessionTokenEnc)
-	if err != nil {
-		return ""
-	}
-	return strings.TrimSpace(string(plain))
-}
-
-func (s *AccountTestService) Test(ctx context.Context, account *model.Account) (*dto.AccountTestResp, error) {
-	proxyURL, err := s.resolveProxyURL(ctx, account)
-	if err != nil {
-		errMsg := "代理配置不可用: " + err.Error()
-		if len(errMsg) > 250 {
-			errMsg = errMsg[:250]
-		}
-		now := time.Now().UTC()
-		_ = s.accountRepo.Update(ctx, account.ID, map[string]any{
-			"last_test_at":         now,
-			"last_test_status":     model.AccountTestFail,
-			"last_test_latency_ms": 0,
-			"last_test_error":      errMsg,
-		})
-		return &dto.AccountTestResp{OK: false, Error: errMsg}, nil
-	}
-
-	if account.IsOAuth() {
-		if err := s.maybeRefresh(ctx, account, proxyURL); err != nil {
-			fmt.Printf("[account-test] refresh failed: %v\n", err)
-		}
-	}
-
-	start := time.Now()
-	var (
-		ok        bool
-		errMsg    string
-		info      *accountTestInfo
-		latencyMs int
-	)
-	switch account.Provider {
-	case model.ProviderGPT:
-		ok, errMsg, info = s.testGPT(ctx, account, proxyURL)
-	case model.ProviderGROK:
-		ok, errMsg, info = s.testGROK(ctx, account, proxyURL)
-	default:
-		return nil, errcode.InvalidParam.WithMsg("涓嶆敮鎸佺殑 provider: " + account.Provider)
-	}
-	latencyMs = int(time.Since(start) / time.Millisecond)
-
-	st := model.AccountTestFail
-	if ok {
-		st = model.AccountTestOK
-	}
-	if len(errMsg) > 250 {
-		errMsg = errMsg[:250]
-	}
-	now := time.Now().UTC()
-	updates := map[string]any{
-		"last_test_at":         now,
-		"last_test_status":     st,
-		"last_test_latency_ms": latencyMs,
-		"last_test_error":      errMsg,
-	}
-	if account.Provider == model.ProviderGROK && account.AuthType == model.AuthTypeCookie && ok {
-		updates["access_token_expires_at"] = now.Add(grokTokenTTL)
-	}
-	_ = s.accountRepo.Update(ctx, account.ID, updates)
-
-	return &dto.AccountTestResp{
-		OK:                  ok,
-		LatencyMs:           latencyMs,
-		Error:               errMsg,
-		PlanType:            accountTestPlanType(info),
-		DefaultModel:        accountTestDefaultModel(info),
-		ImageQuotaRemaining: accountTestImageRemaining(info),
-		ImageQuotaTotal:     accountTestImageTotal(info),
-		ImageQuotaResetAt:   accountTestImageResetAt(info),
-	}, nil
-}
-
-func (s *AccountTestService) testGPT(ctx context.Context, account *model.Account, proxyURL string) (bool, string, *accountTestInfo) {
-	if account.AuthType == model.AuthTypeOAuth {
-		return s.testOpenAIOAuth(ctx, account, proxyURL)
-	}
-
-	base := "https://api.openai.com"
-	if account.BaseURL != nil && *account.BaseURL != "" {
-		base = strings.TrimRight(*account.BaseURL, "/")
-	}
-	endpoint := base + "/v1/models"
-
-	authHeader, err := s.buildAuthHeader(account)
-	if err != nil {
-		return false, err.Error(), nil
-	}
-	client, err := outbound.NewClient(outbound.Options{
-		ProxyURL: proxyURL,
-		Timeout:  20 * time.Second,
-		Mode:     outbound.ModeUTLS,
-		Profile:  outbound.ProfileChrome,
-	})
-	if err != nil {
-		return false, err.Error(), nil
-	}
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
-	if err != nil {
-		return false, err.Error(), nil
-	}
-	req.Header.Set("Authorization", authHeader)
-	req.Header.Set("Accept", "application/json")
-	resp, err := client.Do(req)
-	if err != nil {
-		return false, fmt.Sprintf("璇锋眰澶辫触: %v", err), nil
-	}
-	defer resp.Body.Close()
-	body, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
-	if resp.StatusCode/100 != 2 {
-		msg := strings.TrimSpace(string(body))
-		if len(msg) > 200 {
-			msg = msg[:200]
-		}
-		return false, fmt.Sprintf("HTTP %d: %s", resp.StatusCode, msg), nil
-	}
-	return true, "", nil
-}
-
-type accountTestInfo struct {
-	PlanType            string
-	DefaultModel        string
-	ImageQuotaRemaining int
-	ImageQuotaTotal     int
-	ImageQuotaResetAt   int64
-	BlockedFeatures     []string
-}
-
-func (s *AccountTestService) testOpenAIOAuth(ctx context.Context, account *model.Account, proxyURL string) (bool, string, *accountTestInfo) {
-	at, err := s.decryptAccessToken(account)
-	if err != nil {
-		return false, fmt.Sprintf("瑙ｅ瘑 access_token 澶辫触: %v", err), nil
-	}
-	if at == "" {
-		return false, "OAuth 璐﹀彿鏈彇寰?access_token锛岃鍏堝埛鏂?RT", nil
-	}
-	claims, ok := jwtpayload.ClaimsFromJWT(at)
-	if !ok {
-		return false, "access_token 涓嶆槸鍙В鏋愮殑 JWT", nil
-	}
-	exp, ok := jwtpayload.ExpUnixFromJWT(at)
-	if !ok {
-		return false, "access_token 缂哄皯 exp", nil
-	}
-	if time.Now().Unix() >= exp {
-		return false, "access_token 宸茶繃鏈燂紝璇峰埛鏂?RT", nil
-	}
-	cid := accountOAuthClientID(account)
-	if cid == "" {
-		if cidFromToken, ok := claims["client_id"].(string); ok {
-			cid = strings.TrimSpace(cidFromToken)
-		}
-	}
-	if cid == "" {
-		return false, "OAuth 元数据缺少 client_id，请重新导入或刷新账号", nil
-	}
-	if _, ok := claims["https://api.openai.com/auth"]; !ok {
-		if _, ok := claims["https://api.openai.com/profile"]; !ok {
-			return false, "access_token 缂哄皯 OpenAI OAuth 鏉冮檺淇℃伅", nil
-		}
-	}
-
-	info, err := s.probeChatGPTAccount(ctx, account, at, proxyURL)
-	if err != nil {
-		return false, err.Error(), nil
-	}
-	if info.PlanType == "" {
-		info.PlanType = planTypeFromClaims(claims)
-	}
-	s.persistOAuthProbe(ctx, account, cid, info)
-	return true, "", info
-}
-
-func (s *AccountTestService) probeChatGPTAccount(ctx context.Context, account *model.Account, accessToken, proxyURL string) (*accountTestInfo, error) {
-	client, err := outbound.NewClient(outbound.Options{
-		ProxyURL: proxyURL,
-		Timeout:  30 * time.Second,
-		Mode:     outbound.ModeUTLS,
-		Profile:  outbound.ProfileChrome,
-	})
-	if err != nil {
-		return nil, err
-	}
-	sessionToken := s.decryptSessionToken(account)
-	cookieHeader := bootstrapChatGPTCookies(ctx, client, sessionToken)
-	body := []byte(`{"gizmo_id":null,"requested_default_model":null,"conversation_id":null,"timezone_offset_min":-480,"system_hints":["picture_v2"]}`)
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://chatgpt.com/backend-api/conversation/init", bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-	setChatGPTProbeHeaders(req, account, accessToken, cookieHeader)
-	resp, err := client.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("conversation/init 璇锋眰澶辫触: %w", err)
-	}
-	defer resp.Body.Close()
-	data, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
-	if resp.StatusCode != http.StatusOK {
-		msg := strings.TrimSpace(string(data))
-		if len(msg) > 200 {
-			msg = msg[:200]
-		}
-		return nil, fmt.Errorf("conversation/init HTTP %d: %s", resp.StatusCode, msg)
-	}
-
-	var payload struct {
-		BlockedFeatures  flexStringList `json:"blocked_features"`
-		DefaultModelSlug string         `json:"default_model_slug"`
-		LimitsProgress   []struct {
-			FeatureName string `json:"feature_name"`
-			Remaining   *int   `json:"remaining"`
-			ResetAfter  string `json:"reset_after"`
-			MaxValue    *int   `json:"max_value"`
-			Cap         *int   `json:"cap"`
-			Total       *int   `json:"total"`
-			Limit       *int   `json:"limit"`
-			Used        *int   `json:"used"`
-			UsedValue   *int   `json:"used_value"`
-			Consumed    *int   `json:"consumed"`
-		} `json:"limits_progress"`
-	}
-	if err := json.Unmarshal(data, &payload); err != nil {
-		return nil, err
-	}
-
-	out := &accountTestInfo{
-		DefaultModel:        payload.DefaultModelSlug,
-		ImageQuotaRemaining: -1,
-		ImageQuotaTotal:     -1,
-		BlockedFeatures:     payload.BlockedFeatures.Slice(),
-	}
-	for _, item := range payload.LimitsProgress {
-		if !isImageQuotaFeature(item.FeatureName) {
-			continue
-		}
-		if item.Remaining != nil && (out.ImageQuotaRemaining < 0 || *item.Remaining < out.ImageQuotaRemaining) {
-			out.ImageQuotaRemaining = *item.Remaining
-		}
-		if maxV := firstInt(item.MaxValue, item.Cap, item.Total, item.Limit); maxV != nil && *maxV > out.ImageQuotaTotal {
-			out.ImageQuotaTotal = *maxV
-		}
-		if out.ImageQuotaTotal < 0 && item.Remaining != nil {
-			if usedV := firstInt(item.Used, item.UsedValue, item.Consumed); usedV != nil {
-				out.ImageQuotaTotal = *item.Remaining + *usedV
-			}
-		}
-		if item.ResetAfter != "" {
-			if t, e := time.Parse(time.RFC3339, item.ResetAfter); e == nil {
-				ts := t.Unix()
-				if out.ImageQuotaResetAt == 0 || ts < out.ImageQuotaResetAt {
-					out.ImageQuotaResetAt = ts
-				}
-			}
-		}
-	}
-	return out, nil
-}
-
-func bootstrapChatGPTCookies(ctx context.Context, client *http.Client, sessionToken string) string {
-	cookies := make([]string, 0, 4)
-	if strings.TrimSpace(sessionToken) != "" {
-		cookies = append(cookies, "__Secure-next-auth.session-token="+strings.TrimSpace(sessionToken))
-	}
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://chatgpt.com/", nil)
-	if err != nil {
-		return strings.Join(cookies, "; ")
-	}
-	setChatGPTProbeHeaders(req, &model.Account{}, "", strings.Join(cookies, "; "))
-	resp, err := client.Do(req)
-	if err != nil {
-		return strings.Join(cookies, "; ")
-	}
-	defer resp.Body.Close()
-	_, _ = io.Copy(io.Discard, io.LimitReader(resp.Body, 1024))
-	for _, c := range resp.Cookies() {
-		if c.Name == "" || c.Value == "" {
-			continue
-		}
-		cookies = append(cookies, c.Name+"="+c.Value)
-	}
-	return strings.Join(cookies, "; ")
-}
-
-func setChatGPTProbeHeaders(req *http.Request, account *model.Account, accessToken, cookieHeader string) {
-	const (
-		baseURL          = "https://chatgpt.com"
-		userAgent        = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 Edg/143.0.0.0"
-		clientVersion    = "prod-81e0c5cdf6140e8c5db714d613337f4aeab94029"
-		clientBuildNum   = "6128297"
-		defaultLanguage  = "zh-CN"
-		defaultSecCHUA   = `"Microsoft Edge";v="143", "Chromium";v="143", "Not A(Brand";v="24"`
-		defaultPlatform  = `"Windows"`
-		defaultPriority  = "u=1, i"
-		defaultAcceptLng = "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"
-	)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "*/*")
-	req.Header.Set("Origin", baseURL)
-	req.Header.Set("Referer", baseURL+"/")
-	req.Header.Set("Accept-Language", defaultAcceptLng)
-	req.Header.Set("User-Agent", userAgent)
-	req.Header.Set("Sec-Ch-Ua", defaultSecCHUA)
-	req.Header.Set("Sec-Ch-Ua-Arch", `"x86"`)
-	req.Header.Set("Sec-Ch-Ua-Bitness", `"64"`)
-	req.Header.Set("Sec-Ch-Ua-Full-Version", `"143.0.3650.96"`)
-	req.Header.Set("Sec-Ch-Ua-Full-Version-List", `"Microsoft Edge";v="143.0.3650.96", "Chromium";v="143.0.7499.147", "Not A(Brand";v="24.0.0.0"`)
-	req.Header.Set("Sec-Ch-Ua-Mobile", "?0")
-	req.Header.Set("Sec-Ch-Ua-Model", `""`)
-	req.Header.Set("Sec-Ch-Ua-Platform", defaultPlatform)
-	req.Header.Set("Sec-Ch-Ua-Platform-Version", `"19.0.0"`)
-	req.Header.Set("Sec-Fetch-Dest", "empty")
-	req.Header.Set("Sec-Fetch-Mode", "cors")
-	req.Header.Set("Sec-Fetch-Site", "same-origin")
-	req.Header.Set("Cache-Control", "no-cache")
-	req.Header.Set("Pragma", "no-cache")
-	req.Header.Set("Priority", defaultPriority)
-	req.Header.Set("Oai-Language", defaultLanguage)
-	req.Header.Set("Oai-Client-Version", clientVersion)
-	req.Header.Set("Oai-Client-Build-Number", clientBuildNum)
-	req.Header.Set("Oai-Device-Id", fallbackChatGPTDeviceID(account.ID))
-	if accessToken != "" {
-		req.Header.Set("Authorization", "Bearer "+accessToken)
-	} else {
-		req.Header.Del("Authorization")
-	}
-	if cookieHeader != "" {
-		req.Header.Set("Cookie", cookieHeader)
-	}
-	req.Header.Set("X-Openai-Target-Path", req.URL.Path)
-	req.Header.Set("X-Openai-Target-Route", req.URL.Path)
-}
-
-func (s *AccountTestService) persistOAuthProbe(ctx context.Context, account *model.Account, clientID string, info *accountTestInfo) {
-	if info == nil {
-		return
-	}
-	meta := accountOAuthMeta(account)
-	meta["client_id"] = clientID
-	if info.PlanType != "" {
-		meta["plan_type"] = info.PlanType
-	}
-	if info.DefaultModel != "" {
-		meta["default_model_slug"] = info.DefaultModel
-	}
-	if info.ImageQuotaRemaining >= 0 {
-		meta["image_quota_remaining"] = info.ImageQuotaRemaining
-	}
-	if info.ImageQuotaTotal > 0 {
-		meta["image_quota_total"] = info.ImageQuotaTotal
-	} else if info.ImageQuotaRemaining > 0 && intFromMeta(meta, "image_quota_total") <= 0 {
-		meta["image_quota_total"] = info.ImageQuotaRemaining
-	}
-	if info.ImageQuotaResetAt > 0 {
-		meta["image_quota_reset_at"] = info.ImageQuotaResetAt
-	}
-	if len(info.BlockedFeatures) > 0 {
-		meta["blocked_features"] = info.BlockedFeatures
-	} else {
-		delete(meta, "blocked_features")
-	}
-	meta["probed_at"] = time.Now().UTC().Unix()
-	raw, _ := json.Marshal(meta)
-	_ = s.accountRepo.Update(ctx, account.ID, map[string]any{"oauth_meta": string(raw)})
-}
-
-func (s *AccountTestService) testGROK(ctx context.Context, account *model.Account, proxyURL string) (bool, string, *accountTestInfo) {
-	if account.AuthType == model.AuthTypeCookie {
-		info, err := s.testGrokSSO(ctx, account, proxyURL)
-		if err != nil {
-			return false, err.Error(), nil
-		}
-		return true, "", info
-	}
-
-	base := "https://api.x.ai"
-	if account.BaseURL != nil && *account.BaseURL != "" {
-		base = strings.TrimRight(*account.BaseURL, "/")
-	}
-	endpoint := base + "/v1/models"
-
-	cred, err := s.decryptCredential(account)
-	if err != nil {
-		return false, err.Error(), nil
-	}
-	client, err := outbound.NewClient(outbound.Options{
-		ProxyURL: proxyURL,
-		Timeout:  20 * time.Second,
-		Mode:     outbound.ModeUTLS,
-		Profile:  outbound.ProfileChrome,
-	})
-	if err != nil {
-		return false, err.Error(), nil
-	}
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
-	if err != nil {
-		return false, err.Error(), nil
-	}
-	req.Header.Set("Authorization", "Bearer "+cred)
-	req.Header.Set("Accept", "application/json")
-	resp, err := client.Do(req)
-	if err != nil {
-		return false, fmt.Sprintf("请求失败: %v", err), nil
-	}
-	defer resp.Body.Close()
-	body, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
-	if resp.StatusCode/100 != 2 {
-		msg := strings.TrimSpace(string(body))
-		if len(msg) > 200 {
-			msg = msg[:200]
-		}
-		return false, fmt.Sprintf("HTTP %d: %s", resp.StatusCode, msg), nil
-	}
-	return true, "", nil
-}
-
-type grokRateLimitResp struct {
-	RemainingQueries  int `json:"remainingQueries"`
-	TotalQueries      int `json:"totalQueries"`
-	WindowSizeSeconds int `json:"windowSizeSeconds"`
-}
-
-type grokQuotaInfo struct {
-	Remaining     int   `json:"remaining"`
-	Total         int   `json:"total"`
-	WindowSeconds int   `json:"window_seconds"`
-	ResetAt       int64 `json:"reset_at"`
-	SyncedAt      int64 `json:"synced_at"`
-}
-
-var grokRateLimitModes = []string{
-	"auto",
-	"fast",
-	"expert",
-	"heavy",
-	"grok-420-computer-use-sa",
-}
-
-func (s *AccountTestService) testGrokSSO(ctx context.Context, account *model.Account, proxyURL string) (*accountTestInfo, error) {
-	cred, err := s.decryptCredential(account)
-	if err != nil {
-		return nil, err
-	}
-	token := normalizeGrokSSOToken(cred)
-	if token == "" {
-		return nil, errors.New("Grok SSO token 涓虹┖")
-	}
-	client, err := outbound.NewClient(outbound.Options{
-		ProxyURL: proxyURL,
-		Timeout:  20 * time.Second,
-		Mode:     outbound.ModeUTLS,
-		Profile:  outbound.ProfileChrome,
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	quotas := map[string]grokQuotaInfo{}
-	now := time.Now().UTC()
-	for _, modeName := range grokRateLimitModes {
-		q, err := s.fetchGrokRateLimit(ctx, client, token, modeName)
-		if err != nil {
-			if len(quotas) == 0 {
-				return nil, err
-			}
-			continue
-		}
-		quotas[modeName] = grokQuotaInfo{
-			Remaining:     q.RemainingQueries,
-			Total:         q.TotalQueries,
-			WindowSeconds: q.WindowSizeSeconds,
-			ResetAt:       now.Add(time.Duration(q.WindowSizeSeconds) * time.Second).Unix(),
-			SyncedAt:      now.Unix(),
-		}
-	}
-	if len(quotas) == 0 {
-		return nil, errors.New("Grok rate-limits 未返回可用额度")
-	}
-
-	plan := inferGrokPlanType(quotas)
-	meta := accountOAuthMeta(account)
-	meta["source"] = "grok2api-token"
-	meta["plan_type"] = plan
-	meta["default_model_slug"] = "fast"
-	meta["grok_quota"] = quotas
-	meta["probed_at"] = now.Unix()
-
-	totalRemaining, totalQuota := 0, 0
-	resetAt := int64(0)
-	for _, q := range quotas {
-		totalRemaining += q.Remaining
-		totalQuota += q.Total
-		if q.ResetAt > 0 && (resetAt == 0 || q.ResetAt < resetAt) {
-			resetAt = q.ResetAt
-		}
-	}
-	meta["image_quota_remaining"] = totalRemaining
-	meta["image_quota_total"] = totalQuota
-	if resetAt > 0 {
-		meta["image_quota_reset_at"] = resetAt
-	}
-	raw, _ := json.Marshal(meta)
-	_ = s.accountRepo.Update(ctx, account.ID, map[string]any{"oauth_meta": string(raw)})
-
-	return &accountTestInfo{
-		PlanType:            plan,
-		DefaultModel:        "fast",
-		ImageQuotaRemaining: totalRemaining,
-		ImageQuotaTotal:     totalQuota,
-		ImageQuotaResetAt:   resetAt,
-	}, nil
-}
-
-func (s *AccountTestService) fetchGrokRateLimit(ctx context.Context, client *http.Client, token, modeName string) (*grokRateLimitResp, error) {
-	body, _ := json.Marshal(map[string]string{"modelName": modeName})
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://grok.com/rest/rate-limits", bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set("Accept", "*/*")
-	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8")
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Cookie", "sso="+token+"; sso-rw="+token)
-	req.Header.Set("Origin", "https://grok.com")
-	req.Header.Set("Referer", "https://grok.com/")
-	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36")
-	req.Header.Set("X-Statsig-ID", "YXV0aGVudGljYXRlZA==")
-	req.Header.Set("X-XAI-Request-ID", uuid.NewString())
-	req.Header.Set("Sec-Fetch-Dest", "empty")
-	req.Header.Set("Sec-Fetch-Mode", "cors")
-	req.Header.Set("Sec-Fetch-Site", "same-origin")
-
-	resp, err := client.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("rate-limits 璇锋眰澶辫触: %w", err)
-	}
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
-	if resp.StatusCode/100 != 2 {
-		msg := strings.TrimSpace(string(raw))
-		if isGrokInvalidCredential(msg) || resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden {
-			return nil, fmt.Errorf("Grok token 鏃犳晥鎴栧凡杩囨湡: HTTP %d: %s", resp.StatusCode, trimMsg(msg, 200))
-		}
-		return nil, fmt.Errorf("rate-limits HTTP %d: %s", resp.StatusCode, trimMsg(msg, 200))
-	}
-	var out grokRateLimitResp
-	if err := json.Unmarshal(raw, &out); err != nil {
-		return nil, fmt.Errorf("rate-limits 鍝嶅簲瑙ｆ瀽澶辫触: %w", err)
-	}
-	return &out, nil
-}
-
-func inferGrokPlanType(quotas map[string]grokQuotaInfo) string {
-	maxTotal := 0
-	for _, q := range quotas {
-		if q.Total > maxTotal {
-			maxTotal = q.Total
-		}
-	}
-	switch {
-	case maxTotal >= 150:
-		return "heavy"
-	case maxTotal >= 50:
-		return "super"
-	default:
-		return "basic"
-	}
-}
-
-func isGrokInvalidCredential(msg string) bool {
-	msg = strings.ToLower(msg)
-	markers := []string{
-		"invalid-credentials",
-		"bad-credentials",
-		"failed to look up session id",
-		"blocked-user",
-		"email-domain-rejected",
-		"session not found",
-		"account suspended",
-		"token revoked",
-		"token expired",
-	}
-	for _, marker := range markers {
-		if strings.Contains(msg, marker) {
-			return true
-		}
-	}
-	return false
-}
-
-func trimMsg(msg string, n int) string {
-	msg = strings.TrimSpace(msg)
-	if len(msg) > n {
-		return msg[:n]
-	}
-	return msg
-}
-
-func (s *AccountTestService) buildAuthHeader(account *model.Account) (string, error) {
-	switch account.AuthType {
-	case model.AuthTypeAPIKey:
-		cred, err := s.decryptCredential(account)
-		if err != nil {
-			return "", err
-		}
-		return "Bearer " + cred, nil
-	case model.AuthTypeOAuth:
-		at, err := s.decryptAccessToken(account)
-		if err != nil {
-			return "", fmt.Errorf("瑙ｅ瘑 access_token 澶辫触: %w", err)
-		}
-		if at == "" {
-			return "", errors.New("OAuth 璐﹀彿鏈彇寰?access_token锛岃鍏堝埛鏂?RT")
-		}
-		return "Bearer " + at, nil
-	case model.AuthTypeCookie:
-		cred, err := s.decryptCredential(account)
-		if err != nil {
-			return "", err
-		}
-		return cred, nil
-	default:
-		return "", fmt.Errorf("鏈煡 auth_type: %s", account.AuthType)
-	}
-}
-
-func accountOAuthMeta(account *model.Account) map[string]any {
-	meta := map[string]any{}
-	if account == nil || account.OAuthMeta == nil || strings.TrimSpace(*account.OAuthMeta) == "" {
-		return meta
-	}
-	_ = json.Unmarshal([]byte(*account.OAuthMeta), &meta)
-	if meta == nil {
-		meta = map[string]any{}
-	}
-	return meta
-}
-
-func accountOAuthClientID(account *model.Account) string {
-	meta := accountOAuthMeta(account)
-	if v, ok := meta["client_id"].(string); ok {
-		return strings.TrimSpace(v)
-	}
-	return ""
-}
-
-func (s *AccountTestService) RefreshOAuth(ctx context.Context, account *model.Account) (*dto.AccountRefreshResp, error) {
-	if !account.IsOAuth() {
-		return nil, errcode.InvalidParam.WithMsg("浠?OAuth 璐﹀彿鏀寔鍒锋柊 RT")
-	}
-	if account.Provider != model.ProviderGPT {
-		return nil, errcode.InvalidParam.WithMsg("浠呮敮鎸?OpenAI / GPT 璐﹀彿鍒锋柊 RT")
-	}
-
-	rt := ""
-	if len(account.RefreshTokenEnc) > 0 {
-		plain, err := s.aes.Decrypt(account.RefreshTokenEnc)
-		if err != nil {
-			return nil, errcode.Internal.Wrap(err)
-		}
-		rt = strings.TrimSpace(string(plain))
-	}
-	if rt == "" {
-		cred, err := s.decryptCredential(account)
-		if err != nil {
-			return nil, errcode.InvalidParam.Wrap(err)
-		}
-		rt = cred
-	}
-	if rt == "" {
-		return nil, errcode.InvalidParam.WithMsg("璐﹀彿鏈厤缃?refresh_token")
-	}
-
-	proxyURL, err := s.resolveProxyURL(ctx, account)
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-
-	clientID, err := oauthRefreshClientID(account)
-	if err != nil {
-		return nil, errcode.InvalidParam.WithMsg(err.Error())
-	}
-	tr, err := s.openaiOAuth.RefreshToken(ctx, rt, clientID, proxyURL)
-	if err != nil {
-		errMsg := err.Error()
-		if len(errMsg) > 250 {
-			errMsg = errMsg[:250]
-		}
-		_ = s.accountRepo.Update(ctx, account.ID, map[string]any{
-			"last_error":  errMsg,
-			"error_count": gorm.Expr("error_count + 1"),
-		})
-		return nil, errcode.GPTUnavailable.Wrap(err).WithMsg("鍒锋柊澶辫触: " + err.Error())
-	}
-
-	atEnc, err := s.aes.Encrypt([]byte(tr.AccessToken))
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-
-	now := time.Now().UTC()
-	updates := map[string]any{
-		"access_token_enc": atEnc,
-		"last_refresh_at":  now,
-		"last_error":       "",
-	}
-	if tr.ExpiresIn > 0 {
-		exp := now.Add(time.Duration(tr.ExpiresIn) * time.Second)
-		updates["access_token_expires_at"] = exp
-	}
-	if strings.TrimSpace(tr.RefreshToken) != "" {
-		rtEnc, err := s.aes.Encrypt([]byte(tr.RefreshToken))
-		if err != nil {
-			return nil, errcode.Internal.Wrap(err)
-		}
-		updates["refresh_token_enc"] = rtEnc
-	}
-	meta := accountOAuthMeta(account)
-	if clientID != "" {
-		meta["client_id"] = clientID
-	}
-	meta["scope"] = tr.Scope
-	meta["updated"] = now.Unix()
-	if tr.IDToken != "" {
-		meta["id_token_present"] = true
-	}
-	rawMeta, _ := json.Marshal(meta)
-	updates["oauth_meta"] = string(rawMeta)
-
-	if err := s.accountRepo.Update(ctx, account.ID, updates); err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-
-	return &dto.AccountRefreshResp{
-		OK:           true,
-		ExpiresIn:    tr.ExpiresIn,
-		RefreshedAt:  now.Unix(),
-		HasRefreshTK: tr.RefreshToken != "",
-	}, nil
-}
-
-func (s *AccountTestService) maybeRefresh(ctx context.Context, account *model.Account, _ string) error {
-	if !account.IsOAuth() || account.Provider != model.ProviderGPT {
-		return nil
-	}
-	at, _ := s.decryptAccessToken(account)
-	if at == "" {
-		_, err := s.RefreshOAuth(ctx, account)
-		if err != nil {
-			return err
-		}
-		fresh, err := s.accountRepo.GetByID(ctx, account.ID)
-		if err == nil {
-			*account = *fresh
-		}
-		return nil
-	}
-	if account.AccessTokenExpiresAt == nil {
-		return nil
-	}
-	hours := s.cfgSvc.RefreshBeforeHours(ctx)
-	threshold := time.Now().UTC().Add(time.Duration(hours) * time.Hour)
-	if account.AccessTokenExpiresAt.Before(threshold) {
-		_, err := s.RefreshOAuth(ctx, account)
-		if err != nil {
-			return err
-		}
-		fresh, err := s.accountRepo.GetByID(ctx, account.ID)
-		if err == nil {
-			*account = *fresh
-		}
-	}
-	return nil
-}
-
-func (s *AccountTestService) TestProxy(ctx context.Context, p *model.Proxy) (*dto.ProxyTestResp, error) {
-	u, err := s.proxySvc.BuildURL(p)
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	client, err := outbound.NewClient(outbound.Options{
-		ProxyURL: u.String(),
-		Timeout:  15 * time.Second,
-		Mode:     outbound.ModeUTLS,
-		Profile:  outbound.ProfileChrome,
-	})
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	target := "https://httpbin.org/ip"
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, target, nil)
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	start := time.Now()
-	resp, err := client.Do(req)
-	latency := int(time.Since(start) / time.Millisecond)
-	if err != nil {
-		_ = s.proxySvc.MarkCheck(ctx, p.ID, false, latency, err.Error())
-		return &dto.ProxyTestResp{OK: false, LatencyMs: latency, Error: err.Error()}, nil
-	}
-	defer resp.Body.Close()
-	_, _ = io.Copy(io.Discard, io.LimitReader(resp.Body, 1024))
-	ok := resp.StatusCode/100 == 2
-	errMsg := ""
-	if !ok {
-		errMsg = fmt.Sprintf("HTTP %d", resp.StatusCode)
-	}
-	_ = s.proxySvc.MarkCheck(ctx, p.ID, ok, latency, errMsg)
-	return &dto.ProxyTestResp{OK: ok, LatencyMs: latency, Error: errMsg}, nil
-}
-
-func planTypeFromClaims(claims map[string]any) string {
-	auth, _ := claims["https://api.openai.com/auth"].(map[string]any)
-	if auth == nil {
-		return ""
-	}
-	for _, key := range []string{"chatgpt_plan_type", "plan_type", "account_plan_type"} {
-		if v, ok := auth[key].(string); ok && strings.TrimSpace(v) != "" {
-			return strings.TrimSpace(v)
-		}
-	}
-	return ""
-}
-
-func fallbackChatGPTDeviceID(accountID uint64) string {
-	return fmt.Sprintf("00000000-0000-4000-8000-%012d", accountID%1_000_000_000_000)
-}
-
-func isImageQuotaFeature(name string) bool {
-	n := strings.ToLower(name)
-	switch n {
-	case "image_gen", "image_generation", "image_edit", "img_gen":
-		return true
-	}
-	return strings.Contains(n, "image_gen") || strings.Contains(n, "img_gen")
-}
-
-func firstInt(ps ...*int) *int {
-	for _, p := range ps {
-		if p != nil {
-			return p
-		}
-	}
-	return nil
-}
-
-func accountTestPlanType(info *accountTestInfo) string {
-	if info == nil {
-		return ""
-	}
-	return info.PlanType
-}
-
-func accountTestDefaultModel(info *accountTestInfo) string {
-	if info == nil {
-		return ""
-	}
-	return info.DefaultModel
-}
-
-func accountTestImageRemaining(info *accountTestInfo) int {
-	if info == nil || info.ImageQuotaRemaining < 0 {
-		return 0
-	}
-	return info.ImageQuotaRemaining
-}
-
-func accountTestImageTotal(info *accountTestInfo) int {
-	if info == nil || info.ImageQuotaTotal < 0 {
-		return 0
-	}
-	return info.ImageQuotaTotal
-}
-
-func accountTestImageResetAt(info *accountTestInfo) int64 {
-	if info == nil {
-		return 0
-	}
-	return info.ImageQuotaResetAt
-}
diff --git a/backend/internal/service/admin_auth_service.go b/backend/internal/service/admin_auth_service.go
deleted file mode 100644
index dcbc4565..00000000
--- a/backend/internal/service/admin_auth_service.go
+++ /dev/null
@@ -1,91 +0,0 @@
-// Package service 后台账号认证。
-package service
-
-import (
-	"context"
-	"errors"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/jwtx"
-)
-
-// AdminAuthService 后台登录。
-type AdminAuthService struct {
-	repo *repo.AdminRepo
-	jwt  *jwtx.Manager
-}
-
-// NewAdminAuthService 构造。
-func NewAdminAuthService(r *repo.AdminRepo, jwt *jwtx.Manager) *AdminAuthService {
-	return &AdminAuthService{repo: r, jwt: jwt}
-}
-
-// Login 后台登录。
-func (s *AdminAuthService) Login(ctx context.Context, req *dto.LoginReq, ip string) (*model.AdminUser, *dto.TokenPair, error) {
-	username := strings.TrimSpace(req.Account)
-	if username == "" {
-		return nil, nil, errcode.InvalidParam
-	}
-	u, err := s.repo.GetByUsername(ctx, username)
-	if err != nil {
-		if errors.Is(err, repo.ErrNotFound) {
-			return nil, nil, errcode.Unauthorized.WithMsg("账号或密码错误")
-		}
-		return nil, nil, errcode.DBError.Wrap(err)
-	}
-	if !u.IsActive() {
-		return nil, nil, errcode.Forbidden.WithMsg("账号已停用")
-	}
-	if !crypto.VerifyPassword(u.Password, req.Password) {
-		return nil, nil, errcode.Unauthorized.WithMsg("账号或密码错误")
-	}
-	role, _ := s.repo.GetRoleByID(ctx, u.RoleID)
-	roles := []string{}
-	if role != nil {
-		roles = append(roles, role.Code)
-	}
-
-	jti := uuid.NewString()
-	access, accExp, err := s.jwt.IssueAccess(u.ID, jwtx.SubjectAdmin, jti, roles)
-	if err != nil {
-		return nil, nil, errcode.Internal.Wrap(err)
-	}
-	refresh, refExp, err := s.jwt.IssueRefresh(u.ID, jwtx.SubjectAdmin, jti)
-	if err != nil {
-		return nil, nil, errcode.Internal.Wrap(err)
-	}
-	_ = s.repo.UpdateLogin(ctx, u.ID, ip)
-
-	now := time.Now()
-	return u, &dto.TokenPair{
-		AccessToken:     access,
-		RefreshToken:    refresh,
-		TokenType:       "Bearer",
-		AccessExpireIn:  int64(accExp.Sub(now).Seconds()),
-		RefreshExpireIn: int64(refExp.Sub(now).Seconds()),
-	}, nil
-}
-
-// ChangePassword updates the current admin user's password.
-func (s *AdminAuthService) ChangePassword(ctx context.Context, uid uint64, req *dto.ChangePasswordReq) error {
-	u, err := s.repo.GetByID(ctx, uid)
-	if err != nil {
-		return errcode.UserNotFound
-	}
-	if !crypto.VerifyPassword(u.Password, req.OldPassword) {
-		return errcode.Unauthorized.WithMsg("原密码不正确")
-	}
-	hash, err := crypto.HashPassword(req.NewPassword)
-	if err != nil {
-		return errcode.Internal.Wrap(err)
-	}
-	return s.repo.UpdatePassword(ctx, uid, hash)
-}
diff --git a/backend/internal/service/admin_promo_service.go b/backend/internal/service/admin_promo_service.go
deleted file mode 100644
index b44b222d..00000000
--- a/backend/internal/service/admin_promo_service.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package service
-
-import (
-	"context"
-	"strings"
-	"time"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/errcode"
-)
-
-type AdminPromoService struct {
-	repo *repo.PromoRepo
-}
-
-func NewAdminPromoService(r *repo.PromoRepo) *AdminPromoService {
-	return &AdminPromoService{repo: r}
-}
-
-func (s *AdminPromoService) List(ctx context.Context, req *dto.AdminPromoListReq) ([]*dto.AdminPromoResp, int64, error) {
-	rows, total, err := s.repo.List(ctx, repo.PromoListFilter{
-		Keyword:      req.Keyword,
-		Status:       req.Status,
-		DiscountType: req.DiscountType,
-		Page:         req.Page,
-		PageSize:     req.PageSize,
-	})
-	if err != nil {
-		return nil, 0, errcode.DBError.Wrap(err)
-	}
-	out := make([]*dto.AdminPromoResp, 0, len(rows))
-	for _, row := range rows {
-		out = append(out, promoResp(row))
-	}
-	return out, total, nil
-}
-
-func (s *AdminPromoService) Create(ctx context.Context, req *dto.AdminPromoCreateReq, adminID uint64) (*model.PromoCode, error) {
-	now := time.Now().UTC()
-	start := now
-	if req.StartAt > 0 {
-		start = time.Unix(req.StartAt, 0).UTC()
-	}
-	end := time.Unix(req.EndAt, 0).UTC()
-	if !end.After(start) {
-		return nil, errcode.InvalidParam.WithMsg("结束时间必须晚于开始时间")
-	}
-	status := int8(model.PromoStatusEnabled)
-	if req.Status != nil {
-		status = *req.Status
-	}
-	applyTo := strings.TrimSpace(req.ApplyTo)
-	if applyTo == "" {
-		applyTo = "all"
-	}
-	code := strings.ToUpper(strings.TrimSpace(req.Code))
-	row := &model.PromoCode{
-		Code:         code,
-		Name:         strings.TrimSpace(req.Name),
-		DiscountType: req.DiscountType,
-		DiscountVal:  req.DiscountVal,
-		MinAmount:    req.MinAmount,
-		ApplyTo:      applyTo,
-		TotalQty:     req.TotalQty,
-		PerUserLimit: req.PerUserLimit,
-		StartAt:      start,
-		EndAt:        end,
-		Status:       status,
-		CreatedBy:    &adminID,
-	}
-	if row.PerUserLimit == 0 {
-		row.PerUserLimit = 1
-	}
-	if err := s.repo.Create(ctx, row); err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	return row, nil
-}
-
-func (s *AdminPromoService) Update(ctx context.Context, id uint64, req *dto.AdminPromoUpdateReq) error {
-	fields := map[string]any{}
-	if req.Code != nil {
-		fields["code"] = strings.ToUpper(strings.TrimSpace(*req.Code))
-	}
-	if req.Name != nil {
-		fields["name"] = strings.TrimSpace(*req.Name)
-	}
-	if req.DiscountType != nil {
-		fields["discount_type"] = *req.DiscountType
-	}
-	if req.DiscountVal != nil {
-		fields["discount_val"] = *req.DiscountVal
-	}
-	if req.MinAmount != nil {
-		fields["min_amount"] = *req.MinAmount
-	}
-	if req.ApplyTo != nil {
-		applyTo := strings.TrimSpace(*req.ApplyTo)
-		if applyTo == "" {
-			applyTo = "all"
-		}
-		fields["apply_to"] = applyTo
-	}
-	if req.TotalQty != nil {
-		fields["total_qty"] = *req.TotalQty
-	}
-	if req.PerUserLimit != nil {
-		fields["per_user_limit"] = *req.PerUserLimit
-	}
-	if req.StartAt != nil {
-		fields["start_at"] = time.Unix(*req.StartAt, 0).UTC()
-	}
-	if req.EndAt != nil {
-		fields["end_at"] = time.Unix(*req.EndAt, 0).UTC()
-	}
-	if req.Status != nil {
-		fields["status"] = *req.Status
-	}
-	if err := s.repo.Update(ctx, id, fields); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	return nil
-}
-
-func (s *AdminPromoService) Delete(ctx context.Context, id uint64) error {
-	if err := s.repo.Delete(ctx, id); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	return nil
-}
-
-func promoResp(row *model.PromoCode) *dto.AdminPromoResp {
-	return &dto.AdminPromoResp{
-		ID:           row.ID,
-		Code:         row.Code,
-		Name:         row.Name,
-		DiscountType: row.DiscountType,
-		DiscountVal:  row.DiscountVal,
-		MinAmount:    row.MinAmount,
-		ApplyTo:      row.ApplyTo,
-		TotalQty:     row.TotalQty,
-		UsedQty:      row.UsedQty,
-		PerUserLimit: row.PerUserLimit,
-		StartAt:      row.StartAt.Unix(),
-		EndAt:        row.EndAt.Unix(),
-		Status:       row.Status,
-		CreatedAt:    row.CreatedAt.Unix(),
-		UpdatedAt:    row.UpdatedAt.Unix(),
-	}
-}
diff --git a/backend/internal/service/admin_user_service.go b/backend/internal/service/admin_user_service.go
deleted file mode 100644
index f285a628..00000000
--- a/backend/internal/service/admin_user_service.go
+++ /dev/null
@@ -1,238 +0,0 @@
-package service
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-)
-
-type AdminUserService struct {
-	users  *repo.UserRepo
-	wallet *repo.WalletRepo
-}
-
-func NewAdminUserService(users *repo.UserRepo, wallet *repo.WalletRepo) *AdminUserService {
-	return &AdminUserService{users: users, wallet: wallet}
-}
-
-func (s *AdminUserService) List(ctx context.Context, req *dto.AdminUserListReq) ([]*dto.AdminUserResp, int64, error) {
-	items, total, err := s.users.List(ctx, repo.UserListFilter{
-		Keyword:  req.Keyword,
-		Status:   req.Status,
-		Page:     req.Page,
-		PageSize: req.PageSize,
-	})
-	if err != nil {
-		return nil, 0, errcode.DBError.Wrap(err)
-	}
-	out := make([]*dto.AdminUserResp, 0, len(items))
-	for _, u := range items {
-		out = append(out, adminUserToResp(u))
-	}
-	return out, total, nil
-}
-
-func (s *AdminUserService) Create(ctx context.Context, req *dto.AdminUserCreateReq) (*model.User, error) {
-	account := strings.TrimSpace(req.Account)
-	if account == "" {
-		return nil, errcode.InvalidParam.WithMsg("账号不能为空")
-	}
-	hash, err := crypto.HashPassword(req.Password)
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	status := int8(1)
-	if req.Status != nil {
-		status = *req.Status
-	}
-	u := &model.User{
-		UUID:       uuid.NewString(),
-		Password:   hash,
-		Status:     status,
-		PlanCode:   "free",
-		InviteCode: genInviteCode(),
-	}
-	switch {
-	case emailRe.MatchString(account):
-		v := strings.ToLower(account)
-		u.Email = &v
-		if username := strings.TrimSpace(req.Username); username != "" {
-			u.Username = &username
-		} else if username := defaultUsername(v); username != "" {
-			u.Username = &username
-		}
-	case phoneRe.MatchString(account):
-		v := account
-		u.Phone = &v
-		if username := strings.TrimSpace(req.Username); username != "" {
-			u.Username = &username
-		}
-	default:
-		v := account
-		u.Username = &v
-	}
-	if err := s.users.Create(ctx, u); err != nil {
-		return nil, wrapDup(err)
-	}
-	if req.Points > 0 && s.wallet != nil {
-		if _, err := s.wallet.Adjust(ctx, u.ID, model.BizRecharge, adminBizID("create"), req.Points, "管理员创建用户赠送", true); err != nil {
-			return nil, errcode.DBError.Wrap(err)
-		}
-		u.Points = req.Points
-		u.TotalRecharge = req.Points
-	}
-	return u, nil
-}
-
-func (s *AdminUserService) Update(ctx context.Context, id uint64, req *dto.AdminUserUpdateReq) error {
-	fields := map[string]any{}
-	if req.Email != nil {
-		v := strings.TrimSpace(*req.Email)
-		if v == "" {
-			fields["email"] = nil
-		} else if !emailRe.MatchString(v) {
-			return errcode.InvalidParam.WithMsg("邮箱格式不正确")
-		} else {
-			fields["email"] = strings.ToLower(v)
-		}
-	}
-	if req.Phone != nil {
-		v := strings.TrimSpace(*req.Phone)
-		if v == "" {
-			fields["phone"] = nil
-		} else if !phoneRe.MatchString(v) {
-			return errcode.InvalidParam.WithMsg("手机号格式不正确")
-		} else {
-			fields["phone"] = v
-		}
-	}
-	if req.Username != nil {
-		v := strings.TrimSpace(*req.Username)
-		if v == "" {
-			fields["username"] = nil
-		} else {
-			fields["username"] = v
-		}
-	}
-	if req.Avatar != nil {
-		v := strings.TrimSpace(*req.Avatar)
-		if v == "" {
-			fields["avatar"] = nil
-		} else {
-			fields["avatar"] = v
-		}
-	}
-	if req.Password != nil && strings.TrimSpace(*req.Password) != "" {
-		hash, err := crypto.HashPassword(*req.Password)
-		if err != nil {
-			return errcode.Internal.Wrap(err)
-		}
-		fields["password"] = hash
-	}
-	if req.Status != nil {
-		fields["status"] = *req.Status
-	}
-	if req.PlanCode != nil {
-		v := strings.TrimSpace(*req.PlanCode)
-		if v == "" {
-			v = "free"
-		}
-		fields["plan_code"] = v
-	}
-	if req.PlanExpireAt != nil {
-		if *req.PlanExpireAt <= 0 {
-			fields["plan_expire_at"] = nil
-		} else {
-			t := time.Unix(*req.PlanExpireAt, 0).UTC()
-			fields["plan_expire_at"] = &t
-		}
-	}
-	if err := s.users.Update(ctx, id, fields); err != nil {
-		return wrapDup(err)
-	}
-	return nil
-}
-
-func (s *AdminUserService) AdjustPoints(ctx context.Context, id uint64, req *dto.AdminUserAdjustPointsReq) (*dto.AdminUserAdjustPointsResp, error) {
-	if s.wallet == nil {
-		return nil, errcode.Internal.WithMsg("钱包服务未启用")
-	}
-	points := req.Points
-	biz := model.BizRecharge
-	addTotal := true
-	remark := strings.TrimSpace(req.Remark)
-	if remark == "" {
-		remark = "管理员充值"
-	}
-	if req.Action == "deduct" {
-		points = -points
-		biz = "admin_deduct"
-		addTotal = false
-		if remark == "" || remark == "管理员充值" {
-			remark = "管理员扣除"
-		}
-	}
-	log, err := s.wallet.Adjust(ctx, id, biz, adminBizID(req.Action), points, remark, addTotal)
-	if err != nil {
-		if errors.Is(err, repo.ErrInsufficient) {
-			return nil, errcode.InvalidParam.WithMsg("用户可用积分不足")
-		}
-		return nil, errcode.DBError.Wrap(err)
-	}
-	return &dto.AdminUserAdjustPointsResp{PointsBefore: log.PointsBefore, PointsAfter: log.PointsAfter}, nil
-}
-
-func adminUserToResp(u *model.User) *dto.AdminUserResp {
-	r := &dto.AdminUserResp{
-		ID:            u.ID,
-		UUID:          u.UUID,
-		Points:        u.Points,
-		FrozenPoints:  u.FrozenPoints,
-		TotalRecharge: u.TotalRecharge,
-		PlanCode:      u.PlanCode,
-		InviterID:     u.InviterID,
-		InviteCode:    u.InviteCode,
-		Status:        u.Status,
-		CreatedAt:     u.CreatedAt.Unix(),
-		UpdatedAt:     u.UpdatedAt.Unix(),
-	}
-	if u.Email != nil {
-		r.Email = *u.Email
-	}
-	if u.Phone != nil {
-		r.Phone = *u.Phone
-	}
-	if u.Username != nil {
-		r.Username = *u.Username
-	}
-	if u.Avatar != nil {
-		r.Avatar = *u.Avatar
-	}
-	if u.PlanExpireAt != nil {
-		r.PlanExpireAt = u.PlanExpireAt.Unix()
-	}
-	if u.RegisterIP != nil {
-		r.RegisterIP = *u.RegisterIP
-	}
-	if u.LastLoginAt != nil {
-		r.LastLoginAt = u.LastLoginAt.Unix()
-	}
-	if u.LastLoginIP != nil {
-		r.LastLoginIP = *u.LastLoginIP
-	}
-	return r
-}
-
-func adminBizID(action string) string {
-	return fmt.Sprintf("admin-%s-%d", action, time.Now().UnixNano())
-}
diff --git a/backend/internal/service/apikey_service.go b/backend/internal/service/apikey_service.go
deleted file mode 100644
index 8753b0d5..00000000
--- a/backend/internal/service/apikey_service.go
+++ /dev/null
@@ -1,178 +0,0 @@
-// Package service API Key 业务。
-package service
-
-import (
-	"context"
-	"crypto/sha256"
-	"encoding/hex"
-	"strings"
-	"time"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-)
-
-// APIKeyService 用户 API Key。
-type APIKeyService struct {
-	repo *repo.APIKeyRepo
-}
-
-// NewAPIKeyService 构造。
-func NewAPIKeyService(r *repo.APIKeyRepo) *APIKeyService { return &APIKeyService{repo: r} }
-
-// Prefix 用户 Key 前缀；OpenAI 兼容场景下习惯使用 `sk-` 风格。
-const KeyPrefix = "sk-klein-"
-
-// Create 创建一个用户 Key。明文仅返回一次。
-func (s *APIKeyService) Create(ctx context.Context, userID uint64, req *dto.APIKeyCreateReq) (*dto.APIKeyCreateResp, error) {
-	scope := strings.TrimSpace(req.Scope)
-	if scope == "" {
-		scope = "chat,image,video"
-	}
-
-	body, err := crypto.RandomString(40)
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	plain := KeyPrefix + body
-
-	salt, err := crypto.RandomString(32)
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	hash := hashKey(plain, salt)
-	last4 := plain[len(plain)-4:]
-
-	k := &model.APIKey{
-		UserID:     userID,
-		Name:       req.Name,
-		Prefix:     KeyPrefix,
-		Hash:       hash,
-		Salt:       salt,
-		Last4:      last4,
-		Scope:      scope,
-		RPMLimit:   defaultIfZero(req.RPMLimit, 60),
-		DailyQuota: req.DailyQuota,
-		Status:     1,
-	}
-	if req.ExpireDays > 0 {
-		exp := time.Now().UTC().Add(time.Duration(req.ExpireDays) * 24 * time.Hour)
-		k.ExpireAt = &exp
-	}
-	if err := s.repo.Create(ctx, k); err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	return &dto.APIKeyCreateResp{
-		ID:        k.ID,
-		Name:      k.Name,
-		Plain:     plain,
-		Prefix:    k.Prefix,
-		Last4:     k.Last4,
-		Scope:     k.Scope,
-		CreatedAt: k.CreatedAt.Unix(),
-	}, nil
-}
-
-// List 列出用户 keys。
-func (s *APIKeyService) List(ctx context.Context, userID uint64) ([]*dto.APIKeyResp, error) {
-	items, err := s.repo.ListByUser(ctx, userID)
-	if err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	out := make([]*dto.APIKeyResp, 0, len(items))
-	for _, k := range items {
-		r := &dto.APIKeyResp{
-			ID:         k.ID,
-			Name:       k.Name,
-			Prefix:     k.Prefix,
-			Last4:      k.Last4,
-			Mask:       k.Prefix + "****" + k.Last4,
-			Scope:      k.Scope,
-			RPMLimit:   k.RPMLimit,
-			DailyQuota: k.DailyQuota,
-			Status:     k.Status,
-			CreatedAt:  k.CreatedAt.Unix(),
-		}
-		if k.ExpireAt != nil {
-			r.ExpireAt = k.ExpireAt.Unix()
-		}
-		if k.LastUsedAt != nil {
-			r.LastUsedAt = k.LastUsedAt.Unix()
-		}
-		out = append(out, r)
-	}
-	return out, nil
-}
-
-// Toggle 启用 / 停用。
-func (s *APIKeyService) Toggle(ctx context.Context, userID, id uint64, enable bool) error {
-	if _, err := s.repo.GetByID(ctx, userID, id); err != nil {
-		return errcode.ResourceMissing
-	}
-	status := int8(0)
-	if enable {
-		status = 1
-	}
-	if err := s.repo.UpdateStatus(ctx, userID, id, status); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	return nil
-}
-
-// Delete 删除（软删）。
-func (s *APIKeyService) Delete(ctx context.Context, userID, id uint64) error {
-	if _, err := s.repo.GetByID(ctx, userID, id); err != nil {
-		return errcode.ResourceMissing
-	}
-	if err := s.repo.SoftDelete(ctx, userID, id); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	return nil
-}
-
-// Verify 通过明文 key 验证 → 返回 model.APIKey。
-//
-// 算法：
-//   1. 校验前缀（拒绝明显非法的请求 Key，避免每次都查 DB）；
-//   2. 暴力查 DB（hash 列有唯一索引）；为了拿 salt，需先做候选查询：
-//      实际策略：用 last4 + prefix 做候选查询，再逐个 SHA256(plain+salt) 校验。
-//
-// 这里出于性能与简单考虑：直接基于 hash 列做查找，
-// 但 hash = SHA256(plain + salt)，salt 不固定，因此真实流程必须先取候选列表。
-func (s *APIKeyService) Verify(ctx context.Context, plain string) (*model.APIKey, error) {
-	if !strings.HasPrefix(plain, KeyPrefix) || len(plain) < 16 {
-		return nil, errcode.APIKeyInvalid
-	}
-	last4 := plain[len(plain)-4:]
-	cands, err := s.repo.ListByLast4(ctx, last4)
-	if err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	now := time.Now().UTC()
-	for _, c := range cands {
-		if !c.IsActive(now) {
-			continue
-		}
-		if hashKey(plain, c.Salt) == c.Hash {
-			return c, nil
-		}
-	}
-	return nil, errcode.APIKeyInvalid
-}
-
-func hashKey(plain, salt string) string {
-	h := sha256.New()
-	h.Write([]byte(plain))
-	h.Write([]byte(salt))
-	return hex.EncodeToString(h.Sum(nil))
-}
-
-func defaultIfZero(v, d int) int {
-	if v == 0 {
-		return d
-	}
-	return v
-}
diff --git a/backend/internal/service/auth_service.go b/backend/internal/service/auth_service.go
deleted file mode 100644
index 8990a63e..00000000
--- a/backend/internal/service/auth_service.go
+++ /dev/null
@@ -1,218 +0,0 @@
-// Package service 业务编排层。事务、幂等、跨 repo 协作发生在这里。
-package service
-
-import (
-	"context"
-	"errors"
-	"regexp"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-	"go.uber.org/zap"
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/jwtx"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-// AuthService 用户认证。
-type AuthService struct {
-	db   *gorm.DB
-	user *repo.UserRepo
-	jwt  *jwtx.Manager
-}
-
-// NewAuthService 构造。
-func NewAuthService(db *gorm.DB, userRepo *repo.UserRepo, jwt *jwtx.Manager) *AuthService {
-	return &AuthService{db: db, user: userRepo, jwt: jwt}
-}
-
-var (
-	emailRe = regexp.MustCompile(`^[A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,}$`)
-	phoneRe = regexp.MustCompile(`^1[3-9]\d{9}$`)
-)
-
-// Register 用户注册（事务内创建用户 + 邀请关系 + 注册赠点流水可在后续扩展）。
-func (s *AuthService) Register(ctx context.Context, req *dto.RegisterReq, ip string) (*model.User, *dto.TokenPair, error) {
-	account := strings.TrimSpace(req.Account)
-	if account == "" {
-		return nil, nil, errcode.InvalidParam
-	}
-
-	user := &model.User{
-		UUID:       uuid.NewString(),
-		Status:     1,
-		PlanCode:   "free",
-		InviteCode: genInviteCode(),
-		RegisterIP: &ip,
-	}
-
-	switch {
-	case emailRe.MatchString(account):
-		e := strings.ToLower(account)
-		user.Email = &e
-		if username := defaultUsername(e); username != "" {
-			user.Username = &username
-		}
-	case phoneRe.MatchString(account):
-		p := account
-		user.Phone = &p
-	default:
-		user.Username = &account
-	}
-
-	hash, err := crypto.HashPassword(req.Password)
-	if err != nil {
-		return nil, nil, errcode.Internal.Wrap(err)
-	}
-	user.Password = hash
-
-	if req.InviteCode != "" {
-		if inv, err := s.user.GetByInviteCode(ctx, req.InviteCode); err == nil && inv != nil {
-			user.InviterID = &inv.ID
-		}
-	}
-
-	err = s.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		if err := tx.Create(user).Error; err != nil {
-			return wrapDup(err)
-		}
-		if user.InviterID != nil {
-			if err := tx.Exec(
-				"INSERT IGNORE INTO user_invite_relation (user_id, inviter_id, invite_code) VALUES (?, ?, ?)",
-				user.ID, *user.InviterID, req.InviteCode,
-			).Error; err != nil {
-				return err
-			}
-		}
-		return nil
-	})
-	if err != nil {
-		return nil, nil, err
-	}
-
-	tok, err := s.issue(user)
-	if err != nil {
-		return nil, nil, err
-	}
-	logger.FromCtx(ctx).Info("auth.register", zap.Uint64("uid", user.ID), zap.String("ip", ip))
-	return user, tok, nil
-}
-
-// Login 登录。
-func (s *AuthService) Login(ctx context.Context, req *dto.LoginReq, ip string) (*model.User, *dto.TokenPair, error) {
-	u, err := s.user.GetByAccount(ctx, req.Account)
-	if err != nil {
-		if errors.Is(err, repo.ErrNotFound) {
-			return nil, nil, errcode.UserNotFound
-		}
-		return nil, nil, errcode.DBError.Wrap(err)
-	}
-	if !u.IsActive() {
-		return nil, nil, errcode.Forbidden.WithMsg("账号已停用")
-	}
-	if !crypto.VerifyPassword(u.Password, req.Password) {
-		return nil, nil, errcode.Unauthorized.WithMsg("账号或密码错误")
-	}
-	if err := s.user.UpdateLogin(ctx, u.ID, ip); err != nil {
-		logger.FromCtx(ctx).Warn("update login failed", zap.Error(err))
-	}
-
-	tok, err := s.issue(u)
-	if err != nil {
-		return nil, nil, err
-	}
-	return u, tok, nil
-}
-
-// Refresh 用 refresh token 换新 access token。
-func (s *AuthService) Refresh(ctx context.Context, refresh string) (*dto.TokenPair, error) {
-	cl, err := s.jwt.ParseRefresh(refresh)
-	if err != nil {
-		return nil, errcode.TokenExpired.Wrap(err)
-	}
-	u, err := s.user.GetByID(ctx, cl.UID)
-	if err != nil {
-		return nil, errcode.UserNotFound
-	}
-	if !u.IsActive() {
-		return nil, errcode.Forbidden
-	}
-	return s.issue(u)
-}
-
-// ChangePassword 修改密码。
-func (s *AuthService) ChangePassword(ctx context.Context, uid uint64, req *dto.ChangePasswordReq) error {
-	u, err := s.user.GetByID(ctx, uid)
-	if err != nil {
-		return errcode.UserNotFound
-	}
-	if !crypto.VerifyPassword(u.Password, req.OldPassword) {
-		return errcode.Unauthorized.WithMsg("原密码不正确")
-	}
-	hash, err := crypto.HashPassword(req.NewPassword)
-	if err != nil {
-		return errcode.Internal.Wrap(err)
-	}
-	return s.user.UpdatePassword(ctx, uid, hash)
-}
-
-// issue 颁发 access + refresh。
-func (s *AuthService) issue(u *model.User) (*dto.TokenPair, error) {
-	jti := uuid.NewString()
-	access, accExp, err := s.jwt.IssueAccess(u.ID, jwtx.SubjectUser, jti, []string{u.PlanCode})
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	refresh, refExp, err := s.jwt.IssueRefresh(u.ID, jwtx.SubjectUser, jti)
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	now := time.Now()
-	return &dto.TokenPair{
-		AccessToken:     access,
-		RefreshToken:    refresh,
-		TokenType:       "Bearer",
-		AccessExpireIn:  int64(accExp.Sub(now).Seconds()),
-		RefreshExpireIn: int64(refExp.Sub(now).Seconds()),
-	}, nil
-}
-
-// === helpers ===
-
-// genInviteCode 8 位邀请码：K + 7 位大写 base32（无 0/1/I/O）。
-func genInviteCode() string {
-	const alphabet = "23456789ABCDEFGHJKLMNPQRSTUVWXYZ" // 32 char
-	b, _ := crypto.RandomBytes(8)
-	out := make([]byte, 8)
-	out[0] = 'K'
-	for i := 1; i < 8; i++ {
-		out[i] = alphabet[int(b[i])%len(alphabet)]
-	}
-	return string(out)
-}
-
-func defaultUsername(email string) string {
-	if i := strings.Index(email, "@"); i > 0 {
-		return email[:i]
-	}
-	return ""
-}
-
-// wrapDup 把 MySQL 唯一索引冲突映射成 UserExists。
-func wrapDup(err error) error {
-	if err == nil {
-		return nil
-	}
-	msg := err.Error()
-	if strings.Contains(msg, "Error 1062") || strings.Contains(msg, "Duplicate entry") {
-		return errcode.UserExists.Wrap(err)
-	}
-	return err
-}
diff --git a/backend/internal/service/billing_service.go b/backend/internal/service/billing_service.go
deleted file mode 100644
index faaa7561..00000000
--- a/backend/internal/service/billing_service.go
+++ /dev/null
@@ -1,198 +0,0 @@
-// Package service 计费引擎核心：预扣 / 结算 / 退款。
-//
-// 流程（与 docs/02-后端规范.md §6 对齐）：
-//
-//   1. PreDeduct  → wallet.Freeze + 写 consume_record(status=0)
-//   2. (上游调用)
-//   3. Settle     → wallet.Settle  + 更新 consume_record(status=1)
-//   4. Failure    → wallet.Refund  + 更新 consume_record(status=2) + 写 refund_record
-//
-// 任务 ID（task_id）在调用方生成，应使用 ULID 字符串。
-package service
-
-import (
-	"context"
-	"errors"
-
-	"go.uber.org/zap"
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-// BillingService 计费引擎。
-type BillingService struct {
-	db     *gorm.DB
-	wallet *repo.WalletRepo
-}
-
-// NewBillingService 构造。
-func NewBillingService(db *gorm.DB, w *repo.WalletRepo) *BillingService {
-	return &BillingService{db: db, wallet: w}
-}
-
-// PreDeductReq 预扣点请求。
-type PreDeductReq struct {
-	UserID     uint64
-	TaskID     string
-	Kind       string // image / video
-	ModelCode  string
-	Count      int
-	UnitPoints int64
-}
-
-// PreDeduct 预扣点 + 写 consume_record(status=frozen)。
-func (s *BillingService) PreDeduct(ctx context.Context, req PreDeductReq) error {
-	total := req.UnitPoints * int64(req.Count)
-	if total <= 0 {
-		return errcode.InvalidParam.WithMsg("invalid cost")
-	}
-
-	if _, err := s.wallet.Freeze(ctx, req.UserID, model.BizConsume, req.TaskID, total, req.ModelCode); err != nil {
-		if errors.Is(err, repo.ErrInsufficient) {
-			return errcode.InsufficientPoints
-		}
-		return errcode.DBError.Wrap(err)
-	}
-
-	rec := &model.ConsumeRecord{
-		TaskID:      req.TaskID,
-		UserID:      req.UserID,
-		Kind:        req.Kind,
-		ModelCode:   req.ModelCode,
-		Count:       req.Count,
-		UnitPoints:  req.UnitPoints,
-		TotalPoints: total,
-		Status:      model.ConsumeStatusFrozen,
-	}
-	if err := s.db.WithContext(ctx).Create(rec).Error; err != nil {
-		// 写 consume_record 失败需要回滚已 freeze 的点
-		_ = s.wallet.Refund(ctx, req.UserID, req.TaskID, "rollback consume_record failed", total)
-		return errcode.DBError.Wrap(err)
-	}
-	return nil
-}
-
-// Settle 结算消费：将 frozen → 落地。account_id 可写入实际消耗的池中账号。
-func (s *BillingService) Settle(ctx context.Context, taskID string, accountID *uint64) error {
-	var rec model.ConsumeRecord
-	if err := s.db.WithContext(ctx).Where("task_id = ?", taskID).First(&rec).Error; err != nil {
-		return errcode.ResourceMissing
-	}
-	if rec.Status != model.ConsumeStatusFrozen {
-		// 已结算或退款，幂等返回
-		return nil
-	}
-	if err := s.wallet.Settle(ctx, rec.UserID, rec.TotalPoints); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	updates := map[string]any{"status": model.ConsumeStatusSettled}
-	if accountID != nil {
-		updates["account_id"] = *accountID
-	}
-	if err := s.db.WithContext(ctx).Model(&model.ConsumeRecord{}).
-		Where("task_id = ?", taskID).Updates(updates).Error; err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	logger.FromCtx(ctx).Info("billing.settle", zap.String("task", taskID), zap.Int64("points", rec.TotalPoints))
-	return nil
-}
-
-// FinalizeUsage settles a frozen usage-based consume record with the actual cost.
-// If actual is lower than the estimate, the difference is refunded before settling.
-// If actual is higher than the estimate, the extra cost is deducted immediately when balance allows.
-func (s *BillingService) FinalizeUsage(ctx context.Context, taskID string, actualPoints int64, accountID *uint64) error {
-	var rec model.ConsumeRecord
-	if err := s.db.WithContext(ctx).Where("task_id = ?", taskID).First(&rec).Error; err != nil {
-		return errcode.ResourceMissing
-	}
-	if rec.Status != model.ConsumeStatusFrozen {
-		return nil
-	}
-	if actualPoints < 0 {
-		actualPoints = 0
-	}
-	estimated := rec.TotalPoints
-	if actualPoints == 0 {
-		if err := s.wallet.Refund(ctx, rec.UserID, taskID, "usage cost is zero", estimated); err != nil {
-			return errcode.DBError.Wrap(err)
-		}
-		return s.db.WithContext(ctx).Model(&model.ConsumeRecord{}).
-			Where("task_id = ?", taskID).
-			Updates(map[string]any{"status": model.ConsumeStatusRefunded, "unit_points": 0, "total_points": 0}).Error
-	}
-	if actualPoints < estimated {
-		if err := s.wallet.RefundFrozenPart(ctx, rec.UserID, taskID, "chat usage refund", estimated-actualPoints); err != nil {
-			return errcode.DBError.Wrap(err)
-		}
-	} else if actualPoints > estimated {
-		// Settle estimated frozen points first, then charge the extra balance.
-		if err := s.wallet.Settle(ctx, rec.UserID, estimated); err != nil {
-			return errcode.DBError.Wrap(err)
-		}
-		if _, err := s.wallet.Adjust(ctx, rec.UserID, model.BizConsume, taskID+":extra", -(actualPoints - estimated), rec.ModelCode+" extra usage", false); err != nil {
-			if errors.Is(err, repo.ErrInsufficient) {
-				return errcode.InsufficientPoints
-			}
-			return errcode.DBError.Wrap(err)
-		}
-		updates := map[string]any{"status": model.ConsumeStatusSettled, "unit_points": actualPoints, "total_points": actualPoints}
-		if accountID != nil {
-			updates["account_id"] = *accountID
-		}
-		return s.db.WithContext(ctx).Model(&model.ConsumeRecord{}).Where("task_id = ?", taskID).Updates(updates).Error
-	}
-	if err := s.wallet.Settle(ctx, rec.UserID, actualPoints); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	updates := map[string]any{"status": model.ConsumeStatusSettled, "unit_points": actualPoints, "total_points": actualPoints}
-	if accountID != nil {
-		updates["account_id"] = *accountID
-	}
-	if err := s.db.WithContext(ctx).Model(&model.ConsumeRecord{}).Where("task_id = ?", taskID).Updates(updates).Error; err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	logger.FromCtx(ctx).Info("billing.finalize_usage", zap.String("task", taskID), zap.Int64("estimate", estimated), zap.Int64("actual", actualPoints))
-	return nil
-}
-
-// FailRefund 失败退款：解冻 + 退还 + 标记 status=refunded。
-func (s *BillingService) FailRefund(ctx context.Context, taskID, reason string) error {
-	var rec model.ConsumeRecord
-	if err := s.db.WithContext(ctx).Where("task_id = ?", taskID).First(&rec).Error; err != nil {
-		return errcode.ResourceMissing
-	}
-	if rec.Status != model.ConsumeStatusFrozen {
-		return nil
-	}
-	if err := s.wallet.Refund(ctx, rec.UserID, taskID, reason, rec.TotalPoints); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	if err := s.db.WithContext(ctx).Model(&model.ConsumeRecord{}).
-		Where("task_id = ?", taskID).
-		Update("status", model.ConsumeStatusRefunded).Error; err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	logger.FromCtx(ctx).Info("billing.refund", zap.String("task", taskID), zap.Int64("points", rec.TotalPoints), zap.String("reason", reason))
-	return nil
-}
-
-// GrantPoints 赠送 / 兑换码 / 邀请奖励：直接增加点数 + 写流水。
-func (s *BillingService) GrantPoints(ctx context.Context, userID uint64, biz, bizID string, points int64, remark string) error {
-	if _, err := s.wallet.Income(ctx, userID, biz, bizID, points, remark); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	return nil
-}
-
-// ListWalletLogs 用户钱包流水。
-func (s *BillingService) ListWalletLogs(ctx context.Context, userID uint64, page, pageSize int) ([]*model.WalletLog, int64, error) {
-	logs, total, err := s.wallet.ListUserLogs(ctx, userID, page, pageSize)
-	if err != nil {
-		return nil, 0, errcode.DBError.Wrap(err)
-	}
-	return logs, total, nil
-}
diff --git a/backend/internal/service/cdk_service.go b/backend/internal/service/cdk_service.go
deleted file mode 100644
index 7ecc31df..00000000
--- a/backend/internal/service/cdk_service.go
+++ /dev/null
@@ -1,183 +0,0 @@
-// Package service 兑换码（CDK） / 优惠码（Promo） 服务。
-//
-// 仅支持 reward_type=points 的最小实现：reward_value JSON 形如 {"points": 10000}（10000 = 100 点）。
-package service
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strings"
-	"time"
-
-	"go.uber.org/zap"
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-// CDKService 兑换码服务。
-type CDKService struct {
-	db      *gorm.DB
-	billing *BillingService
-}
-
-// NewCDKService 构造。
-func NewCDKService(db *gorm.DB, b *BillingService) *CDKService {
-	return &CDKService{db: db, billing: b}
-}
-
-// Redeem 用户兑换 CDK。
-func (s *CDKService) Redeem(ctx context.Context, userID uint64, code string) (int64, error) {
-	code = strings.ToUpper(strings.TrimSpace(code))
-	if code == "" {
-		return 0, errcode.InvalidParam
-	}
-
-	var grantedPoints int64
-	err := s.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		var c model.RedeemCode
-		if err := tx.Set("gorm:query_option", "FOR UPDATE").
-			Where("code = ?", code).First(&c).Error; err != nil {
-			return errcode.CDKInvalid
-		}
-		if c.Status != model.CDKStatusUnused {
-			return errcode.CDKUsed
-		}
-
-		var batch model.RedeemCodeBatch
-		if err := tx.Where("id = ?", c.BatchID).First(&batch).Error; err != nil {
-			return errcode.CDKInvalid
-		}
-		now := time.Now().UTC()
-		if batch.Status != model.PromoStatusEnabled {
-			return errcode.CDKInvalid
-		}
-		if batch.ExpireAt != nil && now.After(*batch.ExpireAt) {
-			return errcode.CDKInvalid.WithMsg("兑换码已过期")
-		}
-
-		// per_user_limit：同一用户在该批次最多兑换 N 次
-		if batch.PerUserLimit > 0 {
-			var used int64
-			if err := tx.Model(&model.RedeemCode{}).
-				Where("batch_id = ? AND used_by = ?", batch.ID, userID).
-				Count(&used).Error; err != nil {
-				return errcode.DBError.Wrap(err)
-			}
-			if int(used) >= batch.PerUserLimit {
-				return errcode.CDKUsed.WithMsg("已达每用户兑换上限")
-			}
-		}
-
-		// 解析 reward_value
-		points, err := parsePointsReward(batch.RewardType, batch.RewardValue)
-		if err != nil {
-			return errcode.Internal.Wrap(err)
-		}
-		if points <= 0 {
-			return errcode.Internal.WithMsg("invalid reward")
-		}
-
-		// 标记已使用
-		if err := tx.Model(&model.RedeemCode{}).
-			Where("id = ? AND status = ?", c.ID, model.CDKStatusUnused).
-			Updates(map[string]any{
-				"status":  model.CDKStatusUsed,
-				"used_by": userID,
-				"used_at": now,
-			}).Error; err != nil {
-			return errcode.DBError.Wrap(err)
-		}
-		// 更新 batch.used_qty
-		if err := tx.Model(&model.RedeemCodeBatch{}).
-			Where("id = ?", batch.ID).
-			UpdateColumn("used_qty", gorm.Expr("used_qty + 1")).Error; err != nil {
-			return errcode.DBError.Wrap(err)
-		}
-		grantedPoints = points
-		return nil
-	})
-	if err != nil {
-		return 0, err
-	}
-
-	// CDK 兑换走 GrantPoints（独立事务，幂等容易处理）
-	bizID := fmt.Sprintf("cdk:%s", code)
-	if err := s.billing.GrantPoints(ctx, userID, model.BizCDK, bizID, grantedPoints, "redeem code"); err != nil {
-		logger.FromCtx(ctx).Error("cdk.grant_points", zap.String("code", code), zap.Error(err))
-		return 0, err
-	}
-	return grantedPoints, nil
-}
-
-// GenerateBatch 管理后台生成 CDK 批次。
-func (s *CDKService) GenerateBatch(ctx context.Context, adminID uint64, batchNo, name string, points int64, qty, perUserLimit int, expireAt *time.Time) (*model.RedeemCodeBatch, error) {
-	if points <= 0 || qty <= 0 || qty > 100000 {
-		return nil, errcode.InvalidParam
-	}
-	rewardJSON, _ := json.Marshal(map[string]any{"points": points})
-
-	batch := &model.RedeemCodeBatch{
-		BatchNo:      batchNo,
-		Name:         name,
-		RewardType:   "points",
-		RewardValue:  string(rewardJSON),
-		TotalQty:     qty,
-		PerUserLimit: perUserLimit,
-		ExpireAt:     expireAt,
-		Status:       model.PromoStatusEnabled,
-		CreatedBy:    &adminID,
-	}
-	err := s.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		if err := tx.Create(batch).Error; err != nil {
-			return err
-		}
-		codes := make([]*model.RedeemCode, 0, qty)
-		for i := 0; i < qty; i++ {
-			c, _ := generateCDKCode()
-			codes = append(codes, &model.RedeemCode{BatchID: batch.ID, Code: c})
-		}
-		return tx.CreateInBatches(codes, 500).Error
-	})
-	if err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	return batch, nil
-}
-
-// === helpers ===
-
-func parsePointsReward(rewardType, value string) (int64, error) {
-	if rewardType != "points" {
-		return 0, fmt.Errorf("unsupported reward_type: %s", rewardType)
-	}
-	var v map[string]any
-	if err := json.Unmarshal([]byte(value), &v); err != nil {
-		return 0, err
-	}
-	switch p := v["points"].(type) {
-	case float64:
-		return int64(p), nil
-	case int64:
-		return p, nil
-	}
-	return 0, fmt.Errorf("invalid points reward")
-}
-
-// generateCDKCode 生成 16 位 base32（避开易混字符）。
-func generateCDKCode() (string, error) {
-	const alphabet = "23456789ABCDEFGHJKLMNPQRSTUVWXYZ"
-	b, err := crypto.RandomBytes(16)
-	if err != nil {
-		return "", err
-	}
-	out := make([]byte, 16)
-	for i := 0; i < 16; i++ {
-		out[i] = alphabet[int(b[i])%len(alphabet)]
-	}
-	return string(out), nil
-}
diff --git a/backend/internal/service/chat_service.go b/backend/internal/service/chat_service.go
deleted file mode 100644
index c9b13dff..00000000
--- a/backend/internal/service/chat_service.go
+++ /dev/null
@@ -1,717 +0,0 @@
-package service
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-	"go.uber.org/zap"
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/provider"
-	grokweb "github.com/kleinai/backend/internal/provider/grok"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/logger"
-	"github.com/kleinai/backend/pkg/outbound"
-)
-
-type ChatService struct {
-	db       *gorm.DB
-	repo     *repo.GenerationRepo
-	pool     *AccountPool
-	billing  *BillingService
-	priceFn  func(modelCode string) ChatPrice
-	cfg      *SystemConfigService
-	aes      *crypto.AESGCM
-	proxySvc *ProxyService
-	client   *http.Client
-	grok     *grokweb.WebClient
-	mock     bool
-	grokMock bool
-}
-
-type ChatUsage struct {
-	PromptTokens     int `json:"prompt_tokens"`
-	CompletionTokens int `json:"completion_tokens"`
-	TotalTokens      int `json:"total_tokens"`
-}
-
-type ChatCallRequest struct {
-	UserID   uint64
-	APIKeyID *uint64
-	ClientIP string
-	IdemKey  string
-	Body     map[string]any
-	RawBody  []byte
-}
-
-func NewChatService(db *gorm.DB, r *repo.GenerationRepo, pool *AccountPool, billing *BillingService, cfg *SystemConfigService, aes *crypto.AESGCM, proxySvc *ProxyService) *ChatService {
-	return &ChatService{
-		db:       db,
-		repo:     r,
-		pool:     pool,
-		billing:  billing,
-		priceFn:  ConfigChatPriceFn(cfg),
-		cfg:      cfg,
-		aes:      aes,
-		proxySvc: proxySvc,
-		client:   &http.Client{Timeout: 10 * time.Minute},
-		grok:     grokweb.NewWebClient(os.Getenv("KLEIN_GROK_BASE_URL")),
-		mock:     !isLiveProvider(os.Getenv("KLEIN_PROVIDER_GPT")),
-		grokMock: !isLiveProvider(os.Getenv("KLEIN_PROVIDER_GROK")),
-	}
-}
-
-func (s *ChatService) Complete(ctx context.Context, req ChatCallRequest) ([]byte, int, error) {
-	modelCode := strAny(req.Body["model"], "gpt-4o-mini")
-	if grokweb.IsChatModel(modelCode) {
-		return s.completeGrok(ctx, req, modelCode)
-	}
-	req.Body["model"] = s.upstreamModel(modelCode)
-	req.Body["stream"] = false
-	prompt := chatPrompt(req.Body)
-	estimate := s.estimateCost(modelCode, req.Body)
-	if s.mock {
-		return s.completeMock(ctx, req, modelCode, prompt, estimate)
-	}
-	t, acc, err := s.prepare(ctx, req, modelCode, prompt, estimate, model.ProviderGPT)
-	if err != nil {
-		return nil, http.StatusBadRequest, err
-	}
-
-	raw, status, usage, err := s.callJSON(ctx, acc, req.Body)
-	if err != nil {
-		s.fail(ctx, t, err.Error())
-		return nil, status, err
-	}
-	if status >= 400 {
-		s.fail(ctx, t, fmt.Sprintf("upstream http %d: %s", status, snippet(raw, 240)))
-		return raw, status, nil
-	}
-	actual := estimate
-	if usage != nil {
-		actual = ChatCost(s.priceFn(modelCode), usage.PromptTokens, usage.CompletionTokens)
-	}
-	_ = s.repo.UpdateCost(ctx, t.TaskID, actual)
-	if t.CostPoints > 0 || actual > 0 {
-		if err := s.billing.FinalizeUsage(ctx, t.TaskID, actual, &acc.ID); err != nil {
-			s.fail(ctx, t, err.Error())
-			return nil, http.StatusBadRequest, err
-		}
-	}
-	_ = s.repo.SetSucceeded(ctx, t.TaskID, nil)
-	return raw, status, nil
-}
-
-func (s *ChatService) Stream(ctx context.Context, req ChatCallRequest, w http.ResponseWriter) error {
-	modelCode := strAny(req.Body["model"], "gpt-4o-mini")
-	if grokweb.IsChatModel(modelCode) {
-		return s.streamGrok(ctx, req, modelCode, w)
-	}
-	req.Body["model"] = s.upstreamModel(modelCode)
-	req.Body["stream"] = true
-	req.Body["stream_options"] = map[string]any{"include_usage": true}
-	prompt := chatPrompt(req.Body)
-	estimate := s.estimateCost(modelCode, req.Body)
-	if s.mock {
-		return s.streamMock(ctx, req, modelCode, prompt, estimate, w)
-	}
-	t, acc, err := s.prepare(ctx, req, modelCode, prompt, estimate, model.ProviderGPT)
-	if err != nil {
-		return err
-	}
-
-	resp, err := s.openUpstream(ctx, acc, req.Body)
-	if err != nil {
-		s.fail(ctx, t, err.Error())
-		return err
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode >= 400 {
-		raw, _ := io.ReadAll(resp.Body)
-		s.fail(ctx, t, fmt.Sprintf("upstream http %d: %s", resp.StatusCode, snippet(raw, 240)))
-		w.Header().Set("Content-Type", "application/json")
-		w.WriteHeader(resp.StatusCode)
-		_, _ = w.Write(raw)
-		return nil
-	}
-
-	w.Header().Set("Content-Type", "text/event-stream; charset=utf-8")
-	w.Header().Set("Cache-Control", "no-cache")
-	w.Header().Set("Connection", "keep-alive")
-	w.WriteHeader(http.StatusOK)
-	flusher, _ := w.(http.Flusher)
-
-	var usage *ChatUsage
-	sc := bufio.NewScanner(resp.Body)
-	sc.Buffer(make([]byte, 0, 64*1024), 1024*1024)
-	for sc.Scan() {
-		line := sc.Text()
-		if strings.HasPrefix(line, "data:") {
-			payload := strings.TrimSpace(strings.TrimPrefix(line, "data:"))
-			if payload != "" && payload != "[DONE]" {
-				if u := parseStreamUsage([]byte(payload)); u != nil {
-					usage = u
-				}
-			}
-		}
-		_, _ = io.WriteString(w, line+"\n")
-		if flusher != nil {
-			flusher.Flush()
-		}
-	}
-	if err := sc.Err(); err != nil {
-		s.fail(ctx, t, err.Error())
-		return err
-	}
-	actual := estimate
-	if usage != nil {
-		actual = ChatCost(s.priceFn(modelCode), usage.PromptTokens, usage.CompletionTokens)
-	}
-	_ = s.repo.UpdateCost(context.Background(), t.TaskID, actual)
-	if t.CostPoints > 0 || actual > 0 {
-		if err := s.billing.FinalizeUsage(context.Background(), t.TaskID, actual, &acc.ID); err != nil {
-			s.fail(context.Background(), t, err.Error())
-			return err
-		}
-	}
-	_ = s.repo.SetSucceeded(context.Background(), t.TaskID, nil)
-	return nil
-}
-
-func (s *ChatService) completeGrok(ctx context.Context, req ChatCallRequest, modelCode string) ([]byte, int, error) {
-	req.Body["model"] = modelCode
-	req.Body["stream"] = false
-	prompt := chatPrompt(req.Body)
-	estimate := s.estimateCost(modelCode, req.Body)
-	if s.grokMock {
-		return s.completeMockWithProvider(ctx, req, modelCode, prompt, estimate, model.ProviderGROK)
-	}
-	maxAttempts := 10
-	retryDelay := 800 * time.Millisecond
-	if s.cfg != nil {
-		maxAttempts = s.cfg.RetryMaxAttempts(ctx)
-		retryDelay = s.cfg.RetryBaseDelay(ctx)
-	}
-	var lastRaw []byte
-	var lastStatus int
-	var lastErr error
-	for attempt := 1; attempt <= maxAttempts; attempt++ {
-		attemptReq := req
-		if attempt > 1 && req.IdemKey != "" {
-			attemptReq.IdemKey = fmt.Sprintf("%s-retry-%d", req.IdemKey, attempt)
-		}
-		t, acc, err := s.prepare(ctx, attemptReq, modelCode, prompt, estimate, model.ProviderGROK)
-		if err != nil {
-			if lastErr != nil {
-				return nil, http.StatusBadGateway, lastErr
-			}
-			return nil, http.StatusBadRequest, err
-		}
-
-		cred, err := s.credential(acc)
-		if err != nil {
-			lastErr = err
-			s.fail(ctx, t, err.Error())
-			s.pool.MarkFailed(ctx, acc.ID, err.Error(), 30*time.Minute)
-			sleepBeforeRetry(ctx, retryDelay, attempt)
-			continue
-		}
-		grok := s.grok
-		proxyURL, perr := s.resolveProxyURL(ctx, acc)
-		if perr != nil {
-			logger.FromCtx(ctx).Warn("chat.grok.resolve_proxy", zap.Error(perr))
-		}
-		if proxyURL != "" || (acc.BaseURL != nil && *acc.BaseURL != "") {
-			base := os.Getenv("KLEIN_GROK_BASE_URL")
-			if acc.BaseURL != nil && *acc.BaseURL != "" {
-				base = *acc.BaseURL
-			}
-			grok = grokweb.NewWebClientWithProxy(base, proxyURL)
-		}
-		res, err := grok.ChatComplete(ctx, cred, modelCode, req.Body)
-		if err != nil {
-			lastErr = err
-			s.fail(ctx, t, err.Error())
-			if isTransientProviderPathError(acc.Provider, err) {
-				s.pool.MarkTransientFailed(ctx, acc.ID, err.Error())
-			} else {
-				s.pool.MarkFailed(ctx, acc.ID, err.Error(), providerCooldown(err))
-			}
-			if attempt < maxAttempts && retryableProviderError(err) {
-				logger.FromCtx(ctx).Warn("chat.grok.retrying_with_next_account", zap.Int("attempt", attempt), zap.Uint64("account_id", acc.ID), zap.Error(err))
-				sleepBeforeRetry(ctx, retryDelay, attempt)
-				continue
-			}
-			return nil, http.StatusBadGateway, err
-		}
-		if res.Status >= 400 {
-			lastRaw = res.Raw
-			lastStatus = res.Status
-			lastErr = fmt.Errorf("grok chat http %d: %s", res.Status, snippet(res.Raw, 240))
-			s.fail(ctx, t, lastErr.Error())
-			if isTransientProviderPathError(acc.Provider, lastErr) {
-				s.pool.MarkTransientFailed(ctx, acc.ID, lastErr.Error())
-			} else {
-				s.pool.MarkFailed(ctx, acc.ID, lastErr.Error(), providerCooldown(lastErr))
-			}
-			if attempt < maxAttempts && retryableProviderError(lastErr) {
-				logger.FromCtx(ctx).Warn("chat.grok.retrying_with_next_account", zap.Int("attempt", attempt), zap.Uint64("account_id", acc.ID), zap.Error(lastErr))
-				sleepBeforeRetry(ctx, retryDelay, attempt)
-				continue
-			}
-			return res.Raw, res.Status, nil
-		}
-		actual := estimate
-		if res.Usage != nil {
-			actual = ChatCost(s.priceFn(modelCode), res.Usage.PromptTokens, res.Usage.CompletionTokens)
-		}
-		_ = s.repo.UpdateCost(ctx, t.TaskID, actual)
-		if t.CostPoints > 0 || actual > 0 {
-			if err := s.billing.FinalizeUsage(ctx, t.TaskID, actual, &acc.ID); err != nil {
-				s.fail(ctx, t, err.Error())
-				return nil, http.StatusBadRequest, err
-			}
-		}
-		s.pool.MarkUsed(ctx, acc.ID)
-		_ = s.repo.SetSucceeded(ctx, t.TaskID, nil)
-		return res.Raw, res.Status, nil
-	}
-	if lastRaw != nil && lastStatus > 0 {
-		return lastRaw, lastStatus, nil
-	}
-	return nil, http.StatusBadGateway, lastErr
-}
-
-func (s *ChatService) streamGrok(ctx context.Context, req ChatCallRequest, modelCode string, w http.ResponseWriter) error {
-	req.Body["model"] = modelCode
-	req.Body["stream"] = true
-	prompt := chatPrompt(req.Body)
-	estimate := s.estimateCost(modelCode, req.Body)
-	if s.grokMock {
-		return s.streamMockWithProvider(ctx, req, modelCode, prompt, estimate, model.ProviderGROK, w)
-	}
-	t, acc, err := s.prepare(ctx, req, modelCode, prompt, estimate, model.ProviderGROK)
-	if err != nil {
-		return err
-	}
-	cred, err := s.credential(acc)
-	if err != nil {
-		s.fail(ctx, t, err.Error())
-		return err
-	}
-	grok := s.grok
-	proxyURL, perr := s.resolveProxyURL(ctx, acc)
-	if perr != nil {
-		logger.FromCtx(ctx).Warn("chat.grok.resolve_proxy", zap.Error(perr))
-	}
-	if proxyURL != "" || (acc.BaseURL != nil && *acc.BaseURL != "") {
-		base := os.Getenv("KLEIN_GROK_BASE_URL")
-		if acc.BaseURL != nil && *acc.BaseURL != "" {
-			base = *acc.BaseURL
-		}
-		grok = grokweb.NewWebClientWithProxy(base, proxyURL)
-	}
-	w.Header().Set("Content-Type", "text/event-stream; charset=utf-8")
-	w.Header().Set("Cache-Control", "no-cache")
-	w.Header().Set("Connection", "keep-alive")
-	w.WriteHeader(http.StatusOK)
-	flusher, _ := w.(http.Flusher)
-	usage, err := grok.ChatStream(ctx, cred, modelCode, req.Body, w, flusher)
-	if err != nil {
-		s.fail(ctx, t, err.Error())
-		return err
-	}
-	actual := estimate
-	if usage != nil {
-		actual = ChatCost(s.priceFn(modelCode), usage.PromptTokens, usage.CompletionTokens)
-	}
-	_ = s.repo.UpdateCost(context.Background(), t.TaskID, actual)
-	if t.CostPoints > 0 || actual > 0 {
-		if err := s.billing.FinalizeUsage(context.Background(), t.TaskID, actual, &acc.ID); err != nil {
-			s.fail(context.Background(), t, err.Error())
-			return err
-		}
-	}
-	s.pool.MarkUsed(context.Background(), acc.ID)
-	_ = s.repo.SetSucceeded(context.Background(), t.TaskID, nil)
-	return nil
-}
-
-func (s *ChatService) completeMock(ctx context.Context, req ChatCallRequest, modelCode, prompt string, estimate int64) ([]byte, int, error) {
-	return s.completeMockWithProvider(ctx, req, modelCode, prompt, estimate, model.ProviderGPT)
-}
-
-func (s *ChatService) completeMockWithProvider(ctx context.Context, req ChatCallRequest, modelCode, prompt string, estimate int64, providerName string) ([]byte, int, error) {
-	t, err := s.prepareMock(ctx, req, modelCode, prompt, estimate, providerName)
-	if err != nil {
-		return nil, http.StatusBadRequest, err
-	}
-	usage := &ChatUsage{PromptTokens: estimatePromptTokens(req.Body), CompletionTokens: 32}
-	usage.TotalTokens = usage.PromptTokens + usage.CompletionTokens
-	actual := ChatCost(s.priceFn(modelCode), usage.PromptTokens, usage.CompletionTokens)
-	_ = s.repo.UpdateCost(ctx, t.TaskID, actual)
-	if t.CostPoints > 0 || actual > 0 {
-		if err := s.billing.FinalizeUsage(ctx, t.TaskID, actual, nil); err != nil {
-			s.fail(ctx, t, err.Error())
-			return nil, http.StatusBadRequest, err
-		}
-	}
-	_ = s.repo.SetSucceeded(ctx, t.TaskID, nil)
-	raw, _ := json.Marshal(map[string]any{
-		"id":      "chatcmpl_" + t.TaskID,
-		"object":  "chat.completion",
-		"created": time.Now().Unix(),
-		"model":   modelCode,
-		"choices": []map[string]any{{"index": 0, "message": map[string]any{"role": "assistant", "content": "这是 mock 文字回复，用于本地和测试环境验证计费链路。"}, "finish_reason": "stop"}},
-		"usage":   usage,
-	})
-	return raw, http.StatusOK, nil
-}
-
-func (s *ChatService) streamMock(ctx context.Context, req ChatCallRequest, modelCode, prompt string, estimate int64, w http.ResponseWriter) error {
-	return s.streamMockWithProvider(ctx, req, modelCode, prompt, estimate, model.ProviderGPT, w)
-}
-
-func (s *ChatService) streamMockWithProvider(ctx context.Context, req ChatCallRequest, modelCode, prompt string, estimate int64, providerName string, w http.ResponseWriter) error {
-	t, err := s.prepareMock(ctx, req, modelCode, prompt, estimate, providerName)
-	if err != nil {
-		return err
-	}
-	usage := &ChatUsage{PromptTokens: estimatePromptTokens(req.Body), CompletionTokens: 32}
-	usage.TotalTokens = usage.PromptTokens + usage.CompletionTokens
-	w.Header().Set("Content-Type", "text/event-stream; charset=utf-8")
-	w.Header().Set("Cache-Control", "no-cache")
-	w.WriteHeader(http.StatusOK)
-	flusher, _ := w.(http.Flusher)
-	chunks := []string{"这是 ", "mock ", "流式回复。"}
-	for _, ch := range chunks {
-		payload, _ := json.Marshal(map[string]any{"choices": []map[string]any{{"delta": map[string]any{"content": ch}, "index": 0}}})
-		_, _ = io.WriteString(w, "data: "+string(payload)+"\n\n")
-		if flusher != nil {
-			flusher.Flush()
-		}
-	}
-	payload, _ := json.Marshal(map[string]any{"choices": []map[string]any{}, "usage": usage})
-	_, _ = io.WriteString(w, "data: "+string(payload)+"\n\n")
-	_, _ = io.WriteString(w, "data: [DONE]\n\n")
-	if flusher != nil {
-		flusher.Flush()
-	}
-	actual := ChatCost(s.priceFn(modelCode), usage.PromptTokens, usage.CompletionTokens)
-	_ = s.repo.UpdateCost(context.Background(), t.TaskID, actual)
-	if t.CostPoints > 0 || actual > 0 {
-		if err := s.billing.FinalizeUsage(context.Background(), t.TaskID, actual, nil); err != nil {
-			s.fail(context.Background(), t, err.Error())
-			return err
-		}
-	}
-	_ = s.repo.SetSucceeded(context.Background(), t.TaskID, nil)
-	return nil
-}
-
-func (s *ChatService) prepareMock(ctx context.Context, req ChatCallRequest, modelCode, prompt string, estimate int64, providerName string) (*model.GenerationTask, error) {
-	if req.IdemKey == "" {
-		req.IdemKey = uuid.NewString()
-	}
-	taskID := chatTaskID()
-	params, _ := json.Marshal(map[string]any{"estimate_points": estimate, "mock": true})
-	t := &model.GenerationTask{
-		TaskID:       taskID,
-		UserID:       req.UserID,
-		Kind:         string(provider.KindChat),
-		Mode:         "chat",
-		ModelCode:    modelCode,
-		Prompt:       prompt,
-		Params:       string(params),
-		Count:        1,
-		CostPoints:   estimate,
-		IdemKey:      req.IdemKey,
-		Provider:     providerName,
-		Status:       model.GenStatusRunning,
-		Progress:     5,
-		FromAPIKeyID: req.APIKeyID,
-	}
-	if req.ClientIP != "" {
-		ip := req.ClientIP
-		t.ClientIP = &ip
-	}
-	if err := s.repo.Create(ctx, t); err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	if estimate > 0 {
-		if err := s.billing.PreDeduct(ctx, PreDeductReq{UserID: req.UserID, TaskID: taskID, Kind: string(provider.KindChat), ModelCode: modelCode, Count: 1, UnitPoints: estimate}); err != nil {
-			_ = s.repo.SetFailed(ctx, taskID, err.Error())
-			return nil, err
-		}
-	}
-	return t, nil
-}
-
-func (s *ChatService) prepare(ctx context.Context, req ChatCallRequest, modelCode, prompt string, estimate int64, providerName string) (*model.GenerationTask, *model.Account, error) {
-	if req.IdemKey == "" {
-		req.IdemKey = uuid.NewString()
-	}
-	if existing, err := s.repo.GetByIdem(ctx, req.UserID, req.IdemKey); err == nil && existing != nil {
-		return nil, nil, errcode.InvalidParam.WithMsg("idempotent chat replay is not supported for response body")
-	}
-	acc, err := s.pool.Pick(ctx, providerName, "round_robin")
-	if err != nil {
-		return nil, nil, errcode.ResourceMissing.WithMsg("no available chat account: " + err.Error())
-	}
-	taskID := chatTaskID()
-	params, _ := json.Marshal(map[string]any{"estimate_points": estimate})
-	t := &model.GenerationTask{
-		TaskID:       taskID,
-		UserID:       req.UserID,
-		Kind:         string(provider.KindChat),
-		Mode:         "chat",
-		ModelCode:    modelCode,
-		Prompt:       prompt,
-		Params:       string(params),
-		Count:        1,
-		CostPoints:   estimate,
-		IdemKey:      req.IdemKey,
-		Provider:     providerName,
-		Status:       model.GenStatusPending,
-		FromAPIKeyID: req.APIKeyID,
-	}
-	if req.ClientIP != "" {
-		ip := req.ClientIP
-		t.ClientIP = &ip
-	}
-	if err := s.repo.Create(ctx, t); err != nil {
-		return nil, nil, errcode.DBError.Wrap(err)
-	}
-	if estimate > 0 {
-		if err := s.billing.PreDeduct(ctx, PreDeductReq{UserID: req.UserID, TaskID: taskID, Kind: string(provider.KindChat), ModelCode: modelCode, Count: 1, UnitPoints: estimate}); err != nil {
-			_ = s.repo.SetFailed(ctx, taskID, err.Error())
-			return nil, nil, err
-		}
-	}
-	if err := s.repo.SetRunning(ctx, taskID, acc.ID); err != nil {
-		logger.FromCtx(ctx).Warn("chat.set_running", zap.Error(err))
-	}
-	return t, acc, nil
-}
-
-func (s *ChatService) callJSON(ctx context.Context, acc *model.Account, body map[string]any) ([]byte, int, *ChatUsage, error) {
-	resp, err := s.openUpstream(ctx, acc, body)
-	if err != nil {
-		return nil, http.StatusBadGateway, nil, err
-	}
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode >= 400 {
-		return raw, resp.StatusCode, nil, nil
-	}
-	return raw, resp.StatusCode, parseUsage(raw), nil
-}
-
-func (s *ChatService) openUpstream(ctx context.Context, acc *model.Account, body map[string]any) (*http.Response, error) {
-	cred, err := s.credential(acc)
-	if err != nil {
-		return nil, err
-	}
-	base := "https://api.openai.com"
-	if acc.BaseURL != nil && *acc.BaseURL != "" {
-		base = strings.TrimRight(*acc.BaseURL, "/")
-	}
-	payload, _ := json.Marshal(body)
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, base+"/v1/chat/completions", bytes.NewReader(payload))
-	if err != nil {
-		return nil, err
-	}
-	httpReq.Header.Set("Authorization", "Bearer "+cred)
-	httpReq.Header.Set("Content-Type", "application/json")
-	httpReq.Header.Set("Accept", "application/json, text/event-stream")
-	httpReq.Header.Set("User-Agent", "kleinai/1.0")
-	proxyURL, perr := s.resolveProxyURL(ctx, acc)
-	if perr != nil {
-		logger.FromCtx(ctx).Warn("chat.openai.resolve_proxy", zap.Error(perr))
-	}
-	if proxyURL == "" {
-		return s.client.Do(httpReq)
-	}
-	client, err := outbound.NewClient(outbound.Options{Timeout: 10 * time.Minute, ProxyURL: proxyURL, Mode: outbound.ModeUTLS, Profile: outbound.ProfileChrome})
-	if err != nil {
-		return nil, err
-	}
-	return client.Do(httpReq)
-}
-
-func (s *ChatService) resolveProxyURL(ctx context.Context, acc *model.Account) (string, error) {
-	if s.proxySvc == nil || s.cfg == nil {
-		return "", nil
-	}
-	pid := uint64(0)
-	if acc != nil && acc.ProxyID != nil {
-		pid = *acc.ProxyID
-	} else if s.cfg.GlobalProxyEnabled(ctx) {
-		pid = s.cfg.GlobalProxyID(ctx)
-	}
-	if pid == 0 {
-		return "", nil
-	}
-	p, err := s.proxySvc.GetByID(ctx, pid)
-	if err != nil || p == nil || p.Status != model.ProxyStatusEnabled {
-		return "", err
-	}
-	u, err := s.proxySvc.BuildURL(p)
-	if err != nil || u == nil {
-		return "", err
-	}
-	return u.String(), nil
-}
-
-func (s *ChatService) credential(acc *model.Account) (string, error) {
-	if s.aes == nil || len(acc.CredentialEnc) == 0 {
-		return "", fmt.Errorf("chat account missing credential")
-	}
-	plain, err := s.aes.Decrypt(acc.CredentialEnc)
-	if err != nil {
-		return "", fmt.Errorf("decrypt credential failed")
-	}
-	return string(plain), nil
-}
-
-func (s *ChatService) estimateCost(modelCode string, body map[string]any) int64 {
-	price := s.priceFn(modelCode)
-	promptTokens := estimatePromptTokens(body)
-	maxTokens := intAny(body["max_tokens"], 1000)
-	if maxTokens <= 0 {
-		maxTokens = 1000
-	}
-	return ChatCost(price, promptTokens, maxTokens)
-}
-
-func (s *ChatService) upstreamModel(modelCode string) string {
-	if s.cfg == nil {
-		return modelCode
-	}
-	raw := s.cfg.GetString(context.Background(), "billing.model_prices", "")
-	if raw == "" {
-		return modelCode
-	}
-	var rows []struct {
-		ModelCode     string `json:"model_code"`
-		UpstreamModel string `json:"upstream_model"`
-		Enabled       *bool  `json:"enabled"`
-	}
-	if err := json.Unmarshal([]byte(raw), &rows); err != nil {
-		return modelCode
-	}
-	for _, row := range rows {
-		if row.ModelCode == modelCode && row.UpstreamModel != "" {
-			if row.Enabled != nil && !*row.Enabled {
-				return modelCode
-			}
-			return row.UpstreamModel
-		}
-	}
-	return modelCode
-}
-
-func (s *ChatService) fail(ctx context.Context, t *model.GenerationTask, reason string) {
-	_ = s.repo.SetFailed(ctx, t.TaskID, reason)
-	_ = s.billing.FailRefund(ctx, t.TaskID, reason)
-}
-
-func parseUsage(raw []byte) *ChatUsage {
-	var obj struct {
-		Usage *ChatUsage `json:"usage"`
-	}
-	if err := json.Unmarshal(raw, &obj); err != nil {
-		return nil
-	}
-	return obj.Usage
-}
-
-func parseStreamUsage(raw []byte) *ChatUsage {
-	var obj struct {
-		Usage *ChatUsage `json:"usage"`
-	}
-	if err := json.Unmarshal(raw, &obj); err != nil || obj.Usage == nil || obj.Usage.TotalTokens == 0 {
-		return nil
-	}
-	return obj.Usage
-}
-
-func chatPrompt(body map[string]any) string {
-	if v, ok := body["messages"]; ok {
-		b, _ := json.Marshal(v)
-		s := string(b)
-		if len(s) > 4000 {
-			return s[:4000]
-		}
-		return s
-	}
-	return ""
-}
-
-func estimatePromptTokens(body map[string]any) int {
-	p := chatPrompt(body)
-	if p == "" {
-		return 1
-	}
-	return len([]rune(p))/4 + 1
-}
-
-func strAny(v any, def string) string {
-	if s, ok := v.(string); ok && strings.TrimSpace(s) != "" {
-		return strings.TrimSpace(s)
-	}
-	return def
-}
-
-func intAny(v any, def int) int {
-	switch n := v.(type) {
-	case float64:
-		return int(n)
-	case int:
-		return n
-	case int64:
-		return int(n)
-	default:
-		return def
-	}
-}
-
-func isLiveProvider(v string) bool {
-	switch strings.ToLower(strings.TrimSpace(v)) {
-	case "real", "live", "prod":
-		return true
-	default:
-		return false
-	}
-}
-
-func chatTaskID() string {
-	id := strings.ReplaceAll(uuid.NewString(), "-", "")
-	if len(id) > 26 {
-		return id[:26]
-	}
-	return id
-}
-
-func snippet(b []byte, n int) string {
-	if len(b) <= n {
-		return string(b)
-	}
-	r := []rune(string(b))
-	if len(r) <= n {
-		return string(r)
-	}
-	return string(r[:n]) + "...(truncated)"
-}
diff --git a/backend/internal/service/generation_service.go b/backend/internal/service/generation_service.go
deleted file mode 100644
index a7d8f89f..00000000
--- a/backend/internal/service/generation_service.go
+++ /dev/null
@@ -1,1324 +0,0 @@
-// Package service 生成任务编排：创建 → 预扣 → 调度账号 → 调用 provider → 结算 / 退款。
-//
-// 当前实现为同步 inline 执行（开发期）。生产建议替换为 asynq 投递到 worker。
-package service
-
-import (
-	"context"
-	"crypto/hmac"
-	"crypto/sha1"
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"os"
-	"path"
-	"path/filepath"
-	"regexp"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-	"go.uber.org/zap"
-	"gorm.io/gorm"
-
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/provider"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/jwtpayload"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-const codexOAuthClientID = "app_EMoamEEZ73f0CkXaXp7hrann"
-
-// GenerationService 生成调度服务。
-type GenerationService struct {
-	db        *gorm.DB
-	repo      *repo.GenerationRepo
-	pool      *AccountPool
-	billing   *BillingService
-	providers map[string]provider.Provider // key: "gpt" / "grok"
-	priceFn   PriceFunc
-	aes       *crypto.AESGCM // 用于解密 account.credential_enc
-	proxySvc  *ProxyService
-	cfg       *SystemConfigService
-}
-
-// PriceFunc 模型计费：返回单次成本（点 *100）。
-type PriceFunc func(modelCode string, kind provider.Kind, params map[string]any) int64
-
-// NewGenerationService 构造。aes 必须非空（账号凭证加密强制）。
-func NewGenerationService(db *gorm.DB, r *repo.GenerationRepo, pool *AccountPool, billing *BillingService, providers map[string]provider.Provider, priceFn PriceFunc, aes *crypto.AESGCM, proxySvc *ProxyService, cfg *SystemConfigService) *GenerationService {
-	return &GenerationService{
-		db:        db,
-		repo:      r,
-		pool:      pool,
-		billing:   billing,
-		providers: providers,
-		priceFn:   priceFn,
-		aes:       aes,
-		proxySvc:  proxySvc,
-		cfg:       cfg,
-	}
-}
-
-// CreateRequest 创建生成请求 DTO（被 handler 填充）。
-type CreateRequest struct {
-	UserID    uint64
-	APIKeyID  *uint64
-	Kind      provider.Kind
-	Mode      provider.Mode
-	ModelCode string
-	Provider  string
-	Prompt    string
-	NegPrompt string
-	Params    map[string]any
-	RefAssets []string
-	Count     int
-	IdemKey   string
-	ClientIP  string
-}
-
-// Create 同步创建 + 触发任务。返回最终 task。
-func (s *GenerationService) Create(ctx context.Context, req CreateRequest) (*model.GenerationTask, error) {
-	if req.Count <= 0 {
-		req.Count = 1
-	}
-	if req.IdemKey == "" {
-		req.IdemKey = uuid.NewString()
-	}
-
-	if existing, err := s.repo.GetByIdem(ctx, req.UserID, req.IdemKey); err == nil && existing != nil {
-		return existing, nil
-	}
-
-	cost := int64(0)
-	if s.priceFn != nil {
-		cost = s.priceFn(req.ModelCode, req.Kind, req.Params) * int64(req.Count)
-	}
-	if cost < 0 {
-		return nil, errcode.InvalidParam.WithMsg("model price not configured")
-	}
-
-	taskID := newULID()
-	req.RefAssets = s.normalizeInputRefs(ctx, &model.GenerationTask{TaskID: taskID}, req.RefAssets)
-	req.Params = compactLargeInlineParams(req.Params)
-	paramsJSON, _ := json.Marshal(req.Params)
-	var refJSON *string
-	if len(req.RefAssets) > 0 {
-		b, _ := json.Marshal(req.RefAssets)
-		s := string(b)
-		refJSON = &s
-	}
-	t := &model.GenerationTask{
-		TaskID:       taskID,
-		UserID:       req.UserID,
-		Kind:         string(req.Kind),
-		Mode:         string(req.Mode),
-		ModelCode:    req.ModelCode,
-		Prompt:       req.Prompt,
-		Params:       string(paramsJSON),
-		RefAssets:    refJSON,
-		Count:        req.Count,
-		CostPoints:   cost,
-		IdemKey:      req.IdemKey,
-		Provider:     req.Provider,
-		Status:       model.GenStatusPending,
-		FromAPIKeyID: req.APIKeyID,
-	}
-	if req.NegPrompt != "" {
-		ng := req.NegPrompt
-		t.NegPrompt = &ng
-	}
-	if req.ClientIP != "" {
-		ip := req.ClientIP
-		t.ClientIP = &ip
-	}
-
-	if err := s.repo.Create(ctx, t); err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-
-	if cost > 0 {
-		if err := s.billing.PreDeduct(ctx, PreDeductReq{
-			UserID:     req.UserID,
-			TaskID:     taskID,
-			Kind:       string(req.Kind),
-			ModelCode:  req.ModelCode,
-			Count:      req.Count,
-			UnitPoints: cost / int64(req.Count),
-		}); err != nil {
-			_ = s.repo.SetFailed(ctx, taskID, err.Error())
-			return nil, err
-		}
-	}
-
-	go s.runTask(context.Background(), t)
-	return t, nil
-}
-
-// runTask 后台执行：取池中账号 → 调 provider → 结算 / 退款。
-func (s *GenerationService) runTask(ctx context.Context, t *model.GenerationTask) {
-	log := logger.L().With(zap.String("task", t.TaskID))
-
-	prov, ok := s.providers[t.Provider]
-	if !ok {
-		s.failTask(ctx, t, "provider not registered: "+t.Provider)
-		return
-	}
-
-	var params map[string]any
-	_ = json.Unmarshal([]byte(t.Params), &params)
-	var refs []string
-	if t.RefAssets != nil {
-		_ = json.Unmarshal([]byte(*t.RefAssets), &refs)
-	}
-	refs = s.normalizeInputRefs(ctx, t, refs)
-
-	timeout := 5 * time.Minute
-	if t.Kind == "video" {
-		timeout = 15 * time.Minute
-	}
-	if t.Provider == model.ProviderGPT && t.Kind == string(provider.KindImage) && strings.EqualFold(t.ModelCode, "gpt-image-2") && shouldUseGPTWebRoute(params) {
-		timeout = 10 * time.Minute
-	}
-	maxAttempts := 3
-	retryDelay := 800 * time.Millisecond
-	if s.cfg != nil {
-		timeout = s.cfg.RetryTimeout(ctx, timeout)
-		maxAttempts = s.cfg.RetryMaxAttempts(ctx)
-		retryDelay = s.cfg.RetryBaseDelay(ctx)
-	}
-	var acc *model.Account
-	var res *provider.Result
-	var lastErr error
-	releaseAcc := func(a *model.Account) {
-		if a != nil {
-			s.pool.Release(a.ID)
-		}
-	}
-	for attempt := 1; attempt <= maxAttempts; attempt++ {
-		picked, err := s.pickAccountForTask(ctx, t, params)
-		if err != nil {
-			if lastErr != nil {
-				s.failTask(ctx, t, fmt.Sprintf("provider call: %v", lastErr))
-			} else {
-				s.failTask(ctx, t, fmt.Sprintf("pick account: %v", err))
-			}
-			return
-		}
-		acc = picked
-		if err := s.repo.SetRunning(ctx, t.TaskID, acc.ID); err != nil {
-			log.Warn("set running failed", zap.Error(err))
-		}
-
-		provReq := &provider.Request{
-			TaskID:    t.TaskID,
-			Kind:      provider.Kind(t.Kind),
-			Mode:      provider.Mode(t.Mode),
-			ModelCode: t.ModelCode,
-			Prompt:    t.Prompt,
-			Params:    params,
-			RefAssets: refs,
-			Count:     t.Count,
-			Account:   acc,
-		}
-		provReq.UpstreamLog = s.makeUpstreamLogger(t, acc)
-		if t.NegPrompt != nil {
-			provReq.NegPrompt = *t.NegPrompt
-		}
-		if acc.BaseURL != nil {
-			provReq.BaseURL = *acc.BaseURL
-		} else if accountRequiresCodexRoute(t, params) && isCodexOAuthAccount(acc) {
-			provReq.BaseURL = "https://chatgpt.com/backend-api/codex"
-		}
-		if proxyURL, perr := s.resolveProxyURL(ctx, acc); perr == nil {
-			provReq.ProxyURL = proxyURL
-		} else {
-			log.Warn("resolve proxy failed", zap.Error(perr))
-		}
-		if s.aes != nil {
-			cred, derr := s.providerCredential(ctx, acc, provReq.ProxyURL)
-			if derr != nil {
-				lastErr = derr
-				if isFatalOAuthRefreshError(derr) {
-					s.disableProviderAccount(ctx, acc, derr.Error())
-				} else {
-					s.markProviderFailed(ctx, acc, derr.Error(), 30*time.Minute)
-				}
-				releaseAcc(acc)
-				acc = nil
-				if attempt == maxAttempts || !retryableProviderError(derr) {
-					s.failTask(ctx, t, fmt.Sprintf("provider call: %v", derr))
-					return
-				}
-				sleepBeforeRetry(ctx, retryDelay, attempt)
-				continue
-			}
-			provReq.Credential = cred
-		}
-
-		rctx, cancel := context.WithTimeout(ctx, timeout)
-		out, err := prov.Generate(rctx, provReq)
-		cancel()
-		if err == nil {
-			res = out
-			break
-		}
-		lastErr = err
-		if isUsageLimitReachedError(err) {
-			s.markProviderQuotaLimited(ctx, acc, err.Error(), usageLimitResetAt(err))
-		} else if isTransientProviderPathError(t.Provider, err) {
-			s.pool.MarkTransientFailed(ctx, acc.ID, err.Error())
-		} else {
-			cooldown := providerCooldown(err)
-			s.markProviderFailed(ctx, acc, err.Error(), cooldown)
-		}
-		releaseAcc(acc)
-		acc = nil
-		if attempt == maxAttempts || !retryableProviderError(err) {
-			s.failTask(ctx, t, fmt.Sprintf("provider call: %v", err))
-			return
-		}
-		log.Warn("provider retrying with next account", zap.Int("attempt", attempt), zap.Uint64("account_id", picked.ID), zap.Error(err))
-		sleepBeforeRetry(ctx, retryDelay, attempt)
-	}
-	if res == nil {
-		releaseAcc(acc)
-		if lastErr != nil {
-			s.failTask(ctx, t, fmt.Sprintf("provider call: %v", lastErr))
-		} else {
-			s.failTask(ctx, t, "provider call failed")
-		}
-		return
-	}
-	releaseAcc(acc)
-	s.pool.MarkUsed(ctx, acc.ID)
-
-	results := make([]*model.GenerationResult, 0, len(res.Assets))
-	for i, a := range res.Assets {
-		gr := &model.GenerationResult{
-			TaskID: t.TaskID,
-			UserID: t.UserID,
-			Kind:   t.Kind,
-			Seq:    int8(i),
-			URL:    a.URL,
-			Width:  intPtr(a.Width),
-			Height: intPtr(a.Height),
-		}
-		if a.ThumbURL != "" {
-			s := a.ThumbURL
-			gr.ThumbURL = &s
-		}
-		if a.DurationMs > 0 {
-			d := a.DurationMs
-			gr.DurationMs = &d
-		}
-		if a.SizeBytes > 0 {
-			b := a.SizeBytes
-			gr.SizeBytes = &b
-		}
-		if len(a.Meta) > 0 {
-			b, _ := json.Marshal(a.Meta)
-			s := string(b)
-			gr.Meta = &s
-		}
-		results = append(results, gr)
-	}
-	s.cacheResultAssets(ctx, t, acc, results)
-
-	if err := s.repo.SetSucceeded(ctx, t.TaskID, results); err != nil {
-		log.Error("set succeeded failed", zap.Error(err))
-	}
-	s.updateAccountUsageMeta(ctx, acc, t, len(results))
-	if t.CostPoints > 0 {
-		if err := s.billing.Settle(ctx, t.TaskID, &acc.ID); err != nil {
-			log.Error("settle failed", zap.Error(err))
-		}
-	}
-}
-
-func (s *GenerationService) makeUpstreamLogger(t *model.GenerationTask, acc *model.Account) provider.UpstreamLogger {
-	return func(ctx context.Context, e provider.UpstreamLogEntry) {
-		if t == nil {
-			return
-		}
-		meta := ""
-		if len(e.Meta) > 0 {
-			if b, err := json.Marshal(e.Meta); err == nil {
-				meta = string(b)
-			}
-		}
-		row := &model.GenerationUpstreamLog{
-			TaskID:     t.TaskID,
-			Provider:   e.Provider,
-			Stage:      e.Stage,
-			Method:     e.Method,
-			URL:        truncate(e.URL, 512),
-			StatusCode: e.StatusCode,
-			DurationMs: e.DurationMs,
-		}
-		if row.Provider == "" {
-			row.Provider = t.Provider
-		}
-		if acc != nil {
-			row.AccountID = &acc.ID
-		}
-		if e.RequestExcerpt != "" {
-			v := truncate(e.RequestExcerpt, 12000)
-			row.RequestExcerpt = &v
-		}
-		if e.ResponseExcerpt != "" {
-			v := truncate(e.ResponseExcerpt, 12000)
-			row.ResponseExcerpt = &v
-		}
-		if e.Error != "" {
-			v := truncate(e.Error, 4000)
-			row.Error = &v
-		}
-		if meta != "" {
-			row.Meta = &meta
-		}
-		if err := s.repo.CreateUpstreamLog(ctx, row); err != nil {
-			logger.FromCtx(ctx).Warn("generation.upstream_log_failed", zap.String("task_id", t.TaskID), zap.String("stage", e.Stage), zap.Error(err))
-		}
-	}
-}
-
-func (s *GenerationService) providerCredential(ctx context.Context, acc *model.Account, proxyURL string) (string, error) {
-	if acc == nil {
-		return "", fmt.Errorf("missing account")
-	}
-	if acc.AuthType == model.AuthTypeOAuth && acc.Provider == model.ProviderGPT {
-		return s.gptOAuthAccessToken(ctx, acc, proxyURL)
-	}
-	if len(acc.CredentialEnc) == 0 {
-		return "", fmt.Errorf("account credential is empty")
-	}
-	plain, err := s.aes.Decrypt(acc.CredentialEnc)
-	if err != nil {
-		return "", fmt.Errorf("decrypt credential failed: %w", err)
-	}
-	cred := strings.TrimSpace(string(plain))
-	if cred == "" {
-		return "", fmt.Errorf("account credential is empty")
-	}
-	return cred, nil
-}
-
-func (s *GenerationService) pickAccountForTask(ctx context.Context, t *model.GenerationTask, params map[string]any) (*model.Account, error) {
-	if t == nil {
-		return nil, errcode.NoAvailableAcc
-	}
-	if t.Provider != model.ProviderGPT || t.Kind != string(provider.KindImage) || !strings.EqualFold(t.ModelCode, "gpt-image-2") {
-		return s.pool.ReserveWhere(ctx, t.Provider, "round_robin", nil)
-	}
-	if accountRequiresCodexRoute(t, params) {
-		return s.pool.ReserveWhere(ctx, t.Provider, "round_robin", isCodexOAuthAccount)
-	}
-	return s.pool.ReserveWhere(ctx, t.Provider, "round_robin", func(acc *model.Account) bool {
-		if acc == nil {
-			return false
-		}
-		return acc.AuthType == model.AuthTypeOAuth
-	})
-}
-
-func accountRequiresCodexRoute(t *model.GenerationTask, params map[string]any) bool {
-	if t == nil || t.Provider != model.ProviderGPT || t.Kind != string(provider.KindImage) || !strings.EqualFold(t.ModelCode, "gpt-image-2") {
-		return false
-	}
-	return !shouldUseGPTWebRoute(params)
-}
-
-func shouldUseGPTWebRoute(params map[string]any) bool {
-	tier := strings.ToUpper(strings.TrimSpace(strParamAny(params, "resolution", strParamAny(params, "size_tier", ""))))
-	if tier == "" {
-		size := strParamAny(params, "size", "")
-		w, h := parseWH(size)
-		if size == "" || w*h <= 1500000 {
-			return true
-		}
-		return false
-	}
-	return tier == "1K" || tier == "1"
-}
-
-func isCodexOAuthAccount(acc *model.Account) bool {
-	return acc != nil && acc.Provider == model.ProviderGPT && acc.AuthType == model.AuthTypeOAuth && strings.EqualFold(accountOAuthClientID(acc), codexOAuthClientID)
-}
-
-func strParamAny(p map[string]any, key, def string) string {
-	if p == nil {
-		return def
-	}
-	if v, ok := p[key]; ok {
-		if s, ok := v.(string); ok && strings.TrimSpace(s) != "" {
-			return strings.TrimSpace(s)
-		}
-	}
-	return def
-}
-
-func parseWH(size string) (int, int) {
-	parts := strings.SplitN(strings.TrimSpace(size), "x", 2)
-	if len(parts) != 2 {
-		return 0, 0
-	}
-	var w, h int
-	fmt.Sscanf(parts[0], "%d", &w)
-	fmt.Sscanf(parts[1], "%d", &h)
-	return w, h
-}
-
-func (s *GenerationService) markProviderFailed(ctx context.Context, acc *model.Account, reason string, desiredCooldown time.Duration) {
-	if acc == nil {
-		return
-	}
-	threshold := int64(3)
-	cooldown := desiredCooldown
-	if s.cfg != nil {
-		threshold = s.cfg.CircuitFailureThreshold(ctx)
-		if desiredCooldown > 0 {
-			if sec := s.cfg.CircuitCooldownSeconds(ctx); sec > 0 {
-				cooldown = time.Duration(sec) * time.Second
-			}
-		}
-	}
-	acc.ErrorCount++
-	if threshold > 1 && int64(acc.ErrorCount) < threshold {
-		cooldown = 0
-	}
-	s.pool.MarkFailed(ctx, acc.ID, reason, cooldown)
-}
-
-func (s *GenerationService) disableProviderAccount(ctx context.Context, acc *model.Account, reason string) {
-	if acc == nil || s.pool == nil || s.pool.repo == nil {
-		return
-	}
-	now := time.Now().UTC()
-	fields := map[string]any{
-		"status":           model.AccountStatusDisabled,
-		"last_error":       truncate(reason, 240),
-		"last_test_status": model.AccountTestFail,
-		"last_test_error":  truncate(reason, 240),
-		"last_test_at":     now,
-		"cooldown_until":   nil,
-		"error_count":      gorm.Expr("error_count + 1"),
-	}
-	if err := s.pool.repo.Update(ctx, acc.ID, fields); err != nil {
-		logger.FromCtx(ctx).Warn("account.disable_failed", zap.Uint64("account_id", acc.ID), zap.Error(err))
-		return
-	}
-	acc.Status = model.AccountStatusDisabled
-	s.pool.Reload(acc.Provider)
-	logger.FromCtx(ctx).Warn("account.disabled_after_oauth_refresh_401", zap.Uint64("account_id", acc.ID), zap.String("provider", acc.Provider), zap.String("reason", truncate(reason, 240)))
-}
-
-func (s *GenerationService) markProviderQuotaLimited(ctx context.Context, acc *model.Account, reason string, until time.Time) {
-	if acc == nil || s.pool == nil || s.pool.repo == nil {
-		return
-	}
-	fields := map[string]any{
-		"status":      model.AccountStatusBroken,
-		"last_error":  truncate(reason, 240),
-		"error_count": gorm.Expr("error_count + 1"),
-	}
-	if until.IsZero() {
-		until = time.Now().UTC().Add(24 * time.Hour)
-	}
-	fields["cooldown_until"] = until.UTC()
-	if err := s.pool.repo.Update(ctx, acc.ID, fields); err != nil {
-		logger.FromCtx(ctx).Warn("account.quota_limit_failed", zap.Uint64("account_id", acc.ID), zap.Error(err))
-		return
-	}
-	acc.Status = model.AccountStatusBroken
-	s.pool.Reload(acc.Provider)
-	logger.FromCtx(ctx).Warn("account.quota_limited", zap.Uint64("account_id", acc.ID), zap.String("provider", acc.Provider), zap.Time("cooldown_until", until), zap.String("reason", truncate(reason, 240)))
-}
-
-func sleepBeforeRetry(ctx context.Context, base time.Duration, attempt int) {
-	if base <= 0 || attempt <= 0 {
-		return
-	}
-	delay := base * time.Duration(attempt)
-	if delay > 30*time.Second {
-		delay = 30 * time.Second
-	}
-	timer := time.NewTimer(delay)
-	defer timer.Stop()
-	select {
-	case <-ctx.Done():
-	case <-timer.C:
-	}
-}
-
-func (s *GenerationService) updateAccountUsageMeta(ctx context.Context, acc *model.Account, t *model.GenerationTask, units int) {
-	if acc == nil || units <= 0 || t == nil || acc.OAuthMeta == nil || strings.TrimSpace(*acc.OAuthMeta) == "" {
-		return
-	}
-	if t.Kind != string(provider.KindImage) && t.Kind != string(provider.KindVideo) {
-		return
-	}
-	var meta map[string]any
-	if err := json.Unmarshal([]byte(*acc.OAuthMeta), &meta); err != nil || meta == nil {
-		return
-	}
-	remaining, ok := metaInt(meta, "image_quota_remaining")
-	if !ok {
-		return
-	}
-	remaining -= units
-	if remaining < 0 {
-		remaining = 0
-	}
-	meta["image_quota_remaining"] = remaining
-	if total, ok := metaInt(meta, "image_quota_total"); ok && total >= remaining {
-		meta["image_quota_used"] = total - remaining
-	}
-	meta["usage_updated_at"] = time.Now().UTC().Unix()
-	raw, err := json.Marshal(meta)
-	if err != nil {
-		return
-	}
-	sv := string(raw)
-	if err := s.db.WithContext(ctx).Model(&model.Account{}).Where("id = ?", acc.ID).Update("oauth_meta", sv).Error; err != nil {
-		logger.FromCtx(ctx).Warn("account.usage_meta_update", zap.Uint64("id", acc.ID), zap.Error(err))
-		return
-	}
-	acc.OAuthMeta = &sv
-}
-
-func metaInt(meta map[string]any, key string) (int, bool) {
-	switch v := meta[key].(type) {
-	case int:
-		return v, true
-	case int64:
-		return int(v), true
-	case float64:
-		return int(v), true
-	case json.Number:
-		n, err := v.Int64()
-		return int(n), err == nil
-	default:
-		return 0, false
-	}
-}
-
-func (s *GenerationService) gptOAuthAccessToken(ctx context.Context, acc *model.Account, proxyURL string) (string, error) {
-	at, err := s.decryptOptional(acc.AccessTokenEnc)
-	if err != nil {
-		return "", fmt.Errorf("decrypt access_token failed: %w", err)
-	}
-	rt, err := s.decryptOptional(acc.RefreshTokenEnc)
-	if err != nil {
-		return "", fmt.Errorf("decrypt refresh_token failed: %w", err)
-	}
-	if rt == "" {
-		rt, err = s.decryptOptional(acc.CredentialEnc)
-		if err != nil {
-			return "", fmt.Errorf("decrypt refresh credential failed: %w", err)
-		}
-	}
-	if at != "" && rt == "" && !s.accessTokenNeedsRefresh(ctx, acc, at) {
-		return at, nil
-	}
-	if at != "" && rt != "" && !s.accessTokenNeedsRefresh(ctx, acc, at) && !s.accessTokenShouldRefreshForCodex(acc) {
-		return at, nil
-	}
-	if rt == "" {
-		return "", fmt.Errorf("OAuth account missing refresh_token")
-	}
-	clientID, err := oauthRefreshClientID(acc)
-	if err != nil {
-		return "", err
-	}
-	oauth := NewOpenAIOAuthService(s.cfg)
-	tr, err := oauth.RefreshToken(ctx, rt, clientID, proxyURL)
-	if err != nil {
-		return "", fmt.Errorf("refresh OAuth access_token failed: %w", err)
-	}
-	now := time.Now().UTC()
-	updates := map[string]any{"last_refresh_at": now}
-	atEnc, err := s.aes.Encrypt([]byte(strings.TrimSpace(tr.AccessToken)))
-	if err != nil {
-		return "", fmt.Errorf("encrypt access_token failed: %w", err)
-	}
-	updates["access_token_enc"] = atEnc
-	if exp, ok := jwtpayload.ExpUnixFromJWT(tr.AccessToken); ok {
-		t := time.Unix(exp, 0).UTC()
-		updates["access_token_expires_at"] = t
-	} else if tr.ExpiresIn > 0 {
-		t := now.Add(time.Duration(tr.ExpiresIn) * time.Second)
-		updates["access_token_expires_at"] = t
-	}
-	if strings.TrimSpace(tr.RefreshToken) != "" {
-		rtEnc, err := s.aes.Encrypt([]byte(strings.TrimSpace(tr.RefreshToken)))
-		if err != nil {
-			return "", fmt.Errorf("encrypt refresh_token failed: %w", err)
-		}
-		updates["refresh_token_enc"] = rtEnc
-		updates["credential_enc"] = rtEnc
-	}
-	meta := accountOAuthMeta(acc)
-	meta["scope"] = tr.Scope
-	meta["updated"] = now.Unix()
-	if tr.IDToken != "" {
-		meta["id_token_present"] = true
-	}
-	if raw, err := json.Marshal(meta); err == nil {
-		updates["oauth_meta"] = string(raw)
-	}
-	if s.pool != nil && s.pool.repo != nil {
-		if err := s.pool.repo.Update(ctx, acc.ID, updates); err != nil {
-			return "", errcode.DBError.Wrap(err)
-		}
-	}
-	acc.AccessTokenEnc = atEnc
-	if v, ok := updates["access_token_expires_at"].(time.Time); ok {
-		acc.AccessTokenExpiresAt = &v
-	}
-	if raw, ok := updates["oauth_meta"].(string); ok {
-		acc.OAuthMeta = &raw
-	}
-	return strings.TrimSpace(tr.AccessToken), nil
-}
-
-func (s *GenerationService) accessTokenShouldRefreshForCodex(acc *model.Account) bool {
-	if !isCodexOAuthAccount(acc) {
-		return false
-	}
-	if acc.BaseURL != nil && strings.TrimSpace(*acc.BaseURL) != "" && !strings.Contains(strings.ToLower(*acc.BaseURL), "/codex") {
-		return false
-	}
-	if acc.LastRefreshAt == nil {
-		return true
-	}
-	return acc.LastRefreshAt.Before(time.Now().UTC().Add(-30 * time.Minute))
-}
-
-func oauthRefreshClientID(acc *model.Account) (string, error) {
-	cid := strings.TrimSpace(accountOAuthClientID(acc))
-	if isCodexOAuthAccount(acc) {
-		return codexOAuthClientID, nil
-	}
-	if cid == "" {
-		return "", fmt.Errorf("OAuth account missing client_id; ordinary ChatGPT accounts cannot fall back to Codex client_id")
-	}
-	return cid, nil
-}
-
-func (s *GenerationService) decryptOptional(cipher []byte) (string, error) {
-	if len(cipher) == 0 {
-		return "", nil
-	}
-	plain, err := s.aes.Decrypt(cipher)
-	if err != nil {
-		return "", err
-	}
-	return strings.TrimSpace(string(plain)), nil
-}
-
-func (s *GenerationService) accessTokenNeedsRefresh(ctx context.Context, acc *model.Account, at string) bool {
-	if strings.TrimSpace(at) == "" {
-		return true
-	}
-	expAt := acc.AccessTokenExpiresAt
-	if expAt == nil {
-		if exp, ok := jwtpayload.ExpUnixFromJWT(at); ok {
-			t := time.Unix(exp, 0).UTC()
-			expAt = &t
-		}
-	}
-	if expAt == nil {
-		return false
-	}
-	hours := int64(24)
-	if s.cfg != nil {
-		hours = s.cfg.RefreshBeforeHours(ctx)
-	}
-	return expAt.Before(time.Now().UTC().Add(time.Duration(hours) * time.Hour))
-}
-
-func (s *GenerationService) resolveProxyURL(ctx context.Context, acc *model.Account) (string, error) {
-	if s.proxySvc == nil || s.cfg == nil {
-		return "", nil
-	}
-	pid := uint64(0)
-	if acc != nil && acc.ProxyID != nil {
-		pid = *acc.ProxyID
-	} else if s.cfg.GlobalProxyEnabled(ctx) {
-		pid = s.cfg.GlobalProxyID(ctx)
-	}
-	if pid == 0 {
-		return "", nil
-	}
-	p, err := s.proxySvc.GetByID(ctx, pid)
-	if err != nil || p == nil || p.Status != model.ProxyStatusEnabled {
-		return "", err
-	}
-	u, err := s.proxySvc.BuildURL(p)
-	if err != nil || u == nil {
-		return "", err
-	}
-	return u.String(), nil
-}
-
-func (s *GenerationService) cacheResultAssets(ctx context.Context, t *model.GenerationTask, acc *model.Account, results []*model.GenerationResult) {
-	if len(results) == 0 || s.cfg == nil || s.aes == nil || acc == nil {
-		return
-	}
-	driver := strings.ToLower(strings.TrimSpace(s.cfg.GetString(ctx, "storage.result_cache_driver", "local")))
-	if driver == "off" || driver == "none" {
-		return
-	}
-	if driver == "oss" && !s.cfg.GetBool(ctx, "oss.enabled", false) {
-		driver = "local"
-	}
-	if driver != "local" && driver != "oss" {
-		driver = "local"
-	}
-	plain, err := s.aes.Decrypt(acc.CredentialEnc)
-	if err != nil {
-		logger.FromCtx(ctx).Warn("asset.cache.decrypt_failed", zap.Error(err))
-		return
-	}
-	cookie := buildCookieForAssetDownload(string(plain))
-	for i, gr := range results {
-		if u, ok := s.cacheOneAsset(ctx, driver, cookie, gr.URL, t.TaskID, i, false); ok {
-			gr.URL = u
-		}
-		if gr.ThumbURL != nil && *gr.ThumbURL != "" {
-			if u, ok := s.cacheOneAsset(ctx, driver, cookie, *gr.ThumbURL, t.TaskID, i, true); ok {
-				gr.ThumbURL = &u
-			}
-		}
-	}
-}
-
-func (s *GenerationService) cacheOneAsset(ctx context.Context, driver, cookie, rawURL, taskID string, seq int, thumb bool) (string, bool) {
-	if strings.HasPrefix(strings.TrimSpace(rawURL), "data:") {
-		return s.cacheDataURLAsset(ctx, driver, rawURL, taskID, seq, thumb)
-	}
-	source := normalizeAssetSourceURL(rawURL)
-	if source == "" || strings.HasPrefix(source, "/api/v1/gen/cached/") {
-		return rawURL, false
-	}
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, source, nil)
-	if err != nil {
-		return rawURL, false
-	}
-	req.Header.Set("Cookie", cookie)
-	req.Header.Set("Referer", "https://grok.com/")
-	req.Header.Set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36")
-	req.Header.Set("Accept", "*/*")
-	resp, err := (&http.Client{Timeout: 5 * time.Minute}).Do(req)
-	if err != nil {
-		logger.FromCtx(ctx).Warn("asset.cache.download_failed", zap.String("url", source), zap.Error(err))
-		return rawURL, false
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode/100 != 2 {
-		logger.FromCtx(ctx).Warn("asset.cache.bad_status", zap.String("url", source), zap.Int("status", resp.StatusCode))
-		return rawURL, false
-	}
-	ext := assetExt(source, resp.Header.Get("Content-Type"), thumb)
-	now := time.Now()
-	rel := path.Join("generated", now.Format("2006"), now.Format("01"), now.Format("02"), fmt.Sprintf("%s_%d%s%s", taskID, seq, map[bool]string{true: "_thumb", false: ""}[thumb], ext))
-	root := strings.TrimSpace(os.Getenv("KLEIN_STORAGE_ROOT"))
-	if root == "" {
-		root = "/app/storage/public"
-	}
-	dst := filepath.Join(root, filepath.FromSlash(rel))
-	if err := os.MkdirAll(filepath.Dir(dst), 0755); err != nil {
-		logger.FromCtx(ctx).Warn("asset.cache.mkdir_failed", zap.Error(err))
-		return rawURL, false
-	}
-	f, err := os.Create(dst)
-	if err != nil {
-		logger.FromCtx(ctx).Warn("asset.cache.create_failed", zap.Error(err))
-		return rawURL, false
-	}
-	defer f.Close()
-	written, err := io.Copy(f, resp.Body)
-	if err != nil {
-		logger.FromCtx(ctx).Warn("asset.cache.write_failed", zap.Error(err))
-		return rawURL, false
-	}
-	if written <= 0 {
-		_ = f.Close()
-		_ = os.Remove(dst)
-		logger.FromCtx(ctx).Warn("asset.cache.empty_file", zap.String("url", source), zap.String("file", dst))
-		return rawURL, false
-	}
-	localURL := "/api/v1/gen/cached/" + rel
-	if driver == "oss" {
-		if ossURL, err := s.uploadCachedAssetToOSS(ctx, dst, rel, resp.Header.Get("Content-Type")); err == nil && ossURL != "" {
-			return ossURL, true
-		} else if err != nil {
-			logger.FromCtx(ctx).Warn("asset.cache.oss_upload_failed", zap.String("file", dst), zap.Error(err))
-		}
-	}
-	return localURL, true
-}
-
-func (s *GenerationService) cacheDataURLAsset(ctx context.Context, driver, rawURL, taskID string, seq int, thumb bool) (string, bool) {
-	contentType, payload, ok := strings.Cut(strings.TrimSpace(rawURL), ",")
-	if !ok || !strings.Contains(contentType, ";base64") {
-		return rawURL, false
-	}
-	contentType = strings.TrimPrefix(contentType, "data:")
-	if idx := strings.Index(contentType, ";"); idx >= 0 {
-		contentType = contentType[:idx]
-	}
-	if contentType == "" {
-		contentType = "application/octet-stream"
-	}
-	data, err := base64.StdEncoding.DecodeString(payload)
-	if err != nil {
-		logger.FromCtx(ctx).Warn("asset.cache.data_url_decode_failed", zap.Error(err))
-		return rawURL, false
-	}
-	if len(data) == 0 {
-		logger.FromCtx(ctx).Warn("asset.cache.data_url_empty")
-		return rawURL, false
-	}
-	ext := assetExt("", contentType, thumb)
-	now := time.Now()
-	rel := path.Join("generated", now.Format("2006"), now.Format("01"), now.Format("02"), fmt.Sprintf("%s_%d%s%s", taskID, seq, map[bool]string{true: "_thumb", false: ""}[thumb], ext))
-	root := strings.TrimSpace(os.Getenv("KLEIN_STORAGE_ROOT"))
-	if root == "" {
-		root = "/app/storage/public"
-	}
-	dst := filepath.Join(root, filepath.FromSlash(rel))
-	if err := os.MkdirAll(filepath.Dir(dst), 0755); err != nil {
-		logger.FromCtx(ctx).Warn("asset.cache.mkdir_failed", zap.Error(err))
-		return rawURL, false
-	}
-	if err := os.WriteFile(dst, data, 0644); err != nil {
-		logger.FromCtx(ctx).Warn("asset.cache.write_failed", zap.Error(err))
-		return rawURL, false
-	}
-	localURL := "/api/v1/gen/cached/" + rel
-	if driver == "oss" {
-		if ossURL, err := s.uploadCachedAssetToOSS(ctx, dst, rel, contentType); err == nil && ossURL != "" {
-			return ossURL, true
-		} else if err != nil {
-			logger.FromCtx(ctx).Warn("asset.cache.oss_upload_failed", zap.String("file", dst), zap.Error(err))
-		}
-	}
-	return localURL, true
-}
-
-func (s *GenerationService) normalizeInputRefs(ctx context.Context, t *model.GenerationTask, refs []string) []string {
-	if len(refs) == 0 || s == nil || s.cfg == nil {
-		return refs
-	}
-	driver := strings.ToLower(strings.TrimSpace(s.cfg.GetString(ctx, "storage.result_cache_driver", "local")))
-	if driver == "off" || driver == "none" {
-		driver = "local"
-	}
-	if driver != "local" && driver != "oss" {
-		driver = "local"
-	}
-	out := make([]string, 0, len(refs))
-	for i, ref := range refs {
-		ref = strings.TrimSpace(ref)
-		if ref == "" {
-			continue
-		}
-		if strings.HasPrefix(ref, "data:") {
-			if cached, ok := s.cacheDataURLAsset(ctx, driver, ref, t.TaskID, i, false); ok && cached != "" {
-				out = append(out, cached)
-				continue
-			}
-		}
-		out = append(out, ref)
-	}
-	return out
-}
-
-func compactLargeInlineParams(params map[string]any) map[string]any {
-	if len(params) == 0 {
-		return params
-	}
-	out := make(map[string]any, len(params))
-	for k, v := range params {
-		out[k] = compactLargeInlineValue(v)
-	}
-	return out
-}
-
-func compactLargeInlineValue(v any) any {
-	switch x := v.(type) {
-	case string:
-		if len(x) > 2048 && strings.HasPrefix(strings.TrimSpace(x), "data:image/") {
-			return "[inline image cached in ref_assets]"
-		}
-		return x
-	case []any:
-		out := make([]any, len(x))
-		for i := range x {
-			out[i] = compactLargeInlineValue(x[i])
-		}
-		return out
-	case map[string]any:
-		out := make(map[string]any, len(x))
-		for k, vv := range x {
-			out[k] = compactLargeInlineValue(vv)
-		}
-		return out
-	default:
-		return v
-	}
-}
-
-func (s *GenerationService) uploadCachedAssetToOSS(ctx context.Context, filePath, rel, contentType string) (string, error) {
-	if s.cfg == nil {
-		return "", fmt.Errorf("missing system config")
-	}
-	provider := strings.ToLower(strings.TrimSpace(s.cfg.GetString(ctx, "oss.provider", "aliyun")))
-	if provider != "" && provider != "aliyun" && provider != "oss" {
-		return "", fmt.Errorf("unsupported oss provider %s", provider)
-	}
-	endpoint := strings.TrimSpace(s.cfg.GetString(ctx, "oss.endpoint", ""))
-	bucket := strings.TrimSpace(s.cfg.GetString(ctx, "oss.bucket", ""))
-	accessKeyID := strings.TrimSpace(s.cfg.GetString(ctx, "oss.access_key_id", ""))
-	accessKeySecret := strings.TrimSpace(s.cfg.GetString(ctx, "oss.access_key_secret", ""))
-	if endpoint == "" || bucket == "" || accessKeyID == "" || accessKeySecret == "" {
-		return "", fmt.Errorf("oss config incomplete")
-	}
-	if contentType == "" {
-		contentType = "application/octet-stream"
-	}
-	key := s.ossObjectKey(ctx, rel)
-	f, err := os.Open(filePath)
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-	st, err := f.Stat()
-	if err != nil {
-		return "", err
-	}
-	date := time.Now().UTC().Format(http.TimeFormat)
-	resource := "/" + bucket + "/" + key
-	signing := "PUT\n\n" + contentType + "\n" + date + "\n" + resource
-	mac := hmac.New(sha1.New, []byte(accessKeySecret))
-	_, _ = mac.Write([]byte(signing))
-	signature := base64.StdEncoding.EncodeToString(mac.Sum(nil))
-	putURL := ossObjectURL(endpoint, bucket, key)
-	req, err := http.NewRequestWithContext(ctx, http.MethodPut, putURL, f)
-	if err != nil {
-		return "", err
-	}
-	req.ContentLength = st.Size()
-	req.Header.Set("Date", date)
-	req.Header.Set("Content-Type", contentType)
-	req.Header.Set("Authorization", "OSS "+accessKeyID+":"+signature)
-	resp, err := (&http.Client{Timeout: 5 * time.Minute}).Do(req)
-	if err != nil {
-		return "", err
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode/100 != 2 {
-		body, _ := io.ReadAll(io.LimitReader(resp.Body, 512))
-		return "", fmt.Errorf("oss upload HTTP %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))
-	}
-	publicBase := strings.TrimRight(strings.TrimSpace(s.cfg.GetString(ctx, "oss.public_base_url", "")), "/")
-	if publicBase != "" {
-		return publicBase + "/" + key, nil
-	}
-	return ossObjectURL(endpoint, bucket, key), nil
-}
-
-func (s *GenerationService) ossObjectKey(ctx context.Context, rel string) string {
-	prefix := "generated/{yyyy}/{mm}/{dd}"
-	if s.cfg != nil {
-		prefix = strings.TrimSpace(s.cfg.GetString(ctx, "oss.path_prefix", prefix))
-	}
-	now := time.Now()
-	prefix = strings.Trim(prefix, "/")
-	prefix = strings.ReplaceAll(prefix, "{yyyy}", now.Format("2006"))
-	prefix = strings.ReplaceAll(prefix, "{mm}", now.Format("01"))
-	prefix = strings.ReplaceAll(prefix, "{dd}", now.Format("02"))
-	if prefix == "" {
-		return path.Base(rel)
-	}
-	return prefix + "/" + path.Base(rel)
-}
-
-func ossObjectURL(endpoint, bucket, key string) string {
-	endpoint = strings.TrimRight(strings.TrimSpace(endpoint), "/")
-	if !strings.HasPrefix(endpoint, "http://") && !strings.HasPrefix(endpoint, "https://") {
-		endpoint = "https://" + endpoint
-	}
-	u, err := url.Parse(endpoint)
-	if err != nil || u.Host == "" {
-		return endpoint + "/" + escapePathSegments(key)
-	}
-	if !strings.HasPrefix(u.Host, bucket+".") {
-		u.Host = bucket + "." + u.Host
-	}
-	u.Path = strings.TrimRight(u.Path, "/") + "/" + escapePathSegments(key)
-	u.RawQuery = ""
-	return u.String()
-}
-
-func escapePathSegments(v string) string {
-	parts := strings.Split(v, "/")
-	for i, p := range parts {
-		parts[i] = url.PathEscape(p)
-	}
-	return strings.Join(parts, "/")
-}
-
-func normalizeAssetSourceURL(v string) string {
-	v = strings.TrimSpace(v)
-	if v == "" || strings.HasPrefix(v, "data:") {
-		return ""
-	}
-	if strings.HasPrefix(v, "http://") || strings.HasPrefix(v, "https://") {
-		return v
-	}
-	return "https://assets.grok.com/" + strings.TrimLeft(v, "/")
-}
-
-func assetExt(source, contentType string, thumb bool) string {
-	lower := strings.ToLower(source)
-	for _, ext := range []string{".mp4", ".webm", ".png", ".jpg", ".jpeg", ".webp"} {
-		if strings.Contains(lower, ext) {
-			if ext == ".jpeg" {
-				return ".jpg"
-			}
-			return ext
-		}
-	}
-	ct := strings.ToLower(contentType)
-	switch {
-	case strings.Contains(ct, "video/webm"):
-		return ".webm"
-	case strings.Contains(ct, "video/"):
-		return ".mp4"
-	case strings.Contains(ct, "png"):
-		return ".png"
-	case strings.Contains(ct, "webp"):
-		return ".webp"
-	case thumb:
-		return ".jpg"
-	default:
-		return ".bin"
-	}
-}
-
-func buildCookieForAssetDownload(cred string) string {
-	cred = strings.TrimSpace(cred)
-	if strings.Contains(cred, "=") {
-		if !strings.Contains(cred, "sso-rw=") {
-			if token := extractCookieValue(cred, "sso"); token != "" {
-				cred = strings.TrimRight(cred, "; ") + "; sso-rw=" + token
-			}
-		}
-		return cred
-	}
-	return "sso=" + cred + "; sso-rw=" + cred
-}
-
-func extractCookieValue(cookie, name string) string {
-	prefix := name + "="
-	for _, part := range strings.Split(cookie, ";") {
-		part = strings.TrimSpace(part)
-		if strings.HasPrefix(part, prefix) {
-			return strings.TrimPrefix(part, prefix)
-		}
-	}
-	return ""
-}
-
-func (s *GenerationService) failTask(ctx context.Context, t *model.GenerationTask, reason string) {
-	displayReason := userFacingGenerationError(reason)
-	if err := s.repo.SetFailed(ctx, t.TaskID, displayReason); err != nil {
-		logger.FromCtx(ctx).Warn("gen.fail.update_status", zap.Error(err))
-	}
-	if t.CostPoints > 0 {
-		if err := s.billing.FailRefund(ctx, t.TaskID, displayReason); err != nil {
-			logger.FromCtx(ctx).Warn("gen.fail.refund", zap.Error(err))
-		}
-	}
-}
-
-// ReapStaleTasks closes tasks that were left pending/running after a restart or
-// a killed provider request. Normal in-flight jobs have much shorter context
-// deadlines than these cutoffs, so this only catches genuinely abandoned rows.
-func (s *GenerationService) ReapStaleTasks(ctx context.Context, userID uint64) {
-	if s == nil || s.db == nil {
-		return
-	}
-	now := time.Now().UTC()
-	cutoff := now.Add(-1 * time.Hour)
-	var tasks []*model.GenerationTask
-	q := s.db.WithContext(ctx).
-		Where("deleted_at IS NULL AND status IN ?", []int8{model.GenStatusPending, model.GenStatusRunning}).
-		Where("(started_at IS NOT NULL AND started_at < ?) OR (started_at IS NULL AND created_at < ?)", cutoff, cutoff).
-		Order("id ASC").
-		Limit(200)
-	if userID > 0 {
-		q = q.Where("user_id = ?", userID)
-	}
-	if err := q.Find(&tasks).Error; err != nil {
-		logger.FromCtx(ctx).Warn("gen.stale.query_failed", zap.Error(err))
-		return
-	}
-	for _, t := range tasks {
-		s.failTask(ctx, t, "任务执行超时，已自动结束")
-	}
-}
-
-// === helpers ===
-
-func intPtr(v int) *int {
-	if v == 0 {
-		return nil
-	}
-	return &v
-}
-
-// newULID 生成一个 26 字符 ULID（Crockford base32 简化版）。
-//
-// 用 UUID 转 hex 后截 26 位（在严格 ULID 库引入前的过渡方案）。
-func newULID() string {
-	id := uuid.NewString()
-	clean := ""
-	for i := 0; i < len(id); i++ {
-		ch := id[i]
-		if ch == '-' {
-			continue
-		}
-		clean += string(ch)
-		if len(clean) == 26 {
-			break
-		}
-	}
-	return clean
-}
-
-var _ = errors.New
-
-var usageLimitResetAtRe = regexp.MustCompile(`"resets_at"\s*:\s*([0-9]+)`)
-
-func isFatalOAuthRefreshError(err error) bool {
-	if err == nil {
-		return false
-	}
-	msg := strings.ToLower(err.Error())
-	if !strings.Contains(msg, "refresh oauth access_token failed") {
-		return false
-	}
-	return strings.Contains(msg, " 401") ||
-		strings.Contains(msg, "返回 401") ||
-		strings.Contains(msg, "already been used") ||
-		strings.Contains(msg, "please try signing in again") ||
-		strings.Contains(msg, "invalid_request_error")
-}
-
-func retryableProviderError(err error) bool {
-	if err == nil {
-		return false
-	}
-	msg := strings.ToLower(err.Error())
-	return isFatalOAuthRefreshError(err) ||
-		isUsageLimitReachedError(err) ||
-		strings.Contains(msg, "http 429") ||
-		strings.Contains(msg, "too many requests") ||
-		isGrokRetryableForbiddenError(msg)
-}
-
-func isTransientProviderPathError(provider string, err error) bool {
-	if err == nil || provider != model.ProviderGROK {
-		return false
-	}
-	msg := strings.ToLower(err.Error())
-	return strings.Contains(msg, "http 403") && isGrokRetryableForbiddenError(msg)
-}
-
-func isGrokRetryableForbiddenError(msg string) bool {
-	if msg == "" {
-		return false
-	}
-	return strings.Contains(msg, "grok upload http 403") ||
-		strings.Contains(msg, "grok video http 403") ||
-		strings.Contains(msg, "grok media post http 403") ||
-		strings.Contains(msg, "grok http 403") ||
-		strings.Contains(msg, "forbidden") ||
-		strings.Contains(msg, "cloudflare") ||
-		strings.Contains(msg, "just a moment") ||
-		strings.Contains(msg, "request rejected by anti-bot rules")
-}
-
-func isUsageLimitReachedError(err error) bool {
-	if err == nil {
-		return false
-	}
-	msg := strings.ToLower(err.Error())
-	return strings.Contains(msg, "usage_limit_reached") ||
-		strings.Contains(msg, "the usage limit has been reached") ||
-		strings.Contains(msg, "\"plan_type\":\"free\"") ||
-		strings.Contains(msg, "\"plan_type\": \"free\"")
-}
-
-func usageLimitResetAt(err error) time.Time {
-	if err == nil {
-		return time.Time{}
-	}
-	m := usageLimitResetAtRe.FindStringSubmatch(err.Error())
-	if len(m) != 2 {
-		return time.Time{}
-	}
-	sec, e := strconv.ParseInt(m[1], 10, 64)
-	if e != nil || sec <= 0 {
-		return time.Time{}
-	}
-	return time.Unix(sec, 0).UTC()
-}
-
-func providerCooldown(err error) time.Duration {
-	if err == nil {
-		return 5 * time.Minute
-	}
-	msg := strings.ToLower(err.Error())
-	if isGrokRetryableForbiddenError(msg) {
-		return 0
-	}
-	switch {
-	case strings.Contains(msg, "http 429"), strings.Contains(msg, "too many requests"):
-		return 30 * time.Minute
-	case strings.Contains(msg, "http 403"), strings.Contains(msg, "forbidden"),
-		strings.Contains(msg, "cloudflare"), strings.Contains(msg, "just a moment"),
-		strings.Contains(msg, "anti-bot"), strings.Contains(msg, "request rejected"):
-		return 2 * time.Hour
-	case strings.Contains(msg, "anti-bot"), strings.Contains(msg, "request rejected"):
-		return 2 * time.Hour
-	default:
-		return 10 * time.Minute
-	}
-}
-
-func userFacingGenerationError(reason string) string {
-	msg := strings.ToLower(reason)
-	switch {
-	case strings.Contains(msg, "just a moment"), strings.Contains(msg, "cloudflare"):
-		return "GROK 触发了 Cloudflare 验证，请配置可用的 CF Cookie/代理后再试"
-	case strings.Contains(msg, "grok video http 429"), strings.Contains(msg, "too many requests"):
-		return "GROK 视频生成频率受限，请稍后重试，或更换可用账号/代理后再试"
-	case strings.Contains(msg, "anti-bot"), strings.Contains(msg, "request rejected"):
-		return "GROK 风控拦截了本次请求，请更换代理或稍后重试"
-	default:
-		return reason
-	}
-}
diff --git a/backend/internal/service/generation_service_test.go b/backend/internal/service/generation_service_test.go
deleted file mode 100644
index 42eb68a4..00000000
--- a/backend/internal/service/generation_service_test.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package service
-
-import (
-	"errors"
-	"testing"
-	"time"
-)
-
-func TestProviderCooldownGrokForbiddenIsTransient(t *testing.T) {
-	err := errors.New(`grok upload HTTP 403: <!DOCTYPE html><html><head><title>Just a moment...</title></head></html>`)
-	if got := providerCooldown(err); got != 0 {
-		t.Fatalf("expected transient cooldown 0, got %s", got)
-	}
-}
-
-func TestProviderCooldownRetryable429StillCooldowns(t *testing.T) {
-	err := errors.New(`provider call: grok video HTTP 429: {"error":{"code":8,"message":"Too many requests"}}`)
-	got := providerCooldown(err)
-	if got < 30*time.Minute {
-		t.Fatalf("expected 429 cooldown >= 30m, got %s", got)
-	}
-}
diff --git a/backend/internal/service/grok_cf_refresh_service.go b/backend/internal/service/grok_cf_refresh_service.go
deleted file mode 100644
index 933ed8cb..00000000
--- a/backend/internal/service/grok_cf_refresh_service.go
+++ /dev/null
@@ -1,241 +0,0 @@
-package service
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"go.uber.org/zap"
-
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-const defaultGrokCFStatePath = "/app/storage/grok_cf.json"
-
-type GrokCFRefreshService struct {
-	cfg      *SystemConfigService
-	proxySvc *ProxyService
-	client   *http.Client
-}
-
-type grokCFState struct {
-	Cookies     string `json:"cookies"`
-	CFClearance string `json:"cf_clearance"`
-	UserAgent   string `json:"user_agent"`
-	Browser     string `json:"browser"`
-	ProxyURL    string `json:"proxy_url,omitempty"`
-	UpdatedAt   int64  `json:"updated_at"`
-}
-
-func NewGrokCFRefreshService(cfg *SystemConfigService, proxySvc *ProxyService) *GrokCFRefreshService {
-	return &GrokCFRefreshService{
-		cfg:      cfg,
-		proxySvc: proxySvc,
-		client:   &http.Client{Timeout: 5 * time.Minute},
-	}
-}
-
-func (s *GrokCFRefreshService) Start(ctx context.Context) {
-	if s == nil || s.cfg == nil {
-		return
-	}
-	go s.loop(ctx)
-}
-
-func (s *GrokCFRefreshService) loop(ctx context.Context) {
-	s.refreshOnce(ctx)
-	ticker := time.NewTicker(s.cfg.GrokCFRefreshInterval(ctx))
-	defer ticker.Stop()
-	for {
-		select {
-		case <-ctx.Done():
-			return
-		case <-ticker.C:
-			s.refreshOnce(ctx)
-			ticker.Reset(s.cfg.GrokCFRefreshInterval(ctx))
-		}
-	}
-}
-
-func (s *GrokCFRefreshService) refreshOnce(parent context.Context) {
-	if !s.cfg.GrokCFEnabled(parent) {
-		return
-	}
-	solverURL := s.cfg.GrokCFSolverURL(parent)
-	if solverURL == "" {
-		return
-	}
-	timeout := s.cfg.GrokCFTimeout(parent)
-	ctx, cancel := context.WithTimeout(parent, timeout+15*time.Second)
-	defer cancel()
-
-	proxyURL, err := s.globalProxyURL(ctx)
-	if err != nil {
-		s.recordError(ctx, fmt.Sprintf("resolve proxy: %v", err))
-		return
-	}
-	state, err := s.solve(ctx, solverURL, proxyURL, timeout)
-	if err != nil {
-		s.recordError(ctx, err.Error())
-		return
-	}
-	if state.Cookies == "" && state.CFClearance == "" {
-		s.recordError(ctx, "flaresolverr returned no cf cookies")
-		return
-	}
-	if err := writeGrokCFState(state); err != nil {
-		s.recordError(ctx, fmt.Sprintf("write state: %v", err))
-		return
-	}
-	_ = s.cfg.UpsertMany(ctx, map[string]any{
-		SettingGrokCFCookies:       state.Cookies,
-		SettingGrokCFClearance:     state.CFClearance,
-		SettingGrokCFUserAgent:     state.UserAgent,
-		SettingGrokCFBrowser:       state.Browser,
-		SettingGrokCFLastRefreshAt: state.UpdatedAt,
-		SettingGrokCFLastError:     "",
-	}, 0)
-	logger.L().Info("grok cf refreshed",
-		zap.Bool("has_clearance", state.CFClearance != ""),
-		zap.Bool("has_proxy", state.ProxyURL != ""),
-		zap.String("browser", state.Browser),
-	)
-}
-
-func (s *GrokCFRefreshService) globalProxyURL(ctx context.Context) (string, error) {
-	if s.proxySvc == nil || !s.cfg.GlobalProxyEnabled(ctx) {
-		return "", nil
-	}
-	pid := s.cfg.GlobalProxyID(ctx)
-	if pid == 0 {
-		return "", nil
-	}
-	p, err := s.proxySvc.GetByID(ctx, pid)
-	if err != nil || p == nil || p.Status != model.ProxyStatusEnabled {
-		return "", err
-	}
-	u, err := s.proxySvc.BuildURL(p)
-	if err != nil || u == nil {
-		return "", err
-	}
-	return u.String(), nil
-}
-
-func (s *GrokCFRefreshService) solve(ctx context.Context, solverURL, proxyURL string, timeout time.Duration) (*grokCFState, error) {
-	reqBody := map[string]any{
-		"cmd":        "request.get",
-		"url":        "https://grok.com",
-		"maxTimeout": int(timeout / time.Millisecond),
-	}
-	if proxyURL != "" {
-		reqBody["proxy"] = map[string]any{"url": proxyURL}
-	}
-	rawReq, _ := json.Marshal(reqBody)
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, strings.TrimRight(solverURL, "/")+"/v1", bytes.NewReader(rawReq))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	resp, err := s.client.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("flaresolverr request: %w", err)
-	}
-	defer resp.Body.Close()
-	raw, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
-	if resp.StatusCode/100 != 2 {
-		return nil, fmt.Errorf("flaresolverr HTTP %d: %s", resp.StatusCode, snippetString(raw, 300))
-	}
-	var obj struct {
-		Status   string `json:"status"`
-		Message  string `json:"message"`
-		Solution struct {
-			UserAgent string `json:"userAgent"`
-			Cookies   []struct {
-				Name  string `json:"name"`
-				Value string `json:"value"`
-			} `json:"cookies"`
-		} `json:"solution"`
-	}
-	if err := json.Unmarshal(raw, &obj); err != nil {
-		return nil, fmt.Errorf("decode flaresolverr: %w", err)
-	}
-	if !strings.EqualFold(obj.Status, "ok") {
-		return nil, fmt.Errorf("flaresolverr status %q: %s", obj.Status, obj.Message)
-	}
-	parts := make([]string, 0, len(obj.Solution.Cookies))
-	cf := ""
-	for _, c := range obj.Solution.Cookies {
-		if strings.TrimSpace(c.Name) == "" {
-			continue
-		}
-		parts = append(parts, strings.TrimSpace(c.Name)+"="+strings.TrimSpace(c.Value))
-		if c.Name == "cf_clearance" {
-			cf = strings.TrimSpace(c.Value)
-		}
-	}
-	return &grokCFState{
-		Cookies:     strings.Join(parts, "; "),
-		CFClearance: cf,
-		UserAgent:   strings.TrimSpace(obj.Solution.UserAgent),
-		Browser:     browserFromUA(obj.Solution.UserAgent),
-		ProxyURL:    proxyURL,
-		UpdatedAt:   time.Now().Unix(),
-	}, nil
-}
-
-func (s *GrokCFRefreshService) recordError(ctx context.Context, msg string) {
-	logger.L().Warn("grok cf refresh failed", zap.String("error", msg))
-	_ = s.cfg.UpsertMany(ctx, map[string]any{
-		SettingGrokCFLastError: msg,
-	}, 0)
-}
-
-func grokCFStatePath() string {
-	if v := strings.TrimSpace(os.Getenv("KLEIN_GROK_CF_STATE_PATH")); v != "" {
-		return v
-	}
-	return defaultGrokCFStatePath
-}
-
-func writeGrokCFState(state *grokCFState) error {
-	path := grokCFStatePath()
-	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
-		return err
-	}
-	raw, err := json.MarshalIndent(state, "", "  ")
-	if err != nil {
-		return err
-	}
-	tmp := path + ".tmp"
-	if err := os.WriteFile(tmp, raw, 0o600); err != nil {
-		return err
-	}
-	return os.Rename(tmp, path)
-}
-
-func browserFromUA(ua string) string {
-	ua = strings.ToLower(ua)
-	if strings.Contains(ua, "chrome/") || strings.Contains(ua, "chromium/") {
-		return "chrome"
-	}
-	if strings.Contains(ua, "firefox/") {
-		return "firefox"
-	}
-	return ""
-}
-
-func snippetString(raw []byte, limit int) string {
-	s := strings.TrimSpace(string(raw))
-	if limit > 0 && len(s) > limit {
-		return s[:limit] + "...(truncated)"
-	}
-	return s
-}
diff --git a/backend/internal/service/grok_token.go b/backend/internal/service/grok_token.go
deleted file mode 100644
index 30c6a6ab..00000000
--- a/backend/internal/service/grok_token.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package service
-
-import (
-	"strings"
-)
-
-func normalizeGrokSSOToken(token string) string {
-	token = strings.TrimSpace(token)
-	token = strings.TrimPrefix(token, "Bearer ")
-	token = strings.TrimPrefix(token, "bearer ")
-	token = strings.TrimPrefix(token, "sso=")
-	token = strings.ReplaceAll(token, "\u200b", "")
-	token = strings.ReplaceAll(token, "\ufeff", "")
-	return strings.Join(strings.Fields(token), "")
-}
-
-func shortTokenName(token string) string {
-	token = normalizeGrokSSOToken(token)
-	if len(token) <= 10 {
-		return token
-	}
-	return token[:10]
-}
diff --git a/backend/internal/service/openai_oauth_service.go b/backend/internal/service/openai_oauth_service.go
deleted file mode 100644
index b8b027e6..00000000
--- a/backend/internal/service/openai_oauth_service.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package service
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/outbound"
-)
-
-// OpenAITokenResponse OAuth Token 响应（Codex CLI 流）。
-type OpenAITokenResponse struct {
-	AccessToken  string `json:"access_token"`
-	RefreshToken string `json:"refresh_token,omitempty"`
-	IDToken      string `json:"id_token,omitempty"`
-	TokenType    string `json:"token_type,omitempty"`
-	ExpiresIn    int64  `json:"expires_in,omitempty"`
-	Scope        string `json:"scope,omitempty"`
-}
-
-// OpenAIOAuthService 调用 auth.openai.com/oauth/token 刷新 access_token。
-type OpenAIOAuthService struct {
-	cfg *SystemConfigService
-}
-
-// NewOpenAIOAuthService 构造。
-func NewOpenAIOAuthService(cfg *SystemConfigService) *OpenAIOAuthService {
-	return &OpenAIOAuthService{cfg: cfg}
-}
-
-// RefreshToken 用 refresh_token 兑换新 access_token。
-//
-// proxyURL 可空字符串（直连）；返回的 RefreshToken 可能为空，调用方需自行保留旧值。
-func (s *OpenAIOAuthService) RefreshToken(ctx context.Context, refreshToken, clientID, proxyURL string) (*OpenAITokenResponse, error) {
-	refreshToken = strings.TrimSpace(refreshToken)
-	if refreshToken == "" {
-		return nil, errcode.InvalidParam.WithMsg("缺少 refresh_token")
-	}
-	clientID = strings.TrimSpace(clientID)
-	if clientID == "" {
-		clientID = s.cfg.OpenAIClientID(ctx)
-	}
-	tokenURL := s.cfg.OpenAITokenURL(ctx)
-
-	client, err := outbound.NewClient(outbound.Options{
-		ProxyURL: proxyURL,
-		Timeout:  30 * time.Second,
-		Mode:     outbound.ModeUTLS,
-		Profile:  outbound.ProfileChrome,
-	})
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-
-	form := url.Values{}
-	form.Set("grant_type", "refresh_token")
-	form.Set("refresh_token", refreshToken)
-	form.Set("client_id", clientID)
-	form.Set("scope", "openid profile email")
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL,
-		strings.NewReader(form.Encode()))
-	if err != nil {
-		return nil, errcode.Internal.Wrap(err)
-	}
-	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Set("Accept", "application/json")
-	req.Header.Set("User-Agent", "codex-cli/0.91.0")
-
-	resp, err := client.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("OpenAI 刷新请求失败: %w", err)
-	}
-	defer resp.Body.Close()
-	body, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
-	if resp.StatusCode/100 != 2 {
-		// 提取 error 描述
-		msg := strings.TrimSpace(string(body))
-		if len(msg) > 200 {
-			msg = msg[:200]
-		}
-		return nil, fmt.Errorf("OpenAI 返回 %d: %s", resp.StatusCode, msg)
-	}
-	var tr OpenAITokenResponse
-	if err := json.Unmarshal(body, &tr); err != nil {
-		return nil, fmt.Errorf("解析 OpenAI Token 响应失败: %w", err)
-	}
-	if tr.AccessToken == "" {
-		return nil, errors.New("OpenAI 响应缺少 access_token")
-	}
-	return &tr, nil
-}
diff --git a/backend/internal/service/pricing.go b/backend/internal/service/pricing.go
deleted file mode 100644
index 63ac1d49..00000000
--- a/backend/internal/service/pricing.go
+++ /dev/null
@@ -1,188 +0,0 @@
-// Package service 模型计费表（开发期内置；后续从 model 表读取并缓存）。
-package service
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/kleinai/backend/internal/provider"
-)
-
-// DefaultPriceTable 默认计费（与 migrations/seed 对齐）。
-//
-// 单位：点 *100。例：400 = 4 点 / 张图。
-var DefaultPriceTable = map[string]int64{
-	"gpt-4o-mini":        100,
-	"gpt-image-2":        0,
-	"vid-v1":             1500, // 4 秒视频
-	"vid-i2v":            2000,
-	"grok-imagine-video": 2000,
-}
-
-// ChatPrice is points*100 per 1K tokens.
-type ChatPrice struct {
-	InputPerK  int64
-	OutputPerK int64
-}
-
-// DefaultChatPriceFn returns default token prices in points*100 per 1K tokens.
-func DefaultChatPriceFn(modelCode string) ChatPrice {
-	switch modelCode {
-	case "gpt-4o-mini":
-		return ChatPrice{InputPerK: 100, OutputPerK: 300}
-	case "grok-4.20-fast":
-		return ChatPrice{InputPerK: 100, OutputPerK: 300}
-	case "grok-4.20-auto":
-		return ChatPrice{InputPerK: 150, OutputPerK: 450}
-	case "grok-4.20-expert":
-		return ChatPrice{InputPerK: 200, OutputPerK: 600}
-	case "grok-4.20-heavy":
-		return ChatPrice{InputPerK: 400, OutputPerK: 1200}
-	case "grok-4.3-beta":
-		return ChatPrice{InputPerK: 300, OutputPerK: 900}
-	default:
-		return ChatPrice{InputPerK: 100, OutputPerK: 300}
-	}
-}
-
-// DefaultPriceFn 实现 PriceFunc。
-func DefaultPriceFn(modelCode string, kind provider.Kind, params map[string]any) int64 {
-	if v, ok := DefaultPriceTable[modelCode]; ok {
-		// 视频：按秒倍率
-		if kind == provider.KindVideo {
-			if dur, ok2 := params["duration"].(float64); ok2 {
-				dur = float64(normalizeBillingVideoDuration(int(dur)))
-				if dur <= 6 {
-					return v
-				}
-				factor := dur / 6
-				return int64(float64(v) * factor)
-			}
-		}
-		return v
-	}
-	switch kind {
-	case provider.KindImage:
-		return 400
-	case provider.KindVideo:
-		return 1500
-	}
-	return 0
-}
-
-func ConfigPriceFn(cfg *SystemConfigService) PriceFunc {
-	return func(modelCode string, kind provider.Kind, params map[string]any) int64 {
-		if cfg != nil {
-			raw := cfg.GetString(context.Background(), "billing.model_prices", "")
-			if raw != "" {
-				var rows []struct {
-					ModelCode  string `json:"model_code"`
-					UnitPoints int64  `json:"unit_points"`
-					Enabled    *bool  `json:"enabled"`
-				}
-				if err := json.Unmarshal([]byte(raw), &rows); err == nil {
-					for _, row := range rows {
-						if row.ModelCode != modelCode {
-							continue
-						}
-						if row.Enabled != nil && !*row.Enabled {
-							continue
-						}
-						if kind == provider.KindVideo {
-							if dur, ok2 := params["duration"].(float64); ok2 {
-								dur = float64(normalizeBillingVideoDuration(int(dur)))
-								if dur <= 6 {
-									return row.UnitPoints
-								}
-								return int64(float64(row.UnitPoints) * (dur / 6))
-							}
-						}
-						return row.UnitPoints
-					}
-				}
-				var prices map[string]int64
-				if err := json.Unmarshal([]byte(raw), &prices); err == nil {
-					if v, ok := prices[modelCode]; ok {
-						if kind == provider.KindVideo {
-							if dur, ok2 := params["duration"].(float64); ok2 {
-								dur = float64(normalizeBillingVideoDuration(int(dur)))
-								if dur <= 6 {
-									return v
-								}
-								return int64(float64(v) * (dur / 6))
-							}
-						}
-						return v
-					}
-				}
-			}
-		}
-		return DefaultPriceFn(modelCode, kind, params)
-	}
-}
-
-func ConfigChatPriceFn(cfg *SystemConfigService) func(modelCode string) ChatPrice {
-	return func(modelCode string) ChatPrice {
-		def := DefaultChatPriceFn(modelCode)
-		if cfg == nil {
-			return def
-		}
-		raw := cfg.GetString(context.Background(), "billing.model_prices", "")
-		if raw == "" {
-			return def
-		}
-		var rows []struct {
-			ModelCode        string `json:"model_code"`
-			Kind             string `json:"kind"`
-			UnitPoints       *int64 `json:"unit_points"`
-			InputUnitPoints  *int64 `json:"input_unit_points"`
-			OutputUnitPoints *int64 `json:"output_unit_points"`
-			Enabled          *bool  `json:"enabled"`
-		}
-		if err := json.Unmarshal([]byte(raw), &rows); err == nil {
-			for _, row := range rows {
-				if row.ModelCode != modelCode {
-					continue
-				}
-				if row.Enabled != nil && !*row.Enabled {
-					continue
-				}
-				if row.InputUnitPoints != nil || row.OutputUnitPoints != nil {
-					if row.InputUnitPoints != nil {
-						def.InputPerK = *row.InputUnitPoints
-					}
-					if row.OutputUnitPoints != nil {
-						def.OutputPerK = *row.OutputUnitPoints
-					}
-					return def
-				}
-				if row.Kind == "text" && row.UnitPoints != nil {
-					return ChatPrice{InputPerK: *row.UnitPoints, OutputPerK: *row.UnitPoints}
-				}
-			}
-		}
-		return def
-	}
-}
-
-func ChatCost(price ChatPrice, promptTokens, completionTokens int) int64 {
-	if price.InputPerK <= 0 && price.OutputPerK <= 0 {
-		return 0
-	}
-	in := (int64(promptTokens)*price.InputPerK + 999) / 1000
-	out := (int64(completionTokens)*price.OutputPerK + 999) / 1000
-	total := in + out
-	if total <= 0 {
-		return 1
-	}
-	return total
-}
-
-func normalizeBillingVideoDuration(sec int) int {
-	for _, v := range []int{6, 10} {
-		if sec <= v {
-			return v
-		}
-	}
-	return 10
-}
diff --git a/backend/internal/service/proxy_service.go b/backend/internal/service/proxy_service.go
deleted file mode 100644
index 68de3999..00000000
--- a/backend/internal/service/proxy_service.go
+++ /dev/null
@@ -1,263 +0,0 @@
-package service
-
-import (
-	"context"
-	"fmt"
-	"net/url"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/crypto"
-	"github.com/kleinai/backend/pkg/errcode"
-)
-
-// ProxyService 代理 CRUD 与运行时 URL 拼装。
-type ProxyService struct {
-	repo *repo.ProxyRepo
-	aes  *crypto.AESGCM
-
-	// 简易缓存：避免热路径每次都查 DB。
-	mu     sync.RWMutex
-	cached map[uint64]*model.Proxy
-	loaded time.Time
-}
-
-// NewProxyService 构造。
-func NewProxyService(r *repo.ProxyRepo, aes *crypto.AESGCM) *ProxyService {
-	return &ProxyService{repo: r, aes: aes, cached: map[uint64]*model.Proxy{}}
-}
-
-// Create 创建代理。
-func (s *ProxyService) Create(ctx context.Context, adminID uint64, req *dto.ProxyCreateReq) (*model.Proxy, error) {
-	if err := validateProtocol(req.Protocol); err != nil {
-		return nil, err
-	}
-	p := &model.Proxy{
-		Name:      strings.TrimSpace(req.Name),
-		Protocol:  strings.ToLower(strings.TrimSpace(req.Protocol)),
-		Host:      strings.TrimSpace(req.Host),
-		Port:      req.Port,
-		Status:    model.ProxyStatusEnabled,
-		CreatedBy: &adminID,
-	}
-	if u := strings.TrimSpace(req.Username); u != "" {
-		p.Username = &u
-	}
-	if pw := req.Password; pw != "" {
-		enc, err := s.aes.Encrypt([]byte(pw))
-		if err != nil {
-			return nil, errcode.Internal.Wrap(err)
-		}
-		p.PasswordEnc = enc
-	}
-	if r := strings.TrimSpace(req.Remark); r != "" {
-		p.Remark = &r
-	}
-	if err := s.repo.Create(ctx, p); err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	s.invalidate()
-	return p, nil
-}
-
-// Update 更新代理（password 留空表示不变）。
-func (s *ProxyService) Update(ctx context.Context, id uint64, req *dto.ProxyUpdateReq) error {
-	if _, err := s.repo.GetByID(ctx, id); err != nil {
-		return errcode.ResourceMissing
-	}
-	fields := map[string]any{}
-	if req.Name != nil {
-		fields["name"] = strings.TrimSpace(*req.Name)
-	}
-	if req.Protocol != nil {
-		if err := validateProtocol(*req.Protocol); err != nil {
-			return err
-		}
-		fields["protocol"] = strings.ToLower(*req.Protocol)
-	}
-	if req.Host != nil {
-		fields["host"] = strings.TrimSpace(*req.Host)
-	}
-	if req.Port != nil {
-		fields["port"] = *req.Port
-	}
-	if req.Username != nil {
-		if u := strings.TrimSpace(*req.Username); u == "" {
-			fields["username"] = nil
-		} else {
-			fields["username"] = u
-		}
-	}
-	if req.Password != nil {
-		if pw := *req.Password; pw == "" {
-			fields["password_enc"] = nil
-		} else {
-			enc, err := s.aes.Encrypt([]byte(pw))
-			if err != nil {
-				return errcode.Internal.Wrap(err)
-			}
-			fields["password_enc"] = enc
-		}
-	}
-	if req.Status != nil {
-		fields["status"] = *req.Status
-	}
-	if req.Remark != nil {
-		fields["remark"] = strings.TrimSpace(*req.Remark)
-	}
-	if err := s.repo.Update(ctx, id, fields); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	s.invalidate()
-	return nil
-}
-
-// Delete 软删除。
-func (s *ProxyService) Delete(ctx context.Context, id uint64) error {
-	if _, err := s.repo.GetByID(ctx, id); err != nil {
-		return errcode.ResourceMissing
-	}
-	if err := s.repo.SoftDelete(ctx, id); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	s.invalidate()
-	return nil
-}
-
-// List 列表（出参脱敏）。
-func (s *ProxyService) List(ctx context.Context, req *dto.ProxyListReq) ([]*dto.ProxyResp, int64, error) {
-	items, total, err := s.repo.List(ctx, repo.ProxyListFilter{
-		Status:   req.Status,
-		Keyword:  req.Keyword,
-		Page:     req.Page,
-		PageSize: req.PageSize,
-	})
-	if err != nil {
-		return nil, 0, errcode.DBError.Wrap(err)
-	}
-	resp := make([]*dto.ProxyResp, 0, len(items))
-	for _, it := range items {
-		resp = append(resp, proxyToResp(it))
-	}
-	return resp, total, nil
-}
-
-// GetByID 获取（用于其它服务）。
-func (s *ProxyService) GetByID(ctx context.Context, id uint64) (*model.Proxy, error) {
-	if id == 0 {
-		return nil, nil
-	}
-	s.mu.RLock()
-	if p, ok := s.cached[id]; ok && time.Since(s.loaded) < 30*time.Second {
-		s.mu.RUnlock()
-		return p, nil
-	}
-	s.mu.RUnlock()
-	p, err := s.repo.GetByID(ctx, id)
-	if err != nil {
-		return nil, err
-	}
-	s.mu.Lock()
-	s.cached[id] = p
-	s.loaded = time.Now()
-	s.mu.Unlock()
-	return p, nil
-}
-
-// ResolvePassword 把 PasswordEnc 解密成明文（仅在内部需要时用）。
-func (s *ProxyService) ResolvePassword(p *model.Proxy) (string, error) {
-	if len(p.PasswordEnc) == 0 {
-		return "", nil
-	}
-	plain, err := s.aes.Decrypt(p.PasswordEnc)
-	if err != nil {
-		return "", err
-	}
-	return string(plain), nil
-}
-
-// BuildURL 把代理拼成 url.URL（含密码）。
-func (s *ProxyService) BuildURL(p *model.Proxy) (*url.URL, error) {
-	if p == nil {
-		return nil, nil
-	}
-	u := &url.URL{
-		Scheme: p.Protocol,
-		Host:   p.Host + ":" + strconv.Itoa(int(p.Port)),
-	}
-	if p.Username != nil && *p.Username != "" {
-		pw, err := s.ResolvePassword(p)
-		if err != nil {
-			return nil, err
-		}
-		u.User = url.UserPassword(*p.Username, pw)
-	}
-	return u, nil
-}
-
-// MarkCheck 记录代理探测结果。
-func (s *ProxyService) MarkCheck(ctx context.Context, id uint64, ok bool, latencyMs int, errMsg string) error {
-	if errMsg != "" && len(errMsg) > 250 {
-		errMsg = errMsg[:250]
-	}
-	if err := s.repo.MarkCheck(ctx, id, ok, latencyMs, errMsg); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	s.invalidate()
-	return nil
-}
-
-// invalidate 简易缓存失效。
-func (s *ProxyService) invalidate() {
-	s.mu.Lock()
-	s.cached = map[uint64]*model.Proxy{}
-	s.mu.Unlock()
-}
-
-// === helpers ===
-
-func validateProtocol(proto string) error {
-	switch strings.ToLower(strings.TrimSpace(proto)) {
-	case model.ProxyProtoHTTP,
-		model.ProxyProtoHTTPS,
-		model.ProxyProtoSOCKS5,
-		model.ProxyProtoSOCKS5H:
-		return nil
-	default:
-		return errcode.InvalidParam.WithMsg(fmt.Sprintf("不支持的协议: %s", proto))
-	}
-}
-
-func proxyToResp(p *model.Proxy) *dto.ProxyResp {
-	r := &dto.ProxyResp{
-		ID:           p.ID,
-		Name:         p.Name,
-		Protocol:     p.Protocol,
-		Host:         p.Host,
-		Port:         p.Port,
-		Status:       p.Status,
-		HasPassword:  len(p.PasswordEnc) > 0,
-		LastCheckOK:  p.LastCheckOK,
-		LastCheckMs:  p.LastCheckMs,
-		CreatedAt:    p.CreatedAt.Unix(),
-		UpdatedAt:    p.UpdatedAt.Unix(),
-	}
-	if p.Username != nil {
-		r.Username = *p.Username
-	}
-	if p.LastCheckAt != nil {
-		r.LastCheckAt = p.LastCheckAt.Unix()
-	}
-	if p.LastError != nil {
-		r.LastError = *p.LastError
-	}
-	if p.Remark != nil {
-		r.Remark = *p.Remark
-	}
-	return r
-}
diff --git a/backend/internal/service/system_config_service.go b/backend/internal/service/system_config_service.go
deleted file mode 100644
index 06faa202..00000000
--- a/backend/internal/service/system_config_service.go
+++ /dev/null
@@ -1,320 +0,0 @@
-package service
-
-import (
-	"context"
-	"encoding/json"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/kleinai/backend/internal/model"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/errcode"
-)
-
-// 系统配置 key 常量。
-const (
-	SettingProxyGlobalEnabled  = "proxy.global_enabled"
-	SettingProxyGlobalID       = "proxy.global_id"
-	SettingOAuthRefreshHours   = "oauth.refresh_before_hours"
-	SettingOAuthOpenAIClientID = "oauth.openai_client_id"
-	SettingOAuthOpenAITokenURL = "oauth.openai_token_url"
-	SettingRetryMaxAttempts    = "retry.max_attempts"
-	SettingRetryBaseDelayMs    = "retry.base_delay_ms"
-	SettingRetryTimeoutSeconds = "retry.timeout_seconds"
-	SettingCircuitFailures     = "tolerance.circuit_failures"
-	SettingCircuitCooldown     = "tolerance.circuit_cooldown_seconds"
-	SettingGrokCFEnabled       = "grok.cf.enabled"
-	SettingGrokCFSolverURL     = "grok.cf.flaresolverr_url"
-	SettingGrokCFRefreshSec    = "grok.cf.refresh_interval_seconds"
-	SettingGrokCFTimeoutSec    = "grok.cf.timeout_seconds"
-	SettingGrokCFCookies       = "grok.cf.cookies"
-	SettingGrokCFClearance     = "grok.cf.clearance"
-	SettingGrokCFUserAgent     = "grok.cf.user_agent"
-	SettingGrokCFBrowser       = "grok.cf.browser"
-	SettingGrokCFLastError     = "grok.cf.last_error"
-	SettingGrokCFLastRefreshAt = "grok.cf.last_refresh_at"
-)
-
-// SystemConfigService 通用系统配置 KV 服务，带 30s 内存缓存。
-type SystemConfigService struct {
-	repo *repo.SystemConfigRepo
-
-	mu     sync.RWMutex
-	cache  map[string]string
-	loaded time.Time
-	ttl    time.Duration
-}
-
-// NewSystemConfigService 构造。ttl<=0 时默认 30s。
-func NewSystemConfigService(r *repo.SystemConfigRepo) *SystemConfigService {
-	return &SystemConfigService{repo: r, cache: map[string]string{}, ttl: 30 * time.Second}
-}
-
-// GetAll 全部 KV（已 JSON 解码）。
-func (s *SystemConfigService) GetAll(ctx context.Context) (map[string]any, error) {
-	rows, err := s.repo.GetAll(ctx)
-	if err != nil {
-		return nil, errcode.DBError.Wrap(err)
-	}
-	out := make(map[string]any, len(rows))
-	for _, r := range rows {
-		var v any
-		_ = json.Unmarshal([]byte(r.Value), &v)
-		out[r.Key] = v
-	}
-	return out, nil
-}
-
-// UpsertMany 批量更新。
-// values 中每个值会先 JSON 序列化再写入。
-func (s *SystemConfigService) UpsertMany(ctx context.Context, values map[string]any, updatedBy uint64) error {
-	if len(values) == 0 {
-		return nil
-	}
-	kvs := make(map[string]string, len(values))
-	for k, v := range values {
-		raw, err := json.Marshal(v)
-		if err != nil {
-			return errcode.InvalidParam.Wrap(err)
-		}
-		kvs[k] = string(raw)
-	}
-	uid := updatedBy
-	if err := s.repo.UpsertMany(ctx, kvs, &uid); err != nil {
-		return errcode.DBError.Wrap(err)
-	}
-	s.invalidate()
-	return nil
-}
-
-// GetString 读字符串配置。fallback 为默认。
-func (s *SystemConfigService) GetString(ctx context.Context, key, fallback string) string {
-	raw, ok := s.getRaw(ctx, key)
-	if !ok {
-		return fallback
-	}
-	var v string
-	if err := json.Unmarshal([]byte(raw), &v); err != nil {
-		// 兼容字符串本身不带引号的旧值
-		return strings.Trim(raw, "\"")
-	}
-	if v == "" {
-		return fallback
-	}
-	return v
-}
-
-// GetInt 读 int64 配置。
-func (s *SystemConfigService) GetInt(ctx context.Context, key string, fallback int64) int64 {
-	raw, ok := s.getRaw(ctx, key)
-	if !ok {
-		return fallback
-	}
-	var v int64
-	if err := json.Unmarshal([]byte(raw), &v); err == nil {
-		return v
-	}
-	if n, err := strconv.ParseInt(strings.Trim(raw, "\""), 10, 64); err == nil {
-		return n
-	}
-	return fallback
-}
-
-// GetBool 读 bool 配置。
-func (s *SystemConfigService) GetBool(ctx context.Context, key string, fallback bool) bool {
-	raw, ok := s.getRaw(ctx, key)
-	if !ok {
-		return fallback
-	}
-	var v bool
-	if err := json.Unmarshal([]byte(raw), &v); err == nil {
-		return v
-	}
-	switch strings.ToLower(strings.Trim(raw, "\"")) {
-	case "true", "1", "yes", "on":
-		return true
-	case "false", "0", "no", "off":
-		return false
-	}
-	return fallback
-}
-
-// GetUint64 读 uint64 配置。
-func (s *SystemConfigService) GetUint64(ctx context.Context, key string, fallback uint64) uint64 {
-	raw, ok := s.getRaw(ctx, key)
-	if !ok {
-		return fallback
-	}
-	var v uint64
-	if err := json.Unmarshal([]byte(raw), &v); err == nil {
-		return v
-	}
-	if n, err := strconv.ParseUint(strings.Trim(raw, "\""), 10, 64); err == nil {
-		return n
-	}
-	return fallback
-}
-
-// === 类型化便捷方法 ===
-
-// GlobalProxyEnabled 是否启用全局代理。
-func (s *SystemConfigService) GlobalProxyEnabled(ctx context.Context) bool {
-	return s.GetBool(ctx, SettingProxyGlobalEnabled, false)
-}
-
-// GlobalProxyID 全局默认代理 ID（0 = 无）。
-func (s *SystemConfigService) GlobalProxyID(ctx context.Context) uint64 {
-	return s.GetUint64(ctx, SettingProxyGlobalID, 0)
-}
-
-// RefreshBeforeHours OAuth 提前刷新窗口（小时）。
-func (s *SystemConfigService) RefreshBeforeHours(ctx context.Context) int64 {
-	v := s.GetInt(ctx, SettingOAuthRefreshHours, 24)
-	if v <= 0 {
-		v = 24
-	}
-	if v > 168 {
-		v = 168
-	}
-	return v
-}
-
-// OpenAIClientID Codex CLI 公开 client_id。
-func (s *SystemConfigService) OpenAIClientID(ctx context.Context) string {
-	return s.GetString(ctx, SettingOAuthOpenAIClientID, "app_EMoamEEZ73f0CkXaXp7hrann")
-}
-
-// OpenAITokenURL OAuth Token Endpoint。
-func (s *SystemConfigService) OpenAITokenURL(ctx context.Context) string {
-	return s.GetString(ctx, SettingOAuthOpenAITokenURL, "https://auth.openai.com/oauth/token")
-}
-
-func (s *SystemConfigService) RetryMaxAttempts(ctx context.Context) int {
-	v := s.GetInt(ctx, SettingRetryMaxAttempts, 2)
-	if v < 0 {
-		v = 0
-	}
-	if v > 20 {
-		v = 20
-	}
-	return int(v) + 1
-}
-
-func (s *SystemConfigService) RetryBaseDelay(ctx context.Context) time.Duration {
-	v := s.GetInt(ctx, SettingRetryBaseDelayMs, 800)
-	if v < 0 {
-		v = 0
-	}
-	if v > 60000 {
-		v = 60000
-	}
-	return time.Duration(v) * time.Millisecond
-}
-
-func (s *SystemConfigService) RetryTimeout(ctx context.Context, fallback time.Duration) time.Duration {
-	if fallback <= 0 {
-		fallback = 5 * time.Minute
-	}
-	v := s.GetInt(ctx, SettingRetryTimeoutSeconds, int64(fallback/time.Second))
-	if v <= 0 {
-		return fallback
-	}
-	if v > 3600 {
-		v = 3600
-	}
-	return time.Duration(v) * time.Second
-}
-
-// CircuitFailureThreshold 连续失败达到该次数后才把账号置为熔断。
-func (s *SystemConfigService) CircuitFailureThreshold(ctx context.Context) int64 {
-	v := s.GetInt(ctx, SettingCircuitFailures, 3)
-	if v <= 0 {
-		return 1
-	}
-	return v
-}
-
-// CircuitCooldownSeconds 账号熔断后的冷却秒数。
-func (s *SystemConfigService) CircuitCooldownSeconds(ctx context.Context) int64 {
-	v := s.GetInt(ctx, SettingCircuitCooldown, 300)
-	if v < 0 {
-		return 0
-	}
-	return v
-}
-
-func (s *SystemConfigService) GrokCFEnabled(ctx context.Context) bool {
-	return s.GetBool(ctx, SettingGrokCFEnabled, true)
-}
-
-func (s *SystemConfigService) GrokCFSolverURL(ctx context.Context) string {
-	return strings.TrimRight(s.GetString(ctx, SettingGrokCFSolverURL, "http://flaresolverr:8191"), "/")
-}
-
-func (s *SystemConfigService) GrokCFRefreshInterval(ctx context.Context) time.Duration {
-	v := s.GetInt(ctx, SettingGrokCFRefreshSec, 600)
-	if v < 60 {
-		v = 60
-	}
-	if v > 86400 {
-		v = 86400
-	}
-	return time.Duration(v) * time.Second
-}
-
-func (s *SystemConfigService) GrokCFTimeout(ctx context.Context) time.Duration {
-	v := s.GetInt(ctx, SettingGrokCFTimeoutSec, 90)
-	if v < 30 {
-		v = 30
-	}
-	if v > 300 {
-		v = 300
-	}
-	return time.Duration(v) * time.Second
-}
-
-// === internal ===
-
-// getRaw 拿原始 JSON 字符串（命中缓存）。
-func (s *SystemConfigService) getRaw(ctx context.Context, key string) (string, bool) {
-	s.mu.RLock()
-	if time.Since(s.loaded) < s.ttl {
-		v, ok := s.cache[key]
-		s.mu.RUnlock()
-		return v, ok
-	}
-	s.mu.RUnlock()
-	if err := s.reload(ctx); err != nil {
-		return "", false
-	}
-	s.mu.RLock()
-	v, ok := s.cache[key]
-	s.mu.RUnlock()
-	return v, ok
-}
-
-func (s *SystemConfigService) reload(ctx context.Context) error {
-	rows, err := s.repo.GetAll(ctx)
-	if err != nil {
-		return err
-	}
-	m := make(map[string]string, len(rows))
-	for _, r := range rows {
-		m[r.Key] = r.Value
-	}
-	s.mu.Lock()
-	s.cache = m
-	s.loaded = time.Now()
-	s.mu.Unlock()
-	return nil
-}
-
-func (s *SystemConfigService) invalidate() {
-	s.mu.Lock()
-	s.loaded = time.Time{}
-	s.mu.Unlock()
-}
-
-var _ = model.SystemConfig{} // 防止 import 被裁剪
diff --git a/backend/internal/service/user_service.go b/backend/internal/service/user_service.go
deleted file mode 100644
index b774053a..00000000
--- a/backend/internal/service/user_service.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Package service 业务编排层。
-package service
-
-import (
-	"context"
-
-	"github.com/kleinai/backend/internal/dto"
-	"github.com/kleinai/backend/internal/repo"
-	"github.com/kleinai/backend/pkg/errcode"
-)
-
-// UserService 用户读取层。
-type UserService struct {
-	user *repo.UserRepo
-}
-
-// NewUserService 构造。
-func NewUserService(u *repo.UserRepo) *UserService { return &UserService{user: u} }
-
-// Me 获取当前用户。
-func (s *UserService) Me(ctx context.Context, uid uint64) (*dto.MeResp, error) {
-	u, err := s.user.GetByID(ctx, uid)
-	if err != nil {
-		return nil, errcode.UserNotFound
-	}
-	return &dto.MeResp{
-		UID:        u.ID,
-		UUID:       u.UUID,
-		Username:   u.Username,
-		Email:      u.Email,
-		Phone:      u.Phone,
-		Avatar:     u.Avatar,
-		Points:     u.Points,
-		FrozenPts:  u.FrozenPoints,
-		PlanCode:   u.PlanCode,
-		InviteCode: u.InviteCode,
-		CreatedAt:  u.CreatedAt.Unix(),
-	}, nil
-}
diff --git a/backend/logo.fw.png b/backend/logo.fw.png
deleted file mode 100644
index fbc1814b..00000000
Binary files a/backend/logo.fw.png and /dev/null differ
diff --git a/backend/migrations/20260427130001_init_user.sql b/backend/migrations/20260427130001_init_user.sql
deleted file mode 100644
index e6e86f29..00000000
--- a/backend/migrations/20260427130001_init_user.sql
+++ /dev/null
@@ -1,59 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-CREATE TABLE IF NOT EXISTS `user` (
-  `id`              BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `uuid`            CHAR(36)        NOT NULL                  COMMENT '业务 ID',
-  `email`           VARCHAR(128)    DEFAULT NULL,
-  `phone`           VARCHAR(20)     DEFAULT NULL,
-  `username`        VARCHAR(64)     DEFAULT NULL              COMMENT '昵称',
-  `avatar`          VARCHAR(255)    DEFAULT NULL,
-  `password`        VARCHAR(72)     NOT NULL                  COMMENT 'bcrypt',
-  `points`          BIGINT          NOT NULL DEFAULT 0        COMMENT '可用点数 *100',
-  `frozen_points`   BIGINT          NOT NULL DEFAULT 0        COMMENT '冻结点数 *100',
-  `total_recharge`  BIGINT          NOT NULL DEFAULT 0        COMMENT '累计充值（分）',
-  `plan_code`       VARCHAR(32)     NOT NULL DEFAULT 'free',
-  `plan_expire_at`  DATETIME(3)     DEFAULT NULL,
-  `inviter_id`      BIGINT UNSIGNED DEFAULT NULL,
-  `invite_code`     VARCHAR(16)     NOT NULL,
-  `status`          TINYINT         NOT NULL DEFAULT 1        COMMENT '1启用 0禁用 -1注销',
-  `register_ip`     VARCHAR(45)     DEFAULT NULL,
-  `last_login_at`   DATETIME(3)     DEFAULT NULL,
-  `last_login_ip`   VARCHAR(45)     DEFAULT NULL,
-  `created_at`      DATETIME(3)     NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`      DATETIME(3)     NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`      DATETIME(3)     DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_uuid` (`uuid`),
-  UNIQUE KEY `uk_email` (`email`),
-  UNIQUE KEY `uk_phone` (`phone`),
-  UNIQUE KEY `uk_invite_code` (`invite_code`),
-  KEY `idx_inviter` (`inviter_id`),
-  KEY `idx_status_created` (`status`, `created_at`),
-  KEY `idx_deleted` (`deleted_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='用户';
-
-CREATE TABLE IF NOT EXISTS `user_profile` (
-  `user_id`     BIGINT UNSIGNED NOT NULL,
-  `gender`      TINYINT     DEFAULT 0,
-  `birthday`    DATE        DEFAULT NULL,
-  `bio`         VARCHAR(255) DEFAULT NULL,
-  `prefer_lang` VARCHAR(10) DEFAULT 'zh-CN',
-  `setting`     JSON        DEFAULT NULL,
-  `updated_at`  DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`user_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='用户扩展资料';
-
-CREATE TABLE IF NOT EXISTS `user_invite_relation` (
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `inviter_id` BIGINT UNSIGNED NOT NULL,
-  `invite_code` VARCHAR(16) NOT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`user_id`),
-  KEY `idx_inviter` (`inviter_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='邀请关系';
--- +goose StatementEnd
-
--- +goose Down
-DROP TABLE IF EXISTS `user_invite_relation`;
-DROP TABLE IF EXISTS `user_profile`;
-DROP TABLE IF EXISTS `user`;
diff --git a/backend/migrations/20260427130002_init_admin.sql b/backend/migrations/20260427130002_init_admin.sql
deleted file mode 100644
index cca3c045..00000000
--- a/backend/migrations/20260427130002_init_admin.sql
+++ /dev/null
@@ -1,62 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-CREATE TABLE IF NOT EXISTS `admin_role` (
-  `id`        BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `name`      VARCHAR(64) NOT NULL,
-  `code`      VARCHAR(32) NOT NULL,
-  `remark`    VARCHAR(255) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='后台角色';
-
-CREATE TABLE IF NOT EXISTS `admin_role_permission` (
-  `role_id`     BIGINT UNSIGNED NOT NULL,
-  `permission`  VARCHAR(128) NOT NULL,
-  PRIMARY KEY (`role_id`, `permission`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='角色权限';
-
-CREATE TABLE IF NOT EXISTS `admin_user` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `username`   VARCHAR(64) NOT NULL,
-  `password`   VARCHAR(72) NOT NULL,
-  `nickname`   VARCHAR(64) DEFAULT NULL,
-  `email`      VARCHAR(128) DEFAULT NULL,
-  `role_id`    BIGINT UNSIGNED NOT NULL,
-  `status`     TINYINT NOT NULL DEFAULT 1,
-  `last_login_at` DATETIME(3) DEFAULT NULL,
-  `last_login_ip` VARCHAR(45) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at` DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_username` (`username`),
-  KEY `idx_role` (`role_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='后台账号';
-
-CREATE TABLE IF NOT EXISTS `admin_audit_log` (
-  `id`            BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `admin_id`      BIGINT UNSIGNED NOT NULL,
-  `admin_name`    VARCHAR(64) NOT NULL,
-  `module`        VARCHAR(64) NOT NULL,
-  `action`        VARCHAR(64) NOT NULL,
-  `target_type`   VARCHAR(64) DEFAULT NULL,
-  `target_id`     VARCHAR(64) DEFAULT NULL,
-  `before_value`  JSON DEFAULT NULL,
-  `after_value`   JSON DEFAULT NULL,
-  `ip`            VARCHAR(45) DEFAULT NULL,
-  `ua`            VARCHAR(255) DEFAULT NULL,
-  `created_at`    DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_admin` (`admin_id`),
-  KEY `idx_module_action` (`module`, `action`),
-  KEY `idx_created` (`created_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='后台操作审计';
--- +goose StatementEnd
-
--- +goose Down
-DROP TABLE IF EXISTS `admin_audit_log`;
-DROP TABLE IF EXISTS `admin_user`;
-DROP TABLE IF EXISTS `admin_role_permission`;
-DROP TABLE IF EXISTS `admin_role`;
diff --git a/backend/migrations/20260427130003_init_account_pool.sql b/backend/migrations/20260427130003_init_account_pool.sql
deleted file mode 100644
index ea2e07b2..00000000
--- a/backend/migrations/20260427130003_init_account_pool.sql
+++ /dev/null
@@ -1,74 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-CREATE TABLE IF NOT EXISTS `account` (
-  `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `provider`       VARCHAR(32) NOT NULL                COMMENT 'gpt / grok',
-  `name`           VARCHAR(128) NOT NULL,
-  `auth_type`      VARCHAR(32) NOT NULL                COMMENT 'api_key / cookie / oauth',
-  `credential_enc` BLOB NOT NULL                        COMMENT 'AES-256-GCM 加密',
-  `base_url`       VARCHAR(255) DEFAULT NULL,
-  `model_whitelist` JSON DEFAULT NULL,
-  `weight`         INT NOT NULL DEFAULT 10,
-  `rpm_limit`      INT NOT NULL DEFAULT 0,
-  `tpm_limit`      INT NOT NULL DEFAULT 0,
-  `daily_quota`    INT NOT NULL DEFAULT 0,
-  `monthly_quota`  INT NOT NULL DEFAULT 0,
-  `status`         TINYINT NOT NULL DEFAULT 1          COMMENT '1启用 0停用 2熔断 -1禁用',
-  `cooldown_until` DATETIME(3) DEFAULT NULL,
-  `last_used_at`   DATETIME(3) DEFAULT NULL,
-  `last_error`     VARCHAR(255) DEFAULT NULL,
-  `error_count`    INT NOT NULL DEFAULT 0,
-  `success_count`  BIGINT UNSIGNED NOT NULL DEFAULT 0,
-  `remark`         VARCHAR(255) DEFAULT NULL,
-  `created_by`     BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`     DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  KEY `idx_provider_status` (`provider`, `status`),
-  KEY `idx_status_cooldown` (`status`, `cooldown_until`),
-  KEY `idx_deleted` (`deleted_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='第三方账号池';
-
-CREATE TABLE IF NOT EXISTS `account_group` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `provider`   VARCHAR(32) NOT NULL,
-  `code`       VARCHAR(64) NOT NULL,
-  `name`       VARCHAR(128) NOT NULL,
-  `strategy`   VARCHAR(32) NOT NULL DEFAULT 'round_robin',
-  `status`     TINYINT NOT NULL DEFAULT 1,
-  `remark`     VARCHAR(255) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at` DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_provider_code` (`provider`, `code`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='账号池分组';
-
-CREATE TABLE IF NOT EXISTS `account_group_member` (
-  `group_id`   BIGINT UNSIGNED NOT NULL,
-  `account_id` BIGINT UNSIGNED NOT NULL,
-  `weight`     INT NOT NULL DEFAULT 10,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`group_id`, `account_id`),
-  KEY `idx_account` (`account_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='账号-分组成员';
-
-CREATE TABLE IF NOT EXISTS `account_health` (
-  `account_id`        BIGINT UNSIGNED NOT NULL,
-  `last_check_at`     DATETIME(3) NOT NULL,
-  `last_check_status` TINYINT NOT NULL,
-  `consec_fail`       INT NOT NULL DEFAULT 0,
-  `latency_ms_p50`    INT NOT NULL DEFAULT 0,
-  `latency_ms_p99`    INT NOT NULL DEFAULT 0,
-  `error_rate_1h`     DECIMAL(5,2) NOT NULL DEFAULT 0.00,
-  `updated_at`        DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`account_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='账号健康指标';
--- +goose StatementEnd
-
--- +goose Down
-DROP TABLE IF EXISTS `account_health`;
-DROP TABLE IF EXISTS `account_group_member`;
-DROP TABLE IF EXISTS `account_group`;
-DROP TABLE IF EXISTS `account`;
diff --git a/backend/migrations/20260427130004_init_apikey.sql b/backend/migrations/20260427130004_init_apikey.sql
deleted file mode 100644
index ec82ca3d..00000000
--- a/backend/migrations/20260427130004_init_apikey.sql
+++ /dev/null
@@ -1,28 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-CREATE TABLE IF NOT EXISTS `api_key` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `user_id`      BIGINT UNSIGNED NOT NULL,
-  `name`         VARCHAR(64) NOT NULL,
-  `prefix`       VARCHAR(16) NOT NULL,
-  `hash`         CHAR(64) NOT NULL                   COMMENT 'SHA256(key + salt)',
-  `salt`         CHAR(32) NOT NULL,
-  `last4`        CHAR(4) NOT NULL,
-  `scope`        VARCHAR(255) NOT NULL DEFAULT 'image,video',
-  `rpm_limit`    INT NOT NULL DEFAULT 60,
-  `daily_quota`  INT NOT NULL DEFAULT 0,
-  `expire_at`    DATETIME(3) DEFAULT NULL,
-  `last_used_at` DATETIME(3) DEFAULT NULL,
-  `status`       TINYINT NOT NULL DEFAULT 1,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`   DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_hash` (`hash`),
-  KEY `idx_user_status` (`user_id`, `status`),
-  KEY `idx_deleted` (`deleted_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='用户 API Key';
--- +goose StatementEnd
-
--- +goose Down
-DROP TABLE IF EXISTS `api_key`;
diff --git a/backend/migrations/20260427130005_init_model_plan.sql b/backend/migrations/20260427130005_init_model_plan.sql
deleted file mode 100644
index 269d167c..00000000
--- a/backend/migrations/20260427130005_init_model_plan.sql
+++ /dev/null
@@ -1,66 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-CREATE TABLE IF NOT EXISTS `model` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `code`         VARCHAR(64) NOT NULL,
-  `name`         VARCHAR(128) NOT NULL,
-  `kind`         VARCHAR(16) NOT NULL                COMMENT 'image / video',
-  `provider`     VARCHAR(32) NOT NULL,
-  `version`      VARCHAR(32) DEFAULT NULL,
-  `tags`         VARCHAR(255) DEFAULT NULL,
-  `cover_url`    VARCHAR(512) DEFAULT NULL,
-  `description`  TEXT DEFAULT NULL,
-  `point_per_unit` INT NOT NULL                      COMMENT '每张/每秒所需点数 *100',
-  `unit`         VARCHAR(16) NOT NULL DEFAULT 'image',
-  `default_params` JSON DEFAULT NULL,
-  `group_code`   VARCHAR(64) NOT NULL                COMMENT '关联 account_group.code',
-  `min_plan`     VARCHAR(32) NOT NULL DEFAULT 'free',
-  `is_hot`       TINYINT NOT NULL DEFAULT 0,
-  `is_new`       TINYINT NOT NULL DEFAULT 0,
-  `sort`         INT NOT NULL DEFAULT 0,
-  `status`       TINYINT NOT NULL DEFAULT 1,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`   DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`),
-  KEY `idx_kind_status` (`kind`, `status`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='可用模型';
-
-CREATE TABLE IF NOT EXISTS `plan` (
-  `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `code`           VARCHAR(32) NOT NULL,
-  `name`           VARCHAR(64) NOT NULL,
-  `monthly_price`  BIGINT NOT NULL DEFAULT 0,
-  `yearly_price`   BIGINT NOT NULL DEFAULT 0,
-  `monthly_points` BIGINT NOT NULL DEFAULT 0,
-  `rpm_limit`      INT NOT NULL DEFAULT 60,
-  `concurrency`    INT NOT NULL DEFAULT 2,
-  `model_scope`    JSON DEFAULT NULL,
-  `feature`        JSON DEFAULT NULL,
-  `status`         TINYINT NOT NULL DEFAULT 1,
-  `sort`           INT NOT NULL DEFAULT 0,
-  `created_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='套餐';
-
-CREATE TABLE IF NOT EXISTS `user_subscription` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `plan_code`  VARCHAR(32) NOT NULL,
-  `start_at`   DATETIME(3) NOT NULL,
-  `expire_at`  DATETIME(3) NOT NULL,
-  `auto_renew` TINYINT NOT NULL DEFAULT 0,
-  `source`     VARCHAR(32) NOT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_user_expire` (`user_id`, `expire_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='用户订阅';
--- +goose StatementEnd
-
--- +goose Down
-DROP TABLE IF EXISTS `user_subscription`;
-DROP TABLE IF EXISTS `plan`;
-DROP TABLE IF EXISTS `model`;
diff --git a/backend/migrations/20260427130006_init_billing.sql b/backend/migrations/20260427130006_init_billing.sql
deleted file mode 100644
index 1983e755..00000000
--- a/backend/migrations/20260427130006_init_billing.sql
+++ /dev/null
@@ -1,76 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-CREATE TABLE IF NOT EXISTS `wallet_log` (
-  `id`            BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `user_id`       BIGINT UNSIGNED NOT NULL,
-  `direction`     TINYINT NOT NULL                  COMMENT '1 收入 -1 支出',
-  `biz_type`      VARCHAR(32) NOT NULL,
-  `biz_id`        VARCHAR(64) NOT NULL,
-  `points`        BIGINT NOT NULL,
-  `points_before` BIGINT NOT NULL,
-  `points_after`  BIGINT NOT NULL,
-  `remark`        VARCHAR(255) DEFAULT NULL,
-  `created_at`    DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_user_created` (`user_id`, `created_at`),
-  KEY `idx_biz` (`biz_type`, `biz_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='点数流水（总账）';
-
-CREATE TABLE IF NOT EXISTS `recharge_record` (
-  `id`            BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `order_no`      VARCHAR(32) NOT NULL,
-  `user_id`       BIGINT UNSIGNED NOT NULL,
-  `channel`       VARCHAR(32) NOT NULL,
-  `amount`        BIGINT NOT NULL                   COMMENT '分',
-  `points`        BIGINT NOT NULL,
-  `bonus_points`  BIGINT NOT NULL DEFAULT 0,
-  `status`        TINYINT NOT NULL DEFAULT 0,
-  `paid_at`       DATETIME(3) DEFAULT NULL,
-  `channel_trade_no` VARCHAR(64) DEFAULT NULL,
-  `client_ip`     VARCHAR(45) DEFAULT NULL,
-  `extra`         JSON DEFAULT NULL,
-  `created_at`    DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`    DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_order_no` (`order_no`),
-  KEY `idx_user_status` (`user_id`, `status`),
-  KEY `idx_channel_trade` (`channel`, `channel_trade_no`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='充值记录';
-
-CREATE TABLE IF NOT EXISTS `consume_record` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`      CHAR(26) NOT NULL,
-  `user_id`      BIGINT UNSIGNED NOT NULL,
-  `kind`         VARCHAR(16) NOT NULL,
-  `model_code`   VARCHAR(64) NOT NULL,
-  `count`        INT NOT NULL,
-  `unit_points`  BIGINT NOT NULL,
-  `total_points` BIGINT NOT NULL,
-  `status`       TINYINT NOT NULL                  COMMENT '0预扣 1成功 2退款',
-  `account_id`   BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_task` (`task_id`),
-  KEY `idx_user_created` (`user_id`, `created_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='消费记录';
-
-CREATE TABLE IF NOT EXISTS `refund_record` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`    CHAR(26) NOT NULL,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `points`     BIGINT NOT NULL,
-  `reason`     VARCHAR(255) NOT NULL,
-  `operator`   VARCHAR(64) NOT NULL DEFAULT 'system',
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_task` (`task_id`),
-  KEY `idx_user` (`user_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='退款记录';
--- +goose StatementEnd
-
--- +goose Down
-DROP TABLE IF EXISTS `refund_record`;
-DROP TABLE IF EXISTS `consume_record`;
-DROP TABLE IF EXISTS `recharge_record`;
-DROP TABLE IF EXISTS `wallet_log`;
diff --git a/backend/migrations/20260427130007_init_promo_cdk.sql b/backend/migrations/20260427130007_init_promo_cdk.sql
deleted file mode 100644
index 77ff5247..00000000
--- a/backend/migrations/20260427130007_init_promo_cdk.sql
+++ /dev/null
@@ -1,88 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-CREATE TABLE IF NOT EXISTS `promo_code` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `code`         VARCHAR(32) NOT NULL,
-  `name`         VARCHAR(64) NOT NULL,
-  `discount_type` TINYINT NOT NULL                COMMENT '1满减 2折扣 3赠点',
-  `discount_val` BIGINT NOT NULL,
-  `min_amount`   BIGINT NOT NULL DEFAULT 0,
-  `apply_to`     VARCHAR(64) NOT NULL DEFAULT 'all',
-  `total_qty`    INT NOT NULL DEFAULT 0,
-  `used_qty`     INT NOT NULL DEFAULT 0,
-  `per_user_limit` INT NOT NULL DEFAULT 1,
-  `start_at`     DATETIME(3) NOT NULL,
-  `end_at`       DATETIME(3) NOT NULL,
-  `status`       TINYINT NOT NULL DEFAULT 1,
-  `created_by`   BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`),
-  KEY `idx_status_time` (`status`, `start_at`, `end_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='优惠码';
-
-CREATE TABLE IF NOT EXISTS `promo_code_use` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `promo_id`   BIGINT UNSIGNED NOT NULL,
-  `code`       VARCHAR(32) NOT NULL,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `order_no`   VARCHAR(32) DEFAULT NULL,
-  `discount`   BIGINT NOT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_promo_user_order` (`promo_id`, `user_id`, `order_no`),
-  KEY `idx_user` (`user_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='优惠码使用';
-
-CREATE TABLE IF NOT EXISTS `redeem_code_batch` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `batch_no`     VARCHAR(32) NOT NULL,
-  `name`         VARCHAR(64) NOT NULL,
-  `reward_type`  VARCHAR(32) NOT NULL,
-  `reward_value` JSON NOT NULL,
-  `total_qty`    INT NOT NULL,
-  `used_qty`     INT NOT NULL DEFAULT 0,
-  `per_user_limit` INT NOT NULL DEFAULT 1,
-  `expire_at`    DATETIME(3) DEFAULT NULL,
-  `status`       TINYINT NOT NULL DEFAULT 1,
-  `created_by`   BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_batch_no` (`batch_no`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='CDK 批次';
-
-CREATE TABLE IF NOT EXISTS `redeem_code` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `batch_id`     BIGINT UNSIGNED NOT NULL,
-  `code`         VARCHAR(32) NOT NULL,
-  `status`       TINYINT NOT NULL DEFAULT 0        COMMENT '0未使用 1已使用 2作废',
-  `used_by`      BIGINT UNSIGNED DEFAULT NULL,
-  `used_at`      DATETIME(3) DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`),
-  KEY `idx_batch_status` (`batch_id`, `status`),
-  KEY `idx_used_by` (`used_by`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='CDK';
-
-CREATE TABLE IF NOT EXISTS `invitation_reward` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `inviter_id` BIGINT UNSIGNED NOT NULL,
-  `invitee_id` BIGINT UNSIGNED NOT NULL,
-  `kind`       VARCHAR(32) NOT NULL,
-  `points`     BIGINT NOT NULL,
-  `from_order` VARCHAR(32) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_inviter_created` (`inviter_id`, `created_at`),
-  KEY `idx_invitee` (`invitee_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='邀请奖励';
--- +goose StatementEnd
-
--- +goose Down
-DROP TABLE IF EXISTS `invitation_reward`;
-DROP TABLE IF EXISTS `redeem_code`;
-DROP TABLE IF EXISTS `redeem_code_batch`;
-DROP TABLE IF EXISTS `promo_code_use`;
-DROP TABLE IF EXISTS `promo_code`;
diff --git a/backend/migrations/20260427130008_init_generation.sql b/backend/migrations/20260427130008_init_generation.sql
deleted file mode 100644
index 34b800f0..00000000
--- a/backend/migrations/20260427130008_init_generation.sql
+++ /dev/null
@@ -1,81 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-CREATE TABLE IF NOT EXISTS `generation_task` (
-  `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`        CHAR(26) NOT NULL,
-  `user_id`        BIGINT UNSIGNED NOT NULL,
-  `kind`           VARCHAR(16) NOT NULL              COMMENT 'image / video',
-  `mode`           VARCHAR(16) NOT NULL              COMMENT 't2i / i2i / t2v / i2v',
-  `model_code`     VARCHAR(64) NOT NULL,
-  `prompt`         TEXT NOT NULL,
-  `neg_prompt`     TEXT DEFAULT NULL,
-  `params`         JSON NOT NULL,
-  `ref_assets`     JSON DEFAULT NULL,
-  `count`          INT NOT NULL DEFAULT 1,
-  `cost_points`    BIGINT NOT NULL,
-  `idem_key`       VARCHAR(64) NOT NULL,
-  `account_id`     BIGINT UNSIGNED DEFAULT NULL,
-  `provider`       VARCHAR(32) NOT NULL,
-  `status`         TINYINT NOT NULL DEFAULT 0        COMMENT '0待处理 1进行中 2成功 3失败 4已退点',
-  `progress`       TINYINT NOT NULL DEFAULT 0,
-  `error`          VARCHAR(255) DEFAULT NULL,
-  `started_at`     DATETIME(3) DEFAULT NULL,
-  `finished_at`    DATETIME(3) DEFAULT NULL,
-  `client_ip`      VARCHAR(45) DEFAULT NULL,
-  `from_api_key_id` BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`     DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_task_id` (`task_id`),
-  UNIQUE KEY `uk_user_idem` (`user_id`, `idem_key`),
-  KEY `idx_user_kind_status` (`user_id`, `kind`, `status`),
-  KEY `idx_status_created` (`status`, `created_at`),
-  KEY `idx_account` (`account_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='生成任务';
-
-CREATE TABLE IF NOT EXISTS `generation_result` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`    CHAR(26) NOT NULL,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `kind`       VARCHAR(16) NOT NULL,
-  `seq`        TINYINT NOT NULL DEFAULT 0,
-  `url`        VARCHAR(512) NOT NULL,
-  `thumb_url`  VARCHAR(512) DEFAULT NULL,
-  `width`      INT DEFAULT NULL,
-  `height`     INT DEFAULT NULL,
-  `duration_ms` INT DEFAULT NULL,
-  `size_bytes` BIGINT DEFAULT NULL,
-  `meta`       JSON DEFAULT NULL,
-  `is_public`  TINYINT NOT NULL DEFAULT 0,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `deleted_at` DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  KEY `idx_task` (`task_id`),
-  KEY `idx_user_kind` (`user_id`, `kind`),
-  KEY `idx_public_created` (`is_public`, `created_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='生成结果';
-
-CREATE TABLE IF NOT EXISTS `prompt_history` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `kind`       VARCHAR(16) NOT NULL,
-  `prompt`     TEXT NOT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_user_created` (`user_id`, `created_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='提示词历史';
-
-CREATE TABLE IF NOT EXISTS `favorite` (
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `result_id`  BIGINT UNSIGNED NOT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`user_id`, `result_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='收藏';
--- +goose StatementEnd
-
--- +goose Down
-DROP TABLE IF EXISTS `favorite`;
-DROP TABLE IF EXISTS `prompt_history`;
-DROP TABLE IF EXISTS `generation_result`;
-DROP TABLE IF EXISTS `generation_task`;
diff --git a/backend/migrations/20260427130009_init_system.sql b/backend/migrations/20260427130009_init_system.sql
deleted file mode 100644
index 0c282b80..00000000
--- a/backend/migrations/20260427130009_init_system.sql
+++ /dev/null
@@ -1,80 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-CREATE TABLE IF NOT EXISTS `system_config` (
-  `key`        VARCHAR(64) NOT NULL,
-  `value`      JSON NOT NULL,
-  `remark`     VARCHAR(255) DEFAULT NULL,
-  `updated_by` BIGINT UNSIGNED DEFAULT NULL,
-  `updated_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`key`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='系统全局配置';
-
-CREATE TABLE IF NOT EXISTS `system_dict` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `dict_group` VARCHAR(64) NOT NULL,
-  `dict_key`   VARCHAR(64) NOT NULL,
-  `dict_value` VARCHAR(255) NOT NULL,
-  `sort`       INT NOT NULL DEFAULT 0,
-  `status`     TINYINT NOT NULL DEFAULT 1,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_group_key` (`dict_group`, `dict_key`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='系统字典';
-
-CREATE TABLE IF NOT EXISTS `announcement` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `title`      VARCHAR(128) NOT NULL,
-  `content`    TEXT NOT NULL,
-  `level`      VARCHAR(16) NOT NULL DEFAULT 'info',
-  `start_at`   DATETIME(3) NOT NULL,
-  `end_at`     DATETIME(3) NOT NULL,
-  `status`     TINYINT NOT NULL DEFAULT 1,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_status_time` (`status`, `start_at`, `end_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='公告';
-
-CREATE TABLE IF NOT EXISTS `request_log` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `trace_id`     CHAR(36) NOT NULL,
-  `user_id`      BIGINT UNSIGNED DEFAULT NULL,
-  `api_key_id`   BIGINT UNSIGNED DEFAULT NULL,
-  `method`       VARCHAR(8) NOT NULL,
-  `path`         VARCHAR(255) NOT NULL,
-  `status`       INT NOT NULL,
-  `latency_ms`   INT NOT NULL,
-  `client_ip`    VARCHAR(45) DEFAULT NULL,
-  `ua`           VARCHAR(255) DEFAULT NULL,
-  `req_size`     INT DEFAULT NULL,
-  `resp_size`    INT DEFAULT NULL,
-  `err_code`     INT DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL,
-  PRIMARY KEY (`id`, `created_at`),
-  KEY `idx_user_created` (`user_id`, `created_at`),
-  KEY `idx_trace` (`trace_id`),
-  KEY `idx_status_created` (`status`, `created_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='请求日志（按月分区）';
-
-CREATE TABLE IF NOT EXISTS `pool_call_log` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`    CHAR(26) NOT NULL,
-  `account_id` BIGINT UNSIGNED NOT NULL,
-  `provider`   VARCHAR(32) NOT NULL,
-  `endpoint`   VARCHAR(128) NOT NULL,
-  `status`     INT NOT NULL,
-  `latency_ms` INT NOT NULL,
-  `tokens`     INT DEFAULT NULL,
-  `error`      VARCHAR(255) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_task` (`task_id`),
-  KEY `idx_account_created` (`account_id`, `created_at`),
-  KEY `idx_status_created` (`status`, `created_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='账号池调用日志';
--- +goose StatementEnd
-
--- +goose Down
-DROP TABLE IF EXISTS `pool_call_log`;
-DROP TABLE IF EXISTS `request_log`;
-DROP TABLE IF EXISTS `announcement`;
-DROP TABLE IF EXISTS `system_dict`;
-DROP TABLE IF EXISTS `system_config`;
diff --git a/backend/migrations/20260427130010_seed.sql b/backend/migrations/20260427130010_seed.sql
deleted file mode 100644
index 5e9402cf..00000000
--- a/backend/migrations/20260427130010_seed.sql
+++ /dev/null
@@ -1,78 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-
--- 1. 后台角色
-INSERT INTO `admin_role` (`name`, `code`, `remark`) VALUES
-  ('超级管理员', 'super', '拥有所有权限'),
-  ('运营',      'ops',   '日常运营，无法管理超管'),
-  ('客服',      'cs',    '只读 + 用户充值/退款'),
-  ('风控',      'risk',  '封禁/解封/审计')
-ON DUPLICATE KEY UPDATE `name`=VALUES(`name`);
-
--- 1.1 默认超级管理员账号
--- 用户名: admin  密码: admin123 （bcrypt cost=12，请上线后立即在管理后台修改）
-INSERT INTO `admin_user` (`username`, `password`, `nickname`, `role_id`, `status`)
-SELECT 'admin',
-       '$2a$12$4a8W/7ZL9nnFMnlwdXn2uOhkDYX53cnOUEovWnXs7XoA./alaTmeS',
-       '系统管理员',
-       (SELECT `id` FROM `admin_role` WHERE `code`='super' LIMIT 1),
-       1
-WHERE NOT EXISTS (SELECT 1 FROM `admin_user` WHERE `username`='admin');
-
--- 2. 套餐
-INSERT INTO `plan` (`code`, `name`, `monthly_price`, `yearly_price`, `monthly_points`, `rpm_limit`, `concurrency`, `sort`)
-VALUES
-  ('free', '免费版', 0,    0,     10000,  30,  1, 1),
-  ('pro',  'Pro',    2900, 29900, 100000, 120, 4, 2),
-  ('max',  'Max',    9900, 99900, 500000, 300, 8, 3)
-ON DUPLICATE KEY UPDATE `name`=VALUES(`name`);
-
--- 3. 默认账号池分组
-INSERT INTO `account_group` (`provider`, `code`, `name`, `strategy`)
-VALUES
-  ('gpt',  'gpt-image-default',   'GPT 通用生图', 'round_robin'),
-  ('grok', 'grok-video-default',  'GROK 通用生视频', 'round_robin')
-ON DUPLICATE KEY UPDATE `name`=VALUES(`name`);
-
--- 4. 模型
-INSERT INTO `model` (`code`, `name`, `kind`, `provider`, `version`, `tags`, `point_per_unit`, `unit`, `group_code`, `min_plan`, `is_hot`, `sort`)
-VALUES
-  ('img-v3',     '通用模型 V3.0', 'image', 'gpt',  'v3.0', '通用,写实,海报', 400, 'image',  'gpt-image-default',  'free', 1, 1),
-  ('img-real',   '写实 V2.1',     'image', 'gpt',  'v2.1', '写实,人像,摄影', 400, 'image',  'gpt-image-default',  'free', 0, 2),
-  ('img-anime',  '二次元 V2.0',   'image', 'gpt',  'v2.0', '二次元,漫画',     300, 'image',  'gpt-image-default',  'free', 1, 3),
-  ('img-3d',     '3D 渲染 V2.0',  'image', 'gpt',  'v2.0', '3D,概念,渲染',    500, 'image',  'gpt-image-default',  'pro',  0, 4),
-  ('vid-v1',     '文生视频 V1.0', 'video', 'grok', 'v1.0', '通用',            1500, 'second', 'grok-video-default', 'free', 1, 5),
-  ('vid-i2v',    '图生视频 V1.0', 'video', 'grok', 'v1.0', '动画',            2000, 'second', 'grok-video-default', 'pro',  0, 6)
-ON DUPLICATE KEY UPDATE `name`=VALUES(`name`);
-
--- 5. 系统配置
-INSERT INTO `system_config` (`key`, `value`, `remark`) VALUES
-  ('points.cny_rate',     '100',                              '1 元 = N 点（最小单位 0.01）'),
-  ('pool.strategy',       '"round_robin"',                    '调度策略'),
-  ('pool.fail_threshold', '5',                                '熔断失败次数'),
-  ('pool.cooldown_sec',   '600',                              '熔断冷却秒'),
-  ('invite.first_recharge_reward', '5000',                    '首充返点（点 *100）'),
-  ('invite.lifetime_share_pct',    '5',                       '终身分润 %')
-ON DUPLICATE KEY UPDATE `value`=VALUES(`value`);
-
--- 6. 字典
-INSERT INTO `system_dict` (`dict_group`, `dict_key`, `dict_value`, `sort`) VALUES
-  ('image_ratio', '1:1',   '正方形',  1),
-  ('image_ratio', '3:4',   '竖版',    2),
-  ('image_ratio', '4:3',   '横版',    3),
-  ('image_ratio', '16:9',  '宽屏',    4),
-  ('image_ratio', '9:16',  '手机壁纸', 5),
-  ('video_dur',   '4',     '4 秒',    1),
-  ('video_dur',   '8',     '8 秒',    2),
-  ('video_dur',   '16',    '16 秒',   3)
-ON DUPLICATE KEY UPDATE `dict_value`=VALUES(`dict_value`);
-
--- +goose StatementEnd
-
--- +goose Down
-DELETE FROM `system_dict`;
-DELETE FROM `system_config`;
-DELETE FROM `model`;
-DELETE FROM `account_group`;
-DELETE FROM `plan`;
-DELETE FROM `admin_role`;
diff --git a/backend/migrations/20260427130011_init_proxy_oauth.sql b/backend/migrations/20260427130011_init_proxy_oauth.sql
deleted file mode 100644
index dee3f2d2..00000000
--- a/backend/migrations/20260427130011_init_proxy_oauth.sql
+++ /dev/null
@@ -1,70 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-
--- 代理（HTTP / HTTPS / SOCKS5）
-CREATE TABLE IF NOT EXISTS `proxy` (
-  `id`            BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `name`          VARCHAR(128) NOT NULL,
-  `protocol`      VARCHAR(16)  NOT NULL                COMMENT 'http / https / socks5 / socks5h',
-  `host`          VARCHAR(255) NOT NULL,
-  `port`          INT UNSIGNED NOT NULL,
-  `username`      VARCHAR(255) DEFAULT NULL,
-  `password_enc`  BLOB         DEFAULT NULL            COMMENT 'AES-256-GCM 加密',
-  `status`        TINYINT      NOT NULL DEFAULT 1      COMMENT '1启用 0停用',
-  `last_check_at` DATETIME(3)  DEFAULT NULL,
-  `last_check_ok` TINYINT      NOT NULL DEFAULT 0      COMMENT '0未知 1OK 2失败',
-  `last_check_ms` INT          NOT NULL DEFAULT 0,
-  `last_error`    VARCHAR(255) DEFAULT NULL,
-  `remark`        VARCHAR(255) DEFAULT NULL,
-  `created_by`    BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`    DATETIME(3)  NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`    DATETIME(3)  NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`    DATETIME(3)  DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  KEY `idx_status` (`status`),
-  KEY `idx_deleted` (`deleted_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='出站代理池';
-
--- account 表扩展：proxy_id + OAuth 元数据 + 测试结果
-ALTER TABLE `account`
-  ADD COLUMN `proxy_id`               BIGINT UNSIGNED DEFAULT NULL AFTER `base_url`,
-  ADD COLUMN `oauth_meta`              JSON         DEFAULT NULL                            COMMENT '非敏感 OAuth 元数据：email / chatgpt_account_id / plan_type 等' AFTER `credential_enc`,
-  ADD COLUMN `access_token_enc`        BLOB         DEFAULT NULL                            COMMENT 'AES-256-GCM 加密的 access_token',
-  ADD COLUMN `refresh_token_enc`       BLOB         DEFAULT NULL                            COMMENT 'AES-256-GCM 加密的 refresh_token',
-  ADD COLUMN `access_token_expires_at` DATETIME(3)  DEFAULT NULL                            COMMENT 'access_token 失效时间',
-  ADD COLUMN `last_refresh_at`         DATETIME(3)  DEFAULT NULL                            COMMENT '最近一次成功刷新 RT 时间',
-  ADD COLUMN `last_test_at`            DATETIME(3)  DEFAULT NULL                            COMMENT '最近一次连通性测试时间',
-  ADD COLUMN `last_test_status`        TINYINT      NOT NULL DEFAULT 0                      COMMENT '0未测 1OK 2失败',
-  ADD COLUMN `last_test_latency_ms`    INT          NOT NULL DEFAULT 0,
-  ADD COLUMN `last_test_error`         VARCHAR(255) DEFAULT NULL,
-  ADD KEY `idx_account_proxy` (`proxy_id`),
-  ADD KEY `idx_account_token_exp` (`access_token_expires_at`);
-
--- 系统配置：代理 + OAuth 默认
-INSERT INTO `system_config` (`key`, `value`, `remark`) VALUES
-  ('proxy.global_enabled',          'false', '是否启用全局代理'),
-  ('proxy.global_id',               '0',     '全局默认代理 ID（0 表示不使用）'),
-  ('oauth.refresh_before_hours',    '6',     'access_token 距过期 N 小时内自动刷新'),
-  ('oauth.openai_client_id',        '"app_EMoamEEZ73f0CkXaXp7hrann"', 'OpenAI Codex CLI 公开 client_id'),
-  ('oauth.openai_token_url',        '"https://auth.openai.com/oauth/token"', 'OpenAI OAuth Token Endpoint')
-ON DUPLICATE KEY UPDATE `value`=VALUES(`value`);
-
--- +goose StatementEnd
-
--- +goose Down
-ALTER TABLE `account`
-  DROP COLUMN `proxy_id`,
-  DROP COLUMN `oauth_meta`,
-  DROP COLUMN `access_token_enc`,
-  DROP COLUMN `refresh_token_enc`,
-  DROP COLUMN `access_token_expires_at`,
-  DROP COLUMN `last_refresh_at`,
-  DROP COLUMN `last_test_at`,
-  DROP COLUMN `last_test_status`,
-  DROP COLUMN `last_test_latency_ms`,
-  DROP COLUMN `last_test_error`;
-DROP TABLE IF EXISTS `proxy`;
-DELETE FROM `system_config` WHERE `key` IN (
-  'proxy.global_enabled', 'proxy.global_id',
-  'oauth.refresh_before_hours', 'oauth.openai_client_id', 'oauth.openai_token_url'
-);
diff --git a/backend/migrations/20260428140000_account_session_bulk.sql b/backend/migrations/20260428140000_account_session_bulk.sql
deleted file mode 100644
index b503f921..00000000
--- a/backend/migrations/20260428140000_account_session_bulk.sql
+++ /dev/null
@@ -1,10 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-
-ALTER TABLE `account`
-  ADD COLUMN `session_token_enc` BLOB DEFAULT NULL COMMENT 'AES-GCM session_token（如 ST / id_token 存证）' AFTER `refresh_token_enc`;
-
--- +goose StatementEnd
-
--- +goose Down
-ALTER TABLE `account` DROP COLUMN `session_token_enc`;
diff --git a/backend/migrations/20260429113000_apikey_scope_chat.sql b/backend/migrations/20260429113000_apikey_scope_chat.sql
deleted file mode 100644
index b4f51b61..00000000
--- a/backend/migrations/20260429113000_apikey_scope_chat.sql
+++ /dev/null
@@ -1,19 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-ALTER TABLE `api_key`
-  MODIFY COLUMN `scope` VARCHAR(255) NOT NULL DEFAULT 'chat,image,video';
-
-UPDATE `api_key`
-SET `scope` = 'chat,image,video'
-WHERE `scope` = 'image,video';
--- +goose StatementEnd
-
--- +goose Down
--- +goose StatementBegin
-UPDATE `api_key`
-SET `scope` = 'image,video'
-WHERE `scope` = 'chat,image,video';
-
-ALTER TABLE `api_key`
-  MODIFY COLUMN `scope` VARCHAR(255) NOT NULL DEFAULT 'image,video';
--- +goose StatementEnd
diff --git a/backend/migrations/20260429114500_chat_model_pricing.sql b/backend/migrations/20260429114500_chat_model_pricing.sql
deleted file mode 100644
index 2a3399f9..00000000
--- a/backend/migrations/20260429114500_chat_model_pricing.sql
+++ /dev/null
@@ -1,20 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-INSERT INTO `account_group` (`provider`, `code`, `name`, `strategy`)
-VALUES ('gpt', 'gpt-chat-default', 'GPT 通用文字', 'round_robin')
-ON DUPLICATE KEY UPDATE `name`=VALUES(`name`);
-
-INSERT INTO `model` (`code`, `name`, `kind`, `provider`, `version`, `tags`, `point_per_unit`, `unit`, `group_code`, `min_plan`, `is_hot`, `sort`)
-VALUES ('gpt-4o-mini', '文字对话', 'text', 'gpt', 'chat', '文字,对话,兼容OpenAI', 100, '1k_token', 'gpt-chat-default', 'free', 1, 0)
-ON DUPLICATE KEY UPDATE `name`=VALUES(`name`), `kind`=VALUES(`kind`), `provider`=VALUES(`provider`);
-
-INSERT INTO `system_config` (`key`, `value`, `remark`)
-SELECT 'billing.model_prices',
-       '[{"model_code":"gpt-4o-mini","name":"文字对话","kind":"text","provider":"gpt","upstream_model":"gpt-4o-mini","unit_points":0,"input_unit_points":100,"output_unit_points":300,"enabled":true},{"model_code":"img-v3","name":"通用图片","kind":"image","provider":"gpt","upstream_model":"gpt-image","unit_points":400,"enabled":true},{"model_code":"img-real","name":"真实图片","kind":"image","provider":"gpt","upstream_model":"gpt-image-real","unit_points":400,"enabled":true},{"model_code":"img-anime","name":"动漫图片","kind":"image","provider":"gpt","upstream_model":"gpt-image-anime","unit_points":300,"enabled":true},{"model_code":"img-3d","name":"3D 图片","kind":"image","provider":"gpt","upstream_model":"gpt-image-3d","unit_points":500,"enabled":true},{"model_code":"vid-v1","name":"视频生成","kind":"video","provider":"grok","upstream_model":"grok-video","unit_points":1500,"enabled":true},{"model_code":"vid-i2v","name":"图生视频","kind":"video","provider":"grok","upstream_model":"grok-i2v","unit_points":2000,"enabled":true}]',
-       '模型价格、上游映射和文字 token 计费'
-WHERE NOT EXISTS (SELECT 1 FROM `system_config` WHERE `key`='billing.model_prices');
--- +goose StatementEnd
-
--- +goose Down
-DELETE FROM `model` WHERE `code`='gpt-4o-mini';
-DELETE FROM `account_group` WHERE `code`='gpt-chat-default';
diff --git a/backend/migrations/20260429170000_grok_web_models.sql b/backend/migrations/20260429170000_grok_web_models.sql
deleted file mode 100644
index efb40be0..00000000
--- a/backend/migrations/20260429170000_grok_web_models.sql
+++ /dev/null
@@ -1,51 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-INSERT INTO `account_group` (`provider`, `code`, `name`, `strategy`)
-VALUES ('grok', 'grok-web-default', 'Grok Web 账号池', 'round_robin')
-ON DUPLICATE KEY UPDATE `name`=VALUES(`name`);
-
-INSERT INTO `model` (`code`, `name`, `kind`, `provider`, `version`, `tags`, `point_per_unit`, `unit`, `group_code`, `min_plan`, `is_hot`, `sort`)
-VALUES
-('grok-4.20-fast', 'Grok 4.20 Fast', 'text', 'grok', 'chat', '文字,对话,Grok', 100, '1k_token', 'grok-web-default', 'free', 1, 10),
-('grok-4.20-auto', 'Grok 4.20 Auto', 'text', 'grok', 'chat', '文字,对话,Grok', 150, '1k_token', 'grok-web-default', 'free', 1, 11),
-('grok-4.20-expert', 'Grok 4.20 Expert', 'text', 'grok', 'chat', '文字,对话,Grok', 200, '1k_token', 'grok-web-default', 'free', 0, 12),
-('grok-4.20-heavy', 'Grok 4.20 Heavy', 'text', 'grok', 'chat', '文字,对话,Grok', 400, '1k_token', 'grok-web-default', 'free', 0, 13),
-('grok-4.3-beta', 'Grok 4.3 Beta', 'text', 'grok', 'chat', '文字,对话,Grok', 300, '1k_token', 'grok-web-default', 'free', 0, 14),
-('grok-imagine-video', 'Grok Imagine Video', 'video', 'grok', 'video', '文生视频,图生视频,多图生视频,Grok', 2000, 'video', 'grok-web-default', 'free', 1, 20)
-ON DUPLICATE KEY UPDATE
-`name`=VALUES(`name`), `kind`=VALUES(`kind`), `provider`=VALUES(`provider`), `version`=VALUES(`version`),
-`tags`=VALUES(`tags`), `point_per_unit`=VALUES(`point_per_unit`), `unit`=VALUES(`unit`), `group_code`=VALUES(`group_code`);
-
-INSERT INTO `system_config` (`key`, `value`, `remark`)
-SELECT 'billing.model_prices',
-       '[]',
-       '模型价格、上游映射和文字 token 计费'
-WHERE NOT EXISTS (SELECT 1 FROM `system_config` WHERE `key`='billing.model_prices');
-
-UPDATE `system_config`
-SET `value` = JSON_ARRAY_APPEND(CAST(`value` AS JSON), '$', CAST('{"model_code":"grok-4.20-fast","name":"Grok 4.20 Fast","kind":"text","provider":"grok","upstream_model":"grok-4.20-fast","unit_points":0,"input_unit_points":100,"output_unit_points":300,"enabled":true}' AS JSON))
-WHERE `key`='billing.model_prices' AND JSON_SEARCH(CAST(`value` AS JSON), 'one', 'grok-4.20-fast', NULL, '$[*].model_code') IS NULL;
-
-UPDATE `system_config`
-SET `value` = JSON_ARRAY_APPEND(CAST(`value` AS JSON), '$', CAST('{"model_code":"grok-4.20-auto","name":"Grok 4.20 Auto","kind":"text","provider":"grok","upstream_model":"grok-4.20-auto","unit_points":0,"input_unit_points":150,"output_unit_points":450,"enabled":true}' AS JSON))
-WHERE `key`='billing.model_prices' AND JSON_SEARCH(CAST(`value` AS JSON), 'one', 'grok-4.20-auto', NULL, '$[*].model_code') IS NULL;
-
-UPDATE `system_config`
-SET `value` = JSON_ARRAY_APPEND(CAST(`value` AS JSON), '$', CAST('{"model_code":"grok-4.20-expert","name":"Grok 4.20 Expert","kind":"text","provider":"grok","upstream_model":"grok-4.20-expert","unit_points":0,"input_unit_points":200,"output_unit_points":600,"enabled":true}' AS JSON))
-WHERE `key`='billing.model_prices' AND JSON_SEARCH(CAST(`value` AS JSON), 'one', 'grok-4.20-expert', NULL, '$[*].model_code') IS NULL;
-
-UPDATE `system_config`
-SET `value` = JSON_ARRAY_APPEND(CAST(`value` AS JSON), '$', CAST('{"model_code":"grok-4.20-heavy","name":"Grok 4.20 Heavy","kind":"text","provider":"grok","upstream_model":"grok-4.20-heavy","unit_points":0,"input_unit_points":400,"output_unit_points":1200,"enabled":true}' AS JSON))
-WHERE `key`='billing.model_prices' AND JSON_SEARCH(CAST(`value` AS JSON), 'one', 'grok-4.20-heavy', NULL, '$[*].model_code') IS NULL;
-
-UPDATE `system_config`
-SET `value` = JSON_ARRAY_APPEND(CAST(`value` AS JSON), '$', CAST('{"model_code":"grok-4.3-beta","name":"Grok 4.3 Beta","kind":"text","provider":"grok","upstream_model":"grok-4.3-beta","unit_points":0,"input_unit_points":300,"output_unit_points":900,"enabled":true}' AS JSON))
-WHERE `key`='billing.model_prices' AND JSON_SEARCH(CAST(`value` AS JSON), 'one', 'grok-4.3-beta', NULL, '$[*].model_code') IS NULL;
-
-UPDATE `system_config`
-SET `value` = JSON_ARRAY_APPEND(CAST(`value` AS JSON), '$', CAST('{"model_code":"grok-imagine-video","name":"Grok Imagine Video","kind":"video","provider":"grok","upstream_model":"grok-imagine-video","unit_points":2000,"enabled":true}' AS JSON))
-WHERE `key`='billing.model_prices' AND JSON_SEARCH(CAST(`value` AS JSON), 'one', 'grok-imagine-video', NULL, '$[*].model_code') IS NULL;
--- +goose StatementEnd
-
--- +goose Down
-DELETE FROM `model` WHERE `code` IN ('grok-4.20-fast','grok-4.20-auto','grok-4.20-expert','grok-4.20-heavy','grok-4.3-beta','grok-imagine-video');
diff --git a/backend/migrations/20260501120000_account_session_token_idempotent.sql b/backend/migrations/20260501120000_account_session_token_idempotent.sql
deleted file mode 100644
index a6c7e524..00000000
--- a/backend/migrations/20260501120000_account_session_token_idempotent.sql
+++ /dev/null
@@ -1,34 +0,0 @@
--- +goose Up
--- +goose StatementBegin
--- 幂等：已存在 session_token_enc 时跳过。适用于早期数据卷未执行 20260428140000 的情况。
-SET @__klein_stmt := (
-  SELECT IF(
-    (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS
-      WHERE TABLE_SCHEMA = DATABASE()
-        AND TABLE_NAME = 'account'
-        AND COLUMN_NAME = 'session_token_enc') < 1,
-    'ALTER TABLE `account` ADD COLUMN `session_token_enc` BLOB DEFAULT NULL COMMENT ''AES-GCM session / id_token''',
-    'SELECT 1'
-  )
-);
-PREPARE __klein_prep FROM @__klein_stmt;
-EXECUTE __klein_prep;
-DEALLOCATE PREPARE __klein_prep;
--- +goose StatementEnd
-
--- +goose Down
--- +goose StatementBegin
-SET @__klein_stmt := (
-  SELECT IF(
-    (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS
-      WHERE TABLE_SCHEMA = DATABASE()
-        AND TABLE_NAME = 'account'
-        AND COLUMN_NAME = 'session_token_enc') > 0,
-    'ALTER TABLE `account` DROP COLUMN `session_token_enc`',
-    'SELECT 1'
-  )
-);
-PREPARE __klein_prep FROM @__klein_stmt;
-EXECUTE __klein_prep;
-DEALLOCATE PREPARE __klein_prep;
--- +goose StatementEnd
diff --git a/backend/migrations/20260501150000_generation_upstream_log.sql b/backend/migrations/20260501150000_generation_upstream_log.sql
deleted file mode 100644
index b1c262fe..00000000
--- a/backend/migrations/20260501150000_generation_upstream_log.sql
+++ /dev/null
@@ -1,19 +0,0 @@
-CREATE TABLE IF NOT EXISTS `generation_upstream_log` (
-  `id` bigint unsigned NOT NULL AUTO_INCREMENT,
-  `task_id` char(26) NOT NULL,
-  `provider` varchar(32) NOT NULL,
-  `account_id` bigint unsigned DEFAULT NULL,
-  `stage` varchar(64) NOT NULL,
-  `method` varchar(12) DEFAULT NULL,
-  `url` varchar(512) DEFAULT NULL,
-  `status_code` int NOT NULL DEFAULT 0,
-  `duration_ms` bigint NOT NULL DEFAULT 0,
-  `request_excerpt` mediumtext,
-  `response_excerpt` mediumtext,
-  `error` text,
-  `meta` json DEFAULT NULL,
-  `created_at` datetime(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_task_id` (`task_id`),
-  KEY `idx_created_at` (`created_at`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='provider upstream diagnostics';
diff --git a/backend/migrations/20260502162000_grok_cf_settings.sql b/backend/migrations/20260502162000_grok_cf_settings.sql
deleted file mode 100644
index 5e389b29..00000000
--- a/backend/migrations/20260502162000_grok_cf_settings.sql
+++ /dev/null
@@ -1,30 +0,0 @@
--- +goose Up
--- +goose StatementBegin
-INSERT INTO `system_config` (`key`, `value`, `remark`) VALUES
-  ('grok.cf.enabled', 'true', 'GROK Cloudflare cookie 自动刷新开关'),
-  ('grok.cf.flaresolverr_url', '"http://flaresolverr:8191"', '内置 FlareSolverr 地址'),
-  ('grok.cf.refresh_interval_seconds', '600', 'GROK CF cookie 刷新间隔'),
-  ('grok.cf.timeout_seconds', '90', 'FlareSolverr 单次解题超时'),
-  ('grok.cf.cookies', '""', '最近一次 FlareSolverr 获取的 Cookie'),
-  ('grok.cf.clearance', '""', '最近一次 FlareSolverr 获取的 cf_clearance'),
-  ('grok.cf.user_agent', '""', 'FlareSolverr 浏览器 User-Agent'),
-  ('grok.cf.browser', '""', 'FlareSolverr 浏览器类型'),
-  ('grok.cf.last_error', '""', '最近一次 FlareSolverr 刷新错误'),
-  ('grok.cf.last_refresh_at', '0', '最近一次 FlareSolverr 成功刷新时间')
-ON DUPLICATE KEY UPDATE `remark`=VALUES(`remark`);
--- +goose StatementEnd
-
--- +goose Down
-DELETE FROM `system_config`
-WHERE `key` IN (
-  'grok.cf.enabled',
-  'grok.cf.flaresolverr_url',
-  'grok.cf.refresh_interval_seconds',
-  'grok.cf.timeout_seconds',
-  'grok.cf.cookies',
-  'grok.cf.clearance',
-  'grok.cf.user_agent',
-  'grok.cf.browser',
-  'grok.cf.last_error',
-  'grok.cf.last_refresh_at'
-);
diff --git a/backend/pkg/config/config.go b/backend/pkg/config/config.go
deleted file mode 100644
index ce7f9b23..00000000
--- a/backend/pkg/config/config.go
+++ /dev/null
@@ -1,250 +0,0 @@
-// Package config 加载 KleinAI 全局配置。
-// 优先级：环境变量 > config.${KLEIN_ENV}.yaml > config.yaml。
-package config
-
-import (
-	"fmt"
-	"os"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/spf13/viper"
-)
-
-type Config struct {
-	App       App       `mapstructure:"app"`
-	Server    Server    `mapstructure:"server"`
-	MySQL     MySQL     `mapstructure:"mysql"`
-	Redis     Redis     `mapstructure:"redis"`
-	JWT       JWT       `mapstructure:"jwt"`
-	Logger    Logger    `mapstructure:"logger"`
-	Snowflake Snowflake `mapstructure:"snowflake"`
-	CORS      CORS      `mapstructure:"cors"`
-	RateLimit RateLimit `mapstructure:"ratelimit"`
-	Pool      Pool      `mapstructure:"pool"`
-	Provider  Provider  `mapstructure:"provider"`
-	Billing   Billing   `mapstructure:"billing"`
-	CDN       CDN       `mapstructure:"cdn"`
-	AESKey    string    `mapstructure:"-"` // 来自环境变量
-}
-
-type App struct {
-	Name string `mapstructure:"name"`
-	Env  string `mapstructure:"env"`
-}
-
-type Server struct {
-	APIPort         int           `mapstructure:"api_port"`
-	AdminPort       int           `mapstructure:"admin_port"`
-	OpenAIPort      int           `mapstructure:"openai_port"`
-	WSPort          int           `mapstructure:"ws_port"`
-	PprofPort       int           `mapstructure:"pprof_port"`
-	ReadTimeout     time.Duration `mapstructure:"read_timeout"`
-	WriteTimeout    time.Duration `mapstructure:"write_timeout"`
-	ShutdownTimeout time.Duration `mapstructure:"shutdown_timeout"`
-}
-
-type MySQL struct {
-	DSN             string        `mapstructure:"dsn"`
-	MaxOpenConns    int           `mapstructure:"max_open_conns"`
-	MaxIdleConns    int           `mapstructure:"max_idle_conns"`
-	ConnMaxLifetime time.Duration `mapstructure:"conn_max_lifetime"`
-	SlowThreshold   time.Duration `mapstructure:"slow_threshold"`
-}
-
-type Redis struct {
-	Addr     string `mapstructure:"addr"`
-	Password string `mapstructure:"password"`
-	DB       int    `mapstructure:"db"`
-	PoolSize int    `mapstructure:"pool_size"`
-}
-
-type JWT struct {
-	Secret        string        `mapstructure:"-"`
-	RefreshSecret string        `mapstructure:"-"`
-	AccessTTL     time.Duration `mapstructure:"access_ttl"`
-	RefreshTTL    time.Duration `mapstructure:"refresh_ttl"`
-}
-
-type Logger struct {
-	Level      string `mapstructure:"level"`
-	Dir        string `mapstructure:"dir"`
-	MaxSizeMB  int    `mapstructure:"max_size_mb"`
-	MaxAgeDays int    `mapstructure:"max_age_days"`
-	Compress   bool   `mapstructure:"compress"`
-	Console    bool   `mapstructure:"console"`
-}
-
-type Snowflake struct {
-	NodeID int64 `mapstructure:"node_id"`
-}
-
-type CORS struct {
-	Origins []string `mapstructure:"origins"`
-}
-
-type RateLimit struct {
-	IPPerMinute     int `mapstructure:"ip_per_minute"`
-	UserPerMinute   int `mapstructure:"user_per_minute"`
-	APIKeyPerMinute int `mapstructure:"apikey_per_minute"`
-}
-
-type Pool struct {
-	Strategy           string `mapstructure:"strategy"`
-	CooldownSeconds    int    `mapstructure:"cooldown_seconds"`
-	FailThreshold      int    `mapstructure:"fail_threshold"`
-	HealthCheckSeconds int    `mapstructure:"health_check_seconds"`
-}
-
-type Provider struct {
-	OpenAIBase     string        `mapstructure:"openai_base"`
-	GrokBase       string        `mapstructure:"grok_base"`
-	RequestTimeout time.Duration `mapstructure:"request_timeout"`
-	Retry          int           `mapstructure:"retry"`
-}
-
-type Billing struct {
-	PointUnit int64 `mapstructure:"point_unit"`
-}
-
-type CDN struct {
-	Base string `mapstructure:"base"`
-}
-
-var (
-	cfg     *Config
-	once    sync.Once
-	loadErr error
-)
-
-// Load 读取配置（线程安全，仅生效一次）。
-func Load() (*Config, error) {
-	once.Do(func() {
-		cfg, loadErr = loadInternal()
-	})
-	return cfg, loadErr
-}
-
-// MustLoad 失败直接 panic（仅 cmd/* 入口使用）。
-func MustLoad() *Config {
-	c, err := Load()
-	if err != nil {
-		panic(fmt.Errorf("load config: %w", err))
-	}
-	return c
-}
-
-// Get 返回已加载的配置；若未 Load 会 panic。
-func Get() *Config {
-	if cfg == nil {
-		panic("config not loaded")
-	}
-	return cfg
-}
-
-func loadInternal() (*Config, error) {
-	env := strings.TrimSpace(os.Getenv("KLEIN_ENV"))
-	if env == "" {
-		env = "dev"
-	}
-
-	v := viper.New()
-	v.SetConfigType("yaml")
-	v.AddConfigPath("./configs")
-	v.AddConfigPath("../configs")
-	v.AddConfigPath("../../configs")
-
-	v.SetConfigName("config")
-	if err := v.ReadInConfig(); err != nil {
-		return nil, fmt.Errorf("read base config: %w", err)
-	}
-
-	v.SetConfigName("config." + env)
-	if err := v.MergeInConfig(); err != nil {
-		var notFound viper.ConfigFileNotFoundError
-		if !asErr(err, &notFound) {
-			return nil, fmt.Errorf("merge env config: %w", err)
-		}
-	}
-
-	v.SetEnvPrefix("KLEIN")
-	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
-	v.AutomaticEnv()
-
-	out := &Config{}
-	if err := v.Unmarshal(out); err != nil {
-		return nil, fmt.Errorf("unmarshal config: %w", err)
-	}
-
-	mapEnv := func(target *string, key string) {
-		if val := os.Getenv(key); val != "" {
-			*target = val
-		}
-	}
-	mapEnv(&out.MySQL.DSN, "KLEIN_DB_DSN")
-	mapEnv(&out.Redis.Addr, "KLEIN_REDIS_ADDR")
-	mapEnv(&out.Redis.Password, "KLEIN_REDIS_PASSWORD")
-	mapEnv(&out.JWT.Secret, "KLEIN_JWT_SECRET")
-	mapEnv(&out.JWT.RefreshSecret, "KLEIN_JWT_REFRESH_SECRET")
-	mapEnv(&out.AESKey, "KLEIN_AES_KEY")
-	mapEnv(&out.Provider.OpenAIBase, "KLEIN_OPENAI_BASE")
-	mapEnv(&out.Provider.GrokBase, "KLEIN_GROK_BASE")
-	mapEnv(&out.Logger.Dir, "KLEIN_LOG_DIR")
-	mapEnv(&out.Logger.Level, "KLEIN_LOG_LEVEL")
-
-	if origins := os.Getenv("KLEIN_CORS_ORIGINS"); origins != "" {
-		out.CORS.Origins = splitAndTrim(origins, ",")
-	}
-
-	if env == "prod" {
-		if err := validateProd(out); err != nil {
-			return nil, err
-		}
-	}
-
-	out.App.Env = env
-	return out, nil
-}
-
-func validateProd(c *Config) error {
-	if c.MySQL.DSN == "" {
-		return fmt.Errorf("KLEIN_DB_DSN is required in prod")
-	}
-	if c.Redis.Addr == "" {
-		return fmt.Errorf("KLEIN_REDIS_ADDR is required in prod")
-	}
-	if len(c.JWT.Secret) < 32 || len(c.JWT.RefreshSecret) < 32 {
-		return fmt.Errorf("KLEIN_JWT_SECRET / KLEIN_JWT_REFRESH_SECRET must be >= 32 bytes")
-	}
-	if len(c.AESKey) < 32 {
-		return fmt.Errorf("KLEIN_AES_KEY must be >= 32 bytes")
-	}
-	return nil
-}
-
-func splitAndTrim(s, sep string) []string {
-	parts := strings.Split(s, sep)
-	out := make([]string, 0, len(parts))
-	for _, p := range parts {
-		if v := strings.TrimSpace(p); v != "" {
-			out = append(out, v)
-		}
-	}
-	return out
-}
-
-// asErr 是 errors.As 的薄包装，避免 import cycle。
-func asErr(err error, target any) bool {
-	type asInterface interface{ As(any) bool }
-	if a, ok := err.(asInterface); ok && a.As(target) {
-		return true
-	}
-	return false
-}
-
-// IsProd 判断是否生产环境。
-func (c *Config) IsProd() bool { return c.App.Env == "prod" }
-
-// IsDev 判断是否开发环境。
-func (c *Config) IsDev() bool { return c.App.Env == "dev" || c.App.Env == "local" }
diff --git a/backend/pkg/crypto/crypto.go b/backend/pkg/crypto/crypto.go
deleted file mode 100644
index 11cbf38e..00000000
--- a/backend/pkg/crypto/crypto.go
+++ /dev/null
@@ -1,99 +0,0 @@
-// Package crypto 提供 bcrypt 密码哈希、SHA256 + 盐、AES-256-GCM 加密。
-package crypto
-
-import (
-	"crypto/aes"
-	"crypto/cipher"
-	"crypto/hmac"
-	"crypto/rand"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/hex"
-	"errors"
-	"io"
-
-	"golang.org/x/crypto/bcrypt"
-)
-
-// HashPassword 用 bcrypt cost=12 哈希密码。
-func HashPassword(plain string) (string, error) {
-	h, err := bcrypt.GenerateFromPassword([]byte(plain), 12)
-	return string(h), err
-}
-
-// VerifyPassword 校验密码。
-func VerifyPassword(hash, plain string) bool {
-	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(plain)) == nil
-}
-
-// SHA256Salt 生成 SHA256(plain + salt) hex。
-func SHA256Salt(plain, salt string) string {
-	h := sha256.New()
-	h.Write([]byte(plain))
-	h.Write([]byte(salt))
-	return hex.EncodeToString(h.Sum(nil))
-}
-
-// HMACSHA256 用 hex 输出。
-func HMACSHA256(key, payload string) string {
-	mac := hmac.New(sha256.New, []byte(key))
-	mac.Write([]byte(payload))
-	return hex.EncodeToString(mac.Sum(nil))
-}
-
-// RandomString 生成长度 n 的 url-safe 随机字符串。
-func RandomString(n int) (string, error) {
-	b := make([]byte, n)
-	if _, err := rand.Read(b); err != nil {
-		return "", err
-	}
-	return base64.RawURLEncoding.EncodeToString(b)[:n], nil
-}
-
-// RandomBytes 生成 n 字节随机数。
-func RandomBytes(n int) ([]byte, error) {
-	b := make([]byte, n)
-	if _, err := rand.Read(b); err != nil {
-		return nil, err
-	}
-	return b, nil
-}
-
-// AESGCM 用于账号池凭证加密。
-type AESGCM struct{ aead cipher.AEAD }
-
-// NewAESGCM key 必须 32 字节（AES-256）。
-func NewAESGCM(key []byte) (*AESGCM, error) {
-	if len(key) != 32 {
-		return nil, errors.New("aes key must be 32 bytes")
-	}
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-	g, err := cipher.NewGCM(block)
-	if err != nil {
-		return nil, err
-	}
-	return &AESGCM{aead: g}, nil
-}
-
-// Encrypt 输出 nonce(12) + ciphertext + tag(16)。
-func (a *AESGCM) Encrypt(plain []byte) ([]byte, error) {
-	nonce := make([]byte, a.aead.NonceSize())
-	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
-		return nil, err
-	}
-	out := a.aead.Seal(nonce, nonce, plain, nil)
-	return out, nil
-}
-
-// Decrypt 反向。
-func (a *AESGCM) Decrypt(data []byte) ([]byte, error) {
-	ns := a.aead.NonceSize()
-	if len(data) < ns {
-		return nil, errors.New("ciphertext too short")
-	}
-	nonce, ct := data[:ns], data[ns:]
-	return a.aead.Open(nil, nonce, ct, nil)
-}
diff --git a/backend/pkg/database/mysql.go b/backend/pkg/database/mysql.go
deleted file mode 100644
index 27ce32d5..00000000
--- a/backend/pkg/database/mysql.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Package database 封装 MySQL（GORM）与 Redis 客户端。
-package database
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"go.uber.org/zap"
-	"gorm.io/driver/mysql"
-	"gorm.io/gorm"
-	gormlogger "gorm.io/gorm/logger"
-
-	"github.com/kleinai/backend/pkg/config"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-// NewMySQL 用 GORM 创建 MySQL 连接（含连接池配置与慢查询日志）。
-func NewMySQL(c *config.MySQL) (*gorm.DB, error) {
-	if c.DSN == "" {
-		return nil, fmt.Errorf("mysql dsn empty")
-	}
-
-	gormLog := gormlogger.New(
-		zapWriter{l: logger.L()},
-		gormlogger.Config{
-			SlowThreshold:             c.SlowThreshold,
-			LogLevel:                  gormlogger.Warn,
-			IgnoreRecordNotFoundError: true,
-			Colorful:                  false,
-		},
-	)
-
-	db, err := gorm.Open(mysql.Open(c.DSN), &gorm.Config{
-		Logger:                                   gormLog,
-		PrepareStmt:                              true,
-		DisableForeignKeyConstraintWhenMigrating: true,
-		NowFunc:                                  func() time.Time { return time.Now().UTC() },
-	})
-	if err != nil {
-		return nil, fmt.Errorf("gorm open: %w", err)
-	}
-
-	sqlDB, err := db.DB()
-	if err != nil {
-		return nil, fmt.Errorf("get sql db: %w", err)
-	}
-
-	maxOpen := c.MaxOpenConns
-	if maxOpen <= 0 {
-		maxOpen = 100
-	}
-	maxIdle := c.MaxIdleConns
-	if maxIdle <= 0 {
-		maxIdle = 20
-	}
-	lifetime := c.ConnMaxLifetime
-	if lifetime <= 0 {
-		lifetime = time.Hour
-	}
-
-	sqlDB.SetMaxOpenConns(maxOpen)
-	sqlDB.SetMaxIdleConns(maxIdle)
-	sqlDB.SetConnMaxLifetime(lifetime)
-
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-	defer cancel()
-	if err := sqlDB.PingContext(ctx); err != nil {
-		return nil, fmt.Errorf("ping mysql: %w", err)
-	}
-
-	logger.L().Info("mysql connected",
-		zap.Int("max_open", maxOpen),
-		zap.Int("max_idle", maxIdle),
-		zap.Duration("lifetime", lifetime),
-	)
-	return db, nil
-}
-
-// zapWriter 让 GORM logger 写入 zap。
-type zapWriter struct{ l *zap.Logger }
-
-func (z zapWriter) Printf(format string, args ...any) {
-	z.l.Sugar().Infof(format, args...)
-}
diff --git a/backend/pkg/database/redis.go b/backend/pkg/database/redis.go
deleted file mode 100644
index 4e91b87f..00000000
--- a/backend/pkg/database/redis.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package database
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/redis/go-redis/v9"
-	"go.uber.org/zap"
-
-	"github.com/kleinai/backend/pkg/config"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-// NewRedis 创建 go-redis 客户端并 ping 一次。
-func NewRedis(c *config.Redis) (*redis.Client, error) {
-	if c.Addr == "" {
-		return nil, fmt.Errorf("redis addr empty")
-	}
-	pool := c.PoolSize
-	if pool <= 0 {
-		pool = 50
-	}
-
-	cli := redis.NewClient(&redis.Options{
-		Addr:         c.Addr,
-		Password:     c.Password,
-		DB:           c.DB,
-		PoolSize:     pool,
-		MinIdleConns: 10,
-		ReadTimeout:  3 * time.Second,
-		WriteTimeout: 3 * time.Second,
-	})
-
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-	defer cancel()
-	if err := cli.Ping(ctx).Err(); err != nil {
-		return nil, fmt.Errorf("ping redis: %w", err)
-	}
-
-	logger.L().Info("redis connected", zap.String("addr", c.Addr), zap.Int("db", c.DB))
-	return cli, nil
-}
diff --git a/backend/pkg/errcode/errcode.go b/backend/pkg/errcode/errcode.go
deleted file mode 100644
index f3245ff3..00000000
--- a/backend/pkg/errcode/errcode.go
+++ /dev/null
@@ -1,127 +0,0 @@
-// Package errcode 定义业务错误码。
-// 编码规则：HTTP_STATUS + 3 位业务子码（见 docs/02-后端规范.md §3）。
-package errcode
-
-import (
-	"errors"
-	"fmt"
-)
-
-// Error 业务错误。
-type Error struct {
-	Code   int    `json:"code"`
-	Msg    string `json:"msg"`
-	HTTP   int    `json:"-"`
-	cause  error
-	detail string
-}
-
-// Error 实现 error。
-func (e *Error) Error() string {
-	if e == nil {
-		return ""
-	}
-	if e.detail != "" {
-		return fmt.Sprintf("[%d] %s: %s", e.Code, e.Msg, e.detail)
-	}
-	return fmt.Sprintf("[%d] %s", e.Code, e.Msg)
-}
-
-// Unwrap 暴露底层 error。
-func (e *Error) Unwrap() error { return e.cause }
-
-// Wrap 携带底层 error。
-func (e *Error) Wrap(err error) *Error {
-	if e == nil {
-		return nil
-	}
-	ne := *e
-	ne.cause = err
-	if err != nil {
-		ne.detail = err.Error()
-	}
-	return &ne
-}
-
-// WithMsg 替换 msg（注意保留 code）。
-func (e *Error) WithMsg(msg string) *Error {
-	if e == nil {
-		return nil
-	}
-	ne := *e
-	ne.Msg = msg
-	return &ne
-}
-
-// HTTPStatus 返回建议的 HTTP 状态码。
-func (e *Error) HTTPStatus() int {
-	if e == nil || e.HTTP == 0 {
-		return 200
-	}
-	return e.HTTP
-}
-
-// As 适配 errors.As。
-func As(err error) (*Error, bool) {
-	var e *Error
-	if errors.As(err, &e) {
-		return e, true
-	}
-	return nil, false
-}
-
-// New 自定义错误构造（一般业务用预定义常量；需要临时码时用本函数）。
-func New(code, http int, msg string) *Error {
-	return &Error{Code: code, HTTP: http, Msg: msg}
-}
-
-// === 预定义业务错误 ===
-var (
-	OK = &Error{Code: 0, HTTP: 200, Msg: "ok"}
-
-	// 400xxx 参数错误
-	InvalidParam = &Error{Code: 400101, HTTP: 400, Msg: "参数错误"}
-	BadRequest   = &Error{Code: 400102, HTTP: 400, Msg: "请求格式不正确"}
-	BodyTooLarge = &Error{Code: 400103, HTTP: 413, Msg: "请求体过大"}
-
-	// 401xxx 鉴权
-	Unauthorized = &Error{Code: 401101, HTTP: 401, Msg: "未登录"}
-	TokenExpired = &Error{Code: 401102, HTTP: 401, Msg: "登录已过期"}
-	TokenInvalid = &Error{Code: 401103, HTTP: 401, Msg: "登录凭证无效"}
-	APIKeyInvalid = &Error{Code: 401104, HTTP: 401, Msg: "API Key 无效"}
-
-	// 403xxx 权限
-	Forbidden     = &Error{Code: 403101, HTTP: 403, Msg: "权限不足"}
-	IPNotAllowed  = &Error{Code: 403102, HTTP: 403, Msg: "IP 不在白名单"}
-
-	// 404xxx 资源不存在
-	UserNotFound    = &Error{Code: 404101, HTTP: 404, Msg: "用户不存在"}
-	ResourceMissing = &Error{Code: 404102, HTTP: 404, Msg: "资源不存在"}
-
-	// 409xxx 冲突 / 幂等
-	UserExists      = &Error{Code: 409101, HTTP: 409, Msg: "用户已存在"}
-	IdemConflict    = &Error{Code: 409102, HTTP: 409, Msg: "重复请求"}
-	DuplicatedPay   = &Error{Code: 409401, HTTP: 409, Msg: "重复支付"}
-
-	// 429xxx 限流
-	RateLimited      = &Error{Code: 429101, HTTP: 429, Msg: "操作过于频繁"}
-	GenRateLimited   = &Error{Code: 429301, HTTP: 429, Msg: "创作频次超限"}
-
-	// 500xxx 系统错误
-	Internal     = &Error{Code: 500001, HTTP: 500, Msg: "系统繁忙"}
-	DBError      = &Error{Code: 500002, HTTP: 500, Msg: "数据库错误"}
-	CacheError   = &Error{Code: 500003, HTTP: 500, Msg: "缓存错误"}
-	JobDispatch  = &Error{Code: 500301, HTTP: 500, Msg: "任务调度失败"}
-
-	// 502xxx 上游
-	GPTUnavailable  = &Error{Code: 502201, HTTP: 502, Msg: "GPT 服务暂不可用"}
-	GROKUnavailable = &Error{Code: 502202, HTTP: 502, Msg: "GROK 服务暂不可用"}
-	NoAvailableAcc  = &Error{Code: 502203, HTTP: 502, Msg: "暂无可用账号"}
-
-	// 计费类
-	InsufficientPoints = &Error{Code: 400401, HTTP: 400, Msg: "点数不足"}
-	PromoExpired       = &Error{Code: 400402, HTTP: 400, Msg: "优惠码已失效"}
-	PromoUsed          = &Error{Code: 400403, HTTP: 400, Msg: "优惠码已被使用"}
-	CDKInvalid         = &Error{Code: 400404, HTTP: 400, Msg: "兑换码无效"}
-	CDKUsed            = &Error{Code: 400405, HTTP: 400, Msg: "兑换码已被使用"}
-)
diff --git a/backend/pkg/httpc/client.go b/backend/pkg/httpc/client.go
deleted file mode 100644
index e5fe5635..00000000
--- a/backend/pkg/httpc/client.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Package httpc 是基于 resty 的统一 HTTP 客户端，所有外部 Provider 调用都必须经此包。
-package httpc
-
-import (
-	"time"
-
-	"github.com/go-resty/resty/v2"
-)
-
-// Options 客户端选项。
-type Options struct {
-	BaseURL string
-	Timeout time.Duration
-	Retry   int
-	Headers map[string]string
-}
-
-// New 创建 resty 客户端。
-func New(opt Options) *resty.Client {
-	cli := resty.New()
-	if opt.BaseURL != "" {
-		cli.SetBaseURL(opt.BaseURL)
-	}
-	if opt.Timeout <= 0 {
-		opt.Timeout = 60 * time.Second
-	}
-	cli.SetTimeout(opt.Timeout)
-	if opt.Retry > 0 {
-		cli.SetRetryCount(opt.Retry)
-		cli.SetRetryWaitTime(500 * time.Millisecond)
-		cli.SetRetryMaxWaitTime(5 * time.Second)
-	}
-	for k, v := range opt.Headers {
-		cli.SetHeader(k, v)
-	}
-	cli.SetHeader("User-Agent", "KleinAI-Backend/1.0")
-	return cli
-}
diff --git a/backend/pkg/jwtpayload/exp.go b/backend/pkg/jwtpayload/exp.go
deleted file mode 100644
index 1e42aaec..00000000
--- a/backend/pkg/jwtpayload/exp.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// Package jwtpayload 从 JWT 字符串安全解析非签名载荷（仅解码 payload，不校验签名）。
-package jwtpayload
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"strings"
-)
-
-// ClaimsFromJWT returns the unsigned JWT payload as a generic map.
-// It only decodes the payload and does not verify the signature.
-func ClaimsFromJWT(token string) (map[string]any, bool) {
-	token = strings.TrimSpace(token)
-	parts := strings.Split(token, ".")
-	if len(parts) != 3 {
-		return nil, false
-	}
-	payload, err := base64.RawURLEncoding.DecodeString(parts[1])
-	if err != nil {
-		payload, err = base64.StdEncoding.DecodeString(parts[1])
-		if err != nil {
-			return nil, false
-		}
-	}
-	var claims map[string]any
-	if err := json.Unmarshal(payload, &claims); err != nil {
-		return nil, false
-	}
-	return claims, true
-}
-
-// ExpUnixFromJWT 返回标准 JWT 的 exp 声明（unix 秒），无法解析时为 (0, false)。
-func ExpUnixFromJWT(token string) (int64, bool) {
-	claims, ok := ClaimsFromJWT(token)
-	if !ok {
-		return 0, false
-	}
-	switch exp := claims["exp"].(type) {
-	case float64:
-		if exp > 0 {
-			return int64(exp), true
-		}
-	case json.Number:
-		if n, err := exp.Int64(); err == nil && n > 0 {
-			return n, true
-		}
-	}
-	return 0, false
-}
-
-// StringClaimFromJWT extracts a top-level string claim from an unsigned JWT payload.
-func StringClaimFromJWT(token, key string) (string, bool) {
-	claims, ok := ClaimsFromJWT(token)
-	if !ok {
-		return "", false
-	}
-	v, ok := claims[key].(string)
-	if !ok || strings.TrimSpace(v) == "" {
-		return "", false
-	}
-	return strings.TrimSpace(v), true
-}
diff --git a/backend/pkg/jwtpayload/exp_test.go b/backend/pkg/jwtpayload/exp_test.go
deleted file mode 100644
index fe32bfe2..00000000
--- a/backend/pkg/jwtpayload/exp_test.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package jwtpayload
-
-import "testing"
-
-func TestExpUnixFromJWT(t *testing.T) {
-	// payload: {"exp":1735689600}  (base64url)
-	const tok = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3MzU2ODk2MDB9.signature"
-	exp, ok := ExpUnixFromJWT(tok)
-	if !ok || exp != 1735689600 {
-		t.Fatalf("got %d ok=%v", exp, ok)
-	}
-	if _, ok := ExpUnixFromJWT("nope"); ok {
-		t.Fatal("expected false")
-	}
-}
diff --git a/backend/pkg/jwtx/jwt.go b/backend/pkg/jwtx/jwt.go
deleted file mode 100644
index a561c2c4..00000000
--- a/backend/pkg/jwtx/jwt.go
+++ /dev/null
@@ -1,115 +0,0 @@
-// Package jwtx 双 Token 实现：Access（短）+ Refresh（长）。
-// HS256 + jti 单设备绑定。
-package jwtx
-
-import (
-	"errors"
-	"fmt"
-	"time"
-
-	"github.com/golang-jwt/jwt/v5"
-)
-
-// Subject 主体类型，区分用户端 / 后台端。
-type Subject string
-
-const (
-	SubjectUser  Subject = "user"
-	SubjectAdmin Subject = "admin"
-)
-
-// Claims 自定义负载。
-type Claims struct {
-	UID     uint64   `json:"uid"`
-	Subject Subject  `json:"sub_t"`
-	Roles   []string `json:"roles,omitempty"`
-	Scope   string   `json:"scope,omitempty"`
-	JTI     string   `json:"jti"`
-	jwt.RegisteredClaims
-}
-
-// Manager 颁发与校验 token。
-type Manager struct {
-	secret        []byte
-	refreshSecret []byte
-	accessTTL     time.Duration
-	refreshTTL    time.Duration
-	issuer        string
-}
-
-// New 创建 Manager。
-func New(secret, refreshSecret string, accessTTL, refreshTTL time.Duration) (*Manager, error) {
-	if len(secret) < 16 || len(refreshSecret) < 16 {
-		return nil, errors.New("jwt secret must >= 16 bytes")
-	}
-	return &Manager{
-		secret:        []byte(secret),
-		refreshSecret: []byte(refreshSecret),
-		accessTTL:     accessTTL,
-		refreshTTL:    refreshTTL,
-		issuer:        "kleinai",
-	}, nil
-}
-
-// IssueAccess 签发 Access Token。
-func (m *Manager) IssueAccess(uid uint64, sub Subject, jti string, roles []string) (string, time.Time, error) {
-	exp := time.Now().Add(m.accessTTL)
-	c := Claims{
-		UID:     uid,
-		Subject: sub,
-		Roles:   roles,
-		JTI:     jti,
-		RegisteredClaims: jwt.RegisteredClaims{
-			Issuer:    m.issuer,
-			Subject:   fmt.Sprintf("%d", uid),
-			ID:        jti,
-			ExpiresAt: jwt.NewNumericDate(exp),
-			IssuedAt:  jwt.NewNumericDate(time.Now()),
-			NotBefore: jwt.NewNumericDate(time.Now()),
-		},
-	}
-	tok, err := jwt.NewWithClaims(jwt.SigningMethodHS256, c).SignedString(m.secret)
-	return tok, exp, err
-}
-
-// IssueRefresh 签发 Refresh Token。
-func (m *Manager) IssueRefresh(uid uint64, sub Subject, jti string) (string, time.Time, error) {
-	exp := time.Now().Add(m.refreshTTL)
-	c := Claims{
-		UID:     uid,
-		Subject: sub,
-		JTI:     jti,
-		RegisteredClaims: jwt.RegisteredClaims{
-			Issuer:    m.issuer,
-			Subject:   fmt.Sprintf("%d", uid),
-			ID:        jti,
-			ExpiresAt: jwt.NewNumericDate(exp),
-			IssuedAt:  jwt.NewNumericDate(time.Now()),
-		},
-	}
-	tok, err := jwt.NewWithClaims(jwt.SigningMethodHS256, c).SignedString(m.refreshSecret)
-	return tok, exp, err
-}
-
-// ParseAccess 解析并校验 Access。
-func (m *Manager) ParseAccess(tok string) (*Claims, error) { return m.parse(tok, m.secret) }
-
-// ParseRefresh 解析并校验 Refresh。
-func (m *Manager) ParseRefresh(tok string) (*Claims, error) { return m.parse(tok, m.refreshSecret) }
-
-func (m *Manager) parse(tok string, key []byte) (*Claims, error) {
-	c := &Claims{}
-	parsed, err := jwt.ParseWithClaims(tok, c, func(t *jwt.Token) (any, error) {
-		if t.Method != jwt.SigningMethodHS256 {
-			return nil, fmt.Errorf("unexpected signing method: %v", t.Method)
-		}
-		return key, nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	if !parsed.Valid {
-		return nil, errors.New("invalid token")
-	}
-	return c, nil
-}
diff --git a/backend/pkg/logger/logger.go b/backend/pkg/logger/logger.go
deleted file mode 100644
index bcf151d9..00000000
--- a/backend/pkg/logger/logger.go
+++ /dev/null
@@ -1,113 +0,0 @@
-// Package logger 封装 zap + lumberjack。
-// 严禁业务代码使用 fmt.Println / log.Println。
-package logger
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"path/filepath"
-	"sync"
-
-	"go.uber.org/zap"
-	"go.uber.org/zap/zapcore"
-	"gopkg.in/natefinch/lumberjack.v2"
-
-	"github.com/kleinai/backend/pkg/config"
-)
-
-type ctxKey struct{}
-
-var (
-	base    *zap.Logger
-	once    sync.Once
-	initErr error
-)
-
-// Init 初始化全局 logger。
-func Init(c *config.Config) error {
-	once.Do(func() {
-		initErr = doInit(c)
-	})
-	return initErr
-}
-
-func doInit(c *config.Config) error {
-	level := zap.InfoLevel
-	if err := level.UnmarshalText([]byte(c.Logger.Level)); err != nil {
-		return fmt.Errorf("parse log level: %w", err)
-	}
-
-	cores := make([]zapcore.Core, 0, 2)
-
-	enc := zapcore.NewJSONEncoder(zapcore.EncoderConfig{
-		TimeKey:        "ts",
-		LevelKey:       "level",
-		NameKey:        "logger",
-		CallerKey:      "caller",
-		MessageKey:     "msg",
-		StacktraceKey:  "stack",
-		LineEnding:     zapcore.DefaultLineEnding,
-		EncodeLevel:    zapcore.LowercaseLevelEncoder,
-		EncodeTime:     zapcore.ISO8601TimeEncoder,
-		EncodeDuration: zapcore.MillisDurationEncoder,
-		EncodeCaller:   zapcore.ShortCallerEncoder,
-	})
-
-	if c.Logger.Console || c.IsDev() {
-		cores = append(cores, zapcore.NewCore(enc, zapcore.AddSync(os.Stdout), level))
-	}
-
-	if c.Logger.Dir != "" {
-		if err := os.MkdirAll(c.Logger.Dir, 0o755); err != nil {
-			return fmt.Errorf("mkdir log dir: %w", err)
-		}
-		writer := &lumberjack.Logger{
-			Filename:   filepath.Join(c.Logger.Dir, "app.log"),
-			MaxSize:    c.Logger.MaxSizeMB,
-			MaxAge:     c.Logger.MaxAgeDays,
-			LocalTime:  true,
-			Compress:   c.Logger.Compress,
-			MaxBackups: 30,
-		}
-		cores = append(cores, zapcore.NewCore(enc, zapcore.AddSync(writer), level))
-	}
-
-	base = zap.New(zapcore.NewTee(cores...),
-		zap.AddCaller(),
-		zap.AddCallerSkip(1),
-		zap.AddStacktrace(zap.ErrorLevel),
-		zap.Fields(zap.String("app", c.App.Name), zap.String("env", c.App.Env)),
-	)
-	zap.ReplaceGlobals(base)
-	return nil
-}
-
-// L 返回全局 logger（未初始化时返回 NoOp）。
-func L() *zap.Logger {
-	if base == nil {
-		return zap.NewNop()
-	}
-	return base
-}
-
-// FromCtx 从 context 中取出携带 trace_id 等字段的 logger。
-func FromCtx(ctx context.Context) *zap.Logger {
-	if l, ok := ctx.Value(ctxKey{}).(*zap.Logger); ok && l != nil {
-		return l
-	}
-	return L()
-}
-
-// Inject 把带额外字段的 logger 放入 context。
-func Inject(ctx context.Context, fields ...zap.Field) context.Context {
-	l := FromCtx(ctx).With(fields...)
-	return context.WithValue(ctx, ctxKey{}, l)
-}
-
-// Sync 在程序退出前刷盘。
-func Sync() {
-	if base != nil {
-		_ = base.Sync()
-	}
-}
diff --git a/backend/pkg/outbound/client.go b/backend/pkg/outbound/client.go
deleted file mode 100644
index 071ee2fb..00000000
--- a/backend/pkg/outbound/client.go
+++ /dev/null
@@ -1,277 +0,0 @@
-// Package outbound builds HTTP clients for all external egress traffic.
-package outbound
-
-import (
-	"bufio"
-	"context"
-	"crypto/tls"
-	"encoding/base64"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-
-	utls "github.com/refraction-networking/utls"
-	"golang.org/x/net/http2"
-	xproxy "golang.org/x/net/proxy"
-
-	"github.com/kleinai/backend/pkg/proxyx"
-)
-
-const (
-	ModeStandard = "standard"
-	ModeUTLS     = "utls"
-
-	ProfileChrome = "chrome"
-)
-
-// Options describes one outbound client.
-type Options struct {
-	ProxyURL string
-	Timeout  time.Duration
-	Mode     string
-	Profile  string
-}
-
-// NewClient creates a client with a consistent proxy and TLS stack.
-func NewClient(opt Options) (*http.Client, error) {
-	if opt.Timeout <= 0 {
-		opt.Timeout = 30 * time.Second
-	}
-	mode := strings.ToLower(strings.TrimSpace(opt.Mode))
-	if mode == "" {
-		mode = ModeUTLS
-	}
-	profile := strings.ToLower(strings.TrimSpace(opt.Profile))
-	if profile == "" {
-		profile = ProfileChrome
-	}
-
-	pu, err := proxyx.Parse(opt.ProxyURL)
-	if err != nil {
-		return nil, err
-	}
-	if mode == ModeStandard {
-		return proxyx.BuildClient(pu, opt.Timeout)
-	}
-	if mode != ModeUTLS {
-		return nil, fmt.Errorf("unsupported outbound mode %q", opt.Mode)
-	}
-	return &http.Client{
-		Transport: &utlsTransport{
-			proxyURL: pu,
-			profile:  profile,
-			timeout:  opt.Timeout,
-		},
-		Timeout: opt.Timeout,
-	}, nil
-}
-
-type utlsTransport struct {
-	proxyURL *url.URL
-	profile  string
-	timeout  time.Duration
-}
-
-func (t *utlsTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	if req.URL == nil {
-		return nil, fmt.Errorf("missing request URL")
-	}
-	if req.URL.Scheme != "https" {
-		return t.standardRoundTrip(req)
-	}
-
-	conn, err := t.dialTarget(req.Context(), req.URL)
-	if err != nil {
-		return nil, err
-	}
-	closeOnErr := true
-	defer func() {
-		if closeOnErr {
-			_ = conn.Close()
-		}
-	}()
-
-	serverName := req.URL.Hostname()
-	tlsConn := utls.UClient(conn, &utls.Config{
-		ServerName:         serverName,
-		InsecureSkipVerify: true, //nolint:gosec // Commercial proxies may MITM CONNECT targets.
-		MinVersion:         tls.VersionTLS12,
-		NextProtos:         []string{"h2", "http/1.1"},
-	}, t.clientHelloID())
-	if err := tlsConn.HandshakeContext(req.Context()); err != nil {
-		return nil, fmt.Errorf("tls handshake to %s failed: %w", req.URL.Host, err)
-	}
-	if tlsConn.ConnectionState().NegotiatedProtocol == "h2" {
-		h2Transport := &http2.Transport{}
-		cc, err := h2Transport.NewClientConn(tlsConn)
-		if err != nil {
-			return nil, fmt.Errorf("create http2 client failed: %w", err)
-		}
-		resp, err := cc.RoundTrip(req)
-		if err != nil {
-			return nil, fmt.Errorf("http2 request failed: %w", err)
-		}
-		resp.Body = &connReadCloser{Reader: resp.Body, closer: tlsConn}
-		closeOnErr = false
-		return resp, nil
-	}
-
-	if err := writeRequest(tlsConn, req); err != nil {
-		return nil, fmt.Errorf("write request failed: %w", err)
-	}
-	br := bufio.NewReader(tlsConn)
-	resp, err := http.ReadResponse(br, req)
-	if err != nil {
-		return nil, fmt.Errorf("read response failed: %w", err)
-	}
-	resp.Body = &connReadCloser{Reader: resp.Body, closer: tlsConn}
-	closeOnErr = false
-	return resp, nil
-}
-
-func (t *utlsTransport) standardRoundTrip(req *http.Request) (*http.Response, error) {
-	client, err := proxyx.BuildClient(t.proxyURL, t.timeout)
-	if err != nil {
-		return nil, err
-	}
-	return client.Transport.RoundTrip(req)
-}
-
-func (t *utlsTransport) dialTarget(ctx context.Context, target *url.URL) (net.Conn, error) {
-	addr := canonicalAddr(target)
-	if t.proxyURL == nil {
-		return (&net.Dialer{Timeout: t.timeout, KeepAlive: 30 * time.Second}).DialContext(ctx, "tcp", addr)
-	}
-	switch strings.ToLower(t.proxyURL.Scheme) {
-	case "http", "https":
-		return t.dialHTTPProxy(ctx, addr)
-	case "socks5", "socks5h":
-		return t.dialSOCKS5(ctx, addr)
-	default:
-		return nil, fmt.Errorf("unsupported proxy scheme %q", t.proxyURL.Scheme)
-	}
-}
-
-func (t *utlsTransport) dialHTTPProxy(ctx context.Context, targetAddr string) (net.Conn, error) {
-	proxyAddr := t.proxyURL.Host
-	conn, err := (&net.Dialer{Timeout: t.timeout, KeepAlive: 30 * time.Second}).DialContext(ctx, "tcp", proxyAddr)
-	if err != nil {
-		return nil, fmt.Errorf("connect proxy %s failed: %w", proxyAddr, err)
-	}
-	closeOnErr := true
-	defer func() {
-		if closeOnErr {
-			_ = conn.Close()
-		}
-	}()
-
-	var proxyConn net.Conn = conn
-	if strings.EqualFold(t.proxyURL.Scheme, "https") {
-		host := t.proxyURL.Hostname()
-		tlsProxy := tls.Client(conn, &tls.Config{ServerName: host, MinVersion: tls.VersionTLS12})
-		if err := tlsProxy.HandshakeContext(ctx); err != nil {
-			return nil, fmt.Errorf("tls handshake to proxy %s failed: %w", proxyAddr, err)
-		}
-		proxyConn = tlsProxy
-	}
-
-	connectReq := "CONNECT " + targetAddr + " HTTP/1.1\r\nHost: " + targetAddr + "\r\nProxy-Connection: Keep-Alive\r\n"
-	if t.proxyURL.User != nil {
-		pw, _ := t.proxyURL.User.Password()
-		token := base64.StdEncoding.EncodeToString([]byte(t.proxyURL.User.Username() + ":" + pw))
-		connectReq += "Proxy-Authorization: Basic " + token + "\r\n"
-	}
-	connectReq += "\r\n"
-	if _, err := io.WriteString(proxyConn, connectReq); err != nil {
-		return nil, fmt.Errorf("write CONNECT to proxy failed: %w", err)
-	}
-	br := bufio.NewReader(proxyConn)
-	resp, err := http.ReadResponse(br, &http.Request{Method: http.MethodConnect})
-	if err != nil {
-		return nil, fmt.Errorf("read CONNECT response from proxy failed: %w", err)
-	}
-	_ = resp.Body.Close()
-	if resp.StatusCode/100 != 2 {
-		return nil, fmt.Errorf("proxy CONNECT %s returned HTTP %d", targetAddr, resp.StatusCode)
-	}
-	closeOnErr = false
-	return proxyConn, nil
-}
-
-func (t *utlsTransport) dialSOCKS5(ctx context.Context, targetAddr string) (net.Conn, error) {
-	var auth *xproxy.Auth
-	if t.proxyURL.User != nil {
-		pw, _ := t.proxyURL.User.Password()
-		auth = &xproxy.Auth{User: t.proxyURL.User.Username(), Password: pw}
-	}
-	dialer, err := xproxy.SOCKS5("tcp", t.proxyURL.Host, auth, &net.Dialer{
-		Timeout:   t.timeout,
-		KeepAlive: 30 * time.Second,
-	})
-	if err != nil {
-		return nil, fmt.Errorf("build socks5 dialer: %w", err)
-	}
-	ctxDialer, ok := dialer.(xproxy.ContextDialer)
-	if !ok {
-		return nil, fmt.Errorf("socks5 dialer does not support context")
-	}
-	conn, err := ctxDialer.DialContext(ctx, "tcp", targetAddr)
-	if err != nil {
-		return nil, fmt.Errorf("socks5 connect %s failed: %w", targetAddr, err)
-	}
-	return conn, nil
-}
-
-func (t *utlsTransport) clientHelloID() utls.ClientHelloID {
-	switch t.profile {
-	case ProfileChrome, "":
-		return utls.HelloChrome_133
-	default:
-		return utls.HelloChrome_133
-	}
-}
-
-func writeRequest(w io.Writer, req *http.Request) error {
-	out := req.Clone(req.Context())
-	out.RequestURI = ""
-	out.URL = cloneURL(req.URL)
-	out.Header = req.Header.Clone()
-	if out.Header.Get("Host") == "" && req.Host != "" {
-		out.Host = req.Host
-	}
-	return out.Write(w)
-}
-
-func cloneURL(u *url.URL) *url.URL {
-	if u == nil {
-		return nil
-	}
-	cp := *u
-	return &cp
-}
-
-func canonicalAddr(u *url.URL) string {
-	host := u.Hostname()
-	port := u.Port()
-	if port == "" {
-		if u.Scheme == "https" {
-			port = "443"
-		} else {
-			port = "80"
-		}
-	}
-	return net.JoinHostPort(host, port)
-}
-
-type connReadCloser struct {
-	io.Reader
-	closer io.Closer
-}
-
-func (c *connReadCloser) Close() error {
-	return c.closer.Close()
-}
diff --git a/backend/pkg/proxyx/proxyx.go b/backend/pkg/proxyx/proxyx.go
deleted file mode 100644
index 47c0c465..00000000
--- a/backend/pkg/proxyx/proxyx.go
+++ /dev/null
@@ -1,110 +0,0 @@
-// Package proxyx 提供出站代理解析与 *http.Transport / *http.Client 构造。
-//
-// 设计原则（参考 sub2api）：
-// - 协议白名单：http/https/socks5/socks5h；
-// - 代理无效时返回 error，不回退直连（防止意外走真实出口 IP）；
-// - 同一个进程内可多次调用，每次都会拷贝默认 Transport 字段，避免污染 http.DefaultTransport。
-package proxyx
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-
-	xproxy "golang.org/x/net/proxy"
-)
-
-// ErrInvalidProxy 代理 URL 无效或不支持。
-var ErrInvalidProxy = errors.New("invalid proxy")
-
-// Parse 校验代理 URL。空字符串视为不使用代理（返回 nil, nil）。
-//
-// 规则：
-// - 必须有 scheme：http / https / socks5 / socks5h；
-// - "socks5" 自动改写为 "socks5h"，让 DNS 在远端解析；
-// - 必须有 host:port。
-func Parse(raw string) (*url.URL, error) {
-	raw = strings.TrimSpace(raw)
-	if raw == "" {
-		return nil, nil
-	}
-	u, err := url.Parse(raw)
-	if err != nil {
-		return nil, fmt.Errorf("%w: %v", ErrInvalidProxy, err)
-	}
-	scheme := strings.ToLower(u.Scheme)
-	switch scheme {
-	case "http", "https":
-	case "socks5":
-		u.Scheme = "socks5h"
-	case "socks5h":
-	default:
-		return nil, fmt.Errorf("%w: unsupported scheme %q", ErrInvalidProxy, scheme)
-	}
-	if u.Host == "" {
-		return nil, fmt.Errorf("%w: missing host", ErrInvalidProxy)
-	}
-	return u, nil
-}
-
-// BuildTransport 基于代理 URL 构造一个新的 *http.Transport。proxyURL 为 nil 表示直连。
-func BuildTransport(proxyURL *url.URL) (*http.Transport, error) {
-	tr := &http.Transport{
-		ForceAttemptHTTP2:     true,
-		MaxIdleConns:          100,
-		IdleConnTimeout:       90 * time.Second,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
-	}
-	if proxyURL == nil {
-		tr.DialContext = (&net.Dialer{Timeout: 15 * time.Second, KeepAlive: 30 * time.Second}).DialContext
-		return tr, nil
-	}
-	scheme := strings.ToLower(proxyURL.Scheme)
-	switch scheme {
-	case "http", "https":
-		// 通过 HTTP/HTTPS CONNECT 走代理。
-		tr.Proxy = http.ProxyURL(proxyURL)
-		tr.DialContext = (&net.Dialer{Timeout: 15 * time.Second, KeepAlive: 30 * time.Second}).DialContext
-	case "socks5", "socks5h":
-		var auth *xproxy.Auth
-		if proxyURL.User != nil {
-			pw, _ := proxyURL.User.Password()
-			auth = &xproxy.Auth{User: proxyURL.User.Username(), Password: pw}
-		}
-		dialer, err := xproxy.SOCKS5("tcp", proxyURL.Host, auth, &net.Dialer{
-			Timeout:   15 * time.Second,
-			KeepAlive: 30 * time.Second,
-		})
-		if err != nil {
-			return nil, fmt.Errorf("build socks5 dialer: %w", err)
-		}
-		ctxDialer, ok := dialer.(xproxy.ContextDialer)
-		if !ok {
-			return nil, fmt.Errorf("socks5 dialer does not support context")
-		}
-		tr.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
-			return ctxDialer.DialContext(ctx, network, addr)
-		}
-	default:
-		return nil, fmt.Errorf("%w: unsupported scheme %q", ErrInvalidProxy, scheme)
-	}
-	return tr, nil
-}
-
-// BuildClient 便捷方法：构造带代理的 http.Client，timeout 为请求超时。
-func BuildClient(proxyURL *url.URL, timeout time.Duration) (*http.Client, error) {
-	tr, err := BuildTransport(proxyURL)
-	if err != nil {
-		return nil, err
-	}
-	if timeout <= 0 {
-		timeout = 30 * time.Second
-	}
-	return &http.Client{Transport: tr, Timeout: timeout}, nil
-}
diff --git a/backend/pkg/ratelimit/ratelimit.go b/backend/pkg/ratelimit/ratelimit.go
deleted file mode 100644
index c2eb1aeb..00000000
--- a/backend/pkg/ratelimit/ratelimit.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// Package ratelimit 基于 Redis 的滑动窗口限流。
-package ratelimit
-
-import (
-	"context"
-	"time"
-
-	"github.com/go-redis/redis_rate/v10"
-	"github.com/redis/go-redis/v9"
-)
-
-// Limiter 包装 redis_rate.Limiter。
-type Limiter struct {
-	inner *redis_rate.Limiter
-}
-
-// New 创建。
-func New(rdb *redis.Client) *Limiter {
-	return &Limiter{inner: redis_rate.NewLimiter(rdb)}
-}
-
-// AllowN 在 ratePerMin/min 速率下尝试获取 n 个令牌。
-func (l *Limiter) AllowN(ctx context.Context, key string, ratePerMin, n int) (*redis_rate.Result, error) {
-	return l.inner.AllowN(ctx, key, redis_rate.PerMinute(ratePerMin), n)
-}
-
-// Allow 简便：取 1 个令牌。
-func (l *Limiter) Allow(ctx context.Context, key string, ratePerMin int) (*redis_rate.Result, error) {
-	return l.AllowN(ctx, key, ratePerMin, 1)
-}
-
-// Reset 删除 key（用于撤销限流）。
-func (l *Limiter) Reset(ctx context.Context, key string) error {
-	return l.inner.Reset(ctx, key)
-}
-
-// RetryAfter 工具函数：把 redis_rate.Result.RetryAfter 转 seconds。
-func RetryAfterSeconds(d time.Duration) int {
-	if d <= 0 {
-		return 1
-	}
-	return int(d.Seconds()) + 1
-}
diff --git a/backend/pkg/response/response.go b/backend/pkg/response/response.go
deleted file mode 100644
index f98a7215..00000000
--- a/backend/pkg/response/response.go
+++ /dev/null
@@ -1,87 +0,0 @@
-// Package response 统一 HTTP 响应。
-package response
-
-import (
-	"net/http"
-	"os"
-
-	"github.com/gin-gonic/gin"
-	"go.uber.org/zap"
-
-	"github.com/kleinai/backend/pkg/errcode"
-	"github.com/kleinai/backend/pkg/logger"
-)
-
-// Body 统一响应结构。
-type Body struct {
-	Code    int    `json:"code"`
-	Msg     string `json:"msg"`
-	Data    any    `json:"data,omitempty"`
-	TraceID string `json:"trace_id,omitempty"`
-	// Detail 底层错误；仅 dev/local 或 KLEIN_API_ERROR_DETAIL=1 时填充。
-	Detail string `json:"detail,omitempty"`
-}
-
-// PageData 分页响应通用结构。
-type PageData struct {
-	List     any   `json:"list"`
-	Total    int64 `json:"total"`
-	Page     int   `json:"page"`
-	PageSize int   `json:"page_size"`
-}
-
-const traceHeader = "X-Request-Id"
-
-// OK 成功响应。
-func OK(c *gin.Context, data any) {
-	c.JSON(http.StatusOK, Body{
-		Code:    0,
-		Msg:     "ok",
-		Data:    data,
-		TraceID: c.GetHeader(traceHeader),
-	})
-}
-
-// Page 分页响应。
-func Page(c *gin.Context, list any, total int64, page, pageSize int) {
-	OK(c, PageData{List: list, Total: total, Page: page, PageSize: pageSize})
-}
-
-// Fail 失败响应：根据 errcode 决定 HTTP / code / msg。
-// 注意：HTTP 401 / 403 / 429 / 5xx 用真实 HTTP 状态码；其余业务错误统一 200 + 业务码。
-func Fail(c *gin.Context, err error) {
-	if err == nil {
-		OK(c, nil)
-		return
-	}
-
-	be, ok := errcode.As(err)
-	if !ok {
-		be = errcode.Internal.Wrap(err)
-	}
-
-	logger.FromCtx(c.Request.Context()).Warn("response.fail",
-		zap.Int("code", be.Code),
-		zap.String("msg", be.Msg),
-		zap.Error(be.Unwrap()),
-	)
-
-	httpCode := http.StatusOK
-	switch {
-	case be.HTTPStatus() >= 500, be.HTTPStatus() == 401, be.HTTPStatus() == 403, be.HTTPStatus() == 429, be.HTTPStatus() == 413:
-		httpCode = be.HTTPStatus()
-	}
-
-	body := Body{
-		Code:    be.Code,
-		Msg:     be.Msg,
-		TraceID: c.GetHeader(traceHeader),
-	}
-	if u := be.Unwrap(); u != nil {
-		env := os.Getenv("KLEIN_ENV")
-		if env == "dev" || env == "local" || os.Getenv("KLEIN_API_ERROR_DETAIL") == "1" {
-			body.Detail = u.Error()
-		}
-	}
-	c.AbortWithStatusJSON(httpCode, body)
-}
diff --git a/backend/pkg/snowflake/snowflake.go b/backend/pkg/snowflake/snowflake.go
deleted file mode 100644
index cba17fc0..00000000
--- a/backend/pkg/snowflake/snowflake.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Package snowflake 雪花 ID 生成。
-package snowflake
-
-import (
-	"fmt"
-	"sync"
-
-	sf "github.com/bwmarrin/snowflake"
-)
-
-var (
-	node *sf.Node
-	once sync.Once
-)
-
-// Init 初始化节点（多副本部署需保证 nodeID 不同）。
-func Init(nodeID int64) error {
-	var err error
-	once.Do(func() {
-		node, err = sf.NewNode(nodeID)
-	})
-	if err != nil {
-		return fmt.Errorf("init snowflake: %w", err)
-	}
-	return nil
-}
-
-// Next 取下一个 ID。
-func Next() int64 {
-	if node == nil {
-		_ = Init(1)
-	}
-	return node.Generate().Int64()
-}
-
-// NextString 取字符串形式 ID。
-func NextString() string {
-	if node == nil {
-		_ = Init(1)
-	}
-	return node.Generate().String()
-}
diff --git a/backend/pkg/version/version.go b/backend/pkg/version/version.go
deleted file mode 100644
index 9a87a90d..00000000
--- a/backend/pkg/version/version.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Package version 在编译期由 ldflags 注入版本信息。
-package version
-
-var (
-	Build = "dev"
-	Time  = "unknown"
-)
-
-// Info 返回版本字符串。
-func Info() string {
-	return "build=" + Build + " time=" + Time
-}
diff --git a/backend/scripts/genhash/main.go b/backend/scripts/genhash/main.go
deleted file mode 100644
index 65ffdd56..00000000
--- a/backend/scripts/genhash/main.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Command genhash 生成 bcrypt 哈希。
-//
-// 用法： go run ./scripts/genhash <password>
-package main
-
-import (
-	"fmt"
-	"os"
-
-	"golang.org/x/crypto/bcrypt"
-)
-
-func main() {
-	if len(os.Args) < 2 {
-		fmt.Println("usage: genhash <password>")
-		os.Exit(1)
-	}
-	h, err := bcrypt.GenerateFromPassword([]byte(os.Args[1]), 12)
-	if err != nil {
-		panic(err)
-	}
-	fmt.Println(string(h))
-}
diff --git a/cmd/server/main.go b/cmd/server/main.go
new file mode 100644
index 00000000..5aa73c07
--- /dev/null
+++ b/cmd/server/main.go
@@ -0,0 +1,396 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/account"
+	"github.com/432539/gpt2api/internal/apikey"
+	"github.com/432539/gpt2api/internal/audit"
+	"github.com/432539/gpt2api/internal/auth"
+	"github.com/432539/gpt2api/internal/backup"
+	"github.com/432539/gpt2api/internal/billing"
+	"github.com/432539/gpt2api/internal/channel"
+	"github.com/432539/gpt2api/internal/config"
+	"github.com/432539/gpt2api/internal/db"
+	"github.com/432539/gpt2api/internal/gateway"
+	"github.com/432539/gpt2api/internal/image"
+	modelpkg "github.com/432539/gpt2api/internal/model"
+	"github.com/432539/gpt2api/internal/proxy"
+	gwratelimit "github.com/432539/gpt2api/internal/ratelimit"
+	"github.com/432539/gpt2api/internal/recharge"
+	"github.com/432539/gpt2api/internal/scheduler"
+	"github.com/432539/gpt2api/internal/server"
+	"github.com/432539/gpt2api/internal/settings"
+	"github.com/432539/gpt2api/internal/usage"
+	"github.com/432539/gpt2api/internal/user"
+	"github.com/432539/gpt2api/pkg/crypto"
+	pkgjwt "github.com/432539/gpt2api/pkg/jwt"
+	"github.com/432539/gpt2api/pkg/lock"
+	"github.com/432539/gpt2api/pkg/logger"
+	"github.com/432539/gpt2api/pkg/mailer"
+	pkgratelimit "github.com/432539/gpt2api/pkg/ratelimit"
+)
+
+var (
+	configPath = flag.String("c", "configs/config.yaml", "config file path")
+	showVer    = flag.Bool("v", false, "show version and exit")
+)
+
+var (
+	version   = "0.2.0-dev"
+	buildTime = "unknown"
+)
+
+func main() {
+	flag.Parse()
+	if *showVer {
+		fmt.Printf("gpt2api %s (build %s)\n", version, buildTime)
+		return
+	}
+
+	cfg, err := config.Load(*configPath)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "load config: %v\n", err)
+		os.Exit(1)
+	}
+
+	if err := logger.Init(cfg.Log.Level, cfg.Log.Format, cfg.Log.Output); err != nil {
+		fmt.Fprintf(os.Stderr, "init logger: %v\n", err)
+		os.Exit(1)
+	}
+	defer logger.Sync()
+
+	log := logger.L()
+	log.Info("boot gpt2api",
+		zap.String("version", version),
+		zap.String("env", cfg.App.Env),
+		zap.String("listen", cfg.App.Listen),
+	)
+
+	sqldb, err := db.NewMySQL(cfg.MySQL)
+	if err != nil {
+		log.Fatal("mysql init", zap.Error(err))
+	}
+	defer sqldb.Close()
+
+	rdb, err := db.NewRedis(cfg.Redis)
+	if err != nil {
+		log.Fatal("redis init", zap.Error(err))
+	}
+	defer rdb.Close()
+
+	cipher, err := crypto.NewAESGCM(cfg.Crypto.AESKey)
+	if err != nil {
+		log.Fatal("crypto init", zap.Error(err))
+	}
+
+	// ---- DAO / Service ----
+	userDAO := user.NewDAO(sqldb)
+	proxyDAO := proxy.NewDAO(sqldb)
+	proxySvc := proxy.NewService(proxyDAO, cipher)
+
+	accDAO := account.NewDAO(sqldb)
+	accSvc := account.NewService(accDAO, cipher)
+
+	keyDAO := apikey.NewDAO(sqldb)
+	keySvc := apikey.NewService(keyDAO)
+
+	modelDAO := modelpkg.NewDAO(sqldb)
+	modelReg := modelpkg.NewRegistry(modelDAO)
+	if err := modelReg.Preload(context.Background()); err != nil {
+		log.Warn("model preload failed", zap.Error(err))
+	}
+
+	channelDAO := channel.NewDAO(sqldb)
+	channelSvc := channel.NewService(channelDAO, cipher)
+	channelRouter := channel.NewRouter(channelSvc)
+	channelH := channel.NewHandler(channelSvc, channelRouter)
+
+	rl := lock.NewRedisLock(rdb)
+	sched := scheduler.New(accSvc, proxySvc, rl, cfg.Scheduler)
+
+	tb := pkgratelimit.NewTokenBucket(rdb)
+	limiter := gwratelimit.New(tb)
+
+	groupCache := user.NewGroupCache(userDAO, 30*time.Second)
+
+	usageLogger := usage.New(sqldb, usage.Options{})
+	defer usageLogger.Close()
+
+	billEngine := billing.New(sqldb)
+
+	jm := pkgjwt.NewManager(pkgjwt.Config{
+		Secret:        cfg.JWT.Secret,
+		Issuer:        cfg.JWT.Issuer,
+		AccessTTLSec:  cfg.JWT.AccessTTLSec,
+		RefreshTTLSec: cfg.JWT.RefreshTTLSec,
+	})
+	authSvc := auth.NewService(userDAO, jm, cfg.Security.BcryptCost)
+
+	gwH := &gateway.Handler{
+		Models:    modelReg,
+		Keys:      keySvc,
+		Billing:   billEngine,
+		Scheduler: sched,
+		Groups:    groupCache,
+		Limiter:   limiter,
+		Usage:     usageLogger,
+		AccSvc:    accSvc,
+		Channels:  channelRouter,
+	}
+
+	imageDAO := image.NewDAO(sqldb)
+	imageRunner := image.NewRunner(sched, imageDAO)
+	imageRunner.SetQuotaDecrementor(accDAO) // 生图成功后立即扣减账号额度
+	imagesH := &gateway.ImagesHandler{
+		Handler: gwH,
+		Runner:  imageRunner,
+		DAO:     imageDAO,
+	}
+	gwH.Images = imagesH // chat/completions 识别到图像模型时转派
+
+	auditDAO := audit.NewDAO(sqldb)
+	auditH := audit.NewHandler(auditDAO)
+
+	var backupH *backup.Handler
+	backupDAO := backup.NewDAO(sqldb)
+	if backupSvc, err := backup.New(cfg.Backup, cfg.MySQL, backupDAO); err != nil {
+		// 备份功能是后台可选项,启动不应致命。降级为禁用,记录警告。
+		log.Warn("backup service disabled", zap.Error(err))
+	} else {
+		backupH = backup.NewHandler(backupSvc, backupDAO, authSvc, auditDAO)
+		log.Info("backup service ready", zap.String("dir", backupSvc.Dir()))
+	}
+
+	adminUserH := user.NewAdminHandler(userDAO, authSvc, billEngine, auditDAO)
+	adminGroupH := user.NewAdminGroupHandler(userDAO, auditDAO)
+
+	adminModelH := modelpkg.NewAdminHandler(modelDAO, modelReg, auditDAO)
+	adminKeyH := apikey.NewAdminHandler(keySvc, keyDAO, sqldb)
+	usageQDAO := usage.NewQueryDAO(sqldb)
+	adminUsageH := usage.NewAdminHandler(usageQDAO)
+	meUsageH := usage.NewMeHandler(usageQDAO)
+	meImageH := image.NewMeHandler(imageDAO)
+	adminImageH := image.NewAdminHandler(imageDAO)
+
+	mailSvc := mailer.New(mailer.Config{
+		Host:     cfg.SMTP.Host,
+		Port:     cfg.SMTP.Port,
+		Username: cfg.SMTP.Username,
+		Password: cfg.SMTP.Password,
+		From:     cfg.SMTP.From,
+		FromName: cfg.SMTP.FromName,
+		UseTLS:   cfg.SMTP.UseTLS,
+	}, log)
+	defer mailSvc.Close()
+	if mailSvc.Disabled() {
+		log.Info("mail channel disabled (smtp.host empty)")
+	} else {
+		log.Info("mail channel ready", zap.String("host", cfg.SMTP.Host))
+	}
+	// 把 mailSvc 注入给 authSvc 用于注册欢迎邮件
+	authSvc.SetMailer(mailSvc, cfg.App.BaseURL)
+
+	// 系统设置(KV),启动时从 DB 装载到内存缓存;注入给 auth 用于注册开关/赠送积分。
+	settingsDAO := settings.NewDAO(sqldb)
+	settingsSvc := settings.NewService(settingsDAO)
+	if err := settingsSvc.Reload(context.Background()); err != nil {
+		log.Warn("settings reload failed, using defaults", zap.Error(err))
+	}
+	settingsH := settings.NewHandler(settingsSvc, mailSvc, auditDAO)
+	authSvc.SetSettings(settingsSvc)
+	authSvc.SetBilling(billEngine)
+
+	// 把 settings 注入到其它受控业务(可热更)
+	keySvc.SetSettings(settingsSvc)
+	gwH.Settings = settingsSvc
+	sched.SetRuntime(scheduler.RuntimeParams{
+		DailyUsageRatio: settingsSvc.DailyUsageRatio,
+		Cooldown429Sec:  settingsSvc.Cooldown429Sec,
+		WarnedPauseHrs:  settingsSvc.WarnedPauseHours,
+		QueueWaitSec:    settingsSvc.DispatchQueueWaitSec,
+	})
+	// JWT TTL 热更:每次 Issue 时从 settings 读取,<=0 回退启动值
+	jm.SetTTLProvider(func() (int, int) {
+		return settingsSvc.JWTAccessTTLSec(), settingsSvc.JWTRefreshTTLSec()
+	})
+
+	rechargeDAO := recharge.NewDAO(sqldb)
+	rechargeSvc := recharge.NewService(rechargeDAO, billEngine, userDAO, cfg.EPay, mailSvc, cfg.App.BaseURL, log)
+	rechargeSvc.SetSettings(settingsSvc)
+	rechargeH := recharge.NewHandler(rechargeSvc)
+	adminRechargeH := recharge.NewAdminHandler(rechargeSvc, authSvc)
+
+	// 代理池健康探测器:由 settings 提供热更参数,注入到 Handler
+	proxyH := proxy.NewHandler(proxySvc)
+	prober := proxy.NewProber(proxySvc, settingsSvc, log.Named("proxy-prober"))
+	proxyH.SetProber(prober)
+
+	proberCtx, cancelProber := context.WithCancel(context.Background())
+	defer cancelProber()
+	go prober.Run(proberCtx)
+
+	// 账号池:AT 刷新器 + 额度探测器
+	accountH := account.NewHandler(accSvc)
+	accRefresher := account.NewRefresher(accSvc, settingsSvc, log.Named("account-refresh"))
+	accQuota := account.NewQuotaProber(accSvc, settingsSvc, log.Named("account-quota"))
+
+	// 账号→代理 解析器:让 refresh / probe 走账号自身绑定的代理,
+	// 避免从境内直连 chatgpt.com / auth.openai.com 时被中间设备 TLS 劫持。
+	acctProxyResolver := &accountProxyResolver{accSvc: accSvc, proxySvc: proxySvc}
+	accRefresher.SetProxyResolver(acctProxyResolver)
+	accQuota.SetProxyResolver(acctProxyResolver)
+
+	accountH.SetRefresher(accRefresher)
+	accountH.SetProber(accQuota)
+	accountH.SetSettings(settingsSvc)
+	accountH.SetProxyResolver(acctProxyResolver)
+
+	// 把 resolver 注入到图片代理端点:下载图片时按 account_id 解出 AT/cookies/proxy。
+	imagesH.ImageAccResolver = acctProxyResolver
+
+	accBgCtx, cancelAccBg := context.WithCancel(context.Background())
+	defer cancelAccBg()
+	go accRefresher.Run(accBgCtx)
+	go accQuota.Run(accBgCtx)
+
+	deps := &server.Deps{
+		Config: cfg,
+		JWT:    jm,
+
+		AuthH: auth.NewHandler(authSvc),
+		UserH: user.NewHandler(userDAO),
+
+		KeySvc:   keySvc,
+		KeyH:     apikey.NewHandler(keySvc),
+		ProxyH:   proxyH,
+		AccountH: accountH,
+
+		ChannelH: channelH,
+
+		GatewayH: gwH,
+		ImagesH:  imagesH,
+
+		BackupH:     backupH,
+		AuditH:      auditH,
+		AuditDAO:    auditDAO,
+		AdminUserH:  adminUserH,
+		AdminGroupH: adminGroupH,
+
+		AdminModelH: adminModelH,
+		AdminKeyH:   adminKeyH,
+		AdminUsageH: adminUsageH,
+
+		MeUsageH:    meUsageH,
+		MeImageH:    meImageH,
+		AdminImageH: adminImageH,
+
+		RechargeH:      rechargeH,
+		AdminRechargeH: adminRechargeH,
+
+		SettingsH: settingsH,
+	}
+
+	r := server.New(deps)
+	srv := &http.Server{
+		Addr:              cfg.App.Listen,
+		Handler:           r,
+		ReadHeaderTimeout: 10 * time.Second,
+	}
+
+	go func() {
+		log.Info("http server started", zap.String("addr", cfg.App.Listen))
+		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			log.Fatal("http listen", zap.Error(err))
+		}
+	}()
+
+	quit := make(chan os.Signal, 1)
+	signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
+	<-quit
+	log.Info("shutdown signal received")
+
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	if err := srv.Shutdown(ctx); err != nil {
+		log.Error("graceful shutdown", zap.Error(err))
+	}
+	log.Info("bye")
+}
+
+// accountProxyResolver 把账号 ID → 代理 URL 的查询串起来。
+// 外部看起来就是一个 account.AccountProxyResolver,避免 account 包反向依赖 proxy 包。
+type accountProxyResolver struct {
+	accSvc   *account.Service
+	proxySvc *proxy.Service
+}
+
+// ProxyURLForAccount 查账号绑定的代理并解密密码,返回可直接用于 http.ProxyURL 的 URL。
+// 任意一步失败都返回 ""(调用方会降级到直连)。
+func (r *accountProxyResolver) ProxyURLForAccount(ctx context.Context, accountID uint64) string {
+	if r == nil || r.accSvc == nil || r.proxySvc == nil {
+		return ""
+	}
+	b, err := r.accSvc.GetBinding(ctx, accountID)
+	if err != nil || b == nil {
+		return ""
+	}
+	p, err := r.proxySvc.Get(ctx, b.ProxyID)
+	if err != nil || p == nil || !p.Enabled {
+		return ""
+	}
+	u, err := r.proxySvc.BuildURL(p)
+	if err != nil {
+		return ""
+	}
+	return u
+}
+
+// ProxyURLByID 按 proxy_id 直接查代理 URL(不经过账号绑定)。
+// 供 /accounts/import-tokens 这类"还没有 account_id、但用户已指定代理"的场景使用。
+func (r *accountProxyResolver) ProxyURLByID(ctx context.Context, proxyID uint64) string {
+	if r == nil || r.proxySvc == nil || proxyID == 0 {
+		return ""
+	}
+	p, err := r.proxySvc.Get(ctx, proxyID)
+	if err != nil || p == nil || !p.Enabled {
+		return ""
+	}
+	u, err := r.proxySvc.BuildURL(p)
+	if err != nil {
+		return ""
+	}
+	return u
+}
+
+// AuthToken 给图片代理端点用:按 accountID 解出 AT / DeviceID / cookies。
+// 实现 gateway.ImageAccountResolver。
+func (r *accountProxyResolver) AuthToken(ctx context.Context, accountID uint64) (string, string, string, error) {
+	if r == nil || r.accSvc == nil {
+		return "", "", "", fmt.Errorf("account service not ready")
+	}
+	a, err := r.accSvc.Get(ctx, accountID)
+	if err != nil {
+		return "", "", "", err
+	}
+	at, err := r.accSvc.DecryptAuthToken(a)
+	if err != nil {
+		return "", "", "", err
+	}
+	cookies, _ := r.accSvc.DecryptCookies(ctx, accountID)
+	return at, a.OAIDeviceID, cookies, nil
+}
+
+// ProxyURL 给图片代理端点用:等价于 ProxyURLForAccount。
+func (r *accountProxyResolver) ProxyURL(ctx context.Context, accountID uint64) string {
+	return r.ProxyURLForAccount(ctx, accountID)
+}
diff --git a/cmd/utls-probe/main.go b/cmd/utls-probe/main.go
new file mode 100644
index 00000000..35d4a753
--- /dev/null
+++ b/cmd/utls-probe/main.go
@@ -0,0 +1,105 @@
+// cmd/utls-probe 是一个独立小工具,用于验证 utls transport 是否能穿透 Cloudflare。
+// 用法(在容器里):  /app/utls-probe   或者直接 go run ./cmd/utls-probe  (本机也行)
+//
+// 它做 2 件事:
+//  1. GET https://chatgpt.com/  →  打印 status / cookie / header
+//  2. POST https://chatgpt.com/backend-api/sentinel/chat-requirements (no bearer)
+//     →  打印 status + body 前 400 字节
+//
+// 目的是快速判断:我们的 JA3/JA4 指纹是否被 CF 放行、响应里 Set-Cookie 了哪些
+// 关键 cookie、chat-requirements 返回的 body 结构是什么。
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/432539/gpt2api/internal/upstream/chatgpt"
+)
+
+func main() {
+	proxyURL := os.Getenv("UTLS_PROBE_PROXY")
+	tr, err := chatgpt.NewUTLSTransport(proxyURL, 30*time.Second)
+	if err != nil {
+		fmt.Println("transport init:", err)
+		os.Exit(1)
+	}
+	hc := &http.Client{Transport: tr, Timeout: 30 * time.Second}
+
+	// 1. GET /
+	fmt.Println("== GET https://chatgpt.com/ ==")
+	req, _ := http.NewRequestWithContext(context.Background(), http.MethodGet, "https://chatgpt.com/", nil)
+	req.Header.Set("User-Agent", chatgpt.DefaultUserAgent)
+	req.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
+	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8")
+	req.Header.Set("Sec-Ch-Ua", `"Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"`)
+	req.Header.Set("Sec-Ch-Ua-Mobile", "?0")
+	req.Header.Set("Sec-Ch-Ua-Platform", `"Windows"`)
+	req.Header.Set("Sec-Fetch-Dest", "document")
+	req.Header.Set("Sec-Fetch-Mode", "navigate")
+	req.Header.Set("Sec-Fetch-Site", "none")
+	req.Header.Set("Sec-Fetch-User", "?1")
+	req.Header.Set("Upgrade-Insecure-Requests", "1")
+	res, err := hc.Do(req)
+	if err != nil {
+		fmt.Println("  do:", err)
+		os.Exit(1)
+	}
+	buf, _ := io.ReadAll(res.Body)
+	_ = res.Body.Close()
+	fmt.Printf("  status=%d  proto=%s  body_len=%d\n", res.StatusCode, res.Proto, len(buf))
+	fmt.Println("  set-cookie:")
+	for _, sc := range res.Header.Values("Set-Cookie") {
+		if i := strings.Index(sc, ";"); i > 0 {
+			sc = sc[:i]
+		}
+		fmt.Println("    ", sc)
+	}
+	fmt.Println("  body head:")
+	fmt.Println("   ", preview(buf, 300))
+
+	// 2. POST chat-requirements (no bearer → 应该返回 401,证明至少通过了 CF)
+	fmt.Println()
+	fmt.Println("== POST /backend-api/sentinel/chat-requirements (no auth) ==")
+	req2, _ := http.NewRequestWithContext(context.Background(), http.MethodPost,
+		"https://chatgpt.com/backend-api/sentinel/chat-requirements",
+		strings.NewReader(`{"p":"gAAAAACxxx"}`))
+	req2.Header.Set("User-Agent", chatgpt.DefaultUserAgent)
+	req2.Header.Set("Accept", "*/*")
+	req2.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8")
+	req2.Header.Set("Content-Type", "application/json")
+	req2.Header.Set("Origin", "https://chatgpt.com")
+	req2.Header.Set("Referer", "https://chatgpt.com/")
+	req2.Header.Set("Sec-Ch-Ua", `"Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"`)
+	req2.Header.Set("Sec-Ch-Ua-Mobile", "?0")
+	req2.Header.Set("Sec-Ch-Ua-Platform", `"Windows"`)
+	req2.Header.Set("Sec-Fetch-Dest", "empty")
+	req2.Header.Set("Sec-Fetch-Mode", "cors")
+	req2.Header.Set("Sec-Fetch-Site", "same-origin")
+	res2, err := hc.Do(req2)
+	if err != nil {
+		fmt.Println("  do:", err)
+		os.Exit(1)
+	}
+	buf2, _ := io.ReadAll(res2.Body)
+	_ = res2.Body.Close()
+	fmt.Printf("  status=%d  proto=%s  body_len=%d\n", res2.StatusCode, res2.Proto, len(buf2))
+	fmt.Println("  body head:")
+	fmt.Println("   ", preview(buf2, 300))
+}
+
+func preview(b []byte, n int) string {
+	s := string(b)
+	s = strings.ReplaceAll(s, "\n", " ")
+	s = strings.ReplaceAll(s, "\r", "")
+	if len(s) > n {
+		return s[:n] + "…"
+	}
+	return s
+}
diff --git a/configs/config.example.yaml b/configs/config.example.yaml
new file mode 100644
index 00000000..303b4afb
--- /dev/null
+++ b/configs/config.example.yaml
@@ -0,0 +1,73 @@
+app:
+  name: gpt2api
+  env: dev              # dev | prod
+  listen: ":8080"
+  base_url: "http://localhost:8080"
+
+log:
+  level: info           # debug | info | warn | error
+  format: console       # console | json
+  output: stdout        # stdout | /var/log/gpt2api.log
+
+mysql:
+  dsn: "gpt2api:gpt2api@tcp(127.0.0.1:3306)/gpt2api?parseTime=true&loc=Local&charset=utf8mb4&collation=utf8mb4_unicode_ci"
+  # 开发期 100 够用;生产目标 2000 chat SSE + 1000 图,推荐 500,MySQL 侧 max_connections>=1000
+  max_open_conns: 100
+  max_idle_conns: 20
+  conn_max_lifetime_sec: 3600
+
+redis:
+  addr: "127.0.0.1:6379"
+  password: ""
+  db: 0
+  # 开发期 100;生产推荐 500(锁 + 队列 + 令牌桶并发高)
+  pool_size: 100
+
+jwt:
+  secret: "CHANGE_ME_TO_RANDOM_32_BYTES_SECRET"
+  access_ttl_sec: 86400
+  refresh_ttl_sec: 2592000
+  issuer: "gpt2api"
+
+crypto:
+  # 32 字节 hex(64 字符),用于 AES-256-GCM 加密账号 AT / cookies
+  aes_key: "CHANGE_ME_TO_64_HEX_CHARS_AES_256_KEY_000000000000000000000000"
+
+security:
+  bcrypt_cost: 10
+  cors_origins:
+    - "http://localhost:5173"
+    - "http://localhost:5174"
+
+# 账号池调度
+scheduler:
+  min_interval_sec: 60
+  daily_usage_ratio: 0.6          # 单号日消耗熔断阈值
+  lock_ttl_sec: 1200
+  cooldown_429_sec: 600           # 连续 429 冷却
+  warned_pause_hours: 24
+
+# 上游 chatgpt.com
+upstream:
+  base_url: "https://chatgpt.com"
+  request_timeout_sec: 60
+  sse_read_timeout_sec: 300
+
+# 支付(易支付)
+epay:
+  gateway_url: ""
+  pid: ""
+  key: ""
+  notify_url: ""
+  return_url: ""
+  sign_type: "MD5"
+  expires_min: 30
+
+smtp:
+  host: ""
+  port: 465
+  username: ""
+  password: ""
+  from: ""
+  from_name: "GPT2API"
+  use_tls: true
diff --git a/deploy/.env.example b/deploy/.env.example
new file mode 100644
index 00000000..7eb50ad2
--- /dev/null
+++ b/deploy/.env.example
@@ -0,0 +1,29 @@
+# ================================================================
+# docker-compose 环境变量模板。cp .env.example .env 后按需修改。
+# ================================================================
+
+# ---- MySQL ----
+MYSQL_ROOT_PASSWORD=please_change_me_root
+MYSQL_USER=gpt2api
+MYSQL_PASSWORD=please_change_me
+MYSQL_DATABASE=gpt2api
+MYSQL_PORT=3306
+
+# ---- Redis ----
+REDIS_PORT=6379
+
+# ---- Server ----
+HTTP_PORT=8080
+
+# ---- Security (生产强制改!) ----
+# JWT 签名密钥,至少 32 字符
+JWT_SECRET=please_change_to_a_32_character_random_string_abcdef
+# AES-256 加密 KEY,用于加密账号的 AT/Cookie 等。必须 64 位 hex(32 字节)
+CRYPTO_AES_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+
+# ---- Backup ----
+# 保留最近 N 个备份,0 代表不清理
+BACKUP_RETENTION=30
+# 是否启用"数据库恢复"端点(超危)。生产默认 false,
+# 需要恢复时先设置为 true 重启容器,完成后切回 false。
+BACKUP_ALLOW_RESTORE=false
diff --git a/deploy/Caddyfile b/deploy/Caddyfile
deleted file mode 100644
index 65fa333f..00000000
--- a/deploy/Caddyfile
+++ /dev/null
@@ -1,39 +0,0 @@
-gpt2api.com, www.gpt2api.com {
-	encode gzip zstd
-
-	header {
-		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-		X-Content-Type-Options "nosniff"
-		Referrer-Policy "strict-origin-when-cross-origin"
-	}
-
-	handle /api/v1/* {
-		reverse_proxy api:17180
-	}
-
-	handle /v1/* {
-		reverse_proxy openai:17200
-	}
-
-	handle {
-		reverse_proxy user-web:80
-	}
-}
-
-admin.gpt2api.com {
-	encode gzip zstd
-
-	header {
-		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-		X-Content-Type-Options "nosniff"
-		Referrer-Policy "strict-origin-when-cross-origin"
-	}
-
-	handle /admin/api/* {
-		reverse_proxy admin:17188
-	}
-
-	handle {
-		reverse_proxy admin-web:80
-	}
-}
diff --git a/deploy/Dockerfile b/deploy/Dockerfile
new file mode 100644
index 00000000..6bb8e0dc
--- /dev/null
+++ b/deploy/Dockerfile
@@ -0,0 +1,47 @@
+# syntax=docker/dockerfile:1.6
+#
+# "预构建 + 运行时" 镜像 —— 零外网依赖版本(国内 / 内网环境友好)
+# --------------------------------------------------------------
+# 构建前请先在宿主机生成以下产物(见 deploy/build-local.ps1 / build-local.sh):
+#   deploy/bin/gpt2api           Linux/amd64 可执行
+#   deploy/bin/goose             Linux/amd64 可执行
+#   web/dist/                    前端 Vite 产物
+#
+# 这样容器内除了 alpine 的 apk 装几个小工具,不需要任何外网访问。
+# 在网络通畅的 CI 环境里,你也可以用旧版的两阶段 Dockerfile。
+# --------------------------------------------------------------
+
+FROM alpine:3.20
+
+# 走 ustc HTTP 源,规避企业 HTTPS 代理 MITM 导致的证书校验失败
+RUN sed -i 's@https\?://dl-cdn.alpinelinux.org@http://mirrors.ustc.edu.cn@g' /etc/apk/repositories \
+    && apk add --no-cache ca-certificates tzdata curl bash mariadb-client \
+    && update-ca-certificates \
+    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && echo "Asia/Shanghai" > /etc/timezone
+
+WORKDIR /app
+
+# 后端 + goose 二进制(宿主交叉编译产物)
+COPY deploy/bin/gpt2api /app/gpt2api
+COPY deploy/bin/goose   /usr/local/bin/goose
+RUN chmod +x /app/gpt2api /usr/local/bin/goose
+
+# 前端构建产物 —— 被 Go server 以 SPA 方式托管
+COPY web/dist /app/web/dist
+
+# Migrations、默认配置、entrypoint
+COPY sql     /app/sql
+COPY configs /app/configs
+COPY deploy/entrypoint.sh /app/entrypoint.sh
+RUN sed -i 's/\r$//' /app/entrypoint.sh \
+    && chmod +x /app/entrypoint.sh \
+    && mkdir -p /app/data/backups /app/logs
+
+EXPOSE 8080
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \
+    CMD curl -fsS http://localhost:8080/healthz || exit 1
+
+ENTRYPOINT ["/app/entrypoint.sh"]
+CMD ["/app/gpt2api", "-c", "/app/configs/config.yaml"]
diff --git a/deploy/README.md b/deploy/README.md
new file mode 100644
index 00000000..2582cd77
--- /dev/null
+++ b/deploy/README.md
@@ -0,0 +1,154 @@
+# gpt2api 容器化部署
+
+一键启动 = `docker compose up -d`。Server 启动时自动:
+
+1. 等 MySQL 健康
+2. 跑 `goose up` 应用所有迁移(包含用户表、账号池、审计、备份元数据等)
+3. 启动 HTTP 服务(`:8080`)
+
+## ⚠️ 架构说明:宿主预编译 + 容器运行
+
+本仓库的 `Dockerfile` 是**零外网依赖的"预构建 + 运行时"镜像**(规避国内拉 `proxy.golang.org` / `npm registry` 卡死)。  
+镜像里**不会**帮你 `go build` / `npm install`,而是直接 `COPY` 宿主机上已经编译好的三个产物:
+
+| 产物 | 路径 |
+|------|------|
+| 后端(linux/amd64) | `deploy/bin/gpt2api` |
+| 迁移工具(linux/amd64) | `deploy/bin/goose` |
+| 前端 Vite 产物 | `web/dist/` |
+
+所以**第一次部署 / 代码更新后,都要先在宿主机跑一次预编译脚本**,再 `docker compose build server`。
+
+## 快速开始
+
+### 0. 宿主机准备
+
+需要提前装好:**Go 1.22+**、**Node 18+ / 20 LTS**、**Docker 24+**、**docker compose v2**。
+
+> 建议配镜像加速:  
+> `go env -w GOPROXY=https://goproxy.cn,direct`  
+> `npm config set registry https://registry.npmmirror.com`
+
+### 1. 预编译(必做一次)
+
+一条命令搞定后端 + goose + 前端三个产物:
+
+```bash
+# Linux / macOS / WSL
+bash deploy/build-local.sh
+
+# Windows PowerShell
+powershell -NoProfile -File deploy\build-local.ps1
+```
+
+结束后检查:
+
+```bash
+ls -lh deploy/bin/gpt2api deploy/bin/goose web/dist/index.html
+```
+
+### 2. 配置与启动
+
+```bash
+cd deploy
+cp .env.example .env           # 修改 JWT_SECRET / CRYPTO_AES_KEY / MySQL 密码
+docker compose build server    # 把刚才的产物 COPY 进镜像
+docker compose up -d
+docker compose logs -f server  # 观察迁移 + 启动日志
+```
+
+> **⚠️ 没有默认账号 / 密码。** 启动完成后打开 `http://<服务器IP>:8080/register` 注册,
+> **第一个注册的账号自动成为 admin**;之后的注册都是普通用户。建议首位 admin 登录后去
+> **管理后台 → 系统设置**关闭"允许开放注册"。详见仓库根 `README.md`「5. 首次登录」。
+
+### 3. 日常更新
+
+| 场景 | 做什么 |
+|------|--------|
+| 只改了前端 | `cd web && npm run build` → `cd ../deploy && docker compose build server && docker compose up -d server` |
+| 只改了后端 | `bash deploy/build-local.sh` → `cd deploy && docker compose build server && docker compose up -d server` |
+| `git pull` 新版 | `bash deploy/build-local.sh` → `docker compose build server && docker compose up -d server` |
+| 只改了 `.env` | `docker compose up -d`(环境变量变化 compose 会自动感知并重建容器) |
+| 想秒重启 | `docker compose restart server` |
+
+默认暴露端口:
+
+
+| 服务     | 端口     | 说明                   |
+| ------ | ------ | -------------------- |
+| server | `8080` | OpenAI 兼容网关 + 后台 API |
+| mysql  | `3306` | 业务数据库                |
+| redis  | `6379` | 锁 / 限流 / 缓存          |
+
+
+## 目录与数据卷
+
+- `mysql_data`:MySQL 物理数据
+- `redis_data`:Redis AOF
+- `backups`:`/app/data/backups` —— 数据库备份文件(.sql.gz)落盘目录
+- `./logs`:宿主机 `deploy/logs` —— server 日志
+
+数据库备份和宿主机数据是两条独立路径:
+
+- 管理员在后台"数据备份"里点"立即备份"会把 `mysqldump` 压缩写入 `backups` 卷;
+- `backups` 卷也可以挂回宿主机目录来做 rsync 异地冷备。
+
+## 安全红线
+
+以下必须在 **.env** 中显式覆盖(生产禁用默认值):
+
+- `JWT_SECRET`:至少 32 字符随机串
+- `CRYPTO_AES_KEY`:**严格** 64 位 hex(32 字节 AES-256 key)
+- `MYSQL_ROOT_PASSWORD` / `MYSQL_PASSWORD`
+
+后端对高危操作的保护:
+
+
+| 操作        | 权限常量            | 额外要求                                                     |
+| --------- | --------------- | -------------------------------------------------------- |
+| 列出/下载备份   | `system:backup` | -                                                        |
+| 创建备份      | `system:backup` | -                                                        |
+| 删除备份      | `system:backup` | `X-Admin-Confirm: <password>`                            |
+| 上传备份      | `system:backup` | `X-Admin-Confirm: <password>`                            |
+| **恢复数据库** | `system:backup` | `backup.allow_restore=true`(默认 false)+ `X-Admin-Confirm` |
+| 调整用户积分    | `user:credit`   | 自动落审计                                                    |
+
+
+凡是 `/api/admin/`* 的写操作(POST/PUT/PATCH/DELETE)都会被 `audit.Middleware` 自动记录到 `admin_audit_logs` 表,管理员可在"审计日志"页查看。
+
+## 恢复数据库的标准流程
+
+因为 `restore` 会直接覆盖现库,**默认关闭**。启用方式:
+
+1. 在 `.env` 中 `BACKUP_ALLOW_RESTORE=true`
+2. `docker compose up -d server`(重启生效)
+3. 在后台点"恢复",输入管理员密码二次确认
+4. 完成后把 `.env` 改回 `false` 再重启,锁回常态
+
+## 常用运维命令
+
+```bash
+# 手动触发一次迁移(平时容器启动时会自动跑)
+docker compose exec server goose -dir /app/sql/migrations mysql \
+  "$GPT2API_MYSQL_DSN" up
+
+# 查看当前迁移状态
+docker compose exec server goose -dir /app/sql/migrations mysql \
+  "$GPT2API_MYSQL_DSN" status
+
+# 进入 MySQL
+docker compose exec mysql mysql -ugpt2api -p gpt2api
+
+# 冷备份(API 之外的兜底方式)
+docker compose exec server mysqldump -hmysql -ugpt2api -p \
+  --single-transaction --quick gpt2api | gzip > gpt2api-$(date +%F).sql.gz
+```
+
+## 单节点 vs 多节点
+
+当前 compose 配置针对单机部署。后续要做多副本:
+
+- `server` 可直接 `docker compose up -d --scale server=3`(需前面加 nginx/traefik)
+- `backups` 卷改成共享存储(NFS / S3 fuse),否则每个副本只能看到自己创建的备份
+- Redis 分布式锁已天然支持多副本,MySQL 和 JWT 密钥需统一
+
diff --git a/deploy/build-local.ps1 b/deploy/build-local.ps1
new file mode 100644
index 00000000..afb8ca47
--- /dev/null
+++ b/deploy/build-local.ps1
@@ -0,0 +1,62 @@
+# Windows 本地预构建脚本
+# 用法:
+#   powershell -NoProfile -File deploy/build-local.ps1          # 增量:只建缺失的 goose
+#   powershell -NoProfile -File deploy/build-local.ps1 -Force   # 强制重建 goose
+
+param(
+    [switch]$Force
+)
+
+$ErrorActionPreference = 'Stop'
+# PowerShell 7:关掉 "native 命令 stderr 自动触发终结" 的坑
+if ($PSVersionTable.PSVersion.Major -ge 7) {
+    $PSNativeCommandUseErrorActionPreference = $false
+}
+
+$root = Resolve-Path "$PSScriptRoot/.."
+Set-Location $root
+
+Write-Host "[build-local] repo  = $root"
+Write-Host "[build-local] step1 = cross-build gpt2api"
+$env:GOOS = "linux"
+$env:GOARCH = "amd64"
+$env:CGO_ENABLED = "0"
+New-Item -ItemType Directory -Force deploy/bin | Out-Null
+go build -ldflags "-s -w" -o deploy/bin/gpt2api ./cmd/server
+if ($LASTEXITCODE -ne 0) { throw "gpt2api build failed" }
+
+$goosePath = Join-Path $root "deploy/bin/goose"
+if ($Force -or -not (Test-Path $goosePath)) {
+    Write-Host "[build-local] step2 = cross-build goose (tmp module)"
+    $tmp = Join-Path $env:TEMP "gpt2api-goose-src"
+    if (Test-Path $tmp) { Remove-Item -Recurse -Force $tmp }
+    New-Item -ItemType Directory -Force $tmp | Out-Null
+    Push-Location $tmp
+    try {
+        cmd /c "go mod init goose-wrapper >nul 2>&1"
+        cmd /c "go get github.com/pressly/goose/v3/cmd/goose@v3.20.0 >nul 2>&1"
+        go build -ldflags "-s -w" -o $goosePath github.com/pressly/goose/v3/cmd/goose
+        if ($LASTEXITCODE -ne 0) { throw "goose build failed" }
+    } finally {
+        Pop-Location
+        Remove-Item -Recurse -Force $tmp -ErrorAction SilentlyContinue
+    }
+} else {
+    Write-Host "[build-local] step2 = skip goose (exists). use -Force to rebuild"
+}
+
+Write-Host "[build-local] step3 = npm run build (web)"
+Push-Location (Join-Path $root "web")
+try {
+    if (-not (Test-Path node_modules)) {
+        npm install --no-audit --no-fund --loglevel=error
+        if ($LASTEXITCODE -ne 0) { throw "npm install failed" }
+    }
+    npm run build
+    if ($LASTEXITCODE -ne 0) { throw "npm run build failed" }
+} finally {
+    Pop-Location
+}
+
+Write-Host "[build-local] done. artifacts:"
+Get-Item deploy/bin/gpt2api, deploy/bin/goose, web/dist/index.html | Format-Table -AutoSize
diff --git a/deploy/build-local.sh b/deploy/build-local.sh
new file mode 100644
index 00000000..3901bbdf
--- /dev/null
+++ b/deploy/build-local.sh
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+# Linux 本地预构建脚本(服务器上直接用 / WSL / macOS 均可)
+#
+# 用法:
+#   bash deploy/build-local.sh            # 增量:只建缺失的 goose
+#   bash deploy/build-local.sh --force    # 强制重建 goose
+#
+# 产物:
+#   deploy/bin/gpt2api        linux/amd64 可执行(后端)
+#   deploy/bin/goose          linux/amd64 可执行(迁移工具)
+#   web/dist/                 前端 Vite 产物
+#
+# 这套产物 + deploy/Dockerfile 就可以离线构建镜像,无需容器再访问外网。
+
+set -euo pipefail
+
+FORCE=0
+for arg in "$@"; do
+    case "$arg" in
+        -f|--force) FORCE=1 ;;
+    esac
+done
+
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$ROOT"
+
+echo "[build-local] repo  = $ROOT"
+
+# ---- step1: 交叉编译 gpt2api ----
+echo "[build-local] step1 = cross-build gpt2api (linux/amd64)"
+mkdir -p deploy/bin
+GOOS=linux GOARCH=amd64 CGO_ENABLED=0 \
+    go build -ldflags "-s -w" -o deploy/bin/gpt2api ./cmd/server
+
+# ---- step2: 编译 goose ----
+GOOSE="$ROOT/deploy/bin/goose"
+if [ "$FORCE" = "1" ] || [ ! -x "$GOOSE" ]; then
+    echo "[build-local] step2 = cross-build goose (tmp module)"
+    TMP="$(mktemp -d)"
+    trap 'rm -rf "$TMP"' EXIT
+    pushd "$TMP" >/dev/null
+    go mod init goose-wrapper >/dev/null 2>&1
+    go get github.com/pressly/goose/v3/cmd/goose@v3.20.0 >/dev/null 2>&1
+    GOOS=linux GOARCH=amd64 CGO_ENABLED=0 \
+        go build -ldflags "-s -w" -o "$GOOSE" github.com/pressly/goose/v3/cmd/goose
+    popd >/dev/null
+else
+    echo "[build-local] step2 = skip goose (exists). use --force to rebuild"
+fi
+
+# ---- step3: 前端 ----
+echo "[build-local] step3 = npm run build (web)"
+pushd web >/dev/null
+if [ ! -d node_modules ]; then
+    npm install --no-audit --no-fund --loglevel=error
+fi
+npm run build
+popd >/dev/null
+
+echo "[build-local] done. artifacts:"
+ls -lh deploy/bin/gpt2api deploy/bin/goose web/dist/index.html
diff --git a/deploy/docker-compose.dev-full.yml b/deploy/docker-compose.dev-full.yml
deleted file mode 100644
index 0f0802c7..00000000
--- a/deploy/docker-compose.dev-full.yml
+++ /dev/null
@@ -1,200 +0,0 @@
-# =====================================================
-# KleinAI · 全容器本地开发栈
-#
-# 与 docker-compose.dev.yml 的差别：
-#   - dev.yml         只起 mysql + redis，业务进程主机直跑（go run / pnpm dev）
-#   - dev-full.yml    全部 7 个服务都跑容器（适合不想装 Go / Node 的同学）
-#
-# 启动：
-#   cd deploy
-#   docker compose -f docker-compose.dev-full.yml up -d --build
-#
-# 端口（host -> container）：
-#   user-web    : 17080 -> 80     (→ 静态前端 + /api/* 代理 api:17180 + /v1/* 代理 openai:17200)
-#   admin-web   : 17088 -> 80     (→ 静态前端 + /admin/api/* 代理 admin:17188)
-#   api         : 17180 -> 17180  (可选直连用户 API，调试用)
-#   admin       : 17188 -> 17188  (可选直连后台 API，调试用)
-#   openai      : 17200 -> 17200  (可选直连 OpenAI 兼容 API)
-#   mysql       : 23306 -> 3306   (Hyper-V 占了 13306，临时换 23306)
-#   redis       : 16379 -> 6379
-# =====================================================
-
-x-backend-env: &backend-env
-  KLEIN_ENV: dev
-  KLEIN_DB_DSN: klein:klein123@tcp(mysql:3306)/klein_ai?charset=utf8mb4&parseTime=True&loc=Local
-  KLEIN_REDIS_ADDR: redis:6379
-  KLEIN_REDIS_PASSWORD: ''
-  KLEIN_REDIS_DB: '0'
-  KLEIN_JWT_SECRET: local-dev-jwt-secret-32bytes-please-change
-  KLEIN_JWT_REFRESH_SECRET: local-dev-jwt-refresh-secret-32bytes-please
-  KLEIN_JWT_ACCESS_TTL: 2h
-  KLEIN_JWT_REFRESH_TTL: 336h
-  KLEIN_AES_KEY: '00000000000000000000000000000000'
-  KLEIN_PROVIDER_GPT: mock
-  KLEIN_PROVIDER_GROK: mock
-  KLEIN_OPENAI_BASE: https://api.openai.com
-  KLEIN_GROK_BASE: https://api.x.ai
-  KLEIN_GPT_BASE_URL: https://api.openai.com
-  KLEIN_GROK_BASE_URL: https://api.x.ai
-  KLEIN_LOG_LEVEL: info
-  KLEIN_LOG_DIR: /app/logs
-  KLEIN_CORS_ORIGINS: http://localhost:17080,http://localhost:17088,http://127.0.0.1:17080,http://127.0.0.1:17088
-  TZ: Asia/Shanghai
-
-services:
-  mysql:
-    image: mysql:8.0
-    container_name: klein-mysql-dev
-    restart: unless-stopped
-    command:
-      - --default-authentication-plugin=caching_sha2_password
-      - --character-set-server=utf8mb4
-      - --collation-server=utf8mb4_0900_ai_ci
-      - --innodb-buffer-pool-size=512M
-      - --max_connections=200
-      - --sql-mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION
-    environment:
-      MYSQL_ROOT_PASSWORD: klein-root-dev
-      MYSQL_DATABASE: klein_ai
-      MYSQL_USER: klein
-      MYSQL_PASSWORD: klein123
-      TZ: Asia/Shanghai
-    ports:
-      - "127.0.0.1:${KLEIN_DEV_MYSQL_PORT:-23306}:3306"
-    volumes:
-      - klein-mysql-dev-data:/var/lib/mysql
-      - ./mysql-init/01-run-migrations.sh:/docker-entrypoint-initdb.d/01-run-migrations.sh:ro
-      - ../backend/migrations:/migrations:ro
-    healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "-uroot", "-pklein-root-dev"]
-      interval: 10s
-      timeout: 5s
-      retries: 10
-    networks: [klein-dev]
-
-  redis:
-    image: redis:7-alpine
-    container_name: klein-redis-dev
-    restart: unless-stopped
-    command: redis-server --appendonly yes
-    ports:
-      - "127.0.0.1:${KLEIN_DEV_REDIS_PORT:-16379}:6379"
-    volumes:
-      - klein-redis-dev-data:/data
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 3s
-      retries: 5
-    networks: [klein-dev]
-
-  # ---------- 4 个后端 cmd ----------
-  api:
-    image: kleinai/backend:dev
-    container_name: klein-api-dev
-    build:
-      context: ../backend
-      dockerfile: Dockerfile
-    entrypoint: ["/app/api"]
-    user: "0:0"            # 复用同一镜像同一卷写日志，方便起见 dev 用 root
-    environment:
-      <<: *backend-env
-      KLEIN_NODE_ID: '1'
-    ports:
-      - "127.0.0.1:17180:17180"
-    volumes:
-      - klein-logs:/app/logs
-    depends_on:
-      mysql: { condition: service_healthy }
-      redis: { condition: service_healthy }
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  admin:
-    image: kleinai/backend:dev
-    container_name: klein-admin-dev
-    entrypoint: ["/app/admin"]
-    user: "0:0"
-    environment:
-      <<: *backend-env
-      KLEIN_NODE_ID: '2'
-    ports:
-      - "127.0.0.1:17188:17188"
-    volumes:
-      - klein-logs:/app/logs
-    depends_on:
-      api: { condition: service_started }
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  openai:
-    image: kleinai/backend:dev
-    container_name: klein-openai-dev
-    entrypoint: ["/app/openai"]
-    user: "0:0"
-    environment:
-      <<: *backend-env
-      KLEIN_NODE_ID: '3'
-    ports:
-      - "127.0.0.1:17200:17200"
-    volumes:
-      - klein-logs:/app/logs
-    depends_on:
-      api: { condition: service_started }
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  worker:
-    image: kleinai/backend:dev
-    container_name: klein-worker-dev
-    entrypoint: ["/app/worker"]
-    user: "0:0"
-    environment:
-      <<: *backend-env
-      KLEIN_NODE_ID: '4'
-    volumes:
-      - klein-logs:/app/logs
-    depends_on:
-      mysql: { condition: service_healthy }
-      redis: { condition: service_healthy }
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  # ---------- 前端静态 + 反代 ----------
-  user-web:
-    image: kleinai/user-web:dev
-    container_name: klein-user-web-dev
-    build:
-      context: ../frontend
-      dockerfile: apps/user/Dockerfile
-    ports:
-      - "127.0.0.1:17080:80"
-    volumes:
-      # 覆盖镜像内自带的 nginx.conf，加入 /api 与 /v1 反代
-      - ./nginx-dev/user-web.conf:/etc/nginx/conf.d/default.conf:ro
-    depends_on: [api, openai]
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  admin-web:
-    image: kleinai/admin-web:dev
-    container_name: klein-admin-web-dev
-    build:
-      context: ../frontend
-      dockerfile: apps/admin/Dockerfile
-    ports:
-      - "127.0.0.1:17088:80"
-    volumes:
-      - ./nginx-dev/admin-web.conf:/etc/nginx/conf.d/default.conf:ro
-    depends_on: [admin]
-    networks: [klein-dev]
-    restart: unless-stopped
-
-volumes:
-  klein-mysql-dev-data:
-  klein-redis-dev-data:
-  klein-logs:
-
-networks:
-  klein-dev:
-    name: klein-dev-net
diff --git a/deploy/docker-compose.dev.yml b/deploy/docker-compose.dev.yml
deleted file mode 100644
index 20b47636..00000000
--- a/deploy/docker-compose.dev.yml
+++ /dev/null
@@ -1,64 +0,0 @@
-# =====================================================
-# KleinAI · 本地开发依赖（只起 MySQL + Redis）
-#
-# 使用：
-#   cd deploy
-#   docker compose -f docker-compose.dev.yml up -d
-#
-# 目的：本地依赖容器化，后端 4 个 cmd / 前端 2 个 app
-# 直接在主机 go run / pnpm dev，便于热重载和断点调试。
-#
-# 端口（host -> container）：
-#   MySQL  : 13306 -> 3306
-#   Redis  : 16379 -> 6379
-# =====================================================
-
-services:
-  mysql:
-    image: mysql:8.0
-    container_name: klein-mysql-dev
-    restart: unless-stopped
-    command:
-      - --default-authentication-plugin=caching_sha2_password
-      - --character-set-server=utf8mb4
-      - --collation-server=utf8mb4_0900_ai_ci
-      - --innodb-buffer-pool-size=512M
-      - --max_connections=200
-      - --sql-mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION
-    environment:
-      MYSQL_ROOT_PASSWORD: klein-root-dev
-      MYSQL_DATABASE: klein_ai
-      MYSQL_USER: klein
-      MYSQL_PASSWORD: klein123
-      TZ: Asia/Shanghai
-    ports:
-      - "127.0.0.1:${KLEIN_DEV_MYSQL_PORT:-13306}:3306"
-    volumes:
-      - klein-mysql-dev-data:/var/lib/mysql
-      # 首次初始化时自动跑迁移：自定义脚本会剥掉 goose Down 段后再喂给 mysql
-      - ./mysql-init/01-run-migrations.sh:/docker-entrypoint-initdb.d/01-run-migrations.sh:ro
-      - ../backend/migrations:/migrations:ro
-    healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "-uroot", "-pklein-root-dev"]
-      interval: 10s
-      timeout: 5s
-      retries: 10
-
-  redis:
-    image: redis:7-alpine
-    container_name: klein-redis-dev
-    restart: unless-stopped
-    command: redis-server --appendonly yes
-    ports:
-      - "127.0.0.1:${KLEIN_DEV_REDIS_PORT:-16379}:6379"
-    volumes:
-      - klein-redis-dev-data:/data
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 3s
-      retries: 5
-
-volumes:
-  klein-mysql-dev-data:
-  klein-redis-dev-data:
diff --git a/deploy/docker-compose.server.yml b/deploy/docker-compose.server.yml
deleted file mode 100644
index a2077727..00000000
--- a/deploy/docker-compose.server.yml
+++ /dev/null
@@ -1,239 +0,0 @@
-# =====================================================
-# KleinAI · 全容器本地开发栈
-#
-# 与 docker-compose.dev.yml 的差别：
-#   - dev.yml         只起 mysql + redis，业务进程主机直跑（go run / pnpm dev）
-#   - dev-full.yml    全部 7 个服务都跑容器（适合不想装 Go / Node 的同学）
-#
-# 启动：
-#   cd deploy
-#   docker compose -f docker-compose.dev-full.yml up -d --build
-#
-# 端口（host -> container）：
-#   user-web    : 17080 -> 80     (→ 静态前端 + /api/* 代理 api:17180 + /v1/* 代理 openai:17200)
-#   admin-web   : 17088 -> 80     (→ 静态前端 + /admin/api/* 代理 admin:17188)
-#   api         : 17180 -> 17180  (可选直连用户 API，调试用)
-#   admin       : 17188 -> 17188  (可选直连后台 API，调试用)
-#   openai      : 17200 -> 17200  (可选直连 OpenAI 兼容 API)
-#   mysql       : 23306 -> 3306   (Hyper-V 占了 13306，临时换 23306)
-#   redis       : 16379 -> 6379
-# =====================================================
-
-x-backend-env: &backend-env
-  KLEIN_ENV: dev
-  KLEIN_DB_DSN: klein:klein123@tcp(mysql:3306)/klein_ai?charset=utf8mb4&parseTime=True&loc=Local
-  KLEIN_REDIS_ADDR: redis:6379
-  KLEIN_REDIS_PASSWORD: ''
-  KLEIN_REDIS_DB: '0'
-  KLEIN_JWT_SECRET: local-dev-jwt-secret-32bytes-please-change
-  KLEIN_JWT_REFRESH_SECRET: local-dev-jwt-refresh-secret-32bytes-please
-  KLEIN_JWT_ACCESS_TTL: 2h
-  KLEIN_JWT_REFRESH_TTL: 336h
-  KLEIN_AES_KEY: '00000000000000000000000000000000'
-  KLEIN_PROVIDER_GPT: real
-  KLEIN_PROVIDER_GROK: real
-  KLEIN_OPENAI_BASE: https://api.openai.com
-  KLEIN_GROK_BASE: https://api.x.ai
-  KLEIN_GPT_BASE_URL: https://api.openai.com
-  KLEIN_GROK_BASE_URL: https://grok.com
-  KLEIN_GROK_CF_STATE_PATH: /app/storage/grok_cf.json
-  KLEIN_GROK_UPLOAD_NORMALIZE_JPEG: 'true'
-  KLEIN_GROK_DYNAMIC_STATSIG: 'true'
-  KLEIN_LOG_LEVEL: info
-  KLEIN_LOG_DIR: /app/logs
-  KLEIN_CORS_ORIGINS: http://localhost:17080,http://localhost:17088,http://127.0.0.1:17080,http://127.0.0.1:17088,http://167.88.180.191:17080,http://167.88.180.191:17088
-  TZ: Asia/Shanghai
-
-services:
-  mysql:
-    image: mysql:8.0
-    container_name: klein-mysql-dev
-    restart: unless-stopped
-    command:
-      - --default-authentication-plugin=caching_sha2_password
-      - --character-set-server=utf8mb4
-      - --collation-server=utf8mb4_0900_ai_ci
-      - --innodb-buffer-pool-size=512M
-      - --max_connections=200
-      - --binlog-expire-logs-seconds=86400
-      - --max-binlog-size=64M
-      - --sql-mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION
-    environment:
-      MYSQL_ROOT_PASSWORD: klein-root-dev
-      MYSQL_DATABASE: klein_ai
-      MYSQL_USER: klein
-      MYSQL_PASSWORD: klein123
-      TZ: Asia/Shanghai
-    ports:
-      - "127.0.0.1:${KLEIN_DEV_MYSQL_PORT:-23306}:3306"
-    volumes:
-      - klein-mysql-dev-data:/var/lib/mysql
-      - ./mysql-init/01-run-migrations.sh:/docker-entrypoint-initdb.d/01-run-migrations.sh:ro
-      - ../backend/migrations:/migrations:ro
-    healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "-uroot", "-pklein-root-dev"]
-      interval: 10s
-      timeout: 5s
-      retries: 10
-    networks: [klein-dev]
-
-  redis:
-    image: redis:7-alpine
-    container_name: klein-redis-dev
-    restart: unless-stopped
-    command: redis-server --appendonly yes
-    ports:
-      - "127.0.0.1:${KLEIN_DEV_REDIS_PORT:-16379}:6379"
-    volumes:
-      - klein-redis-dev-data:/data
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 3s
-      retries: 5
-    networks: [klein-dev]
-
-  # ---------- 4 个后端 cmd ----------
-  flaresolverr:
-    image: ghcr.io/flaresolverr/flaresolverr:latest
-    container_name: klein-flaresolverr-dev
-    restart: unless-stopped
-    environment:
-      LOG_LEVEL: info
-      TZ: Asia/Shanghai
-    ports:
-      - "127.0.0.1:18191:8191"
-    networks: [klein-dev]
-
-  api:
-    image: kleinai/backend:dev
-    container_name: klein-api-dev
-    build:
-      context: ../backend
-      dockerfile: Dockerfile
-    entrypoint: ["/app/api"]
-    user: "0:0"            # 复用同一镜像同一卷写日志，方便起见 dev 用 root
-    environment:
-      <<: *backend-env
-      KLEIN_NODE_ID: '1'
-    ports:
-      - "127.0.0.1:17180:17180"
-    volumes:
-      - klein-logs:/app/logs
-      - klein-storage:/app/storage
-    depends_on:
-      mysql: { condition: service_healthy }
-      redis: { condition: service_healthy }
-      flaresolverr: { condition: service_started }
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  admin:
-    image: kleinai/backend:dev
-    container_name: klein-admin-dev
-    entrypoint: ["/app/admin"]
-    user: "0:0"
-    environment:
-      <<: *backend-env
-      KLEIN_NODE_ID: '2'
-    ports:
-      - "127.0.0.1:17188:17188"
-    volumes:
-      - klein-logs:/app/logs
-      - klein-storage:/app/storage
-    depends_on:
-      api: { condition: service_started }
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  openai:
-    image: kleinai/backend:dev
-    container_name: klein-openai-dev
-    entrypoint: ["/app/openai"]
-    user: "0:0"
-    environment:
-      <<: *backend-env
-      KLEIN_NODE_ID: '3'
-    ports:
-      - "127.0.0.1:17200:17200"
-    volumes:
-      - klein-logs:/app/logs
-      - klein-storage:/app/storage
-    depends_on:
-      api: { condition: service_started }
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  worker:
-    image: kleinai/backend:dev
-    container_name: klein-worker-dev
-    entrypoint: ["/app/worker"]
-    user: "0:0"
-    environment:
-      <<: *backend-env
-      KLEIN_NODE_ID: '4'
-    volumes:
-      - klein-logs:/app/logs
-      - klein-storage:/app/storage
-    depends_on:
-      mysql: { condition: service_healthy }
-      redis: { condition: service_healthy }
-      flaresolverr: { condition: service_started }
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  # ---------- 前端静态 + 反代 ----------
-  user-web:
-    image: kleinai/user-web:dev
-    container_name: klein-user-web-dev
-    build:
-      context: ../frontend
-      dockerfile: apps/user/Dockerfile
-    ports:
-      - "17080:80"
-    volumes:
-      # 覆盖镜像内自带的 nginx.conf，加入 /api 与 /v1 反代
-      - ./nginx-dev/user-web.conf:/etc/nginx/conf.d/default.conf:ro
-    depends_on: [api, openai]
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  admin-web:
-    image: kleinai/admin-web:dev
-    container_name: klein-admin-web-dev
-    build:
-      context: ../frontend
-      dockerfile: apps/admin/Dockerfile
-    ports:
-      - "17088:80"
-    volumes:
-      - ./nginx-dev/admin-web.conf:/etc/nginx/conf.d/default.conf:ro
-    depends_on: [admin]
-    networks: [klein-dev]
-    restart: unless-stopped
-
-  edge:
-    image: caddy:2-alpine
-    container_name: klein-edge-dev
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ./Caddyfile:/etc/caddy/Caddyfile:ro
-      - klein-caddy-data:/data
-      - klein-caddy-config:/config
-    depends_on: [user-web]
-    networks: [klein-dev]
-    restart: unless-stopped
-
-volumes:
-  klein-mysql-dev-data:
-  klein-redis-dev-data:
-  klein-logs:
-  klein-storage:
-  klein-caddy-data:
-  klein-caddy-config:
-
-networks:
-  klein-dev:
-    name: klein-dev-net
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
index 75c66d32..123fe38d 100644
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@@ -1,190 +1,92 @@
-# =====================================================
-# KleinAI · 单机生产 docker-compose
-# 启动：docker compose --env-file ./env/.env.local up -d
-# 端口策略见 docs/01-开发规范-总览.md §端口规范
-# =====================================================
-
-x-common-env: &common-env
-  KLEIN_ENV: ${KLEIN_ENV:-prod}
-  KLEIN_DB_DSN: ${KLEIN_DB_DSN}
-  KLEIN_REDIS_ADDR: ${KLEIN_REDIS_ADDR:-redis:6379}
-  KLEIN_REDIS_PASSWORD: ${KLEIN_REDIS_PASSWORD:-}
-  KLEIN_JWT_SECRET: ${KLEIN_JWT_SECRET}
-  KLEIN_JWT_REFRESH_SECRET: ${KLEIN_JWT_REFRESH_SECRET}
-  KLEIN_AES_KEY: ${KLEIN_AES_KEY}
-  KLEIN_OPENAI_BASE: ${KLEIN_OPENAI_BASE:-https://api.openai.com}
-  KLEIN_GROK_BASE: ${KLEIN_GROK_BASE:-https://api.x.ai}
-  KLEIN_CORS_ORIGINS: ${KLEIN_CORS_ORIGINS}
-  KLEIN_LOG_DIR: /app/logs
-  TZ: Asia/Shanghai
-
 services:
   mysql:
     image: mysql:8.0
-    container_name: klein-mysql
-    restart: always
+    container_name: gpt2api-mysql
+    restart: unless-stopped
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-root}
+      MYSQL_DATABASE: ${MYSQL_DATABASE:-gpt2api}
+      MYSQL_USER: ${MYSQL_USER:-gpt2api}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD:-gpt2api}
+      TZ: Asia/Shanghai
     command:
-      - --default-authentication-plugin=caching_sha2_password
       - --character-set-server=utf8mb4
-      - --collation-server=utf8mb4_0900_ai_ci
-      - --innodb-buffer-pool-size=2G
-      - --max_connections=300
-      - --sql-mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION
-    environment:
-      MYSQL_ROOT_PASSWORD: ${KLEIN_MYSQL_ROOT_PASSWORD}
-      MYSQL_DATABASE: ${KLEIN_MYSQL_DB:-klein_ai}
-      MYSQL_USER: ${KLEIN_MYSQL_USER:-klein}
-      MYSQL_PASSWORD: ${KLEIN_MYSQL_PASSWORD}
+      - --collation-server=utf8mb4_unicode_ci
+      - --default-time-zone=+08:00
+      - --innodb-buffer-pool-size=512M
+      - --max-connections=500
+      # 用 mysql_native_password 作为默认认证插件,兼容容器内
+      # mariadb-client 附带的 mariadb-dump(无 caching_sha2_password 插件)。
+      - --default-authentication-plugin=mysql_native_password
     ports:
-      - "127.0.0.1:${KLEIN_MYSQL_PORT:-13306}:3306"
+      - "${MYSQL_PORT:-3306}:3306"
     volumes:
-      - klein-mysql-data:/var/lib/mysql
-      # 首次初始化时执行 goose Up 段，避免 mysql 直接执行 Down 把表删空
-      - ./mysql-init/01-run-migrations.sh:/docker-entrypoint-initdb.d/01-run-migrations.sh:ro
-      - ../backend/migrations:/migrations:ro
+      - mysql_data:/var/lib/mysql
     healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "-uroot", "-p$$MYSQL_ROOT_PASSWORD"]
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD:-root}"]
       interval: 10s
-      retries: 6
-    networks: [klein]
+      timeout: 5s
+      retries: 10
 
   redis:
     image: redis:7-alpine
-    container_name: klein-redis
-    restart: always
-    command: redis-server --appendonly yes ${KLEIN_REDIS_PASSWORD:+--requirepass ${KLEIN_REDIS_PASSWORD}}
+    container_name: gpt2api-redis
+    restart: unless-stopped
+    command: ["redis-server", "--appendonly", "yes"]
     ports:
-      - "127.0.0.1:${KLEIN_REDIS_PORT:-16379}:6379"
+      - "${REDIS_PORT:-6379}:6379"
     volumes:
-      - klein-redis-data:/data
+      - redis_data:/data
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
       interval: 10s
-      retries: 6
-    networks: [klein]
+      timeout: 5s
+      retries: 10
 
-  api:
-    image: kleinai/backend:latest
+  server:
     build:
-      context: ../backend
-      dockerfile: Dockerfile
-    container_name: klein-api
-    restart: always
-    command: ["/app/api"]
-    environment:
-      <<: *common-env
-      KLEIN_NODE_ID: 1
-    expose: ["17180"]
-    volumes:
-      - klein-logs:/app/logs
-    depends_on:
-      mysql:  { condition: service_healthy }
-      redis:  { condition: service_healthy }
-    healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:17180/healthz | grep -q ok || exit 1"]
-      interval: 15s
-      retries: 5
-    deploy:
-      resources:
-        limits: { cpus: '2', memory: 1G }
-    networks: [klein]
-
-  admin:
-    image: kleinai/backend:latest
-    container_name: klein-admin
-    restart: always
-    command: ["/app/admin"]
-    environment:
-      <<: *common-env
-      KLEIN_NODE_ID: 2
-    expose: ["17188"]
-    volumes:
-      - klein-logs:/app/logs
-    depends_on:
-      mysql:  { condition: service_healthy }
-      redis:  { condition: service_healthy }
-    deploy:
-      resources:
-        limits: { cpus: '1', memory: 512M }
-    networks: [klein]
-
-  openai:
-    image: kleinai/backend:latest
-    container_name: klein-openai
-    restart: always
-    command: ["/app/openai"]
-    environment:
-      <<: *common-env
-      KLEIN_NODE_ID: 3
-    expose: ["17200"]
-    volumes:
-      - klein-logs:/app/logs
+      context: ..
+      dockerfile: deploy/Dockerfile
+    image: gpt2api/server:latest
+    container_name: gpt2api-server
+    restart: unless-stopped
     depends_on:
-      mysql:  { condition: service_healthy }
-      redis:  { condition: service_healthy }
-    deploy:
-      resources:
-        limits: { cpus: '2', memory: 1G }
-    networks: [klein]
-
-  worker:
-    image: kleinai/backend:latest
-    container_name: klein-worker
-    restart: always
-    command: ["/app/worker"]
+      mysql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
     environment:
-      <<: *common-env
-      KLEIN_NODE_ID: 4
-    volumes:
-      - klein-logs:/app/logs
-    depends_on:
-      mysql:  { condition: service_healthy }
-      redis:  { condition: service_healthy }
-    deploy:
-      resources:
-        limits: { cpus: '2', memory: 1G }
-    networks: [klein]
-
-  user-web:
-    image: kleinai/user-web:latest
-    build:
-      context: ../frontend
-      dockerfile: apps/user/Dockerfile
-    container_name: klein-user-web
-    restart: always
-    expose: ["80"]
-    networks: [klein]
-
-  admin-web:
-    image: kleinai/admin-web:latest
-    build:
-      context: ../frontend
-      dockerfile: apps/admin/Dockerfile
-    container_name: klein-admin-web
-    restart: always
-    expose: ["80"]
-    networks: [klein]
-
-  nginx:
-    image: nginx:1.27-alpine
-    container_name: klein-nginx
-    restart: always
-    depends_on: [api, admin, openai, user-web, admin-web]
+      TZ: Asia/Shanghai
+      # entrypoint.sh 会用这些值等 MySQL + goose up
+      MYSQL_HOST: mysql
+      MYSQL_PORT: 3306
+      MYSQL_USER: ${MYSQL_USER:-gpt2api}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD:-gpt2api}
+      MYSQL_DATABASE: ${MYSQL_DATABASE:-gpt2api}
+      # 通过 GPT2API_* 覆盖 config.yaml 中的任一字段
+      GPT2API_MYSQL_DSN: "${MYSQL_USER:-gpt2api}:${MYSQL_PASSWORD:-gpt2api}@tcp(mysql:3306)/${MYSQL_DATABASE:-gpt2api}?parseTime=true&loc=Local&charset=utf8mb4&collation=utf8mb4_unicode_ci"
+      GPT2API_REDIS_ADDR: "redis:6379"
+      GPT2API_BACKUP_DIR: /app/data/backups
+      GPT2API_BACKUP_RETENTION: ${BACKUP_RETENTION:-30}
+      GPT2API_BACKUP_ALLOW_RESTORE: ${BACKUP_ALLOW_RESTORE:-false}
+      # 强烈建议在 .env 中覆盖下列两项
+      GPT2API_JWT_SECRET: ${JWT_SECRET:-dev_secret_change_me_in_production_please_32b}
+      GPT2API_CRYPTO_AES_KEY: ${CRYPTO_AES_KEY:-0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef}
     ports:
-      - "${KLEIN_USER_WEB_PORT:-17080}:17080"
-      - "${KLEIN_ADMIN_WEB_PORT:-17088}:17088"
-      - "${KLEIN_OPENAI_PORT:-17200}:17200"
+      - "${HTTP_PORT:-8080}:8080"
+    # 给容器指定独立公共 DNS,避免宿主 Clash/V2Ray 等梯子劫持了
+    # 代理供应商(如 *.arxlabs.io / *.luminati.io 等)的域名解析,
+    # 同时 chatgpt.com 也由外部 DNS 统一解析,确保路径一致。
+    dns:
+      - ${DNS_PRIMARY:-8.8.8.8}
+      - ${DNS_FALLBACK:-1.1.1.1}
     volumes:
-      - ./nginx:/etc/nginx/conf.d:ro
-      - ./certs:/etc/nginx/certs:ro
-      - klein-logs:/var/log/nginx
-    networks: [klein]
+      - ../configs:/app/configs:ro
+      - backups:/app/data/backups
+      - ./logs:/app/logs
+    command: ["/app/gpt2api", "-c", "/app/configs/config.yaml"]
 
 volumes:
-  klein-mysql-data:
-  klein-redis-data:
-  klein-logs:
-
-networks:
-  klein:
-    name: klein-net
+  mysql_data:
+  redis_data:
+  backups:
diff --git a/deploy/entrypoint.sh b/deploy/entrypoint.sh
new file mode 100644
index 00000000..10a27954
--- /dev/null
+++ b/deploy/entrypoint.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+# gpt2api 容器启动入口。
+#
+# 职责:
+#   1. 等待 MySQL 可连接(最多 60 秒)
+#   2. 执行 goose up(幂等)
+#   3. exec 启动 server 主进程
+#
+# 读取的环境变量:
+#   - MYSQL_HOST        (默认 mysql)
+#   - MYSQL_PORT        (默认 3306)
+#   - MYSQL_USER        (默认 gpt2api)
+#   - MYSQL_PASSWORD    (默认 gpt2api)
+#   - MYSQL_DATABASE    (默认 gpt2api)
+#   - SKIP_MIGRATE=1    跳过自动迁移
+set -euo pipefail
+
+MYSQL_HOST=${MYSQL_HOST:-mysql}
+MYSQL_PORT=${MYSQL_PORT:-3306}
+MYSQL_USER=${MYSQL_USER:-gpt2api}
+MYSQL_PASSWORD=${MYSQL_PASSWORD:-gpt2api}
+MYSQL_DATABASE=${MYSQL_DATABASE:-gpt2api}
+
+log() { echo "[entrypoint] $*"; }
+
+wait_mysql() {
+  log "waiting for mysql ${MYSQL_HOST}:${MYSQL_PORT}..."
+  local i=0
+  while (( i < 60 )); do
+    if MYSQL_PWD="${MYSQL_PASSWORD}" mysqladmin ping \
+        -h "${MYSQL_HOST}" -P "${MYSQL_PORT}" -u "${MYSQL_USER}" --silent 2>/dev/null; then
+      log "mysql is up."
+      return 0
+    fi
+    sleep 1
+    i=$((i+1))
+  done
+  log "mysql did not become ready in 60s, continuing anyway."
+  return 1
+}
+
+run_migrate() {
+  if [[ "${SKIP_MIGRATE:-0}" == "1" ]]; then
+    log "SKIP_MIGRATE=1, skipping migrations"
+    return 0
+  fi
+  local dsn="${MYSQL_USER}:${MYSQL_PASSWORD}@tcp(${MYSQL_HOST}:${MYSQL_PORT})/${MYSQL_DATABASE}?parseTime=true&multiStatements=true&charset=utf8mb4,utf8"
+  log "running goose migrations..."
+  goose -dir /app/sql/migrations mysql "${dsn}" up
+  log "migrations done."
+}
+
+wait_mysql || true
+run_migrate || { log "migration failed"; exit 1; }
+
+log "starting: $*"
+exec "$@"
diff --git a/deploy/env/.env.example b/deploy/env/.env.example
deleted file mode 100644
index d9173327..00000000
--- a/deploy/env/.env.example
+++ /dev/null
@@ -1,46 +0,0 @@
-# ==============================================
-#   KleinAI 部署环境变量样例
-#   生产请通过 KMS 注入，禁止 commit 实际值
-# ==============================================
-
-# 全局
-KLEIN_ENV=prod
-
-# 端口（仅修改对外）
-KLEIN_USER_WEB_PORT=17080
-KLEIN_ADMIN_WEB_PORT=17088
-KLEIN_OPENAI_PORT=17200
-
-# 内部端口（默认无需改）
-KLEIN_API_PORT=17180
-KLEIN_ADMIN_PORT=17188
-KLEIN_WS_PORT=17280
-KLEIN_PPROF_PORT=17590
-
-# MySQL
-KLEIN_MYSQL_PORT=13306
-KLEIN_MYSQL_ROOT_PASSWORD=replace_me_with_strong_pwd
-KLEIN_MYSQL_DB=klein_ai
-KLEIN_MYSQL_USER=klein
-KLEIN_MYSQL_PASSWORD=replace_me_with_strong_pwd
-KLEIN_DB_DSN=klein:replace_me_with_strong_pwd@tcp(mysql:3306)/klein_ai?charset=utf8mb4&parseTime=True&loc=Local
-
-# Redis
-KLEIN_REDIS_PORT=16379
-KLEIN_REDIS_ADDR=redis:6379
-KLEIN_REDIS_PASSWORD=
-
-# 安全
-KLEIN_JWT_SECRET=$(openssl rand -hex 32)
-KLEIN_JWT_REFRESH_SECRET=$(openssl rand -hex 32)
-KLEIN_AES_KEY=$(openssl rand -hex 32)
-
-# Provider
-KLEIN_OPENAI_BASE=https://api.openai.com
-KLEIN_GROK_BASE=https://api.x.ai
-
-# 跨域
-KLEIN_CORS_ORIGINS=https://klein.example,https://admin.klein.example
-
-# 日志
-KLEIN_LOG_DIR=/data/klein/logs
diff --git a/deploy/mysql-init/01-run-migrations.sh b/deploy/mysql-init/01-run-migrations.sh
deleted file mode 100644
index eaa520b0..00000000
--- a/deploy/mysql-init/01-run-migrations.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/usr/bin/env bash
-# =====================================================
-# KleinAI · MySQL 初始化脚本
-#
-# MySQL 8.0 官方镜像首次启动时会按字典序执行 /docker-entrypoint-initdb.d 下
-# 的 *.sh / *.sql。我们的 backend/migrations/*.sql 是 goose 风格（同时包含
-# Up 与 Down 段），如果直接交给镜像执行会先 CREATE 后 DROP。
-# 此脚本只抽取 “-- +goose Up” 与 “-- +goose Down” 之间的 SQL 喂给 mysql。
-#
-# 容器内挂载约定：
-#   /migrations           -> backend/migrations 只读
-#   /docker-entrypoint-initdb.d/01-run-migrations.sh -> 本脚本
-# =====================================================
-
-set -euo pipefail
-
-MIGDIR="${MIGDIR:-/migrations}"
-MYSQL_PWOPT=()
-if [[ -n "${MYSQL_ROOT_PASSWORD:-}" ]]; then
-  MYSQL_PWOPT=(-p"${MYSQL_ROOT_PASSWORD}")
-fi
-
-if [[ ! -d "$MIGDIR" ]]; then
-  echo "[klein-init] no migrations dir at $MIGDIR, skip."
-  exit 0
-fi
-
-shopt -s nullglob
-files=( "$MIGDIR"/*.sql )
-shopt -u nullglob
-
-if [[ ${#files[@]} -eq 0 ]]; then
-  echo "[klein-init] no .sql files in $MIGDIR, skip."
-  exit 0
-fi
-
-# 按文件名排序确保顺序
-IFS=$'\n' sorted=( $(printf '%s\n' "${files[@]}" | sort) )
-unset IFS
-
-for f in "${sorted[@]}"; do
-  echo "[klein-init] applying $f ..."
-  awk '
-    /^[[:space:]]*--[[:space:]]*\+goose[[:space:]]+Up([[:space:]]|$)/ {flag=1; next}
-    /^[[:space:]]*--[[:space:]]*\+goose[[:space:]]+Down([[:space:]]|$)/ {flag=0; next}
-    /^[[:space:]]*--[[:space:]]*\+goose[[:space:]]+StatementBegin([[:space:]]|$)/ {next}
-    /^[[:space:]]*--[[:space:]]*\+goose[[:space:]]+StatementEnd([[:space:]]|$)/ {next}
-    flag {print}
-  ' "$f" | mysql --default-character-set=utf8mb4 -uroot "${MYSQL_PWOPT[@]}" "${MYSQL_DATABASE}"
-done
-
-echo "[klein-init] all migrations applied."
diff --git a/deploy/nginx-dev/admin-web.conf b/deploy/nginx-dev/admin-web.conf
deleted file mode 100644
index cfc119a9..00000000
--- a/deploy/nginx-dev/admin-web.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-server {
-    listen 80;
-    server_name _;
-
-    root /usr/share/nginx/html;
-    index index.html;
-
-    gzip on;
-    gzip_types text/plain text/css application/javascript application/json image/svg+xml;
-    resolver 127.0.0.11 valid=10s ipv6=off;
-    set $admin_upstream admin:17188;
-
-    # 管理后台 API（cmd/admin，容器内 17188）
-    location ^~ /admin/api/ {
-        proxy_pass http://$admin_upstream;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 90s;
-    }
-
-    location / {
-        try_files $uri /index.html;
-        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
-        add_header Pragma "no-cache" always;
-        add_header Expires "0" always;
-    }
-
-    location ~* \.(?:css|js|woff2?|ttf|svg|png|jpg|jpeg|webp|avif)$ {
-        expires 30d;
-        add_header Cache-Control "public, immutable";
-    }
-}
diff --git a/deploy/nginx-dev/user-web.conf b/deploy/nginx-dev/user-web.conf
deleted file mode 100644
index dbfe9513..00000000
--- a/deploy/nginx-dev/user-web.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-server {
-    listen 80;
-    server_name _;
-
-    root /usr/share/nginx/html;
-    index index.html;
-
-    gzip on;
-    gzip_types text/plain text/css application/javascript application/json image/svg+xml;
-    client_max_body_size 30m;
-    resolver 127.0.0.11 valid=10s ipv6=off;
-    set $api_upstream api:17180;
-    set $openai_upstream openai:17200;
-
-    # 用户端 API（cmd/api，容器内 17180）
-    location ^~ /api/ {
-        proxy_pass http://$api_upstream;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout  90s;
-    }
-
-    # OpenAI 兼容服务（cmd/openai，容器内 17200）
-    location ^~ /v1/ {
-        proxy_pass http://$openai_upstream;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_read_timeout 600s;
-    }
-
-    location / {
-        try_files $uri /index.html;
-    }
-
-    location ~* \.(?:css|js|woff2?|ttf|svg|png|jpg|jpeg|webp|avif)$ {
-        expires 30d;
-        add_header Cache-Control "public, immutable";
-    }
-}
diff --git a/deploy/nginx.conf b/deploy/nginx.conf
new file mode 100644
index 00000000..37ceb894
--- /dev/null
+++ b/deploy/nginx.conf
@@ -0,0 +1,47 @@
+upstream gpt2api_backend {
+    server server:8080;
+    keepalive 64;
+}
+
+server {
+    listen 80;
+    server_name _;
+
+    client_max_body_size 32m;
+
+    # SSE / streaming 友好
+    proxy_http_version 1.1;
+    proxy_buffering off;
+    proxy_cache off;
+    proxy_read_timeout 600s;
+    proxy_send_timeout 600s;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
+    # 前端静态(M6 填充)
+    root /var/www/html;
+    index index.html;
+
+    # OpenAI 兼容接口
+    location /v1/ {
+        proxy_pass http://gpt2api_backend;
+    }
+
+    # 业务 API
+    location /api/ {
+        proxy_pass http://gpt2api_backend;
+    }
+
+    # 健康检查
+    location /healthz {
+        proxy_pass http://gpt2api_backend;
+        access_log off;
+    }
+
+    # 前端 SPA 兜底
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}
diff --git a/deploy/nginx/admin.conf b/deploy/nginx/admin.conf
deleted file mode 100644
index eea0b380..00000000
--- a/deploy/nginx/admin.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-# 管理后台（HTTPS 17088）· 仅 IP 白名单访问
-upstream klein_admin_api {
-    server admin:17188;
-    keepalive 16;
-}
-
-server {
-    listen 17088 ssl http2;
-    listen [::]:17088 ssl http2;
-    server_name admin.klein.example;
-
-    ssl_certificate     /etc/nginx/certs/admin.klein.example.crt;
-    ssl_certificate_key /etc/nginx/certs/admin.klein.example.key;
-    ssl_protocols       TLSv1.2 TLSv1.3;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header X-Frame-Options DENY always;
-    add_header X-Content-Type-Options nosniff always;
-    add_header Referrer-Policy strict-origin always;
-
-    # 白名单（请按运营 / 客服公网 IP 实际配置）
-    allow 10.0.0.0/8;
-    allow 192.168.0.0/16;
-    deny all;
-
-    location /admin/api/ {
-        proxy_pass http://klein_admin_api;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    }
-
-    location / {
-        proxy_pass http://admin-web;
-        proxy_set_header Host $host;
-    }
-}
diff --git a/deploy/nginx/openai.conf b/deploy/nginx/openai.conf
deleted file mode 100644
index 04eb4b82..00000000
--- a/deploy/nginx/openai.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-# OpenAI 兼容 API（HTTPS 17200）· 长任务慢响应
-upstream klein_openai {
-    server openai:17200;
-    keepalive 32;
-}
-
-server {
-    listen 17200 ssl http2;
-    listen [::]:17200 ssl http2;
-    server_name api.klein.example;
-
-    ssl_certificate     /etc/nginx/certs/api.klein.example.crt;
-    ssl_certificate_key /etc/nginx/certs/api.klein.example.key;
-    ssl_protocols       TLSv1.2 TLSv1.3;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header X-Content-Type-Options nosniff always;
-
-    client_max_body_size 30m;
-
-    location /v1/ {
-        proxy_pass http://klein_openai;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-        proxy_buffering   off;
-        proxy_read_timeout  600s;
-        proxy_send_timeout  600s;
-    }
-
-    location = /healthz {
-        proxy_pass http://klein_openai/healthz;
-    }
-
-    location / { return 404; }
-}
diff --git a/deploy/nginx/user.conf b/deploy/nginx/user.conf
deleted file mode 100644
index 28579a69..00000000
--- a/deploy/nginx/user.conf
+++ /dev/null
@@ -1,47 +0,0 @@
-# 用户端 Web + API （HTTPS 17080）
-upstream klein_api {
-    server api:17180;
-    keepalive 32;
-}
-
-server {
-    listen 17080 ssl http2;
-    listen [::]:17080 ssl http2;
-    server_name klein.example;
-
-    ssl_certificate     /etc/nginx/certs/klein.example.crt;
-    ssl_certificate_key /etc/nginx/certs/klein.example.key;
-    ssl_protocols       TLSv1.2 TLSv1.3;
-    ssl_ciphers         HIGH:!aNULL:!MD5;
-    ssl_session_cache   shared:SSL:10m;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header X-Frame-Options SAMEORIGIN always;
-    add_header X-Content-Type-Options nosniff always;
-    add_header Referrer-Policy strict-origin-when-cross-origin always;
-
-    client_max_body_size 30m;
-
-    location /api/ {
-        proxy_pass http://klein_api;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout  90s;
-        proxy_send_timeout  90s;
-    }
-
-    location /ws {
-        proxy_pass http://klein_api;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 3600s;
-    }
-
-    location / {
-        proxy_pass http://user-web;
-        proxy_set_header Host $host;
-    }
-}
diff --git "a/docs/01-\345\274\200\345\217\221\350\247\204\350\214\203-\346\200\273\350\247\210.md" "b/docs/01-\345\274\200\345\217\221\350\247\204\350\214\203-\346\200\273\350\247\210.md"
deleted file mode 100644
index 294ad027..00000000
--- "a/docs/01-\345\274\200\345\217\221\350\247\204\350\214\203-\346\200\273\350\247\210.md"
+++ /dev/null
@@ -1,328 +0,0 @@
-# 01 · 开发规范 · 总览
-
-> 项目代号：**KleinAI**（克莱因蓝 AI 生成平台）
-> 业务定位：批量管理 GPT / GROK 账号池，对外提供「**生图（GPT）+ 生视频（GROK）**」一站式 AIGC 服务，含完整管理后台与用户中心。
-> 文档版本：v1.0 · 2026-04-27
-
----
-
-## 1. 业务概览
-
-### 1.1 业务模型
-
-```
-                ┌────────────────────────┐
-                │     用户 (Web / H5)    │
-                └────────────┬───────────┘
-                             │  调用 / 充值 / 兑换
-                             ▼
-        ┌────────────────────────────────────────┐
-        │           KleinAI 网关 (Go)            │
-        │   鉴权 · 限流 · 计费 · 路由 · 审计      │
-        └─────────┬───────────────────┬──────────┘
-                  │ 生图              │ 生视频
-                  ▼                   ▼
-          ┌──────────────┐    ┌──────────────┐
-          │  GPT 账号池  │    │ GROK 账号池  │
-          │  (DALL·E等)  │    │  (Video)     │
-          └──────────────┘    └──────────────┘
-```
-
-### 1.2 核心能力
-
-| 模块 | 子能力 |
-|------|--------|
-| 创作中心 | 文生图、图生图、文生视频、图生视频、模型市场、灵感广场 |
-| 账号池 | GPT / GROK 批量导入、健康检查、自动轮询、熔断、配额管理 |
-| 计费 | 点数（积分）+ 套餐 + 充值 + 兑换码 + 优惠码 + 邀请返点 |
-| 开放 API | 用户 Key 调用，**OpenAI 兼容协议**（`/v1/images/generations` 等） |
-| 管理后台 | Token 管理 / 用户 / 充值消费 / 优惠码 / CDK / 系统配置 / 请求日志 |
-
----
-
-## 2. 技术栈
-
-| 层 | 选型 | 版本 | 备注 |
-|----|------|------|------|
-| 语言 | Go | **1.22+** | 主开发语言 |
-| Web 框架 | **Gin** | 1.10+ | 简单可靠；如需更高性能可换 Hertz |
-| ORM | **GORM** | v2 | 配 `gen` 生成 dao |
-| 数据库 | **MySQL** | 8.0+ | utf8mb4，InnoDB |
-| 缓存 / 队列 | **Redis** | 7.x | 限流、Session、热点缓存、Stream 消息 |
-| 任务队列 | **Asynq**（Redis 实现） | 最新稳定 | 异步生成任务、Webhook 重试 |
-| 配置 | Viper + `.env` | - | 多环境隔离 |
-| 日志 | Zap + Lumberjack | - | 结构化 + 滚动 |
-| 鉴权 | JWT (HS256) | - | 双 Token：Access 2h / Refresh 14d |
-| 文档 | Swag (Swagger 2.0) | - | `/swagger/*any` 仅内网 |
-| 前端 | **React 18 + Vite + TS** | - | 桌面 PC 后台 + 用户端 |
-| 移动端 | 同前端，**响应式 H5**，必要时上 Capacitor 套壳 | - | 不单独做 Native |
-| 样式 | **Tailwind v4 + shadcn/ui** | - | 主题色：克莱因蓝 |
-| 部署 | Docker Compose（单机）→ K8s（规模化） | - | 见《06-部署》 |
-| 反向代理 | Nginx / Caddy | - | TLS 终结 + WAF |
-
----
-
-## 3. 端口规范（**避开常用端口**）
-
-> 全部使用 5 位端口，落在 `17000-17999` 区段，方便防火墙整段放行；MySQL/Redis 使用非默认端口降低被扫风险。
-
-| 服务 | 端口 | 协议 | 说明 |
-|------|------|------|------|
-| 前端 Web（用户端） | **17080** | HTTPS | Nginx 对外 |
-| 前端 Web（管理后台） | **17088** | HTTPS | Nginx 对外，独立子域 |
-| 后端 API（用户端） | **17180** | HTTP | Nginx 反代，仅内网 |
-| 后端 API（管理后台） | **17188** | HTTP | Nginx 反代，仅内网 |
-| 后端 OpenAI 兼容 API | **17200** | HTTP | 单独进程 / 端口 |
-| WebSocket（生成进度推送） | **17280** | WSS | 共享前端域名 `/ws` |
-| MySQL | **13306** | TCP | 仅内网/容器网络 |
-| Redis | **16379** | TCP | 仅内网/容器网络 |
-| Asynq Web Dashboard | **17390** | HTTP | basic-auth 保护，仅内网 |
-| Prometheus | **17490** | HTTP | 仅内网 |
-| Grafana | **17491** | HTTP | 仅内网 |
-| pprof | **17590** | HTTP | 仅运维白名单 |
-| Swagger UI | **17690** | HTTP | 仅内网，生产可关 |
-
-**铁律**：
-- 严禁使用 `22 / 80 / 443 / 3306 / 6379 / 8080 / 8888 / 3000 / 5000 / 9000`。
-- SSH 登录端口建议改为 `52200`（运维侧约定，不写入仓库）。
-- 对外只暴露 `17080 / 17088`，其余端口一律走内网或 Nginx upstream。
-
----
-
-## 4. 目录结构
-
-### 4.1 仓库总览（Monorepo）
-
-```
-kleinai/
-├── docs/                    # 开发规范文档（本仓库）
-├── backend/                 # Go 服务
-│   ├── cmd/
-│   │   ├── api/             # 用户端 API 入口
-│   │   ├── admin/           # 管理后台 API 入口
-│   │   ├── openai/          # OpenAI 兼容协议入口
-│   │   └── worker/          # Asynq 异步任务消费者
-│   ├── internal/
-│   │   ├── handler/         # HTTP 入口（gin handler）
-│   │   ├── service/         # 业务逻辑层
-│   │   ├── repo/            # 数据访问层（GORM）
-│   │   ├── model/           # GORM 实体
-│   │   ├── dto/             # 出入参 DTO
-│   │   ├── middleware/      # 鉴权、限流、日志、CORS
-│   │   ├── pool/            # 账号池调度（GPT/GROK）
-│   │   ├── biller/          # 计费引擎
-│   │   ├── provider/        # 外部 Provider 适配（OpenAI/Grok/...）
-│   │   ├── job/             # 异步任务定义
-│   │   └── ws/              # WebSocket 推送
-│   ├── pkg/                 # 可复用基础库（不依赖 internal）
-│   │   ├── errcode/
-│   │   ├── jwtx/
-│   │   ├── crypto/
-│   │   ├── ratelimit/
-│   │   ├── logger/
-│   │   ├── httpc/
-│   │   └── snowflake/
-│   ├── configs/
-│   │   ├── config.yaml      # 默认配置（不含敏感信息）
-│   │   ├── config.dev.yaml
-│   │   └── config.prod.yaml
-│   ├── migrations/          # SQL 迁移（goose / atlas）
-│   ├── scripts/
-│   ├── test/                # 集成测试
-│   ├── go.mod
-│   └── Makefile
-├── frontend/
-│   ├── apps/
-│   │   ├── user/            # 用户端（创作中心、个人中心）
-│   │   └── admin/           # 管理后台
-│   ├── packages/
-│   │   ├── ui/              # 共享组件
-│   │   ├── theme/           # 克莱因蓝主题、Tailwind preset
-│   │   └── api-client/      # 自动生成的 SDK
-│   ├── pnpm-workspace.yaml
-│   └── package.json
-├── deploy/
-│   ├── docker-compose.yml
-│   ├── docker-compose.prod.yml
-│   ├── nginx/
-│   └── k8s/
-├── .editorconfig
-├── .gitignore
-├── .gitattributes
-└── README.md
-```
-
-### 4.2 后端分层职责（必须遵守）
-
-```
-handler  →  service  →  repo  →  model
-   │           │          │
-   ▼           ▼          ▼
-  dto       provider    MySQL
-            biller      Redis
-            pool
-```
-
-- **handler**：参数校验、调 service、组装响应。**不允许**写业务逻辑。
-- **service**：编排业务，调用 repo / provider / biller。**唯一**事务入口。
-- **repo**：数据库 CRUD，**禁止**跨表嵌套业务判断。
-- **provider**：封装外部 HTTP（OpenAI / Grok），所有外部调用必须走这一层，便于 mock 与切换。
-- **pool**：账号池调度（轮询、熔断、配额、健康检查）。
-- **biller**：计费引擎，扣点 / 退点 / 流水落库 **必须**事务原子。
-
-> 跨层调用规则：上层可调下层，下层**严禁反向调用**上层；同层之间**严禁横向调用**（service 不调 service，要拆抽象）。
-
----
-
-## 5. Git 规范
-
-### 5.1 分支模型
-
-```
-main          ← 受保护，仅合 release 与 hotfix；自动部署生产
-release/x.y   ← 发布分支，仅修 bug
-develop       ← 受保护，集成分支；自动部署预发
-feat/xxx      ← 从 develop 切出
-fix/xxx       ← 从 develop 或 release 切出
-hotfix/xxx    ← 从 main 切出，修复后回合 main + develop
-```
-
-### 5.2 Commit Message（Conventional Commits）
-
-```
-<type>(<scope>): <subject>
-
-[optional body]
-[optional footer]
-```
-
-`type`：`feat | fix | docs | style | refactor | perf | test | chore | build | ci | revert`
-`scope`：`api / admin / pool / biller / web-user / web-admin / db / deploy ...`
-
-示例：
-
-```
-feat(pool): 新增 GROK 账号 5 分钟健康检查与熔断
-fix(biller): 修复并发扣点导致负余额的竞态
-```
-
-### 5.3 PR 规范
-
-- 必须 **关联 Issue / 任务编号**
-- 必须有 **自测说明 + 截图（前端）** 或 **接口测试结果（后端）**
-- 必须通过 CI（lint + test + build）
-- **至少 1 人 Review**，涉及计费 / 鉴权必须 2 人
-
----
-
-## 6. 命名与编码规范
-
-### 6.1 通用
-
-| 对象 | 规则 | 示例 |
-|------|------|------|
-| 仓库 | `kebab-case` | `klein-ai` |
-| 目录 / Go 包 | 小写单词，无下划线 | `accountpool` |
-| Go 文件 | `snake_case` | `account_pool.go` |
-| Go 类型 / 函数 | 大驼峰公开 / 小驼峰私有 | `type GrokClient`、`func newPool()` |
-| 常量 | 大驼峰，避免全大写 | `MaxRetry = 3` |
-| 数据库 表/字段 | `snake_case`，复数名词 | `user_accounts.created_at` |
-| 接口路径 | `kebab-case` | `/api/v1/recharge-records` |
-| 前端文件 | 组件 `PascalCase.tsx`，hook `useXxx.ts` | `PromptEditor.tsx` |
-| 前端 CSS 变量 | `--klein-600` | 见前端规范 |
-| 环境变量 | `SCREAMING_SNAKE_CASE`，业务前缀 | `KLEIN_DB_DSN` |
-
-### 6.2 Go 编码
-
-- 必须通过 `gofmt` + `goimports` + `golangci-lint`（配置见 `.golangci.yml`）。
-- 错误处理：**不允许** `_ = err`，必须 `errors.Wrap`（用 `pkg/errors` 或 `fmt.Errorf("%w")`）。
-- 禁止裸 `panic`（除 `init` 期间致命错误外）。
-- context 必须作为函数 **第一个参数** 传递；DB / HTTP / Redis 调用必须带 `ctx`。
-- 日志：使用 `pkg/logger`，**禁止** `fmt.Println` / `log.Println`。
-- 时间：统一 `time.Time` UTC 存储，业务层转 `Asia/Shanghai`。
-- 金额 / 点数：**用 int64（最小单位）**，不用 float。点数最小单位 = 0.01 点，存 `points * 100`。
-
-### 6.3 前端编码
-
-- 必须通过 ESLint + Prettier + Stylelint + tsc。
-- 状态管理：用户端 **Zustand**，后台数据请求 **TanStack Query**。
-- 表单：**react-hook-form + zod**。
-- 路由：React Router v6 / TanStack Router 二选一，**全局统一**。
-- 国际化：`i18next`，默认 `zh-CN`，预留 `en-US`。
-- 不允许内联样式写颜色 / 间距，必须走 Tailwind 或主题 token。
-
----
-
-## 7. 环境与配置
-
-### 7.1 环境分级
-
-| 环境 | 域名 | 部署方式 | 数据 |
-|------|------|----------|------|
-| local | localhost | docker-compose up | 本地随便 |
-| dev | dev.klein.example | 自动部署 develop | 隔离库 |
-| staging | stg.klein.example | 自动部署 release/* | 脱敏快照 |
-| prod | klein.example | 手动审批 | 真实数据 |
-
-### 7.2 配置加载优先级
-
-```
-环境变量  >  configs/config.${ENV}.yaml  >  configs/config.yaml
-```
-
-### 7.3 必须通过环境变量注入的字段
-
-```
-KLEIN_ENV                    # local/dev/staging/prod
-KLEIN_DB_DSN                 # MySQL DSN
-KLEIN_REDIS_ADDR
-KLEIN_REDIS_PASSWORD
-KLEIN_JWT_SECRET             # ≥ 32 字节随机串
-KLEIN_JWT_REFRESH_SECRET
-KLEIN_AES_KEY                # 32 字节，加密账号池密钥
-KLEIN_OPENAI_BASE            # 可被账号池条目覆盖
-KLEIN_GROK_BASE
-KLEIN_ALIPAY_*  / KLEIN_WXPAY_*
-KLEIN_S3_*                   # 生成结果存储
-```
-
-> 仓库 **绝对禁止** 提交以上任何值；本地开发用 `backend/.env.local`，已加入 `.gitignore`。
-
----
-
-## 8. 安全基线
-
-1. 所有外部入口 **强制 HTTPS**，HSTS 1 年。
-2. **JWT 双 Token**：Access 2h，Refresh 14d，Refresh 单设备绑定 + Redis 白名单。
-3. 密码 **bcrypt cost=12**；用户 API Key 生成后只返回一次，落库存 **SHA256 + 盐**。
-4. 账号池中第三方 token 用 **AES-256-GCM** 加密落库，密钥仅运维持有。
-5. 全站 **接口签名 + 时间戳**（开放 API），`X-Klein-Sign` + `X-Klein-Ts`，5 分钟窗口。
-6. 限流：用户维度（点数）+ IP 维度（防刷）+ Key 维度（QPS）三道。
-7. 风控：单 IP 24h 内 3 次失败注册、>10 次失败登录 → 验证码 / 封禁。
-8. 所有写操作管理后台必须有 **操作审计日志**（who / what / when / before / after）。
-9. **越权防护**：每个用户端接口必须显式 `WHERE user_id = ?`，禁止信赖前端传参。
-10. SQL 全部使用预处理 / GORM；禁止字符串拼接 SQL。
-
----
-
-## 9. 性能与可观测
-
-- **响应时间预算**：用户端 P95 < 300ms（不含外部 Provider）；外部 Provider 调用单独埋点。
-- **慢查询**：MySQL slowlog 阈值 200ms，每周复盘。
-- **日志**：结构化 JSON，必含 `trace_id / user_id / route / latency`；保留 30 天。
-- **指标**：Prometheus 暴露 QPS / 错误率 / 延迟分位 / 账号池健康度 / 余额扣减成功率。
-- **追踪**：OpenTelemetry → Jaeger / Tempo（可选）。
-- **告警**：错误率 > 1% / P99 > 1s / 账号池可用率 < 80% → 企业微信机器人。
-
----
-
-## 10. 文档索引
-
-| 文件 | 内容 |
-|------|------|
-| `01-开发规范-总览.md` | 本文 |
-| `02-后端规范.md` | Go 分层、错误码、账号池、计费、限流 |
-| `03-数据库设计.md` | MySQL 表结构与索引设计 |
-| `04-API规范.md` | 路由约定、统一响应、接口清单 |
-| `05-前端规范.md` | 克莱因蓝主题、多端响应式、组件规范 |
-| `06-部署与运维规范.md` | Docker、Nginx、端口、监控、备份 |
diff --git "a/docs/02-\345\220\216\347\253\257\350\247\204\350\214\203.md" "b/docs/02-\345\220\216\347\253\257\350\247\204\350\214\203.md"
deleted file mode 100644
index 7ac99f73..00000000
--- "a/docs/02-\345\220\216\347\253\257\350\247\204\350\214\203.md"
+++ /dev/null
@@ -1,428 +0,0 @@
-# 02 · 后端规范
-
-> 适用范围：`backend/` 目录下所有 Go 服务（用户 API / 管理后台 API / OpenAI 兼容 API / Worker）。
-> 配套文档：`01-开发规范-总览.md`、`03-数据库设计.md`、`04-API规范.md`。
-
----
-
-## 1. 工程结构与依赖
-
-### 1.1 入口（cmd）
-
-每个二进制独立目录、独立 main：
-
-```
-cmd/api      → 监听 17180，用户端
-cmd/admin    → 监听 17188，管理后台
-cmd/openai   → 监听 17200，OpenAI 兼容协议
-cmd/worker   → 不监听端口，消费 Asynq 队列
-```
-
-共享 `internal/` 与 `pkg/`，**禁止**任何 `cmd/*` 目录之间互相 import。
-
-### 1.2 第三方依赖白名单
-
-| 用途 | 推荐库 | 备注 |
-|------|--------|------|
-| Web | `github.com/gin-gonic/gin` | |
-| ORM | `gorm.io/gorm` | + `gorm.io/driver/mysql` |
-| 日志 | `go.uber.org/zap` | + lumberjack 滚动 |
-| 配置 | `github.com/spf13/viper` | |
-| JWT | `github.com/golang-jwt/jwt/v5` | |
-| Redis | `github.com/redis/go-redis/v9` | |
-| 队列 | `github.com/hibiken/asynq` | |
-| 校验 | `github.com/go-playground/validator/v10` | gin 内置 |
-| HTTP 客户端 | `github.com/go-resty/resty/v2` | provider 层统一用 |
-| ID 生成 | 雪花算法 `github.com/bwmarrin/snowflake` | |
-| 加密 | `golang.org/x/crypto` | bcrypt / nacl |
-| 限流 | `github.com/go-redis/redis_rate/v10` | |
-| 测试 | `github.com/stretchr/testify` | |
-
-> 引入新依赖必须在 PR 中说明理由 + 安全扫描通过（`govulncheck`）。
-
----
-
-## 2. 分层架构
-
-```
-┌──────────────────────────────────────────────┐
-│  handler   ← 入参/出参、HTTP 语义、错误转换   │
-├──────────────────────────────────────────────┤
-│  service   ← 业务编排、事务边界、幂等控制     │
-├──────────────────────────────────────────────┤
-│  repo      ← DB / Redis 访问，零业务判断       │
-├──────────────────────────────────────────────┤
-│  model     ← GORM 实体（仅字段与表注释）       │
-└──────────────────────────────────────────────┘
-        ↑
-        │ 旁路依赖
-        │
-   provider / pool / biller / job / ws
-```
-
-### 2.1 handler 规范
-
-```go
-// internal/handler/user/recharge.go
-func (h *Handler) Recharge(c *gin.Context) {
-    var req dto.RechargeReq
-    if err := c.ShouldBindJSON(&req); err != nil {
-        response.Fail(c, errcode.InvalidParam.Wrap(err))
-        return
-    }
-    uid := middleware.MustUID(c)
-
-    out, err := h.svc.Recharge(c.Request.Context(), uid, &req)
-    if err != nil {
-        response.Fail(c, err)
-        return
-    }
-    response.OK(c, out)
-}
-```
-
-铁律：
-1. handler **只做 3 件事**：参数绑定校验、调 service、响应组装。
-2. 业务错误必须返回 `*errcode.Error`，由 `response.Fail` 统一渲染。
-3. handler 文件命名与 URL 业务名一致（`recharge.go` 对应 `/recharge`）。
-
-### 2.2 service 规范
-
-- **唯一**事务入口（`db.Transaction(func(tx *gorm.DB) error { ... })`）。
-- 每个 service 方法上下文必须接 `ctx context.Context`。
-- 跨业务调用必须通过 **接口** 反向注入（避免 service 互相 import）。
-- 计费类操作必须满足：**先扣点 → 再调用 Provider → 失败则退点**，全部在事务 + 幂等键控制内。
-
-### 2.3 repo 规范
-
-- 一表一文件：`repo/user_repo.go`、`repo/account_repo.go`。
-- 公开方法签名只暴露领域语义，禁止把 `*gorm.DB` 当出参。
-- 复杂查询使用 `gen` 自动生成（条件构造器），不要手拼 `Where`。
-- **必须** 显式 `Select` 字段，避免 `SELECT *`。
-
-### 2.4 model 规范
-
-- 字段顺序：主键 → 业务字段 → 状态字段 → 审计字段。
-- 字段必须带 `gorm` tag（类型、长度、默认值、索引）。
-- 软删除统一 `deleted_at TIMESTAMP NULL`，不用 `is_deleted`。
-- 表名通过 `TableName()` 显式指定，不依赖 GORM 复数推断。
-
-```go
-type User struct {
-    ID        uint64    `gorm:"column:id;primaryKey;autoIncrement"`
-    UUID      string    `gorm:"column:uuid;type:char(36);uniqueIndex"`
-    Email     string    `gorm:"column:email;type:varchar(128);uniqueIndex"`
-    Phone     string    `gorm:"column:phone;type:varchar(20);uniqueIndex:idx_phone"`
-    Password  string    `gorm:"column:password;type:varchar(72)"`        // bcrypt
-    Points    int64     `gorm:"column:points;default:0"`                 // 0.01 点 = 1
-    Status    int8      `gorm:"column:status;default:1"`                 // 1 启用 0 禁用
-    CreatedAt time.Time `gorm:"column:created_at"`
-    UpdatedAt time.Time `gorm:"column:updated_at"`
-    DeletedAt gorm.DeletedAt `gorm:"column:deleted_at;index"`
-}
-
-func (User) TableName() string { return "user" }
-```
-
----
-
-## 3. 错误码规范
-
-### 3.1 编码规则
-
-```
-HTTP_STATUS  +  3 位业务子码
-   200xxx     成功（保留）
-   400xxx     参数错误
-   401xxx     鉴权
-   403xxx     权限
-   404xxx     资源不存在
-   409xxx     冲突 / 幂等
-   429xxx     限流
-   500xxx     系统错误
-   502xxx     上游 Provider 错误
-```
-
-### 3.2 业务子码段
-
-| 段位 | 模块 |
-|------|------|
-| 100-199 | 用户 / 鉴权 |
-| 200-299 | 账号池（GPT/GROK） |
-| 300-399 | 创作 / 任务 |
-| 400-499 | 计费 / 充值 / 兑换 |
-| 500-599 | 邀请 |
-| 600-699 | 系统配置 / 后台 |
-| 700-799 | 文件 / 存储 |
-| 900-999 | 第三方支付 / Webhook |
-
-### 3.3 示例
-
-| Code | Msg | HTTP |
-|------|-----|------|
-| 400101 | 参数缺失 | 400 |
-| 401101 | 未登录 | 401 |
-| 401102 | Token 过期 | 401 |
-| 403101 | 权限不足 | 403 |
-| 404101 | 用户不存在 | 404 |
-| 409401 | 重复支付 | 409 |
-| 429301 | 创作频次超限 | 429 |
-| 500301 | 任务调度失败 | 500 |
-| 502201 | GPT 上游不可用 | 502 |
-| 502202 | GROK 上游不可用 | 502 |
-
-### 3.4 实现
-
-```go
-// pkg/errcode/errcode.go
-type Error struct {
-    Code int    `json:"code"`
-    Msg  string `json:"msg"`
-    err  error
-}
-
-func (e *Error) Error() string { return e.Msg }
-func (e *Error) Wrap(err error) *Error { ne := *e; ne.err = err; return &ne }
-func (e *Error) Unwrap() error { return e.err }
-
-var (
-    OK              = &Error{0, "ok", nil}
-    InvalidParam    = &Error{400101, "参数错误", nil}
-    Unauthorized    = &Error{401101, "未登录", nil}
-    TokenExpired    = &Error{401102, "登录已过期", nil}
-    Forbidden       = &Error{403101, "权限不足", nil}
-    UserNotFound    = &Error{404101, "用户不存在", nil}
-    DuplicatedPay   = &Error{409401, "重复支付", nil}
-    RateLimited     = &Error{429301, "操作过于频繁", nil}
-    InternalError   = &Error{500001, "系统繁忙", nil}
-    GPTUnavailable  = &Error{502201, "GPT 服务暂不可用", nil}
-    GROKUnavailable = &Error{502202, "GROK 服务暂不可用", nil}
-)
-```
-
----
-
-## 4. 中间件清单（按顺序）
-
-```
-RecoveryMiddleware       → 捕获 panic
-RequestIDMiddleware      → 注入 trace_id（X-Request-Id）
-LoggerMiddleware         → 访问日志
-CORSMiddleware           → 仅前端域名白名单
-SecurityHeadersMiddleware→ HSTS / XCTO / XFO 等
-RateLimitIPMiddleware    → IP 维度限流（1000/min）
-AuthJWTMiddleware        → 用户端必备
-AuthAdminMiddleware      → 管理后台必备 + RBAC
-AuthAPIKeyMiddleware     → OpenAI 兼容入口必备
-RateLimitUserMiddleware  → 用户维度限流（按等级配置）
-BillingMiddleware        → 仅创作接口，预扣 + 后冲
-AuditMiddleware          → 仅管理后台写接口
-```
-
-实现要求：
-- 所有中间件单元测试覆盖率 ≥ 80%。
-- 限流统一用 Redis（`redis_rate`），不用本地令牌桶（多副本不一致）。
-- AuthAdminMiddleware 必须基于 **角色 + 资源** 双维度（RBAC），不是简单 isAdmin。
-
----
-
-## 5. 账号池设计（核心模块）
-
-### 5.1 设计目标
-
-- 海量第三方账号（GPT 上千个、GROK 数百个）批量管理
-- **轮询**：默认平均轮询 + 权重；可切换最少使用 / 最近成功优先
-- **熔断**：连续 N 次失败自动下线，定时试探
-- **配额**：日 / 月点数限额、单账号 RPM/TPM
-- **隔离**：按业务（生图/生视频）分组，不同套餐用不同分组
-- **可观测**：每次调用记录账号 ID / 耗时 / 状态 / 错误
-
-### 5.2 数据结构
-
-参考 `03-数据库设计.md` 中：
-- `account` 表：账号原始信息（含加密的 token / cookie / api_key）
-- `account_group` 表：账号分组（gpt-image-pro、grok-video-default 等）
-- `account_group_member` 表：账号 ↔ 分组多对多
-- `account_health` 表（或 Redis）：实时健康状态、连续失败次数、上次成功时间
-
-### 5.3 调度算法
-
-```go
-// internal/pool/scheduler.go
-type Strategy interface {
-    Pick(ctx context.Context, group string) (*Account, error)
-}
-```
-
-实现：
-- `RoundRobin`：默认
-- `WeightedRR`：按账号 weight 加权
-- `LeastUsed`：当前 5 分钟使用次数最少
-- `LowestErrRate`：近 1 小时错误率最低
-
-切换策略通过系统配置 `pool.strategy`，热更新（每 30s 拉一次）。
-
-### 5.4 熔断与恢复
-
-- 连续失败 ≥ 5 次：账号状态置 `cooldown`，10 分钟内不参与调度
-- cooldown 结束后单次试探，成功则恢复 `active`，再失败则进入 `disabled`，需人工介入
-- 错误分类：
-  - 401/403/429：账号问题，进入 cooldown
-  - 5xx：上游问题，**不**惩罚账号，仅本次重试其他账号
-  - 网络超时：重试 1 次，失败则 cooldown
-
-### 5.5 配额
-
-每账号维度记录 Redis：
-
-```
-pool:acc:{id}:rpm       → 滑动窗口（1 分钟）
-pool:acc:{id}:tpm       → 滑动窗口（1 分钟）
-pool:acc:{id}:daily     → 计数（按天）
-pool:acc:{id}:monthly   → 计数（按月）
-```
-
-调度选账号时先看 RPM/TPM 余量再分配。
-
-### 5.6 健康检查
-
-Worker 每 5 分钟跑一次：
-1. 取所有 `active` 账号
-2. 调用最低成本接口（GPT：`/v1/models`；GROK：`/me`）
-3. 写入 `account_health`
-4. 失败累计达阈值则下线
-
----
-
-## 6. 计费引擎（biller）
-
-### 6.1 计费模型
-
-- 单位：**点（Point）**，最小粒度 0.01 点（DB 存 `int64`，按 100 倍存储）
-- 套餐：`free / pro / max`，每套餐每月赠送点数 + 不同模型可用 + 不同 QPS
-- 付费：充值得点（赠送系数可配）+ CDK + 邀请返点
-- 模型计费：每个生成模型在 `system_config` 中定义单价（如「文生图 V3」= 4 点 / 张）
-
-### 6.2 扣费流程（必须满足以下顺序）
-
-```
-1. 创建任务（task_id, idempotency_key 唯一）
-2. 预扣点数 → 写 consume_record(status=pending)
-3. 调度账号池调用 Provider
-4. 成功 → consume_record(status=success)，写生成记录
-5. 失败 → 退点数（原路返回）+ consume_record(status=refunded) + 写错误日志
-6. 整体在 (DB 事务 + Redis 幂等键) 内完成
-```
-
-### 6.3 幂等
-
-- 客户端请求必须携带 `Idempotency-Key`（UUID v4），有效期 24h
-- 相同 key 第二次请求直接返回首次结果
-- 服务端落 Redis：`idem:{user_id}:{key}` → `{taskId, response}`
-
-### 6.4 余额冻结
-
-进行中任务点数处于 **冻结** 状态：
-```
-user.points          → 可用余额
-user.frozen_points   → 冻结（任务进行中）
-```
-
-任务结算后冻结 → 实扣或退还。
-
----
-
-## 7. 限流策略
-
-| 场景 | 维度 | 默认值 | 实现 |
-|------|------|--------|------|
-| 全局防刷 | IP | 1000/min | `redis_rate` |
-| 登录 / 验证码 | IP + 手机号 | 5/min | 滑窗 |
-| 用户接口 | UID | 套餐配置 | `redis_rate` |
-| 创作接口 | UID | 5 并发任务 | Redis `INCR` + TTL |
-| OpenAI Key | API Key | Key 配置 RPM/TPM | 双窗口 |
-
-429 响应必须返回：
-
-```
-Retry-After: 30
-X-RateLimit-Limit: 60
-X-RateLimit-Remaining: 0
-X-RateLimit-Reset: 1714200000
-```
-
----
-
-## 8. 异步任务（worker）
-
-- 队列分级：`critical / default / low`
-- 关键任务：生成视频（耗时 30s-5min）必须异步，HTTP 立即返回 task_id，前端走 WebSocket 拿进度
-- 重试策略：指数退避 `1m, 5m, 30m, 2h, 12h`，最多 5 次
-- 死信：进入 `dlq` 队列，告警通知
-
-任务清单：
-
-| 任务名 | 队列 | 用途 |
-|--------|------|------|
-| `gen:image` | critical | GPT 文生图 / 图生图 |
-| `gen:video` | critical | GROK 文生视频 / 图生视频 |
-| `pool:health` | default | 账号健康检查（cron） |
-| `bill:settle` | default | 流水结算 / 对账 |
-| `email:send` | low | 邮件 |
-| `webhook:notify` | default | 第三方回调（带签名） |
-
----
-
-## 9. 日志规范
-
-```json
-{
-  "ts": "2026-04-27T13:30:00.123Z",
-  "level": "info",
-  "trace_id": "01HX...",
-  "user_id": 10086,
-  "route": "POST /api/v1/gen/image",
-  "status": 200,
-  "latency_ms": 412,
-  "msg": "image generated",
-  "extra": { "task_id": "...", "model": "v3", "account_id": 17 }
-}
-```
-
-铁律：
-- 禁止打印 **明文密钥 / 密码 / token / cookie**，需脱敏（`abc***xyz`）
-- 一条业务流必须 `trace_id` 串联（`X-Request-Id` 透传到 provider 层）
-- error 级别日志必须带 `stack`
-
----
-
-## 10. 测试规范
-
-| 类型 | 工具 | 覆盖率 |
-|------|------|--------|
-| 单元 | testify + gomock | service ≥ 70%、pool/biller ≥ 90% |
-| 集成 | docker-compose 起 MySQL/Redis，go test | 关键路径 100% |
-| 接口 | apifox / hurl | 全部对外接口 |
-| 压测 | k6 / vegeta | 上线前必跑 |
-
-铁律：
-- `_test.go` 不允许依赖外网；外部 Provider 必须 mock
-- 单测命名：`Test_<Type>_<Method>_<Scenario>`
-- `go test ./... -race -count=1` 必须通过
-
----
-
-## 11. CI / CD（参考）
-
-```yaml
-# .github/workflows/backend.yml
-- gofmt -l 检查
-- golangci-lint run
-- go vet ./...
-- govulncheck ./...
-- go test ./... -race -coverprofile=cover.out
-- 覆盖率门禁 ≥ 70%
-- docker build --target prod
-- 推私有 Registry（端口 17500）
-- 触发 deploy（dev/stg 自动，prod 手动审批）
-```
diff --git "a/docs/03-\346\225\260\346\215\256\345\272\223\350\256\276\350\256\241.md" "b/docs/03-\346\225\260\346\215\256\345\272\223\350\256\276\350\256\241.md"
deleted file mode 100644
index 32d95bd9..00000000
--- "a/docs/03-\346\225\260\346\215\256\345\272\223\350\256\276\350\256\241.md"
+++ /dev/null
@@ -1,785 +0,0 @@
-# 03 · 数据库设计
-
-> MySQL 8.0+ · `utf8mb4_0900_ai_ci` · InnoDB · 严格模式
-> 库名：`klein_ai`（生产）/ `klein_ai_dev`（开发）
-
----
-
-## 1. 通用约定
-
-### 1.1 表设计铁律
-
-- 所有表必须有：`id`（无符号主键）、`created_at`、`updated_at`、`deleted_at`（软删，唯一索引列除外）。
-- 主键统一 `BIGINT UNSIGNED AUTO_INCREMENT`。
-- 涉及外部曝光的资源使用业务无关 ID：`uuid CHAR(36)` 或 雪花 ID `BIGINT`，并加唯一索引。
-- 字段命名：`snake_case`，避免缩写；状态字段名统一 `status`，类型 `TINYINT`，注释列出枚举。
-- 金额、点数：`BIGINT`，**单位 = 0.01（分 / 厘点）**，禁止用浮点。
-- 时间统一 `DATETIME(3)`，存 UTC；展示由应用层转。
-- 禁止外键约束；通过应用层保证一致性，便于分库分表。
-- 索引命名：`idx_<col1>_<col2>` / `uk_<col>`。
-- 大文本（提示词、错误堆栈、JSON 配置）用 `TEXT` / `JSON`，与主表分离或谨慎使用。
-
-### 1.2 软删与归档
-
-- 软删：`deleted_at IS NULL` 表示有效；带软删的列必须加 `idx_deleted`。
-- 大表（`request_log`、`generation`、`consume_record`）按月分表或归档至 `*_archive` 表。
-- `request_log` 默认仅保留 30 天，归档表保留 1 年。
-
-### 1.3 索引设计原则
-
-- 高频查询全部用覆盖索引或组合索引。
-- 避免左模糊。
-- 状态 + 时间是常用组合，必须有 `idx_status_created_at`。
-
----
-
-## 2. 数据表清单
-
-### 2.1 模块划分
-
-| 模块 | 表 |
-|------|----|
-| 用户体系 | `user`、`user_profile`、`user_invite_relation` |
-| 后台管理 | `admin_user`、`admin_role`、`admin_role_permission`、`admin_audit_log` |
-| 账号池 | `account`、`account_group`、`account_group_member`、`account_health` |
-| API Key | `api_key`、`api_key_quota` |
-| 创作 / 任务 | `generation_task`、`generation_result`、`prompt_history`、`favorite` |
-| 模型 / 套餐 | `model`、`plan`、`user_subscription` |
-| 计费 | `wallet_log`、`recharge_record`、`consume_record`、`refund_record` |
-| 优惠 | `promo_code`、`promo_code_use`、`redeem_code`（CDK）、`redeem_code_batch` |
-| 邀请 | `invitation`、`invitation_reward` |
-| 系统 | `system_config`、`system_dict`、`announcement` |
-| 日志 | `request_log`、`task_log`、`pool_call_log` |
-
----
-
-## 3. 用户体系
-
-### 3.1 `user` 用户
-
-```sql
-CREATE TABLE `user` (
-  `id`              BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `uuid`            CHAR(36)        NOT NULL                  COMMENT '业务 ID',
-  `email`           VARCHAR(128)    DEFAULT NULL,
-  `phone`           VARCHAR(20)     DEFAULT NULL,
-  `username`        VARCHAR(64)     DEFAULT NULL              COMMENT '昵称',
-  `avatar`          VARCHAR(255)    DEFAULT NULL,
-  `password`        VARCHAR(72)     NOT NULL                  COMMENT 'bcrypt',
-  `points`          BIGINT          NOT NULL DEFAULT 0        COMMENT '可用点数 *100',
-  `frozen_points`   BIGINT          NOT NULL DEFAULT 0        COMMENT '冻结点数 *100',
-  `total_recharge`  BIGINT          NOT NULL DEFAULT 0        COMMENT '累计充值（分）',
-  `plan_code`       VARCHAR(32)     NOT NULL DEFAULT 'free'   COMMENT '当前套餐',
-  `plan_expire_at`  DATETIME(3)     DEFAULT NULL,
-  `inviter_id`      BIGINT UNSIGNED DEFAULT NULL,
-  `invite_code`     VARCHAR(16)     NOT NULL                  COMMENT '本人邀请码',
-  `status`          TINYINT         NOT NULL DEFAULT 1        COMMENT '1启用 0禁用 -1注销',
-  `register_ip`     VARCHAR(45)     DEFAULT NULL,
-  `last_login_at`   DATETIME(3)     DEFAULT NULL,
-  `last_login_ip`   VARCHAR(45)     DEFAULT NULL,
-  `created_at`      DATETIME(3)     NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`      DATETIME(3)     NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`      DATETIME(3)     DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_uuid` (`uuid`),
-  UNIQUE KEY `uk_email` (`email`),
-  UNIQUE KEY `uk_phone` (`phone`),
-  UNIQUE KEY `uk_invite_code` (`invite_code`),
-  KEY `idx_inviter` (`inviter_id`),
-  KEY `idx_status_created` (`status`, `created_at`),
-  KEY `idx_deleted` (`deleted_at`)
-) ENGINE=InnoDB COMMENT='用户';
-```
-
-### 3.2 `user_profile` 扩展资料
-
-```sql
-CREATE TABLE `user_profile` (
-  `user_id`     BIGINT UNSIGNED NOT NULL,
-  `gender`      TINYINT     DEFAULT 0,
-  `birthday`    DATE        DEFAULT NULL,
-  `bio`         VARCHAR(255) DEFAULT NULL,
-  `prefer_lang` VARCHAR(10) DEFAULT 'zh-CN',
-  `setting`     JSON        DEFAULT NULL COMMENT '用户偏好设置',
-  `updated_at`  DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`user_id`)
-) ENGINE=InnoDB COMMENT='用户扩展资料';
-```
-
----
-
-## 4. 后台管理
-
-### 4.1 `admin_user`
-
-```sql
-CREATE TABLE `admin_user` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `username`   VARCHAR(64) NOT NULL,
-  `password`   VARCHAR(72) NOT NULL,
-  `nickname`   VARCHAR(64) DEFAULT NULL,
-  `email`      VARCHAR(128) DEFAULT NULL,
-  `role_id`    BIGINT UNSIGNED NOT NULL,
-  `status`     TINYINT NOT NULL DEFAULT 1,
-  `last_login_at` DATETIME(3) DEFAULT NULL,
-  `last_login_ip` VARCHAR(45) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at` DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_username` (`username`),
-  KEY `idx_role` (`role_id`)
-) ENGINE=InnoDB COMMENT='后台账号';
-```
-
-### 4.2 `admin_role` / `admin_role_permission`
-
-```sql
-CREATE TABLE `admin_role` (
-  `id`        BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `name`      VARCHAR(64) NOT NULL,
-  `code`      VARCHAR(32) NOT NULL,
-  `remark`    VARCHAR(255) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`)
-) ENGINE=InnoDB;
-
-CREATE TABLE `admin_role_permission` (
-  `role_id`     BIGINT UNSIGNED NOT NULL,
-  `permission`  VARCHAR(128) NOT NULL COMMENT '如 user:list、account:edit',
-  PRIMARY KEY (`role_id`, `permission`)
-) ENGINE=InnoDB;
-```
-
-### 4.3 `admin_audit_log` 操作审计
-
-```sql
-CREATE TABLE `admin_audit_log` (
-  `id`            BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `admin_id`      BIGINT UNSIGNED NOT NULL,
-  `admin_name`    VARCHAR(64) NOT NULL,
-  `module`        VARCHAR(64) NOT NULL,
-  `action`        VARCHAR(64) NOT NULL,
-  `target_type`   VARCHAR(64) DEFAULT NULL,
-  `target_id`     VARCHAR(64) DEFAULT NULL,
-  `before_value`  JSON DEFAULT NULL,
-  `after_value`   JSON DEFAULT NULL,
-  `ip`            VARCHAR(45) DEFAULT NULL,
-  `ua`            VARCHAR(255) DEFAULT NULL,
-  `created_at`    DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_admin` (`admin_id`),
-  KEY `idx_module_action` (`module`, `action`),
-  KEY `idx_created` (`created_at`)
-) ENGINE=InnoDB COMMENT='后台操作审计';
-```
-
----
-
-## 5. 账号池
-
-### 5.1 `account` 第三方账号
-
-```sql
-CREATE TABLE `account` (
-  `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `provider`       VARCHAR(32) NOT NULL                COMMENT 'gpt / grok',
-  `name`           VARCHAR(128) NOT NULL               COMMENT '管理别名',
-  `auth_type`      VARCHAR(32) NOT NULL                COMMENT 'api_key / cookie / oauth',
-  `credential_enc` BLOB NOT NULL                        COMMENT 'AES-256-GCM 加密',
-  `base_url`       VARCHAR(255) DEFAULT NULL,
-  `model_whitelist` JSON DEFAULT NULL                   COMMENT '可调用模型',
-  `weight`         INT NOT NULL DEFAULT 10,
-  `rpm_limit`      INT NOT NULL DEFAULT 0              COMMENT '0 不限',
-  `tpm_limit`      INT NOT NULL DEFAULT 0,
-  `daily_quota`    INT NOT NULL DEFAULT 0              COMMENT '每日点数上限',
-  `monthly_quota`  INT NOT NULL DEFAULT 0,
-  `status`         TINYINT NOT NULL DEFAULT 1          COMMENT '1启用 0停用 2熔断 -1禁用',
-  `cooldown_until` DATETIME(3) DEFAULT NULL,
-  `last_used_at`   DATETIME(3) DEFAULT NULL,
-  `last_error`     VARCHAR(255) DEFAULT NULL,
-  `error_count`    INT NOT NULL DEFAULT 0,
-  `success_count`  BIGINT UNSIGNED NOT NULL DEFAULT 0,
-  `remark`         VARCHAR(255) DEFAULT NULL,
-  `created_by`     BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`     DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  KEY `idx_provider_status` (`provider`, `status`),
-  KEY `idx_status_cooldown` (`status`, `cooldown_until`),
-  KEY `idx_deleted` (`deleted_at`)
-) ENGINE=InnoDB COMMENT='第三方账号池';
-```
-
-### 5.2 `account_group` 分组
-
-```sql
-CREATE TABLE `account_group` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `provider`   VARCHAR(32) NOT NULL,
-  `code`       VARCHAR(64) NOT NULL                COMMENT '如 gpt-image-default',
-  `name`       VARCHAR(128) NOT NULL,
-  `strategy`   VARCHAR(32) NOT NULL DEFAULT 'round_robin' COMMENT '调度策略',
-  `status`     TINYINT NOT NULL DEFAULT 1,
-  `remark`     VARCHAR(255) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at` DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_provider_code` (`provider`, `code`)
-) ENGINE=InnoDB COMMENT='账号池分组';
-
-CREATE TABLE `account_group_member` (
-  `group_id`   BIGINT UNSIGNED NOT NULL,
-  `account_id` BIGINT UNSIGNED NOT NULL,
-  `weight`     INT NOT NULL DEFAULT 10,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`group_id`, `account_id`),
-  KEY `idx_account` (`account_id`)
-) ENGINE=InnoDB;
-```
-
-### 5.3 `account_health` 健康指标（可选写 Redis）
-
-```sql
-CREATE TABLE `account_health` (
-  `account_id`        BIGINT UNSIGNED NOT NULL,
-  `last_check_at`     DATETIME(3) NOT NULL,
-  `last_check_status` TINYINT NOT NULL                 COMMENT '1正常 0异常',
-  `consec_fail`       INT NOT NULL DEFAULT 0,
-  `latency_ms_p50`    INT NOT NULL DEFAULT 0,
-  `latency_ms_p99`    INT NOT NULL DEFAULT 0,
-  `error_rate_1h`     DECIMAL(5,2) NOT NULL DEFAULT 0.00,
-  `updated_at`        DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`account_id`)
-) ENGINE=InnoDB;
-```
-
----
-
-## 6. API Key（用户调用）
-
-### 6.1 `api_key`
-
-```sql
-CREATE TABLE `api_key` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `user_id`      BIGINT UNSIGNED NOT NULL,
-  `name`         VARCHAR(64) NOT NULL,
-  `prefix`       VARCHAR(16) NOT NULL                COMMENT '展示前缀 sk-klein-xxxx',
-  `hash`         CHAR(64) NOT NULL                   COMMENT 'SHA256(key + salt)',
-  `salt`         CHAR(32) NOT NULL,
-  `last4`        CHAR(4) NOT NULL                    COMMENT '末四位用于展示',
-  `scope`        VARCHAR(255) NOT NULL DEFAULT 'image,video' COMMENT '逗号分隔',
-  `rpm_limit`    INT NOT NULL DEFAULT 60,
-  `daily_quota`  INT NOT NULL DEFAULT 0,
-  `expire_at`    DATETIME(3) DEFAULT NULL,
-  `last_used_at` DATETIME(3) DEFAULT NULL,
-  `status`       TINYINT NOT NULL DEFAULT 1,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`   DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_hash` (`hash`),
-  KEY `idx_user_status` (`user_id`, `status`),
-  KEY `idx_deleted` (`deleted_at`)
-) ENGINE=InnoDB COMMENT='用户 API Key';
-```
-
-> 实际 Key 生成后只在「**创建响应**」中返回一次，DB 仅存 `hash + last4`。
-
----
-
-## 7. 创作 / 任务
-
-### 7.1 `generation_task`
-
-```sql
-CREATE TABLE `generation_task` (
-  `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`        CHAR(26) NOT NULL                  COMMENT 'ULID',
-  `user_id`        BIGINT UNSIGNED NOT NULL,
-  `kind`           VARCHAR(16) NOT NULL               COMMENT 'image / video',
-  `mode`           VARCHAR(16) NOT NULL               COMMENT 't2i / i2i / t2v / i2v',
-  `model_code`     VARCHAR(64) NOT NULL,
-  `prompt`         TEXT NOT NULL,
-  `neg_prompt`     TEXT DEFAULT NULL,
-  `params`         JSON NOT NULL                      COMMENT '比例/数量/时长/seed等',
-  `ref_assets`     JSON DEFAULT NULL                  COMMENT '参考图地址等',
-  `count`          INT NOT NULL DEFAULT 1,
-  `cost_points`    BIGINT NOT NULL                    COMMENT '本次预扣点数 *100',
-  `idem_key`       VARCHAR(64) NOT NULL,
-  `account_id`     BIGINT UNSIGNED DEFAULT NULL       COMMENT '实际命中的账号',
-  `provider`       VARCHAR(32) NOT NULL,
-  `status`         TINYINT NOT NULL DEFAULT 0         COMMENT '0待处理 1进行中 2成功 3失败 4已退点',
-  `progress`       TINYINT NOT NULL DEFAULT 0         COMMENT '0-100',
-  `error`          VARCHAR(255) DEFAULT NULL,
-  `started_at`     DATETIME(3) DEFAULT NULL,
-  `finished_at`    DATETIME(3) DEFAULT NULL,
-  `client_ip`      VARCHAR(45) DEFAULT NULL,
-  `from_api_key_id` BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`     DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_task_id` (`task_id`),
-  UNIQUE KEY `uk_user_idem` (`user_id`, `idem_key`),
-  KEY `idx_user_kind_status` (`user_id`, `kind`, `status`),
-  KEY `idx_status_created` (`status`, `created_at`),
-  KEY `idx_account` (`account_id`)
-) ENGINE=InnoDB COMMENT='生成任务';
-```
-
-### 7.2 `generation_result`
-
-```sql
-CREATE TABLE `generation_result` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`    CHAR(26) NOT NULL,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `kind`       VARCHAR(16) NOT NULL,
-  `seq`        TINYINT NOT NULL DEFAULT 0,
-  `url`        VARCHAR(512) NOT NULL,
-  `thumb_url`  VARCHAR(512) DEFAULT NULL,
-  `width`      INT DEFAULT NULL,
-  `height`     INT DEFAULT NULL,
-  `duration_ms` INT DEFAULT NULL,
-  `size_bytes` BIGINT DEFAULT NULL,
-  `meta`       JSON DEFAULT NULL,
-  `is_public`  TINYINT NOT NULL DEFAULT 0           COMMENT '是否进入广场',
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `deleted_at` DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  KEY `idx_task` (`task_id`),
-  KEY `idx_user_kind` (`user_id`, `kind`),
-  KEY `idx_public_created` (`is_public`, `created_at`)
-) ENGINE=InnoDB COMMENT='生成结果';
-```
-
-### 7.3 `prompt_history` / `favorite`（用户偏好）
-
-```sql
-CREATE TABLE `prompt_history` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `kind`       VARCHAR(16) NOT NULL,
-  `prompt`     TEXT NOT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_user_created` (`user_id`, `created_at`)
-) ENGINE=InnoDB;
-
-CREATE TABLE `favorite` (
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `result_id`  BIGINT UNSIGNED NOT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`user_id`, `result_id`)
-) ENGINE=InnoDB;
-```
-
----
-
-## 8. 模型与套餐
-
-### 8.1 `model`
-
-```sql
-CREATE TABLE `model` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `code`         VARCHAR(64) NOT NULL,
-  `name`         VARCHAR(128) NOT NULL,
-  `kind`         VARCHAR(16) NOT NULL              COMMENT 'image / video',
-  `provider`     VARCHAR(32) NOT NULL,
-  `version`      VARCHAR(32) DEFAULT NULL,
-  `tags`         VARCHAR(255) DEFAULT NULL,
-  `cover_url`    VARCHAR(512) DEFAULT NULL,
-  `description`  TEXT DEFAULT NULL,
-  `point_per_unit` INT NOT NULL                    COMMENT '每张/每秒所需点数 *100',
-  `unit`         VARCHAR(16) NOT NULL DEFAULT 'image' COMMENT 'image / second',
-  `default_params` JSON DEFAULT NULL,
-  `group_code`   VARCHAR(64) NOT NULL              COMMENT '关联 account_group.code',
-  `min_plan`     VARCHAR(32) NOT NULL DEFAULT 'free',
-  `is_hot`       TINYINT NOT NULL DEFAULT 0,
-  `is_new`       TINYINT NOT NULL DEFAULT 0,
-  `sort`         INT NOT NULL DEFAULT 0,
-  `status`       TINYINT NOT NULL DEFAULT 1,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  `deleted_at`   DATETIME(3) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`),
-  KEY `idx_kind_status` (`kind`, `status`)
-) ENGINE=InnoDB COMMENT='可用模型';
-```
-
-### 8.2 `plan` 套餐 / `user_subscription`
-
-```sql
-CREATE TABLE `plan` (
-  `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `code`           VARCHAR(32) NOT NULL,
-  `name`           VARCHAR(64) NOT NULL,
-  `monthly_price`  BIGINT NOT NULL DEFAULT 0     COMMENT '分',
-  `yearly_price`   BIGINT NOT NULL DEFAULT 0,
-  `monthly_points` BIGINT NOT NULL DEFAULT 0     COMMENT '每月赠送点数 *100',
-  `rpm_limit`      INT NOT NULL DEFAULT 60,
-  `concurrency`    INT NOT NULL DEFAULT 2,
-  `model_scope`    JSON DEFAULT NULL,
-  `feature`        JSON DEFAULT NULL,
-  `status`         TINYINT NOT NULL DEFAULT 1,
-  `sort`           INT NOT NULL DEFAULT 0,
-  `created_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`     DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`)
-) ENGINE=InnoDB;
-
-CREATE TABLE `user_subscription` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `plan_code`  VARCHAR(32) NOT NULL,
-  `start_at`   DATETIME(3) NOT NULL,
-  `expire_at`  DATETIME(3) NOT NULL,
-  `auto_renew` TINYINT NOT NULL DEFAULT 0,
-  `source`     VARCHAR(32) NOT NULL                COMMENT 'recharge / cdk / promo',
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_user_expire` (`user_id`, `expire_at`)
-) ENGINE=InnoDB;
-```
-
----
-
-## 9. 计费与流水
-
-### 9.1 `wallet_log` 钱包流水（合一总账）
-
-```sql
-CREATE TABLE `wallet_log` (
-  `id`            BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `user_id`       BIGINT UNSIGNED NOT NULL,
-  `direction`     TINYINT NOT NULL                  COMMENT '1 收入 -1 支出',
-  `biz_type`      VARCHAR(32) NOT NULL              COMMENT 'recharge / consume / refund / promo / cdk / invite / gift',
-  `biz_id`        VARCHAR(64) NOT NULL              COMMENT '关联业务 ID',
-  `points`        BIGINT NOT NULL                   COMMENT '点数变动 *100，正负号统一为正，方向看 direction',
-  `points_before` BIGINT NOT NULL,
-  `points_after`  BIGINT NOT NULL,
-  `remark`        VARCHAR(255) DEFAULT NULL,
-  `created_at`    DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_user_created` (`user_id`, `created_at`),
-  KEY `idx_biz` (`biz_type`, `biz_id`)
-) ENGINE=InnoDB COMMENT='点数流水（总账）';
-```
-
-### 9.2 `recharge_record` 充值记录
-
-```sql
-CREATE TABLE `recharge_record` (
-  `id`            BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `order_no`      VARCHAR(32) NOT NULL,
-  `user_id`       BIGINT UNSIGNED NOT NULL,
-  `channel`       VARCHAR(32) NOT NULL              COMMENT 'alipay / wxpay / stripe / admin',
-  `amount`        BIGINT NOT NULL                   COMMENT '分',
-  `points`        BIGINT NOT NULL                   COMMENT '到账点数 *100',
-  `bonus_points`  BIGINT NOT NULL DEFAULT 0,
-  `status`        TINYINT NOT NULL DEFAULT 0        COMMENT '0待支付 1已支付 2已取消 3退款',
-  `paid_at`       DATETIME(3) DEFAULT NULL,
-  `channel_trade_no` VARCHAR(64) DEFAULT NULL,
-  `client_ip`     VARCHAR(45) DEFAULT NULL,
-  `extra`         JSON DEFAULT NULL,
-  `created_at`    DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`    DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_order_no` (`order_no`),
-  KEY `idx_user_status` (`user_id`, `status`),
-  KEY `idx_channel_trade` (`channel`, `channel_trade_no`)
-) ENGINE=InnoDB;
-```
-
-### 9.3 `consume_record` 消费记录
-
-```sql
-CREATE TABLE `consume_record` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`      CHAR(26) NOT NULL,
-  `user_id`      BIGINT UNSIGNED NOT NULL,
-  `kind`         VARCHAR(16) NOT NULL              COMMENT 'image / video',
-  `model_code`   VARCHAR(64) NOT NULL,
-  `count`        INT NOT NULL,
-  `unit_points`  BIGINT NOT NULL,
-  `total_points` BIGINT NOT NULL,
-  `status`       TINYINT NOT NULL                  COMMENT '0预扣 1成功 2退款',
-  `account_id`   BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_task` (`task_id`),
-  KEY `idx_user_created` (`user_id`, `created_at`)
-) ENGINE=InnoDB;
-```
-
-### 9.4 `refund_record`
-
-```sql
-CREATE TABLE `refund_record` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`    CHAR(26) NOT NULL,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `points`     BIGINT NOT NULL,
-  `reason`     VARCHAR(255) NOT NULL,
-  `operator`   VARCHAR(64) NOT NULL DEFAULT 'system',
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_task` (`task_id`),
-  KEY `idx_user` (`user_id`)
-) ENGINE=InnoDB;
-```
-
----
-
-## 10. 优惠码 与 兑换码（CDK）
-
-### 10.1 `promo_code` 优惠码（充值/订阅时使用）
-
-```sql
-CREATE TABLE `promo_code` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `code`         VARCHAR(32) NOT NULL,
-  `name`         VARCHAR(64) NOT NULL,
-  `discount_type` TINYINT NOT NULL                COMMENT '1满减 2折扣 3赠点',
-  `discount_val` BIGINT NOT NULL                  COMMENT '满减分 / 折扣 0-100 / 赠点 *100',
-  `min_amount`   BIGINT NOT NULL DEFAULT 0        COMMENT '门槛分',
-  `apply_to`     VARCHAR(64) NOT NULL DEFAULT 'all' COMMENT 'plan code 列表 / all',
-  `total_qty`    INT NOT NULL DEFAULT 0           COMMENT '0 无限',
-  `used_qty`     INT NOT NULL DEFAULT 0,
-  `per_user_limit` INT NOT NULL DEFAULT 1,
-  `start_at`     DATETIME(3) NOT NULL,
-  `end_at`       DATETIME(3) NOT NULL,
-  `status`       TINYINT NOT NULL DEFAULT 1,
-  `created_by`   BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  `updated_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`),
-  KEY `idx_status_time` (`status`, `start_at`, `end_at`)
-) ENGINE=InnoDB COMMENT='优惠码';
-
-CREATE TABLE `promo_code_use` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `promo_id`   BIGINT UNSIGNED NOT NULL,
-  `code`       VARCHAR(32) NOT NULL,
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `order_no`   VARCHAR(32) DEFAULT NULL,
-  `discount`   BIGINT NOT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_promo_user_order` (`promo_id`, `user_id`, `order_no`),
-  KEY `idx_user` (`user_id`)
-) ENGINE=InnoDB;
-```
-
-### 10.2 `redeem_code_batch` / `redeem_code` 兑换码（CDK）
-
-CDK 与优惠码区别：CDK 一码一用，**直接兑换为点数 / 套餐 / 实物权益**，不参与价格折算。
-
-```sql
-CREATE TABLE `redeem_code_batch` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `batch_no`     VARCHAR(32) NOT NULL,
-  `name`         VARCHAR(64) NOT NULL,
-  `reward_type`  VARCHAR(32) NOT NULL              COMMENT 'points / plan / mixed',
-  `reward_value` JSON NOT NULL                     COMMENT '{"points": 10000, "plan":"pro", "days":30}',
-  `total_qty`    INT NOT NULL,
-  `used_qty`     INT NOT NULL DEFAULT 0,
-  `per_user_limit` INT NOT NULL DEFAULT 1,
-  `expire_at`    DATETIME(3) DEFAULT NULL,
-  `status`       TINYINT NOT NULL DEFAULT 1,
-  `created_by`   BIGINT UNSIGNED DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_batch_no` (`batch_no`)
-) ENGINE=InnoDB;
-
-CREATE TABLE `redeem_code` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `batch_id`     BIGINT UNSIGNED NOT NULL,
-  `code`         VARCHAR(32) NOT NULL,
-  `status`       TINYINT NOT NULL DEFAULT 0        COMMENT '0未使用 1已使用 2作废',
-  `used_by`      BIGINT UNSIGNED DEFAULT NULL,
-  `used_at`      DATETIME(3) DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_code` (`code`),
-  KEY `idx_batch_status` (`batch_id`, `status`),
-  KEY `idx_used_by` (`used_by`)
-) ENGINE=InnoDB COMMENT='兑换码（CDK），一码一用';
-```
-
----
-
-## 11. 邀请
-
-```sql
-CREATE TABLE `user_invite_relation` (
-  `user_id`    BIGINT UNSIGNED NOT NULL,
-  `inviter_id` BIGINT UNSIGNED NOT NULL,
-  `invite_code` VARCHAR(16) NOT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`user_id`),
-  KEY `idx_inviter` (`inviter_id`)
-) ENGINE=InnoDB;
-
-CREATE TABLE `invitation_reward` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `inviter_id` BIGINT UNSIGNED NOT NULL,
-  `invitee_id` BIGINT UNSIGNED NOT NULL,
-  `kind`       VARCHAR(32) NOT NULL                COMMENT 'register / first_recharge / lifetime_share',
-  `points`     BIGINT NOT NULL,
-  `from_order` VARCHAR(32) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_inviter_created` (`inviter_id`, `created_at`),
-  KEY `idx_invitee` (`invitee_id`)
-) ENGINE=InnoDB;
-```
-
----
-
-## 12. 系统配置 / 字典 / 公告
-
-```sql
-CREATE TABLE `system_config` (
-  `key`        VARCHAR(64) NOT NULL,
-  `value`      JSON NOT NULL,
-  `remark`     VARCHAR(255) DEFAULT NULL,
-  `updated_by` BIGINT UNSIGNED DEFAULT NULL,
-  `updated_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`key`)
-) ENGINE=InnoDB COMMENT='系统全局配置';
-
-CREATE TABLE `system_dict` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `group`      VARCHAR(64) NOT NULL,
-  `key`        VARCHAR(64) NOT NULL,
-  `value`      VARCHAR(255) NOT NULL,
-  `sort`       INT NOT NULL DEFAULT 0,
-  `status`     TINYINT NOT NULL DEFAULT 1,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_group_key` (`group`, `key`)
-) ENGINE=InnoDB;
-
-CREATE TABLE `announcement` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `title`      VARCHAR(128) NOT NULL,
-  `content`    TEXT NOT NULL,
-  `level`      VARCHAR(16) NOT NULL DEFAULT 'info',
-  `start_at`   DATETIME(3) NOT NULL,
-  `end_at`     DATETIME(3) NOT NULL,
-  `status`     TINYINT NOT NULL DEFAULT 1,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_status_time` (`status`, `start_at`, `end_at`)
-) ENGINE=InnoDB;
-```
-
----
-
-## 13. 日志（按月分区，30 天保留）
-
-### 13.1 `request_log`
-
-```sql
-CREATE TABLE `request_log` (
-  `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `trace_id`     CHAR(26) NOT NULL,
-  `user_id`      BIGINT UNSIGNED DEFAULT NULL,
-  `api_key_id`   BIGINT UNSIGNED DEFAULT NULL,
-  `method`       VARCHAR(8) NOT NULL,
-  `path`         VARCHAR(255) NOT NULL,
-  `status`       INT NOT NULL,
-  `latency_ms`   INT NOT NULL,
-  `client_ip`    VARCHAR(45) DEFAULT NULL,
-  `ua`           VARCHAR(255) DEFAULT NULL,
-  `req_size`     INT DEFAULT NULL,
-  `resp_size`    INT DEFAULT NULL,
-  `err_code`     INT DEFAULT NULL,
-  `created_at`   DATETIME(3) NOT NULL,
-  PRIMARY KEY (`id`, `created_at`),
-  KEY `idx_user_created` (`user_id`, `created_at`),
-  KEY `idx_trace` (`trace_id`),
-  KEY `idx_status_created` (`status`, `created_at`)
-) ENGINE=InnoDB
-  PARTITION BY RANGE (TO_DAYS(created_at)) (
-    PARTITION p202604 VALUES LESS THAN (TO_DAYS('2026-05-01')),
-    PARTITION p202605 VALUES LESS THAN (TO_DAYS('2026-06-01')),
-    PARTITION pmax    VALUES LESS THAN MAXVALUE
-  )
-  COMMENT='请求日志（按月分区）';
-```
-
-### 13.2 `pool_call_log` 账号池调用日志
-
-```sql
-CREATE TABLE `pool_call_log` (
-  `id`         BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `task_id`    CHAR(26) NOT NULL,
-  `account_id` BIGINT UNSIGNED NOT NULL,
-  `provider`   VARCHAR(32) NOT NULL,
-  `endpoint`   VARCHAR(128) NOT NULL,
-  `status`     INT NOT NULL,
-  `latency_ms` INT NOT NULL,
-  `tokens`     INT DEFAULT NULL,
-  `error`      VARCHAR(255) DEFAULT NULL,
-  `created_at` DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
-  PRIMARY KEY (`id`),
-  KEY `idx_task` (`task_id`),
-  KEY `idx_account_created` (`account_id`, `created_at`),
-  KEY `idx_status_created` (`status`, `created_at`)
-) ENGINE=InnoDB COMMENT='账号池调用日志';
-```
-
----
-
-## 14. 缓存键约定（Redis）
-
-```
-session:user:{userId}                  # 用户会话
-auth:refresh:{userId}:{jti}            # refresh token 白名单
-idem:{userId}:{key}                    # 幂等
-ratelimit:ip:{ip}                      # IP 限流
-ratelimit:user:{userId}                # 用户限流
-ratelimit:apikey:{keyId}               # API Key 限流
-pool:strategy                          # 调度策略
-pool:health:{accountId}                # 账号实时健康
-pool:rpm:{accountId}                   # 滑窗
-task:progress:{taskId}                 # 任务进度
-ws:online:{userId}                     # 在线 WS 连接 ID
-```
-
----
-
-## 15. 迁移与种子数据
-
-- 迁移工具：[goose](https://github.com/pressly/goose) 或 atlas，文件存 `backend/migrations/`，命名 `20260427_1300__create_user.sql`。
-- 必备种子数据：
-  - `admin_role`：超级管理员、运营、客服、风控
-  - `plan`：free / pro / max 三档
-  - `model`：通用模型 V3.0、写实 V2.1、二次元 V2.0、3D 渲染 V2.0、文生视频 V1.0、图生视频 V1.0
-  - `system_config`：`pool.strategy`、`points.rate`（1 元 = 多少点）、`invite.reward.first_recharge`
-  - `system_dict`：图片比例（1:1 / 3:4 / 4:3 / 16:9 / 9:16）、视频时长（4s / 8s / 16s）
-
----
-
-## 16. 容量与备份
-
-- 单表预期上限：
-  - `request_log`：日 500w 行 → 月分区，**90 天后归档至冷存（S3 + parquet）**
-  - `generation_task / generation_result`：日 50w 行 → 月分区
-- 备份策略：
-  - 每日凌晨全量逻辑备份（mysqldump / xtrabackup）→ S3
-  - Binlog 同步至备库 + 归档 7 天
-  - 每周演练恢复 1 次
diff --git "a/docs/04-API\350\247\204\350\214\203.md" "b/docs/04-API\350\247\204\350\214\203.md"
deleted file mode 100644
index 771b2353..00000000
--- "a/docs/04-API\350\247\204\350\214\203.md"
+++ /dev/null
@@ -1,569 +0,0 @@
-# 04 · API 规范
-
-> 三套独立 API：
-> - **用户端 API**：`https://api.klein.example` → `:17180`，前缀 `/api/v1`
-> - **管理后台 API**：`https://admin-api.klein.example` → `:17188`，前缀 `/admin/api/v1`
-> - **OpenAI 兼容 API**：`https://openai.klein.example` → `:17200`，前缀 `/v1`
-
----
-
-## 1. 通用约定
-
-### 1.1 请求
-
-- HTTPS 强制；`Content-Type: application/json; charset=utf-8`（文件上传除外）
-- 必带头：
-  - `X-Request-Id`：UUID v4 / ULID（前端生成，后端透传）
-  - `Accept-Language`：`zh-CN` / `en-US`（默认 zh-CN）
-  - `User-Agent`：客户端标识 `KleinAI-Web/1.0.0`
-- 鉴权头三选一：
-  - 用户端：`Authorization: Bearer <accessToken>`
-  - 后台：同上 + `X-Admin-Token`
-  - OpenAI 兼容：`Authorization: Bearer sk-klein-xxxxx`
-- 写操作必带 `Idempotency-Key: <UUIDv4>`（创建生成任务、充值下单、CDK 兑换等）
-- 时间统一 ISO 8601：`2026-04-27T13:30:00.123+08:00`
-- 分页：`?page=1&page_size=20`，最大 `page_size=100`
-
-### 1.2 响应
-
-```json
-{
-  "code": 0,
-  "msg": "ok",
-  "data": { },
-  "trace_id": "01HX..."
-}
-```
-
-| 字段 | 类型 | 说明 |
-|------|------|------|
-| `code` | int | 0 表示成功；非 0 看《02-后端规范》错误码 |
-| `msg` | string | 中文提示，可直接展示 |
-| `data` | any | 业务负载 |
-| `trace_id` | string | 链路 ID，便于排障 |
-
-分页响应统一：
-
-```json
-{
-  "code": 0,
-  "msg": "ok",
-  "data": {
-    "list": [],
-    "total": 123,
-    "page": 1,
-    "page_size": 20
-  }
-}
-```
-
-### 1.3 HTTP 状态码与业务码关系
-
-- HTTP 200：业务成功（即便 `code != 0`，也用 200，**除特例外**）
-- HTTP 401：仅用于 Token 失效 / 未登录
-- HTTP 403：仅用于权限不足
-- HTTP 429：限流
-- HTTP 5xx：服务器/网关问题
-
-### 1.4 文件上传
-
-- 路径 `/api/v1/upload`
-- `multipart/form-data`，单文件 ≤ 20MB（图片）/ ≤ 200MB（视频参考素材）
-- 返回 `{ url, hash, size, mime }`，URL 走 CDN
-
-### 1.5 WebSocket
-
-- 入口：`wss://api.klein.example/ws?token=<accessToken>` （`:17280`）
-- 心跳：客户端每 25s 发 `{"op":"ping"}`，服务端 `{"op":"pong"}`
-- 任务进度推送：
-
-```json
-{
-  "op": "task.progress",
-  "task_id": "01HX...",
-  "status": "running",
-  "progress": 35,
-  "ts": 1714200000123
-}
-```
-
-```json
-{
-  "op": "task.done",
-  "task_id": "01HX...",
-  "status": "success",
-  "results": [{ "url": "...", "thumb_url": "...", "duration_ms": 8000 }]
-}
-```
-
----
-
-## 2. 用户端 API（`/api/v1`）
-
-### 2.1 鉴权 / 账户
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| POST | `/auth/register` | 注册（手机号 / 邮箱） |
-| POST | `/auth/login` | 登录（密码） |
-| POST | `/auth/login/sms` | 短信验证码登录 |
-| POST | `/auth/captcha/sms` | 发送短信验证码 |
-| POST | `/auth/refresh` | 刷新 Token |
-| POST | `/auth/logout` | 登出（吊销 refresh） |
-| POST | `/auth/password/reset` | 重置密码 |
-| GET  | `/me` | 当前用户基本信息 + 余额 + 套餐 |
-| PATCH| `/me` | 修改昵称 / 头像 / 偏好 |
-| POST | `/me/password` | 修改密码（需旧密码） |
-| GET  | `/me/devices` | 在线设备列表 |
-| POST | `/me/devices/:id/revoke` | 强制下线某设备 |
-
-#### `/auth/login` 示例
-
-请求：
-```json
-POST /api/v1/auth/login
-{
-  "account": "user@example.com",
-  "password": "******",
-  "captcha_id": "xxx",
-  "captcha_code": "1234"
-}
-```
-
-响应：
-```json
-{
-  "code": 0,
-  "msg": "ok",
-  "data": {
-    "access_token": "ey...",
-    "refresh_token": "ey...",
-    "expires_in": 7200,
-    "user": {
-      "uuid": "...",
-      "username": "Panda9527",
-      "avatar": "...",
-      "points": 25600,
-      "plan_code": "pro",
-      "plan_expire_at": "2026-12-31T23:59:59+08:00"
-    }
-  }
-}
-```
-
-### 2.2 创作中心（生图 / 生视频）
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/models` | 模型市场列表（按 kind 筛选） |
-| GET  | `/models/:code` | 模型详情 |
-| POST | `/gen/image` | 文生图 / 图生图（需 Idempotency-Key） |
-| POST | `/gen/video` | 文生视频 / 图生视频（需 Idempotency-Key） |
-| GET  | `/gen/tasks/:task_id` | 任务详情（含进度与结果） |
-| POST | `/gen/tasks/:task_id/cancel` | 取消任务（仅 pending/running） |
-| GET  | `/gen/tasks` | 历史任务（生成历史） |
-| POST | `/gen/results/:id/upscale` | 放大 |
-| POST | `/gen/results/:id/variation` | 再次生成（变体） |
-| POST | `/gen/results/:id/favorite` | 收藏 / 取消收藏 |
-| POST | `/upload` | 通用上传（参考图等） |
-| GET  | `/prompt/history` | 提示词历史 |
-| GET  | `/inspirations` | 灵感广场（推荐 / 全部 / 插画 / 摄影 / 3D / 二次元） |
-
-#### `/gen/image` 示例
-
-```json
-POST /api/v1/gen/image
-Idempotency-Key: 9b1d... 
-{
-  "model_code": "img-v3",
-  "mode": "t2i",
-  "prompt": "一只可爱的猫咪，戴着宇航员头盔...",
-  "neg_prompt": "",
-  "ratio": "4:3",
-  "count": 4,
-  "seed": null,
-  "ref_url": null
-}
-```
-
-响应（异步）：
-```json
-{
-  "code": 0,
-  "msg": "ok",
-  "data": {
-    "task_id": "01HX...",
-    "status": "pending",
-    "estimate_seconds": 8,
-    "cost_points": 1600
-  }
-}
-```
-
-后续通过 WebSocket 或 `GET /gen/tasks/:task_id` 拿结果。
-
-#### `/gen/video` 关键参数
-
-```json
-{
-  "model_code": "vid-v1",
-  "mode": "t2v",
-  "prompt": "...",
-  "ratio": "16:9",
-  "duration": 8,
-  "fps": 24,
-  "ref_image_url": null
-}
-```
-
-### 2.3 KEY 管理
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/keys` | 列表 |
-| POST | `/keys` | 创建（**仅创建时返回明文 Key**） |
-| PATCH| `/keys/:id` | 改名 / 改作用域 / 改限额 |
-| POST | `/keys/:id/disable` | 停用 |
-| POST | `/keys/:id/enable` | 启用 |
-| DELETE | `/keys/:id` | 删除 |
-| GET  | `/keys/:id/stats` | 用量统计（QPS / 调用数 / 消耗点数） |
-
-### 2.4 余额 / 充值 / 兑换
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/wallet` | 余额 + 冻结点数 + 套餐 |
-| GET  | `/wallet/logs` | 余额明细（流水） |
-| GET  | `/recharge/products` | 充值套餐列表 |
-| POST | `/recharge/orders` | 创建充值订单（返回支付参数） |
-| GET  | `/recharge/orders/:order_no` | 查询订单状态 |
-| POST | `/recharge/orders/:order_no/cancel` | 取消订单 |
-| GET  | `/recharge/records` | 充值记录 |
-| GET  | `/consume/records` | 消费记录 |
-| POST | `/promo/preview` | 预览优惠码效果（金额折算） |
-| POST | `/redeem` | 兑换 CDK |
-
-#### CDK 兑换示例
-
-```json
-POST /api/v1/redeem
-{ "code": "KLEIN-PRO-2026Q1-XXXXXXXX" }
-```
-
-```json
-{
-  "code": 0,
-  "msg": "兑换成功",
-  "data": {
-    "reward": { "points": 10000, "plan": "pro", "days": 30 },
-    "wallet": { "points": 35600 }
-  }
-}
-```
-
-### 2.5 邀请中心
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/invite/info` | 邀请码 / 海报 / 规则 |
-| GET  | `/invite/stats` | 邀请人数 / 累计返点 |
-| GET  | `/invite/list` | 邀请明细（被邀请人 + 状态） |
-| GET  | `/invite/rewards` | 返点流水 |
-
-### 2.6 公告 / 帮助
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/announcements` | 公告列表（按时间 + 状态） |
-| GET  | `/announcements/:id` | 公告详情 |
-| GET  | `/help/docs` | 帮助文档分类 |
-| GET  | `/help/docs/:slug` | 帮助文档 |
-
----
-
-## 3. 管理后台 API（`/admin/api/v1`）
-
-> 全部接口需 `AuthAdminMiddleware` + RBAC 权限校验。
-> 写操作记录 `admin_audit_log`。
-
-### 3.1 鉴权
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| POST | `/auth/login` | 后台登录（密码 + 图形验证码 + 二次校验） |
-| POST | `/auth/logout` | 登出 |
-| POST | `/auth/refresh` | 刷新 |
-| GET  | `/auth/me` | 当前管理员 + 角色 + 权限点 |
-| GET  | `/roles` | 角色列表 |
-| POST | `/roles` | 新增角色 |
-| PATCH| `/roles/:id` | 修改角色 |
-| DELETE| `/roles/:id` | 删除角色 |
-| GET  | `/permissions` | 权限点字典 |
-
-### 3.2 Token 管理（即"账号池"管理）
-
-> 一线运营最常用模块；批量导入/导出/启停/熔断恢复。
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/accounts` | 列表（筛选 provider / status / group） |
-| POST | `/accounts` | 新增单个账号 |
-| POST | `/accounts/import` | **批量导入**（CSV / TXT，每行一个 token） |
-| POST | `/accounts/export` | 批量导出（脱敏） |
-| GET  | `/accounts/:id` | 详情（含使用统计） |
-| PATCH| `/accounts/:id` | 编辑 |
-| POST | `/accounts/:id/test` | 健康测试（实时调用一次最低成本接口） |
-| POST | `/accounts/:id/disable` | 停用 |
-| POST | `/accounts/:id/enable` | 启用 |
-| POST | `/accounts/:id/reset-cooldown` | 解除熔断 |
-| POST | `/accounts/batch/disable` | 批量停用 |
-| POST | `/accounts/batch/delete` | 批量删除 |
-| GET  | `/accounts/:id/stats` | 调用统计（成功率、QPS、p95、累计点数） |
-| GET  | `/account-groups` | 分组列表 |
-| POST | `/account-groups` | 新增分组 |
-| PATCH| `/account-groups/:id` | 编辑（含调度策略） |
-| POST | `/account-groups/:id/members` | 添加成员（批量 account_id） |
-| DELETE| `/account-groups/:id/members/:account_id` | 移除成员 |
-
-#### 批量导入格式（CSV）
-
-```
-provider,name,auth_type,credential,base_url,weight,daily_quota,group_code,remark
-gpt,gpt-001,api_key,sk-xxx,https://api.openai.com,10,0,gpt-image-default,
-grok,grok-001,cookie,"<long cookie>",https://x.ai,10,0,grok-video-default,
-```
-
-### 3.3 用户管理
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/users` | 列表（搜索：手机/邮箱/UUID/邀请码） |
-| GET  | `/users/:id` | 详情 |
-| PATCH| `/users/:id` | 修改昵称 / 套餐 / 状态 |
-| POST | `/users/:id/disable` | 封禁 |
-| POST | `/users/:id/enable` | 解封 |
-| POST | `/users/:id/points/grant` | 手动赠送点数 |
-| POST | `/users/:id/points/deduct` | 手动扣点 |
-| POST | `/users/:id/reset-password` | 重置密码（短信 / 邮件下发临时密码） |
-| GET  | `/users/:id/wallet/logs` | 钱包流水 |
-| GET  | `/users/:id/tasks` | 任务历史 |
-| GET  | `/users/:id/keys` | 该用户的 API Key |
-
-### 3.4 充值 / 消费记录
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/recharge/records` | 充值记录（按时间 / 渠道 / 用户筛选） |
-| GET  | `/recharge/records/:id` | 详情 |
-| POST | `/recharge/records/:id/refund` | 退款（需理由 + 二次校验） |
-| GET  | `/consume/records` | 消费记录 |
-| GET  | `/consume/records/:id` | 详情 |
-| GET  | `/wallet/logs` | 总账流水（跨用户） |
-| GET  | `/stats/revenue` | 收入统计（日/周/月） |
-| GET  | `/stats/consume` | 消费统计 |
-
-### 3.5 优惠码
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/promo-codes` | 列表 |
-| POST | `/promo-codes` | 创建 |
-| PATCH| `/promo-codes/:id` | 编辑 |
-| POST | `/promo-codes/:id/disable` | 停用 |
-| GET  | `/promo-codes/:id/uses` | 使用记录 |
-
-### 3.6 兑换码 CDK
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/redeem-batches` | 批次列表 |
-| POST | `/redeem-batches` | 新建批次（指定数量、奖励、有效期，自动生成 CDK） |
-| GET  | `/redeem-batches/:id` | 批次详情（剩余、已用） |
-| POST | `/redeem-batches/:id/disable` | 停用整批 |
-| GET  | `/redeem-batches/:id/codes` | 单个 CDK 列表 |
-| GET  | `/redeem-batches/:id/export` | 导出 CSV（**仅未使用 CDK**） |
-| POST | `/redeem-codes/:id/disable` | 单条作废 |
-
-### 3.7 系统配置
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/configs` | 全部 key 列表 |
-| GET  | `/configs/:key` | 取单个 |
-| PUT  | `/configs/:key` | 修改 |
-| GET  | `/dicts` | 字典分组 |
-| POST | `/dicts` | 新增 |
-| PATCH| `/dicts/:id` | 编辑 |
-| DELETE| `/dicts/:id` | 删除 |
-| GET  | `/announcements` | 公告管理 |
-| POST | `/announcements` | 新增 |
-| PATCH| `/announcements/:id` | 编辑 |
-| DELETE| `/announcements/:id` | 删除 |
-| GET  | `/models` | 模型管理（生图 / 生视频） |
-| POST | `/models` | 新增模型 |
-| PATCH| `/models/:id` | 编辑（单价、绑定分组、套餐限制） |
-| GET  | `/plans` | 套餐管理 |
-| POST | `/plans` | 新增 |
-| PATCH| `/plans/:id` | 编辑 |
-
-### 3.8 请求日志
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/logs/requests` | 请求日志（多维筛选：用户 / Key / 路径 / 状态 / 时间） |
-| GET  | `/logs/requests/:trace_id` | 单条详情 |
-| GET  | `/logs/pool-calls` | 账号池调用日志 |
-| GET  | `/logs/audit` | 后台操作审计日志 |
-| GET  | `/logs/tasks` | 生成任务日志 |
-| POST | `/logs/export` | 导出（异步任务，邮件回执下载链接） |
-
-### 3.9 概览看板
-
-| 方法 | 路径 | 说明 |
-|------|------|------|
-| GET  | `/dashboard/summary` | 今日 GMV / 用户数 / 任务数 / 成功率 |
-| GET  | `/dashboard/charts/revenue` | 收入折线 |
-| GET  | `/dashboard/charts/usage` | 用量折线 |
-| GET  | `/dashboard/pool/health` | 账号池整体健康 |
-
----
-
-## 4. OpenAI 兼容 API（`/v1`）
-
-> 让用户用 `openai-python` / 任意 SDK，仅替换 `base_url` 和 `api_key` 即可调用。
-> 鉴权：`Authorization: Bearer sk-klein-xxxxx`（用户在 KEY 管理页生成）。
-
-### 4.1 图像生成（OpenAI Images API 兼容）
-
-```
-POST /v1/images/generations
-```
-
-请求体（兼容 OpenAI）：
-```json
-{
-  "model": "img-v3",
-  "prompt": "...",
-  "n": 4,
-  "size": "1024x768",
-  "quality": "hd",
-  "response_format": "url"
-}
-```
-
-响应：
-```json
-{
-  "created": 1714200000,
-  "data": [
-    { "url": "https://cdn..../1.png", "revised_prompt": "..." },
-    { "url": "https://cdn..../2.png" }
-  ]
-}
-```
-
-错误响应（OpenAI 风格）：
-```json
-{
-  "error": {
-    "type": "rate_limit_exceeded",
-    "code": 429301,
-    "message": "操作过于频繁",
-    "trace_id": "..."
-  }
-}
-```
-
-### 4.2 图像编辑 / 变体（兼容）
-
-```
-POST /v1/images/edits          (multipart: image, mask, prompt)
-POST /v1/images/variations     (multipart: image)
-```
-
-### 4.3 视频生成（兼容 OpenAI Sora 风格协议 + Grok 自有协议）
-
-主路由：
-
-```
-POST /v1/videos/generations
-```
-
-请求：
-```json
-{
-  "model": "vid-v1",
-  "prompt": "...",
-  "size": "1280x720",
-  "duration": 8,
-  "ref_image_url": "..."
-}
-```
-
-响应（异步）：
-```json
-{
-  "id": "video_01HX...",
-  "object": "video.generation",
-  "status": "queued",
-  "created": 1714200000
-}
-```
-
-```
-GET  /v1/videos/generations/{id}        # 查询任务（pending/running/completed/failed）
-DELETE /v1/videos/generations/{id}      # 取消
-```
-
-完成后：
-```json
-{
-  "id": "video_01HX...",
-  "object": "video.generation",
-  "status": "completed",
-  "video_url": "https://cdn..../v.mp4",
-  "thumbnail_url": "https://cdn..../t.jpg",
-  "duration_ms": 8000,
-  "size": "1280x720",
-  "created": 1714200000,
-  "completed": 1714200060
-}
-```
-
-### 4.4 模型与计费查询
-
-```
-GET  /v1/models                     # 兼容 OpenAI，返回 KleinAI 全模型
-GET  /v1/dashboard/billing/credit_grants    # 余额查询（返回点数）
-```
-
-### 4.5 限流与错误
-
-- 429 时同时返回 `Retry-After` 与 `X-RateLimit-*` 头
-- 错误码映射 `502201 → upstream_unavailable`（兼容字段 `error.type`）
-- 任意错误响应均携带 `trace_id`
-
----
-
-## 5. 接口安全细则
-
-1. **越权**：所有 `/api/v1/**` 接口必须显式带 `user_id` 过滤；`/admin/**` 必须 `permission` 校验。
-2. **签名（开放 API 可选强制）**：
-   ```
-   X-Klein-Ts: 1714200000
-   X-Klein-Sign: HMAC_SHA256(secret, ts + method + path + sha256(body))
-   ```
-3. **回放防御**：5 分钟时间窗 + Redis 记录 nonce。
-4. **CORS**：白名单仅前端域名；管理后台单独配置。
-5. **CSRF**：用户端用 Bearer Token 天然免疫；后台同源策略 + SameSite=Lax 双保险。
-6. **风控**：登录 / 注册 / 充值 / 兑换接口走 IP+UID 双限流，必要时拉起验证码。
-7. **数据脱敏**：日志、响应内的手机号 / 邮箱 / Key / 第三方 token 一律脱敏。
-
----
-
-## 6. 文档与联调
-
-- Swagger：`/swagger/index.html`，仅 dev/staging 开放，生产关闭；同时通过 `swag init` 生成 `docs/swagger.json`。
-- Apifox 项目：建议建三个空间分别对应三套 API。
-- Postman 集合：每个 PR 必须更新 `docs/api/postman_collection.json`（如启用）。
-- Mock：dev 环境 `?mock=1` 返回固定示例数据，便于前端先行联调。
diff --git "a/docs/05-\345\211\215\347\253\257\350\247\204\350\214\203.md" "b/docs/05-\345\211\215\347\253\257\350\247\204\350\214\203.md"
deleted file mode 100644
index 16f56b39..00000000
--- "a/docs/05-\345\211\215\347\253\257\350\247\204\350\214\203.md"
+++ /dev/null
@@ -1,579 +0,0 @@
-# 05 · 前端规范
-
-> 主题：**克莱因蓝（IKB · International Klein Blue）** · `#002FA7`
-> 定位：AIGC 生图 / 生视频平台。深色为主、白色为辅，工业感 + 科技感。
-> 多终端：手机（375+）/ 平板 / 桌面 / 4K，统一一套代码。
-
----
-
-## 1. 工程结构（Monorepo / pnpm workspace）
-
-```
-frontend/
-├── apps/
-│   ├── user/                    # 用户端（创作中心、个人中心、广场）
-│   │   ├── src/
-│   │   ├── public/
-│   │   ├── index.html
-│   │   ├── vite.config.ts
-│   │   └── package.json
-│   └── admin/                   # 管理后台
-│       └── (同上)
-├── packages/
-│   ├── theme/                   # 克莱因蓝主题：token、tailwind preset、css 变量
-│   ├── ui/                      # 共享业务组件（PromptEditor、ResultGrid、TaskProgress 等）
-│   ├── api-client/              # 自动生成 SDK（基于 OpenAPI）
-│   ├── hooks/                   # 共享 hooks（useDebounce、useMedia、useWS 等）
-│   ├── utils/                   # 工具函数
-│   └── icons/                   # SVG 图标 + svgr
-├── pnpm-workspace.yaml
-├── package.json
-├── tsconfig.base.json
-├── .eslintrc.cjs
-├── .prettierrc.cjs
-└── .stylelintrc.cjs
-```
-
-`apps/user/src` 内部：
-
-```
-src/
-├── main.tsx
-├── App.tsx
-├── routes/                # 路由配置（懒加载）
-├── pages/                 # 页面级组件
-│   ├── home/              # 仪表盘 / 首页
-│   ├── create/            # 创作中心（生图 / 生视频）
-│   ├── history/           # 生成历史
-│   ├── plaza/             # 图像广场 / 模型市场 / 灵感
-│   ├── billing/           # 充值 / 余额 / 兑换
-│   ├── invite/            # 邀请中心
-│   ├── keys/              # KEY 管理
-│   ├── docs/              # 调用说明（API Docs）
-│   ├── settings/          # 个人设置
-│   └── auth/              # 登录注册
-├── features/              # 业务模块（强相关组件 + hooks + store）
-├── components/            # 通用组件（薄包装 ui 包）
-├── layouts/               # AppLayout / AuthLayout / MobileLayout
-├── stores/                # zustand store
-├── services/              # API 调用（基于 api-client）
-├── styles/                # 全局样式
-├── i18n/                  # 文案
-└── env.d.ts
-```
-
----
-
-## 2. 技术栈
-
-| 层 | 选型 | 备注 |
-|----|------|------|
-| 框架 | **React 18** | hooks-only |
-| 构建 | **Vite 5** | swc 编译 |
-| 语言 | **TypeScript 5** | `strict: true` |
-| 样式 | **Tailwind v4** + `@tailwindcss/typography` | 自定义 preset |
-| UI 基础 | **shadcn/ui** | 组件改主题为克莱因蓝 |
-| 状态 | **Zustand** | 用户偏好、UI 状态 |
-| 异步数据 | **TanStack Query v5** | 缓存 / 失效 / 乐观更新 |
-| 路由 | **React Router v6** | 文件式约定 |
-| 表单 | **react-hook-form + zod** | 共用 schema |
-| 国际化 | **i18next** + react-i18next | zh-CN 默认 |
-| 图标 | **lucide-react** + 自有 SVG | |
-| 动画 | **framer-motion** | 进出场 + 微交互 |
-| 图表 | **ECharts**（仪表盘）/ **recharts**（轻量） | |
-| WebSocket | 原生 + 自封装 `useWS` | 自动重连 + 心跳 |
-
----
-
-## 3. 克莱因蓝设计 Token（必看）
-
-> 所有页面 / 组件 **禁止硬编码颜色**，统一引用 token。
-
-### 3.1 CSS Variables（`packages/theme/src/tokens.css`）
-
-```css
-:root {
-  /* === 克莱因蓝 主色阶 === */
-  --klein-50:  #F2F5FF;
-  --klein-100: #E5EAFF;
-  --klein-200: #C7D0FF;
-  --klein-300: #94A3FF;
-  --klein-400: #4D6BFF;
-  --klein-500: #1E3DFF;   /* 电光蓝高光 */
-  --klein-600: #002FA7;   /* IKB 主色 */
-  --klein-700: #00257F;
-  --klein-800: #001B5E;
-  --klein-900: #00133F;
-
-  --klein-grad: linear-gradient(135deg, #002FA7 0%, #1E3DFF 100%);
-  --klein-grad-soft: linear-gradient(135deg, rgba(0,47,167,.08) 0%, rgba(30,61,255,.12) 100%);
-  --klein-glow: 0 0 24px rgba(30, 61, 255, .45);
-
-  /* === 中性 / 文本（浅色模式） === */
-  --ink-900: #0A0E1A;
-  --ink-700: #2B3147;
-  --ink-500: #5C6480;
-  --ink-300: #A8AEC2;
-  --ink-100: #E5E7F0;
-
-  --bg-base: #F7F8FC;
-  --bg-card: #FFFFFF;
-  --bg-elev: #FFFFFF;
-
-  --border-1: rgba(10,14,26,.08);
-  --border-2: rgba(10,14,26,.16);
-
-  /* === 功能色 === */
-  --success:   #00B86B;
-  --warning:   #FFA726;
-  --danger:    #FF3B5C;
-  --info:      #1E3DFF;
-
-  /* === 圆角 / 阴影 / 间距 === */
-  --radius-sm: 6px;
-  --radius-md: 10px;
-  --radius-lg: 14px;
-  --radius-xl: 20px;
-  --radius-pill: 999px;
-
-  --shadow-1: 0 1px 2px rgba(10,14,26,.06);
-  --shadow-2: 0 8px 24px rgba(10,14,26,.08);
-  --shadow-3: 0 20px 48px rgba(0,47,167,.18);
-
-  --duration-fast: 120ms;
-  --duration-base: 200ms;
-  --duration-slow: 320ms;
-  --easing-standard: cubic-bezier(.2,.6,.2,1);
-}
-
-/* 深色模式（推荐生图/生视频默认） */
-[data-theme="dark"] {
-  --ink-900: #E8ECF7;
-  --ink-700: #C2C8DA;
-  --ink-500: #8C94AE;
-  --ink-300: #5C6480;
-  --ink-100: rgba(255,255,255,.10);
-
-  --bg-base: #0A0E1A;
-  --bg-card: #131A2E;
-  --bg-elev: #1B2440;
-
-  --border-1: rgba(255,255,255,.08);
-  --border-2: rgba(255,255,255,.16);
-
-  --klein-600: #4D6BFF;        /* 深色下提亮主色 */
-  --klein-grad: linear-gradient(135deg, #1E3DFF 0%, #4D6BFF 100%);
-  --klein-glow: 0 0 32px rgba(77,107,255,.55);
-
-  --shadow-1: 0 1px 2px rgba(0,0,0,.4);
-  --shadow-2: 0 8px 24px rgba(0,0,0,.45);
-  --shadow-3: 0 20px 48px rgba(30,61,255,.35);
-}
-```
-
-### 3.2 Tailwind Preset（`packages/theme/src/tailwind.preset.ts`）
-
-```ts
-import type { Config } from 'tailwindcss';
-
-export default {
-  darkMode: ['class', '[data-theme="dark"]'],
-  theme: {
-    extend: {
-      colors: {
-        klein: {
-          50:  'var(--klein-50)',
-          100: 'var(--klein-100)',
-          200: 'var(--klein-200)',
-          300: 'var(--klein-300)',
-          400: 'var(--klein-400)',
-          500: 'var(--klein-500)',
-          600: 'var(--klein-600)',
-          700: 'var(--klein-700)',
-          800: 'var(--klein-800)',
-          900: 'var(--klein-900)',
-          DEFAULT: 'var(--klein-600)',
-        },
-        ink: {
-          100: 'var(--ink-100)',
-          300: 'var(--ink-300)',
-          500: 'var(--ink-500)',
-          700: 'var(--ink-700)',
-          900: 'var(--ink-900)',
-        },
-        bg: {
-          base: 'var(--bg-base)',
-          card: 'var(--bg-card)',
-          elev: 'var(--bg-elev)',
-        },
-      },
-      borderColor: {
-        DEFAULT: 'var(--border-1)',
-        strong: 'var(--border-2)',
-      },
-      borderRadius: {
-        sm: 'var(--radius-sm)',
-        md: 'var(--radius-md)',
-        lg: 'var(--radius-lg)',
-        xl: 'var(--radius-xl)',
-        pill: 'var(--radius-pill)',
-      },
-      boxShadow: {
-        1: 'var(--shadow-1)',
-        2: 'var(--shadow-2)',
-        3: 'var(--shadow-3)',
-        glow: 'var(--klein-glow)',
-      },
-      backgroundImage: {
-        'klein-grad': 'var(--klein-grad)',
-        'klein-soft': 'var(--klein-grad-soft)',
-      },
-      fontFamily: {
-        sans: [
-          '"PingFang SC"', '"HarmonyOS Sans SC"', '"Inter"',
-          '-apple-system', 'BlinkMacSystemFont', 'Segoe UI',
-          'Roboto', 'sans-serif',
-        ],
-        mono: ['"JetBrains Mono"', '"Fira Code"', 'Menlo', 'monospace'],
-      },
-      fontSize: {
-        display: 'clamp(28px, 2.4vw + 12px, 48px)',
-        h1: 'clamp(22px, 1.4vw + 12px, 32px)',
-        h2: 'clamp(18px, 0.8vw + 12px, 24px)',
-        h3: 'clamp(16px, 0.4vw + 12px, 20px)',
-        body: 'clamp(14px, 0.2vw + 12px, 16px)',
-        caption: 'clamp(12px, 0.1vw + 11px, 13px)',
-      },
-      transitionTimingFunction: {
-        standard: 'cubic-bezier(.2,.6,.2,1)',
-      },
-      screens: {
-        xs: '480px',
-        sm: '640px',
-        md: '768px',
-        lg: '1024px',
-        xl: '1280px',
-        '2xl': '1536px',
-        '3xl': '1920px',
-        '4xl': '2560px',
-      },
-    },
-  },
-  plugins: [],
-} satisfies Partial<Config>;
-```
-
-### 3.3 主题切换
-
-- 入口注入 `data-theme="dark" | "light"` 到 `<html>`
-- 默认 **创作页面 dark**，**充值/账户/帮助 light**
-- 用户可在「个人设置 → 主题」覆盖：`auto / light / dark`，存 `localStorage.theme` + 同步后端 `user_profile.setting`
-
----
-
-## 4. 多终端响应式
-
-### 4.1 断点与栅格
-
-| 断点 | 宽度 | 用途 | 创作页布局 |
-|------|------|------|----------|
-| xs | < 480 | 小屏手机 | 单列；底部 Tab Bar；操作面板抽屉式 |
-| sm-md | 480-1024 | 大手机 / 平板 | 单列 + 顶部抽屉；结果两列 |
-| lg | 1024-1280 | 小桌面 | 三列：侧栏 + 表单 + 结果 |
-| xl-2xl | 1280-1920 | 桌面 | 三列加宽，侧栏可折叠 |
-| 3xl-4xl | ≥ 1920 | 大屏 / 4K | 容器 max-width 1440，多余留白；结果区可放 6-8 列 |
-
-### 4.2 关键容器规则
-
-```css
-.container-page {
-  width: min(100% - 32px, 1440px);
-  margin-inline: auto;
-}
-
-@media (min-width: 1280px) {
-  .container-page { width: min(100% - 48px, 1440px); }
-}
-
-/* 安全区 */
-.layout-safe {
-  padding-left:  max(16px, env(safe-area-inset-left));
-  padding-right: max(16px, env(safe-area-inset-right));
-  padding-bottom: max(16px, env(safe-area-inset-bottom));
-}
-```
-
-### 4.3 流式字号 / 间距
-
-- 字号：所有 `h1/h2/.../body` 使用 Tailwind `text-h1` 等（`clamp` 已内置）
-- 间距：8pt 栅格 `2/4/8/12/16/20/24/32/40/48/64/80/96`，对应 Tailwind `p-2` 等
-
-### 4.4 移动端 Tab Bar（参考截图）
-
-底部 4 个：**AI 生图 / 图像广场 / 模型市场 / 我的作品**
-- 高度 64px + safe-area
-- 选中态：图标变克莱因蓝、上方 4px 圆点指示
-- 隐藏规则：键盘弹出时 `display: none`（监听 `visualViewport`）
-
-### 4.5 桌面端 Layout
-
-- 顶栏 64：Logo + 充值入口 + 头像菜单
-- 左栏 240（可折叠到 64）：分组导航（创作 / 个人中心 / 更多服务）
-- 主内容区：网格栅格 12 列，`gap: 24`
-
-### 4.6 容器查询（推荐）
-
-组件级响应式优先用 `@container`：
-
-```css
-.gen-result {
-  container-type: inline-size;
-}
-.gen-result .grid {
-  display: grid;
-  gap: clamp(8px, 1cqw, 16px);
-  grid-template-columns: repeat(auto-fill, minmax(160px, 1fr));
-}
-@container (min-width: 720px) {
-  .gen-result .grid { grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); }
-}
-```
-
-### 4.7 高 DPI / 视网膜
-
-- 图标：**全部 SVG**，禁止 PNG 图标（除非动画位图）
-- 缩略图：用 `srcset` 提供 1x/2x/3x，并优先 AVIF：
-
-```tsx
-<picture>
-  <source type="image/avif" srcSet={`${url}.avif 1x, ${url}@2x.avif 2x`} />
-  <source type="image/webp" srcSet={`${url}.webp 1x, ${url}@2x.webp 2x`} />
-  <img src={`${url}.jpg`} loading="lazy" decoding="async"
-       width={400} height={300}
-       style={{ aspectRatio: '4/3', backgroundColor: 'var(--bg-card)' }} />
-</picture>
-```
-
-### 4.8 视频组件规则
-
-- `<video playsInline muted preload="metadata" />`
-- 移动端默认显示 poster，**点击才播**；桌面端 hover 自动播
-- 长视频 ≥ 30s：必须用 HLS（hls.js）分片加载
-- 首屏不放自动播放视频，避免流量爆炸
-
-### 4.9 触控
-
-- 最小热区 **44×44 / 48×48**
-- `:active` 必须有压感反馈（缩放 0.98 / 透明度 0.85）
-- Hover 在触控设备失效，关键操作不能依赖 hover；用 `@media (hover: hover)` 区分
-
----
-
-## 5. 组件规范
-
-### 5.1 通用按钮
-
-| 变体 | 视觉 | 用法 |
-|------|------|------|
-| `primary` | 克莱因渐变 + 白字 + glow shadow | 主 CTA：立即生成、确认充值 |
-| `secondary` | 白底 / 暗底 + 1px klein-600 描边 + klein 字 | 次操作 |
-| `ghost` | 透明 + hover klein-100 | 内嵌、表格内操作 |
-| `danger` | danger 色 | 删除 |
-| `link` | 仅文字 + 下划线 | 跳转 |
-
-通用：圆角 `--radius-md`，高度 28/36/44/52，字号对应 caption/body/h3/h2。
-
-### 5.2 输入框
-
-- 默认描边 `--border-1`；focus 用 `box-shadow: 0 0 0 3px rgba(0,47,167,.15)` + `border: 1px solid var(--klein-600)`
-- 错误：`border: 1px solid var(--danger)`
-- 长文本（提示词）使用 **`textarea`**：min-h 96 / max-h 240，自动撑高（`field-sizing: content` 或 react-textarea-autosize）
-- 右下角必须有「字数 / 操作槽（AI 优化、骰子、清空）」
-
-### 5.3 结果卡片（生图/生视频）
-
-- 比例锁定（`aspect-ratio`）
-- 悬停显示 4 个图标按钮：放大 / 下载 / 再次生成 / 变体
-- 选中状态：外发光 `var(--klein-glow)` + 上浮 2px
-- 视频卡片：右下角时长 chip + 静音/播放叠加按钮
-
-### 5.4 任务进度组件 `<TaskProgress />`
-
-- 状态：`pending`（呼吸 dot）/ `running`（进度条 + 百分比）/ `success`（绿对勾）/ `failed`（错误 + 重试按钮）
-- 进度条用 `--klein-grad` + 流光动画（`background-size: 200% 100%; animation: shimmer 2s linear infinite`）
-
-### 5.5 PromptEditor
-
-- 输入区高度自适应
-- 顶部「AI 优化 / 灵感 / 历史」三个工具按钮
-- 底部右侧：字数 `42 / 1000`（超出红色）
-- 支持 `@模型` 内联引用
-
-### 5.6 Empty / Loading / Error
-
-- Empty：克莱因蓝插画 + 主操作按钮
-- Loading：品牌化 loader（克莱因蓝呼吸方块）；列表 skeleton 用 `animate-pulse + bg-klein-100/10`
-- Error：可重试按钮 + 折叠错误详情（含 `trace_id`，便于客服定位）
-
----
-
-## 6. 路由与权限
-
-### 6.1 路由结构（用户端）
-
-```
-/                       仪表盘（默认重定向到 /create）
-/login                  登录
-/register               注册
-/create                 创作中心（生图）
-/create/video           创作中心（生视频）
-/history                生成历史
-/plaza                  图像广场
-/models                 模型市场
-/keys                   KEY 管理
-/docs                   调用说明
-/billing                余额明细
-/billing/recharge       充值
-/billing/redeem         兑换码
-/invite                 邀请中心
-/settings/profile       个人设置 - 资料
-/settings/security      个人设置 - 安全
-/settings/theme         个人设置 - 主题
-```
-
-### 6.2 路由结构（管理后台）
-
-```
-/login
-/dashboard
-/users
-/users/:id
-/accounts                Token 管理（账号池）
-/accounts/groups
-/recharges
-/consumes
-/promo-codes
-/redeem-codes
-/redeem-codes/:batchId
-/configs
-/configs/dicts
-/configs/announcements
-/models
-/plans
-/logs/requests
-/logs/audits
-/logs/pool-calls
-/admin/users
-/admin/roles
-```
-
-### 6.3 路由守卫
-
-- `<AuthGuard>`：未登录跳 `/login`；token 过期自动 refresh 一次
-- `<PermissionGuard permission="user:list">`：管理后台粒度到按钮级别（用 hook `usePerm('user:list')` 控制按钮显隐）
-- 懒加载：每条路由 `lazy(() => import(...))`
-
----
-
-## 7. 数据请求规范
-
-### 7.1 生成 SDK
-
-- 后端导出 `swagger.json` → 前端 `pnpm gen:sdk` 生成 `packages/api-client`
-- 业务代码 **绝不**直接 `fetch`；必须经 SDK，并配合 TanStack Query：
-
-```ts
-const { data, isLoading } = useQuery({
-  queryKey: ['wallet'],
-  queryFn: () => api.wallet.get(),
-  staleTime: 30_000,
-});
-```
-
-### 7.2 错误处理
-
-- 全局拦截器：
-  - 401 → 自动 refresh，再次失败跳登录
-  - 429 → toast「操作过于频繁，请稍后重试」+ 按钮短暂禁用 `Retry-After`
-  - 502 上游 → toast「服务繁忙，已为您切换通道」
-  - 其他 → 默认 toast `msg` + 控制台打 `trace_id`
-
-### 7.3 WebSocket
-
-`useWS('/ws')`：
-- 自动重连指数退避（1s, 2s, 5s, 10s, 30s）
-- 心跳 25s
-- 订阅 task 进度：`subscribe('task.progress', taskId, cb)`
-
----
-
-## 8. 国际化
-
-- 所有文案走 `t('xxx.yyy')`，禁止硬编码中文
-- 命名空间：`common / auth / create / billing / admin / errors`
-- 错误码 → 文案映射统一在 `packages/utils/src/errCodeMap.ts`
-- 数字、日期、货币用 `Intl.NumberFormat` / `dayjs.locale`
-
----
-
-## 9. 性能与 SEO
-
-- LCP：首屏文案 + 主 CTA 必须 SSR 或预渲染（用户端可上 Next.js 替代纯 Vite）
-- INP < 200ms
-- 图片 `loading="lazy" decoding="async"`，列表虚拟化 `react-virtuoso`
-- 路由级 code-splitting；公共依赖单独 chunk
-- 字体：本地化 `PingFang` 不下发；用系统字体 + 仅业务必要字重
-- 用 `react-scan` 在 dev 阶段排查多余渲染
-
----
-
-## 10. 工程化与质量门禁
-
-- ESLint + Prettier + Stylelint，`husky + lint-staged` pre-commit
-- `tsc --noEmit` 必须通过
-- 单测：vitest，业务 hooks 与 store 必须覆盖 ≥ 60%
-- E2E：Playwright，关键流程（登录、生图、充值、CDK 兑换、KEY 创建）必须有
-- bundle 体积：用户端首屏 ≤ 250KB（gz），后台首屏 ≤ 350KB
-- a11y：所有图片 `alt`、按钮 `aria-label`，重要色对比度 ≥ 4.5
-
----
-
-## 11. 命名与代码风格
-
-- 组件 `PascalCase`：`PromptEditor.tsx`
-- hook `useXxx.ts`
-- 常量 `SCREAMING_SNAKE_CASE`（仅业务无关常量；业务枚举用对象）
-- 业务枚举：
-
-```ts
-export const TaskStatus = {
-  Pending: 0,
-  Running: 1,
-  Success: 2,
-  Failed: 3,
-  Refunded: 4,
-} as const;
-export type TaskStatus = (typeof TaskStatus)[keyof typeof TaskStatus];
-```
-
-- 禁止：`any`、`@ts-ignore`、内联颜色样式（`style={{ color: '#xxx' }}`）
-- 必须：函数组件、hooks、`React.memo` 仅在性能验证后使用
-
----
-
-## 12. 资源约定
-
-- 图标：`packages/icons` 用 svgr 转 React 组件，统一 `currentColor`
-- 插画：放 `apps/*/public/illustrations/`，命名 `empty-tasks.svg`、`error-network.svg`
-- Logo：`logo-mark.svg`（仅图形）+ `logo-full.svg`（图形+文字），克莱因蓝单色 / 白色双版本
-- 静态文件 CDN 命名：`https://cdn.klein.example/static/<hash>.<ext>`
-
----
-
-## 13. 移动端 H5 套壳（可选）
-
-如需 App：用 **Capacitor** 包壳（共用同套前端）：
-- 启动闪屏：克莱因蓝渐变 + Logo
-- 状态栏：浅色页 `dark icons`、深色页 `light icons`，自动跟随主题
-- 推送：FCM / APNs，任务完成提醒
-- 底部安全区已在 CSS 处理；TabBar 自动避让
diff --git "a/docs/06-\351\203\250\347\275\262\344\270\216\350\277\220\347\273\264\350\247\204\350\214\203.md" "b/docs/06-\351\203\250\347\275\262\344\270\216\350\277\220\347\273\264\350\247\204\350\214\203.md"
deleted file mode 100644
index c02cd9b3..00000000
--- "a/docs/06-\351\203\250\347\275\262\344\270\216\350\277\220\347\273\264\350\247\204\350\214\203.md"
+++ /dev/null
@@ -1,531 +0,0 @@
-# 06 · 部署与运维规范
-
-> 部署形态：单机 Docker Compose（≤ 1w DAU）→ K8s（规模化）
-> 端口策略：**全部非常用端口**，对外仅 17080 / 17088 / 17200。
-
----
-
-## 1. 环境矩阵
-
-| 环境 | 域名（举例） | 部署 | 数据 | 触发方式 |
-|------|------|------|------|----------|
-| local | http://localhost:17080 | docker-compose | 本地随便 | 手动 |
-| dev | https://dev.klein.example | compose / k8s-dev | 隔离库 | push to `develop` 自动 |
-| staging | https://stg.klein.example | k8s-stg | 脱敏快照 | merge to `release/*` 自动 |
-| prod | https://klein.example | k8s-prod / 单机 compose-prod | 真实 | 手动审批 |
-
----
-
-## 2. 端口规划（生产）
-
-> 主机所有端口 **iptables 默认 DROP**，仅放行下列端口。SSH 也改为非默认端口（如 52200）。
-
-### 2.1 对外（公网）
-
-| 端口 | 协议 | 用途 |
-|------|------|------|
-| **17080** | HTTPS | 用户端 Web |
-| **17088** | HTTPS | 管理后台 Web（建议绑独立域名 + 限 IP） |
-| **17200** | HTTPS | OpenAI 兼容 API（独立域名） |
-| **17280** | WSS | WebSocket（与 17080 同域 Nginx 路由） |
-
-### 2.2 内网（仅容器/堡垒机）
-
-| 端口 | 服务 |
-|------|------|
-| 17180 | 用户 API（Gin） |
-| 17188 | 后台 API |
-| 13306 | MySQL |
-| 16379 | Redis |
-| 17390 | Asynq Web |
-| 17490 | Prometheus |
-| 17491 | Grafana |
-| 17590 | pprof（白名单 IP） |
-| 17690 | Swagger UI（dev/stg） |
-
-### 2.3 防火墙规则示例（UFW）
-
-```bash
-ufw default deny incoming
-ufw default allow outgoing
-ufw allow 52200/tcp        # SSH
-ufw allow 17080/tcp        # 用户端
-ufw allow 17088/tcp from <运维公司出口IP>   # 管理后台限 IP
-ufw allow 17200/tcp        # OpenAI 兼容
-ufw enable
-```
-
-> Cloud 环境用安全组等价配置，并在前置 CDN（Cloudflare / 七牛 / 腾讯 EO）上叠加 WAF。
-
----
-
-## 3. Docker Compose 部署（单机 / 小规模）
-
-### 3.1 目录
-
-```
-deploy/
-├── docker-compose.yml          # 通用
-├── docker-compose.dev.yml      # 开发覆盖
-├── docker-compose.prod.yml     # 生产覆盖
-├── env/
-│   ├── .env.dev                # 不入仓
-│   └── .env.prod               # 不入仓
-├── nginx/
-│   ├── nginx.conf
-│   └── conf.d/
-│       ├── user.conf
-│       ├── admin.conf
-│       └── openai.conf
-├── mysql/
-│   ├── my.cnf
-│   └── init/                   # 初始 SQL
-└── redis/
-    └── redis.conf
-```
-
-### 3.2 `docker-compose.prod.yml` 示例
-
-```yaml
-services:
-  mysql:
-    image: mysql:8.0
-    container_name: klein-mysql
-    restart: always
-    command: --default-authentication-plugin=caching_sha2_password
-    environment:
-      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
-      MYSQL_DATABASE: klein_ai
-      MYSQL_USER: klein
-      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
-    ports:
-      - "127.0.0.1:13306:3306"      # 仅本机访问，必要时去掉
-    volumes:
-      - ./mysql/my.cnf:/etc/mysql/conf.d/my.cnf:ro
-      - ./mysql/init:/docker-entrypoint-initdb.d:ro
-      - mysql-data:/var/lib/mysql
-    networks: [klein-net]
-    healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-
-  redis:
-    image: redis:7-alpine
-    container_name: klein-redis
-    restart: always
-    command: ["redis-server", "/etc/redis/redis.conf"]
-    ports:
-      - "127.0.0.1:16379:6379"
-    volumes:
-      - ./redis/redis.conf:/etc/redis/redis.conf:ro
-      - redis-data:/data
-    networks: [klein-net]
-
-  api:
-    image: registry.klein.example/backend:${TAG}
-    container_name: klein-api
-    restart: always
-    command: ["/app/api"]
-    env_file: env/.env.prod
-    expose: ["17180"]
-    networks: [klein-net]
-    depends_on: [mysql, redis]
-    deploy:
-      resources:
-        limits: { cpus: "2.0", memory: 1g }
-
-  admin-api:
-    image: registry.klein.example/backend:${TAG}
-    container_name: klein-admin-api
-    restart: always
-    command: ["/app/admin"]
-    env_file: env/.env.prod
-    expose: ["17188"]
-    networks: [klein-net]
-    depends_on: [mysql, redis]
-
-  openai-api:
-    image: registry.klein.example/backend:${TAG}
-    container_name: klein-openai-api
-    restart: always
-    command: ["/app/openai"]
-    env_file: env/.env.prod
-    expose: ["17200"]
-    networks: [klein-net]
-    depends_on: [mysql, redis]
-
-  worker:
-    image: registry.klein.example/backend:${TAG}
-    container_name: klein-worker
-    restart: always
-    command: ["/app/worker"]
-    env_file: env/.env.prod
-    networks: [klein-net]
-    depends_on: [mysql, redis]
-    deploy:
-      resources:
-        limits: { cpus: "2.0", memory: 1g }
-
-  user-web:
-    image: registry.klein.example/frontend-user:${TAG}
-    container_name: klein-user-web
-    restart: always
-    expose: ["80"]
-    networks: [klein-net]
-
-  admin-web:
-    image: registry.klein.example/frontend-admin:${TAG}
-    container_name: klein-admin-web
-    restart: always
-    expose: ["80"]
-    networks: [klein-net]
-
-  nginx:
-    image: nginx:1.27-alpine
-    container_name: klein-nginx
-    restart: always
-    ports:
-      - "17080:17080"
-      - "17088:17088"
-      - "17200:17200"
-    volumes:
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./nginx/conf.d:/etc/nginx/conf.d:ro
-      - ./nginx/certs:/etc/nginx/certs:ro
-      - ./nginx/logs:/var/log/nginx
-    networks: [klein-net]
-    depends_on: [api, admin-api, openai-api, user-web, admin-web]
-
-  prometheus:
-    image: prom/prometheus
-    restart: always
-    ports: ["127.0.0.1:17490:9090"]
-    volumes:
-      - ./monitor/prometheus.yml:/etc/prometheus/prometheus.yml:ro
-      - prom-data:/prometheus
-    networks: [klein-net]
-
-  grafana:
-    image: grafana/grafana
-    restart: always
-    ports: ["127.0.0.1:17491:3000"]
-    environment:
-      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD}
-    volumes: [grafana-data:/var/lib/grafana]
-    networks: [klein-net]
-
-volumes:
-  mysql-data:
-  redis-data:
-  prom-data:
-  grafana-data:
-
-networks:
-  klein-net:
-    driver: bridge
-```
-
-### 3.3 后端 Dockerfile（多阶段、最小镜像）
-
-```dockerfile
-# --- build stage ---
-FROM golang:1.22-alpine AS builder
-WORKDIR /src
-COPY go.mod go.sum ./
-RUN go mod download
-COPY . .
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /out/api ./cmd/api && \
-    CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /out/admin ./cmd/admin && \
-    CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /out/openai ./cmd/openai && \
-    CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /out/worker ./cmd/worker
-
-# --- runtime ---
-FROM gcr.io/distroless/static-debian12:nonroot
-WORKDIR /app
-COPY --from=builder /out/ /app/
-COPY configs /app/configs
-USER nonroot:nonroot
-EXPOSE 17180 17188 17200
-ENTRYPOINT ["/app/api"]
-```
-
-### 3.4 前端 Dockerfile
-
-```dockerfile
-FROM node:20-alpine AS builder
-WORKDIR /src
-RUN corepack enable
-COPY pnpm-lock.yaml package.json pnpm-workspace.yaml ./
-COPY apps/user/package.json apps/user/
-COPY packages packages
-RUN pnpm install --frozen-lockfile
-COPY . .
-RUN pnpm --filter @klein/user build
-
-FROM nginx:1.27-alpine
-COPY --from=builder /src/apps/user/dist /usr/share/nginx/html
-COPY deploy/nginx/spa.conf /etc/nginx/conf.d/default.conf
-EXPOSE 80
-```
-
----
-
-## 4. Nginx 配置
-
-### 4.1 `nginx.conf` 关键
-
-```nginx
-worker_processes auto;
-events { worker_connections 65535; }
-http {
-  sendfile on;
-  tcp_nopush on;
-  keepalive_timeout 65;
-  client_max_body_size 200m;     # 视频参考素材
-  gzip on;
-  gzip_types text/plain application/json application/javascript text/css image/svg+xml;
-  brotli on;                      # 如启用 brotli 模块
-  log_format json escape=json '{"ts":"$time_iso8601","ip":"$remote_addr","ua":"$http_user_agent","method":"$request_method","uri":"$request_uri","status":$status,"latency":$request_time,"upstream_latency":"$upstream_response_time","trace":"$http_x_request_id"}';
-  access_log /var/log/nginx/access.log json;
-  include /etc/nginx/conf.d/*.conf;
-}
-```
-
-### 4.2 用户端 `user.conf`
-
-```nginx
-upstream user_api { server api:17180; keepalive 64; }
-upstream user_web { server user-web:80; }
-
-server {
-  listen 17080 ssl http2;
-  server_name klein.example;
-
-  ssl_certificate     /etc/nginx/certs/klein.example.crt;
-  ssl_certificate_key /etc/nginx/certs/klein.example.key;
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_ciphers HIGH:!aNULL:!MD5;
-  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-  add_header X-Frame-Options "SAMEORIGIN" always;
-  add_header X-Content-Type-Options "nosniff" always;
-  add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-
-  # 静态前端
-  location / {
-    proxy_pass http://user_web;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-  }
-
-  # API
-  location /api/ {
-    proxy_pass http://user_api;
-    proxy_http_version 1.1;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Request-Id $http_x_request_id;
-    proxy_read_timeout 300s;
-  }
-
-  # WebSocket
-  location /ws {
-    proxy_pass http://user_api;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_read_timeout 3600s;
-  }
-}
-```
-
-`admin.conf`、`openai.conf` 类似，注意 OpenAI 兼容入口去掉 SPA 静态、单独限流：
-
-```nginx
-limit_req_zone $binary_remote_addr zone=openai_ip:10m rate=20r/s;
-server {
-  listen 17200 ssl http2;
-  server_name openai.klein.example;
-  location /v1/ {
-    limit_req zone=openai_ip burst=40 nodelay;
-    proxy_pass http://openai_api;
-    proxy_read_timeout 600s;       # 视频生成长连接
-  }
-}
-```
-
-### 4.3 管理后台额外加固
-
-```nginx
-# 仅运维白名单 IP
-allow 1.2.3.0/24;
-allow 5.6.7.8;
-deny all;
-
-# 强制 basic-auth 二道门（可选）
-auth_basic "klein admin";
-auth_basic_user_file /etc/nginx/htpasswd;
-```
-
----
-
-## 5. 监控与告警
-
-### 5.1 指标（Prometheus）
-
-后端暴露 `/metrics`（仅 17590 内网或带白名单），关键指标：
-
-```
-http_requests_total{route,method,status}
-http_request_duration_seconds_bucket
-gen_task_total{kind,model,status}
-gen_task_duration_seconds_bucket{kind,model}
-pool_account_status{provider,status}
-pool_call_total{provider,status}
-biller_consume_points_total
-biller_refund_points_total
-db_query_duration_seconds
-redis_command_duration_seconds
-```
-
-### 5.2 告警策略
-
-| 触发条件 | 通道 | 等级 |
-|----------|------|------|
-| 5xx > 1% (5min) | 企业微信 | P1 |
-| P99 latency > 1s (10min) | 企微 | P2 |
-| 账号池可用率 < 80% | 企微 + 短信 | P1 |
-| 任务失败率 > 10% | 企微 | P2 |
-| MySQL 连接 > 80% | 企微 | P1 |
-| Redis 内存 > 85% | 企微 | P2 |
-| 备份失败 | 企微 + 邮件 | P1 |
-| 证书 30 天到期 | 邮件 | P3 |
-
-### 5.3 日志收集
-
-- 应用：stdout JSON → docker → Loki / 阿里 SLS
-- Nginx：JSON access log + error log
-- 保留 30 天热 + 1 年冷归档（S3 + parquet）
-- 告警：基于关键字（`level=error AND module=biller`）
-
-### 5.4 链路追踪
-
-- OpenTelemetry SDK（Go）→ 接收器：Jaeger / Tempo
-- 入口生成 `trace_id`，所有日志、HTTP 头、Provider 调用都带
-
----
-
-## 6. 备份与灾备
-
-### 6.1 MySQL
-
-- 每日 02:00 全量 `xtrabackup` → S3，保留 30 天
-- 每小时 binlog 增量同步备库 + 上 S3，保留 7 天
-- **每周演练恢复**：在隔离机器从备份还原 + 业务校验
-
-### 6.2 Redis
-
-- AOF + RDB 双开（`appendonly yes`，`save 900 1`），数据写盘
-- 每日 RDB 备份至 S3
-
-### 6.3 文件存储
-
-- 生成结果存对象存储（S3 / OSS / R2）
-- 启用版本与跨区域复制
-- 设置生命周期：6 个月转归档（冷存储）
-
-### 6.4 配置 / 凭证
-
-- 敏感配置走 Vault / 阿里 KMS / 自建 sops
-- 仓库 **绝不提交 `.env*`**；CI 通过 OIDC / Secret 注入
-
----
-
-## 7. 发布流程
-
-### 7.1 CI（GitHub Actions / GitLab CI）
-
-1. lint + test + build（前后端并行）
-2. 构建镜像 + 推私有 Registry（可走 17500 或标准 5000）
-3. 生成版本 tag `v{Y.M.D}-{shortSHA}`
-4. dev / staging 自动 helm/compose 滚动更新
-5. prod 需 PR 审批 → 触发 deploy job
-
-### 7.2 滚动更新（Compose）
-
-```bash
-docker compose pull
-docker compose up -d --no-deps --remove-orphans api admin-api openai-api worker
-docker compose exec nginx nginx -s reload
-```
-
-健康检查通过后才切流；失败则 `docker compose rollback`（用 tag 回滚）。
-
-### 7.3 数据库迁移
-
-- 仅 **goose / atlas** 执行，CI 阶段单独跑：
-  ```
-  goose -dir migrations mysql "${KLEIN_DB_DSN}" up
-  ```
-- 必须 **向前兼容**：先发 schema 再发代码，保证滚动期间老/新版本共存可用。
-
-### 7.4 灰度
-
-- API 镜像支持读取 `KLEIN_GRAY_PCT`，按 `userID hash % 100` 灰度新功能
-- 前端 feature flag 走系统配置 `system_config.feature.*`，运营可热切
-
----
-
-## 8. 安全运维基线
-
-1. 主机 SSH 改非默认端口（不入仓） + 仅 key 登录 + fail2ban
-2. 应用以 **非 root** 运行（distroless `nonroot`）
-3. 数据库 / Redis 禁止公网；密码 ≥ 24 位强随机
-4. 所有第三方 token 在 DB 加密（AES-256-GCM），密钥仅在运维 KMS
-5. 日志严禁明文密钥 / 密码 / cookie
-6. 漏洞扫描：`govulncheck` + `npm audit` + Trivy 镜像扫描，CI 必跑
-7. Docker 镜像必须签名（cosign），生产仅拉签名镜像
-8. WAF + CC 防御挂在 CDN 侧（17080/17088/17200）
-9. 后台二次校验：登录 + 关键操作（退款 / 大额扣减 / 批量删除）需 TOTP / 短信
-10. 定期演练：每月一次安全演练（注入、越权、越权扫描）
-
----
-
-## 9. 容量与扩展
-
-### 9.1 单机 → 多机
-
-阶段一（单机 Docker Compose）足以支撑 1k 并发、10w DAU 以下。
-扩容触发条件：
-- CPU 平均 > 60% 持续 1 周
-- API P99 > 500ms
-- worker 任务积压 > 1k
-
-扩容动作：
-1. MySQL 主从分离 + 读写分离
-2. Redis 主从 + Sentinel 或 Cluster
-3. 后端水平扩多实例（4 个 cmd 各起多副本，前置负载均衡）
-4. Worker 按队列拆分实例
-5. 上 K8s（参考 `deploy/k8s`）
-
-### 9.2 视频生成单独成池
-
-视频任务耗时长（30s-5min）+ 占带宽，建议：
-- 单独 worker 集群（高 CPU + 大网络）
-- 单独的对象存储桶 + 独立 CDN 域名
-- 任务有 SLA：超过 N 分钟未完成自动取消并退点
-
----
-
-## 10. 运行手册（Runbook 摘要）
-
-| 故障现象 | 优先排查 | 快速止血 |
-|----------|----------|----------|
-| 5xx 暴涨 | Nginx error log + 应用日志 + 数据库连接 | 切流到旧版镜像 |
-| 任务全部失败 | `pool_call_log`，账号池健康 | 调度策略切到「LowestErrRate」+ 临时禁用问题账号 |
-| 余额扣错 | `wallet_log` + `consume_record` 对账 | 通过运营后台手工补/退点；写明审计 |
-| Redis OOM | 大 key 排查、惰性删除 | 按业务删非关键 key（如 `idem:*`） |
-| MySQL 连接打满 | slow log + 慢查询 + 连接池配置 | 临时扩 `max_connections` + kill 慢查询 |
-| 网关被打 | CDN WAF | 启用兜底页面 + Cloudflare under-attack 模式 |
diff --git a/docs/7f76a99c-1100-4216-970b-624ff135808d.png b/docs/7f76a99c-1100-4216-970b-624ff135808d.png
deleted file mode 100644
index ee8201ce..00000000
Binary files a/docs/7f76a99c-1100-4216-970b-624ff135808d.png and /dev/null differ
diff --git a/docs/FRAMEWORK.md b/docs/FRAMEWORK.md
new file mode 100644
index 00000000..b814062e
--- /dev/null
+++ b/docs/FRAMEWORK.md
@@ -0,0 +1,701 @@
+# 云芯 API 框架开发说明
+
+> 本文是项目的顶层架构与开发约定,所有开发者在动工前必须通读。
+> 姊妹文档:`[API_NOTES.md](../API_NOTES.md)`(上游接口细节)、`[RISK_AND_SAAS.md](../RISK_AND_SAAS.md)`(风控与调度原则)。
+>
+> 最后更新:2026-04-17
+
+---
+
+## 一、产品定位与核心决策
+
+
+| 维度     | 决策                                                                                           |
+| ------ | -------------------------------------------------------------------------------------------- |
+| 模型来源   | 纯逆向 `chatgpt.com`,文字 + 生图共用同一账号池 / cookies 体系                                                |
+| 下游协议   | 完全兼容 OpenAI 官方(`/v1/chat/completions`、`/v1/images/generations`、`/v1/models`)                 |
+| 计费模型   | 统一「积分钱包」,文字按 token 折算、生图按张数折算;流式结束后一次性扣费,前置预扣冻结                                              |
+| 生图形态   | 异步任务为主(`POST /v1/images/generations` 返回 `task_id` → `GET /v1/images/tasks/{id}`),保留同步模式做协议兼容 |
+| KEY 粒度 | 全特性:额度、过期、模型白名单、IP 白名单、RPM/TPM、分组倍率                                                          |
+| 角色模型   | 两级:普通用户 / 超级管理员                                                                              |
+| 支付     | 易支付聚合(微信 + 支付宝)                                                                              |
+| 后端     | Go 1.22+ / Gin / sqlx / MySQL 8.0 / Redis 7                                                  |
+| 前端     | Vue 3 / Element Plus / ECharts / UnoCSS                                                      |
+
+
+---
+
+## 二、系统架构总览
+
+```mermaid
+flowchart LR
+  subgraph Client [客户端]
+    UserWeb[用户前端 Vue3 EP]
+    AdminWeb[管理后台 Vue3 EP]
+    Downstream[下游调用方 OpenAI SDK]
+  end
+
+  subgraph Gateway [接入层 Gin]
+    OpenAIGW["OpenAI 兼容网关 /v1/*"]
+    MgmtAPI["管理 REST API /api/*"]
+    SSEProxy[SSE 流式转发]
+  end
+
+  subgraph Service [业务服务层]
+    AuthSvc[认证/用户]
+    KeySvc[下游KEY管理]
+    BillSvc[积分计费引擎]
+    PaySvc[充值/兑换码]
+    StatSvc[统计聚合]
+    AccSvc[账号池服务]
+    Scheduler["串行调度器 Redis互斥锁"]
+    Worker[异步生图Worker]
+    RiskSvc[风控自检Cron]
+  end
+
+  subgraph Upstream [上游]
+    ChatGPT["chatgpt.com 逆向接口"]
+    ProxyPool["代理池 一号一出口"]
+  end
+
+  subgraph Store [存储]
+    MySQL[("MySQL 主+从")]
+    Redis[("Redis 锁/队列/缓存")]
+  end
+
+  UserWeb --> MgmtAPI
+  AdminWeb --> MgmtAPI
+  Downstream --> OpenAIGW
+  OpenAIGW --> SSEProxy
+  OpenAIGW --> BillSvc
+  OpenAIGW --> Scheduler
+  MgmtAPI --> AuthSvc
+  MgmtAPI --> KeySvc
+  MgmtAPI --> PaySvc
+  MgmtAPI --> StatSvc
+  MgmtAPI --> AccSvc
+  Scheduler --> AccSvc
+  Scheduler --> Worker
+  Worker --> ChatGPT
+  ChatGPT -.走代理.-> ProxyPool
+  RiskSvc --> AccSvc
+  Service --> MySQL
+  Service --> Redis
+```
+
+
+
+---
+
+## 三、目录结构
+
+```text
+gpt2api/
+├── cmd/server/main.go          # 主入口
+├── configs/
+│   ├── config.yaml             # 真实配置(.gitignore)
+│   └── config.example.yaml     # 模板,提交仓库
+├── internal/
+│   ├── config/                 # 配置加载(viper)
+│   ├── db/                     # MySQL + Redis 连接管理
+│   ├── model/                  # 数据模型 + DAO
+│   ├── middleware/             # 鉴权/限流/日志/Recover
+│   ├── gateway/                # OpenAI 兼容网关
+│   ├── auth/                   # 登录注册、JWT
+│   ├── user/                   # 用户 CRUD、积分余额
+│   ├── apikey/                 # 下游 KEY
+│   ├── account/                # chatgpt.com 账号池
+│   ├── proxy/                  # 代理池
+│   ├── scheduler/              # 账号调度器
+│   ├── upstream/chatgpt/       # 逆向接口封装
+│   ├── worker/image/           # 异步生图 Worker
+│   ├── billing/                # 计费引擎
+│   ├── payment/epay/           # 易支付
+│   ├── redeem/                 # 兑换码
+│   ├── risk/                   # 风控自检 Cron
+│   ├── stats/                  # 统计聚合
+│   ├── admin/                  # 超管接口
+│   └── server/                 # HTTP 路由组装
+├── pkg/
+│   ├── crypto/                 # AES-256-GCM
+│   ├── ratelimit/              # Redis 令牌桶
+│   ├── lock/                   # Redis 分布式锁
+│   ├── sse/                    # SSE 工具
+│   ├── logger/                 # 日志封装(zap)
+│   └── resp/                   # 统一响应结构
+├── sql/
+│   ├── schema/                 # 建表 DDL
+│   └── migrations/             # goose 迁移脚本
+├── web/
+│   ├── user/                   # Vue3 用户端
+│   └── admin/                  # Vue3 管理端
+├── deploy/
+│   ├── docker-compose.yml
+│   ├── Dockerfile
+│   └── nginx.conf
+├── docs/
+│   ├── FRAMEWORK.md            # 本文档
+│   ├── API_NOTES.md            # 上游接口
+│   └── RISK_AND_SAAS.md        # 风控原则
+├── Makefile
+├── go.mod
+└── go.sum
+```
+
+---
+
+## 四、模块职责
+
+
+| 模块                          | 职责                                                            |
+| --------------------------- | ------------------------------------------------------------- |
+| `internal/gateway`          | 入口路由、协议解析、鉴权、分发上游                                             |
+| `internal/auth`             | 注册、登录、JWT 签发/校验、2FA(可选)                                       |
+| `internal/user`             | 用户信息、分组归属、积分读写                                                |
+| `internal/apikey`           | 下游 KEY 生成、校验、权限(额度/白名单/RPM·TPM)                               |
+| `internal/account`          | 账号 CRUD、AT/cookies 加密存储、健康状态机                                 |
+| `internal/proxy`            | 代理 CRUD、一号一出口绑定、健康探测                                          |
+| `internal/scheduler`        | 单号互斥锁、冷却、选号算法、每日熔断                                            |
+| `internal/upstream/chatgpt` | 封装 `API_NOTES.md` 全部接口(init / prepare / conversation / files) |
+| `internal/worker/image`     | 任务队列消费、SSE 监听、polling、下载、落盘                                   |
+| `internal/billing`          | 预扣冻结、结算扣费、模型倍率、分组倍率                                           |
+| `internal/payment/epay`     | 易支付对接、回调校验、订单状态机                                              |
+| `internal/redeem`           | 兑换码生成、批量导出、核销                                                 |
+| `internal/risk`             | `/conversation/init` 自检 cron、banner 监控                        |
+| `internal/stats`            | 按小时 / 天聚合、Top 榜、Token 曲线                                      |
+| `internal/admin`            | 超管接口:账号池、代理、模型、系统配置、公告                                        |
+
+
+---
+
+## 五、数据模型
+
+所有表统一 `id bigint unsigned`、`created_at`、`updated_at`、`deleted_at`(软删除)。
+积分单位 `厘`(1 元 = 10000 厘,避免浮点)。
+
+### 5.1 用户 / 权限
+
+- `users` — `id, email, password_hash, nickname, group_id, role(user/admin), status(active/banned), credit_balance, credit_frozen, version, last_login_at, last_login_ip`
+- `user_groups` — `id, name, ratio(默认 1.0,VIP=0.8), daily_limit_credits, rpm_limit, tpm_limit`
+- `api_keys` — `id, user_id, key_prefix, key_hash, name, quota_limit, quota_used, allowed_models(JSON), allowed_ips(JSON), rpm, tpm, expires_at, enabled, last_used_at`
+- `credit_transactions` — `id, user_id, key_id, type(consume/recharge/refund/redeem/admin_adjust), amount, balance_after, ref_id, remark`
+
+### 5.2 账号池
+
+- `oai_accounts` — `id, email, auth_token_enc, refresh_token_enc, token_expires_at, oai_session_id, oai_device_id, plan_type, daily_image_quota, status(healthy/warned/throttled/suspicious/dead), warned_at, cooldown_until, last_used_at, notes`
+- `oai_account_cookies` — `account_id, cookie_json_enc, updated_at`
+- `proxies` — `id, scheme, host, port, username, password, country, isp, health_score, last_probe_at, enabled`
+- `account_proxy_bindings` — `account_id(unique), proxy_id, bound_at`
+- `account_quota_snapshots` — `account_id, feature_name, remaining, reset_after, snapshot_at`
+
+### 5.3 模型 / 计费
+
+- `models` — `id, slug, type(chat/image), upstream_model_slug, input_price_per_1m, output_price_per_1m, image_price_per_call, enabled`
+- `billing_ratios` — `model_id, group_id, ratio`
+
+### 5.4 请求 / 任务
+
+- `usage_logs` — `id, user_id, key_id, model_id, account_id, request_id, type, input_tokens, output_tokens, cache_read_tokens, cache_write_tokens, image_count, credit_cost, duration_ms, status, error_code, ip, ua, created_at`(按月分表 `usage_logs_202604`)
+- `image_tasks` — `id, task_id(uuid), user_id, key_id, account_id, prompt, n, size, status, conversation_id, file_ids, result_urls, error, created_at, started_at, finished_at`
+
+### 5.5 充值 / 兑换
+
+- `recharge_orders` — `id, order_no, user_id, amount, credits, channel, epay_trade_no, status, paid_at, callback_raw`
+- `redeem_codes` — `id, code, batch_id, credits, used_by_user_id, used_at, expires_at`
+
+### 5.6 系统
+
+- `system_configs` — `key, value(JSON)`
+- `announcements` — `id, title, content, level, enabled, start_at, end_at`
+- `audit_logs` — `admin_id, action, target, diff(JSON), ip, created_at`
+
+---
+
+## 六、关键技术细节
+
+### 6.1 账号池调度器
+
+```text
+DispatchAccount(modelType) -> (Account, Unlock, err)
+  1. 从 Redis ZSet<status=healthy> 按 last_used_at 升序取候选
+  2. 对候选逐个尝试 SET NX acc:lock:{id} worker_id EX 1200
+  3. 首个抢到锁的即为调度结果(原子)
+  4. 校验 cooldown_until、quota_remaining、今日消耗 < quota*60%
+  5. 返回 unlock 闭包,业务 defer 释放
+```
+
+要点:
+
+- 一号一锁(SETNX,兜底 20min)
+- 最小间隔 60s(ZSet 存 `next_available_at`)
+- 单号日消耗熔断 ≤ daily_quota × 60%
+- 连续 3 次 429 → 自动冷却 10min
+- `banner_info ≠ null` → 状态迁移 `warned`,暂停调度 24h
+
+### 6.2 OpenAI 兼容网关 + SSE
+
+- `POST /v1/chat/completions` 识别 `stream=true` 时,开 `http.Flusher` 边接收上游 SSE 边转发
+- 上游 `conduit_token` / `chat_token` / `proof_token` 在网关层透明处理
+- SSE 结束时统计 `input_tokens` / `output_tokens`,立即结算
+
+### 6.3 积分预扣与结算
+
+```text
+进网关:
+  estimated = max_tokens * price * ratio
+  DB 事务: balance -= estimated; frozen += estimated (WHERE balance >= estimated AND version = v)
+  失败 -> 402 Payment Required
+
+调用完成:
+  actual = 实际用量 * price * ratio
+  DB 事务: frozen -= estimated; balance += (estimated - actual); version += 1
+  写 usage_logs + credit_transactions
+```
+
+并发安全:乐观锁 `WHERE balance >= ? AND version = ?`,失败自动重试 3 次。
+
+### 6.4 限流
+
+- 网关令牌桶(Redis Lua 原子脚本),按 `key_id` 维度 RPM/TPM
+- IP 白名单在中间件最前置,O(1) Redis Set 判定
+
+### 6.5 异步生图
+
+```text
+HTTP -> Redis Stream(image:tasks) -> Worker consumer group
+Worker -> 调度账号 -> 跑 API_NOTES.md [1]~[8] -> 落盘/S3 -> 写回 DB
+客户端 GET /v1/images/tasks/{id}
+```
+
+### 6.6 风控自检 Cron
+
+每小时扫描所有 `status=healthy` 账号,调 `/backend-api/conversation/init`,写 `account_quota_snapshots`,命中 `banner_info ≠ null` 或 `blocked_features ≠ []` 自动迁移状态并告警。
+
+---
+
+## 七、功能规范
+
+> 所有菜单、页面、操作项必须按此清单实现。实现时序以第十章里程碑为准。
+
+### 7.1 前端站点结构
+
+```text
+/                           公开首页(产品介绍、定价、登录入口)
+/login  /register           登录 / 注册
+/user/*                     用户中心(登录态)
+/admin/*                    管理后台(admin 登录态)
+```
+
+用户中心与管理后台共用一套布局壳(侧边栏 + 顶部栏 + 主内容区),顶部栏与侧边栏**组件完全一致**,通过权限开关控制显示菜单项。
+
+### 7.2 管理后台菜单(admin role 可见)
+
+
+| 菜单    | 路径                     | 功能要点                                                                            |
+| ----- | ---------------------- | ------------------------------------------------------------------------------- |
+| 仪表盘   | `/admin/dashboard`     | 顶部 8 个指标卡 + 模型分布 + Token 趋势 + 最近使用 Top 12,支持时间范围与粒度切换                           |
+| 运维监控  | `/admin/ops`           | 账号池健康分布饼图、代理池状态、队列深度(image / chat)、近 5 分钟 429/403 计数、SSE 活跃连接数                  |
+| 用户管理  | `/admin/users`         | 用户列表(搜索 / 筛选 / 分页)、改分组、改积分、改状态、重置密码、查看调用流水                                      |
+| 分组管理  | `/admin/groups`        | 分组 CRUD,设置倍率、日限额、RPM、TPM                                                        |
+| 渠道管理  | `/admin/channels`      | **chatgpt.com 账号池**:新增账号(AT / cookies / device_id),一键绑定代理,查看状态机,手工冷却/启用/禁用,批量导入 |
+| 订阅管理  | `/admin/plans`         | 付费订阅套餐(月付 / 季付 / 年付),配置赠送积分、KEY 数量上限、可用模型                                       |
+| 账号管理  | `/admin/accounts`      | 注:与"渠道管理"分离。用于被封 / 警告 / 已死账号的归档回收站,含复盘字段                                        |
+| 公告    | `/admin/announcements` | 公告 CRUD,支持 level(info/warn/danger)、定时上下线                                        |
+| IP 管理 | `/admin/ip`            | IP 黑白名单,支持 CIDR,按 KEY / 全局两级                                                    |
+| 兑换码   | `/admin/redeem-codes`  | 批量生成(面额 / 数量)、导出 CSV、作废、核销记录                                                    |
+| 优惠码   | `/admin/coupons`       | 充值时抵扣码(与兑换码不同,是"充 100 送 20"类),绑定套餐                                              |
+| 使用记录  | `/admin/usage`         | 全站调用流水,按用户 / KEY / 模型 / 账号 / 时间筛选,可导出                                           |
+| 系统设置  | `/admin/settings`      | `system_configs` 的可视化编辑:注册开关、默认分组、新用户赠送积分、默认模型、公告栏、支付渠道开关、邮箱 SMTP               |
+
+
+### 7.3 用户中心菜单(所有登录用户可见)
+
+
+| 菜单     | 路径                   | 功能要点                                                                   |
+| ------ | -------------------- | ---------------------------------------------------------------------- |
+| 仪表盘    | `/user/dashboard`    | 个人积分余额、今日 / 本月 Token、活跃 KEY 数、最近 7 天用量图                                |
+| API 密钥 | `/user/keys`         | KEY 列表、创建(名称 / 模型白名单 / IP 白名单 / 额度 / RPM / TPM / 过期),一次性展示明文,之后只存 hash |
+| 使用记录   | `/user/usage`        | 按 KEY / 模型 / 时间筛选个人调用流水,显示 token / 积分 / 状态                             |
+| 我的订阅   | `/user/subscription` | 当前订阅、到期时间、续费 / 升级入口                                                    |
+| 兑换     | `/user/redeem`       | 输入兑换码领取积分,显示最近兑换历史                                                     |
+| 充值     | `/user/recharge`     | 选金额 → 选支付渠道 → 跳转易支付 → 回跳展示结果                                           |
+| 个人资料   | `/user/profile`      | 改昵称、改密码、改邮箱(邮件验证)、2FA(可选)                                              |
+
+
+### 7.4 顶部栏与全局组件
+
+
+| 组件             | 行为                                                   |
+| -------------- | ---------------------------------------------------- |
+| 云芯 Logo + 版本标签 | 点击回仪表盘,版本号从 `/api/meta/version` 拉                    |
+| 通知铃铛           | 管理员推送公告 + 系统告警;角标显示未读数;点击弹出抽屉                        |
+| 语言切换           | `CN ZH` / `EN`,`vue-i18n` 管理,切换后 `localStorage.lang` |
+| 余额展示           | 仅用户中心/管理后台显示,积分换算 `厘 → 元`,每 30s 刷新                   |
+| 用户头像           | 显示 UID + 角色(Admin / User),下拉:个人资料 / 退出               |
+| 深色模式切换         | 底部侧边栏,切换后 `localStorage.theme` + EP 主题变量切换           |
+| 侧边栏折叠          | 底部「收起」按钮,折叠后仅显示图标                                    |
+
+
+### 7.5 核心业务流程
+
+#### 7.5.1 下游调用 chat 流程
+
+```mermaid
+sequenceDiagram
+  participant C as 下游 Client
+  participant GW as OpenAI 兼容网关
+  participant BL as 计费引擎
+  participant SCH as 调度器
+  participant UP as chatgpt.com
+  C->>GW: POST /v1/chat/completions (Bearer sk-xxx, stream=true)
+  GW->>GW: 鉴权 / 查 KEY / 查 model / 查 IP 白名单 / RPM 令牌桶
+  GW->>BL: 预扣冻结 (estimated)
+  BL-->>GW: ok 或 402
+  GW->>SCH: DispatchAccount(chat)
+  SCH-->>GW: account + unlock()
+  GW->>UP: [2] chat-requirements -> [4] prepare -> [5] conversation SSE
+  loop SSE chunk
+    UP-->>GW: data chunk
+    GW-->>C: data chunk (OpenAI 格式)
+  end
+  GW->>BL: 结算 (actual, 退差额)
+  GW->>GW: 写 usage_logs, unlock account
+```
+
+
+
+#### 7.5.2 下游调用生图流程(异步)
+
+```mermaid
+sequenceDiagram
+  participant C as 下游 Client
+  participant GW as 网关
+  participant Q as Redis Stream
+  participant W as Image Worker
+  participant UP as chatgpt.com
+  C->>GW: POST /v1/images/generations
+  GW->>GW: 鉴权 / 预扣 / 生成 task_id
+  GW->>Q: XADD image:tasks
+  GW-->>C: {task_id, status: queued}
+  W->>Q: XREADGROUP
+  W->>UP: 调 API_NOTES.md [1]~[8] 完整链
+  UP-->>W: file_ids + signed urls
+  W->>W: 下载落盘 -> 写 image_tasks + usage_logs
+  C->>GW: GET /v1/images/tasks/{task_id}
+  GW-->>C: {status: success, urls: [...]}
+```
+
+
+
+#### 7.5.3 充值流程
+
+```mermaid
+sequenceDiagram
+  participant U as 用户
+  participant F as 前端
+  participant API as Server
+  participant EP as 易支付
+  U->>F: 选金额 + 渠道(微信/支付宝)
+  F->>API: POST /api/recharge/orders
+  API->>API: 创建 pending 订单
+  API->>EP: 构造签名跳转 URL
+  API-->>F: {order_no, pay_url}
+  F->>EP: 302 跳转
+  U->>EP: 扫码 / 付款
+  EP->>API: 异步通知 POST /api/recharge/epay/notify
+  API->>API: 验签 -> 订单置 paid -> 加积分 -> 写 credit_transactions
+  API-->>EP: success
+  EP->>F: 同步跳回 /user/recharge?order_no=...
+  F->>API: 轮询订单状态
+```
+
+
+
+### 7.6 接口约定
+
+- 所有业务接口走 `/api/*`,返回 `{code, message, data, trace_id}`,HTTP 状态仅用于 401/403/404/429/5xx 等框架级错误
+- OpenAI 兼容接口走 `/v1/*`,**响应体 100% 贴合官方**(下游 SDK 零改动)
+- 鉴权两套:
+  - `/api/`* 用 JWT(`Authorization: Bearer <jwt>`)
+  - `/v1/`* 用 API KEY(`Authorization: Bearer sk-xxxxxxxx`)
+- 列表接口统一 `page`(1 起)、`page_size`(默认 20,最大 100),响应包 `{list, total, page, page_size}`
+- 所有时间字段:输入接受 RFC3339,输出统一 ISO8601(带时区)
+
+---
+
+## 八、界面规范
+
+> 对标 [dashboard-sample.png](../assets/dashboard-sample.png),所有前端页面在 code review 时按此检查。
+
+### 8.1 设计令牌(Design Tokens)
+
+以 CSS 变量落地在 `web/*/src/styles/tokens.css`,深色模式覆盖同名变量。
+
+```css
+:root {
+  /* 品牌色 */
+  --color-primary:          #3B82F6;
+  --color-primary-hover:    #2563EB;
+  --color-primary-soft:     #EBF2FF;
+
+  /* 语义色 */
+  --color-success:          #10B981;
+  --color-warning:          #F59E0B;
+  --color-danger:           #EF4444;
+  --color-info:             #6B7280;
+  --color-purple:           #8B5CF6;
+  --color-pink:             #EC4899;
+  --color-teal:             #14B8A6;
+
+  /* 数据卡片图标底色(循环) */
+  --card-icon-bg-1:         #E0E7FF;   /* 蓝紫 */
+  --card-icon-bg-2:         #DCFCE7;   /* 绿 */
+  --card-icon-bg-3:         #FEF3C7;   /* 黄 */
+  --card-icon-bg-4:         #FEE2E2;   /* 红 */
+
+  /* 文字 */
+  --text-primary:           #111827;
+  --text-secondary:         #4B5563;
+  --text-tertiary:          #9CA3AF;
+  --text-inverse:           #FFFFFF;
+
+  /* 背景 */
+  --bg-body:                #F9FAFB;
+  --bg-surface:             #FFFFFF;
+  --bg-sidebar:             #FFFFFF;
+  --bg-hover:               #F3F4F6;
+
+  /* 边框 */
+  --border-default:         #E5E7EB;
+  --border-subtle:          #F3F4F6;
+
+  /* 阴影 */
+  --shadow-card:            0 1px 3px rgba(0,0,0,0.04), 0 1px 2px rgba(0,0,0,0.03);
+  --shadow-hover:           0 4px 12px rgba(0,0,0,0.08);
+
+  /* 圆角 */
+  --radius-sm:              4px;
+  --radius-md:              6px;
+  --radius-lg:              12px;
+  --radius-xl:              16px;
+
+  /* 字号 */
+  --font-xs:                12px;
+  --font-sm:                13px;
+  --font-base:              14px;
+  --font-md:                16px;
+  --font-lg:                20px;
+  --font-xl:                24px;
+  --font-2xl:               30px;
+
+  /* 间距 */
+  --space-1: 4px;  --space-2: 8px;  --space-3: 12px;
+  --space-4: 16px; --space-6: 24px; --space-8: 32px;
+}
+
+html.dark {
+  --text-primary:     #F9FAFB;
+  --text-secondary:   #D1D5DB;
+  --text-tertiary:    #9CA3AF;
+  --bg-body:          #0F172A;
+  --bg-surface:       #1E293B;
+  --bg-sidebar:       #0F172A;
+  --bg-hover:         #334155;
+  --border-default:   #334155;
+  --border-subtle:    #1E293B;
+  --color-primary-soft: rgba(59,130,246,0.16);
+}
+```
+
+### 8.2 布局规范
+
+- **应用壳**:左侧固定宽 `220px` 侧边栏(折叠后 `64px`),顶部 `56px` 栏,主区背景 `--bg-body`。
+- **侧边栏**:白底或浅底,当前高亮项左侧 `3px` 主色竖条,图标 `20px` Tabler + 文本 `14px`,二级菜单缩进 `16px`。
+- **主区容器**:`padding: 24px;`,最大宽 `1440px`,自适应。
+- **卡片**:`background: var(--bg-surface); border-radius: 12px; box-shadow: var(--shadow-card); padding: 20px 24px;`
+- **栅格**:基于 `el-row / el-col` 或 CSS Grid,每列间距 `16px`,响应断点 `768 / 1024 / 1280 / 1536`。
+
+### 8.3 组件规范
+
+
+| 组件     | 规范                                                                                                                                                                       |
+| ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| 按钮     | 主按钮主色填充,次按钮白底主色描边;尺寸 `default(32px)` / `small(28px)` / `large(40px)`;禁用透明度 0.4;圆角 `6px`                                                                                  |
+| 输入框    | 高度 `32px`,边框 `1px var(--border-default)`,聚焦 `2px var(--color-primary)` 内阴影,圆角 `6px`                                                                                      |
+| 表格     | `el-table` 去默认边框,斑马纹关闭;表头 `var(--bg-hover)`、字号 `13px` 粗体;行高 `48px`;分页器右对齐                                                                                                |
+| 标签     | 圆角 `4px`,字号 `12px`,高度 `22px`,按状态:healthy=绿、warned=黄、throttled=橙、suspicious=红、dead=灰                                                                                      |
+| 数据卡片   | **固定结构**:左上彩色图标方块(`40x40`,圆角 `10px`,`--card-icon-bg-N` 背景+主色图标)、右侧主数字 `24-30px` 粗体、下方辅助文字 `12-13px` `--text-tertiary`                                                    |
+| 图表     | ECharts 统一封装组件 `<BaseChart>`,主题色数组:`[#3B82F6, #10B981, #F59E0B, #8B5CF6, #EC4899, #14B8A6]`,tooltip 背景 `rgba(17,24,39,0.95)`,grid `left:48, right:16, top:32, bottom:36` |
+| 对话框    | `el-dialog` 圆角 `12px`,头部加粗 16px,底部按钮右对齐,最大宽度按场景 `480 / 640 / 880`                                                                                                        |
+| 空状态    | 统一 `<EmptyState>` 组件,插图 + 文案 + CTA 三段式,文案 `14px` `--text-secondary`                                                                                                      |
+| 加载     | 页面级用骨架屏(`el-skeleton`),按钮/局部用 spinner,禁用全屏 loading 蒙层                                                                                                                    |
+| 反馈     | `ElMessage` 右上角 3s 自动关闭;`ElMessageBox` 用于二次确认;**严禁**使用 `alert`/`confirm` 原生弹框                                                                                            |
+| 顶部指标卡行 | 一屏固定 4 列(大屏)或 2 列(平板)或 1 列(手机),每卡高度 `96px`,两行布局(标签+图标 / 主数字+变化率)                                                                                                         |
+
+
+### 8.4 图表规范
+
+- 统一 ECharts 5.x,封装 `<ChartLine> <ChartPie> <ChartBar> <ChartArea>`
+- 折线图默认 smooth + 面积填充(alpha 0.1)
+- 饼图默认环形(内径 60%),中心显示总量,右侧图例表格(对齐截图效果)
+- 双轴场景(Token 趋势 Input/Output 与 Cache Hit Rate):左轴数量(bytes 可读化),右轴百分比
+- 所有图表左上角标题 `14px` 粗体 + 右上角操作区(时间切换 / 下载 / 切视图)
+- 空数据时显示 `<EmptyState>`,**禁止**显示 `暂无数据` 小字
+
+### 8.5 交互规范
+
+- 危险操作(删除 / 禁用 / 清空)必须 `ElMessageBox.confirm`,标题红色图标
+- 表单提交按钮 loading 态锁住,防重复点击
+- 所有写操作成功后 toast `操作成功` + 自动刷新列表
+- 分页、筛选、排序参数同步到 URL query,刷新保持状态
+- 列表操作列固定 `查看 / 编辑 / 删除`,使用下拉菜单聚合 > 3 个操作
+- 长文本(Token / Key / URL)默认 `text-overflow: ellipsis`,hover 展开 `<el-tooltip>` 完整值,点击复制提示 `已复制`
+- 键盘:`Ctrl+K` 全局搜索,`Esc` 关闭弹框,表格支持 ↑↓ 选中
+
+### 8.6 前端规范性约束
+
+1. **严禁**内联样式写颜色 / 字号,必须走 token
+2. **严禁**硬编码文案,国际化统一 `vue-i18n`,key 命名 `模块.页面.字段`
+3. **严禁**直接用 `axios`,统一经 `src/api/request.ts` 封装(错误码分发 / 401 自动刷新 token)
+4. 组件必须 TypeScript + `<script setup lang="ts">`,Props 必须显式定义类型
+5. 路由懒加载,权限守卫统一在 `src/router/guards.ts`
+6. 所有图表组件统一用 `<BaseChart>` 包装,不直接操作 echarts 实例
+
+---
+
+## 九、OpenAI 兼容接口清单
+
+
+| 方法   | 路径                            | 说明                                     |
+| ---- | ----------------------------- | -------------------------------------- |
+| POST | `/v1/chat/completions`        | 文字对话,支持 stream                         |
+| POST | `/v1/images/generations`      | 生图(异步,返回 task_id;支持 `sync=true` 退化为同步) |
+| GET  | `/v1/images/tasks/{id}`       | 查生图结果(扩展接口)                            |
+| GET  | `/v1/models`                  | 可用模型列表(按 KEY 白名单过滤)                    |
+| POST | `/v1/embeddings`              | 预留                                     |
+| GET  | `/v1/dashboard/billing/usage` | 兼容用法统计                                 |
+
+
+---
+
+## 十、里程碑
+
+
+| 里程碑             | 工期    | 交付物                                                |
+| --------------- | ----- | -------------------------------------------------- |
+| M1 骨架           | 1 周   | 项目初始化、配置、DB 迁移、基础中间件、注册 / 登录、JWT                   |
+| M2 文字网关         | 1.5 周 | 账号池 + 代理池 CRUD、调度器、`/v1/chat/completions` SSE、计费闭环 |
+| M3 生图 Worker    | 1 周   | `image_tasks` 异步队列、封装 API_NOTES.md 完整链、下载落盘        |
+| M4 下游 KEY 全特性   | 1 周   | 额度、白名单、RPM·TPM、分组倍率、过期                             |
+| M5 计费 + 充值      | 1 周   | 积分流水、易支付、回调、兑换码、优惠码                                |
+| M6 管理后台         | 2 周   | §7.2 全部 13 个菜单、§8 全部组件规范                           |
+| M7 用户中心         | 1 周   | §7.3 全部 7 个菜单                                      |
+| M8 风控 + 监控 + 压测 | 1.5 周 | 自检 cron、Prometheus 指标、告警、§11 压测达标                  |
+
+
+---
+
+## 十一、非功能指标与高并发容量设计
+
+### 11.1 性能目标(硬指标)
+
+
+| 指标                                 | 目标         |
+| ---------------------------------- | ---------- |
+| 并发 chat SSE 长连接                    | **≥ 2000** |
+| 并发生图任务                             | **≥ 1000** |
+| 轻请求 QPS(`/v1/models`、`/api/stats`) | 单实例 ≥ 3000 |
+| P99 chat 首 token 时延                | < 2s       |
+| P99 轻请求 RT                         | < 100ms    |
+| 单实例稳定运行                            | ≥ 7 天无重启   |
+
+
+### 11.2 容量估算(账号池规模硬约束)
+
+> 这是逆向链路的**物理上限**,不是调参能绕过的。必须准备足量账号池。
+
+**chat 侧**
+
+- 账号最小间隔 `60s`(风控原则)
+- 平均请求耗时 `10~20s`(typed streaming)
+- 单账号 1 分钟可服务 **≤ 1 路**
+- 2000 并发意味着「当前正在跑的有 2000 路」:
+  - 若每路平均 15s,那每 60s 一个账号可跑 ≈4 路,需要 **≥ 500 个 healthy 账号**
+  - 考虑冷却 / 警告 / 401 过期占比 30%,**建议池容量 ≥ 700**
+  - 若严格 60s/次,则需要 **≥ 2000 个账号**(不建议)
+
+**生图侧**
+
+- 账号生图额度 `100~120 次/日`
+- 单任务耗时 `60~120s`
+- 单账号 1 小时可跑 **≤ 30 次**(60s 间隔)× `min(24, 日额度)`
+- 1000 并发生图意味着「队列中 running = 1000」:
+  - 若平均 90s/张,需要 **≥ 1000 个活跃账号**
+  - 考虑 30% 损耗,**建议池容量 ≥ 1300**
+
+**代理池**:与账号 1:1 绑定,**容量等同账号池**;同国家 ISP 均衡分布,单 IP 绑 1 账号。
+
+**结论**:运营侧必须具备「每周稳定补充账号」的能力,管理后台要支持批量导入与健康下线后的自动补位。
+
+### 11.3 架构层并发设计
+
+
+| 层       | 设计                                                                                                   |
+| ------- | ---------------------------------------------------------------------------------------------------- |
+| Go 进程   | GOMAXPROCS 默认,单实例即可支持 2000+ SSE(goroutine per connection,开销低)                                        |
+| HTTP 服务 | Gin + net/http,ReadHeaderTimeout=10s、WriteTimeout 针对 SSE 关闭、`MaxHeaderBytes=1MB`                     |
+| SSE 连接  | 每路 1 goroutine + 1 `context.Context`,断线用 `c.Request.Context().Done()` 感知,避免 goroutine 泄漏             |
+| MySQL   | 主从:写主、统计走从;**主库连接池 500**(`max_open_conns=500`,MySQL `max_connections=1000`);按月分表 `usage_logs_YYYYMM` |
+| Redis   | Cluster 或 Sentinel 3 节点,`pool_size=500`,关键 Lua 脚本预加载减少 eval 开销                                       |
+| 任务队列    | Redis Stream + consumer group,生图 Worker **水平扩展 8~16 实例**,每实例 pipeline 并行 64 任务                       |
+| 账号锁     | Redis SETNX,key TTL 20min 兜底,续租脚本每 30s 刷新                                                            |
+| 限流      | 令牌桶 Lua 原子,按 `key_id` / `user_id` / `ip` 三级,避免热 key 可对 `key_id` 分槽 `key_id:{hash%16}`                |
+| 日志      | 异步批量写(`usage_logs` buffer 1000 条或 1s 刷盘),避免 SSE 热路径同步 IO                                             |
+| 本地缓存    | `api_keys` / `models` / `user_groups` 等强读场景,进程内 `ristretto` 缓存 TTL 30s,通过 Redis pub/sub 做失效广播        |
+
+
+### 11.4 部署形态
+
+- **单节点起步**:1 × Server(4C8G)+ 1 × MySQL(8C16G)+ 1 × Redis(4C8G),可支撑 500 并发 chat SSE
+- **目标形态**:
+  - 2 × Server(8C16G,负载均衡,无状态)
+  - 4~8 × Image Worker(4C8G,可在 Server 实例内作为独立 goroutine pool,也可独立部署)
+  - 1 主 2 从 × MySQL(8C32G)
+  - 3 节点 Redis Sentinel(4C8G)
+  - Nginx 4C 做 SSE 友好反代(`proxy_buffering off`)
+- 横向扩展时 Server / Worker 均无状态,靠 Redis / MySQL 协调
+
+### 11.5 可观测性
+
+- Prometheus 指标端点 `/metrics`,关键指标:
+  - `gpt2api_http_requests_total{path,status}`
+  - `gpt2api_sse_active_connections`
+  - `gpt2api_image_queue_depth`
+  - `gpt2api_account_status{status}`(healthy/warned/throttled/suspicious/dead 分布)
+  - `gpt2api_upstream_429_total` / `gpt2api_upstream_403_total`
+  - `gpt2api_credit_consume_total{model}`
+- 链路:`request_id` 贯穿日志 / 响应头 / 上游请求
+- 告警门槛:账号池 healthy 占比 < 50%、Redis 断开、MySQL 主库连接占用 > 80%
+
+### 11.6 压测清单(上线前必过)
+
+1. **chat 2000 并发 SSE** 30 分钟,P99 首 token < 2s、错误率 < 0.5%
+2. **生图 1000 并发** 队列跑空 1 小时,成功率 > 95%
+3. **积分并发扣费**:1000 用户同时发起 10 请求 × 10 轮,余额与流水对账无偏差
+4. **账号池故障注入**:手工标记 50% 账号 dead,系统应自动降级且不雪崩
+5. **Redis 主切换**:主挂 → 备接管,服务恢复时间 < 10s
+6. **MySQL 慢查询**:全量扫描场景 EXPLAIN 覆盖,无索引缺失
+
+---
+
+## 十二、开发约定
+
+1. **禁止在代码里裸写字符串密码 / Token**,必须走 `pkg/crypto`。
+2. **禁止浮点金额**,一律用 `int64` 单位「厘」。
+3. **所有数据库写操作必须走 DAO**,禁止在 handler 里直接拼 SQL。
+4. **所有上游调用必须过调度器**,禁止直连 `chatgpt.com`。
+5. **错误处理**:业务错误用 `pkg/resp` 统一结构 `{code, message, data}`,HTTP 状态码仅用于框架级错误。
+6. **日志**:结构化日志(zap),关键字段 `request_id`、`user_id`、`key_id`、`account_id`、`model_id`。
+7. **前端**:严格遵循 §8 界面规范与 §8.6 规范性约束,code review 以此为准。
+8. **上线前必过冒烟 + 压测**:§11.6 + `[RISK_AND_SAAS.md](../RISK_AND_SAAS.md)` §7。
+
diff --git a/docs/ffaa6c7c-ee8b-4a1f-bdcc-df93c8d91abf.png b/docs/ffaa6c7c-ee8b-4a1f-bdcc-df93c8d91abf.png
deleted file mode 100644
index 1214d6a8..00000000
Binary files a/docs/ffaa6c7c-ee8b-4a1f-bdcc-df93c8d91abf.png and /dev/null differ
diff --git a/docs/screenshots/d2d3e22e-a3d6-4009-9c1b-b63e17996f5c.png b/docs/screenshots/d2d3e22e-a3d6-4009-9c1b-b63e17996f5c.png
new file mode 100644
index 00000000..9e76f256
Binary files /dev/null and b/docs/screenshots/d2d3e22e-a3d6-4009-9c1b-b63e17996f5c.png differ
diff --git a/docs/screenshots/d4e985854e071922c351ec46a495489c.png b/docs/screenshots/d4e985854e071922c351ec46a495489c.png
new file mode 100644
index 00000000..3ec85275
Binary files /dev/null and b/docs/screenshots/d4e985854e071922c351ec46a495489c.png differ
diff --git a/docs/screenshots/playground-batch.png b/docs/screenshots/playground-batch.png
new file mode 100644
index 00000000..3ec85275
Binary files /dev/null and b/docs/screenshots/playground-batch.png differ
diff --git a/docs/screenshots/playground-preview.png b/docs/screenshots/playground-preview.png
new file mode 100644
index 00000000..9e76f256
Binary files /dev/null and b/docs/screenshots/playground-preview.png differ
diff --git a/frontend/.dockerignore b/frontend/.dockerignore
deleted file mode 100644
index d12b0870..00000000
--- a/frontend/.dockerignore
+++ /dev/null
@@ -1,35 +0,0 @@
-**/node_modules
-**/dist
-**/.turbo
-**/.cache
-**/.vite
-**/.parcel-cache
-**/coverage
-**/.eslintcache
-**/.next
-**/.nuxt
-**/storybook-static
-
-# logs
-**/*.log
-**/npm-debug.log*
-**/yarn-debug.log*
-**/yarn-error.log*
-**/pnpm-debug.log*
-
-# editors
-.vscode
-.idea
-*.swp
-
-# OS
-.DS_Store
-Thumbs.db
-
-# misc
-.git
-.gitattributes
-.gitignore
-.env
-.env.local
-.env.*.local
diff --git a/frontend/.eslintrc.cjs b/frontend/.eslintrc.cjs
deleted file mode 100644
index 962f5f03..00000000
--- a/frontend/.eslintrc.cjs
+++ /dev/null
@@ -1,26 +0,0 @@
-/** @type {import('eslint').Linter.Config} */
-module.exports = {
-  root: true,
-  env: { browser: true, es2022: true, node: true },
-  parser: '@typescript-eslint/parser',
-  parserOptions: {
-    ecmaVersion: 'latest',
-    sourceType: 'module',
-    ecmaFeatures: { jsx: true },
-  },
-  plugins: ['@typescript-eslint', 'react', 'react-hooks'],
-  extends: [
-    'eslint:recommended',
-    'plugin:@typescript-eslint/recommended',
-    'plugin:react/recommended',
-    'plugin:react-hooks/recommended',
-    'prettier',
-  ],
-  settings: { react: { version: 'detect' } },
-  rules: {
-    'react/react-in-jsx-scope': 'off',
-    '@typescript-eslint/no-explicit-any': 'error',
-    '@typescript-eslint/ban-ts-comment': 'error',
-    '@typescript-eslint/no-unused-vars': ['warn', { argsIgnorePattern: '^_' }],
-  },
-};
diff --git a/frontend/.npmrc b/frontend/.npmrc
deleted file mode 100644
index 94fe5a26..00000000
--- a/frontend/.npmrc
+++ /dev/null
@@ -1,3 +0,0 @@
-strict-peer-dependencies=false
-shamefully-hoist=true
-auto-install-peers=true
diff --git a/frontend/.prettierrc.json b/frontend/.prettierrc.json
deleted file mode 100644
index f800d4e1..00000000
--- a/frontend/.prettierrc.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  "semi": true,
-  "singleQuote": true,
-  "trailingComma": "all",
-  "printWidth": 100,
-  "tabWidth": 2,
-  "arrowParens": "always",
-  "endOfLine": "lf"
-}
diff --git a/frontend/apps/admin/.env.example b/frontend/apps/admin/.env.example
deleted file mode 100644
index 42de9f20..00000000
--- a/frontend/apps/admin/.env.example
+++ /dev/null
@@ -1,5 +0,0 @@
-# 管理后台环境变量样例
-# 复制为 .env.local（已 gitignore）后修改
-
-# 管理后台 API 基础路径（dev 走 vite proxy，可保持默认）
-VITE_ADMIN_BASE_URL=/admin/api/v1
diff --git a/frontend/apps/admin/Dockerfile b/frontend/apps/admin/Dockerfile
deleted file mode 100644
index b2ac5ed9..00000000
--- a/frontend/apps/admin/Dockerfile
+++ /dev/null
@@ -1,20 +0,0 @@
-# syntax=docker/dockerfile:1.7
-# 单阶段 install + build：避免分离层时 COPY 覆盖 pnpm 创建的符号链接 node_modules。
-FROM node:20-alpine AS build
-WORKDIR /repo
-
-RUN corepack enable
-
-COPY pnpm-workspace.yaml pnpm-lock.yaml* package.json ./
-COPY tsconfig.base.json ./
-COPY packages packages
-COPY apps/admin apps/admin
-
-RUN pnpm install --frozen-lockfile=false
-RUN pnpm --filter @kleinai/admin build
-
-FROM nginx:1.27-alpine AS runtime
-COPY --from=build /repo/apps/admin/dist /usr/share/nginx/html
-COPY apps/admin/nginx.conf /etc/nginx/conf.d/default.conf
-EXPOSE 80
-CMD ["nginx", "-g", "daemon off;"]
diff --git a/frontend/apps/admin/index.html b/frontend/apps/admin/index.html
deleted file mode 100644
index 662b2cb2..00000000
--- a/frontend/apps/admin/index.html
+++ /dev/null
@@ -1,15 +0,0 @@
-<!doctype html>
-<html lang="zh-CN" data-theme="light">
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <meta name="theme-color" content="#002FA7" />
-    <link rel="icon" type="image/png" href="/logo-icon.png?v=20260501" />
-    <link rel="apple-touch-icon" href="/logo-icon.png?v=20260501" />
-    <title>gpt2api · 管理后台</title>
-  </head>
-  <body>
-    <div id="root"></div>
-    <script type="module" src="/src/main.tsx"></script>
-  </body>
-</html>
diff --git a/frontend/apps/admin/nginx.conf b/frontend/apps/admin/nginx.conf
deleted file mode 100644
index d0664d20..00000000
--- a/frontend/apps/admin/nginx.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-server {
-    listen 80;
-    server_name _;
-
-    root /usr/share/nginx/html;
-    index index.html;
-
-    gzip on;
-    gzip_types text/plain text/css application/javascript application/json image/svg+xml;
-
-    location / {
-        try_files $uri /admin/index.html;
-        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
-        add_header Pragma "no-cache" always;
-        add_header Expires "0" always;
-    }
-
-    location ~* \.(?:css|js|woff2?|ttf|svg|png|jpg|jpeg|webp|avif)$ {
-        expires 30d;
-        add_header Cache-Control "public, immutable";
-    }
-}
diff --git a/frontend/apps/admin/package.json b/frontend/apps/admin/package.json
deleted file mode 100644
index e8f6b42f..00000000
--- a/frontend/apps/admin/package.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-  "name": "@kleinai/admin",
-  "version": "0.1.0",
-  "private": true,
-  "type": "module",
-  "scripts": {
-    "dev": "vite --port 5174 --host",
-    "build": "tsc -b && vite build",
-    "preview": "vite preview --port 5174",
-    "typecheck": "tsc --noEmit",
-    "lint": "eslint src --ext .ts,.tsx"
-  },
-  "dependencies": {
-    "@hookform/resolvers": "^3.10.0",
-    "@kleinai/theme": "workspace:*",
-    "@tanstack/react-query": "^5.51.5",
-    "axios": "^1.7.2",
-    "clsx": "^2.1.1",
-    "lucide-react": "^0.402.0",
-    "react": "^18.3.1",
-    "react-dom": "^18.3.1",
-    "react-hook-form": "^7.52.1",
-    "react-router-dom": "^6.25.1",
-    "zod": "^3.23.8",
-    "zustand": "^4.5.4"
-  },
-  "devDependencies": {
-    "@types/react": "^18.3.3",
-    "@types/react-dom": "^18.3.0",
-    "@vitejs/plugin-react": "^4.3.1",
-    "autoprefixer": "^10.4.19",
-    "postcss": "^8.4.39",
-    "tailwindcss": "^3.4.10",
-    "typescript": "^5.5.3",
-    "vite": "^5.3.4"
-  }
-}
diff --git a/frontend/apps/admin/postcss.config.cjs b/frontend/apps/admin/postcss.config.cjs
deleted file mode 100644
index 12a703d9..00000000
--- a/frontend/apps/admin/postcss.config.cjs
+++ /dev/null
@@ -1,6 +0,0 @@
-module.exports = {
-  plugins: {
-    tailwindcss: {},
-    autoprefixer: {},
-  },
-};
diff --git a/frontend/apps/admin/public/logo-icon.png b/frontend/apps/admin/public/logo-icon.png
deleted file mode 100644
index 990f6214..00000000
Binary files a/frontend/apps/admin/public/logo-icon.png and /dev/null differ
diff --git a/frontend/apps/admin/public/logo.png b/frontend/apps/admin/public/logo.png
deleted file mode 100644
index 990f6214..00000000
Binary files a/frontend/apps/admin/public/logo.png and /dev/null differ
diff --git a/frontend/apps/admin/src/App.tsx b/frontend/apps/admin/src/App.tsx
deleted file mode 100644
index dd7cbc1b..00000000
--- a/frontend/apps/admin/src/App.tsx
+++ /dev/null
@@ -1,49 +0,0 @@
-import { Suspense, lazy } from 'react';
-import { Navigate, Route, Routes } from 'react-router-dom';
-import { AdminLayout } from './layouts/AdminLayout';
-import RequireAuth from './routes/RequireAuth';
-import { Toaster } from './components/Toaster';
-
-const LoginPage = lazy(() => import('./pages/auth/LoginPage'));
-const DashboardPage = lazy(() => import('./pages/dashboard/DashboardPage'));
-const TokenAccountsPage = lazy(() => import('./pages/accounts/TokenAccountsPage'));
-const ProxiesPage = lazy(() => import('./pages/proxies/ProxiesPage'));
-const UsersPage = lazy(() => import('./pages/users/UsersPage'));
-const BillingPage = lazy(() => import('./pages/billing/BillingPage'));
-const PromoPage = lazy(() => import('./pages/promo/PromoPage'));
-const CDKPage = lazy(() => import('./pages/promo/CDKPage'));
-const ConfigPage = lazy(() => import('./pages/system/ConfigPage'));
-const BillingSettingsPage = lazy(() => import('./pages/system/BillingSettingsPage'));
-const RechargePackagesPage = lazy(() => import('./pages/system/RechargePackagesPage'));
-const ModelPricesPage = lazy(() => import('./pages/system/ModelPricesPage'));
-const LogsPage = lazy(() => import('./pages/logs/LogsPage'));
-
-export default function App() {
-  return (
-    <>
-      <Suspense fallback={<div className="grid h-screen place-items-center text-text-tertiary">加载中…</div>}>
-        <Routes>
-          <Route path="/login" element={<LoginPage />} />
-          <Route element={<RequireAuth />}>
-            <Route element={<AdminLayout />}>
-              <Route path="/" element={<Navigate to="/dashboard" replace />} />
-              <Route path="/dashboard"  element={<DashboardPage />} />
-              <Route path="/accounts"   element={<TokenAccountsPage />} />
-              <Route path="/proxies"    element={<ProxiesPage />} />
-              <Route path="/users"      element={<UsersPage />} />
-              <Route path="/billing"    element={<BillingPage />} />
-              <Route path="/promo"      element={<PromoPage />} />
-              <Route path="/cdk"        element={<CDKPage />} />
-              <Route path="/config"     element={<ConfigPage />} />
-              <Route path="/billing-settings" element={<BillingSettingsPage />} />
-              <Route path="/recharge-packages" element={<RechargePackagesPage />} />
-              <Route path="/model-prices" element={<ModelPricesPage />} />
-              <Route path="/logs"       element={<LogsPage />} />
-            </Route>
-          </Route>
-        </Routes>
-      </Suspense>
-      <Toaster />
-    </>
-  );
-}
diff --git a/frontend/apps/admin/src/components/Logo.tsx b/frontend/apps/admin/src/components/Logo.tsx
deleted file mode 100644
index 28081b73..00000000
--- a/frontend/apps/admin/src/components/Logo.tsx
+++ /dev/null
@@ -1,40 +0,0 @@
-import clsx from 'clsx';
-
-const LOGO_SRC = '/logo-icon.png?v=20260501';
-
-interface LogoProps {
-  size?: 'sm' | 'md' | 'lg';
-  /** 仅图标，不渲染文字 */
-  iconOnly?: boolean;
-  /** 头部独占文案（例如「管理后台」） */
-  suffix?: string;
-  className?: string;
-}
-
-const SIZE: Record<NonNullable<LogoProps['size']>, { icon: number; text: string }> = {
-  sm: { icon: 24, text: 'text-small' },
-  md: { icon: 30, text: 'text-h4' },
-  lg: { icon: 40, text: 'text-h3' },
-};
-
-export function Logo({ size = 'md', iconOnly = false, suffix, className }: LogoProps) {
-  const cfg = SIZE[size];
-  return (
-    <div className={clsx('flex items-center gap-2 select-none min-w-0', className)}>
-      <img
-        src={LOGO_SRC}
-        alt="首页"
-        height={cfg.icon}
-        style={{ height: cfg.icon, width: 'auto' }}
-        draggable={false}
-        className="block object-contain shrink-0"
-      />
-      {!iconOnly && (
-        <span className={clsx(cfg.text, 'font-medium tracking-tight text-text-primary leading-none')}>
-          首页
-          {suffix && <span className="ml-2 align-middle text-tiny font-medium text-text-tertiary">{suffix}</span>}
-        </span>
-      )}
-    </div>
-  );
-}
diff --git a/frontend/apps/admin/src/components/Toaster.tsx b/frontend/apps/admin/src/components/Toaster.tsx
deleted file mode 100644
index 395289d0..00000000
--- a/frontend/apps/admin/src/components/Toaster.tsx
+++ /dev/null
@@ -1,49 +0,0 @@
-import clsx from 'clsx';
-import { CheckCircle2, X, AlertTriangle, Info } from 'lucide-react';
-
-import { useToastStore } from '../stores/toast';
-
-const ICONS = {
-  success: CheckCircle2,
-  error: AlertTriangle,
-  info: Info,
-} as const;
-
-const COLOR = {
-  success: 'border-success bg-surface-1 text-success',
-  error: 'border-danger bg-surface-1 text-danger',
-  info: 'border-klein-500 bg-surface-1 text-klein-500',
-} as const;
-
-export function Toaster() {
-  const items = useToastStore((s) => s.items);
-  const dismiss = useToastStore((s) => s.dismiss);
-  return (
-    <div className="fixed top-4 right-4 z-[100] flex flex-col gap-2 max-w-[min(92vw,360px)]">
-      {items.map((t) => {
-        const Icon = ICONS[t.kind];
-        return (
-          <div
-            key={t.id}
-            className={clsx(
-              'flex items-start gap-3 px-4 py-3 rounded-md border shadow-3 backdrop-blur',
-              'bg-surface-1/95 text-text-primary',
-              'klein-fade-in',
-              COLOR[t.kind],
-            )}
-          >
-            <Icon size={18} className="shrink-0 mt-0.5" />
-            <p className="flex-1 text-small text-text-primary leading-loose break-all">{t.msg}</p>
-            <button
-              aria-label="关闭"
-              className="text-text-tertiary hover:text-text-primary transition"
-              onClick={() => dismiss(t.id)}
-            >
-              <X size={16} />
-            </button>
-          </div>
-        );
-      })}
-    </div>
-  );
-}
diff --git a/frontend/apps/admin/src/index.css b/frontend/apps/admin/src/index.css
deleted file mode 100644
index e32dad02..00000000
--- a/frontend/apps/admin/src/index.css
+++ /dev/null
@@ -1,24 +0,0 @@
-@import '@kleinai/theme/components.css';
-
-@tailwind base;
-@tailwind components;
-@tailwind utilities;
-
-/* ===========================================================
-   admin app · 仅保留站点级覆盖；
-   按钮 / 表单 / 卡片 / 文字 等统一在 @kleinai/theme/components.css
-   =========================================================== */
-
-@layer base {
-  /* 管理后台默认浅色，正文略紧凑，提升表格可读性 */
-  body {
-    line-height: 1.5;
-  }
-}
-
-@layer components {
-  /* 后台 layout 内可滚动主体 */
-  .admin-pane {
-    @apply rounded-lg border border-border bg-surface-1 shadow-1;
-  }
-}
diff --git a/frontend/apps/admin/src/layouts/AdminLayout.tsx b/frontend/apps/admin/src/layouts/AdminLayout.tsx
deleted file mode 100644
index 9f33b827..00000000
--- a/frontend/apps/admin/src/layouts/AdminLayout.tsx
+++ /dev/null
@@ -1,282 +0,0 @@
-import { FormEvent, useState } from 'react';
-import { NavLink, Outlet, useNavigate } from 'react-router-dom';
-import {
-  BadgeDollarSign,
-  ChevronDown,
-  FileText,
-  Globe2,
-  Github,
-  KeyRound,
-  LayoutDashboard,
-  LockKeyhole,
-  LogOut,
-  Menu,
-  ReceiptText,
-  Settings,
-  Tag,
-  Ticket,
-  UserCircle2,
-  Users,
-  Wallet,
-  WalletCards,
-  X,
-} from 'lucide-react';
-import clsx from 'clsx';
-
-import { Logo } from '../components/Logo';
-import { authApi } from '../lib/services';
-import { useAuthStore } from '../stores/auth';
-import { toast } from '../stores/toast';
-
-const APP_VERSION = 'v2.0.0';
-const SOURCE_HREF = String.fromCharCode(
-  104, 116, 116, 112, 115, 58, 47, 47, 103, 105, 116, 104, 117, 98, 46, 99,
-  111, 109, 47, 52, 51, 50, 53, 51, 57, 47, 103, 112, 116, 50, 97, 112, 105,
-);
-
-const NAV = [
-  { to: '/dashboard', label: '仪表盘', icon: LayoutDashboard },
-  { to: '/accounts', label: 'Token 管理', icon: KeyRound },
-  { to: '/proxies', label: '代理管理', icon: Globe2 },
-  { to: '/users', label: '用户管理', icon: Users },
-  { to: '/billing', label: '充值消费', icon: Wallet },
-  { to: '/promo', label: '优惠码', icon: Tag },
-  { to: '/cdk', label: '兑换码 CDK', icon: Ticket },
-  { to: '/config', label: '系统配置', icon: Settings },
-  { to: '/billing-settings', label: '扣费设置', icon: ReceiptText },
-  { to: '/recharge-packages', label: '充值套餐', icon: WalletCards },
-  { to: '/model-prices', label: '模型价格', icon: BadgeDollarSign },
-  { to: '/logs', label: '请求日志', icon: FileText },
-];
-
-export function AdminLayout() {
-  const [mobileOpen, setMobileOpen] = useState(false);
-  const [menuOpen, setMenuOpen] = useState(false);
-  const [passwordOpen, setPasswordOpen] = useState(false);
-  const me = useAuthStore((s) => s.me);
-  const logout = useAuthStore((s) => s.logout);
-  const nav = useNavigate();
-
-  const handleLogout = () => {
-    logout();
-    toast.info('已退出登录');
-    nav('/login', { replace: true });
-  };
-
-  const displayName = me?.nickname || me?.username || '管理员';
-  const roleName = me?.role_name || me?.role_code || '管理员';
-  const initial = displayName.slice(0, 1).toUpperCase();
-
-  return (
-    <div className="grid min-h-screen bg-surface-bg lg:grid-cols-[240px_1fr]">
-      <header className="sticky top-0 z-30 flex h-14 items-center justify-between gap-3 border-b border-border bg-surface-1 px-4 lg:hidden">
-        <Logo size="sm" suffix="管理后台" />
-        <button
-          aria-label="打开菜单"
-          className="btn btn-ghost btn-icon btn-sm"
-          onClick={() => setMobileOpen((v) => !v)}
-        >
-          {mobileOpen ? <X size={20} /> : <Menu size={20} />}
-        </button>
-      </header>
-
-      <aside
-        className={clsx(
-          'flex-col border-r border-border bg-surface-1 lg:sticky lg:top-0 lg:flex lg:h-screen',
-          mobileOpen ? 'fixed inset-y-0 left-0 z-40 flex w-[260px] shadow-3' : 'hidden',
-        )}
-      >
-        <div className="hidden h-16 items-center border-b border-border px-5 lg:flex">
-          <Logo suffix="管理后台" />
-        </div>
-        <nav className="flex-1 space-y-1 overflow-y-auto p-3">
-          {NAV.map(({ to, label, icon: Icon }) => (
-            <NavLink
-              key={to}
-              to={to}
-              onClick={() => setMobileOpen(false)}
-              className={({ isActive }) =>
-                clsx(
-                  'flex h-10 min-w-[44px] items-center gap-3 rounded-md px-3 text-small transition',
-                  isActive
-                    ? 'bg-klein-gradient text-text-on-klein shadow-glow-soft'
-                    : 'text-text-secondary hover:bg-surface-2 hover:text-text-primary',
-                )
-              }
-            >
-              <Icon size={18} />
-              {label}
-            </NavLink>
-          ))}
-        </nav>
-        <div className="border-t border-border px-4 py-4 text-tiny text-text-tertiary">
-          <div className="flex items-center gap-2">
-            <span>{APP_VERSION}</span>
-            <a
-              href={SOURCE_HREF}
-              target="_blank"
-              rel="noreferrer"
-              className="inline-flex items-center gap-1 rounded-full px-2 py-1 transition hover:bg-surface-2 hover:text-text-primary"
-              title="开源地址"
-            >
-              <Github size={12} />
-              <span>开源地址</span>
-            </a>
-          </div>
-        </div>
-      </aside>
-
-      {mobileOpen && (
-        <button
-          type="button"
-          aria-label="关闭菜单"
-          className="fixed inset-0 z-30 bg-surface-overlay lg:hidden"
-          onClick={() => setMobileOpen(false)}
-        />
-      )}
-
-      <main className="flex min-w-0 flex-col">
-        <header className="sticky top-0 z-20 flex h-14 items-center justify-between border-b border-border bg-surface-1/90 px-4 backdrop-blur sm:px-6">
-          <h1 className="truncate text-h5 text-text-primary">管理后台</h1>
-          <div
-            className="relative"
-            onBlur={(e) => {
-              if (!e.currentTarget.contains(e.relatedTarget as Node | null)) setMenuOpen(false);
-            }}
-          >
-            <button
-              type="button"
-              className="inline-flex items-center gap-2 rounded-full px-2 py-1 transition hover:bg-surface-2"
-              onClick={() => setMenuOpen((v) => !v)}
-            >
-              <span className="hidden rounded-full bg-surface-2 px-3 py-1 text-small text-text-secondary sm:inline-flex">
-                {roleName}
-              </span>
-              <span className="grid h-8 w-8 flex-shrink-0 place-items-center rounded-pill bg-klein-gradient text-small text-white">
-                {initial}
-              </span>
-              <ChevronDown size={15} className={clsx('text-text-tertiary transition', menuOpen && 'rotate-180')} />
-            </button>
-
-            {menuOpen && (
-              <div className="absolute right-0 top-12 z-40 w-[260px] overflow-hidden rounded-xl border border-border bg-surface-1 shadow-4">
-                <div className="border-b border-border px-4 py-3">
-                  <div className="flex items-center gap-3">
-                    <span className="grid h-10 w-10 place-items-center rounded-pill bg-klein-gradient text-white">
-                      {initial}
-                    </span>
-                    <div className="min-w-0">
-                      <p className="truncate text-body text-text-primary">{displayName}</p>
-                      <p className="truncate text-small text-text-tertiary">{me?.username || 'admin'}</p>
-                    </div>
-                  </div>
-                  <div className="mt-3 inline-flex rounded-full bg-surface-2 px-2.5 py-1 text-tiny text-text-secondary">
-                    {roleName}
-                  </div>
-                </div>
-                <button
-                  type="button"
-                  className="flex h-11 w-full items-center gap-3 px-4 text-left text-small text-text-secondary hover:bg-surface-2 hover:text-text-primary"
-                  onClick={() => {
-                    setMenuOpen(false);
-                    setPasswordOpen(true);
-                  }}
-                >
-                  <LockKeyhole size={16} />
-                  修改密码
-                </button>
-                <button
-                  type="button"
-                  className="flex h-11 w-full items-center gap-3 px-4 text-left text-small text-text-secondary hover:bg-surface-2 hover:text-text-primary"
-                  disabled
-                >
-                  <UserCircle2 size={16} />
-                  账号信息
-                </button>
-                <button
-                  type="button"
-                  className="flex h-11 w-full items-center gap-3 border-t border-border px-4 text-left text-small text-danger hover:bg-danger-soft"
-                  onClick={handleLogout}
-                >
-                  <LogOut size={16} />
-                  退出登录
-                </button>
-              </div>
-            )}
-          </div>
-        </header>
-        <div className="min-w-0 flex-1">
-          <Outlet />
-        </div>
-      </main>
-
-      {passwordOpen && <PasswordDialog onClose={() => setPasswordOpen(false)} />}
-    </div>
-  );
-}
-
-function PasswordDialog({ onClose }: { onClose: () => void }) {
-  const [oldPassword, setOldPassword] = useState('');
-  const [newPassword, setNewPassword] = useState('');
-  const [confirm, setConfirm] = useState('');
-  const [saving, setSaving] = useState(false);
-
-  const submit = async (e: FormEvent) => {
-    e.preventDefault();
-    if (newPassword.length < 8) {
-      toast.error('新密码至少 8 位');
-      return;
-    }
-    if (newPassword !== confirm) {
-      toast.error('两次输入的新密码不一致');
-      return;
-    }
-    setSaving(true);
-    try {
-      await authApi.changePassword({ old_password: oldPassword, new_password: newPassword });
-      toast.success('密码已修改');
-      onClose();
-    } catch (err) {
-      toast.error(err instanceof Error ? err.message : '修改失败');
-    } finally {
-      setSaving(false);
-    }
-  };
-
-  return (
-    <div className="fixed inset-0 z-50 grid place-items-center bg-surface-overlay px-4">
-      <button className="absolute inset-0" type="button" aria-label="关闭" onClick={onClose} />
-      <form className="dialog-surface relative w-full max-w-md p-6" onSubmit={submit}>
-        <div className="mb-5 flex items-center justify-between">
-          <div>
-            <h2 className="text-h3 text-text-primary">修改密码</h2>
-            <p className="mt-1 text-small text-text-tertiary">建议修改默认 admin123 密码。</p>
-          </div>
-          <button className="btn btn-ghost btn-icon btn-sm" type="button" onClick={onClose}>
-            <X size={18} />
-          </button>
-        </div>
-        <div className="space-y-3">
-          <label className="field">
-            <span className="field-label">原密码</span>
-            <input className="input" type="password" value={oldPassword} onChange={(e) => setOldPassword(e.target.value)} autoComplete="current-password" />
-          </label>
-          <label className="field">
-            <span className="field-label">新密码</span>
-            <input className="input" type="password" value={newPassword} onChange={(e) => setNewPassword(e.target.value)} autoComplete="new-password" />
-          </label>
-          <label className="field">
-            <span className="field-label">确认新密码</span>
-            <input className="input" type="password" value={confirm} onChange={(e) => setConfirm(e.target.value)} autoComplete="new-password" />
-          </label>
-        </div>
-        <div className="mt-6 flex justify-end gap-2">
-          <button className="btn btn-outline btn-md" type="button" onClick={onClose}>取消</button>
-          <button className="btn btn-primary btn-md" type="submit" disabled={saving}>
-            {saving ? '保存中...' : '保存修改'}
-          </button>
-        </div>
-      </form>
-    </div>
-  );
-}
diff --git a/frontend/apps/admin/src/lib/api.ts b/frontend/apps/admin/src/lib/api.ts
deleted file mode 100644
index 523856f3..00000000
--- a/frontend/apps/admin/src/lib/api.ts
+++ /dev/null
@@ -1,113 +0,0 @@
-// 后台管理 axios 客户端。与用户端独立：
-//   - baseURL: /admin/api/v1
-//   - token 存 localStorage(key: klein:admin:token)
-//   - 401 → 清 token，跳转 /login
-import axios, {
-  AxiosError,
-  type AxiosInstance,
-  type AxiosRequestConfig,
-  type InternalAxiosRequestConfig,
-} from 'axios';
-
-import type { ApiBody, AdminLoginResp } from './types';
-
-const TOKEN_KEY = 'klein:admin:token';
-
-export interface StoredToken {
-  access: string;
-  refresh: string;
-  type: string;
-  accessExpireAt: number;
-  refreshExpireAt: number;
-}
-
-export function loadToken(): StoredToken | null {
-  try {
-    const raw = localStorage.getItem(TOKEN_KEY);
-    if (!raw) return null;
-    return JSON.parse(raw) as StoredToken;
-  } catch {
-    return null;
-  }
-}
-
-export function saveToken(tok: AdminLoginResp['token']): StoredToken {
-  const now = Date.now();
-  const v: StoredToken = {
-    access: tok.access_token,
-    refresh: tok.refresh_token,
-    type: tok.token_type || 'Bearer',
-    accessExpireAt: now + tok.access_expire_in * 1000,
-    refreshExpireAt: now + tok.refresh_expire_in * 1000,
-  };
-  localStorage.setItem(TOKEN_KEY, JSON.stringify(v));
-  return v;
-}
-
-export function clearToken() {
-  localStorage.removeItem(TOKEN_KEY);
-}
-
-export class ApiError extends Error {
-  code: number;
-  httpStatus?: number;
-  traceId?: string;
-  constructor(msg: string, code: number, opts?: { httpStatus?: number; traceId?: string }) {
-    super(msg);
-    this.code = code;
-    this.httpStatus = opts?.httpStatus;
-    this.traceId = opts?.traceId;
-  }
-}
-
-const baseURL =
-  (import.meta.env.VITE_ADMIN_BASE_URL as string | undefined)?.replace(/\/+$/, '') ??
-  '/admin/api/v1';
-
-export const api: AxiosInstance = axios.create({
-  baseURL,
-  timeout: 30_000,
-  headers: { Accept: 'application/json' },
-});
-
-api.interceptors.request.use((cfg: InternalAxiosRequestConfig) => {
-  const tok = loadToken();
-  if (tok && cfg.headers) {
-    cfg.headers.set?.('Authorization', `${tok.type} ${tok.access}`);
-  }
-  return cfg;
-});
-
-let unauthorizedHandler: (() => void) | null = null;
-export function setUnauthorizedHandler(fn: () => void) {
-  unauthorizedHandler = fn;
-}
-
-api.interceptors.response.use(
-  (res) => {
-    const body = res.data as ApiBody<unknown>;
-    if (body && typeof body === 'object' && 'code' in body && body.code !== 0) {
-      throw new ApiError(body.msg || '请求失败', body.code, { traceId: body.trace_id });
-    }
-    return res;
-  },
-  (err: AxiosError<ApiBody<unknown>>) => {
-    const status = err.response?.status;
-    const body = err.response?.data;
-    const msg = body?.msg ?? err.message ?? '网络异常';
-    const code = body?.code ?? status ?? -1;
-    if (status === 401) {
-      clearToken();
-      unauthorizedHandler?.();
-    }
-    return Promise.reject(
-      new ApiError(msg, code, { httpStatus: status, traceId: body?.trace_id }),
-    );
-  },
-);
-
-/** 统一请求并解构 data，抹平 axios 返回结构 */
-export async function request<T = unknown>(cfg: AxiosRequestConfig): Promise<T> {
-  const res = await api.request<ApiBody<T>>(cfg);
-  return (res.data?.data ?? (undefined as unknown)) as T;
-}
diff --git a/frontend/apps/admin/src/lib/format.ts b/frontend/apps/admin/src/lib/format.ts
deleted file mode 100644
index 36d2aca3..00000000
--- a/frontend/apps/admin/src/lib/format.ts
+++ /dev/null
@@ -1,47 +0,0 @@
-// 后台展示格式化工具。
-
-const numberFmt = new Intl.NumberFormat('zh-CN');
-
-/** 后端 points（*100） → 展示数值 */
-export function fmtPoints(p: number | undefined | null): string {
-  if (p == null) return '0';
-  return numberFmt.format(p / 100);
-}
-
-export function fmtNumber(n: number | undefined | null): string {
-  if (n == null) return '0';
-  return numberFmt.format(n);
-}
-
-export function fmtTime(ts?: number): string {
-  if (!ts) return '—';
-  const d = new Date(ts * 1000);
-  if (Number.isNaN(d.getTime())) return '—';
-  const pad = (n: number) => n.toString().padStart(2, '0');
-  return `${d.getFullYear()}-${pad(d.getMonth() + 1)}-${pad(d.getDate())} ${pad(d.getHours())}:${pad(d.getMinutes())}`;
-}
-
-export function fmtRelative(ts?: number): string {
-  if (!ts) return '—';
-  const diff = Date.now() / 1000 - ts;
-  if (diff < 60) return `${Math.max(0, Math.floor(diff))} 秒前`;
-  if (diff < 3600) return `${Math.floor(diff / 60)} 分钟前`;
-  if (diff < 86400) return `${Math.floor(diff / 3600)} 小时前`;
-  if (diff < 86400 * 30) return `${Math.floor(diff / 86400)} 天前`;
-  return fmtTime(ts);
-}
-
-export function statusLabel(s: number): { label: string; tone: 'ok' | 'warn' | 'err' | 'mute' } {
-  switch (s) {
-    case 1:
-      return { label: '正常', tone: 'ok' };
-    case 0:
-      return { label: '禁用', tone: 'mute' };
-    case 2:
-      return { label: '熔断', tone: 'warn' };
-    case -1:
-      return { label: '已删除', tone: 'err' };
-    default:
-      return { label: String(s), tone: 'mute' };
-  }
-}
diff --git a/frontend/apps/admin/src/lib/services.ts b/frontend/apps/admin/src/lib/services.ts
deleted file mode 100644
index 962f3568..00000000
--- a/frontend/apps/admin/src/lib/services.ts
+++ /dev/null
@@ -1,240 +0,0 @@
-// 后台 API 抽象。
-import { request } from './api';
-import type {
-  AccountBatchImportBody,
-  AccountBatchImportResult,
-  AccountBatchRefreshResp,
-  AccountBulkOpResult,
-  AccountCreateBody,
-  AccountItem,
-  AccountPurgeBody,
-  AccountRefreshResp,
-  AccountSecretsResp,
-  AccountTestResp,
-  AccountUpdateBody,
-  AdminUserAdjustPointsBody,
-  AdminUserAdjustPointsResp,
-  AdminUserCreateBody,
-  AdminGenerationLogItem,
-  AdminGenerationLogPurgeResp,
-  AdminGenerationUpstreamLogItem,
-  AdminPromoBody,
-  AdminPromoItem,
-  AdminUserItem,
-  AdminUserUpdateBody,
-  AdminWalletLogItem,
-  AdminLoginResp,
-  AdminMe,
-  CDKCreateBatchBody,
-  CDKCreateBatchResp,
-  DashboardOverviewResp,
-  PageData,
-  PoolStatsResp,
-  ProxyCreateBody,
-  ProxyItem,
-  ProxyTestResp,
-  ProxyUpdateBody,
-  SystemSettings,
-} from './types';
-
-export const authApi = {
-  login: (username: string, password: string) =>
-    request<AdminLoginResp>({
-      url: '/auth/login',
-      method: 'POST',
-      // 后端 dto.LoginReq 字段名为 account，前端表单仍展示「管理员账号」
-      data: { account: username, password },
-    }),
-  me: () => request<AdminMe>({ url: '/auth/me', method: 'GET' }),
-  changePassword: (body: { old_password: string; new_password: string }) =>
-    request<{ ok: boolean }>({ url: '/auth/password', method: 'POST', data: body }),
-};
-
-export const dashboardApi = {
-  overview: () => request<DashboardOverviewResp>({ url: '/dashboard/overview', method: 'GET' }),
-};
-
-export interface AdminUserListQuery {
-  keyword?: string;
-  status?: 0 | 1;
-  page?: number;
-  page_size?: number;
-}
-
-export const usersApi = {
-  list: (q: AdminUserListQuery = {}) =>
-    request<PageData<AdminUserItem>>({ url: '/users', method: 'GET', params: q }),
-  create: (body: AdminUserCreateBody) =>
-    request<{ id: number }>({ url: '/users', method: 'POST', data: body }),
-  update: (id: number, body: AdminUserUpdateBody) =>
-    request<void>({ url: `/users/${id}`, method: 'PUT', data: body }),
-  adjustPoints: (id: number, body: AdminUserAdjustPointsBody) =>
-    request<AdminUserAdjustPointsResp>({ url: `/users/${id}/points`, method: 'POST', data: body }),
-};
-
-export interface GenerationLogListQuery {
-  keyword?: string;
-  kind?: 'image' | 'video' | 'chat' | 'text';
-  status?: 0 | 1 | 2 | 3 | 4;
-  page?: number;
-  page_size?: number;
-}
-
-export const logsApi = {
-  generations: (q: GenerationLogListQuery = {}) =>
-    request<PageData<AdminGenerationLogItem>>({ url: '/logs/generations', method: 'GET', params: q }),
-  generationUpstream: (taskId: string) =>
-    request<AdminGenerationUpstreamLogItem[]>({ url: `/logs/generations/${taskId}/upstream`, method: 'GET' }),
-  purgeGenerations: (days: number) =>
-    request<AdminGenerationLogPurgeResp>({ url: '/logs/generations', method: 'DELETE', data: { days } }),
-};
-
-export interface WalletLogListQuery {
-  keyword?: string;
-  user_id?: number;
-  biz_type?: string;
-  direction?: 1 | -1 | '';
-  page?: number;
-  page_size?: number;
-}
-
-export const billingApi = {
-  walletLogs: (q: WalletLogListQuery = {}) =>
-    request<PageData<AdminWalletLogItem>>({ url: '/billing/wallet-logs', method: 'GET', params: q }),
-};
-
-export interface PromoListQuery {
-  keyword?: string;
-  status?: 0 | 1 | '';
-  discount_type?: 1 | 2 | 3 | '';
-  page?: number;
-  page_size?: number;
-}
-
-export const promoApi = {
-  list: (q: PromoListQuery = {}) =>
-    request<PageData<AdminPromoItem>>({ url: '/promo/codes', method: 'GET', params: q }),
-  create: (body: AdminPromoBody) =>
-    request<{ id: number }>({ url: '/promo/codes', method: 'POST', data: body }),
-  update: (id: number, body: AdminPromoBody) =>
-    request<void>({ url: `/promo/codes/${id}`, method: 'PUT', data: body }),
-  remove: (id: number) => request<void>({ url: `/promo/codes/${id}`, method: 'DELETE' }),
-};
-
-export interface AccountListQuery {
-  provider?: 'gpt' | 'grok';
-  status?: -1 | 0 | 1 | 2;
-  keyword?: string;
-  page?: number;
-  page_size?: number;
-}
-
-export const accountsApi = {
-  list: (q: AccountListQuery = {}) =>
-    request<PageData<AccountItem>>({
-      url: '/accounts',
-      method: 'GET',
-      params: q,
-    }),
-  create: (body: AccountCreateBody) =>
-    request<{ id: number }>({ url: '/accounts', method: 'POST', data: body }),
-  update: (id: number, body: AccountUpdateBody) =>
-    request<void>({ url: `/accounts/${id}`, method: 'PUT', data: body }),
-  remove: (id: number) => request<void>({ url: `/accounts/${id}`, method: 'DELETE' }),
-  batchImport: (body: AccountBatchImportBody) =>
-    request<AccountBatchImportResult>({
-      url: '/accounts/import',
-      method: 'POST',
-      data: body,
-    }),
-  stats: () => request<PoolStatsResp>({ url: '/accounts/stats', method: 'GET' }),
-  test: (id: number) =>
-    request<AccountTestResp>({ url: `/accounts/${id}/test`, method: 'POST' }),
-  refresh: (id: number) =>
-    request<AccountRefreshResp>({ url: `/accounts/${id}/refresh`, method: 'POST' }),
-  secrets: (id: number) =>
-    request<AccountSecretsResp>({ url: `/accounts/${id}/secrets`, method: 'GET' }),
-  batchRefresh: (provider?: 'gpt' | 'grok' | '', page = 1, pageSize = 50) =>
-    request<AccountBatchRefreshResp>({
-      url: '/accounts/batch-refresh',
-      method: 'POST',
-      data: { provider: provider ?? '', page, page_size: pageSize },
-    }),
-  batchProbe: (provider?: 'gpt' | 'grok' | '', page = 1, pageSize = 20) =>
-    request<{
-      probed: number;
-      failed_ids: number[];
-      page: number;
-      page_size: number;
-      total: number;
-      has_more: boolean;
-      next_page?: number;
-    }>({
-      url: '/accounts/batch-probe',
-      method: 'POST',
-      data: { provider: provider ?? '', page, page_size: pageSize },
-    }),
-  batchDelete: (ids: number[]) =>
-    request<AccountBulkOpResult>({
-      url: '/accounts/batch-delete',
-      method: 'POST',
-      data: { ids },
-    }),
-  purge: (body: AccountPurgeBody) =>
-    request<AccountBulkOpResult>({
-      url: '/accounts/purge',
-      method: 'POST',
-      data: body,
-    }),
-};
-
-export const cdkApi = {
-  createBatch: (body: CDKCreateBatchBody) =>
-    request<CDKCreateBatchResp>({
-      url: '/cdk/batches',
-      method: 'POST',
-      data: body,
-    }),
-};
-
-// ==================== 代理 ====================
-
-export interface ProxyListQuery {
-  status?: 0 | 1;
-  keyword?: string;
-  page?: number;
-  page_size?: number;
-}
-
-export const proxiesApi = {
-  list: (q: ProxyListQuery = {}) =>
-    request<PageData<ProxyItem>>({ url: '/proxies', method: 'GET', params: q }),
-  create: (body: ProxyCreateBody) =>
-    request<{ id: number }>({ url: '/proxies', method: 'POST', data: body }),
-  update: (id: number, body: ProxyUpdateBody) =>
-    request<void>({ url: `/proxies/${id}`, method: 'PUT', data: body }),
-  remove: (id: number) =>
-    request<void>({ url: `/proxies/${id}`, method: 'DELETE' }),
-  test: (id: number) =>
-    request<ProxyTestResp>({ url: `/proxies/${id}/test`, method: 'POST' }),
-};
-
-// ==================== 系统配置 ====================
-
-export const systemApi = {
-  get: () => request<SystemSettings>({ url: '/system/settings', method: 'GET' }),
-  update: (kv: Partial<SystemSettings>) =>
-    request<{ updated: number }>({
-      url: '/system/settings',
-      method: 'PUT',
-      data: kv,
-    }),
-  cacheStats: () =>
-    request<{ root: string; files: number; bytes: number }>({ url: '/system/cache', method: 'GET' }),
-  cleanCache: (body: { days?: number; all?: boolean }) =>
-    request<{ deleted_files: number; deleted_bytes: number; remain_bytes: number }>({
-      url: '/system/cache',
-      method: 'DELETE',
-      data: body,
-    }),
-};
diff --git a/frontend/apps/admin/src/lib/types.ts b/frontend/apps/admin/src/lib/types.ts
deleted file mode 100644
index 63bf5266..00000000
--- a/frontend/apps/admin/src/lib/types.ts
+++ /dev/null
@@ -1,494 +0,0 @@
-// 后台管理 - 与后端 dto / response 对齐的前端类型。
-// 注意：所有 *_points / points 字段单位为「点 *100」，展示请除以 100。
-
-export interface ApiBody<T> {
-  code: number;
-  msg: string;
-  data?: T;
-  trace_id?: string;
-}
-
-export interface PageData<T> {
-  list: T[];
-  total: number;
-  page: number;
-  page_size: number;
-}
-
-export interface AdminLoginResp {
-  id: number;
-  username: string;
-  nickname: string;
-  role_id: number;
-  token: {
-    access_token: string;
-    refresh_token: string;
-    token_type: string;
-    access_expire_in: number;
-    refresh_expire_in: number;
-  };
-}
-
-export interface AdminMe {
-  id: number;
-  username: string;
-  nickname: string;
-  email?: string;
-  role_id: number;
-  role_code: string;
-  role_name: string;
-}
-
-/** 账号池条目 */
-export interface AdminUserItem {
-  id: number;
-  uuid: string;
-  email?: string;
-  phone?: string;
-  username?: string;
-  avatar?: string;
-  points: number;
-  frozen_points: number;
-  total_recharge: number;
-  plan_code: string;
-  plan_expire_at?: number;
-  inviter_id?: number;
-  invite_code: string;
-  status: 0 | 1 | number;
-  register_ip?: string;
-  last_login_at?: number;
-  last_login_ip?: string;
-  created_at: number;
-  updated_at: number;
-}
-
-export interface AdminUserCreateBody {
-  account: string;
-  password: string;
-  username?: string;
-  points?: number;
-  status?: 0 | 1;
-}
-
-export interface AdminUserUpdateBody {
-  email?: string | null;
-  phone?: string | null;
-  username?: string | null;
-  avatar?: string | null;
-  password?: string;
-  status?: 0 | 1;
-  plan_code?: string;
-  plan_expire_at?: number | null;
-}
-
-export interface AdminUserAdjustPointsBody {
-  action: 'recharge' | 'deduct';
-  points: number;
-  remark?: string;
-}
-
-export interface AdminUserAdjustPointsResp {
-  points_before: number;
-  points_after: number;
-}
-
-export interface AdminGenerationLogItem {
-  task_id: string;
-  created_at: number;
-  user_id: number;
-  user_label: string;
-  api_key_id?: number;
-  key_label?: string;
-  kind: 'image' | 'video' | string;
-  model_code: string;
-  prompt: string;
-  status: 0 | 1 | 2 | 3 | 4 | number;
-  duration_ms?: number;
-  cost_points: number;
-  preview_url?: string;
-  error?: string;
-}
-
-export interface AdminGenerationLogPurgeResp {
-  deleted: number;
-}
-
-export interface AdminGenerationUpstreamLogItem {
-  id: number;
-  task_id: string;
-  provider: string;
-  account_id?: number;
-  stage: string;
-  method?: string;
-  url?: string;
-  status_code: number;
-  duration_ms: number;
-  request_excerpt?: string;
-  response_excerpt?: string;
-  error?: string;
-  meta?: string;
-  created_at: number;
-}
-
-export interface AdminWalletLogItem {
-  id: number;
-  created_at: number;
-  user_id: number;
-  user_label: string;
-  direction: 1 | -1 | number;
-  biz_type: string;
-  biz_id: string;
-  points: number;
-  points_before: number;
-  points_after: number;
-  remark?: string;
-}
-
-export interface AdminPromoItem {
-  id: number;
-  code: string;
-  name: string;
-  discount_type: 1 | 2 | 3 | number;
-  discount_val: number;
-  min_amount: number;
-  apply_to: string;
-  total_qty: number;
-  used_qty: number;
-  per_user_limit: number;
-  start_at: number;
-  end_at: number;
-  status: 0 | 1 | number;
-  created_at: number;
-  updated_at: number;
-}
-
-export interface AdminPromoBody {
-  code?: string;
-  name?: string;
-  discount_type?: 1 | 2 | 3;
-  discount_val?: number;
-  min_amount?: number;
-  apply_to?: string;
-  total_qty?: number;
-  per_user_limit?: number;
-  start_at?: number;
-  end_at?: number;
-  status?: 0 | 1;
-}
-
-export interface DashboardProviderRow {
-  provider: string;
-  total: number;
-  enabled: number;
-  available: number;
-  broken: number;
-  test_ok: number;
-  quota_remaining: number;
-  quota_total: number;
-  quota_used: number;
-  success_count: number;
-  error_count: number;
-}
-
-export interface DashboardRecentTask {
-  task_id: string;
-  created_at: number;
-  user_label: string;
-  kind: 'image' | 'video' | string;
-  model_code: string;
-  count: number;
-  status: number;
-  cost_points: number;
-}
-
-export interface DashboardTrendPoint {
-  date: string;
-  generated: number;
-  cost_points: number;
-}
-
-export interface DashboardOverviewResp {
-  generated_today: number;
-  generated_total: number;
-  image_today: number;
-  image_total: number;
-  video_today: number;
-  video_total: number;
-  text_tokens_today: number;
-  text_tokens_total: number;
-  cost_points_today: number;
-  cost_points_total: number;
-  wallet_spend_today: number;
-  wallet_spend_total: number;
-  users_total: number;
-  users_today: number;
-  active_users_today: number;
-  success_rate_today: number;
-  account_providers: DashboardProviderRow[];
-  recent_generations: DashboardRecentTask[];
-  trend: DashboardTrendPoint[];
-}
-
-export interface AccountItem {
-  id: number;
-  provider: 'gpt' | 'grok' | string;
-  name: string;
-  auth_type: 'api_key' | 'cookie' | 'oauth' | string;
-  credential_mask: string;
-  base_url?: string;
-  proxy_id?: number;
-  weight: number;
-  rpm_limit: number;
-  tpm_limit: number;
-  daily_quota: number;
-  monthly_quota: number;
-  /** -1 软删 / 0 禁用 / 1 启用 / 2 熔断 */
-  status: -1 | 0 | 1 | 2 | number;
-  cooldown_until?: number;
-  last_used_at?: number;
-  last_error?: string;
-  error_count: number;
-  success_count: number;
-  remark?: string;
-  /** OAuth 状态 */
-  has_refresh_token?: boolean;
-  has_access_token?: boolean;
-  access_token_expire_at?: number;
-  last_refresh_at?: number;
-  /** 最近一次连通性测试 */
-  last_test_at?: number;
-  /** 0 未测 / 1 OK / 2 FAIL */
-  last_test_status?: 0 | 1 | 2 | number;
-  last_test_latency_ms?: number;
-  last_test_error?: string;
-  plan_type?: string;
-  default_model?: string;
-  image_quota_remaining?: number;
-  image_quota_total?: number;
-  image_quota_reset_at?: number;
-  created_at: number;
-  updated_at: number;
-}
-
-/** 账号连通性测试结果 */
-export interface AccountTestResp {
-  ok: boolean;
-  latency_ms: number;
-  error?: string;
-  plan_type?: string;
-  default_model?: string;
-  image_quota_remaining?: number;
-  image_quota_total?: number;
-  image_quota_reset_at?: number;
-}
-
-/** OAuth 刷新结果 */
-export interface AccountRefreshResp {
-  ok: boolean;
-  expires_in?: number;
-  refreshed_at: number;
-  has_refresh_token: boolean;
-}
-
-/** 批量刷新结果 */
-export interface AccountBatchRefreshResp {
-  refreshed: number;
-  failed_ids: number[];
-  page: number;
-  page_size: number;
-  total: number;
-  has_more: boolean;
-  next_page?: number;
-}
-
-/** 创建账号入参（明文，后端加密）；OAuth 可与 sora2ok 一致拆 AT/RT/ST/client_id。 */
-export interface AccountCreateBody {
-  provider: 'gpt' | 'grok';
-  name: string;
-  auth_type: 'api_key' | 'cookie' | 'oauth';
-  /** api_key / cookie 必填；oauth 可与 access_token / refresh_token 组合 */
-  credential?: string;
-  access_token?: string;
-  refresh_token?: string;
-  session_token?: string;
-  client_id?: string;
-  base_url?: string;
-  /** 绑定代理 ID；0/undefined = 不绑定 */
-  proxy_id?: number;
-  weight?: number;
-  rpm_limit?: number;
-  tpm_limit?: number;
-  daily_quota?: number;
-  monthly_quota?: number;
-  remark?: string;
-}
-
-/** POST /accounts/batch-delete、/accounts/purge 响应 */
-export interface AccountBulkOpResult {
-  deleted: number;
-}
-
-export interface AccountPurgeBody {
-  scope: 'all' | 'invalid' | 'zero_quota';
-  provider?: 'gpt' | 'grok';
-  confirm?: string;
-}
-
-/** 单个账号的明文凭证（管理员编辑面板回显用，解密失败为空串） */
-export interface AccountSecretsResp {
-  credential?: string;
-  access_token?: string;
-  refresh_token?: string;
-  session_token?: string;
-  client_id?: string;
-}
-
-export interface AccountUpdateBody {
-  name?: string;
-  credential?: string;
-  /** OAuth 账号专用：单独替换三件套（空字符串表示清空对应列） */
-  access_token?: string;
-  refresh_token?: string;
-  session_token?: string;
-  client_id?: string;
-  base_url?: string;
-  /** 绑定代理 ID；0 = 不绑定 */
-  proxy_id?: number;
-  weight?: number;
-  rpm_limit?: number;
-  tpm_limit?: number;
-  daily_quota?: number;
-  monthly_quota?: number;
-  status?: -1 | 0 | 1 | 2;
-  remark?: string;
-}
-
-/** sub2api / Codex 导出 JSON 中单条账号 */
-export interface Sub2APIAccountItem {
-  name?: string;
-  platform?: string;
-  type?: string;
-  priority?: number;
-  concurrency?: number;
-  credentials?: {
-    access_token?: string;
-    refresh_token?: string;
-    client_id?: string;
-    id_token?: string;
-    email?: string;
-    chatgpt_account_id?: string;
-    chatgpt_user_id?: string;
-    organization_id?: string;
-    plan_type?: string;
-  };
-}
-
-export interface AccountBatchImportBody {
-  /** 默认 lines；sub2api 为 JSON 分片导入 */
-  format?: 'lines' | 'sub2api';
-  provider: 'gpt' | 'grok';
-  /** lines 模式必填 */
-  auth_type?: 'api_key' | 'cookie' | 'oauth';
-  base_url?: string;
-  /** 默认绑定代理 ID；0/undefined = 不绑定 */
-  proxy_id?: number;
-  weight?: number;
-  /**
-   * lines：一行一条；支持 `<name>@@<credential>` / `<credential>@<base_url>` / `<credential>`。
-   */
-  text?: string;
-  /** sub2api：当前分片的账号列表（建议每批 ≤500） */
-  accounts?: Sub2APIAccountItem[];
-}
-
-/** POST /accounts/import 响应 */
-export interface AccountBatchImportResult {
-  imported: number;
-  skipped: number;
-}
-
-export interface PoolStatsResp {
-  pool: Record<string, number>;
-}
-export interface CDKCreateBatchBody {
-  batch_no: string;
-  name: string;
-  /** 单码价值（后端 *100，传 *100 后的整数） */
-  points: number;
-  qty: number;
-  per_user_limit?: number;
-  /** unix 秒；0/不传 = 永不过期 */
-  expire_at?: number;
-}
-
-export interface CDKCreateBatchResp {
-  id: number;
-  batch_no: string;
-  total_qty: number;
-}
-
-// ==================== 代理 ====================
-
-export interface ProxyItem {
-  id: number;
-  name: string;
-  protocol: 'http' | 'https' | 'socks5' | 'socks5h' | string;
-  host: string;
-  port: number;
-  username?: string;
-  has_password: boolean;
-  /** 0 禁用 / 1 启用 */
-  status: 0 | 1 | number;
-  last_check_at?: number;
-  /** 0 未测 / 1 OK / 2 FAIL */
-  last_check_ok: 0 | 1 | 2 | number;
-  last_check_ms: number;
-  last_error?: string;
-  remark?: string;
-  created_at: number;
-  updated_at: number;
-}
-
-export interface ProxyCreateBody {
-  name: string;
-  protocol: 'http' | 'https' | 'socks5' | 'socks5h';
-  host: string;
-  port: number;
-  username?: string;
-  password?: string;
-  remark?: string;
-}
-
-export interface ProxyUpdateBody {
-  name?: string;
-  protocol?: 'http' | 'https' | 'socks5' | 'socks5h';
-  host?: string;
-  port?: number;
-  username?: string;
-  password?: string;
-  status?: 0 | 1;
-  remark?: string;
-}
-
-export interface ProxyTestResp {
-  ok: boolean;
-  latency_ms: number;
-  error?: string;
-}
-
-// ==================== 系统配置 ====================
-
-/** 已知 key（前端只列展示需要的，未列的也允许保存） */
-export interface SystemSettings {
-  /** 是否启用全局代理 */
-  'proxy.global_enabled'?: boolean;
-  /** 全局代理 ID（0 表示不启用） */
-  'proxy.global_id'?: number;
-  /** OAuth access_token 距过期 N 小时内自动刷新 */
-  'oauth.refresh_before_hours'?: number;
-  /** OpenAI Codex CLI client_id */
-  'oauth.openai_client_id'?: string;
-  /** OpenAI OAuth Token Endpoint */
-  'oauth.openai_token_url'?: string;
-  [key: string]: unknown;
-}
diff --git a/frontend/apps/admin/src/main.tsx b/frontend/apps/admin/src/main.tsx
deleted file mode 100644
index fd72ae80..00000000
--- a/frontend/apps/admin/src/main.tsx
+++ /dev/null
@@ -1,36 +0,0 @@
-import React from 'react';
-import ReactDOM from 'react-dom/client';
-import { BrowserRouter } from 'react-router-dom';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-
-import App from './App';
-import { setUnauthorizedHandler } from './lib/api';
-import { useAuthStore } from './stores/auth';
-import { toast } from './stores/toast';
-import '@kleinai/theme/tokens.css';
-import '@kleinai/theme/animations.css';
-import './index.css';
-
-const qc = new QueryClient({
-  defaultOptions: {
-    queries: { retry: 1, refetchOnWindowFocus: false, staleTime: 30_000 },
-  },
-});
-
-setUnauthorizedHandler(() => {
-  useAuthStore.getState().logout();
-  toast.error('登录已过期，请重新登录');
-  if (typeof window !== 'undefined' && !window.location.pathname.endsWith('/login')) {
-    window.location.href = '/login';
-  }
-});
-
-ReactDOM.createRoot(document.getElementById('root') as HTMLElement).render(
-  <React.StrictMode>
-    <QueryClientProvider client={qc}>
-      <BrowserRouter>
-        <App />
-      </BrowserRouter>
-    </QueryClientProvider>
-  </React.StrictMode>,
-);
diff --git a/frontend/apps/admin/src/pages/_placeholder.tsx b/frontend/apps/admin/src/pages/_placeholder.tsx
deleted file mode 100644
index edf73a99..00000000
--- a/frontend/apps/admin/src/pages/_placeholder.tsx
+++ /dev/null
@@ -1,32 +0,0 @@
-import { Construction } from 'lucide-react';
-
-interface Props {
-  title: string;
-  desc: string;
-  hint?: string;
-}
-
-export function PlaceholderPage({ title, desc, hint }: Props) {
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">{title}</h1>
-          <p className="page-subtitle">{desc}</p>
-        </div>
-      </header>
-
-      <div className="card">
-        <div className="empty-state">
-          <div className="empty-state-icon">
-            <Construction size={28} />
-          </div>
-          <p className="empty-state-title">该模块开发中</p>
-          <p className="empty-state-desc">
-            {hint ?? '正在对接对应 admin API；上线后会替换此处占位界面，请稍候。'}
-          </p>
-        </div>
-      </div>
-    </div>
-  );
-}
diff --git a/frontend/apps/admin/src/pages/accounts/TokenAccountsPage.tsx b/frontend/apps/admin/src/pages/accounts/TokenAccountsPage.tsx
deleted file mode 100644
index 33d83751..00000000
--- a/frontend/apps/admin/src/pages/accounts/TokenAccountsPage.tsx
+++ /dev/null
@@ -1,1766 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import {
-  Plus, Upload, RefreshCw, Trash2, Power, Activity, RotateCw, CheckCircle2, XCircle, Clock,
-  ChevronDown, ChevronUp, AlertCircle, Pencil,
-  ChevronLeft, ChevronRight, ChevronsLeft, ChevronsRight,
-} from 'lucide-react';
-import { useEffect, useMemo, useRef, useState } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { fmtNumber, fmtRelative, fmtTime, statusLabel } from '../../lib/format';
-import { accountsApi, proxiesApi } from '../../lib/services';
-import type {
-  AccountBatchImportBody,
-  AccountCreateBody,
-  AccountItem,
-  AccountPurgeBody,
-  AccountUpdateBody,
-  ProxyItem,
-  Sub2APIAccountItem,
-} from '../../lib/types';
-import { toast } from '../../stores/toast';
-
-/** 把用户可能漏 scheme 的 host 自动补成 https://；空字符串保持空 */
-function normalizeBaseURL(s?: string): string | undefined {
-  const v = (s || '').trim();
-  if (!v) return undefined;
-  if (/^https?:\/\//i.test(v)) return v;
-  return `https://${v}`;
-}
-
-/** 默认 auth_type：GPT 走 OAuth (AT/RT/ST)；GROK 走 SSO Token。 */
-function defaultAuthType(provider: 'gpt' | 'grok'): 'api_key' | 'oauth' | 'cookie' {
-  return provider === 'gpt' ? 'oauth' : 'cookie';
-}
-
-const TONE_CLS: Record<'ok' | 'warn' | 'err' | 'mute', string> = {
-  ok: 'badge badge-success',
-  warn: 'badge badge-warning',
-  err: 'badge badge-danger',
-  mute: 'badge',
-};
-
-function testLabel(s?: number): { label: string; cls: string; icon: typeof CheckCircle2 } {
-  switch (s) {
-    case 1: return { label: 'OK',   cls: 'text-success', icon: CheckCircle2 };
-    case 2: return { label: 'FAIL', cls: 'text-danger',  icon: XCircle };
-    default: return { label: '未测', cls: 'text-text-tertiary', icon: Clock };
-  }
-}
-
-function expireState(expSec?: number): { label: string; detail: string; cls: string } {
-  if (!expSec) return { label: '未设置', detail: '未设置到期时间', cls: 'text-text-tertiary' };
-  const expIn = expSec - Date.now() / 1000;
-  if (expIn <= 0) return { label: '已过期', detail: fmtTime(expSec), cls: 'text-danger' };
-  if (expIn < 3600) return { label: `${Math.max(1, Math.floor(expIn / 60))} 分钟`, detail: fmtTime(expSec), cls: 'text-warning' };
-  if (expIn < 86400) return { label: `${Math.floor(expIn / 3600)} 小时`, detail: fmtTime(expSec), cls: 'text-warning' };
-  return { label: `${Math.floor(expIn / 86400)} 天`, detail: fmtTime(expSec), cls: 'text-text-secondary' };
-}
-
-/** 调度状态 + 最近错误/连通结果，用于列表「状态」列（避免启用仍显示「正常」）。 */
-function accountRowStatus(r: AccountItem): { label: string; tone: 'ok' | 'warn' | 'err' | 'mute' } {
-  const base = statusLabel(r.status);
-  if (r.status !== 1) {
-    return { label: base.label, tone: base.tone };
-  }
-  const le = (r.last_error || '').trim();
-  const te = (r.last_test_error || '').trim();
-  const testFail = r.last_test_status === 2;
-  if (le || testFail || te) {
-    return { label: '异常', tone: 'err' };
-  }
-  return { label: base.label, tone: base.tone };
-}
-
-export default function TokenAccountsPage() {
-  const qc = useQueryClient();
-
-  const [provider, setProvider] = useState<'all' | 'gpt' | 'grok'>('all');
-  const [keyword, setKeyword] = useState('');
-  const [page, setPage] = useState(1);
-  const [pageSize, setPageSize] = useState<number>(10);
-  const PAGE_SIZE_OPTIONS = [10, 20, 50, 100, 1000];
-
-  const [openCreate, setOpenCreate] = useState(false);
-  const [openImport, setOpenImport] = useState(false);
-  const [editTarget, setEditTarget] = useState<AccountItem | null>(null);
-
-  const query = useMemo(
-    () => ({
-      provider: provider === 'all' ? undefined : provider,
-      keyword: keyword || undefined,
-      page,
-      page_size: pageSize,
-    }),
-    [provider, keyword, page, pageSize],
-  );
-
-  const list = useQuery({
-    queryKey: ['admin', 'accounts', 'list', query],
-    queryFn: () => accountsApi.list(query),
-  });
-
-  const refresh = () => {
-    qc.invalidateQueries({ queryKey: ['admin', 'accounts'] });
-    qc.invalidateQueries({ queryKey: ['admin', 'pool', 'stats'] });
-  };
-
-  const toggleStatus = useMutation({
-    mutationFn: ({ id, status }: { id: number; status: 0 | 1 }) =>
-      accountsApi.update(id, { status }),
-    onSuccess: () => {
-      refresh();
-      toast.success('已更新');
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const remove = useMutation({
-    mutationFn: (id: number) => accountsApi.remove(id),
-    onSuccess: () => {
-      refresh();
-      toast.success('已删除');
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const testMut = useMutation({
-    mutationFn: (id: number) => accountsApi.test(id),
-    onSuccess: (r) => {
-      refresh();
-      if (r.ok) {
-        toast.success(`连通正常 · ${r.latency_ms}ms`);
-      } else {
-        toast.error(`不可用：${r.error || '未知错误'}`);
-      }
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const refreshOAuthMut = useMutation({
-    mutationFn: (id: number) => accountsApi.refresh(id),
-    onSuccess: (r) => {
-      refresh();
-      const ttl = r.expires_in ? `，有效期 ${Math.floor(r.expires_in / 3600)}h` : '';
-      toast.success(`已刷新 access_token${ttl}`);
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const batchRefresh = useMutation({
-    mutationFn: async (p: 'gpt' | 'grok' | '') => {
-      let page = 1;
-      let refreshed = 0;
-      const failed_ids: number[] = [];
-      let total = 0;
-      const batchPageSize = Math.min(Math.max(pageSize, 1), 1000);
-      for (;;) {
-        const r = await accountsApi.batchRefresh(p || undefined, page, batchPageSize);
-        refreshed += r.refreshed;
-        failed_ids.push(...r.failed_ids);
-        total = r.total || total;
-        if (r.has_more && r.next_page) {
-          page = r.next_page;
-          continue;
-        }
-        if (total > 0 && page * batchPageSize < total) {
-          page += 1;
-          continue;
-        }
-        break;
-      }
-      return { refreshed, failed_ids };
-    },
-    onSuccess: (r) => {
-      refresh();
-      toast.success(`已刷新 ${r.refreshed} 个 OAuth 账号${r.failed_ids.length ? `，失败 ${r.failed_ids.length}` : ''}`);
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const batchProbe = useMutation({
-    mutationFn: async (p: 'gpt' | 'grok' | '') => {
-      let page = 1;
-      let probed = 0;
-      const failed_ids: number[] = [];
-      const batchPageSize = Math.min(Math.max(pageSize, 1), 1000);
-      let total = 0;
-      for (;;) {
-        const r = await accountsApi.batchProbe(p || undefined, page, batchPageSize);
-        probed += r.probed;
-        failed_ids.push(...r.failed_ids);
-        total = r.total || total;
-        if (r.has_more && r.next_page) {
-          page = r.next_page;
-          continue;
-        }
-        if (total > 0 && page * batchPageSize < total) {
-          page += 1;
-          continue;
-        }
-        break;
-      }
-      return { probed, failed_ids };
-    },
-    onSuccess: (r) => {
-      refresh();
-      toast.success(`已检测 ${r.probed} 个账号用量${r.failed_ids.length ? `，失败 ${r.failed_ids.length} 个` : ''}`);
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const total = list.data?.total ?? 0;
-  const items: AccountItem[] = list.data?.list ?? [];
-  const lastPage = Math.max(1, Math.ceil(total / pageSize));
-
-  const [selected, setSelected] = useState<Set<number>>(new Set());
-
-  useEffect(() => {
-    setSelected(new Set());
-  }, [provider, keyword]);
-
-  const toggleSelect = (id: number) => {
-    setSelected((prev) => {
-      const next = new Set(prev);
-      if (next.has(id)) next.delete(id);
-      else next.add(id);
-      return next;
-    });
-  };
-
-  const toggleSelectPage = () => {
-    const pageIds = items.map((r) => r.id);
-    const allOn = pageIds.length > 0 && pageIds.every((id) => selected.has(id));
-    setSelected((prev) => {
-      const next = new Set(prev);
-      if (allOn) {
-        pageIds.forEach((id) => next.delete(id));
-      } else {
-        pageIds.forEach((id) => next.add(id));
-      }
-      return next;
-    });
-  };
-
-  const batchDeleteMut = useMutation({
-    mutationFn: (ids: number[]) => accountsApi.batchDelete(ids),
-    onSuccess: (r) => {
-      refresh();
-      setSelected(new Set());
-      toast.success(`已删除 ${r.deleted} 条`);
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const purgeMut = useMutation({
-    mutationFn: (b: AccountPurgeBody) => accountsApi.purge(b),
-    onSuccess: (r) => {
-      refresh();
-      setSelected(new Set());
-      toast.success(`已清理 ${r.deleted} 条`);
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const purgeProvider = provider === 'all' ? undefined : provider;
-
-  const pageIds = items.map((r) => r.id);
-  const pageAllSelected = pageIds.length > 0 && pageIds.every((id) => selected.has(id));
-  const headerCbRef = useRef<HTMLInputElement | null>(null);
-  const [bulkOpen, setBulkOpen] = useState(false);
-  const [purgeAllOpen, setPurgeAllOpen] = useState(false);
-  const bulkWrapRef = useRef<HTMLDivElement | null>(null);
-  useEffect(() => {
-    if (!bulkOpen) return;
-    const onDocClick = (e: MouseEvent) => {
-      if (!bulkWrapRef.current) return;
-      if (!bulkWrapRef.current.contains(e.target as Node)) setBulkOpen(false);
-    };
-    const onKey = (e: KeyboardEvent) => {
-      if (e.key === 'Escape') setBulkOpen(false);
-    };
-    document.addEventListener('mousedown', onDocClick);
-    document.addEventListener('keydown', onKey);
-    return () => {
-      document.removeEventListener('mousedown', onDocClick);
-      document.removeEventListener('keydown', onKey);
-    };
-  }, [bulkOpen]);
-
-  useEffect(() => {
-    const el = headerCbRef.current;
-    if (!el) return;
-    const some = pageIds.some((id) => selected.has(id));
-    el.indeterminate = some && !pageAllSelected;
-  }, [pageIds, selected, pageAllSelected]);
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">Token 管理</h1>
-          <p className="page-subtitle">GPT / GROK 账号池</p>
-        </div>
-        <div className="flex flex-wrap items-center gap-1.5">
-          <button className="btn btn-outline btn-sm" onClick={refresh} title="刷新列表">
-            <RefreshCw size={14} /> 刷新
-          </button>
-          <button
-            className="btn btn-outline btn-sm"
-            onClick={() => batchRefresh.mutate(provider === 'all' ? '' : provider)}
-            disabled={batchRefresh.isPending}
-            title="按当前 Tab 批量刷新 OAuth"
-          >
-            <RotateCw size={14} className={batchRefresh.isPending ? 'animate-spin' : ''} />
-            {batchRefresh.isPending ? '刷新中…' : '批量刷新OAuth'}
-          </button>
-          <button
-            className="btn btn-outline btn-sm"
-            onClick={() => batchProbe.mutate(provider === 'all' ? '' : provider)}
-            disabled={batchProbe.isPending}
-            title="按当前 Tab 批量检测账号用量/额度"
-          >
-            <Activity size={14} className={batchProbe.isPending ? 'animate-pulse' : ''} />
-            {batchProbe.isPending ? '检测中…' : '批量检测用量'}
-          </button>
-          <button className="btn btn-outline btn-sm" onClick={() => setOpenImport(true)}>
-            <Upload size={14} /> 导入
-          </button>
-          <div ref={bulkWrapRef} className="relative">
-            <button
-              type="button"
-              className="btn btn-outline btn-sm gap-1"
-              disabled={batchDeleteMut.isPending || purgeMut.isPending}
-              aria-haspopup="menu"
-              aria-expanded={bulkOpen}
-              onClick={() => setBulkOpen((v) => !v)}
-            >
-              <Trash2 size={14} />
-              删除
-              <ChevronDown
-                size={14}
-                className={`opacity-60 transition-transform ${bulkOpen ? 'rotate-180' : ''}`}
-              />
-            </button>
-            {bulkOpen && (
-              <div
-                role="menu"
-                className="card card-elevated absolute right-0 mt-2 z-[90] w-[18rem] overflow-hidden p-1.5 shadow-xl klein-fade-in"
-              >
-                <div className="px-2.5 py-2">
-                  <div className="text-small font-semibold text-text-primary">批量删除</div>
-                  <div className="text-tiny text-text-tertiary mt-0.5">
-                    作用范围：{provider === 'all' ? '全部账号' : provider.toUpperCase()}
-                  </div>
-                </div>
-                <button
-                  type="button"
-                  role="menuitem"
-                  className="btn btn-ghost btn-sm w-full justify-between gap-2"
-                  disabled={selected.size === 0 || batchDeleteMut.isPending}
-                  onClick={() => {
-                    setBulkOpen(false);
-                    if (selected.size === 0) return;
-                    if (!confirm(`软删除选中的 ${selected.size} 条？`)) return;
-                    batchDeleteMut.mutate([...selected]);
-                  }}
-                >
-                  <span className="inline-flex items-center gap-2">
-                    <CheckCircle2 size={14} className="text-text-secondary" />
-                    删除选中
-                  </span>
-                  <span className="badge badge-outline">{selected.size}</span>
-                </button>
-                <button
-                  type="button"
-                  role="menuitem"
-                  className="btn btn-ghost btn-sm w-full justify-start gap-2"
-                  disabled={purgeMut.isPending}
-                  onClick={() => {
-                    setBulkOpen(false);
-                    if (!confirm('删除禁用、熔断或测试失败的账号？')) return;
-                    purgeMut.mutate({ scope: 'invalid', provider: purgeProvider });
-                  }}
-                >
-                  <XCircle size={14} className="text-danger" />
-                  删除错误
-                </button>
-                <button
-                  type="button"
-                  role="menuitem"
-                  className="btn btn-ghost btn-sm w-full justify-start gap-2"
-                  disabled={purgeMut.isPending}
-                  onClick={() => {
-                    setBulkOpen(false);
-                    if (!confirm('删除已检测且剩余额度为 0 的账号？未检测账号不会被删除。')) return;
-                    purgeMut.mutate({ scope: 'zero_quota', provider: purgeProvider });
-                  }}
-                >
-                  <AlertCircle size={14} className="text-warning" />
-                  删除0额度
-                </button>
-                <div className="my-1 h-px bg-border" />
-                <button
-                  type="button"
-                  role="menuitem"
-                  className="btn btn-danger-ghost btn-sm w-full justify-start gap-2"
-                  disabled={purgeMut.isPending}
-                  onClick={() => {
-                    setBulkOpen(false);
-                    setPurgeAllOpen(true);
-                  }}
-                >
-                  <Trash2 size={14} />
-                  删除全部
-                </button>
-              </div>
-            )}
-          </div>
-          <button className="btn btn-primary btn-sm" onClick={() => setOpenCreate(true)}>
-            <Plus size={16} /> 新增
-          </button>
-        </div>
-      </header>
-
-      {/* 筛选 */}
-      <div className="card card-section flex flex-wrap items-center gap-2 !py-2">
-        <div className="tabs">
-          {(['all', 'gpt', 'grok'] as const).map((p) => (
-            <button
-              key={p}
-              type="button"
-              className="tab"
-              aria-selected={provider === p}
-              onClick={() => { setProvider(p); setPage(1); }}
-            >
-              {p === 'all' ? '全部' : p.toUpperCase()}
-            </button>
-          ))}
-        </div>
-        <input
-          className="input input-sm flex-1 min-w-[160px]"
-          placeholder="名称 / 备注"
-          value={keyword}
-          onChange={(e) => { setKeyword(e.target.value); setPage(1); }}
-        />
-        <span className="text-tiny text-text-tertiary whitespace-nowrap">
-          共 <span className="text-text-secondary tabular-nums font-medium">{fmtNumber(total)}</span> 条
-        </span>
-      </div>
-
-      {/* 表格 */}
-      <div className="card overflow-x-auto">
-        <table className="data-table min-w-[1180px]">
-          <thead>
-            <tr>
-              <th className="w-10">
-                <input
-                  ref={headerCbRef}
-                  type="checkbox"
-                  className="rounded border-border"
-                  checked={pageAllSelected}
-                  onChange={toggleSelectPage}
-                  disabled={list.isLoading || items.length === 0}
-                  title="全选当前页"
-                />
-              </th>
-              <th>名称</th>
-              <th>Provider</th>
-              <th>状态</th>
-              <th>凭证 / 最近测试</th>
-              <th>用量</th>
-              <th>到期时间</th>
-              <th>操作</th>
-            </tr>
-          </thead>
-          <tbody>
-            {list.isLoading && (
-              <tr>
-                <td colSpan={8} className="text-center text-text-tertiary text-small py-10">加载中…</td>
-              </tr>
-            )}
-            {!list.isLoading && items.length === 0 && (
-              <tr>
-                <td colSpan={8}>
-                  <div className="empty-state">
-                    <p className="empty-state-title">暂无账号</p>
-                    <p className="empty-state-desc">点击右上角【新增账号】或【批量导入】开始。</p>
-                  </div>
-                </td>
-              </tr>
-            )}
-            {items.map((r) => {
-              const s = accountRowStatus(r);
-              const enabled = r.status === 1;
-              const isOAuth = r.auth_type === 'oauth';
-              const t = testLabel(r.last_test_status);
-              const TestIcon = t.icon;
-              const exp = expireState(r.access_token_expire_at);
-              const lastErr = (r.last_error || '').trim();
-              const testErr = (r.last_test_error || '').trim();
-              const statusErrTip = [lastErr, testErr].filter(Boolean).join('\n\n');
-              const atNeedsAttention =
-                isOAuth && (!r.has_access_token || r.last_test_status === 2 || !!testErr);
-              return (
-                <tr key={r.id}>
-                  <td className="w-10">
-                    <input
-                      type="checkbox"
-                      className="rounded border-border"
-                      checked={selected.has(r.id)}
-                      onChange={() => toggleSelect(r.id)}
-                      aria-label={`选择 ${r.name}`}
-                    />
-                  </td>
-                  <td className="font-medium text-text-primary">
-                    {r.name}
-                    {r.remark && (
-                      <span className="block text-small text-text-tertiary mt-0.5">{r.remark}</span>
-                    )}
-                  </td>
-                  <td className="uppercase text-klein-500 font-semibold">{r.provider}</td>
-                  <td className="whitespace-nowrap">
-                    <span className={TONE_CLS[s.tone]}>{s.label}</span>
-                    {!!statusErrTip && (
-                      <span
-                        className="inline-flex align-middle ml-1 text-danger"
-                        title={statusErrTip}
-                        aria-label={statusErrTip}
-                      >
-                        <AlertCircle size={14} strokeWidth={2} />
-                      </span>
-                    )}
-                  </td>
-                  <td className="text-small">
-                    {isOAuth ? (
-                      <div className="flex flex-col gap-1">
-                        <div className="inline-flex gap-1 items-center">
-                          <span
-                            className={`badge text-tiny ${r.has_refresh_token ? 'badge-success' : 'badge-warning'}`}
-                            title="refresh_token 是否已存"
-                          >
-                            RT {r.has_refresh_token ? '✓' : '✗'}
-                          </span>
-                          <span
-                            className={`badge text-tiny ${
-                              r.has_access_token ? 'badge-success' : atNeedsAttention ? 'badge-warning' : ''
-                            }`}
-                            title="access_token 是否已取得"
-                          >
-                            AT {r.has_access_token ? '✓' : '∅'}
-                          </span>
-                        </div>
-                        <div className={`inline-flex items-center gap-1 flex-wrap ${t.cls}`}>
-                          <TestIcon size={12} />
-                          <span className="text-tiny">
-                            {t.label}
-                            {r.last_test_latency_ms ? ` · ${r.last_test_latency_ms}ms` : ''}
-                          </span>
-                          {r.last_test_at && (
-                            <span className="text-tiny text-text-tertiary">{fmtRelative(r.last_test_at)}</span>
-                          )}
-                          {testErr && (
-                            <span
-                              className="inline-flex text-danger"
-                              title={r.last_test_error}
-                              aria-label={r.last_test_error}
-                            >
-                              <AlertCircle size={12} strokeWidth={2} />
-                            </span>
-                          )}
-                        </div>
-                      </div>
-                    ) : (
-                      <div className={`inline-flex items-center gap-1 flex-wrap ${t.cls}`}>
-                        <TestIcon size={12} />
-                        <span className="text-tiny">
-                          {t.label}
-                          {r.last_test_latency_ms ? ` · ${r.last_test_latency_ms}ms` : ''}
-                        </span>
-                        {r.last_test_at && (
-                          <span className="text-tiny text-text-tertiary">{fmtRelative(r.last_test_at)}</span>
-                        )}
-                        {testErr && (
-                          <span
-                            className="inline-flex text-danger"
-                            title={r.last_test_error}
-                            aria-label={r.last_test_error}
-                          >
-                            <AlertCircle size={12} strokeWidth={2} />
-                          </span>
-                        )}
-                      </div>
-                    )}
-                  </td>
-                  <td className="text-small">
-                    {r.image_quota_total ? (
-                      <span className="text-text-primary">
-                        已用 {fmtNumber(Math.max(0, r.image_quota_total - (r.image_quota_remaining ?? 0)))} / {fmtNumber(r.image_quota_total)}
-                      </span>
-                    ) : typeof r.image_quota_remaining === 'number' ? (
-                      <span className="text-text-secondary">剩余 {fmtNumber(r.image_quota_remaining)} / 总额未知</span>
-                    ) : (
-                      <span className="text-text-tertiary">未检测</span>
-                    )}
-                  </td>
-                  <td className="text-small">
-                    <div className="flex flex-col">
-                      <span className={exp.cls}>{exp.label}</span>
-                      <span className="text-tiny text-text-tertiary">{exp.detail}</span>
-                    </div>
-                  </td>
-                  <td>
-                    <div className="inline-flex gap-1">
-                      <button
-                        className="btn btn-ghost btn-icon btn-sm"
-                        title="测试连通"
-                        onClick={() => testMut.mutate(r.id)}
-                        disabled={testMut.isPending && testMut.variables === r.id}
-                      >
-                        <Activity
-                          size={14}
-                          className={
-                            testMut.isPending && testMut.variables === r.id
-                              ? 'animate-pulse text-klein-500'
-                              : 'text-text-secondary'
-                          }
-                        />
-                      </button>
-                      {isOAuth && (
-                        <button
-                          className="btn btn-ghost btn-icon btn-sm"
-                          title="刷新 access_token"
-                          onClick={() => refreshOAuthMut.mutate(r.id)}
-                          disabled={refreshOAuthMut.isPending && refreshOAuthMut.variables === r.id}
-                        >
-                          <RotateCw
-                            size={14}
-                            className={
-                              refreshOAuthMut.isPending && refreshOAuthMut.variables === r.id
-                                ? 'animate-spin text-klein-500'
-                                : 'text-text-secondary'
-                            }
-                          />
-                        </button>
-                      )}
-                      <button
-                        className="btn btn-ghost btn-icon btn-sm"
-                        title="编辑"
-                        onClick={() => setEditTarget(r)}
-                      >
-                        <Pencil size={14} className="text-text-secondary" />
-                      </button>
-                      <button
-                        className="btn btn-ghost btn-icon btn-sm"
-                        title={enabled ? '禁用' : '启用'}
-                        onClick={() => toggleStatus.mutate({ id: r.id, status: enabled ? 0 : 1 })}
-                      >
-                        <Power size={14} className={enabled ? 'text-success' : 'text-text-tertiary'} />
-                      </button>
-                      <button
-                        className="btn btn-danger-ghost btn-icon btn-sm"
-                        title="删除"
-                        onClick={() => {
-                          if (confirm(`确定删除账号「${r.name}」？`)) {
-                            remove.mutate(r.id);
-                          }
-                        }}
-                      >
-                        <Trash2 size={14} />
-                      </button>
-                    </div>
-                  </td>
-                </tr>
-              );
-            })}
-          </tbody>
-        </table>
-      </div>
-
-      {/* 分页栏 */}
-      <div className="card card-section flex flex-wrap items-center gap-3 !py-2">
-        <div className="flex items-center gap-2 text-small text-text-secondary">
-          <span className="text-text-tertiary">每页</span>
-          <div className="relative">
-            <select
-              className="select select-sm pr-7 min-w-[5rem] tabular-nums"
-              value={pageSize}
-              onChange={(e) => {
-                const n = Number(e.target.value) || 20;
-                setPageSize(n);
-                setPage(1);
-              }}
-              aria-label="每页条数"
-            >
-              {PAGE_SIZE_OPTIONS.map((n) => (
-                <option key={n} value={n}>{n}</option>
-              ))}
-            </select>
-          </div>
-          <span className="text-text-tertiary">条</span>
-        </div>
-
-        <div className="text-small text-text-tertiary tabular-nums">
-          {total === 0
-            ? '0'
-            : `${(page - 1) * pageSize + 1}–${Math.min(page * pageSize, total)} / ${fmtNumber(total)}`}
-        </div>
-
-        <div className="flex items-center gap-1 ml-auto">
-          <button
-            type="button"
-            className="btn btn-outline btn-icon btn-sm"
-            disabled={page <= 1}
-            onClick={() => setPage(1)}
-            title="第一页"
-          >
-            <ChevronsLeft size={14} />
-          </button>
-          <button
-            type="button"
-            className="btn btn-outline btn-icon btn-sm"
-            disabled={page <= 1}
-            onClick={() => setPage((p) => Math.max(1, p - 1))}
-            title="上一页"
-          >
-            <ChevronLeft size={14} />
-          </button>
-          <span className="px-2 text-small text-text-secondary tabular-nums min-w-[3.5rem] text-center">
-            <span className="font-medium text-text-primary">{page}</span>
-            <span className="text-text-tertiary"> / {lastPage}</span>
-          </span>
-          <button
-            type="button"
-            className="btn btn-outline btn-icon btn-sm"
-            disabled={page >= lastPage}
-            onClick={() => setPage((p) => Math.min(lastPage, p + 1))}
-            title="下一页"
-          >
-            <ChevronRight size={14} />
-          </button>
-          <button
-            type="button"
-            className="btn btn-outline btn-icon btn-sm"
-            disabled={page >= lastPage}
-            onClick={() => setPage(lastPage)}
-            title="末页"
-          >
-            <ChevronsRight size={14} />
-          </button>
-        </div>
-      </div>
-
-      {openCreate && (
-        <CreateDialog
-          onClose={() => setOpenCreate(false)}
-          onSuccess={() => {
-            setOpenCreate(false);
-            refresh();
-          }}
-        />
-      )}
-      {openImport && (
-        <ImportDialog
-          onClose={() => setOpenImport(false)}
-          onSuccess={() => {
-            setOpenImport(false);
-            refresh();
-          }}
-        />
-      )}
-      {editTarget && (
-        <EditDialog
-          item={editTarget}
-          onClose={() => setEditTarget(null)}
-          onSuccess={() => {
-            setEditTarget(null);
-            refresh();
-          }}
-        />
-      )}
-      {purgeAllOpen && (
-        <PurgeAllDialog
-          provider={purgeProvider}
-          loading={purgeMut.isPending}
-          onClose={() => setPurgeAllOpen(false)}
-          onConfirm={() => {
-            purgeMut.mutate(
-              {
-                scope: 'all',
-                provider: purgeProvider,
-                confirm: 'DELETE_ALL_ACCOUNTS',
-              },
-              { onSuccess: () => setPurgeAllOpen(false) },
-            );
-          }}
-        />
-      )}
-    </div>
-  );
-}
-
-// ============== Create Dialog ==============
-function CreateDialog({ onClose, onSuccess }: { onClose: () => void; onSuccess: () => void }) {
-  const [body, setBody] = useState<AccountCreateBody>({
-    provider: 'gpt',
-    name: '',
-    auth_type: 'oauth',
-    access_token: '',
-    refresh_token: '',
-    session_token: '',
-    client_id: '',
-    credential: '',
-    base_url: '',
-    proxy_id: undefined,
-    weight: 10,
-    rpm_limit: 0,
-    tpm_limit: 0,
-    daily_quota: 0,
-    monthly_quota: 0,
-    remark: '',
-  });
-  const [showAdvanced, setShowAdvanced] = useState(false);
-
-  const isOAuth = body.auth_type === 'oauth';
-
-  const m = useMutation({
-    mutationFn: (b: AccountCreateBody) => accountsApi.create(b),
-    onSuccess: () => {
-      toast.success('账号已添加');
-      onSuccess();
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  return (
-    <Modal title="新增账号" onClose={onClose}>
-      <form
-        className="space-y-3"
-        onSubmit={(e) => {
-          e.preventDefault();
-          const name = body.name.trim();
-          if (!name) {
-            toast.error('请填写名称');
-            return;
-          }
-          const at = (body.access_token || '').trim();
-          const rt = (body.refresh_token || '').trim();
-          const st = (body.session_token || '').trim();
-          const cid = (body.client_id || '').trim();
-          const cred = (body.credential || '').trim();
-          if (isOAuth) {
-            if (!at && !rt) {
-              toast.error('请至少填写 Access Token 或 Refresh Token');
-              return;
-            }
-          } else if (!cred) {
-            toast.error(body.auth_type === 'cookie' ? '请填写 Grok Token' : '请填写 API Key');
-            return;
-          }
-          const payload: AccountCreateBody = {
-            provider: body.provider,
-            name,
-            auth_type: body.auth_type,
-            base_url: normalizeBaseURL(body.base_url),
-            proxy_id: body.proxy_id && body.proxy_id > 0 ? body.proxy_id : undefined,
-            weight: body.weight ?? 10,
-            rpm_limit: body.rpm_limit && body.rpm_limit > 0 ? body.rpm_limit : undefined,
-            tpm_limit: body.tpm_limit && body.tpm_limit > 0 ? body.tpm_limit : undefined,
-            daily_quota: body.daily_quota && body.daily_quota > 0 ? body.daily_quota : undefined,
-            monthly_quota:
-              body.monthly_quota && body.monthly_quota > 0 ? body.monthly_quota : undefined,
-            remark: body.remark?.trim() || undefined,
-          };
-          if (isOAuth) {
-            if (at) payload.access_token = at;
-            if (rt) payload.refresh_token = rt;
-            if (st) payload.session_token = st;
-            if (cid) payload.client_id = cid;
-          } else {
-            payload.credential = cred;
-          }
-          m.mutate(payload);
-        }}
-      >
-        <div className="grid grid-cols-2 gap-3">
-          <Field label="Provider">
-            <select
-              className="select"
-              value={body.provider}
-              onChange={(e) => {
-                const p = e.target.value as 'gpt' | 'grok';
-                const at = defaultAuthType(p);
-                setBody((s) => ({
-                  ...s,
-                  provider: p,
-                  auth_type: at,
-                  credential: at !== 'oauth' ? s.credential : '',
-                  access_token: at === 'oauth' ? s.access_token : '',
-                  refresh_token: at === 'oauth' ? s.refresh_token : '',
-                  session_token: at === 'oauth' ? s.session_token : '',
-                  client_id: at === 'oauth' ? s.client_id : '',
-                }));
-              }}
-            >
-              <option value="gpt">GPT (生图)</option>
-              <option value="grok">GROK (生视频)</option>
-            </select>
-          </Field>
-          <Field label="名称 / 标签">
-            <input
-              className="input"
-              placeholder={body.provider === 'gpt' ? 'GPT-Acc-001' : 'GROK-Acc-001'}
-              value={body.name}
-              onChange={(e) => setBody((s) => ({ ...s, name: e.target.value }))}
-            />
-          </Field>
-        </div>
-
-        {isOAuth ? (
-          <div className="space-y-3">
-            <Field label="Access Token" hint="必填或与 Refresh Token 至少一项">
-              <textarea
-                className="textarea font-mono text-small min-h-[64px]"
-                placeholder="eyJhbGc..."
-                value={body.access_token || ''}
-                onChange={(e) => setBody((s) => ({ ...s, access_token: e.target.value }))}
-              />
-            </Field>
-            <Field label="Refresh Token" hint="过期后自动刷新 Access Token">
-              <textarea
-                className="textarea font-mono text-small min-h-[64px]"
-                placeholder="可选；建议与 AT 同时提供"
-                value={body.refresh_token || ''}
-                onChange={(e) => setBody((s) => ({ ...s, refresh_token: e.target.value }))}
-              />
-            </Field>
-            <div className="grid grid-cols-1 md:grid-cols-2 gap-3">
-              <Field label="Session Token">
-                <input
-                  className="input font-mono text-small"
-                  placeholder="可选"
-                  value={body.session_token || ''}
-                  onChange={(e) => setBody((s) => ({ ...s, session_token: e.target.value }))}
-                />
-              </Field>
-              <Field label="Client ID">
-                <input
-                  className="input font-mono text-small"
-                  placeholder="留空使用系统默认"
-                  value={body.client_id || ''}
-                  onChange={(e) => setBody((s) => ({ ...s, client_id: e.target.value }))}
-                />
-              </Field>
-            </div>
-          </div>
-        ) : (
-          <Field label={body.auth_type === 'cookie' ? 'Grok Token' : 'API Key'} hint="保存前 AES-256-GCM 加密落库">
-            <textarea
-              className="textarea font-mono text-small min-h-[80px]"
-              placeholder={body.auth_type === 'cookie' ? 'sso=... 或直接粘贴 SSO token' : 'xai-xxxxxxxxxxxxxxxxxxxxxxxx'}
-              value={body.credential || ''}
-              onChange={(e) => setBody((s) => ({ ...s, credential: e.target.value }))}
-            />
-          </Field>
-        )}
-
-        <div className="grid grid-cols-2 gap-3">
-          <Field label="权重" hint="加权轮询时的相对权重，默认 10，范围 1–1000">
-            <input
-              type="number"
-              className="input"
-              min={1}
-              max={1000}
-              value={body.weight ?? 10}
-              onChange={(e) => setBody((s) => ({ ...s, weight: Number(e.target.value) || 10 }))}
-            />
-          </Field>
-          <Field label="备注（可选）">
-            <input
-              className="input"
-              value={body.remark || ''}
-              onChange={(e) => setBody((s) => ({ ...s, remark: e.target.value }))}
-            />
-          </Field>
-        </div>
-
-        {/* 高级：限速 / 配额 */}
-        <button
-          type="button"
-          className="btn btn-ghost btn-sm gap-1"
-          onClick={() => setShowAdvanced((v) => !v)}
-        >
-          {showAdvanced ? <ChevronUp size={14} /> : <ChevronDown size={14} />}
-          高级（限速 / 配额，可选）
-        </button>
-        {showAdvanced && (
-          <div className="card card-flat p-3 space-y-3">
-            <div className="grid grid-cols-2 gap-3">
-              <Field label="RPM 限速" hint="每分钟最大请求数；0 不限">
-                <input
-                  type="number"
-                  className="input"
-                  min={0}
-                  value={body.rpm_limit ?? 0}
-                  onChange={(e) =>
-                    setBody((s) => ({ ...s, rpm_limit: Math.max(0, Number(e.target.value) || 0) }))
-                  }
-                />
-              </Field>
-              <Field label="TPM 限速" hint="每分钟最大 token 数；0 不限">
-                <input
-                  type="number"
-                  className="input"
-                  min={0}
-                  value={body.tpm_limit ?? 0}
-                  onChange={(e) =>
-                    setBody((s) => ({ ...s, tpm_limit: Math.max(0, Number(e.target.value) || 0) }))
-                  }
-                />
-              </Field>
-            </div>
-            <div className="grid grid-cols-2 gap-3">
-              <Field label="每日配额" hint="单日最大调用次数；0 不限">
-                <input
-                  type="number"
-                  className="input"
-                  min={0}
-                  value={body.daily_quota ?? 0}
-                  onChange={(e) =>
-                    setBody((s) => ({ ...s, daily_quota: Math.max(0, Number(e.target.value) || 0) }))
-                  }
-                />
-              </Field>
-              <Field label="每月配额" hint="单月最大调用次数；0 不限">
-                <input
-                  type="number"
-                  className="input"
-                  min={0}
-                  value={body.monthly_quota ?? 0}
-                  onChange={(e) =>
-                    setBody((s) => ({
-                      ...s,
-                      monthly_quota: Math.max(0, Number(e.target.value) || 0),
-                    }))
-                  }
-                />
-              </Field>
-            </div>
-          </div>
-        )}
-
-        <div className="flex justify-end gap-2 pt-2">
-          <button type="button" className="btn btn-outline btn-md" onClick={onClose}>取消</button>
-          <button type="submit" className="btn btn-primary btn-md" disabled={m.isPending}>
-            {m.isPending ? '提交中…' : '保存'}
-          </button>
-        </div>
-      </form>
-    </Modal>
-  );
-}
-
-/** 解析 sub2api 导出的 account JSON（根级含 accounts[]） */
-function parseSub2ExportJson(raw: string): Sub2APIAccountItem[] {
-  let j: unknown;
-  try {
-    j = JSON.parse(raw);
-  } catch {
-    throw new Error('文件不是合法 JSON');
-  }
-  if (typeof j !== 'object' || j === null) {
-    throw new Error('JSON 根须为对象');
-  }
-  const accounts = (j as { accounts?: unknown }).accounts;
-  if (!Array.isArray(accounts)) {
-    throw new Error('请使用 sub2api / Codex 导出格式：根对象须含 accounts 数组');
-  }
-  return accounts as Sub2APIAccountItem[];
-}
-
-// ============== Import Dialog ==============
-function ImportDialog({ onClose, onSuccess }: { onClose: () => void; onSuccess: () => void }) {
-  const [importMode, setImportMode] = useState<'lines' | 'sub2api'>('lines');
-  const [body, setBody] = useState<AccountBatchImportBody>({
-    provider: 'gpt',
-    auth_type: 'oauth',
-    base_url: '',
-    proxy_id: undefined,
-    weight: 10,
-    text: '',
-  });
-  const [sub2Accounts, setSub2Accounts] = useState<Sub2APIAccountItem[] | null>(null);
-  const [sub2FileLabel, setSub2FileLabel] = useState('');
-  const [sub2ChunkSize, setSub2ChunkSize] = useState(300);
-  const [sub2Busy, setSub2Busy] = useState(false);
-
-  const proxiesQ = useQuery({
-    queryKey: ['admin', 'proxies', 'select'],
-    queryFn: () => proxiesApi.list({ status: 1, page_size: 200 }),
-    staleTime: 30_000,
-  });
-  const proxies: ProxyItem[] = proxiesQ.data?.list ?? [];
-
-  const linePlaceholder = useMemo(() => {
-    switch (body.auth_type) {
-      case 'oauth':
-        return '每行 refresh_token，或 name@@token';
-      case 'cookie':
-        return '每行一个 Grok SSO token，或 name@@sso-token';
-      case 'api_key':
-      default:
-        return 'sk-… 或 name@@sk-… 或 key@https://…';
-    }
-  }, [body.auth_type]);
-
-  const m = useMutation({
-    mutationFn: (b: AccountBatchImportBody) => accountsApi.batchImport(b),
-    onSuccess: (r) => {
-      const sk = r.skipped > 0 ? `，跳过 ${r.skipped} 条` : '';
-      toast.success(`成功导入 ${r.imported} 条${sk}`);
-      onSuccess();
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const runSub2Import = async () => {
-    if (!sub2Accounts?.length) {
-      toast.error('请先选择合法的 sub2api JSON 文件');
-      return;
-    }
-    const chunk = Math.min(500, Math.max(50, sub2ChunkSize));
-    setSub2Busy(true);
-    let totalImported = 0;
-    let totalSkipped = 0;
-    try {
-      for (let i = 0; i < sub2Accounts.length; i += chunk) {
-        const slice = sub2Accounts.slice(i, i + chunk);
-        const r = await accountsApi.batchImport({
-          format: 'sub2api',
-          provider: body.provider,
-          base_url: normalizeBaseURL(body.base_url),
-          proxy_id: body.proxy_id && body.proxy_id > 0 ? body.proxy_id : undefined,
-          weight: body.weight ?? 10,
-          accounts: slice,
-        });
-        totalImported += r.imported;
-        totalSkipped += r.skipped;
-      }
-      const sk = totalSkipped > 0 ? `，跳过 ${totalSkipped}` : '';
-      toast.success(`完成：${totalImported} 条${sk}`);
-      onSuccess();
-    } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : '导入失败');
-    } finally {
-      setSub2Busy(false);
-    }
-  };
-
-  return (
-    <Modal title="批量导入" onClose={onClose} wide>
-      <div className="space-y-2">
-        <div className="flex flex-wrap gap-1.5">
-          <button
-            type="button"
-            className={`btn btn-sm ${importMode === 'lines' ? 'btn-primary' : 'btn-outline'}`}
-            onClick={() => setImportMode('lines')}
-          >
-            文本
-          </button>
-          <button
-            type="button"
-            className={`btn btn-sm ${importMode === 'sub2api' ? 'btn-primary' : 'btn-outline'}`}
-            onClick={() => setImportMode('sub2api')}
-          >
-            JSON
-          </button>
-        </div>
-
-        <div className="grid grid-cols-2 sm:grid-cols-3 gap-2">
-          <Field label="Provider">
-            <select
-              className="select select-sm"
-              value={body.provider}
-              onChange={(e) => {
-                const p = e.target.value as 'gpt' | 'grok';
-                setBody((s) => ({ ...s, provider: p, auth_type: defaultAuthType(p) }));
-              }}
-            >
-              <option value="gpt">GPT</option>
-              <option value="grok">GROK</option>
-            </select>
-          </Field>
-          {importMode === 'lines' ? (
-            <Field label="类型">
-              <select
-                className="select select-sm"
-                value={body.auth_type}
-                onChange={(e) =>
-                  setBody((s) => ({
-                    ...s,
-                    auth_type: e.target.value as 'api_key' | 'oauth' | 'cookie',
-                  }))
-                }
-              >
-                <option value="api_key">API Key</option>
-                <option value="oauth">OAuth</option>
-                <option value="cookie">Grok Token</option>
-              </select>
-            </Field>
-          ) : (
-            <Field label="每批">
-              <input
-                type="number"
-                className="input input-sm"
-                min={50}
-                max={500}
-                value={sub2ChunkSize}
-                onChange={(e) =>
-                  setSub2ChunkSize(Math.min(500, Math.max(50, Number(e.target.value) || 300)))
-                }
-              />
-            </Field>
-          )}
-          <Field label="权重">
-            <input
-              type="number"
-              className="input input-sm"
-              min={1}
-              max={1000}
-              value={body.weight ?? 10}
-              onChange={(e) => setBody((s) => ({ ...s, weight: Number(e.target.value) || 10 }))}
-            />
-          </Field>
-        </div>
-
-        <div className="grid grid-cols-1 sm:grid-cols-2 gap-2">
-          <Field label="Base URL">
-            <input
-              className="input input-sm"
-              placeholder="可选"
-              value={body.base_url || ''}
-              onChange={(e) => setBody((s) => ({ ...s, base_url: e.target.value }))}
-            />
-          </Field>
-          <Field label="代理">
-            <select
-              className="select select-sm"
-              value={body.proxy_id ?? 0}
-              onChange={(e) => {
-                const n = Number(e.target.value) || 0;
-                setBody((s) => ({ ...s, proxy_id: n > 0 ? n : undefined }));
-              }}
-            >
-              <option value={0}>无</option>
-              {proxies.map((p) => (
-                <option key={p.id} value={p.id}>
-                  {p.name}
-                </option>
-              ))}
-            </select>
-          </Field>
-        </div>
-
-        {importMode === 'lines' ? (
-          <form
-            className="space-y-2"
-            onSubmit={(e) => {
-              e.preventDefault();
-              if (!body.text?.trim()) {
-                toast.error('请粘贴账号列表');
-                return;
-              }
-              if (!body.auth_type) {
-                toast.error('请选择凭证类型');
-                return;
-              }
-              m.mutate({
-                format: 'lines',
-                provider: body.provider,
-                auth_type: body.auth_type,
-                base_url: normalizeBaseURL(body.base_url),
-                proxy_id: body.proxy_id && body.proxy_id > 0 ? body.proxy_id : undefined,
-                weight: body.weight ?? 10,
-                text: body.text,
-              });
-            }}
-          >
-            <Field label="每行一条">
-              <textarea
-                className="textarea textarea-sm font-mono text-small min-h-[140px]"
-                placeholder={linePlaceholder}
-                value={body.text ?? ''}
-                onChange={(e) => setBody((s) => ({ ...s, text: e.target.value }))}
-              />
-            </Field>
-            <div className="flex justify-end gap-2 pt-1">
-              <button type="button" className="btn btn-outline btn-sm" onClick={onClose}>
-                取消
-              </button>
-              <button type="submit" className="btn btn-primary btn-sm" disabled={m.isPending}>
-                {m.isPending ? '…' : '导入'}
-              </button>
-            </div>
-          </form>
-        ) : (
-          <div className="space-y-2">
-            <Field label="文件">
-              <div className="flex flex-wrap items-center gap-2">
-                <label className="btn btn-outline btn-sm cursor-pointer">
-                  选择
-                  <input
-                    type="file"
-                    accept=".json,application/json"
-                    className="hidden"
-                    onChange={(e) => {
-                      const f = e.target.files?.[0];
-                      if (!f) return;
-                      const reader = new FileReader();
-                      reader.onload = () => {
-                        try {
-                          const list = parseSub2ExportJson(String(reader.result ?? ''));
-                          setSub2Accounts(list);
-                          setSub2FileLabel(`${f.name} · ${list.length}`);
-                          toast.success(`已解析 ${list.length} 条`);
-                        } catch (err) {
-                          setSub2Accounts(null);
-                          setSub2FileLabel('');
-                          toast.error(err instanceof Error ? err.message : '解析失败');
-                        }
-                      };
-                      reader.readAsText(f, 'UTF-8');
-                      e.target.value = '';
-                    }}
-                  />
-                </label>
-                <span className="text-tiny text-text-secondary truncate max-w-[240px]">
-                  {sub2FileLabel || '未选'}
-                </span>
-              </div>
-            </Field>
-            <div className="flex justify-end gap-2 pt-1">
-              <button type="button" className="btn btn-outline btn-sm" onClick={onClose}>
-                取消
-              </button>
-              <button
-                type="button"
-                className="btn btn-primary btn-sm"
-                disabled={sub2Busy || !sub2Accounts?.length}
-                onClick={() => void runSub2Import()}
-              >
-                {sub2Busy ? '…' : '导入'}
-              </button>
-            </div>
-          </div>
-        )}
-      </div>
-    </Modal>
-  );
-}
-
-// ============== Edit Dialog ==============
-function EditDialog({
-  item,
-  onClose,
-  onSuccess,
-}: {
-  item: AccountItem;
-  onClose: () => void;
-  onSuccess: () => void;
-}) {
-  const isOAuth = item.auth_type === 'oauth';
-  const [body, setBody] = useState<AccountUpdateBody>({
-    name: item.name,
-    weight: item.weight,
-    rpm_limit: item.rpm_limit,
-    tpm_limit: item.tpm_limit,
-    daily_quota: item.daily_quota,
-    monthly_quota: item.monthly_quota,
-    remark: item.remark ?? '',
-    access_token: '',
-    refresh_token: '',
-    session_token: '',
-    client_id: '',
-    credential: '',
-  });
-  const [showAdvanced, setShowAdvanced] = useState(false);
-
-  // 拉取明文凭证回填（管理员专用）
-  const secretsQ = useQuery({
-    queryKey: ['admin', 'accounts', item.id, 'secrets'],
-    queryFn: () => accountsApi.secrets(item.id),
-    staleTime: 0,
-    gcTime: 0,
-  });
-  // 记录初始明文，提交时只发送被改动的字段，避免无意义重复加密 / 清空 AT。
-  const initialRef = useRef({
-    access_token: '',
-    refresh_token: '',
-    session_token: '',
-    client_id: '',
-    credential: '',
-  });
-  useEffect(() => {
-    const s = secretsQ.data;
-    if (!s) return;
-    const next = {
-      access_token: s.access_token ?? '',
-      refresh_token: s.refresh_token ?? '',
-      session_token: s.session_token ?? '',
-      client_id: s.client_id ?? '',
-      credential: s.credential ?? '',
-    };
-    initialRef.current = next;
-    setBody((prev) => ({ ...prev, ...next }));
-  }, [secretsQ.data]);
-
-  const m = useMutation({
-    mutationFn: (b: AccountUpdateBody) => accountsApi.update(item.id, b),
-    onSuccess: () => {
-      toast.success('已保存');
-      onSuccess();
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  return (
-    <Modal title={`编辑账号 · ${item.name}`} onClose={onClose}>
-      <form
-        className="space-y-3"
-        onSubmit={(e) => {
-          e.preventDefault();
-          const name = (body.name ?? '').trim();
-          if (!name) {
-            toast.error('请填写名称');
-            return;
-          }
-          const payload: AccountUpdateBody = {
-            name,
-            weight: body.weight,
-            rpm_limit: Math.max(0, body.rpm_limit ?? 0),
-            tpm_limit: Math.max(0, body.tpm_limit ?? 0),
-            daily_quota: Math.max(0, body.daily_quota ?? 0),
-            monthly_quota: Math.max(0, body.monthly_quota ?? 0),
-            remark: (body.remark ?? '').trim(),
-          };
-          const init = initialRef.current;
-          if (isOAuth) {
-            const at = (body.access_token ?? '').trim();
-            const rt = (body.refresh_token ?? '').trim();
-            const st = (body.session_token ?? '').trim();
-            const cid = (body.client_id ?? '').trim();
-            if (at !== init.access_token) payload.access_token = at;
-            if (rt !== init.refresh_token) payload.refresh_token = rt;
-            if (st !== init.session_token) payload.session_token = st;
-            if (cid !== init.client_id) payload.client_id = cid;
-          } else {
-            const c = (body.credential ?? '').trim();
-            if (c !== init.credential) payload.credential = c;
-          }
-          m.mutate(payload);
-        }}
-      >
-        <div className="grid grid-cols-2 gap-3">
-          <Field label="Provider" hint="创建后不可更改">
-            <input
-              className="input bg-bg-elevated text-text-secondary"
-              value={item.provider.toUpperCase()}
-              readOnly
-              disabled
-            />
-          </Field>
-          <Field label="名称 / 标签">
-            <input
-              className="input"
-              value={body.name ?? ''}
-              onChange={(e) => setBody((s) => ({ ...s, name: e.target.value }))}
-            />
-          </Field>
-        </div>
-
-        {isOAuth ? (
-          <div className="space-y-3">
-            <div className="text-tiny text-text-tertiary inline-flex items-center gap-2">
-              {secretsQ.isLoading ? (
-                <>
-                  <RotateCw size={12} className="animate-spin" />
-                  正在解密读取已有凭证…
-                </>
-              ) : secretsQ.isError ? (
-                <span className="text-warning inline-flex items-center gap-1">
-                  <AlertCircle size={12} /> 读取明文失败，留空表示保持原值
-                </span>
-              ) : (
-                <span>已读取原始凭证，可直接修改后保存（清空表示移除该字段）</span>
-              )}
-              <span className="ml-1 badge badge-outline text-tiny">RT {item.has_refresh_token ? '✓' : '✗'}</span>
-              <span className="badge badge-outline text-tiny">AT {item.has_access_token ? '✓' : '∅'}</span>
-            </div>
-            <Field label="Access Token" hint="修改后会重新解析新的过期时间；清空则移除">
-              <textarea
-                className="textarea font-mono text-small min-h-[64px]"
-                placeholder={secretsQ.isLoading ? '加载中…' : '可清空'}
-                value={body.access_token ?? ''}
-                onChange={(e) => setBody((s) => ({ ...s, access_token: e.target.value }))}
-              />
-            </Field>
-            <Field label="Refresh Token" hint="修改后会替换并清空 Access Token；清空则移除">
-              <textarea
-                className="textarea font-mono text-small min-h-[64px]"
-                placeholder={secretsQ.isLoading ? '加载中…' : '可清空'}
-                value={body.refresh_token ?? ''}
-                onChange={(e) => setBody((s) => ({ ...s, refresh_token: e.target.value }))}
-              />
-            </Field>
-            <div className="grid grid-cols-1 md:grid-cols-2 gap-3">
-              <Field label="Session Token" hint="清空则移除">
-                <input
-                  className="input font-mono text-small"
-                  placeholder={secretsQ.isLoading ? '加载中…' : '可清空'}
-                  value={body.session_token ?? ''}
-                  onChange={(e) => setBody((s) => ({ ...s, session_token: e.target.value }))}
-                />
-              </Field>
-              <Field label="Client ID" hint="清空则使用系统默认">
-                <input
-                  className="input font-mono text-small"
-                  placeholder={secretsQ.isLoading ? '加载中…' : '可清空使用系统默认'}
-                  value={body.client_id ?? ''}
-                  onChange={(e) => setBody((s) => ({ ...s, client_id: e.target.value }))}
-                />
-              </Field>
-            </div>
-          </div>
-        ) : (
-          <Field
-            label="API Key"
-            hint={
-              secretsQ.isLoading
-                ? '正在解密读取…'
-                : secretsQ.isError
-                  ? '读取明文失败，留空表示保持原值'
-                  : '已读取原始凭证；保存前 AES-256-GCM 加密落库'
-            }
-          >
-            <textarea
-              className="textarea font-mono text-small min-h-[80px]"
-              placeholder={secretsQ.isLoading ? '加载中…' : 'xai-xxxxxxxxxxxxxxxxxxxxxxxx'}
-              value={body.credential ?? ''}
-              onChange={(e) => setBody((s) => ({ ...s, credential: e.target.value }))}
-            />
-          </Field>
-        )}
-
-        <div className="grid grid-cols-2 gap-3">
-          <Field label="权重" hint="加权轮询时的相对权重，范围 1–1000">
-            <input
-              type="number"
-              className="input"
-              min={1}
-              max={1000}
-              value={body.weight ?? 10}
-              onChange={(e) => setBody((s) => ({ ...s, weight: Number(e.target.value) || 10 }))}
-            />
-          </Field>
-          <Field label="备注（可选）">
-            <input
-              className="input"
-              value={body.remark ?? ''}
-              onChange={(e) => setBody((s) => ({ ...s, remark: e.target.value }))}
-            />
-          </Field>
-        </div>
-
-        <button
-          type="button"
-          className="btn btn-ghost btn-sm gap-1"
-          onClick={() => setShowAdvanced((v) => !v)}
-        >
-          {showAdvanced ? <ChevronUp size={14} /> : <ChevronDown size={14} />}
-          高级（限速 / 配额）
-        </button>
-        {showAdvanced && (
-          <div className="card card-flat p-3 space-y-3">
-            <div className="grid grid-cols-2 gap-3">
-              <Field label="RPM 限速" hint="每分钟最大请求数；0 不限">
-                <input
-                  type="number"
-                  className="input"
-                  min={0}
-                  value={body.rpm_limit ?? 0}
-                  onChange={(e) =>
-                    setBody((s) => ({ ...s, rpm_limit: Math.max(0, Number(e.target.value) || 0) }))
-                  }
-                />
-              </Field>
-              <Field label="TPM 限速" hint="每分钟最大 token 数；0 不限">
-                <input
-                  type="number"
-                  className="input"
-                  min={0}
-                  value={body.tpm_limit ?? 0}
-                  onChange={(e) =>
-                    setBody((s) => ({ ...s, tpm_limit: Math.max(0, Number(e.target.value) || 0) }))
-                  }
-                />
-              </Field>
-            </div>
-            <div className="grid grid-cols-2 gap-3">
-              <Field label="每日配额" hint="单日最大调用次数；0 不限">
-                <input
-                  type="number"
-                  className="input"
-                  min={0}
-                  value={body.daily_quota ?? 0}
-                  onChange={(e) =>
-                    setBody((s) => ({ ...s, daily_quota: Math.max(0, Number(e.target.value) || 0) }))
-                  }
-                />
-              </Field>
-              <Field label="每月配额" hint="单月最大调用次数；0 不限">
-                <input
-                  type="number"
-                  className="input"
-                  min={0}
-                  value={body.monthly_quota ?? 0}
-                  onChange={(e) =>
-                    setBody((s) => ({
-                      ...s,
-                      monthly_quota: Math.max(0, Number(e.target.value) || 0),
-                    }))
-                  }
-                />
-              </Field>
-            </div>
-          </div>
-        )}
-
-        <div className="flex justify-end gap-2 pt-2">
-          <button type="button" className="btn btn-outline btn-md" onClick={onClose}>
-            取消
-          </button>
-          <button type="submit" className="btn btn-primary btn-md" disabled={m.isPending}>
-            {m.isPending ? '保存中…' : '保存'}
-          </button>
-        </div>
-      </form>
-    </Modal>
-  );
-}
-
-// ============== Purge-All Confirm Dialog ==============
-function PurgeAllDialog({
-  provider,
-  loading,
-  onClose,
-  onConfirm,
-}: {
-  provider?: 'gpt' | 'grok';
-  loading: boolean;
-  onClose: () => void;
-  onConfirm: () => void;
-}) {
-  const KEYWORD = '删除全部';
-  const [text, setText] = useState('');
-  const ok = text.trim() === KEYWORD;
-  const scopeLabel = provider ? `${provider.toUpperCase()} Provider` : '全部 Provider';
-
-  return (
-    <Modal title="软删全部账号 · 危险操作" onClose={onClose}>
-      <div className="space-y-4">
-        <div className="card card-flat p-3 border border-danger/40 bg-danger/5">
-          <div className="flex items-start gap-2">
-            <AlertCircle size={18} className="text-danger mt-0.5 shrink-0" />
-            <div className="space-y-1 text-small">
-              <p className="text-text-primary font-medium">即将软删 {scopeLabel} 下的全部账号</p>
-              <p className="text-text-secondary">
-                忽略当前搜索过滤；操作不可在前端撤销。被软删的账号会从池中下线，但记录会保留以便事后追查。
-              </p>
-            </div>
-          </div>
-        </div>
-
-        <label className="field">
-          <span className="field-label">
-            请输入 <span className="text-danger font-semibold mx-0.5">{KEYWORD}</span> 以继续
-          </span>
-          <input
-            autoFocus
-            className={`input ${text && !ok ? 'border-danger focus:border-danger' : ''}`}
-            placeholder={KEYWORD}
-            value={text}
-            onChange={(e) => setText(e.target.value)}
-            onKeyDown={(e) => {
-              if (e.key === 'Enter' && ok && !loading) {
-                e.preventDefault();
-                onConfirm();
-              }
-            }}
-          />
-          <span className="field-hint">逐字输入，区分大小写</span>
-        </label>
-
-        <div className="flex justify-end gap-2 pt-1">
-          <button type="button" className="btn btn-outline btn-md" onClick={onClose} disabled={loading}>
-            取消
-          </button>
-          <button
-            type="button"
-            className="btn btn-danger btn-md gap-1"
-            disabled={!ok || loading}
-            onClick={onConfirm}
-          >
-            <Trash2 size={14} />
-            {loading ? '删除中…' : '确认删除全部'}
-          </button>
-        </div>
-      </div>
-    </Modal>
-  );
-}
-
-// ============== UI helpers ==============
-function Modal({
-  title,
-  onClose,
-  wide,
-  children,
-}: {
-  title: string;
-  onClose: () => void;
-  /** 宽屏弹层（批量导入 sub2api 表单） */
-  wide?: boolean;
-  children: React.ReactNode;
-}) {
-  return (
-    <div className="fixed inset-0 z-[80] grid place-items-center bg-black/40 backdrop-blur-sm p-4">
-      <div className={`dialog-surface w-full ${wide ? 'max-w-2xl' : 'max-w-xl'} klein-fade-in`}>
-        <header className="flex items-center justify-between px-5 h-12 border-b border-border">
-          <h3 className="font-semibold text-text-primary">{title}</h3>
-          <button className="btn btn-ghost btn-icon btn-sm" onClick={onClose} aria-label="关闭">
-            ✕
-          </button>
-        </header>
-        <div className="p-5 max-h-[70vh] overflow-y-auto">{children}</div>
-      </div>
-    </div>
-  );
-}
-
-function Field({
-  label,
-  hint,
-  children,
-}: {
-  label: string;
-  hint?: React.ReactNode;
-  children: React.ReactNode;
-}) {
-  return (
-    <label className="field">
-      <span className="field-label">{label}</span>
-      {children}
-      {hint && <span className="field-hint">{hint}</span>}
-    </label>
-  );
-}
diff --git a/frontend/apps/admin/src/pages/auth/LoginPage.tsx b/frontend/apps/admin/src/pages/auth/LoginPage.tsx
deleted file mode 100644
index ee4991d6..00000000
--- a/frontend/apps/admin/src/pages/auth/LoginPage.tsx
+++ /dev/null
@@ -1,100 +0,0 @@
-import { zodResolver } from '@hookform/resolvers/zod';
-import { useMutation } from '@tanstack/react-query';
-import { useForm } from 'react-hook-form';
-import { useLocation, useNavigate } from 'react-router-dom';
-import { z } from 'zod';
-import clsx from 'clsx';
-
-import { Logo } from '../../components/Logo';
-import { ApiError } from '../../lib/api';
-import { authApi } from '../../lib/services';
-import { useAuthStore } from '../../stores/auth';
-import { toast } from '../../stores/toast';
-
-const schema = z.object({
-  username: z.string().min(2, '账号至少 2 位').max(64, '账号过长'),
-  password: z.string().min(6, '密码至少 6 位').max(72, '密码过长'),
-});
-
-type FormBody = z.infer<typeof schema>;
-
-interface LocState {
-  from?: { pathname?: string };
-}
-
-export default function LoginPage() {
-  const nav = useNavigate();
-  const loc = useLocation();
-  const setLogin = useAuthStore((s) => s.setLogin);
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-
-  const {
-    register,
-    handleSubmit,
-    formState: { errors },
-  } = useForm<FormBody>({
-    resolver: zodResolver(schema),
-    defaultValues: { username: '', password: '' },
-  });
-
-  const m = useMutation({
-    mutationFn: (b: FormBody) => authApi.login(b.username, b.password),
-    onSuccess: async (resp) => {
-      setLogin(resp);
-      void refreshMe();
-      toast.success(`欢迎回来，${resp.nickname || resp.username}`);
-      const target = (loc.state as LocState | null)?.from?.pathname || '/dashboard';
-      nav(target, { replace: true });
-    },
-    onError: (err: ApiError) => {
-      toast.error(err.message || '登录失败');
-    },
-  });
-
-  return (
-    <div className="grid min-h-screen place-items-center bg-klein-gradient px-4 py-10">
-      <form
-        onSubmit={handleSubmit((v) => m.mutate(v))}
-        className="dialog-surface w-full max-w-sm p-6 sm:p-8 space-y-5"
-      >
-        <header className="text-center space-y-3">
-          <div className="flex justify-center">
-            <Logo size="lg" suffix="管理后台" />
-          </div>
-          <p className="text-small text-text-secondary">仅授权 IP 可访问</p>
-        </header>
-
-        <div className="field">
-          <label className="field-label">账号</label>
-          <input
-            className={clsx('input', errors.username && 'input-error')}
-            placeholder="管理员账号"
-            autoComplete="username"
-            {...register('username')}
-          />
-          {errors.username && <p className="field-error">{errors.username.message}</p>}
-        </div>
-
-        <div className="field">
-          <label className="field-label">密码</label>
-          <input
-            className={clsx('input', errors.password && 'input-error')}
-            type="password"
-            placeholder="密码"
-            autoComplete="current-password"
-            {...register('password')}
-          />
-          {errors.password && <p className="field-error">{errors.password.message}</p>}
-        </div>
-
-        <button type="submit" className="btn btn-primary btn-lg btn-block" disabled={m.isPending}>
-          {m.isPending ? '登录中…' : '登 录'}
-        </button>
-
-        <p className="text-center text-tiny text-text-tertiary">
-          初始账号 <code className="kbd">admin / admin123</code> · 登录后请立即修改
-        </p>
-      </form>
-    </div>
-  );
-}
diff --git a/frontend/apps/admin/src/pages/billing/BillingPage.tsx b/frontend/apps/admin/src/pages/billing/BillingPage.tsx
deleted file mode 100644
index ab0327ce..00000000
--- a/frontend/apps/admin/src/pages/billing/BillingPage.tsx
+++ /dev/null
@@ -1,165 +0,0 @@
-import { useQuery } from '@tanstack/react-query';
-import { RefreshCw, Search, Wallet } from 'lucide-react';
-import { useMemo, useState } from 'react';
-
-import { billingApi } from '../../lib/services';
-import type { AdminWalletLogItem } from '../../lib/types';
-import { fmtNumber, fmtPoints, fmtTime } from '../../lib/format';
-
-const BIZ_OPTIONS = [
-  { value: '', label: '全部业务' },
-  { value: 'recharge', label: '充值' },
-  { value: 'consume', label: '消费' },
-  { value: 'refund', label: '退款' },
-  { value: 'cdk', label: '兑换码' },
-  { value: 'promo', label: '优惠码' },
-  { value: 'invite_reward', label: '邀请奖励' },
-  { value: 'gift', label: '赠送' },
-];
-
-export default function BillingPage() {
-  const [keyword, setKeyword] = useState('');
-  const [userID, setUserID] = useState('');
-  const [bizType, setBizType] = useState('');
-  const [direction, setDirection] = useState<'' | '1' | '-1'>('');
-  const [page, setPage] = useState(1);
-  const pageSize = 20;
-
-  const query = useQuery({
-    queryKey: ['admin', 'billing', 'wallet-logs', keyword, userID, bizType, direction, page],
-    queryFn: () => billingApi.walletLogs({
-      keyword: keyword.trim() || undefined,
-      user_id: Number(userID) || undefined,
-      biz_type: bizType || undefined,
-      direction: direction ? Number(direction) as 1 | -1 : '',
-      page,
-      page_size: pageSize,
-    }),
-  });
-
-  const rows = query.data?.list ?? [];
-  const total = query.data?.total ?? 0;
-  const pages = Math.max(1, Math.ceil(total / pageSize));
-  const summary = useMemo(() => {
-    let income = 0;
-    let outcome = 0;
-    for (const row of rows) {
-      if (row.direction > 0) income += row.points;
-      if (row.direction < 0) outcome += Math.abs(row.points);
-    }
-    return { income, outcome };
-  }, [rows]);
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title flex items-center gap-2"><Wallet className="text-klein-500" size={26} />充值消费记录</h1>
-          <p className="page-subtitle">查看用户积分流水，包含充值、消费、退款、兑换码、优惠码和人工调整。</p>
-        </div>
-        <button className="btn btn-outline btn-md" onClick={() => query.refetch()} disabled={query.isFetching}>
-          <RefreshCw size={16} className={query.isFetching ? 'animate-spin' : ''} /> 刷新
-        </button>
-      </header>
-
-      <div className="grid gap-3 md:grid-cols-3">
-        <Stat title="当前页收入" value={fmtPoints(summary.income)} />
-        <Stat title="当前页支出" value={fmtPoints(summary.outcome)} />
-        <Stat title="匹配记录" value={fmtNumber(total)} />
-      </div>
-
-      <div className="card card-section grid gap-2 !py-3 lg:grid-cols-[minmax(320px,1fr)_140px_140px_120px]">
-        <div className="relative min-w-0">
-          <Search size={16} className="absolute left-3 top-1/2 -translate-y-1/2 text-text-tertiary" />
-          <input
-            className="input pl-9"
-            value={keyword}
-            onChange={(e) => { setKeyword(e.target.value); setPage(1); }}
-            placeholder="搜索流水ID、用户、业务ID、备注"
-          />
-        </div>
-        <input
-          className="input w-full"
-          value={userID}
-          onChange={(e) => { setUserID(e.target.value); setPage(1); }}
-          placeholder="用户ID"
-        />
-        <select className="select select-sm w-full" value={bizType} onChange={(e) => { setBizType(e.target.value); setPage(1); }}>
-          {BIZ_OPTIONS.map((o) => <option key={o.value} value={o.value}>{o.label}</option>)}
-        </select>
-        <select className="select select-sm w-full" value={direction} onChange={(e) => { setDirection(e.target.value as typeof direction); setPage(1); }}>
-          <option value="">收支方向</option>
-          <option value="1">收入</option>
-          <option value="-1">支出</option>
-        </select>
-      </div>
-
-      <div className="card table-wrap">
-        <table className="data-table min-w-[1120px]">
-          <thead>
-            <tr>
-              <th>时间</th>
-              <th>用户</th>
-              <th>业务</th>
-              <th>业务ID</th>
-              <th>方向</th>
-              <th>变动积分</th>
-              <th>变动前</th>
-              <th>变动后</th>
-              <th>备注</th>
-            </tr>
-          </thead>
-          <tbody>
-            {rows.map((row) => <LogRow key={row.id} row={row} />)}
-            {!query.isLoading && rows.length === 0 && (
-              <tr><td colSpan={9} className="py-10 text-center text-text-tertiary">暂无记录</td></tr>
-            )}
-          </tbody>
-        </table>
-      </div>
-
-      <div className="card card-section flex flex-wrap items-center justify-between gap-3 !py-2">
-        <span className="text-small text-text-tertiary">第 {page} / {pages} 页，共 {fmtNumber(total)} 条</span>
-        <div className="flex gap-2">
-          <button className="btn btn-outline btn-sm" disabled={page <= 1} onClick={() => setPage((p) => Math.max(1, p - 1))}>上一页</button>
-          <button className="btn btn-outline btn-sm" disabled={page >= pages} onClick={() => setPage((p) => p + 1)}>下一页</button>
-        </div>
-      </div>
-    </div>
-  );
-}
-
-function LogRow({ row }: { row: AdminWalletLogItem }) {
-  const isIncome = row.direction > 0;
-  return (
-    <tr>
-      <td className="whitespace-nowrap">{fmtTime(row.created_at)}</td>
-      <td>
-        <div className="font-medium text-text-primary">{row.user_label || `用户 ${row.user_id}`}</div>
-        <div className="text-tiny text-text-tertiary">ID {row.user_id}</div>
-      </td>
-      <td><span className="badge badge-outline">{bizLabel(row.biz_type)}</span></td>
-      <td className="font-mono text-small max-w-[220px] truncate" title={row.biz_id}>{row.biz_id}</td>
-      <td><span className={isIncome ? 'badge badge-success' : 'badge badge-danger'}>{isIncome ? '收入' : '支出'}</span></td>
-      <td className={isIncome ? 'text-success font-semibold tabular-nums' : 'text-danger font-semibold tabular-nums'}>
-        {isIncome ? '+' : '-'}{fmtPoints(Math.abs(row.points))}
-      </td>
-      <td className="tabular-nums">{fmtPoints(row.points_before)}</td>
-      <td className="tabular-nums">{fmtPoints(row.points_after)}</td>
-      <td className="max-w-[240px] truncate" title={row.remark}>{row.remark || '-'}</td>
-    </tr>
-  );
-}
-
-function Stat({ title, value }: { title: string; value: string }) {
-  return (
-    <section className="card card-section !py-3">
-      <div className="text-small text-text-tertiary">{title}</div>
-      <div className="mt-1 text-h3 font-semibold text-text-primary tabular-nums">{value}</div>
-    </section>
-  );
-}
-
-function bizLabel(v: string) {
-  return BIZ_OPTIONS.find((o) => o.value === v)?.label || v || '-';
-}
diff --git a/frontend/apps/admin/src/pages/dashboard/DashboardPage.tsx b/frontend/apps/admin/src/pages/dashboard/DashboardPage.tsx
deleted file mode 100644
index 474f63d9..00000000
--- a/frontend/apps/admin/src/pages/dashboard/DashboardPage.tsx
+++ /dev/null
@@ -1,272 +0,0 @@
-import { useQuery } from '@tanstack/react-query';
-import {
-  Activity,
-  BarChart3,
-  Coins,
-  Image,
-  KeyRound,
-  RefreshCw,
-  ShieldCheck,
-  Sparkles,
-  Users,
-  Video,
-} from 'lucide-react';
-import type { ReactNode } from 'react';
-
-import { dashboardApi } from '../../lib/services';
-import type { DashboardProviderRow, DashboardRecentTask, DashboardTrendPoint } from '../../lib/types';
-import { fmtNumber, fmtPoints, fmtTime } from '../../lib/format';
-
-export default function DashboardPage() {
-  const { data, isFetching, isLoading, refetch } = useQuery({
-    queryKey: ['admin', 'dashboard', 'overview'],
-    queryFn: () => dashboardApi.overview(),
-    refetchInterval: 15_000,
-  });
-
-  const providers = data?.account_providers ?? [];
-  const totalAccounts = providers.reduce((sum, row) => sum + row.total, 0);
-  const availableAccounts = providers.reduce((sum, row) => sum + row.available, 0);
-  const quotaRemaining = providers.reduce((sum, row) => sum + row.quota_remaining, 0);
-  const quotaTotal = providers.reduce((sum, row) => sum + row.quota_total, 0);
-  const quotaUsed = Math.max(0, quotaTotal - quotaRemaining);
-
-  return (
-    <div className="page page-wide space-y-5">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">运营仪表盘</h1>
-          <p className="page-subtitle">生成量、账号池、额度、用户与积分消耗的实时概览。</p>
-        </div>
-        <button className="btn btn-outline btn-md" onClick={() => refetch()} disabled={isFetching}>
-          <RefreshCw size={16} className={isFetching ? 'animate-spin' : ''} /> 刷新
-        </button>
-      </header>
-
-      <section className="grid gap-4 xl:grid-cols-[1.25fr_0.75fr]">
-        <div className="relative overflow-hidden rounded-lg border border-border bg-klein-gradient p-6 text-white shadow-3">
-          <div className="relative z-10 grid gap-6 lg:grid-cols-[1fr_auto] lg:items-end">
-            <div>
-              <div className="text-small opacity-80">今日生成任务</div>
-              <div className="mt-2 text-[56px] leading-none font-bold tracking-normal tabular-nums">{isLoading ? '-' : fmtNumber(data?.generated_today)}</div>
-              <div className="mt-3 flex flex-wrap gap-2 text-small">
-                <span className="rounded-md bg-white/14 px-2.5 py-1">累计 {fmtNumber(data?.generated_total)}</span>
-                <span className="rounded-md bg-white/14 px-2.5 py-1">成功率 {percent(data?.success_rate_today)}</span>
-                <span className="rounded-md bg-white/14 px-2.5 py-1">今日用户 {fmtNumber(data?.active_users_today)}</span>
-              </div>
-            </div>
-            <div className="grid grid-cols-3 gap-3 min-w-[420px]">
-              <HeroMetric label="图片" value={fmtNumber(data?.image_today)} sub={`总 ${fmtNumber(data?.image_total)}`} icon={<Image size={20} />} />
-              <HeroMetric label="视频" value={fmtNumber(data?.video_today)} sub={`总 ${fmtNumber(data?.video_total)}`} icon={<Video size={20} />} />
-              <HeroMetric label="Token" value={compact(data?.text_tokens_today)} sub={`总 ${compact(data?.text_tokens_total)}`} icon={<Sparkles size={20} />} />
-            </div>
-          </div>
-          <TrendChart points={data?.trend ?? []} />
-        </div>
-
-        <div className="grid gap-3 sm:grid-cols-3 xl:grid-cols-1">
-          <SmallMetric title="账号可用" value={`${fmtNumber(availableAccounts)} / ${fmtNumber(totalAccounts)}`} icon={<KeyRound size={18} />} />
-          <SmallMetric title="剩余额度" value={fmtNumber(quotaRemaining)} sub={quotaTotal > 0 ? `已用 ${fmtNumber(quotaUsed)} / ${fmtNumber(quotaTotal)}` : '等待探测额度'} icon={<ShieldCheck size={18} />} />
-          <SmallMetric title="今日消耗" value={fmtPoints(data?.wallet_spend_today)} sub={`累计 ${fmtPoints(data?.wallet_spend_total)}`} icon={<Coins size={18} />} />
-        </div>
-      </section>
-
-      <section className="grid gap-4 xl:grid-cols-4">
-        <InfoCard title="用户总数" value={fmtNumber(data?.users_total)} sub={`今日新增 ${fmtNumber(data?.users_today)}`} icon={<Users size={18} />} />
-        <InfoCard title="任务积分" value={fmtPoints(data?.cost_points_today)} sub={`累计 ${fmtPoints(data?.cost_points_total)}`} icon={<Coins size={18} />} />
-        <InfoCard title="图片产出" value={fmtNumber(data?.image_today)} sub={`累计 ${fmtNumber(data?.image_total)} 张`} icon={<Image size={18} />} />
-        <InfoCard title="视频产出" value={fmtNumber(data?.video_today)} sub={`累计 ${fmtNumber(data?.video_total)} 个`} icon={<Video size={18} />} />
-      </section>
-
-      <section className="grid gap-4 xl:grid-cols-[1fr_1fr]">
-        <div className="card card-section space-y-4">
-          <header className="flex items-center justify-between gap-3">
-            <h2 className="section-title"><BarChart3 size={18} className="text-klein-500" />账号池与额度</h2>
-            <span className="badge badge-outline">每 15 秒刷新</span>
-          </header>
-          <div className="space-y-3">
-            {providers.map((row) => <ProviderPanel key={row.provider} row={row} />)}
-            {providers.length === 0 && <div className="text-small text-text-tertiary py-8 text-center">暂无账号池数据</div>}
-          </div>
-        </div>
-
-        <div className="card card-section space-y-4">
-          <header className="flex items-center justify-between gap-3">
-            <h2 className="section-title"><Activity size={18} className="text-klein-500" />最近生成</h2>
-            <span className="text-small text-text-tertiary">最新 8 条</span>
-          </header>
-          <div className="space-y-2">
-            {(data?.recent_generations ?? []).map((row) => <RecentTask key={row.task_id} row={row} />)}
-            {(data?.recent_generations ?? []).length === 0 && <div className="text-small text-text-tertiary py-8 text-center">暂无生成记录</div>}
-          </div>
-        </div>
-      </section>
-    </div>
-  );
-}
-
-function HeroMetric({ label, value, sub, icon }: { label: string; value: string; sub: string; icon: ReactNode }) {
-  return (
-    <div className="rounded-md bg-white/12 p-4 backdrop-blur">
-      <div className="flex items-center justify-between text-white/75 text-small">{label}{icon}</div>
-      <div className="mt-3 text-[28px] leading-none font-semibold tabular-nums">{value}</div>
-      <div className="mt-2 text-tiny text-white/70">{sub}</div>
-    </div>
-  );
-}
-
-function TrendChart({ points }: { points: DashboardTrendPoint[] }) {
-  const rows = points.length > 0 ? points : Array.from({ length: 7 }, (_, i) => ({ date: `D${i + 1}`, generated: 0, cost_points: 0 }));
-  const maxGenerated = Math.max(1, ...rows.map((p) => p.generated));
-  const maxCost = Math.max(1, ...rows.map((p) => p.cost_points));
-  const width = 960;
-  const height = 150;
-  const padX = 18;
-  const padY = 18;
-  const step = (width - padX * 2) / Math.max(1, rows.length - 1);
-  const y = (v: number, max: number) => height - padY - (v / max) * (height - padY * 2);
-  const line = (key: 'generated' | 'cost_points', max: number) =>
-    rows.map((p, i) => `${padX + i * step},${y(p[key], max)}`).join(' ');
-  const area = `${padX},${height - padY} ${line('generated', maxGenerated)} ${width - padX},${height - padY}`;
-
-  return (
-    <div className="relative z-10 mt-8 rounded-md border border-white/15 bg-white/8 p-4">
-      <div className="mb-2 flex items-center justify-between gap-3 text-small">
-        <div className="font-medium text-white/90">近 7 天趋势</div>
-        <div className="flex items-center gap-3 text-tiny text-white/70">
-          <span className="inline-flex items-center gap-1"><i className="h-2 w-2 rounded-full bg-white" />生成量</span>
-          <span className="inline-flex items-center gap-1"><i className="h-2 w-2 rounded-full bg-cyan-200" />消耗积分</span>
-        </div>
-      </div>
-      <svg viewBox={`0 0 ${width} ${height}`} className="h-[150px] w-full overflow-visible">
-        {[0, 1, 2].map((i) => (
-          <line key={i} x1={padX} x2={width - padX} y1={padY + i * 52} y2={padY + i * 52} stroke="rgba(255,255,255,.14)" strokeWidth="1" />
-        ))}
-        <polygon points={area} fill="rgba(255,255,255,.10)" />
-        <polyline points={line('generated', maxGenerated)} fill="none" stroke="rgba(255,255,255,.96)" strokeWidth="4" strokeLinecap="round" strokeLinejoin="round" />
-        <polyline points={line('cost_points', maxCost)} fill="none" stroke="rgb(165,243,252)" strokeWidth="3" strokeLinecap="round" strokeLinejoin="round" />
-        {rows.map((p, i) => (
-          <g key={p.date}>
-            <circle cx={padX + i * step} cy={y(p.generated, maxGenerated)} r="4" fill="white" />
-            <text x={padX + i * step} y={height - 2} textAnchor="middle" fontSize="18" fill="rgba(255,255,255,.70)">
-              {formatDay(p.date)}
-            </text>
-          </g>
-        ))}
-      </svg>
-    </div>
-  );
-}
-
-function SmallMetric({ title, value, sub, icon }: { title: string; value: string; sub?: string; icon: ReactNode }) {
-  return (
-    <div className="card card-section !py-4">
-      <div className="flex items-center justify-between gap-3">
-        <div className="text-small text-text-tertiary">{title}</div>
-        <span className="grid h-8 w-8 place-items-center rounded-md bg-info-soft text-klein-500">{icon}</span>
-      </div>
-      <div className="mt-2 text-h3 font-semibold text-text-primary tabular-nums">{value}</div>
-      {sub && <div className="mt-1 text-tiny text-text-tertiary">{sub}</div>}
-    </div>
-  );
-}
-
-function InfoCard({ title, value, sub, icon }: { title: string; value: string; sub: string; icon: ReactNode }) {
-  return (
-    <div className="card card-section !py-4">
-      <div className="flex items-center gap-3">
-        <span className="grid h-9 w-9 place-items-center rounded-md bg-info-soft text-klein-500">{icon}</span>
-        <div>
-          <div className="text-small text-text-tertiary">{title}</div>
-          <div className="mt-1 text-[24px] font-semibold text-text-primary tabular-nums">{value}</div>
-        </div>
-      </div>
-      <div className="mt-3 text-tiny text-text-tertiary">{sub}</div>
-    </div>
-  );
-}
-
-function ProviderPanel({ row }: { row: DashboardProviderRow }) {
-  const availableRatio = row.total > 0 ? row.available / row.total : 0;
-  const quotaRatio = row.quota_total > 0 ? row.quota_remaining / row.quota_total : 0;
-  return (
-    <div className="rounded-md border border-border bg-surface-1 p-4">
-      <div className="flex items-center justify-between gap-3">
-        <div>
-          <div className="text-base font-semibold text-text-primary uppercase">{row.provider}</div>
-          <div className="text-tiny text-text-tertiary mt-0.5">OK {fmtNumber(row.test_ok)} · 熔断 {fmtNumber(row.broken)} · 成功 {fmtNumber(row.success_count)} · 错误 {fmtNumber(row.error_count)}</div>
-        </div>
-        <span className={availableRatio === 0 ? 'badge badge-danger' : availableRatio < 0.5 ? 'badge badge-warning' : 'badge badge-success'}>
-          可用 {fmtNumber(row.available)} / {fmtNumber(row.total)}
-        </span>
-      </div>
-      <div className="mt-4 grid gap-3 md:grid-cols-2">
-        <Progress label="账号可用率" value={availableRatio} text={`${Math.round(availableRatio * 100)}%`} />
-        <Progress label="额度剩余率" value={quotaRatio} text={row.quota_total > 0 ? `${fmtNumber(row.quota_remaining)} / ${fmtNumber(row.quota_total)}` : '未探测'} />
-      </div>
-    </div>
-  );
-}
-
-function Progress({ label, value, text }: { label: string; value: number; text: string }) {
-  return (
-    <div>
-      <div className="mb-1.5 flex items-center justify-between text-tiny text-text-tertiary">
-        <span>{label}</span>
-        <span>{text}</span>
-      </div>
-      <div className="progress">
-        <div className="progress-bar" style={{ width: `${Math.max(0, Math.min(100, value * 100))}%` }} />
-      </div>
-    </div>
-  );
-}
-
-function RecentTask({ row }: { row: DashboardRecentTask }) {
-  return (
-    <div className="grid gap-3 rounded-md border border-border bg-surface-1 p-3 md:grid-cols-[1fr_auto] md:items-center">
-      <div className="min-w-0">
-        <div className="flex flex-wrap items-center gap-2">
-          <span className="font-medium text-text-primary">{row.user_label}</span>
-          <span className="badge badge-outline">{row.kind === 'video' ? '视频' : '图片'} x{row.count}</span>
-          <span className={statusClass(row.status)}>{statusText(row.status)}</span>
-        </div>
-        <div className="mt-1 text-tiny text-text-tertiary truncate">{row.model_code} · {row.task_id} · {fmtTime(row.created_at)}</div>
-      </div>
-      <div className="text-right text-small font-semibold text-text-primary tabular-nums">{fmtPoints(row.cost_points)} 点</div>
-    </div>
-  );
-}
-
-function statusText(status: number) {
-  if (status === 2) return '成功';
-  if (status === 3) return '失败';
-  if (status === 4) return '已退款';
-  if (status === 1) return '运行中';
-  return '排队中';
-}
-
-function statusClass(status: number) {
-  if (status === 2) return 'badge badge-success';
-  if (status === 3 || status === 4) return 'badge badge-danger';
-  if (status === 1) return 'badge badge-warning';
-  return 'badge badge-outline';
-}
-
-function percent(v?: number) {
-  if (v == null) return '-';
-  return `${Math.round(v * 100)}%`;
-}
-
-function compact(v?: number | null) {
-  const n = Number(v || 0);
-  if (n >= 1_000_000) return `${(n / 1_000_000).toFixed(1)}M`;
-  if (n >= 10_000) return `${(n / 1000).toFixed(0)}K`;
-  if (n >= 1000) return `${(n / 1000).toFixed(1)}K`;
-  return fmtNumber(n);
-}
-
-function formatDay(v: string) {
-  if (!v.includes('-')) return v;
-  return v.slice(5).replace('-', '/');
-}
diff --git a/frontend/apps/admin/src/pages/logs/LogsPage.tsx b/frontend/apps/admin/src/pages/logs/LogsPage.tsx
deleted file mode 100644
index 2f0f76a1..00000000
--- a/frontend/apps/admin/src/pages/logs/LogsPage.tsx
+++ /dev/null
@@ -1,408 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import {
-  ChevronDown,
-  ChevronRight,
-  Eye,
-  ImageIcon,
-  MessageSquare,
-  RefreshCw,
-  Search,
-  Trash2,
-  Video,
-  X,
-} from 'lucide-react';
-import { Fragment, useMemo, useState } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { fmtPoints, fmtTime } from '../../lib/format';
-import { logsApi } from '../../lib/services';
-import type { AdminGenerationLogItem, AdminGenerationUpstreamLogItem } from '../../lib/types';
-import { toast } from '../../stores/toast';
-
-const pageSize = 20;
-
-function statusInfo(s: number): { label: string; cls: string } {
-  switch (s) {
-    case 0:
-      return { label: '待处理', cls: 'badge badge-outline' };
-    case 1:
-      return { label: '生成中', cls: 'badge badge-warning' };
-    case 2:
-      return { label: '成功', cls: 'badge badge-success' };
-    case 3:
-      return { label: '失败', cls: 'badge badge-danger' };
-    case 4:
-      return { label: '已退款', cls: 'badge badge-warning' };
-    default:
-      return { label: String(s), cls: 'badge badge-outline' };
-  }
-}
-
-function kindInfo(kind: string) {
-  if (kind === 'video') return { label: '视频', icon: Video };
-  if (kind === 'chat' || kind === 'text') return { label: '文字', icon: MessageSquare };
-  return { label: '图片', icon: ImageIcon };
-}
-
-function fmtDuration(ms?: number): string {
-  if (!ms || ms <= 0) return '-';
-  if (ms < 1000) return `${ms}ms`;
-  const sec = ms / 1000;
-  if (sec < 60) return `${sec.toFixed(1)}s`;
-  return `${Math.floor(sec / 60)}m ${Math.round(sec % 60)}s`;
-}
-
-function Preview({ row }: { row: AdminGenerationLogItem }) {
-  if (!row.preview_url) return <span className="text-text-tertiary">-</span>;
-  if (row.kind === 'video') {
-    return (
-      <a className="btn btn-ghost btn-sm" href={row.preview_url} target="_blank" rel="noreferrer">
-        <Video size={14} /> 查看
-      </a>
-    );
-  }
-  return (
-    <a
-      href={row.preview_url}
-      target="_blank"
-      rel="noreferrer"
-      className="block h-10 w-10 overflow-hidden rounded-md border border-border bg-surface-2"
-    >
-      <img src={row.preview_url} alt="" className="h-full w-full object-cover" />
-    </a>
-  );
-}
-
-export default function LogsPage() {
-  const qc = useQueryClient();
-  const [keyword, setKeyword] = useState('');
-  const [kind, setKind] = useState<'all' | 'image' | 'video' | 'chat'>('all');
-  const [status, setStatus] = useState<'all' | '0' | '1' | '2' | '3' | '4'>('all');
-  const [page, setPage] = useState(1);
-  const [purgeDays, setPurgeDays] = useState('30');
-  const [confirmPurge, setConfirmPurge] = useState(false);
-  const [expanded, setExpanded] = useState<string | null>(null);
-  const [upstreamTask, setUpstreamTask] = useState<AdminGenerationLogItem | null>(null);
-
-  const query = useMemo(
-    () => ({
-      keyword: keyword.trim() || undefined,
-      kind: kind === 'all' ? undefined : kind,
-      status: status === 'all' ? undefined : (Number(status) as 0 | 1 | 2 | 3 | 4),
-      page,
-      page_size: pageSize,
-    }),
-    [keyword, kind, status, page],
-  );
-
-  const list = useQuery({
-    queryKey: ['admin', 'logs', 'generations', query],
-    queryFn: () => logsApi.generations(query),
-  });
-
-  const items = list.data?.list ?? [];
-  const total = list.data?.total ?? 0;
-  const lastPage = Math.max(1, Math.ceil(total / pageSize));
-  const purgeDayNum = Math.max(1, Math.floor(Number(purgeDays) || 0));
-
-  const purge = useMutation({
-    mutationFn: () => logsApi.purgeGenerations(purgeDayNum),
-    onSuccess: (r) => {
-      toast.success(`已删除 ${purgeDayNum} 天前的 ${r.deleted} 条请求日志`);
-      setConfirmPurge(false);
-      setPage(1);
-      qc.invalidateQueries({ queryKey: ['admin', 'logs'] });
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">请求日志</h1>
-          <p className="page-subtitle">按任务查看用户、模型、状态和费用；长提示词、错误和上游返回收进详情里。</p>
-        </div>
-        <div className="flex flex-wrap items-center justify-end gap-2">
-          <div className="inline-flex h-11 items-center gap-2 rounded-xl border border-border bg-surface-1 px-2">
-            <span className="text-small text-text-tertiary">删除</span>
-            <input
-              className="input h-8 w-16 rounded-lg px-2 text-center"
-              value={purgeDays}
-              inputMode="numeric"
-              onChange={(e) => setPurgeDays(e.target.value.replace(/\D/g, '').slice(0, 4))}
-              aria-label="删除几天前"
-            />
-            <span className="text-small text-text-tertiary">天前</span>
-            <button className="btn btn-danger btn-sm" disabled={purge.isPending || purgeDayNum <= 0} onClick={() => setConfirmPurge(true)}>
-              <Trash2 size={14} /> 删除
-            </button>
-          </div>
-          <button className="btn btn-outline btn-md" onClick={() => qc.invalidateQueries({ queryKey: ['admin', 'logs'] })}>
-            <RefreshCw size={16} /> 刷新
-          </button>
-        </div>
-      </header>
-
-      <div className="card card-section grid gap-2 !py-2 xl:grid-cols-[minmax(360px,1fr)_auto_auto]">
-        <div className="relative">
-          <Search size={14} className="absolute left-3 top-1/2 -translate-y-1/2 text-text-tertiary" />
-          <input
-            className="input h-11 pl-8"
-            placeholder="搜索用户 / Key / 模型 / 提示词 / task_id"
-            value={keyword}
-            onChange={(e) => {
-              setKeyword(e.target.value);
-              setPage(1);
-            }}
-          />
-        </div>
-        <div className="tabs h-11">
-          {[
-            ['all', '全部'],
-            ['chat', '文字'],
-            ['image', '图片'],
-            ['video', '视频'],
-          ].map(([k, label]) => (
-            <button
-              key={k}
-              className="tab"
-              aria-selected={kind === k}
-              onClick={() => {
-                setKind(k as typeof kind);
-                setPage(1);
-              }}
-            >
-              {label}
-            </button>
-          ))}
-        </div>
-        <select
-          className="input h-11 w-full xl:w-[132px]"
-          value={status}
-          onChange={(e) => {
-            setStatus(e.target.value as typeof status);
-            setPage(1);
-          }}
-        >
-          <option value="all">全部状态</option>
-          <option value="0">待处理</option>
-          <option value="1">生成中</option>
-          <option value="2">成功</option>
-          <option value="3">失败</option>
-          <option value="4">已退款</option>
-        </select>
-      </div>
-
-      <div className="card table-wrap overflow-hidden">
-        <table className="data-table table-fixed text-small">
-          <thead>
-            <tr>
-              <th className="w-[42px]" />
-              <th className="w-[156px]">时间</th>
-              <th className="w-[160px]">用户</th>
-              <th className="w-[150px]">Key</th>
-              <th className="w-[170px]">模型</th>
-              <th className="w-[92px]">状态</th>
-              <th className="w-[86px]">耗时</th>
-              <th className="w-[86px]">费用</th>
-              <th className="w-[88px]">预览</th>
-              <th className="w-[118px]">上游</th>
-            </tr>
-          </thead>
-          <tbody>
-            {list.isLoading && (
-              <tr>
-                <td colSpan={10} className="py-10 text-center text-text-tertiary">加载中...</td>
-              </tr>
-            )}
-            {!list.isLoading && items.length === 0 && (
-              <tr>
-                <td colSpan={10} className="py-10 text-center text-text-tertiary">暂无生成记录</td>
-              </tr>
-            )}
-            {items.map((row) => {
-              const st = statusInfo(row.status);
-              const ki = kindInfo(row.kind);
-              const KindIcon = ki.icon;
-              const isOpen = expanded === row.task_id;
-              return (
-                <Fragment key={row.task_id}>
-                  <tr className="align-middle">
-                    <td>
-                      <button
-                        className="btn btn-ghost btn-icon btn-sm"
-                        title={isOpen ? '收起详情' : '展开详情'}
-                        onClick={() => setExpanded(isOpen ? null : row.task_id)}
-                      >
-                        {isOpen ? <ChevronDown size={16} /> : <ChevronRight size={16} />}
-                      </button>
-                    </td>
-                    <td className="whitespace-nowrap">
-                      <div>{fmtTime(row.created_at)}</div>
-                      <div className="truncate text-tiny text-text-tertiary">{row.task_id}</div>
-                    </td>
-                    <td>
-                      <div className="truncate">{row.user_label}</div>
-                      <div className="text-tiny text-text-tertiary">UID {row.user_id}</div>
-                    </td>
-                    <td className="truncate" title={row.key_label || '-'}>
-                      {row.key_label || '-'}
-                    </td>
-                    <td>
-                      <div className="flex min-w-0 items-center gap-1.5">
-                        <KindIcon size={14} className="shrink-0 text-text-tertiary" />
-                        <span className="truncate" title={row.model_code}>{row.model_code}</span>
-                      </div>
-                    </td>
-                    <td><span className={st.cls}>{st.label}</span></td>
-                    <td>{fmtDuration(row.duration_ms)}</td>
-                    <td>{fmtPoints(row.cost_points)}</td>
-                    <td><Preview row={row} /></td>
-                    <td>
-                      <button className="btn btn-ghost btn-sm" onClick={() => setUpstreamTask(row)}>
-                        <Eye size={14} /> 日志
-                      </button>
-                    </td>
-                  </tr>
-                  {isOpen && (
-                    <tr>
-                      <td colSpan={10} className="bg-surface-2/60 p-0">
-                        <div className="grid gap-3 p-4 lg:grid-cols-[1fr_1fr]">
-                          <DetailBlock title="提示词" value={row.prompt || '-'} />
-                          <DetailBlock title="错误信息" value={row.error || '-'} danger={Boolean(row.error)} />
-                        </div>
-                      </td>
-                    </tr>
-                  )}
-                </Fragment>
-              );
-            })}
-          </tbody>
-        </table>
-      </div>
-
-      <div className="flex items-center justify-between text-small text-text-tertiary">
-        <span>共 {total} 条记录</span>
-        <div className="inline-flex items-center gap-2">
-          <button className="btn btn-outline btn-sm" disabled={page <= 1} onClick={() => setPage((p) => Math.max(1, p - 1))}>上一页</button>
-          <span>{page} / {lastPage}</span>
-          <button className="btn btn-outline btn-sm" disabled={page >= lastPage} onClick={() => setPage((p) => Math.min(lastPage, p + 1))}>下一页</button>
-        </div>
-      </div>
-
-      {upstreamTask && <UpstreamDialog task={upstreamTask} onClose={() => setUpstreamTask(null)} />}
-      {confirmPurge && (
-        <ConfirmDialog
-          days={purgeDayNum}
-          loading={purge.isPending}
-          onClose={() => setConfirmPurge(false)}
-          onConfirm={() => purge.mutate()}
-        />
-      )}
-    </div>
-  );
-}
-
-function DetailBlock({ title, value, danger }: { title: string; value: string; danger?: boolean }) {
-  return (
-    <div className="rounded-xl border border-border bg-surface-1 p-3">
-      <div className="mb-2 text-tiny text-text-tertiary">{title}</div>
-      <div className={`max-h-36 overflow-auto whitespace-pre-wrap break-words text-small leading-relaxed ${danger ? 'text-danger' : 'text-text-secondary'}`}>
-        {value}
-      </div>
-    </div>
-  );
-}
-
-function UpstreamDialog({ task, onClose }: { task: AdminGenerationLogItem; onClose: () => void }) {
-  const q = useQuery({
-    queryKey: ['admin', 'logs', 'generations', task.task_id, 'upstream'],
-    queryFn: () => logsApi.generationUpstream(task.task_id),
-  });
-  const rows = q.data ?? [];
-  return (
-    <div className="fixed inset-0 z-[80] grid place-items-center bg-black/40 p-4 backdrop-blur-sm">
-      <div className="dialog-surface klein-fade-in max-h-[86vh] w-full max-w-5xl overflow-hidden">
-        <header className="modal-header">
-          <div>
-            <h2 className="text-h4">上游日志</h2>
-            <p className="text-small text-text-tertiary">{task.task_id} · {task.model_code}</p>
-          </div>
-          <button className="btn btn-ghost btn-sm" onClick={onClose}><X size={16} /></button>
-        </header>
-        <div className="modal-body max-h-[70vh] space-y-3 overflow-auto">
-          {q.isLoading && <div className="py-10 text-center text-text-tertiary">加载中...</div>}
-          {!q.isLoading && rows.length === 0 && <div className="py-10 text-center text-text-tertiary">暂无上游日志，新任务会自动记录。</div>}
-          {rows.map((row) => <UpstreamRow key={row.id} row={row} />)}
-        </div>
-      </div>
-    </div>
-  );
-}
-
-function UpstreamRow({ row }: { row: AdminGenerationUpstreamLogItem }) {
-  return (
-    <section className="rounded-xl border border-border bg-surface-1 p-3">
-      <div className="flex flex-wrap items-center justify-between gap-2">
-        <div className="flex flex-wrap items-center gap-2">
-          <span className="badge badge-outline">{row.stage}</span>
-          {row.method && <span className="text-small text-text-tertiary">{row.method}</span>}
-          {row.status_code > 0 && <span className="text-small text-text-tertiary">HTTP {row.status_code}</span>}
-          {row.duration_ms > 0 && <span className="text-small text-text-tertiary">{fmtDuration(row.duration_ms)}</span>}
-        </div>
-        <span className="text-tiny text-text-tertiary">{fmtTime(row.created_at)}</span>
-      </div>
-      {row.url && <div className="mt-2 break-all text-tiny text-text-tertiary">{row.url}</div>}
-      <LogBlock title="请求" value={row.request_excerpt} />
-      <LogBlock title="响应" value={row.response_excerpt} />
-      <LogBlock title="错误" value={row.error} danger />
-      <LogBlock title="附加信息" value={prettyMeta(row.meta)} />
-    </section>
-  );
-}
-
-function LogBlock({ title, value, danger }: { title: string; value?: string; danger?: boolean }) {
-  if (!value) return null;
-  return (
-    <div className="mt-3">
-      <div className="mb-1 text-tiny text-text-tertiary">{title}</div>
-      <pre className={`max-h-64 overflow-auto whitespace-pre-wrap break-words rounded-lg border border-border bg-surface-2 p-3 text-tiny ${danger ? 'text-danger' : 'text-text-secondary'}`}>
-        {value}
-      </pre>
-    </div>
-  );
-}
-
-function ConfirmDialog({ days, loading, onClose, onConfirm }: { days: number; loading: boolean; onClose: () => void; onConfirm: () => void }) {
-  return (
-    <div className="fixed inset-0 z-[90] grid place-items-center bg-black/40 p-4 backdrop-blur-sm">
-      <div className="dialog-surface klein-fade-in w-full max-w-md p-6">
-        <div className="mb-4 flex items-start gap-3">
-          <div className="grid h-10 w-10 shrink-0 place-items-center rounded-xl bg-danger/10 text-danger">
-            <Trash2 size={18} />
-          </div>
-          <div>
-            <h2 className="text-h4">删除请求日志</h2>
-            <p className="mt-1 text-small text-text-secondary">确定删除 {days} 天前的请求日志吗？该操作不可恢复。</p>
-          </div>
-        </div>
-        <div className="flex justify-end gap-2">
-          <button className="btn btn-outline btn-md" disabled={loading} onClick={onClose}>取消</button>
-          <button className="btn btn-danger btn-md" disabled={loading} onClick={onConfirm}>
-            {loading ? '删除中...' : '确认删除'}
-          </button>
-        </div>
-      </div>
-    </div>
-  );
-}
-
-function prettyMeta(v?: string) {
-  if (!v) return '';
-  try {
-    return JSON.stringify(JSON.parse(v), null, 2);
-  } catch {
-    return v;
-  }
-}
diff --git a/frontend/apps/admin/src/pages/promo/CDKPage.tsx b/frontend/apps/admin/src/pages/promo/CDKPage.tsx
deleted file mode 100644
index 0c96cc69..00000000
--- a/frontend/apps/admin/src/pages/promo/CDKPage.tsx
+++ /dev/null
@@ -1,189 +0,0 @@
-import { useMutation } from '@tanstack/react-query';
-import { Ticket, AlertCircle, CheckCircle2 } from 'lucide-react';
-import { useState } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { cdkApi } from '../../lib/services';
-import type { CDKCreateBatchBody, CDKCreateBatchResp } from '../../lib/types';
-import { fmtNumber, fmtPoints } from '../../lib/format';
-import { toast } from '../../stores/toast';
-
-export default function CDKPage() {
-  const [body, setBody] = useState<CDKCreateBatchBody>({
-    batch_no: '',
-    name: '',
-    points: 1000, // 后端 *100，1000 = 10 点
-    qty: 100,
-    per_user_limit: 1,
-    expire_at: 0,
-  });
-  const [last, setLast] = useState<CDKCreateBatchResp | null>(null);
-
-  const m = useMutation({
-    mutationFn: (b: CDKCreateBatchBody) => cdkApi.createBatch(b),
-    onSuccess: (r) => {
-      toast.success(`已生成批次 ${r.batch_no}（共 ${r.total_qty} 张）`);
-      setLast(r);
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const submit = (e: React.FormEvent) => {
-    e.preventDefault();
-    if (!body.batch_no.trim() || !body.name.trim()) {
-      toast.error('请填写批次号和名称');
-      return;
-    }
-    if (body.points <= 0 || body.qty <= 0) {
-      toast.error('点数和数量必须 > 0');
-      return;
-    }
-    m.mutate({
-      ...body,
-      batch_no: body.batch_no.trim(),
-      name: body.name.trim(),
-      per_user_limit: body.per_user_limit || 0,
-      expire_at: body.expire_at || undefined,
-    });
-  };
-
-  return (
-    <div className="page page-wide space-y-6">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title flex items-center gap-2">
-            <Ticket className="text-klein-500" size={26} />
-            兑换码 CDK
-          </h1>
-          <p className="page-subtitle">
-            按批次生成；每张 CDK 只能被使用一次，使用后写入 wallet_log 并入账。
-          </p>
-        </div>
-      </header>
-
-      <form onSubmit={submit} className="card card-section grid w-full gap-5 lg:grid-cols-2">
-        <Field label="批次号" hint="同批次唯一，如 SPRING2026-A">
-          <input
-            className="input"
-            value={body.batch_no}
-            onChange={(e) => setBody((s) => ({ ...s, batch_no: e.target.value }))}
-            placeholder="SPRING2026-A"
-          />
-        </Field>
-
-        <Field label="批次名称" hint="展示给运营 / 客服的友好名称">
-          <input
-            className="input"
-            value={body.name}
-            onChange={(e) => setBody((s) => ({ ...s, name: e.target.value }))}
-            placeholder="春节活动 100 点"
-          />
-        </Field>
-
-        <Field
-          label="单码点数（×100 储存）"
-          hint={`输入 1000 = 实际 10.00 点；当前等价：${fmtPoints(body.points)} 点`}
-        >
-          <input
-            type="number"
-            min={1}
-            className="input"
-            value={body.points}
-            onChange={(e) =>
-              setBody((s) => ({ ...s, points: Math.max(1, Number(e.target.value) || 0) }))
-            }
-          />
-        </Field>
-
-        <Field label="生成数量" hint="单批次最多 100,000 张">
-          <input
-            type="number"
-            min={1}
-            max={100_000}
-            className="input"
-            value={body.qty}
-            onChange={(e) =>
-              setBody((s) => ({ ...s, qty: Math.max(1, Number(e.target.value) || 0) }))
-            }
-          />
-        </Field>
-
-        <Field label="每用户限领次数" hint="0 表示不限制；建议 1（防止羊毛党）">
-          <input
-            type="number"
-            min={0}
-            className="input"
-            value={body.per_user_limit ?? 0}
-            onChange={(e) => setBody((s) => ({ ...s, per_user_limit: Number(e.target.value) || 0 }))}
-          />
-        </Field>
-
-        <Field label="过期时间（可选）" hint="留空表示永久有效">
-          <input
-            type="datetime-local"
-            className="input"
-            onChange={(e) => {
-              const v = e.target.value;
-              if (!v) {
-                setBody((s) => ({ ...s, expire_at: 0 }));
-                return;
-              }
-              const t = Math.floor(new Date(v).getTime() / 1000);
-              setBody((s) => ({ ...s, expire_at: t }));
-            }}
-          />
-        </Field>
-
-        <div className="lg:col-span-2 flex flex-col items-stretch justify-between gap-3 rounded-md bg-klein-gradient-soft p-4 md:flex-row md:items-center">
-          <div className="flex items-center gap-2 text-small text-text-secondary">
-            <AlertCircle size={16} className="text-klein-500" />
-            预计生成：
-            <strong className="text-text-primary mx-1">{fmtNumber(body.qty)}</strong>
-            张，单码价值
-            <strong className="text-text-primary mx-1">{fmtPoints(body.points)} 点</strong>，
-            合计
-            <strong className="text-klein-500 mx-1">{fmtPoints(body.points * body.qty)} 点</strong>
-          </div>
-          <button type="submit" className="btn btn-primary btn-md md:shrink-0" disabled={m.isPending}>
-            {m.isPending ? '生成中…' : '生成批次'}
-          </button>
-        </div>
-      </form>
-
-      {last && (
-        <div className="card card-section flex w-full items-start gap-3 border-success/40">
-          <CheckCircle2 className="text-success shrink-0 mt-0.5" size={20} />
-          <div className="flex-1 space-y-1">
-            <p className="text-text-primary font-medium">最新生成成功</p>
-            <p className="text-small text-text-secondary">
-              批次 ID #{last.id} · 批次号
-              <code className="kbd mx-1">{last.batch_no}</code>
-              · 共 {fmtNumber(last.total_qty)} 张
-            </p>
-            <p className="text-small text-text-tertiary">
-              详细码列表请前往 DB / 下一阶段补全的 CDK 列表 UI 导出（CSV）。
-            </p>
-          </div>
-        </div>
-      )}
-    </div>
-  );
-}
-
-function Field({
-  label,
-  hint,
-  children,
-}: {
-  label: string;
-  hint?: React.ReactNode;
-  children: React.ReactNode;
-}) {
-  return (
-    <label className="field">
-      <span className="field-label">{label}</span>
-      {children}
-      {hint && <span className="field-hint">{hint}</span>}
-    </label>
-  );
-}
diff --git a/frontend/apps/admin/src/pages/promo/PromoPage.tsx b/frontend/apps/admin/src/pages/promo/PromoPage.tsx
deleted file mode 100644
index b4bf20b9..00000000
--- a/frontend/apps/admin/src/pages/promo/PromoPage.tsx
+++ /dev/null
@@ -1,303 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { Edit3, Plus, RefreshCw, Search, Tag, Trash2 } from 'lucide-react';
-import { useState, type ReactNode } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { promoApi } from '../../lib/services';
-import type { AdminPromoBody, AdminPromoItem } from '../../lib/types';
-import { fmtNumber, fmtPoints, fmtTime } from '../../lib/format';
-import { toast } from '../../stores/toast';
-
-interface FormState {
-  id?: number;
-  code: string;
-  name: string;
-  discount_type: 1 | 2 | 3;
-  discount_val: number;
-  min_amount: number;
-  apply_to: string;
-  total_qty: number;
-  per_user_limit: number;
-  start_at: string;
-  end_at: string;
-  status: 0 | 1;
-}
-
-const DEFAULT_FORM: FormState = {
-  code: '',
-  name: '',
-  discount_type: 1,
-  discount_val: 0,
-  min_amount: 0,
-  apply_to: 'all',
-  total_qty: 0,
-  per_user_limit: 1,
-  start_at: '',
-  end_at: '',
-  status: 1,
-};
-
-export default function PromoPage() {
-  const qc = useQueryClient();
-  const [keyword, setKeyword] = useState('');
-  const [status, setStatus] = useState<'' | '0' | '1'>('');
-  const [discountType, setDiscountType] = useState<'' | '1' | '2' | '3'>('');
-  const [page, setPage] = useState(1);
-  const [form, setForm] = useState<FormState | null>(null);
-  const pageSize = 20;
-
-  const query = useQuery({
-    queryKey: ['admin', 'promo', keyword, status, discountType, page],
-    queryFn: () => promoApi.list({
-      keyword: keyword.trim() || undefined,
-      status: status === '' ? '' : Number(status) as 0 | 1,
-      discount_type: discountType === '' ? '' : Number(discountType) as 1 | 2 | 3,
-      page,
-      page_size: pageSize,
-    }),
-  });
-
-  const rows = query.data?.list ?? [];
-  const total = query.data?.total ?? 0;
-  const pages = Math.max(1, Math.ceil(total / pageSize));
-
-  const save = useMutation({
-    mutationFn: (f: FormState) => {
-      const body = formToBody(f);
-      return f.id ? promoApi.update(f.id, body) : promoApi.create(body).then(() => undefined);
-    },
-    onSuccess: () => {
-      toast.success('优惠码已保存');
-      setForm(null);
-      qc.invalidateQueries({ queryKey: ['admin', 'promo'] });
-    },
-    onError: (e: ApiError | Error) => toast.error(e.message),
-  });
-
-  const remove = useMutation({
-    mutationFn: (id: number) => promoApi.remove(id),
-    onSuccess: () => {
-      toast.success('优惠码已删除');
-      qc.invalidateQueries({ queryKey: ['admin', 'promo'] });
-    },
-    onError: (e: ApiError | Error) => toast.error(e.message),
-  });
-
-  const toggle = useMutation({
-    mutationFn: (row: AdminPromoItem) => promoApi.update(row.id, { status: row.status === 1 ? 0 : 1 }),
-    onSuccess: () => qc.invalidateQueries({ queryKey: ['admin', 'promo'] }),
-    onError: (e: ApiError | Error) => toast.error(e.message),
-  });
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title flex items-center gap-2"><Tag className="text-klein-500" size={26} />优惠码</h1>
-          <p className="page-subtitle">创建和维护满减、折扣、赠点优惠码，支持总量、每用户次数、有效期和启停控制。</p>
-        </div>
-        <div className="flex flex-wrap gap-2">
-          <button className="btn btn-outline btn-md" onClick={() => query.refetch()} disabled={query.isFetching}>
-            <RefreshCw size={16} className={query.isFetching ? 'animate-spin' : ''} /> 刷新
-          </button>
-          <button className="btn btn-primary btn-md" onClick={() => setForm(DEFAULT_FORM)}>
-            <Plus size={16} /> 新增优惠码
-          </button>
-        </div>
-      </header>
-
-      <div className="card card-section flex flex-wrap items-center gap-2 !py-3">
-        <div className="relative min-w-[220px] flex-1">
-          <Search size={16} className="absolute left-3 top-1/2 -translate-y-1/2 text-text-tertiary" />
-          <input className="input pl-9" value={keyword} onChange={(e) => { setKeyword(e.target.value); setPage(1); }} placeholder="搜索优惠码、名称、ID" />
-        </div>
-        <select className="select select-sm min-w-[110px]" value={status} onChange={(e) => { setStatus(e.target.value as typeof status); setPage(1); }}>
-          <option value="">全部状态</option>
-          <option value="1">启用</option>
-          <option value="0">停用</option>
-        </select>
-        <select className="select select-sm min-w-[120px]" value={discountType} onChange={(e) => { setDiscountType(e.target.value as typeof discountType); setPage(1); }}>
-          <option value="">全部类型</option>
-          <option value="1">满减</option>
-          <option value="2">折扣</option>
-          <option value="3">赠点</option>
-        </select>
-      </div>
-
-      <div className="card table-wrap">
-        <table className="data-table min-w-[1120px]">
-          <thead>
-            <tr>
-              <th>优惠码</th>
-              <th>类型</th>
-              <th>优惠值</th>
-              <th>门槛</th>
-              <th>适用范围</th>
-              <th>使用量</th>
-              <th>每用户</th>
-              <th>有效期</th>
-              <th>状态</th>
-              <th>操作</th>
-            </tr>
-          </thead>
-          <tbody>
-            {rows.map((row) => (
-              <tr key={row.id}>
-                <td>
-                  <div className="font-semibold text-text-primary">{row.code}</div>
-                  <div className="text-tiny text-text-tertiary">{row.name}</div>
-                </td>
-                <td><span className="badge badge-outline">{discountLabel(row.discount_type)}</span></td>
-                <td className="font-semibold">{discountValue(row)}</td>
-                <td>{row.min_amount > 0 ? `${fmtNumber(row.min_amount / 100)} 元` : '无门槛'}</td>
-                <td>{row.apply_to || 'all'}</td>
-                <td>{fmtNumber(row.used_qty)} / {row.total_qty > 0 ? fmtNumber(row.total_qty) : '不限'}</td>
-                <td>{row.per_user_limit > 0 ? `${row.per_user_limit} 次` : '不限'}</td>
-                <td className="whitespace-nowrap">{fmtTime(row.start_at)} - {fmtTime(row.end_at)}</td>
-                <td><button className={row.status === 1 ? 'btn btn-outline btn-sm' : 'btn btn-ghost btn-sm'} onClick={() => toggle.mutate(row)}>{row.status === 1 ? '启用' : '停用'}</button></td>
-                <td>
-                  <div className="flex items-center gap-1">
-                    <button className="btn btn-ghost btn-icon btn-sm" onClick={() => setForm(rowToForm(row))} title="编辑"><Edit3 size={14} /></button>
-                    <button className="btn btn-danger-ghost btn-icon btn-sm" onClick={() => { if (confirm(`删除优惠码 ${row.code}？`)) remove.mutate(row.id); }} title="删除"><Trash2 size={14} /></button>
-                  </div>
-                </td>
-              </tr>
-            ))}
-            {!query.isLoading && rows.length === 0 && (
-              <tr><td colSpan={10} className="py-10 text-center text-text-tertiary">暂无优惠码</td></tr>
-            )}
-          </tbody>
-        </table>
-      </div>
-
-      <div className="card card-section flex flex-wrap items-center justify-between gap-3 !py-2">
-        <span className="text-small text-text-tertiary">第 {page} / {pages} 页，共 {fmtNumber(total)} 条</span>
-        <div className="flex gap-2">
-          <button className="btn btn-outline btn-sm" disabled={page <= 1} onClick={() => setPage((p) => Math.max(1, p - 1))}>上一页</button>
-          <button className="btn btn-outline btn-sm" disabled={page >= pages} onClick={() => setPage((p) => p + 1)}>下一页</button>
-        </div>
-      </div>
-
-      {form && <PromoDialog form={form} setForm={setForm} saving={save.isPending} onClose={() => setForm(null)} onSave={() => save.mutate(form)} />}
-    </div>
-  );
-}
-
-function PromoDialog({ form, setForm, saving, onClose, onSave }: { form: FormState; setForm: (f: FormState | null) => void; saving: boolean; onClose: () => void; onSave: () => void }) {
-  const set = <K extends keyof FormState>(k: K, v: FormState[K]) => setForm({ ...form, [k]: v });
-  return (
-    <div className="fixed inset-0 z-50 grid place-items-center bg-surface-overlay p-4">
-      <div className="card card-section w-full max-w-3xl space-y-4">
-        <header className="flex items-center justify-between gap-3">
-          <div>
-            <h2 className="text-h4 font-semibold text-text-primary">{form.id ? '编辑优惠码' : '新增优惠码'}</h2>
-            <p className="text-small text-text-tertiary">金额单位为元，赠点单位为点。</p>
-          </div>
-          <button className="btn btn-ghost btn-sm" onClick={onClose}>关闭</button>
-        </header>
-        <div className="grid gap-3 md:grid-cols-2">
-          <Field label="优惠码"><input className="input font-mono" value={form.code} onChange={(e) => set('code', e.target.value.toUpperCase())} placeholder="SPRING2026" /></Field>
-          <Field label="名称"><input className="input" value={form.name} onChange={(e) => set('name', e.target.value)} placeholder="春季活动" /></Field>
-          <Field label="类型">
-            <select className="select" value={form.discount_type} onChange={(e) => set('discount_type', Number(e.target.value) as 1 | 2 | 3)}>
-              <option value={1}>满减</option>
-              <option value={2}>折扣</option>
-              <option value={3}>赠点</option>
-            </select>
-          </Field>
-          <Field label={form.discount_type === 2 ? '折扣百分比' : form.discount_type === 3 ? '赠送积分（点）' : '减免金额（元）'}>
-            <input className="input" type="number" min={0} value={form.discount_val} onChange={(e) => set('discount_val', Number(e.target.value) || 0)} />
-          </Field>
-          <Field label="最低消费（元）"><input className="input" type="number" min={0} value={form.min_amount} onChange={(e) => set('min_amount', Number(e.target.value) || 0)} /></Field>
-          <Field label="适用范围"><input className="input" value={form.apply_to} onChange={(e) => set('apply_to', e.target.value)} placeholder="all / p100 / image" /></Field>
-          <Field label="总数量"><input className="input" type="number" min={0} value={form.total_qty} onChange={(e) => set('total_qty', Number(e.target.value) || 0)} /></Field>
-          <Field label="每用户限用"><input className="input" type="number" min={0} value={form.per_user_limit} onChange={(e) => set('per_user_limit', Number(e.target.value) || 0)} /></Field>
-          <Field label="开始时间"><input className="input" type="datetime-local" value={form.start_at} onChange={(e) => set('start_at', e.target.value)} /></Field>
-          <Field label="结束时间"><input className="input" type="datetime-local" value={form.end_at} onChange={(e) => set('end_at', e.target.value)} /></Field>
-          <Field label="状态">
-            <select className="select" value={form.status} onChange={(e) => set('status', Number(e.target.value) as 0 | 1)}>
-              <option value={1}>启用</option>
-              <option value={0}>停用</option>
-            </select>
-          </Field>
-        </div>
-        <div className="flex justify-end gap-2">
-          <button className="btn btn-outline btn-md" onClick={onClose}>取消</button>
-          <button className="btn btn-primary btn-md" disabled={saving} onClick={onSave}>{saving ? '保存中...' : '保存'}</button>
-        </div>
-      </div>
-    </div>
-  );
-}
-
-function Field({ label, children }: { label: string; children: ReactNode }) {
-  return <label className="field"><span className="field-label">{label}</span>{children}</label>;
-}
-
-function rowToForm(row: AdminPromoItem): FormState {
-  return {
-    id: row.id,
-    code: row.code,
-    name: row.name,
-    discount_type: row.discount_type as 1 | 2 | 3,
-    discount_val: displayDiscount(row),
-    min_amount: row.min_amount / 100,
-    apply_to: row.apply_to,
-    total_qty: row.total_qty,
-    per_user_limit: row.per_user_limit,
-    start_at: toLocalInput(row.start_at),
-    end_at: toLocalInput(row.end_at),
-    status: row.status as 0 | 1,
-  };
-}
-
-function formToBody(f: FormState): AdminPromoBody {
-  return {
-    code: f.code.trim(),
-    name: f.name.trim(),
-    discount_type: f.discount_type,
-    discount_val: storedDiscount(f),
-    min_amount: Math.round((Number(f.min_amount) || 0) * 100),
-    apply_to: f.apply_to.trim() || 'all',
-    total_qty: Number(f.total_qty) || 0,
-    per_user_limit: Number(f.per_user_limit) || 0,
-    start_at: fromLocalInput(f.start_at),
-    end_at: fromLocalInput(f.end_at),
-    status: f.status,
-  };
-}
-
-function displayDiscount(row: AdminPromoItem) {
-  if (row.discount_type === 1 || row.discount_type === 3) return row.discount_val / 100;
-  return row.discount_val;
-}
-
-function storedDiscount(f: FormState) {
-  if (f.discount_type === 1 || f.discount_type === 3) return Math.round((Number(f.discount_val) || 0) * 100);
-  return Math.round(Number(f.discount_val) || 0);
-}
-
-function discountValue(row: AdminPromoItem) {
-  if (row.discount_type === 1) return `${fmtNumber(row.discount_val / 100)} 元`;
-  if (row.discount_type === 2) return `${row.discount_val}%`;
-  return `${fmtPoints(row.discount_val)} 点`;
-}
-
-function discountLabel(v: number) {
-  if (v === 1) return '满减';
-  if (v === 2) return '折扣';
-  if (v === 3) return '赠点';
-  return String(v);
-}
-
-function toLocalInput(ts?: number) {
-  if (!ts) return '';
-  const d = new Date(ts * 1000);
-  const pad = (n: number) => String(n).padStart(2, '0');
-  return `${d.getFullYear()}-${pad(d.getMonth() + 1)}-${pad(d.getDate())}T${pad(d.getHours())}:${pad(d.getMinutes())}`;
-}
-
-function fromLocalInput(v: string) {
-  if (!v) return 0;
-  return Math.floor(new Date(v).getTime() / 1000);
-}
diff --git a/frontend/apps/admin/src/pages/proxies/ProxiesPage.tsx b/frontend/apps/admin/src/pages/proxies/ProxiesPage.tsx
deleted file mode 100644
index df7c83c2..00000000
--- a/frontend/apps/admin/src/pages/proxies/ProxiesPage.tsx
+++ /dev/null
@@ -1,470 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import {
-  Plus, RefreshCw, Trash2, Power, Activity, Pencil, CheckCircle2, XCircle, Clock,
-} from 'lucide-react';
-import { useMemo, useState } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { fmtRelative, fmtTime } from '../../lib/format';
-import { proxiesApi } from '../../lib/services';
-import type { ProxyCreateBody, ProxyItem, ProxyUpdateBody } from '../../lib/types';
-import { toast } from '../../stores/toast';
-
-const PROTOS: ProxyCreateBody['protocol'][] = ['http', 'https', 'socks5', 'socks5h'];
-
-function checkLabel(s?: number): { label: string; cls: string; icon: typeof CheckCircle2 } {
-  switch (s) {
-    case 1: return { label: 'OK',   cls: 'text-success',       icon: CheckCircle2 };
-    case 2: return { label: 'FAIL', cls: 'text-danger',        icon: XCircle };
-    default: return { label: '未测', cls: 'text-text-tertiary', icon: Clock };
-  }
-}
-
-export default function ProxiesPage() {
-  const qc = useQueryClient();
-
-  const [keyword, setKeyword] = useState('');
-  const [statusFilter, setStatusFilter] = useState<'all' | 'enabled' | 'disabled'>('all');
-  const [page, setPage] = useState(1);
-  const pageSize = 20;
-
-  const [openDlg, setOpenDlg] = useState<{ mode: 'create' } | { mode: 'edit'; row: ProxyItem } | null>(null);
-
-  const query = useMemo(
-    () => ({
-      keyword: keyword || undefined,
-      status: statusFilter === 'all' ? undefined : statusFilter === 'enabled' ? (1 as const) : (0 as const),
-      page,
-      page_size: pageSize,
-    }),
-    [keyword, statusFilter, page],
-  );
-
-  const list = useQuery({
-    queryKey: ['admin', 'proxies', 'list', query],
-    queryFn: () => proxiesApi.list(query),
-  });
-
-  const refresh = () => qc.invalidateQueries({ queryKey: ['admin', 'proxies'] });
-
-  const toggle = useMutation({
-    mutationFn: ({ id, status }: { id: number; status: 0 | 1 }) =>
-      proxiesApi.update(id, { status }),
-    onSuccess: () => { refresh(); toast.success('已更新'); },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const remove = useMutation({
-    mutationFn: (id: number) => proxiesApi.remove(id),
-    onSuccess: () => { refresh(); toast.success('已删除'); },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const testMut = useMutation({
-    mutationFn: (id: number) => proxiesApi.test(id),
-    onSuccess: (r) => {
-      refresh();
-      if (r.ok) toast.success(`代理可达 · ${r.latency_ms}ms`);
-      else toast.error(`不可用：${r.error || '未知'}`);
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const total = list.data?.total ?? 0;
-  const items: ProxyItem[] = list.data?.list ?? [];
-  const lastPage = Math.max(1, Math.ceil(total / pageSize));
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">代理管理</h1>
-          <p className="page-subtitle">为账号池配置 HTTP / SOCKS5 代理；可在系统配置中设为全局默认。</p>
-        </div>
-        <div className="flex flex-wrap gap-2">
-          <button className="btn btn-outline btn-md" onClick={refresh}>
-            <RefreshCw size={16} /> 刷新
-          </button>
-          <button className="btn btn-primary btn-md" onClick={() => setOpenDlg({ mode: 'create' })}>
-            <Plus size={18} /> 新增代理
-          </button>
-        </div>
-      </header>
-
-      <div className="card card-section flex flex-wrap items-center gap-3 !py-3">
-        <div className="tabs">
-          {(['all', 'enabled', 'disabled'] as const).map((p) => (
-            <button
-              key={p}
-              type="button"
-              className="tab"
-              aria-selected={statusFilter === p}
-              onClick={() => { setStatusFilter(p); setPage(1); }}
-            >
-              {p === 'all' ? '全部' : p === 'enabled' ? '启用' : '禁用'}
-            </button>
-          ))}
-        </div>
-        <input
-          className="input flex-1 min-w-[220px]"
-          placeholder="按名称 / 备注 / 主机搜索…"
-          value={keyword}
-          onChange={(e) => { setKeyword(e.target.value); setPage(1); }}
-        />
-        <span className="text-small text-text-tertiary">共 {total} 条</span>
-      </div>
-
-      <div className="card overflow-x-auto">
-        <table className="data-table min-w-[1080px]">
-          <thead>
-            <tr>
-              <th>名称</th>
-              <th>协议</th>
-              <th>地址</th>
-              <th>认证</th>
-              <th>状态</th>
-              <th>最近探测</th>
-              <th>操作</th>
-            </tr>
-          </thead>
-          <tbody>
-            {list.isLoading && (
-              <tr>
-                <td colSpan={7} className="text-center text-text-tertiary text-small py-10">加载中…</td>
-              </tr>
-            )}
-            {!list.isLoading && items.length === 0 && (
-              <tr>
-                <td colSpan={7}>
-                  <div className="empty-state">
-                    <p className="empty-state-title">暂无代理</p>
-                    <p className="empty-state-desc">点击右上角【新增代理】添加一条 HTTP / SOCKS5 出口。</p>
-                  </div>
-                </td>
-              </tr>
-            )}
-            {items.map((p) => {
-              const enabled = p.status === 1;
-              const t = checkLabel(p.last_check_ok);
-              const Icon = t.icon;
-              return (
-                <tr key={p.id}>
-                  <td className="font-medium text-text-primary">
-                    {p.name}
-                    {p.remark && (
-                      <span className="block text-small text-text-tertiary mt-0.5">{p.remark}</span>
-                    )}
-                  </td>
-                  <td className="uppercase text-klein-500 font-semibold">{p.protocol}</td>
-                  <td className="font-mono text-small text-text-secondary">{p.host}:{p.port}</td>
-                  <td className="text-small">
-                    {p.username ? (
-                      <span>
-                        {p.username}
-                        {p.has_password && <span className="text-text-tertiary"> · ●●●</span>}
-                      </span>
-                    ) : (
-                      <span className="text-text-tertiary">无</span>
-                    )}
-                  </td>
-                  <td>
-                    {enabled ? (
-                      <span className="badge badge-success">启用</span>
-                    ) : (
-                      <span className="badge">禁用</span>
-                    )}
-                  </td>
-                  <td className="text-small">
-                    <div className={`inline-flex items-center gap-1 ${t.cls}`}>
-                      <Icon size={12} />
-                      <span>
-                        {t.label}
-                        {p.last_check_ms ? ` · ${p.last_check_ms}ms` : ''}
-                      </span>
-                    </div>
-                    {p.last_check_at && (
-                      <span className="block text-tiny text-text-tertiary mt-0.5" title={fmtTime(p.last_check_at)}>
-                        {fmtRelative(p.last_check_at)}
-                      </span>
-                    )}
-                    {p.last_error && (
-                      <span className="block text-tiny text-danger mt-0.5 truncate max-w-[220px]" title={p.last_error}>
-                        {p.last_error}
-                      </span>
-                    )}
-                  </td>
-                  <td>
-                    <div className="inline-flex gap-1">
-                      <button
-                        className="btn btn-ghost btn-icon btn-sm"
-                        title="测试连通"
-                        onClick={() => testMut.mutate(p.id)}
-                        disabled={testMut.isPending && testMut.variables === p.id}
-                      >
-                        <Activity
-                          size={14}
-                          className={
-                            testMut.isPending && testMut.variables === p.id
-                              ? 'animate-pulse text-klein-500'
-                              : 'text-text-secondary'
-                          }
-                        />
-                      </button>
-                      <button
-                        className="btn btn-ghost btn-icon btn-sm"
-                        title="编辑"
-                        onClick={() => setOpenDlg({ mode: 'edit', row: p })}
-                      >
-                        <Pencil size={14} />
-                      </button>
-                      <button
-                        className="btn btn-ghost btn-icon btn-sm"
-                        title={enabled ? '禁用' : '启用'}
-                        onClick={() => toggle.mutate({ id: p.id, status: enabled ? 0 : 1 })}
-                      >
-                        <Power size={14} className={enabled ? 'text-success' : 'text-text-tertiary'} />
-                      </button>
-                      <button
-                        className="btn btn-danger-ghost btn-icon btn-sm"
-                        title="删除"
-                        onClick={() => {
-                          if (confirm(`确定删除代理「${p.name}」？`)) remove.mutate(p.id);
-                        }}
-                      >
-                        <Trash2 size={14} />
-                      </button>
-                    </div>
-                  </td>
-                </tr>
-              );
-            })}
-          </tbody>
-        </table>
-      </div>
-
-      {total > pageSize && (
-        <div className="flex justify-end items-center gap-2 text-small">
-          <button
-            className="btn btn-outline btn-sm"
-            disabled={page <= 1}
-            onClick={() => setPage((p) => Math.max(1, p - 1))}
-          >上一页</button>
-          <span className="text-text-tertiary">{page} / {lastPage}</span>
-          <button
-            className="btn btn-outline btn-sm"
-            disabled={page >= lastPage}
-            onClick={() => setPage((p) => Math.min(lastPage, p + 1))}
-          >下一页</button>
-        </div>
-      )}
-
-      {openDlg && (
-        <ProxyDialog
-          mode={openDlg.mode}
-          row={openDlg.mode === 'edit' ? openDlg.row : undefined}
-          onClose={() => setOpenDlg(null)}
-          onSuccess={() => { setOpenDlg(null); refresh(); }}
-        />
-      )}
-    </div>
-  );
-}
-
-// ============== Create / Edit Dialog ==============
-function ProxyDialog({
-  mode,
-  row,
-  onClose,
-  onSuccess,
-}: {
-  mode: 'create' | 'edit';
-  row?: ProxyItem;
-  onClose: () => void;
-  onSuccess: () => void;
-}) {
-  const [body, setBody] = useState<ProxyCreateBody>(() =>
-    row
-      ? {
-          name: row.name,
-          protocol: (row.protocol as ProxyCreateBody['protocol']) || 'http',
-          host: row.host,
-          port: row.port,
-          username: row.username || '',
-          password: '',
-          remark: row.remark || '',
-        }
-      : { name: '', protocol: 'http', host: '', port: 7890, username: '', password: '', remark: '' },
-  );
-
-  const create = useMutation({
-    mutationFn: (b: ProxyCreateBody) => proxiesApi.create(b),
-    onSuccess: () => { toast.success('代理已添加'); onSuccess(); },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const update = useMutation({
-    mutationFn: (b: ProxyUpdateBody) => proxiesApi.update(row!.id, b),
-    onSuccess: () => { toast.success('已更新'); onSuccess(); },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  const submit = (e: React.FormEvent) => {
-    e.preventDefault();
-    if (!body.name.trim() || !body.host.trim() || !body.port) {
-      toast.error('请填写名称 / 主机 / 端口');
-      return;
-    }
-    const payload: ProxyCreateBody = {
-      ...body,
-      name: body.name.trim(),
-      host: body.host.trim(),
-      username: body.username?.trim() || undefined,
-      password: body.password || undefined,
-      remark: body.remark?.trim() || undefined,
-    };
-    if (mode === 'create') {
-      create.mutate(payload);
-    } else {
-      const patch: ProxyUpdateBody = {
-        name: payload.name,
-        protocol: payload.protocol,
-        host: payload.host,
-        port: payload.port,
-        username: payload.username,
-        remark: payload.remark,
-      };
-      // password 留空表示不变
-      if (body.password) patch.password = body.password;
-      update.mutate(patch);
-    }
-  };
-
-  const submitting = create.isPending || update.isPending;
-
-  return (
-    <Modal title={mode === 'create' ? '新增代理' : '编辑代理'} onClose={onClose}>
-      <form className="space-y-3" onSubmit={submit}>
-        <div className="grid grid-cols-2 gap-3">
-          <Field label="名称">
-            <input
-              className="input"
-              placeholder="如 HK-Cloudflare-1"
-              value={body.name}
-              onChange={(e) => setBody((s) => ({ ...s, name: e.target.value }))}
-            />
-          </Field>
-          <Field label="协议">
-            <select
-              className="select"
-              value={body.protocol}
-              onChange={(e) =>
-                setBody((s) => ({ ...s, protocol: e.target.value as ProxyCreateBody['protocol'] }))
-              }
-            >
-              {PROTOS.map((p) => (
-                <option key={p} value={p}>{p}</option>
-              ))}
-            </select>
-          </Field>
-        </div>
-
-        <div className="grid grid-cols-3 gap-3">
-          <Field label="主机 (host)" className="col-span-2">
-            <input
-              className="input"
-              placeholder="proxy.example.com"
-              value={body.host}
-              onChange={(e) => setBody((s) => ({ ...s, host: e.target.value }))}
-            />
-          </Field>
-          <Field label="端口">
-            <input
-              type="number"
-              className="input"
-              min={1}
-              max={65535}
-              value={body.port || ''}
-              onChange={(e) => setBody((s) => ({ ...s, port: Number(e.target.value) || 0 }))}
-            />
-          </Field>
-        </div>
-
-        <div className="grid grid-cols-2 gap-3">
-          <Field label="用户名（可选）">
-            <input
-              className="input"
-              value={body.username || ''}
-              onChange={(e) => setBody((s) => ({ ...s, username: e.target.value }))}
-            />
-          </Field>
-          <Field label={mode === 'edit' ? '密码（留空保持不变）' : '密码（可选）'}>
-            <input
-              type="password"
-              className="input"
-              value={body.password || ''}
-              onChange={(e) => setBody((s) => ({ ...s, password: e.target.value }))}
-            />
-          </Field>
-        </div>
-
-        <Field label="备注">
-          <input
-            className="input"
-            value={body.remark || ''}
-            onChange={(e) => setBody((s) => ({ ...s, remark: e.target.value }))}
-          />
-        </Field>
-
-        <div className="flex justify-end gap-2 pt-2">
-          <button type="button" className="btn btn-outline btn-md" onClick={onClose}>取消</button>
-          <button type="submit" className="btn btn-primary btn-md" disabled={submitting}>
-            {submitting ? '提交中…' : '保存'}
-          </button>
-        </div>
-      </form>
-    </Modal>
-  );
-}
-
-// ============== UI helpers ==============
-function Modal({
-  title,
-  onClose,
-  children,
-}: {
-  title: string;
-  onClose: () => void;
-  children: React.ReactNode;
-}) {
-  return (
-    <div className="fixed inset-0 z-[80] grid place-items-center bg-black/40 backdrop-blur-sm p-4">
-      <div className="dialog-surface w-full max-w-xl klein-fade-in">
-        <header className="flex items-center justify-between px-5 h-12 border-b border-border">
-          <h3 className="font-semibold text-text-primary">{title}</h3>
-          <button className="btn btn-ghost btn-icon btn-sm" onClick={onClose} aria-label="关闭">✕</button>
-        </header>
-        <div className="p-5 max-h-[70vh] overflow-y-auto">{children}</div>
-      </div>
-    </div>
-  );
-}
-
-function Field({
-  label,
-  hint,
-  className,
-  children,
-}: {
-  label: string;
-  hint?: React.ReactNode;
-  className?: string;
-  children: React.ReactNode;
-}) {
-  return (
-    <label className={`field ${className || ''}`}>
-      <span className="field-label">{label}</span>
-      {children}
-      {hint && <span className="field-hint">{hint}</span>}
-    </label>
-  );
-}
diff --git a/frontend/apps/admin/src/pages/system/BillingSettingsPage.tsx b/frontend/apps/admin/src/pages/system/BillingSettingsPage.tsx
deleted file mode 100644
index 1bb0963e..00000000
--- a/frontend/apps/admin/src/pages/system/BillingSettingsPage.tsx
+++ /dev/null
@@ -1,141 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { ReceiptText, RefreshCw, Save, Sparkles } from 'lucide-react';
-import { useEffect, useState, type ReactNode } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { systemApi } from '../../lib/services';
-import type { SystemSettings } from '../../lib/types';
-import { toast } from '../../stores/toast';
-
-interface FormState {
-  refund_on_failure: boolean;
-  free_initial_points: number;
-}
-
-const DEFAULT_FORM: FormState = {
-  refund_on_failure: true,
-  free_initial_points: 0,
-};
-
-const asBool = (v: unknown, fallback = false) => (v == null ? fallback : Boolean(v));
-const asNum = (v: unknown, fallback: number) => {
-  const n = Number(v);
-  return Number.isFinite(n) ? n : fallback;
-};
-
-function fromSettings(s?: SystemSettings): FormState {
-  if (!s) return DEFAULT_FORM;
-  return {
-    refund_on_failure: asBool(s['billing.refund_on_failure'], true),
-    free_initial_points: asNum(s['billing.free_initial_points'], 0) / 100,
-  };
-}
-
-function toPayload(form: FormState): Partial<SystemSettings> {
-  return {
-    'billing.refund_on_failure': form.refund_on_failure,
-    'billing.free_initial_points': Math.round((Number(form.free_initial_points) || 0) * 100),
-  };
-}
-
-export default function BillingSettingsPage() {
-  const qc = useQueryClient();
-  const settings = useQuery({ queryKey: ['admin', 'system', 'settings'], queryFn: () => systemApi.get() });
-  const [form, setForm] = useState<FormState>(DEFAULT_FORM);
-  const [dirty, setDirty] = useState(false);
-
-  useEffect(() => {
-    if (settings.data) {
-      setForm(fromSettings(settings.data));
-      setDirty(false);
-    }
-  }, [settings.data]);
-
-  const set = <K extends keyof FormState>(key: K, value: FormState[K]) => {
-    setForm((old) => ({ ...old, [key]: value }));
-    setDirty(true);
-  };
-
-  const save = useMutation({
-    mutationFn: () => systemApi.update(toPayload(form)),
-    onSuccess: () => {
-      toast.success('扣费设置已保存');
-      setDirty(false);
-      qc.invalidateQueries({ queryKey: ['admin', 'system'] });
-    },
-    onError: (e: ApiError | Error) => toast.error(e.message),
-  });
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">扣费设置</h1>
-          <p className="page-subtitle">维护通用扣费规则。模型单价与模型映射请在“模型价格”维护，充值商品请在“充值套餐”维护。</p>
-        </div>
-        <div className="flex flex-wrap gap-2">
-          <button className="btn btn-outline btn-md" onClick={() => settings.refetch()} disabled={settings.isFetching}>
-            <RefreshCw size={16} className={settings.isFetching ? 'animate-spin' : ''} /> 重新加载
-          </button>
-          <button className="btn btn-primary btn-md" onClick={() => save.mutate()} disabled={!dirty || save.isPending}>
-            <Save size={16} /> {save.isPending ? '保存中...' : dirty ? '保存修改' : '已是最新'}
-          </button>
-        </div>
-      </header>
-
-      {settings.isLoading ? (
-        <div className="card card-section text-center text-text-tertiary py-10">加载中...</div>
-      ) : (
-        <div className="grid gap-4 lg:grid-cols-[1.1fr_0.9fr]">
-          <section className="card card-section space-y-5">
-            <SectionTitle icon={<ReceiptText size={18} />} title="失败退款" desc="生成任务失败时是否自动返还本次预扣积分。" />
-            <div className="rounded-md border border-border bg-surface-2 p-4 flex items-center justify-between gap-4">
-              <div>
-                <div className="text-base font-semibold text-text-primary">失败自动退款</div>
-                <div className="text-small text-text-tertiary mt-1">建议开启。关闭后失败任务不会返还已扣积分。</div>
-              </div>
-              <Switch checked={form.refund_on_failure} onChange={(v) => set('refund_on_failure', v)} />
-            </div>
-          </section>
-
-          <section className="card card-section space-y-5">
-            <SectionTitle icon={<Sparkles size={18} />} title="注册赠送" desc="新用户注册成功后自动赠送的初始积分。" />
-            <label className="field">
-              <span className="field-label">赠送积分（点）</span>
-              <input
-                className="input text-[26px] font-semibold tabular-nums"
-                type="number"
-                min={0}
-                value={form.free_initial_points}
-                onChange={(e) => set('free_initial_points', Number(e.target.value) || 0)}
-              />
-            </label>
-            <div className="rounded-md border border-border bg-surface-2 p-3 text-small text-text-tertiary">
-              保存后会以系统内部积分单位入库，页面填写仍然按“点”显示。
-            </div>
-          </section>
-        </div>
-      )}
-    </div>
-  );
-}
-
-function SectionTitle({ icon, title, desc }: { icon: ReactNode; title: string; desc: string }) {
-  return (
-    <header className="flex items-start gap-3">
-      <span className="grid place-items-center w-9 h-9 rounded-md bg-info-soft text-klein-500">{icon}</span>
-      <div>
-        <h2 className="text-h5 font-semibold text-text-primary">{title}</h2>
-        <p className="text-small text-text-tertiary mt-0.5">{desc}</p>
-      </div>
-    </header>
-  );
-}
-
-function Switch({ checked, onChange }: { checked: boolean; onChange: (v: boolean) => void }) {
-  return (
-    <button type="button" role="switch" aria-checked={checked} onClick={() => onChange(!checked)} className={'relative inline-flex h-8 w-14 shrink-0 items-center rounded-full transition ' + (checked ? 'bg-klein-500' : 'bg-surface-3')}>
-      <span className={'inline-block h-7 w-7 rounded-full bg-white shadow transition transform ' + (checked ? 'translate-x-6' : 'translate-x-0.5')} />
-    </button>
-  );
-}
diff --git a/frontend/apps/admin/src/pages/system/ConfigPage.tsx b/frontend/apps/admin/src/pages/system/ConfigPage.tsx
deleted file mode 100644
index b3ea971a..00000000
--- a/frontend/apps/admin/src/pages/system/ConfigPage.tsx
+++ /dev/null
@@ -1,351 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { Cloud, CreditCard, Database, RefreshCw, Save, ShieldAlert, Trash2 } from 'lucide-react';
-import { useEffect, useState, type ReactNode } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { proxiesApi, systemApi } from '../../lib/services';
-import type { ProxyItem, SystemSettings } from '../../lib/types';
-import { toast } from '../../stores/toast';
-
-interface FormState {
-  retry_max_attempts: number;
-  retry_base_delay_ms: number;
-  retry_timeout_seconds: number;
-  tolerance_circuit_failures: number;
-  tolerance_circuit_cooldown_seconds: number;
-  proxy_global_enabled: boolean;
-  proxy_global_id: number;
-  oauth_refresh_before_hours: number;
-  storage_history_retention_days: number;
-  storage_result_retention_days: number;
-  storage_result_cache_driver: string;
-  oss_enabled: boolean;
-  oss_provider: string;
-  oss_endpoint: string;
-  oss_region: string;
-  oss_bucket: string;
-  oss_access_key_id: string;
-  oss_access_key_secret: string;
-  oss_public_base_url: string;
-  oss_path_prefix: string;
-  payment_enabled: boolean;
-  payment_provider: string;
-  payment_notify_url: string;
-  alipay_app_id: string;
-  alipay_private_key: string;
-  wechat_mch_id: string;
-  wechat_api_v3_key: string;
-}
-
-const DEFAULT_FORM: FormState = {
-  retry_max_attempts: 2,
-  retry_base_delay_ms: 800,
-  retry_timeout_seconds: 300,
-  tolerance_circuit_failures: 3,
-  tolerance_circuit_cooldown_seconds: 300,
-  proxy_global_enabled: false,
-  proxy_global_id: 0,
-  oauth_refresh_before_hours: 6,
-  storage_history_retention_days: 180,
-  storage_result_retention_days: 30,
-  storage_result_cache_driver: 'local',
-  oss_enabled: false,
-  oss_provider: 'aliyun',
-  oss_endpoint: '',
-  oss_region: '',
-  oss_bucket: '',
-  oss_access_key_id: '',
-  oss_access_key_secret: '',
-  oss_public_base_url: '',
-  oss_path_prefix: 'uploads/{yyyy}/{mm}/{dd}',
-  payment_enabled: false,
-  payment_provider: 'alipay',
-  payment_notify_url: '',
-  alipay_app_id: '',
-  alipay_private_key: '',
-  wechat_mch_id: '',
-  wechat_api_v3_key: '',
-};
-
-const asBool = (v: unknown, fallback = false) => (v == null ? fallback : Boolean(v));
-const asNum = (v: unknown, fallback: number) => {
-  const n = Number(v);
-  return Number.isFinite(n) ? n : fallback;
-};
-const asStr = (v: unknown, fallback = '') => (typeof v === 'string' ? v : fallback);
-
-function fromSettings(s: SystemSettings | undefined): FormState {
-  if (!s) return DEFAULT_FORM;
-  return {
-    retry_max_attempts: asNum(s['retry.max_attempts'], 2),
-    retry_base_delay_ms: asNum(s['retry.base_delay_ms'], 800),
-    retry_timeout_seconds: asNum(s['retry.timeout_seconds'], 300),
-    tolerance_circuit_failures: asNum(s['tolerance.circuit_failures'], 3),
-    tolerance_circuit_cooldown_seconds: asNum(s['tolerance.circuit_cooldown_seconds'], 300),
-    proxy_global_enabled: asBool(s['proxy.global_enabled']),
-    proxy_global_id: asNum(s['proxy.global_id'], 0),
-    oauth_refresh_before_hours: asNum(s['oauth.refresh_before_hours'], 6),
-    storage_history_retention_days: asNum(s['storage.history_retention_days'], 180),
-    storage_result_retention_days: asNum(s['storage.result_retention_days'], 30),
-    storage_result_cache_driver: asStr(s['storage.result_cache_driver'], 'local'),
-    oss_enabled: asBool(s['oss.enabled']),
-    oss_provider: asStr(s['oss.provider'], 'aliyun'),
-    oss_endpoint: asStr(s['oss.endpoint']),
-    oss_region: asStr(s['oss.region']),
-    oss_bucket: asStr(s['oss.bucket']),
-    oss_access_key_id: asStr(s['oss.access_key_id']),
-    oss_access_key_secret: asStr(s['oss.access_key_secret']),
-    oss_public_base_url: asStr(s['oss.public_base_url']),
-    oss_path_prefix: asStr(s['oss.path_prefix'], 'uploads/{yyyy}/{mm}/{dd}'),
-    payment_enabled: asBool(s['payment.enabled']),
-    payment_provider: asStr(s['payment.provider'], 'alipay'),
-    payment_notify_url: asStr(s['payment.notify_url']),
-    alipay_app_id: asStr(s['payment.alipay_app_id']),
-    alipay_private_key: asStr(s['payment.alipay_private_key']),
-    wechat_mch_id: asStr(s['payment.wechat_mch_id']),
-    wechat_api_v3_key: asStr(s['payment.wechat_api_v3_key']),
-  };
-}
-
-function toPayload(f: FormState): Partial<SystemSettings> {
-  return {
-    'retry.max_attempts': Number(f.retry_max_attempts) || 0,
-    'retry.base_delay_ms': Number(f.retry_base_delay_ms) || 0,
-    'retry.timeout_seconds': Number(f.retry_timeout_seconds) || 0,
-    'tolerance.circuit_failures': Number(f.tolerance_circuit_failures) || 0,
-    'tolerance.circuit_cooldown_seconds': Number(f.tolerance_circuit_cooldown_seconds) || 0,
-    'proxy.global_enabled': f.proxy_global_enabled,
-    'proxy.global_id': Number(f.proxy_global_id) || 0,
-    'oauth.refresh_before_hours': Number(f.oauth_refresh_before_hours) || 6,
-    'storage.history_retention_days': Number(f.storage_history_retention_days) || 0,
-    'storage.result_retention_days': Number(f.storage_result_retention_days) || 0,
-    'storage.result_cache_driver': f.storage_result_cache_driver,
-    'oss.enabled': f.oss_enabled,
-    'oss.provider': f.oss_provider.trim(),
-    'oss.endpoint': f.oss_endpoint.trim(),
-    'oss.region': f.oss_region.trim(),
-    'oss.bucket': f.oss_bucket.trim(),
-    'oss.access_key_id': f.oss_access_key_id.trim(),
-    'oss.access_key_secret': f.oss_access_key_secret.trim(),
-    'oss.public_base_url': f.oss_public_base_url.trim(),
-    'oss.path_prefix': f.oss_path_prefix.trim(),
-    'payment.enabled': f.payment_enabled,
-    'payment.provider': f.payment_provider.trim(),
-    'payment.notify_url': f.payment_notify_url.trim(),
-    'payment.alipay_app_id': f.alipay_app_id.trim(),
-    'payment.alipay_private_key': f.alipay_private_key.trim(),
-    'payment.wechat_mch_id': f.wechat_mch_id.trim(),
-    'payment.wechat_api_v3_key': f.wechat_api_v3_key.trim(),
-  };
-}
-
-export default function ConfigPage() {
-  const qc = useQueryClient();
-  const settings = useQuery({ queryKey: ['admin', 'system', 'settings'], queryFn: () => systemApi.get() });
-  const cacheStats = useQuery({ queryKey: ['admin', 'system', 'cache'], queryFn: () => systemApi.cacheStats() });
-  const proxies = useQuery({
-    queryKey: ['admin', 'proxies', 'options'],
-    queryFn: () => proxiesApi.list({ page: 1, page_size: 200, status: 1 }),
-  });
-  const [form, setForm] = useState<FormState>(DEFAULT_FORM);
-  const [dirty, setDirty] = useState(false);
-
-  useEffect(() => {
-    if (settings.data) {
-      setForm(fromSettings(settings.data));
-      setDirty(false);
-    }
-  }, [settings.data]);
-
-  const set = <K extends keyof FormState>(k: K, v: FormState[K]) => {
-    setForm((f) => ({ ...f, [k]: v }));
-    setDirty(true);
-  };
-
-  const save = useMutation({
-    mutationFn: () => systemApi.update(toPayload(form)),
-    onSuccess: () => {
-      toast.success('已保存');
-      setDirty(false);
-      qc.invalidateQueries({ queryKey: ['admin', 'system'] });
-    },
-    onError: (e: ApiError | Error) => toast.error(e.message),
-  });
-
-  const cleanCache = useMutation({
-    mutationFn: (body: { days?: number; all?: boolean }) => systemApi.cleanCache(body),
-    onSuccess: (r) => {
-      toast.success(`已清理 ${formatBytes(r.deleted_bytes)} / ${r.deleted_files} 个缓存文件`);
-      qc.invalidateQueries({ queryKey: ['admin', 'system', 'cache'] });
-    },
-    onError: (e: ApiError | Error) => toast.error(e.message),
-  });
-
-  const proxyOptions: ProxyItem[] = proxies.data?.list ?? [];
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">系统配置</h1>
-          <p className="page-subtitle">维护运行容错、刷新存储、OSS 和支付通道基础参数。</p>
-        </div>
-        <div className="flex flex-wrap gap-2">
-          <button className="btn btn-outline btn-md" onClick={() => settings.refetch()} disabled={settings.isFetching}>
-            <RefreshCw size={16} className={settings.isFetching ? 'animate-spin' : ''} /> 重新加载
-          </button>
-          <button className="btn btn-primary btn-md" onClick={() => save.mutate()} disabled={!dirty || save.isPending}>
-            <Save size={16} /> {save.isPending ? '保存中...' : dirty ? '保存修改' : '已是最新'}
-          </button>
-        </div>
-      </header>
-
-      {settings.isLoading ? (
-        <div className="card card-section text-center text-text-tertiary py-10">加载中...</div>
-      ) : (
-        <div className="grid gap-4 xl:grid-cols-2">
-          <Section icon={<ShieldAlert size={18} />} title="重试与容错" desc="控制生成请求失败后的重试次数、超时和账号熔断策略。">
-            <NumberField label="最大重试次数" value={form.retry_max_attempts} min={0} max={10} onChange={(v) => set('retry_max_attempts', v)} />
-            <NumberField label="重试基础延迟（毫秒）" value={form.retry_base_delay_ms} min={0} onChange={(v) => set('retry_base_delay_ms', v)} />
-            <NumberField label="请求超时（秒）" value={form.retry_timeout_seconds} min={30} onChange={(v) => set('retry_timeout_seconds', v)} />
-            <NumberField label="熔断失败次数" value={form.tolerance_circuit_failures} min={1} onChange={(v) => set('tolerance_circuit_failures', v)} />
-            <NumberField label="熔断冷却时间（秒）" value={form.tolerance_circuit_cooldown_seconds} min={30} onChange={(v) => set('tolerance_circuit_cooldown_seconds', v)} />
-          </Section>
-
-          <Section icon={<Database size={18} />} title="刷新与存储" desc="控制 OAuth 刷新窗口、全局代理和生成历史保留周期。">
-            <Toggle label="启用全局代理" checked={form.proxy_global_enabled} onChange={(v) => set('proxy_global_enabled', v)} />
-            <Field label="全局默认代理">
-              <select className="select" value={form.proxy_global_id} onChange={(e) => set('proxy_global_id', Number(e.target.value) || 0)} disabled={!form.proxy_global_enabled}>
-                <option value={0}>不指定</option>
-                {proxyOptions.map((p) => <option key={p.id} value={p.id}>[{p.protocol}] {p.name} - {p.host}:{p.port}</option>)}
-              </select>
-            </Field>
-            <NumberField label="OAuth 提前刷新窗口（小时）" value={form.oauth_refresh_before_hours} min={1} max={48} onChange={(v) => set('oauth_refresh_before_hours', v)} />
-            <NumberField label="生成历史保留（天）" value={form.storage_history_retention_days} min={0} onChange={(v) => set('storage_history_retention_days', v)} />
-            <NumberField label="生成结果文件保留（天）" value={form.storage_result_retention_days} min={0} onChange={(v) => set('storage_result_retention_days', v)} />
-            <Field label="生成结果缓存位置">
-              <select className="select" value={form.storage_result_cache_driver} onChange={(e) => set('storage_result_cache_driver', e.target.value)}>
-                <option value="local">本地缓存</option>
-                <option value="oss">OSS 存储</option>
-                <option value="off">不缓存</option>
-              </select>
-            </Field>
-          </Section>
-
-          <Section icon={<Trash2 size={18} />} title="缓存清理" desc="查看并清理本地生成结果缓存，清理后旧作品可能无法继续预览原文件。">
-            <div className="grid gap-3 md:grid-cols-3">
-              <div className="rounded-md border border-border bg-surface-2 p-3">
-                <div className="text-small text-text-tertiary">缓存大小</div>
-                <div className="mt-1 text-h4 text-text-primary">{formatBytes(cacheStats.data?.bytes ?? 0)}</div>
-              </div>
-              <div className="rounded-md border border-border bg-surface-2 p-3">
-                <div className="text-small text-text-tertiary">文件数量</div>
-                <div className="mt-1 text-h4 text-text-primary">{cacheStats.data?.files ?? 0}</div>
-              </div>
-              <div className="rounded-md border border-border bg-surface-2 p-3">
-                <div className="text-small text-text-tertiary">缓存目录</div>
-                <div className="mt-1 truncate text-small text-text-secondary" title={cacheStats.data?.root}>{cacheStats.data?.root || '-'}</div>
-              </div>
-            </div>
-            <div className="flex flex-wrap gap-2">
-              <button className="btn btn-outline btn-sm" disabled={cleanCache.isPending} onClick={() => cacheStats.refetch()}>
-                <RefreshCw size={14} className={cacheStats.isFetching ? 'animate-spin' : ''} /> 刷新占用
-              </button>
-              <button className="btn btn-outline btn-sm" disabled={cleanCache.isPending} onClick={() => cleanCache.mutate({ days: 7 })}>
-                清理 7 天前
-              </button>
-              <button className="btn btn-outline btn-sm" disabled={cleanCache.isPending} onClick={() => cleanCache.mutate({ days: 3 })}>
-                清理 3 天前
-              </button>
-              <button
-                className="btn btn-danger btn-sm"
-                disabled={cleanCache.isPending}
-                onClick={() => {
-                  if (window.confirm('确定清空全部生成缓存吗？旧作品可能无法继续预览原文件。')) cleanCache.mutate({ all: true });
-                }}
-              >
-                <Trash2 size={14} /> 清空全部缓存
-              </button>
-            </div>
-          </Section>
-
-          <Section icon={<Cloud size={18} />} title="OSS 存储" desc="配置图片、视频和用户上传素材的对象存储位置。">
-            <Toggle label="启用 OSS 存储" checked={form.oss_enabled} onChange={(v) => set('oss_enabled', v)} />
-            <div className="grid gap-3 md:grid-cols-2">
-              <TextField label="服务商" value={form.oss_provider} onChange={(v) => set('oss_provider', v)} placeholder="aliyun / s3 / cos" />
-              <TextField label="Region" value={form.oss_region} onChange={(v) => set('oss_region', v)} />
-              <TextField label="Endpoint" value={form.oss_endpoint} onChange={(v) => set('oss_endpoint', v)} />
-              <TextField label="Bucket" value={form.oss_bucket} onChange={(v) => set('oss_bucket', v)} />
-              <TextField label="AccessKey ID" value={form.oss_access_key_id} onChange={(v) => set('oss_access_key_id', v)} />
-              <TextField label="AccessKey Secret" value={form.oss_access_key_secret} onChange={(v) => set('oss_access_key_secret', v)} type="password" />
-            </div>
-            <TextField label="公开访问域名" value={form.oss_public_base_url} onChange={(v) => set('oss_public_base_url', v)} placeholder="https://cdn.example.com" />
-            <TextField label="存储路径前缀" value={form.oss_path_prefix} onChange={(v) => set('oss_path_prefix', v)} />
-          </Section>
-
-          <Section icon={<CreditCard size={18} />} title="支付配置" desc="保存支付通道基础参数，后续充值下单与回调会读取这些配置。">
-            <Toggle label="启用在线支付" checked={form.payment_enabled} onChange={(v) => set('payment_enabled', v)} />
-            <div className="grid gap-3 md:grid-cols-2">
-              <TextField label="默认支付通道" value={form.payment_provider} onChange={(v) => set('payment_provider', v)} placeholder="alipay / wechat" />
-              <TextField label="支付回调地址" value={form.payment_notify_url} onChange={(v) => set('payment_notify_url', v)} />
-              <TextField label="支付宝 AppID" value={form.alipay_app_id} onChange={(v) => set('alipay_app_id', v)} />
-              <TextField label="微信商户号" value={form.wechat_mch_id} onChange={(v) => set('wechat_mch_id', v)} />
-            </div>
-            <Field label="支付宝私钥"><textarea className="input font-mono text-small min-h-[96px]" value={form.alipay_private_key} onChange={(e) => set('alipay_private_key', e.target.value)} /></Field>
-            <TextField label="微信 API v3 Key" value={form.wechat_api_v3_key} onChange={(v) => set('wechat_api_v3_key', v)} type="password" />
-          </Section>
-        </div>
-      )}
-    </div>
-  );
-}
-
-function Section({ icon, title, desc, children }: { icon: ReactNode; title: string; desc: string; children: ReactNode }) {
-  return (
-    <section className="card card-section space-y-4">
-      <header className="flex items-start gap-3">
-        <span className="grid place-items-center w-9 h-9 rounded-md bg-info-soft text-klein-500">{icon}</span>
-        <div>
-          <h2 className="text-h5 font-semibold text-text-primary">{title}</h2>
-          <p className="text-small text-text-tertiary mt-0.5">{desc}</p>
-        </div>
-      </header>
-      <div className="grid gap-3">{children}</div>
-    </section>
-  );
-}
-
-function Field({ label, children }: { label: string; children: ReactNode }) {
-  return <label className="field"><span className="field-label">{label}</span>{children}</label>;
-}
-
-function TextField({ label, value, onChange, placeholder, type = 'text' }: { label: string; value: string; onChange: (v: string) => void; placeholder?: string; type?: string }) {
-  return <Field label={label}><input className="input" type={type} value={value} placeholder={placeholder} onChange={(e) => onChange(e.target.value)} /></Field>;
-}
-
-function NumberField({ label, value, min, max, onChange }: { label: string; value: number; min?: number; max?: number; onChange: (v: number) => void }) {
-  return <Field label={label}><input type="number" className="input" min={min} max={max} value={value} onChange={(e) => onChange(Number(e.target.value) || 0)} /></Field>;
-}
-
-function formatBytes(bytes: number) {
-  if (!Number.isFinite(bytes) || bytes <= 0) return '0 B';
-  const units = ['B', 'KB', 'MB', 'GB', 'TB'];
-  let value = bytes;
-  let unit = 0;
-  while (value >= 1024 && unit < units.length - 1) {
-    value /= 1024;
-    unit += 1;
-  }
-  return `${value >= 10 || unit === 0 ? value.toFixed(0) : value.toFixed(1)} ${units[unit]}`;
-}
-
-function Toggle({ label, checked, onChange }: { label: string; checked: boolean; onChange: (v: boolean) => void }) {
-  return (
-    <div className="flex items-center justify-between gap-4 rounded-md border border-border bg-surface-2 p-3">
-      <div className="text-small font-medium text-text-primary">{label}</div>
-      <button type="button" role="switch" aria-checked={checked} onClick={() => onChange(!checked)} className={'relative inline-flex h-6 w-11 shrink-0 items-center rounded-full transition ' + (checked ? 'bg-klein-500' : 'bg-surface-3')}>
-        <span className={'inline-block h-5 w-5 rounded-full bg-white shadow transition transform ' + (checked ? 'translate-x-5' : 'translate-x-0.5')} />
-      </button>
-    </div>
-  );
-}
diff --git a/frontend/apps/admin/src/pages/system/ModelPricesPage.tsx b/frontend/apps/admin/src/pages/system/ModelPricesPage.tsx
deleted file mode 100644
index 819a9e32..00000000
--- a/frontend/apps/admin/src/pages/system/ModelPricesPage.tsx
+++ /dev/null
@@ -1,187 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { Plus, RefreshCw, Save, Trash2 } from 'lucide-react';
-import { useEffect, useState } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { systemApi } from '../../lib/services';
-import { toast } from '../../stores/toast';
-
-interface PriceRow {
-  model_code: string;
-  name: string;
-  kind: 'text' | 'image' | 'video';
-  provider: 'gpt' | 'grok' | string;
-  upstream_model: string;
-  unit_points: number;
-  input_unit_points?: number;
-  output_unit_points?: number;
-  enabled: boolean;
-}
-
-const DEFAULT_ROWS: PriceRow[] = [
-  { model_code: 'gpt-4o-mini', name: '文字对话', kind: 'text', provider: 'gpt', upstream_model: 'gpt-4o-mini', unit_points: 0, input_unit_points: 1, output_unit_points: 3, enabled: true },
-  { model_code: 'img-v3', name: '通用图片', kind: 'image', provider: 'gpt', upstream_model: 'gpt-image', unit_points: 4, enabled: true },
-  { model_code: 'img-real', name: '真实图片', kind: 'image', provider: 'gpt', upstream_model: 'gpt-image-real', unit_points: 4, enabled: true },
-  { model_code: 'img-anime', name: '动漫图片', kind: 'image', provider: 'gpt', upstream_model: 'gpt-image-anime', unit_points: 3, enabled: true },
-  { model_code: 'img-3d', name: '3D 图片', kind: 'image', provider: 'gpt', upstream_model: 'gpt-image-3d', unit_points: 5, enabled: true },
-  { model_code: 'vid-v1', name: '视频生成', kind: 'video', provider: 'grok', upstream_model: 'grok-video', unit_points: 15, enabled: true },
-  { model_code: 'vid-i2v', name: '图生视频', kind: 'video', provider: 'grok', upstream_model: 'grok-i2v', unit_points: 20, enabled: true },
-];
-
-function fromValue(v: unknown): PriceRow[] {
-  if (Array.isArray(v)) {
-    return v.map((r) => {
-      const row = r as Partial<PriceRow>;
-      return {
-        model_code: String(row.model_code || ''),
-        name: String(row.name || ''),
-        kind: row.kind === 'text' ? 'text' : row.kind === 'video' ? 'video' : 'image',
-        provider: String(row.provider || 'gpt'),
-        upstream_model: String(row.upstream_model || ''),
-        unit_points: Number(row.unit_points || 0) / 100,
-        input_unit_points: Number(row.input_unit_points || 0) / 100,
-        output_unit_points: Number(row.output_unit_points || 0) / 100,
-        enabled: row.enabled !== false,
-      };
-    });
-  }
-  if (v && typeof v === 'object') {
-    return Object.entries(v as Record<string, number>).map(([model_code, price]) => ({
-      model_code,
-      name: model_code,
-      kind: model_code.startsWith('vid') ? 'video' : model_code.startsWith('gpt') ? 'text' : 'image',
-      provider: model_code.startsWith('vid') ? 'grok' : 'gpt',
-      upstream_model: model_code,
-      unit_points: Number(price || 0) / 100,
-      input_unit_points: model_code.startsWith('gpt') ? Number(price || 0) / 100 : 0,
-      output_unit_points: model_code.startsWith('gpt') ? Number(price || 0) / 100 : 0,
-      enabled: true,
-    }));
-  }
-  return DEFAULT_ROWS;
-}
-
-export default function ModelPricesPage() {
-  const qc = useQueryClient();
-  const settings = useQuery({ queryKey: ['admin', 'system', 'settings'], queryFn: () => systemApi.get() });
-  const [rows, setRows] = useState<PriceRow[]>(DEFAULT_ROWS);
-  const [dirty, setDirty] = useState(false);
-
-  useEffect(() => {
-    if (settings.data) {
-      setRows(fromValue(settings.data['billing.model_prices']));
-      setDirty(false);
-    }
-  }, [settings.data]);
-
-  const update = (idx: number, patch: Partial<PriceRow>) => {
-    setRows((old) => old.map((row, i) => (i === idx ? { ...row, ...patch } : row)));
-    setDirty(true);
-  };
-
-  const save = useMutation({
-    mutationFn: () => systemApi.update({
-      'billing.model_prices': rows.map((row) => ({
-        ...row,
-        model_code: row.model_code.trim(),
-        name: row.name.trim(),
-        provider: row.provider.trim(),
-        upstream_model: row.upstream_model.trim(),
-        unit_points: Math.round((Number(row.unit_points) || 0) * 100),
-        input_unit_points: Math.round((Number(row.input_unit_points) || 0) * 100),
-        output_unit_points: Math.round((Number(row.output_unit_points) || 0) * 100),
-      })),
-    }),
-    onSuccess: () => {
-      toast.success('模型价格已保存');
-      setDirty(false);
-      qc.invalidateQueries({ queryKey: ['admin', 'system'] });
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">模型价格</h1>
-          <p className="page-subtitle">维护模型编码、上游模型映射、供应商和扣费单价</p>
-        </div>
-        <div className="flex flex-wrap gap-2">
-          <button className="btn btn-outline btn-md" onClick={() => settings.refetch()} disabled={settings.isFetching}>
-            <RefreshCw size={16} className={settings.isFetching ? 'animate-spin' : ''} /> 重新加载
-          </button>
-          <button className="btn btn-primary btn-md" onClick={() => save.mutate()} disabled={!dirty || save.isPending}>
-            <Save size={16} /> {save.isPending ? '保存中…' : dirty ? '保存修改' : '已是最新'}
-          </button>
-        </div>
-      </header>
-
-      <div className="card table-wrap">
-        <table className="data-table">
-          <thead>
-            <tr>
-              <th>模型编码</th>
-              <th>显示名称</th>
-              <th>类型</th>
-              <th>供应商</th>
-              <th>上游模型映射</th>
-              <th>单价（点）</th>
-              <th>输入/输出（点/千Token）</th>
-              <th>状态</th>
-              <th>操作</th>
-            </tr>
-          </thead>
-          <tbody>
-            {rows.map((row, idx) => (
-              <tr key={`${row.model_code}-${idx}`}>
-                <td><input className="input min-w-[130px]" value={row.model_code} onChange={(e) => update(idx, { model_code: e.target.value })} /></td>
-                <td><input className="input min-w-[130px]" value={row.name} onChange={(e) => update(idx, { name: e.target.value })} /></td>
-                <td>
-                  <select className="input min-w-[96px]" value={row.kind} onChange={(e) => update(idx, { kind: e.target.value as PriceRow['kind'] })}>
-                    <option value="text">文字</option>
-                    <option value="image">图片</option>
-                    <option value="video">视频</option>
-                  </select>
-                </td>
-                <td><input className="input min-w-[90px]" value={row.provider} onChange={(e) => update(idx, { provider: e.target.value })} /></td>
-                <td><input className="input min-w-[150px]" value={row.upstream_model} onChange={(e) => update(idx, { upstream_model: e.target.value })} /></td>
-                <td><input className="input w-[100px]" type="number" min={0} value={row.unit_points} onChange={(e) => update(idx, { unit_points: Number(e.target.value) || 0 })} disabled={row.kind === 'text'} /></td>
-                <td>
-                  {row.kind === 'text' ? (
-                    <div className="flex gap-2">
-                      <input className="input w-[90px]" type="number" min={0} value={row.input_unit_points || 0} onChange={(e) => update(idx, { input_unit_points: Number(e.target.value) || 0 })} placeholder="输入" />
-                      <input className="input w-[90px]" type="number" min={0} value={row.output_unit_points || 0} onChange={(e) => update(idx, { output_unit_points: Number(e.target.value) || 0 })} placeholder="输出" />
-                    </div>
-                  ) : (
-                    <span className="text-muted">-</span>
-                  )}
-                </td>
-                <td>
-                  <button className={row.enabled ? 'btn btn-outline btn-sm' : 'btn btn-ghost btn-sm'} onClick={() => update(idx, { enabled: !row.enabled })}>
-                    {row.enabled ? '启用' : '停用'}
-                  </button>
-                </td>
-                <td>
-                  <button className="btn btn-danger-ghost btn-icon btn-sm" onClick={() => { setRows((old) => old.filter((_, i) => i !== idx)); setDirty(true); }}>
-                    <Trash2 size={14} />
-                  </button>
-                </td>
-              </tr>
-            ))}
-          </tbody>
-        </table>
-      </div>
-
-      <button
-        className="btn btn-outline btn-md"
-        onClick={() => {
-          setRows((old) => [...old, { model_code: '', name: '', kind: 'image', provider: 'gpt', upstream_model: '', unit_points: 0, input_unit_points: 0, output_unit_points: 0, enabled: true }]);
-          setDirty(true);
-        }}
-      >
-        <Plus size={16} /> 添加模型
-      </button>
-    </div>
-  );
-}
diff --git a/frontend/apps/admin/src/pages/system/RechargePackagesPage.tsx b/frontend/apps/admin/src/pages/system/RechargePackagesPage.tsx
deleted file mode 100644
index ca7fb104..00000000
--- a/frontend/apps/admin/src/pages/system/RechargePackagesPage.tsx
+++ /dev/null
@@ -1,225 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { CheckCircle2, CircleOff, Copy, Plus, RefreshCw, Save, Trash2, WalletCards } from 'lucide-react';
-import { useEffect, useMemo, useState, type ReactNode } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { systemApi } from '../../lib/services';
-import type { SystemSettings } from '../../lib/types';
-import { toast } from '../../stores/toast';
-
-interface RechargePackage {
-  id: string;
-  name: string;
-  amount: number;
-  points: number;
-  bonus_points: number;
-  enabled: boolean;
-  sort_order: number;
-  badge: string;
-  remark: string;
-}
-
-const DEFAULT_ROWS: RechargePackage[] = [
-  { id: 'p100', name: '100 点套餐', amount: 10, points: 100, bonus_points: 0, enabled: true, sort_order: 10, badge: '', remark: '' },
-  { id: 'p500', name: '500 点套餐', amount: 45, points: 500, bonus_points: 50, enabled: true, sort_order: 20, badge: '推荐', remark: '' },
-];
-
-const asNum = (v: unknown, fallback: number) => {
-  const n = Number(v);
-  return Number.isFinite(n) ? n : fallback;
-};
-const asBool = (v: unknown, fallback = false) => (v == null ? fallback : Boolean(v));
-
-function fromValue(v: unknown): RechargePackage[] {
-  if (!Array.isArray(v)) return DEFAULT_ROWS;
-  return v.map((item, idx) => {
-    const row = item as Partial<RechargePackage>;
-    return {
-      id: String(row.id || `pkg_${idx + 1}`),
-      name: String(row.name || ''),
-      amount: asNum(row.amount, 0),
-      points: asNum(row.points, 0) / 100,
-      bonus_points: asNum(row.bonus_points, 0) / 100,
-      enabled: asBool(row.enabled, true),
-      sort_order: asNum(row.sort_order, (idx + 1) * 10),
-      badge: String(row.badge || ''),
-      remark: String(row.remark || ''),
-    };
-  });
-}
-
-function toPayload(rows: RechargePackage[]): Partial<SystemSettings> {
-  return {
-    'recharge.packages': rows.map((row) => ({
-      id: row.id.trim(),
-      name: row.name.trim(),
-      amount: Number(row.amount) || 0,
-      points: Math.round((Number(row.points) || 0) * 100),
-      bonus_points: Math.round((Number(row.bonus_points) || 0) * 100),
-      enabled: row.enabled,
-      sort_order: Number(row.sort_order) || 0,
-      badge: row.badge.trim(),
-      remark: row.remark.trim(),
-    })),
-  };
-}
-
-export default function RechargePackagesPage() {
-  const qc = useQueryClient();
-  const settings = useQuery({ queryKey: ['admin', 'system', 'settings'], queryFn: () => systemApi.get() });
-  const [rows, setRows] = useState<RechargePackage[]>(DEFAULT_ROWS);
-  const [dirty, setDirty] = useState(false);
-
-  useEffect(() => {
-    if (settings.data) {
-      setRows(fromValue(settings.data['recharge.packages']));
-      setDirty(false);
-    }
-  }, [settings.data]);
-
-  const totals = useMemo(() => {
-    const enabled = rows.filter((row) => row.enabled);
-    return {
-      total: rows.length,
-      enabled: enabled.length,
-      disabled: rows.length - enabled.length,
-    };
-  }, [rows]);
-
-  const update = (idx: number, patch: Partial<RechargePackage>) => {
-    setRows((old) => old.map((row, i) => (i === idx ? { ...row, ...patch } : row)));
-    setDirty(true);
-  };
-
-  const addRow = () => {
-    setRows((old) => [
-      ...old,
-      {
-        id: `pkg_${Date.now()}`,
-        name: '',
-        amount: 0,
-        points: 0,
-        bonus_points: 0,
-        enabled: true,
-        sort_order: (old.length + 1) * 10,
-        badge: '',
-        remark: '',
-      },
-    ]);
-    setDirty(true);
-  };
-
-  const cloneRow = (idx: number) => {
-    const row = rows[idx];
-    if (!row) return;
-    setRows((old) => [
-      ...old.slice(0, idx + 1),
-      { ...row, id: `${row.id}_copy`, name: `${row.name} 副本`, sort_order: row.sort_order + 1 },
-      ...old.slice(idx + 1),
-    ]);
-    setDirty(true);
-  };
-
-  const save = useMutation({
-    mutationFn: () => systemApi.update(toPayload(rows)),
-    onSuccess: () => {
-      toast.success('充值套餐已保存');
-      setDirty(false);
-      qc.invalidateQueries({ queryKey: ['admin', 'system'] });
-    },
-    onError: (e: ApiError | Error) => toast.error(e.message),
-  });
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">充值套餐</h1>
-          <p className="page-subtitle">用表单维护前端售卖套餐，金额单位为元，积分单位为点。</p>
-        </div>
-        <div className="flex flex-wrap gap-2">
-          <button className="btn btn-outline btn-md" onClick={() => settings.refetch()} disabled={settings.isFetching}>
-            <RefreshCw size={16} className={settings.isFetching ? 'animate-spin' : ''} /> 重新加载
-          </button>
-          <button className="btn btn-outline btn-md" onClick={addRow}>
-            <Plus size={16} /> 新增套餐
-          </button>
-          <button className="btn btn-primary btn-md" onClick={() => save.mutate()} disabled={!dirty || save.isPending}>
-            <Save size={16} /> {save.isPending ? '保存中...' : dirty ? '保存修改' : '已是最新'}
-          </button>
-        </div>
-      </header>
-
-      <div className="grid gap-3 md:grid-cols-3">
-        <Stat title="套餐总数" value={totals.total} icon={<WalletCards size={18} />} />
-        <Stat title="已启用" value={totals.enabled} icon={<CheckCircle2 size={18} />} />
-        <Stat title="已停用" value={totals.disabled} icon={<CircleOff size={18} />} />
-      </div>
-
-      {settings.isLoading ? (
-        <div className="card card-section text-center text-text-tertiary py-10">加载中...</div>
-      ) : (
-        <div className="card table-wrap">
-          <table className="data-table min-w-[1180px]">
-            <thead>
-              <tr>
-                <th>排序</th>
-                <th>套餐 ID</th>
-                <th>套餐名称</th>
-                <th>金额（元）</th>
-                <th>基础积分（点）</th>
-                <th>赠送积分（点）</th>
-                <th>标签</th>
-                <th>备注</th>
-                <th>状态</th>
-                <th>操作</th>
-              </tr>
-            </thead>
-            <tbody>
-              {rows.map((row, idx) => (
-                <tr key={`${row.id}-${idx}`}>
-                  <td><input className="input w-[76px] tabular-nums" type="number" value={row.sort_order} onChange={(e) => update(idx, { sort_order: Number(e.target.value) || 0 })} /></td>
-                  <td><input className="input min-w-[140px] font-mono" value={row.id} onChange={(e) => update(idx, { id: e.target.value })} placeholder="p100" /></td>
-                  <td><input className="input min-w-[160px]" value={row.name} onChange={(e) => update(idx, { name: e.target.value })} placeholder="100 点套餐" /></td>
-                  <td><input className="input w-[110px] tabular-nums" type="number" min={0} step="0.01" value={row.amount} onChange={(e) => update(idx, { amount: Number(e.target.value) || 0 })} /></td>
-                  <td><input className="input w-[120px] tabular-nums" type="number" min={0} value={row.points} onChange={(e) => update(idx, { points: Number(e.target.value) || 0 })} /></td>
-                  <td><input className="input w-[120px] tabular-nums" type="number" min={0} value={row.bonus_points} onChange={(e) => update(idx, { bonus_points: Number(e.target.value) || 0 })} /></td>
-                  <td><input className="input min-w-[100px]" value={row.badge} onChange={(e) => update(idx, { badge: e.target.value })} placeholder="推荐" /></td>
-                  <td><input className="input min-w-[180px]" value={row.remark} onChange={(e) => update(idx, { remark: e.target.value })} placeholder="内部备注" /></td>
-                  <td>
-                    <button className={row.enabled ? 'btn btn-outline btn-sm' : 'btn btn-ghost btn-sm'} onClick={() => update(idx, { enabled: !row.enabled })}>
-                      {row.enabled ? '启用' : '停用'}
-                    </button>
-                  </td>
-                  <td>
-                    <div className="flex items-center gap-1">
-                      <button className="btn btn-ghost btn-icon btn-sm" title="复制套餐" onClick={() => cloneRow(idx)}><Copy size={14} /></button>
-                      <button className="btn btn-danger-ghost btn-icon btn-sm" title="删除套餐" onClick={() => { setRows((old) => old.filter((_, i) => i !== idx)); setDirty(true); }}><Trash2 size={14} /></button>
-                    </div>
-                  </td>
-                </tr>
-              ))}
-              {rows.length === 0 && (
-                <tr>
-                  <td colSpan={10} className="text-center text-text-tertiary py-10">暂无套餐，点击右上角新增。</td>
-                </tr>
-              )}
-            </tbody>
-          </table>
-        </div>
-      )}
-    </div>
-  );
-}
-
-function Stat({ title, value, icon }: { title: string; value: number; icon: ReactNode }) {
-  return (
-    <section className="card card-section flex items-center justify-between">
-      <div>
-        <div className="text-small text-text-tertiary">{title}</div>
-        <div className="text-[26px] font-semibold text-text-primary tabular-nums mt-1">{value}</div>
-      </div>
-      <span className="grid place-items-center w-10 h-10 rounded-md bg-info-soft text-klein-500">{icon}</span>
-    </section>
-  );
-}
diff --git a/frontend/apps/admin/src/pages/users/UsersPage.tsx b/frontend/apps/admin/src/pages/users/UsersPage.tsx
deleted file mode 100644
index 0fbc44f7..00000000
--- a/frontend/apps/admin/src/pages/users/UsersPage.tsx
+++ /dev/null
@@ -1,382 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { Ban, CheckCircle2, MinusCircle, Pencil, Plus, PlusCircle, RefreshCw, Search } from 'lucide-react';
-import { useMemo, useState } from 'react';
-
-import { ApiError } from '../../lib/api';
-import { fmtPoints, fmtRelative, fmtTime } from '../../lib/format';
-import { usersApi } from '../../lib/services';
-import type { AdminUserCreateBody, AdminUserItem, AdminUserUpdateBody } from '../../lib/types';
-import { toast } from '../../stores/toast';
-
-type UserDialog =
-  | { mode: 'create' }
-  | { mode: 'edit'; row: AdminUserItem }
-  | { mode: 'points'; row: AdminUserItem; action: 'recharge' | 'deduct' };
-
-const pageSize = 20;
-
-function toPointUnits(v: string): number {
-  return Math.round((Number(v) || 0) * 100);
-}
-
-function userName(u: AdminUserItem): string {
-  return u.username || u.email || u.phone || `用户 #${u.id}`;
-}
-
-export default function UsersPage() {
-  const qc = useQueryClient();
-  const [keyword, setKeyword] = useState('');
-  const [status, setStatus] = useState<'all' | 'enabled' | 'disabled'>('all');
-  const [page, setPage] = useState(1);
-  const [dlg, setDlg] = useState<UserDialog | null>(null);
-
-  const query = useMemo(
-    () => ({
-      keyword: keyword.trim() || undefined,
-      status: status === 'all' ? undefined : status === 'enabled' ? (1 as const) : (0 as const),
-      page,
-      page_size: pageSize,
-    }),
-    [keyword, page, status],
-  );
-
-  const list = useQuery({
-    queryKey: ['admin', 'users', query],
-    queryFn: () => usersApi.list(query),
-  });
-
-  const refresh = () => qc.invalidateQueries({ queryKey: ['admin', 'users'] });
-  const items = list.data?.list ?? [];
-  const total = list.data?.total ?? 0;
-  const lastPage = Math.max(1, Math.ceil(total / pageSize));
-
-  const toggle = useMutation({
-    mutationFn: ({ id, next }: { id: number; next: 0 | 1 }) => usersApi.update(id, { status: next }),
-    onSuccess: () => { refresh(); toast.success('已更新用户状态'); },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  return (
-    <div className="page page-wide space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">用户管理</h1>
-          <p className="page-subtitle">管理注册用户、账号状态、资料和积分余额</p>
-        </div>
-        <div className="flex flex-wrap gap-2">
-          <button className="btn btn-outline btn-md" onClick={refresh}>
-            <RefreshCw size={16} /> 刷新
-          </button>
-          <button className="btn btn-primary btn-md" onClick={() => setDlg({ mode: 'create' })}>
-            <Plus size={18} /> 新增用户
-          </button>
-        </div>
-      </header>
-
-      <div className="card card-section flex flex-wrap items-center gap-2 !py-2">
-        <div className="relative min-w-[260px] flex-1">
-          <Search size={14} className="absolute left-3 top-1/2 -translate-y-1/2 text-text-tertiary" />
-          <input
-            className="input pl-8"
-            placeholder="搜索 ID / 邮箱 / 手机 / 用户名 / 邀请码"
-            value={keyword}
-            onChange={(e) => { setKeyword(e.target.value); setPage(1); }}
-          />
-        </div>
-        <div className="tabs">
-          {[
-            ['all', '全部'],
-            ['enabled', '正常'],
-            ['disabled', '暂停'],
-          ].map(([k, label]) => (
-            <button
-              key={k}
-              className="tab"
-              aria-selected={status === k}
-              onClick={() => { setStatus(k as typeof status); setPage(1); }}
-            >
-              {label}
-            </button>
-          ))}
-        </div>
-      </div>
-
-      <div className="card table-wrap">
-        <table className="data-table">
-          <thead>
-            <tr>
-              <th>用户</th>
-              <th>状态</th>
-              <th>积分</th>
-              <th>套餐</th>
-              <th>注册 / 登录</th>
-              <th>操作</th>
-            </tr>
-          </thead>
-          <tbody>
-            {list.isLoading && (
-              <tr><td colSpan={6} className="text-center text-text-tertiary py-10">加载中…</td></tr>
-            )}
-            {!list.isLoading && items.length === 0 && (
-              <tr><td colSpan={6} className="text-center text-text-tertiary py-10">暂无用户</td></tr>
-            )}
-            {items.map((u) => (
-              <tr key={u.id}>
-                <td>
-                  <div className="font-medium">{userName(u)}</div>
-                  <div className="text-tiny text-text-tertiary mt-0.5">
-                    ID {u.id} · {u.email || u.phone || u.uuid}
-                  </div>
-                  <div className="text-tiny text-text-tertiary mt-0.5">邀请码 {u.invite_code || '—'}</div>
-                </td>
-                <td>
-                  <span className={u.status === 1 ? 'badge badge-success' : 'badge badge-warning'}>
-                    {u.status === 1 ? '正常' : '暂停'}
-                  </span>
-                </td>
-                <td>
-                  <div className="font-semibold">{fmtPoints(u.points)}</div>
-                  <div className="text-tiny text-text-tertiary">
-                    冻结 {fmtPoints(u.frozen_points)} · 累充 {fmtPoints(u.total_recharge)}
-                  </div>
-                </td>
-                <td>
-                  <div>{u.plan_code || 'free'}</div>
-                  <div className="text-tiny text-text-tertiary">{u.plan_expire_at ? fmtTime(u.plan_expire_at) : '长期'}</div>
-                </td>
-                <td>
-                  <div className="text-small">{fmtTime(u.created_at)}</div>
-                  <div className="text-tiny text-text-tertiary">
-                    {u.last_login_at ? `${fmtRelative(u.last_login_at)} · ${u.last_login_ip || '未知 IP'}` : '未登录'}
-                  </div>
-                </td>
-                <td>
-                  <div className="inline-flex flex-wrap gap-1">
-                    <button className="btn btn-ghost btn-icon btn-sm" title="编辑" onClick={() => setDlg({ mode: 'edit', row: u })}>
-                      <Pencil size={14} />
-                    </button>
-                    <button className="btn btn-ghost btn-sm" onClick={() => setDlg({ mode: 'points', row: u, action: 'recharge' })}>
-                      <PlusCircle size={14} /> 充值
-                    </button>
-                    <button className="btn btn-ghost btn-sm" onClick={() => setDlg({ mode: 'points', row: u, action: 'deduct' })}>
-                      <MinusCircle size={14} /> 扣除
-                    </button>
-                    <button
-                      className={u.status === 1 ? 'btn btn-danger-ghost btn-sm' : 'btn btn-ghost btn-sm'}
-                      disabled={toggle.isPending}
-                      onClick={() => toggle.mutate({ id: u.id, next: u.status === 1 ? 0 : 1 })}
-                    >
-                      {u.status === 1 ? <Ban size={14} /> : <CheckCircle2 size={14} />}
-                      {u.status === 1 ? '暂停' : '启用'}
-                    </button>
-                  </div>
-                </td>
-              </tr>
-            ))}
-          </tbody>
-        </table>
-      </div>
-
-      <div className="flex items-center justify-between text-small text-text-tertiary">
-        <span>共 {total} 个用户</span>
-        <div className="inline-flex items-center gap-2">
-          <button className="btn btn-outline btn-sm" disabled={page <= 1} onClick={() => setPage((p) => Math.max(1, p - 1))}>上一页</button>
-          <span>{page} / {lastPage}</span>
-          <button className="btn btn-outline btn-sm" disabled={page >= lastPage} onClick={() => setPage((p) => Math.min(lastPage, p + 1))}>下一页</button>
-        </div>
-      </div>
-
-      {dlg?.mode === 'create' && <UserFormDialog mode="create" onClose={() => setDlg(null)} onDone={refresh} />}
-      {dlg?.mode === 'edit' && <UserFormDialog mode="edit" row={dlg.row} onClose={() => setDlg(null)} onDone={refresh} />}
-      {dlg?.mode === 'points' && <PointsDialog row={dlg.row} action={dlg.action} onClose={() => setDlg(null)} onDone={refresh} />}
-    </div>
-  );
-}
-
-function UserFormDialog(props: {
-  mode: 'create' | 'edit';
-  row?: AdminUserItem;
-  onClose: () => void;
-  onDone: () => void;
-}) {
-  const isCreate = props.mode === 'create';
-  const [body, setBody] = useState({
-    account: props.row?.email || props.row?.phone || props.row?.username || '',
-    password: '',
-    username: props.row?.username || '',
-    email: props.row?.email || '',
-    phone: props.row?.phone || '',
-    plan_code: props.row?.plan_code || 'free',
-    status: (props.row?.status === 0 ? 0 : 1) as 0 | 1,
-    points: '',
-  });
-
-  const mut = useMutation({
-    mutationFn: () => {
-      if (isCreate) {
-        const payload: AdminUserCreateBody = {
-          account: body.account.trim(),
-          password: body.password,
-          username: body.username.trim() || undefined,
-          points: toPointUnits(body.points),
-          status: body.status,
-        };
-        return usersApi.create(payload);
-      }
-      const payload: AdminUserUpdateBody = {
-        email: body.email.trim() || null,
-        phone: body.phone.trim() || null,
-        username: body.username.trim() || null,
-        plan_code: body.plan_code.trim() || 'free',
-        status: body.status,
-      };
-      if (body.password.trim()) payload.password = body.password;
-      return usersApi.update(props.row!.id, payload).then(() => ({ id: props.row!.id }));
-    },
-    onSuccess: () => {
-      props.onDone();
-      props.onClose();
-      toast.success(isCreate ? '已新增用户' : '已保存用户');
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-
-  return (
-    <div className="modal-backdrop">
-      <div className="modal-panel max-w-xl">
-        <header className="modal-header">
-          <h2>{isCreate ? '新增用户' : '编辑用户'}</h2>
-          <button className="btn btn-ghost btn-sm" onClick={props.onClose}>关闭</button>
-        </header>
-        <div className="modal-body grid gap-3">
-          {isCreate ? (
-            <label className="field">
-              <span>账号</span>
-              <input className="input" value={body.account} onChange={(e) => setBody((s) => ({ ...s, account: e.target.value }))} placeholder="邮箱 / 手机号 / 用户名" />
-            </label>
-          ) : (
-            <div className="grid grid-cols-1 md:grid-cols-2 gap-3">
-              <label className="field"><span>邮箱</span><input className="input" value={body.email} onChange={(e) => setBody((s) => ({ ...s, email: e.target.value }))} /></label>
-              <label className="field"><span>手机号</span><input className="input" value={body.phone} onChange={(e) => setBody((s) => ({ ...s, phone: e.target.value }))} /></label>
-            </div>
-          )}
-          <div className="grid grid-cols-1 md:grid-cols-2 gap-3">
-            <label className="field"><span>用户名</span><input className="input" value={body.username} onChange={(e) => setBody((s) => ({ ...s, username: e.target.value }))} /></label>
-            <label className="field"><span>密码{isCreate ? '' : '（留空不改）'}</span><input className="input" type="password" value={body.password} onChange={(e) => setBody((s) => ({ ...s, password: e.target.value }))} /></label>
-          </div>
-          <div className="grid grid-cols-1 md:grid-cols-3 gap-3">
-            <label className="field"><span>套餐</span><input className="input" value={body.plan_code} onChange={(e) => setBody((s) => ({ ...s, plan_code: e.target.value }))} /></label>
-            <label className="field">
-              <span>状态</span>
-              <select className="input" value={body.status} onChange={(e) => setBody((s) => ({ ...s, status: Number(e.target.value) as 0 | 1 }))}>
-                <option value={1}>正常</option>
-                <option value={0}>暂停</option>
-              </select>
-            </label>
-            {isCreate && (
-              <label className="field"><span>初始积分</span><input className="input" value={body.points} onChange={(e) => setBody((s) => ({ ...s, points: e.target.value }))} placeholder="例如 100" /></label>
-            )}
-          </div>
-        </div>
-        <footer className="modal-footer">
-          <button className="btn btn-outline" onClick={props.onClose}>取消</button>
-          <button className="btn btn-primary" disabled={mut.isPending} onClick={() => mut.mutate()}>{mut.isPending ? '保存中…' : '保存'}</button>
-        </footer>
-      </div>
-    </div>
-  );
-}
-
-function PointsDialog(props: {
-  row: AdminUserItem;
-  action: 'recharge' | 'deduct';
-  onClose: () => void;
-  onDone: () => void;
-}) {
-  const [points, setPoints] = useState('');
-  const isRecharge = props.action === 'recharge';
-  const [remark, setRemark] = useState(isRecharge ? '管理员充值' : '管理员扣除');
-  const pointUnits = toPointUnits(points);
-  const nextPoints = props.row.points + (isRecharge ? pointUnits : -pointUnits);
-  const isValid = pointUnits > 0 && (isRecharge || nextPoints >= 0);
-
-  const mut = useMutation({
-    mutationFn: () => usersApi.adjustPoints(props.row.id, {
-      action: props.action,
-      points: pointUnits,
-      remark: remark.trim() || (isRecharge ? '管理员充值' : '管理员扣除'),
-    }),
-    onSuccess: (r) => {
-      props.onDone();
-      props.onClose();
-      toast.success(`${isRecharge ? '充值' : '扣除'}成功：${fmtPoints(r.points_before)} → ${fmtPoints(r.points_after)}`);
-    },
-    onError: (e: ApiError) => toast.error(e.message),
-  });
-  return (
-    <div className="modal-backdrop">
-      <div className="modal-panel max-w-lg">
-        <header className="modal-header">
-          <h2>{isRecharge ? '充值积分' : '扣除积分'}</h2>
-          <button className="btn btn-ghost btn-sm" onClick={props.onClose}>关闭</button>
-        </header>
-        <div className="modal-body grid gap-3">
-          <div className="rounded-lg border border-border bg-surface-2 p-3 text-small">
-            <div className="text-text-secondary">{userName(props.row)}</div>
-            <div className="mt-2 grid grid-cols-3 gap-2">
-              <div>
-                <div className="text-text-tertiary">当前可用</div>
-                <div className="mt-1 text-lg">{fmtPoints(props.row.points)}</div>
-              </div>
-              <div>
-                <div className="text-text-tertiary">{isRecharge ? '本次充值' : '本次扣除'}</div>
-                <div className={isRecharge ? 'mt-1 text-lg text-success' : 'mt-1 text-lg text-danger'}>
-                  {pointUnits > 0 ? `${isRecharge ? '+' : '-'}${fmtPoints(pointUnits)}` : '-'}
-                </div>
-              </div>
-              <div>
-                <div className="text-text-tertiary">调整后</div>
-                <div className="mt-1 text-lg">{pointUnits > 0 ? fmtPoints(nextPoints) : '-'}</div>
-              </div>
-            </div>
-          </div>
-          <label className="field">
-            <span>{isRecharge ? '充值积分' : '扣除积分'}</span>
-            <input
-              className="input"
-              value={points}
-              inputMode="decimal"
-              onChange={(e) => setPoints(e.target.value.replace(/[^\d.]/g, ''))}
-              placeholder="例如 100"
-            />
-          </label>
-          <div className="flex flex-wrap gap-2">
-            {['100', '500', '1000', '5000'].map((v) => (
-              <button key={v} type="button" className="btn btn-outline btn-sm" onClick={() => setPoints(v)}>
-                {v} 点
-              </button>
-            ))}
-          </div>
-          {!isRecharge && pointUnits > props.row.points && (
-            <div className="rounded-lg border border-danger/30 bg-danger/10 px-3 py-2 text-small text-danger">
-              扣除金额不能超过用户当前可用积分。
-            </div>
-          )}
-          <label className="field">
-            <span>备注</span>
-            <input className="input" value={remark} onChange={(e) => setRemark(e.target.value)} placeholder="显示在钱包流水中" />
-          </label>
-          <div className="text-tiny text-text-tertiary">
-            充值会计入用户累计充值，扣除只记录人工扣除流水，不会减少累计充值。
-          </div>
-        </div>
-        <footer className="modal-footer">
-          <button className="btn btn-outline" onClick={props.onClose}>取消</button>
-          <button className={isRecharge ? 'btn btn-primary' : 'btn btn-danger'} disabled={mut.isPending || !isValid} onClick={() => mut.mutate()}>
-            {mut.isPending ? '处理中…' : isRecharge ? '确认充值' : '确认扣除'}
-          </button>
-        </footer>
-      </div>
-    </div>
-  );
-}
diff --git a/frontend/apps/admin/src/routes/RequireAuth.tsx b/frontend/apps/admin/src/routes/RequireAuth.tsx
deleted file mode 100644
index e995aafb..00000000
--- a/frontend/apps/admin/src/routes/RequireAuth.tsx
+++ /dev/null
@@ -1,29 +0,0 @@
-import { useEffect } from 'react';
-import { Navigate, Outlet, useLocation } from 'react-router-dom';
-
-import { useAuthStore } from '../stores/auth';
-
-export default function RequireAuth() {
-  const loc = useLocation();
-  const token = useAuthStore((s) => s.token);
-  const me = useAuthStore((s) => s.me);
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-
-  useEffect(() => {
-    if (token && !me) {
-      void refreshMe();
-    }
-  }, [token, me, refreshMe]);
-
-  if (!token) {
-    return <Navigate to="/login" replace state={{ from: loc }} />;
-  }
-  if (token && !me) {
-    return (
-      <div className="grid h-screen place-items-center text-text-tertiary">
-        正在加载管理员信息…
-      </div>
-    );
-  }
-  return <Outlet />;
-}
diff --git a/frontend/apps/admin/src/stores/auth.ts b/frontend/apps/admin/src/stores/auth.ts
deleted file mode 100644
index 947ebc98..00000000
--- a/frontend/apps/admin/src/stores/auth.ts
+++ /dev/null
@@ -1,59 +0,0 @@
-// 后台认证 store。
-import { create } from 'zustand';
-
-import { clearToken, loadToken, saveToken, type StoredToken } from '../lib/api';
-import { authApi } from '../lib/services';
-import type { AdminLoginResp, AdminMe } from '../lib/types';
-
-interface AuthState {
-  token: StoredToken | null;
-  me: AdminMe | null;
-  loading: boolean;
-  setLogin: (resp: AdminLoginResp) => void;
-  setMe: (m: AdminMe | null) => void;
-  refreshMe: () => Promise<AdminMe | null>;
-  logout: () => void;
-}
-
-export const useAuthStore = create<AuthState>((set, get) => ({
-  token: loadToken(),
-  me: null,
-  loading: false,
-
-  setLogin: (resp) => {
-    const tok = saveToken(resp.token);
-    set({
-      token: tok,
-      me: {
-        id: resp.id,
-        username: resp.username,
-        nickname: resp.nickname,
-        role_id: resp.role_id,
-        role_code: '',
-        role_name: '',
-      },
-    });
-  },
-
-  setMe: (m) => set({ me: m }),
-
-  refreshMe: async () => {
-    if (!get().token) return null;
-    set({ loading: true });
-    try {
-      const me = await authApi.me();
-      set({ me, loading: false });
-      return me;
-    } catch {
-      set({ loading: false });
-      return null;
-    }
-  },
-
-  logout: () => {
-    clearToken();
-    set({ token: null, me: null });
-  },
-}));
-
-export const isAuthed = () => !!useAuthStore.getState().token;
diff --git a/frontend/apps/admin/src/stores/toast.ts b/frontend/apps/admin/src/stores/toast.ts
deleted file mode 100644
index 70b7f950..00000000
--- a/frontend/apps/admin/src/stores/toast.ts
+++ /dev/null
@@ -1,36 +0,0 @@
-// 极简 toast 通知 store（与用户端独立实例，避免跨 app 干扰）。
-import { create } from 'zustand';
-
-export type ToastKind = 'success' | 'error' | 'info';
-
-export interface Toast {
-  id: number;
-  kind: ToastKind;
-  msg: string;
-}
-
-interface ToastState {
-  items: Toast[];
-  push: (kind: ToastKind, msg: string) => void;
-  dismiss: (id: number) => void;
-}
-
-let _seq = 1;
-
-export const useToastStore = create<ToastState>((set) => ({
-  items: [],
-  push: (kind, msg) => {
-    const id = _seq++;
-    set((s) => ({ items: [...s.items, { id, kind, msg }] }));
-    setTimeout(() => {
-      set((s) => ({ items: s.items.filter((t) => t.id !== id) }));
-    }, 3500);
-  },
-  dismiss: (id) => set((s) => ({ items: s.items.filter((t) => t.id !== id) })),
-}));
-
-export const toast = {
-  success: (msg: string) => useToastStore.getState().push('success', msg),
-  error: (msg: string) => useToastStore.getState().push('error', msg),
-  info: (msg: string) => useToastStore.getState().push('info', msg),
-};
diff --git a/frontend/apps/admin/tailwind.config.ts b/frontend/apps/admin/tailwind.config.ts
deleted file mode 100644
index 3ced2d7f..00000000
--- a/frontend/apps/admin/tailwind.config.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-import type { Config } from 'tailwindcss';
-import preset from '../../packages/theme/src/tailwind.preset';
-
-export default {
-  presets: [preset],
-  content: ['./index.html', './src/**/*.{ts,tsx}'],
-} satisfies Config;
diff --git a/frontend/apps/admin/tsconfig.json b/frontend/apps/admin/tsconfig.json
deleted file mode 100644
index bffc9416..00000000
--- a/frontend/apps/admin/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  "extends": "../../tsconfig.base.json",
-  "compilerOptions": {
-    "moduleResolution": "Bundler",
-    "noEmit": true,
-    "types": ["vite/client"]
-  },
-  "include": ["src", "../../packages/theme/src"]
-}
diff --git a/frontend/apps/admin/vite.config.ts b/frontend/apps/admin/vite.config.ts
deleted file mode 100644
index 162cb693..00000000
--- a/frontend/apps/admin/vite.config.ts
+++ /dev/null
@@ -1,23 +0,0 @@
-import { defineConfig } from 'vite';
-import react from '@vitejs/plugin-react';
-import path from 'node:path';
-
-export default defineConfig({
-  plugins: [react()],
-  resolve: {
-    alias: {
-      '@': path.resolve(__dirname, 'src'),
-      '@kleinai/theme': path.resolve(__dirname, '../../packages/theme/src'),
-    },
-  },
-  server: {
-    port: 5174,
-    host: true,
-    proxy: {
-      '/admin/api': {
-        target: 'http://127.0.0.1:17188',
-        changeOrigin: true,
-      },
-    },
-  },
-});
diff --git a/frontend/apps/user/.env.example b/frontend/apps/user/.env.example
deleted file mode 100644
index 6dce3588..00000000
--- a/frontend/apps/user/.env.example
+++ /dev/null
@@ -1,9 +0,0 @@
-# 用户端环境变量样例
-# 复制为 .env.local（已 gitignore）后修改
-
-# 用户 API 基础路径（dev 走 vite proxy，可保持默认）
-VITE_API_BASE_URL=/api/v1
-
-# OpenAI 兼容服务的对外地址（用于 docs 页面示例 cURL）
-# 本地开发：vite 已把 /v1 代理到 http://127.0.0.1:17200
-VITE_OPENAI_BASE_URL=http://localhost:17200/v1
diff --git a/frontend/apps/user/Dockerfile b/frontend/apps/user/Dockerfile
deleted file mode 100644
index 57e3f3e4..00000000
--- a/frontend/apps/user/Dockerfile
+++ /dev/null
@@ -1,21 +0,0 @@
-# syntax=docker/dockerfile:1.7
-# 单阶段 install + build：避免分离层时 COPY 覆盖 pnpm 创建的符号链接 node_modules。
-FROM node:20-alpine AS build
-WORKDIR /repo
-
-RUN corepack enable
-
-# 先 COPY 全部 workspace 元信息 + 共享包 + 本 app 源码，再 install + build
-COPY pnpm-workspace.yaml pnpm-lock.yaml* package.json ./
-COPY tsconfig.base.json ./
-COPY packages packages
-COPY apps/user apps/user
-
-RUN pnpm install --frozen-lockfile=false
-RUN pnpm --filter @kleinai/user build
-
-FROM nginx:1.27-alpine AS runtime
-COPY --from=build /repo/apps/user/dist /usr/share/nginx/html
-COPY apps/user/nginx.conf /etc/nginx/conf.d/default.conf
-EXPOSE 80
-CMD ["nginx", "-g", "daemon off;"]
diff --git a/frontend/apps/user/index.html b/frontend/apps/user/index.html
deleted file mode 100644
index c7bcda4e..00000000
--- a/frontend/apps/user/index.html
+++ /dev/null
@@ -1,15 +0,0 @@
-<!doctype html>
-<html lang="zh-CN" data-theme="dark">
-  <head>
-    <meta charset="UTF-8" />
-    <link rel="icon" type="image/png" href="/logo-icon.png?v=20260501" />
-    <link rel="apple-touch-icon" href="/logo-icon.png?v=20260501" />
-    <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
-    <meta name="theme-color" content="#002FA7" />
-    <title>gpt2api · 创意生成</title>
-  </head>
-  <body>
-    <div id="root"></div>
-    <script type="module" src="/src/main.tsx"></script>
-  </body>
-</html>
diff --git a/frontend/apps/user/nginx.conf b/frontend/apps/user/nginx.conf
deleted file mode 100644
index db0a86eb..00000000
--- a/frontend/apps/user/nginx.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-server {
-    listen 80;
-    server_name _;
-
-    root /usr/share/nginx/html;
-    index index.html;
-
-    gzip on;
-    gzip_types text/plain text/css application/javascript application/json image/svg+xml;
-
-    location / {
-        try_files $uri /index.html;
-        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
-        add_header Pragma "no-cache" always;
-        add_header Expires "0" always;
-    }
-
-    location ~* \.(?:css|js|woff2?|ttf|svg|png|jpg|jpeg|webp|avif)$ {
-        expires 30d;
-        add_header Cache-Control "public, immutable";
-    }
-}
diff --git a/frontend/apps/user/package.json b/frontend/apps/user/package.json
deleted file mode 100644
index 212a0355..00000000
--- a/frontend/apps/user/package.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-  "name": "@kleinai/user",
-  "version": "0.1.0",
-  "private": true,
-  "type": "module",
-  "scripts": {
-    "dev": "vite --port 5173 --host",
-    "build": "tsc -b && vite build",
-    "preview": "vite preview --port 5173",
-    "typecheck": "tsc --noEmit",
-    "lint": "eslint src --ext .ts,.tsx"
-  },
-  "dependencies": {
-    "@hookform/resolvers": "^3.9.0",
-    "@kleinai/theme": "workspace:*",
-    "@tanstack/react-query": "^5.51.5",
-    "axios": "^1.7.2",
-    "clsx": "^2.1.1",
-    "lucide-react": "^0.402.0",
-    "react": "^18.3.1",
-    "react-dom": "^18.3.1",
-    "react-hook-form": "^7.52.1",
-    "react-router-dom": "^6.25.1",
-    "zod": "^3.23.8",
-    "zustand": "^4.5.4"
-  },
-  "devDependencies": {
-    "@types/react": "^18.3.3",
-    "@types/react-dom": "^18.3.0",
-    "@vitejs/plugin-react": "^4.3.1",
-    "autoprefixer": "^10.4.19",
-    "postcss": "^8.4.39",
-    "tailwindcss": "^3.4.10",
-    "typescript": "^5.5.3",
-    "vite": "^5.3.4"
-  }
-}
diff --git a/frontend/apps/user/postcss.config.cjs b/frontend/apps/user/postcss.config.cjs
deleted file mode 100644
index 12a703d9..00000000
--- a/frontend/apps/user/postcss.config.cjs
+++ /dev/null
@@ -1,6 +0,0 @@
-module.exports = {
-  plugins: {
-    tailwindcss: {},
-    autoprefixer: {},
-  },
-};
diff --git a/frontend/apps/user/public/examples/case-1.jpg b/frontend/apps/user/public/examples/case-1.jpg
deleted file mode 100644
index 727bfa18..00000000
Binary files a/frontend/apps/user/public/examples/case-1.jpg and /dev/null differ
diff --git a/frontend/apps/user/public/examples/case-2.jpg b/frontend/apps/user/public/examples/case-2.jpg
deleted file mode 100644
index 5015a719..00000000
Binary files a/frontend/apps/user/public/examples/case-2.jpg and /dev/null differ
diff --git a/frontend/apps/user/public/examples/case-3.jpg b/frontend/apps/user/public/examples/case-3.jpg
deleted file mode 100644
index f9e82e96..00000000
Binary files a/frontend/apps/user/public/examples/case-3.jpg and /dev/null differ
diff --git a/frontend/apps/user/public/examples/case-4.jpg b/frontend/apps/user/public/examples/case-4.jpg
deleted file mode 100644
index fad4a761..00000000
Binary files a/frontend/apps/user/public/examples/case-4.jpg and /dev/null differ
diff --git a/frontend/apps/user/public/examples/case-5.jpg b/frontend/apps/user/public/examples/case-5.jpg
deleted file mode 100644
index 2047d8c3..00000000
Binary files a/frontend/apps/user/public/examples/case-5.jpg and /dev/null differ
diff --git a/frontend/apps/user/public/logo-icon.png b/frontend/apps/user/public/logo-icon.png
deleted file mode 100644
index 990f6214..00000000
Binary files a/frontend/apps/user/public/logo-icon.png and /dev/null differ
diff --git a/frontend/apps/user/public/logo.png b/frontend/apps/user/public/logo.png
deleted file mode 100644
index 990f6214..00000000
Binary files a/frontend/apps/user/public/logo.png and /dev/null differ
diff --git a/frontend/apps/user/src/App.tsx b/frontend/apps/user/src/App.tsx
deleted file mode 100644
index 8e37abb2..00000000
--- a/frontend/apps/user/src/App.tsx
+++ /dev/null
@@ -1,57 +0,0 @@
-import { Suspense, lazy } from 'react';
-import { Navigate, Route, Routes } from 'react-router-dom';
-
-import { AppLayout } from './layouts/AppLayout';
-import { AuthLayout } from './layouts/AuthLayout';
-import { LoadingScreen } from './components/LoadingScreen';
-import { LoginGate } from './components/LoginGate';
-import { Toaster } from './components/Toaster';
-import { RequireAuth } from './routes/RequireAuth';
-
-const LoginPage = lazy(() => import('./pages/auth/LoginPage'));
-const RegisterPage = lazy(() => import('./pages/auth/RegisterPage'));
-const CreateStudioPage = lazy(() => import('./pages/create/CreateStudioPage'));
-const HistoryPage = lazy(() => import('./pages/create/HistoryPage'));
-const BillingPage = lazy(() => import('./pages/billing/BillingPage'));
-const KeysPage = lazy(() => import('./pages/keys/KeysPage'));
-const DocsPage = lazy(() => import('./pages/keys/DocsPage'));
-const InvitePage = lazy(() => import('./pages/invite/InvitePage'));
-const SettingsPage = lazy(() => import('./pages/settings/SettingsPage'));
-
-export default function App() {
-  return (
-    <>
-      <Toaster />
-      <LoginGate />
-      <Suspense fallback={<LoadingScreen />}>
-        <Routes>
-          {/* 独立的全屏品牌登录/注册页（保留兜底入口） */}
-          <Route element={<AuthLayout />}>
-            <Route path="/login" element={<LoginPage />} />
-            <Route path="/register" element={<RegisterPage />} />
-          </Route>
-
-          {/* 主应用：未登录也可浏览创作页 / 调用说明 */}
-          <Route element={<AppLayout />}>
-            <Route path="/" element={<Navigate to="/create/image" replace />} />
-            <Route path="/create/image" element={<CreateStudioPage />} />
-            <Route path="/create/text" element={<CreateStudioPage />} />
-            <Route path="/create/video" element={<CreateStudioPage />} />
-            <Route path="/docs" element={<DocsPage />} />
-
-            {/* 受保护：未登录将弹浮层并退回首页 */}
-            <Route element={<RequireAuth />}>
-              <Route path="/history" element={<HistoryPage />} />
-              <Route path="/billing" element={<BillingPage />} />
-              <Route path="/keys" element={<KeysPage />} />
-              <Route path="/invite" element={<InvitePage />} />
-              <Route path="/settings" element={<SettingsPage />} />
-            </Route>
-          </Route>
-
-          <Route path="*" element={<Navigate to="/" replace />} />
-        </Routes>
-      </Suspense>
-    </>
-  );
-}
diff --git a/frontend/apps/user/src/components/LoadingScreen.tsx b/frontend/apps/user/src/components/LoadingScreen.tsx
deleted file mode 100644
index 4b407bc3..00000000
--- a/frontend/apps/user/src/components/LoadingScreen.tsx
+++ /dev/null
@@ -1,10 +0,0 @@
-export function LoadingScreen() {
-  return (
-    <div className="grid h-full place-items-center bg-surface-bg">
-      <div className="flex flex-col items-center gap-3">
-        <div className="h-10 w-10 rounded-pill border-2 border-klein-500/30 border-t-klein-500 animate-spin" />
-        <span className="text-small text-text-tertiary">加载中…</span>
-      </div>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/components/LoginGate.tsx b/frontend/apps/user/src/components/LoginGate.tsx
deleted file mode 100644
index a40a13b6..00000000
--- a/frontend/apps/user/src/components/LoginGate.tsx
+++ /dev/null
@@ -1,257 +0,0 @@
-import { useEffect, useState } from 'react';
-import { useForm } from 'react-hook-form';
-import { z } from 'zod';
-import { zodResolver } from '@hookform/resolvers/zod';
-import { LogIn, UserPlus, X } from 'lucide-react';
-import clsx from 'clsx';
-
-import { ApiError } from '../lib/api';
-import { authApi } from '../lib/services';
-import { useAuthStore } from '../stores/auth';
-import { useLoginGateStore } from '../stores/loginGate';
-import { toast } from '../stores/toast';
-
-const loginSchema = z.object({
-  account: z.string().min(3, '账号至少 3 位'),
-  password: z.string().min(6, '密码至少 6 位'),
-});
-type LoginValues = z.infer<typeof loginSchema>;
-
-const registerSchema = z
-  .object({
-    account: z.string().min(3, '账号至少 3 位').max(64, '账号过长'),
-    password: z
-      .string()
-      .min(8, '密码至少 8 位')
-      .max(64, '密码过长')
-      .regex(/[A-Za-z]/, '密码需要包含字母')
-      .regex(/[0-9]/, '密码需要包含数字'),
-    confirm: z.string(),
-    invite_code: z.string().max(16).optional().or(z.literal('')),
-  })
-  .refine((d) => d.password === d.confirm, {
-    message: '两次密码不一致',
-    path: ['confirm'],
-  });
-type RegisterValues = z.infer<typeof registerSchema>;
-
-export function LoginGate() {
-  const open = useLoginGateStore((s) => s.open);
-  const hint = useLoginGateStore((s) => s.hint);
-  const initialTab = useLoginGateStore((s) => s.initialTab);
-  const closeGate = useLoginGateStore((s) => s.closeGate);
-  const resolve = useLoginGateStore((s) => s.resolve);
-
-  const [tab, setTab] = useState<'login' | 'register'>(initialTab);
-
-  useEffect(() => {
-    if (open) setTab(initialTab);
-  }, [open, initialTab]);
-
-  useEffect(() => {
-    if (!open) return;
-    const onKey = (e: KeyboardEvent) => {
-      if (e.key === 'Escape') closeGate();
-    };
-    document.addEventListener('keydown', onKey);
-    const prev = document.body.style.overflow;
-    document.body.style.overflow = 'hidden';
-    return () => {
-      document.removeEventListener('keydown', onKey);
-      document.body.style.overflow = prev;
-    };
-  }, [open, closeGate]);
-
-  if (!open) return null;
-
-  return (
-    <div
-      role="dialog"
-      aria-modal="true"
-      aria-label="登录或注册"
-      className="fixed inset-0 z-[80] grid place-items-center px-4 py-10"
-    >
-      <button
-        aria-label="关闭"
-        type="button"
-        className="absolute inset-0 bg-black/35 backdrop-blur-sm"
-        onClick={closeGate}
-      />
-
-      <div className="relative w-full max-w-[440px] overflow-hidden rounded-[28px] border border-neutral-200 bg-white p-6 shadow-[0_24px_80px_rgba(0,0,0,.18)] klein-fade-in">
-        <div className="flex items-start justify-between gap-4">
-          <div className="min-w-0">
-            <h2 className="text-[26px] font-medium leading-tight text-neutral-950">
-              {tab === 'login' ? '欢迎回来' : '创建账号'}
-            </h2>
-            <p className="mt-2 text-[15px] text-neutral-500">{hint}</p>
-          </div>
-          <button
-            type="button"
-            aria-label="关闭"
-            className="grid h-9 w-9 flex-shrink-0 place-items-center rounded-full text-neutral-500 transition hover:bg-neutral-100 hover:text-neutral-950"
-            onClick={closeGate}
-          >
-            <X size={20} />
-          </button>
-        </div>
-
-        <div className="mt-6 grid grid-cols-2 rounded-full bg-neutral-100 p-1">
-          <button
-            role="tab"
-            aria-selected={tab === 'login'}
-            type="button"
-            onClick={() => setTab('login')}
-            className={clsx(
-              'inline-flex h-11 items-center justify-center gap-2 rounded-full text-[15px] transition',
-              tab === 'login' ? 'bg-white font-medium text-neutral-950 shadow-sm' : 'text-neutral-500',
-            )}
-          >
-            <LogIn size={16} /> 登录
-          </button>
-          <button
-            role="tab"
-            aria-selected={tab === 'register'}
-            type="button"
-            onClick={() => setTab('register')}
-            className={clsx(
-              'inline-flex h-11 items-center justify-center gap-2 rounded-full text-[15px] transition',
-              tab === 'register' ? 'bg-white font-medium text-neutral-950 shadow-sm' : 'text-neutral-500',
-            )}
-          >
-            <UserPlus size={16} /> 注册
-          </button>
-        </div>
-
-        <div className="py-6">
-          {tab === 'login' ? <LoginForm onDone={resolve} /> : <RegisterForm onDone={resolve} />}
-        </div>
-
-        <p className="text-center text-xs text-neutral-400">登录即代表同意服务条款与隐私政策</p>
-      </div>
-    </div>
-  );
-}
-
-function LoginForm({ onDone }: { onDone: () => void }) {
-  const setToken = useAuthStore((s) => s.setToken);
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-
-  const {
-    register,
-    handleSubmit,
-    formState: { errors, isSubmitting },
-  } = useForm<LoginValues>({
-    resolver: zodResolver(loginSchema),
-    defaultValues: { account: '', password: '' },
-  });
-
-  const onSubmit = async (v: LoginValues) => {
-    try {
-      const resp = await authApi.login({ account: v.account, password: v.password });
-      setToken(resp.token);
-      await refreshMe();
-      toast.success('登录成功');
-      onDone();
-    } catch (err) {
-      toast.error(err instanceof ApiError ? err.message : '登录失败，请重试');
-    }
-  };
-
-  return (
-    <form className="space-y-3" onSubmit={handleSubmit(onSubmit)} noValidate>
-      <div className="field">
-        <input
-          className={clsx('input h-14 rounded-2xl text-[15px] font-normal placeholder:font-normal', errors.account && 'input-error')}
-          placeholder="邮箱 / 手机号 / 用户名"
-          autoComplete="username"
-          {...register('account')}
-        />
-        {errors.account && <p className="field-error">{errors.account.message}</p>}
-      </div>
-      <div className="field">
-        <input
-          className={clsx('input h-14 rounded-2xl text-[15px] font-normal placeholder:font-normal', errors.password && 'input-error')}
-          type="password"
-          placeholder="密码"
-          autoComplete="current-password"
-          {...register('password')}
-        />
-        {errors.password && <p className="field-error">{errors.password.message}</p>}
-      </div>
-      <button className="btn btn-primary btn-lg btn-block h-14 text-[17px]" type="submit" disabled={isSubmitting}>
-        {isSubmitting ? '登录中...' : '登录'}
-      </button>
-    </form>
-  );
-}
-
-function RegisterForm({ onDone }: { onDone: () => void }) {
-  const setToken = useAuthStore((s) => s.setToken);
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-
-  const {
-    register,
-    handleSubmit,
-    formState: { errors, isSubmitting },
-  } = useForm<RegisterValues>({
-    resolver: zodResolver(registerSchema),
-    defaultValues: { account: '', password: '', confirm: '', invite_code: '' },
-  });
-
-  const onSubmit = async (v: RegisterValues) => {
-    try {
-      const resp = await authApi.register({
-        account: v.account,
-        password: v.password,
-        invite_code: v.invite_code || undefined,
-      });
-      setToken(resp.token);
-      await refreshMe();
-      toast.success('注册成功，已为你登录');
-      onDone();
-    } catch (err) {
-      toast.error(err instanceof ApiError ? err.message : '注册失败，请重试');
-    }
-  };
-
-  return (
-    <form className="space-y-3" onSubmit={handleSubmit(onSubmit)} noValidate>
-      <div className="field">
-        <input
-          className={clsx('input h-14 rounded-2xl text-[15px] font-normal placeholder:font-normal', errors.account && 'input-error')}
-          placeholder="邮箱 / 手机号 / 用户名"
-          autoComplete="username"
-          {...register('account')}
-        />
-        {errors.account && <p className="field-error">{errors.account.message}</p>}
-      </div>
-      <div className="field">
-        <input
-          className={clsx('input h-14 rounded-2xl text-[15px] font-normal placeholder:font-normal', errors.password && 'input-error')}
-          type="password"
-          placeholder="至少 8 位，包含字母与数字"
-          autoComplete="new-password"
-          {...register('password')}
-        />
-        {errors.password && <p className="field-error">{errors.password.message}</p>}
-      </div>
-      <div className="field">
-        <input
-          className={clsx('input h-14 rounded-2xl text-[15px] font-normal placeholder:font-normal', errors.confirm && 'input-error')}
-          type="password"
-          placeholder="再次输入密码"
-          autoComplete="new-password"
-          {...register('confirm')}
-        />
-        {errors.confirm && <p className="field-error">{errors.confirm.message}</p>}
-      </div>
-      <div className="field">
-        <input className="input h-14 rounded-2xl text-[15px] font-normal placeholder:font-normal" placeholder="邀请码（选填）" {...register('invite_code')} />
-      </div>
-      <button className="btn btn-primary btn-lg btn-block h-14 text-[17px]" type="submit" disabled={isSubmitting}>
-        {isSubmitting ? '创建中...' : '创建账号'}
-      </button>
-    </form>
-  );
-}
diff --git a/frontend/apps/user/src/components/Logo.tsx b/frontend/apps/user/src/components/Logo.tsx
deleted file mode 100644
index 2f3c6e13..00000000
--- a/frontend/apps/user/src/components/Logo.tsx
+++ /dev/null
@@ -1,40 +0,0 @@
-import clsx from 'clsx';
-
-const LOGO_SRC = '/logo-icon.png?v=20260501';
-
-interface LogoProps {
-  size?: 'sm' | 'md' | 'lg';
-  /** 仅图标，不渲染文字（移动端紧凑场景） */
-  iconOnly?: boolean;
-  /** 文字附加后缀，例如「管理后台」 */
-  suffix?: string;
-  className?: string;
-}
-
-const SIZE: Record<NonNullable<LogoProps['size']>, { icon: number; text: string }> = {
-  sm: { icon: 24, text: 'text-small' },
-  md: { icon: 30, text: 'text-h4' },
-  lg: { icon: 40, text: 'text-h3' },
-};
-
-export function Logo({ size = 'md', iconOnly = false, suffix, className }: LogoProps) {
-  const cfg = SIZE[size];
-  return (
-    <div className={clsx('flex items-center gap-2 select-none min-w-0', className)}>
-      <img
-        src={LOGO_SRC}
-        alt="首页"
-        height={cfg.icon}
-        style={{ height: cfg.icon, width: 'auto' }}
-        draggable={false}
-        className="block object-contain shrink-0"
-      />
-      {!iconOnly && (
-        <span className={clsx(cfg.text, 'font-medium tracking-tight text-text-primary leading-none')}>
-          首页
-          {suffix && <span className="ml-2 align-middle text-tiny font-medium text-text-tertiary">{suffix}</span>}
-        </span>
-      )}
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/components/Toaster.tsx b/frontend/apps/user/src/components/Toaster.tsx
deleted file mode 100644
index 395289d0..00000000
--- a/frontend/apps/user/src/components/Toaster.tsx
+++ /dev/null
@@ -1,49 +0,0 @@
-import clsx from 'clsx';
-import { CheckCircle2, X, AlertTriangle, Info } from 'lucide-react';
-
-import { useToastStore } from '../stores/toast';
-
-const ICONS = {
-  success: CheckCircle2,
-  error: AlertTriangle,
-  info: Info,
-} as const;
-
-const COLOR = {
-  success: 'border-success bg-surface-1 text-success',
-  error: 'border-danger bg-surface-1 text-danger',
-  info: 'border-klein-500 bg-surface-1 text-klein-500',
-} as const;
-
-export function Toaster() {
-  const items = useToastStore((s) => s.items);
-  const dismiss = useToastStore((s) => s.dismiss);
-  return (
-    <div className="fixed top-4 right-4 z-[100] flex flex-col gap-2 max-w-[min(92vw,360px)]">
-      {items.map((t) => {
-        const Icon = ICONS[t.kind];
-        return (
-          <div
-            key={t.id}
-            className={clsx(
-              'flex items-start gap-3 px-4 py-3 rounded-md border shadow-3 backdrop-blur',
-              'bg-surface-1/95 text-text-primary',
-              'klein-fade-in',
-              COLOR[t.kind],
-            )}
-          >
-            <Icon size={18} className="shrink-0 mt-0.5" />
-            <p className="flex-1 text-small text-text-primary leading-loose break-all">{t.msg}</p>
-            <button
-              aria-label="关闭"
-              className="text-text-tertiary hover:text-text-primary transition"
-              onClick={() => dismiss(t.id)}
-            >
-              <X size={16} />
-            </button>
-          </div>
-        );
-      })}
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/hooks/useEnsureLoggedIn.ts b/frontend/apps/user/src/hooks/useEnsureLoggedIn.ts
deleted file mode 100644
index 5e91a18a..00000000
--- a/frontend/apps/user/src/hooks/useEnsureLoggedIn.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-import { useCallback } from 'react';
-
-import { useAuthStore } from '../stores/auth';
-import { useLoginGateStore } from '../stores/loginGate';
-
-/**
- * 调用 ensure(action[, hint]) 来执行需要登录态的动作：
- *   - 已登录：立刻同步执行
- *   - 未登录：打开登录浮层，登录成功后自动执行
- * 返回值：是否已经登录（false 表示已弹浮层等待用户登录）
- */
-export function useEnsureLoggedIn() {
-  const tokenSel = useAuthStore((s) => s.token);
-  const openGate = useLoginGateStore((s) => s.openGate);
-
-  return useCallback(
-    (action: () => void, hint?: string): boolean => {
-      if (tokenSel) {
-        action();
-        return true;
-      }
-      openGate({ hint: hint ?? '登录后即可生成', onLoggedIn: action });
-      return false;
-    },
-    [tokenSel, openGate],
-  );
-}
diff --git a/frontend/apps/user/src/index.css b/frontend/apps/user/src/index.css
deleted file mode 100644
index 156dc31f..00000000
--- a/frontend/apps/user/src/index.css
+++ /dev/null
@@ -1,261 +0,0 @@
-@import '@kleinai/theme/components.css';
-
-@tailwind base;
-@tailwind components;
-@tailwind utilities;
-
-/* User app shell overrides. Keep the public app quiet and close to the
-   reference: white canvas, thin borders, soft controls, little decoration. */
-
-@layer base {
-  :root {
-    --surface-bg: #ffffff;
-    --surface-1: #ffffff;
-    --surface-2: #f7f7f8;
-    --surface-3: #eeeeef;
-    --border-default: #e5e5e5;
-    --border-strong: #d4d4d4;
-    --text-primary: #111111;
-    --text-secondary: #525252;
-    --text-tertiary: #8a8a8a;
-    --klein-gradient: linear-gradient(135deg, #111111 0%, #333333 100%);
-    --klein-gradient-soft: #f7f7f8;
-    --klein-glow: none;
-    --klein-glow-soft: none;
-    --focus-ring: 0 0 0 3px rgba(17, 17, 17, .08);
-  }
-
-  body {
-    background: #ffffff;
-    line-height: 1.5;
-  }
-}
-
-@layer components {
-  .text-display,
-  .text-h1,
-  .text-h2,
-  .text-h3,
-  .text-h4 {
-    font-weight: 500;
-    letter-spacing: 0;
-  }
-
-  .card,
-  .card-flat,
-  .card-elevated,
-  .card-glass,
-  .card-tinted,
-  .creative-pane {
-    border: 1px solid #e5e5e5;
-    border-radius: 24px;
-    background: #ffffff;
-    box-shadow: none;
-  }
-
-  .card-section {
-    padding: 24px;
-  }
-
-  .btn {
-    border-radius: 999px;
-    box-shadow: none;
-  }
-
-  .btn-primary,
-  .btn-klein {
-    background: #111111;
-    color: #ffffff;
-    border-color: #111111;
-    box-shadow: none;
-  }
-
-  .btn-primary:hover:not(:disabled):not([aria-disabled='true']),
-  .btn-klein:hover:not(:disabled):not([aria-disabled='true']) {
-    background: #2a2a2a;
-    border-color: #2a2a2a;
-    box-shadow: none;
-    filter: none;
-  }
-
-  .btn-secondary {
-    background: #f5f5f5;
-    color: #111111;
-    border-color: #e5e5e5;
-  }
-
-  .btn-secondary:hover:not(:disabled):not([aria-disabled='true']),
-  .btn-outline:hover:not(:disabled):not([aria-disabled='true']) {
-    background: #eeeeef;
-    border-color: #d4d4d4;
-    color: #111111;
-  }
-
-  .input,
-  .select,
-  .textarea {
-    border-radius: 18px;
-    border-color: #e5e5e5;
-    background: #ffffff;
-    box-shadow: none;
-  }
-
-  .input::placeholder,
-  .select::placeholder,
-  .textarea::placeholder {
-    color: #9ca3af;
-    font-weight: 400;
-  }
-
-  .input:focus,
-  .select:focus,
-  .textarea:focus {
-    border-color: #e5e5e5;
-    box-shadow: none;
-    outline: none;
-  }
-
-  .studio-prompt,
-  .studio-prompt:hover,
-  .studio-prompt:focus,
-  .studio-prompt:focus-visible,
-  .studio-prompt:active {
-    border: 0 !important;
-    outline: none !important;
-    box-shadow: none !important;
-    --tw-ring-shadow: 0 0 #0000 !important;
-    --tw-ring-offset-shadow: 0 0 #0000 !important;
-  }
-
-  .generating-dots {
-    position: absolute;
-    inset: 0;
-    overflow: hidden;
-    border-radius: inherit;
-    background: #fafafa;
-  }
-
-  .generating-dots::before,
-  .generating-dots::after {
-    content: '';
-    position: absolute;
-    inset: 7%;
-    background-image: radial-gradient(circle, rgba(17, 17, 17, .34) 1.45px, transparent 1.75px);
-    background-size: 24px 24px;
-    background-position: center;
-    mask-image: radial-gradient(circle at 58% 48%, #000 0 34%, rgba(0, 0, 0, .68) 48%, transparent 72%);
-    -webkit-mask-image: radial-gradient(circle at 58% 48%, #000 0 34%, rgba(0, 0, 0, .68) 48%, transparent 72%);
-    animation: generating-dots-drift 2.8s ease-in-out infinite;
-  }
-
-  .generating-dots::after {
-    inset: 12%;
-    opacity: .42;
-    background-size: 16px 16px;
-    animation: generating-dots-pulse 1.8s ease-in-out infinite;
-  }
-
-  .generating-dots__phrases {
-    position: absolute;
-    left: 50%;
-    top: 56%;
-    z-index: 3;
-    width: min(86%, 280px);
-    height: 32px;
-    transform: translate(-50%, -50%);
-  }
-
-  .generating-dots__phrase {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    color: rgba(17, 17, 17, .72);
-    font-size: 14px;
-    line-height: 1.4;
-    letter-spacing: 0;
-    text-align: center;
-    white-space: nowrap;
-    text-shadow: 0 1px 0 rgba(255, 255, 255, .8);
-  }
-
-  .generating-dots__phrase--active {
-    animation: generating-phrase-fade 1.8s ease-in-out;
-  }
-}
-
-@keyframes generating-dots-drift {
-  0%, 100% {
-    opacity: .45;
-    transform: translate3d(-5px, -3px, 0) scale(.98);
-  }
-  50% {
-    opacity: .9;
-    transform: translate3d(6px, 5px, 0) scale(1.02);
-  }
-}
-
-@keyframes generating-dots-pulse {
-  0%, 100% {
-    opacity: .18;
-    transform: scale(.94);
-  }
-  50% {
-    opacity: .48;
-    transform: scale(1.04);
-  }
-}
-
-@keyframes generating-phrase-fade {
-  0% {
-    opacity: 0;
-    transform: translateY(4px);
-  }
-  18% {
-    opacity: 1;
-    transform: translateY(0);
-  }
-  82% {
-    opacity: 1;
-    transform: translateY(0);
-  }
-  100% {
-    opacity: 0;
-    transform: translateY(-4px);
-  }
-}
-
-/* Final user-app typography pass: this front end should feel light and quiet.
-   Override Tailwind font weight utilities that individual pages still use. */
-#root :where(
-  h1,
-  h2,
-  h3,
-  h4,
-  h5,
-  h6,
-  p,
-  span,
-  a,
-  button,
-  label,
-  input,
-  textarea,
-  select,
-  td,
-  th,
-  strong,
-  b,
-  .btn,
-  .tab,
-  .field-label,
-  .text-display,
-  .text-h1,
-  .text-h2,
-  .text-h3,
-  .text-h4,
-  .font-bold,
-  .font-semibold,
-  .font-medium
-) {
-  font-weight: 400 !important;
-}
diff --git a/frontend/apps/user/src/layouts/AppLayout.tsx b/frontend/apps/user/src/layouts/AppLayout.tsx
deleted file mode 100644
index a2fb1889..00000000
--- a/frontend/apps/user/src/layouts/AppLayout.tsx
+++ /dev/null
@@ -1,208 +0,0 @@
-import { NavLink, Outlet, useNavigate } from 'react-router-dom';
-import {
-  BookOpen,
-  Clock3,
-  CreditCard,
-  FileKey2,
-  Gift,
-  Github,
-  Image,
-  LogIn,
-  LogOut,
-  MessageCircle,
-  PanelLeft,
-  Search,
-  Settings,
-  Video,
-  type LucideIcon,
-} from 'lucide-react';
-import clsx from 'clsx';
-
-import { useAuthStore } from '../stores/auth';
-import { useLoginGateStore } from '../stores/loginGate';
-import { toast } from '../stores/toast';
-
-interface NavItem {
-  to: string;
-  label: string;
-  icon: LucideIcon;
-  authed?: boolean;
-}
-
-const NAV_ITEMS: NavItem[] = [
-  { to: '/create/image', label: '图片', icon: Image },
-  { to: '/create/text', label: '文字', icon: MessageCircle },
-  { to: '/create/video', label: '视频', icon: Video },
-  { to: '/history', label: '历史', icon: Clock3, authed: true },
-  { to: '/billing', label: '充值', icon: CreditCard, authed: true },
-  { to: '/keys', label: '密钥', icon: FileKey2, authed: true },
-  { to: '/docs', label: '文档', icon: BookOpen },
-  { to: '/invite', label: '邀请', icon: Gift, authed: true },
-  { to: '/settings', label: '设置', icon: Settings, authed: true },
-];
-
-const sourceHref = () => String.fromCharCode(
-  104, 116, 116, 112, 115, 58, 47, 47, 103, 105, 116, 104, 117, 98, 46, 99,
-  111, 109, 47, 52, 51, 50, 53, 51, 57, 47, 103, 112, 116, 50, 97, 112, 105, 47,
-);
-const APP_VERSION = 'v2.0.0';
-
-export function AppLayout() {
-  const token = useAuthStore((s) => s.token);
-  const me = useAuthStore((s) => s.me);
-  const logout = useAuthStore((s) => s.logout);
-  const openGate = useLoginGateStore((s) => s.openGate);
-  const navigate = useNavigate();
-  const isAuthed = !!token;
-
-  const onLogout = async () => {
-    await logout();
-    toast.info('已退出登录');
-    navigate('/create/image', { replace: true });
-  };
-
-  const handleNav = (item: NavItem, e: React.MouseEvent) => {
-    if (item.authed && !isAuthed) {
-      e.preventDefault();
-      openGate({ hint: `登录后即可使用「${item.label}」`, onLoggedIn: () => navigate(item.to) });
-    }
-  };
-
-  return (
-    <div className="min-h-full bg-white text-neutral-950">
-      <aside className="fixed inset-y-0 left-0 z-40 hidden w-14 border-r border-neutral-200 bg-white lg:flex lg:flex-col lg:items-center">
-        <button
-          type="button"
-          className="mt-3 grid h-8 w-8 place-items-center rounded-full text-neutral-700 hover:bg-neutral-100"
-          title="首页"
-          onClick={() => navigate('/create/image')}
-        >
-          <PanelLeft size={18} />
-        </button>
-
-        <nav className="mt-6 flex flex-1 flex-col items-center gap-2">
-          {NAV_ITEMS.slice(0, 4).map((item) => <RailLink key={item.to} item={item} onClick={handleNav} />)}
-          <div className="my-2 h-px w-6 bg-neutral-200" />
-          {NAV_ITEMS.slice(4, 7).map((item) => <RailLink key={item.to} item={item} onClick={handleNav} />)}
-        </nav>
-
-        <div className="mb-3 flex flex-col items-center gap-2">
-          {NAV_ITEMS.slice(7).map((item) => <RailLink key={item.to} item={item} onClick={handleNav} />)}
-          <a
-            href={sourceHref()}
-            target="_blank"
-            rel="noreferrer"
-            className="grid h-8 w-8 place-items-center rounded-full text-neutral-600 hover:bg-neutral-100 hover:text-neutral-950"
-            title="开源项目"
-          >
-            <Github size={17} />
-          </a>
-          {isAuthed ? (
-            <>
-              <button
-                type="button"
-                className="grid h-8 w-8 place-items-center rounded-full bg-emerald-500 text-xs font-semibold text-white"
-                title={me?.username || me?.email || '我的账号'}
-                onClick={() => navigate('/settings')}
-              >
-                {(me?.username || me?.email || 'U').slice(0, 1).toUpperCase()}
-              </button>
-              <button
-                type="button"
-                className="grid h-8 w-8 place-items-center rounded-full text-neutral-600 hover:bg-neutral-100"
-                title="退出登录"
-                onClick={onLogout}
-              >
-                <LogOut size={17} />
-              </button>
-            </>
-          ) : (
-            <button
-              type="button"
-              className="grid h-8 w-8 place-items-center rounded-full text-neutral-600 hover:bg-neutral-100"
-              title="登录"
-              onClick={() => openGate({ hint: '登录后可保存作品和查看额度' })}
-            >
-              <LogIn size={17} />
-            </button>
-          )}
-        </div>
-        <div className="mb-2 flex flex-col items-center gap-1 text-[11px] text-neutral-400">
-          <span>{APP_VERSION}</span>
-          <a
-            href={sourceHref()}
-            target="_blank"
-            rel="noreferrer"
-            className="grid h-8 w-8 place-items-center rounded-full text-neutral-600 hover:bg-neutral-100 hover:text-neutral-950"
-            title="开源地址"
-          >
-            <Github size={17} />
-          </a>
-        </div>
-      </aside>
-
-      <header className="sticky top-0 z-30 flex h-12 items-center justify-between border-b border-neutral-200 bg-white/90 px-3 backdrop-blur lg:hidden">
-        <button className="grid h-9 w-9 place-items-center rounded-full hover:bg-neutral-100" onClick={() => navigate('/create/image')}>
-          <PanelLeft size={18} />
-        </button>
-        <div className="flex items-center gap-1">
-          {NAV_ITEMS.slice(0, 3).map((item) => <MobileMode key={item.to} item={item} onClick={handleNav} />)}
-        </div>
-        <button className="grid h-9 w-9 place-items-center rounded-full hover:bg-neutral-100" onClick={() => navigate('/history')}>
-          <Search size={18} />
-        </button>
-        <a
-          href={sourceHref()}
-          target="_blank"
-          rel="noreferrer"
-          className="grid h-9 w-9 place-items-center rounded-full hover:bg-neutral-100"
-          title="开源项目"
-        >
-          <Github size={18} />
-        </a>
-      </header>
-
-      <main className="min-h-screen lg:pl-14">
-        <Outlet />
-      </main>
-    </div>
-  );
-}
-
-function RailLink({ item, onClick }: { item: NavItem; onClick: (item: NavItem, e: React.MouseEvent) => void }) {
-  const Icon = item.icon;
-  return (
-    <NavLink
-      to={item.to}
-      title={item.label}
-      onClick={(e) => onClick(item, e)}
-      className={({ isActive }) =>
-        clsx(
-          'grid h-9 w-9 place-items-center rounded-full transition',
-          isActive ? 'bg-neutral-950 text-white' : 'text-neutral-650 hover:bg-neutral-100 hover:text-neutral-950',
-        )
-      }
-    >
-      <Icon size={18} />
-    </NavLink>
-  );
-}
-
-function MobileMode({ item, onClick }: { item: NavItem; onClick: (item: NavItem, e: React.MouseEvent) => void }) {
-  const Icon = item.icon;
-  return (
-    <NavLink
-      to={item.to}
-      onClick={(e) => onClick(item, e)}
-      className={({ isActive }) =>
-        clsx(
-          'inline-flex h-8 items-center gap-1.5 rounded-full px-3 text-sm',
-          isActive ? 'bg-neutral-950 text-white' : 'text-neutral-700 hover:bg-neutral-100',
-        )
-      }
-    >
-      <Icon size={15} />
-      {item.label}
-    </NavLink>
-  );
-}
diff --git a/frontend/apps/user/src/layouts/AuthLayout.tsx b/frontend/apps/user/src/layouts/AuthLayout.tsx
deleted file mode 100644
index 0a33fb0f..00000000
--- a/frontend/apps/user/src/layouts/AuthLayout.tsx
+++ /dev/null
@@ -1,35 +0,0 @@
-import { Link, Outlet } from 'react-router-dom';
-import { Image, MessageCircle, Video } from 'lucide-react';
-
-import { Logo } from '../components/Logo';
-
-export function AuthLayout() {
-  return (
-    <div className="min-h-full bg-white text-neutral-950">
-      <div className="mx-auto flex min-h-screen w-full max-w-6xl flex-col px-5 py-5">
-        <header className="flex items-center justify-between border-b border-neutral-100 pb-4">
-          <Link to="/create/image" className="inline-flex items-center gap-2 text-neutral-900">
-            <Logo size="sm" />
-          </Link>
-          <nav className="hidden items-center gap-2 rounded-full bg-neutral-100 p-1 text-sm text-neutral-500 sm:flex">
-            <Link className="inline-flex h-9 items-center gap-2 rounded-full bg-white px-4 text-neutral-950 shadow-sm" to="/create/image">
-              <Image size={15} /> 图片
-            </Link>
-            <Link className="inline-flex h-9 items-center gap-2 rounded-full px-4 hover:text-neutral-950" to="/create/text">
-              <MessageCircle size={15} /> 文字
-            </Link>
-            <Link className="inline-flex h-9 items-center gap-2 rounded-full px-4 hover:text-neutral-950" to="/create/video">
-              <Video size={15} /> 视频
-            </Link>
-          </nav>
-        </header>
-
-        <main className="grid flex-1 place-items-center py-10">
-          <div className="w-full max-w-[440px] rounded-[28px] border border-neutral-200 bg-white p-6 shadow-[0_24px_80px_rgba(15,23,42,.08)]">
-            <Outlet />
-          </div>
-        </main>
-      </div>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/lib/api.ts b/frontend/apps/user/src/lib/api.ts
deleted file mode 100644
index d055dabd..00000000
--- a/frontend/apps/user/src/lib/api.ts
+++ /dev/null
@@ -1,122 +0,0 @@
-// 用户端 axios 客户端：统一 baseURL、注入 Authorization、处理 401 / 业务错误码。
-//
-// 业务约定：
-//   1) 后端响应统一为 `{code, msg, data}`；HTTP 200 但 code !== 0 视为失败。
-//   2) 401 时清空 token 并跳转登录。
-//   3) 失败时抛出 `ApiError`，UI 用 toast 显示。
-import axios, {
-  AxiosError,
-  type AxiosInstance,
-  type AxiosRequestConfig,
-  type InternalAxiosRequestConfig,
-} from 'axios';
-
-import type { ApiBody, TokenPair } from './types';
-
-const TOKEN_KEY = 'klein:token';
-
-export interface StoredToken {
-  access: string;
-  refresh: string;
-  type: string;
-  accessExpireAt: number; // 毫秒时间戳
-  refreshExpireAt: number;
-}
-
-export function loadToken(): StoredToken | null {
-  try {
-    const raw = localStorage.getItem(TOKEN_KEY);
-    if (!raw) return null;
-    return JSON.parse(raw) as StoredToken;
-  } catch {
-    return null;
-  }
-}
-
-export function saveToken(tok: TokenPair): StoredToken {
-  const now = Date.now();
-  const v: StoredToken = {
-    access: tok.access_token,
-    refresh: tok.refresh_token,
-    type: tok.token_type || 'Bearer',
-    accessExpireAt: now + tok.access_expire_in * 1000,
-    refreshExpireAt: now + tok.refresh_expire_in * 1000,
-  };
-  localStorage.setItem(TOKEN_KEY, JSON.stringify(v));
-  return v;
-}
-
-export function clearToken() {
-  localStorage.removeItem(TOKEN_KEY);
-}
-
-export class ApiError extends Error {
-  code: number;
-  httpStatus?: number;
-  traceId?: string;
-  constructor(msg: string, code: number, opts?: { httpStatus?: number; traceId?: string }) {
-    super(msg);
-    this.code = code;
-    this.httpStatus = opts?.httpStatus;
-    this.traceId = opts?.traceId;
-  }
-}
-
-const baseURL =
-  (import.meta.env.VITE_API_BASE_URL as string | undefined)?.replace(/\/+$/, '') ?? '/api/v1';
-
-export const api: AxiosInstance = axios.create({
-  baseURL,
-  timeout: 30_000,
-  headers: { Accept: 'application/json' },
-});
-
-api.interceptors.request.use((cfg: InternalAxiosRequestConfig) => {
-  const tok = loadToken();
-  if (tok && cfg.headers) {
-    cfg.headers.set?.('Authorization', `${tok.type} ${tok.access}`);
-  }
-  return cfg;
-});
-
-let unauthorizedHandler: (() => void) | null = null;
-export function setUnauthorizedHandler(fn: () => void) {
-  unauthorizedHandler = fn;
-}
-
-api.interceptors.response.use(
-  (res) => {
-    const body = res.data as ApiBody<unknown>;
-    if (body && typeof body === 'object' && 'code' in body && body.code !== 0) {
-      throw new ApiError(body.msg || '请求失败', body.code, { traceId: body.trace_id });
-    }
-    return res;
-  },
-  (err: AxiosError<ApiBody<unknown>>) => {
-    const status = err.response?.status;
-    const body = err.response?.data;
-    const msg = body?.msg ?? friendlyHttpError(status, err.message);
-    const code = body?.code ?? status ?? -1;
-    if (status === 401) {
-      clearToken();
-      unauthorizedHandler?.();
-    }
-    return Promise.reject(
-      new ApiError(msg, code, { httpStatus: status, traceId: body?.trace_id }),
-    );
-  },
-);
-
-function friendlyHttpError(status?: number, raw?: string) {
-  if (status === 502 || status === 503 || status === 504) return '服务正在更新或繁忙，请稍后重试';
-  if (status === 413) return '上传内容过大，请压缩后重试';
-  if (status === 429) return '操作过于频繁，请稍后重试';
-  if (!status && raw === 'Network Error') return '网络连接异常，请检查网络后重试';
-  return raw || '网络异常';
-}
-
-/** 统一请求并解构 data，抹平 axios 返回结构 */
-export async function request<T = unknown>(cfg: AxiosRequestConfig): Promise<T> {
-  const res = await api.request<ApiBody<T>>(cfg);
-  return (res.data?.data ?? (undefined as unknown)) as T;
-}
diff --git a/frontend/apps/user/src/lib/format.ts b/frontend/apps/user/src/lib/format.ts
deleted file mode 100644
index e0909b56..00000000
--- a/frontend/apps/user/src/lib/format.ts
+++ /dev/null
@@ -1,57 +0,0 @@
-// 格式化工具。所有点数后端均按 *100 存储。
-
-const numberFmt = new Intl.NumberFormat('zh-CN', {
-  minimumFractionDigits: 0,
-  maximumFractionDigits: 2,
-});
-
-/** 后端 points（*100） → 展示数值 */
-export function fmtPoints(p: number | undefined | null): string {
-  if (p == null) return '0';
-  const v = p / 100;
-  return numberFmt.format(v);
-}
-
-/** 后端 unix 秒 → 本地化时间字符串 */
-export function fmtTime(ts: number | undefined | null): string {
-  if (!ts) return '—';
-  const d = new Date(ts * 1000);
-  return d.toLocaleString('zh-CN', {
-    year: 'numeric',
-    month: '2-digit',
-    day: '2-digit',
-    hour: '2-digit',
-    minute: '2-digit',
-  });
-}
-
-/** 后端 unix 秒 → 相对时间（仅粗略） */
-export function fmtRelative(ts: number | undefined | null): string {
-  if (!ts) return '—';
-  const diff = Date.now() / 1000 - ts;
-  if (diff < 60) return '刚刚';
-  if (diff < 3600) return `${Math.floor(diff / 60)} 分钟前`;
-  if (diff < 86400) return `${Math.floor(diff / 3600)} 小时前`;
-  if (diff < 86400 * 7) return `${Math.floor(diff / 86400)} 天前`;
-  return fmtTime(ts);
-}
-
-const BIZ_LABEL: Record<string, string> = {
-  recharge: '充值',
-  cdk: 'CDK 兑换',
-  promo: '优惠码',
-  invite: '邀请奖励',
-  refund: '失败退款',
-  consume: '消费',
-  freeze: '冻结',
-  unfreeze: '解冻',
-  grant: '系统赠点',
-};
-
-export function fmtBiz(biz: string): string {
-  return BIZ_LABEL[biz] ?? biz;
-}
-
-export function pointsClass(direction: number): string {
-  return direction > 0 ? 'text-success' : 'text-danger';
-}
diff --git a/frontend/apps/user/src/lib/services.ts b/frontend/apps/user/src/lib/services.ts
deleted file mode 100644
index 58a4b29c..00000000
--- a/frontend/apps/user/src/lib/services.ts
+++ /dev/null
@@ -1,104 +0,0 @@
-// 高层 API 服务：分领域封装，UI 层只看 services.* 不直接 import axios。
-import { request } from './api';
-import type {
-  APIKey,
-  APIKeyCreateBody,
-  APIKeyCreated,
-  CreateImageBody,
-  CreateTextBody,
-  CreateVideoBody,
-  GenerationTask,
-  LoginResp,
-  MeResp,
-  PageData,
-  PublicModel,
-  RedeemCDKResp,
-  RegisterResp,
-  TextGenerationResp,
-  TokenPair,
-  WalletLog,
-} from './types';
-
-export const authApi = {
-  register: (body: { account: string; password: string; invite_code?: string }) =>
-    request<RegisterResp>({ method: 'POST', url: '/auth/register', data: body }),
-  login: (body: { account: string; password: string }) =>
-    request<LoginResp>({ method: 'POST', url: '/auth/login', data: body }),
-  refresh: (refresh_token: string) =>
-    request<TokenPair>({ method: 'POST', url: '/auth/refresh', data: { refresh_token } }),
-  logout: () => request<null>({ method: 'POST', url: '/auth/logout' }),
-  me: () => request<MeResp>({ method: 'GET', url: '/users/me' }),
-  changePassword: (body: { old_password: string; new_password: string }) =>
-    request<null>({ method: 'POST', url: '/users/password', data: body }),
-};
-
-export const keysApi = {
-  list: async () => {
-    const r = await request<{ list: APIKey[] } | APIKey[] | null>({ method: 'GET', url: '/keys' });
-    if (Array.isArray(r)) return r;
-    return r?.list ?? [];
-  },
-  create: (body: APIKeyCreateBody) =>
-    request<APIKeyCreated>({ method: 'POST', url: '/keys', data: body }),
-  toggle: ({ id, enable }: { id: number; enable: boolean }) =>
-    request<null>({
-      method: 'POST',
-      url: `/keys/${id}/toggle`,
-      params: { enable: enable ? 1 : 0 },
-    }),
-  remove: (id: number) => request<null>({ method: 'DELETE', url: `/keys/${id}` }),
-};
-
-export const billingApi = {
-  logs: (page = 1, pageSize = 20) =>
-    request<PageData<WalletLog>>({
-      method: 'GET',
-      url: '/billing/logs',
-      params: { page, page_size: pageSize },
-    }),
-  redeemCDK: (code: string) =>
-    request<RedeemCDKResp>({ method: 'POST', url: '/billing/cdk/redeem', data: { code } }),
-};
-
-export const genApi = {
-  models: async () => {
-    const r = await request<{ list: PublicModel[] } | PublicModel[] | null>({ method: 'GET', url: '/models' });
-    if (Array.isArray(r)) return r;
-    return r?.list ?? [];
-  },
-  createText: (body: CreateTextBody, idemKey?: string) =>
-    request<TextGenerationResp>({
-      method: 'POST',
-      url: '/gen/text',
-      data: body,
-      headers: idemKey ? { 'Idempotency-Key': idemKey } : undefined,
-    }),
-  createImage: (body: CreateImageBody, idemKey?: string) =>
-    request<GenerationTask>({
-      method: 'POST',
-      url: '/gen/image',
-      data: body,
-      headers: idemKey ? { 'Idempotency-Key': idemKey } : undefined,
-    }),
-  createVideo: (body: CreateVideoBody, idemKey?: string) =>
-    request<GenerationTask>({
-      method: 'POST',
-      url: '/gen/video',
-      data: body,
-      headers: idemKey ? { 'Idempotency-Key': idemKey } : undefined,
-    }),
-  getTask: (taskId: string) =>
-    request<GenerationTask>({ method: 'GET', url: `/gen/tasks/${taskId}` }),
-  history: (params: { kind?: 'image' | 'video' | 'media'; page?: number; page_size?: number } = {}) =>
-    request<PageData<GenerationTask>>({
-      method: 'GET',
-      url: '/gen/history',
-      params: {
-        kind: params.kind,
-        page: params.page ?? 1,
-        page_size: params.page_size ?? 20,
-      },
-    }),
-  deleteHistory: (scope: 'before_3d' | 'before_7d' | 'failed' | 'all') =>
-    request<{ deleted: number }>({ method: 'DELETE', url: '/gen/history', params: { scope } }),
-};
diff --git a/frontend/apps/user/src/lib/types.ts b/frontend/apps/user/src/lib/types.ts
deleted file mode 100644
index 46c798e0..00000000
--- a/frontend/apps/user/src/lib/types.ts
+++ /dev/null
@@ -1,180 +0,0 @@
-// 与后端 dto / response 对齐的前端类型。
-// 注意：所有 *_points / points / cost_points 字段单位为「点 *100」，展示时使用 fmtPoints 除以 100。
-
-export interface ApiBody<T> {
-  code: number;
-  msg: string;
-  data?: T;
-  trace_id?: string;
-}
-
-export interface PageData<T> {
-  list: T[];
-  total: number;
-  page: number;
-  page_size: number;
-}
-
-export interface TokenPair {
-  access_token: string;
-  refresh_token: string;
-  token_type: string;
-  access_expire_in: number;
-  refresh_expire_in: number;
-}
-
-export interface RegisterResp {
-  uid: number;
-  uuid: string;
-  invite_code: string;
-  token: TokenPair;
-}
-
-export interface LoginResp {
-  uid: number;
-  uuid: string;
-  token: TokenPair;
-}
-
-export interface MeResp {
-  uid: number;
-  uuid: string;
-  username?: string;
-  email?: string;
-  phone?: string;
-  avatar?: string;
-  points: number;
-  frozen_points: number;
-  plan_code: string;
-  invite_code: string;
-  created_at: number;
-}
-
-export interface APIKey {
-  id: number;
-  name: string;
-  prefix: string;
-  last4: string;
-  mask: string;
-  scope: string;
-  rpm_limit: number;
-  daily_quota: number;
-  status: number;
-  expire_at?: number;
-  last_used_at?: number;
-  created_at: number;
-}
-
-export interface APIKeyCreated {
-  id: number;
-  name: string;
-  plain: string;
-  prefix: string;
-  last4: string;
-  scope: string;
-  created_at: number;
-}
-
-export interface APIKeyCreateBody {
-  name: string;
-  scope?: string;
-  rpm_limit?: number;
-  daily_quota?: number;
-  expire_days?: number;
-}
-
-export interface WalletLog {
-  id: number;
-  direction: 1 | -1;
-  biz_type: string;
-  biz_id: string;
-  points: number;
-  points_before: number;
-  points_after: number;
-  remark?: string;
-  created_at: number;
-}
-
-export interface GenerationResult {
-  url: string;
-  thumb_url?: string;
-  width?: number;
-  height?: number;
-  duration_ms?: number;
-}
-
-/**
- * 任务状态：
- * 0 pending / 1 running / 2 succeeded / 3 failed / 4 refunded / 5 cancelled
- */
-export type TaskStatus = 0 | 1 | 2 | 3 | 4 | 5;
-
-export interface GenerationTask {
-  task_id: string;
-  kind: 'image' | 'video' | 'chat';
-  status: TaskStatus;
-  progress: number;
-  model: string;
-  prompt?: string;
-  cost_points: number;
-  error?: string;
-  results?: GenerationResult[];
-  created_at: number;
-}
-
-export interface CreateImageBody {
-  model: string;
-  prompt: string;
-  neg_prompt?: string;
-  mode?: 't2i' | 'i2i';
-  count?: number;
-  ratio?: string;
-  quality?: 'draft' | 'standard' | 'hd';
-  ref_assets?: string[];
-  params?: Record<string, unknown>;
-}
-
-export interface CreateVideoBody {
-  model: string;
-  prompt: string;
-  mode?: 't2v' | 'i2v';
-  duration?: number;
-  ratio?: string;
-  quality?: 'draft' | 'standard' | 'hd';
-  ref_assets?: string[];
-  params?: Record<string, unknown>;
-}
-
-export interface CreateTextBody {
-  model?: string;
-  prompt: string;
-  max_tokens?: number;
-  images?: string[];
-}
-
-export interface TextGenerationResp {
-  id: string;
-  model: string;
-  content: string;
-  prompt_tokens: number;
-  completion_tokens: number;
-  total_tokens: number;
-}
-
-export interface PublicModel {
-  model_code: string;
-  name: string;
-  kind: 'text' | 'image' | 'video';
-  provider: string;
-  upstream_model?: string;
-  unit_points: number;
-  input_unit_points?: number;
-  output_unit_points?: number;
-  enabled: boolean;
-}
-
-export interface RedeemCDKResp {
-  points: number;
-  biz: string;
-  message: string;
-}
diff --git a/frontend/apps/user/src/main.tsx b/frontend/apps/user/src/main.tsx
deleted file mode 100644
index ab5c908f..00000000
--- a/frontend/apps/user/src/main.tsx
+++ /dev/null
@@ -1,44 +0,0 @@
-import React from 'react';
-import ReactDOM from 'react-dom/client';
-import { BrowserRouter } from 'react-router-dom';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-
-import { applyThemeMode } from '@kleinai/theme';
-
-import App from './App';
-import { setUnauthorizedHandler } from './lib/api';
-import { useAuthStore } from './stores/auth';
-import { useLoginGateStore } from './stores/loginGate';
-import { toast } from './stores/toast';
-import '@kleinai/theme/tokens.css';
-import '@kleinai/theme/animations.css';
-import './index.css';
-
-applyThemeMode((localStorage.getItem('klein:theme') as 'dark' | 'light' | 'system' | null) ?? 'light');
-
-setUnauthorizedHandler(() => {
-  useAuthStore.setState({ token: null, me: null });
-  toast.error('登录已过期，请重新登录');
-  // 让 token 失效的请求触发登录浮层，而不是粗暴跳转
-  useLoginGateStore.getState().openGate({ hint: '登录态已失效，请重新登录' });
-});
-
-const qc = new QueryClient({
-  defaultOptions: {
-    queries: {
-      retry: 1,
-      refetchOnWindowFocus: false,
-      staleTime: 30_000,
-    },
-  },
-});
-
-ReactDOM.createRoot(document.getElementById('root') as HTMLElement).render(
-  <React.StrictMode>
-    <QueryClientProvider client={qc}>
-      <BrowserRouter>
-        <App />
-      </BrowserRouter>
-    </QueryClientProvider>
-  </React.StrictMode>,
-);
diff --git a/frontend/apps/user/src/pages/auth/LoginPage.tsx b/frontend/apps/user/src/pages/auth/LoginPage.tsx
deleted file mode 100644
index c43537ea..00000000
--- a/frontend/apps/user/src/pages/auth/LoginPage.tsx
+++ /dev/null
@@ -1,115 +0,0 @@
-import { Link, useLocation, useNavigate } from 'react-router-dom';
-import { useForm } from 'react-hook-form';
-import { z } from 'zod';
-import { zodResolver } from '@hookform/resolvers/zod';
-import clsx from 'clsx';
-
-import { ApiError } from '../../lib/api';
-import { authApi } from '../../lib/services';
-import { useAuthStore } from '../../stores/auth';
-import { toast } from '../../stores/toast';
-
-const schema = z.object({
-  account: z.string().min(3, '账号至少 3 位'),
-  password: z.string().min(6, '密码至少 6 位'),
-  remember: z.boolean().default(true),
-});
-
-type FormValues = z.infer<typeof schema>;
-
-export default function LoginPage() {
-  const navigate = useNavigate();
-  const location = useLocation();
-  const setToken = useAuthStore((s) => s.setToken);
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-
-  const {
-    register,
-    handleSubmit,
-    formState: { errors, isSubmitting },
-  } = useForm<FormValues>({
-    resolver: zodResolver(schema),
-    defaultValues: { account: '', password: '', remember: true },
-  });
-
-  const onSubmit = async (values: FormValues) => {
-    try {
-      const resp = await authApi.login({ account: values.account, password: values.password });
-      setToken(resp.token);
-      await refreshMe();
-      toast.success('登录成功');
-      const from = (location.state as { from?: string } | null)?.from ?? '/create/image';
-      navigate(from, { replace: true });
-    } catch (err) {
-      const msg = err instanceof ApiError ? err.message : '登录失败，请重试';
-      toast.error(msg);
-    }
-  };
-
-  return (
-    <div className="space-y-7">
-      <header className="space-y-2">
-        <h1 className="text-h1 text-text-primary">欢迎回来</h1>
-        <p className="text-body text-text-secondary">登录后开启你的 AIGC 创作</p>
-      </header>
-
-      <form className="space-y-4" onSubmit={handleSubmit(onSubmit)} noValidate>
-        <div className="field">
-          <label htmlFor="account" className="field-label">账号</label>
-          <input
-            id="account"
-            placeholder="邮箱 / 手机号 / 用户名"
-            autoComplete="username"
-            inputMode="email"
-            className={clsx('input', errors.account && 'input-error')}
-            {...register('account')}
-          />
-          {errors.account && <p className="field-error">{errors.account.message}</p>}
-        </div>
-
-        <div className="field">
-          <label htmlFor="password" className="field-label">密码</label>
-          <input
-            id="password"
-            type="password"
-            placeholder="请输入密码"
-            autoComplete="current-password"
-            className={clsx('input', errors.password && 'input-error')}
-            {...register('password')}
-          />
-          {errors.password && <p className="field-error">{errors.password.message}</p>}
-        </div>
-
-        <div className="flex items-center justify-between text-small">
-          <label className="flex items-center gap-2 text-text-secondary cursor-pointer select-none">
-            <input type="checkbox" className="checkbox" {...register('remember')} />
-            记住我
-          </label>
-          <Link to="/forgot" className="text-klein-500 hover:underline">忘记密码?</Link>
-        </div>
-
-        <button type="submit" className="btn btn-primary btn-lg btn-block" disabled={isSubmitting}>
-          {isSubmitting ? '登录中…' : '登 录'}
-        </button>
-
-        <div className="relative my-2">
-          <div className="absolute inset-0 grid place-items-center">
-            <div className="h-px w-full bg-border" />
-          </div>
-          <div className="relative flex justify-center">
-            <span className="bg-surface-bg px-3 text-tiny text-text-tertiary uppercase tracking-wider">或者</span>
-          </div>
-        </div>
-
-        <button type="button" className="btn btn-outline btn-lg btn-block" disabled>
-          使用 微信 登录（敬请期待）
-        </button>
-      </form>
-
-      <p className="text-small text-text-secondary text-center">
-        还没账号？
-        <Link to="/register" className="text-klein-500 hover:underline ml-1">立即注册</Link>
-      </p>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/pages/auth/RegisterPage.tsx b/frontend/apps/user/src/pages/auth/RegisterPage.tsx
deleted file mode 100644
index 47781a14..00000000
--- a/frontend/apps/user/src/pages/auth/RegisterPage.tsx
+++ /dev/null
@@ -1,126 +0,0 @@
-import { Link, useNavigate } from 'react-router-dom';
-import { useForm } from 'react-hook-form';
-import { z } from 'zod';
-import { zodResolver } from '@hookform/resolvers/zod';
-import clsx from 'clsx';
-
-import { ApiError } from '../../lib/api';
-import { authApi } from '../../lib/services';
-import { useAuthStore } from '../../stores/auth';
-import { toast } from '../../stores/toast';
-
-const schema = z
-  .object({
-    account: z.string().min(3, '账号至少 3 位').max(64, '账号过长'),
-    password: z
-      .string()
-      .min(8, '密码至少 8 位')
-      .max(64, '密码过长')
-      .regex(/[A-Za-z]/, '密码需包含字母')
-      .regex(/[0-9]/, '密码需包含数字'),
-    confirm: z.string(),
-    invite_code: z.string().max(16).optional().or(z.literal('')),
-  })
-  .refine((d) => d.password === d.confirm, {
-    message: '两次密码不一致',
-    path: ['confirm'],
-  });
-
-type FormValues = z.infer<typeof schema>;
-
-export default function RegisterPage() {
-  const navigate = useNavigate();
-  const setToken = useAuthStore((s) => s.setToken);
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-
-  const {
-    register,
-    handleSubmit,
-    formState: { errors, isSubmitting },
-  } = useForm<FormValues>({
-    resolver: zodResolver(schema),
-    defaultValues: { account: '', password: '', confirm: '', invite_code: '' },
-  });
-
-  const onSubmit = async (values: FormValues) => {
-    try {
-      const resp = await authApi.register({
-        account: values.account,
-        password: values.password,
-        invite_code: values.invite_code || undefined,
-      });
-      setToken(resp.token);
-      await refreshMe();
-      toast.success('注册成功，已为你登录');
-      navigate('/create/image', { replace: true });
-    } catch (err) {
-      const msg = err instanceof ApiError ? err.message : '注册失败，请重试';
-      toast.error(msg);
-    }
-  };
-
-  return (
-    <div className="space-y-6">
-      <header className="space-y-2">
-        <h1 className="text-h1 text-text-primary">注册账号</h1>
-        <p className="text-body text-text-secondary">创建账号开启你的 AIGC 之旅</p>
-      </header>
-
-      <form className="space-y-4" onSubmit={handleSubmit(onSubmit)} noValidate>
-        <div className="field">
-          <label className="field-label">账号</label>
-          <input
-            className={clsx('input', errors.account && 'input-error')}
-            placeholder="邮箱 / 手机号 / 用户名"
-            autoComplete="username"
-            {...register('account')}
-          />
-          {errors.account && <p className="field-error">{errors.account.message}</p>}
-        </div>
-
-        <div className="field">
-          <label className="field-label">设置密码</label>
-          <input
-            className={clsx('input', errors.password && 'input-error')}
-            type="password"
-            placeholder="≥ 8 位，含字母与数字"
-            autoComplete="new-password"
-            {...register('password')}
-          />
-          {errors.password && <p className="field-error">{errors.password.message}</p>}
-        </div>
-
-        <div className="field">
-          <label className="field-label">确认密码</label>
-          <input
-            className={clsx('input', errors.confirm && 'input-error')}
-            type="password"
-            placeholder="再次输入密码"
-            autoComplete="new-password"
-            {...register('confirm')}
-          />
-          {errors.confirm && <p className="field-error">{errors.confirm.message}</p>}
-        </div>
-
-        <div className="field">
-          <label className="field-label">邀请码（选填）</label>
-          <input className="input" placeholder="填写以获得额外点数" {...register('invite_code')} />
-          <p className="field-hint">使用邀请码注册可获得额外赠点。</p>
-        </div>
-
-        <button className="btn btn-primary btn-lg btn-block" type="submit" disabled={isSubmitting}>
-          {isSubmitting ? '创建中…' : '创 建 账 号'}
-        </button>
-
-        <p className="text-small text-text-tertiary text-center">
-          注册即代表同意 <a className="text-klein-500">服务条款</a> 与 <a className="text-klein-500">隐私政策</a>
-        </p>
-      </form>
-
-      <p className="text-small text-text-secondary text-center">
-        已有账号？
-        <Link to="/login" className="text-klein-500 hover:underline ml-1">立即登录</Link>
-      </p>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/pages/billing/BillingPage.tsx b/frontend/apps/user/src/pages/billing/BillingPage.tsx
deleted file mode 100644
index a7338f1b..00000000
--- a/frontend/apps/user/src/pages/billing/BillingPage.tsx
+++ /dev/null
@@ -1,177 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { useState } from 'react';
-import { Gift, Sparkles, Wallet } from 'lucide-react';
-
-import { ApiError } from '../../lib/api';
-import { fmtBiz, fmtPoints, fmtTime, pointsClass } from '../../lib/format';
-import { billingApi } from '../../lib/services';
-import { useAuthStore } from '../../stores/auth';
-import { toast } from '../../stores/toast';
-
-export default function BillingPage() {
-  const me = useAuthStore((s) => s.me);
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-  const qc = useQueryClient();
-
-  const [page, setPage] = useState(1);
-  const logsQ = useQuery({
-    queryKey: ['billing.logs', page],
-    queryFn: () => billingApi.logs(page, 20),
-  });
-
-  const [code, setCode] = useState('');
-  const redeemMut = useMutation({
-    mutationFn: () => billingApi.redeemCDK(code.trim()),
-    onSuccess: async (resp) => {
-      toast.success(`兑换成功 +${fmtPoints(resp.points)} 点`);
-      setCode('');
-      await refreshMe();
-      await qc.invalidateQueries({ queryKey: ['billing.logs'] });
-      setPage(1);
-    },
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '兑换失败'),
-  });
-
-  const stats = [
-    { label: '可用点数', value: fmtPoints(me?.points ?? 0), accent: true },
-    { label: '冻结点数', value: fmtPoints(me?.frozen_points ?? 0) },
-    { label: '当前套餐', value: me?.plan_code?.toUpperCase() ?? 'FREE' },
-    { label: '邀请码', value: me?.invite_code ?? '—' },
-  ];
-
-  const logs = logsQ.data?.list ?? [];
-  const total = logsQ.data?.total ?? 0;
-  const pageSize = logsQ.data?.page_size ?? 20;
-  const totalPages = Math.max(1, Math.ceil(total / pageSize));
-
-  return (
-    <div className="page">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">余额明细</h1>
-          <p className="page-subtitle">点数变动、兑换码、充值套餐都在这里管理。</p>
-        </div>
-      </header>
-
-      <div className="stat-grid mb-6">
-        {stats.map((s) => (
-          <div key={s.label} className={`stat-tile ${s.accent ? 'stat-tile-accent' : ''}`}>
-            <p className="stat-label">{s.label}</p>
-            <p className="stat-value">{s.value}</p>
-          </div>
-        ))}
-      </div>
-
-      <section className="grid gap-4 mb-6 lg:grid-cols-2">
-        <div className="card card-section">
-          <header className="section-header mb-3">
-            <span className="section-title">
-              <Gift size={18} className="text-klein-500" />
-              兑换码 CDK
-            </span>
-          </header>
-          <p className="text-small text-text-secondary mb-4 leading-loose">
-            输入活动码或邀请码即可立刻到账点数；同一个兑换码不可重复使用。
-          </p>
-          <div className="flex flex-col sm:flex-row gap-2">
-            <input
-              className="input"
-              placeholder="例如：GPT2API-2026-WELCOME"
-              value={code}
-              onChange={(e) => setCode(e.target.value.toUpperCase())}
-              maxLength={32}
-            />
-            <button
-              className="btn btn-primary btn-lg whitespace-nowrap"
-              disabled={code.trim().length < 4 || redeemMut.isPending}
-              onClick={() => redeemMut.mutate()}
-              type="button"
-            >
-              {redeemMut.isPending ? '兑换中…' : '立即兑换'}
-            </button>
-          </div>
-        </div>
-
-        <div className="card-tinted card-section">
-          <header className="section-header mb-3">
-            <span className="section-title">
-              <Sparkles size={18} className="text-klein-500" />
-              充值套餐
-            </span>
-            <span className="badge badge-klein">即将上线</span>
-          </header>
-          <p className="text-small text-text-secondary mb-4 leading-loose">
-            支付通道（微信 / 支付宝 / Stripe）正在开发中，当前请通过 CDK 或邀请获得点数。
-          </p>
-          <button className="btn btn-outline btn-md" disabled type="button">
-            敬请期待
-          </button>
-          <p className="mt-3 text-small text-text-tertiary leading-loose">
-            冻结点数不会按时间自动释放，它只会在任务成功结算时转为已消费，或在任务失败、超时后自动退款解冻。
-          </p>
-        </div>
-      </section>
-
-      <section className="card overflow-hidden">
-        <div className="px-5 py-3.5 border-b border-border flex items-center justify-between">
-          <span className="section-title">
-            <Wallet size={16} className="text-text-tertiary" />
-            最近交易
-          </span>
-          <span className="text-small text-text-tertiary">共 {total} 条</span>
-        </div>
-        <div className="divide-y divide-border">
-          {logsQ.isLoading && (
-            <p className="px-5 py-10 text-center text-text-tertiary text-small">加载中...</p>
-          )}
-          {!logsQ.isLoading && logs.length === 0 && (
-            <div className="empty-state">
-              <span className="empty-state-icon">
-                <Wallet size={22} />
-              </span>
-              <p className="empty-state-title">暂无流水记录</p>
-              <p className="empty-state-desc">兑换 CDK、生成图片或视频后，相关账单会在此呈现。</p>
-            </div>
-          )}
-          {logs.map((l) => (
-            <div key={l.id} className="list-row">
-              <div className="min-w-0">
-                <p className="font-medium text-text-primary truncate">
-                  {fmtBiz(l.biz_type)}
-                  {l.remark ? ` · ${l.remark}` : ''}
-                </p>
-                <p className="text-small text-text-tertiary mt-0.5">{fmtTime(l.created_at)}</p>
-              </div>
-              <p className={`font-bold whitespace-nowrap ${pointsClass(l.direction)}`}>
-                {l.direction > 0 ? '+' : '-'} {fmtPoints(Math.abs(l.points))} 点
-              </p>
-            </div>
-          ))}
-        </div>
-        <div className="flex items-center justify-between gap-3 border-t border-border px-5 py-4 text-sm">
-          <span className="text-text-tertiary">
-            第 {page} / {totalPages} 页，共 {total} 条
-          </span>
-          <div className="flex items-center gap-2">
-            <button
-              className="btn btn-outline btn-md"
-              disabled={page <= 1 || logsQ.isFetching}
-              onClick={() => setPage((p) => Math.max(1, p - 1))}
-              type="button"
-            >
-              上一页
-            </button>
-            <button
-              className="btn btn-outline btn-md"
-              disabled={page >= totalPages || logsQ.isFetching}
-              onClick={() => setPage((p) => Math.min(totalPages, p + 1))}
-              type="button"
-            >
-              下一页
-            </button>
-          </div>
-        </div>
-      </section>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/pages/create/CreateImagePage.tsx b/frontend/apps/user/src/pages/create/CreateImagePage.tsx
deleted file mode 100644
index 8c4d6a63..00000000
--- a/frontend/apps/user/src/pages/create/CreateImagePage.tsx
+++ /dev/null
@@ -1,404 +0,0 @@
-import { useEffect, useRef, useState } from 'react';
-import { useMutation, useQueryClient } from '@tanstack/react-query';
-import { Sparkles, Upload, RefreshCw, Heart, Download, Loader2 } from 'lucide-react';
-import clsx from 'clsx';
-
-import { useEnsureLoggedIn } from '../../hooks/useEnsureLoggedIn';
-import { ApiError } from '../../lib/api';
-import { fmtPoints } from '../../lib/format';
-import { genApi } from '../../lib/services';
-import type { GenerationTask } from '../../lib/types';
-import { useAuthStore } from '../../stores/auth';
-import { toast } from '../../stores/toast';
-
-const MODELS = [
-  { code: 'img-v3',    name: '通用 V3.0',    hot: true,  cost: 4 },
-  { code: 'img-real',  name: '写实 V2.1',    cost: 4 },
-  { code: 'img-anime', name: '二次元 V2.0',  cost: 3 },
-  { code: 'img-3d',    name: '3D 渲染',       cost: 5,    pro: true },
-];
-
-const RATIOS = ['1:1', '3:4', '4:3', '16:9', '9:16'] as const;
-const COUNTS = [1, 2, 4] as const;
-const QUALITY = [
-  { value: 'standard', label: '标准' },
-  { value: 'hd', label: '高清' },
-] as const;
-
-type Quality = (typeof QUALITY)[number]['value'];
-
-const STATUS_LABELS: Record<number, string> = {
-  0: '排队中', 1: '生成中', 2: '已完成', 3: '失败', 4: '已退款', 5: '已取消',
-};
-
-export default function CreateImagePage() {
-  const qc = useQueryClient();
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-  const ensureLoggedIn = useEnsureLoggedIn();
-
-  const [model, setModel] = useState(MODELS[0]!.code);
-  const [ratio, setRatio] = useState<(typeof RATIOS)[number]>('1:1');
-  const [count, setCount] = useState<(typeof COUNTS)[number]>(2);
-  const [quality, setQuality] = useState<Quality>('hd');
-  const [prompt, setPrompt] = useState('一座漂浮在云端的未来主义城堡，黄昏，体积光，电影级构图');
-
-  const [task, setTask] = useState<GenerationTask | null>(null);
-  const pollRef = useRef<number | null>(null);
-
-  useEffect(() => {
-    return () => {
-      if (pollRef.current) window.clearInterval(pollRef.current);
-    };
-  }, []);
-
-  const createMut = useMutation({
-    mutationFn: () =>
-      genApi.createImage({ model, prompt, count, ratio, quality }),
-    onSuccess: (t) => {
-      setTask(t);
-      startPolling(t.task_id);
-      void refreshMe();
-      qc.invalidateQueries({ queryKey: ['gen.history'] });
-    },
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '生成失败'),
-  });
-
-  const startPolling = (taskId: string) => {
-    if (pollRef.current) window.clearInterval(pollRef.current);
-    pollRef.current = window.setInterval(async () => {
-      try {
-        const fresh = await genApi.getTask(taskId);
-        setTask(fresh);
-        if (fresh.status === 2 || fresh.status === 3 || fresh.status === 4) {
-          if (pollRef.current) window.clearInterval(pollRef.current);
-          pollRef.current = null;
-          if (fresh.status === 2) toast.success('生成完成');
-          else if (fresh.status === 3) toast.error(fresh.error || '生成失败');
-          else toast.info('生成失败已退款');
-          await refreshMe();
-          qc.invalidateQueries({ queryKey: ['gen.history'] });
-          qc.invalidateQueries({ queryKey: ['billing.logs'] });
-        }
-      } catch {
-        // ignore
-      }
-    }, 1500);
-  };
-
-  const expectedCost = (MODELS.find((m) => m.code === model)?.cost ?? 4) * count;
-  const inProgress = task && (task.status === 0 || task.status === 1);
-  const results = task?.results ?? [];
-
-  const submitGenerate = () => {
-    ensureLoggedIn(() => createMut.mutate(), '登录后即可生成图像');
-  };
-
-  return (
-    <div
-      className="
-        grid h-full
-        @container
-        grid-cols-1
-        lg:grid-cols-[clamp(320px,30vw,420px)_1fr]
-        2xl:grid-cols-[clamp(320px,26vw,420px)_1fr_clamp(260px,18vw,320px)]
-      "
-    >
-      {/* 左：参数面板 */}
-      <section className="border-r border-border bg-surface-1 p-5 lg:p-6 overflow-y-auto">
-        <header className="mb-5">
-          <h2 className="text-h3 text-text-primary">图像创作</h2>
-          <p className="text-small text-text-tertiary mt-1">配置模型、提示词与输出参数。</p>
-        </header>
-
-        <ScrollPicker
-          label="模型"
-          value={model}
-          options={MODELS.map((m) => ({
-            value: m.code,
-            label: m.name,
-            badge: m.hot ? '热门' : m.pro ? 'Pro' : undefined,
-            cost: m.cost,
-          }))}
-          onChange={setModel}
-        />
-
-        <FieldBlock label="提示词" hint={`${prompt.length}/4000`}>
-          <textarea
-            value={prompt}
-            onChange={(e) => setPrompt(e.target.value)}
-            rows={6}
-            className="textarea leading-loose"
-            placeholder="描述你想要的画面，越具体越好"
-            maxLength={4000}
-          />
-          <div className="mt-2 flex flex-wrap gap-1.5">
-            {['电影感', '微距摄影', '梦幻光影', '高级感'].map((t) => (
-              <button
-                key={t}
-                type="button"
-                className="chip"
-                onClick={() => setPrompt((p) => `${p}, ${t}`)}
-              >
-                + {t}
-              </button>
-            ))}
-          </div>
-        </FieldBlock>
-
-        <FieldBlock label="参考图（暂不可用）">
-          <button
-            className="w-full h-28 grid place-items-center rounded-md border-2 border-dashed border-border opacity-60 cursor-not-allowed"
-            disabled
-          >
-            <div className="flex flex-col items-center gap-1 text-text-tertiary">
-              <Upload size={20} />
-              <span className="text-small">即将上线</span>
-            </div>
-          </button>
-        </FieldBlock>
-
-        <div className="grid grid-cols-2 gap-4">
-          <FieldBlock label="比例">
-            <div className="grid grid-cols-5 gap-1.5">
-              {RATIOS.map((r) => (
-                <Pill key={r} active={r === ratio} onClick={() => setRatio(r)}>
-                  {r}
-                </Pill>
-              ))}
-            </div>
-          </FieldBlock>
-          <FieldBlock label="数量">
-            <div className="grid grid-cols-3 gap-1.5">
-              {COUNTS.map((c) => (
-                <Pill key={c} active={c === count} onClick={() => setCount(c)}>
-                  {c}
-                </Pill>
-              ))}
-            </div>
-          </FieldBlock>
-        </div>
-
-        <FieldBlock label="质量">
-          <div className="grid grid-cols-2 gap-1.5">
-            {QUALITY.map((q) => (
-              <Pill key={q.value} active={q.value === quality} onClick={() => setQuality(q.value)}>
-                {q.label}
-              </Pill>
-            ))}
-          </div>
-        </FieldBlock>
-
-        <div className="sticky bottom-0 -mx-5 lg:-mx-6 mt-6 px-5 lg:px-6 pt-4 pb-[max(16px,env(safe-area-inset-bottom))] bg-surface-1/95 backdrop-blur border-t border-border">
-          <div className="flex items-center justify-between mb-2 text-small">
-            <span className="text-text-secondary">预计消耗</span>
-            <span className="font-semibold text-klein-500">{expectedCost} 点</span>
-          </div>
-          <button
-            className="btn btn-primary btn-xl btn-block"
-            onClick={submitGenerate}
-            disabled={createMut.isPending || !!inProgress || !prompt.trim()}
-          >
-            {createMut.isPending || inProgress ? (
-              <><Loader2 size={18} className="animate-spin" />生成中…</>
-            ) : (
-              <><Sparkles size={18} />立即生成</>
-            )}
-          </button>
-        </div>
-      </section>
-
-      {/* 中：结果展示 */}
-      <section className="bg-surface-bg overflow-y-auto">
-        <div className="p-5 lg:p-8">
-          <header className="flex flex-wrap items-center justify-between gap-3 mb-6">
-            <div className="flex items-center gap-3 flex-wrap">
-              <h3 className="text-h2 text-text-primary">作品预览</h3>
-              {task && (
-                <div className="2xl:hidden chip chip-outline">
-                  <span>{STATUS_LABELS[task.status]}</span>
-                  <span className="font-semibold text-klein-500">{task.progress ?? 0}%</span>
-                </div>
-              )}
-            </div>
-            <div className="flex items-center gap-2">
-              <button
-                className="btn btn-outline btn-md"
-                onClick={submitGenerate}
-                disabled={createMut.isPending || !!inProgress}
-              >
-                <RefreshCw size={16} /> 再来一组
-              </button>
-            </div>
-          </header>
-
-          <div className="grid gap-4 [grid-template-columns:repeat(auto-fill,minmax(min(280px,100%),1fr))]">
-            {results.length > 0
-              ? results.map((r, i) => (
-                  <article
-                    key={r.url}
-                    className="group relative overflow-hidden rounded-lg bg-surface-2 shadow-2 hover:shadow-3 transition"
-                    style={{ aspectRatio: ratio.replace(':', '/') }}
-                  >
-                    <img
-                      src={r.url}
-                      alt={`生成结果 ${i + 1}`}
-                      loading="lazy"
-                      className="absolute inset-0 h-full w-full object-cover"
-                    />
-                    <div className="absolute inset-x-0 bottom-0 p-3 bg-gradient-to-t from-black/60 to-transparent opacity-0 group-hover:opacity-100 transition flex items-center justify-end gap-2">
-                      <button className="btn btn-icon btn-sm bg-white/15 text-white hover:bg-white/25" title="收藏">
-                        <Heart size={16} />
-                      </button>
-                      <a
-                        className="btn btn-icon btn-sm bg-white/15 text-white hover:bg-white/25"
-                        href={r.url}
-                        download
-                        target="_blank"
-                        rel="noreferrer"
-                      >
-                        <Download size={16} />
-                      </a>
-                    </div>
-                  </article>
-                ))
-              : Array.from({ length: count }).map((_, i) => (
-                  <article
-                    key={i}
-                    className="relative overflow-hidden rounded-lg bg-klein-gradient-soft border border-border grid place-items-center"
-                    style={{ aspectRatio: ratio.replace(':', '/') }}
-                  >
-                    <span className="text-text-tertiary text-small">
-                      {inProgress ? `生成中 ${task?.progress ?? 0}%` : '等待生成'}
-                    </span>
-                  </article>
-                ))}
-          </div>
-
-          <div className="mt-10 card card-section">
-            <h4 className="section-title mb-2">提示</h4>
-            <p className="text-body text-text-secondary leading-loose">
-              生成结果将自动保存到「生成历史」，可在 14 天内重新下载或生成变体。
-              支持 OpenAI 兼容协议直接调用，参考「调用说明」。
-            </p>
-          </div>
-        </div>
-      </section>
-
-      {/* 右：当前任务进度（≥1536px） */}
-      <aside className="hidden 2xl:flex flex-col border-l border-border bg-surface-1 overflow-y-auto">
-        <div className="p-5">
-          <h4 className="section-title mb-3">当前任务</h4>
-          {task ? (
-            <div className="card-flat p-4">
-              <div className="flex items-center justify-between mb-3">
-                <span className="text-small text-text-secondary">{STATUS_LABELS[task.status]}</span>
-                <span className="text-small font-semibold text-klein-500">{task.progress ?? 0}%</span>
-              </div>
-              <div className="progress">
-                <div className="progress-bar" style={{ width: `${task.progress ?? 0}%` }} />
-              </div>
-              <p className="mt-3 text-small text-text-tertiary leading-loose line-clamp-3">{prompt}</p>
-              <p className="mt-2 text-tiny text-text-tertiary">
-                Task ID: <code className="font-mono">{task.task_id}</code>
-              </p>
-              <p className="mt-1 text-tiny text-text-tertiary">
-                消耗：{fmtPoints(task.cost_points)} 点
-              </p>
-            </div>
-          ) : (
-            <div className="rounded-md border border-dashed border-border p-4 text-text-tertiary text-small">
-              点击「立即生成」开始你的创作
-            </div>
-          )}
-        </div>
-      </aside>
-    </div>
-  );
-}
-
-/* —— 小组件 —— */
-
-function FieldBlock({ label, hint, children }: { label: string; hint?: string; children: React.ReactNode }) {
-  return (
-    <div className="mb-5">
-      <div className="flex items-center justify-between mb-1.5">
-        <label className="field-label">{label}</label>
-        {hint && <span className="text-tiny text-text-tertiary">{hint}</span>}
-      </div>
-      {children}
-    </div>
-  );
-}
-
-function Pill({
-  active,
-  children,
-  onClick,
-  disabled,
-}: {
-  active?: boolean;
-  children: React.ReactNode;
-  onClick?: () => void;
-  disabled?: boolean;
-}) {
-  return (
-    <button
-      type="button"
-      onClick={onClick}
-      disabled={disabled}
-      className={clsx(
-        'h-9 min-w-[44px] px-3 rounded-md text-small font-medium border transition',
-        active
-          ? 'bg-klein-gradient text-text-on-klein border-transparent shadow-glow-soft'
-          : 'border-border text-text-secondary hover:text-text-primary hover:border-klein-500',
-        disabled && 'opacity-50 cursor-not-allowed',
-      )}
-    >
-      {children}
-    </button>
-  );
-}
-
-function ScrollPicker({
-  label,
-  value,
-  options,
-  onChange,
-}: {
-  label: string;
-  value: string;
-  options: { value: string; label: string; badge?: string; cost?: number }[];
-  onChange: (v: string) => void;
-}) {
-  return (
-    <div className="mb-5">
-      <label className="field-label mb-1.5 block">{label}</label>
-      <div className="grid grid-cols-2 gap-2">
-        {options.map((o) => {
-          const active = o.value === value;
-          return (
-            <button
-              key={o.value}
-              type="button"
-              onClick={() => onChange(o.value)}
-              className={clsx(
-                'relative flex flex-col items-start p-3 rounded-md border text-left transition',
-                active
-                  ? 'border-klein-500 bg-klein-gradient-soft shadow-glow-soft'
-                  : 'border-border hover:border-klein-300',
-              )}
-            >
-              <span className="font-medium text-text-primary">{o.label}</span>
-              {o.cost !== undefined && (
-                <span className="text-small text-text-tertiary mt-0.5">{o.cost} 点 / 张</span>
-              )}
-              {o.badge && (
-                <span className="absolute top-2 right-2 badge badge-klein">{o.badge}</span>
-              )}
-            </button>
-          );
-        })}
-      </div>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/pages/create/CreateStudioPage.tsx b/frontend/apps/user/src/pages/create/CreateStudioPage.tsx
deleted file mode 100644
index a5c911fd..00000000
--- a/frontend/apps/user/src/pages/create/CreateStudioPage.tsx
+++ /dev/null
@@ -1,873 +0,0 @@
-import { useEffect, useMemo, useRef, useState } from 'react';
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { useLocation, useNavigate } from 'react-router-dom';
-import {
-  ArrowUp,
-  Check,
-  ChevronDown,
-  ChevronLeft,
-  ChevronRight,
-  FileImage,
-  Image,
-  Loader2,
-  Maximize2,
-  Mic,
-  MoreHorizontal,
-  Paperclip,
-  Play,
-  Sparkles,
-  Trash2,
-  Video,
-  X,
-} from 'lucide-react';
-import clsx from 'clsx';
-
-import { useEnsureLoggedIn } from '../../hooks/useEnsureLoggedIn';
-import { ApiError } from '../../lib/api';
-import { fmtRelative } from '../../lib/format';
-import { genApi } from '../../lib/services';
-import type { GenerationTask, PublicModel } from '../../lib/types';
-import { useAuthStore } from '../../stores/auth';
-import { toast } from '../../stores/toast';
-
-type StudioMode = 'image' | 'text' | 'video';
-
-const MODES: Array<{ value: StudioMode; label: string; icon: typeof Image }> = [
-  { value: 'image', label: '图片', icon: Image },
-  { value: 'text', label: '文字', icon: Sparkles },
-  { value: 'video', label: '视频', icon: Video },
-];
-
-const GENERATING_PHRASES = [
-  '正在为您设计中...',
-  '灵感正在慢慢成形',
-  '细节正在被认真打磨',
-  '画面很快就会出现',
-];
-
-const IMAGE_MODELS = [
-  { code: 'gpt-image-2', label: 'GPT Image 2', cost: 0 },
-];
-
-type SelectModel = {
-  code: string;
-  label: string;
-  cost?: number;
-  input?: number;
-  output?: number;
-};
-
-const VIDEO_MODELS = [
-  { code: 'grok-imagine-video', label: 'Grok Imagine 视频', cost: 20 },
-  { code: 'vid-i2v', label: 'Grok 图生视频', cost: 20 },
-];
-
-const TEXT_MODELS = [
-  { code: 'grok-4.20-fast', label: 'Grok Fast', input: 1, output: 3 },
-  { code: 'grok-4.20-auto', label: 'Grok Auto', input: 1.5, output: 4.5 },
-  { code: 'grok-4.20-expert', label: 'Grok Expert', input: 2, output: 6 },
-  { code: 'grok-4.20-heavy', label: 'Grok Heavy', input: 4, output: 12 },
-  { code: 'gpt-4o-mini', label: 'GPT 4o mini', input: 1, output: 3 },
-];
-
-const IMAGE_RATIOS = ['1:1', '3:2', '2:3', '4:3', '3:4', '5:4', '4:5', '16:9', '9:16', '21:9'] as const;
-const IMAGE_RESOLUTIONS = ['1K', '2K', '4K'] as const;
-const VIDEO_RATIOS = ['16:9', '9:16', '1:1'] as const;
-const VIDEO_DURATIONS = [6, 10] as const;
-const HISTORY_PAGE_SIZES = [20, 50, 100] as const;
-type HistoryDeleteScope = 'before_3d' | 'before_7d' | 'all';
-const TEXT_MAX_ATTACHMENTS = 5;
-const VIDEO_MAX_ATTACHMENTS = 7;
-const SUGGESTIONS = [
-  {
-    title: '极简产品广告',
-    image: '/examples/case-1.jpg',
-    prompt: `A minimalist product advertisement with a {argument name="product" default="fried chicken bucket"} placed on a clean white podium.
-
-Background: soft gradient ({argument name="background gradient" default="light cream to white"}), clean studio.
-
-Lighting: soft diffused, premium Apple-style.
-
-Typography (center): "{argument name="headline" default="PURE CRUNCH"}"
-
-Small text below: "Nothing extra. Just perfection."
-
-Style: ultra clean, editorial minimal, high-end branding, 8K.`,
-  },
-  {
-    title: '城市海报',
-    image: '/examples/case-2.jpg',
-    prompt: `A striking Spring 2026 city poster for Boston with an elegant celebratory mood and a bold contemporary design. On a clean off-white textured background with large areas of negative space, a miniature single sculler rows across the lower right corner of the image on a narrow ribbon of reflective water. The wake from the oar sweeps upward in a dynamic calligraphic curve, gradually transforming into the Charles River and then into a dreamlike hand-painted panorama of Boston. Inside this flowing river-shaped composition are iconic Boston elements: the Back Bay skyline, Beacon Hill brownstones, Acorn Street, Boston Public Garden, Swan Boats, Zakim Bridge, Fenway-inspired details, historic brick architecture, harbor ferries, and the city's waterfront atmosphere. Soft morning fog, golden spring light, subtle festive accents in crimson and gold, rich detail, layered depth, sophisticated city-poster aesthetics, fresh and refined, visually powerful but not overcrowded. Elegant typography in the lower left reads "SPRING 2026" with a vertical slogan "BOSTON, A CITY OF RIVER, MEMORY, AND INVENTION", text clear and beautifully composed, premium graphic design, 9:16`,
-  },
-  {
-    title: '3D 手办工作流',
-    image: '/examples/case-3.jpg',
-    prompt: `Photorealistic high-quality studio photo of a modern digital art workspace, showing the concept of "from 3D virtual character to real collectible figure."
-
-In the foreground, a highly realistic collectible figurine of [Character Name / Character Identity] is placed on a round wooden display stand. The character has [facial features / appearance], [hairstyle], and a [expression / personality vibe]. The figure is wearing [outfit / costume]. The overall design is refined, premium, and instantly recognizable. The figurine should have realistic collectible statue quality, with subtle resin/sculpture material feel, while still looking highly believable and visually realistic.
-
-The pose is [character pose], natural, stable, elegant, and display-worthy. Shot from a low-angle close-up perspective with slight wide-angle distortion, vertical composition, emphasizing the full figure, clothing structure, leg lines, and pose.
-
-In the background, there is a professional 3D character design workstation with two large curved monitors. Both monitors must show the exact same character as the foreground figurine - same face, same hairstyle, same outfit, same pose, and same overall vibe - clearly expressing the idea of turning a digital 3D character into a real physical figure.
-
-The left monitor shows a gray sculpt / clay model view in a professional 3D sculpting software interface, similar to ZBrush. The gray model must match the foreground figure exactly in character design, pose, outfit structure, and facial identity.
-
-The right monitor shows the fully rendered colored version of the same character, also matching the foreground figure exactly in face, hairstyle, outfit, pose, and temperament. Together, the two monitors reinforce the workflow of "digital character design -> physical collectible statue."
-
-On the desk are a keyboard, mouse, monitor arms, drawing tablet, stylus, and other 3D modeling tools. The workspace is clean, professional, and visually premium. Optional extra elements: [weapon / accessories / theme props / IP-style design details].
-
-Lighting is a mix of soft studio lighting and indoor workspace lighting. The foreground figurine is evenly lit with clear facial and material detail, while the monitors emit cool-toned tech light. Overall mood is realistic, clean, premium, slightly shallow depth of field, ultra-detailed, emphasizing the collectible figure quality, professional 3D design studio atmosphere, and the visual concept of "from digital model to real figure."
-
-photorealistic, ultra detailed, cinematic studio lighting, realistic figurine, collectible statue, 3D character design studio, from digital model to real figure, vertical composition`,
-  },
-  {
-    title: '鹿鼎记海报',
-    image: '/examples/case-4.jpg',
-    prompt: '生成鹿鼎记海报，展现韦小宝跟老婆XXX，忠于原著的描述，夸大特点，强调女性的美艳和男性的气质',
-  },
-  {
-    title: '人类演化图',
-    image: '/examples/case-5.jpg',
-    prompt: `{
-  "type": "evolutionary timeline infographic",
-  "instruction": "Using REFERENCE_0 as a structural base, transform the flat vector design into a highly realistic 3D infographic. Replace the smooth ramps with distinct stone steps and upgrade all organisms to photorealistic 3D models.",
-  "style": {
-    "background": "{argument name=\\"background style\\" default=\\"vintage textured parchment paper\\"}",
-    "staircase": "{argument name=\\"staircase material\\" default=\\"realistic textured stone blocks\\"}",
-    "subjects": "{argument name=\\"organism style\\" default=\\"highly detailed photorealistic 3D renders\\"}"
-  },
-  "layout": {
-    "main_title": "{argument name=\\"main title\\" default=\\"人类演化\\"}",
-    "sections": [
-      {
-        "position": "left sidebar",
-        "count": 8,
-        "labels": ["L0: 单细胞生命", "L1: 多细胞生物", "L2: 动物界", "L3: 脊索动物", "L4: 上陆革命", "L5: 哺乳纲", "L6: 人科演化", "L7: 智人纪元"]
-      },
-      {
-        "position": "top right",
-        "title": "获得的功能 / 失去的功能",
-        "description": "Legend with plus and minus icons"
-      },
-      {
-        "position": "bottom center",
-        "title": "演化关键里程碑",
-        "count": 6,
-        "description": "Timeline with a silhouette graphic of 6 figures showing ape-to-human evolution"
-      }
-    ],
-    "centerpiece": {
-      "description": "Winding stone staircase with 25 numbered steps featuring specific organisms.",
-      "count": 25,
-      "notable_elements": [
-        "Step 07: Jellyfish",
-        "Step 09: Ammonite",
-        "Step 10: Trilobite",
-        "Step 24: Walking human",
-        "Step 25: {argument name=\\"future evolution concept\\" default=\\"glowing cosmic silhouette with a question mark\\"}"
-      ]
-    }
-  }
-}`,
-  },
-];
-
-export default function CreateStudioPage() {
-  const location = useLocation();
-  const navigate = useNavigate();
-  const qc = useQueryClient();
-  const ensureLoggedIn = useEnsureLoggedIn();
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-  const token = useAuthStore((s) => s.token);
-
-  const modelCatalog = useQuery({
-    queryKey: ['gen.models'],
-    queryFn: () => genApi.models(),
-    staleTime: 60_000,
-  });
-
-  const imageModels = useMemo(() => modelsByKind(modelCatalog.data, 'image', IMAGE_MODELS), [modelCatalog.data]);
-  const textModels = useMemo(() => modelsByKind(modelCatalog.data, 'text', TEXT_MODELS), [modelCatalog.data]);
-  const videoModels = useMemo(() => modelsByKind(modelCatalog.data, 'video', VIDEO_MODELS), [modelCatalog.data]);
-
-  const mode = modeFromPath(location.pathname);
-  const [prompt, setPrompt] = useState('');
-  const [textModel, setTextModel] = useState(TEXT_MODELS[0]!.code);
-  const [imageModel, setImageModel] = useState(IMAGE_MODELS[0]!.code);
-  const [videoModel, setVideoModel] = useState(VIDEO_MODELS[0]!.code);
-  const [imageRatio, setImageRatio] = useState<(typeof IMAGE_RATIOS)[number]>('1:1');
-  const [imageResolution, setImageResolution] = useState<(typeof IMAGE_RESOLUTIONS)[number]>('1K');
-  const [videoRatio, setVideoRatio] = useState<(typeof VIDEO_RATIOS)[number]>('16:9');
-  const [count, setCount] = useState(1);
-  const [duration, setDuration] = useState<(typeof VIDEO_DURATIONS)[number]>(6);
-  const [attachments, setAttachments] = useState<Array<{ id: string; name: string; dataUrl: string }>>([]);
-  const [textResult, setTextResult] = useState('');
-  const [task, setTask] = useState<GenerationTask | null>(null);
-  const [historyPageSize, setHistoryPageSize] = useState<(typeof HISTORY_PAGE_SIZES)[number]>(20);
-  const [preview, setPreview] = useState<{ url: string; type: 'image' | 'video'; title: string } | null>(null);
-  const pollRef = useRef<number | null>(null);
-  const promptRef = useRef<HTMLTextAreaElement | null>(null);
-  const fileInputRef = useRef<HTMLInputElement | null>(null);
-
-  useEffect(() => () => {
-    if (pollRef.current) window.clearInterval(pollRef.current);
-  }, []);
-
-  useEffect(() => {
-    setTask(null);
-    setTextResult('');
-    setAttachments([]);
-  }, [mode]);
-
-  useEffect(() => {
-    if (imageModels.length && !imageModels.some((m) => m.code === imageModel)) setImageModel(imageModels[0]!.code);
-    if (textModels.length && !textModels.some((m) => m.code === textModel)) setTextModel(textModels[0]!.code);
-    if (videoModels.length && !videoModels.some((m) => m.code === videoModel)) setVideoModel(videoModels[0]!.code);
-  }, [imageModel, imageModels, textModel, textModels, videoModel, videoModels]);
-
-  useEffect(() => {
-    const el = promptRef.current;
-    if (!el) return;
-    el.style.height = 'auto';
-    el.style.height = `${Math.min(el.scrollHeight, 260)}px`;
-    el.style.overflowY = el.scrollHeight > 260 ? 'auto' : 'hidden';
-  }, [prompt, mode]);
-
-  const history = useQuery({
-    queryKey: ['gen.history', 'studio', token, historyPageSize],
-    enabled: !!token,
-    queryFn: () => genApi.history({ kind: 'media', page: 1, page_size: historyPageSize }),
-  });
-
-  const deleteHistory = useMutation({
-    mutationFn: (scope: HistoryDeleteScope) => genApi.deleteHistory(scope),
-    onSuccess: (res, scope) => {
-      const label = scope === 'before_3d' ? '3天前作品' : scope === 'before_7d' ? '7天前作品' : '全部作品';
-      toast.success(`已删除 ${res.deleted} 条${label}`);
-      setTask(null);
-      qc.invalidateQueries({ queryKey: ['gen.history'] });
-    },
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '删除失败'),
-  });
-
-  const createImage = useMutation({
-    mutationFn: () => genApi.createImage({
-      model: imageModel,
-      prompt,
-      count,
-      ratio: imageRatio,
-      ref_assets: attachments.map((item) => item.dataUrl),
-      mode: attachments.length ? 'i2i' : 't2i',
-      params: { resolution: imageResolution, quality: 'high' },
-    }),
-    onSuccess: (t) => handleTask(t),
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '生成失败'),
-  });
-
-  const createVideo = useMutation({
-    mutationFn: () => genApi.createVideo({ model: videoModel, prompt, duration, ratio: videoRatio, quality: 'hd', ref_assets: attachments.map((item) => item.dataUrl), mode: attachments.length ? 'i2v' : 't2v' }),
-    onSuccess: (t) => handleTask(t),
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '生成失败'),
-  });
-
-  const createText = useMutation({
-    mutationFn: () => genApi.createText({ model: textModel, prompt, max_tokens: 1600, images: attachments.map((item) => item.dataUrl) }),
-    onSuccess: async (res) => {
-      setTextResult(res.content || '');
-      toast.success('文字生成完成');
-      await refreshMe();
-      qc.invalidateQueries({ queryKey: ['gen.history'] });
-    },
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '生成失败'),
-  });
-
-  const inProgress = task && (task.status === 0 || task.status === 1);
-  const resultItems = useMemo(() => {
-    const visible = (item: GenerationTask) => (item.kind === 'image' || item.kind === 'video') && item.status !== 3;
-    const current = task?.results?.length && visible(task) ? [task] : [];
-    const rest = (history.data?.list ?? []).filter(visible);
-    return [...current, ...rest].filter((item, idx, arr) => arr.findIndex((x) => x.task_id === item.task_id) === idx);
-  }, [history.data?.list, task]);
-
-  const expectedCost = mode === 'video'
-    ? Math.round(((videoModels.find((m) => m.code === videoModel)?.cost ?? 20) * duration) / 6)
-    : mode === 'text'
-      ? '按实际 Token'
-      : (imageModels.find((m) => m.code === imageModel)?.cost ?? 4) * count;
-  const maxAttachments = mode === 'video' ? VIDEO_MAX_ATTACHMENTS : TEXT_MAX_ATTACHMENTS;
-
-  const handleTask = (t: GenerationTask) => {
-    setTask(t);
-    startPolling(t.task_id);
-    void refreshMe();
-    qc.invalidateQueries({ queryKey: ['gen.history'] });
-  };
-
-  const startPolling = (taskId: string) => {
-    if (pollRef.current) window.clearInterval(pollRef.current);
-    pollRef.current = window.setInterval(async () => {
-      try {
-        const fresh = await genApi.getTask(taskId);
-        setTask(fresh);
-        if ([2, 3, 4].includes(fresh.status)) {
-          if (pollRef.current) window.clearInterval(pollRef.current);
-          pollRef.current = null;
-          if (fresh.status === 2) toast.success('生成完成');
-          else if (fresh.status === 3) toast.error(fresh.error || '生成失败');
-          else toast.info('已退款');
-          await refreshMe();
-          qc.invalidateQueries({ queryKey: ['gen.history'] });
-        }
-      } catch {
-        // keep polling quietly
-      }
-    }, mode === 'video' ? 2000 : 1500);
-  };
-
-  const submit = () => {
-    if (!prompt.trim()) {
-      toast.info('先描述你想创作的内容');
-      return;
-    }
-    ensureLoggedIn(() => {
-      if (mode === 'text') createText.mutate();
-      else if (mode === 'video') createVideo.mutate();
-      else createImage.mutate();
-    }, '登录后即可开始创作');
-  };
-
-  const readFileAsDataURL = (file: File) => new Promise<string>((resolve, reject) => {
-    const reader = new FileReader();
-    reader.onload = () => resolve(String(reader.result || ''));
-    reader.onerror = () => reject(reader.error || new Error('read file failed'));
-    reader.readAsDataURL(file);
-  });
-
-  const handleAttachFiles = async (files: FileList | null) => {
-    if (!files?.length) return;
-    const imageFiles = Array.from(files).filter((file) => file.type.startsWith('image/'));
-    if (!imageFiles.length) {
-      toast.info('请选择图片文件');
-      return;
-    }
-    const slots = Math.max(0, maxAttachments - attachments.length);
-    if (slots <= 0) {
-      toast.info(`最多上传 ${maxAttachments} 张参考图`);
-      return;
-    }
-    const picked = imageFiles.slice(0, slots);
-    try {
-      const data = await Promise.all(picked.map(async (file) => ({
-        id: `${file.name}-${file.size}-${file.lastModified}`,
-        name: file.name,
-        dataUrl: await readFileAsDataURL(file),
-      })));
-      setAttachments((prev) => [...prev, ...data]);
-      if (imageFiles.length > slots) toast.info(`已保留前 ${maxAttachments} 张参考图`);
-    } catch {
-      toast.error('读取图片失败');
-    } finally {
-      if (fileInputRef.current) fileInputRef.current.value = '';
-    }
-  };
-
-  return (
-    <div className="mx-auto min-h-screen w-full max-w-[1500px] px-4 pb-12 pt-10 sm:px-8 lg:px-12">
-      <section className="mx-auto max-w-[760px]">
-        <div className="mb-6 flex items-center justify-between">
-          <h1 className="text-[28px] font-medium tracking-normal text-neutral-950">{modeTitle(mode)}</h1>
-          <ModeSwitch mode={mode} onChange={(next) => navigate(`/create/${next}`)} />
-        </div>
-
-        <div className="rounded-[28px] border border-neutral-200 bg-white p-4 shadow-[0_18px_55px_rgba(15,23,42,.10)]">
-          <textarea
-            ref={promptRef}
-            value={prompt}
-            onChange={(e) => setPrompt(e.target.value)}
-            placeholder={mode === 'image' ? '描述新图片' : mode === 'video' ? '描述新视频' : '写下你想生成的文字内容'}
-            className="studio-prompt min-h-[66px] w-full resize-none border-0 bg-transparent px-2 pt-1 text-[15px] font-normal leading-7 text-neutral-950 outline-none ring-0 placeholder:font-normal placeholder:text-neutral-400 focus:border-0 focus:outline-none focus:ring-0"
-            maxLength={5000}
-          />
-          <div className="mt-2 flex items-center justify-between gap-3">
-            <div className="flex min-w-0 flex-wrap items-center gap-2">
-              <input
-                ref={fileInputRef}
-                type="file"
-                accept="image/*"
-                multiple
-                className="hidden"
-                onChange={(e) => void handleAttachFiles(e.target.files)}
-              />
-              <button
-                className="grid h-8 w-8 place-items-center rounded-full text-neutral-600 hover:bg-neutral-100"
-                title="上传参考图"
-                type="button"
-                onClick={() => fileInputRef.current?.click()}
-              >
-                <Paperclip size={18} />
-              </button>
-              <ComposerSelect
-                value={mode === 'video' ? videoModel : mode === 'text' ? textModel : imageModel}
-                onChange={(v) => mode === 'video' ? setVideoModel(v) : mode === 'text' ? setTextModel(v) : setImageModel(v)}
-                options={(mode === 'video' ? videoModels : mode === 'text' ? textModels : imageModels).map((m) => ({ value: m.code, label: m.label }))}
-                wide={mode !== 'image'}
-              />
-              {mode === 'image' && (
-                <>
-                  <ComposerSelect value={imageRatio} onChange={(v) => setImageRatio(v as typeof IMAGE_RATIOS[number])} options={IMAGE_RATIOS.map((r) => ({ value: r, label: r }))} />
-                  <ComposerSelect value={imageResolution} onChange={(v) => setImageResolution(v as typeof IMAGE_RESOLUTIONS[number])} options={IMAGE_RESOLUTIONS.map((r) => ({ value: r, label: r }))} />
-                  <ComposerSelect value={String(count)} onChange={(v) => setCount(Number(v))} options={[1, 2, 4].map((n) => ({ value: String(n), label: `${n}张` }))} />
-                </>
-              )}
-              {mode === 'video' && (
-                <>
-                  <ComposerSelect value={videoRatio} onChange={(v) => setVideoRatio(v as typeof VIDEO_RATIOS[number])} options={VIDEO_RATIOS.map((r) => ({ value: r, label: r }))} />
-                  <ComposerSelect value={String(duration)} onChange={(v) => setDuration(Number(v) as typeof VIDEO_DURATIONS[number])} options={VIDEO_DURATIONS.map((n) => ({ value: String(n), label: `${n}s` }))} />
-                </>
-              )}
-            </div>
-            <div className="flex items-center gap-2">
-              <span className="hidden text-sm text-neutral-400 sm:inline">{typeof expectedCost === 'number' ? `${expectedCost} 点` : expectedCost}</span>
-              <button className="grid h-8 w-8 place-items-center rounded-full text-neutral-600 hover:bg-neutral-100" title="语音输入" type="button">
-                <Mic size={18} />
-              </button>
-              <button
-                type="button"
-                onClick={submit}
-                disabled={!!inProgress || createImage.isPending || createVideo.isPending || createText.isPending}
-                className="grid h-10 w-10 place-items-center rounded-full bg-neutral-950 text-white transition hover:bg-neutral-800 disabled:cursor-not-allowed disabled:bg-neutral-300"
-                title="生成"
-              >
-                {inProgress || createImage.isPending || createVideo.isPending || createText.isPending ? <Loader2 size={18} className="animate-spin" /> : <ArrowUp size={19} />}
-              </button>
-            </div>
-          </div>
-          {attachments.length > 0 && (
-            <div className="mt-3 flex flex-wrap gap-2">
-              {attachments.map((item) => (
-                <div key={item.id} className="group relative h-14 w-14 overflow-hidden rounded-[12px] bg-neutral-100">
-                  <img src={item.dataUrl} alt={item.name} className="h-full w-full object-cover" />
-                  <button
-                    type="button"
-                    onClick={() => setAttachments((prev) => prev.filter((x) => x.id !== item.id))}
-                    className="absolute right-1 top-1 grid h-5 w-5 place-items-center rounded-full bg-black/60 text-white opacity-0 transition group-hover:opacity-100"
-                    title="移除"
-                  >
-                    <X size={12} />
-                  </button>
-                </div>
-              ))}
-            </div>
-          )}
-        </div>
-      </section>
-
-      {mode === 'text' && textResult && (
-        <section className="mx-auto mt-8 max-w-[760px] rounded-[24px] border border-neutral-200 bg-white p-5 text-[15px] leading-7 text-neutral-800 shadow-sm">
-          <div className="mb-3 flex items-center justify-between text-sm text-neutral-400">
-            <span>{textModels.find((m) => m.code === textModel)?.label ?? textModel}</span>
-            <span>{textResult.length} 字</span>
-          </div>
-          <div className="whitespace-pre-wrap">{textResult}</div>
-        </section>
-      )}
-
-      {mode === 'image' && (
-        <section className="mx-auto mt-12 max-w-[760px]">
-          <div className="mb-4 flex items-center justify-between">
-            <h2 className="text-[20px] font-medium text-neutral-950">创建图片</h2>
-            <div className="flex items-center gap-2 text-neutral-400">
-              <button className="grid h-9 w-9 place-items-center rounded-full border border-neutral-200 hover:text-neutral-900"><ChevronLeft size={18} /></button>
-              <button className="grid h-9 w-9 place-items-center rounded-full border border-neutral-200 hover:text-neutral-900"><ChevronRight size={18} /></button>
-            </div>
-          </div>
-          <div className="grid grid-cols-2 gap-3 sm:grid-cols-5">
-            {SUGGESTIONS.map((item) => (
-              <button
-                key={item.title}
-                type="button"
-                onClick={() => setPrompt(item.prompt)}
-                className="group relative aspect-[4/5] overflow-hidden rounded-[22px] text-left shadow-sm"
-              >
-                <img src={item.image} alt={item.title} className="absolute inset-0 h-full w-full object-cover transition duration-300 group-hover:scale-[1.03]" loading="lazy" />
-                <div className="absolute inset-0 bg-gradient-to-t from-black/70 via-black/10 to-transparent" />
-                <span className="absolute bottom-3 left-3 right-3 text-sm font-medium text-white">{item.title}</span>
-              </button>
-            ))}
-          </div>
-        </section>
-      )}
-
-      <section className="mt-14">
-        <div className="mx-auto mb-4 flex max-w-[1500px] items-center justify-between gap-3 px-0">
-          <h2 className="text-[20px] font-medium text-neutral-950">我的作品</h2>
-          <div className="flex items-center gap-2">
-            <ComposerSelect
-              value={String(historyPageSize)}
-              onChange={(v) => setHistoryPageSize(Number(v) as typeof HISTORY_PAGE_SIZES[number])}
-              options={HISTORY_PAGE_SIZES.map((n) => ({ value: String(n), label: `${n}个` }))}
-            />
-            <HistoryActionMenu
-              disabled={!token || deleteHistory.isPending}
-              onDeleteBefore3Days={() => {
-                if (window.confirm('确定删除3天前的作品记录吗？')) {
-                  deleteHistory.mutate('before_3d');
-                }
-              }}
-              onDeleteBefore7Days={() => {
-                if (window.confirm('确定删除7天前的作品记录吗？')) {
-                  deleteHistory.mutate('before_7d');
-                }
-              }}
-              onDeleteAll={() => {
-                if (window.confirm('确定删除全部作品记录吗？已完成、失败和退款记录都会从首页移除。')) {
-                  deleteHistory.mutate('all');
-                }
-              }}
-            />
-          </div>
-        </div>
-        {resultItems.length === 0 ? (
-          <div className="mx-auto grid max-w-[1500px] place-items-center rounded-[24px] border border-dashed border-neutral-200 py-14 text-neutral-400">
-            <FileImage size={28} />
-            <p className="mt-2 text-sm">{token ? '还没有作品，先生成一张图片吧' : '登录后会在这里显示你的作品'}</p>
-          </div>
-        ) : (
-          <div
-            className="mx-auto max-w-[1500px] columns-1 gap-3 sm:columns-2 lg:columns-3 xl:columns-4 2xl:columns-5"
-            style={{ columnWidth: '220px' }}
-          >
-            {resultItems.map((item) => <WorkCard key={item.task_id} item={item} onOpen={setPreview} />)}
-          </div>
-        )}
-      </section>
-      {preview && <PreviewLightbox preview={preview} onClose={() => setPreview(null)} />}
-    </div>
-  );
-}
-
-function ModeSwitch({ mode, onChange }: { mode: StudioMode; onChange: (mode: StudioMode) => void }) {
-  return (
-    <div className="inline-flex rounded-full bg-neutral-100 p-1">
-      {MODES.map((m) => {
-        const Icon = m.icon;
-        return (
-          <button
-            key={m.value}
-            type="button"
-            onClick={() => onChange(m.value)}
-            className={clsx(
-              'inline-flex h-8 items-center gap-1.5 rounded-full px-3 text-sm transition',
-              mode === m.value ? 'bg-white text-neutral-950 shadow-sm' : 'text-neutral-600 hover:text-neutral-950',
-            )}
-          >
-            <Icon size={15} />
-            {m.label}
-          </button>
-        );
-      })}
-    </div>
-  );
-}
-
-function ComposerSelect({ value, options, onChange, disabled, wide }: { value: string; options: { value: string; label: string }[]; onChange: (value: string) => void; disabled?: boolean; wide?: boolean }) {
-  const [open, setOpen] = useState(false);
-  const current = options.find((o) => o.value === value) ?? options[0];
-
-  return (
-    <div
-      className="relative"
-      onBlur={(e) => {
-        if (!e.currentTarget.contains(e.relatedTarget as Node | null)) setOpen(false);
-      }}
-    >
-      <button
-        type="button"
-        disabled={disabled}
-        onClick={() => setOpen((v) => !v)}
-        className={clsx(
-          'inline-flex h-8 items-center gap-1.5 rounded-full px-3 text-sm text-sky-500 outline-none transition',
-          wide && 'min-w-[150px] justify-between',
-          open ? 'bg-sky-50' : 'hover:bg-neutral-100',
-          disabled && 'cursor-not-allowed text-neutral-400 hover:bg-transparent',
-        )}
-      >
-        <span>{current?.label}</span>
-        <ChevronDown size={15} className={clsx('transition', open && 'rotate-180')} />
-      </button>
-
-      {open && !disabled && (
-        <div className={clsx('absolute left-0 top-10 z-30 overflow-hidden rounded-[18px] border border-neutral-200 bg-white p-1.5 shadow-[0_18px_50px_rgba(15,23,42,.14)]', wide ? 'min-w-[190px]' : 'min-w-[132px]')}>
-          {options.map((o) => {
-            const selected = o.value === value;
-            return (
-              <button
-                key={o.value}
-                type="button"
-                onMouseDown={(e) => e.preventDefault()}
-                onClick={() => {
-                  onChange(o.value);
-                  setOpen(false);
-                }}
-                className={clsx(
-                  'flex h-10 w-full items-center justify-between gap-3 rounded-[12px] px-3 text-left text-sm transition',
-                  selected ? 'bg-neutral-100 text-neutral-950' : 'text-neutral-600 hover:bg-neutral-50 hover:text-neutral-950',
-                )}
-              >
-                <span>{o.label}</span>
-                {selected && <Check size={16} />}
-              </button>
-            );
-          })}
-        </div>
-      )}
-    </div>
-  );
-}
-
-function HistoryActionMenu({
-  disabled,
-  onDeleteBefore3Days,
-  onDeleteBefore7Days,
-  onDeleteAll,
-}: {
-  disabled?: boolean;
-  onDeleteBefore3Days: () => void;
-  onDeleteBefore7Days: () => void;
-  onDeleteAll: () => void;
-}) {
-  const [open, setOpen] = useState(false);
-  return (
-    <div
-      className="relative"
-      onBlur={(e) => {
-        if (!e.currentTarget.contains(e.relatedTarget as Node | null)) setOpen(false);
-      }}
-    >
-      <button
-        type="button"
-        disabled={disabled}
-        onClick={() => setOpen((v) => !v)}
-        className="inline-flex h-8 items-center gap-1.5 rounded-full px-3 text-sm text-neutral-600 outline-none transition hover:bg-neutral-100 disabled:cursor-not-allowed disabled:text-neutral-300"
-      >
-        <MoreHorizontal size={16} />
-        管理
-      </button>
-      {open && !disabled && (
-        <div className="absolute right-0 top-10 z-30 min-w-[150px] overflow-hidden rounded-[18px] border border-neutral-200 bg-white p-1.5 shadow-[0_18px_50px_rgba(15,23,42,.14)]">
-          <button
-            type="button"
-            onMouseDown={(e) => e.preventDefault()}
-            onClick={() => {
-              setOpen(false);
-              onDeleteBefore3Days();
-            }}
-            className="flex h-10 w-full items-center gap-2 rounded-[12px] px-3 text-left text-sm text-neutral-700 transition hover:bg-neutral-50"
-          >
-            <Trash2 size={15} />
-            删除3天前
-          </button>
-          <button
-            type="button"
-            onMouseDown={(e) => e.preventDefault()}
-            onClick={() => {
-              setOpen(false);
-              onDeleteBefore7Days();
-            }}
-            className="flex h-10 w-full items-center gap-2 rounded-[12px] px-3 text-left text-sm text-neutral-700 transition hover:bg-neutral-50"
-          >
-            <Trash2 size={15} />
-            删除7天前
-          </button>
-          <button
-            type="button"
-            onMouseDown={(e) => e.preventDefault()}
-            onClick={() => {
-              setOpen(false);
-              onDeleteAll();
-            }}
-            className="flex h-10 w-full items-center gap-2 rounded-[12px] px-3 text-left text-sm text-red-600 transition hover:bg-red-50"
-          >
-            <Trash2 size={15} />
-            删除全部
-          </button>
-        </div>
-      )}
-    </div>
-  );
-}
-
-function WorkCard({ item, onOpen }: { item: GenerationTask; onOpen: (preview: { url: string; type: 'image' | 'video'; title: string }) => void }) {
-  const result = item.results?.[0];
-  const thumb = result?.thumb_url;
-  const original = result?.url;
-  const [thumbFailed, setThumbFailed] = useState(false);
-  const [loadedRatio, setLoadedRatio] = useState<string | null>(null);
-  const isVideo = item.kind === 'video';
-  const showThumb = !!thumb && !thumbFailed;
-  const declaredRatio = result?.width && result?.height ? `${result.width} / ${result.height}` : '';
-  const mediaRatio = loadedRatio || declaredRatio || (isVideo ? '16 / 9' : '1 / 1');
-  const canOpen = item.status === 2 && !!original;
-  const prompt = compactPrompt(item.prompt);
-  const setRatioFromImage = (el: HTMLImageElement) => {
-    if (el.naturalWidth > 0 && el.naturalHeight > 0) {
-      setLoadedRatio(`${el.naturalWidth} / ${el.naturalHeight}`);
-    }
-  };
-  const setRatioFromVideo = (el: HTMLVideoElement) => {
-    if (el.videoWidth > 0 && el.videoHeight > 0) {
-      setLoadedRatio(`${el.videoWidth} / ${el.videoHeight}`);
-    }
-  };
-
-  return (
-    <article className="mb-3 break-inside-avoid overflow-hidden rounded-[6px] bg-neutral-100">
-      <button
-        type="button"
-        disabled={!canOpen}
-        onClick={() => original && onOpen({ url: original, type: isVideo ? 'video' : 'image', title: item.model })}
-        style={{ aspectRatio: mediaRatio }}
-        className={clsx(
-          'relative grid w-full place-items-center overflow-hidden text-neutral-400 transition-[height]',
-          !original && item.status === 1 && 'bg-white',
-          canOpen && 'group cursor-zoom-in',
-        )}
-      >
-        {original ? (
-          isVideo ? (
-            showThumb ? (
-              <img
-                src={thumb}
-                alt=""
-                className="h-full w-full object-cover"
-                loading="lazy"
-                onLoad={(e) => setRatioFromImage(e.currentTarget)}
-                onError={() => setThumbFailed(true)}
-              />
-            ) : (
-              <video
-                src={original}
-                className="h-full w-full object-cover"
-                muted
-                playsInline
-                preload="metadata"
-                onLoadedMetadata={(e) => setRatioFromVideo(e.currentTarget)}
-              />
-            )
-          ) : (
-            <img src={original} alt="" className="h-full w-full object-cover" loading="lazy" onLoad={(e) => setRatioFromImage(e.currentTarget)} />
-          )
-        ) : item.status === 1 ? (
-          <GeneratingDots />
-        ) : (
-          <div className="flex flex-col items-center gap-2 text-sm">
-            <FileImage size={24} />
-            <span>{statusText(item.status)}</span>
-          </div>
-        )}
-        <div className="absolute left-2 top-2 rounded-full bg-black/55 px-2 py-0.5 text-xs text-white">{item.kind === 'video' ? '\u89c6\u9891' : '\u56fe\u7247'}</div>
-        {canOpen && (
-          <div className="absolute inset-0 grid place-items-center bg-black/0 opacity-0 transition group-hover:bg-black/20 group-hover:opacity-100">
-            <span className="grid h-10 w-10 place-items-center rounded-full bg-white/90 text-neutral-950 shadow-sm">
-              {isVideo ? <Play size={18} fill="currentColor" /> : <Maximize2 size={18} />}
-            </span>
-          </div>
-        )}
-      </button>
-      <div className="flex items-center gap-1.5 px-2.5 py-2 text-xs text-neutral-500">
-        <span className="shrink-0">{fmtRelative(item.created_at)}</span>
-        {prompt && <span className="truncate text-neutral-600">{prompt}</span>}
-      </div>
-    </article>
-  );
-}
-
-function compactPrompt(prompt?: string) {
-  const text = String(prompt || '').replace(/\s+/g, ' ').trim();
-  if (!text) return '';
-  return text.length > 28 ? text.slice(0, 28) + '...' : text;
-}
-
-function GeneratingDots() {
-  const [phraseIndex, setPhraseIndex] = useState(0);
-
-  useEffect(() => {
-    const timer = window.setInterval(() => {
-      setPhraseIndex((idx) => (idx + 1) % GENERATING_PHRASES.length);
-    }, 1800);
-    return () => window.clearInterval(timer);
-  }, []);
-
-  return (
-    <div className="generating-dots" aria-label="正在为您设计中">
-      <div className="generating-dots__phrases">
-        <span className="generating-dots__phrase generating-dots__phrase--active" key={phraseIndex}>
-          {GENERATING_PHRASES[phraseIndex]}
-        </span>
-      </div>
-    </div>
-  );
-}
-
-function PreviewLightbox({ preview, onClose }: { preview: { url: string; type: 'image' | 'video'; title: string }; onClose: () => void }) {
-  useEffect(() => {
-    const onKey = (e: KeyboardEvent) => {
-      if (e.key === 'Escape') onClose();
-    };
-    window.addEventListener('keydown', onKey);
-    return () => window.removeEventListener('keydown', onKey);
-  }, [onClose]);
-
-  return (
-    <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/75 p-4" onMouseDown={onClose}>
-      <div className="relative max-h-[92vh] max-w-[92vw]" onMouseDown={(e) => e.stopPropagation()}>
-        <button
-          type="button"
-          onClick={onClose}
-          className="absolute right-3 top-3 z-10 grid h-9 w-9 place-items-center rounded-full bg-white/90 text-neutral-900 shadow-sm transition hover:bg-white"
-          title="关闭"
-        >
-          <X size={18} />
-        </button>
-        {preview.type === 'video' ? (
-          <video src={preview.url} controls autoPlay className="max-h-[92vh] max-w-[92vw] rounded-[12px] bg-black shadow-2xl" />
-        ) : (
-          <img src={preview.url} alt={preview.title} className="max-h-[92vh] max-w-[92vw] rounded-[12px] object-contain shadow-2xl" />
-        )}
-      </div>
-    </div>
-  );
-}
-
-function modeFromPath(pathname: string): StudioMode {
-  if (pathname.includes('/create/video')) return 'video';
-  if (pathname.includes('/create/text')) return 'text';
-  return 'image';
-}
-
-function modeTitle(mode: StudioMode) {
-  if (mode === 'video') return '视频';
-  if (mode === 'text') return '文字';
-  return '图片';
-}
-
-function statusText(status: number) {
-  if (status === 2) return '已完成';
-  if (status === 3) return '失败';
-  if (status === 4) return '已退款';
-  if (status === 1) return '生成中';
-  return '排队中';
-}
-
-function modelsByKind(models: PublicModel[] | undefined, kind: PublicModel['kind'], fallback: SelectModel[]): SelectModel[] {
-  const rows = (models ?? [])
-    .filter((m) => m.enabled !== false && m.kind === kind && m.model_code)
-    .map((m) => ({
-      code: m.model_code,
-      label: m.name || m.model_code,
-      cost: typeof m.unit_points === 'number' ? m.unit_points / 100 : undefined,
-      input: typeof m.input_unit_points === 'number' ? m.input_unit_points / 100 : undefined,
-      output: typeof m.output_unit_points === 'number' ? m.output_unit_points / 100 : undefined,
-    }));
-  return rows.length ? rows : fallback;
-}
diff --git a/frontend/apps/user/src/pages/create/CreateVideoPage.tsx b/frontend/apps/user/src/pages/create/CreateVideoPage.tsx
deleted file mode 100644
index 4d894ee6..00000000
--- a/frontend/apps/user/src/pages/create/CreateVideoPage.tsx
+++ /dev/null
@@ -1,244 +0,0 @@
-import { useEffect, useRef, useState } from 'react';
-import { useMutation, useQueryClient } from '@tanstack/react-query';
-import clsx from 'clsx';
-import { Loader2, Video, Wand2 } from 'lucide-react';
-
-import { useEnsureLoggedIn } from '../../hooks/useEnsureLoggedIn';
-import { ApiError } from '../../lib/api';
-import { fmtPoints } from '../../lib/format';
-import { genApi } from '../../lib/services';
-import type { GenerationTask } from '../../lib/types';
-import { useAuthStore } from '../../stores/auth';
-import { toast } from '../../stores/toast';
-
-const VIDEO_MODELS = [
-  { code: 'vid-v1',  name: 'GROK 文生视频 V1', cost: 15 },
-  { code: 'vid-i2v', name: 'GROK 图生视频 V1', cost: 20 },
-];
-
-const DURATIONS = [6, 10] as const;
-const RATIOS = ['16:9', '9:16', '1:1'] as const;
-const QUALITY = [
-  { value: 'standard', label: '标准' },
-  { value: 'hd', label: '高清' },
-] as const;
-
-type Quality = (typeof QUALITY)[number]['value'];
-
-export default function CreateVideoPage() {
-  const qc = useQueryClient();
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-  const ensureLoggedIn = useEnsureLoggedIn();
-
-  const [model, setModel] = useState(VIDEO_MODELS[0]!.code);
-  const [duration, setDuration] = useState<(typeof DURATIONS)[number]>(6);
-  const [ratio, setRatio] = useState<(typeof RATIOS)[number]>('16:9');
-  const [quality, setQuality] = useState<Quality>('hd');
-  const [prompt, setPrompt] = useState('一只小猫穿过霓虹小巷，慢镜头，电影感');
-
-  const [task, setTask] = useState<GenerationTask | null>(null);
-  const pollRef = useRef<number | null>(null);
-
-  useEffect(() => {
-    return () => {
-      if (pollRef.current) window.clearInterval(pollRef.current);
-    };
-  }, []);
-
-  const createMut = useMutation({
-    mutationFn: () => genApi.createVideo({ model, prompt, duration, ratio, quality }),
-    onSuccess: (t) => {
-      setTask(t);
-      startPolling(t.task_id);
-      void refreshMe();
-      qc.invalidateQueries({ queryKey: ['gen.history'] });
-    },
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '生成失败'),
-  });
-
-  const startPolling = (taskId: string) => {
-    if (pollRef.current) window.clearInterval(pollRef.current);
-    pollRef.current = window.setInterval(async () => {
-      try {
-        const fresh = await genApi.getTask(taskId);
-        setTask(fresh);
-        if (fresh.status === 2 || fresh.status === 3 || fresh.status === 4) {
-          if (pollRef.current) window.clearInterval(pollRef.current);
-          pollRef.current = null;
-          if (fresh.status === 2) toast.success('视频生成完成');
-          else if (fresh.status === 3) toast.error(fresh.error || '生成失败');
-          else toast.info('生成失败已退款');
-          await refreshMe();
-          qc.invalidateQueries({ queryKey: ['gen.history'] });
-          qc.invalidateQueries({ queryKey: ['billing.logs'] });
-        }
-      } catch {
-        // ignore
-      }
-    }, 2000);
-  };
-
-  const baseCost = VIDEO_MODELS.find((m) => m.code === model)?.cost ?? 15;
-  const expectedCost = Math.round((baseCost * duration) / 6);
-  const inProgress = task && (task.status === 0 || task.status === 1);
-  const result = task?.results?.[0];
-
-  const submitGenerate = () => {
-    ensureLoggedIn(() => createMut.mutate(), '登录后即可生成视频');
-  };
-
-  return (
-    <div className="page">
-      <header className="page-header">
-        <div className="flex items-center gap-3">
-          <div className="grid place-items-center w-11 h-11 rounded-md bg-klein-gradient text-text-on-klein shadow-glow-soft flex-shrink-0">
-            <Video size={22} />
-          </div>
-          <div className="min-w-0">
-            <h1 className="page-title">视频创作 · GROK</h1>
-            <p className="page-subtitle">支持文本生视频 / 图生视频 · 4-16 秒</p>
-          </div>
-        </div>
-      </header>
-
-      <div className="grid lg:grid-cols-2 gap-5">
-        <section className="card card-section space-y-5">
-          <div className="field">
-            <label className="field-label">模型</label>
-            <div className="grid grid-cols-2 gap-2">
-              {VIDEO_MODELS.map((m) => (
-                <button
-                  key={m.code}
-                  type="button"
-                  className={clsx(
-                    'flex flex-col items-start p-3 rounded-md border text-left transition',
-                    m.code === model
-                      ? 'border-klein-500 bg-klein-gradient-soft shadow-glow-soft'
-                      : 'border-border hover:border-klein-300',
-                  )}
-                  onClick={() => setModel(m.code)}
-                >
-                  <span className="font-medium text-text-primary">{m.name}</span>
-                  <span className="text-small text-text-tertiary mt-0.5">{m.cost} 点 / 4 秒</span>
-                </button>
-              ))}
-            </div>
-          </div>
-
-          <div className="field">
-            <div className="flex items-center justify-between">
-              <label className="field-label">文本描述</label>
-              <span className="text-tiny text-text-tertiary">{prompt.length}/4000</span>
-            </div>
-            <textarea
-              rows={5}
-              className="textarea leading-loose"
-              placeholder="例：一只小猫穿过霓虹小巷，慢镜头，电影感"
-              value={prompt}
-              onChange={(e) => setPrompt(e.target.value)}
-              maxLength={4000}
-            />
-          </div>
-
-          <div className="grid grid-cols-3 gap-3">
-            <Selector
-              label="时长（秒）"
-              options={DURATIONS.map((d) => ({ value: String(d), label: `${d}s` }))}
-              active={String(duration)}
-              onChange={(v) => setDuration(Number(v) as (typeof DURATIONS)[number])}
-            />
-            <Selector
-              label="比例"
-              options={RATIOS.map((r) => ({ value: r, label: r }))}
-              active={ratio}
-              onChange={(v) => setRatio(v as (typeof RATIOS)[number])}
-            />
-            <Selector
-              label="质量"
-              options={QUALITY.map((q) => ({ value: q.value, label: q.label }))}
-              active={quality}
-              onChange={(v) => setQuality(v as Quality)}
-            />
-          </div>
-
-          <div className="flex items-center justify-between pt-4 border-t border-border">
-            <span className="text-small text-text-secondary">
-              预计消耗 <span className="text-klein-500 font-bold">{expectedCost}</span> 点
-            </span>
-            <button
-              className="btn btn-primary btn-lg"
-              onClick={submitGenerate}
-              disabled={createMut.isPending || !!inProgress || !prompt.trim()}
-            >
-              {createMut.isPending || inProgress ? (
-                <><Loader2 size={18} className="animate-spin" />生成中…</>
-              ) : (
-                <><Wand2 size={18} />生成视频</>
-              )}
-            </button>
-          </div>
-        </section>
-
-        <section className="card card-section">
-          <h3 className="section-title mb-3">实时预览</h3>
-          <div
-            className="rounded-md bg-klein-gradient-soft grid place-items-center text-text-tertiary overflow-hidden border border-border"
-            style={{ aspectRatio: ratio.replace(':', '/') }}
-          >
-            {result?.url ? (
-              <video src={result.url} controls playsInline className="h-full w-full object-cover" />
-            ) : inProgress ? (
-              <div className="flex flex-col items-center gap-2">
-                <Loader2 size={28} className="animate-spin text-klein-500" />
-                <span className="text-small">{task?.progress ?? 0}%</span>
-              </div>
-            ) : (
-              <span className="text-small">生成完成后会自动显示预览</span>
-            )}
-          </div>
-          {task && (
-            <div className="mt-4 text-small text-text-tertiary space-y-1">
-              <p>Task: <code className="font-mono">{task.task_id}</code></p>
-              <p>消耗：{fmtPoints(task.cost_points)} 点</p>
-            </div>
-          )}
-        </section>
-      </div>
-    </div>
-  );
-}
-
-function Selector({
-  label,
-  options,
-  active,
-  onChange,
-}: {
-  label: string;
-  options: { value: string; label: string }[];
-  active: string;
-  onChange: (v: string) => void;
-}) {
-  return (
-    <div className="field">
-      <label className="field-label">{label}</label>
-      <div className="grid grid-cols-3 gap-1.5">
-        {options.map((o) => (
-          <button
-            key={o.value}
-            type="button"
-            onClick={() => onChange(o.value)}
-            className={clsx(
-              'h-9 rounded-md text-small font-medium transition',
-              o.value === active
-                ? 'bg-klein-gradient text-text-on-klein shadow-glow-soft'
-                : 'border border-border text-text-secondary hover:border-klein-500',
-            )}
-          >
-            {o.label}
-          </button>
-        ))}
-      </div>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/pages/create/HistoryPage.tsx b/frontend/apps/user/src/pages/create/HistoryPage.tsx
deleted file mode 100644
index cdd8b4c2..00000000
--- a/frontend/apps/user/src/pages/create/HistoryPage.tsx
+++ /dev/null
@@ -1,553 +0,0 @@
-import { useEffect, useRef, useState } from 'react';
-import { useQuery } from '@tanstack/react-query';
-import clsx from 'clsx';
-import {
-  Copy,
-  Download,
-  ImageIcon,
-  Images,
-  Loader2,
-  MoreHorizontal,
-  Play,
-  Trash2,
-  Video as VideoIcon,
-  X,
-} from 'lucide-react';
-
-import { fmtPoints, fmtRelative } from '../../lib/format';
-import { loadToken } from '../../lib/api';
-import { genApi } from '../../lib/services';
-import type { GenerationTask, TaskStatus } from '../../lib/types';
-
-const PAGE_SIZE = 20;
-
-const STATUS_LABEL: Record<TaskStatus, string> = {
-  0: '排队中',
-  1: '生成中',
-  2: '已完成',
-  3: '失败',
-  4: '已退款',
-  5: '已取消',
-};
-
-const STATUS_BADGE: Record<TaskStatus, string> = {
-  0: 'badge',
-  1: 'badge badge-klein',
-  2: 'badge badge-success',
-  3: 'badge badge-danger',
-  4: 'badge badge-warning',
-  5: 'badge',
-};
-
-type Filter = 'all' | 'image' | 'video';
-type DeleteScope = 'failed' | 'before_3d' | 'before_7d' | 'all';
-
-const FILTERS: Array<{ value: Filter; label: string }> = [
-  { value: 'all', label: '全部' },
-  { value: 'image', label: '图片' },
-  { value: 'video', label: '视频' },
-];
-
-const DELETE_ACTIONS: Array<{ scope: DeleteScope; label: string; hint: string }> = [
-  { scope: 'failed', label: '删除失败', hint: '清理生成失败的记录' },
-  { scope: 'before_3d', label: '删除3天前', hint: '删除3天前的历史记录' },
-  { scope: 'before_7d', label: '删除7天前', hint: '删除7天前的历史记录' },
-  { scope: 'all', label: '删除全部', hint: '清空全部历史记录' },
-];
-
-export default function HistoryPage() {
-  const [filter, setFilter] = useState<Filter>('all');
-  const [page, setPage] = useState(1);
-  const [menuOpen, setMenuOpen] = useState(false);
-  const [busyScope, setBusyScope] = useState<DeleteScope | null>(null);
-  const [confirmScope, setConfirmScope] = useState<DeleteScope | null>(null);
-  const [preview, setPreview] = useState<HistoryPreview | null>(null);
-  const menuRef = useRef<HTMLDivElement | null>(null);
-
-  const q = useQuery({
-    queryKey: ['gen.history', filter, page],
-    queryFn: () =>
-      genApi.history({ kind: filter === 'all' ? undefined : filter, page, page_size: PAGE_SIZE }),
-  });
-
-  const items = q.data?.list ?? [];
-  const total = q.data?.total ?? 0;
-  const totalPages = Math.max(1, Math.ceil(total / PAGE_SIZE));
-
-  useEffect(() => {
-    const onDocClick = (ev: MouseEvent) => {
-      if (!menuRef.current) return;
-      if (!menuRef.current.contains(ev.target as Node)) setMenuOpen(false);
-    };
-    document.addEventListener('mousedown', onDocClick);
-    return () => document.removeEventListener('mousedown', onDocClick);
-  }, []);
-
-  const handleDelete = async (scope: DeleteScope) => {
-    setBusyScope(scope);
-    try {
-      await genApi.deleteHistory(scope);
-      setPage(1);
-      await q.refetch();
-    } finally {
-      setBusyScope(null);
-      setMenuOpen(false);
-    }
-  };
-
-  return (
-    <div className="page">
-      <header className="page-header items-start gap-4">
-        <div className="space-y-2">
-          <h1 className="page-title">生成历史</h1>
-          <p className="page-subtitle">图片和视频都可以预览、下载、复制链接，也可以按时间和失败状态清理。</p>
-        </div>
-
-        <div className="flex items-center gap-3">
-          <div className="tabs">
-            {FILTERS.map((f) => (
-              <button
-                key={f.value}
-                type="button"
-                className="tab"
-                aria-selected={filter === f.value}
-                onClick={() => {
-                  setFilter(f.value);
-                  setPage(1);
-                }}
-              >
-                {f.label}
-              </button>
-            ))}
-          </div>
-
-          <div className="relative" ref={menuRef}>
-            <button
-              type="button"
-              className="btn btn-outline btn-md gap-2"
-              onClick={() => setMenuOpen((v) => !v)}
-            >
-              <MoreHorizontal size={16} />
-              管理
-            </button>
-            {menuOpen && (
-              <div className="absolute right-0 top-[calc(100%+8px)] z-30 w-48 rounded-xl border border-border bg-surface-1 p-2 shadow-lg">
-                {DELETE_ACTIONS.map((item) => (
-                  <button
-                    key={item.scope}
-                    type="button"
-                    className={clsx(
-                      'flex w-full items-start gap-3 rounded-lg px-3 py-2 text-left text-sm transition hover:bg-surface-2',
-                      busyScope === item.scope && 'opacity-60 pointer-events-none',
-                    )}
-                    onClick={() => setConfirmScope(item.scope)}
-                  >
-                    <Trash2 size={16} className="mt-0.5 text-text-tertiary" />
-                    <span className="flex-1">
-                      <span className="block text-text-primary">{item.label}</span>
-                      <span className="block text-xs text-text-tertiary">{item.hint}</span>
-                    </span>
-                    {busyScope === item.scope && <Loader2 size={14} className="animate-spin" />}
-                  </button>
-                ))}
-              </div>
-            )}
-          </div>
-
-          <button
-            type="button"
-            className="btn btn-outline btn-md"
-            onClick={() => q.refetch()}
-            disabled={q.isFetching}
-          >
-            <Loader2 size={16} className={clsx(q.isFetching && 'animate-spin')} />
-            刷新
-          </button>
-        </div>
-      </header>
-
-      <section className="mb-4 flex items-center justify-between text-sm text-text-tertiary">
-        <span>共 {total} 条记录</span>
-        <span>
-          第 {page} / {totalPages} 页
-        </span>
-      </section>
-
-      {q.isLoading && (
-        <div className="grid place-items-center py-20 text-text-tertiary">
-          <Loader2 className="animate-spin" size={28} />
-        </div>
-      )}
-
-      {!q.isLoading && q.error && (
-        <div className="card">
-          <div className="empty-state">
-            <span className="empty-state-icon">
-              <Trash2 size={22} />
-            </span>
-            <p className="empty-state-title">加载失败</p>
-            <p className="empty-state-desc">请稍后刷新重试，或者检查登录状态。</p>
-          </div>
-        </div>
-      )}
-
-      {!q.isLoading && !q.error && items.length === 0 && (
-        <div className="card">
-          <div className="empty-state">
-            <span className="empty-state-icon">
-              <Images size={22} />
-            </span>
-            <p className="empty-state-title">还没有任何作品</p>
-            <p className="empty-state-desc">去图片创作或视频创作开始你的第一次生成吧。</p>
-          </div>
-        </div>
-      )}
-
-      {!q.isLoading && items.length > 0 && (
-        <>
-          <div className="grid gap-4 [grid-template-columns:repeat(auto-fill,minmax(min(240px,100%),1fr))]">
-            {items.map((t) => (
-              <TaskCard key={t.task_id} t={t} onPreview={() => setPreview(createPreview(t))} />
-            ))}
-          </div>
-
-          <div className="mt-6 flex items-center justify-center gap-3">
-            <button
-              className="btn btn-outline btn-md"
-              onClick={() => setPage((p) => Math.max(1, p - 1))}
-              disabled={page <= 1 || q.isFetching}
-            >
-              上一页
-            </button>
-            <button
-              className="btn btn-outline btn-md"
-              onClick={() => setPage((p) => Math.min(totalPages, p + 1))}
-              disabled={page >= totalPages || q.isFetching}
-            >
-              下一页
-            </button>
-          </div>
-        </>
-      )}
-
-      {preview && <PreviewModal preview={preview} onClose={() => setPreview(null)} />}
-      {confirmScope && (
-        <DeleteConfirmDialog
-          scope={confirmScope}
-          loading={busyScope === confirmScope}
-          onClose={() => setConfirmScope(null)}
-          onConfirm={async () => {
-            const scope = confirmScope;
-            if (!scope) return;
-            setConfirmScope(null);
-            await handleDelete(scope);
-          }}
-        />
-      )}
-    </div>
-  );
-}
-
-function TaskCard({ t, onPreview }: { t: GenerationTask; onPreview: () => void }) {
-  const primary = t.results?.[0];
-  const cover = primary?.thumb_url || primary?.url || '';
-  const isVideo = t.kind === 'video';
-  const resolvedCover = useAuthedMediaUrl(cover);
-  const error = t.status === 3 ? t.error?.trim() || '生成失败' : '';
-
-  return (
-    <article
-      className="group overflow-hidden rounded-lg border border-border bg-surface-1 transition hover:-translate-y-0.5 hover:shadow-glow-soft"
-      role="button"
-      tabIndex={0}
-      onClick={onPreview}
-      onKeyDown={(ev) => {
-        if (ev.key === 'Enter' || ev.key === ' ') onPreview();
-      }}
-    >
-      <div className="relative aspect-square overflow-hidden bg-klein-gradient-soft" style={{ contain: 'paint' }}>
-        {resolvedCover ? (
-          isVideo ? (
-            <div className="relative h-full w-full">
-              <img src={resolvedCover} alt="" className="h-full w-full object-cover" loading="lazy" />
-              <div className="absolute inset-0 grid place-items-center bg-black/10 opacity-100 transition group-hover:bg-black/20">
-                <span className="flex h-12 w-12 items-center justify-center rounded-full bg-black/70 text-white">
-                  <Play size={18} className="ml-0.5" fill="currentColor" />
-                </span>
-              </div>
-            </div>
-          ) : (
-            <img src={resolvedCover} alt="" className="h-full w-full object-cover" loading="lazy" />
-          )
-        ) : (
-          <div className="flex h-full w-full items-center justify-center text-text-tertiary">
-            {isVideo ? <VideoIcon size={28} /> : <ImageIcon size={28} />}
-          </div>
-        )}
-        {t.status === 1 && (
-          <div className="absolute inset-x-0 bottom-0 progress">
-            <div className="progress-bar" style={{ width: `${t.progress}%` }} />
-          </div>
-        )}
-        {t.status === 3 && (
-          <div className="absolute inset-0 flex items-end bg-black/15 p-3">
-            <span className="line-clamp-2 rounded-md bg-black/60 px-2 py-1 text-xs text-white">
-              {error}
-            </span>
-          </div>
-        )}
-      </div>
-
-      <div className="space-y-2 p-3">
-        <div className="flex items-center justify-between gap-2">
-          <span className="truncate text-sm text-text-primary">{t.model}</span>
-          <span className={clsx(STATUS_BADGE[t.status])}>{STATUS_LABEL[t.status]}</span>
-        </div>
-        <div className="flex items-center justify-between text-xs text-text-tertiary">
-          <span>{fmtRelative(t.created_at)}</span>
-          <span>{fmtPoints(t.cost_points)} 点</span>
-        </div>
-      </div>
-    </article>
-  );
-}
-
-function PreviewModal({ preview, onClose }: { preview: HistoryPreview; onClose: () => void }) {
-  const blobUrl = useAuthedMediaUrl(preview.src);
-  const [copying, setCopying] = useState(false);
-  const [downloading, setDownloading] = useState(false);
-
-  useEffect(() => {
-    const onKeyDown = (ev: KeyboardEvent) => {
-      if (ev.key === 'Escape') onClose();
-    };
-    window.addEventListener('keydown', onKeyDown);
-    return () => window.removeEventListener('keydown', onKeyDown);
-  }, [onClose]);
-
-  const handleCopy = async () => {
-    setCopying(true);
-    try {
-      await navigator.clipboard.writeText(preview.src);
-    } finally {
-      setCopying(false);
-    }
-  };
-
-  const handleDownload = async () => {
-    setDownloading(true);
-    try {
-      const file = await fetchAuthedFile(preview.src);
-      const url = URL.createObjectURL(file.blob);
-      const a = document.createElement('a');
-      a.href = url;
-      a.download = file.filename;
-      document.body.appendChild(a);
-      a.click();
-      a.remove();
-      URL.revokeObjectURL(url);
-    } finally {
-      setDownloading(false);
-    }
-  };
-
-  return (
-    <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/60 p-4" onClick={onClose}>
-      <div
-        className="w-full max-w-5xl overflow-hidden rounded-2xl border border-border bg-surface-1 shadow-2xl"
-        onClick={(ev) => ev.stopPropagation()}
-      >
-        <div className="flex items-center justify-between border-b border-border px-4 py-3">
-          <div className="min-w-0">
-            <p className="truncate text-sm text-text-primary">{preview.model}</p>
-            <p className="text-xs text-text-tertiary">
-              {fmtRelative(preview.created_at)} · {STATUS_LABEL[preview.status]} · {fmtPoints(preview.cost_points)} 点
-            </p>
-          </div>
-          <div className="flex items-center gap-2">
-            <button className="btn btn-outline btn-sm gap-2" onClick={handleCopy} disabled={copying}>
-              {copying ? <Loader2 size={14} className="animate-spin" /> : <Copy size={14} />}
-              复制链接
-            </button>
-            <button className="btn btn-outline btn-sm gap-2" onClick={handleDownload} disabled={downloading}>
-              {downloading ? <Loader2 size={14} className="animate-spin" /> : <Download size={14} />}
-              下载
-            </button>
-            <button className="btn btn-outline btn-sm" onClick={onClose}>
-              <X size={14} />
-            </button>
-          </div>
-        </div>
-
-        <div className="bg-black/5 p-4">
-          <div className="flex max-h-[75vh] min-h-[360px] items-center justify-center overflow-auto rounded-xl bg-surface-0">
-            {preview.kind === 'video' ? (
-              blobUrl ? (
-                <video src={blobUrl} controls className="max-h-[75vh] w-full object-contain" />
-              ) : (
-                <div className="flex flex-col items-center gap-2 py-20 text-text-tertiary">
-                  <Loader2 className="animate-spin" size={24} />
-                  <span className="text-sm">正在加载视频</span>
-                </div>
-              )
-            ) : blobUrl ? (
-              <img src={blobUrl} alt={preview.prompt || preview.model} className="max-h-[75vh] w-full object-contain" />
-            ) : (
-              <div className="flex flex-col items-center gap-2 py-20 text-text-tertiary">
-                <Loader2 className="animate-spin" size={24} />
-                <span className="text-sm">正在加载图片</span>
-              </div>
-            )}
-          </div>
-        </div>
-
-        <div className="border-t border-border px-4 py-3 text-sm text-text-tertiary">
-          <p className="line-clamp-2">{preview.prompt || '无提示词'}</p>
-        </div>
-      </div>
-    </div>
-  );
-}
-
-function useAuthedMediaUrl(src?: string) {
-  const [url, setUrl] = useState<string>('');
-
-  useEffect(() => {
-    if (!src) {
-      setUrl('');
-      return;
-    }
-    if (src.startsWith('data:')) {
-      setUrl(src);
-      return;
-    }
-
-    let alive = true;
-    let objectUrl = '';
-
-    (async () => {
-      try {
-        const token = loadToken();
-        const headers: Record<string, string> = {};
-        if (token?.access) headers.Authorization = `${token.type || 'Bearer'} ${token.access}`;
-        const resp = await fetch(src, { headers, credentials: 'include' });
-        if (!resp.ok) throw new Error(`HTTP ${resp.status}`);
-        const blob = await resp.blob();
-        if (!alive) return;
-        objectUrl = URL.createObjectURL(blob);
-        setUrl(objectUrl);
-      } catch {
-        if (alive) setUrl('');
-      }
-    })();
-
-    return () => {
-      alive = false;
-      if (objectUrl) URL.revokeObjectURL(objectUrl);
-    };
-  }, [src]);
-
-  return url;
-}
-
-async function fetchAuthedFile(src: string) {
-  const token = loadToken();
-  const headers: Record<string, string> = {};
-  if (token?.access) headers.Authorization = `${token.type || 'Bearer'} ${token.access}`;
-  const resp = await fetch(src, { headers, credentials: 'include' });
-  if (!resp.ok) throw new Error(`HTTP ${resp.status}`);
-  const blob = await resp.blob();
-  return {
-    blob,
-    filename: guessFilename(src, resp.headers.get('content-type') || blob.type),
-  };
-}
-
-function guessFilename(src: string, contentType: string) {
-  const ext = guessExt(contentType, src);
-  const cleanSrc = src.replace(/\?.*$/, '');
-  const base = cleanSrc.replace(/^.*\//, '').replace(/[^a-zA-Z0-9._-]+/g, '_').slice(0, 80);
-  return `${base || 'generation'}${ext}`;
-}
-
-function guessExt(contentType: string, src: string) {
-  const lower = `${contentType} ${src}`.toLowerCase();
-  if (lower.includes('video/mp4') || lower.includes('.mp4')) return '.mp4';
-  if (lower.includes('video/webm') || lower.includes('.webm')) return '.webm';
-  if (lower.includes('image/png') || lower.includes('.png')) return '.png';
-  if (lower.includes('image/jpeg') || lower.includes('image/jpg') || lower.includes('.jpg') || lower.includes('.jpeg')) return '.jpg';
-  if (lower.includes('image/webp') || lower.includes('.webp')) return '.webp';
-  return '';
-}
-
-function createPreview(t: GenerationTask): HistoryPreview {
-  const first = t.results?.[0];
-  return {
-    kind: t.kind,
-    status: t.status,
-    model: t.model,
-    prompt: t.prompt || '',
-    cost_points: t.cost_points,
-    created_at: t.created_at,
-    error: t.error,
-    src: first?.url || first?.thumb_url || '',
-  };
-}
-
-interface HistoryPreview {
-  kind: 'image' | 'video' | 'chat';
-  status: TaskStatus;
-  model: string;
-  prompt: string;
-  cost_points: number;
-  created_at: number;
-  error?: string;
-  src: string;
-}
-
-function DeleteConfirmDialog({
-  scope,
-  loading,
-  onClose,
-  onConfirm,
-}: {
-  scope: DeleteScope;
-  loading: boolean;
-  onClose: () => void;
-  onConfirm: () => void | Promise<void>;
-}) {
-  const item = DELETE_ACTIONS.find((a) => a.scope === scope)!;
-  return (
-    <div className="fixed inset-0 z-50 grid place-items-center bg-black/55 p-4" onClick={onClose}>
-      <div
-        className="dialog-surface w-full max-w-md overflow-hidden rounded-2xl border border-border bg-surface-1 shadow-2xl"
-        onClick={(e) => e.stopPropagation()}
-      >
-        <div className="flex items-start gap-3 border-b border-border px-5 py-4">
-          <div className="grid h-10 w-10 place-items-center rounded-full bg-danger-soft text-danger">
-            <Trash2 size={18} />
-          </div>
-          <div className="min-w-0 flex-1">
-            <h2 className="text-h4 text-text-primary">{item.label}</h2>
-            <p className="mt-1 text-small text-text-tertiary">确定执行这个操作吗？该操作不可恢复。</p>
-          </div>
-          <button type="button" className="btn btn-ghost btn-icon btn-sm" onClick={onClose}>
-            <X size={16} />
-          </button>
-        </div>
-        <div className="px-5 py-4">
-          <p className="text-small text-text-secondary">{item.hint}</p>
-          <div className="mt-5 flex justify-end gap-2">
-            <button type="button" className="btn btn-outline btn-md" onClick={onClose}>
-              取消
-            </button>
-            <button type="button" className="btn btn-danger btn-md gap-2" onClick={onConfirm} disabled={loading}>
-              {loading ? <Loader2 size={14} className="animate-spin" /> : <Trash2 size={14} />}
-              确认删除
-            </button>
-          </div>
-        </div>
-      </div>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/pages/invite/InvitePage.tsx b/frontend/apps/user/src/pages/invite/InvitePage.tsx
deleted file mode 100644
index 9083cdea..00000000
--- a/frontend/apps/user/src/pages/invite/InvitePage.tsx
+++ /dev/null
@@ -1,64 +0,0 @@
-import { Copy, Share2, Users } from 'lucide-react';
-
-import { useAuthStore } from '../../stores/auth';
-import { toast } from '../../stores/toast';
-
-export default function InvitePage() {
-  const me = useAuthStore((s) => s.me);
-  const code = me?.invite_code ?? '—';
-  const link =
-    typeof window !== 'undefined'
-      ? `${window.location.origin}/register?invite=${code}`
-      : `https://gpt2api.example/register?invite=${code}`;
-
-  const copy = (text: string, label: string) => {
-    navigator.clipboard.writeText(text).then(() => toast.success(`${label}已复制`));
-  };
-
-  return (
-    <div className="page">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">邀请中心</h1>
-          <p className="page-subtitle">邀请好友注册即可获得专属奖励，更多返佣规则即将公布。</p>
-        </div>
-      </header>
-
-      <section className="card-tinted card-section grid lg:grid-cols-[1fr_auto] gap-6 items-end mb-4">
-        <div className="space-y-4 min-w-0">
-          <div>
-            <p className="text-overline mb-1">你的专属邀请码</p>
-            <p className="font-mono text-display gradient-text break-all leading-tight">{code}</p>
-          </div>
-          <div>
-            <p className="text-overline mb-1">邀请链接</p>
-            <code className="block rounded-md bg-surface-1 border border-border px-4 py-2.5 font-mono text-small break-all">
-              {link}
-            </code>
-          </div>
-        </div>
-        <div className="flex flex-wrap gap-2">
-          <button className="btn btn-primary btn-lg" onClick={() => copy(code, '邀请码')}>
-            <Copy size={16} /> 复制邀请码
-          </button>
-          <button className="btn btn-outline btn-lg" onClick={() => copy(link, '邀请链接')}>
-            <Share2 size={16} /> 复制链接
-          </button>
-        </div>
-      </section>
-
-      <section className="card card-section">
-        <h3 className="section-title mb-3">
-          <Users size={16} className="text-text-tertiary" />
-          规则说明
-        </h3>
-        <ul className="space-y-2 text-body text-text-secondary list-disc pl-5 leading-loose">
-          <li>好友通过你的邀请码注册即视为关联，关系绑定后不可更改。</li>
-          <li>好友首次充值时你会获得点数返利，具体比例由后台动态配置。</li>
-          <li>系统会定期发放邀请奖励到你的钱包，可在「余额明细」中查看。</li>
-          <li>禁止刷邀请、买卖邀请码等违规行为，违者扣除全部奖励。</li>
-        </ul>
-      </section>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/pages/keys/DocsPage.tsx b/frontend/apps/user/src/pages/keys/DocsPage.tsx
deleted file mode 100644
index 47b08ce6..00000000
--- a/frontend/apps/user/src/pages/keys/DocsPage.tsx
+++ /dev/null
@@ -1,423 +0,0 @@
-import type { ReactNode } from 'react';
-
-import { Copy } from 'lucide-react';
-
-import { toast } from '../../stores/toast';
-
-const OPENAI_BASE = (import.meta.env.VITE_OPENAI_BASE_URL as string | undefined) ?? '/v1';
-
-const EXAMPLE_BASE =
-  typeof window !== 'undefined' && window.location?.origin
-    ? `${window.location.origin.replace(/\/$/, '')}/v1`
-    : 'https://www.gpt2api.com/v1';
-
-const TEXT_CHAT_SAMPLE = String.raw`curl ${EXAMPLE_BASE}/chat/completions \
-  -H "Authorization: Bearer sk-xxx" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "model": "grok-4.20-fast",
-    "messages": [
-      { "role": "system", "content": "你是一个中文助手" },
-      { "role": "user", "content": "帮我写一句产品广告语" }
-    ],
-    "temperature": 0.7,
-    "max_tokens": 512,
-    "stream": false
-  }'`;
-
-const IMAGE_CREATE_SAMPLE = String.raw`curl ${EXAMPLE_BASE}/images/generations \
-  -H "Authorization: Bearer sk-xxx" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "model": "gpt-image-2",
-    "prompt": "A minimalist product advertisement with a fried chicken bucket placed on a clean white podium.",
-    "n": 1,
-    "size": "1024x1024",
-    "quality": "standard",
-    "style": "vivid",
-    "async": false
-  }'`;
-
-const IMAGE_EDIT_SAMPLE = String.raw`curl ${EXAMPLE_BASE}/images/edits \
-  -H "Authorization: Bearer sk-xxx" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "model": "gpt-image-2",
-    "prompt": "保持主体不变，把背景改成清爽的浅色工作室风格。",
-    "image": "https://example.com/input.png",
-    "n": 1,
-    "size": "1536x1024",
-    "quality": "high",
-    "async": false
-  }'`;
-
-const IMAGE_TASK_SAMPLE = String.raw`curl ${EXAMPLE_BASE}/images/generations/01HTABCDE123456789 \
-  -H "Authorization: Bearer sk-xxx"`;
-
-const VIDEO_CREATE_SAMPLE = String.raw`curl ${EXAMPLE_BASE}/video/generations \
-  -H "Authorization: Bearer sk-xxx" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "model": "grok-imagine-video",
-    "prompt": "一位年轻女生在城市街头自然行走，电影感，稳定镜头",
-    "duration": 6,
-    "ratio": "16:9",
-    "quality": "hd",
-    "async": true
-  }'`;
-
-const VIDEO_I2V_SAMPLE = String.raw`curl ${EXAMPLE_BASE}/video/generations \
-  -H "Authorization: Bearer sk-xxx" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "model": "grok-imagine-video",
-    "prompt": "保持参考图人物和构图，做一个轻微镜头推进的短视频。",
-    "duration": 10,
-    "ratio": "9:16",
-    "image": "https://example.com/ref.jpg",
-    "async": true
-  }'`;
-
-const VIDEO_TASK_SAMPLE = String.raw`curl ${EXAMPLE_BASE}/video/generations/01HTVIDEO123456789 \
-  -H "Authorization: Bearer sk-xxx"`;
-
-const PYTHON_SAMPLE = String.raw`from openai import OpenAI
-
-client = OpenAI(
-    api_key="sk-xxx",
-    base_url="${EXAMPLE_BASE}",
-)
-
-# 文字
-resp = client.chat.completions.create(
-    model="grok-4.20-fast",
-    messages=[
-        {"role": "system", "content": "你是一个中文助手"},
-        {"role": "user", "content": "写一句产品广告语"},
-    ],
-)
-print(resp.choices[0].message.content)
-
-# 生图
-img = client.images.generate(
-    model="gpt-image-2",
-    prompt="A minimalist product advertisement with a fried chicken bucket placed on a clean white podium.",
-    n=1,
-    size="1024x1024",
-)
-print(img.data[0].url)
-
-# 也可以直接访问返回的 task_id 再轮询
-`;
-
-const ENDPOINTS = [
-  {
-    method: 'GET',
-    path: '/v1/models',
-    kind: '模型列表',
-    sync: '同步',
-    note: '返回当前可用模型。列表由后端动态生成，可能随后台配置变化。',
-  },
-  {
-    method: 'POST',
-    path: '/v1/chat/completions',
-    kind: '文字对话',
-    sync: '同步 / stream',
-    note: '支持标准 OpenAI chat 参数；stream=true 时走 SSE 流式返回。',
-  },
-  {
-    method: 'POST',
-    path: '/v1/images/generations',
-    kind: '图片生成',
-    sync: '默认同步，可 async=true',
-    note: '支持文生图、图生图、多图输入；异步时返回 task_id，可轮询结果。',
-  },
-  {
-    method: 'POST',
-    path: '/v1/images/edits',
-    kind: '图片编辑',
-    sync: '默认同步，可 async=true',
-    note: '必须至少提供一张参考图；适合局部修改、背景替换、风格重绘。',
-  },
-  {
-    method: 'GET',
-    path: '/v1/images/generations/:task_id',
-    kind: '图片任务',
-    sync: '轮询',
-    note: '查询图片任务状态，返回任务信息和最终图片链接。',
-  },
-  {
-    method: 'POST',
-    path: '/v1/video/generations',
-    kind: '视频生成',
-    sync: '默认异步，可 async=false',
-    note: '支持文生视频、图生视频、多图生视频；默认先返回 task_id，再轮询结果。',
-  },
-  {
-    method: 'GET',
-    path: '/v1/video/generations/:task_id',
-    kind: '视频任务',
-    sync: '轮询',
-    note: '查询视频任务状态，返回封面、时长和最终视频链接。',
-  },
-  {
-    method: 'POST',
-    path: '/v1/videos/generations',
-    kind: '兼容别名',
-    sync: '同上',
-    note: '旧客户端可继续使用，等价于 /v1/video/generations。',
-  },
-  {
-    method: 'GET',
-    path: '/v1/videos/generations/:task_id',
-    kind: '兼容别名',
-    sync: '同上',
-    note: '旧客户端可继续使用，等价于 /v1/video/generations/:task_id。',
-  },
-] as const;
-
-const IMAGE_SIZES = [
-  {
-    tier: '1K',
-    note: '适合草图、快速出图、成本最低。',
-    rows: [
-      ['1:1', '1024x1024'],
-      ['3:2', '1216x832'],
-      ['2:3', '832x1216'],
-      ['4:3', '1152x864'],
-      ['3:4', '864x1152'],
-      ['5:4', '1120x896'],
-      ['4:5', '896x1120'],
-      ['16:9', '1344x768'],
-      ['9:16', '768x1344'],
-      ['21:9', '1536x640'],
-    ],
-  },
-  {
-    tier: '2K',
-    note: '适合常规交付，细节更稳定。',
-    rows: [
-      ['1:1', '1248x1248'],
-      ['3:2', '1536x1024'],
-      ['2:3', '1024x1536'],
-      ['4:3', '1440x1088'],
-      ['3:4', '1088x1440'],
-      ['5:4', '1392x1120'],
-      ['4:5', '1120x1392'],
-      ['16:9', '1664x928'],
-      ['9:16', '928x1664'],
-      ['21:9', '1904x816'],
-    ],
-  },
-  {
-    tier: '4K',
-    note: '适合大图、海报、印刷级交付。',
-    rows: [
-      ['1:1', '2480x2480'],
-      ['3:2', '3056x2032'],
-      ['2:3', '2032x3056'],
-      ['4:3', '2880x2160'],
-      ['3:4', '2160x2880'],
-      ['5:4', '2784x2224'],
-      ['4:5', '2224x2784'],
-      ['16:9', '3312x1872'],
-      ['9:16', '1872x3312'],
-      ['21:9', '3808x1632'],
-    ],
-  },
-] as const;
-
-const VIDEO_NOTES = [
-  ['时长', '建议使用 6 秒或 10 秒；接口层允许 2-60 秒，但上游实际限制可能更严格。'],
-  ['比例', '推荐 16:9、9:16、1:1；也可通过 ratio / aspect_ratio 传入。'],
-  ['参考图', '支持 image、images[]、ref_assets[]；图生视频和多图生视频都走同一接口。'],
-  ['异步', '视频默认异步返回 task_id，任务完成后再轮询 GET /v1/video/generations/:task_id。'],
-] as const;
-
-export default function DocsPage() {
-  const copy = async (s: string, label: string) => {
-    await navigator.clipboard.writeText(s);
-    toast.success(`${label}已复制`);
-  };
-
-  return (
-    <div className="page space-y-4">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">接口文档</h1>
-          <p className="page-subtitle leading-loose">
-            这里是 <span className="gradient-text">OpenAI 兼容下游接口</span> 的说明页。把官方 SDK 的{' '}
-            <code className="kbd mx-1">base_url</code> 切到这里，就能直接接入文字、图片、视频。
-          </p>
-        </div>
-      </header>
-
-      <div className="grid gap-4 xl:grid-cols-[1.1fr_0.9fr]">
-        <DocSection title="接入地址" actionLabel="复制" onCopy={() => copy(OPENAI_BASE, '接入地址')}>
-          <div className="rounded-md border border-border bg-surface-2 p-4 font-mono text-body break-all">
-            {OPENAI_BASE}
-          </div>
-          <p className="mt-3 text-small leading-loose text-text-tertiary">
-            鉴权方式：<code className="kbd mx-1">Authorization: Bearer sk-xxx</code>。
-            API Key 在「Key 管理」里创建。<code className="kbd mx-1">Idempotency-Key</code> 建议在图片/视频请求里带上，避免重复扣费。
-          </p>
-        </DocSection>
-
-        <DocSection title="调用要点" actionLabel="复制示例" onCopy={() => copy(TEXT_CHAT_SAMPLE, '文字示例')}>
-          <ul className="space-y-2 text-sm leading-7 text-text-secondary">
-            <li>• 文字接口默认同步返回；stream=true 时走流式输出。</li>
-            <li>• 图片接口默认同步等待，async=true 时只返回 task_id。</li>
-            <li>• 视频接口默认异步，async=false 时最多等待 10 分钟。</li>
-            <li>• 图片编辑必须带参考图；视频图生视频也支持参考图。</li>
-          </ul>
-        </DocSection>
-      </div>
-
-      <DocSection title="接口总览" actionLabel="复制路径" onCopy={() => copy(ENDPOINTS.map((item) => `${item.method} ${item.path}`).join('\n'), '接口路径')}>
-        <div className="overflow-x-auto">
-          <table className="min-w-full border-separate border-spacing-0 text-sm">
-            <thead>
-              <tr className="text-left text-text-tertiary">
-                <th className="border-b border-border px-3 py-2 font-normal">方法</th>
-                <th className="border-b border-border px-3 py-2 font-normal">路径</th>
-                <th className="border-b border-border px-3 py-2 font-normal">类型</th>
-                <th className="border-b border-border px-3 py-2 font-normal">同步/异步</th>
-                <th className="border-b border-border px-3 py-2 font-normal">说明</th>
-              </tr>
-            </thead>
-            <tbody>
-              {ENDPOINTS.map((item) => (
-                <tr key={`${item.method}-${item.path}`} className="align-top">
-                  <td className="border-b border-border px-3 py-3 font-mono text-klein-600">{item.method}</td>
-                  <td className="border-b border-border px-3 py-3 font-mono">{item.path}</td>
-                  <td className="border-b border-border px-3 py-3">{item.kind}</td>
-                  <td className="border-b border-border px-3 py-3 text-text-secondary">{item.sync}</td>
-                  <td className="border-b border-border px-3 py-3 text-text-tertiary">{item.note}</td>
-                </tr>
-              ))}
-            </tbody>
-          </table>
-        </div>
-      </DocSection>
-
-      <div className="grid gap-4 xl:grid-cols-2">
-        <DocSection title="文字 /v1/chat/completions" actionLabel="复制 cURL" onCopy={() => copy(TEXT_CHAT_SAMPLE, '文字 cURL')}>
-          <p className="mb-3 text-sm leading-7 text-text-secondary">
-            标准 OpenAI Chat 接口。<code className="kbd mx-1">stream=true</code> 时返回 SSE；不传则一次性返回 JSON。
-          </p>
-          <CodeBlock>{TEXT_CHAT_SAMPLE}</CodeBlock>
-          <div className="mt-3 rounded-md border border-border bg-surface-2 p-3 text-small text-text-tertiary leading-7">
-            常用参数：<code className="kbd">model</code>、<code className="kbd">messages</code>、<code className="kbd">temperature</code>、<code className="kbd">max_tokens</code>、<code className="kbd">stream</code>。
-          </div>
-        </DocSection>
-
-        <DocSection title="图片 /v1/images/generations" actionLabel="复制 cURL" onCopy={() => copy(IMAGE_CREATE_SAMPLE, '图片 cURL')}>
-          <p className="mb-3 text-sm leading-7 text-text-secondary">
-            支持文生图、图生图、多图输入。推荐通过 <code className="kbd mx-1">size</code> 和 <code className="kbd mx-1">quality</code> 控制画质。
-          </p>
-          <CodeBlock>{IMAGE_CREATE_SAMPLE}</CodeBlock>
-          <div className="mt-3 rounded-md border border-border bg-surface-2 p-3 text-small text-text-tertiary leading-7">
-            主要参数：<code className="kbd">model</code>、<code className="kbd">prompt</code>、<code className="kbd">n</code>、<code className="kbd">size</code>、<code className="kbd">quality</code>、<code className="kbd">style</code>、<code className="kbd">image/images/ref_assets</code>、<code className="kbd">async</code>。
-          </div>
-        </DocSection>
-
-        <DocSection title="图片编辑 /v1/images/edits" actionLabel="复制 cURL" onCopy={() => copy(IMAGE_EDIT_SAMPLE, '图片编辑 cURL')}>
-          <p className="mb-3 text-sm leading-7 text-text-secondary">
-            编辑接口和生成接口共用同一套任务流程，但必须提供至少一张参考图。适合换背景、改风格、局部重绘。
-          </p>
-          <CodeBlock>{IMAGE_EDIT_SAMPLE}</CodeBlock>
-          <div className="mt-3 rounded-md border border-border bg-surface-2 p-3 text-small text-text-tertiary leading-7">
-            参考图可以传 <code className="kbd">image</code>、<code className="kbd">images[]</code> 或 <code className="kbd">ref_assets[]</code>；当前不建议直接传本地文件上传。
-          </div>
-        </DocSection>
-
-        <DocSection title="视频 /v1/video/generations" actionLabel="复制 cURL" onCopy={() => copy(VIDEO_CREATE_SAMPLE, '视频 cURL')}>
-          <p className="mb-3 text-sm leading-7 text-text-secondary">
-            视频默认异步返回。图生视频时把参考图传到 <code className="kbd mx-1">image</code> / <code className="kbd mx-1">images[]</code> / <code className="kbd mx-1">ref_assets[]</code> 即可。
-          </p>
-          <CodeBlock>{VIDEO_CREATE_SAMPLE}</CodeBlock>
-          <p className="mt-3 mb-3 text-sm leading-7 text-text-secondary">图生视频示例：</p>
-          <CodeBlock>{VIDEO_I2V_SAMPLE}</CodeBlock>
-          <div className="mt-3 rounded-md border border-border bg-surface-2 p-3 text-small text-text-tertiary leading-7">
-            常用参数：<code className="kbd">model</code>、<code className="kbd">prompt</code>、<code className="kbd">duration</code>、<code className="kbd">ratio</code> / <code className="kbd">aspect_ratio</code>、<code className="kbd">quality</code>、<code className="kbd">fps</code>、<code className="kbd">async</code>。
-          </div>
-        </DocSection>
-
-        <DocSection title="任务轮询" actionLabel="复制示例" onCopy={() => copy(`${IMAGE_TASK_SAMPLE}\n\n${VIDEO_TASK_SAMPLE}`, '任务轮询')}>
-          <p className="mb-3 text-sm leading-7 text-text-secondary">
-            图片和视频都支持通过 <code className="kbd mx-1">task_id</code> 查询结果。图片接口默认等结果，视频接口默认先返回任务。
-          </p>
-          <CodeBlock>{`${IMAGE_TASK_SAMPLE}\n\n${VIDEO_TASK_SAMPLE}`}</CodeBlock>
-        </DocSection>
-      </div>
-
-      <DocSection title="尺寸映射" actionLabel="复制表格" onCopy={() => copy(IMAGE_SIZES.map((tier) => `${tier.tier}\n${tier.rows.map(([ratio, size]) => `${ratio} -> ${size}`).join('\n')}`).join('\n\n'), '尺寸映射')}>
-        <div className="space-y-4">
-          {IMAGE_SIZES.map((tier) => (
-            <div key={tier.tier} className="rounded-xl border border-border bg-surface-1 p-4">
-              <div className="mb-3 flex items-center justify-between gap-3">
-                <h3 className="section-title">{tier.tier}</h3>
-                <span className="text-small text-text-tertiary">{tier.note}</span>
-              </div>
-              <div className="grid gap-2 md:grid-cols-2 xl:grid-cols-3">
-                {tier.rows.map(([ratio, size]) => (
-                  <div key={`${tier.tier}-${ratio}`} className="flex items-center justify-between rounded-lg border border-border bg-surface-2 px-3 py-2 text-sm">
-                    <span className="text-text-secondary">{ratio}</span>
-                    <span className="font-mono text-klein-600">{size}</span>
-                  </div>
-                ))}
-              </div>
-            </div>
-          ))}
-        </div>
-      </DocSection>
-
-      <DocSection title="视频参数补充" actionLabel="复制要点" onCopy={() => copy(VIDEO_NOTES.map(([k, v]) => `${k}: ${v}`).join('\n'), '视频要点')}>
-        <div className="grid gap-3 md:grid-cols-2">
-          {VIDEO_NOTES.map(([k, v]) => (
-            <div key={k} className="rounded-lg border border-border bg-surface-2 p-4">
-              <div className="mb-1 text-sm font-medium text-text-primary">{k}</div>
-              <div className="text-small leading-7 text-text-tertiary">{v}</div>
-            </div>
-          ))}
-        </div>
-      </DocSection>
-
-      <DocSection title="Python 示例" actionLabel="复制代码" onCopy={() => copy(PYTHON_SAMPLE, 'Python 示例')}>
-        <CodeBlock>{PYTHON_SAMPLE}</CodeBlock>
-      </DocSection>
-    </div>
-  );
-}
-
-function DocSection({
-  title,
-  actionLabel,
-  onCopy,
-  children,
-}: {
-  title: string;
-  actionLabel: string;
-  onCopy: () => void;
-  children: ReactNode;
-}) {
-  return (
-    <section className="card card-section">
-      <header className="section-header mb-3">
-        <h3 className="section-title">{title}</h3>
-        <button className="btn btn-outline btn-sm" onClick={onCopy} type="button">
-          <Copy size={14} /> {actionLabel}
-        </button>
-      </header>
-      {children}
-    </section>
-  );
-}
-
-function CodeBlock({ children }: { children: ReactNode }) {
-  return (
-    <pre className="overflow-x-auto rounded-md border border-border bg-surface-2 p-4 font-mono text-small leading-7">
-      {children}
-    </pre>
-  );
-}
diff --git a/frontend/apps/user/src/pages/keys/KeysPage.tsx b/frontend/apps/user/src/pages/keys/KeysPage.tsx
deleted file mode 100644
index b685fe63..00000000
--- a/frontend/apps/user/src/pages/keys/KeysPage.tsx
+++ /dev/null
@@ -1,287 +0,0 @@
-import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { useState } from 'react';
-import clsx from 'clsx';
-import { Plus, Copy, Check, Trash2, Power, X, KeyRound } from 'lucide-react';
-
-import { ApiError } from '../../lib/api';
-import { fmtRelative } from '../../lib/format';
-import { keysApi } from '../../lib/services';
-import type { APIKeyCreated } from '../../lib/types';
-import { toast } from '../../stores/toast';
-
-const STATUS_ENABLED = 1;
-
-const SCOPE_OPTIONS = [
-  { value: 'image,video,chat', label: '全部能力' },
-  { value: 'image', label: '仅图像' },
-  { value: 'video', label: '仅视频' },
-  { value: 'image,video', label: '图像 + 视频' },
-];
-
-export default function KeysPage() {
-  const qc = useQueryClient();
-  const [showCreate, setShowCreate] = useState(false);
-  const [createdKey, setCreatedKey] = useState<APIKeyCreated | null>(null);
-
-  const listQ = useQuery({
-    queryKey: ['keys'],
-    queryFn: () => keysApi.list(),
-  });
-
-  const createMut = useMutation({
-    mutationFn: keysApi.create,
-    onSuccess: (data) => {
-      setCreatedKey(data);
-      setShowCreate(false);
-      qc.invalidateQueries({ queryKey: ['keys'] });
-    },
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '创建失败'),
-  });
-
-  const toggleMut = useMutation({
-    mutationFn: keysApi.toggle,
-    onSuccess: () => {
-      qc.invalidateQueries({ queryKey: ['keys'] });
-      toast.success('状态已更新');
-    },
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '操作失败'),
-  });
-
-  const removeMut = useMutation({
-    mutationFn: keysApi.remove,
-    onSuccess: () => {
-      qc.invalidateQueries({ queryKey: ['keys'] });
-      toast.success('已删除');
-    },
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '删除失败'),
-  });
-
-  const keys = listQ.data ?? [];
-
-  return (
-    <div className="page">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">API KEY 管理</h1>
-          <p className="page-subtitle">通过 OpenAI 兼容协议直接调用 gpt2api（仅创建时返回明文，请妥善保存）。</p>
-        </div>
-        <button className="btn btn-primary btn-lg" onClick={() => setShowCreate(true)}>
-          <Plus size={18} /> 创建 KEY
-        </button>
-      </header>
-
-      {createdKey && <CreatedKeyCard data={createdKey} onClose={() => setCreatedKey(null)} />}
-
-      <div className="card overflow-hidden">
-        <div className="overflow-x-auto">
-          <table className="data-table min-w-[760px]">
-            <thead>
-              <tr>
-                <th>名称</th>
-                <th>KEY</th>
-                <th>权限</th>
-                <th>RPM</th>
-                <th>最近使用</th>
-                <th>操作</th>
-              </tr>
-            </thead>
-            <tbody>
-              {listQ.isLoading && (
-                <tr>
-                  <td colSpan={6} className="text-center text-text-tertiary text-small py-10">加载中…</td>
-                </tr>
-              )}
-              {!listQ.isLoading && keys.length === 0 && (
-                <tr>
-                  <td colSpan={6}>
-                    <div className="empty-state">
-                      <span className="empty-state-icon">
-                        <KeyRound size={22} />
-                      </span>
-                      <p className="empty-state-title">还没有 KEY</p>
-                      <p className="empty-state-desc">点击右上角「创建 KEY」即可生成首个 API Key，开启 OpenAI 兼容调用。</p>
-                    </div>
-                  </td>
-                </tr>
-              )}
-              {keys.map((k) => (
-                <tr key={k.id}>
-                  <td className="font-medium text-text-primary">{k.name}</td>
-                  <td className="font-mono text-small text-text-secondary">{k.mask}</td>
-                  <td className="text-text-secondary">{k.scope || '全部'}</td>
-                  <td className="text-text-secondary">{k.rpm_limit || '∞'}</td>
-                  <td className="text-text-tertiary text-small">{fmtRelative(k.last_used_at)}</td>
-                  <td>
-                    <div className="flex justify-end gap-1">
-                      <button
-                        title={k.status === STATUS_ENABLED ? '停用' : '启用'}
-                        className={clsx(
-                          'btn btn-ghost btn-icon btn-sm',
-                          k.status === STATUS_ENABLED ? '' : 'text-warning',
-                        )}
-                        onClick={() => toggleMut.mutate({ id: k.id, enable: k.status !== STATUS_ENABLED })}
-                      >
-                        <Power size={16} />
-                      </button>
-                      <button
-                        title="删除"
-                        className="btn btn-danger-ghost btn-icon btn-sm"
-                        onClick={() => {
-                          if (confirm(`确认删除「${k.name}」?`)) removeMut.mutate(k.id);
-                        }}
-                      >
-                        <Trash2 size={16} />
-                      </button>
-                    </div>
-                  </td>
-                </tr>
-              ))}
-            </tbody>
-          </table>
-        </div>
-      </div>
-
-      {showCreate && (
-        <CreateKeyDialog
-          onClose={() => setShowCreate(false)}
-          onSubmit={(body) => createMut.mutate(body)}
-          submitting={createMut.isPending}
-        />
-      )}
-    </div>
-  );
-}
-
-interface CreateKeyDialogProps {
-  onClose: () => void;
-  onSubmit: (body: {
-    name: string;
-    scope?: string;
-    rpm_limit?: number;
-    daily_quota?: number;
-    expire_days?: number;
-  }) => void;
-  submitting: boolean;
-}
-
-function CreateKeyDialog({ onClose, onSubmit, submitting }: CreateKeyDialogProps) {
-  const [name, setName] = useState('');
-  const [scope, setScope] = useState(SCOPE_OPTIONS[0]!.value);
-  const [rpm, setRpm] = useState(60);
-  const [expireDays, setExpireDays] = useState(0);
-
-  return (
-    <div className="fixed inset-0 z-50 grid place-items-center bg-surface-overlay px-4 backdrop-blur-sm">
-      <div className="dialog-surface w-full max-w-md p-6 klein-fade-in">
-        <header className="flex items-center justify-between mb-5">
-          <h2 className="text-h3 text-text-primary">创建 API KEY</h2>
-          <button className="btn btn-ghost btn-icon btn-sm" onClick={onClose} aria-label="关闭">
-            <X size={16} />
-          </button>
-        </header>
-
-        <div className="space-y-4">
-          <div className="field">
-            <label className="field-label">名称</label>
-            <input
-              className="input"
-              placeholder="例：生产环境 / 本地调试"
-              value={name}
-              onChange={(e) => setName(e.target.value)}
-              maxLength={64}
-            />
-          </div>
-
-          <div className="field">
-            <label className="field-label">权限</label>
-            <select className="select" value={scope} onChange={(e) => setScope(e.target.value)}>
-              {SCOPE_OPTIONS.map((o) => (
-                <option key={o.value} value={o.value}>
-                  {o.label}
-                </option>
-              ))}
-            </select>
-          </div>
-
-          <div className="grid grid-cols-2 gap-3">
-            <div className="field">
-              <label className="field-label">RPM 限速</label>
-              <input
-                type="number"
-                className="input"
-                value={rpm}
-                min={0}
-                max={10000}
-                onChange={(e) => setRpm(Number(e.target.value) || 0)}
-              />
-            </div>
-            <div className="field">
-              <label className="field-label">有效期（天，0=永久）</label>
-              <input
-                type="number"
-                className="input"
-                value={expireDays}
-                min={0}
-                max={3650}
-                onChange={(e) => setExpireDays(Number(e.target.value) || 0)}
-              />
-            </div>
-          </div>
-        </div>
-
-        <div className="mt-6 flex justify-end gap-2">
-          <button className="btn btn-outline btn-md" onClick={onClose}>取消</button>
-          <button
-            className="btn btn-primary btn-md"
-            disabled={!name.trim() || submitting}
-            onClick={() =>
-              onSubmit({
-                name: name.trim(),
-                scope,
-                rpm_limit: rpm,
-                expire_days: expireDays,
-              })
-            }
-          >
-            {submitting ? '创建中…' : '创建'}
-          </button>
-        </div>
-      </div>
-    </div>
-  );
-}
-
-function CreatedKeyCard({ data, onClose }: { data: APIKeyCreated; onClose: () => void }) {
-  const [copied, setCopied] = useState(false);
-  return (
-    <section className="card-tinted card-section mb-5 klein-fade-in">
-      <header className="flex items-center justify-between mb-3">
-        <h3 className="text-h4 text-text-primary">KEY「{data.name}」创建成功</h3>
-        <button className="btn btn-ghost btn-icon btn-sm" onClick={onClose} aria-label="关闭">
-          <X size={16} />
-        </button>
-      </header>
-      <p className="text-small text-text-secondary mb-3">
-        请立即复制以下明文，关闭后将无法再次查看。
-      </p>
-      <div className="flex flex-col sm:flex-row items-stretch gap-2">
-        <code className="flex-1 rounded-sm bg-surface-1 border border-border px-4 py-3 font-mono text-body break-all">
-          {data.plain}
-        </code>
-        <button
-          className="btn btn-primary btn-lg sm:min-w-[120px]"
-          onClick={() => {
-            navigator.clipboard.writeText(data.plain).then(() => {
-              setCopied(true);
-              toast.success('已复制到剪贴板');
-              setTimeout(() => setCopied(false), 2000);
-            });
-          }}
-        >
-          {copied ? <Check size={16} /> : <Copy size={16} />}
-          {copied ? '已复制' : '复制'}
-        </button>
-      </div>
-    </section>
-  );
-}
diff --git a/frontend/apps/user/src/pages/settings/SettingsPage.tsx b/frontend/apps/user/src/pages/settings/SettingsPage.tsx
deleted file mode 100644
index 7e5009e4..00000000
--- a/frontend/apps/user/src/pages/settings/SettingsPage.tsx
+++ /dev/null
@@ -1,174 +0,0 @@
-import { useState } from 'react';
-import { useMutation } from '@tanstack/react-query';
-import { useForm } from 'react-hook-form';
-import { z } from 'zod';
-import { zodResolver } from '@hookform/resolvers/zod';
-import clsx from 'clsx';
-
-import { applyThemeMode, type ThemeMode } from '@kleinai/theme';
-
-import { ApiError } from '../../lib/api';
-import { fmtPoints, fmtTime } from '../../lib/format';
-import { authApi } from '../../lib/services';
-import { useAuthStore } from '../../stores/auth';
-import { toast } from '../../stores/toast';
-
-const pwdSchema = z
-  .object({
-    old_password: z.string().min(6, '原密码至少 6 位'),
-    new_password: z
-      .string()
-      .min(8, '新密码至少 8 位')
-      .regex(/[A-Za-z]/, '需包含字母')
-      .regex(/[0-9]/, '需包含数字'),
-    confirm: z.string(),
-  })
-  .refine((d) => d.new_password === d.confirm, {
-    message: '两次密码不一致',
-    path: ['confirm'],
-  });
-
-type PwdForm = z.infer<typeof pwdSchema>;
-
-export default function SettingsPage() {
-  const me = useAuthStore((s) => s.me);
-  const [mode, setLocalMode] = useState<ThemeMode>(
-    (localStorage.getItem('klein:theme') as ThemeMode | null) ?? 'light',
-  );
-
-  const setTheme = (m: ThemeMode) => {
-    applyThemeMode(m);
-    localStorage.setItem('klein:theme', m);
-    setLocalMode(m);
-  };
-
-  const {
-    register,
-    handleSubmit,
-    reset,
-    formState: { errors },
-  } = useForm<PwdForm>({
-    resolver: zodResolver(pwdSchema),
-    defaultValues: { old_password: '', new_password: '', confirm: '' },
-  });
-
-  const pwdMut = useMutation({
-    mutationFn: (body: { old_password: string; new_password: string }) =>
-      authApi.changePassword(body),
-    onSuccess: () => {
-      toast.success('密码修改成功');
-      reset();
-    },
-    onError: (e) => toast.error(e instanceof ApiError ? e.message : '修改失败'),
-  });
-
-  const themeOptions: { value: ThemeMode; label: string; desc: string }[] = [
-    { value: 'light', label: '浅色', desc: '默认界面 · 简洁' },
-    { value: 'dark', label: '深色', desc: '高对比显示' },
-    { value: 'system', label: '跟随系统', desc: '自动切换' },
-  ];
-
-  return (
-    <div className="page">
-      <header className="page-header">
-        <div>
-          <h1 className="page-title">个人设置</h1>
-          <p className="page-subtitle">基础资料 · 主题偏好 · 安全设置</p>
-        </div>
-      </header>
-
-      <section className="card card-section mb-4">
-        <h3 className="section-title mb-4">资料</h3>
-        <div className="grid sm:grid-cols-2 gap-3">
-          <Field label="UID" value={me?.uid?.toString() ?? '—'} />
-          <Field label="UUID" value={me?.uuid ?? '—'} mono />
-          <Field label="账号" value={me?.username || me?.email || me?.phone || '—'} />
-          <Field label="邀请码" value={me?.invite_code ?? '—'} mono />
-          <Field label="套餐" value={me?.plan_code?.toUpperCase() ?? 'FREE'} />
-          <Field label="可用点数" value={fmtPoints(me?.points ?? 0)} />
-          <Field label="冻结点数" value={fmtPoints(me?.frozen_points ?? 0)} />
-          <Field label="注册时间" value={fmtTime(me?.created_at ?? 0)} />
-        </div>
-      </section>
-
-      <section className="card card-section mb-4">
-        <h3 className="section-title mb-4">主题偏好</h3>
-        <div className="grid grid-cols-1 sm:grid-cols-3 gap-2">
-          {themeOptions.map((o) => (
-            <button
-              key={o.value}
-              className={clsx(
-                'rounded-md border px-4 py-3 text-left transition',
-                mode === o.value
-                  ? 'border-klein-500 bg-klein-gradient-soft text-text-primary shadow-1'
-                  : 'border-border bg-surface-1 hover:border-border-strong',
-              )}
-              onClick={() => setTheme(o.value)}
-            >
-              <p className="font-semibold text-body">{o.label}</p>
-              <p className="text-small text-text-tertiary mt-0.5">{o.desc}</p>
-            </button>
-          ))}
-        </div>
-      </section>
-
-      <section className="card card-section">
-        <h3 className="section-title mb-4">修改密码</h3>
-        <form
-          className="grid sm:grid-cols-2 gap-3"
-          onSubmit={handleSubmit((d) =>
-            pwdMut.mutate({ old_password: d.old_password, new_password: d.new_password }),
-          )}
-          noValidate
-        >
-          <div className="field sm:col-span-2">
-            <label className="field-label">原密码</label>
-            <input
-              type="password"
-              className={clsx('input', errors.old_password && 'input-error')}
-              autoComplete="current-password"
-              {...register('old_password')}
-            />
-            {errors.old_password && <p className="field-error">{errors.old_password.message}</p>}
-          </div>
-          <div className="field">
-            <label className="field-label">新密码</label>
-            <input
-              type="password"
-              className={clsx('input', errors.new_password && 'input-error')}
-              autoComplete="new-password"
-              {...register('new_password')}
-            />
-            {errors.new_password && <p className="field-error">{errors.new_password.message}</p>}
-          </div>
-          <div className="field">
-            <label className="field-label">确认密码</label>
-            <input
-              type="password"
-              className={clsx('input', errors.confirm && 'input-error')}
-              autoComplete="new-password"
-              {...register('confirm')}
-            />
-            {errors.confirm && <p className="field-error">{errors.confirm.message}</p>}
-          </div>
-          <div className="sm:col-span-2 flex justify-end">
-            <button className="btn btn-primary btn-lg" disabled={pwdMut.isPending}>
-              {pwdMut.isPending ? '保存中…' : '保存修改'}
-            </button>
-          </div>
-        </form>
-      </section>
-    </div>
-  );
-}
-
-function Field({ label, value, mono }: { label: string; value: string; mono?: boolean }) {
-  return (
-    <div className="rounded-md bg-surface-2 border border-border px-4 py-3">
-      <p className="text-tiny text-text-tertiary uppercase tracking-wider">{label}</p>
-      <p className={clsx('mt-1 text-text-primary break-all', mono ? 'font-mono text-small' : 'text-body font-medium')}>
-        {value}
-      </p>
-    </div>
-  );
-}
diff --git a/frontend/apps/user/src/routes/RequireAuth.tsx b/frontend/apps/user/src/routes/RequireAuth.tsx
deleted file mode 100644
index 862dd55f..00000000
--- a/frontend/apps/user/src/routes/RequireAuth.tsx
+++ /dev/null
@@ -1,41 +0,0 @@
-import { useEffect } from 'react';
-import { Navigate, Outlet, useLocation } from 'react-router-dom';
-
-import { LoadingScreen } from '../components/LoadingScreen';
-import { useAuthStore } from '../stores/auth';
-import { useLoginGateStore } from '../stores/loginGate';
-
-/**
- * 受保护页面外层。未登录时：
- *   1. 弹出登录浮层（hint = 该页面需要登录）
- *   2. 重定向回首页（/create/image），避免显示半截内容
- * 登录成功后用户可手动再点对应入口。
- */
-export function RequireAuth() {
-  const token = useAuthStore((s) => s.token);
-  const me = useAuthStore((s) => s.me);
-  const loading = useAuthStore((s) => s.loading);
-  const refreshMe = useAuthStore((s) => s.refreshMe);
-  const openGate = useLoginGateStore((s) => s.openGate);
-  const loc = useLocation();
-
-  useEffect(() => {
-    if (token && !me) {
-      void refreshMe();
-    }
-  }, [token, me, refreshMe]);
-
-  useEffect(() => {
-    if (!token) {
-      openGate({ hint: '该页面需要登录后访问' });
-    }
-  }, [token, openGate]);
-
-  if (!token) {
-    return <Navigate to="/" replace state={{ from: loc.pathname + loc.search }} />;
-  }
-  if (!me && loading) {
-    return <LoadingScreen />;
-  }
-  return <Outlet />;
-}
diff --git a/frontend/apps/user/src/stores/auth.ts b/frontend/apps/user/src/stores/auth.ts
deleted file mode 100644
index f5aee1ab..00000000
--- a/frontend/apps/user/src/stores/auth.ts
+++ /dev/null
@@ -1,58 +0,0 @@
-// 用户认证 store：token + 当前用户信息。
-import { create } from 'zustand';
-
-import { clearToken, loadToken, saveToken, type StoredToken } from '../lib/api';
-import { authApi } from '../lib/services';
-import type { MeResp, TokenPair } from '../lib/types';
-
-interface AuthState {
-  token: StoredToken | null;
-  me: MeResp | null;
-  loading: boolean;
-  setToken: (tok: TokenPair | null) => void;
-  setMe: (m: MeResp | null) => void;
-  refreshMe: () => Promise<MeResp | null>;
-  logout: () => Promise<void>;
-}
-
-export const useAuthStore = create<AuthState>((set, get) => ({
-  token: loadToken(),
-  me: null,
-  loading: false,
-
-  setToken: (tok) => {
-    if (!tok) {
-      clearToken();
-      set({ token: null, me: null });
-      return;
-    }
-    set({ token: saveToken(tok) });
-  },
-
-  setMe: (m) => set({ me: m }),
-
-  refreshMe: async () => {
-    if (!get().token) return null;
-    set({ loading: true });
-    try {
-      const me = await authApi.me();
-      set({ me, loading: false });
-      return me;
-    } catch {
-      set({ loading: false });
-      return null;
-    }
-  },
-
-  logout: async () => {
-    try {
-      await authApi.logout();
-    } catch {
-      // ignore
-    }
-    clearToken();
-    set({ token: null, me: null });
-  },
-}));
-
-export const isAuthed = () => !!useAuthStore.getState().token;
diff --git a/frontend/apps/user/src/stores/loginGate.ts b/frontend/apps/user/src/stores/loginGate.ts
deleted file mode 100644
index c239c741..00000000
--- a/frontend/apps/user/src/stores/loginGate.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-// 登录浮层状态机：
-// - 任何位置调用 useLoginGate().require(action) 即可
-//   * 已登录：直接执行 action
-//   * 未登录：打开浮层，登录成功后自动执行 action
-// - 浮层内部由 <LoginGate /> 渲染（在 App.tsx 挂一份）
-import { create } from 'zustand';
-
-interface LoginGateState {
-  open: boolean;
-  /** 登录成功后回调（用于断点续做被拦截的动作） */
-  pending: (() => void) | null;
-  /** 引导文案（不同业务可自定义，如 "登录后即可生成"） */
-  hint: string;
-  /** 默认进入哪个 tab：login | register */
-  initialTab: 'login' | 'register';
-  openGate: (opts?: { hint?: string; tab?: 'login' | 'register'; onLoggedIn?: () => void }) => void;
-  closeGate: () => void;
-  /** 内部使用：登录/注册成功时触发 */
-  resolve: () => void;
-}
-
-export const useLoginGateStore = create<LoginGateState>((set, get) => ({
-  open: false,
-  pending: null,
-  hint: '登录后即可继续',
-  initialTab: 'login',
-
-  openGate: (opts) =>
-    set({
-      open: true,
-      hint: opts?.hint ?? '登录后即可继续',
-      initialTab: opts?.tab ?? 'login',
-      pending: opts?.onLoggedIn ?? null,
-    }),
-
-  closeGate: () => set({ open: false, pending: null }),
-
-  resolve: () => {
-    const cb = get().pending;
-    set({ open: false, pending: null });
-    if (cb) {
-      // 让 zustand state 先 commit，再回放动作
-      Promise.resolve().then(cb);
-    }
-  },
-}));
diff --git a/frontend/apps/user/src/stores/toast.ts b/frontend/apps/user/src/stores/toast.ts
deleted file mode 100644
index 5ab7d38a..00000000
--- a/frontend/apps/user/src/stores/toast.ts
+++ /dev/null
@@ -1,36 +0,0 @@
-// 极简 toast 通知 store。
-import { create } from 'zustand';
-
-export type ToastKind = 'success' | 'error' | 'info';
-
-export interface Toast {
-  id: number;
-  kind: ToastKind;
-  msg: string;
-}
-
-interface ToastState {
-  items: Toast[];
-  push: (kind: ToastKind, msg: string) => void;
-  dismiss: (id: number) => void;
-}
-
-let _seq = 1;
-
-export const useToastStore = create<ToastState>((set) => ({
-  items: [],
-  push: (kind, msg) => {
-    const id = _seq++;
-    set((s) => ({ items: [...s.items, { id, kind, msg }] }));
-    setTimeout(() => {
-      set((s) => ({ items: s.items.filter((t) => t.id !== id) }));
-    }, 3500);
-  },
-  dismiss: (id) => set((s) => ({ items: s.items.filter((t) => t.id !== id) })),
-}));
-
-export const toast = {
-  success: (msg: string) => useToastStore.getState().push('success', msg),
-  error: (msg: string) => useToastStore.getState().push('error', msg),
-  info: (msg: string) => useToastStore.getState().push('info', msg),
-};
diff --git a/frontend/apps/user/tailwind.config.ts b/frontend/apps/user/tailwind.config.ts
deleted file mode 100644
index 81ee7741..00000000
--- a/frontend/apps/user/tailwind.config.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-import type { Config } from 'tailwindcss';
-import preset from '../../packages/theme/src/tailwind.preset';
-
-export default {
-  presets: [preset],
-  content: [
-    './index.html',
-    './src/**/*.{ts,tsx}',
-    '../../packages/ui/src/**/*.{ts,tsx}',
-  ],
-} satisfies Config;
diff --git a/frontend/apps/user/tsconfig.json b/frontend/apps/user/tsconfig.json
deleted file mode 100644
index bffc9416..00000000
--- a/frontend/apps/user/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  "extends": "../../tsconfig.base.json",
-  "compilerOptions": {
-    "moduleResolution": "Bundler",
-    "noEmit": true,
-    "types": ["vite/client"]
-  },
-  "include": ["src", "../../packages/theme/src"]
-}
diff --git a/frontend/apps/user/vite.config.ts b/frontend/apps/user/vite.config.ts
deleted file mode 100644
index 68c8689a..00000000
--- a/frontend/apps/user/vite.config.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-import { defineConfig } from 'vite';
-import react from '@vitejs/plugin-react';
-import path from 'node:path';
-
-export default defineConfig({
-  plugins: [react()],
-  resolve: {
-    alias: {
-      '@': path.resolve(__dirname, 'src'),
-      '@kleinai/theme': path.resolve(__dirname, '../../packages/theme/src'),
-    },
-  },
-  server: {
-    port: 5173,
-    host: true,
-    proxy: {
-      '/api': {
-        target: 'http://127.0.0.1:17180',
-        changeOrigin: true,
-      },
-      '/v1': {
-        target: 'http://127.0.0.1:17200',
-        changeOrigin: true,
-      },
-    },
-  },
-  build: {
-    target: 'es2020',
-    sourcemap: false,
-    cssCodeSplit: true,
-  },
-});
diff --git a/frontend/package.json b/frontend/package.json
deleted file mode 100644
index 23661633..00000000
--- a/frontend/package.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "name": "kleinai-frontend",
-  "version": "0.1.0",
-  "private": true,
-  "packageManager": "pnpm@9.7.0",
-  "scripts": {
-    "dev:user": "pnpm --filter @kleinai/user dev",
-    "dev:admin": "pnpm --filter @kleinai/admin dev",
-    "build": "pnpm -r --filter ./apps/* build",
-    "lint": "pnpm -r lint",
-    "typecheck": "pnpm -r typecheck",
-    "format": "prettier --write \"**/*.{ts,tsx,css,md,json}\""
-  },
-  "devDependencies": {
-    "@types/node": "^20.14.10",
-    "eslint": "^9.10.0",
-    "prettier": "^3.3.3",
-    "typescript": "^5.5.3"
-  }
-}
diff --git a/frontend/packages/theme/package.json b/frontend/packages/theme/package.json
deleted file mode 100644
index 7a0c92a8..00000000
--- a/frontend/packages/theme/package.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  "name": "@kleinai/theme",
-  "version": "0.1.0",
-  "private": true,
-  "type": "module",
-  "main": "./src/index.ts",
-  "types": "./src/index.ts",
-  "exports": {
-    ".": "./src/index.ts",
-    "./tokens.css": "./src/tokens.css",
-    "./components.css": "./src/components.css",
-    "./animations.css": "./src/animations.css",
-    "./preset": "./src/tailwind.preset.ts"
-  },
-  "scripts": {
-    "typecheck": "tsc --noEmit"
-  },
-  "peerDependencies": {
-    "tailwindcss": "^3.4.0"
-  },
-  "devDependencies": {
-    "tailwindcss": "^3.4.10",
-    "typescript": "^5.5.3"
-  }
-}
diff --git a/frontend/packages/theme/src/animations.css b/frontend/packages/theme/src/animations.css
deleted file mode 100644
index 778bd472..00000000
--- a/frontend/packages/theme/src/animations.css
+++ /dev/null
@@ -1,62 +0,0 @@
-/* ===========================================================
-   KleinAI · 动画与微交互
-   =========================================================== */
-
-@keyframes klein-fade-in {
-  from { opacity: 0; transform: translateY(8px); }
-  to   { opacity: 1; transform: translateY(0); }
-}
-
-@keyframes klein-pulse {
-  0%, 100% { box-shadow: 0 0 0 0 rgba(30, 61, 255, .55); }
-  50%      { box-shadow: 0 0 0 12px rgba(30, 61, 255, 0); }
-}
-
-@keyframes klein-shimmer {
-  0%   { background-position: -200% 0; }
-  100% { background-position: 200% 0; }
-}
-
-@keyframes klein-flow {
-  0%   { background-position: 0% 50%; }
-  100% { background-position: 100% 50%; }
-}
-
-.klein-fade-in {
-  animation: klein-fade-in .25s cubic-bezier(.4, 0, .2, 1) both;
-}
-
-.klein-pulse {
-  animation: klein-pulse 2s infinite;
-}
-
-.klein-skeleton {
-  background: linear-gradient(
-    90deg,
-    rgba(0, 47, 167, .06) 0%,
-    rgba(30, 61, 255, .14) 50%,
-    rgba(0, 47, 167, .06) 100%
-  );
-  background-size: 200% 100%;
-  animation: klein-shimmer 1.6s linear infinite;
-  border-radius: var(--radius-md);
-}
-
-.klein-glow-text {
-  background: var(--klein-gradient);
-  -webkit-background-clip: text;
-  background-clip: text;
-  color: transparent;
-  background-size: 200% auto;
-  animation: klein-flow 4s ease-in-out infinite alternate;
-}
-
-@media (prefers-reduced-motion: reduce) {
-  *,
-  *::before,
-  *::after {
-    animation-duration: 0.01ms !important;
-    animation-iteration-count: 1 !important;
-    transition-duration: 0.01ms !important;
-  }
-}
diff --git a/frontend/packages/theme/src/components.css b/frontend/packages/theme/src/components.css
deleted file mode 100644
index a9935777..00000000
--- a/frontend/packages/theme/src/components.css
+++ /dev/null
@@ -1,781 +0,0 @@
-/* ===========================================================
-   gpt2api · UI Pro 组件层
-   仅依赖 tokens.css 与 Tailwind 工具类。命名以 BEM-lite 为基础。
-   入口在每个 app 的 main.tsx 中显式引用 @kleinai/theme/components.css
-   =========================================================== */
-
-/* -------------------------------------------------------------
-   1. Typography helpers
-   ----------------------------------------------------------- */
-@layer components {
-  .text-display     { font-size: var(--fs-display); line-height: var(--lh-tight); letter-spacing: var(--tracking-tight); font-weight: var(--weight-bold); }
-  .text-h1          { font-size: var(--fs-h1);      line-height: var(--lh-tight); letter-spacing: var(--tracking-tight); font-weight: var(--weight-bold); }
-  .text-h2          { font-size: var(--fs-h2);      line-height: var(--lh-snug);  letter-spacing: var(--tracking-tight); font-weight: var(--weight-semibold); }
-  .text-h3          { font-size: var(--fs-h3);      line-height: var(--lh-snug);  font-weight: var(--weight-semibold); }
-  .text-h4          { font-size: var(--fs-h4);      line-height: var(--lh-snug);  font-weight: var(--weight-semibold); }
-  .text-body        { font-size: var(--fs-body);    line-height: var(--lh-normal); }
-  .text-small       { font-size: var(--fs-small);   line-height: var(--lh-normal); }
-  .text-tiny        { font-size: var(--fs-tiny);    line-height: var(--lh-snug);  letter-spacing: var(--tracking-wide); }
-  .text-overline    { font-size: var(--fs-tiny);    line-height: var(--lh-snug);  letter-spacing: var(--tracking-wider); text-transform: uppercase; font-weight: var(--weight-semibold); color: var(--text-tertiary); }
-
-  .text-mono        { font-family: var(--font-mono); font-feature-settings: 'tnum' 1, 'liga' 0; }
-
-  .gradient-text {
-    background: var(--klein-gradient);
-    -webkit-background-clip: text;
-    background-clip: text;
-    color: transparent;
-    font-weight: var(--weight-bold);
-  }
-}
-
-/* -------------------------------------------------------------
-   2. Buttons · 五个语义 + 五个尺寸
-   语义：primary / secondary / ghost / outline / danger / link
-   尺寸：xs / sm / md(默认) / lg / xl
-   修饰：btn-icon (方形仅图标) / btn-block (整宽)
-   ----------------------------------------------------------- */
-@layer components {
-  .btn {
-    display: inline-flex;
-    align-items: center;
-    justify-content: center;
-    gap: var(--ctl-gap);
-    height: var(--ctl-h-lg);
-    padding-inline: var(--ctl-px-lg);
-    border-radius: var(--ctl-radius);
-    font-size: var(--fs-body);
-    font-weight: var(--weight-semibold);
-    line-height: 1;
-    white-space: nowrap;
-    user-select: none;
-    border: 1px solid transparent;
-    background: transparent;
-    color: var(--text-primary);
-    cursor: pointer;
-    transition: background var(--duration-base) var(--ease-out),
-                color var(--duration-base) var(--ease-out),
-                border-color var(--duration-base) var(--ease-out),
-                box-shadow var(--duration-base) var(--ease-out),
-                transform var(--duration-fast) var(--ease-out);
-  }
-  .btn:disabled,
-  .btn[aria-disabled='true'] {
-    opacity: .55;
-    cursor: not-allowed;
-  }
-  .btn:active:not(:disabled):not([aria-disabled='true']) {
-    transform: translateY(1px);
-  }
-
-  /* 尺寸 */
-  .btn-xs { height: var(--ctl-h-xs); padding-inline: var(--ctl-px-sm); font-size: var(--fs-tiny); border-radius: var(--radius-xs); gap: 4px; }
-  .btn-sm { height: var(--ctl-h-sm); padding-inline: var(--ctl-px-md); font-size: var(--fs-small); }
-  .btn-md { height: var(--ctl-h-md); padding-inline: var(--ctl-px-md); font-size: var(--fs-small); }
-  .btn-lg { height: var(--ctl-h-lg); padding-inline: var(--ctl-px-lg); font-size: var(--fs-body); }
-  .btn-xl { height: var(--ctl-h-xl); padding-inline: var(--ctl-px-xl); font-size: var(--fs-body); }
-  .btn-block { display: flex; width: 100%; }
-
-  .btn-icon { padding-inline: 0; aspect-ratio: 1 / 1; gap: 0; }
-  .btn-icon.btn-xs { width: var(--ctl-h-xs); }
-  .btn-icon.btn-sm { width: var(--ctl-h-sm); }
-  .btn-icon.btn-md { width: var(--ctl-h-md); }
-  .btn-icon.btn-lg { width: var(--ctl-h-lg); }
-  .btn-icon.btn-xl { width: var(--ctl-h-xl); }
-
-  /* 语义 · primary（克莱因蓝渐变） */
-  .btn-primary {
-    background-image: var(--klein-gradient);
-    color: var(--text-on-klein);
-    box-shadow: var(--klein-glow-soft);
-    border-color: transparent;
-  }
-  .btn-primary:hover:not(:disabled):not([aria-disabled='true']) {
-    box-shadow: var(--klein-glow);
-    filter: brightness(1.05);
-  }
-
-  /* 语义 · secondary（克莱因蓝弱底，常用于次级 CTA） */
-  .btn-secondary {
-    background: var(--info-soft);
-    color: var(--klein-500);
-    border-color: rgba(30, 61, 255, .25);
-  }
-  .btn-secondary:hover:not(:disabled):not([aria-disabled='true']) {
-    background: rgba(30, 61, 255, .18);
-    border-color: var(--klein-500);
-  }
-
-  /* 语义 · outline（中性边框） */
-  .btn-outline {
-    background: var(--surface-1);
-    color: var(--text-primary);
-    border-color: var(--border-strong);
-  }
-  .btn-outline:hover:not(:disabled):not([aria-disabled='true']) {
-    border-color: var(--klein-500);
-    color: var(--klein-500);
-  }
-
-  /* 语义 · ghost（无背景） */
-  .btn-ghost {
-    background: transparent;
-    color: var(--text-secondary);
-  }
-  .btn-ghost:hover:not(:disabled):not([aria-disabled='true']) {
-    background: var(--surface-2);
-    color: var(--text-primary);
-  }
-
-  /* 语义 · danger */
-  .btn-danger {
-    background: var(--danger-500);
-    color: #fff;
-    box-shadow: 0 4px 14px rgba(220, 38, 38, .25);
-  }
-  .btn-danger:hover:not(:disabled):not([aria-disabled='true']) {
-    background: var(--danger-600);
-    box-shadow: 0 6px 18px rgba(220, 38, 38, .35);
-  }
-  .btn-danger-ghost {
-    background: transparent;
-    color: var(--danger-500);
-  }
-  .btn-danger-ghost:hover:not(:disabled):not([aria-disabled='true']) {
-    background: var(--danger-soft);
-  }
-
-  /* 语义 · link（行内文字按钮） */
-  .btn-link {
-    background: transparent;
-    color: var(--link);
-    padding-inline: 0;
-    height: auto;
-    text-decoration: none;
-  }
-  .btn-link:hover:not(:disabled):not([aria-disabled='true']) {
-    color: var(--link-hover);
-    text-decoration: underline;
-  }
-
-  /* 旧 alias，确保渐进迁移不破坏现有页面 */
-  .btn-klein { @apply btn btn-primary btn-md; }
-}
-
-/* -------------------------------------------------------------
-   3. Form controls
-   ----------------------------------------------------------- */
-@layer components {
-  .field {
-    display: flex;
-    flex-direction: column;
-    gap: 6px;
-    min-width: 0;
-  }
-  .field-label {
-    font-size: var(--fs-small);
-    font-weight: var(--weight-medium);
-    color: var(--text-secondary);
-  }
-  .field-hint {
-    font-size: var(--fs-small);
-    color: var(--text-tertiary);
-    line-height: var(--lh-normal);
-  }
-  .field-error {
-    font-size: var(--fs-small);
-    color: var(--danger-500);
-    line-height: var(--lh-snug);
-  }
-
-  .input,
-  .select,
-  .textarea {
-    width: 100%;
-    min-width: 0;
-    height: var(--ctl-h-lg);
-    padding: 0 var(--ctl-px-md);
-    font-size: var(--fs-body);
-    font-family: inherit;
-    color: var(--text-primary);
-    background: var(--surface-1);
-    border: 1px solid var(--border-default);
-    border-radius: var(--ctl-radius);
-    transition: border-color var(--duration-base) var(--ease-out),
-                box-shadow var(--duration-base) var(--ease-out),
-                background var(--duration-base) var(--ease-out);
-  }
-  .input::placeholder,
-  .textarea::placeholder { color: var(--text-tertiary); }
-
-  .input:hover:not(:disabled):not(:focus),
-  .select:hover:not(:disabled):not(:focus),
-  .textarea:hover:not(:disabled):not(:focus) {
-    border-color: var(--border-strong);
-  }
-  .input:focus,
-  .select:focus,
-  .textarea:focus {
-    outline: none;
-    border-color: var(--klein-500);
-    box-shadow: var(--focus-ring);
-  }
-  .input:disabled,
-  .select:disabled,
-  .textarea:disabled {
-    background: var(--surface-2);
-    color: var(--text-disabled);
-    cursor: not-allowed;
-  }
-
-  .textarea {
-    height: auto;
-    min-height: 96px;
-    padding: 10px var(--ctl-px-md);
-    line-height: var(--lh-normal);
-    resize: vertical;
-  }
-
-  .input-sm, .select-sm, .textarea-sm {
-    height: var(--ctl-h-md);
-    padding-inline: var(--ctl-px-sm);
-    font-size: var(--fs-small);
-  }
-  .input-lg, .select-lg, .textarea-lg {
-    height: var(--ctl-h-xl);
-    padding-inline: var(--ctl-px-lg);
-  }
-
-  .input-error,
-  .select-error,
-  .textarea-error {
-    border-color: var(--danger-500);
-  }
-  .input-error:focus,
-  .select-error:focus,
-  .textarea-error:focus {
-    box-shadow: var(--focus-ring-danger);
-  }
-
-  /* 输入框 + 前后图标 */
-  .input-group {
-    display: flex;
-    align-items: stretch;
-    gap: 6px;
-  }
-  .input-affix {
-    position: relative;
-    display: flex;
-    align-items: center;
-    width: 100%;
-    min-width: 0;
-  }
-  .input-affix > .input { padding-left: 38px; }
-  .input-affix > .input.input-affix-end { padding-left: var(--ctl-px-md); padding-right: 38px; }
-  .input-affix > .input-affix-icon {
-    position: absolute;
-    left: 12px;
-    color: var(--text-tertiary);
-    pointer-events: none;
-    display: inline-flex;
-  }
-  .input-affix > .input-affix-icon-end {
-    left: auto;
-    right: 12px;
-  }
-
-  /* 旧 alias */
-  .input-klein { @apply input; }
-
-  /* Checkbox / Radio（极简方案） */
-  .checkbox,
-  .radio {
-    appearance: none;
-    width: 16px;
-    height: 16px;
-    border: 1.5px solid var(--border-strong);
-    background: var(--surface-1);
-    transition: background var(--duration-fast) var(--ease-out),
-                border-color var(--duration-fast) var(--ease-out);
-    cursor: pointer;
-    flex-shrink: 0;
-  }
-  .checkbox { border-radius: 4px; }
-  .radio    { border-radius: 999px; }
-  .checkbox:checked,
-  .radio:checked {
-    background: var(--klein-500);
-    border-color: var(--klein-500);
-  }
-  .checkbox:checked::after {
-    content: '';
-    display: block;
-    width: 5px; height: 9px;
-    margin: 0 auto;
-    border: solid #fff;
-    border-width: 0 2px 2px 0;
-    transform: translateY(1px) rotate(45deg);
-  }
-  .radio:checked::after {
-    content: '';
-    display: block;
-    width: 6px; height: 6px;
-    margin: 4px auto;
-    border-radius: 999px;
-    background: #fff;
-  }
-}
-
-/* -------------------------------------------------------------
-   4. Cards / Panels / Surfaces
-   ----------------------------------------------------------- */
-@layer components {
-  .card {
-    background: var(--surface-1);
-    border: 1px solid var(--border-default);
-    border-radius: var(--radius-lg);
-    box-shadow: var(--shadow-1);
-  }
-  .card-flat {
-    background: var(--surface-1);
-    border: 1px solid var(--border-default);
-    border-radius: var(--radius-lg);
-  }
-  .card-elevated {
-    background: var(--surface-1);
-    border: 1px solid var(--border-default);
-    border-radius: var(--radius-lg);
-    box-shadow: var(--shadow-3);
-  }
-  .card-glass {
-    background: var(--surface-glass);
-    border: 1px solid var(--border-default);
-    border-radius: var(--radius-lg);
-    box-shadow: var(--shadow-2);
-    backdrop-filter: blur(12px);
-  }
-  .card-gradient {
-    background: var(--klein-gradient);
-    color: var(--text-on-klein);
-    border-radius: var(--radius-lg);
-    box-shadow: var(--klein-glow-soft);
-  }
-  .card-tinted {
-    background: var(--klein-gradient-soft);
-    border: 1px solid rgba(30, 61, 255, .25);
-    border-radius: var(--radius-lg);
-  }
-  .card-section {
-    padding: var(--space-5);
-  }
-  @media (min-width: 1024px) {
-    .card-section { padding: var(--space-6); }
-  }
-
-  /* 旧 alias */
-  .glass-card { @apply card-glass; }
-}
-
-/* -------------------------------------------------------------
-   5. Badges / Chips / Tags / KBD
-   ----------------------------------------------------------- */
-@layer components {
-  .badge {
-    display: inline-flex;
-    align-items: center;
-    gap: 4px;
-    height: 20px;
-    padding: 0 8px;
-    border-radius: var(--radius-pill);
-    font-size: var(--fs-tiny);
-    font-weight: var(--weight-semibold);
-    letter-spacing: var(--tracking-wide);
-    line-height: 1;
-    background: var(--surface-2);
-    color: var(--text-secondary);
-    white-space: nowrap;
-  }
-  .badge-klein   { background: var(--info-soft);    color: var(--klein-500); }
-  .badge-success { background: var(--success-soft); color: var(--success-500); }
-  .badge-warning { background: var(--warning-soft); color: var(--warning-500); }
-  .badge-danger  { background: var(--danger-soft);  color: var(--danger-500); }
-  .badge-solid   { background: var(--klein-500);    color: #fff; }
-  .badge-outline {
-    background: transparent;
-    border: 1px solid var(--border-strong);
-    color: var(--text-secondary);
-  }
-
-  .chip {
-    display: inline-flex;
-    align-items: center;
-    gap: 6px;
-    height: 28px;
-    padding: 0 10px;
-    border-radius: var(--radius-pill);
-    background: var(--surface-2);
-    color: var(--text-secondary);
-    font-size: var(--fs-small);
-    font-weight: var(--weight-medium);
-    cursor: pointer;
-    transition: background var(--duration-fast) var(--ease-out),
-                color var(--duration-fast) var(--ease-out);
-    border: 1px solid transparent;
-  }
-  .chip:hover { background: var(--surface-3); color: var(--text-primary); }
-  .chip-active {
-    background: var(--klein-gradient);
-    color: var(--text-on-klein);
-  }
-  .chip-active:hover { color: var(--text-on-klein); }
-  .chip-outline {
-    background: transparent;
-    border-color: var(--border-default);
-  }
-
-  .kbd {
-    display: inline-flex;
-    align-items: center;
-    height: 20px;
-    padding: 0 6px;
-    border: 1px solid var(--border-default);
-    border-bottom-width: 2px;
-    border-radius: var(--radius-xs);
-    font-family: var(--font-mono);
-    font-size: var(--fs-tiny);
-    color: var(--text-secondary);
-    background: var(--surface-1);
-  }
-}
-
-/* -------------------------------------------------------------
-   6. Page header / Section header
-   ----------------------------------------------------------- */
-@layer components {
-  /* 所有内容页统一的水平内边距与最大宽度。
-     默认 max-width 1280px，已充分覆盖侧栏外的可阅读宽度；
-     padding 在三档断点之间稳定阶梯，确保左右间距一致。 */
-  .page {
-    padding: var(--space-5) var(--space-5);
-    max-width: 1280px;
-    margin-inline: auto;
-    width: 100%;
-  }
-  @media (min-width: 768px)  { .page { padding: var(--space-6) var(--space-6); } }
-  @media (min-width: 1280px) { .page { padding: var(--space-8) var(--space-8); } }
-
-  /* 文档/表单/落地页等需要更窄阅读栏宽的页面 */
-  .page-narrow { max-width: 880px; }
-  /* 数据后台等需要更宽布局，仅 admin 用 */
-  .page-wide   { max-width: 1440px; }
-
-  .page-header {
-    display: flex;
-    flex-wrap: wrap;
-    align-items: flex-end;
-    justify-content: space-between;
-    gap: var(--space-4);
-    margin-bottom: var(--space-5);
-  }
-  .page-title {
-    font-size: var(--fs-h1);
-    line-height: var(--lh-tight);
-    letter-spacing: var(--tracking-tight);
-    font-weight: var(--weight-bold);
-    color: var(--text-primary);
-  }
-  .page-subtitle {
-    margin-top: 4px;
-    font-size: var(--fs-small);
-    color: var(--text-secondary);
-    line-height: var(--lh-normal);
-  }
-
-  .section {
-    display: flex;
-    flex-direction: column;
-    gap: var(--space-3);
-  }
-  .section-header {
-    display: flex;
-    flex-wrap: wrap;
-    align-items: center;
-    gap: var(--space-3);
-    justify-content: space-between;
-  }
-  .section-title {
-    display: inline-flex;
-    align-items: center;
-    gap: 8px;
-    font-size: var(--fs-h4);
-    font-weight: var(--weight-semibold);
-    color: var(--text-primary);
-  }
-}
-
-/* -------------------------------------------------------------
-   7. Stat tiles / KPI blocks
-   ----------------------------------------------------------- */
-@layer components {
-  .stat-grid {
-    display: grid;
-    grid-template-columns: repeat(auto-fill, minmax(min(220px, 100%), 1fr));
-    gap: var(--space-4);
-  }
-  .stat-tile {
-    background: var(--surface-1);
-    border: 1px solid var(--border-default);
-    border-radius: var(--radius-lg);
-    padding: var(--space-5);
-    display: flex;
-    flex-direction: column;
-    gap: 8px;
-  }
-  .stat-tile-accent {
-    background: var(--klein-gradient);
-    border-color: transparent;
-    color: var(--text-on-klein);
-    box-shadow: var(--klein-glow-soft);
-  }
-  .stat-label {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    gap: 8px;
-    font-size: var(--fs-small);
-    color: var(--text-secondary);
-    font-weight: var(--weight-medium);
-  }
-  .stat-tile-accent .stat-label { color: rgba(255, 255, 255, .85); }
-  .stat-value {
-    font-size: var(--fs-h2);
-    font-weight: var(--weight-semibold);
-    line-height: var(--lh-tight);
-    letter-spacing: var(--tracking-tight);
-    word-break: break-all;
-  }
-  .stat-delta {
-    font-size: var(--fs-small);
-    color: var(--text-tertiary);
-  }
-  .stat-tile-accent .stat-delta { color: rgba(255, 255, 255, .85); }
-}
-
-/* -------------------------------------------------------------
-   8. List rows / data tables
-   ----------------------------------------------------------- */
-@layer components {
-  .data-table {
-    width: 100%;
-    border-collapse: separate;
-    border-spacing: 0;
-    font-size: var(--fs-body);
-  }
-  .data-table thead th {
-    text-align: left;
-    padding: 10px var(--space-5);
-    font-size: var(--fs-small);
-    font-weight: var(--weight-medium);
-    color: var(--text-secondary);
-    background: var(--surface-2);
-    border-bottom: 1px solid var(--border-default);
-    white-space: nowrap;
-  }
-  .data-table thead th:first-child { border-top-left-radius: var(--radius-lg); }
-  .data-table thead th:last-child  { border-top-right-radius: var(--radius-lg); text-align: right; }
-  .data-table tbody td {
-    padding: 14px var(--space-5);
-    border-bottom: 1px solid var(--border-subtle);
-    color: var(--text-primary);
-    vertical-align: middle;
-  }
-  .data-table tbody td:last-child { text-align: right; }
-  .data-table tbody tr:last-child td { border-bottom: none; }
-  .data-table tbody tr:hover td { background: var(--surface-2); }
-
-  .list-row {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    gap: var(--space-4);
-    padding: var(--space-4) var(--space-5);
-    border-bottom: 1px solid var(--border-subtle);
-  }
-  .list-row:last-child { border-bottom: none; }
-}
-
-/* -------------------------------------------------------------
-   9. Empty state / Skeleton
-   ----------------------------------------------------------- */
-@layer components {
-  .empty-state {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    justify-content: center;
-    text-align: center;
-    gap: var(--space-3);
-    padding: var(--space-12) var(--space-5);
-    color: var(--text-tertiary);
-  }
-  .empty-state-icon {
-    display: grid;
-    place-items: center;
-    width: 56px;
-    height: 56px;
-    border-radius: var(--radius-pill);
-    background: var(--klein-gradient-soft);
-    color: var(--klein-500);
-    margin-bottom: 4px;
-  }
-  .empty-state-title {
-    font-size: var(--fs-h4);
-    font-weight: var(--weight-semibold);
-    color: var(--text-primary);
-  }
-  .empty-state-desc {
-    font-size: var(--fs-small);
-    line-height: var(--lh-loose);
-    max-width: 32rem;
-  }
-
-  .skeleton {
-    background: linear-gradient(
-      90deg,
-      rgba(0, 47, 167, .06) 0%,
-      rgba(30, 61, 255, .14) 50%,
-      rgba(0, 47, 167, .06) 100%
-    );
-    background-size: 200% 100%;
-    animation: klein-shimmer 1.6s linear infinite;
-    border-radius: var(--radius-md);
-  }
-  .skeleton-text {
-    height: 12px;
-    border-radius: var(--radius-pill);
-  }
-}
-
-/* -------------------------------------------------------------
-   10. Misc · Divider / Dialog Surface / Tabs
-   ----------------------------------------------------------- */
-@layer components {
-  .divider {
-    height: 1px;
-    background: var(--border-default);
-    border: 0;
-  }
-  .divider-vertical {
-    width: 1px;
-    align-self: stretch;
-    background: var(--border-default);
-  }
-
-  .dialog-surface {
-    background: var(--surface-1);
-    border: 1px solid var(--border-default);
-    border-radius: var(--radius-lg);
-    box-shadow: var(--shadow-4);
-  }
-
-  .modal-backdrop {
-    position: fixed;
-    inset: 0;
-    z-index: 1000;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    padding: 24px;
-    background: rgba(15, 23, 42, .42);
-    backdrop-filter: blur(8px);
-  }
-
-  .modal-panel {
-    width: min(100%, 640px);
-    max-height: min(86vh, 760px);
-    overflow: hidden;
-    display: flex;
-    flex-direction: column;
-    background: var(--surface-1);
-    border: 1px solid var(--border-default);
-    border-radius: var(--radius-lg);
-    box-shadow: var(--shadow-4);
-  }
-
-  .modal-header {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    gap: 16px;
-    padding: 18px 20px 12px;
-    border-bottom: 1px solid var(--border-subtle);
-  }
-  .modal-header h2 {
-    margin: 0;
-    font-size: var(--fs-h4);
-    line-height: var(--lh-snug);
-    font-weight: var(--weight-medium);
-    color: var(--text-primary);
-  }
-
-  .modal-body {
-    padding: 16px 20px;
-    overflow: auto;
-  }
-
-  .modal-footer {
-    display: flex;
-    align-items: center;
-    justify-content: flex-end;
-    gap: 10px;
-    padding: 12px 20px 18px;
-    border-top: 1px solid var(--border-subtle);
-    background: var(--surface-1);
-  }
-
-  .tabs {
-    display: inline-grid;
-    grid-auto-flow: column;
-    gap: 2px;
-    padding: 4px;
-    background: var(--surface-2);
-    border-radius: var(--radius-md);
-  }
-  .tab {
-    display: inline-flex;
-    align-items: center;
-    justify-content: center;
-    gap: 6px;
-    height: var(--ctl-h-md);
-    padding-inline: var(--ctl-px-md);
-    font-size: var(--fs-small);
-    font-weight: var(--weight-medium);
-    color: var(--text-tertiary);
-    border-radius: calc(var(--radius-md) - 2px);
-    cursor: pointer;
-    transition: background var(--duration-base) var(--ease-out),
-                color var(--duration-base) var(--ease-out);
-    border: none;
-    background: transparent;
-  }
-  .tab:hover { color: var(--text-secondary); }
-  .tab[aria-selected='true'] {
-    background: var(--surface-1);
-    color: var(--text-primary);
-    box-shadow: var(--shadow-1);
-  }
-
-  /* Progress */
-  .progress {
-    width: 100%;
-    height: 6px;
-    border-radius: var(--radius-pill);
-    overflow: hidden;
-    background: var(--border-default);
-  }
-  .progress-bar {
-    height: 100%;
-    background: var(--klein-gradient);
-    transition: width var(--duration-slow) var(--ease-out);
-  }
-}
diff --git a/frontend/packages/theme/src/index.ts b/frontend/packages/theme/src/index.ts
deleted file mode 100644
index af4f05d1..00000000
--- a/frontend/packages/theme/src/index.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-export { default as kleinPreset } from './tailwind.preset';
-
-export const KLEIN_TOKENS = {
-  primary: 'var(--klein-600)',
-  primaryGradient: 'var(--klein-gradient)',
-  glow: 'var(--klein-glow)',
-} as const;
-
-export type ThemeMode = 'light' | 'dark' | 'system';
-
-export function applyThemeMode(mode: ThemeMode) {
-  const root = document.documentElement;
-  if (mode === 'system') {
-    const dark = window.matchMedia('(prefers-color-scheme: dark)').matches;
-    root.dataset.theme = dark ? 'dark' : 'light';
-    return;
-  }
-  root.dataset.theme = mode;
-}
diff --git a/frontend/packages/theme/src/tailwind.preset.ts b/frontend/packages/theme/src/tailwind.preset.ts
deleted file mode 100644
index bdc82e60..00000000
--- a/frontend/packages/theme/src/tailwind.preset.ts
+++ /dev/null
@@ -1,191 +0,0 @@
-/**
- * gpt2api · Tailwind v3 preset
- *
- * 使用方式（apps/* tailwind.config.ts）：
- *   import kleinPreset from '@kleinai/theme/preset';
- *   export default { presets: [kleinPreset], content: [...] };
- */
-import type { Config } from 'tailwindcss';
-
-const preset: Partial<Config> = {
-  darkMode: ['class', '[data-theme="dark"]'],
-  theme: {
-    container: {
-      center: true,
-      padding: {
-        DEFAULT: '1rem',
-        sm: '1.25rem',
-        lg: '2rem',
-        xl: '2.5rem',
-        '2xl': '3rem',
-      },
-      screens: {
-        sm: '640px',
-        md: '768px',
-        lg: '1024px',
-        xl: '1280px',
-        '2xl': '1536px',
-      },
-    },
-    screens: {
-      xs: '480px',
-      sm: '640px',
-      md: '768px',
-      lg: '1024px',
-      xl: '1280px',
-      '2xl': '1536px',
-      '3xl': '1920px',
-      '4xl': '2560px',
-    },
-    extend: {
-      fontFamily: {
-        sans: 'var(--font-sans)',
-        mono: 'var(--font-mono)',
-      },
-      colors: {
-        klein: {
-          50: 'var(--klein-50)',
-          100: 'var(--klein-100)',
-          200: 'var(--klein-200)',
-          300: 'var(--klein-300)',
-          400: 'var(--klein-400)',
-          500: 'var(--klein-500)',
-          600: 'var(--klein-600)',
-          700: 'var(--klein-700)',
-          800: 'var(--klein-800)',
-          900: 'var(--klein-900)',
-          DEFAULT: 'var(--klein-600)',
-        },
-        ink: {
-          50: 'var(--ink-50)',
-          100: 'var(--ink-100)',
-          200: 'var(--ink-200)',
-          300: 'var(--ink-300)',
-          400: 'var(--ink-400)',
-          500: 'var(--ink-500)',
-          600: 'var(--ink-600)',
-          700: 'var(--ink-700)',
-          800: 'var(--ink-800)',
-          900: 'var(--ink-900)',
-        },
-        success: { DEFAULT: 'var(--success-500)', soft: 'var(--success-soft)' },
-        warning: { DEFAULT: 'var(--warning-500)', soft: 'var(--warning-soft)' },
-        danger:  { DEFAULT: 'var(--danger-500)',  soft: 'var(--danger-soft)' },
-        info:    { DEFAULT: 'var(--info-500)',    soft: 'var(--info-soft)' },
-        surface: {
-          bg: 'var(--surface-bg)',
-          1: 'var(--surface-1)',
-          2: 'var(--surface-2)',
-          3: 'var(--surface-3)',
-          overlay: 'var(--surface-overlay)',
-          glass: 'var(--surface-glass)',
-        },
-        text: {
-          primary: 'var(--text-primary)',
-          secondary: 'var(--text-secondary)',
-          tertiary: 'var(--text-tertiary)',
-          disabled: 'var(--text-disabled)',
-          'on-klein': 'var(--text-on-klein)',
-        },
-        border: {
-          DEFAULT: 'var(--border-default)',
-          strong: 'var(--border-strong)',
-          subtle: 'var(--border-subtle)',
-        },
-      },
-      borderColor: {
-        DEFAULT: 'var(--border-default)',
-      },
-      borderRadius: {
-        xs: 'var(--radius-xs)',
-        sm: 'var(--radius-sm)',
-        md: 'var(--radius-md)',
-        lg: 'var(--radius-lg)',
-        xl: 'var(--radius-xl)',
-        '2xl': 'var(--radius-2xl)',
-        pill: 'var(--radius-pill)',
-      },
-      boxShadow: {
-        1: 'var(--shadow-1)',
-        2: 'var(--shadow-2)',
-        3: 'var(--shadow-3)',
-        4: 'var(--shadow-4)',
-        inset: 'var(--shadow-inset)',
-        glow: 'var(--klein-glow)',
-        'glow-soft': 'var(--klein-glow-soft)',
-        'focus-ring': 'var(--focus-ring)',
-      },
-      backgroundImage: {
-        'klein-gradient': 'var(--klein-gradient)',
-        'klein-gradient-soft': 'var(--klein-gradient-soft)',
-      },
-      fontSize: {
-        display: ['var(--fs-display)', { lineHeight: 'var(--lh-tight)' }],
-        h1:      ['var(--fs-h1)',      { lineHeight: 'var(--lh-tight)' }],
-        h2:      ['var(--fs-h2)',      { lineHeight: 'var(--lh-snug)' }],
-        h3:      ['var(--fs-h3)',      { lineHeight: 'var(--lh-snug)' }],
-        h4:      ['var(--fs-h4)',      { lineHeight: 'var(--lh-snug)' }],
-        body:    ['var(--fs-body)',    { lineHeight: 'var(--lh-normal)' }],
-        small:   ['var(--fs-small)',   { lineHeight: 'var(--lh-normal)' }],
-        tiny:    ['var(--fs-tiny)',    { lineHeight: 'var(--lh-snug)' }],
-      },
-      fontWeight: {
-        regular:  'var(--weight-regular)',
-        medium:   'var(--weight-medium)',
-        semibold: 'var(--weight-semibold)',
-        bold:     'var(--weight-bold)',
-        extra:    'var(--weight-extra)',
-      },
-      letterSpacing: {
-        tighter: 'var(--tracking-tight)',
-        normal:  'var(--tracking-normal)',
-        wide:    'var(--tracking-wide)',
-        wider:   'var(--tracking-wider)',
-      },
-      spacing: {
-        '0.5': 'var(--space-0_5)',
-        '1':   'var(--space-1)',
-        '1.5': 'var(--space-1_5)',
-        '2':   'var(--space-2)',
-        '2.5': 'var(--space-2_5)',
-        '3':   'var(--space-3)',
-        '3.5': 'var(--space-3_5)',
-        '4':   'var(--space-4)',
-        '5':   'var(--space-5)',
-        '6':   'var(--space-6)',
-        '7':   'var(--space-7)',
-        '8':   'var(--space-8)',
-        '10':  'var(--space-10)',
-        '12':  'var(--space-12)',
-        '16':  'var(--space-16)',
-        '20':  'var(--space-20)',
-      },
-      transitionTimingFunction: {
-        klein: 'var(--ease-in-out)',
-        'klein-out': 'var(--ease-out)',
-        'klein-spring': 'var(--ease-spring)',
-      },
-      transitionDuration: {
-        fast: 'var(--duration-fast)',
-        base: 'var(--duration-base)',
-        slow: 'var(--duration-slow)',
-      },
-      keyframes: {
-        'klein-fade-in': {
-          from: { opacity: '0', transform: 'translateY(8px)' },
-          to:   { opacity: '1', transform: 'translateY(0)' },
-        },
-        'klein-shimmer': {
-          '0%':   { backgroundPosition: '-200% 0' },
-          '100%': { backgroundPosition: '200% 0' },
-        },
-      },
-      animation: {
-        'klein-fade-in': 'klein-fade-in .25s cubic-bezier(.4,0,.2,1) both',
-        'klein-shimmer': 'klein-shimmer 1.6s linear infinite',
-      },
-    },
-  },
-};
-
-export default preset;
diff --git a/frontend/packages/theme/src/tokens.css b/frontend/packages/theme/src/tokens.css
deleted file mode 100644
index acda237e..00000000
--- a/frontend/packages/theme/src/tokens.css
+++ /dev/null
@@ -1,245 +0,0 @@
-/* ===========================================================
-   gpt2api Design Tokens · 默认皮肤：Klein Blue (IKB)
-   规则：禁止硬编码颜色 / 间距 / 圆角，必须走 CSS 变量。
-   组件层在 components.css 实现；preset 把以下变量暴露给 Tailwind。
-   =========================================================== */
-
-:root {
-  /* ====== 主色：克莱因蓝（IKB） ====== */
-  --klein-50:  #E5ECFF;
-  --klein-100: #C6D2FF;
-  --klein-200: #93A6FF;
-  --klein-300: #607AFF;
-  --klein-400: #3D5BFF;
-  --klein-500: #1E3DFF;       /* 高光 */
-  --klein-600: #002FA7;       /* IKB 主色 */
-  --klein-700: #002388;
-  --klein-800: #001A66;
-  --klein-900: #000F40;
-
-  --klein-glow:      0 0 24px rgba(30, 61, 255, .55), 0 0 60px rgba(0, 47, 167, .35);
-  --klein-glow-soft: 0 8px 24px rgba(0, 47, 167, .18);
-  --klein-gradient:      linear-gradient(135deg, #002FA7 0%, #1E3DFF 100%);
-  --klein-gradient-soft: linear-gradient(135deg, rgba(0,47,167,.12) 0%, rgba(30,61,255,.10) 100%);
-
-  /* ====== 中性 ink ====== */
-  --ink-50:  #F7F8FB;
-  --ink-100: #EEF1F6;
-  --ink-200: #DDE2EC;
-  --ink-300: #BBC2D0;
-  --ink-400: #8A93A6;
-  --ink-500: #5D667B;
-  --ink-600: #404A60;
-  --ink-700: #2A3346;
-  --ink-800: #1A2236;
-  --ink-900: #0B1226;
-
-  /* ====== 状态色（含 soft 背景） ====== */
-  --success-500: #16A34A;
-  --success-600: #15803D;
-  --success-soft: rgba(22, 163, 74, .12);
-  --warning-500: #D97706;
-  --warning-600: #B45309;
-  --warning-soft: rgba(217, 119, 6, .12);
-  --danger-500:  #DC2626;
-  --danger-600:  #B91C1C;
-  --danger-soft: rgba(220, 38, 38, .12);
-  --info-500:    var(--klein-500);
-  --info-soft:   rgba(30, 61, 255, .10);
-
-  /* ====== 圆角 ====== */
-  --radius-xs:   4px;
-  --radius-sm:   8px;
-  --radius-md:  12px;
-  --radius-lg:  16px;
-  --radius-xl:  24px;
-  --radius-2xl: 32px;
-  --radius-pill: 999px;
-
-  /* ====== 阴影（5 段） ====== */
-  --shadow-1: 0 1px 2px rgba(11, 18, 38, .05), 0 1px 1px rgba(11, 18, 38, .04);
-  --shadow-2: 0 4px 12px rgba(11, 18, 38, .08), 0 1px 2px rgba(11, 18, 38, .04);
-  --shadow-3: 0 12px 32px rgba(11, 18, 38, .12), 0 2px 6px rgba(11, 18, 38, .06);
-  --shadow-4: 0 24px 64px rgba(11, 18, 38, .18), 0 4px 12px rgba(11, 18, 38, .08);
-  --shadow-inset: inset 0 1px 2px rgba(11, 18, 38, .06);
-
-  /* ====== 间距（4pt 基线） ====== */
-  --space-0_5:  2px;
-  --space-1:    4px;
-  --space-1_5:  6px;
-  --space-2:    8px;
-  --space-2_5: 10px;
-  --space-3:   12px;
-  --space-3_5: 14px;
-  --space-4:   16px;
-  --space-5:   20px;
-  --space-6:   24px;
-  --space-7:   28px;
-  --space-8:   32px;
-  --space-10:  40px;
-  --space-12:  48px;
-  --space-16:  64px;
-  --space-20:  80px;
-
-  /* ====== 字号（fluid clamp，多端自适应） ======
-     落地原则：
-       - display 仅用于落地页 / 状态页大字
-       - h1..h4 用于页头 / section 标题 / 卡片标题
-       - body 默认正文；small 二级文本；tiny 12px 标签
-   */
-  --fs-display: clamp(1.875rem, 1.3rem + 2.0vw, 2.75rem); /* 30–44 */
-  --fs-h1:      clamp(1.375rem, 1.15rem + 0.9vw, 1.625rem);/* 22–26 */
-  --fs-h2:      clamp(1.1875rem, 1.05rem + 0.6vw, 1.375rem);/* 19–22 */
-  --fs-h3:      clamp(1.0625rem, 1rem + 0.3vw, 1.1875rem);/* 17–19 */
-  --fs-h4:      0.9375rem;                                /* 15 */
-  --fs-body:    0.9375rem;                                /* 15 */
-  --fs-small:   0.8125rem;                                /* 13 */
-  --fs-tiny:    0.6875rem;                                /* 11 */
-
-  --lh-tight:  1.15;
-  --lh-snug:   1.3;
-  --lh-normal: 1.55;
-  --lh-loose:  1.75;
-
-  --tracking-tight:   -0.02em;
-  --tracking-normal:  0;
-  --tracking-wide:    0.02em;
-  --tracking-wider:   0.06em;
-
-  --weight-regular: 400;
-  --weight-medium:  500;
-  --weight-semibold:600;
-  --weight-bold:    700;
-  --weight-extra:   800;
-
-  /* ====== 字体族 ====== */
-  --font-sans:
-    'Inter', 'PingFang SC', 'Microsoft YaHei', 'Helvetica Neue',
-    Arial, system-ui, -apple-system, BlinkMacSystemFont, sans-serif;
-  --font-mono:
-    'JetBrains Mono', 'SFMono-Regular', Menlo, Consolas, monospace;
-
-  /* ====== 控件尺寸（统一节奏） ====== */
-  --ctl-h-xs: 24px;
-  --ctl-h-sm: 32px;
-  --ctl-h-md: 36px;
-  --ctl-h-lg: 40px;
-  --ctl-h-xl: 44px;            /* 移动端最小可点区 */
-  --ctl-px-sm: 10px;
-  --ctl-px-md: 14px;
-  --ctl-px-lg: 18px;
-  --ctl-px-xl: 22px;
-  --ctl-gap:    8px;
-  --ctl-radius: var(--radius-sm);
-
-  /* ====== 表面 / 文字（浅色默认） ====== */
-  --surface-bg: #F4F6FB;
-  --surface-1:  #FFFFFF;
-  --surface-2:  #EEF1F8;
-  --surface-3:  #E1E6F1;
-  --surface-overlay: rgba(11, 18, 38, .55);
-  --surface-glass:   rgba(255, 255, 255, .72);
-
-  --text-primary:   var(--ink-900);
-  --text-secondary: var(--ink-600);
-  --text-tertiary:  var(--ink-400);
-  --text-on-klein:  #FFFFFF;
-  --text-disabled:  var(--ink-300);
-
-  --border-default: var(--ink-200);
-  --border-strong:  var(--ink-300);
-  --border-subtle:  var(--ink-100);
-
-  --link:       var(--klein-600);
-  --link-hover: var(--klein-500);
-
-  --focus-ring:        0 0 0 3px rgba(30, 61, 255, .35);
-  --focus-ring-danger: 0 0 0 3px rgba(220, 38, 38, .30);
-
-  /* ====== 动效曲线 / 时长 ====== */
-  --ease-out:       cubic-bezier(.22, 1, .36, 1);
-  --ease-in-out:    cubic-bezier(.4, 0, .2, 1);
-  --ease-spring:    cubic-bezier(.34, 1.56, .64, 1);
-  --duration-fast: 120ms;
-  --duration-base: 200ms;
-  --duration-slow: 320ms;
-}
-
-/* ====== 深色（创作页默认走暗模式） ====== */
-[data-theme='dark'] {
-  --surface-bg: #060A1A;
-  --surface-1:  #0C1428;
-  --surface-2:  #131D38;
-  --surface-3:  #1B2647;
-  --surface-glass:   rgba(11, 18, 38, .60);
-  --surface-overlay: rgba(0, 0, 0, .60);
-
-  --text-primary:   #F4F6FB;
-  --text-secondary: #B8C0D6;
-  --text-tertiary:  #6B7591;
-  --text-on-klein:  #FFFFFF;
-  --text-disabled:  rgba(184, 192, 214, .35);
-
-  --border-default: rgba(255, 255, 255, .08);
-  --border-strong:  rgba(255, 255, 255, .18);
-  --border-subtle:  rgba(255, 255, 255, .04);
-
-  --link:       var(--klein-300);
-  --link-hover: var(--klein-200);
-
-  --shadow-1: 0 1px 2px rgba(0, 0, 0, .35);
-  --shadow-2: 0 4px 16px rgba(0, 0, 0, .45);
-  --shadow-3: 0 18px 48px rgba(0, 0, 0, .55);
-  --shadow-4: 0 32px 80px rgba(0, 0, 0, .65);
-  --shadow-inset: inset 0 1px 2px rgba(0, 0, 0, .35);
-
-  --success-soft: rgba(22, 163, 74, .18);
-  --warning-soft: rgba(217, 119, 6, .18);
-  --danger-soft:  rgba(220, 38, 38, .22);
-  --info-soft:    rgba(30, 61, 255, .18);
-}
-
-/* ====== 全局基础 ====== */
-html, body, #root { height: 100%; }
-
-html {
-  font-family: var(--font-sans);
-  font-size: 16px;
-  color-scheme: light dark;
-  -webkit-font-smoothing: antialiased;
-  -moz-osx-font-smoothing: grayscale;
-  text-rendering: optimizeLegibility;
-}
-
-body {
-  margin: 0;
-  background: var(--surface-bg);
-  color: var(--text-primary);
-  font-size: var(--fs-body);
-  line-height: var(--lh-normal);
-  letter-spacing: var(--tracking-normal);
-}
-
-* { box-sizing: border-box; }
-
-/* 安全区适配 */
-.safe-bottom { padding-bottom: max(var(--space-4), env(safe-area-inset-bottom)); }
-.safe-top    { padding-top:    max(var(--space-4), env(safe-area-inset-top)); }
-
-/* 滚动条 */
-::-webkit-scrollbar { width: 8px; height: 8px; }
-::-webkit-scrollbar-thumb { background: rgba(0, 47, 167, .25); border-radius: 999px; }
-::-webkit-scrollbar-thumb:hover { background: rgba(0, 47, 167, .45); }
-::-webkit-scrollbar-track { background: transparent; }
-
-::selection { background: var(--klein-500); color: #fff; }
-
-:focus-visible {
-  outline: none;
-  box-shadow: var(--focus-ring);
-}
-
-/* 响应式正文：在大屏适度放大 */
-@media (min-width: 1280px) {
-  :root { --fs-body: 1rem; }
-}
diff --git a/frontend/packages/theme/tsconfig.json b/frontend/packages/theme/tsconfig.json
deleted file mode 100644
index 564a5990..00000000
--- a/frontend/packages/theme/tsconfig.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "extends": "../../tsconfig.base.json",
-  "include": ["src"]
-}
diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml
deleted file mode 100644
index dfd1172a..00000000
--- a/frontend/pnpm-lock.yaml
+++ /dev/null
@@ -1,2677 +0,0 @@
-lockfileVersion: '9.0'
-
-settings:
-  autoInstallPeers: true
-  excludeLinksFromLockfile: false
-
-importers:
-
-  .:
-    devDependencies:
-      '@types/node':
-        specifier: ^20.14.10
-        version: 20.19.39
-      eslint:
-        specifier: ^9.10.0
-        version: 9.39.4(jiti@1.21.7)
-      prettier:
-        specifier: ^3.3.3
-        version: 3.8.3
-      typescript:
-        specifier: ^5.5.3
-        version: 5.9.3
-
-  apps/admin:
-    dependencies:
-      '@hookform/resolvers':
-        specifier: ^3.10.0
-        version: 3.10.0(react-hook-form@7.74.0(react@18.3.1))
-      '@kleinai/theme':
-        specifier: workspace:*
-        version: link:../../packages/theme
-      '@tanstack/react-query':
-        specifier: ^5.51.5
-        version: 5.100.5(react@18.3.1)
-      axios:
-        specifier: ^1.7.2
-        version: 1.15.2
-      clsx:
-        specifier: ^2.1.1
-        version: 2.1.1
-      lucide-react:
-        specifier: ^0.402.0
-        version: 0.402.0(react@18.3.1)
-      react:
-        specifier: ^18.3.1
-        version: 18.3.1
-      react-dom:
-        specifier: ^18.3.1
-        version: 18.3.1(react@18.3.1)
-      react-hook-form:
-        specifier: ^7.52.1
-        version: 7.74.0(react@18.3.1)
-      react-router-dom:
-        specifier: ^6.25.1
-        version: 6.30.3(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
-      zod:
-        specifier: ^3.23.8
-        version: 3.25.76
-      zustand:
-        specifier: ^4.5.4
-        version: 4.5.7(@types/react@18.3.28)(react@18.3.1)
-    devDependencies:
-      '@types/react':
-        specifier: ^18.3.3
-        version: 18.3.28
-      '@types/react-dom':
-        specifier: ^18.3.0
-        version: 18.3.7(@types/react@18.3.28)
-      '@vitejs/plugin-react':
-        specifier: ^4.3.1
-        version: 4.7.0(vite@5.4.21(@types/node@20.19.39))
-      autoprefixer:
-        specifier: ^10.4.19
-        version: 10.5.0(postcss@8.5.12)
-      postcss:
-        specifier: ^8.4.39
-        version: 8.5.12
-      tailwindcss:
-        specifier: ^3.4.10
-        version: 3.4.19
-      typescript:
-        specifier: ^5.5.3
-        version: 5.9.3
-      vite:
-        specifier: ^5.3.4
-        version: 5.4.21(@types/node@20.19.39)
-
-  apps/user:
-    dependencies:
-      '@hookform/resolvers':
-        specifier: ^3.9.0
-        version: 3.10.0(react-hook-form@7.74.0(react@18.3.1))
-      '@kleinai/theme':
-        specifier: workspace:*
-        version: link:../../packages/theme
-      '@tanstack/react-query':
-        specifier: ^5.51.5
-        version: 5.100.5(react@18.3.1)
-      axios:
-        specifier: ^1.7.2
-        version: 1.15.2
-      clsx:
-        specifier: ^2.1.1
-        version: 2.1.1
-      lucide-react:
-        specifier: ^0.402.0
-        version: 0.402.0(react@18.3.1)
-      react:
-        specifier: ^18.3.1
-        version: 18.3.1
-      react-dom:
-        specifier: ^18.3.1
-        version: 18.3.1(react@18.3.1)
-      react-hook-form:
-        specifier: ^7.52.1
-        version: 7.74.0(react@18.3.1)
-      react-router-dom:
-        specifier: ^6.25.1
-        version: 6.30.3(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
-      zod:
-        specifier: ^3.23.8
-        version: 3.25.76
-      zustand:
-        specifier: ^4.5.4
-        version: 4.5.7(@types/react@18.3.28)(react@18.3.1)
-    devDependencies:
-      '@types/react':
-        specifier: ^18.3.3
-        version: 18.3.28
-      '@types/react-dom':
-        specifier: ^18.3.0
-        version: 18.3.7(@types/react@18.3.28)
-      '@vitejs/plugin-react':
-        specifier: ^4.3.1
-        version: 4.7.0(vite@5.4.21(@types/node@20.19.39))
-      autoprefixer:
-        specifier: ^10.4.19
-        version: 10.5.0(postcss@8.5.12)
-      postcss:
-        specifier: ^8.4.39
-        version: 8.5.12
-      tailwindcss:
-        specifier: ^3.4.10
-        version: 3.4.19
-      typescript:
-        specifier: ^5.5.3
-        version: 5.9.3
-      vite:
-        specifier: ^5.3.4
-        version: 5.4.21(@types/node@20.19.39)
-
-  packages/theme:
-    devDependencies:
-      tailwindcss:
-        specifier: ^3.4.10
-        version: 3.4.19
-      typescript:
-        specifier: ^5.5.3
-        version: 5.9.3
-
-packages:
-
-  '@alloc/quick-lru@5.2.0':
-    resolution: {integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==}
-    engines: {node: '>=10'}
-
-  '@babel/code-frame@7.29.0':
-    resolution: {integrity: sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/compat-data@7.29.0':
-    resolution: {integrity: sha512-T1NCJqT/j9+cn8fvkt7jtwbLBfLC/1y1c7NtCeXFRgzGTsafi68MRv8yzkYSapBnFA6L3U2VSc02ciDzoAJhJg==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/core@7.29.0':
-    resolution: {integrity: sha512-CGOfOJqWjg2qW/Mb6zNsDm+u5vFQ8DxXfbM09z69p5Z6+mE1ikP2jUXw+j42Pf1XTYED2Rni5f95npYeuwMDQA==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/generator@7.29.1':
-    resolution: {integrity: sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/helper-compilation-targets@7.28.6':
-    resolution: {integrity: sha512-JYtls3hqi15fcx5GaSNL7SCTJ2MNmjrkHXg4FSpOA/grxK8KwyZ5bubHsCq8FXCkua6xhuaaBit+3b7+VZRfcA==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/helper-globals@7.28.0':
-    resolution: {integrity: sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/helper-module-imports@7.28.6':
-    resolution: {integrity: sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/helper-module-transforms@7.28.6':
-    resolution: {integrity: sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==}
-    engines: {node: '>=6.9.0'}
-    peerDependencies:
-      '@babel/core': ^7.0.0
-
-  '@babel/helper-plugin-utils@7.28.6':
-    resolution: {integrity: sha512-S9gzZ/bz83GRysI7gAD4wPT/AI3uCnY+9xn+Mx/KPs2JwHJIz1W8PZkg2cqyt3RNOBM8ejcXhV6y8Og7ly/Dug==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/helper-string-parser@7.27.1':
-    resolution: {integrity: sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/helper-validator-identifier@7.28.5':
-    resolution: {integrity: sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/helper-validator-option@7.27.1':
-    resolution: {integrity: sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/helpers@7.29.2':
-    resolution: {integrity: sha512-HoGuUs4sCZNezVEKdVcwqmZN8GoHirLUcLaYVNBK2J0DadGtdcqgr3BCbvH8+XUo4NGjNl3VOtSjEKNzqfFgKw==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/parser@7.29.2':
-    resolution: {integrity: sha512-4GgRzy/+fsBa72/RZVJmGKPmZu9Byn8o4MoLpmNe1m8ZfYnz5emHLQz3U4gLud6Zwl0RZIcgiLD7Uq7ySFuDLA==}
-    engines: {node: '>=6.0.0'}
-    hasBin: true
-
-  '@babel/plugin-transform-react-jsx-self@7.27.1':
-    resolution: {integrity: sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw==}
-    engines: {node: '>=6.9.0'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
-  '@babel/plugin-transform-react-jsx-source@7.27.1':
-    resolution: {integrity: sha512-zbwoTsBruTeKB9hSq73ha66iFeJHuaFkUbwvqElnygoNbj/jHRsSeokowZFN3CZ64IvEqcmmkVe89OPXc7ldAw==}
-    engines: {node: '>=6.9.0'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
-  '@babel/template@7.28.6':
-    resolution: {integrity: sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/traverse@7.29.0':
-    resolution: {integrity: sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==}
-    engines: {node: '>=6.9.0'}
-
-  '@babel/types@7.29.0':
-    resolution: {integrity: sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==}
-    engines: {node: '>=6.9.0'}
-
-  '@esbuild/aix-ppc64@0.21.5':
-    resolution: {integrity: sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==}
-    engines: {node: '>=12'}
-    cpu: [ppc64]
-    os: [aix]
-
-  '@esbuild/android-arm64@0.21.5':
-    resolution: {integrity: sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [android]
-
-  '@esbuild/android-arm@0.21.5':
-    resolution: {integrity: sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==}
-    engines: {node: '>=12'}
-    cpu: [arm]
-    os: [android]
-
-  '@esbuild/android-x64@0.21.5':
-    resolution: {integrity: sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [android]
-
-  '@esbuild/darwin-arm64@0.21.5':
-    resolution: {integrity: sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [darwin]
-
-  '@esbuild/darwin-x64@0.21.5':
-    resolution: {integrity: sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [darwin]
-
-  '@esbuild/freebsd-arm64@0.21.5':
-    resolution: {integrity: sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [freebsd]
-
-  '@esbuild/freebsd-x64@0.21.5':
-    resolution: {integrity: sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [freebsd]
-
-  '@esbuild/linux-arm64@0.21.5':
-    resolution: {integrity: sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [linux]
-
-  '@esbuild/linux-arm@0.21.5':
-    resolution: {integrity: sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==}
-    engines: {node: '>=12'}
-    cpu: [arm]
-    os: [linux]
-
-  '@esbuild/linux-ia32@0.21.5':
-    resolution: {integrity: sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==}
-    engines: {node: '>=12'}
-    cpu: [ia32]
-    os: [linux]
-
-  '@esbuild/linux-loong64@0.21.5':
-    resolution: {integrity: sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==}
-    engines: {node: '>=12'}
-    cpu: [loong64]
-    os: [linux]
-
-  '@esbuild/linux-mips64el@0.21.5':
-    resolution: {integrity: sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==}
-    engines: {node: '>=12'}
-    cpu: [mips64el]
-    os: [linux]
-
-  '@esbuild/linux-ppc64@0.21.5':
-    resolution: {integrity: sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==}
-    engines: {node: '>=12'}
-    cpu: [ppc64]
-    os: [linux]
-
-  '@esbuild/linux-riscv64@0.21.5':
-    resolution: {integrity: sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==}
-    engines: {node: '>=12'}
-    cpu: [riscv64]
-    os: [linux]
-
-  '@esbuild/linux-s390x@0.21.5':
-    resolution: {integrity: sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==}
-    engines: {node: '>=12'}
-    cpu: [s390x]
-    os: [linux]
-
-  '@esbuild/linux-x64@0.21.5':
-    resolution: {integrity: sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [linux]
-
-  '@esbuild/netbsd-x64@0.21.5':
-    resolution: {integrity: sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [netbsd]
-
-  '@esbuild/openbsd-x64@0.21.5':
-    resolution: {integrity: sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [openbsd]
-
-  '@esbuild/sunos-x64@0.21.5':
-    resolution: {integrity: sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [sunos]
-
-  '@esbuild/win32-arm64@0.21.5':
-    resolution: {integrity: sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [win32]
-
-  '@esbuild/win32-ia32@0.21.5':
-    resolution: {integrity: sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==}
-    engines: {node: '>=12'}
-    cpu: [ia32]
-    os: [win32]
-
-  '@esbuild/win32-x64@0.21.5':
-    resolution: {integrity: sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [win32]
-
-  '@eslint-community/eslint-utils@4.9.1':
-    resolution: {integrity: sha512-phrYmNiYppR7znFEdqgfWHXR6NCkZEK7hwWDHZUjit/2/U0r6XvkDl0SYnoM51Hq7FhCGdLDT6zxCCOY1hexsQ==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-    peerDependencies:
-      eslint: ^6.0.0 || ^7.0.0 || >=8.0.0
-
-  '@eslint-community/regexpp@4.12.2':
-    resolution: {integrity: sha512-EriSTlt5OC9/7SXkRSCAhfSxxoSUgBm33OH+IkwbdpgoqsSsUg7y3uh+IICI/Qg4BBWr3U2i39RpmycbxMq4ew==}
-    engines: {node: ^12.0.0 || ^14.0.0 || >=16.0.0}
-
-  '@eslint/config-array@0.21.2':
-    resolution: {integrity: sha512-nJl2KGTlrf9GjLimgIru+V/mzgSK0ABCDQRvxw5BjURL7WfH5uoWmizbH7QB6MmnMBd8cIC9uceWnezL1VZWWw==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  '@eslint/config-helpers@0.4.2':
-    resolution: {integrity: sha512-gBrxN88gOIf3R7ja5K9slwNayVcZgK6SOUORm2uBzTeIEfeVaIhOpCtTox3P6R7o2jLFwLFTLnC7kU/RGcYEgw==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  '@eslint/core@0.17.0':
-    resolution: {integrity: sha512-yL/sLrpmtDaFEiUj1osRP4TI2MDz1AddJL+jZ7KSqvBuliN4xqYY54IfdN8qD8Toa6g1iloph1fxQNkjOxrrpQ==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  '@eslint/eslintrc@3.3.5':
-    resolution: {integrity: sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  '@eslint/js@9.39.4':
-    resolution: {integrity: sha512-nE7DEIchvtiFTwBw4Lfbu59PG+kCofhjsKaCWzxTpt4lfRjRMqG6uMBzKXuEcyXhOHoUp9riAm7/aWYGhXZ9cw==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  '@eslint/object-schema@2.1.7':
-    resolution: {integrity: sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  '@eslint/plugin-kit@0.4.1':
-    resolution: {integrity: sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  '@hookform/resolvers@3.10.0':
-    resolution: {integrity: sha512-79Dv+3mDF7i+2ajj7SkypSKHhl1cbln1OGavqrsF7p6mbUv11xpqpacPsGDCTRvCSjEEIez2ef1NveSVL3b0Ag==}
-    peerDependencies:
-      react-hook-form: ^7.0.0
-
-  '@humanfs/core@0.19.2':
-    resolution: {integrity: sha512-UhXNm+CFMWcbChXywFwkmhqjs3PRCmcSa/hfBgLIb7oQ5HNb1wS0icWsGtSAUNgefHeI+eBrA8I1fxmbHsGdvA==}
-    engines: {node: '>=18.18.0'}
-
-  '@humanfs/node@0.16.8':
-    resolution: {integrity: sha512-gE1eQNZ3R++kTzFUpdGlpmy8kDZD/MLyHqDwqjkVQI0JMdI1D51sy1H958PNXYkM2rAac7e5/CnIKZrHtPh3BQ==}
-    engines: {node: '>=18.18.0'}
-
-  '@humanfs/types@0.15.0':
-    resolution: {integrity: sha512-ZZ1w0aoQkwuUuC7Yf+7sdeaNfqQiiLcSRbfI08oAxqLtpXQr9AIVX7Ay7HLDuiLYAaFPu8oBYNq/QIi9URHJ3Q==}
-    engines: {node: '>=18.18.0'}
-
-  '@humanwhocodes/module-importer@1.0.1':
-    resolution: {integrity: sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==}
-    engines: {node: '>=12.22'}
-
-  '@humanwhocodes/retry@0.4.3':
-    resolution: {integrity: sha512-bV0Tgo9K4hfPCek+aMAn81RppFKv2ySDQeMoSZuvTASywNTnVJCArCZE2FWqpvIatKu7VMRLWlR1EazvVhDyhQ==}
-    engines: {node: '>=18.18'}
-
-  '@jridgewell/gen-mapping@0.3.13':
-    resolution: {integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==}
-
-  '@jridgewell/remapping@2.3.5':
-    resolution: {integrity: sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==}
-
-  '@jridgewell/resolve-uri@3.1.2':
-    resolution: {integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==}
-    engines: {node: '>=6.0.0'}
-
-  '@jridgewell/sourcemap-codec@1.5.5':
-    resolution: {integrity: sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==}
-
-  '@jridgewell/trace-mapping@0.3.31':
-    resolution: {integrity: sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==}
-
-  '@nodelib/fs.scandir@2.1.5':
-    resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
-    engines: {node: '>= 8'}
-
-  '@nodelib/fs.stat@2.0.5':
-    resolution: {integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==}
-    engines: {node: '>= 8'}
-
-  '@nodelib/fs.walk@1.2.8':
-    resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==}
-    engines: {node: '>= 8'}
-
-  '@remix-run/router@1.23.2':
-    resolution: {integrity: sha512-Ic6m2U/rMjTkhERIa/0ZtXJP17QUi2CbWE7cqx4J58M8aA3QTfW+2UlQ4psvTX9IO1RfNVhK3pcpdjej7L+t2w==}
-    engines: {node: '>=14.0.0'}
-
-  '@rolldown/pluginutils@1.0.0-beta.27':
-    resolution: {integrity: sha512-+d0F4MKMCbeVUJwG96uQ4SgAznZNSq93I3V+9NHA4OpvqG8mRCpGdKmK8l/dl02h2CCDHwW2FqilnTyDcAnqjA==}
-
-  '@rollup/rollup-android-arm-eabi@4.60.2':
-    resolution: {integrity: sha512-dnlp69efPPg6Uaw2dVqzWRfAWRnYVb1XJ8CyyhIbZeaq4CA5/mLeZ1IEt9QqQxmbdvagjLIm2ZL8BxXv5lH4Yw==}
-    cpu: [arm]
-    os: [android]
-
-  '@rollup/rollup-android-arm64@4.60.2':
-    resolution: {integrity: sha512-OqZTwDRDchGRHHm/hwLOL7uVPB9aUvI0am/eQuWMNyFHf5PSEQmyEeYYheA0EPPKUO/l0uigCp+iaTjoLjVoHg==}
-    cpu: [arm64]
-    os: [android]
-
-  '@rollup/rollup-darwin-arm64@4.60.2':
-    resolution: {integrity: sha512-UwRE7CGpvSVEQS8gUMBe1uADWjNnVgP3Iusyda1nSRwNDCsRjnGc7w6El6WLQsXmZTbLZx9cecegumcitNfpmA==}
-    cpu: [arm64]
-    os: [darwin]
-
-  '@rollup/rollup-darwin-x64@4.60.2':
-    resolution: {integrity: sha512-gjEtURKLCC5VXm1I+2i1u9OhxFsKAQJKTVB8WvDAHF+oZlq0GTVFOlTlO1q3AlCTE/DF32c16ESvfgqR7343/g==}
-    cpu: [x64]
-    os: [darwin]
-
-  '@rollup/rollup-freebsd-arm64@4.60.2':
-    resolution: {integrity: sha512-Bcl6CYDeAgE70cqZaMojOi/eK63h5Me97ZqAQoh77VPjMysA/4ORQBRGo3rRy45x4MzVlU9uZxs8Uwy7ZaKnBw==}
-    cpu: [arm64]
-    os: [freebsd]
-
-  '@rollup/rollup-freebsd-x64@4.60.2':
-    resolution: {integrity: sha512-LU+TPda3mAE2QB0/Hp5VyeKJivpC6+tlOXd1VMoXV/YFMvk/MNk5iXeBfB4MQGRWyOYVJ01625vjkr0Az98OJQ==}
-    cpu: [x64]
-    os: [freebsd]
-
-  '@rollup/rollup-linux-arm-gnueabihf@4.60.2':
-    resolution: {integrity: sha512-2QxQrM+KQ7DAW4o22j+XZ6RKdxjLD7BOWTP0Bv0tmjdyhXSsr2Ul1oJDQqh9Zf5qOwTuTc7Ek83mOFaKnodPjg==}
-    cpu: [arm]
-    os: [linux]
-    libc: [glibc]
-
-  '@rollup/rollup-linux-arm-musleabihf@4.60.2':
-    resolution: {integrity: sha512-TbziEu2DVsTEOPif2mKWkMeDMLoYjx95oESa9fkQQK7r/Orta0gnkcDpzwufEcAO2BLBsD7mZkXGFqEdMRRwfw==}
-    cpu: [arm]
-    os: [linux]
-    libc: [musl]
-
-  '@rollup/rollup-linux-arm64-gnu@4.60.2':
-    resolution: {integrity: sha512-bO/rVDiDUuM2YfuCUwZ1t1cP+/yqjqz+Xf2VtkdppefuOFS2OSeAfgafaHNkFn0t02hEyXngZkxtGqXcXwO8Rg==}
-    cpu: [arm64]
-    os: [linux]
-    libc: [glibc]
-
-  '@rollup/rollup-linux-arm64-musl@4.60.2':
-    resolution: {integrity: sha512-hr26p7e93Rl0Za+JwW7EAnwAvKkehh12BU1Llm9Ykiibg4uIr2rbpxG9WCf56GuvidlTG9KiiQT/TXT1yAWxTA==}
-    cpu: [arm64]
-    os: [linux]
-    libc: [musl]
-
-  '@rollup/rollup-linux-loong64-gnu@4.60.2':
-    resolution: {integrity: sha512-pOjB/uSIyDt+ow3k/RcLvUAOGpysT2phDn7TTUB3n75SlIgZzM6NKAqlErPhoFU+npgY3/n+2HYIQVbF70P9/A==}
-    cpu: [loong64]
-    os: [linux]
-    libc: [glibc]
-
-  '@rollup/rollup-linux-loong64-musl@4.60.2':
-    resolution: {integrity: sha512-2/w+q8jszv9Ww1c+6uJT3OwqhdmGP2/4T17cu8WuwyUuuaCDDJ2ojdyYwZzCxx0GcsZBhzi3HmH+J5pZNXnd+Q==}
-    cpu: [loong64]
-    os: [linux]
-    libc: [musl]
-
-  '@rollup/rollup-linux-ppc64-gnu@4.60.2':
-    resolution: {integrity: sha512-11+aL5vKheYgczxtPVVRhdptAM2H7fcDR5Gw4/bTcteuZBlH4oP9f5s9zYO9aGZvoGeBpqXI/9TZZihZ609wKw==}
-    cpu: [ppc64]
-    os: [linux]
-    libc: [glibc]
-
-  '@rollup/rollup-linux-ppc64-musl@4.60.2':
-    resolution: {integrity: sha512-i16fokAGK46IVZuV8LIIwMdtqhin9hfYkCh8pf8iC3QU3LpwL+1FSFGej+O7l3E/AoknL6Dclh2oTdnRMpTzFQ==}
-    cpu: [ppc64]
-    os: [linux]
-    libc: [musl]
-
-  '@rollup/rollup-linux-riscv64-gnu@4.60.2':
-    resolution: {integrity: sha512-49FkKS6RGQoriDSK/6E2GkAsAuU5kETFCh7pG4yD/ylj9rKhTmO3elsnmBvRD4PgJPds5W2PkhC82aVwmUcJ7A==}
-    cpu: [riscv64]
-    os: [linux]
-    libc: [glibc]
-
-  '@rollup/rollup-linux-riscv64-musl@4.60.2':
-    resolution: {integrity: sha512-mjYNkHPfGpUR00DuM1ZZIgs64Hpf4bWcz9Z41+4Q+pgDx73UwWdAYyf6EG/lRFldmdHHzgrYyge5akFUW0D3mQ==}
-    cpu: [riscv64]
-    os: [linux]
-    libc: [musl]
-
-  '@rollup/rollup-linux-s390x-gnu@4.60.2':
-    resolution: {integrity: sha512-ALyvJz965BQk8E9Al/JDKKDLH2kfKFLTGMlgkAbbYtZuJt9LU8DW3ZoDMCtQpXAltZxwBHevXz5u+gf0yA0YoA==}
-    cpu: [s390x]
-    os: [linux]
-    libc: [glibc]
-
-  '@rollup/rollup-linux-x64-gnu@4.60.2':
-    resolution: {integrity: sha512-UQjrkIdWrKI626Du8lCQ6MJp/6V1LAo2bOK9OTu4mSn8GGXIkPXk/Vsp4bLHCd9Z9Iz2OTEaokUE90VweJgIYQ==}
-    cpu: [x64]
-    os: [linux]
-    libc: [glibc]
-
-  '@rollup/rollup-linux-x64-musl@4.60.2':
-    resolution: {integrity: sha512-bTsRGj6VlSdn/XD4CGyzMnzaBs9bsRxy79eTqTCBsA8TMIEky7qg48aPkvJvFe1HyzQ5oMZdg7AnVlWQSKLTnw==}
-    cpu: [x64]
-    os: [linux]
-    libc: [musl]
-
-  '@rollup/rollup-openbsd-x64@4.60.2':
-    resolution: {integrity: sha512-6d4Z3534xitaA1FcMWP7mQPq5zGwBmGbhphh2DwaA1aNIXUu3KTOfwrWpbwI4/Gr0uANo7NTtaykFyO2hPuFLg==}
-    cpu: [x64]
-    os: [openbsd]
-
-  '@rollup/rollup-openharmony-arm64@4.60.2':
-    resolution: {integrity: sha512-NetAg5iO2uN7eB8zE5qrZ3CSil+7IJt4WDFLcC75Ymywq1VZVD6qJ6EvNLjZ3rEm6gB7XW5JdT60c6MN35Z85Q==}
-    cpu: [arm64]
-    os: [openharmony]
-
-  '@rollup/rollup-win32-arm64-msvc@4.60.2':
-    resolution: {integrity: sha512-NCYhOotpgWZ5kdxCZsv6Iudx0wX8980Q/oW4pNFNihpBKsDbEA1zpkfxJGC0yugsUuyDZ7gL37dbzwhR0VI7pQ==}
-    cpu: [arm64]
-    os: [win32]
-
-  '@rollup/rollup-win32-ia32-msvc@4.60.2':
-    resolution: {integrity: sha512-RXsaOqXxfoUBQoOgvmmijVxJnW2IGB0eoMO7F8FAjaj0UTywUO/luSqimWBJn04WNgUkeNhh7fs7pESXajWmkg==}
-    cpu: [ia32]
-    os: [win32]
-
-  '@rollup/rollup-win32-x64-gnu@4.60.2':
-    resolution: {integrity: sha512-qdAzEULD+/hzObedtmV6iBpdL5TIbKVztGiK7O3/KYSf+HIzU257+MX1EXJcyIiDbMAqmbwaufcYPvyRryeZtA==}
-    cpu: [x64]
-    os: [win32]
-
-  '@rollup/rollup-win32-x64-msvc@4.60.2':
-    resolution: {integrity: sha512-Nd/SgG27WoA9e+/TdK74KnHz852TLa94ovOYySo/yMPuTmpckK/jIF2jSwS3g7ELSKXK13/cVdmg1Z/DaCWKxA==}
-    cpu: [x64]
-    os: [win32]
-
-  '@tanstack/query-core@5.100.5':
-    resolution: {integrity: sha512-t20KrhKkf0HXzqQkPbJ5erhFesup68BAbwFgYmTrS7bxMF7O5MdmL8jUkik4thsG7Hg00fblz30h6yF1d5TxGg==}
-
-  '@tanstack/react-query@5.100.5':
-    resolution: {integrity: sha512-aNwj1mi2v2bQ9IxkyR1grLOUkv3BYWoykHy9KDyLNbjC3tsahbOHJibK+Wjtr1wRhG59/AvJhiJG5OlthaCgJA==}
-    peerDependencies:
-      react: ^18 || ^19
-
-  '@types/babel__core@7.20.5':
-    resolution: {integrity: sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==}
-
-  '@types/babel__generator@7.27.0':
-    resolution: {integrity: sha512-ufFd2Xi92OAVPYsy+P4n7/U7e68fex0+Ee8gSG9KX7eo084CWiQ4sdxktvdl0bOPupXtVJPY19zk6EwWqUQ8lg==}
-
-  '@types/babel__template@7.4.4':
-    resolution: {integrity: sha512-h/NUaSyG5EyxBIp8YRxo4RMe2/qQgvyowRwVMzhYhBCONbW8PUsg4lkFMrhgZhUe5z3L3MiLDuvyJ/CaPa2A8A==}
-
-  '@types/babel__traverse@7.28.0':
-    resolution: {integrity: sha512-8PvcXf70gTDZBgt9ptxJ8elBeBjcLOAcOtoO/mPJjtji1+CdGbHgm77om1GrsPxsiE+uXIpNSK64UYaIwQXd4Q==}
-
-  '@types/estree@1.0.8':
-    resolution: {integrity: sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==}
-
-  '@types/json-schema@7.0.15':
-    resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==}
-
-  '@types/node@20.19.39':
-    resolution: {integrity: sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw==}
-
-  '@types/prop-types@15.7.15':
-    resolution: {integrity: sha512-F6bEyamV9jKGAFBEmlQnesRPGOQqS2+Uwi0Em15xenOxHaf2hv6L8YCVn3rPdPJOiJfPiCnLIRyvwVaqMY3MIw==}
-
-  '@types/react-dom@18.3.7':
-    resolution: {integrity: sha512-MEe3UeoENYVFXzoXEWsvcpg6ZvlrFNlOQ7EOsvhI3CfAXwzPfO8Qwuxd40nepsYKqyyVQnTdEfv68q91yLcKrQ==}
-    peerDependencies:
-      '@types/react': ^18.0.0
-
-  '@types/react@18.3.28':
-    resolution: {integrity: sha512-z9VXpC7MWrhfWipitjNdgCauoMLRdIILQsAEV+ZesIzBq/oUlxk0m3ApZuMFCXdnS4U7KrI+l3WRUEGQ8K1QKw==}
-
-  '@vitejs/plugin-react@4.7.0':
-    resolution: {integrity: sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA==}
-    engines: {node: ^14.18.0 || >=16.0.0}
-    peerDependencies:
-      vite: ^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0
-
-  acorn-jsx@5.3.2:
-    resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==}
-    peerDependencies:
-      acorn: ^6.0.0 || ^7.0.0 || ^8.0.0
-
-  acorn@8.16.0:
-    resolution: {integrity: sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==}
-    engines: {node: '>=0.4.0'}
-    hasBin: true
-
-  ajv@6.15.0:
-    resolution: {integrity: sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==}
-
-  ansi-styles@4.3.0:
-    resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==}
-    engines: {node: '>=8'}
-
-  any-promise@1.3.0:
-    resolution: {integrity: sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==}
-
-  anymatch@3.1.3:
-    resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==}
-    engines: {node: '>= 8'}
-
-  arg@5.0.2:
-    resolution: {integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==}
-
-  argparse@2.0.1:
-    resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==}
-
-  asynckit@0.4.0:
-    resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==}
-
-  autoprefixer@10.5.0:
-    resolution: {integrity: sha512-FMhOoZV4+qR6aTUALKX2rEqGG+oyATvwBt9IIzVR5rMa2HRWPkxf+P+PAJLD1I/H5/II+HuZcBJYEFBpq39ong==}
-    engines: {node: ^10 || ^12 || >=14}
-    hasBin: true
-    peerDependencies:
-      postcss: ^8.1.0
-
-  axios@1.15.2:
-    resolution: {integrity: sha512-wLrXxPtcrPTsNlJmKjkPnNPK2Ihe0hn0wGSaTEiHRPxwjvJwT3hKmXF4dpqxmPO9SoNb2FsYXj/xEo0gHN+D5A==}
-
-  balanced-match@1.0.2:
-    resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
-
-  baseline-browser-mapping@2.10.23:
-    resolution: {integrity: sha512-xwVXGqevyKPsiuQdLj+dZMVjidjJV508TBqexND5HrF89cGdCYCJFB3qhcxRHSeMctdCfbR1jrxBajhDy7o29g==}
-    engines: {node: '>=6.0.0'}
-    hasBin: true
-
-  binary-extensions@2.3.0:
-    resolution: {integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==}
-    engines: {node: '>=8'}
-
-  brace-expansion@1.1.14:
-    resolution: {integrity: sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==}
-
-  braces@3.0.3:
-    resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==}
-    engines: {node: '>=8'}
-
-  browserslist@4.28.2:
-    resolution: {integrity: sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==}
-    engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7}
-    hasBin: true
-
-  call-bind-apply-helpers@1.0.2:
-    resolution: {integrity: sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==}
-    engines: {node: '>= 0.4'}
-
-  callsites@3.1.0:
-    resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==}
-    engines: {node: '>=6'}
-
-  camelcase-css@2.0.1:
-    resolution: {integrity: sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==}
-    engines: {node: '>= 6'}
-
-  caniuse-lite@1.0.30001791:
-    resolution: {integrity: sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ==}
-
-  chalk@4.1.2:
-    resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==}
-    engines: {node: '>=10'}
-
-  chokidar@3.6.0:
-    resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==}
-    engines: {node: '>= 8.10.0'}
-
-  clsx@2.1.1:
-    resolution: {integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==}
-    engines: {node: '>=6'}
-
-  color-convert@2.0.1:
-    resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==}
-    engines: {node: '>=7.0.0'}
-
-  color-name@1.1.4:
-    resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==}
-
-  combined-stream@1.0.8:
-    resolution: {integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==}
-    engines: {node: '>= 0.8'}
-
-  commander@4.1.1:
-    resolution: {integrity: sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==}
-    engines: {node: '>= 6'}
-
-  concat-map@0.0.1:
-    resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
-
-  convert-source-map@2.0.0:
-    resolution: {integrity: sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==}
-
-  cross-spawn@7.0.6:
-    resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
-    engines: {node: '>= 8'}
-
-  cssesc@3.0.0:
-    resolution: {integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==}
-    engines: {node: '>=4'}
-    hasBin: true
-
-  csstype@3.2.3:
-    resolution: {integrity: sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==}
-
-  debug@4.4.3:
-    resolution: {integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==}
-    engines: {node: '>=6.0'}
-    peerDependencies:
-      supports-color: '*'
-    peerDependenciesMeta:
-      supports-color:
-        optional: true
-
-  deep-is@0.1.4:
-    resolution: {integrity: sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==}
-
-  delayed-stream@1.0.0:
-    resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==}
-    engines: {node: '>=0.4.0'}
-
-  didyoumean@1.2.2:
-    resolution: {integrity: sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==}
-
-  dlv@1.1.3:
-    resolution: {integrity: sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==}
-
-  dunder-proto@1.0.1:
-    resolution: {integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==}
-    engines: {node: '>= 0.4'}
-
-  electron-to-chromium@1.5.344:
-    resolution: {integrity: sha512-4MxfbmNDm+KPh066EZy+eUnkcDPcZ35wNmOWzFuh/ijvHsve6kbLTLURy88uCNK5FbpN+yk2nQY6BYh1GEt+wg==}
-
-  es-define-property@1.0.1:
-    resolution: {integrity: sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==}
-    engines: {node: '>= 0.4'}
-
-  es-errors@1.3.0:
-    resolution: {integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==}
-    engines: {node: '>= 0.4'}
-
-  es-object-atoms@1.1.1:
-    resolution: {integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==}
-    engines: {node: '>= 0.4'}
-
-  es-set-tostringtag@2.1.0:
-    resolution: {integrity: sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==}
-    engines: {node: '>= 0.4'}
-
-  esbuild@0.21.5:
-    resolution: {integrity: sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==}
-    engines: {node: '>=12'}
-    hasBin: true
-
-  escalade@3.2.0:
-    resolution: {integrity: sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==}
-    engines: {node: '>=6'}
-
-  escape-string-regexp@4.0.0:
-    resolution: {integrity: sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==}
-    engines: {node: '>=10'}
-
-  eslint-scope@8.4.0:
-    resolution: {integrity: sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  eslint-visitor-keys@3.4.3:
-    resolution: {integrity: sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-
-  eslint-visitor-keys@4.2.1:
-    resolution: {integrity: sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  eslint@9.39.4:
-    resolution: {integrity: sha512-XoMjdBOwe/esVgEvLmNsD3IRHkm7fbKIUGvrleloJXUZgDHig2IPWNniv+GwjyJXzuNqVjlr5+4yVUZjycJwfQ==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-    hasBin: true
-    peerDependencies:
-      jiti: '*'
-    peerDependenciesMeta:
-      jiti:
-        optional: true
-
-  espree@10.4.0:
-    resolution: {integrity: sha512-j6PAQ2uUr79PZhBjP5C5fhl8e39FmRnOjsD5lGnWrFU8i2G776tBK7+nP8KuQUTTyAZUwfQqXAgrVH5MbH9CYQ==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  esquery@1.7.0:
-    resolution: {integrity: sha512-Ap6G0WQwcU/LHsvLwON1fAQX9Zp0A2Y6Y/cJBl9r/JbW90Zyg4/zbG6zzKa2OTALELarYHmKu0GhpM5EO+7T0g==}
-    engines: {node: '>=0.10'}
-
-  esrecurse@4.3.0:
-    resolution: {integrity: sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==}
-    engines: {node: '>=4.0'}
-
-  estraverse@5.3.0:
-    resolution: {integrity: sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==}
-    engines: {node: '>=4.0'}
-
-  esutils@2.0.3:
-    resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==}
-    engines: {node: '>=0.10.0'}
-
-  fast-deep-equal@3.1.3:
-    resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}
-
-  fast-glob@3.3.3:
-    resolution: {integrity: sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==}
-    engines: {node: '>=8.6.0'}
-
-  fast-json-stable-stringify@2.1.0:
-    resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
-
-  fast-levenshtein@2.0.6:
-    resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==}
-
-  fastq@1.20.1:
-    resolution: {integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==}
-
-  fdir@6.5.0:
-    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
-    engines: {node: '>=12.0.0'}
-    peerDependencies:
-      picomatch: ^3 || ^4
-    peerDependenciesMeta:
-      picomatch:
-        optional: true
-
-  file-entry-cache@8.0.0:
-    resolution: {integrity: sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==}
-    engines: {node: '>=16.0.0'}
-
-  fill-range@7.1.1:
-    resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==}
-    engines: {node: '>=8'}
-
-  find-up@5.0.0:
-    resolution: {integrity: sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==}
-    engines: {node: '>=10'}
-
-  flat-cache@4.0.1:
-    resolution: {integrity: sha512-f7ccFPK3SXFHpx15UIGyRJ/FJQctuKZ0zVuN3frBo4HnK3cay9VEW0R6yPYFHC0AgqhukPzKjq22t5DmAyqGyw==}
-    engines: {node: '>=16'}
-
-  flatted@3.4.2:
-    resolution: {integrity: sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==}
-
-  follow-redirects@1.16.0:
-    resolution: {integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==}
-    engines: {node: '>=4.0'}
-    peerDependencies:
-      debug: '*'
-    peerDependenciesMeta:
-      debug:
-        optional: true
-
-  form-data@4.0.5:
-    resolution: {integrity: sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==}
-    engines: {node: '>= 6'}
-
-  fraction.js@5.3.4:
-    resolution: {integrity: sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ==}
-
-  fsevents@2.3.3:
-    resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==}
-    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
-    os: [darwin]
-
-  function-bind@1.1.2:
-    resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==}
-
-  gensync@1.0.0-beta.2:
-    resolution: {integrity: sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==}
-    engines: {node: '>=6.9.0'}
-
-  get-intrinsic@1.3.0:
-    resolution: {integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==}
-    engines: {node: '>= 0.4'}
-
-  get-proto@1.0.1:
-    resolution: {integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==}
-    engines: {node: '>= 0.4'}
-
-  glob-parent@5.1.2:
-    resolution: {integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==}
-    engines: {node: '>= 6'}
-
-  glob-parent@6.0.2:
-    resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==}
-    engines: {node: '>=10.13.0'}
-
-  globals@14.0.0:
-    resolution: {integrity: sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==}
-    engines: {node: '>=18'}
-
-  gopd@1.2.0:
-    resolution: {integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==}
-    engines: {node: '>= 0.4'}
-
-  has-flag@4.0.0:
-    resolution: {integrity: sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==}
-    engines: {node: '>=8'}
-
-  has-symbols@1.1.0:
-    resolution: {integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==}
-    engines: {node: '>= 0.4'}
-
-  has-tostringtag@1.0.2:
-    resolution: {integrity: sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==}
-    engines: {node: '>= 0.4'}
-
-  hasown@2.0.3:
-    resolution: {integrity: sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==}
-    engines: {node: '>= 0.4'}
-
-  ignore@5.3.2:
-    resolution: {integrity: sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==}
-    engines: {node: '>= 4'}
-
-  import-fresh@3.3.1:
-    resolution: {integrity: sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==}
-    engines: {node: '>=6'}
-
-  imurmurhash@0.1.4:
-    resolution: {integrity: sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==}
-    engines: {node: '>=0.8.19'}
-
-  is-binary-path@2.1.0:
-    resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==}
-    engines: {node: '>=8'}
-
-  is-core-module@2.16.1:
-    resolution: {integrity: sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==}
-    engines: {node: '>= 0.4'}
-
-  is-extglob@2.1.1:
-    resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==}
-    engines: {node: '>=0.10.0'}
-
-  is-glob@4.0.3:
-    resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==}
-    engines: {node: '>=0.10.0'}
-
-  is-number@7.0.0:
-    resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==}
-    engines: {node: '>=0.12.0'}
-
-  isexe@2.0.0:
-    resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
-
-  jiti@1.21.7:
-    resolution: {integrity: sha512-/imKNG4EbWNrVjoNC/1H5/9GFy+tqjGBHCaSsN+P2RnPqjsLmv6UD3Ej+Kj8nBWaRAwyk7kK5ZUc+OEatnTR3A==}
-    hasBin: true
-
-  js-tokens@4.0.0:
-    resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==}
-
-  js-yaml@4.1.1:
-    resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==}
-    hasBin: true
-
-  jsesc@3.1.0:
-    resolution: {integrity: sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==}
-    engines: {node: '>=6'}
-    hasBin: true
-
-  json-buffer@3.0.1:
-    resolution: {integrity: sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==}
-
-  json-schema-traverse@0.4.1:
-    resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==}
-
-  json-stable-stringify-without-jsonify@1.0.1:
-    resolution: {integrity: sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==}
-
-  json5@2.2.3:
-    resolution: {integrity: sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==}
-    engines: {node: '>=6'}
-    hasBin: true
-
-  keyv@4.5.4:
-    resolution: {integrity: sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==}
-
-  levn@0.4.1:
-    resolution: {integrity: sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==}
-    engines: {node: '>= 0.8.0'}
-
-  lilconfig@3.1.3:
-    resolution: {integrity: sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw==}
-    engines: {node: '>=14'}
-
-  lines-and-columns@1.2.4:
-    resolution: {integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==}
-
-  locate-path@6.0.0:
-    resolution: {integrity: sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==}
-    engines: {node: '>=10'}
-
-  lodash.merge@4.6.2:
-    resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==}
-
-  loose-envify@1.4.0:
-    resolution: {integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==}
-    hasBin: true
-
-  lru-cache@5.1.1:
-    resolution: {integrity: sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==}
-
-  lucide-react@0.402.0:
-    resolution: {integrity: sha512-V2ModWMXzoZbQy4dhVUY4snrOplw+DwH0tsr8SLf8N0+irwO5okFcMS4eFHrXHttt24sLFZP3IJQo832o3fUWQ==}
-    peerDependencies:
-      react: ^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0
-
-  math-intrinsics@1.1.0:
-    resolution: {integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==}
-    engines: {node: '>= 0.4'}
-
-  merge2@1.4.1:
-    resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==}
-    engines: {node: '>= 8'}
-
-  micromatch@4.0.8:
-    resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==}
-    engines: {node: '>=8.6'}
-
-  mime-db@1.52.0:
-    resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==}
-    engines: {node: '>= 0.6'}
-
-  mime-types@2.1.35:
-    resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==}
-    engines: {node: '>= 0.6'}
-
-  minimatch@3.1.5:
-    resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
-
-  ms@2.1.3:
-    resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
-
-  mz@2.7.0:
-    resolution: {integrity: sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==}
-
-  nanoid@3.3.11:
-    resolution: {integrity: sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==}
-    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
-    hasBin: true
-
-  natural-compare@1.4.0:
-    resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==}
-
-  node-releases@2.0.38:
-    resolution: {integrity: sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw==}
-
-  normalize-path@3.0.0:
-    resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
-    engines: {node: '>=0.10.0'}
-
-  object-assign@4.1.1:
-    resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==}
-    engines: {node: '>=0.10.0'}
-
-  object-hash@3.0.0:
-    resolution: {integrity: sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==}
-    engines: {node: '>= 6'}
-
-  optionator@0.9.4:
-    resolution: {integrity: sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==}
-    engines: {node: '>= 0.8.0'}
-
-  p-limit@3.1.0:
-    resolution: {integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==}
-    engines: {node: '>=10'}
-
-  p-locate@5.0.0:
-    resolution: {integrity: sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==}
-    engines: {node: '>=10'}
-
-  parent-module@1.0.1:
-    resolution: {integrity: sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==}
-    engines: {node: '>=6'}
-
-  path-exists@4.0.0:
-    resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==}
-    engines: {node: '>=8'}
-
-  path-key@3.1.1:
-    resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
-    engines: {node: '>=8'}
-
-  path-parse@1.0.7:
-    resolution: {integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==}
-
-  picocolors@1.1.1:
-    resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==}
-
-  picomatch@2.3.2:
-    resolution: {integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==}
-    engines: {node: '>=8.6'}
-
-  picomatch@4.0.4:
-    resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
-    engines: {node: '>=12'}
-
-  pify@2.3.0:
-    resolution: {integrity: sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==}
-    engines: {node: '>=0.10.0'}
-
-  pirates@4.0.7:
-    resolution: {integrity: sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==}
-    engines: {node: '>= 6'}
-
-  postcss-import@15.1.0:
-    resolution: {integrity: sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==}
-    engines: {node: '>=14.0.0'}
-    peerDependencies:
-      postcss: ^8.0.0
-
-  postcss-js@4.1.0:
-    resolution: {integrity: sha512-oIAOTqgIo7q2EOwbhb8UalYePMvYoIeRY2YKntdpFQXNosSu3vLrniGgmH9OKs/qAkfoj5oB3le/7mINW1LCfw==}
-    engines: {node: ^12 || ^14 || >= 16}
-    peerDependencies:
-      postcss: ^8.4.21
-
-  postcss-load-config@6.0.1:
-    resolution: {integrity: sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g==}
-    engines: {node: '>= 18'}
-    peerDependencies:
-      jiti: '>=1.21.0'
-      postcss: '>=8.0.9'
-      tsx: ^4.8.1
-      yaml: ^2.4.2
-    peerDependenciesMeta:
-      jiti:
-        optional: true
-      postcss:
-        optional: true
-      tsx:
-        optional: true
-      yaml:
-        optional: true
-
-  postcss-nested@6.2.0:
-    resolution: {integrity: sha512-HQbt28KulC5AJzG+cZtj9kvKB93CFCdLvog1WFLf1D+xmMvPGlBstkpTEZfK5+AN9hfJocyBFCNiqyS48bpgzQ==}
-    engines: {node: '>=12.0'}
-    peerDependencies:
-      postcss: ^8.2.14
-
-  postcss-selector-parser@6.1.2:
-    resolution: {integrity: sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==}
-    engines: {node: '>=4'}
-
-  postcss-value-parser@4.2.0:
-    resolution: {integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==}
-
-  postcss@8.5.12:
-    resolution: {integrity: sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==}
-    engines: {node: ^10 || ^12 || >=14}
-
-  prelude-ls@1.2.1:
-    resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==}
-    engines: {node: '>= 0.8.0'}
-
-  prettier@3.8.3:
-    resolution: {integrity: sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==}
-    engines: {node: '>=14'}
-    hasBin: true
-
-  proxy-from-env@2.1.0:
-    resolution: {integrity: sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==}
-    engines: {node: '>=10'}
-
-  punycode@2.3.1:
-    resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
-    engines: {node: '>=6'}
-
-  queue-microtask@1.2.3:
-    resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==}
-
-  react-dom@18.3.1:
-    resolution: {integrity: sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==}
-    peerDependencies:
-      react: ^18.3.1
-
-  react-hook-form@7.74.0:
-    resolution: {integrity: sha512-yR6wHr99p9wFv686jhRWVSFhUvDvNbdUf2dKlbno8/VKOCuoNobDGC6S+M2dua9A9Yo8vpcrp8assIYbsZCQ9g==}
-    engines: {node: '>=18.0.0'}
-    peerDependencies:
-      react: ^16.8.0 || ^17 || ^18 || ^19
-
-  react-refresh@0.17.0:
-    resolution: {integrity: sha512-z6F7K9bV85EfseRCp2bzrpyQ0Gkw1uLoCel9XBVWPg/TjRj94SkJzUTGfOa4bs7iJvBWtQG0Wq7wnI0syw3EBQ==}
-    engines: {node: '>=0.10.0'}
-
-  react-router-dom@6.30.3:
-    resolution: {integrity: sha512-pxPcv1AczD4vso7G4Z3TKcvlxK7g7TNt3/FNGMhfqyntocvYKj+GCatfigGDjbLozC4baguJ0ReCigoDJXb0ag==}
-    engines: {node: '>=14.0.0'}
-    peerDependencies:
-      react: '>=16.8'
-      react-dom: '>=16.8'
-
-  react-router@6.30.3:
-    resolution: {integrity: sha512-XRnlbKMTmktBkjCLE8/XcZFlnHvr2Ltdr1eJX4idL55/9BbORzyZEaIkBFDhFGCEWBBItsVrDxwx3gnisMitdw==}
-    engines: {node: '>=14.0.0'}
-    peerDependencies:
-      react: '>=16.8'
-
-  react@18.3.1:
-    resolution: {integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==}
-    engines: {node: '>=0.10.0'}
-
-  read-cache@1.0.0:
-    resolution: {integrity: sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==}
-
-  readdirp@3.6.0:
-    resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==}
-    engines: {node: '>=8.10.0'}
-
-  resolve-from@4.0.0:
-    resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
-    engines: {node: '>=4'}
-
-  resolve@1.22.12:
-    resolution: {integrity: sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==}
-    engines: {node: '>= 0.4'}
-    hasBin: true
-
-  reusify@1.1.0:
-    resolution: {integrity: sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==}
-    engines: {iojs: '>=1.0.0', node: '>=0.10.0'}
-
-  rollup@4.60.2:
-    resolution: {integrity: sha512-J9qZyW++QK/09NyN/zeO0dG/1GdGfyp9lV8ajHnRVLfo/uFsbji5mHnDgn/qYdUHyCkM2N+8VyspgZclfAh0eQ==}
-    engines: {node: '>=18.0.0', npm: '>=8.0.0'}
-    hasBin: true
-
-  run-parallel@1.2.0:
-    resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==}
-
-  scheduler@0.23.2:
-    resolution: {integrity: sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==}
-
-  semver@6.3.1:
-    resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==}
-    hasBin: true
-
-  shebang-command@2.0.0:
-    resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
-    engines: {node: '>=8'}
-
-  shebang-regex@3.0.0:
-    resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
-    engines: {node: '>=8'}
-
-  source-map-js@1.2.1:
-    resolution: {integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==}
-    engines: {node: '>=0.10.0'}
-
-  strip-json-comments@3.1.1:
-    resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
-    engines: {node: '>=8'}
-
-  sucrase@3.35.1:
-    resolution: {integrity: sha512-DhuTmvZWux4H1UOnWMB3sk0sbaCVOoQZjv8u1rDoTV0HTdGem9hkAZtl4JZy8P2z4Bg0nT+YMeOFyVr4zcG5Tw==}
-    engines: {node: '>=16 || 14 >=14.17'}
-    hasBin: true
-
-  supports-color@7.2.0:
-    resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==}
-    engines: {node: '>=8'}
-
-  supports-preserve-symlinks-flag@1.0.0:
-    resolution: {integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==}
-    engines: {node: '>= 0.4'}
-
-  tailwindcss@3.4.19:
-    resolution: {integrity: sha512-3ofp+LL8E+pK/JuPLPggVAIaEuhvIz4qNcf3nA1Xn2o/7fb7s/TYpHhwGDv1ZU3PkBluUVaF8PyCHcm48cKLWQ==}
-    engines: {node: '>=14.0.0'}
-    hasBin: true
-
-  thenify-all@1.6.0:
-    resolution: {integrity: sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==}
-    engines: {node: '>=0.8'}
-
-  thenify@3.3.1:
-    resolution: {integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==}
-
-  tinyglobby@0.2.16:
-    resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==}
-    engines: {node: '>=12.0.0'}
-
-  to-regex-range@5.0.1:
-    resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==}
-    engines: {node: '>=8.0'}
-
-  ts-interface-checker@0.1.13:
-    resolution: {integrity: sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==}
-
-  type-check@0.4.0:
-    resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==}
-    engines: {node: '>= 0.8.0'}
-
-  typescript@5.9.3:
-    resolution: {integrity: sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==}
-    engines: {node: '>=14.17'}
-    hasBin: true
-
-  undici-types@6.21.0:
-    resolution: {integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==}
-
-  update-browserslist-db@1.2.3:
-    resolution: {integrity: sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==}
-    hasBin: true
-    peerDependencies:
-      browserslist: '>= 4.21.0'
-
-  uri-js@4.4.1:
-    resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
-
-  use-sync-external-store@1.6.0:
-    resolution: {integrity: sha512-Pp6GSwGP/NrPIrxVFAIkOQeyw8lFenOHijQWkUTrDvrF4ALqylP2C/KCkeS9dpUM3KvYRQhna5vt7IL95+ZQ9w==}
-    peerDependencies:
-      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
-
-  util-deprecate@1.0.2:
-    resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
-
-  vite@5.4.21:
-    resolution: {integrity: sha512-o5a9xKjbtuhY6Bi5S3+HvbRERmouabWbyUcpXXUA1u+GNUKoROi9byOJ8M0nHbHYHkYICiMlqxkg1KkYmm25Sw==}
-    engines: {node: ^18.0.0 || >=20.0.0}
-    hasBin: true
-    peerDependencies:
-      '@types/node': ^18.0.0 || >=20.0.0
-      less: '*'
-      lightningcss: ^1.21.0
-      sass: '*'
-      sass-embedded: '*'
-      stylus: '*'
-      sugarss: '*'
-      terser: ^5.4.0
-    peerDependenciesMeta:
-      '@types/node':
-        optional: true
-      less:
-        optional: true
-      lightningcss:
-        optional: true
-      sass:
-        optional: true
-      sass-embedded:
-        optional: true
-      stylus:
-        optional: true
-      sugarss:
-        optional: true
-      terser:
-        optional: true
-
-  which@2.0.2:
-    resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
-    engines: {node: '>= 8'}
-    hasBin: true
-
-  word-wrap@1.2.5:
-    resolution: {integrity: sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==}
-    engines: {node: '>=0.10.0'}
-
-  yallist@3.1.1:
-    resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==}
-
-  yocto-queue@0.1.0:
-    resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
-    engines: {node: '>=10'}
-
-  zod@3.25.76:
-    resolution: {integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==}
-
-  zustand@4.5.7:
-    resolution: {integrity: sha512-CHOUy7mu3lbD6o6LJLfllpjkzhHXSBlX8B9+qPddUsIfeF5S/UZ5q0kmCsnRqT1UHFQZchNFDDzMbQsuesHWlw==}
-    engines: {node: '>=12.7.0'}
-    peerDependencies:
-      '@types/react': '>=16.8'
-      immer: '>=9.0.6'
-      react: '>=16.8'
-    peerDependenciesMeta:
-      '@types/react':
-        optional: true
-      immer:
-        optional: true
-      react:
-        optional: true
-
-snapshots:
-
-  '@alloc/quick-lru@5.2.0': {}
-
-  '@babel/code-frame@7.29.0':
-    dependencies:
-      '@babel/helper-validator-identifier': 7.28.5
-      js-tokens: 4.0.0
-      picocolors: 1.1.1
-
-  '@babel/compat-data@7.29.0': {}
-
-  '@babel/core@7.29.0':
-    dependencies:
-      '@babel/code-frame': 7.29.0
-      '@babel/generator': 7.29.1
-      '@babel/helper-compilation-targets': 7.28.6
-      '@babel/helper-module-transforms': 7.28.6(@babel/core@7.29.0)
-      '@babel/helpers': 7.29.2
-      '@babel/parser': 7.29.2
-      '@babel/template': 7.28.6
-      '@babel/traverse': 7.29.0
-      '@babel/types': 7.29.0
-      '@jridgewell/remapping': 2.3.5
-      convert-source-map: 2.0.0
-      debug: 4.4.3
-      gensync: 1.0.0-beta.2
-      json5: 2.2.3
-      semver: 6.3.1
-    transitivePeerDependencies:
-      - supports-color
-
-  '@babel/generator@7.29.1':
-    dependencies:
-      '@babel/parser': 7.29.2
-      '@babel/types': 7.29.0
-      '@jridgewell/gen-mapping': 0.3.13
-      '@jridgewell/trace-mapping': 0.3.31
-      jsesc: 3.1.0
-
-  '@babel/helper-compilation-targets@7.28.6':
-    dependencies:
-      '@babel/compat-data': 7.29.0
-      '@babel/helper-validator-option': 7.27.1
-      browserslist: 4.28.2
-      lru-cache: 5.1.1
-      semver: 6.3.1
-
-  '@babel/helper-globals@7.28.0': {}
-
-  '@babel/helper-module-imports@7.28.6':
-    dependencies:
-      '@babel/traverse': 7.29.0
-      '@babel/types': 7.29.0
-    transitivePeerDependencies:
-      - supports-color
-
-  '@babel/helper-module-transforms@7.28.6(@babel/core@7.29.0)':
-    dependencies:
-      '@babel/core': 7.29.0
-      '@babel/helper-module-imports': 7.28.6
-      '@babel/helper-validator-identifier': 7.28.5
-      '@babel/traverse': 7.29.0
-    transitivePeerDependencies:
-      - supports-color
-
-  '@babel/helper-plugin-utils@7.28.6': {}
-
-  '@babel/helper-string-parser@7.27.1': {}
-
-  '@babel/helper-validator-identifier@7.28.5': {}
-
-  '@babel/helper-validator-option@7.27.1': {}
-
-  '@babel/helpers@7.29.2':
-    dependencies:
-      '@babel/template': 7.28.6
-      '@babel/types': 7.29.0
-
-  '@babel/parser@7.29.2':
-    dependencies:
-      '@babel/types': 7.29.0
-
-  '@babel/plugin-transform-react-jsx-self@7.27.1(@babel/core@7.29.0)':
-    dependencies:
-      '@babel/core': 7.29.0
-      '@babel/helper-plugin-utils': 7.28.6
-
-  '@babel/plugin-transform-react-jsx-source@7.27.1(@babel/core@7.29.0)':
-    dependencies:
-      '@babel/core': 7.29.0
-      '@babel/helper-plugin-utils': 7.28.6
-
-  '@babel/template@7.28.6':
-    dependencies:
-      '@babel/code-frame': 7.29.0
-      '@babel/parser': 7.29.2
-      '@babel/types': 7.29.0
-
-  '@babel/traverse@7.29.0':
-    dependencies:
-      '@babel/code-frame': 7.29.0
-      '@babel/generator': 7.29.1
-      '@babel/helper-globals': 7.28.0
-      '@babel/parser': 7.29.2
-      '@babel/template': 7.28.6
-      '@babel/types': 7.29.0
-      debug: 4.4.3
-    transitivePeerDependencies:
-      - supports-color
-
-  '@babel/types@7.29.0':
-    dependencies:
-      '@babel/helper-string-parser': 7.27.1
-      '@babel/helper-validator-identifier': 7.28.5
-
-  '@esbuild/aix-ppc64@0.21.5':
-    optional: true
-
-  '@esbuild/android-arm64@0.21.5':
-    optional: true
-
-  '@esbuild/android-arm@0.21.5':
-    optional: true
-
-  '@esbuild/android-x64@0.21.5':
-    optional: true
-
-  '@esbuild/darwin-arm64@0.21.5':
-    optional: true
-
-  '@esbuild/darwin-x64@0.21.5':
-    optional: true
-
-  '@esbuild/freebsd-arm64@0.21.5':
-    optional: true
-
-  '@esbuild/freebsd-x64@0.21.5':
-    optional: true
-
-  '@esbuild/linux-arm64@0.21.5':
-    optional: true
-
-  '@esbuild/linux-arm@0.21.5':
-    optional: true
-
-  '@esbuild/linux-ia32@0.21.5':
-    optional: true
-
-  '@esbuild/linux-loong64@0.21.5':
-    optional: true
-
-  '@esbuild/linux-mips64el@0.21.5':
-    optional: true
-
-  '@esbuild/linux-ppc64@0.21.5':
-    optional: true
-
-  '@esbuild/linux-riscv64@0.21.5':
-    optional: true
-
-  '@esbuild/linux-s390x@0.21.5':
-    optional: true
-
-  '@esbuild/linux-x64@0.21.5':
-    optional: true
-
-  '@esbuild/netbsd-x64@0.21.5':
-    optional: true
-
-  '@esbuild/openbsd-x64@0.21.5':
-    optional: true
-
-  '@esbuild/sunos-x64@0.21.5':
-    optional: true
-
-  '@esbuild/win32-arm64@0.21.5':
-    optional: true
-
-  '@esbuild/win32-ia32@0.21.5':
-    optional: true
-
-  '@esbuild/win32-x64@0.21.5':
-    optional: true
-
-  '@eslint-community/eslint-utils@4.9.1(eslint@9.39.4(jiti@1.21.7))':
-    dependencies:
-      eslint: 9.39.4(jiti@1.21.7)
-      eslint-visitor-keys: 3.4.3
-
-  '@eslint-community/regexpp@4.12.2': {}
-
-  '@eslint/config-array@0.21.2':
-    dependencies:
-      '@eslint/object-schema': 2.1.7
-      debug: 4.4.3
-      minimatch: 3.1.5
-    transitivePeerDependencies:
-      - supports-color
-
-  '@eslint/config-helpers@0.4.2':
-    dependencies:
-      '@eslint/core': 0.17.0
-
-  '@eslint/core@0.17.0':
-    dependencies:
-      '@types/json-schema': 7.0.15
-
-  '@eslint/eslintrc@3.3.5':
-    dependencies:
-      ajv: 6.15.0
-      debug: 4.4.3
-      espree: 10.4.0
-      globals: 14.0.0
-      ignore: 5.3.2
-      import-fresh: 3.3.1
-      js-yaml: 4.1.1
-      minimatch: 3.1.5
-      strip-json-comments: 3.1.1
-    transitivePeerDependencies:
-      - supports-color
-
-  '@eslint/js@9.39.4': {}
-
-  '@eslint/object-schema@2.1.7': {}
-
-  '@eslint/plugin-kit@0.4.1':
-    dependencies:
-      '@eslint/core': 0.17.0
-      levn: 0.4.1
-
-  '@hookform/resolvers@3.10.0(react-hook-form@7.74.0(react@18.3.1))':
-    dependencies:
-      react-hook-form: 7.74.0(react@18.3.1)
-
-  '@humanfs/core@0.19.2':
-    dependencies:
-      '@humanfs/types': 0.15.0
-
-  '@humanfs/node@0.16.8':
-    dependencies:
-      '@humanfs/core': 0.19.2
-      '@humanfs/types': 0.15.0
-      '@humanwhocodes/retry': 0.4.3
-
-  '@humanfs/types@0.15.0': {}
-
-  '@humanwhocodes/module-importer@1.0.1': {}
-
-  '@humanwhocodes/retry@0.4.3': {}
-
-  '@jridgewell/gen-mapping@0.3.13':
-    dependencies:
-      '@jridgewell/sourcemap-codec': 1.5.5
-      '@jridgewell/trace-mapping': 0.3.31
-
-  '@jridgewell/remapping@2.3.5':
-    dependencies:
-      '@jridgewell/gen-mapping': 0.3.13
-      '@jridgewell/trace-mapping': 0.3.31
-
-  '@jridgewell/resolve-uri@3.1.2': {}
-
-  '@jridgewell/sourcemap-codec@1.5.5': {}
-
-  '@jridgewell/trace-mapping@0.3.31':
-    dependencies:
-      '@jridgewell/resolve-uri': 3.1.2
-      '@jridgewell/sourcemap-codec': 1.5.5
-
-  '@nodelib/fs.scandir@2.1.5':
-    dependencies:
-      '@nodelib/fs.stat': 2.0.5
-      run-parallel: 1.2.0
-
-  '@nodelib/fs.stat@2.0.5': {}
-
-  '@nodelib/fs.walk@1.2.8':
-    dependencies:
-      '@nodelib/fs.scandir': 2.1.5
-      fastq: 1.20.1
-
-  '@remix-run/router@1.23.2': {}
-
-  '@rolldown/pluginutils@1.0.0-beta.27': {}
-
-  '@rollup/rollup-android-arm-eabi@4.60.2':
-    optional: true
-
-  '@rollup/rollup-android-arm64@4.60.2':
-    optional: true
-
-  '@rollup/rollup-darwin-arm64@4.60.2':
-    optional: true
-
-  '@rollup/rollup-darwin-x64@4.60.2':
-    optional: true
-
-  '@rollup/rollup-freebsd-arm64@4.60.2':
-    optional: true
-
-  '@rollup/rollup-freebsd-x64@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-arm-gnueabihf@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-arm-musleabihf@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-arm64-gnu@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-arm64-musl@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-loong64-gnu@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-loong64-musl@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-ppc64-gnu@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-ppc64-musl@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-riscv64-gnu@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-riscv64-musl@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-s390x-gnu@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-x64-gnu@4.60.2':
-    optional: true
-
-  '@rollup/rollup-linux-x64-musl@4.60.2':
-    optional: true
-
-  '@rollup/rollup-openbsd-x64@4.60.2':
-    optional: true
-
-  '@rollup/rollup-openharmony-arm64@4.60.2':
-    optional: true
-
-  '@rollup/rollup-win32-arm64-msvc@4.60.2':
-    optional: true
-
-  '@rollup/rollup-win32-ia32-msvc@4.60.2':
-    optional: true
-
-  '@rollup/rollup-win32-x64-gnu@4.60.2':
-    optional: true
-
-  '@rollup/rollup-win32-x64-msvc@4.60.2':
-    optional: true
-
-  '@tanstack/query-core@5.100.5': {}
-
-  '@tanstack/react-query@5.100.5(react@18.3.1)':
-    dependencies:
-      '@tanstack/query-core': 5.100.5
-      react: 18.3.1
-
-  '@types/babel__core@7.20.5':
-    dependencies:
-      '@babel/parser': 7.29.2
-      '@babel/types': 7.29.0
-      '@types/babel__generator': 7.27.0
-      '@types/babel__template': 7.4.4
-      '@types/babel__traverse': 7.28.0
-
-  '@types/babel__generator@7.27.0':
-    dependencies:
-      '@babel/types': 7.29.0
-
-  '@types/babel__template@7.4.4':
-    dependencies:
-      '@babel/parser': 7.29.2
-      '@babel/types': 7.29.0
-
-  '@types/babel__traverse@7.28.0':
-    dependencies:
-      '@babel/types': 7.29.0
-
-  '@types/estree@1.0.8': {}
-
-  '@types/json-schema@7.0.15': {}
-
-  '@types/node@20.19.39':
-    dependencies:
-      undici-types: 6.21.0
-
-  '@types/prop-types@15.7.15': {}
-
-  '@types/react-dom@18.3.7(@types/react@18.3.28)':
-    dependencies:
-      '@types/react': 18.3.28
-
-  '@types/react@18.3.28':
-    dependencies:
-      '@types/prop-types': 15.7.15
-      csstype: 3.2.3
-
-  '@vitejs/plugin-react@4.7.0(vite@5.4.21(@types/node@20.19.39))':
-    dependencies:
-      '@babel/core': 7.29.0
-      '@babel/plugin-transform-react-jsx-self': 7.27.1(@babel/core@7.29.0)
-      '@babel/plugin-transform-react-jsx-source': 7.27.1(@babel/core@7.29.0)
-      '@rolldown/pluginutils': 1.0.0-beta.27
-      '@types/babel__core': 7.20.5
-      react-refresh: 0.17.0
-      vite: 5.4.21(@types/node@20.19.39)
-    transitivePeerDependencies:
-      - supports-color
-
-  acorn-jsx@5.3.2(acorn@8.16.0):
-    dependencies:
-      acorn: 8.16.0
-
-  acorn@8.16.0: {}
-
-  ajv@6.15.0:
-    dependencies:
-      fast-deep-equal: 3.1.3
-      fast-json-stable-stringify: 2.1.0
-      json-schema-traverse: 0.4.1
-      uri-js: 4.4.1
-
-  ansi-styles@4.3.0:
-    dependencies:
-      color-convert: 2.0.1
-
-  any-promise@1.3.0: {}
-
-  anymatch@3.1.3:
-    dependencies:
-      normalize-path: 3.0.0
-      picomatch: 2.3.2
-
-  arg@5.0.2: {}
-
-  argparse@2.0.1: {}
-
-  asynckit@0.4.0: {}
-
-  autoprefixer@10.5.0(postcss@8.5.12):
-    dependencies:
-      browserslist: 4.28.2
-      caniuse-lite: 1.0.30001791
-      fraction.js: 5.3.4
-      picocolors: 1.1.1
-      postcss: 8.5.12
-      postcss-value-parser: 4.2.0
-
-  axios@1.15.2:
-    dependencies:
-      follow-redirects: 1.16.0
-      form-data: 4.0.5
-      proxy-from-env: 2.1.0
-    transitivePeerDependencies:
-      - debug
-
-  balanced-match@1.0.2: {}
-
-  baseline-browser-mapping@2.10.23: {}
-
-  binary-extensions@2.3.0: {}
-
-  brace-expansion@1.1.14:
-    dependencies:
-      balanced-match: 1.0.2
-      concat-map: 0.0.1
-
-  braces@3.0.3:
-    dependencies:
-      fill-range: 7.1.1
-
-  browserslist@4.28.2:
-    dependencies:
-      baseline-browser-mapping: 2.10.23
-      caniuse-lite: 1.0.30001791
-      electron-to-chromium: 1.5.344
-      node-releases: 2.0.38
-      update-browserslist-db: 1.2.3(browserslist@4.28.2)
-
-  call-bind-apply-helpers@1.0.2:
-    dependencies:
-      es-errors: 1.3.0
-      function-bind: 1.1.2
-
-  callsites@3.1.0: {}
-
-  camelcase-css@2.0.1: {}
-
-  caniuse-lite@1.0.30001791: {}
-
-  chalk@4.1.2:
-    dependencies:
-      ansi-styles: 4.3.0
-      supports-color: 7.2.0
-
-  chokidar@3.6.0:
-    dependencies:
-      anymatch: 3.1.3
-      braces: 3.0.3
-      glob-parent: 5.1.2
-      is-binary-path: 2.1.0
-      is-glob: 4.0.3
-      normalize-path: 3.0.0
-      readdirp: 3.6.0
-    optionalDependencies:
-      fsevents: 2.3.3
-
-  clsx@2.1.1: {}
-
-  color-convert@2.0.1:
-    dependencies:
-      color-name: 1.1.4
-
-  color-name@1.1.4: {}
-
-  combined-stream@1.0.8:
-    dependencies:
-      delayed-stream: 1.0.0
-
-  commander@4.1.1: {}
-
-  concat-map@0.0.1: {}
-
-  convert-source-map@2.0.0: {}
-
-  cross-spawn@7.0.6:
-    dependencies:
-      path-key: 3.1.1
-      shebang-command: 2.0.0
-      which: 2.0.2
-
-  cssesc@3.0.0: {}
-
-  csstype@3.2.3: {}
-
-  debug@4.4.3:
-    dependencies:
-      ms: 2.1.3
-
-  deep-is@0.1.4: {}
-
-  delayed-stream@1.0.0: {}
-
-  didyoumean@1.2.2: {}
-
-  dlv@1.1.3: {}
-
-  dunder-proto@1.0.1:
-    dependencies:
-      call-bind-apply-helpers: 1.0.2
-      es-errors: 1.3.0
-      gopd: 1.2.0
-
-  electron-to-chromium@1.5.344: {}
-
-  es-define-property@1.0.1: {}
-
-  es-errors@1.3.0: {}
-
-  es-object-atoms@1.1.1:
-    dependencies:
-      es-errors: 1.3.0
-
-  es-set-tostringtag@2.1.0:
-    dependencies:
-      es-errors: 1.3.0
-      get-intrinsic: 1.3.0
-      has-tostringtag: 1.0.2
-      hasown: 2.0.3
-
-  esbuild@0.21.5:
-    optionalDependencies:
-      '@esbuild/aix-ppc64': 0.21.5
-      '@esbuild/android-arm': 0.21.5
-      '@esbuild/android-arm64': 0.21.5
-      '@esbuild/android-x64': 0.21.5
-      '@esbuild/darwin-arm64': 0.21.5
-      '@esbuild/darwin-x64': 0.21.5
-      '@esbuild/freebsd-arm64': 0.21.5
-      '@esbuild/freebsd-x64': 0.21.5
-      '@esbuild/linux-arm': 0.21.5
-      '@esbuild/linux-arm64': 0.21.5
-      '@esbuild/linux-ia32': 0.21.5
-      '@esbuild/linux-loong64': 0.21.5
-      '@esbuild/linux-mips64el': 0.21.5
-      '@esbuild/linux-ppc64': 0.21.5
-      '@esbuild/linux-riscv64': 0.21.5
-      '@esbuild/linux-s390x': 0.21.5
-      '@esbuild/linux-x64': 0.21.5
-      '@esbuild/netbsd-x64': 0.21.5
-      '@esbuild/openbsd-x64': 0.21.5
-      '@esbuild/sunos-x64': 0.21.5
-      '@esbuild/win32-arm64': 0.21.5
-      '@esbuild/win32-ia32': 0.21.5
-      '@esbuild/win32-x64': 0.21.5
-
-  escalade@3.2.0: {}
-
-  escape-string-regexp@4.0.0: {}
-
-  eslint-scope@8.4.0:
-    dependencies:
-      esrecurse: 4.3.0
-      estraverse: 5.3.0
-
-  eslint-visitor-keys@3.4.3: {}
-
-  eslint-visitor-keys@4.2.1: {}
-
-  eslint@9.39.4(jiti@1.21.7):
-    dependencies:
-      '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.4(jiti@1.21.7))
-      '@eslint-community/regexpp': 4.12.2
-      '@eslint/config-array': 0.21.2
-      '@eslint/config-helpers': 0.4.2
-      '@eslint/core': 0.17.0
-      '@eslint/eslintrc': 3.3.5
-      '@eslint/js': 9.39.4
-      '@eslint/plugin-kit': 0.4.1
-      '@humanfs/node': 0.16.8
-      '@humanwhocodes/module-importer': 1.0.1
-      '@humanwhocodes/retry': 0.4.3
-      '@types/estree': 1.0.8
-      ajv: 6.15.0
-      chalk: 4.1.2
-      cross-spawn: 7.0.6
-      debug: 4.4.3
-      escape-string-regexp: 4.0.0
-      eslint-scope: 8.4.0
-      eslint-visitor-keys: 4.2.1
-      espree: 10.4.0
-      esquery: 1.7.0
-      esutils: 2.0.3
-      fast-deep-equal: 3.1.3
-      file-entry-cache: 8.0.0
-      find-up: 5.0.0
-      glob-parent: 6.0.2
-      ignore: 5.3.2
-      imurmurhash: 0.1.4
-      is-glob: 4.0.3
-      json-stable-stringify-without-jsonify: 1.0.1
-      lodash.merge: 4.6.2
-      minimatch: 3.1.5
-      natural-compare: 1.4.0
-      optionator: 0.9.4
-    optionalDependencies:
-      jiti: 1.21.7
-    transitivePeerDependencies:
-      - supports-color
-
-  espree@10.4.0:
-    dependencies:
-      acorn: 8.16.0
-      acorn-jsx: 5.3.2(acorn@8.16.0)
-      eslint-visitor-keys: 4.2.1
-
-  esquery@1.7.0:
-    dependencies:
-      estraverse: 5.3.0
-
-  esrecurse@4.3.0:
-    dependencies:
-      estraverse: 5.3.0
-
-  estraverse@5.3.0: {}
-
-  esutils@2.0.3: {}
-
-  fast-deep-equal@3.1.3: {}
-
-  fast-glob@3.3.3:
-    dependencies:
-      '@nodelib/fs.stat': 2.0.5
-      '@nodelib/fs.walk': 1.2.8
-      glob-parent: 5.1.2
-      merge2: 1.4.1
-      micromatch: 4.0.8
-
-  fast-json-stable-stringify@2.1.0: {}
-
-  fast-levenshtein@2.0.6: {}
-
-  fastq@1.20.1:
-    dependencies:
-      reusify: 1.1.0
-
-  fdir@6.5.0(picomatch@4.0.4):
-    optionalDependencies:
-      picomatch: 4.0.4
-
-  file-entry-cache@8.0.0:
-    dependencies:
-      flat-cache: 4.0.1
-
-  fill-range@7.1.1:
-    dependencies:
-      to-regex-range: 5.0.1
-
-  find-up@5.0.0:
-    dependencies:
-      locate-path: 6.0.0
-      path-exists: 4.0.0
-
-  flat-cache@4.0.1:
-    dependencies:
-      flatted: 3.4.2
-      keyv: 4.5.4
-
-  flatted@3.4.2: {}
-
-  follow-redirects@1.16.0: {}
-
-  form-data@4.0.5:
-    dependencies:
-      asynckit: 0.4.0
-      combined-stream: 1.0.8
-      es-set-tostringtag: 2.1.0
-      hasown: 2.0.3
-      mime-types: 2.1.35
-
-  fraction.js@5.3.4: {}
-
-  fsevents@2.3.3:
-    optional: true
-
-  function-bind@1.1.2: {}
-
-  gensync@1.0.0-beta.2: {}
-
-  get-intrinsic@1.3.0:
-    dependencies:
-      call-bind-apply-helpers: 1.0.2
-      es-define-property: 1.0.1
-      es-errors: 1.3.0
-      es-object-atoms: 1.1.1
-      function-bind: 1.1.2
-      get-proto: 1.0.1
-      gopd: 1.2.0
-      has-symbols: 1.1.0
-      hasown: 2.0.3
-      math-intrinsics: 1.1.0
-
-  get-proto@1.0.1:
-    dependencies:
-      dunder-proto: 1.0.1
-      es-object-atoms: 1.1.1
-
-  glob-parent@5.1.2:
-    dependencies:
-      is-glob: 4.0.3
-
-  glob-parent@6.0.2:
-    dependencies:
-      is-glob: 4.0.3
-
-  globals@14.0.0: {}
-
-  gopd@1.2.0: {}
-
-  has-flag@4.0.0: {}
-
-  has-symbols@1.1.0: {}
-
-  has-tostringtag@1.0.2:
-    dependencies:
-      has-symbols: 1.1.0
-
-  hasown@2.0.3:
-    dependencies:
-      function-bind: 1.1.2
-
-  ignore@5.3.2: {}
-
-  import-fresh@3.3.1:
-    dependencies:
-      parent-module: 1.0.1
-      resolve-from: 4.0.0
-
-  imurmurhash@0.1.4: {}
-
-  is-binary-path@2.1.0:
-    dependencies:
-      binary-extensions: 2.3.0
-
-  is-core-module@2.16.1:
-    dependencies:
-      hasown: 2.0.3
-
-  is-extglob@2.1.1: {}
-
-  is-glob@4.0.3:
-    dependencies:
-      is-extglob: 2.1.1
-
-  is-number@7.0.0: {}
-
-  isexe@2.0.0: {}
-
-  jiti@1.21.7: {}
-
-  js-tokens@4.0.0: {}
-
-  js-yaml@4.1.1:
-    dependencies:
-      argparse: 2.0.1
-
-  jsesc@3.1.0: {}
-
-  json-buffer@3.0.1: {}
-
-  json-schema-traverse@0.4.1: {}
-
-  json-stable-stringify-without-jsonify@1.0.1: {}
-
-  json5@2.2.3: {}
-
-  keyv@4.5.4:
-    dependencies:
-      json-buffer: 3.0.1
-
-  levn@0.4.1:
-    dependencies:
-      prelude-ls: 1.2.1
-      type-check: 0.4.0
-
-  lilconfig@3.1.3: {}
-
-  lines-and-columns@1.2.4: {}
-
-  locate-path@6.0.0:
-    dependencies:
-      p-locate: 5.0.0
-
-  lodash.merge@4.6.2: {}
-
-  loose-envify@1.4.0:
-    dependencies:
-      js-tokens: 4.0.0
-
-  lru-cache@5.1.1:
-    dependencies:
-      yallist: 3.1.1
-
-  lucide-react@0.402.0(react@18.3.1):
-    dependencies:
-      react: 18.3.1
-
-  math-intrinsics@1.1.0: {}
-
-  merge2@1.4.1: {}
-
-  micromatch@4.0.8:
-    dependencies:
-      braces: 3.0.3
-      picomatch: 2.3.2
-
-  mime-db@1.52.0: {}
-
-  mime-types@2.1.35:
-    dependencies:
-      mime-db: 1.52.0
-
-  minimatch@3.1.5:
-    dependencies:
-      brace-expansion: 1.1.14
-
-  ms@2.1.3: {}
-
-  mz@2.7.0:
-    dependencies:
-      any-promise: 1.3.0
-      object-assign: 4.1.1
-      thenify-all: 1.6.0
-
-  nanoid@3.3.11: {}
-
-  natural-compare@1.4.0: {}
-
-  node-releases@2.0.38: {}
-
-  normalize-path@3.0.0: {}
-
-  object-assign@4.1.1: {}
-
-  object-hash@3.0.0: {}
-
-  optionator@0.9.4:
-    dependencies:
-      deep-is: 0.1.4
-      fast-levenshtein: 2.0.6
-      levn: 0.4.1
-      prelude-ls: 1.2.1
-      type-check: 0.4.0
-      word-wrap: 1.2.5
-
-  p-limit@3.1.0:
-    dependencies:
-      yocto-queue: 0.1.0
-
-  p-locate@5.0.0:
-    dependencies:
-      p-limit: 3.1.0
-
-  parent-module@1.0.1:
-    dependencies:
-      callsites: 3.1.0
-
-  path-exists@4.0.0: {}
-
-  path-key@3.1.1: {}
-
-  path-parse@1.0.7: {}
-
-  picocolors@1.1.1: {}
-
-  picomatch@2.3.2: {}
-
-  picomatch@4.0.4: {}
-
-  pify@2.3.0: {}
-
-  pirates@4.0.7: {}
-
-  postcss-import@15.1.0(postcss@8.5.12):
-    dependencies:
-      postcss: 8.5.12
-      postcss-value-parser: 4.2.0
-      read-cache: 1.0.0
-      resolve: 1.22.12
-
-  postcss-js@4.1.0(postcss@8.5.12):
-    dependencies:
-      camelcase-css: 2.0.1
-      postcss: 8.5.12
-
-  postcss-load-config@6.0.1(jiti@1.21.7)(postcss@8.5.12):
-    dependencies:
-      lilconfig: 3.1.3
-    optionalDependencies:
-      jiti: 1.21.7
-      postcss: 8.5.12
-
-  postcss-nested@6.2.0(postcss@8.5.12):
-    dependencies:
-      postcss: 8.5.12
-      postcss-selector-parser: 6.1.2
-
-  postcss-selector-parser@6.1.2:
-    dependencies:
-      cssesc: 3.0.0
-      util-deprecate: 1.0.2
-
-  postcss-value-parser@4.2.0: {}
-
-  postcss@8.5.12:
-    dependencies:
-      nanoid: 3.3.11
-      picocolors: 1.1.1
-      source-map-js: 1.2.1
-
-  prelude-ls@1.2.1: {}
-
-  prettier@3.8.3: {}
-
-  proxy-from-env@2.1.0: {}
-
-  punycode@2.3.1: {}
-
-  queue-microtask@1.2.3: {}
-
-  react-dom@18.3.1(react@18.3.1):
-    dependencies:
-      loose-envify: 1.4.0
-      react: 18.3.1
-      scheduler: 0.23.2
-
-  react-hook-form@7.74.0(react@18.3.1):
-    dependencies:
-      react: 18.3.1
-
-  react-refresh@0.17.0: {}
-
-  react-router-dom@6.30.3(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
-    dependencies:
-      '@remix-run/router': 1.23.2
-      react: 18.3.1
-      react-dom: 18.3.1(react@18.3.1)
-      react-router: 6.30.3(react@18.3.1)
-
-  react-router@6.30.3(react@18.3.1):
-    dependencies:
-      '@remix-run/router': 1.23.2
-      react: 18.3.1
-
-  react@18.3.1:
-    dependencies:
-      loose-envify: 1.4.0
-
-  read-cache@1.0.0:
-    dependencies:
-      pify: 2.3.0
-
-  readdirp@3.6.0:
-    dependencies:
-      picomatch: 2.3.2
-
-  resolve-from@4.0.0: {}
-
-  resolve@1.22.12:
-    dependencies:
-      es-errors: 1.3.0
-      is-core-module: 2.16.1
-      path-parse: 1.0.7
-      supports-preserve-symlinks-flag: 1.0.0
-
-  reusify@1.1.0: {}
-
-  rollup@4.60.2:
-    dependencies:
-      '@types/estree': 1.0.8
-    optionalDependencies:
-      '@rollup/rollup-android-arm-eabi': 4.60.2
-      '@rollup/rollup-android-arm64': 4.60.2
-      '@rollup/rollup-darwin-arm64': 4.60.2
-      '@rollup/rollup-darwin-x64': 4.60.2
-      '@rollup/rollup-freebsd-arm64': 4.60.2
-      '@rollup/rollup-freebsd-x64': 4.60.2
-      '@rollup/rollup-linux-arm-gnueabihf': 4.60.2
-      '@rollup/rollup-linux-arm-musleabihf': 4.60.2
-      '@rollup/rollup-linux-arm64-gnu': 4.60.2
-      '@rollup/rollup-linux-arm64-musl': 4.60.2
-      '@rollup/rollup-linux-loong64-gnu': 4.60.2
-      '@rollup/rollup-linux-loong64-musl': 4.60.2
-      '@rollup/rollup-linux-ppc64-gnu': 4.60.2
-      '@rollup/rollup-linux-ppc64-musl': 4.60.2
-      '@rollup/rollup-linux-riscv64-gnu': 4.60.2
-      '@rollup/rollup-linux-riscv64-musl': 4.60.2
-      '@rollup/rollup-linux-s390x-gnu': 4.60.2
-      '@rollup/rollup-linux-x64-gnu': 4.60.2
-      '@rollup/rollup-linux-x64-musl': 4.60.2
-      '@rollup/rollup-openbsd-x64': 4.60.2
-      '@rollup/rollup-openharmony-arm64': 4.60.2
-      '@rollup/rollup-win32-arm64-msvc': 4.60.2
-      '@rollup/rollup-win32-ia32-msvc': 4.60.2
-      '@rollup/rollup-win32-x64-gnu': 4.60.2
-      '@rollup/rollup-win32-x64-msvc': 4.60.2
-      fsevents: 2.3.3
-
-  run-parallel@1.2.0:
-    dependencies:
-      queue-microtask: 1.2.3
-
-  scheduler@0.23.2:
-    dependencies:
-      loose-envify: 1.4.0
-
-  semver@6.3.1: {}
-
-  shebang-command@2.0.0:
-    dependencies:
-      shebang-regex: 3.0.0
-
-  shebang-regex@3.0.0: {}
-
-  source-map-js@1.2.1: {}
-
-  strip-json-comments@3.1.1: {}
-
-  sucrase@3.35.1:
-    dependencies:
-      '@jridgewell/gen-mapping': 0.3.13
-      commander: 4.1.1
-      lines-and-columns: 1.2.4
-      mz: 2.7.0
-      pirates: 4.0.7
-      tinyglobby: 0.2.16
-      ts-interface-checker: 0.1.13
-
-  supports-color@7.2.0:
-    dependencies:
-      has-flag: 4.0.0
-
-  supports-preserve-symlinks-flag@1.0.0: {}
-
-  tailwindcss@3.4.19:
-    dependencies:
-      '@alloc/quick-lru': 5.2.0
-      arg: 5.0.2
-      chokidar: 3.6.0
-      didyoumean: 1.2.2
-      dlv: 1.1.3
-      fast-glob: 3.3.3
-      glob-parent: 6.0.2
-      is-glob: 4.0.3
-      jiti: 1.21.7
-      lilconfig: 3.1.3
-      micromatch: 4.0.8
-      normalize-path: 3.0.0
-      object-hash: 3.0.0
-      picocolors: 1.1.1
-      postcss: 8.5.12
-      postcss-import: 15.1.0(postcss@8.5.12)
-      postcss-js: 4.1.0(postcss@8.5.12)
-      postcss-load-config: 6.0.1(jiti@1.21.7)(postcss@8.5.12)
-      postcss-nested: 6.2.0(postcss@8.5.12)
-      postcss-selector-parser: 6.1.2
-      resolve: 1.22.12
-      sucrase: 3.35.1
-    transitivePeerDependencies:
-      - tsx
-      - yaml
-
-  thenify-all@1.6.0:
-    dependencies:
-      thenify: 3.3.1
-
-  thenify@3.3.1:
-    dependencies:
-      any-promise: 1.3.0
-
-  tinyglobby@0.2.16:
-    dependencies:
-      fdir: 6.5.0(picomatch@4.0.4)
-      picomatch: 4.0.4
-
-  to-regex-range@5.0.1:
-    dependencies:
-      is-number: 7.0.0
-
-  ts-interface-checker@0.1.13: {}
-
-  type-check@0.4.0:
-    dependencies:
-      prelude-ls: 1.2.1
-
-  typescript@5.9.3: {}
-
-  undici-types@6.21.0: {}
-
-  update-browserslist-db@1.2.3(browserslist@4.28.2):
-    dependencies:
-      browserslist: 4.28.2
-      escalade: 3.2.0
-      picocolors: 1.1.1
-
-  uri-js@4.4.1:
-    dependencies:
-      punycode: 2.3.1
-
-  use-sync-external-store@1.6.0(react@18.3.1):
-    dependencies:
-      react: 18.3.1
-
-  util-deprecate@1.0.2: {}
-
-  vite@5.4.21(@types/node@20.19.39):
-    dependencies:
-      esbuild: 0.21.5
-      postcss: 8.5.12
-      rollup: 4.60.2
-    optionalDependencies:
-      '@types/node': 20.19.39
-      fsevents: 2.3.3
-
-  which@2.0.2:
-    dependencies:
-      isexe: 2.0.0
-
-  word-wrap@1.2.5: {}
-
-  yallist@3.1.1: {}
-
-  yocto-queue@0.1.0: {}
-
-  zod@3.25.76: {}
-
-  zustand@4.5.7(@types/react@18.3.28)(react@18.3.1):
-    dependencies:
-      use-sync-external-store: 1.6.0(react@18.3.1)
-    optionalDependencies:
-      '@types/react': 18.3.28
-      react: 18.3.1
diff --git a/frontend/pnpm-workspace.yaml b/frontend/pnpm-workspace.yaml
deleted file mode 100644
index 3ff5faaa..00000000
--- a/frontend/pnpm-workspace.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-packages:
-  - "apps/*"
-  - "packages/*"
diff --git a/frontend/tsconfig.base.json b/frontend/tsconfig.base.json
deleted file mode 100644
index 21f084e3..00000000
--- a/frontend/tsconfig.base.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2022",
-    "lib": ["ES2022", "DOM", "DOM.Iterable"],
-    "module": "ESNext",
-    "moduleResolution": "Bundler",
-    "jsx": "react-jsx",
-    "strict": true,
-    "noUnusedLocals": true,
-    "noUnusedParameters": true,
-    "noFallthroughCasesInSwitch": true,
-    "noUncheckedIndexedAccess": true,
-    "skipLibCheck": true,
-    "esModuleInterop": true,
-    "forceConsistentCasingInFileNames": true,
-    "isolatedModules": true,
-    "resolveJsonModule": true,
-    "allowSyntheticDefaultImports": true,
-    "useDefineForClassFields": true,
-    "baseUrl": ".",
-    "paths": {
-      "@kleinai/theme": ["packages/theme/src"],
-      "@kleinai/theme/*": ["packages/theme/src/*"],
-      "@kleinai/ui": ["packages/ui/src"],
-      "@kleinai/ui/*": ["packages/ui/src/*"],
-      "@kleinai/api-client": ["packages/api-client/src"],
-      "@kleinai/api-client/*": ["packages/api-client/src/*"],
-      "@kleinai/hooks": ["packages/hooks/src"],
-      "@kleinai/hooks/*": ["packages/hooks/src/*"],
-      "@kleinai/utils": ["packages/utils/src"],
-      "@kleinai/utils/*": ["packages/utils/src/*"]
-    }
-  }
-}
diff --git a/go.mod b/go.mod
new file mode 100644
index 00000000..7a08e879
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,64 @@
+module github.com/432539/gpt2api
+
+go 1.26.1
+
+require (
+	github.com/gin-gonic/gin v1.12.0
+	github.com/go-sql-driver/mysql v1.9.3
+	github.com/golang-jwt/jwt/v5 v5.3.1
+	github.com/google/uuid v1.6.0
+	github.com/jmoiron/sqlx v1.4.0
+	github.com/redis/go-redis/v9 v9.18.0
+	github.com/spf13/viper v1.21.0
+	go.uber.org/zap v1.27.1
+	golang.org/x/crypto v0.50.0
+)
+
+require (
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/andybalholm/brotli v1.0.6 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/sonic/loader v0.5.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.30.1 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/goccy/go-yaml v1.19.2 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.17.6 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.59.0 // indirect
+	github.com/refraction-networking/utls v1.8.2 // indirect
+	github.com/sagikazarmark/locafero v0.11.0 // indirect
+	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/cast v1.10.0 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
+	go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
+	go.uber.org/multierr v1.10.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/arch v0.22.0 // indirect
+	golang.org/x/image v0.39.0 // indirect
+	golang.org/x/net v0.52.0 // indirect
+	golang.org/x/sys v0.43.0 // indirect
+	golang.org/x/text v0.36.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 00000000..80577d84
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,162 @@
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
+github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
+github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
+github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
+github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
+github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
+github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
+github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
+github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
+github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
+github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
+github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
+github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
+github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8=
+github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
+github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=
+github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
+github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
+github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
+github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
+github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI=
+github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
+github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
+github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
+github.com/redis/go-redis/v9 v9.18.0 h1:pMkxYPkEbMPwRdenAzUNyFNrDgHx9U+DrBabWNfSRQs=
+github.com/redis/go-redis/v9 v9.18.0/go.mod h1:k3ufPphLU5YXwNTUcCRXGxUoF1fqxnhFQmscfkCoDA0=
+github.com/refraction-networking/utls v1.8.2 h1:j4Q1gJj0xngdeH+Ox/qND11aEfhpgoEvV+S9iJ2IdQo=
+github.com/refraction-networking/utls v1.8.2/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
+github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik=
+github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=
+github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U=
+github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
+github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
+github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
+github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
+github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
+github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
+github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
+github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
+github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
+go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE=
+go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
+go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
+go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
+go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc=
+go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
+golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
+golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
+golang.org/x/image v0.39.0 h1:skVYidAEVKgn8lZ602XO75asgXBgLj9G/FE3RbuPFww=
+golang.org/x/image v0.39.0/go.mod h1:sIbmppfU+xFLPIG0FoVUTvyBMmgng1/XAMhQ2ft0hpA=
+golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
+golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
+golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
+golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/internal/account/dao.go b/internal/account/dao.go
new file mode 100644
index 00000000..196b2e20
--- /dev/null
+++ b/internal/account/dao.go
@@ -0,0 +1,456 @@
+package account
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+)
+
+var ErrNotFound = errors.New("账号不存在")
+
+type DAO struct{ db *sqlx.DB }
+
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+// DB 暴露底层 handle 给刷新器 / 探测器用于直接原子更新(少量场景)。
+func (d *DAO) DB() *sqlx.DB { return d.db }
+
+// fill 填充非 db 列的辅助字段。
+func fill(a *Account) {
+	if a == nil {
+		return
+	}
+	a.HasRT = a.RefreshTokenEnc.Valid && a.RefreshTokenEnc.String != ""
+	a.HasST = a.SessionTokenEnc.Valid && a.SessionTokenEnc.String != ""
+}
+
+func fillAll(rows []*Account) {
+	for _, r := range rows {
+		fill(r)
+	}
+}
+
+func (d *DAO) Create(ctx context.Context, a *Account) (uint64, error) {
+	res, err := d.db.ExecContext(ctx,
+		`INSERT INTO oai_accounts
+         (email, auth_token_enc, refresh_token_enc, session_token_enc, token_expires_at,
+          oai_session_id, oai_device_id, client_id, chatgpt_account_id, account_type,
+          plan_type, daily_image_quota, status, notes)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		a.Email, a.AuthTokenEnc, a.RefreshTokenEnc, a.SessionTokenEnc, a.TokenExpiresAt,
+		a.OAISessionID, a.OAIDeviceID, a.ClientID, a.ChatGPTAccountID, a.AccountType,
+		a.PlanType, a.DailyImageQuota, a.Status, a.Notes,
+	)
+	if err != nil {
+		return 0, err
+	}
+	id, _ := res.LastInsertId()
+	return uint64(id), nil
+}
+
+func (d *DAO) GetByID(ctx context.Context, id uint64) (*Account, error) {
+	var a Account
+	err := d.db.GetContext(ctx, &a,
+		`SELECT * FROM oai_accounts WHERE id = ? AND deleted_at IS NULL`, id)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	fill(&a)
+	return &a, err
+}
+
+// GetByEmail 精确找;未命中返回 nil, nil(方便 importer 判 upsert)。
+func (d *DAO) GetByEmail(ctx context.Context, email string) (*Account, error) {
+	var a Account
+	err := d.db.GetContext(ctx, &a,
+		`SELECT * FROM oai_accounts WHERE email = ? AND deleted_at IS NULL LIMIT 1`, email)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	fill(&a)
+	return &a, nil
+}
+
+func (d *DAO) List(ctx context.Context, status string, keyword string, offset, limit int) ([]*Account, int64, error) {
+	var total int64
+	var err error
+	var rows []*Account
+
+	where := "deleted_at IS NULL"
+	args := []interface{}{}
+	if status != "" {
+		where += " AND status = ?"
+		args = append(args, status)
+	}
+	if keyword != "" {
+		where += " AND (email LIKE ? OR notes LIKE ?)"
+		like := "%" + keyword + "%"
+		args = append(args, like, like)
+	}
+
+	if err = d.db.GetContext(ctx, &total, "SELECT COUNT(*) FROM oai_accounts WHERE "+where, args...); err != nil {
+		return nil, 0, err
+	}
+	argsPage := append([]interface{}{}, args...)
+	argsPage = append(argsPage, limit, offset)
+	err = d.db.SelectContext(ctx, &rows,
+		"SELECT * FROM oai_accounts WHERE "+where+" ORDER BY id DESC LIMIT ? OFFSET ?", argsPage...)
+	fillAll(rows)
+	return rows, total, err
+}
+
+// ListDispatchable 调度器专用:返回 AT 有效且 cooldown 到期的候选账号。
+//
+// 接受 status IN ('healthy', 'warned'):
+//   - healthy: 正常
+//   - warned:  RT/ST 刷新失败但 AT 尚未到期,仍可继续出图直到 AT 过期
+func (d *DAO) ListDispatchable(ctx context.Context, limit int) ([]*Account, error) {
+	rows := make([]*Account, 0, limit)
+	now := time.Now()
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM oai_accounts
+         WHERE deleted_at IS NULL AND status IN ('healthy', 'warned')
+           AND (cooldown_until IS NULL OR cooldown_until <= ?)
+           AND (token_expires_at IS NULL OR token_expires_at > ?)
+         ORDER BY
+           CASE status WHEN 'healthy' THEN 0 ELSE 1 END,
+           CASE WHEN last_used_at IS NULL THEN 0 ELSE 1 END,
+           last_used_at ASC
+         LIMIT ?`, now, now, limit)
+	fillAll(rows)
+	return rows, err
+}
+
+// ListNeedRefresh 返回需要预刷新的账号(AT 将在 aheadSec 秒内过期)。
+// 按 token_expires_at 升序,最快过期的先刷。
+func (d *DAO) ListNeedRefresh(ctx context.Context, aheadSec int, limit int) ([]*Account, error) {
+	rows := make([]*Account, 0, limit)
+	threshold := time.Now().Add(time.Duration(aheadSec) * time.Second)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM oai_accounts
+         WHERE deleted_at IS NULL
+           AND status <> 'dead'
+           AND (refresh_token_enc IS NOT NULL OR session_token_enc IS NOT NULL)
+           AND token_expires_at IS NOT NULL
+           AND token_expires_at <= ?
+         ORDER BY token_expires_at ASC
+         LIMIT ?`, threshold, limit)
+	fillAll(rows)
+	return rows, err
+}
+
+// ListNeedProbeQuota 返回需要探测图片额度的账号。命中以下任一条件即纳入:
+//   (a) 从未探测过(image_quota_updated_at IS NULL);
+//   (b) 上次探测超过 minIntervalSec 秒(常规轮询);
+//   (c) **剩余额度=0 且已过 reset_at**:这种"归零等重置"的账号要第一时间补探,
+//       不受 minIntervalSec 限制,避免 5 小时轮询间隔导致的额度恢复滞后显示。
+func (d *DAO) ListNeedProbeQuota(ctx context.Context, minIntervalSec int, limit int) ([]*Account, error) {
+	rows := make([]*Account, 0, limit)
+	threshold := time.Now().Add(-time.Duration(minIntervalSec) * time.Second)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM oai_accounts
+         WHERE deleted_at IS NULL
+           AND status = 'healthy'
+           AND (token_expires_at IS NULL OR token_expires_at > NOW())
+           AND (
+                image_quota_updated_at IS NULL
+             OR image_quota_updated_at <= ?
+             OR (image_quota_remaining = 0
+                 AND (image_quota_reset_at IS NULL OR image_quota_reset_at <= NOW()))
+           )
+         ORDER BY CASE WHEN image_quota_updated_at IS NULL THEN 0 ELSE 1 END,
+                  image_quota_updated_at ASC
+         LIMIT ?`, threshold, limit)
+	fillAll(rows)
+	return rows, err
+}
+
+// ListAllActiveIDs 用于批量刷新 / 批量探测:返回未软删的所有 id。
+func (d *DAO) ListAllActiveIDs(ctx context.Context) ([]uint64, error) {
+	ids := make([]uint64, 0, 128)
+	err := d.db.SelectContext(ctx, &ids,
+		`SELECT id FROM oai_accounts WHERE deleted_at IS NULL ORDER BY id ASC`)
+	return ids, err
+}
+
+// QuotaSummary 全局额度汇总。
+type QuotaSummary struct {
+	TotalRemaining int64 `db:"total_remaining" json:"total_remaining"` // 所有未软删账号剩余额度之和
+	TotalCapacity  int64 `db:"total_capacity"  json:"total_capacity"`  // 所有未软删账号上限之和
+	ActiveAccounts int64 `db:"active_accounts" json:"active_accounts"` // 未软删账号总数
+}
+
+// SumQuota 汇总所有未软删账号的额度(含 dead/suspicious)。
+// 账号失效只影响能否被调度出图,不影响其已探测到的额度数字;
+// 全部纳入统计才能正确反映账号池的实际剩余容量。
+func (d *DAO) SumQuota(ctx context.Context) (*QuotaSummary, error) {
+	var s QuotaSummary
+	err := d.db.GetContext(ctx, &s, `
+SELECT
+  COALESCE(SUM(image_quota_remaining), 0) AS total_remaining,
+  COALESCE(SUM(image_quota_total),     0) AS total_capacity,
+  COUNT(*)                                AS active_accounts
+FROM oai_accounts
+WHERE deleted_at IS NULL`)
+	return &s, err
+}
+
+func (d *DAO) Update(ctx context.Context, a *Account) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE oai_accounts
+         SET email=?, auth_token_enc=?, refresh_token_enc=?, session_token_enc=?, token_expires_at=?,
+             oai_session_id=?, oai_device_id=?, client_id=?, chatgpt_account_id=?, account_type=?,
+             plan_type=?, daily_image_quota=?,
+             status=?, notes=?
+         WHERE id = ? AND deleted_at IS NULL`,
+		a.Email, a.AuthTokenEnc, a.RefreshTokenEnc, a.SessionTokenEnc, a.TokenExpiresAt,
+		a.OAISessionID, a.OAIDeviceID, a.ClientID, a.ChatGPTAccountID, a.AccountType,
+		a.PlanType, a.DailyImageQuota,
+		a.Status, a.Notes, a.ID,
+	)
+	return err
+}
+
+func (d *DAO) SoftDelete(ctx context.Context, id uint64) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE oai_accounts SET deleted_at = ? WHERE id = ?`, time.Now(), id)
+	return err
+}
+
+// SoftDeleteByStatus 按状态批量软删。status 为空时删除全部(调用方需二次确认)。
+// 返回删除行数。
+func (d *DAO) SoftDeleteByStatus(ctx context.Context, status string) (int64, error) {
+	now := time.Now()
+	if status == "" {
+		res, err := d.db.ExecContext(ctx,
+			`UPDATE oai_accounts SET deleted_at = ? WHERE deleted_at IS NULL`, now)
+		if err != nil {
+			return 0, err
+		}
+		n, _ := res.RowsAffected()
+		return n, nil
+	}
+	res, err := d.db.ExecContext(ctx,
+		`UPDATE oai_accounts SET deleted_at = ? WHERE deleted_at IS NULL AND status = ?`,
+		now, status)
+	if err != nil {
+		return 0, err
+	}
+	n, _ := res.RowsAffected()
+	return n, nil
+}
+
+// EnsureDeviceID 确保账号有 oai_device_id。
+// 如果当前为空,原子写入给定的 deviceID;返回最终实际的 device_id(已有则原值)。
+func (d *DAO) EnsureDeviceID(ctx context.Context, id uint64, deviceID string) (string, error) {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE oai_accounts SET oai_device_id = ?
+         WHERE id = ? AND deleted_at IS NULL AND (oai_device_id = '' OR oai_device_id IS NULL)`,
+		deviceID, id)
+	if err != nil {
+		return "", err
+	}
+	// 回读,兼容其他协程并发填写的情形
+	var cur string
+	if err := d.db.GetContext(ctx, &cur,
+		`SELECT oai_device_id FROM oai_accounts WHERE id = ?`, id); err != nil {
+		return "", err
+	}
+	return cur, nil
+}
+
+// EnsureSessionID 确保账号有 oai_session_id(按账号稳定复用)。
+// 逻辑与 EnsureDeviceID 完全一致,单独一个函数是为了日志/审计区分用途。
+func (d *DAO) EnsureSessionID(ctx context.Context, id uint64, sessionID string) (string, error) {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE oai_accounts SET oai_session_id = ?
+         WHERE id = ? AND deleted_at IS NULL AND (oai_session_id = '' OR oai_session_id IS NULL)`,
+		sessionID, id)
+	if err != nil {
+		return "", err
+	}
+	var cur string
+	if err := d.db.GetContext(ctx, &cur,
+		`SELECT oai_session_id FROM oai_accounts WHERE id = ?`, id); err != nil {
+		return "", err
+	}
+	return cur, nil
+}
+
+// MarkUsed 更新 last_used_at + 今日计数。today 是当日零点(用于 today_used_date 比较)。
+func (d *DAO) MarkUsed(ctx context.Context, id uint64, today time.Time) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE oai_accounts
+         SET last_used_at = ?,
+             today_used_count = CASE WHEN today_used_date = ? THEN today_used_count + 1 ELSE 1 END,
+             today_used_date  = ?
+         WHERE id = ?`,
+		time.Now(), today, today, id)
+	return err
+}
+
+// SetStatus 迁移状态,可选 cooldownUntil。
+func (d *DAO) SetStatus(ctx context.Context, id uint64, status string, cooldownUntil *time.Time) error {
+	if cooldownUntil != nil {
+		_, err := d.db.ExecContext(ctx,
+			`UPDATE oai_accounts SET status=?, cooldown_until=? WHERE id=?`,
+			status, *cooldownUntil, id)
+		return err
+	}
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE oai_accounts SET status=?, cooldown_until=NULL WHERE id=?`,
+		status, id)
+	return err
+}
+
+// ApplyRefreshResult 原子更新 AT / RT + 过期时间 + 最近刷新信息。
+// newRTEnc 为空字符串表示 RT 没有轮转,保持不变。
+func (d *DAO) ApplyRefreshResult(
+	ctx context.Context,
+	id uint64,
+	newATEnc string,
+	newRTEnc string,
+	expiresAt time.Time,
+	source string,
+) error {
+	var err error
+	if newRTEnc != "" {
+		_, err = d.db.ExecContext(ctx,
+			`UPDATE oai_accounts
+             SET auth_token_enc = ?,
+                 refresh_token_enc = ?,
+                 token_expires_at = ?,
+                 last_refresh_at = ?,
+                 last_refresh_source = ?,
+                 refresh_error = '',
+                 status = CASE WHEN status IN ('dead','suspicious') THEN 'healthy' ELSE status END
+             WHERE id = ? AND deleted_at IS NULL`,
+			newATEnc, newRTEnc, expiresAt, time.Now(), source, id)
+	} else {
+		_, err = d.db.ExecContext(ctx,
+			`UPDATE oai_accounts
+             SET auth_token_enc = ?,
+                 token_expires_at = ?,
+                 last_refresh_at = ?,
+                 last_refresh_source = ?,
+                 refresh_error = '',
+                 status = CASE WHEN status IN ('dead','suspicious') THEN 'healthy' ELSE status END
+             WHERE id = ? AND deleted_at IS NULL`,
+			newATEnc, expiresAt, time.Now(), source, id)
+	}
+	return err
+}
+
+// RecordRefreshError 写入刷新失败原因,同时推进 last_refresh_at(避免 pressed-out 重试)。
+//
+// markDead=true 时:若当前 AT 尚未过期,只降为 'warned'(账号仍可被调度出图,AT 用完前
+// 不要让它离线);若 AT 已过期或为空则真正标 'dead'。
+// 这样避免"RT 失效但 AT 还有几天"的账号被提前下线。
+func (d *DAO) RecordRefreshError(ctx context.Context, id uint64, source string, reason string, markDead bool) error {
+	if markDead {
+		_, err := d.db.ExecContext(ctx,
+			`UPDATE oai_accounts
+             SET last_refresh_at = ?, last_refresh_source = ?, refresh_error = ?,
+                 status = CASE
+                   WHEN token_expires_at IS NOT NULL AND token_expires_at > NOW() THEN 'warned'
+                   ELSE 'dead'
+                 END
+             WHERE id = ? AND deleted_at IS NULL`,
+			time.Now(), source, reason, id)
+		return err
+	}
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE oai_accounts
+         SET last_refresh_at = ?, last_refresh_source = ?, refresh_error = ?
+         WHERE id = ? AND deleted_at IS NULL`,
+		time.Now(), source, reason, id)
+	return err
+}
+
+// ApplyQuotaResult 更新图片额度探测结果;remaining/total = -1 表示保持原值。
+func (d *DAO) ApplyQuotaResult(ctx context.Context, id uint64, remaining, total int, resetAt *time.Time) error {
+	q := `UPDATE oai_accounts
+          SET image_quota_remaining = CASE WHEN ? < 0 THEN image_quota_remaining ELSE ? END,
+              image_quota_total     = CASE WHEN ? < 0 THEN image_quota_total     ELSE ? END,
+              image_quota_reset_at  = ?,
+              image_quota_updated_at = ?
+          WHERE id = ? AND deleted_at IS NULL`
+	var reset interface{}
+	if resetAt != nil {
+		reset = *resetAt
+	} else {
+		reset = nil
+	}
+	_, err := d.db.ExecContext(ctx, q, remaining, remaining, total, total, reset, time.Now(), id)
+	return err
+}
+
+// DecrQuota 生图成功后立即乐观扣减账号剩余额度。
+// 这样无需等下次探测即可在前端看到正确剩余数字。
+// n 为本次消耗张数;GREATEST(0,...) 防止出现负值。
+func (d *DAO) DecrQuota(ctx context.Context, accountID uint64, n int) error {
+	if n <= 0 {
+		return nil
+	}
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE oai_accounts
+         SET image_quota_remaining = GREATEST(0, image_quota_remaining - ?)
+         WHERE id = ? AND deleted_at IS NULL`,
+		n, accountID)
+	return err
+}
+
+// ---- cookies ----
+
+func (d *DAO) UpsertCookies(ctx context.Context, accountID uint64, cookieEnc string) error {
+	_, err := d.db.ExecContext(ctx,
+		`INSERT INTO oai_account_cookies (account_id, cookie_json_enc)
+         VALUES (?, ?)
+         ON DUPLICATE KEY UPDATE cookie_json_enc = VALUES(cookie_json_enc)`,
+		accountID, cookieEnc)
+	return err
+}
+
+func (d *DAO) GetCookies(ctx context.Context, accountID uint64) (string, error) {
+	var enc string
+	err := d.db.GetContext(ctx, &enc,
+		`SELECT cookie_json_enc FROM oai_account_cookies WHERE account_id = ?`,
+		accountID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return "", nil
+	}
+	return enc, err
+}
+
+// ---- bindings ----
+
+func (d *DAO) SetBinding(ctx context.Context, accountID, proxyID uint64) error {
+	_, err := d.db.ExecContext(ctx,
+		`INSERT INTO account_proxy_bindings (account_id, proxy_id)
+         VALUES (?, ?)
+         ON DUPLICATE KEY UPDATE proxy_id = VALUES(proxy_id), bound_at = CURRENT_TIMESTAMP`,
+		accountID, proxyID)
+	return err
+}
+
+func (d *DAO) RemoveBinding(ctx context.Context, accountID uint64) error {
+	_, err := d.db.ExecContext(ctx,
+		`DELETE FROM account_proxy_bindings WHERE account_id = ?`, accountID)
+	return err
+}
+
+func (d *DAO) GetBinding(ctx context.Context, accountID uint64) (*Binding, error) {
+	var b Binding
+	err := d.db.GetContext(ctx, &b,
+		`SELECT * FROM account_proxy_bindings WHERE account_id = ?`, accountID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, nil
+	}
+	return &b, err
+}
diff --git a/internal/account/handler.go b/internal/account/handler.go
new file mode 100644
index 00000000..4e173f34
--- /dev/null
+++ b/internal/account/handler.go
@@ -0,0 +1,585 @@
+package account
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"io"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/settings"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// ProxyURLResolver 按 proxy_id 取代理 URL(已带密码),供 ImportTokens 时走 RT/ST 换 AT 使用。
+// 由外部传入一个实现(通常是 proxy.Service 的包装),避免 account 包直接依赖 proxy 包。
+type ProxyURLResolver interface {
+	ProxyURLByID(ctx context.Context, proxyID uint64) string
+}
+
+type Handler struct {
+	svc           *Service
+	refresher     *Refresher
+	prober        *QuotaProber
+	settings      *settings.Service
+	proxyResolver ProxyURLResolver
+}
+
+func NewHandler(s *Service) *Handler { return &Handler{svc: s} }
+
+// SetRefresher 注入刷新器(可选,未注入时相关接口返回 501)。
+func (h *Handler) SetRefresher(r *Refresher) { h.refresher = r }
+
+// SetProber 注入额度探测器(可选)。
+func (h *Handler) SetProber(p *QuotaProber) { h.prober = p }
+
+// SetSettings 注入系统设置服务,用于自动刷新开关的读写。
+func (h *Handler) SetSettings(s *settings.Service) { h.settings = s }
+
+// SetProxyResolver 注入代理 URL 解析器(可选,未注入时 RT/ST 批量导入只能直连)。
+func (h *Handler) SetProxyResolver(r ProxyURLResolver) { h.proxyResolver = r }
+
+// POST /api/admin/accounts
+func (h *Handler) Create(c *gin.Context) {
+	var req CreateInput
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, "请求参数错误:"+err.Error())
+		return
+	}
+	a, err := h.svc.Create(c.Request.Context(), req)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, a)
+}
+
+// GET /api/admin/accounts/quota-summary
+// 返回健康账号的额度汇总:total_remaining / total_capacity / active_accounts。
+// 注意:只统计 image_quota_updated_at IS NOT NULL 的行(已探测过)。
+func (h *Handler) QuotaSummary(c *gin.Context) {
+	s, err := h.svc.dao.SumQuota(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, s)
+}
+
+// GET /api/admin/accounts
+func (h *Handler) List(c *gin.Context) {
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	if page < 1 {
+		page = 1
+	}
+	size, _ := strconv.Atoi(c.DefaultQuery("page_size", "10"))
+	if size < 1 {
+		size = 10
+	}
+	if size > 1000 {
+		size = 1000
+	}
+	status := c.Query("status")
+	keyword := c.Query("keyword")
+	list, total, err := h.svc.List(c.Request.Context(), status, keyword, (page-1)*size, size)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"list": list, "total": total, "page": page, "page_size": size})
+}
+
+// GET /api/admin/accounts/:id
+func (h *Handler) Get(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	a, err := h.svc.Get(c.Request.Context(), id)
+	if err != nil {
+		resp.NotFound(c, err.Error())
+		return
+	}
+	resp.OK(c, a)
+}
+
+// PATCH /api/admin/accounts/:id
+func (h *Handler) Update(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	var req UpdateInput
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, "请求参数错误:"+err.Error())
+		return
+	}
+	a, err := h.svc.Update(c.Request.Context(), id, req)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, a)
+}
+
+// DELETE /api/admin/accounts/:id
+func (h *Handler) Delete(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err := h.svc.Delete(c.Request.Context(), id); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"deleted": id})
+}
+
+// GET /api/admin/accounts/:id/secrets
+// 仅管理员可用,返回 AT / RT / ST 明文用于编辑弹窗回显。
+func (h *Handler) GetSecrets(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	sec, err := h.svc.GetSecrets(c.Request.Context(), id)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, sec)
+}
+
+// POST /api/admin/accounts/bulk-delete
+// body: { "scope": "dead" | "suspicious" | "warned" | "throttled" | "all" }
+// 批量软删指定状态的账号;scope=all 时删除全部(调用方需二次确认)。
+func (h *Handler) BulkDelete(c *gin.Context) {
+	var req struct {
+		Scope string `json:"scope" binding:"required"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, "请求参数错误:"+err.Error())
+		return
+	}
+	scope := strings.ToLower(strings.TrimSpace(req.Scope))
+	allowed := map[string]bool{
+		"dead": true, "suspicious": true, "warned": true, "throttled": true, "all": true,
+	}
+	if !allowed[scope] {
+		resp.BadRequest(c, "scope 仅支持 dead / suspicious / warned / throttled / all")
+		return
+	}
+	n, err := h.svc.BulkDeleteByStatus(c.Request.Context(), scope)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"deleted": n, "scope": scope})
+}
+
+// ===================== 自动刷新开关 =====================
+
+// GET /api/admin/accounts/auto-refresh
+// 返回当前自动刷新配置。
+func (h *Handler) GetAutoRefresh(c *gin.Context) {
+	if h.settings == nil {
+		resp.Internal(c, "系统设置未初始化")
+		return
+	}
+	resp.OK(c, gin.H{
+		"enabled":   h.settings.AccountRefreshEnabled(),
+		"ahead_sec": h.settings.AccountRefreshAheadSec(),
+		"threshold": "AT 距离过期 < 1 天时自动刷新,失效/可疑账号不刷新",
+	})
+}
+
+// PUT /api/admin/accounts/auto-refresh
+// body: { "enabled": true|false }
+// 写入 account.refresh_enabled;同时把阈值固定为 86400(1 天)以满足 UI 语义。
+func (h *Handler) SetAutoRefresh(c *gin.Context) {
+	if h.settings == nil {
+		resp.Internal(c, "系统设置未初始化")
+		return
+	}
+	var req struct {
+		Enabled bool `json:"enabled"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, "请求参数错误:"+err.Error())
+		return
+	}
+	updates := map[string]string{
+		settings.AccountRefreshEnabled:  boolStr(req.Enabled),
+		settings.AccountRefreshAheadSec: "86400",
+	}
+	if err := h.settings.Set(c.Request.Context(), updates); err != nil {
+		resp.Internal(c, "保存失败:"+err.Error())
+		return
+	}
+	if req.Enabled && h.refresher != nil {
+		h.refresher.Kick() // 立刻扫一遍
+	}
+	resp.OK(c, gin.H{
+		"enabled":   req.Enabled,
+		"ahead_sec": 86400,
+	})
+}
+
+func boolStr(b bool) string {
+	if b {
+		return "true"
+	}
+	return "false"
+}
+
+// 保留以便未来直接传 context(当前未用,但留一个显式符号避免删字段)
+var _ = context.Background
+
+// POST /api/admin/accounts/:id/bind-proxy
+func (h *Handler) BindProxy(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	var req struct {
+		ProxyID uint64 `json:"proxy_id" binding:"required"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, "请求参数错误:"+err.Error())
+		return
+	}
+	if err := h.svc.BindProxy(c.Request.Context(), id, req.ProxyID); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"account_id": id, "proxy_id": req.ProxyID})
+}
+
+// DELETE /api/admin/accounts/:id/bind-proxy
+func (h *Handler) UnbindProxy(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err := h.svc.UnbindProxy(c.Request.Context(), id); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"account_id": id})
+}
+
+// ===================== 批量导入 =====================
+
+// POST /api/admin/accounts/import
+// body: { text: "...", update_existing: true, default_client_id: "", default_proxy_id: 0 }
+// 或 multipart/form-data:files[] + 其他字段
+func (h *Handler) Import(c *gin.Context) {
+	var req struct {
+		Text            string `json:"text"`
+		UpdateExisting  *bool  `json:"update_existing"`
+		DefaultClientID string `json:"default_client_id"`
+		DefaultProxyID  uint64 `json:"default_proxy_id"`
+	}
+	// 支持 JSON body 或 multipart
+	ct := c.ContentType()
+	if ct == "application/json" {
+		if err := c.ShouldBindJSON(&req); err != nil {
+			resp.BadRequest(c, "请求参数错误:"+err.Error())
+			return
+		}
+	} else {
+		// multipart 表单
+		req.Text = c.PostForm("text")
+		if v := c.PostForm("update_existing"); v != "" {
+			b := v == "true" || v == "1"
+			req.UpdateExisting = &b
+		}
+		req.DefaultClientID = c.PostForm("default_client_id")
+		if v := c.PostForm("default_proxy_id"); v != "" {
+			if n, err := strconv.ParseUint(v, 10, 64); err == nil {
+				req.DefaultProxyID = n
+			}
+		}
+		// 多文件合并:允许前端一次上传 N 个 json
+		if form, err := c.MultipartForm(); err == nil && form != nil {
+			var sb strings.Builder
+			if req.Text != "" {
+				sb.WriteString(req.Text)
+				sb.WriteByte('\n')
+			}
+			for _, fh := range form.File["files"] {
+				f, err := fh.Open()
+				if err != nil {
+					continue
+				}
+				data, err := io.ReadAll(f)
+				_ = f.Close()
+				if err != nil || len(data) == 0 {
+					continue
+				}
+				sb.Write(data)
+				sb.WriteByte('\n')
+			}
+			req.Text = sb.String()
+		}
+	}
+
+	if req.Text == "" {
+		resp.BadRequest(c, "请提供 text 或上传文件")
+		return
+	}
+
+	items, err := ParseJSONBlob(req.Text)
+	if err != nil {
+		resp.BadRequest(c, "解析失败:"+err.Error())
+		return
+	}
+
+	upd := true
+	if req.UpdateExisting != nil {
+		upd = *req.UpdateExisting
+	}
+
+	opt := ImportOptions{
+		UpdateExisting:  upd,
+		DefaultClientID: req.DefaultClientID,
+		DefaultProxyID:  req.DefaultProxyID,
+		BatchSize:       200,
+	}
+	summary := h.svc.ImportBatch(c.Request.Context(), items, opt)
+
+	// 后台踢一次刷新(让新导入的账号尽快探测过期时间 / 额度)
+	if h.refresher != nil {
+		h.refresher.Kick()
+	}
+	if h.prober != nil {
+		h.prober.Kick()
+	}
+
+	resp.OK(c, summary)
+}
+
+// POST /api/admin/accounts/import-tokens
+//
+// body:
+//
+//	{
+//	  "mode": "at" | "rt" | "st",
+//	  "tokens": "一行一个\n...\n",   // 或字符串数组
+//	  "client_id": "app_xxxx",      // rt 必填,at/st 可选
+//	  "update_existing": true,
+//	  "default_proxy_id": 0         // RT/ST 换 AT 时走此代理,强烈推荐
+//	}
+//
+// 返回同 /import:ImportSummary。
+func (h *Handler) ImportTokens(c *gin.Context) {
+	var req struct {
+		Mode           string          `json:"mode"`
+		Tokens         json.RawMessage `json:"tokens"`
+		ClientID       string          `json:"client_id"`
+		UpdateExisting *bool           `json:"update_existing"`
+		DefaultProxyID uint64          `json:"default_proxy_id"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, "请求参数错误:"+err.Error())
+		return
+	}
+
+	// 支持两种 tokens 形态:字符串数组 / 一大段多行文本
+	var tokens []string
+	if len(req.Tokens) > 0 {
+		switch bytes.TrimSpace(req.Tokens)[0] {
+		case '[':
+			_ = json.Unmarshal(req.Tokens, &tokens)
+		case '"':
+			var s string
+			_ = json.Unmarshal(req.Tokens, &s)
+			tokens = splitLines(s)
+		}
+	}
+	if len(tokens) == 0 {
+		resp.BadRequest(c, "tokens 不能为空,请每行一个")
+		return
+	}
+
+	mode := ImportTokenMode(strings.ToLower(strings.TrimSpace(req.Mode)))
+	if mode == "" {
+		mode = ImportModeAT
+	}
+	if mode != ImportModeAT && mode != ImportModeRT && mode != ImportModeST {
+		resp.BadRequest(c, "不支持的 mode(仅 at / rt / st)")
+		return
+	}
+	if mode == ImportModeRT && strings.TrimSpace(req.ClientID) == "" {
+		resp.BadRequest(c, "RT 模式必须提供 client_id(APPID)")
+		return
+	}
+
+	upd := true
+	if req.UpdateExisting != nil {
+		upd = *req.UpdateExisting
+	}
+
+	var proxyURL string
+	if req.DefaultProxyID > 0 && h.proxyResolver != nil {
+		proxyURL = h.proxyResolver.ProxyURLByID(c.Request.Context(), req.DefaultProxyID)
+	}
+
+	summary := h.svc.ImportTokensBatch(c.Request.Context(), tokens, ImportTokensOptions{
+		Mode:            mode,
+		ClientID:        strings.TrimSpace(req.ClientID),
+		ProxyURL:        proxyURL,
+		DefaultProxyID:  req.DefaultProxyID,
+		UpdateExisting:  upd,
+		DefaultClientID: strings.TrimSpace(req.ClientID),
+	})
+
+	if h.refresher != nil {
+		h.refresher.Kick()
+	}
+	if h.prober != nil {
+		h.prober.Kick()
+	}
+	resp.OK(c, summary)
+}
+
+// splitLines 把多行文本切成 trim 后的非空行数组。
+func splitLines(s string) []string {
+	raw := strings.ReplaceAll(s, "\r\n", "\n")
+	parts := strings.Split(raw, "\n")
+	out := make([]string, 0, len(parts))
+	for _, p := range parts {
+		if t := strings.TrimSpace(p); t != "" {
+			out = append(out, t)
+		}
+	}
+	return out
+}
+
+// ===================== 刷新 / 探测 =====================
+
+// POST /api/admin/accounts/:id/refresh
+func (h *Handler) Refresh(c *gin.Context) {
+	if h.refresher == nil {
+		resp.Internal(c, "刷新器未初始化")
+		return
+	}
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	res, err := h.refresher.RefreshByID(c.Request.Context(), id)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, res)
+}
+
+// POST /api/admin/accounts/refresh-all
+// 批量并发刷新所有账号,并返回每条结果。
+func (h *Handler) RefreshAll(c *gin.Context) {
+	if h.refresher == nil {
+		resp.Internal(c, "刷新器未初始化")
+		return
+	}
+	ids, err := h.svc.dao.ListAllActiveIDs(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+
+	ctx := c.Request.Context()
+	conc := 8
+	sem := make(chan struct{}, conc)
+	var wg sync.WaitGroup
+	results := make([]*RefreshResult, 0, len(ids))
+	var mu sync.Mutex
+
+	for _, id := range ids {
+		id := id
+		wg.Add(1)
+		sem <- struct{}{}
+		go func() {
+			defer wg.Done()
+			defer func() { <-sem }()
+			r, err := h.refresher.RefreshByID(ctx, id)
+			if err != nil {
+				r = &RefreshResult{AccountID: id, Source: "failed", Error: err.Error()}
+			}
+			mu.Lock()
+			results = append(results, r)
+			mu.Unlock()
+		}()
+	}
+	wg.Wait()
+
+	ok, failed := 0, 0
+	for _, r := range results {
+		if r.OK {
+			ok++
+		} else {
+			failed++
+		}
+	}
+	resp.OK(c, gin.H{
+		"total":   len(results),
+		"success": ok,
+		"failed":  failed,
+		"results": results,
+	})
+}
+
+// POST /api/admin/accounts/:id/probe-quota
+func (h *Handler) ProbeQuota(c *gin.Context) {
+	if h.prober == nil {
+		resp.Internal(c, "额度探测器未初始化")
+		return
+	}
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	res, err := h.prober.ProbeByID(c.Request.Context(), id)
+	if err != nil && res == nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, res)
+}
+
+// POST /api/admin/accounts/probe-quota-all
+func (h *Handler) ProbeQuotaAll(c *gin.Context) {
+	if h.prober == nil {
+		resp.Internal(c, "额度探测器未初始化")
+		return
+	}
+	ids, err := h.svc.dao.ListAllActiveIDs(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+
+	ctx := c.Request.Context()
+	conc := 8
+	sem := make(chan struct{}, conc)
+	var wg sync.WaitGroup
+	results := make([]*QuotaResult, 0, len(ids))
+	var mu sync.Mutex
+
+	for _, id := range ids {
+		id := id
+		wg.Add(1)
+		sem <- struct{}{}
+		go func() {
+			defer wg.Done()
+			defer func() { <-sem }()
+			r, err := h.prober.ProbeByID(ctx, id)
+			if r == nil {
+				r = &QuotaResult{AccountID: id}
+				if err != nil {
+					r.Error = err.Error()
+				}
+			}
+			mu.Lock()
+			results = append(results, r)
+			mu.Unlock()
+		}()
+	}
+	wg.Wait()
+
+	ok, failed := 0, 0
+	for _, r := range results {
+		if r.OK {
+			ok++
+		} else {
+			failed++
+		}
+	}
+	resp.OK(c, gin.H{
+		"total":   len(results),
+		"success": ok,
+		"failed":  failed,
+		"results": results,
+	})
+}
diff --git a/internal/account/importer.go b/internal/account/importer.go
new file mode 100644
index 00000000..ff72a805
--- /dev/null
+++ b/internal/account/importer.go
@@ -0,0 +1,496 @@
+package account
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+	"time"
+)
+
+// ImportSource 代表一条待导入记录,来自任意一种 JSON 格式。
+type ImportSource struct {
+	// 必填
+	AccessToken string
+	Email       string
+
+	// 可选
+	RefreshToken     string
+	SessionToken     string // 从 cookie 里提取的 __Secure-next-auth.session-token
+	ClientID         string
+	ChatGPTAccountID string
+	AccountType      string // codex / chatgpt
+	ExpiredAt        time.Time
+	Name             string // sub2api 里的 name 字段(当 email 缺失时退化为 email)
+}
+
+// ImportLineResult 返回给前端,每条记录处理结果。
+type ImportLineResult struct {
+	Index  int    `json:"index"`
+	Email  string `json:"email"`
+	Status string `json:"status"` // created / updated / skipped / failed
+	Reason string `json:"reason,omitempty"`
+	ID     uint64 `json:"id,omitempty"`
+}
+
+// ImportSummary 整体统计。
+type ImportSummary struct {
+	Total   int                `json:"total"`
+	Created int                `json:"created"`
+	Updated int                `json:"updated"`
+	Skipped int                `json:"skipped"`
+	Failed  int                `json:"failed"`
+	Results []ImportLineResult `json:"results"`
+}
+
+// ImportOptions 批量导入选项。
+type ImportOptions struct {
+	// UpdateExisting 为 true 时 email 已存在则更新 token;false 则 skipped。
+	UpdateExisting bool
+	// DefaultClientID 当记录里没有 client_id 时填充的值。
+	DefaultClientID string
+	// DefaultProxyID 新建账号时默认绑定的代理 id(0 = 不绑)。
+	DefaultProxyID uint64
+	// BatchSize 分批 commit 的大小(仅用于让出 CPU,每批做一次 context check)。默认 200。
+	BatchSize int
+}
+
+// ParseJSONBlob 尝试把用户上传的文本解析成 ImportSource 列表。
+// 同时兼容以下输入:
+//  1. 顶层是对象且含 `accounts` 数组 → sub2api 多账号导出
+//  2. 顶层是对象且含 `access_token` / `accessToken` → 单账号 token_xxx.json
+//  3. 顶层是数组,每个元素同 (1)/(2) 的单个对象
+//  4. 多个 JSON 文本用换行/空行分隔(JSONL)
+func ParseJSONBlob(raw string) ([]ImportSource, error) {
+	raw = strings.TrimSpace(raw)
+	if raw == "" {
+		return nil, errors.New("输入为空")
+	}
+	// 先尝试整体解析
+	if xs, err := parseSingleJSON(raw); err == nil && len(xs) > 0 {
+		return xs, nil
+	}
+	// 再尝试 JSONL
+	var all []ImportSource
+	var firstErr error
+	dec := json.NewDecoder(strings.NewReader(raw))
+	for {
+		var one json.RawMessage
+		if err := dec.Decode(&one); err != nil {
+			if err == io.EOF {
+				break
+			}
+			if firstErr == nil {
+				firstErr = err
+			}
+			break
+		}
+		xs, err := parseSingleJSON(string(one))
+		if err != nil {
+			if firstErr == nil {
+				firstErr = err
+			}
+			continue
+		}
+		all = append(all, xs...)
+	}
+	if len(all) == 0 {
+		if firstErr == nil {
+			firstErr = errors.New("无法识别的 JSON 格式")
+		}
+		return nil, firstErr
+	}
+	return all, nil
+}
+
+func parseSingleJSON(s string) ([]ImportSource, error) {
+	s = strings.TrimSpace(s)
+	if s == "" {
+		return nil, errors.New("空 JSON")
+	}
+	// 1) 数组
+	if s[0] == '[' {
+		var arr []json.RawMessage
+		if err := json.Unmarshal([]byte(s), &arr); err != nil {
+			return nil, fmt.Errorf("解析 JSON 数组失败:%w", err)
+		}
+		var all []ImportSource
+		for _, item := range arr {
+			xs, err := parseSingleJSON(string(item))
+			if err != nil {
+				continue
+			}
+			all = append(all, xs...)
+		}
+		return all, nil
+	}
+	// 2) 对象
+	var obj map[string]json.RawMessage
+	if err := json.Unmarshal([]byte(s), &obj); err != nil {
+		return nil, fmt.Errorf("解析 JSON 对象失败:%w", err)
+	}
+
+	// Format A: 有 accounts 数组
+	if v, ok := obj["accounts"]; ok {
+		var accs []subAPIAccount
+		if err := json.Unmarshal(v, &accs); err == nil {
+			out := make([]ImportSource, 0, len(accs))
+			for _, a := range accs {
+				src, ok := a.toSource()
+				if ok {
+					out = append(out, src)
+				}
+			}
+			return out, nil
+		}
+	}
+
+	// Format B: 单账号 token_xxx.json(扁平对象)
+	if _, has := obj["access_token"]; has {
+		var b tokenFileB
+		if err := json.Unmarshal([]byte(s), &b); err != nil {
+			return nil, fmt.Errorf("解析 token 文件失败:%w", err)
+		}
+		src, ok := b.toSource()
+		if !ok {
+			return nil, errors.New("token 文件缺少必要字段")
+		}
+		return []ImportSource{src}, nil
+	}
+	// 兼容 accessToken(驼峰)
+	if _, has := obj["accessToken"]; has {
+		var b tokenFileB
+		// 同名 camelCase 字段也走 tokenFileB;json tag 都用 snake_case
+		// 这里用一个临时结构
+		var camel struct {
+			AccessToken  string `json:"accessToken"`
+			RefreshToken string `json:"refreshToken"`
+			Email        string `json:"email"`
+			AccountID    string `json:"account_id"`
+			Type         string `json:"type"`
+			ClientID     string `json:"client_id"`
+			Expired      string `json:"expires"`
+		}
+		if err := json.Unmarshal([]byte(s), &camel); err != nil {
+			return nil, err
+		}
+		b.AccessToken = camel.AccessToken
+		b.RefreshToken = camel.RefreshToken
+		b.Email = camel.Email
+		b.AccountID = camel.AccountID
+		b.Type = camel.Type
+		b.ClientID = camel.ClientID
+		b.Expired = camel.Expired
+		src, ok := b.toSource()
+		if !ok {
+			return nil, errors.New("token 文件缺少必要字段")
+		}
+		return []ImportSource{src}, nil
+	}
+
+	return nil, errors.New("未识别的 JSON 结构(既不是 sub2api 也不是 token 文件)")
+}
+
+// sub2api 的 account 结构片段。
+type subAPIAccount struct {
+	Name        string `json:"name"`
+	Platform    string `json:"platform"`
+	Type        string `json:"type"`
+	Credentials struct {
+		AccessToken      string `json:"access_token"`
+		RefreshToken     string `json:"refresh_token"`
+		SessionToken     string `json:"session_token"`
+		ClientID         string `json:"client_id"`
+		ChatGPTAccountID string `json:"chatgpt_account_id"`
+	} `json:"credentials"`
+	Extra struct {
+		Email string `json:"email"`
+	} `json:"extra"`
+}
+
+func (a subAPIAccount) toSource() (ImportSource, bool) {
+	src := ImportSource{
+		AccessToken:      a.Credentials.AccessToken,
+		RefreshToken:     a.Credentials.RefreshToken,
+		SessionToken:     a.Credentials.SessionToken,
+		ClientID:         a.Credentials.ClientID,
+		ChatGPTAccountID: a.Credentials.ChatGPTAccountID,
+		AccountType:      normalizeType(a.Name, a.Platform),
+		Email:            strings.TrimSpace(a.Extra.Email),
+		Name:             a.Name,
+	}
+	if src.Email == "" {
+		src.Email = emailFromName(a.Name)
+	}
+	if src.AccessToken == "" || src.Email == "" {
+		return src, false
+	}
+	return src, true
+}
+
+// tokenFileB 对应 token_xxx.json。
+type tokenFileB struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	IDToken      string `json:"id_token"`
+	AccountID    string `json:"account_id"`
+	Email        string `json:"email"`
+	Type         string `json:"type"`
+	ClientID     string `json:"client_id"`
+	Expired      string `json:"expired"`
+}
+
+func (b tokenFileB) toSource() (ImportSource, bool) {
+	src := ImportSource{
+		AccessToken:      b.AccessToken,
+		RefreshToken:     b.RefreshToken,
+		Email:            strings.TrimSpace(b.Email),
+		ChatGPTAccountID: b.AccountID,
+		ClientID:         b.ClientID,
+		AccountType:      strings.ToLower(strings.TrimSpace(b.Type)),
+	}
+	if src.AccountType == "" {
+		src.AccountType = "codex"
+	}
+	if b.Expired != "" {
+		if t, err := time.Parse(time.RFC3339, b.Expired); err == nil {
+			src.ExpiredAt = t
+		}
+	}
+	if src.AccessToken == "" || src.Email == "" {
+		return src, false
+	}
+	return src, true
+}
+
+// emailFromName 把 sub2api 的 name (codex-user_hotmail.com) 反推成 email。
+func emailFromName(name string) string {
+	if name == "" {
+		return ""
+	}
+	n := name
+	for _, prefix := range []string{"codex-", "chatgpt-", "openai-"} {
+		if strings.HasPrefix(n, prefix) {
+			n = strings.TrimPrefix(n, prefix)
+			break
+		}
+	}
+	// 最后一个 _ 之前视为 localpart,之后视为 domain
+	idx := strings.LastIndex(n, "_")
+	if idx > 0 && idx < len(n)-1 {
+		return n[:idx] + "@" + n[idx+1:]
+	}
+	return ""
+}
+
+func normalizeType(name, platform string) string {
+	lower := strings.ToLower(name + " " + platform)
+	switch {
+	case strings.Contains(lower, "codex"):
+		return "codex"
+	case strings.Contains(lower, "chatgpt"):
+		return "chatgpt"
+	case strings.Contains(lower, "openai"):
+		return "codex"
+	default:
+		return "codex"
+	}
+}
+
+// ImportBatch 执行批量导入。
+// 处理策略:
+//   - 同一批内 email 去重(后者覆盖前者)
+//   - email 已存在则按 UpdateExisting 决定更新或 skip
+//   - 每 BatchSize 条让出一次 CPU,并检查 ctx.Done(),便于大批量
+//   - 不做整体事务(失败项不影响成功项);单条失败只影响该条
+func (s *Service) ImportBatch(ctx context.Context, items []ImportSource, opt ImportOptions) *ImportSummary {
+	if opt.BatchSize <= 0 {
+		opt.BatchSize = 200
+	}
+	if opt.DefaultClientID == "" {
+		opt.DefaultClientID = "app_EMoamEEZ73f0CkXaXp7hrann"
+	}
+
+	// email 去重(后者覆盖)
+	seen := make(map[string]int, len(items))
+	dedup := make([]ImportSource, 0, len(items))
+	for _, it := range items {
+		if it.Email == "" {
+			continue
+		}
+		key := strings.ToLower(it.Email)
+		if idx, ok := seen[key]; ok {
+			dedup[idx] = it // 覆盖
+		} else {
+			seen[key] = len(dedup)
+			dedup = append(dedup, it)
+		}
+	}
+
+	sum := &ImportSummary{
+		Total:   len(dedup),
+		Results: make([]ImportLineResult, 0, len(dedup)),
+	}
+
+	for i, it := range dedup {
+		if i > 0 && i%opt.BatchSize == 0 {
+			// 让出一次 CPU;大批量下防止长时间独占
+			select {
+			case <-ctx.Done():
+				sum.Failed += len(dedup) - i
+				sum.Results = append(sum.Results, ImportLineResult{
+					Index: i, Email: "", Status: "failed", Reason: "导入被取消",
+				})
+				return sum
+			default:
+			}
+		}
+		res := s.importOne(ctx, i, it, opt)
+		switch res.Status {
+		case "created":
+			sum.Created++
+		case "updated":
+			sum.Updated++
+		case "skipped":
+			sum.Skipped++
+		case "failed":
+			sum.Failed++
+		}
+		sum.Results = append(sum.Results, res)
+	}
+	return sum
+}
+
+func (s *Service) importOne(ctx context.Context, idx int, it ImportSource, opt ImportOptions) ImportLineResult {
+	out := ImportLineResult{Index: idx, Email: it.Email}
+
+	if it.AccessToken == "" {
+		out.Status = "failed"
+		out.Reason = "缺少 access_token"
+		return out
+	}
+
+	// 计算过期时间:优先用 JSON 的 expired,其次解析 JWT
+	expAt := it.ExpiredAt
+	if expAt.IsZero() {
+		expAt = parseJWTExp(it.AccessToken)
+	}
+
+	clientID := it.ClientID
+	if clientID == "" {
+		clientID = opt.DefaultClientID
+	}
+	accountType := it.AccountType
+	if accountType == "" {
+		accountType = "codex"
+	}
+
+	// 查是否已存在
+	existing, err := s.dao.GetByEmail(ctx, it.Email)
+	if err != nil {
+		out.Status = "failed"
+		out.Reason = "查询失败:" + err.Error()
+		return out
+	}
+
+	atEnc, err := s.cipher.EncryptString(it.AccessToken)
+	if err != nil {
+		out.Status = "failed"
+		out.Reason = "AT 加密失败:" + err.Error()
+		return out
+	}
+	var rtEnc, stEnc string
+	if it.RefreshToken != "" {
+		if v, err := s.cipher.EncryptString(it.RefreshToken); err == nil {
+			rtEnc = v
+		}
+	}
+	if it.SessionToken != "" {
+		if v, err := s.cipher.EncryptString(it.SessionToken); err == nil {
+			stEnc = v
+		}
+	}
+
+	if existing == nil {
+		// 新建
+		a := &Account{
+			Email:            it.Email,
+			AuthTokenEnc:     atEnc,
+			ClientID:         clientID,
+			ChatGPTAccountID: it.ChatGPTAccountID,
+			AccountType:      accountType,
+			PlanType:         "free",
+			DailyImageQuota:  100,
+			Status:           StatusHealthy,
+		}
+		if rtEnc != "" {
+			a.RefreshTokenEnc.String = rtEnc
+			a.RefreshTokenEnc.Valid = true
+		}
+		if stEnc != "" {
+			a.SessionTokenEnc.String = stEnc
+			a.SessionTokenEnc.Valid = true
+		}
+		if !expAt.IsZero() {
+			a.TokenExpiresAt.Time = expAt
+			a.TokenExpiresAt.Valid = true
+		}
+		id, err := s.dao.Create(ctx, a)
+		if err != nil {
+			out.Status = "failed"
+			out.Reason = "入库失败:" + err.Error()
+			return out
+		}
+		if opt.DefaultProxyID > 0 {
+			_ = s.dao.SetBinding(ctx, id, opt.DefaultProxyID)
+		}
+		out.Status = "created"
+		out.ID = id
+		return out
+	}
+
+	// 已存在
+	if !opt.UpdateExisting {
+		out.Status = "skipped"
+		out.Reason = "邮箱已存在"
+		out.ID = existing.ID
+		return out
+	}
+	// 更新 token 字段,其它字段保持
+	existing.AuthTokenEnc = atEnc
+	if rtEnc != "" {
+		existing.RefreshTokenEnc.String = rtEnc
+		existing.RefreshTokenEnc.Valid = true
+	}
+	if stEnc != "" {
+		existing.SessionTokenEnc.String = stEnc
+		existing.SessionTokenEnc.Valid = true
+	}
+	if clientID != "" {
+		existing.ClientID = clientID
+	}
+	if it.ChatGPTAccountID != "" {
+		existing.ChatGPTAccountID = it.ChatGPTAccountID
+	}
+	if accountType != "" {
+		existing.AccountType = accountType
+	}
+	if !expAt.IsZero() {
+		existing.TokenExpiresAt.Time = expAt
+		existing.TokenExpiresAt.Valid = true
+	}
+	// 复活已死账号(导入新 token 视为重新投放)
+	if existing.Status == StatusDead || existing.Status == StatusSuspicious {
+		existing.Status = StatusHealthy
+	}
+	if err := s.dao.Update(ctx, existing); err != nil {
+		out.Status = "failed"
+		out.Reason = "更新失败:" + err.Error()
+		return out
+	}
+	out.Status = "updated"
+	out.ID = existing.ID
+	return out
+}
diff --git a/internal/account/importer_tokens.go b/internal/account/importer_tokens.go
new file mode 100644
index 00000000..02366ae2
--- /dev/null
+++ b/internal/account/importer_tokens.go
@@ -0,0 +1,426 @@
+package account
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+// ImportTokenMode 批量 token 导入的模式。
+type ImportTokenMode string
+
+const (
+	ImportModeAT ImportTokenMode = "at" // 每行一个 access_token
+	ImportModeRT ImportTokenMode = "rt" // 每行一个 refresh_token,需要 client_id(APPID)
+	ImportModeST ImportTokenMode = "st" // 每行一个 session_token
+)
+
+// ImportTokensOptions 批量 token 导入选项。
+type ImportTokensOptions struct {
+	Mode ImportTokenMode
+
+	// ClientID: RT 模式必填,AT/ST 模式可选(不填则用 DefaultClientID)。
+	// 在 RT 模式下会作为 OAuth 的 client_id 发起 auth.openai.com/oauth/token 请求。
+	ClientID string
+
+	// ProxyURL: 换 AT 时走的代理(RT/ST 必须能访问 auth.openai.com / chatgpt.com)。
+	// 空字符串=直连,生产环境通常必须走代理。
+	ProxyURL string
+
+	// 下面几个直接透传给底层 ImportBatch。
+	DefaultProxyID  uint64
+	UpdateExisting  bool
+	DefaultClientID string
+	BatchSize       int
+}
+
+// ImportTokensBatch 把用户粘贴的「一行一个 token」的文本批量转成账号入库。
+//
+// 处理流程:
+//
+//  1. 对 AT 模式:直接解 JWT payload 拿 email,不发起任何外部请求。
+//  2. 对 RT 模式:POST auth.openai.com/oauth/token(需要 client_id)换出 AT,
+//     再从 AT 解 email。RT 和 newAT 都会保存到账号。
+//  3. 对 ST 模式:GET chatgpt.com/api/auth/session(带 cookie)换出 AT,再从 AT 解 email。
+//     ST 和 newAT 都会保存到账号。
+//  4. 拿到 email + AT 的行 → 复用现有 ImportBatch 走 upsert。
+//  5. 无法拿到 email 的行进 failed 明细,返回给前端。
+func (s *Service) ImportTokensBatch(ctx context.Context, tokens []string, opts ImportTokensOptions) *ImportSummary {
+	if opts.Mode == "" {
+		opts.Mode = ImportModeAT
+	}
+	if opts.DefaultClientID == "" {
+		opts.DefaultClientID = "app_EMoamEEZ73f0CkXaXp7hrann"
+	}
+
+	httpc := buildImportHTTPClient(opts.ProxyURL)
+
+	// 去重 + 归一化
+	seen := map[string]struct{}{}
+	cleaned := make([]string, 0, len(tokens))
+	for _, raw := range tokens {
+		t := strings.TrimSpace(raw)
+		if t == "" {
+			continue
+		}
+		// 容错:某些 RT / ST 复制过来带前缀 "Bearer " 或 "__Secure-next-auth.session-token="
+		t = strings.TrimPrefix(t, "Bearer ")
+		t = strings.TrimPrefix(t, "bearer ")
+		if i := strings.Index(t, "="); i > 0 && i < 60 && strings.HasPrefix(strings.ToLower(t), "__secure-next-auth.session-token") {
+			t = t[i+1:]
+		}
+		if _, dup := seen[t]; dup {
+			continue
+		}
+		seen[t] = struct{}{}
+		cleaned = append(cleaned, t)
+	}
+
+	sum := &ImportSummary{Results: make([]ImportLineResult, 0, len(cleaned))}
+	items := make([]ImportSource, 0, len(cleaned))
+
+	// RT 模式先强制校验 client_id
+	clientID := strings.TrimSpace(opts.ClientID)
+	if opts.Mode == ImportModeRT && clientID == "" {
+		clientID = opts.DefaultClientID
+	}
+
+	for idx, t := range cleaned {
+		if err := ctx.Err(); err != nil {
+			break
+		}
+
+		var src ImportSource
+		var err error
+		switch opts.Mode {
+		case ImportModeAT:
+			src, err = convertATToSource(t, clientID)
+		case ImportModeRT:
+			if clientID == "" {
+				err = errors.New("RT 模式需要 APPID(client_id)")
+				break
+			}
+			src, err = convertRTToSource(ctx, httpc, t, clientID)
+		case ImportModeST:
+			src, err = convertSTToSource(ctx, httpc, t, clientID)
+		default:
+			err = fmt.Errorf("未知模式:%s", opts.Mode)
+		}
+		if err != nil {
+			sum.Failed++
+			sum.Total++
+			sum.Results = append(sum.Results, ImportLineResult{
+				Index:  idx,
+				Email:  "?",
+				Status: "failed",
+				Reason: truncate(err.Error(), 160),
+			})
+			continue
+		}
+		items = append(items, src)
+	}
+
+	// 复用已有批量 upsert(去重、分批、UpdateExisting 等都在里面)
+	batch := s.ImportBatch(ctx, items, ImportOptions{
+		UpdateExisting:  opts.UpdateExisting,
+		DefaultClientID: clientID,
+		DefaultProxyID:  opts.DefaultProxyID,
+		BatchSize:       opts.BatchSize,
+	})
+	sum.Total += batch.Total
+	sum.Created += batch.Created
+	sum.Updated += batch.Updated
+	sum.Skipped += batch.Skipped
+	sum.Failed += batch.Failed
+	sum.Results = append(sum.Results, batch.Results...)
+	return sum
+}
+
+// ---------- 三种模式的 token → ImportSource 转换 ----------
+
+// convertATToSource 仅凭 access_token 的 JWT payload 解 email / sub / 过期时间。
+func convertATToSource(at, clientID string) (ImportSource, error) {
+	email, subAccountID, expAt, err := decodeATClaims(at)
+	if err != nil {
+		return ImportSource{}, fmt.Errorf("解析 AT 失败:%w", err)
+	}
+	if email == "" {
+		return ImportSource{}, errors.New("无法从 AT 解出 email,请改用 JSON 或带 email 的导入")
+	}
+	return ImportSource{
+		AccessToken:      at,
+		Email:            email,
+		ChatGPTAccountID: subAccountID,
+		ExpiredAt:        expAt,
+		ClientID:         clientID,
+		AccountType:      "chatgpt",
+	}, nil
+}
+
+// convertRTToSource 用 refresh_token + client_id 调 auth.openai.com/oauth/token 换出 AT,
+// 再解 AT claims 拿 email。AT + RT 一起存进账号(后续仍可 RT 续签)。
+func convertRTToSource(ctx context.Context, httpc *http.Client, rt, clientID string) (ImportSource, error) {
+	at, newRT, expAt, err := rtExchange(ctx, httpc, rt, clientID)
+	if err != nil {
+		return ImportSource{}, fmt.Errorf("RT 换 AT 失败:%s", friendlyImportErr(err))
+	}
+	email, subAccID, expFromJWT, jerr := decodeATClaims(at)
+	if jerr != nil || email == "" {
+		return ImportSource{}, errors.New("RT 换出的 AT 无法解析出 email")
+	}
+	if expAt.IsZero() {
+		expAt = expFromJWT
+	}
+	// 如果服务端下发新 RT,用新的;否则用用户输入的
+	usedRT := rt
+	if newRT != "" {
+		usedRT = newRT
+	}
+	return ImportSource{
+		AccessToken:      at,
+		RefreshToken:     usedRT,
+		Email:            email,
+		ChatGPTAccountID: subAccID,
+		ExpiredAt:        expAt,
+		ClientID:         clientID,
+		AccountType:      "chatgpt",
+	}, nil
+}
+
+// convertSTToSource 用 session_token 调 chatgpt.com/api/auth/session 换出 AT,再解 email。
+// AT + ST 一起存进账号(后续可由 ST 定时续签)。
+func convertSTToSource(ctx context.Context, httpc *http.Client, st, clientID string) (ImportSource, error) {
+	at, expAt, err := stExchange(ctx, httpc, st)
+	if err != nil {
+		return ImportSource{}, fmt.Errorf("ST 换 AT 失败:%s", friendlyImportErr(err))
+	}
+	email, subAccID, expFromJWT, jerr := decodeATClaims(at)
+	if jerr != nil || email == "" {
+		return ImportSource{}, errors.New("ST 换出的 AT 无法解析出 email")
+	}
+	if expAt.IsZero() {
+		expAt = expFromJWT
+	}
+	return ImportSource{
+		AccessToken:      at,
+		SessionToken:     st,
+		Email:            email,
+		ChatGPTAccountID: subAccID,
+		ExpiredAt:        expAt,
+		ClientID:         clientID,
+		AccountType:      "chatgpt",
+	}, nil
+}
+
+// ---------- 底层 HTTP ----------
+
+func buildImportHTTPClient(proxyURL string) *http.Client {
+	httpc := &http.Client{Timeout: 30 * time.Second}
+	if proxyURL == "" {
+		return httpc
+	}
+	u, err := url.Parse(proxyURL)
+	if err != nil {
+		return httpc
+	}
+	httpc.Transport = &http.Transport{
+		Proxy:               http.ProxyURL(u),
+		ForceAttemptHTTP2:   true,
+		MaxIdleConns:        8,
+		IdleConnTimeout:     30 * time.Second,
+		TLSHandshakeTimeout: 10 * time.Second,
+	}
+	return httpc
+}
+
+// rtExchange 与 refresher.rtToAT 等价的包级实现(不需要 account_id)。
+func rtExchange(ctx context.Context, httpc *http.Client, rt, clientID string) (newAT, newRT string, expAt time.Time, err error) {
+	body := map[string]string{
+		"client_id":     clientID,
+		"grant_type":    "refresh_token",
+		"redirect_uri":  "com.openai.chat://auth0.openai.com/ios/com.openai.chat/callback",
+		"refresh_token": rt,
+	}
+	buf, _ := json.Marshal(body)
+	req, err := http.NewRequestWithContext(ctx, "POST",
+		"https://auth.openai.com/oauth/token", bytes.NewReader(buf))
+	if err != nil {
+		return
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("User-Agent", "ChatGPT/1.2025.122 (iOS 18.2; iPhone15,2; build 15096)")
+	resp, err := httpc.Do(req)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != 200 {
+		err = fmt.Errorf("rt exchange http=%d body=%s", resp.StatusCode, truncate(string(data), 200))
+		return
+	}
+	var out struct {
+		AccessToken  string `json:"access_token"`
+		RefreshToken string `json:"refresh_token"`
+		ExpiresIn    int    `json:"expires_in"`
+	}
+	if err = json.Unmarshal(data, &out); err != nil {
+		return
+	}
+	if out.AccessToken == "" {
+		err = errors.New("rt exchange: missing access_token in response")
+		return
+	}
+	newAT = out.AccessToken
+	newRT = out.RefreshToken
+	if out.ExpiresIn > 0 {
+		expAt = time.Now().Add(time.Duration(out.ExpiresIn) * time.Second)
+	}
+	return
+}
+
+// stExchange 与 refresher.stToAT 等价的包级实现。
+func stExchange(ctx context.Context, httpc *http.Client, st string) (newAT string, expAt time.Time, err error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", "https://chatgpt.com/api/auth/session", nil)
+	if err != nil {
+		return
+	}
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Referer", "https://chatgpt.com/")
+	req.Header.Set("User-Agent",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36")
+	req.AddCookie(&http.Cookie{Name: "__Secure-next-auth.session-token", Value: st})
+
+	resp, err := httpc.Do(req)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != 200 {
+		err = fmt.Errorf("st exchange http=%d body=%s", resp.StatusCode, truncate(string(data), 200))
+		return
+	}
+	raw := strings.TrimSpace(string(data))
+	if raw == "" || raw == "{}" {
+		err = errors.New("ST 已过期或无效(响应为空)")
+		return
+	}
+	var out struct {
+		AccessToken string `json:"accessToken"`
+		Expires     string `json:"expires"`
+	}
+	if err = json.Unmarshal([]byte(raw), &out); err != nil {
+		return
+	}
+	if out.AccessToken == "" {
+		err = errors.New("响应缺少 accessToken 字段,ST 已失效")
+		return
+	}
+	newAT = out.AccessToken
+	if out.Expires != "" {
+		if t, e := time.Parse(time.RFC3339, out.Expires); e == nil {
+			expAt = t
+		}
+	}
+	return
+}
+
+// ---------- JWT claims 解析 ----------
+
+// decodeATClaims 从 access_token(JWT)里取出 email / chatgpt_account_id / exp。
+// 兼容 iOS scope(Codex)和 Web scope(ChatGPT)两种 claim 结构。
+func decodeATClaims(at string) (email, accountID string, expAt time.Time, err error) {
+	parts := strings.Split(at, ".")
+	if len(parts) < 2 {
+		err = errors.New("非法 JWT(段数不足)")
+		return
+	}
+	raw, e := base64.RawURLEncoding.DecodeString(parts[1])
+	if e != nil {
+		raw, e = base64.StdEncoding.DecodeString(parts[1])
+		if e != nil {
+			err = fmt.Errorf("base64 解码失败:%w", e)
+			return
+		}
+	}
+	// 尽可能宽松地解析,不同 scope 的 claims 字段名不一样。
+	var claims map[string]interface{}
+	if e := json.Unmarshal(raw, &claims); e != nil {
+		err = fmt.Errorf("claims JSON 解码失败:%w", e)
+		return
+	}
+
+	// 1) 直接字段
+	if v, ok := claims["email"].(string); ok && v != "" {
+		email = v
+	}
+	if v, ok := claims["chatgpt_account_id"].(string); ok && v != "" {
+		accountID = v
+	}
+
+	// 2) iOS/Web scope 里常见的 namespaced claims
+	for _, ns := range []string{
+		"https://api.openai.com/profile",
+		"https://api.openai.com/auth",
+	} {
+		if m, ok := claims[ns].(map[string]interface{}); ok {
+			if email == "" {
+				if v, ok := m["email"].(string); ok && v != "" {
+					email = v
+				}
+			}
+			if accountID == "" {
+				if v, ok := m["chatgpt_account_id"].(string); ok && v != "" {
+					accountID = v
+				}
+				if v, ok := m["user_id"].(string); ok && accountID == "" && v != "" {
+					accountID = v
+				}
+			}
+		}
+	}
+
+	// 3) 从 exp
+	if v, ok := claims["exp"].(float64); ok && v > 0 {
+		expAt = time.Unix(int64(v), 0)
+	}
+	return
+}
+
+// friendlyImportErr 把底层 http 错误压成简短中文,避免把 URL / stacktrace 泄露到前端。
+func friendlyImportErr(err error) string {
+	if err == nil {
+		return ""
+	}
+	s := err.Error()
+	low := strings.ToLower(s)
+	switch {
+	case strings.Contains(low, "http=401"), strings.Contains(low, "invalid_grant"):
+		return "token 已失效(401)"
+	case strings.Contains(low, "http=403"):
+		return "上游拒绝访问(403)"
+	case strings.Contains(low, "http=429"):
+		return "触发速率限制(429),稍后再试"
+	case strings.Contains(low, "timeout"), strings.Contains(low, "deadline exceeded"):
+		return "请求超时,建议配代理"
+	case strings.Contains(low, "no such host"), strings.Contains(low, "dial tcp"):
+		return "无法连接 openai(建议选默认代理)"
+	case strings.Contains(low, "tls"), strings.Contains(low, "x509"):
+		return "TLS 握手失败"
+	}
+	// 兜底:去掉 URL
+	if i := strings.Index(s, `": `); i > 0 && i < len(s)-3 {
+		s = s[i+3:]
+	}
+	return truncate(strings.TrimSpace(s), 120)
+}
diff --git a/internal/account/model.go b/internal/account/model.go
new file mode 100644
index 00000000..931c6ddb
--- /dev/null
+++ b/internal/account/model.go
@@ -0,0 +1,76 @@
+package account
+
+import (
+	"database/sql"
+	"time"
+)
+
+// 账号状态常量。
+const (
+	StatusHealthy    = "healthy"
+	StatusWarned     = "warned"
+	StatusThrottled  = "throttled"
+	StatusSuspicious = "suspicious"
+	StatusDead       = "dead"
+)
+
+// 刷新来源。
+const (
+	RefreshSourceRT     = "rt"
+	RefreshSourceST     = "st"
+	RefreshSourceManual = "manual"
+)
+
+// Account 对应 oai_accounts 表。
+type Account struct {
+	ID                uint64         `db:"id" json:"id"`
+	Email             string         `db:"email" json:"email"`
+	AuthTokenEnc      string         `db:"auth_token_enc" json:"-"`
+	RefreshTokenEnc   sql.NullString `db:"refresh_token_enc" json:"-"`
+	SessionTokenEnc   sql.NullString `db:"session_token_enc" json:"-"`
+	TokenExpiresAt    sql.NullTime   `db:"token_expires_at" json:"token_expires_at,omitempty"`
+	OAISessionID      string         `db:"oai_session_id" json:"oai_session_id"`
+	OAIDeviceID       string         `db:"oai_device_id" json:"oai_device_id"`
+	ClientID          string         `db:"client_id" json:"client_id"`
+	ChatGPTAccountID  string         `db:"chatgpt_account_id" json:"chatgpt_account_id"`
+	AccountType       string         `db:"account_type" json:"account_type"`
+	PlanType          string         `db:"plan_type" json:"plan_type"`
+	DailyImageQuota   int            `db:"daily_image_quota" json:"daily_image_quota"`
+	Status            string         `db:"status" json:"status"`
+	WarnedAt          sql.NullTime   `db:"warned_at" json:"warned_at,omitempty"`
+	CooldownUntil     sql.NullTime   `db:"cooldown_until" json:"cooldown_until,omitempty"`
+	LastUsedAt        sql.NullTime   `db:"last_used_at" json:"last_used_at,omitempty"`
+	TodayUsedCount    int            `db:"today_used_count" json:"today_used_count"`
+	TodayUsedDate     sql.NullTime   `db:"today_used_date" json:"today_used_date,omitempty"`
+
+	LastRefreshAt      sql.NullTime `db:"last_refresh_at" json:"last_refresh_at,omitempty"`
+	LastRefreshSource  string       `db:"last_refresh_source" json:"last_refresh_source"`
+	RefreshError       string       `db:"refresh_error" json:"refresh_error"`
+
+	ImageQuotaRemaining int          `db:"image_quota_remaining" json:"image_quota_remaining"`
+	ImageQuotaTotal     int          `db:"image_quota_total"     json:"image_quota_total"`
+	ImageQuotaResetAt   sql.NullTime `db:"image_quota_reset_at"   json:"image_quota_reset_at,omitempty"`
+	ImageQuotaUpdatedAt sql.NullTime `db:"image_quota_updated_at" json:"image_quota_updated_at,omitempty"`
+
+	Notes     string       `db:"notes" json:"notes"`
+	CreatedAt time.Time    `db:"created_at" json:"created_at"`
+	UpdatedAt time.Time    `db:"updated_at" json:"updated_at"`
+	DeletedAt sql.NullTime `db:"deleted_at" json:"-"`
+
+	// ActiveEmail 是 MySQL STORED 生成列:活行=email / 软删行=NULL。
+	// 仅用于绑定 uk_active_email 这个"软删感知"的唯一索引,业务代码不会直接使用。
+	// 必须声明在 struct 里,否则 sqlx 严格模式下 SELECT * 会报
+	// "missing destination name active_email"。
+	ActiveEmail sql.NullString `db:"active_email" json:"-"`
+
+	// 辅助字段(非数据库列):前端展示用标志位。
+	HasRT bool `db:"-" json:"has_rt"`
+	HasST bool `db:"-" json:"has_st"`
+}
+
+// Binding 对应 account_proxy_bindings 表。
+type Binding struct {
+	AccountID uint64    `db:"account_id" json:"account_id"`
+	ProxyID   uint64    `db:"proxy_id" json:"proxy_id"`
+	BoundAt   time.Time `db:"bound_at" json:"bound_at"`
+}
diff --git a/internal/account/quota.go b/internal/account/quota.go
new file mode 100644
index 00000000..ba4f8eb4
--- /dev/null
+++ b/internal/account/quota.go
@@ -0,0 +1,375 @@
+package account
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/upstream/chatgpt"
+)
+
+// QuotaSettings 热更新参数。
+type QuotaSettings interface {
+	AccountQuotaProbeEnabled() bool
+	AccountQuotaProbeIntervalSec() int
+	AccountRefreshConcurrency() int // 复用刷新并发上限
+}
+
+// QuotaResult 探测结果。
+type QuotaResult struct {
+	AccountID       uint64    `json:"account_id"`
+	Email           string    `json:"email"`
+	OK              bool      `json:"ok"`
+	Remaining       int       `json:"remaining"`
+	Total           int       `json:"total"`
+	ResetAt         time.Time `json:"reset_at,omitempty"`
+	DefaultModel    string    `json:"default_model,omitempty"`    // 如 gpt-5-3
+	BlockedFeatures []string  `json:"blocked_features,omitempty"` // 被风控限制的功能列表
+	Error           string    `json:"error,omitempty"`
+}
+
+// QuotaProber 后台定期探测账号图片剩余额度。
+type QuotaProber struct {
+	svc      *Service
+	settings QuotaSettings
+	log      *zap.Logger
+	client   *http.Client
+
+	proxyResolver AccountProxyResolver
+
+	kick chan struct{}
+}
+
+func NewQuotaProber(svc *Service, settings QuotaSettings, logger *zap.Logger) *QuotaProber {
+	return &QuotaProber{
+		svc:      svc,
+		settings: settings,
+		log:      logger,
+		// client 仅作为"没代理也没 uTLS transport 构造失败"的退路,一般不会走到
+		client: &http.Client{
+			Timeout: 20 * time.Second,
+		},
+		kick: make(chan struct{}, 1),
+	}
+}
+
+// SetProxyResolver 注入账号代理解析器;未注入则直连。
+func (q *QuotaProber) SetProxyResolver(pr AccountProxyResolver) { q.proxyResolver = pr }
+
+// clientFor 返回一个带 uTLS(伪 Chrome ClientHello)的 http.Client。
+//
+// 历史背景:探测额度的落点是 POST /backend-api/conversation/init,这条路径和
+// 生图走的 f/conversation 同一道 Cloudflare 指纹校验。用 Go 默认 net/http 的
+// 标准 TLS 指纹发请求,JA3/JA4 立刻对不上 Chrome,被 403 挡住;而生图之所以
+// 没事是因为它走的是 chatgpt.NewUTLSTransport(内部 parrot 成 Chrome)。
+// 这里统一复用同一套 uTLS transport,保持整个"后台对 chatgpt.com 的触碰"指纹一致。
+func (q *QuotaProber) clientFor(ctx context.Context, accountID uint64) *http.Client {
+	proxyURL := ""
+	if q.proxyResolver != nil {
+		proxyURL = q.proxyResolver.ProxyURLForAccount(ctx, accountID)
+	}
+	tr, err := chatgpt.NewUTLSTransport(proxyURL, 30*time.Second)
+	if err != nil {
+		q.log.Warn("build utls transport for quota probe failed, fallback std http",
+			zap.Uint64("account_id", accountID), zap.Error(err))
+		return q.client
+	}
+	return &http.Client{Transport: tr, Timeout: q.client.Timeout}
+}
+
+func (q *QuotaProber) Kick() {
+	select {
+	case q.kick <- struct{}{}:
+	default:
+	}
+}
+
+// Run 后台循环。
+func (q *QuotaProber) Run(ctx context.Context) {
+	q.log.Info("account quota prober started")
+	defer q.log.Info("account quota prober stopped")
+
+	select {
+	case <-ctx.Done():
+		return
+	case <-time.After(10 * time.Second):
+	}
+
+	// 扫描循环固定 60s 一轮。注意"扫描周期"和"账号探测最小间隔"是两件事:
+	//   - 扫描周期 = prober goroutine 多久检查一次 DB,有没有候选要打;
+	//   - 探测最小间隔 = 同一账号两次探测之间的最短间隔(5h,由 DAO SQL 决定)。
+	// 绑定后者会让 5h 场景下每 100 分钟才扫一次 → "额度=0 补探"分支最长延迟 100 分钟,
+	// 达不到用户想要的"归零后尽快更新"。固定 60s 扫描 + SQL WHERE 过滤几乎零成本。
+	const scanInterval = 60 * time.Second
+
+	for {
+		if q.settings.AccountQuotaProbeEnabled() {
+			q.scanOnce(ctx)
+		}
+
+		select {
+		case <-ctx.Done():
+			return
+		case <-time.After(scanInterval):
+		case <-q.kick:
+		}
+	}
+}
+
+func (q *QuotaProber) scanOnce(ctx context.Context) {
+	minInterval := q.settings.AccountQuotaProbeIntervalSec()
+	conc := q.settings.AccountRefreshConcurrency()
+
+	rows, err := q.svc.dao.ListNeedProbeQuota(ctx, minInterval, 256)
+	if err != nil {
+		q.log.Warn("list quota probe candidates failed", zap.Error(err))
+		return
+	}
+	if len(rows) == 0 {
+		return
+	}
+
+	sem := make(chan struct{}, conc)
+	var wg sync.WaitGroup
+	for _, a := range rows {
+		a := a
+		wg.Add(1)
+		sem <- struct{}{}
+		go func() {
+			defer wg.Done()
+			defer func() { <-sem }()
+			_, _ = q.ProbeOne(ctx, a)
+		}()
+	}
+	wg.Wait()
+}
+
+// ProbeByID 指定账号探测。
+func (q *QuotaProber) ProbeByID(ctx context.Context, id uint64) (*QuotaResult, error) {
+	a, err := q.svc.dao.GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	return q.ProbeOne(ctx, a)
+}
+
+// ProbeOne 执行一次探测。
+// 访问 https://chatgpt.com/backend-api/rate_limits(需要 AT),挑选 image 相关条目汇总。
+func (q *QuotaProber) ProbeOne(ctx context.Context, a *Account) (*QuotaResult, error) {
+	res := &QuotaResult{AccountID: a.ID, Email: a.Email}
+	at, err := q.svc.cipher.DecryptString(a.AuthTokenEnc)
+	if err != nil || at == "" {
+		res.Error = "AT 解密失败"
+		_ = q.svc.dao.ApplyQuotaResult(ctx, a.ID, -1, -1, nil)
+		return res, errors.New(res.Error)
+	}
+
+	probe, probeErr := q.doProbe(ctx, a, at)
+	if probeErr != nil {
+		res.Error = friendlyProbeErr(probeErr)
+		_ = q.svc.dao.ApplyQuotaResult(ctx, a.ID, -1, -1, nil)
+		return res, probeErr
+	}
+
+	var resetPtr *time.Time
+	if !probe.resetAt.IsZero() {
+		resetPtr = &probe.resetAt
+	}
+	if err := q.svc.dao.ApplyQuotaResult(ctx, a.ID, probe.remaining, probe.total, resetPtr); err != nil {
+		res.Error = "写库失败:" + err.Error()
+		return res, err
+	}
+	res.OK = true
+	res.Remaining = probe.remaining
+	res.Total = probe.total
+	res.ResetAt = probe.resetAt
+	res.DefaultModel = probe.defaultModel
+	res.BlockedFeatures = probe.blockedFeatures
+	return res, nil
+}
+
+type probeOutcome struct {
+	remaining       int
+	total           int
+	resetAt         time.Time
+	defaultModel    string
+	blockedFeatures []string
+}
+
+// doProbe 调 /backend-api/conversation/init。
+//
+// 这是 ChatGPT 网页左下角「今日还剩 XX 张图」的数据源,官方不会把这次调用计入额度消耗,
+// 适合用于后台定时探测。
+//
+// 请求 body 参照抓包样例;响应关心的字段是:
+//   - limits_progress[].feature_name == "image_gen" → remaining / reset_after
+//   - default_model_slug  → 账号默认模型
+//   - blocked_features    → 被风控限制的功能;非空需要关注
+//
+// 指纹注意事项(曾在这里踩过 403):
+//   - TLS ClientHello 必须是 Chrome parrot(uTLS),由 q.clientFor 返回的 transport 提供;
+//   - HTTP 头部必须对齐 chatgpt.Client.commonHeaders(全套 sec-ch-ua-* / sec-fetch-*
+//     / Oai-Device-Id / Oai-Client-Version),少任何一项都可能被 Cloudflare / 业务风控
+//     当成脚本直接 403;
+//   - User-Agent / sec-ch-ua 两者的版本号必须一致(都是 Edge 143),否则"指纹冲突"。
+func (q *QuotaProber) doProbe(ctx context.Context, a *Account, accessToken string) (out probeOutcome, err error) {
+	out.remaining = -1
+	out.total = -1
+
+	// timezone_offset_min: 跟 UI 一致发 -480(北京时间),非关键
+	reqBody := []byte(`{"gizmo_id":null,"requested_default_model":null,"conversation_id":null,"timezone_offset_min":-480,"system_hints":["picture_v2"]}`)
+
+	req, err := http.NewRequestWithContext(ctx, "POST",
+		"https://chatgpt.com/backend-api/conversation/init", bytes.NewReader(reqBody))
+	if err != nil {
+		return
+	}
+
+	// ── 基础头 ──
+	req.Header.Set("Authorization", "Bearer "+accessToken)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "*/*")
+	req.Header.Set("Origin", chatgpt.BaseURL)
+	req.Header.Set("Referer", chatgpt.BaseURL+"/")
+	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6")
+	req.Header.Set("User-Agent", chatgpt.DefaultUserAgent)
+
+	// ── Client-Hints(Edge 143 @ Windows 11,必须跟 UA 版本一致)──
+	req.Header.Set("Sec-Ch-Ua", `"Microsoft Edge";v="143", "Chromium";v="143", "Not A(Brand";v="24"`)
+	req.Header.Set("Sec-Ch-Ua-Arch", `"x86"`)
+	req.Header.Set("Sec-Ch-Ua-Bitness", `"64"`)
+	req.Header.Set("Sec-Ch-Ua-Full-Version", `"143.0.3650.96"`)
+	req.Header.Set("Sec-Ch-Ua-Full-Version-List",
+		`"Microsoft Edge";v="143.0.3650.96", "Chromium";v="143.0.7499.147", "Not A(Brand";v="24.0.0.0"`)
+	req.Header.Set("Sec-Ch-Ua-Mobile", "?0")
+	req.Header.Set("Sec-Ch-Ua-Model", `""`)
+	req.Header.Set("Sec-Ch-Ua-Platform", `"Windows"`)
+	req.Header.Set("Sec-Ch-Ua-Platform-Version", `"19.0.0"`)
+
+	// ── Fetch 元数据(同源 XHR)──
+	req.Header.Set("Sec-Fetch-Dest", "empty")
+	req.Header.Set("Sec-Fetch-Mode", "cors")
+	req.Header.Set("Sec-Fetch-Site", "same-origin")
+
+	req.Header.Set("Cache-Control", "no-cache")
+	req.Header.Set("Pragma", "no-cache")
+	req.Header.Set("Priority", "u=1, i")
+
+	// ── Oai-* 业务指纹(chatgpt.com 自己埋的)──
+	// DeviceID 缺失会触发降权/频繁 403,这里用账号绑定的;实在没存就退回随机填充,
+	// 起码让请求长得像浏览器。
+	deviceID := strings.TrimSpace(a.OAIDeviceID)
+	if deviceID == "" {
+		deviceID = fallbackDeviceID(a.ID)
+	}
+	req.Header.Set("Oai-Device-Id", deviceID)
+	if sid := strings.TrimSpace(a.OAISessionID); sid != "" {
+		req.Header.Set("Oai-Session-Id", sid)
+	}
+	req.Header.Set("Oai-Language", chatgpt.DefaultLanguage)
+	req.Header.Set("Oai-Client-Version", chatgpt.DefaultClientVersion)
+	req.Header.Set("Oai-Client-Build-Number", chatgpt.DefaultClientBuildNum)
+
+	// ── X-Openai-Target-* (chatgpt web 每请求必带,值就是 URL path)──
+	req.Header.Set("X-Openai-Target-Path", req.URL.Path)
+	req.Header.Set("X-Openai-Target-Route", req.URL.Path)
+
+	resp, e := q.clientFor(ctx, a.ID).Do(req)
+	if e != nil {
+		err = e
+		return
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != 200 {
+		err = fmt.Errorf("conversation/init http=%d body=%s", resp.StatusCode, truncate(string(data), 200))
+		return
+	}
+
+	var payload struct {
+		Type             string   `json:"type"`
+		BlockedFeatures  []string `json:"blocked_features"`
+		DefaultModelSlug string   `json:"default_model_slug"`
+		LimitsProgress   []struct {
+			FeatureName string `json:"feature_name"`
+			Remaining   *int   `json:"remaining"`
+			ResetAfter  string `json:"reset_after"`
+		} `json:"limits_progress"`
+	}
+	if err = json.Unmarshal(data, &payload); err != nil {
+		return
+	}
+	out.defaultModel = payload.DefaultModelSlug
+	out.blockedFeatures = payload.BlockedFeatures
+
+	for _, item := range payload.LimitsProgress {
+		if !isImageFeature(item.FeatureName) {
+			continue
+		}
+		if item.Remaining != nil {
+			if out.remaining < 0 || *item.Remaining < out.remaining {
+				out.remaining = *item.Remaining
+			}
+		}
+		if item.ResetAfter != "" {
+			if t, e := time.Parse(time.RFC3339, item.ResetAfter); e == nil {
+				if out.resetAt.IsZero() || t.Before(out.resetAt) {
+					out.resetAt = t
+				}
+			}
+		}
+	}
+	return
+}
+
+// fallbackDeviceID 兜底 Oai-Device-Id:用账号 ID 拼一个固定的 uuid-like 字符串,
+// 保证同一账号每次探测都发一样的 device-id(这跟"用户在浏览器里的固定 LocalStorage"
+// 语义一致),避免被风控标成"跳跃式设备"。生产环境建议在首次登录时就把真实
+// device-id 写进 oai_accounts.oai_device_id。
+func fallbackDeviceID(accountID uint64) string {
+	// 形如 00000000-0000-4000-8000-xxxxxxxxxxxx(变体位正确,RFC 4122 v4)
+	return fmt.Sprintf("00000000-0000-4000-8000-%012d", accountID%1_000_000_000_000)
+}
+
+func isImageFeature(name string) bool {
+	n := strings.ToLower(name)
+	switch n {
+	case "image_gen", "image_generation", "image_edit", "img_gen":
+		return true
+	}
+	return strings.Contains(n, "image_gen") || strings.Contains(n, "img_gen")
+}
+
+func friendlyProbeErr(err error) string {
+	if err == nil {
+		return ""
+	}
+	s := err.Error()
+	low := strings.ToLower(s)
+	switch {
+	case strings.Contains(low, "http=401"):
+		return "AT 已过期,无法探测额度"
+	case strings.Contains(low, "http=403"):
+		return "上游拒绝访问(403)"
+	case strings.Contains(low, "http=429"):
+		return "上游速率限制(429)"
+	case strings.Contains(low, "timeout"), strings.Contains(low, "deadline exceeded"):
+		return "探测超时"
+	case strings.Contains(low, "connection refused"), strings.Contains(low, "no such host"):
+		return "网络不通"
+	default:
+		if len(s) > 160 {
+			s = s[:160] + "…"
+		}
+		return "探测失败:" + s
+	}
+}
diff --git a/internal/account/refresher.go b/internal/account/refresher.go
new file mode 100644
index 00000000..ee39053a
--- /dev/null
+++ b/internal/account/refresher.go
@@ -0,0 +1,548 @@
+package account
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/upstream/chatgpt"
+)
+
+// AccountProxyResolver 把账号 ID 映射成代理 URL(形如 http(s)://user:pass@host:port)。
+// 由 main.go 用 account.Service + proxy.Service 组装后注入;未绑定或禁用返回 ""。
+type AccountProxyResolver interface {
+	ProxyURLForAccount(ctx context.Context, accountID uint64) string
+}
+
+// RefreshSettings 热更新参数。由 settings.Service 实现。
+type RefreshSettings interface {
+	AccountRefreshEnabled() bool
+	AccountRefreshIntervalSec() int
+	AccountRefreshAheadSec() int
+	AccountRefreshConcurrency() int
+	AccountDefaultClientID() string
+}
+
+// RefreshResult 刷新结果。
+type RefreshResult struct {
+	AccountID uint64    `json:"account_id"`
+	Email     string    `json:"email"`
+	OK        bool      `json:"ok"`
+	Source    string    `json:"source"` // rt / st / failed
+	ExpiresAt time.Time `json:"expires_at,omitempty"`
+	Error     string    `json:"error,omitempty"`
+	RTRotated bool      `json:"rt_rotated,omitempty"`
+	// ATVerified 表示新 AT 已被 chatgpt.com web 后端接受(GET /backend-api/me 返回 200)。
+	// 只要 Source=st 必为 true;Source=rt 时取决于 verify 结果;Source=failed 时为 false。
+	ATVerified bool `json:"at_verified"`
+	// WebUnauthorized 为 true 表示 RT 换出来的 AT 被 chatgpt.com 以 401 拒绝
+	// (iOS OAuth 作用域 vs Web 作用域不一致)。前端据此提示用户补充 Session Token。
+	WebUnauthorized bool `json:"web_unauthorized,omitempty"`
+}
+
+// Refresher 负责把账号的 AT 通过 RT 或 ST 刷新成新的 AT。
+type Refresher struct {
+	svc      *Service
+	settings RefreshSettings
+	log      *zap.Logger
+	client   *http.Client
+
+	proxyResolver AccountProxyResolver
+
+	kick chan struct{}
+}
+
+// NewRefresher 构造。
+// HTTP client 默认直连(uTLS transport + InsecureSkipVerify,兼容 SSL Inspection 代理);
+// 如果注入了 AccountProxyResolver,则每次刷新会优先使用账号绑定的代理。
+func NewRefresher(svc *Service, settings RefreshSettings, logger *zap.Logger) *Refresher {
+	// 直连时也用 uTLS transport,保持与探测/出图一致的 TLS 指纹,
+	// 同时 InsecureSkipVerify=true 兼容 SSL Inspection 代理环境。
+	defaultTr, err := chatgpt.NewUTLSTransport("", 30*time.Second)
+	if err != nil {
+		// 理论上不会失败(空代理 URL);降级到裸 http.Transport
+		defaultTr = http.DefaultTransport
+		logger.Warn("refresher: failed to create uTLS transport, fallback to default", zap.Error(err))
+	}
+	return &Refresher{
+		svc:      svc,
+		settings: settings,
+		log:      logger,
+		client: &http.Client{
+			Transport: defaultTr,
+			Timeout:   30 * time.Second,
+		},
+		kick: make(chan struct{}, 1),
+	}
+}
+
+// Kick 立刻触发一次扫描(批量刷新按钮触发时调)。
+// SetProxyResolver 注入账号代理解析器。
+// 未调用时 Refresher 保持直连行为(兼容无代理池环境)。
+func (r *Refresher) SetProxyResolver(pr AccountProxyResolver) { r.proxyResolver = pr }
+
+// clientFor 根据账号 ID 选择合适的 http.Client:
+//   - proxyResolver 未注入或返回空 URL → 用默认直连 client(uTLS)
+//   - 返回非空 URL → 构造一次性带代理的 uTLS client(结束后 GC)
+//
+// 全部使用 chatgpt.NewUTLSTransport,原因:
+//  1. 伪装 Chrome TLS 指纹,避免 Cloudflare 拦截 auth.openai.com / chatgpt.com 请求;
+//  2. InsecureSkipVerify=true 兼容做 SSL Inspection 的商业代理(证书由代理重签)。
+//
+// 代理 URL 无效时降级到直连 uTLS,并打 warn 日志。
+func (r *Refresher) clientFor(ctx context.Context, accountID uint64) *http.Client {
+	if r.proxyResolver == nil {
+		return r.client
+	}
+	pu := r.proxyResolver.ProxyURLForAccount(ctx, accountID)
+	if pu == "" {
+		return r.client
+	}
+	tr, err := chatgpt.NewUTLSTransport(pu, 30*time.Second)
+	if err != nil {
+		r.log.Warn("invalid proxy url for refresh, fallback direct",
+			zap.Uint64("account_id", accountID), zap.String("proxy", pu), zap.Error(err))
+		return r.client
+	}
+	return &http.Client{Transport: tr, Timeout: r.client.Timeout}
+}
+
+func (r *Refresher) Kick() {
+	select {
+	case r.kick <- struct{}{}:
+	default:
+	}
+}
+
+// Run 后台循环。
+func (r *Refresher) Run(ctx context.Context) {
+	r.log.Info("account refresher started")
+	defer r.log.Info("account refresher stopped")
+
+	// 启动延迟 5s,避免和 migration 抢锁
+	select {
+	case <-ctx.Done():
+		return
+	case <-time.After(5 * time.Second):
+	}
+
+	for {
+		interval := time.Duration(r.settings.AccountRefreshIntervalSec()) * time.Second
+		if interval < 30*time.Second {
+			interval = 30 * time.Second
+		}
+
+		if r.settings.AccountRefreshEnabled() {
+			r.scanOnce(ctx)
+		}
+
+		select {
+		case <-ctx.Done():
+			return
+		case <-time.After(interval):
+		case <-r.kick:
+		}
+	}
+}
+
+func (r *Refresher) scanOnce(ctx context.Context) {
+	ahead := r.settings.AccountRefreshAheadSec()
+	conc := r.settings.AccountRefreshConcurrency()
+
+	rows, err := r.svc.dao.ListNeedRefresh(ctx, ahead, 256)
+	if err != nil {
+		r.log.Warn("list need-refresh accounts failed", zap.Error(err))
+		return
+	}
+	if len(rows) == 0 {
+		return
+	}
+	r.log.Info("refreshing accounts", zap.Int("count", len(rows)), zap.Int("ahead_sec", ahead), zap.Int("concurrency", conc))
+
+	sem := make(chan struct{}, conc)
+	var wg sync.WaitGroup
+	for _, a := range rows {
+		a := a
+		wg.Add(1)
+		sem <- struct{}{}
+		go func() {
+			defer wg.Done()
+			defer func() { <-sem }()
+			_, _ = r.RefreshAuto(ctx, a)
+		}()
+	}
+	wg.Wait()
+}
+
+// RefreshByID 指定 id 刷新。
+func (r *Refresher) RefreshByID(ctx context.Context, id uint64) (*RefreshResult, error) {
+	a, err := r.svc.dao.GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	return r.RefreshAuto(ctx, a)
+}
+
+// RefreshAuto 优先 RT,失败/没有 RT 回退 ST;都失败则 markDead。
+//
+// 判定规则(严格):
+//
+//  1. RT → AT HTTP 成功后,立即 GET /backend-api/me 做作用域校验
+//     - 200:写库,Source=rt,ATVerified=true,返回成功
+//     - 非 200(含 401/403/429/5xx/网络错误):**视为 RT 不可用**,丢弃本次 AT,
+//     不写库,继续尝试 ST
+//  2. ST → AT HTTP 成功:写库,Source=st,ATVerified=true,返回成功
+//  3. 两条路径都未拿到可用 AT:返回失败(ok=false),账号标 warned(RT 被 web 拒)
+//     或 dead(完全没可用 token)。不会把"无法校验通过"的 AT 悄悄写进库。
+//
+// 这条规则确保前端看到「刷新成功」时,AT 一定是 chatgpt.com web 后端接受的,
+// 后续探测 / 聊天 / 图像请求不会因作用域不匹配而 401。
+func (r *Refresher) RefreshAuto(ctx context.Context, a *Account) (*RefreshResult, error) {
+	if a == nil {
+		return nil, errors.New("account is nil")
+	}
+	res := &RefreshResult{AccountID: a.ID, Email: a.Email}
+
+	// 标记:RT 换出的 AT 是否被 web 后端以 401 拒绝(iOS scope vs web scope 不匹配)
+	var rtRejectedByWeb bool
+
+	// 尝试 RT
+	if a.RefreshTokenEnc.Valid && a.RefreshTokenEnc.String != "" {
+		rt, err := r.svc.cipher.DecryptString(a.RefreshTokenEnc.String)
+		if err == nil && rt != "" {
+			clientID := a.ClientID
+			if clientID == "" {
+				clientID = r.settings.AccountDefaultClientID()
+			}
+			newAT, newRT, expAt, err := r.rtToAT(ctx, a.ID, rt, clientID)
+			if err == nil && newAT != "" {
+				// RT → AT HTTP 200,现在校验 AT 能否被 chatgpt.com web 后端接受
+				verifyStatus, verifyErr := r.verifyATOnWeb(ctx, a.ID, newAT)
+				switch {
+				case verifyErr == nil && verifyStatus == 200:
+					res.ATVerified = true
+					return r.applyRefresh(ctx, a, newAT, newRT, expAt, RefreshSourceRT, res)
+				case verifyStatus == 401:
+					// AT 作用域不是 web:不写库,走 ST 回退
+					rtRejectedByWeb = true
+					r.log.Warn("RT-AT rejected by chatgpt.com web (401), fallback to ST",
+						zap.Uint64("id", a.ID), zap.String("email", a.Email))
+					res.Error = "RT 换出的 AT 被 chatgpt.com 拒绝(iOS 作用域)"
+				default:
+					// 其他错误:不写库,走 ST 回退
+					r.log.Warn("RT-AT verify failed, fallback to ST",
+						zap.Uint64("id", a.ID), zap.Int("status", verifyStatus),
+						zap.Error(verifyErr))
+					if verifyErr != nil {
+						res.Error = "RT 换出的 AT 校验失败:" + friendlyRefreshErr(verifyErr)
+					} else {
+						res.Error = fmt.Sprintf("RT 换出的 AT 校验失败(HTTP %d)", verifyStatus)
+					}
+				}
+			} else {
+				// RT → AT HTTP 本身失败,回退 ST
+				r.log.Warn("RT refresh failed, fallback to ST", zap.Uint64("id", a.ID), zap.Error(err))
+				res.Error = friendlyRefreshErr(err)
+			}
+		}
+	}
+
+	// 尝试 ST(ST → AT 本来就是 web 作用域,不需要再校验)
+	if a.SessionTokenEnc.Valid && a.SessionTokenEnc.String != "" {
+		st, err := r.svc.cipher.DecryptString(a.SessionTokenEnc.String)
+		if err == nil && st != "" {
+			newAT, expAt, err := r.stToAT(ctx, a.ID, st)
+			if err == nil && newAT != "" {
+				res.ATVerified = true
+				return r.applyRefresh(ctx, a, newAT, "", expAt, RefreshSourceST, res)
+			}
+			if res.Error == "" {
+				res.Error = friendlyRefreshErr(err)
+			} else {
+				res.Error += " / ST:" + friendlyRefreshErr(err)
+			}
+		}
+	}
+
+	// 都不行:区分两种失败语义
+	if rtRejectedByWeb {
+		// RT 本身可以刷出 AT,但作用域不兼容 web,且没有 ST 或 ST 也失败。
+		// 对本系统而言账号完全不可用,标 dead,调度器不再挑中它。
+		// 用户补充 Session Token 后再次手动刷新,ApplyRefreshResult 会把状态恢复成 healthy。
+		res.WebUnauthorized = true
+		if !a.SessionTokenEnc.Valid || a.SessionTokenEnc.String == "" {
+			res.Error = "RT 换出的 AT 被 chatgpt.com 拒绝(iOS 作用域不兼容 web),请为该账号补充 Session Token"
+		}
+		_ = r.svc.dao.RecordRefreshError(ctx, a.ID, RefreshSourceRT, res.Error, true)
+		res.Source = "failed"
+		return res, nil
+	}
+
+	if res.Error == "" {
+		res.Error = "账号既无可用 RT 也无可用 ST"
+	}
+	_ = r.svc.dao.RecordRefreshError(ctx, a.ID, RefreshSourceRT, res.Error, true)
+	res.Source = "failed"
+	return res, nil
+}
+
+// verifyATOnWeb 用新 AT 访问一个极轻量的 chatgpt.com web 端点,确认 AT 的作用域
+// 能被 web 后端接受。
+//
+// 选用 GET /backend-api/me:
+//   - 200 说明 AT 有效且作用域匹配 web
+//   - 401 说明 AT 无效或作用域不匹配(iOS OAuth RT 刷出的 AT 常见)
+//   - 403/429/5xx/网络错误 都不作为"AT 无效"的依据
+//
+// 返回 (http_status, err);err 为非 HTTP 层错误(dial/tls 等)。
+func (r *Refresher) verifyATOnWeb(ctx context.Context, accountID uint64, accessToken string) (int, error) {
+	vctx, cancel := context.WithTimeout(ctx, 12*time.Second)
+	defer cancel()
+	req, err := http.NewRequestWithContext(vctx, "GET",
+		"https://chatgpt.com/backend-api/me", nil)
+	if err != nil {
+		return 0, err
+	}
+	req.Header.Set("Authorization", "Bearer "+accessToken)
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Referer", "https://chatgpt.com/")
+	req.Header.Set("Origin", "https://chatgpt.com")
+	req.Header.Set("User-Agent",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36")
+
+	resp, err := r.clientFor(vctx, accountID).Do(req)
+	if err != nil {
+		return 0, err
+	}
+	defer resp.Body.Close()
+	// 读掉 body,释放连接
+	_, _ = io.Copy(io.Discard, resp.Body)
+	return resp.StatusCode, nil
+}
+
+func (r *Refresher) applyRefresh(
+	ctx context.Context, a *Account,
+	newAT, newRT string, expAt time.Time, source string,
+	res *RefreshResult,
+) (*RefreshResult, error) {
+	atEnc, err := r.svc.cipher.EncryptString(newAT)
+	if err != nil {
+		return nil, err
+	}
+	var rtEnc string
+	if newRT != "" {
+		enc, err := r.svc.cipher.EncryptString(newRT)
+		if err != nil {
+			return nil, err
+		}
+		rtEnc = enc
+	}
+	if expAt.IsZero() {
+		expAt = parseJWTExp(newAT)
+	}
+	if err := r.svc.dao.ApplyRefreshResult(ctx, a.ID, atEnc, rtEnc, expAt, source); err != nil {
+		return nil, err
+	}
+	res.OK = true
+	res.Source = source
+	res.ExpiresAt = expAt
+	res.Error = ""
+	res.RTRotated = rtEnc != ""
+	return res, nil
+}
+
+// rtToAT POST https://auth.openai.com/oauth/token
+func (r *Refresher) rtToAT(ctx context.Context, accountID uint64, refreshToken, clientID string) (newAT, newRT string, expAt time.Time, err error) {
+	body := map[string]string{
+		"client_id":     clientID,
+		"grant_type":    "refresh_token",
+		"redirect_uri":  "com.openai.chat://auth0.openai.com/ios/com.openai.chat/callback",
+		"refresh_token": refreshToken,
+	}
+	buf, _ := json.Marshal(body)
+	req, err := http.NewRequestWithContext(ctx, "POST",
+		"https://auth.openai.com/oauth/token", bytes.NewReader(buf))
+	if err != nil {
+		return
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("User-Agent", "ChatGPT/1.2025.122 (iOS 18.2; iPhone15,2; build 15096)")
+
+	resp, err := r.clientFor(ctx, accountID).Do(req)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != 200 {
+		err = fmt.Errorf("rt refresh http=%d body=%s", resp.StatusCode, truncate(string(data), 200))
+		return
+	}
+	var out struct {
+		AccessToken  string `json:"access_token"`
+		RefreshToken string `json:"refresh_token"`
+		ExpiresIn    int    `json:"expires_in"`
+	}
+	if err = json.Unmarshal(data, &out); err != nil {
+		return
+	}
+	if out.AccessToken == "" {
+		err = errors.New("rt refresh: missing access_token in response")
+		return
+	}
+	newAT = out.AccessToken
+	newRT = out.RefreshToken
+	if out.ExpiresIn > 0 {
+		expAt = time.Now().Add(time.Duration(out.ExpiresIn) * time.Second)
+	} else {
+		expAt = parseJWTExp(newAT)
+	}
+	return
+}
+
+// stToAT GET https://chatgpt.com/api/auth/session  Cookie: __Secure-next-auth.session-token=ST
+func (r *Refresher) stToAT(ctx context.Context, accountID uint64, sessionToken string) (newAT string, expAt time.Time, err error) {
+	req, err := http.NewRequestWithContext(ctx, "GET",
+		"https://chatgpt.com/api/auth/session", nil)
+	if err != nil {
+		return
+	}
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Referer", "https://chatgpt.com/")
+	req.Header.Set("User-Agent",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36")
+
+	// 同时尝试两个可能的 cookie 名
+	req.AddCookie(&http.Cookie{Name: "__Secure-next-auth.session-token", Value: sessionToken})
+
+	resp, err := r.clientFor(ctx, accountID).Do(req)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != 200 {
+		err = fmt.Errorf("st refresh http=%d body=%s", resp.StatusCode, truncate(string(data), 200))
+		return
+	}
+	raw := strings.TrimSpace(string(data))
+	if raw == "" || raw == "{}" {
+		err = errors.New("ST 已过期或无效,响应为空")
+		return
+	}
+	var out struct {
+		AccessToken string `json:"accessToken"`
+		Expires     string `json:"expires"`
+	}
+	if err = json.Unmarshal([]byte(raw), &out); err != nil {
+		return
+	}
+	if out.AccessToken == "" {
+		err = errors.New("响应缺少 accessToken 字段")
+		return
+	}
+	newAT = out.AccessToken
+	if out.Expires != "" {
+		if t, e := time.Parse(time.RFC3339, out.Expires); e == nil {
+			expAt = t
+		}
+	}
+	if expAt.IsZero() {
+		expAt = parseJWTExp(newAT)
+	}
+	return
+}
+
+// parseJWTExp 解 JWT payload 里的 exp(秒级)。失败返回 +24h。
+func parseJWTExp(token string) time.Time {
+	parts := strings.Split(token, ".")
+	if len(parts) < 2 {
+		return time.Now().Add(24 * time.Hour)
+	}
+	raw, err := base64.RawURLEncoding.DecodeString(parts[1])
+	if err != nil {
+		// 尝试 StdEncoding(容错)
+		raw, err = base64.StdEncoding.DecodeString(parts[1])
+		if err != nil {
+			return time.Now().Add(24 * time.Hour)
+		}
+	}
+	var claims struct {
+		Exp int64 `json:"exp"`
+	}
+	if err := json.Unmarshal(raw, &claims); err != nil || claims.Exp == 0 {
+		return time.Now().Add(24 * time.Hour)
+	}
+	return time.Unix(claims.Exp, 0)
+}
+
+func friendlyRefreshErr(err error) string {
+	if err == nil {
+		return ""
+	}
+	s := err.Error()
+	low := strings.ToLower(s)
+	switch {
+	case strings.Contains(low, "http=401"), strings.Contains(low, "invalid_grant"):
+		return "RT 已失效(401)"
+	case strings.Contains(low, "http=403"):
+		return "上游拒绝访问(403)"
+	case strings.Contains(low, "http=429"):
+		return "触发速率限制(429)"
+	case strings.Contains(low, "timeout"), strings.Contains(low, "deadline exceeded"):
+		return "刷新请求超时"
+	case strings.Contains(low, "proxyconnect") && strings.Contains(low, "no such host"):
+		return "代理域名无法解析"
+	case strings.Contains(low, "proxyconnect tcp"):
+		return "代理握手失败"
+	case strings.Contains(low, "no such host"):
+		return "DNS 解析失败"
+	case strings.Contains(low, "connection refused"):
+		return "连接被拒绝"
+	case strings.Contains(low, "connection reset"):
+		return "连接被重置"
+	case strings.Contains(low, "unexpected eof"), strings.HasSuffix(low, ": eof"):
+		return "连接被对端关闭"
+	case strings.Contains(low, "tls"), strings.Contains(low, "x509"):
+		return "TLS 握手失败"
+	case strings.Contains(low, "missing access_token"), strings.Contains(s, "ST 已过期"):
+		return stripHTTPPrefix(s)
+	default:
+		return "刷新失败:" + stripHTTPPrefix(s)
+	}
+}
+
+// stripHTTPPrefix 去掉 Go net/http 错误里形如
+//   Post "https://auth.openai.com/oauth/token": dial tcp: ...
+// 的 URL 前缀,只保留后面真正的原因,避免把敏感/冗长的 URL 暴露给前端。
+func stripHTTPPrefix(s string) string {
+	// 典型前缀: Get/Post/Put "https://...": rest
+	if i := strings.Index(s, `": `); i > 0 && i < len(s)-3 {
+		s = s[i+3:]
+	}
+	// 再剥一层常见的 "dial tcp: " / "proxyconnect tcp: " 类前缀最靠前的修饰,
+	// 保留中间有用的原因(如 lookup xxx: no such host)。
+	s = strings.TrimSpace(s)
+	if len(s) > 120 {
+		s = s[:120] + "…"
+	}
+	return s
+}
+
+func truncate(s string, n int) string {
+	if len(s) <= n {
+		return s
+	}
+	return s[:n] + "…"
+}
diff --git a/internal/account/service.go b/internal/account/service.go
new file mode 100644
index 00000000..bb47b04e
--- /dev/null
+++ b/internal/account/service.go
@@ -0,0 +1,298 @@
+package account
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"time"
+
+	"github.com/google/uuid"
+
+	"github.com/432539/gpt2api/pkg/crypto"
+)
+
+// Service 账号池业务。
+type Service struct {
+	dao    *DAO
+	cipher *crypto.AESGCM
+}
+
+func NewService(dao *DAO, cipher *crypto.AESGCM) *Service {
+	return &Service{dao: dao, cipher: cipher}
+}
+
+// CreateInput 新增账号入参(明文敏感字段)。
+type CreateInput struct {
+	Email            string    `json:"email"`
+	AuthToken        string    `json:"auth_token"`
+	RefreshToken     string    `json:"refresh_token"`
+	SessionToken     string    `json:"session_token"`
+	TokenExpiresAt   time.Time `json:"token_expires_at"`
+	OAISessionID     string    `json:"oai_session_id"`
+	OAIDeviceID      string    `json:"oai_device_id"`
+	ClientID         string    `json:"client_id"`
+	ChatGPTAccountID string    `json:"chatgpt_account_id"`
+	AccountType      string    `json:"account_type"`
+	PlanType         string    `json:"plan_type"`
+	DailyImageQuota  int       `json:"daily_image_quota"`
+	Notes            string    `json:"notes"`
+	Cookies          string    `json:"cookies"`
+	ProxyID          uint64    `json:"proxy_id"` // 可选:立即绑定
+}
+
+// UpdateInput 更新入参。AuthToken/RefreshToken/SessionToken/Cookies 为空串表示不改。
+type UpdateInput struct {
+	Email            string    `json:"email"`
+	AuthToken        string    `json:"auth_token"`
+	RefreshToken     string    `json:"refresh_token"`
+	SessionToken     string    `json:"session_token"`
+	TokenExpiresAt   time.Time `json:"token_expires_at"`
+	OAISessionID     string    `json:"oai_session_id"`
+	OAIDeviceID      string    `json:"oai_device_id"`
+	ClientID         string    `json:"client_id"`
+	ChatGPTAccountID string    `json:"chatgpt_account_id"`
+	AccountType      string    `json:"account_type"`
+	PlanType         string    `json:"plan_type"`
+	DailyImageQuota  int       `json:"daily_image_quota"`
+	Status           string    `json:"status"`
+	Notes            string    `json:"notes"`
+	Cookies          string    `json:"cookies"`
+}
+
+func (s *Service) Create(ctx context.Context, in CreateInput) (*Account, error) {
+	if in.Email == "" || in.AuthToken == "" {
+		return nil, errors.New("email 和 auth_token 不能为空")
+	}
+	atEnc, err := s.cipher.EncryptString(in.AuthToken)
+	if err != nil {
+		return nil, err
+	}
+	var rtEnc, stEnc sql.NullString
+	if in.RefreshToken != "" {
+		v, err := s.cipher.EncryptString(in.RefreshToken)
+		if err != nil {
+			return nil, err
+		}
+		rtEnc = sql.NullString{String: v, Valid: true}
+	}
+	if in.SessionToken != "" {
+		v, err := s.cipher.EncryptString(in.SessionToken)
+		if err != nil {
+			return nil, err
+		}
+		stEnc = sql.NullString{String: v, Valid: true}
+	}
+	if in.OAIDeviceID == "" {
+		in.OAIDeviceID = uuid.NewString()
+	}
+	if in.PlanType == "" {
+		in.PlanType = "plus"
+	}
+	if in.DailyImageQuota == 0 {
+		in.DailyImageQuota = 100
+	}
+	if in.ClientID == "" {
+		in.ClientID = "app_EMoamEEZ73f0CkXaXp7hrann"
+	}
+	if in.AccountType == "" {
+		in.AccountType = "codex"
+	}
+	a := &Account{
+		Email: in.Email, AuthTokenEnc: atEnc, RefreshTokenEnc: rtEnc, SessionTokenEnc: stEnc,
+		OAISessionID: in.OAISessionID, OAIDeviceID: in.OAIDeviceID,
+		ClientID: in.ClientID, ChatGPTAccountID: in.ChatGPTAccountID, AccountType: in.AccountType,
+		PlanType: in.PlanType, DailyImageQuota: in.DailyImageQuota,
+		Status: StatusHealthy, Notes: in.Notes,
+	}
+	if !in.TokenExpiresAt.IsZero() {
+		a.TokenExpiresAt = sql.NullTime{Time: in.TokenExpiresAt, Valid: true}
+	} else {
+		// 自动从 JWT 解析 exp
+		if exp := parseJWTExp(in.AuthToken); !exp.IsZero() {
+			a.TokenExpiresAt = sql.NullTime{Time: exp, Valid: true}
+		}
+	}
+	id, err := s.dao.Create(ctx, a)
+	if err != nil {
+		return nil, err
+	}
+	a.ID = id
+	if in.Cookies != "" {
+		enc, err := s.cipher.EncryptString(in.Cookies)
+		if err != nil {
+			return nil, err
+		}
+		if err := s.dao.UpsertCookies(ctx, id, enc); err != nil {
+			return nil, err
+		}
+	}
+	if in.ProxyID > 0 {
+		if err := s.dao.SetBinding(ctx, id, in.ProxyID); err != nil {
+			return nil, err
+		}
+	}
+	return s.dao.GetByID(ctx, id)
+}
+
+func (s *Service) Update(ctx context.Context, id uint64, in UpdateInput) (*Account, error) {
+	a, err := s.dao.GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	if in.Email != "" {
+		a.Email = in.Email
+	}
+	if in.AuthToken != "" {
+		enc, err := s.cipher.EncryptString(in.AuthToken)
+		if err != nil {
+			return nil, err
+		}
+		a.AuthTokenEnc = enc
+	}
+	if in.RefreshToken != "" {
+		enc, err := s.cipher.EncryptString(in.RefreshToken)
+		if err != nil {
+			return nil, err
+		}
+		a.RefreshTokenEnc = sql.NullString{String: enc, Valid: true}
+	}
+	if in.SessionToken != "" {
+		enc, err := s.cipher.EncryptString(in.SessionToken)
+		if err != nil {
+			return nil, err
+		}
+		a.SessionTokenEnc = sql.NullString{String: enc, Valid: true}
+	}
+	if !in.TokenExpiresAt.IsZero() {
+		a.TokenExpiresAt = sql.NullTime{Time: in.TokenExpiresAt, Valid: true}
+	} else if in.AuthToken != "" {
+		if exp := parseJWTExp(in.AuthToken); !exp.IsZero() {
+			a.TokenExpiresAt = sql.NullTime{Time: exp, Valid: true}
+		}
+	}
+	if in.OAISessionID != "" {
+		a.OAISessionID = in.OAISessionID
+	}
+	if in.OAIDeviceID != "" {
+		a.OAIDeviceID = in.OAIDeviceID
+	}
+	if in.ClientID != "" {
+		a.ClientID = in.ClientID
+	}
+	if in.ChatGPTAccountID != "" {
+		a.ChatGPTAccountID = in.ChatGPTAccountID
+	}
+	if in.AccountType != "" {
+		a.AccountType = in.AccountType
+	}
+	if in.PlanType != "" {
+		a.PlanType = in.PlanType
+	}
+	if in.DailyImageQuota > 0 {
+		a.DailyImageQuota = in.DailyImageQuota
+	}
+	if in.Status != "" {
+		a.Status = in.Status
+	}
+	a.Notes = in.Notes
+	if err := s.dao.Update(ctx, a); err != nil {
+		return nil, err
+	}
+	if in.Cookies != "" {
+		enc, err := s.cipher.EncryptString(in.Cookies)
+		if err != nil {
+			return nil, err
+		}
+		if err := s.dao.UpsertCookies(ctx, id, enc); err != nil {
+			return nil, err
+		}
+	}
+	return a, nil
+}
+
+func (s *Service) Delete(ctx context.Context, id uint64) error {
+	return s.dao.SoftDelete(ctx, id)
+}
+
+// BulkDeleteByStatus 批量软删;status 支持 dead / suspicious / warned / throttled / all。
+func (s *Service) BulkDeleteByStatus(ctx context.Context, status string) (int64, error) {
+	if status == "all" {
+		return s.dao.SoftDeleteByStatus(ctx, "")
+	}
+	return s.dao.SoftDeleteByStatus(ctx, status)
+}
+
+func (s *Service) Get(ctx context.Context, id uint64) (*Account, error) {
+	return s.dao.GetByID(ctx, id)
+}
+
+func (s *Service) List(ctx context.Context, status, keyword string, offset, limit int) ([]*Account, int64, error) {
+	return s.dao.List(ctx, status, keyword, offset, limit)
+}
+
+// BindProxy 绑定代理(一号一代理)。
+func (s *Service) BindProxy(ctx context.Context, accountID, proxyID uint64) error {
+	return s.dao.SetBinding(ctx, accountID, proxyID)
+}
+
+// UnbindProxy 解除绑定。
+func (s *Service) UnbindProxy(ctx context.Context, accountID uint64) error {
+	return s.dao.RemoveBinding(ctx, accountID)
+}
+
+// DecryptAuthToken 解密 AT。
+func (s *Service) DecryptAuthToken(a *Account) (string, error) {
+	return s.cipher.DecryptString(a.AuthTokenEnc)
+}
+
+// AccountSecrets AT / RT / ST 明文,仅给管理员编辑页回填使用。
+type AccountSecrets struct {
+	AuthToken    string `json:"auth_token"`
+	RefreshToken string `json:"refresh_token"`
+	SessionToken string `json:"session_token"`
+}
+
+// GetSecrets 返回指定账号的 AT/RT/ST 明文(用于后台编辑弹窗回显)。
+func (s *Service) GetSecrets(ctx context.Context, id uint64) (*AccountSecrets, error) {
+	a, err := s.dao.GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	out := &AccountSecrets{}
+	if a.AuthTokenEnc != "" {
+		if v, err := s.cipher.DecryptString(a.AuthTokenEnc); err == nil {
+			out.AuthToken = v
+		}
+	}
+	if a.RefreshTokenEnc.Valid && a.RefreshTokenEnc.String != "" {
+		if v, err := s.cipher.DecryptString(a.RefreshTokenEnc.String); err == nil {
+			out.RefreshToken = v
+		}
+	}
+	if a.SessionTokenEnc.Valid && a.SessionTokenEnc.String != "" {
+		if v, err := s.cipher.DecryptString(a.SessionTokenEnc.String); err == nil {
+			out.SessionToken = v
+		}
+	}
+	return out, nil
+}
+
+// DecryptCookies 返回账号 cookies 明文(JSON 字符串)。
+func (s *Service) DecryptCookies(ctx context.Context, accountID uint64) (string, error) {
+	enc, err := s.dao.GetCookies(ctx, accountID)
+	if err != nil {
+		return "", err
+	}
+	if enc == "" {
+		return "", nil
+	}
+	return s.cipher.DecryptString(enc)
+}
+
+// GetBinding 查账号-代理绑定。
+func (s *Service) GetBinding(ctx context.Context, accountID uint64) (*Binding, error) {
+	return s.dao.GetBinding(ctx, accountID)
+}
+
+// DAO 暴露给调度器使用。
+func (s *Service) DAO() *DAO { return s.dao }
diff --git a/internal/apikey/admin_handler.go b/internal/apikey/admin_handler.go
new file mode 100644
index 00000000..bc42c3bd
--- /dev/null
+++ b/internal/apikey/admin_handler.go
@@ -0,0 +1,114 @@
+package apikey
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/jmoiron/sqlx"
+
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// AdminHandler 提供跨用户 keys 视角。
+// 读操作走新的 list SQL(LEFT JOIN users 带邮箱,便于排查)。
+// 写操作(强制禁用 / 删除)复用 apikey.Service 的 Update/Delete,避免重复实现。
+type AdminHandler struct {
+	svc *Service
+	dao *DAO
+	db  *sqlx.DB
+}
+
+func NewAdminHandler(svc *Service, dao *DAO, db *sqlx.DB) *AdminHandler {
+	return &AdminHandler{svc: svc, dao: dao, db: db}
+}
+
+// adminKeyRow 带上用户邮箱做联表展示。
+type adminKeyRow struct {
+	APIKey
+	UserEmail string `db:"user_email" json:"user_email"`
+}
+
+// GET /api/admin/keys
+// query: user_id, enabled, q(name 模糊), limit, offset
+func (h *AdminHandler) List(c *gin.Context) {
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+	if limit <= 0 || limit > 200 {
+		limit = 50
+	}
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	if offset < 0 {
+		offset = 0
+	}
+
+	where := []string{"k.deleted_at IS NULL", "k.name <> ?"}
+	args := []any{InternalKeyName}
+	if uid, _ := strconv.ParseUint(c.Query("user_id"), 10, 64); uid > 0 {
+		where = append(where, "k.user_id = ?")
+		args = append(args, uid)
+	}
+	if v := c.Query("enabled"); v != "" {
+		b := v == "1" || strings.EqualFold(v, "true")
+		where = append(where, "k.enabled = ?")
+		args = append(args, b)
+	}
+	if q := strings.TrimSpace(c.Query("q")); q != "" {
+		where = append(where, "(k.name LIKE ? OR k.key_prefix LIKE ? OR u.email LIKE ?)")
+		like := "%" + q + "%"
+		args = append(args, like, like, like)
+	}
+	ws := strings.Join(where, " AND ")
+
+	query := fmt.Sprintf(`
+SELECT k.*, COALESCE(u.email, '') AS user_email
+FROM api_keys k
+LEFT JOIN users u ON u.id = k.user_id
+WHERE %s
+ORDER BY k.id DESC
+LIMIT ? OFFSET ?`, ws)
+
+	rows := make([]adminKeyRow, 0, limit)
+	if err := h.db.SelectContext(c.Request.Context(), &rows, query, append(args, limit, offset)...); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	var total int64
+	if err := h.db.GetContext(c.Request.Context(), &total,
+		fmt.Sprintf(`SELECT COUNT(*) FROM api_keys k LEFT JOIN users u ON u.id = k.user_id WHERE %s`, ws),
+		args...); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+
+	resp.OK(c, gin.H{
+		"items":  rows,
+		"total":  total,
+		"limit":  limit,
+		"offset": offset,
+	})
+}
+
+// PATCH /api/admin/keys/:id  (目前只支持 enabled)
+// 管理员可以强制禁用用户的 key。
+func (h *AdminHandler) SetEnabled(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	var req struct {
+		Enabled *bool `json:"enabled" binding:"required"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	k, err := h.dao.GetByID(c.Request.Context(), id)
+	if err != nil {
+		resp.NotFound(c, err.Error())
+		return
+	}
+	k.Enabled = *req.Enabled
+	if err := h.dao.Update(c.Request.Context(), k); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"id": id, "enabled": k.Enabled})
+}
diff --git a/internal/apikey/dao.go b/internal/apikey/dao.go
new file mode 100644
index 00000000..4e4bdad7
--- /dev/null
+++ b/internal/apikey/dao.go
@@ -0,0 +1,123 @@
+package apikey
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+)
+
+var ErrNotFound = errors.New("apikey: not found")
+
+type DAO struct{ db *sqlx.DB }
+
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+func (d *DAO) Create(ctx context.Context, k *APIKey) (uint64, error) {
+	res, err := d.db.ExecContext(ctx,
+		`INSERT INTO api_keys
+         (user_id, name, key_prefix, key_hash, quota_limit, allowed_models, allowed_ips,
+          rpm, tpm, expires_at, enabled)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		k.UserID, k.Name, k.KeyPrefix, k.KeyHash, k.QuotaLimit,
+		k.AllowedModels, k.AllowedIPs, k.RPM, k.TPM, k.ExpiresAt, k.Enabled,
+	)
+	if err != nil {
+		return 0, err
+	}
+	id, _ := res.LastInsertId()
+	return uint64(id), nil
+}
+
+func (d *DAO) GetByID(ctx context.Context, id uint64) (*APIKey, error) {
+	var k APIKey
+	err := d.db.GetContext(ctx, &k,
+		`SELECT * FROM api_keys WHERE id = ? AND deleted_at IS NULL`, id)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &k, err
+}
+
+// GetByHash 按 SHA-256 查询。只返回 enabled && 未删除的 key。
+func (d *DAO) GetByHash(ctx context.Context, hash string) (*APIKey, error) {
+	var k APIKey
+	err := d.db.GetContext(ctx, &k,
+		`SELECT * FROM api_keys
+         WHERE key_hash = ? AND enabled = 1 AND deleted_at IS NULL`, hash)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &k, err
+}
+
+func (d *DAO) ListByUser(ctx context.Context, userID uint64, offset, limit int) ([]*APIKey, int64, error) {
+	var total int64
+	if err := d.db.GetContext(ctx, &total,
+		`SELECT COUNT(*) FROM api_keys WHERE user_id = ? AND deleted_at IS NULL AND name <> ?`,
+		userID, InternalKeyName); err != nil {
+		return nil, 0, err
+	}
+	rows := make([]*APIKey, 0, limit)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM api_keys WHERE user_id = ? AND deleted_at IS NULL AND name <> ?
+         ORDER BY id DESC LIMIT ? OFFSET ?`,
+		userID, InternalKeyName, limit, offset)
+	return rows, total, err
+}
+
+// CountActiveByUser 返回用户当前"可见且可用" key 数量(未删 + 非 internal)。
+// 用于 max_per_user 配额判定。
+func (d *DAO) CountActiveByUser(ctx context.Context, userID uint64) (int, error) {
+	var n int
+	err := d.db.GetContext(ctx, &n,
+		`SELECT COUNT(*) FROM api_keys
+           WHERE user_id = ? AND deleted_at IS NULL AND name <> ?`,
+		userID, InternalKeyName)
+	return n, err
+}
+
+// GetByUserAndName 按 user_id + name 精确找一把 key(不关心 enabled),供内部 key 查询使用。
+func (d *DAO) GetByUserAndName(ctx context.Context, userID uint64, name string) (*APIKey, error) {
+	var k APIKey
+	err := d.db.GetContext(ctx, &k,
+		`SELECT * FROM api_keys
+         WHERE user_id = ? AND name = ? AND deleted_at IS NULL
+         ORDER BY id DESC LIMIT 1`,
+		userID, name)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &k, err
+}
+
+func (d *DAO) Update(ctx context.Context, k *APIKey) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE api_keys
+         SET name=?, quota_limit=?, allowed_models=?, allowed_ips=?,
+             rpm=?, tpm=?, expires_at=?, enabled=?
+         WHERE id = ? AND user_id = ? AND deleted_at IS NULL`,
+		k.Name, k.QuotaLimit, k.AllowedModels, k.AllowedIPs,
+		k.RPM, k.TPM, k.ExpiresAt, k.Enabled, k.ID, k.UserID,
+	)
+	return err
+}
+
+func (d *DAO) SoftDelete(ctx context.Context, userID, id uint64) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE api_keys SET deleted_at = ? WHERE id = ? AND user_id = ?`,
+		time.Now(), id, userID)
+	return err
+}
+
+// TouchUsage 更新最后使用时间/IP 和累计额度(原子)。
+func (d *DAO) TouchUsage(ctx context.Context, id uint64, ip string, addUsed int64) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE api_keys
+         SET last_used_at = ?, last_used_ip = ?, quota_used = quota_used + ?
+         WHERE id = ?`,
+		time.Now(), ip, addUsed, id)
+	return err
+}
diff --git a/internal/apikey/handler.go b/internal/apikey/handler.go
new file mode 100644
index 00000000..51a4eba3
--- /dev/null
+++ b/internal/apikey/handler.go
@@ -0,0 +1,98 @@
+package apikey
+
+import (
+	"errors"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+type Handler struct{ svc *Service }
+
+func NewHandler(s *Service) *Handler { return &Handler{svc: s} }
+
+// POST /api/keys
+func (h *Handler) Create(c *gin.Context) {
+	userID := middleware.UserID(c)
+	if userID == 0 {
+		resp.Unauthorized(c, "未登录")
+		return
+	}
+	var req CreateInput
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, "请求参数错误:"+err.Error())
+		return
+	}
+	out, err := h.svc.Create(c.Request.Context(), userID, req)
+	if err != nil {
+		if errors.Is(err, ErrKeyCountLimit) {
+			resp.Fail(c, resp.CodeBadRequest, "已达到单用户最多可创建 Key 数")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, out)
+}
+
+// GET /api/keys
+func (h *Handler) List(c *gin.Context) {
+	userID := middleware.UserID(c)
+	if userID == 0 {
+		resp.Unauthorized(c, "未登录")
+		return
+	}
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	if page < 1 {
+		page = 1
+	}
+	size, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	if size < 1 || size > 100 {
+		size = 20
+	}
+	list, total, err := h.svc.List(c.Request.Context(), userID, (page-1)*size, size)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"list": list, "total": total, "page": page, "page_size": size})
+}
+
+// PATCH /api/keys/:id
+func (h *Handler) Update(c *gin.Context) {
+	userID := middleware.UserID(c)
+	if userID == 0 {
+		resp.Unauthorized(c, "未登录")
+		return
+	}
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	var req UpdateInput
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, "请求参数错误:"+err.Error())
+		return
+	}
+	k, err := h.svc.Update(c.Request.Context(), userID, id, req)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, k)
+}
+
+// DELETE /api/keys/:id
+func (h *Handler) Delete(c *gin.Context) {
+	userID := middleware.UserID(c)
+	if userID == 0 {
+		resp.Unauthorized(c, "未登录")
+		return
+	}
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err := h.svc.Delete(c.Request.Context(), userID, id); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"deleted": id})
+}
diff --git a/internal/apikey/middleware.go b/internal/apikey/middleware.go
new file mode 100644
index 00000000..3526fc0c
--- /dev/null
+++ b/internal/apikey/middleware.go
@@ -0,0 +1,74 @@
+package apikey
+
+import (
+	"strings"
+
+	"github.com/gin-gonic/gin"
+)
+
+const (
+	CtxKey      = "apikey"
+	CtxKeyOwner = "apikey_user_id"
+)
+
+// Middleware 返回一个 gin 中间件,按 OpenAI 规范校验 Bearer Key。
+// allowQuery=true 允许 ?api_key= 作为兜底(浏览器直出)。
+func Middleware(svc *Service, allowQuery bool) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		raw := extractKey(c, allowQuery)
+		if raw == "" {
+			openAIAuthError(c, "missing_api_key", "缺少 API Key,请在 Authorization 头中传入 Bearer <key>")
+			return
+		}
+		k, err := svc.Verify(c.Request.Context(), raw)
+		if err != nil {
+			openAIAuthError(c, "invalid_api_key", err.Error())
+			return
+		}
+		ip := c.ClientIP()
+		if !k.IPAllowed(ip) {
+			openAIAuthError(c, "ip_not_allowed", "当前 IP 不在该 API Key 的白名单内")
+			return
+		}
+		c.Set(CtxKey, k)
+		c.Set(CtxKeyOwner, k.UserID)
+		c.Next()
+	}
+}
+
+func extractKey(c *gin.Context, allowQuery bool) string {
+	h := c.GetHeader("Authorization")
+	if h != "" {
+		if strings.HasPrefix(h, "Bearer ") {
+			return strings.TrimSpace(h[len("Bearer "):])
+		}
+		return strings.TrimSpace(h)
+	}
+	if allowQuery {
+		if v := c.Query("api_key"); v != "" {
+			return v
+		}
+	}
+	return ""
+}
+
+// FromCtx 取回 APIKey 对象。
+func FromCtx(c *gin.Context) (*APIKey, bool) {
+	v, ok := c.Get(CtxKey)
+	if !ok {
+		return nil, false
+	}
+	k, ok := v.(*APIKey)
+	return k, ok
+}
+
+// openAIAuthError 按 OpenAI 规范返回 401 错误。
+func openAIAuthError(c *gin.Context, code, msg string) {
+	c.AbortWithStatusJSON(401, gin.H{
+		"error": gin.H{
+			"message": msg,
+			"type":    "invalid_request_error",
+			"code":    code,
+		},
+	})
+}
diff --git a/internal/apikey/model.go b/internal/apikey/model.go
new file mode 100644
index 00000000..77367488
--- /dev/null
+++ b/internal/apikey/model.go
@@ -0,0 +1,28 @@
+package apikey
+
+import (
+	"database/sql"
+	"time"
+)
+
+// APIKey 对应 api_keys 表。
+type APIKey struct {
+	ID            uint64         `db:"id" json:"id"`
+	UserID        uint64         `db:"user_id" json:"user_id"`
+	Name          string         `db:"name" json:"name"`
+	KeyPrefix     string         `db:"key_prefix" json:"key_prefix"`
+	KeyHash       string         `db:"key_hash" json:"-"`
+	QuotaLimit    int64          `db:"quota_limit" json:"quota_limit"`
+	QuotaUsed     int64          `db:"quota_used" json:"quota_used"`
+	AllowedModels sql.NullString `db:"allowed_models" json:"allowed_models,omitempty"`
+	AllowedIPs    sql.NullString `db:"allowed_ips" json:"allowed_ips,omitempty"`
+	RPM           int            `db:"rpm" json:"rpm"`
+	TPM           int64          `db:"tpm" json:"tpm"`
+	ExpiresAt     sql.NullTime   `db:"expires_at" json:"expires_at,omitempty"`
+	Enabled       bool           `db:"enabled" json:"enabled"`
+	LastUsedAt    sql.NullTime   `db:"last_used_at" json:"last_used_at,omitempty"`
+	LastUsedIP    string         `db:"last_used_ip" json:"last_used_ip"`
+	CreatedAt     time.Time      `db:"created_at" json:"created_at"`
+	UpdatedAt     time.Time      `db:"updated_at" json:"updated_at"`
+	DeletedAt     sql.NullTime   `db:"deleted_at" json:"-"`
+}
diff --git a/internal/apikey/service.go b/internal/apikey/service.go
new file mode 100644
index 00000000..2b951be7
--- /dev/null
+++ b/internal/apikey/service.go
@@ -0,0 +1,284 @@
+package apikey
+
+import (
+	"context"
+	"crypto/rand"
+	"crypto/sha256"
+	"database/sql"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"strings"
+	"time"
+
+	"github.com/432539/gpt2api/internal/settings"
+)
+
+// Service API Key 业务。
+type Service struct {
+	dao      *DAO
+	settings *settings.Service // 可为 nil(兼容旧调用方)
+}
+
+func NewService(dao *DAO) *Service { return &Service{dao: dao} }
+
+// SetSettings 注入系统设置,用于 max_per_user / 默认日配额。
+func (s *Service) SetSettings(ss *settings.Service) { s.settings = ss }
+
+// ErrKeyCountLimit 用户已达到可创建 key 数上限。
+var ErrKeyCountLimit = errors.New("apikey: per-user key count limit reached")
+
+// InternalKeyName 在线体验专用内部 key 的固定名称。
+// 该名称的 key 不会出现在用户前端列表,也不计入配额。
+const InternalKeyName = "__playground__"
+
+// EnsureInternalKey 按 user_id 懒加载一把内部 playground key(没有就创建)。
+// 返回的 APIKey 可以直接喂给 gateway handler,复用扣费/限流等逻辑。
+// 该 key 的明文被丢弃(内部不暴露 raw 值,网关只用 k.ID/k.UserID 做计费)。
+func (s *Service) EnsureInternalKey(ctx context.Context, userID uint64) (*APIKey, error) {
+	if k, err := s.dao.GetByUserAndName(ctx, userID, InternalKeyName); err == nil {
+		return k, nil
+	} else if !errors.Is(err, ErrNotFound) {
+		return nil, err
+	}
+
+	raw, err := generateSecret()
+	if err != nil {
+		return nil, err
+	}
+	hash := HashKey(raw)
+	prefix := raw
+	if len(prefix) > 11 {
+		prefix = prefix[:11]
+	}
+	k := &APIKey{
+		UserID:    userID,
+		Name:      InternalKeyName,
+		KeyPrefix: prefix,
+		KeyHash:   hash,
+		Enabled:   true,
+	}
+	id, err := s.dao.Create(ctx, k)
+	if err != nil {
+		return nil, err
+	}
+	k.ID = id
+	return k, nil
+}
+
+// CreateInput 创建 Key 入参(不含 key 本身)。
+type CreateInput struct {
+	Name          string    `json:"name"`
+	QuotaLimit    int64     `json:"quota_limit"`
+	AllowedModels []string  `json:"allowed_models"`
+	AllowedIPs    []string  `json:"allowed_ips"`
+	RPM           int       `json:"rpm"`
+	TPM           int64     `json:"tpm"`
+	ExpiresAt     time.Time `json:"expires_at"`
+}
+
+// UpdateInput 更新入参。
+type UpdateInput struct {
+	Name          string    `json:"name"`
+	QuotaLimit    int64     `json:"quota_limit"`
+	AllowedModels []string  `json:"allowed_models"`
+	AllowedIPs    []string  `json:"allowed_ips"`
+	RPM           int       `json:"rpm"`
+	TPM           int64     `json:"tpm"`
+	ExpiresAt     time.Time `json:"expires_at"`
+	Enabled       *bool     `json:"enabled"`
+}
+
+// GeneratedKey 创建时返回,明文 key 仅此一次暴露。
+type GeneratedKey struct {
+	Key    string  `json:"key"`
+	Record *APIKey `json:"record"`
+}
+
+// generate 随机生成 sk-xxxx(32 byte base62)key。
+func generateSecret() (string, error) {
+	buf := make([]byte, 32)
+	if _, err := rand.Read(buf); err != nil {
+		return "", err
+	}
+	s := base64.RawURLEncoding.EncodeToString(buf)
+	// 去掉连字符防止歧义。
+	s = strings.ReplaceAll(s, "-", "x")
+	s = strings.ReplaceAll(s, "_", "y")
+	return "sk-" + s, nil
+}
+
+// HashKey 计算 SHA-256(key) 的 hex。
+func HashKey(key string) string {
+	h := sha256.Sum256([]byte(key))
+	return hex.EncodeToString(h[:])
+}
+
+func jsonListNullable(list []string) sql.NullString {
+	if len(list) == 0 {
+		return sql.NullString{}
+	}
+	b, _ := json.Marshal(list)
+	return sql.NullString{String: string(b), Valid: true}
+}
+
+func (s *Service) Create(ctx context.Context, userID uint64, in CreateInput) (*GeneratedKey, error) {
+	// 单用户 key 数上限(0=不限)
+	if s.settings != nil {
+		if cap := s.settings.KeyMaxPerUser(); cap > 0 {
+			cur, err := s.dao.CountActiveByUser(ctx, userID)
+			if err != nil {
+				return nil, err
+			}
+			if cur >= cap {
+				return nil, ErrKeyCountLimit
+			}
+		}
+		// 未显式指定 QuotaLimit 时,应用默认日配额
+		if in.QuotaLimit <= 0 {
+			in.QuotaLimit = s.settings.KeyDefaultDailyQuota()
+		}
+	}
+
+	key, err := generateSecret()
+	if err != nil {
+		return nil, err
+	}
+	hash := HashKey(key)
+	prefix := key
+	if len(prefix) > 11 { // "sk-" + 8
+		prefix = prefix[:11]
+	}
+
+	k := &APIKey{
+		UserID:        userID,
+		Name:          in.Name,
+		KeyPrefix:     prefix,
+		KeyHash:       hash,
+		QuotaLimit:    in.QuotaLimit,
+		AllowedModels: jsonListNullable(in.AllowedModels),
+		AllowedIPs:    jsonListNullable(in.AllowedIPs),
+		RPM:           in.RPM,
+		TPM:           in.TPM,
+		Enabled:       true,
+	}
+	if !in.ExpiresAt.IsZero() {
+		k.ExpiresAt = sql.NullTime{Time: in.ExpiresAt, Valid: true}
+	}
+	id, err := s.dao.Create(ctx, k)
+	if err != nil {
+		return nil, err
+	}
+	k.ID = id
+	return &GeneratedKey{Key: key, Record: k}, nil
+}
+
+func (s *Service) Update(ctx context.Context, userID, id uint64, in UpdateInput) (*APIKey, error) {
+	k, err := s.dao.GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	if k.UserID != userID {
+		return nil, errors.New("forbidden")
+	}
+	if in.Name != "" {
+		k.Name = in.Name
+	}
+	if in.QuotaLimit >= 0 {
+		k.QuotaLimit = in.QuotaLimit
+	}
+	if in.AllowedModels != nil {
+		k.AllowedModels = jsonListNullable(in.AllowedModels)
+	}
+	if in.AllowedIPs != nil {
+		k.AllowedIPs = jsonListNullable(in.AllowedIPs)
+	}
+	if in.RPM >= 0 {
+		k.RPM = in.RPM
+	}
+	if in.TPM >= 0 {
+		k.TPM = in.TPM
+	}
+	if !in.ExpiresAt.IsZero() {
+		k.ExpiresAt = sql.NullTime{Time: in.ExpiresAt, Valid: true}
+	}
+	if in.Enabled != nil {
+		k.Enabled = *in.Enabled
+	}
+	if err := s.dao.Update(ctx, k); err != nil {
+		return nil, err
+	}
+	return k, nil
+}
+
+func (s *Service) Delete(ctx context.Context, userID, id uint64) error {
+	return s.dao.SoftDelete(ctx, userID, id)
+}
+
+func (s *Service) List(ctx context.Context, userID uint64, offset, limit int) ([]*APIKey, int64, error) {
+	return s.dao.ListByUser(ctx, userID, offset, limit)
+}
+
+// Verify 网关鉴权核心:按明文 key 返回 APIKey(或错误)。
+// 判定:enabled / 过期 / quota 剩余 / IP 白名单 / model 白名单 在调用方分步做。
+func (s *Service) Verify(ctx context.Context, key string) (*APIKey, error) {
+	if !strings.HasPrefix(key, "sk-") {
+		return nil, errors.New("API Key 格式不正确")
+	}
+	hash := HashKey(key)
+	k, err := s.dao.GetByHash(ctx, hash)
+	if err != nil {
+		return nil, errors.New("API Key 不存在或已被停用")
+	}
+	if k.ExpiresAt.Valid && time.Now().After(k.ExpiresAt.Time) {
+		return nil, errors.New("API Key 已过期")
+	}
+	if k.QuotaLimit > 0 && k.QuotaUsed >= k.QuotaLimit {
+		return nil, errors.New("API Key 配额已用完")
+	}
+	return k, nil
+}
+
+// ModelAllowed 判断 model 是否在白名单内。
+func (k *APIKey) ModelAllowed(slug string) bool {
+	if !k.AllowedModels.Valid || k.AllowedModels.String == "" {
+		return true
+	}
+	var list []string
+	if err := json.Unmarshal([]byte(k.AllowedModels.String), &list); err != nil {
+		return true
+	}
+	if len(list) == 0 {
+		return true
+	}
+	for _, s := range list {
+		if s == slug {
+			return true
+		}
+	}
+	return false
+}
+
+// IPAllowed 判断 ip 是否在白名单内。
+func (k *APIKey) IPAllowed(ip string) bool {
+	if !k.AllowedIPs.Valid || k.AllowedIPs.String == "" {
+		return true
+	}
+	var list []string
+	if err := json.Unmarshal([]byte(k.AllowedIPs.String), &list); err != nil {
+		return true
+	}
+	if len(list) == 0 {
+		return true
+	}
+	for _, s := range list {
+		if s == ip {
+			return true
+		}
+	}
+	return false
+}
+
+// DAO 暴露以便网关调用 TouchUsage。
+func (s *Service) DAO() *DAO { return s.dao }
diff --git a/internal/audit/dao.go b/internal/audit/dao.go
new file mode 100644
index 00000000..327e05c3
--- /dev/null
+++ b/internal/audit/dao.go
@@ -0,0 +1,81 @@
+package audit
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/jmoiron/sqlx"
+)
+
+// DAO 审计日志表访问。
+type DAO struct{ db *sqlx.DB }
+
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+// Insert 写入一条日志。
+func (d *DAO) Insert(ctx context.Context, l *Log) error {
+	_, err := d.db.ExecContext(ctx, `
+INSERT INTO admin_audit_logs
+  (actor_id, actor_email, action, method, path, status_code, ip, ua, target, meta, created_at)
+VALUES (?,?,?,?,?,?,?,?,?,?, NOW())`,
+		l.ActorID, l.ActorEmail, l.Action, l.Method, l.Path, l.StatusCode,
+		l.IP, truncate(l.UA, 255), l.Target, nullJSON(l.Meta))
+	if err != nil {
+		return fmt.Errorf("audit insert: %w", err)
+	}
+	return nil
+}
+
+// List 分页查询(管理员视图)。支持按 actor_id / action 过滤。
+func (d *DAO) List(ctx context.Context, actorID uint64, action string, limit, offset int) ([]Log, error) {
+	if limit <= 0 {
+		limit = 50
+	}
+	q := `SELECT id, actor_id, actor_email, action, method, path, status_code, ip, ua, target, meta, created_at
+	        FROM admin_audit_logs WHERE 1=1`
+	args := []interface{}{}
+	if actorID > 0 {
+		q += " AND actor_id = ?"
+		args = append(args, actorID)
+	}
+	if action != "" {
+		q += " AND action = ?"
+		args = append(args, action)
+	}
+	q += " ORDER BY id DESC LIMIT ? OFFSET ?"
+	args = append(args, limit, offset)
+	var out []Log
+	err := d.db.SelectContext(ctx, &out, q, args...)
+	return out, err
+}
+
+// Count 对应 List 的计数。
+func (d *DAO) Count(ctx context.Context, actorID uint64, action string) (int64, error) {
+	q := `SELECT COUNT(*) FROM admin_audit_logs WHERE 1=1`
+	args := []interface{}{}
+	if actorID > 0 {
+		q += " AND actor_id = ?"
+		args = append(args, actorID)
+	}
+	if action != "" {
+		q += " AND action = ?"
+		args = append(args, action)
+	}
+	var n int64
+	err := d.db.GetContext(ctx, &n, q, args...)
+	return n, err
+}
+
+func nullJSON(b []byte) interface{} {
+	if len(b) == 0 {
+		return nil
+	}
+	return b
+}
+
+func truncate(s string, max int) string {
+	if len(s) <= max {
+		return s
+	}
+	return s[:max]
+}
diff --git a/internal/audit/handler.go b/internal/audit/handler.go
new file mode 100644
index 00000000..6f011fcd
--- /dev/null
+++ b/internal/audit/handler.go
@@ -0,0 +1,36 @@
+package audit
+
+import (
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// Handler 暴露审计日志只读查询接口(仅 admin,已有 PermAuditRead 权限检查)。
+type Handler struct {
+	dao *DAO
+}
+
+// NewHandler 构造。
+func NewHandler(dao *DAO) *Handler { return &Handler{dao: dao} }
+
+// List GET /api/admin/audit/logs?actor_id=&action=&limit=&offset=
+func (h *Handler) List(c *gin.Context) {
+	actorID, _ := strconv.ParseUint(c.Query("actor_id"), 10, 64)
+	action := c.Query("action")
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	if limit > 500 {
+		limit = 500
+	}
+
+	items, err := h.dao.List(c.Request.Context(), actorID, action, limit, offset)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	total, _ := h.dao.Count(c.Request.Context(), actorID, action)
+	resp.OK(c, gin.H{"items": items, "total": total, "limit": limit, "offset": offset})
+}
diff --git a/internal/audit/middleware.go b/internal/audit/middleware.go
new file mode 100644
index 00000000..11a4e927
--- /dev/null
+++ b/internal/audit/middleware.go
@@ -0,0 +1,113 @@
+package audit
+
+import (
+	"context"
+	"encoding/json"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// Middleware 在 /api/admin/* 下自动记录写操作。
+// 非写操作(GET/HEAD/OPTIONS)默认不落盘,避免审计表爆炸。
+// 管理员查看敏感资源(比如用户列表)如需单独记录,在 handler 里 `Record(c, ...)`。
+func Middleware(dao *DAO) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if !isWrite(c.Request.Method) {
+			c.Next()
+			return
+		}
+		start := time.Now()
+		c.Next()
+		go writeLog(dao, c, start)
+	}
+}
+
+// Record 供 handler 显式追加审计记录(用于带业务 meta 的场景)。
+// action 形如 "user.credit.adjust",target 为业务 id/slug,meta 为 JSON-encode 的任意上下文。
+func Record(c *gin.Context, dao *DAO, action, target string, meta any) {
+	if dao == nil {
+		return
+	}
+	metaB, _ := json.Marshal(meta)
+	email, _ := c.Get("actor_email")
+	emailStr, _ := email.(string)
+	l := &Log{
+		ActorID:    middleware.UserID(c),
+		ActorEmail: emailStr,
+		Action:     action,
+		Method:     c.Request.Method,
+		Path:       c.FullPath(),
+		StatusCode: c.Writer.Status(),
+		IP:         c.ClientIP(),
+		UA:         c.Request.UserAgent(),
+		Target:     target,
+		Meta:       metaB,
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+	defer cancel()
+	if err := dao.Insert(ctx, l); err != nil {
+		logger.L().Warn("audit record failed", zap.Error(err), zap.String("action", action))
+	}
+}
+
+func writeLog(dao *DAO, c *gin.Context, start time.Time) {
+	email, _ := c.Get("actor_email")
+	emailStr, _ := email.(string)
+	l := &Log{
+		ActorID:    middleware.UserID(c),
+		ActorEmail: emailStr,
+		Action:     deriveAction(c),
+		Method:     c.Request.Method,
+		Path:       c.FullPath(),
+		StatusCode: c.Writer.Status(),
+		IP:         c.ClientIP(),
+		UA:         c.Request.UserAgent(),
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+	if err := dao.Insert(ctx, l); err != nil {
+		logger.L().Warn("audit insert failed", zap.Error(err),
+			zap.String("path", c.FullPath()), zap.Duration("elapsed", time.Since(start)))
+	}
+}
+
+// deriveAction 从路径+方法推导一个语义化 action,形如 "accounts.create"。
+func deriveAction(c *gin.Context) string {
+	p := strings.TrimPrefix(c.FullPath(), "/api/admin/")
+	p = strings.TrimSuffix(p, "/")
+	if p == "" {
+		return c.Request.Method
+	}
+	// 把占位符换成 *,方便在审计里聚合
+	parts := strings.Split(p, "/")
+	for i, seg := range parts {
+		if strings.HasPrefix(seg, ":") {
+			parts[i] = "*"
+		}
+	}
+	key := strings.ReplaceAll(strings.Join(parts, "."), "-", "_")
+	switch c.Request.Method {
+	case "POST":
+		return key + ".create"
+	case "PUT", "PATCH":
+		return key + ".update"
+	case "DELETE":
+		return key + ".delete"
+	default:
+		return key + "." + strings.ToLower(c.Request.Method)
+	}
+}
+
+func isWrite(m string) bool {
+	switch m {
+	case "POST", "PUT", "PATCH", "DELETE":
+		return true
+	}
+	return false
+}
diff --git a/internal/audit/model.go b/internal/audit/model.go
new file mode 100644
index 00000000..d1bff1cd
--- /dev/null
+++ b/internal/audit/model.go
@@ -0,0 +1,30 @@
+// Package audit 管理员操作审计日志。
+//
+// 所有 /api/admin/* 的 POST/PUT/PATCH/DELETE 请求会被 Middleware 拦截,
+// 自动把操作者、IP、路径、方法、关键响应码落入 admin_audit_logs 表。
+//
+// 特殊高危操作(备份恢复、删除账号、积分调整)还会携带额外的 meta JSON,
+// 由 handler 自行调用 `Record(c, "meta...")` 显式追加。
+package audit
+
+import (
+	"database/sql"
+	"time"
+)
+
+// Log 对应 admin_audit_logs 表。
+type Log struct {
+	ID         uint64       `db:"id" json:"id"`
+	ActorID    uint64       `db:"actor_id" json:"actor_id"`
+	ActorEmail string       `db:"actor_email" json:"actor_email"`
+	Action     string       `db:"action" json:"action"`       // 形如 "user.credit.adjust"
+	Method     string       `db:"method" json:"method"`       // HTTP method
+	Path       string       `db:"path" json:"path"`
+	StatusCode int          `db:"status_code" json:"status_code"`
+	IP         string       `db:"ip" json:"ip"`
+	UA         string       `db:"ua" json:"ua"`
+	Target     string       `db:"target" json:"target"`       // 业务对象 id/slug(可选)
+	Meta       []byte       `db:"meta" json:"meta,omitempty"` // JSON
+	CreatedAt  time.Time    `db:"created_at" json:"created_at"`
+	Finished   sql.NullTime `db:"-" json:"-"`                 // 预留,不落表
+}
diff --git a/internal/auth/handler.go b/internal/auth/handler.go
new file mode 100644
index 00000000..2eb4315e
--- /dev/null
+++ b/internal/auth/handler.go
@@ -0,0 +1,105 @@
+package auth
+
+import (
+	"errors"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/user"
+	pkgjwt "github.com/432539/gpt2api/pkg/jwt"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+type Handler struct {
+	svc *Service
+}
+
+func NewHandler(s *Service) *Handler { return &Handler{svc: s} }
+
+type registerReq struct {
+	Email    string `json:"email" binding:"required,email"`
+	Password string `json:"password" binding:"required,min=6,max=64"`
+	Nickname string `json:"nickname" binding:"max=64"`
+}
+
+type loginReq struct {
+	Email    string `json:"email" binding:"required,email"`
+	Password string `json:"password" binding:"required"`
+}
+
+type refreshReq struct {
+	RefreshToken string `json:"refresh_token" binding:"required"`
+}
+
+type loginResp struct {
+	User  *user.User       `json:"user"`
+	Token *pkgjwt.TokenPair `json:"token"`
+}
+
+// POST /api/auth/register
+func (h *Handler) Register(c *gin.Context) {
+	var req registerReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	u, err := h.svc.Register(c.Request.Context(), req.Email, req.Password, req.Nickname)
+	if err != nil {
+		if errors.Is(err, ErrEmailExists) {
+			resp.Conflict(c, "email already registered")
+			return
+		}
+		if errors.Is(err, ErrRegisterDisabled) {
+			resp.Forbidden(c, "user registration is currently disabled")
+			return
+		}
+		if errors.Is(err, ErrEmailNotAllowed) {
+			resp.BadRequest(c, "this email domain is not allowed for registration")
+			return
+		}
+		if errors.Is(err, ErrPasswordTooShort) {
+			resp.BadRequest(c, "password is too short")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, u)
+}
+
+// POST /api/auth/login
+func (h *Handler) Login(c *gin.Context) {
+	var req loginReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	u, pair, err := h.svc.Login(c.Request.Context(), req.Email, req.Password, c.ClientIP())
+	if err != nil {
+		switch {
+		case errors.Is(err, ErrInvalidCredential):
+			resp.Unauthorized(c, "invalid email or password")
+		case errors.Is(err, ErrUserBanned):
+			resp.Forbidden(c, "user banned")
+		default:
+			resp.Internal(c, err.Error())
+		}
+		return
+	}
+	resp.OK(c, loginResp{User: u, Token: pair})
+}
+
+// POST /api/auth/refresh
+func (h *Handler) Refresh(c *gin.Context) {
+	var req refreshReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	pair, err := h.svc.Refresh(c.Request.Context(), req.RefreshToken)
+	if err != nil {
+		resp.Unauthorized(c, err.Error())
+		return
+	}
+	resp.OK(c, pair)
+}
diff --git a/internal/auth/service.go b/internal/auth/service.go
new file mode 100644
index 00000000..6a50a394
--- /dev/null
+++ b/internal/auth/service.go
@@ -0,0 +1,215 @@
+package auth
+
+import (
+	"context"
+	"errors"
+	"strings"
+
+	"golang.org/x/crypto/bcrypt"
+
+	"github.com/432539/gpt2api/internal/billing"
+	"github.com/432539/gpt2api/internal/settings"
+	"github.com/432539/gpt2api/internal/user"
+	pkgjwt "github.com/432539/gpt2api/pkg/jwt"
+	"github.com/432539/gpt2api/pkg/mailer"
+)
+
+// 错误码
+var (
+	ErrEmailExists       = errors.New("auth: email already exists")
+	ErrInvalidCredential = errors.New("auth: invalid email or password")
+	ErrUserBanned        = errors.New("auth: user banned")
+	ErrRegisterDisabled  = errors.New("auth: user registration is disabled")
+	ErrEmailNotAllowed   = errors.New("auth: email domain is not allowed by whitelist")
+	ErrPasswordTooShort  = errors.New("auth: password too short")
+)
+
+// Service 封装注册、登录、刷新业务。
+type Service struct {
+	users      *user.DAO
+	jwt        *pkgjwt.Manager
+	bcryptCost int
+
+	mail    *mailer.Mailer // 可为 nil;为 nil 时不发邮件
+	baseURL string
+
+	// 以下两个用于注册开关 / 赠送积分,均为可选依赖。
+	// 未注入时:允许注册(兼容旧行为),不发放赠送积分。
+	settings *settings.Service
+	billing  *billing.Engine
+}
+
+func NewService(udao *user.DAO, jm *pkgjwt.Manager, bcryptCost int) *Service {
+	if bcryptCost < bcrypt.MinCost || bcryptCost > bcrypt.MaxCost {
+		bcryptCost = 10
+	}
+	return &Service{users: udao, jwt: jm, bcryptCost: bcryptCost}
+}
+
+// SetMailer 把邮件发送器注入进来(可选)。传 nil 或 disabled 的 mailer 即不发邮件。
+// 单独出接口,避免 NewService 签名膨胀。
+func (s *Service) SetMailer(m *mailer.Mailer, baseURL string) {
+	s.mail = m
+	s.baseURL = baseURL
+}
+
+// SetSettings 注入系统设置服务(用于注册开关 / 默认分组)。
+func (s *Service) SetSettings(ss *settings.Service) { s.settings = ss }
+
+// SetBilling 注入计费引擎(用于注册赠送积分)。
+func (s *Service) SetBilling(b *billing.Engine) { s.billing = b }
+
+// Register 新用户注册。
+func (s *Service) Register(ctx context.Context, email, password, nickname string) (*user.User, error) {
+	email = strings.ToLower(strings.TrimSpace(email))
+	if email == "" || password == "" {
+		return nil, errors.New("email and password required")
+	}
+
+	// 动态密码长度阈值(默认 6);>0 才检查,避免 settings 未初始化时把所有注册阻塞
+	if s.settings != nil {
+		if min := s.settings.PasswordMinLength(); min > 0 && len(password) < min {
+			return nil, ErrPasswordTooShort
+		}
+		// 邮箱域名白名单(空集 = 不限)
+		if wl := s.settings.EmailDomainWhitelist(); len(wl) > 0 {
+			at := strings.LastIndex(email, "@")
+			if at < 0 {
+				return nil, ErrEmailNotAllowed
+			}
+			if _, ok := wl[email[at+1:]]; !ok {
+				return nil, ErrEmailNotAllowed
+			}
+		}
+	}
+
+	n, err := s.users.CountByEmail(ctx, email)
+	if err != nil {
+		return nil, err
+	}
+	if n > 0 {
+		return nil, ErrEmailExists
+	}
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), s.bcryptCost)
+	if err != nil {
+		return nil, err
+	}
+	// Bootstrap 规则:若当前系统没有任何用户,首位注册者自动获得 admin 角色。
+	// 典型部署场景下一次性生效,后续注册仍为普通用户。
+	role := "user"
+	total, _ := s.users.CountAll(ctx)
+	if total == 0 {
+		role = "admin"
+	} else if s.settings != nil && !s.settings.AllowRegister() {
+		// 已有用户且管理员关闭了开放注册 —— 拒绝。
+		return nil, ErrRegisterDisabled
+	}
+
+	var groupID uint64 = 1
+	if s.settings != nil {
+		if g := s.settings.DefaultGroupID(); g > 0 {
+			groupID = g
+		}
+	}
+
+	u := &user.User{
+		Email:         email,
+		PasswordHash:  string(hash),
+		Nickname:      nickname,
+		GroupID:       groupID,
+		Role:          role,
+		Status:        "active",
+		CreditBalance: 0,
+	}
+	id, err := s.users.Create(ctx, u)
+	if err != nil {
+		return nil, err
+	}
+	u.ID = id
+
+	// 注册赠送积分(失败不阻断注册流程,仅打日志)
+	if s.settings != nil && s.billing != nil {
+		if bonus := s.settings.SignupBonusCredits(); bonus > 0 {
+			_, _ = s.billing.AdminAdjust(ctx, u.ID, 0, bonus, "signup_bonus", "auto grant on register")
+		}
+	}
+
+	// 欢迎邮件(可选,失败不影响注册)
+	if s.mail != nil && !s.mail.Disabled() {
+		subject, html := mailer.RenderWelcome(u.Nickname, u.Email, s.baseURL)
+		s.mail.Send(mailer.Message{To: u.Email, Subject: subject, HTML: html})
+	}
+	return u, nil
+}
+
+// Login 校验邮箱密码并签发 token。
+func (s *Service) Login(ctx context.Context, email, password, ip string) (*user.User, *pkgjwt.TokenPair, error) {
+	email = strings.ToLower(strings.TrimSpace(email))
+	u, err := s.users.GetByEmail(ctx, email)
+	if err != nil {
+		if errors.Is(err, user.ErrNotFound) {
+			return nil, nil, ErrInvalidCredential
+		}
+		return nil, nil, err
+	}
+	if u.Status == "banned" {
+		return nil, nil, ErrUserBanned
+	}
+	if err := bcrypt.CompareHashAndPassword([]byte(u.PasswordHash), []byte(password)); err != nil {
+		return nil, nil, ErrInvalidCredential
+	}
+	pair, err := s.jwt.Issue(u.ID, u.Role)
+	if err != nil {
+		return nil, nil, err
+	}
+	_ = s.users.UpdateLoginInfo(ctx, u.ID, ip)
+	return u, pair, nil
+}
+
+// HashPassword 对外暴露 bcrypt 哈希(cost 由 service 持有),admin 重置密码走这里。
+func (s *Service) HashPassword(plain string) (string, error) {
+	if len(plain) < 6 {
+		return "", errors.New("password too short")
+	}
+	h, err := bcrypt.GenerateFromPassword([]byte(plain), s.bcryptCost)
+	if err != nil {
+		return "", err
+	}
+	return string(h), nil
+}
+
+// VerifyPassword 校验指定 user 的明文密码是否正确(不签发 token)。
+// 主要用于"高危操作二次确认"场景(如恢复数据库、调整积分)。
+// 正确返回 nil;错误返回 ErrInvalidCredential / ErrUserBanned 等。
+func (s *Service) VerifyPassword(ctx context.Context, userID uint64, password string) error {
+	u, err := s.users.GetByID(ctx, userID)
+	if err != nil {
+		if errors.Is(err, user.ErrNotFound) {
+			return ErrInvalidCredential
+		}
+		return err
+	}
+	if u.Status == "banned" {
+		return ErrUserBanned
+	}
+	if err := bcrypt.CompareHashAndPassword([]byte(u.PasswordHash), []byte(password)); err != nil {
+		return ErrInvalidCredential
+	}
+	return nil
+}
+
+// Refresh 用 refresh_token 换新的 access_token 对。
+func (s *Service) Refresh(ctx context.Context, refreshToken string) (*pkgjwt.TokenPair, error) {
+	claims, err := s.jwt.VerifyRefresh(refreshToken)
+	if err != nil {
+		return nil, err
+	}
+	u, err := s.users.GetByID(ctx, claims.UserID)
+	if err != nil {
+		return nil, err
+	}
+	if u.Status == "banned" {
+		return nil, ErrUserBanned
+	}
+	return s.jwt.Issue(u.ID, u.Role)
+}
diff --git a/internal/backup/dao.go b/internal/backup/dao.go
new file mode 100644
index 00000000..c29a46ba
--- /dev/null
+++ b/internal/backup/dao.go
@@ -0,0 +1,118 @@
+package backup
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+
+	"github.com/jmoiron/sqlx"
+)
+
+// ErrNotFound 备份记录不存在。
+var ErrNotFound = errors.New("backup: not found")
+
+// DAO backup_files 表访问对象。
+type DAO struct{ db *sqlx.DB }
+
+// NewDAO 构造。
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+// 注意:`trigger` 和 `error` 是 MySQL 保留字,必须加反引号。
+// 出于一致性,所有列都用反引号包裹,免得下次又被某个保留字坑。
+const colsSelect = "`id`,`backup_id`,`file_name`,`size_bytes`,`sha256`," +
+	"`trigger`,`status`,`error`,`include_data`,`created_by`,`created_at`,`finished_at`"
+
+// Create 插入 running 记录,返回自增 id。
+func (d *DAO) Create(ctx context.Context, f *File) error {
+	res, err := d.db.ExecContext(ctx, `
+INSERT INTO `+"`backup_files`"+`
+  (`+"`backup_id`,`file_name`,`size_bytes`,`sha256`,`trigger`,`status`,`error`,`include_data`,`created_by`,`created_at`"+`)
+VALUES (?,?,?,?,?,?,?,?,?, NOW())`,
+		f.BackupID, f.FileName, f.SizeBytes, f.SHA256, f.Trigger,
+		nonEmpty(f.Status, StatusRunning), f.Error, f.IncludeData, f.CreatedBy,
+	)
+	if err != nil {
+		return fmt.Errorf("backup dao create: %w", err)
+	}
+	id, _ := res.LastInsertId()
+	f.ID = uint64(id)
+	return nil
+}
+
+// MarkReady 更新成功状态。
+func (d *DAO) MarkReady(ctx context.Context, backupID string, size int64, sha string) error {
+	_, err := d.db.ExecContext(ctx, `
+UPDATE `+"`backup_files`"+`
+   SET `+"`status`"+`='ready', `+"`size_bytes`"+`=?, `+"`sha256`"+`=?, `+"`finished_at`"+`=NOW()
+ WHERE `+"`backup_id`"+`=?`, size, sha, backupID)
+	return err
+}
+
+// MarkFailed 更新失败状态。
+func (d *DAO) MarkFailed(ctx context.Context, backupID, errMsg string) error {
+	if len(errMsg) > 500 {
+		errMsg = errMsg[:500]
+	}
+	_, err := d.db.ExecContext(ctx, `
+UPDATE `+"`backup_files`"+`
+   SET `+"`status`"+`='failed', `+"`error`"+`=?, `+"`finished_at`"+`=NOW()
+ WHERE `+"`backup_id`"+`=?`, errMsg, backupID)
+	return err
+}
+
+// Get 按 backup_id 查询。
+func (d *DAO) Get(ctx context.Context, backupID string) (*File, error) {
+	var f File
+	err := d.db.GetContext(ctx, &f,
+		"SELECT "+colsSelect+" FROM `backup_files` WHERE `backup_id`=?", backupID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &f, err
+}
+
+// Delete 物理删除记录(文件删除由 Service 层做)。
+func (d *DAO) Delete(ctx context.Context, backupID string) error {
+	_, err := d.db.ExecContext(ctx,
+		"DELETE FROM `backup_files` WHERE `backup_id`=?", backupID)
+	return err
+}
+
+// List 分页列出。
+func (d *DAO) List(ctx context.Context, limit, offset int) ([]File, error) {
+	if limit <= 0 {
+		limit = 50
+	}
+	var out []File
+	err := d.db.SelectContext(ctx, &out,
+		"SELECT "+colsSelect+" FROM `backup_files` ORDER BY `id` DESC LIMIT ? OFFSET ?",
+		limit, offset)
+	return out, err
+}
+
+// Count 总数。
+func (d *DAO) Count(ctx context.Context) (int64, error) {
+	var n int64
+	err := d.db.GetContext(ctx, &n, "SELECT COUNT(*) FROM `backup_files`")
+	return n, err
+}
+
+// ListReadyOldest 拿最老的 N 个 ready 备份,用于 retention 清理。
+func (d *DAO) ListReadyOldest(ctx context.Context, keep int) ([]File, error) {
+	if keep < 0 {
+		keep = 0
+	}
+	var out []File
+	err := d.db.SelectContext(ctx, &out,
+		"SELECT "+colsSelect+" FROM `backup_files` WHERE `status`='ready' "+
+			"ORDER BY `id` DESC LIMIT 1000 OFFSET ?", keep)
+	return out, err
+}
+
+func nonEmpty(s, fallback string) string {
+	if s == "" {
+		return fallback
+	}
+	return s
+}
diff --git a/internal/backup/handler.go b/internal/backup/handler.go
new file mode 100644
index 00000000..491e5dcb
--- /dev/null
+++ b/internal/backup/handler.go
@@ -0,0 +1,215 @@
+package backup
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/audit"
+	"github.com/432539/gpt2api/internal/auth"
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// Handler 提供 /api/admin/system/backup/* 接口。
+type Handler struct {
+	svc      *Service
+	dao      *DAO
+	auth     *auth.Service // 用于高危操作二次密码校验
+	auditDAO *audit.DAO
+}
+
+// NewHandler 构造。
+func NewHandler(svc *Service, dao *DAO, authSvc *auth.Service, auditDAO *audit.DAO) *Handler {
+	return &Handler{svc: svc, dao: dao, auth: authSvc, auditDAO: auditDAO}
+}
+
+// ---- 请求体 ----
+
+type createReq struct {
+	IncludeData *bool `json:"include_data,omitempty"` // 默认 true
+}
+
+// ---- 接口 ----
+
+// Create POST /api/admin/system/backup
+func (h *Handler) Create(c *gin.Context) {
+	var req createReq
+	_ = c.ShouldBindJSON(&req)
+	includeData := true
+	if req.IncludeData != nil {
+		includeData = *req.IncludeData
+	}
+	actor := middleware.UserID(c)
+
+	f, err := h.svc.Create(c.Request.Context(), actor, TriggerManual, includeData)
+	if err != nil {
+		audit.Record(c, h.auditDAO, "system.backup.create.failed", "", gin.H{"error": err.Error()})
+		resp.Internal(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "system.backup.create", f.BackupID,
+		gin.H{"size": f.SizeBytes, "include_data": includeData})
+	resp.OK(c, f)
+}
+
+// List GET /api/admin/system/backup
+func (h *Handler) List(c *gin.Context) {
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	items, err := h.dao.List(c.Request.Context(), limit, offset)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	total, _ := h.dao.Count(c.Request.Context())
+	resp.OK(c, gin.H{
+		"items":          items,
+		"total":          total,
+		"allow_restore":  h.svc.AllowRestore(),
+		"max_upload_mb":  h.svc.cfg.MaxUploadMB,
+	})
+}
+
+// Download GET /api/admin/system/backup/:id/download
+func (h *Handler) Download(c *gin.Context) {
+	id := c.Param("id")
+	if !backupIDRe.MatchString(id) {
+		resp.BadRequest(c, "invalid backup id")
+		return
+	}
+	fh, meta, err := h.svc.OpenForDownload(c.Request.Context(), id)
+	if err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "backup not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	defer fh.Close()
+
+	c.Writer.Header().Set("Content-Type", "application/gzip")
+	c.Writer.Header().Set("Content-Disposition",
+		fmt.Sprintf(`attachment; filename="%s"`, meta.FileName))
+	c.Writer.Header().Set("Content-Length", strconv.FormatInt(meta.SizeBytes, 10))
+	c.Writer.Header().Set("X-Backup-SHA256", meta.SHA256)
+	c.Status(http.StatusOK)
+	http.ServeContent(c.Writer, c.Request, meta.FileName, meta.CreatedAt, fh)
+	audit.Record(c, h.auditDAO, "system.backup.download", id, nil)
+}
+
+// Delete DELETE /api/admin/system/backup/:id
+// 高危:需 X-Admin-Confirm 二次密码校验。
+func (h *Handler) Delete(c *gin.Context) {
+	if err := h.requireAdminConfirm(c); err != nil {
+		resp.Forbidden(c, err.Error())
+		return
+	}
+	id := c.Param("id")
+	if !backupIDRe.MatchString(id) {
+		resp.BadRequest(c, "invalid backup id")
+		return
+	}
+	if err := h.svc.Delete(c.Request.Context(), id); err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "backup not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "system.backup.delete", id, nil)
+	resp.OK(c, gin.H{"deleted": id})
+}
+
+// Restore POST /api/admin/system/backup/:id/restore
+// 超高危:
+//
+//	1. backup.allow_restore 必须为 true
+//	2. 必须提供 X-Admin-Confirm = 当前管理员明文密码
+//	3. 执行前后都落审计
+func (h *Handler) Restore(c *gin.Context) {
+	if !h.svc.AllowRestore() {
+		resp.Forbidden(c, "restore is disabled by config; set backup.allow_restore=true first")
+		return
+	}
+	if err := h.requireAdminConfirm(c); err != nil {
+		resp.Forbidden(c, err.Error())
+		return
+	}
+	id := c.Param("id")
+	if !backupIDRe.MatchString(id) {
+		resp.BadRequest(c, "invalid backup id")
+		return
+	}
+	audit.Record(c, h.auditDAO, "system.backup.restore.begin", id, nil)
+	if err := h.svc.Restore(c.Request.Context(), id); err != nil {
+		audit.Record(c, h.auditDAO, "system.backup.restore.failed", id, gin.H{"error": err.Error()})
+		resp.Internal(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "system.backup.restore.success", id, nil)
+	resp.OK(c, gin.H{"restored": id})
+}
+
+// Upload POST /api/admin/system/backup/upload
+// 上传 .sql.gz 文件(multipart/form-data,字段名 "file")。
+// 高危:需 X-Admin-Confirm 二次密码校验。
+func (h *Handler) Upload(c *gin.Context) {
+	if err := h.requireAdminConfirm(c); err != nil {
+		resp.Forbidden(c, err.Error())
+		return
+	}
+	c.Request.Body = http.MaxBytesReader(c.Writer, c.Request.Body, h.svc.MaxUploadBytes()+4096)
+	fh, err := c.FormFile("file")
+	if err != nil {
+		resp.BadRequest(c, "file is required: "+err.Error())
+		return
+	}
+	if fh.Size > h.svc.MaxUploadBytes() {
+		resp.BadRequest(c, fmt.Sprintf("file exceeds %d MB", h.svc.cfg.MaxUploadMB))
+		return
+	}
+	src, err := fh.Open()
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	defer src.Close()
+
+	actor := middleware.UserID(c)
+	f, err := h.svc.ImportUpload(c.Request.Context(), actor, fh.Filename, src)
+	if err != nil {
+		audit.Record(c, h.auditDAO, "system.backup.upload.failed", fh.Filename, gin.H{"error": err.Error()})
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "system.backup.upload", f.BackupID,
+		gin.H{"orig_name": fh.Filename, "size": f.SizeBytes})
+	resp.OK(c, f)
+}
+
+// requireAdminConfirm 从 X-Admin-Confirm header(或 body.admin_password)
+// 校验当前管理员的登录密码,防止 token 泄漏后被用来直接操作高危 API。
+// 返回 nil 表示通过。
+func (h *Handler) requireAdminConfirm(c *gin.Context) error {
+	pwd := c.GetHeader("X-Admin-Confirm")
+	if pwd == "" {
+		pwd = c.PostForm("admin_password")
+	}
+	if pwd == "" {
+		return errors.New("X-Admin-Confirm header required for this destructive operation")
+	}
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		return errors.New("not authenticated")
+	}
+	if err := h.auth.VerifyPassword(c.Request.Context(), uid, pwd); err != nil {
+		return errors.New("admin password mismatch")
+	}
+	return nil
+}
diff --git a/internal/backup/model.go b/internal/backup/model.go
new file mode 100644
index 00000000..9ea23da0
--- /dev/null
+++ b/internal/backup/model.go
@@ -0,0 +1,53 @@
+// Package backup 数据库备份/恢复。
+//
+// 物理方案:
+//   1. 备份:mysqldump 子进程 → stdout → gzip pipe → 目标文件
+//      - 只 dump 业务库(从 DSN 解析得到的 database)
+//      - 默认包含数据;支持 --no-data 只 dump 结构
+//      - 默认使用 --single-transaction(InnoDB 一致性快照,不锁表)
+//      - 排除 audit 表本身可选
+//   2. 恢复:mysql 子进程读 gzip 解压流 → stdin
+//      - 生产默认禁用(backup.allow_restore=false),需管理员 config 显式开
+//      - 执行前强制二次密码校验 + 审计
+//
+// 安全考虑:
+//   - 文件名正则白名单,防路径遍历
+//   - restore/upload/delete 独立 permission + 二次密码
+//   - 大文件流式处理,避免 OOM
+//   - sha256 校验完整性
+package backup
+
+import (
+	"database/sql"
+	"time"
+)
+
+// 状态常量。
+const (
+	StatusRunning = "running"
+	StatusReady   = "ready"
+	StatusFailed  = "failed"
+)
+
+// 触发来源。
+const (
+	TriggerManual = "manual"
+	TriggerCron   = "cron"
+	TriggerUpload = "upload"
+)
+
+// File 对应 backup_files 表。
+type File struct {
+	ID          uint64       `db:"id" json:"id"`
+	BackupID    string       `db:"backup_id" json:"backup_id"`   // bk_YYYYMMDD_HHMMSS_xxxx
+	FileName    string       `db:"file_name" json:"file_name"`
+	SizeBytes   int64        `db:"size_bytes" json:"size_bytes"`
+	SHA256      string       `db:"sha256" json:"sha256"`
+	Trigger     string       `db:"trigger" json:"trigger"`
+	Status      string       `db:"status" json:"status"`
+	Error       string       `db:"error" json:"error,omitempty"`
+	IncludeData bool         `db:"include_data" json:"include_data"`
+	CreatedBy   uint64       `db:"created_by" json:"created_by"`
+	CreatedAt   time.Time    `db:"created_at" json:"created_at"`
+	FinishedAt  sql.NullTime `db:"finished_at" json:"finished_at,omitempty"`
+}
diff --git a/internal/backup/service.go b/internal/backup/service.go
new file mode 100644
index 00000000..25fedad1
--- /dev/null
+++ b/internal/backup/service.go
@@ -0,0 +1,484 @@
+package backup
+
+import (
+	"compress/gzip"
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"math/rand"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"time"
+
+	mysqlDrv "github.com/go-sql-driver/mysql"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/config"
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// ErrRestoreDisabled 恢复功能被配置禁用。
+var ErrRestoreDisabled = errors.New("backup: restore is disabled by config")
+
+// ErrInvalidFileName 非法文件名(防路径遍历)。
+var ErrInvalidFileName = errors.New("backup: invalid file name")
+
+// safeNameRe 仅允许字母/数字/点/下划线/连字符。
+var safeNameRe = regexp.MustCompile(`^[A-Za-z0-9._-]+\.sql(\.gz)?$`)
+
+// backupIDRe 形如 bk_20260417_120000_xxxx
+var backupIDRe = regexp.MustCompile(`^bk_\d{8}_\d{6}_[a-z0-9]{6}$`)
+
+// Service 备份服务。
+type Service struct {
+	cfg    config.BackupConfig
+	mysql  config.MySQLConfig
+	dao    *DAO
+	dbName string
+	dsn    *mysqlDrv.Config
+
+	// 启动时探测 mysqldump 支持的参数;不支持时自动降级。
+	// 例如 mariadb-dump 不识别 --set-gtid-purged、--column-statistics 等 MySQL 专属 flag。
+	supportSetGTIDPurged bool
+	supportColumnStats   bool
+	isMariaDB            bool
+}
+
+// New 构造 Service。cfg.Dir 不存在时自动创建。
+func New(cfg config.BackupConfig, mysqlCfg config.MySQLConfig, dao *DAO) (*Service, error) {
+	if cfg.Dir == "" {
+		cfg.Dir = "./data/backups"
+	}
+	if cfg.MysqldumpBin == "" {
+		cfg.MysqldumpBin = "mysqldump"
+	}
+	if cfg.MysqlBin == "" {
+		cfg.MysqlBin = "mysql"
+	}
+	if cfg.MaxUploadMB <= 0 {
+		cfg.MaxUploadMB = 512
+	}
+
+	dsn, err := mysqlDrv.ParseDSN(mysqlCfg.DSN)
+	if err != nil {
+		return nil, fmt.Errorf("parse mysql dsn: %w", err)
+	}
+	if dsn.DBName == "" {
+		return nil, errors.New("backup: mysql dsn missing db name")
+	}
+	if err := os.MkdirAll(cfg.Dir, 0o750); err != nil {
+		return nil, fmt.Errorf("create backup dir: %w", err)
+	}
+	svc := &Service{
+		cfg:    cfg,
+		mysql:  mysqlCfg,
+		dao:    dao,
+		dbName: dsn.DBName,
+		dsn:    dsn,
+	}
+	svc.probeMysqldump()
+	return svc, nil
+}
+
+// probeMysqldump 探测 mysqldump 版本 / 是否为 MariaDB,以决定传哪些参数。
+// 失败时不 panic,只是使用保守默认(不加这些 flag)。
+func (s *Service) probeMysqldump() {
+	out, err := exec.Command(s.cfg.MysqldumpBin, "--version").CombinedOutput()
+	if err != nil {
+		logger.L().Warn("probe mysqldump failed, fallback to conservative args",
+			zap.Error(err))
+		return
+	}
+	ver := strings.ToLower(string(out))
+	s.isMariaDB = strings.Contains(ver, "mariadb")
+	// MySQL 5.6+ 支持 --set-gtid-purged;MariaDB 和极老的 MySQL 不支持
+	s.supportSetGTIDPurged = !s.isMariaDB
+	// --column-statistics 仅 MySQL 8.0+ 的 mysqldump 支持
+	s.supportColumnStats = !s.isMariaDB && strings.Contains(ver, "distrib 8.")
+	logger.L().Info("mysqldump probed",
+		zap.Bool("mariadb", s.isMariaDB),
+		zap.Bool("gtid_flag", s.supportSetGTIDPurged),
+		zap.String("version_line", firstLine(string(out))),
+	)
+}
+
+func firstLine(s string) string {
+	if i := strings.IndexByte(s, '\n'); i >= 0 {
+		return strings.TrimSpace(s[:i])
+	}
+	return strings.TrimSpace(s)
+}
+
+// Dir 返回备份目录(只读)。
+func (s *Service) Dir() string { return s.cfg.Dir }
+
+// MaxUploadBytes 返回上传上限(bytes)。
+func (s *Service) MaxUploadBytes() int64 {
+	return int64(s.cfg.MaxUploadMB) * 1024 * 1024
+}
+
+// AllowRestore 是否允许 /restore 端点。
+func (s *Service) AllowRestore() bool { return s.cfg.AllowRestore }
+
+// Create 同步执行一次 mysqldump 备份。成功返回 File 记录。
+// actorID 是发起者 user_id(用于审计);includeData=false 时仅 dump 表结构。
+//
+// 流程:记录插入 running → 执行 mysqldump | gzip → sha256 → MarkReady。
+func (s *Service) Create(ctx context.Context, actorID uint64, trigger string, includeData bool) (*File, error) {
+	backupID := generateBackupID()
+	fileName := backupID + ".sql.gz"
+	fullPath := filepath.Join(s.cfg.Dir, fileName)
+
+	f := &File{
+		BackupID:    backupID,
+		FileName:    fileName,
+		Trigger:     trigger,
+		Status:      StatusRunning,
+		IncludeData: includeData,
+		CreatedBy:   actorID,
+	}
+	if err := s.dao.Create(ctx, f); err != nil {
+		return nil, err
+	}
+
+	size, sha, err := s.dumpToFile(ctx, fullPath, includeData)
+	if err != nil {
+		_ = s.dao.MarkFailed(ctx, backupID, err.Error())
+		_ = os.Remove(fullPath)
+		return nil, err
+	}
+	if err := s.dao.MarkReady(ctx, backupID, size, sha); err != nil {
+		return nil, err
+	}
+	f.SizeBytes = size
+	f.SHA256 = sha
+	f.Status = StatusReady
+	// 异步做 retention,不阻塞
+	if s.cfg.Retention > 0 {
+		go s.runRetention()
+	}
+	return f, nil
+}
+
+// dumpToFile 实际执行 mysqldump → gzip → 落盘 + sha256。
+func (s *Service) dumpToFile(ctx context.Context, fullPath string, includeData bool) (int64, string, error) {
+	out, err := os.OpenFile(fullPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o640)
+	if err != nil {
+		return 0, "", fmt.Errorf("open backup file: %w", err)
+	}
+	defer out.Close()
+
+	sha := sha256.New()
+	gz := gzip.NewWriter(io.MultiWriter(out, sha))
+	defer gz.Close()
+
+	args := s.mysqldumpArgs(includeData)
+	cmd := exec.CommandContext(ctx, s.cfg.MysqldumpBin, args...)
+	cmd.Env = append(os.Environ(), "MYSQL_PWD="+s.dsn.Passwd)
+
+	stderr := &strings.Builder{}
+	cmd.Stderr = stderr
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		return 0, "", fmt.Errorf("stdout pipe: %w", err)
+	}
+	if err := cmd.Start(); err != nil {
+		return 0, "", fmt.Errorf("start mysqldump: %w (stderr=%s)", err, stderr.String())
+	}
+
+	written, err := io.Copy(gz, stdout)
+	if copyErr := gz.Close(); copyErr != nil && err == nil {
+		err = copyErr
+	}
+	if werr := cmd.Wait(); werr != nil {
+		stderrTail := stderr.String()
+		if len(stderrTail) > 800 {
+			stderrTail = stderrTail[len(stderrTail)-800:]
+		}
+		return 0, "", fmt.Errorf("mysqldump failed: %w (stderr=%s)", werr, stderrTail)
+	}
+	if err != nil {
+		return 0, "", err
+	}
+	if err := out.Sync(); err != nil {
+		return 0, "", err
+	}
+
+	info, err := out.Stat()
+	if err != nil {
+		return 0, "", err
+	}
+	_ = written // compressed write counter is inside gz, 直接用落盘大小
+	return info.Size(), hex.EncodeToString(sha.Sum(nil)), nil
+}
+
+// mysqldumpArgs 生成命令行参数。
+// 注意:密码通过环境变量 MYSQL_PWD 传,不暴露在命令行。
+func (s *Service) mysqldumpArgs(includeData bool) []string {
+	host, port := s.dsnHostPort()
+	args := []string{
+		"-h", host,
+		"-P", port,
+		"-u", s.dsn.User,
+		"--default-character-set=utf8mb4",
+		"--single-transaction",
+		"--quick",
+		"--skip-lock-tables",
+		"--hex-blob",
+		"--routines",
+		"--triggers",
+		"--events",
+	}
+	if s.supportSetGTIDPurged {
+		args = append(args, "--set-gtid-purged=OFF")
+	}
+	if s.supportColumnStats {
+		// MySQL 8 默认会查 column_statistics,对目标库可能没权限,强制关掉
+		args = append(args, "--column-statistics=0")
+	}
+	if !includeData {
+		args = append(args, "--no-data")
+	}
+	// 只 dump 业务库;排除审计表避免恢复时覆盖当下审计
+	args = append(args, "--ignore-table="+s.dbName+".admin_audit_logs")
+	args = append(args, s.dbName)
+	return args
+}
+
+// Restore 同步恢复一个已存在的备份到 MySQL。
+// 调用方必须保证传入的是可信来源(经过管理员二次密码校验 + 审计)。
+func (s *Service) Restore(ctx context.Context, backupID string) error {
+	if !s.cfg.AllowRestore {
+		return ErrRestoreDisabled
+	}
+	f, err := s.dao.Get(ctx, backupID)
+	if err != nil {
+		return err
+	}
+	if f.Status != StatusReady {
+		return fmt.Errorf("backup not ready: %s", f.Status)
+	}
+	fullPath := filepath.Join(s.cfg.Dir, f.FileName)
+	if !strings.HasPrefix(filepath.Clean(fullPath), filepath.Clean(s.cfg.Dir)+string(filepath.Separator)) {
+		return ErrInvalidFileName
+	}
+
+	file, err := os.Open(fullPath)
+	if err != nil {
+		return fmt.Errorf("open backup file: %w", err)
+	}
+	defer file.Close()
+
+	gz, err := gzip.NewReader(file)
+	if err != nil {
+		return fmt.Errorf("open gzip: %w", err)
+	}
+	defer gz.Close()
+
+	host, port := s.dsnHostPort()
+	args := []string{
+		"-h", host,
+		"-P", port,
+		"-u", s.dsn.User,
+		"--default-character-set=utf8mb4",
+		s.dbName,
+	}
+	cmd := exec.CommandContext(ctx, s.cfg.MysqlBin, args...)
+	cmd.Env = append(os.Environ(), "MYSQL_PWD="+s.dsn.Passwd)
+	cmd.Stdin = gz
+	stderr := &strings.Builder{}
+	cmd.Stderr = stderr
+	if err := cmd.Run(); err != nil {
+		tail := stderr.String()
+		if len(tail) > 800 {
+			tail = tail[len(tail)-800:]
+		}
+		return fmt.Errorf("mysql restore failed: %w (stderr=%s)", err, tail)
+	}
+	return nil
+}
+
+// Delete 删除备份记录 + 物理文件。
+func (s *Service) Delete(ctx context.Context, backupID string) error {
+	if !backupIDRe.MatchString(backupID) {
+		return ErrInvalidFileName
+	}
+	f, err := s.dao.Get(ctx, backupID)
+	if err != nil {
+		return err
+	}
+	path, err := s.fullPath(f.FileName)
+	if err != nil {
+		return err
+	}
+	_ = os.Remove(path) // 即便文件丢失也要清理 DB
+	return s.dao.Delete(ctx, backupID)
+}
+
+// OpenForDownload 返回只读 handle,调用方负责 Close。
+// 额外返回文件名和大小供 HTTP header 使用。
+func (s *Service) OpenForDownload(ctx context.Context, backupID string) (*os.File, *File, error) {
+	f, err := s.dao.Get(ctx, backupID)
+	if err != nil {
+		return nil, nil, err
+	}
+	if f.Status != StatusReady {
+		return nil, nil, fmt.Errorf("backup not ready: %s", f.Status)
+	}
+	path, err := s.fullPath(f.FileName)
+	if err != nil {
+		return nil, nil, err
+	}
+	fh, err := os.Open(path)
+	if err != nil {
+		return nil, nil, err
+	}
+	return fh, f, nil
+}
+
+// ImportUpload 将上传的 .sql.gz 保存到备份目录并登记为 "upload" trigger。
+// 传入的 reader 会被逐字节读入(已做 LimitReader 控制)。
+func (s *Service) ImportUpload(ctx context.Context, actorID uint64, origName string, src io.Reader) (*File, error) {
+	if origName == "" {
+		origName = "upload.sql.gz"
+	}
+	// 只取 basename,防路径遍历
+	origName = filepath.Base(origName)
+	if !safeNameRe.MatchString(origName) {
+		return nil, ErrInvalidFileName
+	}
+	if !strings.HasSuffix(origName, ".gz") {
+		// 要求 .sql.gz。纯 .sql 也接受,但我们要 gzip 之后再存。
+		// 这里简单起见,拒绝非 .gz(避免引入额外的 gzip 临时流)。
+		return nil, fmt.Errorf("upload must be gzip-compressed (.sql.gz)")
+	}
+	backupID := generateBackupID()
+	fileName := backupID + ".sql.gz"
+	fullPath := filepath.Join(s.cfg.Dir, fileName)
+
+	out, err := os.OpenFile(fullPath, os.O_CREATE|os.O_WRONLY|os.O_EXCL, 0o640)
+	if err != nil {
+		return nil, fmt.Errorf("create upload file: %w", err)
+	}
+	defer out.Close()
+
+	sha := sha256.New()
+	limited := io.LimitReader(src, s.MaxUploadBytes()+1)
+	n, err := io.Copy(io.MultiWriter(out, sha), limited)
+	if err != nil {
+		_ = os.Remove(fullPath)
+		return nil, fmt.Errorf("write upload: %w", err)
+	}
+	if n > s.MaxUploadBytes() {
+		_ = os.Remove(fullPath)
+		return nil, fmt.Errorf("upload exceeds max %d MB", s.cfg.MaxUploadMB)
+	}
+	// gzip 合法性快速校验(读 header)
+	if err := verifyGzipHeader(fullPath); err != nil {
+		_ = os.Remove(fullPath)
+		return nil, fmt.Errorf("invalid gzip: %w", err)
+	}
+
+	f := &File{
+		BackupID:    backupID,
+		FileName:    fileName,
+		SizeBytes:   n,
+		SHA256:      hex.EncodeToString(sha.Sum(nil)),
+		Trigger:     TriggerUpload,
+		Status:      StatusReady,
+		IncludeData: true,
+		CreatedBy:   actorID,
+	}
+	if err := s.dao.Create(ctx, f); err != nil {
+		_ = os.Remove(fullPath)
+		return nil, err
+	}
+	// Create 是插入 running,立刻补 ready
+	if err := s.dao.MarkReady(ctx, backupID, n, f.SHA256); err != nil {
+		logger.L().Warn("mark upload ready", zap.Error(err))
+	}
+	f.Status = StatusReady
+	return f, nil
+}
+
+// runRetention 清理超过 cfg.Retention 的旧备份。只对 ready 状态生效。
+func (s *Service) runRetention() {
+	if s.cfg.Retention <= 0 {
+		return
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+	old, err := s.dao.ListReadyOldest(ctx, s.cfg.Retention)
+	if err != nil {
+		logger.L().Warn("retention list failed", zap.Error(err))
+		return
+	}
+	for _, f := range old {
+		path, err := s.fullPath(f.FileName)
+		if err == nil {
+			_ = os.Remove(path)
+		}
+		_ = s.dao.Delete(ctx, f.BackupID)
+		logger.L().Info("backup pruned by retention", zap.String("id", f.BackupID))
+	}
+}
+
+func (s *Service) fullPath(fileName string) (string, error) {
+	if !safeNameRe.MatchString(fileName) {
+		return "", ErrInvalidFileName
+	}
+	p := filepath.Join(s.cfg.Dir, fileName)
+	// 严格校验:清洗后的路径必须仍在 backup dir 下
+	cleanDir := filepath.Clean(s.cfg.Dir)
+	cleanPath := filepath.Clean(p)
+	if !strings.HasPrefix(cleanPath, cleanDir+string(filepath.Separator)) && cleanPath != cleanDir {
+		return "", ErrInvalidFileName
+	}
+	return p, nil
+}
+
+func (s *Service) dsnHostPort() (string, string) {
+	host, port := "127.0.0.1", "3306"
+	addr := s.dsn.Addr
+	if i := strings.LastIndex(addr, ":"); i > 0 {
+		host = addr[:i]
+		port = addr[i+1:]
+	} else if addr != "" {
+		host = addr
+	}
+	return host, port
+}
+
+// generateBackupID 生成形如 bk_20260417_120000_xyz987 的唯一 id。
+func generateBackupID() string {
+	now := time.Now()
+	const letters = "abcdefghijklmnopqrstuvwxyz0123456789"
+	//nolint:gosec
+	rng := rand.New(rand.NewSource(now.UnixNano()))
+	suffix := make([]byte, 6)
+	for i := range suffix {
+		suffix[i] = letters[rng.Intn(len(letters))]
+	}
+	return fmt.Sprintf("bk_%s_%s", now.Format("20060102_150405"), string(suffix))
+}
+
+// verifyGzipHeader 快速校验文件是合法 gzip。
+func verifyGzipHeader(path string) error {
+	f, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	gz, err := gzip.NewReader(f)
+	if err != nil {
+		return err
+	}
+	_ = gz.Close()
+	return nil
+}
diff --git a/internal/billing/admin.go b/internal/billing/admin.go
new file mode 100644
index 00000000..9372a407
--- /dev/null
+++ b/internal/billing/admin.go
@@ -0,0 +1,81 @@
+package billing
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/jmoiron/sqlx"
+)
+
+// AdminAdjust 管理员手工调账。
+//
+//	delta > 0  加积分(例如补偿/赠送)
+//	delta < 0  扣积分(例如反作弊回收),允许把余额扣到 >=0(扣到负数会返回错误)
+//
+// 同时写一条 type=admin_adjust 的流水,ref_id 建议填 admin 的 user_id 字符串,
+// remark 由调用方传入人类可读原因。actorID 是发起者 user_id,仅写入 remark 前缀,
+// 方便审计时快速定位。
+//
+// 幂等性:调用方需自己保证(比如前端按钮 debounce);
+// 服务端只做原子执行,不去重。
+func (e *Engine) AdminAdjust(ctx context.Context, targetUserID, actorID uint64, delta int64, refID, remark string) (balanceAfter int64, err error) {
+	if delta == 0 {
+		return 0, errors.New("delta must not be zero")
+	}
+	err = e.runTx(ctx, func(tx *sqlx.Tx) error {
+		// 扣款时 WHERE 子句保证不会扣成负数
+		var res sqlResult
+		if delta > 0 {
+			res, err = execR(tx, ctx,
+				`UPDATE users
+                    SET credit_balance = credit_balance + ?, version = version + 1
+                  WHERE id = ? AND deleted_at IS NULL`, delta, targetUserID)
+		} else {
+			neg := -delta
+			res, err = execR(tx, ctx,
+				`UPDATE users
+                    SET credit_balance = credit_balance - ?, version = version + 1
+                  WHERE id = ? AND credit_balance >= ? AND deleted_at IS NULL`,
+				neg, targetUserID, neg)
+		}
+		if err != nil {
+			return err
+		}
+		if res.RowsAffected == 0 {
+			if delta < 0 {
+				return ErrInsufficient
+			}
+			return fmt.Errorf("user %d not found", targetUserID)
+		}
+		if err := tx.QueryRowxContext(ctx,
+			`SELECT credit_balance FROM users WHERE id = ?`, targetUserID).Scan(&balanceAfter); err != nil {
+			return err
+		}
+		fullRemark := remark
+		if actorID > 0 {
+			fullRemark = fmt.Sprintf("[by admin=%d] %s", actorID, remark)
+		}
+		_, err = tx.ExecContext(ctx,
+			`INSERT INTO credit_transactions
+              (user_id, key_id, type, amount, balance_after, ref_id, remark)
+             VALUES (?, ?, ?, ?, ?, ?, ?)`,
+			targetUserID, 0, KindAdjust, delta, balanceAfter, refID, fullRemark)
+		return err
+	})
+	return
+}
+
+// sqlResult 对 sql.Result 的简化,只保留 RowsAffected,避免在 runTx 里多次判断错误。
+type sqlResult struct {
+	RowsAffected int64
+}
+
+func execR(tx *sqlx.Tx, ctx context.Context, q string, args ...interface{}) (sqlResult, error) {
+	res, err := tx.ExecContext(ctx, q, args...)
+	if err != nil {
+		return sqlResult{}, err
+	}
+	n, _ := res.RowsAffected()
+	return sqlResult{RowsAffected: n}, nil
+}
diff --git a/internal/billing/engine.go b/internal/billing/engine.go
new file mode 100644
index 00000000..9c739957
--- /dev/null
+++ b/internal/billing/engine.go
@@ -0,0 +1,236 @@
+// Package billing 实现「预扣+结算+退款」的积分计费闭环。
+//
+// 数据模型:
+//   users.credit_balance - 可用余额(厘)
+//   users.credit_frozen  - 冻结额度(厘)
+//   users.version        - 乐观锁版本号
+//   credit_transactions  - 流水(freeze/unfreeze/consume/refund ...)
+//
+// 流程:
+//   PreDeduct(userID, estCost, refID)   // balance -= est; frozen += est
+//   Settle(userID, est, actual, refID)  // frozen -= est; balance += (est-actual); 计 consume
+//   Refund(userID, est, refID)          // frozen -= est; balance += est
+package billing
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+
+	"github.com/jmoiron/sqlx"
+)
+
+var (
+	ErrInsufficient = errors.New("billing: insufficient balance")
+	ErrConflict     = errors.New("billing: concurrent update")
+)
+
+// Kind 流水类型。
+const (
+	KindFreeze   = "freeze"
+	KindUnfreeze = "unfreeze"
+	KindConsume  = "consume"
+	KindRefund   = "refund"
+	KindRecharge = "recharge"
+	KindRedeem   = "redeem"
+	KindAdjust   = "admin_adjust"
+)
+
+// Engine 计费引擎,操作 users + credit_transactions。
+type Engine struct{ db *sqlx.DB }
+
+func New(db *sqlx.DB) *Engine { return &Engine{db: db} }
+
+// Balance 查询用户实时余额(可用 + 冻结)。
+func (e *Engine) Balance(ctx context.Context, userID uint64) (available, frozen int64, err error) {
+	err = e.db.QueryRowxContext(ctx,
+		`SELECT credit_balance, credit_frozen FROM users WHERE id = ? AND deleted_at IS NULL`,
+		userID).Scan(&available, &frozen)
+	if errors.Is(err, sql.ErrNoRows) {
+		err = fmt.Errorf("user %d not found", userID)
+	}
+	return
+}
+
+// PreDeduct 预扣:在用户余额足够时,将 amount 从 available 转入 frozen,
+// 并写 freeze 流水。并发安全(乐观锁 + WHERE 防越扣)。
+func (e *Engine) PreDeduct(ctx context.Context, userID, keyID uint64, amount int64, refID, remark string) error {
+	if amount <= 0 {
+		return nil
+	}
+	return e.runTx(ctx, func(tx *sqlx.Tx) error {
+		res, err := tx.ExecContext(ctx,
+			`UPDATE users
+             SET credit_balance = credit_balance - ?, credit_frozen = credit_frozen + ?,
+                 version = version + 1
+             WHERE id = ? AND credit_balance >= ? AND deleted_at IS NULL`,
+			amount, amount, userID, amount)
+		if err != nil {
+			return err
+		}
+		n, _ := res.RowsAffected()
+		if n == 0 {
+			return ErrInsufficient
+		}
+		var balanceAfter int64
+		if err := tx.QueryRowxContext(ctx,
+			`SELECT credit_balance FROM users WHERE id = ?`, userID).Scan(&balanceAfter); err != nil {
+			return err
+		}
+		_, err = tx.ExecContext(ctx,
+			`INSERT INTO credit_transactions
+             (user_id, key_id, type, amount, balance_after, ref_id, remark)
+             VALUES (?, ?, ?, ?, ?, ?, ?)`,
+			userID, keyID, KindFreeze, -amount, balanceAfter, refID, remark)
+		return err
+	})
+}
+
+// Settle 结算:expected=预扣金额,actual=真实消耗。
+//
+//	若 actual <= expected: 退差额(frozen -= expected, balance += (expected-actual));
+//	若 actual >  expected: 需要补扣差额,若余额不足尽量扣到 0(业务上一般 expected 已取上限,不太会进入这里)。
+func (e *Engine) Settle(ctx context.Context, userID, keyID uint64, expected, actual int64, refID, remark string) error {
+	if expected <= 0 && actual <= 0 {
+		return nil
+	}
+	if actual < 0 {
+		actual = 0
+	}
+	return e.runTx(ctx, func(tx *sqlx.Tx) error {
+		refund := expected - actual // 可能为负
+
+		var balanceDelta int64
+		var frozenDelta int64
+
+		if refund >= 0 {
+			// 退差额:frozen -= expected, balance += refund
+			frozenDelta = -expected
+			balanceDelta = refund
+		} else {
+			// 补扣:frozen -= expected, balance -= (-refund) 若不足则允许负数? 保守地从 balance 扣到 0。
+			frozenDelta = -expected
+			balanceDelta = refund // 负值
+		}
+
+		res, err := tx.ExecContext(ctx,
+			`UPDATE users
+             SET credit_balance = credit_balance + ?,
+                 credit_frozen  = credit_frozen  + ?,
+                 version        = version + 1
+             WHERE id = ? AND credit_frozen + ? >= 0 AND deleted_at IS NULL`,
+			balanceDelta, frozenDelta, userID, frozenDelta)
+		if err != nil {
+			return err
+		}
+		n, _ := res.RowsAffected()
+		if n == 0 {
+			return ErrConflict
+		}
+
+		var balanceAfter int64
+		if err := tx.QueryRowxContext(ctx,
+			`SELECT credit_balance FROM users WHERE id = ?`, userID).Scan(&balanceAfter); err != nil {
+			return err
+		}
+
+		// 流水:unfreeze(+expected), consume(-actual)
+		if expected > 0 {
+			if _, err := tx.ExecContext(ctx,
+				`INSERT INTO credit_transactions
+                 (user_id, key_id, type, amount, balance_after, ref_id, remark)
+                 VALUES (?, ?, ?, ?, ?, ?, ?)`,
+				userID, keyID, KindUnfreeze, expected, balanceAfter, refID, remark); err != nil {
+				return err
+			}
+		}
+		if actual > 0 {
+			if _, err := tx.ExecContext(ctx,
+				`INSERT INTO credit_transactions
+                 (user_id, key_id, type, amount, balance_after, ref_id, remark)
+                 VALUES (?, ?, ?, ?, ?, ?, ?)`,
+				userID, keyID, KindConsume, -actual, balanceAfter, refID, remark); err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+}
+
+// Refund 全额退款:在请求失败时把 expected 金额原路退回。
+func (e *Engine) Refund(ctx context.Context, userID, keyID uint64, expected int64, refID, remark string) error {
+	if expected <= 0 {
+		return nil
+	}
+	return e.runTx(ctx, func(tx *sqlx.Tx) error {
+		res, err := tx.ExecContext(ctx,
+			`UPDATE users
+             SET credit_balance = credit_balance + ?, credit_frozen = credit_frozen - ?,
+                 version = version + 1
+             WHERE id = ? AND credit_frozen >= ? AND deleted_at IS NULL`,
+			expected, expected, userID, expected)
+		if err != nil {
+			return err
+		}
+		n, _ := res.RowsAffected()
+		if n == 0 {
+			return ErrConflict
+		}
+		var balanceAfter int64
+		if err := tx.QueryRowxContext(ctx,
+			`SELECT credit_balance FROM users WHERE id = ?`, userID).Scan(&balanceAfter); err != nil {
+			return err
+		}
+		_, err = tx.ExecContext(ctx,
+			`INSERT INTO credit_transactions
+             (user_id, key_id, type, amount, balance_after, ref_id, remark)
+             VALUES (?, ?, ?, ?, ?, ?, ?)`,
+			userID, keyID, KindRefund, expected, balanceAfter, refID, remark)
+		return err
+	})
+}
+
+// Recharge 充值(订单回调使用)。
+func (e *Engine) Recharge(ctx context.Context, userID uint64, amount int64, refID, remark string) error {
+	if amount <= 0 {
+		return errors.New("amount must be positive")
+	}
+	return e.runTx(ctx, func(tx *sqlx.Tx) error {
+		_, err := tx.ExecContext(ctx,
+			`UPDATE users SET credit_balance = credit_balance + ?, version = version + 1
+             WHERE id = ? AND deleted_at IS NULL`, amount, userID)
+		if err != nil {
+			return err
+		}
+		var balanceAfter int64
+		if err := tx.QueryRowxContext(ctx,
+			`SELECT credit_balance FROM users WHERE id = ?`, userID).Scan(&balanceAfter); err != nil {
+			return err
+		}
+		_, err = tx.ExecContext(ctx,
+			`INSERT INTO credit_transactions
+             (user_id, key_id, type, amount, balance_after, ref_id, remark)
+             VALUES (?, ?, ?, ?, ?, ?, ?)`,
+			userID, 0, KindRecharge, amount, balanceAfter, refID, remark)
+		return err
+	})
+}
+
+func (e *Engine) runTx(ctx context.Context, fn func(*sqlx.Tx) error) error {
+	tx, err := e.db.BeginTxx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if p := recover(); p != nil {
+			_ = tx.Rollback()
+			panic(p)
+		}
+	}()
+	if err := fn(tx); err != nil {
+		_ = tx.Rollback()
+		return err
+	}
+	return tx.Commit()
+}
diff --git a/internal/billing/pricing.go b/internal/billing/pricing.go
new file mode 100644
index 00000000..db835803
--- /dev/null
+++ b/internal/billing/pricing.go
@@ -0,0 +1,43 @@
+package billing
+
+import (
+	modelpkg "github.com/432539/gpt2api/internal/model"
+)
+
+// ComputeChatCost 计算聊天模型的费用(单位:厘)。
+// input/output tokens × 单价(per 1M) × 倍率。
+func ComputeChatCost(m *modelpkg.Model, promptTokens, completionTokens int, ratio float64) int64 {
+	if m == nil {
+		return 0
+	}
+	if ratio <= 0 {
+		ratio = 1.0
+	}
+	in := int64(promptTokens) * m.InputPricePer1M / 1_000_000
+	out := int64(completionTokens) * m.OutputPricePer1M / 1_000_000
+	total := float64(in+out) * ratio
+	return int64(total + 0.5)
+}
+
+// ComputeImageCost 单张图费用(单位:厘)。
+func ComputeImageCost(m *modelpkg.Model, n int, ratio float64) int64 {
+	if m == nil {
+		return 0
+	}
+	if ratio <= 0 {
+		ratio = 1.0
+	}
+	if n <= 0 {
+		n = 1
+	}
+	return int64(float64(m.ImagePricePerCall*int64(n)) * ratio)
+}
+
+// EstimateChat 预扣估算:max_tokens 未知时按保守上限 2048 估算。
+func EstimateChat(m *modelpkg.Model, promptTokens, maxTokens int, ratio float64) int64 {
+	out := maxTokens
+	if out <= 0 {
+		out = 2048
+	}
+	return ComputeChatCost(m, promptTokens, out, ratio)
+}
diff --git a/internal/channel/dao.go b/internal/channel/dao.go
new file mode 100644
index 00000000..c67ace84
--- /dev/null
+++ b/internal/channel/dao.go
@@ -0,0 +1,202 @@
+package channel
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+)
+
+var ErrNotFound = errors.New("channel: not found")
+
+type DAO struct{ db *sqlx.DB }
+
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+// ---------- Channel CRUD ----------
+
+func (d *DAO) Create(ctx context.Context, c *Channel) (uint64, error) {
+	res, err := d.db.ExecContext(ctx, `
+INSERT INTO upstream_channels
+  (name, type, base_url, api_key_enc, enabled, priority, weight, timeout_s, ratio, extra, status, remark)
+VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		c.Name, c.Type, c.BaseURL, c.APIKeyEnc, c.Enabled, c.Priority, c.Weight,
+		c.TimeoutS, c.Ratio, c.Extra, c.Status, c.Remark,
+	)
+	if err != nil {
+		return 0, err
+	}
+	id, _ := res.LastInsertId()
+	return uint64(id), nil
+}
+
+func (d *DAO) Update(ctx context.Context, c *Channel) error {
+	_, err := d.db.ExecContext(ctx, `
+UPDATE upstream_channels
+   SET name=?, type=?, base_url=?, api_key_enc=?, enabled=?, priority=?, weight=?,
+       timeout_s=?, ratio=?, extra=?, remark=?
+ WHERE id=? AND deleted_at IS NULL`,
+		c.Name, c.Type, c.BaseURL, c.APIKeyEnc, c.Enabled, c.Priority, c.Weight,
+		c.TimeoutS, c.Ratio, c.Extra, c.Remark, c.ID,
+	)
+	return err
+}
+
+func (d *DAO) SoftDelete(ctx context.Context, id uint64) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE upstream_channels SET deleted_at=? WHERE id=?`, time.Now(), id)
+	return err
+}
+
+func (d *DAO) GetByID(ctx context.Context, id uint64) (*Channel, error) {
+	var c Channel
+	err := d.db.GetContext(ctx, &c,
+		`SELECT * FROM upstream_channels WHERE id=? AND deleted_at IS NULL`, id)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &c, err
+}
+
+func (d *DAO) List(ctx context.Context, offset, limit int) ([]*Channel, int64, error) {
+	var total int64
+	if err := d.db.GetContext(ctx, &total,
+		`SELECT COUNT(*) FROM upstream_channels WHERE deleted_at IS NULL`); err != nil {
+		return nil, 0, err
+	}
+	rows := make([]*Channel, 0, limit)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM upstream_channels
+          WHERE deleted_at IS NULL
+          ORDER BY priority ASC, id ASC
+          LIMIT ? OFFSET ?`, limit, offset)
+	return rows, total, err
+}
+
+// ListEnabled 返回所有启用的渠道(用于路由选择)。
+func (d *DAO) ListEnabled(ctx context.Context) ([]*Channel, error) {
+	rows := make([]*Channel, 0, 16)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM upstream_channels
+          WHERE deleted_at IS NULL AND enabled = 1
+          ORDER BY priority ASC, id ASC`)
+	return rows, err
+}
+
+// UpdateHealth 记录探测结果。
+func (d *DAO) UpdateHealth(ctx context.Context, id uint64, ok bool, errMsg string, failCount int, status string) error {
+	_, err := d.db.ExecContext(ctx, `
+UPDATE upstream_channels
+   SET last_test_at=?, last_test_ok=?, last_test_error=?, fail_count=?, status=?
+ WHERE id=?`, time.Now(), ok, truncateErr(errMsg, 500), failCount, status, id)
+	return err
+}
+
+// ---------- Mapping CRUD ----------
+
+func (d *DAO) CreateMapping(ctx context.Context, m *Mapping) (uint64, error) {
+	res, err := d.db.ExecContext(ctx, `
+INSERT INTO channel_model_mappings
+  (channel_id, local_model, upstream_model, modality, enabled, priority)
+VALUES (?, ?, ?, ?, ?, ?)`,
+		m.ChannelID, m.LocalModel, m.UpstreamModel, m.Modality, m.Enabled, m.Priority)
+	if err != nil {
+		return 0, err
+	}
+	id, _ := res.LastInsertId()
+	return uint64(id), nil
+}
+
+func (d *DAO) UpdateMapping(ctx context.Context, m *Mapping) error {
+	_, err := d.db.ExecContext(ctx, `
+UPDATE channel_model_mappings
+   SET local_model=?, upstream_model=?, modality=?, enabled=?, priority=?
+ WHERE id=?`,
+		m.LocalModel, m.UpstreamModel, m.Modality, m.Enabled, m.Priority, m.ID)
+	return err
+}
+
+func (d *DAO) DeleteMapping(ctx context.Context, id uint64) error {
+	_, err := d.db.ExecContext(ctx, `DELETE FROM channel_model_mappings WHERE id=?`, id)
+	return err
+}
+
+// DeleteMappingsByChannel 当渠道软删时不需调用(外键 CASCADE),
+// 但这里保留方法以便手动清理。
+func (d *DAO) DeleteMappingsByChannel(ctx context.Context, channelID uint64) error {
+	_, err := d.db.ExecContext(ctx,
+		`DELETE FROM channel_model_mappings WHERE channel_id=?`, channelID)
+	return err
+}
+
+func (d *DAO) ListMappingsByChannel(ctx context.Context, channelID uint64) ([]*Mapping, error) {
+	rows := make([]*Mapping, 0, 8)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM channel_model_mappings WHERE channel_id=? ORDER BY priority ASC, id ASC`,
+		channelID)
+	return rows, err
+}
+
+// ListMappingsByLocalModel 路由热路径:按本地模型 + 模态查所有启用的映射,
+// 并关联出渠道本身的 enabled、priority,在业务层组合选择。
+//
+// 返回顺序:
+//  1. upstream_channels.enabled = 1 且 deleted_at IS NULL
+//  2. channel_model_mappings.enabled = 1
+//  3. ORDER BY channel.priority ASC, mapping.priority ASC, mapping.id ASC
+type MappingWithChannel struct {
+	Mapping
+	Channel Channel `db:"c"`
+}
+
+func (d *DAO) ResolveByLocalModel(ctx context.Context, localModel, modality string) ([]*MappingWithChannel, error) {
+	rows := make([]*MappingWithChannel, 0, 8)
+	err := d.db.SelectContext(ctx, &rows, `
+SELECT m.id            AS id,
+       m.channel_id    AS channel_id,
+       m.local_model   AS local_model,
+       m.upstream_model AS upstream_model,
+       m.modality      AS modality,
+       m.enabled       AS enabled,
+       m.priority      AS priority,
+       m.created_at    AS created_at,
+       m.updated_at    AS updated_at,
+       c.id                AS "c.id",
+       c.name              AS "c.name",
+       c.type              AS "c.type",
+       c.base_url          AS "c.base_url",
+       c.api_key_enc       AS "c.api_key_enc",
+       c.enabled           AS "c.enabled",
+       c.priority          AS "c.priority",
+       c.weight            AS "c.weight",
+       c.timeout_s         AS "c.timeout_s",
+       c.ratio             AS "c.ratio",
+       c.extra             AS "c.extra",
+       c.status            AS "c.status",
+       c.fail_count        AS "c.fail_count",
+       c.last_test_at      AS "c.last_test_at",
+       c.last_test_ok      AS "c.last_test_ok",
+       c.last_test_error   AS "c.last_test_error",
+       c.remark            AS "c.remark",
+       c.created_at        AS "c.created_at",
+       c.updated_at        AS "c.updated_at",
+       c.deleted_at        AS "c.deleted_at"
+  FROM channel_model_mappings m
+  JOIN upstream_channels c ON c.id = m.channel_id
+ WHERE m.local_model = ?
+   AND m.modality    = ?
+   AND m.enabled     = 1
+   AND c.enabled     = 1
+   AND c.deleted_at IS NULL
+ ORDER BY c.priority ASC, m.priority ASC, m.id ASC`, localModel, modality)
+	return rows, err
+}
+
+func truncateErr(s string, max int) string {
+	if len(s) <= max {
+		return s
+	}
+	return s[:max]
+}
diff --git a/internal/channel/handler.go b/internal/channel/handler.go
new file mode 100644
index 00000000..19bc789c
--- /dev/null
+++ b/internal/channel/handler.go
@@ -0,0 +1,172 @@
+package channel
+
+import (
+	"context"
+	"strconv"
+	"time"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+type Handler struct {
+	svc    *Service
+	router *Router
+}
+
+func NewHandler(svc *Service, router *Router) *Handler {
+	return &Handler{svc: svc, router: router}
+}
+
+// GET /api/admin/channels
+func (h *Handler) List(c *gin.Context) {
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	if page < 1 {
+		page = 1
+	}
+	size, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	if size < 1 || size > 100 {
+		size = 20
+	}
+	list, total, err := h.svc.List(c.Request.Context(), (page-1)*size, size)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"list": list, "total": total, "page": page, "page_size": size})
+}
+
+// POST /api/admin/channels
+func (h *Handler) Create(c *gin.Context) {
+	var in CreateInput
+	if err := c.ShouldBindJSON(&in); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	ch, err := h.svc.Create(c.Request.Context(), in)
+	if err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	resp.OK(c, ch)
+}
+
+// GET /api/admin/channels/:id
+func (h *Handler) Get(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	ch, err := h.svc.Get(c.Request.Context(), id)
+	if err != nil {
+		resp.NotFound(c, err.Error())
+		return
+	}
+	resp.OK(c, ch)
+}
+
+// PATCH /api/admin/channels/:id
+func (h *Handler) Update(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	var in UpdateInput
+	if err := c.ShouldBindJSON(&in); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	ch, err := h.svc.Update(c.Request.Context(), id, in)
+	if err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	resp.OK(c, ch)
+}
+
+// DELETE /api/admin/channels/:id
+func (h *Handler) Delete(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err := h.svc.Delete(c.Request.Context(), id); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"deleted": id})
+}
+
+// POST /api/admin/channels/:id/test 测试连接。
+// 调 Adapter.Ping,结果写入 fail_count / status / last_test_*。
+func (h *Handler) Test(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	ad, ch, err := h.router.BuildAdapter(c.Request.Context(), id)
+	if err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	ctx, cancel := context.WithTimeout(c.Request.Context(), 15*time.Second)
+	defer cancel()
+
+	start := time.Now()
+	pingErr := ad.Ping(ctx)
+	latency := int(time.Since(start).Milliseconds())
+	if pingErr != nil {
+		_ = h.svc.MarkHealth(context.Background(), ch, false, pingErr.Error())
+		resp.OK(c, gin.H{
+			"ok": false, "latency_ms": latency, "error": pingErr.Error(),
+		})
+		return
+	}
+	_ = h.svc.MarkHealth(context.Background(), ch, true, "")
+	resp.OK(c, gin.H{"ok": true, "latency_ms": latency})
+}
+
+// ---- Mapping ----
+
+// GET /api/admin/channels/:id/mappings
+func (h *Handler) ListMappings(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	list, err := h.svc.ListMappings(c.Request.Context(), id)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"list": list})
+}
+
+// POST /api/admin/channels/:id/mappings
+func (h *Handler) CreateMapping(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	var in CreateMappingInput
+	if err := c.ShouldBindJSON(&in); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	in.ChannelID = id
+	m, err := h.svc.CreateMapping(c.Request.Context(), in)
+	if err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	resp.OK(c, m)
+}
+
+// PATCH /api/admin/channels/mappings/:mid
+func (h *Handler) UpdateMapping(c *gin.Context) {
+	mid, _ := strconv.ParseUint(c.Param("mid"), 10, 64)
+	var in CreateMappingInput
+	if err := c.ShouldBindJSON(&in); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	m, err := h.svc.UpdateMapping(c.Request.Context(), mid, in)
+	if err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	resp.OK(c, m)
+}
+
+// DELETE /api/admin/channels/mappings/:mid
+func (h *Handler) DeleteMapping(c *gin.Context) {
+	mid, _ := strconv.ParseUint(c.Param("mid"), 10, 64)
+	if err := h.svc.DeleteMapping(c.Request.Context(), mid); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"deleted": mid})
+}
diff --git a/internal/channel/model.go b/internal/channel/model.go
new file mode 100644
index 00000000..2371dd3e
--- /dev/null
+++ b/internal/channel/model.go
@@ -0,0 +1,75 @@
+// Package channel 实现"外置上游渠道"的统一管理与路由。
+//
+// 渠道(Channel)指除 ChatGPT 账号池之外的 API 供应商:
+//   - openai: 兼容 OpenAI /v1/chat/completions、/v1/images/generations 等
+//   - gemini: 兼容 Google Generative Language API v1beta
+//
+// 每个渠道有自己的 base_url、api_key、倍率、优先级与健康状态。
+// 模型映射(Mapping)把本地模型名映射到指定渠道上的上游模型名,
+// 同一个本地模型可以在多个渠道上映射以实现负载均衡/故障转移。
+package channel
+
+import (
+	"database/sql"
+	"time"
+)
+
+// 渠道类型。
+const (
+	TypeOpenAI = "openai"
+	TypeGemini = "gemini"
+)
+
+// 模态。
+const (
+	ModalityText  = "text"
+	ModalityImage = "image"
+	ModalityVideo = "video"
+)
+
+// 健康状态。
+const (
+	StatusHealthy   = "healthy"
+	StatusUnhealthy = "unhealthy"
+)
+
+// Channel 对应 upstream_channels 表。ApiKeyEnc 是 AES-GCM 密文,
+// 读取后需要由 Service.DecryptKey 解密再使用。
+type Channel struct {
+	ID            uint64         `db:"id"               json:"id"`
+	Name          string         `db:"name"             json:"name"`
+	Type          string         `db:"type"             json:"type"`
+	BaseURL       string         `db:"base_url"         json:"base_url"`
+	APIKeyEnc     string         `db:"api_key_enc"      json:"-"`
+	APIKeyMasked  string         `db:"-"                json:"api_key_masked,omitempty"`
+	Enabled       bool           `db:"enabled"          json:"enabled"`
+	Priority      int            `db:"priority"         json:"priority"`
+	Weight        int            `db:"weight"           json:"weight"`
+	TimeoutS      int            `db:"timeout_s"        json:"timeout_s"`
+	Ratio         float64        `db:"ratio"            json:"ratio"`
+	Extra         sql.NullString `db:"extra"            json:"-"`
+	ExtraJSON     string         `db:"-"                json:"extra,omitempty"`
+	Status        string         `db:"status"           json:"status"`
+	FailCount     int            `db:"fail_count"       json:"fail_count"`
+	LastTestAt    sql.NullTime   `db:"last_test_at"     json:"last_test_at,omitempty"`
+	LastTestOK    sql.NullBool   `db:"last_test_ok"     json:"last_test_ok,omitempty"`
+	LastTestError string         `db:"last_test_error"  json:"last_test_error,omitempty"`
+	Remark        string         `db:"remark"           json:"remark"`
+	CreatedAt     time.Time      `db:"created_at"       json:"created_at"`
+	UpdatedAt     time.Time      `db:"updated_at"       json:"updated_at"`
+	DeletedAt     sql.NullTime   `db:"deleted_at"       json:"-"`
+}
+
+// Mapping 对应 channel_model_mappings 表。
+type Mapping struct {
+	ID            uint64    `db:"id"             json:"id"`
+	ChannelID     uint64    `db:"channel_id"     json:"channel_id"`
+	ChannelName   string    `db:"-"              json:"channel_name,omitempty"`
+	LocalModel    string    `db:"local_model"    json:"local_model"`
+	UpstreamModel string    `db:"upstream_model" json:"upstream_model"`
+	Modality      string    `db:"modality"       json:"modality"`
+	Enabled       bool      `db:"enabled"        json:"enabled"`
+	Priority      int       `db:"priority"       json:"priority"`
+	CreatedAt     time.Time `db:"created_at"     json:"created_at"`
+	UpdatedAt     time.Time `db:"updated_at"     json:"updated_at"`
+}
diff --git a/internal/channel/router.go b/internal/channel/router.go
new file mode 100644
index 00000000..30789719
--- /dev/null
+++ b/internal/channel/router.go
@@ -0,0 +1,111 @@
+package channel
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/432539/gpt2api/internal/upstream/adapter"
+)
+
+// Router 负责"本地模型 + 模态 → 可用的 (Channel, Mapping, Adapter) 候选列表"。
+//
+// 调用方按顺序尝试候选,失败时由上层把结果通过 Service.MarkHealth 回写。
+type Router struct {
+	svc *Service
+}
+
+func NewRouter(svc *Service) *Router { return &Router{svc: svc} }
+
+// Svc 暴露底层 Service,让调用方可以做 MarkHealth 等附加动作。
+func (r *Router) Svc() *Service { return r.svc }
+
+// Route 是单个路由候选。
+type Route struct {
+	Channel       *Channel
+	Mapping       *Mapping
+	UpstreamModel string
+	Adapter       adapter.Adapter
+}
+
+var ErrNoRoute = errors.New("channel: no route")
+
+// Resolve 返回对应本地模型 + 模态的候选路由(按优先级排序)。
+// 当列表为空时返回 ErrNoRoute,调用方应回退到内置 ChatGPT 账号池。
+func (r *Router) Resolve(ctx context.Context, localModel, modality string) ([]*Route, error) {
+	mws, err := r.svc.dao.ResolveByLocalModel(ctx, localModel, modality)
+	if err != nil {
+		return nil, err
+	}
+	if len(mws) == 0 {
+		return nil, ErrNoRoute
+	}
+	routes := make([]*Route, 0, len(mws))
+	for _, mw := range mws {
+		c := mw.Channel
+		// 跳过不健康(连续失败 ≥3 次)渠道,除非没有其它选择。
+		// 这里先都塞进来,由上层 try 循环决定。
+		key, err := r.svc.DecryptKey(&c)
+		if err != nil {
+			continue
+		}
+		ad, err := adapter.New(c.Type, adapter.Params{
+			BaseURL: c.BaseURL, APIKey: key, TimeoutS: c.TimeoutS,
+			Extra: func() string {
+				if c.Extra.Valid {
+					return c.Extra.String
+				}
+				return ""
+			}(),
+		})
+		if err != nil {
+			continue
+		}
+		m := mw.Mapping
+		routes = append(routes, &Route{
+			Channel: &c, Mapping: &m,
+			UpstreamModel: m.UpstreamModel,
+			Adapter:       ad,
+		})
+	}
+	if len(routes) == 0 {
+		return nil, ErrNoRoute
+	}
+	// 先把 healthy 放前面,unhealthy 放最后(保留 fallback)。
+	sorted := make([]*Route, 0, len(routes))
+	var tail []*Route
+	for _, r := range routes {
+		if r.Channel.Status == StatusUnhealthy {
+			tail = append(tail, r)
+		} else {
+			sorted = append(sorted, r)
+		}
+	}
+	sorted = append(sorted, tail...)
+	return sorted, nil
+}
+
+// BuildAdapter 给"测试连接"等场景用,直接按渠道 ID 构造 adapter。
+func (r *Router) BuildAdapter(ctx context.Context, channelID uint64) (adapter.Adapter, *Channel, error) {
+	c, err := r.svc.dao.GetByID(ctx, channelID)
+	if err != nil {
+		return nil, nil, err
+	}
+	key, err := r.svc.DecryptKey(c)
+	if err != nil {
+		return nil, nil, fmt.Errorf("decrypt key: %w", err)
+	}
+	ad, err := adapter.New(c.Type, adapter.Params{
+		BaseURL: c.BaseURL, APIKey: key, TimeoutS: c.TimeoutS,
+		Extra: func() string {
+			if c.Extra.Valid {
+				return c.Extra.String
+			}
+			return ""
+		}(),
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+	return ad, c, nil
+}
diff --git a/internal/channel/service.go b/internal/channel/service.go
new file mode 100644
index 00000000..07b1e9eb
--- /dev/null
+++ b/internal/channel/service.go
@@ -0,0 +1,302 @@
+package channel
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/432539/gpt2api/pkg/crypto"
+)
+
+// Service 封装渠道 CRUD、API Key 加解密、模型映射维护。
+type Service struct {
+	dao    *DAO
+	cipher *crypto.AESGCM
+}
+
+func NewService(dao *DAO, cipher *crypto.AESGCM) *Service {
+	return &Service{dao: dao, cipher: cipher}
+}
+
+// DAO 暴露底层 DAO,供路由器等场景只读使用。
+func (s *Service) DAO() *DAO { return s.dao }
+
+// CreateInput Create 入参。APIKey 为明文,入库时加密。
+type CreateInput struct {
+	Name     string  `json:"name"`
+	Type     string  `json:"type"`
+	BaseURL  string  `json:"base_url"`
+	APIKey   string  `json:"api_key"`
+	Enabled  bool    `json:"enabled"`
+	Priority int     `json:"priority"`
+	Weight   int     `json:"weight"`
+	TimeoutS int     `json:"timeout_s"`
+	Ratio    float64 `json:"ratio"`
+	Extra    string  `json:"extra"`
+	Remark   string  `json:"remark"`
+}
+
+// UpdateInput Update 入参。APIKey 为空串表示保持不变。
+type UpdateInput struct {
+	Name     string  `json:"name"`
+	Type     string  `json:"type"`
+	BaseURL  string  `json:"base_url"`
+	APIKey   string  `json:"api_key"`
+	Enabled  bool    `json:"enabled"`
+	Priority int     `json:"priority"`
+	Weight   int     `json:"weight"`
+	TimeoutS int     `json:"timeout_s"`
+	Ratio    float64 `json:"ratio"`
+	Extra    string  `json:"extra"`
+	Remark   string  `json:"remark"`
+}
+
+// 校验合法的渠道类型。
+func validType(t string) bool {
+	switch t {
+	case TypeOpenAI, TypeGemini:
+		return true
+	}
+	return false
+}
+
+// 校验合法的模态。
+func validModality(m string) bool {
+	switch m {
+	case ModalityText, ModalityImage, ModalityVideo:
+		return true
+	}
+	return false
+}
+
+func (s *Service) Create(ctx context.Context, in CreateInput) (*Channel, error) {
+	if strings.TrimSpace(in.Name) == "" {
+		return nil, errors.New("name 不能为空")
+	}
+	if !validType(in.Type) {
+		return nil, fmt.Errorf("type 只能是 %s / %s", TypeOpenAI, TypeGemini)
+	}
+	if strings.TrimSpace(in.BaseURL) == "" {
+		return nil, errors.New("base_url 不能为空")
+	}
+	if strings.TrimSpace(in.APIKey) == "" {
+		return nil, errors.New("api_key 不能为空")
+	}
+	if in.Ratio <= 0 {
+		in.Ratio = 1.0
+	}
+	if in.Weight <= 0 {
+		in.Weight = 1
+	}
+	if in.Priority < 0 {
+		in.Priority = 100
+	}
+	if in.TimeoutS <= 0 {
+		in.TimeoutS = 120
+	}
+	enc, err := s.cipher.EncryptString(in.APIKey)
+	if err != nil {
+		return nil, fmt.Errorf("encrypt api_key: %w", err)
+	}
+	c := &Channel{
+		Name: in.Name, Type: in.Type,
+		BaseURL:   strings.TrimRight(in.BaseURL, "/"),
+		APIKeyEnc: enc,
+		Enabled:   in.Enabled, Priority: in.Priority, Weight: in.Weight,
+		TimeoutS: in.TimeoutS, Ratio: in.Ratio,
+		Extra:  sql.NullString{String: in.Extra, Valid: in.Extra != ""},
+		Status: StatusHealthy, Remark: in.Remark,
+	}
+	id, err := s.dao.Create(ctx, c)
+	if err != nil {
+		return nil, err
+	}
+	return s.Get(ctx, id)
+}
+
+func (s *Service) Update(ctx context.Context, id uint64, in UpdateInput) (*Channel, error) {
+	c, err := s.dao.GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	if in.Name != "" {
+		c.Name = in.Name
+	}
+	if in.Type != "" {
+		if !validType(in.Type) {
+			return nil, fmt.Errorf("type 只能是 %s / %s", TypeOpenAI, TypeGemini)
+		}
+		c.Type = in.Type
+	}
+	if in.BaseURL != "" {
+		c.BaseURL = strings.TrimRight(in.BaseURL, "/")
+	}
+	if in.APIKey != "" {
+		enc, err := s.cipher.EncryptString(in.APIKey)
+		if err != nil {
+			return nil, err
+		}
+		c.APIKeyEnc = enc
+	}
+	c.Enabled = in.Enabled
+	if in.Priority >= 0 {
+		c.Priority = in.Priority
+	}
+	if in.Weight > 0 {
+		c.Weight = in.Weight
+	}
+	if in.TimeoutS > 0 {
+		c.TimeoutS = in.TimeoutS
+	}
+	if in.Ratio > 0 {
+		c.Ratio = in.Ratio
+	}
+	c.Extra = sql.NullString{String: in.Extra, Valid: in.Extra != ""}
+	c.Remark = in.Remark
+
+	if err := s.dao.Update(ctx, c); err != nil {
+		return nil, err
+	}
+	return s.Get(ctx, id)
+}
+
+func (s *Service) Delete(ctx context.Context, id uint64) error {
+	return s.dao.SoftDelete(ctx, id)
+}
+
+// Get 返回带 masked / extra_json 的渠道。
+func (s *Service) Get(ctx context.Context, id uint64) (*Channel, error) {
+	c, err := s.dao.GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	s.decorate(c)
+	return c, nil
+}
+
+func (s *Service) List(ctx context.Context, offset, limit int) ([]*Channel, int64, error) {
+	rows, total, err := s.dao.List(ctx, offset, limit)
+	if err != nil {
+		return nil, 0, err
+	}
+	for _, c := range rows {
+		s.decorate(c)
+	}
+	return rows, total, nil
+}
+
+// DecryptKey 返回 API Key 明文。
+func (s *Service) DecryptKey(c *Channel) (string, error) {
+	if c.APIKeyEnc == "" {
+		return "", nil
+	}
+	return s.cipher.DecryptString(c.APIKeyEnc)
+}
+
+// decorate 填充不落库的展示字段:api_key_masked / extra_json。
+func (s *Service) decorate(c *Channel) {
+	if c.APIKeyEnc != "" {
+		if pt, err := s.cipher.DecryptString(c.APIKeyEnc); err == nil {
+			c.APIKeyMasked = maskKey(pt)
+		} else {
+			c.APIKeyMasked = "(invalid)"
+		}
+	}
+	if c.Extra.Valid {
+		c.ExtraJSON = c.Extra.String
+	}
+}
+
+func maskKey(s string) string {
+	if len(s) <= 8 {
+		return strings.Repeat("*", len(s))
+	}
+	return s[:4] + "****" + s[len(s)-4:]
+}
+
+// ---------- Mapping ----------
+
+// CreateMappingInput 映射入参。
+type CreateMappingInput struct {
+	ChannelID     uint64 `json:"channel_id"`
+	LocalModel    string `json:"local_model"`
+	UpstreamModel string `json:"upstream_model"`
+	Modality      string `json:"modality"`
+	Enabled       bool   `json:"enabled"`
+	Priority      int    `json:"priority"`
+}
+
+func (s *Service) CreateMapping(ctx context.Context, in CreateMappingInput) (*Mapping, error) {
+	if in.ChannelID == 0 {
+		return nil, errors.New("channel_id 不能为空")
+	}
+	if strings.TrimSpace(in.LocalModel) == "" {
+		return nil, errors.New("local_model 不能为空")
+	}
+	if strings.TrimSpace(in.UpstreamModel) == "" {
+		return nil, errors.New("upstream_model 不能为空")
+	}
+	if in.Modality == "" {
+		in.Modality = ModalityText
+	}
+	if !validModality(in.Modality) {
+		return nil, fmt.Errorf("modality 只能是 text / image / video")
+	}
+	if in.Priority < 0 {
+		in.Priority = 100
+	}
+	m := &Mapping{
+		ChannelID: in.ChannelID, LocalModel: in.LocalModel,
+		UpstreamModel: in.UpstreamModel, Modality: in.Modality,
+		Enabled: in.Enabled, Priority: in.Priority,
+	}
+	id, err := s.dao.CreateMapping(ctx, m)
+	if err != nil {
+		return nil, err
+	}
+	m.ID = id
+	return m, nil
+}
+
+func (s *Service) UpdateMapping(ctx context.Context, id uint64, in CreateMappingInput) (*Mapping, error) {
+	if in.Modality == "" {
+		in.Modality = ModalityText
+	}
+	if !validModality(in.Modality) {
+		return nil, errors.New("modality 只能是 text / image / video")
+	}
+	m := &Mapping{
+		ID: id, LocalModel: in.LocalModel, UpstreamModel: in.UpstreamModel,
+		Modality: in.Modality, Enabled: in.Enabled, Priority: in.Priority,
+	}
+	if err := s.dao.UpdateMapping(ctx, m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func (s *Service) DeleteMapping(ctx context.Context, id uint64) error {
+	return s.dao.DeleteMapping(ctx, id)
+}
+
+func (s *Service) ListMappings(ctx context.Context, channelID uint64) ([]*Mapping, error) {
+	return s.dao.ListMappingsByChannel(ctx, channelID)
+}
+
+// MarkHealth 记录一次探测结果,超过阈值置 unhealthy。
+func (s *Service) MarkHealth(ctx context.Context, c *Channel, ok bool, errMsg string) error {
+	failCount := c.FailCount
+	status := c.Status
+	if ok {
+		failCount = 0
+		status = StatusHealthy
+	} else {
+		failCount++
+		if failCount >= 3 {
+			status = StatusUnhealthy
+		}
+	}
+	return s.dao.UpdateHealth(ctx, c.ID, ok, errMsg, failCount, status)
+}
diff --git a/internal/config/config.go b/internal/config/config.go
new file mode 100644
index 00000000..9802881e
--- /dev/null
+++ b/internal/config/config.go
@@ -0,0 +1,154 @@
+package config
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+
+	"github.com/spf13/viper"
+)
+
+type Config struct {
+	App       AppConfig       `mapstructure:"app"`
+	Log       LogConfig       `mapstructure:"log"`
+	MySQL     MySQLConfig     `mapstructure:"mysql"`
+	Redis     RedisConfig     `mapstructure:"redis"`
+	JWT       JWTConfig       `mapstructure:"jwt"`
+	Crypto    CryptoConfig    `mapstructure:"crypto"`
+	Security  SecurityConfig  `mapstructure:"security"`
+	Scheduler SchedulerConfig `mapstructure:"scheduler"`
+	Upstream  UpstreamConfig  `mapstructure:"upstream"`
+	EPay      EPayConfig      `mapstructure:"epay"`
+	Backup    BackupConfig    `mapstructure:"backup"`
+	SMTP      SMTPConfig      `mapstructure:"smtp"`
+}
+
+type AppConfig struct {
+	Name    string `mapstructure:"name"`
+	Env     string `mapstructure:"env"`
+	Listen  string `mapstructure:"listen"`
+	BaseURL string `mapstructure:"base_url"`
+}
+
+type LogConfig struct {
+	Level  string `mapstructure:"level"`
+	Format string `mapstructure:"format"`
+	Output string `mapstructure:"output"`
+}
+
+type MySQLConfig struct {
+	DSN                string `mapstructure:"dsn"`
+	MaxOpenConns       int    `mapstructure:"max_open_conns"`
+	MaxIdleConns       int    `mapstructure:"max_idle_conns"`
+	ConnMaxLifetimeSec int    `mapstructure:"conn_max_lifetime_sec"`
+}
+
+type RedisConfig struct {
+	Addr     string `mapstructure:"addr"`
+	Password string `mapstructure:"password"`
+	DB       int    `mapstructure:"db"`
+	PoolSize int    `mapstructure:"pool_size"`
+}
+
+type JWTConfig struct {
+	Secret        string `mapstructure:"secret"`
+	AccessTTLSec  int    `mapstructure:"access_ttl_sec"`
+	RefreshTTLSec int    `mapstructure:"refresh_ttl_sec"`
+	Issuer        string `mapstructure:"issuer"`
+}
+
+type CryptoConfig struct {
+	AESKey string `mapstructure:"aes_key"`
+}
+
+type SecurityConfig struct {
+	BcryptCost  int      `mapstructure:"bcrypt_cost"`
+	CORSOrigins []string `mapstructure:"cors_origins"`
+}
+
+type SchedulerConfig struct {
+	MinIntervalSec   int     `mapstructure:"min_interval_sec"`
+	DailyUsageRatio  float64 `mapstructure:"daily_usage_ratio"`
+	LockTTLSec       int     `mapstructure:"lock_ttl_sec"`
+	Cooldown429Sec   int     `mapstructure:"cooldown_429_sec"`
+	WarnedPauseHours int     `mapstructure:"warned_pause_hours"`
+}
+
+type UpstreamConfig struct {
+	BaseURL            string `mapstructure:"base_url"`
+	RequestTimeoutSec  int    `mapstructure:"request_timeout_sec"`
+	SSEReadTimeoutSec  int    `mapstructure:"sse_read_timeout_sec"`
+}
+
+// BackupConfig 数据库备份配置。
+type BackupConfig struct {
+	Dir           string `mapstructure:"dir"`            // 备份落盘目录,默认 /app/data/backups
+	Retention     int    `mapstructure:"retention"`      // 保留最近 N 个(>0),0 表示不自动清理
+	MysqldumpBin  string `mapstructure:"mysqldump_bin"`  // 默认 mysqldump
+	MysqlBin      string `mapstructure:"mysql_bin"`      // 恢复用,默认 mysql
+	MaxUploadMB   int    `mapstructure:"max_upload_mb"`  // 上传 .sql.gz 上限,默认 512
+	AllowRestore  bool   `mapstructure:"allow_restore"`  // 是否允许 /restore 端点(生产强烈建议 false 手动切)
+}
+
+type EPayConfig struct {
+	// GatewayURL 形如 https://pay.example.com/submit.php
+	// 空字符串时整个充值通道被视为未启用,前端 list 会提示运维未配置。
+	GatewayURL string `mapstructure:"gateway_url"`
+	PID        string `mapstructure:"pid"`
+	Key        string `mapstructure:"key"`
+	// NotifyURL 后端异步回调(必填完整 https,不要带 query)
+	NotifyURL string `mapstructure:"notify_url"`
+	// ReturnURL 支付成功浏览器跳回(前端路由页,如 /billing)
+	ReturnURL string `mapstructure:"return_url"`
+	// SignType 目前只支持 MD5,保留扩展位。
+	SignType string `mapstructure:"sign_type"`
+	// Expires 订单默认有效期(分钟),0 取默认 30
+	ExpiresMin int `mapstructure:"expires_min"`
+}
+
+// SMTPConfig 用于注册欢迎 / 充值到账 邮件通知。
+// Host 为空时邮件通道整体关闭,不影响主流程。
+type SMTPConfig struct {
+	Host     string `mapstructure:"host"`
+	Port     int    `mapstructure:"port"`
+	Username string `mapstructure:"username"`
+	Password string `mapstructure:"password"`
+	From     string `mapstructure:"from"`      // 显示的 From 地址
+	FromName string `mapstructure:"from_name"` // 显示名
+	UseTLS   bool   `mapstructure:"use_tls"`   // true 隐式 TLS(465),false STARTTLS(587)
+}
+
+var (
+	global *Config
+	once   sync.Once
+)
+
+func Load(path string) (*Config, error) {
+	var loadErr error
+	once.Do(func() {
+		v := viper.New()
+		v.SetConfigFile(path)
+		v.SetEnvPrefix("GPT2API")
+		v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
+		v.AutomaticEnv()
+		if err := v.ReadInConfig(); err != nil {
+			loadErr = fmt.Errorf("read config: %w", err)
+			return
+		}
+		var c Config
+		if err := v.Unmarshal(&c); err != nil {
+			loadErr = fmt.Errorf("unmarshal config: %w", err)
+			return
+		}
+		global = &c
+	})
+	return global, loadErr
+}
+
+// Get 返回全局配置,仅在 Load 之后调用。
+func Get() *Config {
+	if global == nil {
+		panic("config not loaded; call config.Load first")
+	}
+	return global
+}
diff --git a/internal/db/mysql.go b/internal/db/mysql.go
new file mode 100644
index 00000000..0734149e
--- /dev/null
+++ b/internal/db/mysql.go
@@ -0,0 +1,32 @@
+package db
+
+import (
+	"fmt"
+	"time"
+
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/jmoiron/sqlx"
+
+	"github.com/432539/gpt2api/internal/config"
+)
+
+// NewMySQL 根据配置打开 MySQL 连接池。
+func NewMySQL(cfg config.MySQLConfig) (*sqlx.DB, error) {
+	db, err := sqlx.Open("mysql", cfg.DSN)
+	if err != nil {
+		return nil, fmt.Errorf("open mysql: %w", err)
+	}
+	if cfg.MaxOpenConns > 0 {
+		db.SetMaxOpenConns(cfg.MaxOpenConns)
+	}
+	if cfg.MaxIdleConns > 0 {
+		db.SetMaxIdleConns(cfg.MaxIdleConns)
+	}
+	if cfg.ConnMaxLifetimeSec > 0 {
+		db.SetConnMaxLifetime(time.Duration(cfg.ConnMaxLifetimeSec) * time.Second)
+	}
+	if err := db.Ping(); err != nil {
+		return nil, fmt.Errorf("ping mysql: %w", err)
+	}
+	return db, nil
+}
diff --git a/internal/db/redis.go b/internal/db/redis.go
new file mode 100644
index 00000000..621be9f9
--- /dev/null
+++ b/internal/db/redis.go
@@ -0,0 +1,27 @@
+package db
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/redis/go-redis/v9"
+
+	"github.com/432539/gpt2api/internal/config"
+)
+
+// NewRedis 打开 Redis 连接。
+func NewRedis(cfg config.RedisConfig) (*redis.Client, error) {
+	c := redis.NewClient(&redis.Options{
+		Addr:     cfg.Addr,
+		Password: cfg.Password,
+		DB:       cfg.DB,
+		PoolSize: cfg.PoolSize,
+	})
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+	if err := c.Ping(ctx).Err(); err != nil {
+		return nil, fmt.Errorf("ping redis: %w", err)
+	}
+	return c, nil
+}
diff --git a/internal/gateway/chat.go b/internal/gateway/chat.go
new file mode 100644
index 00000000..11a40291
--- /dev/null
+++ b/internal/gateway/chat.go
@@ -0,0 +1,666 @@
+// Package gateway 实现 OpenAI 兼容的 /v1/* 入口。
+//
+// 职责:
+//   1. 鉴权(API Key,IP/模型白名单)
+//   2. 查模型 → 预扣积分
+//   3. 通过调度器拿账号 Lease
+//   4. 转译请求体 → 调用 chatgpt.com 上游
+//   5. 转译响应(流式 or 聚合) → OpenAI 协议
+//   6. 结算(真实 tokens) / 失败退款 / 释放账号锁 / 更新风控状态
+package gateway
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/apikey"
+	"github.com/432539/gpt2api/internal/billing"
+	"github.com/432539/gpt2api/internal/channel"
+	modelpkg "github.com/432539/gpt2api/internal/model"
+	"github.com/432539/gpt2api/internal/ratelimit"
+	"github.com/432539/gpt2api/internal/scheduler"
+	"github.com/432539/gpt2api/internal/upstream/chatgpt"
+	"github.com/432539/gpt2api/internal/usage"
+	"github.com/432539/gpt2api/internal/user"
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// Handler 聚合网关需要的所有依赖。
+type Handler struct {
+	Models    *modelpkg.Registry
+	Keys      *apikey.Service
+	Billing   *billing.Engine
+	Scheduler *scheduler.Scheduler
+	Groups    *user.GroupCache
+	Limiter   *ratelimit.Limiter
+	Usage     *usage.Logger
+	AccSvc    interface {
+		DecryptCookies(ctx context.Context, accountID uint64) (string, error)
+	}
+	// Images 可选:若挂载,chat/completions 里指定图像模型会自动转派。
+	Images *ImagesHandler
+
+	// Channels 可选:若注入,则在本地模型命中渠道映射时优先走外置上游渠道,
+	// 未命中(ErrNoRoute)再回退到内置 ChatGPT 账号池。
+	Channels *channel.Router
+
+	// Settings 可选:若注入则在构造上游 client 时应用动态超时。
+	Settings interface {
+		GatewayUpstreamTimeoutSec() int
+		GatewaySSEReadTimeoutSec() int
+	}
+}
+
+// upstreamTimeout 返回当前应使用的上游非流式超时。未注入时回退 60s。
+func (h *Handler) upstreamTimeout() time.Duration {
+	if h.Settings != nil {
+		if n := h.Settings.GatewayUpstreamTimeoutSec(); n > 0 {
+			return time.Duration(n) * time.Second
+		}
+	}
+	return 60 * time.Second
+}
+
+// mapUpstreamModelSlug 把品牌名映射到 chatgpt.com 后端实际认的灰度 slug。
+//
+// 背景:chatgpt.com 的 /f/conversation payload 里 model 字段不是品牌名
+// (gpt-5 / gpt-4o),而是"灰度构建版本号"(例如 gpt-5-3)。浏览器在打开
+// 页面时从 /backend-api/models 响应里拿到真实 slug,发请求时原样回传。
+// 后台直接发 "gpt-5" 会被上游判为非标准客户端,下发一条空 system message
+// (is_visually_hidden_from_conversation=true)静默拒绝,看起来就是"没输出"。
+//
+// 本映射只收录 HAR 抓包实证过的条目;未覆盖的 slug 原样透传,管理员如果
+// 遇到 silent rejection,可以:
+//  1. 抓包拿到真实 slug 后在 models.upstream_model_slug 里直接填带版本号的值;
+//  2. 或临时改成 "auto",让上游自己路由(代价是付费账号可能被降级到免费模型)。
+func mapUpstreamModelSlug(s string) string {
+	switch s {
+	case "gpt-5":
+		// HAR 抓包(2026-04,paid 账号,Edge 143)实证
+		return "gpt-5-3"
+	default:
+		return s
+	}
+}
+
+// roughEstimateTokens 估算 messages prompt tokens(无 tiktoken,简单 len/4)。
+func roughEstimateTokens(msgs []chatgpt.ChatMessage) int {
+	n := 0
+	for _, m := range msgs {
+		n += (len(m.Content) + 3) / 4
+		n += 4 // role/overhead
+	}
+	return n + 2
+}
+
+// ChatCompletions 是 POST /v1/chat/completions 入口。
+func (h *Handler) ChatCompletions(c *gin.Context) {
+	startAt := time.Now()
+	ak, ok := apikey.FromCtx(c)
+	if !ok {
+		openAIError(c, http.StatusUnauthorized, "missing_api_key", "缺少 API Key")
+		return
+	}
+
+	var req ChatCompletionsRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		openAIError(c, http.StatusBadRequest, "invalid_request_error", "请求参数错误:"+err.Error())
+		return
+	}
+
+	refID := uuid.NewString()
+
+	// 请求全生命周期的上下文,用于最终写 usage_logs。
+	rec := &usage.Log{
+		UserID:    ak.UserID,
+		KeyID:     ak.ID,
+		RequestID: refID,
+		Type:      usage.TypeChat,
+		IP:        c.ClientIP(),
+		UA:        c.Request.UserAgent(),
+	}
+	defer func() {
+		rec.DurationMs = int(time.Since(startAt).Milliseconds())
+		if rec.Status == "" {
+			rec.Status = usage.StatusFailed
+		}
+		if h.Usage != nil {
+			h.Usage.Write(rec)
+		}
+	}()
+	fail := func(code string) { rec.Status = usage.StatusFailed; rec.ErrorCode = code }
+
+	// 1) 白名单 + 模型
+	if !ak.ModelAllowed(req.Model) {
+		fail("model_not_allowed")
+		openAIError(c, http.StatusForbidden, "model_not_allowed",
+			fmt.Sprintf("当前 API Key 无权调用模型 %q", req.Model))
+		return
+	}
+	m, err := h.Models.BySlug(c.Request.Context(), req.Model)
+	if err != nil || !m.Enabled {
+		fail("model_not_found")
+		openAIError(c, http.StatusBadRequest, "model_not_found",
+			fmt.Sprintf("模型 %q 不存在或已下架", req.Model))
+		return
+	}
+	// Chat 入口收到图像模型时,转派给图像分支(便于客户端只用 /v1/chat/completions)。
+	if m.Type == modelpkg.TypeImage {
+		if h.Images == nil {
+			fail("image_not_wired")
+			openAIError(c, http.StatusNotImplemented, "image_not_wired",
+				"图片生成能力未开启,请联系管理员")
+			return
+		}
+		// 借用当前已鉴权/白名单通过的 ak + 模型,走图像流程并以 OpenAI chat 响应格式返回。
+		h.Images.handleChatAsImage(c, rec, ak, m, &req, startAt)
+		return
+	}
+	rec.ModelID = m.ID
+
+	// 2) 分组倍率 + RPM/TPM
+	ratio := 1.0
+	rpmCap, tpmCap := ak.RPM, ak.TPM
+	if h.Groups != nil {
+		if g, err := h.Groups.OfUser(c.Request.Context(), ak.UserID); err == nil && g != nil {
+			ratio = g.Ratio
+			if rpmCap == 0 {
+				rpmCap = g.RPMLimit
+			}
+			if tpmCap == 0 {
+				tpmCap = g.TPMLimit
+			}
+		}
+	}
+
+	// 2a) RPM
+	if h.Limiter != nil {
+		if ok, _, err := h.Limiter.AllowRPM(c.Request.Context(), ak.ID, rpmCap); err == nil && !ok {
+			fail("rate_limit_rpm")
+			openAIError(c, http.StatusTooManyRequests, "rate_limit_rpm",
+				"触发每分钟请求数限制 (RPM),请稍后再试")
+			return
+		}
+	}
+
+	// 优先走外置渠道。本地模型若配置了渠道映射,直接由适配器调用 OpenAI/Gemini
+	// 兼容接口并按 SSE 返回。handled=true 时已完成响应,直接收尾。
+	if h.Channels != nil {
+		if handled := h.dispatchChatToChannel(c, ak, m, &req, rec, ratio, rpmCap, tpmCap, startAt); handled {
+			return
+		}
+	}
+
+	// 3) 预扣(按 max_tokens 或 2048 估算)
+	promptTokens := roughEstimateTokens(req.Messages)
+	estTokens := req.MaxTokens
+	if estTokens <= 0 {
+		estTokens = 2048
+	}
+	estCost := billing.EstimateChat(m, promptTokens, req.MaxTokens, ratio)
+
+	// 2b) TPM(按估算 tokens 预扣,结算时按差额 adjust)
+	if h.Limiter != nil {
+		if ok, _, err := h.Limiter.AllowTPM(c.Request.Context(), ak.ID, tpmCap,
+			int64(promptTokens+estTokens)); err == nil && !ok {
+			fail("rate_limit_tpm")
+			openAIError(c, http.StatusTooManyRequests, "rate_limit_tpm",
+				"触发每分钟 Token 限制 (TPM),请稍后再试")
+			return
+		}
+	}
+
+	if err := h.Billing.PreDeduct(c.Request.Context(), ak.UserID, ak.ID, estCost, refID, "chat prepay"); err != nil {
+		if errors.Is(err, billing.ErrInsufficient) {
+			fail("insufficient_balance")
+			openAIError(c, http.StatusPaymentRequired, "insufficient_balance", "积分不足,请前往「账单与充值」充值后再试")
+			return
+		}
+		fail("billing_error")
+		openAIError(c, http.StatusInternalServerError, "billing_error", "计费异常:"+err.Error())
+		return
+	}
+
+	refunded := false
+	refund := func(code string) {
+		fail(code)
+		if refunded {
+			return
+		}
+		refunded = true
+		_ = h.Billing.Refund(context.Background(), ak.UserID, ak.ID, estCost, refID, "chat refund")
+	}
+
+	// 4) 调度账号
+	lease, err := h.Scheduler.Dispatch(c.Request.Context(), modelpkg.TypeChat)
+	if err != nil {
+		refund("no_account_available")
+		openAIError(c, http.StatusServiceUnavailable, "no_account_available", "账号池暂无可用账号,请稍后重试")
+		return
+	}
+	rec.AccountID = lease.Account.ID
+	defer func() { _ = lease.Release(context.Background()) }()
+
+	// 5) 构造上游 client
+	cookies, _ := h.AccSvc.DecryptCookies(c.Request.Context(), lease.Account.ID)
+	cli, err := chatgpt.New(chatgpt.Options{
+		AuthToken: lease.AuthToken,
+		DeviceID:  lease.DeviceID,
+		SessionID: lease.SessionID,
+		ProxyURL:  lease.ProxyURL,
+		Cookies:   cookies,
+		Timeout:   h.upstreamTimeout(),
+	})
+	if err != nil {
+		refund("upstream_init_error")
+		openAIError(c, http.StatusInternalServerError, "upstream_init_error", "上游客户端初始化失败:"+err.Error())
+		return
+	}
+
+	upstreamModel := m.UpstreamModelSlug
+	if upstreamModel == "" {
+		upstreamModel = "auto"
+	}
+	// Model slug 兜底映射:chatgpt.com 后端识别的是"灰度构建版本号",不是
+	// 通用品牌名。HAR 抓包(2026-04 paid 账号)显示浏览器实际发送的 slug:
+	//   品牌名 "GPT-5"   →  真实 slug "gpt-5-3"
+	//   品牌名 "GPT-5 Thinking" → "gpt-5-t-3" (待证实)
+	// 直接发裸的 "gpt-5" 会被上游识别为非标准客户端,下发一条
+	// is_visually_hidden_from_conversation=true 的空 system message(silent
+	// rejection)。这里做一次自动改写,避免运维每次灰度版本号变动都要改表。
+	// 管理员若在 models.upstream_model_slug 直接填了带版本号的 slug(如
+	// "gpt-5-3"),本映射是 no-op。
+	upstreamModel = mapUpstreamModelSlug(upstreamModel)
+
+	// 对齐 Python 参考实现(gen_image.py,已验证可用)的真实顺序:
+	//   (a) Bootstrap GET /                  —— 拿 __cf_bm / oai-did / _cfuvid cookie
+	//   (b) sentinel/chat-requirements       —— 拿 chat_token + proofofwork 描述
+	//   (c) f/conversation/prepare           —— 带 chat_token(!) + proof_token,拿 conduit_token
+	//   (d) f/conversation                   —— 带 chat_token + proof_token + conduit_token 发 SSE
+	//
+	// Python 参考实现 gen_image.py 的 prepare_fconversation 明确要 chat_token,
+	// 且不带 sentinel header 会让 prepare 返回空 conduit_token。
+
+	// (a) Bootstrap
+	bootCtx, cancelBoot := context.WithTimeout(c.Request.Context(), 15*time.Second)
+	_ = cli.Bootstrap(bootCtx)
+	cancelBoot()
+
+	// (b) chat-requirements —— 优先走新两步协议(prepare + finalize),solver 未配置
+	// 或失败时会自动回退到单步老接口(V2 内部实现)。
+	reqCtx, cancel := context.WithTimeout(c.Request.Context(), 30*time.Second)
+	defer cancel()
+
+	cr, err := cli.ChatRequirementsV2(reqCtx)
+	if err != nil {
+		h.handleUpstreamErr(c, lease, err, func() { refund("upstream_error") })
+		return
+	}
+
+	// POW(异步,5s 超时)
+	var proofToken string
+	if cr.Proofofwork.Required {
+		proofCtx, cancelProof := context.WithTimeout(c.Request.Context(), 5*time.Second)
+		proofCh := make(chan string, 1)
+		go func() { proofCh <- cr.SolveProof("") }()
+		select {
+		case <-proofCtx.Done():
+			cancelProof()
+			h.Scheduler.MarkWarned(c.Request.Context(), lease.Account.ID)
+			refund("pow_timeout")
+			openAIError(c, http.StatusServiceUnavailable, "pow_timeout",
+				"上游风控(PoW)未在规定时间内完成,请重试")
+			return
+		case proofToken = <-proofCh:
+			cancelProof()
+		}
+		if proofToken == "" {
+			h.Scheduler.MarkWarned(c.Request.Context(), lease.Account.ID)
+			refund("pow_failed")
+			openAIError(c, http.StatusServiceUnavailable, "pow_failed",
+				"上游风控(PoW)校验失败,请稍后重试")
+			return
+		}
+	}
+	// Turnstile 在新账号 / 新 device 场景几乎必现,但它实际上是"建议",
+	// 大多数情况下直接继续发 /conversation 也能被上游接受。这里只打 warn
+	// 日志,不阻断(参考 gen_image.py / chat2api 的通用做法)。
+	if cr.Turnstile.Required {
+		logger.L().Warn("chat turnstile required, continue anyway",
+			zap.Uint64("account_id", lease.Account.ID))
+	}
+
+	// 免费账号(persona=chatgpt-freeaccount)对高级模型(如 gpt-5)会静默不生成,
+	// SSE 只会下发一条 hidden system preamble 就结束。chatgpt.com 浏览器端对免费账号
+	// 实际发的 model 就是 "auto",由上游自己选。我们强制降级,避免"哑巴失败"。
+	if cr.IsFreeAccount() && upstreamModel != "auto" {
+		logger.L().Warn("free account requesting premium model, downgrade to auto",
+			zap.Uint64("account_id", lease.Account.ID),
+			zap.String("requested_model", upstreamModel))
+		upstreamModel = "auto"
+	}
+
+	chatOpt := chatgpt.FChatOpts{
+		UpstreamModel: upstreamModel,
+		Messages:      req.Messages,
+		ChatToken:     cr.Token,
+		ProofToken:    proofToken,
+	}
+
+	// (c) f/conversation/prepare(必须在 chat-requirements 之后,且带 sentinel header)
+	prepCtx, cancelPrep := context.WithTimeout(c.Request.Context(), 30*time.Second)
+	conduit, err := cli.PrepareFChat(prepCtx, chatOpt)
+	cancelPrep()
+	if err != nil {
+		logger.L().Warn("f/conversation/prepare failed, continue without conduit",
+			zap.Uint64("account_id", lease.Account.ID),
+			zap.String("upstream_model", upstreamModel),
+			zap.Error(err))
+		conduit = ""
+	}
+	chatOpt.ConduitToken = conduit
+
+	logger.L().Info("chat f/conversation send",
+		zap.Uint64("account_id", lease.Account.ID),
+		zap.String("upstream_model", upstreamModel),
+		zap.Int("chat_token_len", len(cr.Token)),
+		zap.Int("proof_token_len", len(proofToken)),
+		zap.Int("conduit_len", len(conduit)),
+		zap.Bool("turnstile_required", cr.Turnstile.Required),
+		zap.String("persona", cr.Persona),
+	)
+
+	// (d) f/conversation SSE
+	stream, err := cli.StreamFChat(c.Request.Context(), chatOpt)
+	if err != nil {
+		h.handleUpstreamErr(c, lease, err, func() { refund("upstream_error") })
+		return
+	}
+
+	// 8) 转发响应
+	id := "chatcmpl-" + uuid.NewString()
+	if req.Stream {
+		h.streamOpenAI(c, id, req.Model, stream, cr.IsFreeAccount())
+	} else {
+		h.collectOpenAI(c, id, req.Model, stream, cr.IsFreeAccount())
+	}
+
+	// 9) 结算
+	completionTokens := h.lastCompletionTokens(c)
+	actual := billing.ComputeChatCost(m, promptTokens, completionTokens, ratio)
+	if err := h.Billing.Settle(context.Background(), ak.UserID, ak.ID, estCost, actual, refID, "chat settle"); err != nil {
+		logger.L().Error("billing settle", zap.Error(err), zap.String("ref", refID))
+	}
+	_ = h.Keys.DAO().TouchUsage(context.Background(), ak.ID, c.ClientIP(), actual)
+
+	// 10) TPM 差额补偿:真实 tokens 可能低于估算,这里可以 adjust 还桶。
+	if h.Limiter != nil {
+		real := int64(promptTokens + completionTokens)
+		est := int64(promptTokens + estTokens)
+		if diff := real - est; diff > 0 {
+			h.Limiter.AdjustTPM(context.Background(), ak.ID, tpmCap, diff)
+		}
+	}
+
+	// 11) usage 记录
+	rec.Status = usage.StatusSuccess
+	rec.InputTokens = promptTokens
+	rec.OutputTokens = completionTokens
+	rec.CreditCost = actual
+}
+
+// streamOpenAI 将上游 SSE 事件转为 OpenAI 风格流式响应。
+// freeAccount 标记上游 persona 是 chatgpt-freeaccount,用于在"没拿到任何内容"
+// 的兜底分支给出更精准的错误消息(免费账号会被上游静默拒绝)。
+func (h *Handler) streamOpenAI(c *gin.Context, id, model string, stream <-chan chatgpt.SSEEvent, freeAccount bool) {
+	w := c.Writer
+	w.Header().Set("Content-Type", "text/event-stream")
+	w.Header().Set("Cache-Control", "no-cache")
+	w.Header().Set("Connection", "keep-alive")
+	w.Header().Set("X-Accel-Buffering", "no")
+	w.WriteHeader(http.StatusOK)
+	flusher, _ := w.(http.Flusher)
+
+	// 先发一个 role=assistant 的空 delta(OpenAI 规范起始)
+	writeChunk(w, flusher, id, model, DeltaMsg{Role: "assistant"}, nil)
+
+	var extr deltaExtractor
+	var total strings.Builder
+
+	evCount := 0
+	silentlyRejected := false
+	for ev := range stream {
+		if ev.Err != nil {
+			logger.L().Warn("upstream stream err", zap.Error(ev.Err))
+			break
+		}
+		if len(ev.Data) == 0 {
+			continue
+		}
+		evCount++
+		// 对前若干帧开 Info 级别日志,方便线上快速定位 "SSE 有事件但正文为空" 的协议级问题。
+		// truncate 2048:大多数关键元数据事件(含 error/moderation_result)一帧就能看全。
+		// 稳定后可改回 Debug。
+		if evCount <= 16 {
+			logger.L().Info("chat sse raw", zap.Int("n", evCount),
+				zap.String("event", ev.Event),
+				zap.String("data", truncate(string(ev.Data), 2048)))
+		}
+		if !silentlyRejected && isSilentRejection(ev.Data) {
+			silentlyRejected = true
+		}
+		delta, final, err := extr.Extract(ev.Data)
+		if err != nil {
+			continue
+		}
+		if delta != "" {
+			total.WriteString(delta)
+			writeChunk(w, flusher, id, model, DeltaMsg{Content: delta}, nil)
+		}
+		if final {
+			break
+		}
+	}
+	logger.L().Info("chat sse done", zap.Int("events", evCount),
+		zap.Int("content_len", total.Len()),
+		zap.Bool("silently_rejected", silentlyRejected))
+
+	// 兜底:上游接受了请求但没产出任何可见文本
+	if total.Len() == 0 && evCount > 0 {
+		writeChunk(w, flusher, id, model, DeltaMsg{Content: emptyReplyMessage(freeAccount, silentlyRejected)}, nil)
+	}
+
+	stop := "stop"
+	writeChunk(w, flusher, id, model, DeltaMsg{}, &stop)
+	fmt.Fprintf(w, "data: [DONE]\n\n")
+	if flusher != nil {
+		flusher.Flush()
+	}
+
+	// 把内容长度记录到 ctx 供结算使用。
+	c.Set("completion_tokens", (total.Len()+3)/4)
+}
+
+func (h *Handler) collectOpenAI(c *gin.Context, id, model string, stream <-chan chatgpt.SSEEvent, freeAccount bool) {
+	var extr deltaExtractor
+	var content strings.Builder
+	evCount := 0
+	silentlyRejected := false
+	for ev := range stream {
+		if ev.Err != nil {
+			logger.L().Warn("upstream collect err", zap.Error(ev.Err))
+			break
+		}
+		if len(ev.Data) == 0 {
+			continue
+		}
+		evCount++
+		if evCount <= 16 {
+			logger.L().Info("chat collect raw", zap.Int("n", evCount),
+				zap.String("event", ev.Event),
+				zap.String("data", truncate(string(ev.Data), 2048)))
+		}
+		if !silentlyRejected && isSilentRejection(ev.Data) {
+			silentlyRejected = true
+		}
+		delta, final, _ := extr.Extract(ev.Data)
+		if delta != "" {
+			content.WriteString(delta)
+		}
+		if final {
+			break
+		}
+	}
+	logger.L().Info("chat collect done", zap.Int("events", evCount),
+		zap.Int("content_len", content.Len()),
+		zap.Bool("silently_rejected", silentlyRejected))
+
+	// 兜底:上游接受了请求但没产出任何可见文本(见 streamOpenAI 同名兜底的说明)
+	if content.Len() == 0 && evCount > 0 {
+		content.WriteString(emptyReplyMessage(freeAccount, silentlyRejected))
+	}
+
+	completionTokens := (content.Len() + 3) / 4
+	c.Set("completion_tokens", completionTokens)
+
+	resp := ChatCompletionResponse{
+		ID:      id,
+		Object:  "chat.completion",
+		Created: time.Now().Unix(),
+		Model:   model,
+		Choices: []ChatCompletionChoice{{
+			Index:        0,
+			Message:      chatgpt.ChatMessage{Role: "assistant", Content: content.String()},
+			FinishReason: "stop",
+		}},
+		Usage: ChatCompletionUsage{
+			PromptTokens:     0, // 由外层填
+			CompletionTokens: completionTokens,
+			TotalTokens:      completionTokens,
+		},
+	}
+	c.JSON(http.StatusOK, resp)
+}
+
+func (h *Handler) lastCompletionTokens(c *gin.Context) int {
+	if v, ok := c.Get("completion_tokens"); ok {
+		if i, ok := v.(int); ok {
+			return i
+		}
+	}
+	return 0
+}
+
+// handleUpstreamErr 根据上游错误降级账号并回传 OpenAI 错误。
+func (h *Handler) handleUpstreamErr(c *gin.Context, lease *scheduler.Lease, err error, refund func()) {
+	var ue *chatgpt.UpstreamError
+	if errors.As(err, &ue) {
+		switch {
+		case ue.IsRateLimited():
+			h.Scheduler.MarkRateLimited(c.Request.Context(), lease.Account.ID)
+		case ue.IsUnauthorized():
+			h.Scheduler.MarkDead(c.Request.Context(), lease.Account.ID)
+		}
+		refund()
+		logger.L().Error("chat upstream error",
+			zap.Int("status", ue.Status),
+			zap.Uint64("account_id", lease.Account.ID),
+			zap.String("body", truncate(ue.Body, 1500)))
+		openAIError(c, http.StatusBadGateway, "upstream_error",
+			fmt.Sprintf("上游返回错误(HTTP %d):%s", ue.Status, truncate(ue.Body, 200)))
+		return
+	}
+	refund()
+	openAIError(c, http.StatusBadGateway, "upstream_error", "上游请求失败:"+err.Error())
+}
+
+func truncate(s string, n int) string {
+	if len(s) <= n {
+		return s
+	}
+	return s[:n] + "..."
+}
+
+// isSilentRejection 识别 ChatGPT 对免费账号/高限流账号的"静默拒绝"特征:
+// 上游下发一条 author=system + is_visually_hidden_from_conversation=true
+// + end_turn=true + parts=[""] 的 delta 事件,让前端看起来"什么都没发生"就终止。
+// 这种 pattern 和 payload 是否合规完全无关,是上游策略层的硬门槛。
+func isSilentRejection(data []byte) bool {
+	s := string(data)
+	// 用字符串快速判定,避免每帧都做完整 JSON 反序列化。
+	// 三个字段同时出现才算,防止误判正常 assistant 消息。
+	return strings.Contains(s, `"is_visually_hidden_from_conversation": true`) &&
+		strings.Contains(s, `"role": "system"`) &&
+		strings.Contains(s, `"end_turn": true`)
+}
+
+// emptyReplyMessage 根据账号类型和上游信号,返回给最终用户看的兜底文案。
+func emptyReplyMessage(freeAccount, silentlyRejected bool) string {
+	switch {
+	case silentlyRejected && freeAccount:
+		return "上游检测到当前账号为免费版(chatgpt-freeaccount),已静默拒绝本次请求。" +
+			"请联系管理员更换 ChatGPT Plus / Team 账号后再试。"
+	case silentlyRejected:
+		return "上游已接受请求但静默终止对话(常见于账号被限流或触发内容审核)," +
+			"请稍后重试,若仍失败请更换模型或账号。"
+	case freeAccount:
+		return "当前账号为 ChatGPT 免费版,上游未产出内容。请更换 Plus/Team 账号后再试。"
+	default:
+		return "上游未产出回答内容,可能触发了内容审核或账号被临时限流,请稍后重试。"
+	}
+}
+
+func writeChunk(w io.Writer, f http.Flusher, id, model string, delta DeltaMsg, finish *string) {
+	chunk := ChatCompletionChunk{
+		ID:      id,
+		Object:  "chat.completion.chunk",
+		Created: time.Now().Unix(),
+		Model:   model,
+		Choices: []ChatCompletionChunkChoice{{Index: 0, Delta: delta, FinishReason: finish}},
+	}
+	b, _ := json.Marshal(chunk)
+	fmt.Fprintf(w, "data: %s\n\n", b)
+	if f != nil {
+		f.Flush()
+	}
+}
+
+// openAIError 按 OpenAI 规范返回错误。
+func openAIError(c *gin.Context, httpStatus int, code, msg string) {
+	c.AbortWithStatusJSON(httpStatus, gin.H{
+		"error": gin.H{
+			"message": msg,
+			"type":    "invalid_request_error",
+			"code":    code,
+		},
+	})
+}
+
+// ListModels GET /v1/models
+func (h *Handler) ListModels(c *gin.Context) {
+	list, err := h.Models.ListEnabled(c.Request.Context())
+	if err != nil {
+		openAIError(c, http.StatusInternalServerError, "list_models_error", "获取模型列表失败:"+err.Error())
+		return
+	}
+	data := make([]gin.H, 0, len(list))
+	for _, m := range list {
+		data = append(data, gin.H{
+			"id":       m.Slug,
+			"object":   "model",
+			"created":  m.CreatedAt.Unix(),
+			"owned_by": "chatgpt",
+		})
+	}
+	c.JSON(http.StatusOK, gin.H{"object": "list", "data": data})
+}
diff --git a/internal/gateway/chat_channel.go b/internal/gateway/chat_channel.go
new file mode 100644
index 00000000..152c7e23
--- /dev/null
+++ b/internal/gateway/chat_channel.go
@@ -0,0 +1,269 @@
+package gateway
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/apikey"
+	"github.com/432539/gpt2api/internal/billing"
+	"github.com/432539/gpt2api/internal/channel"
+	modelpkg "github.com/432539/gpt2api/internal/model"
+	"github.com/432539/gpt2api/internal/upstream/adapter"
+	"github.com/432539/gpt2api/internal/upstream/chatgpt"
+	"github.com/432539/gpt2api/internal/usage"
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// dispatchChatToChannel 尝试把 chat 请求路由到外置渠道。
+//
+// 返回值:
+//   - handled=true 表示本函数已响应客户端(成功 / 已写失败错误),调用方不应继续;
+//   - handled=false 表示该本地模型没有配置渠道映射,调用方应回退到内置 ChatGPT 账号池。
+func (h *Handler) dispatchChatToChannel(c *gin.Context,
+	ak *apikey.APIKey, m *modelpkg.Model, req *ChatCompletionsRequest,
+	rec *usage.Log, ratio float64, rpmCap int, tpmCap int64, startAt time.Time,
+) bool {
+	if h.Channels == nil {
+		return false
+	}
+	routes, err := h.Channels.Resolve(c.Request.Context(), m.Slug, channel.ModalityText)
+	if err != nil {
+		if errors.Is(err, channel.ErrNoRoute) {
+			return false
+		}
+		logger.L().Warn("channel resolve", zap.Error(err), zap.String("model", m.Slug))
+		return false
+	}
+	if len(routes) == 0 {
+		return false
+	}
+
+	refID := uuid.NewString()
+	rec.RequestID = refID
+	rec.ModelID = m.ID
+
+	// RPM 限流
+	if h.Limiter != nil {
+		if ok, _, err := h.Limiter.AllowRPM(c.Request.Context(), ak.ID, rpmCap); err == nil && !ok {
+			rec.Status = usage.StatusFailed
+			rec.ErrorCode = "rate_limit_rpm"
+			openAIError(c, http.StatusTooManyRequests, "rate_limit_rpm",
+				"触发每分钟请求数限制 (RPM),请稍后再试")
+			return true
+		}
+	}
+
+	// 估算 & 预扣
+	promptTokens := roughEstimateTokens(req.Messages)
+	estTokens := req.MaxTokens
+	if estTokens <= 0 {
+		estTokens = 2048
+	}
+	estCost := billing.EstimateChat(m, promptTokens, req.MaxTokens, ratio)
+
+	if h.Limiter != nil {
+		if ok, _, err := h.Limiter.AllowTPM(c.Request.Context(), ak.ID, tpmCap,
+			int64(promptTokens+estTokens)); err == nil && !ok {
+			rec.Status = usage.StatusFailed
+			rec.ErrorCode = "rate_limit_tpm"
+			openAIError(c, http.StatusTooManyRequests, "rate_limit_tpm",
+				"触发每分钟 Token 限制 (TPM),请稍后再试")
+			return true
+		}
+	}
+
+	if err := h.Billing.PreDeduct(c.Request.Context(), ak.UserID, ak.ID, estCost, refID, "chat prepay"); err != nil {
+		rec.Status = usage.StatusFailed
+		if errors.Is(err, billing.ErrInsufficient) {
+			rec.ErrorCode = "insufficient_balance"
+			openAIError(c, http.StatusPaymentRequired, "insufficient_balance",
+				"积分不足,请前往「账单与充值」充值后再试")
+			return true
+		}
+		rec.ErrorCode = "billing_error"
+		openAIError(c, http.StatusInternalServerError, "billing_error", "计费异常:"+err.Error())
+		return true
+	}
+	refunded := false
+	refund := func(code string) {
+		rec.Status = usage.StatusFailed
+		rec.ErrorCode = code
+		if refunded {
+			return
+		}
+		refunded = true
+		_ = h.Billing.Refund(context.Background(), ak.UserID, ak.ID, estCost, refID, "chat refund")
+	}
+
+	// 尝试候选渠道列表,直到某个成功。
+	adReq := &adapter.ChatRequest{
+		Model:       m.Slug,
+		Messages:    req.Messages,
+		Stream:      req.Stream,
+		Temperature: req.Temperature,
+		TopP:        req.TopP,
+		MaxTokens:   req.MaxTokens,
+	}
+
+	var lastErr error
+	var selected *channel.Route
+	var stream adapter.ChatStream
+
+	for _, rt := range routes {
+		upstreamModel := rt.UpstreamModel
+		s, err := rt.Adapter.Chat(c.Request.Context(), upstreamModel, adReq)
+		if err != nil {
+			lastErr = err
+			_ = h.Channels.Svc().MarkHealth(context.Background(), rt.Channel, false, err.Error())
+			logger.L().Warn("channel chat fail, try next",
+				zap.Uint64("channel_id", rt.Channel.ID),
+				zap.String("channel_name", rt.Channel.Name),
+				zap.String("upstream_model", upstreamModel),
+				zap.Error(err))
+			continue
+		}
+		selected = rt
+		stream = s
+		break
+	}
+
+	if selected == nil {
+		refund("upstream_error")
+		msg := "所有上游渠道均不可用"
+		if lastErr != nil {
+			msg = msg + ":" + lastErr.Error()
+		}
+		openAIError(c, http.StatusBadGateway, "upstream_error", msg)
+		return true
+	}
+
+	// 成功选到一个渠道,标记健康。
+	_ = h.Channels.Svc().MarkHealth(context.Background(), selected.Channel, true, "")
+
+	// 应用渠道级倍率(在 billing ratio 基础上叠乘)。
+	channelRatio := selected.Channel.Ratio
+	if channelRatio <= 0 {
+		channelRatio = 1.0
+	}
+
+	id := "chatcmpl-" + uuid.NewString()
+	if req.Stream {
+		h.streamChannel(c, id, m.Slug, stream)
+	} else {
+		h.collectChannel(c, id, m.Slug, stream)
+	}
+	completionTokens := h.lastCompletionTokens(c)
+
+	actual := billing.ComputeChatCost(m, promptTokens, completionTokens, ratio*channelRatio)
+	if err := h.Billing.Settle(context.Background(), ak.UserID, ak.ID, estCost, actual, refID, "chat settle"); err != nil {
+		logger.L().Error("billing settle", zap.Error(err), zap.String("ref", refID))
+	}
+	_ = h.Keys.DAO().TouchUsage(context.Background(), ak.ID, c.ClientIP(), actual)
+
+	if h.Limiter != nil {
+		real := int64(promptTokens + completionTokens)
+		est := int64(promptTokens + estTokens)
+		if diff := real - est; diff > 0 {
+			h.Limiter.AdjustTPM(context.Background(), ak.ID, tpmCap, diff)
+		}
+	}
+	rec.Status = usage.StatusSuccess
+	rec.InputTokens = promptTokens
+	rec.OutputTokens = completionTokens
+	rec.CreditCost = actual
+	_ = startAt
+	return true
+}
+
+// streamChannel 将 adapter.ChatStream 转成 OpenAI SSE 写回给客户端。
+func (h *Handler) streamChannel(c *gin.Context, id, model string, stream adapter.ChatStream) {
+	w := c.Writer
+	w.Header().Set("Content-Type", "text/event-stream")
+	w.Header().Set("Cache-Control", "no-cache")
+	w.Header().Set("Connection", "keep-alive")
+	w.Header().Set("X-Accel-Buffering", "no")
+	w.WriteHeader(http.StatusOK)
+	flusher, _ := w.(http.Flusher)
+
+	writeChunk(w, flusher, id, model, DeltaMsg{Role: "assistant"}, nil)
+
+	var total strings.Builder
+	finish := "stop"
+	var completionTokens int
+	for ch := range stream {
+		if ch.Err != nil {
+			logger.L().Warn("channel stream err", zap.Error(ch.Err))
+			break
+		}
+		if ch.Usage != nil {
+			completionTokens = ch.Usage.CompletionTokens
+		}
+		if ch.Delta != "" {
+			total.WriteString(ch.Delta)
+			writeChunk(w, flusher, id, model, DeltaMsg{Content: ch.Delta}, nil)
+		}
+		if ch.FinishReason != "" {
+			finish = ch.FinishReason
+		}
+	}
+	writeChunk(w, flusher, id, model, DeltaMsg{}, &finish)
+	fmt.Fprintf(w, "data: [DONE]\n\n")
+	if flusher != nil {
+		flusher.Flush()
+	}
+	if completionTokens <= 0 {
+		completionTokens = (total.Len() + 3) / 4
+	}
+	c.Set("completion_tokens", completionTokens)
+}
+
+// collectChannel 非流式:收拢后一次性 JSON 返回。
+func (h *Handler) collectChannel(c *gin.Context, id, model string, stream adapter.ChatStream) {
+	var total strings.Builder
+	finish := "stop"
+	var completionTokens int
+	for ch := range stream {
+		if ch.Err != nil {
+			logger.L().Warn("channel collect err", zap.Error(ch.Err))
+			break
+		}
+		if ch.Usage != nil {
+			completionTokens = ch.Usage.CompletionTokens
+		}
+		if ch.Delta != "" {
+			total.WriteString(ch.Delta)
+		}
+		if ch.FinishReason != "" {
+			finish = ch.FinishReason
+		}
+	}
+	if completionTokens <= 0 {
+		completionTokens = (total.Len() + 3) / 4
+	}
+	c.Set("completion_tokens", completionTokens)
+	resp := ChatCompletionResponse{
+		ID:      id,
+		Object:  "chat.completion",
+		Created: time.Now().Unix(),
+		Model:   model,
+		Choices: []ChatCompletionChoice{{
+			Index:        0,
+			Message:      chatgpt.ChatMessage{Role: "assistant", Content: total.String()},
+			FinishReason: finish,
+		}},
+		Usage: ChatCompletionUsage{
+			PromptTokens:     0,
+			CompletionTokens: completionTokens,
+			TotalTokens:      completionTokens,
+		},
+	}
+	c.JSON(http.StatusOK, resp)
+}
diff --git a/internal/gateway/delta.go b/internal/gateway/delta.go
new file mode 100644
index 00000000..b7c74b45
--- /dev/null
+++ b/internal/gateway/delta.go
@@ -0,0 +1,209 @@
+package gateway
+
+import (
+	"encoding/json"
+	"strings"
+)
+
+// deltaExtractor 从 chatgpt.com 上游 SSE data 里提取"给用户看"的增量文本。
+//
+// 逻辑对齐 chatgpt.com 浏览器抓包的 SSE 数据格式,
+// 主要点:
+//
+//  1. 维护 `curP`(当前 JSON-Patch path)。一帧的 `p` 缺省时继承上一帧的 p
+//     —— JSON Merge Patch 约定,chatgpt 的 v1 buffering 就按这个省流量。
+//
+//  2. 维护 `recipient`(当前 assistant message 的 recipient):
+//     只有 "all"(真正答用户)才当正文;其他如 "python" / "async_browser" /
+//     "image_gen.text2im" 是 tool 调用,不输出。
+//     recipient 在首帧 `{"v": {"message": {...}}}` 里出现。
+//
+//  3. 区分 thoughts:
+//     curP 落在 `/message/content/thoughts/...` 的增量全部当"思考过程"
+//     —— 对 OpenAI chat 语义,不回给客户端(未来想支持 reasoning
+//     字段时再放进来)。
+//
+//  4. 正文候选只认 `/message/content/parts/0`(含 "" 空 p 继承到这个的情形)。
+//     `v` 可能是:
+//      a) string           —— 单帧增量
+//      b) object 首帧       —— v = {"message":{...},"conversation_id":...}
+//      c) array of patches —— v = [{p,o,v}, {p,o,v}, ...]
+//
+//  5. 结束判据:
+//      - 顶层 `{"type":"message_stream_complete"}`
+//      - 任何层级 patch 出现 `p == "/message/status"` 且 `v == "finished_successfully"`
+//      - 老 /conversation 的 parts 全量 + status: finished_successfully(场景 1 兼容)
+//      - 特殊事件 [DONE]
+//
+// 行为不变的保证:场景 1 仍兼容,`场景 2(patch 模式)` 的增量更稳。
+type deltaExtractor struct {
+	// lastFull 场景 1(旧协议)里用到,记录上一次全量正文,用于做差分。
+	lastFull string
+
+	// curP 保留上一帧的 patch path(v1 buffering 省略 p 时继承)。
+	curP string
+
+	// recipient 记录当前助手消息的接收方(all / python / ...).
+	// 默认 "all":首帧没提供 recipient 字段时按 "all" 处理。
+	recipient string
+}
+
+// Done 判断 data 是否是 [DONE]。
+func isDone(data []byte) bool {
+	s := strings.TrimSpace(string(data))
+	return s == "[DONE]"
+}
+
+// Extract 返回:增量文本、是否 final(收到结束),err。
+func (d *deltaExtractor) Extract(data []byte) (string, bool, error) {
+	if d.recipient == "" {
+		d.recipient = "all"
+	}
+	if isDone(data) {
+		return "", true, nil
+	}
+	var raw map[string]interface{}
+	if err := json.Unmarshal(data, &raw); err != nil {
+		// 非 JSON(心跳或其他)—— 忽略。
+		return "", false, nil
+	}
+
+	// 顶层 type: "message_stream_complete" —— f/conversation 结束事件。
+	if t, _ := raw["type"].(string); t == "message_stream_complete" {
+		return "", true, nil
+	}
+
+	// 1) 继承/更新 curP。只有本帧显式出现 p 时才覆盖,否则继承上一帧。
+	if p, ok := raw["p"].(string); ok {
+		d.curP = p
+	}
+
+	// 2) 遇到 thoughts 路径:v1 协议里 summary/thoughts 的 token 增量
+	//    都不当作 assistant 正文(未来接 reasoning 字段时再放开)。
+	if strings.HasPrefix(d.curP, "/message/content/thoughts") {
+		return "", false, nil
+	}
+
+	v, hasV := raw["v"]
+	if !hasV {
+		return "", false, nil
+	}
+
+	// 3) v 为 string:最常见的增量帧。
+	if s, ok := v.(string); ok {
+		// 只有 recipient == "all"(真答用户)且 curP 落在 parts/0(或空继承)才当正文。
+		if d.recipient != "all" {
+			// 状态检查:一些上游用 `{"v":"finished_successfully","p":"/message/status"}` 作为结束
+			if d.curP == "/message/status" && s == "finished_successfully" {
+				return "", true, nil
+			}
+			return "", false, nil
+		}
+		if d.curP == "/message/status" && s == "finished_successfully" {
+			return "", true, nil
+		}
+		// curP 为空(首 append 未声明 p)或显式 parts/0:输出
+		if d.curP == "" || d.curP == "/message/content/parts/0" {
+			return s, false, nil
+		}
+		return "", false, nil
+	}
+
+	// 4) v 为数组:一帧打包多个 patch。
+	if arr, ok := v.([]interface{}); ok {
+		var b strings.Builder
+		final := false
+		for _, item := range arr {
+			m, ok := item.(map[string]interface{})
+			if !ok {
+				continue
+			}
+			// 每条 patch 也可能更新 curP;对数组内 patch,按每条单独解析,
+			// 但为了跨帧继承,遍历完后再同步 curP(取最后一条为准)。
+			subP, _ := m["p"].(string)
+			subV := m["v"]
+			subO, _ := m["o"].(string)
+			if subP != "" {
+				d.curP = subP
+			}
+			// thoughts 相关的 patch 吞掉
+			if strings.HasPrefix(d.curP, "/message/content/thoughts") {
+				continue
+			}
+			// 状态结束
+			if d.curP == "/message/status" {
+				if s, ok := subV.(string); ok && s == "finished_successfully" {
+					final = true
+				}
+				continue
+			}
+			// 只认正文 append
+			if (d.curP == "" || d.curP == "/message/content/parts/0") &&
+				(subO == "" || subO == "append") && d.recipient == "all" {
+				if s, ok := subV.(string); ok {
+					b.WriteString(s)
+				}
+			}
+		}
+		return b.String(), final, nil
+	}
+
+	// 5) v 为 object:通常是首帧,里面包着 conversation_id + message 元信息。
+	if m, ok := v.(map[string]interface{}); ok {
+		// 更新 recipient:首帧没带 role=assistant 时也可能是 tool,需要及时切
+		if msg, ok := m["message"].(map[string]interface{}); ok {
+			if r, ok := msg["recipient"].(string); ok && r != "" {
+				d.recipient = r
+			}
+			// 初始 content(通常空),用来给老协议场景 1 设置 lastFull baseline
+			if content, ok := msg["content"].(map[string]interface{}); ok {
+				if parts, ok := content["parts"].([]interface{}); ok && len(parts) > 0 {
+					if cur, ok := parts[0].(string); ok {
+						d.lastFull = cur
+						final := false
+						if st, _ := msg["status"].(string); st == "finished_successfully" {
+							final = true
+						}
+						// 首帧的初始内容也 yield 出去(通常是空,不会影响),
+						// 保持向后兼容老代码读 parts[0] 的行为。
+						if cur != "" && d.recipient == "all" {
+							return cur, final, nil
+						}
+						return "", final, nil
+					}
+				}
+			}
+		}
+		return "", false, nil
+	}
+
+	// 6) 场景 1 兼容:旧 /conversation 协议的顶层 {"message":{...}}
+	if msg, ok := raw["message"].(map[string]interface{}); ok {
+		if r, ok := msg["recipient"].(string); ok && r != "" {
+			d.recipient = r
+		}
+		if content, ok := msg["content"].(map[string]interface{}); ok {
+			if parts, ok := content["parts"].([]interface{}); ok && len(parts) > 0 {
+				if cur, ok := parts[0].(string); ok {
+					delta := ""
+					if strings.HasPrefix(cur, d.lastFull) {
+						delta = cur[len(d.lastFull):]
+					} else {
+						delta = cur
+					}
+					d.lastFull = cur
+					final := false
+					if status, _ := msg["status"].(string); status == "finished_successfully" {
+						final = true
+					}
+					if d.recipient != "all" {
+						return "", final, nil
+					}
+					return delta, final, nil
+				}
+			}
+		}
+	}
+
+	return "", false, nil
+}
diff --git a/internal/gateway/image_channel.go b/internal/gateway/image_channel.go
new file mode 100644
index 00000000..d9f1f03e
--- /dev/null
+++ b/internal/gateway/image_channel.go
@@ -0,0 +1,167 @@
+package gateway
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/apikey"
+	"github.com/432539/gpt2api/internal/billing"
+	"github.com/432539/gpt2api/internal/channel"
+	modelpkg "github.com/432539/gpt2api/internal/model"
+	"github.com/432539/gpt2api/internal/upstream/adapter"
+	"github.com/432539/gpt2api/internal/usage"
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// dispatchImageToChannel 尝试把图片生成请求路由到外置渠道(OpenAI/Gemini 等)。
+//
+// 返回:
+//   - handled=true:已完成响应(成功或失败),调用方直接返回;
+//   - handled=false:没有渠道映射或全部候选失败且需要回退到内置 ChatGPT 账号池。
+//
+// 仅覆盖纯 prompt 文生图场景;reference_images 分支继续走原 Runner(ChatGPT 账号池)。
+func (h *ImagesHandler) dispatchImageToChannel(c *gin.Context,
+	ak *apikey.APIKey, m *modelpkg.Model, req *ImageGenRequest,
+	rec *usage.Log, ratio float64,
+) bool {
+	if h.Channels == nil {
+		return false
+	}
+	// 参考图 / 图像编辑场景不走渠道(需要上游 file upload 能力,后续再接入)。
+	if len(req.ReferenceImages) > 0 {
+		return false
+	}
+	routes, err := h.Channels.Resolve(c.Request.Context(), m.Slug, channel.ModalityImage)
+	if err != nil {
+		if errors.Is(err, channel.ErrNoRoute) {
+			return false
+		}
+		logger.L().Warn("channel resolve image", zap.Error(err), zap.String("model", m.Slug))
+		return false
+	}
+	if len(routes) == 0 {
+		return false
+	}
+
+	refID := uuid.NewString()
+	rec.RequestID = refID
+
+	cost := billing.ComputeImageCost(m, req.N, ratio)
+	if cost > 0 {
+		if err := h.Billing.PreDeduct(c.Request.Context(), ak.UserID, ak.ID, cost, refID, "image prepay"); err != nil {
+			rec.Status = usage.StatusFailed
+			if errors.Is(err, billing.ErrInsufficient) {
+				rec.ErrorCode = "insufficient_balance"
+				openAIError(c, http.StatusPaymentRequired, "insufficient_balance",
+					"积分不足,请前往「账单与充值」充值后再试")
+				return true
+			}
+			rec.ErrorCode = "billing_error"
+			openAIError(c, http.StatusInternalServerError, "billing_error", "计费异常:"+err.Error())
+			return true
+		}
+	}
+	refunded := false
+	refund := func(code string) {
+		rec.Status = usage.StatusFailed
+		rec.ErrorCode = code
+		if refunded || cost == 0 {
+			return
+		}
+		refunded = true
+		_ = h.Billing.Refund(context.Background(), ak.UserID, ak.ID, cost, refID, "image refund")
+	}
+
+	ir := &adapter.ImageRequest{
+		Model:  m.Slug,
+		Prompt: req.Prompt,
+		N:      req.N,
+		Size:   req.Size,
+		Format: req.ResponseFormat,
+	}
+
+	ctx, cancel := context.WithTimeout(c.Request.Context(), 7*time.Minute)
+	defer cancel()
+
+	var lastErr error
+	var result *adapter.ImageResult
+	var selected *channel.Route
+	for _, rt := range routes {
+		r, err := rt.Adapter.ImageGenerate(ctx, rt.UpstreamModel, ir)
+		if err != nil {
+			lastErr = err
+			_ = h.Channels.Svc().MarkHealth(context.Background(), rt.Channel, false, err.Error())
+			logger.L().Warn("channel image fail, try next",
+				zap.Uint64("channel_id", rt.Channel.ID),
+				zap.String("channel_name", rt.Channel.Name),
+				zap.Error(err))
+			continue
+		}
+		result = r
+		selected = rt
+		break
+	}
+
+	if result == nil {
+		refund("upstream_error")
+		msg := "所有上游渠道均不可用"
+		if lastErr != nil {
+			msg += ":" + lastErr.Error()
+		}
+		openAIError(c, http.StatusBadGateway, "upstream_error", msg)
+		return true
+	}
+	_ = h.Channels.Svc().MarkHealth(context.Background(), selected.Channel, true, "")
+
+	// 渠道级倍率叠乘
+	channelRatio := selected.Channel.Ratio
+	if channelRatio <= 0 {
+		channelRatio = 1.0
+	}
+	finalCost := billing.ComputeImageCost(m, actualCount(result), ratio*channelRatio)
+
+	data := make([]ImageGenData, 0, actualCount(result))
+	for _, u := range result.URLs {
+		data = append(data, ImageGenData{URL: u})
+	}
+	// base64 → data: URL,浏览器直接可渲染。
+	// (若后续需要 b64_json 直返,ImageGenData 补一个 B64 字段即可。)
+	for _, b := range result.B64s {
+		data = append(data, ImageGenData{URL: "data:image/png;base64," + b})
+	}
+
+	if finalCost > 0 {
+		if err := h.Billing.Settle(context.Background(), ak.UserID, ak.ID, cost, finalCost, refID, "image settle"); err != nil {
+			logger.L().Error("billing settle image channel", zap.Error(err), zap.String("ref", refID))
+		}
+	}
+	_ = h.Keys.DAO().TouchUsage(context.Background(), ak.ID, c.ClientIP(), finalCost)
+
+	rec.Status = usage.StatusSuccess
+	rec.ModelID = m.ID
+	rec.CreditCost = finalCost
+	rec.ImageCount = actualCount(result)
+
+	c.JSON(http.StatusOK, ImageGenResponse{
+		Created: time.Now().Unix(),
+		Data:    data,
+	})
+	return true
+}
+
+func actualCount(r *adapter.ImageResult) int {
+	if r == nil {
+		return 0
+	}
+	n := len(r.URLs) + len(r.B64s)
+	if n == 0 {
+		return 1
+	}
+	return n
+}
diff --git a/internal/gateway/images.go b/internal/gateway/images.go
new file mode 100644
index 00000000..dbee73df
--- /dev/null
+++ b/internal/gateway/images.go
@@ -0,0 +1,1013 @@
+package gateway
+
+import (
+	"context"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/apikey"
+	"github.com/432539/gpt2api/internal/billing"
+	"github.com/432539/gpt2api/internal/image"
+	modelpkg "github.com/432539/gpt2api/internal/model"
+	"github.com/432539/gpt2api/internal/upstream/chatgpt"
+	"github.com/432539/gpt2api/internal/usage"
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// 单张参考图的硬上限(字节)。chatgpt.com 的 /backend-api/files 实测上限大致 20MB。
+const maxReferenceImageBytes = 20 * 1024 * 1024
+
+// 同一次请求最多携带的参考图数量。
+const maxReferenceImages = 4
+
+// chatMsg 是 OpenAI chat message 的本地别名,便于 handleChatAsImage 内部表达。
+type chatMsg = chatgpt.ChatMessage
+
+// ImagesHandler 挂载在 /v1/images/* 下的处理器。
+//
+// 复用 Handler 的依赖(鉴权/模型/计费/限流/usage)加上专属的 image.Runner 和 DAO。
+// 路由:
+//
+//	POST /v1/images/generations       同步生图(默认)
+//	GET  /v1/images/tasks/:id         查询历史任务(按 task_id)
+type ImagesHandler struct {
+	*Handler
+	Runner *image.Runner
+	DAO    *image.DAO
+	// ImageAccResolver 可选:代理下载上游图片时用于解出账号 AT/cookies/proxy。
+	// 未注入时 /p/img 路径会返回 503。
+	ImageAccResolver ImageAccountResolver
+}
+
+// ImageGenRequest OpenAI 兼容入参。
+//
+// 对 reference_images 的扩展:OpenAI 的 /images/generations 规范没有这个字段;
+// 这里加一项非标准扩展,便于 Playground / Web UI 发起"图生图"走同一条 generations 路径。
+// 每一项可以是:
+//   - https:// URL       直接 HTTP GET
+//   - data:<mime>;base64,xxxx   dataURL
+//   - 纯 base64 字符串            兼容
+type ImageGenRequest struct {
+	Model           string   `json:"model"`
+	Prompt          string   `json:"prompt"`
+	N               int      `json:"n"`
+	Size            string   `json:"size"`
+	Quality         string   `json:"quality,omitempty"`
+	Style           string   `json:"style,omitempty"`
+	ResponseFormat  string   `json:"response_format,omitempty"` // url | b64_json(暂仅支持 url)
+	User            string   `json:"user,omitempty"`
+	ReferenceImages []string `json:"reference_images,omitempty"` // 非标准扩展,见注释
+	// Upscale 非标准扩展:控制"本服务对原图做本地高清放大"的目标档位。
+	// 可选值:""(原图直出,默认)/ "2k"(长边 2560) / "4k"(长边 3840)。
+	// 算法:golang.org/x/image/draw.CatmullRom(传统插值,不是 AI 超分)。
+	// 生效时机:图片代理 URL 首次请求时做一次 decode+放大+PNG 编码,之后进程内
+	// LRU 缓存命中毫秒级返回。仅影响 /v1/images/proxy/... 的出口字节,不改原图。
+	Upscale string `json:"upscale,omitempty"`
+}
+
+// ImageGenData 单张图响应。
+type ImageGenData struct {
+	URL           string `json:"url,omitempty"`
+	RevisedPrompt string `json:"revised_prompt,omitempty"`
+	FileID        string `json:"file_id,omitempty"` // chatgpt.com 侧原始 id(用于对账)
+}
+
+// ImageGenResponse OpenAI 兼容返回。
+type ImageGenResponse struct {
+	Created int64          `json:"created"`
+	Data    []ImageGenData `json:"data"`
+	TaskID  string         `json:"task_id,omitempty"`
+}
+
+// ImageGenerations POST /v1/images/generations。
+func (h *ImagesHandler) ImageGenerations(c *gin.Context) {
+	startAt := time.Now()
+	ak, ok := apikey.FromCtx(c)
+	if !ok {
+		openAIError(c, http.StatusUnauthorized, "missing_api_key", "缺少 API Key")
+		return
+	}
+
+	var req ImageGenRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		openAIError(c, http.StatusBadRequest, "invalid_request_error", "请求参数错误:"+err.Error())
+		return
+	}
+	if strings.TrimSpace(req.Prompt) == "" {
+		openAIError(c, http.StatusBadRequest, "invalid_request_error", "prompt 不能为空")
+		return
+	}
+	if req.Model == "" {
+		req.Model = "gpt-image-2"
+	}
+	if req.N <= 0 {
+		req.N = 1
+	}
+	if req.N > 4 {
+		req.N = 4 // 目前 IMG2 终稿单轮稳定产出 1-4 张,保守上限
+	}
+	if req.Size == "" {
+		req.Size = "1024x1024"
+	}
+	req.Upscale = image.ValidateUpscale(req.Upscale)
+
+	refID := uuid.NewString()
+	rec := &usage.Log{
+		UserID:    ak.UserID,
+		KeyID:     ak.ID,
+		RequestID: refID,
+		Type:      usage.TypeImage,
+		IP:        c.ClientIP(),
+		UA:        c.Request.UserAgent(),
+	}
+	defer func() {
+		rec.DurationMs = int(time.Since(startAt).Milliseconds())
+		if rec.Status == "" {
+			rec.Status = usage.StatusFailed
+		}
+		if h.Usage != nil {
+			h.Usage.Write(rec)
+		}
+	}()
+	fail := func(code string) { rec.Status = usage.StatusFailed; rec.ErrorCode = code }
+
+	// 1) 模型白名单
+	if !ak.ModelAllowed(req.Model) {
+		fail("model_not_allowed")
+		openAIError(c, http.StatusForbidden, "model_not_allowed",
+			fmt.Sprintf("当前 API Key 无权调用模型 %q", req.Model))
+		return
+	}
+	m, err := h.Models.BySlug(c.Request.Context(), req.Model)
+	if err != nil || m == nil || !m.Enabled {
+		fail("model_not_found")
+		openAIError(c, http.StatusBadRequest, "model_not_found",
+			fmt.Sprintf("模型 %q 不存在或已下架", req.Model))
+		return
+	}
+	if m.Type != modelpkg.TypeImage {
+		fail("model_type_mismatch")
+		openAIError(c, http.StatusBadRequest, "model_type_mismatch",
+			fmt.Sprintf("模型 %q 不是图像模型,不能用于 /v1/images/generations", req.Model))
+		return
+	}
+	rec.ModelID = m.ID
+
+	// 2) 分组倍率 + RPM 限流(图像不走 TPM)
+	ratio := 1.0
+	rpmCap := ak.RPM
+	if h.Groups != nil {
+		if g, err := h.Groups.OfUser(c.Request.Context(), ak.UserID); err == nil && g != nil {
+			ratio = g.Ratio
+			if rpmCap == 0 {
+				rpmCap = g.RPMLimit
+			}
+		}
+	}
+	if h.Limiter != nil {
+		if ok, _, err := h.Limiter.AllowRPM(c.Request.Context(), ak.ID, rpmCap); err == nil && !ok {
+			fail("rate_limit_rpm")
+			openAIError(c, http.StatusTooManyRequests, "rate_limit_rpm",
+				"触发每分钟请求数限制 (RPM),请稍后再试")
+			return
+		}
+	}
+
+	// 若本地模型配置了外置渠道(OpenAI DALL·E / Gemini imagen 等),优先走渠道。
+	// 参考图场景(reference_images)仍走原 ChatGPT 账号池 Runner。
+	if h.Channels != nil {
+		if handled := h.dispatchImageToChannel(c, ak, m, &req, rec, ratio); handled {
+			return
+		}
+	}
+
+	// 3) 预扣(图像按定价,est = actual)
+	cost := billing.ComputeImageCost(m, req.N, ratio)
+	if cost > 0 {
+		if err := h.Billing.PreDeduct(c.Request.Context(), ak.UserID, ak.ID, cost, refID, "image prepay"); err != nil {
+			if errors.Is(err, billing.ErrInsufficient) {
+				fail("insufficient_balance")
+				openAIError(c, http.StatusPaymentRequired, "insufficient_balance",
+					"积分不足,请前往「账单与充值」充值后再试")
+				return
+			}
+			fail("billing_error")
+			openAIError(c, http.StatusInternalServerError, "billing_error", "计费异常:"+err.Error())
+			return
+		}
+	}
+	refunded := false
+	refund := func(code string) {
+		fail(code)
+		if refunded || cost == 0 {
+			return
+		}
+		refunded = true
+		_ = h.Billing.Refund(context.Background(), ak.UserID, ak.ID, cost, refID, "image refund")
+	}
+
+	// 4) 落任务
+	taskID := image.GenerateTaskID()
+	task := &image.Task{
+		TaskID:          taskID,
+		UserID:          ak.UserID,
+		KeyID:           ak.ID,
+		ModelID:         m.ID,
+		Prompt:          req.Prompt,
+		N:               req.N,
+		Size:            req.Size,
+		Upscale:         req.Upscale,
+		Status:          image.StatusDispatched,
+		EstimatedCredit: cost,
+	}
+	if h.DAO != nil {
+		if err := h.DAO.Create(c.Request.Context(), task); err != nil {
+			refund("billing_error")
+			openAIError(c, http.StatusInternalServerError, "internal_error", "创建任务失败:"+err.Error())
+			return
+		}
+	}
+
+	// 4.5) 解析 reference_images(图生图 / 图像编辑入口都走到这里)
+	refs, err := decodeReferenceInputs(c.Request.Context(), req.ReferenceImages)
+	if err != nil {
+		refund("invalid_request_error")
+		openAIError(c, http.StatusBadRequest, "invalid_reference_image", "参考图解析失败:"+err.Error())
+		return
+	}
+
+	// 5) 执行(同步阻塞)
+	//
+	// 单请求硬上限 7 分钟:Runner 默认 per-attempt 6 分钟
+	// (SSE ~60s + PollMaxWait 300s + 缓冲),外层再留 1 分钟
+	// 给账号调度 + 签名 URL 换取等周边耗时。IMG2 已正式上线,不再做 preview_only 重试。
+	runCtx, cancel := context.WithTimeout(c.Request.Context(), 7*time.Minute)
+	defer cancel()
+
+	// 带参考图时,多轮重试没什么意义(反而会重复上传参考图),只留 1 次尝试。
+	maxAttempts := 2
+	if len(refs) > 0 {
+		maxAttempts = 1
+	}
+
+	res := h.Runner.Run(runCtx, image.RunOptions{
+		TaskID:        taskID,
+		UserID:        ak.UserID,
+		KeyID:         ak.ID,
+		ModelID:       m.ID,
+		UpstreamModel: m.UpstreamModelSlug,
+		Prompt:        maybeAppendClaritySuffix(req.Prompt),
+		N:             req.N,
+		MaxAttempts:   maxAttempts,
+		References:    refs,
+	})
+	rec.AccountID = res.AccountID
+
+	if res.Status != image.StatusSuccess {
+		refund(ifEmpty(res.ErrorCode, "upstream_error"))
+		httpStatus := http.StatusBadGateway
+		if res.ErrorCode == image.ErrNoAccount {
+			httpStatus = http.StatusServiceUnavailable
+		}
+		if res.ErrorCode == image.ErrRateLimited {
+			httpStatus = http.StatusServiceUnavailable
+		}
+		openAIError(c, httpStatus, ifEmpty(res.ErrorCode, "upstream_error"),
+			localizeImageErr(res.ErrorCode, res.ErrorMessage))
+		return
+	}
+
+	// 6) 结算
+	if cost > 0 {
+		if err := h.Billing.Settle(context.Background(), ak.UserID, ak.ID, cost, cost, refID, "image settle"); err != nil {
+			logger.L().Error("billing settle image", zap.Error(err), zap.String("ref", refID))
+		}
+	}
+	_ = h.Keys.DAO().TouchUsage(context.Background(), ak.ID, c.ClientIP(), cost)
+
+	// 7) usage
+	rec.Status = usage.StatusSuccess
+	rec.CreditCost = cost
+	rec.ImageCount = len(res.SignedURLs)
+
+	// 8) DAO 回写 credit_cost(Runner 已经 MarkSuccess,这里只补 credit_cost)
+	if h.DAO != nil {
+		_ = h.DAO.UpdateCost(c.Request.Context(), taskID, cost)
+	}
+
+	// 9) 响应:URL 统一走自家代理,防止 chatgpt.com estuary/content 防盗链
+	out := ImageGenResponse{
+		Created: time.Now().Unix(),
+		TaskID:  taskID,
+		Data:    make([]ImageGenData, 0, len(res.SignedURLs)),
+	}
+	for i := range res.SignedURLs {
+		d := ImageGenData{URL: BuildImageProxyURL(taskID, i, ImageProxyTTL)}
+		if i < len(res.FileIDs) {
+			d.FileID = strings.TrimPrefix(res.FileIDs[i], "sed:")
+		}
+		out.Data = append(out.Data, d)
+	}
+	c.JSON(http.StatusOK, out)
+}
+
+// ImageTask GET /v1/images/tasks/:id。
+func (h *ImagesHandler) ImageTask(c *gin.Context) {
+	ak, ok := apikey.FromCtx(c)
+	if !ok {
+		openAIError(c, http.StatusUnauthorized, "missing_api_key", "缺少 API Key")
+		return
+	}
+	id := c.Param("id")
+	if id == "" {
+		openAIError(c, http.StatusBadRequest, "invalid_request_error", "task id 不能为空")
+		return
+	}
+	if h.DAO == nil {
+		openAIError(c, http.StatusInternalServerError, "not_configured", "图片任务存储未初始化,请联系管理员")
+		return
+	}
+	t, err := h.DAO.Get(c.Request.Context(), id)
+	if err != nil {
+		if errors.Is(err, image.ErrNotFound) {
+			openAIError(c, http.StatusNotFound, "not_found", "任务不存在")
+			return
+		}
+		openAIError(c, http.StatusInternalServerError, "internal_error", "查询任务失败:"+err.Error())
+		return
+	}
+	if t.UserID != ak.UserID {
+		openAIError(c, http.StatusNotFound, "not_found", "任务不存在")
+		return
+	}
+
+	urls := t.DecodeResultURLs()
+	data := make([]ImageGenData, 0, len(urls))
+	fileIDs := t.DecodeFileIDs()
+	for i := range urls {
+		d := ImageGenData{URL: BuildImageProxyURL(t.TaskID, i, ImageProxyTTL)}
+		if i < len(fileIDs) {
+			d.FileID = strings.TrimPrefix(fileIDs[i], "sed:")
+		}
+		data = append(data, d)
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"task_id":         t.TaskID,
+		"status":          t.Status,
+		"conversation_id": t.ConversationID,
+		"created":         t.CreatedAt.Unix(),
+		"finished_at":     nullableUnix(t.FinishedAt),
+		"error":           t.Error,
+		"credit_cost":     t.CreditCost,
+		"data":            data,
+	})
+}
+
+// handleChatAsImage 是 /v1/chat/completions 发现 model.type=image 时的转派点。
+// 行为:
+//   - 取最后一条 user message 作为 prompt
+//   - 走完整图像链路(同 /v1/images/generations)
+//   - 以 assistant message(含 markdown 图片链接)的 OpenAI chat 响应返回
+//
+// 这样前端只要调用一个端点 /v1/chat/completions,切换 model=gpt-image-2 就能出图。
+func (h *ImagesHandler) handleChatAsImage(c *gin.Context, rec *usage.Log, ak *apikey.APIKey,
+	m *modelpkg.Model, req *ChatCompletionsRequest, startAt time.Time) {
+	rec.ModelID = m.ID
+	rec.Type = usage.TypeImage
+
+	prompt := extractLastUserPrompt(req.Messages)
+	if strings.TrimSpace(prompt) == "" {
+		rec.Status = usage.StatusFailed
+		rec.ErrorCode = "invalid_request_error"
+		openAIError(c, http.StatusBadRequest, "invalid_request_error",
+			"图像模型需要用户消息作为 prompt,请检查 messages 内容")
+		return
+	}
+
+	refID := uuid.NewString()
+
+	// 倍率 + RPM
+	ratio := 1.0
+	rpmCap := ak.RPM
+	if h.Groups != nil {
+		if g, err := h.Groups.OfUser(c.Request.Context(), ak.UserID); err == nil && g != nil {
+			ratio = g.Ratio
+			if rpmCap == 0 {
+				rpmCap = g.RPMLimit
+			}
+		}
+	}
+	if h.Limiter != nil {
+		if ok, _, err := h.Limiter.AllowRPM(c.Request.Context(), ak.ID, rpmCap); err == nil && !ok {
+			rec.Status = usage.StatusFailed
+			rec.ErrorCode = "rate_limit_rpm"
+			openAIError(c, http.StatusTooManyRequests, "rate_limit_rpm",
+				"触发每分钟请求数限制 (RPM),请稍后再试")
+			return
+		}
+	}
+
+	// 预扣
+	cost := billing.ComputeImageCost(m, 1, ratio)
+	if cost > 0 {
+		if err := h.Billing.PreDeduct(c.Request.Context(), ak.UserID, ak.ID, cost, refID, "chat->image prepay"); err != nil {
+			rec.Status = usage.StatusFailed
+			if errors.Is(err, billing.ErrInsufficient) {
+				rec.ErrorCode = "insufficient_balance"
+				openAIError(c, http.StatusPaymentRequired, "insufficient_balance",
+					"积分不足,请前往「账单与充值」充值后再试")
+				return
+			}
+			rec.ErrorCode = "billing_error"
+			openAIError(c, http.StatusInternalServerError, "billing_error", "计费异常:"+err.Error())
+			return
+		}
+	}
+	refunded := false
+	refund := func(code string) {
+		rec.Status = usage.StatusFailed
+		rec.ErrorCode = code
+		if refunded || cost == 0 {
+			return
+		}
+		refunded = true
+		_ = h.Billing.Refund(context.Background(), ak.UserID, ak.ID, cost, refID, "chat->image refund")
+	}
+
+	taskID := image.GenerateTaskID()
+	if h.DAO != nil {
+		_ = h.DAO.Create(c.Request.Context(), &image.Task{
+			TaskID:          taskID,
+			UserID:          ak.UserID,
+			KeyID:           ak.ID,
+			ModelID:         m.ID,
+			Prompt:          prompt,
+			N:               1,
+			Size:            "1024x1024",
+			Status:          image.StatusDispatched,
+			EstimatedCredit: cost,
+		})
+	}
+
+	runCtx, cancel := context.WithTimeout(c.Request.Context(), 7*time.Minute)
+	defer cancel()
+
+	res := h.Runner.Run(runCtx, image.RunOptions{
+		TaskID:        taskID,
+		UserID:        ak.UserID,
+		KeyID:         ak.ID,
+		ModelID:       m.ID,
+		UpstreamModel: m.UpstreamModelSlug,
+		Prompt:        maybeAppendClaritySuffix(prompt),
+		N:             1,
+		MaxAttempts:   2,
+	})
+	rec.AccountID = res.AccountID
+
+	if res.Status != image.StatusSuccess {
+		refund(ifEmpty(res.ErrorCode, "upstream_error"))
+		httpStatus := http.StatusBadGateway
+		if res.ErrorCode == image.ErrNoAccount || res.ErrorCode == image.ErrRateLimited {
+			httpStatus = http.StatusServiceUnavailable
+		}
+		openAIError(c, httpStatus, ifEmpty(res.ErrorCode, "upstream_error"),
+			localizeImageErr(res.ErrorCode, res.ErrorMessage))
+		return
+	}
+
+	if cost > 0 {
+		_ = h.Billing.Settle(context.Background(), ak.UserID, ak.ID, cost, cost, refID, "chat->image settle")
+	}
+	_ = h.Keys.DAO().TouchUsage(context.Background(), ak.ID, c.ClientIP(), cost)
+	if h.DAO != nil {
+		_ = h.DAO.UpdateCost(c.Request.Context(), taskID, cost)
+	}
+
+	rec.Status = usage.StatusSuccess
+	rec.CreditCost = cost
+	rec.ImageCount = len(res.SignedURLs)
+	rec.DurationMs = int(time.Since(startAt).Milliseconds())
+
+	// 以 chat 响应返回(content 里内嵌 markdown 图片)。
+	var sb strings.Builder
+	for i := range res.SignedURLs {
+		if i > 0 {
+			sb.WriteString("\n\n")
+		}
+		sb.WriteString(fmt.Sprintf("![generated](%s)", BuildImageProxyURL(taskID, i, ImageProxyTTL)))
+	}
+	resp := ChatCompletionResponse{
+		ID:      "chatcmpl-" + uuid.NewString(),
+		Object:  "chat.completion",
+		Created: time.Now().Unix(),
+		Model:   m.Slug,
+		Choices: []ChatCompletionChoice{{
+			Index: 0,
+			Message: chatMsg{
+				Role:    "assistant",
+				Content: sb.String(),
+			},
+			FinishReason: "stop",
+		}},
+		Usage: ChatCompletionUsage{
+			PromptTokens:     0,
+			CompletionTokens: 0,
+			TotalTokens:      0,
+		},
+	}
+	c.JSON(http.StatusOK, resp)
+}
+
+// extractLastUserPrompt 从 messages 中拿最后一条 user 消息的 content。
+func extractLastUserPrompt(msgs []chatMsg) string {
+	for i := len(msgs) - 1; i >= 0; i-- {
+		if msgs[i].Role == "user" && strings.TrimSpace(msgs[i].Content) != "" {
+			return msgs[i].Content
+		}
+	}
+	return ""
+}
+
+// --- helpers ---
+
+func ifEmpty(s, fallback string) string {
+	if s == "" {
+		return fallback
+	}
+	return s
+}
+
+// localizeImageErr 把 runner 返回的英文错误码 + 原始 err.Error() 压成一段中文提示,
+// 方便前端 / SDK 用户直接看懂。原始英文 message 作为后缀保留以便排障。
+func localizeImageErr(code, raw string) string {
+	var zh string
+	switch code {
+	case image.ErrNoAccount:
+		zh = "账号池暂无可用账号,请稍后重试"
+	case image.ErrRateLimited:
+		zh = "上游风控,请稍后再试"
+	case image.ErrUnknown, "":
+		zh = "图片生成失败"
+	case "upstream_error":
+		zh = "上游返回错误"
+	default:
+		zh = "图片生成失败(" + code + ")"
+	}
+	if raw != "" && raw != code {
+		return zh + ":" + raw
+	}
+	return zh
+}
+
+func nullableUnix(t *time.Time) int64 {
+	if t == nil || t.IsZero() {
+		return 0
+	}
+	return t.Unix()
+}
+
+// 含这些关键字时,追加中英双约束让上游出字更清楚(迁移自 gen_image.py)。
+var textHintKeywords = []string{
+	"文字", "对话", "台词", "旁白", "标语", "字幕", "标题", "文案",
+	"招牌", "横幅", "海报文字", "弹幕", "气泡", "字体",
+	"text:", "caption", "subtitle", "title:", "label", "banner", "poster text",
+}
+
+const claritySuffix = "\n\nclean readable Chinese text, prioritize text clarity over image details"
+
+// ImageEdits 实现 POST /v1/images/edits,严格按 OpenAI 规范接 multipart/form-data。
+//
+// 表单字段(与 OpenAI 官方一致):
+//
+//	image            (file)      单张主图,必填
+//	image[]          (file)      多张,可重复(2025 起官方支持)
+//	mask             (file)      可选,透明区域为编辑区;当前协议下直接一并上传(上游暂不区分)
+//	prompt           (string)    必填
+//	model            (string)    模型 slug,默认 gpt-image-2
+//	n                (int)       默认 1
+//	size             (string)    默认 1024x1024
+//	response_format  (string)    url | b64_json,当前仅 url
+//	user             (string)
+//
+// 实际走的上游协议和 /v1/images/generations + reference_images 完全相同。
+// 行为等价于"把 multipart 文件读成字节 + prompt,交给 ImageGenerations 的主流程"。
+func (h *ImagesHandler) ImageEdits(c *gin.Context) {
+	startAt := time.Now()
+	ak, ok := apikey.FromCtx(c)
+	if !ok {
+		openAIError(c, http.StatusUnauthorized, "missing_api_key", "缺少 API Key")
+		return
+	}
+
+	// multipart 上限:单文件 20MB * 最多 4 张 + 冗余。
+	if err := c.Request.ParseMultipartForm(int64(maxReferenceImageBytes) * int64(maxReferenceImages+1)); err != nil {
+		openAIError(c, http.StatusBadRequest, "invalid_request_error", "解析 multipart 失败:"+err.Error())
+		return
+	}
+
+	prompt := strings.TrimSpace(c.Request.FormValue("prompt"))
+	if prompt == "" {
+		openAIError(c, http.StatusBadRequest, "invalid_request_error", "prompt 不能为空")
+		return
+	}
+	model := c.Request.FormValue("model")
+	if model == "" {
+		model = "gpt-image-2"
+	}
+	n := 1
+	if s := c.Request.FormValue("n"); s != "" {
+		if v, err := parseIntClamp(s, 1, 4); err == nil {
+			n = v
+		}
+	}
+	size := c.Request.FormValue("size")
+	if size == "" {
+		size = "1024x1024"
+	}
+	upscale := image.ValidateUpscale(c.Request.FormValue("upscale"))
+
+	// 主图 + 可能的多张
+	files, err := collectEditFiles(c.Request.MultipartForm)
+	if err != nil {
+		openAIError(c, http.StatusBadRequest, "invalid_request_error", err.Error())
+		return
+	}
+	if len(files) == 0 {
+		openAIError(c, http.StatusBadRequest, "invalid_request_error", "至少需要上传一张 image 作为参考图")
+		return
+	}
+	if len(files) > maxReferenceImages {
+		openAIError(c, http.StatusBadRequest, "invalid_request_error",
+			fmt.Sprintf("最多支持 %d 张参考图", maxReferenceImages))
+		return
+	}
+	refs := make([]image.ReferenceImage, 0, len(files))
+	for _, fh := range files {
+		data, err := readMultipart(fh)
+		if err != nil {
+			openAIError(c, http.StatusBadRequest, "invalid_reference_image",
+				fmt.Sprintf("读取 %q 失败:%s", fh.Filename, err.Error()))
+			return
+		}
+		if len(data) == 0 {
+			openAIError(c, http.StatusBadRequest, "invalid_reference_image",
+				fmt.Sprintf("参考图 %q 为空", fh.Filename))
+			return
+		}
+		if len(data) > maxReferenceImageBytes {
+			openAIError(c, http.StatusBadRequest, "invalid_reference_image",
+				fmt.Sprintf("参考图 %q 超过 %dMB 上限", fh.Filename, maxReferenceImageBytes/1024/1024))
+			return
+		}
+		refs = append(refs, image.ReferenceImage{Data: data, FileName: filepath.Base(fh.Filename)})
+	}
+
+	// usage 记录
+	refID := uuid.NewString()
+	rec := &usage.Log{
+		UserID:    ak.UserID,
+		KeyID:     ak.ID,
+		RequestID: refID,
+		Type:      usage.TypeImage,
+		IP:        c.ClientIP(),
+		UA:        c.Request.UserAgent(),
+	}
+	defer func() {
+		rec.DurationMs = int(time.Since(startAt).Milliseconds())
+		if rec.Status == "" {
+			rec.Status = usage.StatusFailed
+		}
+		if h.Usage != nil {
+			h.Usage.Write(rec)
+		}
+	}()
+	fail := func(code string) { rec.Status = usage.StatusFailed; rec.ErrorCode = code }
+
+	if !ak.ModelAllowed(model) {
+		fail("model_not_allowed")
+		openAIError(c, http.StatusForbidden, "model_not_allowed",
+			fmt.Sprintf("当前 API Key 无权调用模型 %q", model))
+		return
+	}
+	m, err := h.Models.BySlug(c.Request.Context(), model)
+	if err != nil || m == nil || !m.Enabled {
+		fail("model_not_found")
+		openAIError(c, http.StatusBadRequest, "model_not_found",
+			fmt.Sprintf("模型 %q 不存在或已下架", model))
+		return
+	}
+	if m.Type != modelpkg.TypeImage {
+		fail("model_type_mismatch")
+		openAIError(c, http.StatusBadRequest, "model_type_mismatch",
+			fmt.Sprintf("模型 %q 不是图像模型,不能用于 /v1/images/edits", model))
+		return
+	}
+	rec.ModelID = m.ID
+
+	ratio := 1.0
+	rpmCap := ak.RPM
+	if h.Groups != nil {
+		if g, err := h.Groups.OfUser(c.Request.Context(), ak.UserID); err == nil && g != nil {
+			ratio = g.Ratio
+			if rpmCap == 0 {
+				rpmCap = g.RPMLimit
+			}
+		}
+	}
+	if h.Limiter != nil {
+		if ok, _, err := h.Limiter.AllowRPM(c.Request.Context(), ak.ID, rpmCap); err == nil && !ok {
+			fail("rate_limit_rpm")
+			openAIError(c, http.StatusTooManyRequests, "rate_limit_rpm",
+				"触发每分钟请求数限制 (RPM),请稍后再试")
+			return
+		}
+	}
+
+	cost := billing.ComputeImageCost(m, n, ratio)
+	if cost > 0 {
+		if err := h.Billing.PreDeduct(c.Request.Context(), ak.UserID, ak.ID, cost, refID, "image-edit prepay"); err != nil {
+			if errors.Is(err, billing.ErrInsufficient) {
+				fail("insufficient_balance")
+				openAIError(c, http.StatusPaymentRequired, "insufficient_balance",
+					"积分不足,请前往「账单与充值」充值后再试")
+				return
+			}
+			fail("billing_error")
+			openAIError(c, http.StatusInternalServerError, "billing_error", "计费异常:"+err.Error())
+			return
+		}
+	}
+	refunded := false
+	refund := func(code string) {
+		fail(code)
+		if refunded || cost == 0 {
+			return
+		}
+		refunded = true
+		_ = h.Billing.Refund(context.Background(), ak.UserID, ak.ID, cost, refID, "image-edit refund")
+	}
+
+	taskID := image.GenerateTaskID()
+	if h.DAO != nil {
+		_ = h.DAO.Create(c.Request.Context(), &image.Task{
+			TaskID:          taskID,
+			UserID:          ak.UserID,
+			KeyID:           ak.ID,
+			ModelID:         m.ID,
+			Prompt:          prompt,
+			N:               n,
+			Size:            size,
+			Upscale:         upscale,
+			Status:          image.StatusDispatched,
+			EstimatedCredit: cost,
+		})
+	}
+
+	runCtx, cancel := context.WithTimeout(c.Request.Context(), 8*time.Minute)
+	defer cancel()
+
+	res := h.Runner.Run(runCtx, image.RunOptions{
+		TaskID:        taskID,
+		UserID:        ak.UserID,
+		KeyID:         ak.ID,
+		ModelID:       m.ID,
+		UpstreamModel: m.UpstreamModelSlug,
+		Prompt:        maybeAppendClaritySuffix(prompt),
+		N:             n,
+		MaxAttempts:   1, // 带参考图时只跑一次,避免重复上传
+		References:    refs,
+	})
+	rec.AccountID = res.AccountID
+
+	if res.Status != image.StatusSuccess {
+		refund(ifEmpty(res.ErrorCode, "upstream_error"))
+		httpStatus := http.StatusBadGateway
+		if res.ErrorCode == image.ErrNoAccount || res.ErrorCode == image.ErrRateLimited {
+			httpStatus = http.StatusServiceUnavailable
+		}
+		openAIError(c, httpStatus, ifEmpty(res.ErrorCode, "upstream_error"),
+			localizeImageErr(res.ErrorCode, res.ErrorMessage))
+		return
+	}
+
+	if cost > 0 {
+		if err := h.Billing.Settle(context.Background(), ak.UserID, ak.ID, cost, cost, refID, "image-edit settle"); err != nil {
+			logger.L().Error("billing settle image-edit", zap.Error(err), zap.String("ref", refID))
+		}
+	}
+	_ = h.Keys.DAO().TouchUsage(context.Background(), ak.ID, c.ClientIP(), cost)
+
+	rec.Status = usage.StatusSuccess
+	rec.CreditCost = cost
+	rec.ImageCount = len(res.SignedURLs)
+	if h.DAO != nil {
+		_ = h.DAO.UpdateCost(c.Request.Context(), taskID, cost)
+	}
+
+	out := ImageGenResponse{
+		Created: time.Now().Unix(),
+		TaskID:  taskID,
+		Data:    make([]ImageGenData, 0, len(res.SignedURLs)),
+	}
+	for i := range res.SignedURLs {
+		d := ImageGenData{URL: BuildImageProxyURL(taskID, i, ImageProxyTTL)}
+		if i < len(res.FileIDs) {
+			d.FileID = strings.TrimPrefix(res.FileIDs[i], "sed:")
+		}
+		out.Data = append(out.Data, d)
+	}
+	c.JSON(http.StatusOK, out)
+}
+
+// collectEditFiles 把 multipart 里"可能作为参考图"的字段一次性收拢。
+// 兼容 OpenAI 的几种写法:
+//   - image      : 单文件
+//   - image[]    : 多文件
+//   - mask       : 可选,按参考图一并喂给上游(上游暂不区分 mask)
+func collectEditFiles(form *multipart.Form) ([]*multipart.FileHeader, error) {
+	if form == nil {
+		return nil, errors.New("empty multipart form")
+	}
+	var out []*multipart.FileHeader
+	seen := map[string]bool{}
+	add := func(fhs []*multipart.FileHeader) {
+		for _, fh := range fhs {
+			if fh == nil {
+				continue
+			}
+			key := fh.Filename + "|" + fmt.Sprint(fh.Size)
+			if seen[key] {
+				continue
+			}
+			seen[key] = true
+			out = append(out, fh)
+		}
+	}
+	for _, key := range []string{"image", "image[]", "images", "images[]", "mask"} {
+		if fhs := form.File[key]; len(fhs) > 0 {
+			add(fhs)
+		}
+	}
+	// 也兼容 image_1 / image_2 / ... 的写法
+	for k, fhs := range form.File {
+		if strings.HasPrefix(k, "image_") {
+			add(fhs)
+		}
+	}
+	return out, nil
+}
+
+func readMultipart(fh *multipart.FileHeader) ([]byte, error) {
+	f, err := fh.Open()
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	return io.ReadAll(f)
+}
+
+// decodeReferenceInputs 把 JSON 里 reference_images(url/data-url/base64 混合)下载/解码成字节。
+// 超出条数上限直接报错;单张尺寸上限 maxReferenceImageBytes。
+func decodeReferenceInputs(ctx context.Context, inputs []string) ([]image.ReferenceImage, error) {
+	if len(inputs) == 0 {
+		return nil, nil
+	}
+	if len(inputs) > maxReferenceImages {
+		return nil, fmt.Errorf("最多支持 %d 张参考图", maxReferenceImages)
+	}
+	out := make([]image.ReferenceImage, 0, len(inputs))
+	for i, s := range inputs {
+		s = strings.TrimSpace(s)
+		if s == "" {
+			return nil, fmt.Errorf("第 %d 张参考图为空", i+1)
+		}
+		data, name, err := fetchReferenceBytes(ctx, s)
+		if err != nil {
+			return nil, fmt.Errorf("第 %d 张参考图:%w", i+1, err)
+		}
+		if len(data) == 0 {
+			return nil, fmt.Errorf("第 %d 张参考图解码后为空", i+1)
+		}
+		if len(data) > maxReferenceImageBytes {
+			return nil, fmt.Errorf("第 %d 张参考图超过 %dMB 上限", i+1, maxReferenceImageBytes/1024/1024)
+		}
+		out = append(out, image.ReferenceImage{Data: data, FileName: name})
+	}
+	return out, nil
+}
+
+// fetchReferenceBytes 支持 http(s) / data URL / 裸 base64 三种输入。
+func fetchReferenceBytes(ctx context.Context, s string) ([]byte, string, error) {
+	low := strings.ToLower(s)
+	switch {
+	case strings.HasPrefix(low, "data:"):
+		// data:<mime>[;base64],<payload>
+		comma := strings.IndexByte(s, ',')
+		if comma < 0 {
+			return nil, "", errors.New("无效 data URL")
+		}
+		meta := s[5:comma]
+		payload := s[comma+1:]
+		if strings.Contains(strings.ToLower(meta), ";base64") {
+			b, err := base64.StdEncoding.DecodeString(payload)
+			if err != nil {
+				// 兼容 URL-safe
+				if b2, err2 := base64.URLEncoding.DecodeString(payload); err2 == nil {
+					b = b2
+				} else {
+					return nil, "", fmt.Errorf("base64 解码失败:%w", err)
+				}
+			}
+			return b, "", nil
+		}
+		return []byte(payload), "", nil
+	case strings.HasPrefix(low, "http://"), strings.HasPrefix(low, "https://"):
+		req, err := http.NewRequestWithContext(ctx, http.MethodGet, s, nil)
+		if err != nil {
+			return nil, "", err
+		}
+		// 15s 基本能覆盖 OSS / CDN / presigned URL
+		hc := &http.Client{Timeout: 15 * time.Second}
+		res, err := hc.Do(req)
+		if err != nil {
+			return nil, "", err
+		}
+		defer res.Body.Close()
+		if res.StatusCode >= 400 {
+			return nil, "", fmt.Errorf("下载失败 HTTP %d", res.StatusCode)
+		}
+		body, err := io.ReadAll(io.LimitReader(res.Body, int64(maxReferenceImageBytes)+1))
+		if err != nil {
+			return nil, "", err
+		}
+		name := filepath.Base(req.URL.Path)
+		return body, name, nil
+	default:
+		// 当成裸 base64 处理
+		b, err := base64.StdEncoding.DecodeString(s)
+		if err != nil {
+			if b2, err2 := base64.URLEncoding.DecodeString(s); err2 == nil {
+				return b2, "", nil
+			}
+			return nil, "", fmt.Errorf("既非 URL 也非可解析的 base64:%w", err)
+		}
+		return b, "", nil
+	}
+}
+
+func parseIntClamp(s string, min, max int) (int, error) {
+	var v int
+	if _, err := fmt.Sscanf(s, "%d", &v); err != nil {
+		return 0, err
+	}
+	if v < min {
+		v = min
+	}
+	if v > max {
+		v = max
+	}
+	return v, nil
+}
+
+func maybeAppendClaritySuffix(prompt string) string {
+	lower := strings.ToLower(prompt)
+	need := false
+	for _, kw := range textHintKeywords {
+		if strings.Contains(lower, strings.ToLower(kw)) {
+			need = true
+			break
+		}
+	}
+	if !need {
+		// 检测中文/英文引号内容 ≥ 2 个字
+		for _, pair := range [][2]string{
+			{"\"", "\""}, {"'", "'"},
+			{"“", "”"}, {"‘", "’"},
+			{"「", "」"}, {"『", "』"},
+		} {
+			if idx := strings.Index(prompt, pair[0]); idx >= 0 {
+				rest := prompt[idx+len(pair[0]):]
+				if end := strings.Index(rest, pair[1]); end >= 2 {
+					need = true
+					break
+				}
+			}
+		}
+	}
+	if need && !strings.Contains(prompt, strings.TrimSpace(claritySuffix)) {
+		return prompt + claritySuffix
+	}
+	return prompt
+}
diff --git a/internal/gateway/images_proxy.go b/internal/gateway/images_proxy.go
new file mode 100644
index 00000000..a7b23859
--- /dev/null
+++ b/internal/gateway/images_proxy.go
@@ -0,0 +1,221 @@
+// images_proxy.go —— 图片返回防盗链代理。
+//
+// 背景:chatgpt.com 返回给我们的图片下载 URL 有两种:
+//  1. file-service 直出:https://files.oaiusercontent.com/...(签名直链,15 分钟有效,浏览器可直接访问)
+//  2. sediment / estuary:https://chatgpt.com/backend-api/estuary/content?...
+//     这种 URL **必须带 Authorization: Bearer <AT>** 才能下载,
+//     直接把它塞进 <img src> 返回给前端,浏览器 100% 403。
+//
+// 方案:后端不再把上游 URL 直接暴露给客户端,改成生成一个自家签名 URL:
+//
+//	GET /p/img/<task_id>/<idx>?exp=<unix_ms>&sig=<hex>
+//
+// 请求到达时,后端:
+//  1. 校验 exp 未过期 + sig 匹配(HMAC-SHA256,进程级随机 secret);
+//  2. 用 DAO 按 task_id 查任务,找到 file_ids[idx] / account_id / conversation_id;
+//  3. 用账号 AT + deviceID + proxy 构造一个 chatgpt.Client;
+//  4. 调 ImageDownloadURL 拿当前有效的上游签名 URL;
+//  5. 调 FetchImage 把字节拉下来,按 Content-Type 原样写回给浏览器。
+//
+// 这样前端只看见自家 host 的 URL,不再受防盗链 / Authorization 困扰;
+// 上游签名 URL 过期也不怕,每次访问都现取。
+package gateway
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/image"
+	"github.com/432539/gpt2api/internal/upstream/chatgpt"
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// imageUpscaleCache 进程级单例 LRU,用于缓存「原图 → 4K/2K PNG」的放大结果。
+// 首次请求某张图的 4K 会花费一次 decode + Catmull-Rom + png encode(约 0.5~1.5s),
+// 之后同一条代理 URL 的请求毫秒级命中,不会重复计算。
+//
+// 放大不会写回 image_tasks / file system —— 所有放大字节都只存在于当前进程的
+// LRU 里,服务重启即销毁,保证磁盘占用为 0。
+var imageUpscaleCache = image.NewUpscaleCache(0, 0)
+
+// ImageAccountResolver 按账号 ID 解出构造 chatgpt client 所需的敏感字段。
+// 由 main.go 注入。接口里不直接依赖 account 包,保持本层解耦。
+type ImageAccountResolver interface {
+	AuthToken(ctx context.Context, accountID uint64) (at, deviceID, cookies string, err error)
+	ProxyURL(ctx context.Context, accountID uint64) string
+}
+
+// ImageProxyTTL 单条签名 URL 的默认有效期(24h,够前端离线展示一段时间)。
+const ImageProxyTTL = 24 * time.Hour
+
+// BuildImageProxyURL 生成代理 URL。返回绝对 path(不含 host),调用方可以直接拼或交给前端同 origin 使用。
+//
+// 默认 ttl=24h。前端展示一张历史图片,最多走一次上游获取 bytes,之后浏览器缓存即可。
+func BuildImageProxyURL(taskID string, idx int, ttl time.Duration) string {
+	return image.BuildProxyURL(taskID, idx, ttl)
+}
+
+// ImageProxy 按签名代理下载上游图片。无需 API Key,只靠 URL 签名校验。
+func (h *ImagesHandler) ImageProxy(c *gin.Context) {
+	taskID := c.Param("task_id")
+	idxStr := c.Param("idx")
+	expStr := c.Query("exp")
+	sig := c.Query("sig")
+
+	if taskID == "" || idxStr == "" || expStr == "" || sig == "" {
+		c.AbortWithStatus(http.StatusBadRequest)
+		return
+	}
+	idx, err := strconv.Atoi(idxStr)
+	if err != nil || idx < 0 || idx > 64 {
+		c.AbortWithStatus(http.StatusBadRequest)
+		return
+	}
+	thumbKB, err := strconv.Atoi(c.DefaultQuery("thumb_kb", "0"))
+	if err != nil || thumbKB < 0 || thumbKB > 64 {
+		c.AbortWithStatus(http.StatusBadRequest)
+		return
+	}
+	expMs, err := strconv.ParseInt(expStr, 10, 64)
+	if err != nil {
+		c.AbortWithStatus(http.StatusBadRequest)
+		return
+	}
+	if !image.VerifyImgSig(taskID, idx, expMs, sig) {
+		c.AbortWithStatus(http.StatusForbidden)
+		return
+	}
+	if h.DAO == nil {
+		c.AbortWithStatus(http.StatusServiceUnavailable)
+		return
+	}
+
+	t, err := h.DAO.Get(c.Request.Context(), taskID)
+	if err != nil {
+		c.AbortWithStatus(http.StatusNotFound)
+		return
+	}
+	fids := t.DecodeFileIDs()
+	if idx >= len(fids) {
+		c.AbortWithStatus(http.StatusNotFound)
+		return
+	}
+	ref := fids[idx] // 可能是 "sed:xxxx" 或 "xxxx"
+	if t.AccountID == 0 || h.ImageAccResolver == nil {
+		c.AbortWithStatus(http.StatusServiceUnavailable)
+		return
+	}
+
+	ctx, cancel := context.WithTimeout(c.Request.Context(), 60*time.Second)
+	defer cancel()
+
+	at, deviceID, cookies, err := h.ImageAccResolver.AuthToken(ctx, t.AccountID)
+	if err != nil {
+		logger.L().Warn("image proxy resolve account",
+			zap.Error(err), zap.Uint64("account_id", t.AccountID))
+		c.AbortWithStatus(http.StatusBadGateway)
+		return
+	}
+	proxyURL := h.ImageAccResolver.ProxyURL(ctx, t.AccountID)
+
+	cli, err := chatgpt.New(chatgpt.Options{
+		AuthToken: at,
+		DeviceID:  deviceID,
+		ProxyURL:  proxyURL,
+		Cookies:   cookies,
+		Timeout:   h.upstreamTimeout(),
+	})
+	if err != nil {
+		logger.L().Warn("image proxy build client", zap.Error(err))
+		c.AbortWithStatus(http.StatusBadGateway)
+		return
+	}
+
+	signedURL, err := cli.ImageDownloadURL(ctx, t.ConversationID, ref)
+	if err != nil {
+		logger.L().Warn("image proxy download_url",
+			zap.Error(err), zap.String("task_id", taskID), zap.String("ref", ref))
+		c.AbortWithStatus(http.StatusBadGateway)
+		return
+	}
+
+	// 按需放大:若 task 上打了 upscale 标记,先走进程内 LRU,命中则直接返回。
+	// 未命中再拉原图,放大成 PNG 后写入缓存。
+	scale := image.ValidateUpscale(t.Upscale)
+	if thumbKB > 0 {
+		scale = ""
+	}
+	cacheKey := ""
+	if scale != "" {
+		cacheKey = fmt.Sprintf("%s|%d|%s", taskID, idx, scale)
+		if data, ctCache, ok := imageUpscaleCache.Get(cacheKey); ok {
+			c.Header("Cache-Control", "private, max-age=3600")
+			c.Header("X-Upscale", scale+";cache=hit")
+			c.Data(http.StatusOK, ctCache, data)
+			return
+		}
+	}
+
+	body, ct, err := cli.FetchImage(ctx, signedURL, 16*1024*1024)
+	if err != nil {
+		logger.L().Warn("image proxy fetch",
+			zap.Error(err), zap.String("task_id", taskID))
+		c.AbortWithStatus(http.StatusBadGateway)
+		return
+	}
+	if ct == "" {
+		ct = "image/png"
+	}
+	if thumbKB > 0 {
+		thumbBytes, thumbCT, err := image.MakeThumbJPEG(body, thumbKB*1024)
+		if err != nil {
+			logger.L().Warn("image proxy thumb",
+				zap.Error(err), zap.String("task_id", taskID),
+				zap.Int("thumb_kb", thumbKB))
+		} else {
+			body = thumbBytes
+			ct = thumbCT
+			c.Header("X-Thumb-KB", strconv.Itoa(thumbKB))
+		}
+	}
+
+	if scale != "" {
+		// 并发闸:避免 4K 请求风暴把 CPU 打满影响生图主流程
+		imageUpscaleCache.Acquire()
+		upBytes, upCT, err := image.DoUpscale(body, scale)
+		imageUpscaleCache.Release()
+		if err != nil {
+			logger.L().Warn("image proxy upscale",
+				zap.Error(err), zap.String("task_id", taskID),
+				zap.String("scale", scale))
+			// 放大失败:回落到原图,不让用户看到白屏
+			c.Header("Cache-Control", "private, max-age=1800")
+			c.Header("X-Upscale", scale+";err")
+			c.Data(http.StatusOK, ct, body)
+			return
+		}
+		if upCT != "" {
+			ct = upCT
+		}
+		if len(upBytes) > 0 {
+			body = upBytes
+			imageUpscaleCache.Put(cacheKey, body, ct)
+			c.Header("X-Upscale", scale+";cache=miss")
+		} else {
+			// DoUpscale 也可能因"原图长边已足够大"而直接返回原字节
+			c.Header("X-Upscale", scale+";noop")
+		}
+		c.Header("Cache-Control", "private, max-age=3600")
+		c.Data(http.StatusOK, ct, body)
+		return
+	}
+
+	c.Header("Cache-Control", "private, max-age=1800")
+	c.Data(http.StatusOK, ct, body)
+}
diff --git a/internal/gateway/playground.go b/internal/gateway/playground.go
new file mode 100644
index 00000000..241624ba
--- /dev/null
+++ b/internal/gateway/playground.go
@@ -0,0 +1,58 @@
+// Package gateway - playground 子模块。
+//
+// "在线体验" 面板让登录用户用浏览器里的 JWT 直接跑 chat/image。
+// 为了零改动复用现有的 /v1/chat/completions 和 /v1/images/generations
+// 业务链路(模型白名单 / 倍率 / RPM/TPM / 预扣-结算 / usage_logs / image_tasks),
+// 我们做一个小中间件,把 JWT 里的 user_id 映射到一把内部
+// "__playground__" APIKey,塞进 apikey.Ctx,之后原封不动调用现有 handler。
+//
+// 这把 key 永远不暴露给用户、不会出现在 API Keys 列表,也不计入 quota。
+// 所有的扣费仍然记在对应 user_id 的积分钱包上,审计可追溯。
+package gateway
+
+import (
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/apikey"
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// JWTAsPlaygroundKey 是一个 gin 中间件。
+// 必须挂在 middleware.JWTAuth 之后,它会按 JWT 的 user_id 懒加载(没有就创建)
+// 一把内部 playground key,塞进 apikey.Ctx,供下游 handler 直接取用。
+func JWTAsPlaygroundKey(svc *apikey.Service) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		uid := middleware.UserID(c)
+		if uid == 0 {
+			resp.Unauthorized(c, "not logged in")
+			c.Abort()
+			return
+		}
+		k, err := svc.EnsureInternalKey(c.Request.Context(), uid)
+		if err != nil {
+			resp.Internal(c, err.Error())
+			c.Abort()
+			return
+		}
+		c.Set(apikey.CtxKey, k)
+		c.Set(apikey.CtxKeyOwner, k.UserID)
+		c.Next()
+	}
+}
+
+// PlaygroundImagePreflight 原先在图生图未实现时用于拦截带 reference_images 的请求。
+// 现在 chatgpt 上游协议已接通(见 upstream/chatgpt/files.go + StreamFConversation 的
+// multimodal_text 支持),这里恢复为 pass-through,仅保留名字避免上层引用破坏。
+//
+// 保留的唯一职责:未登录时快速失败,给错误 JSON,好过透传到下游 handler 再发一遍 401。
+func PlaygroundImagePreflight() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if middleware.UserID(c) == 0 {
+			resp.Unauthorized(c, "not logged in")
+			c.Abort()
+			return
+		}
+		c.Next()
+	}
+}
diff --git a/internal/gateway/types.go b/internal/gateway/types.go
new file mode 100644
index 00000000..fbe4c20a
--- /dev/null
+++ b/internal/gateway/types.go
@@ -0,0 +1,57 @@
+package gateway
+
+import "github.com/432539/gpt2api/internal/upstream/chatgpt"
+
+// ChatCompletionsRequest 对应 OpenAI /v1/chat/completions 请求体子集。
+type ChatCompletionsRequest struct {
+	Model       string                 `json:"model" binding:"required"`
+	Messages    []chatgpt.ChatMessage  `json:"messages" binding:"required"`
+	Stream      bool                   `json:"stream"`
+	Temperature float64                `json:"temperature,omitempty"`
+	TopP        float64                `json:"top_p,omitempty"`
+	MaxTokens   int                    `json:"max_tokens,omitempty"`
+	User        string                 `json:"user,omitempty"`
+	Extra       map[string]interface{} `json:"-"`
+}
+
+// ChatCompletionResponse 非流式响应。
+type ChatCompletionResponse struct {
+	ID      string                  `json:"id"`
+	Object  string                  `json:"object"`
+	Created int64                   `json:"created"`
+	Model   string                  `json:"model"`
+	Choices []ChatCompletionChoice  `json:"choices"`
+	Usage   ChatCompletionUsage     `json:"usage"`
+}
+
+type ChatCompletionChoice struct {
+	Index        int                 `json:"index"`
+	Message      chatgpt.ChatMessage `json:"message"`
+	FinishReason string              `json:"finish_reason"`
+}
+
+type ChatCompletionUsage struct {
+	PromptTokens     int `json:"prompt_tokens"`
+	CompletionTokens int `json:"completion_tokens"`
+	TotalTokens      int `json:"total_tokens"`
+}
+
+// ChatCompletionChunk 流式 chunk。
+type ChatCompletionChunk struct {
+	ID      string                 `json:"id"`
+	Object  string                 `json:"object"`
+	Created int64                  `json:"created"`
+	Model   string                 `json:"model"`
+	Choices []ChatCompletionChunkChoice `json:"choices"`
+}
+
+type ChatCompletionChunkChoice struct {
+	Index        int         `json:"index"`
+	Delta        DeltaMsg    `json:"delta"`
+	FinishReason *string     `json:"finish_reason"`
+}
+
+type DeltaMsg struct {
+	Role    string `json:"role,omitempty"`
+	Content string `json:"content,omitempty"`
+}
diff --git a/internal/image/admin_handler.go b/internal/image/admin_handler.go
new file mode 100644
index 00000000..40d30b2c
--- /dev/null
+++ b/internal/image/admin_handler.go
@@ -0,0 +1,75 @@
+package image
+
+import (
+	"strconv"
+	"time"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// AdminHandler 管理员视角下的生成记录接口。
+type AdminHandler struct {
+	dao *DAO
+}
+
+// NewAdminHandler 构造。
+func NewAdminHandler(dao *DAO) *AdminHandler {
+	return &AdminHandler{dao: dao}
+}
+
+// List GET /api/admin/image-tasks
+// 查询参数:page / page_size / user_id / keyword(prompt 或邮箱模糊) / status
+func (h *AdminHandler) List(c *gin.Context) {
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	if page < 1 {
+		page = 1
+	}
+	size, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	if size < 1 {
+		size = 20
+	}
+	if size > 200 {
+		size = 200
+	}
+	userID, _ := strconv.ParseUint(c.Query("user_id"), 10, 64)
+
+	f := AdminTaskFilter{
+		UserID:  userID,
+		Keyword: c.Query("keyword"),
+		Status:  c.Query("status"),
+	}
+
+	rows, total, err := h.dao.ListAdmin(c.Request.Context(), f, size, (page-1)*size)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+
+	// 把 result_urls JSON bytes 解成代理 URL 后输出
+	type rowOut struct {
+		AdminTaskRow
+		ResultURLsParsed []string `json:"result_urls_parsed"`
+	}
+	out := make([]rowOut, 0, len(rows))
+	for _, r := range rows {
+		// 生成代理 URL 而不是直接返回上游 URL
+		fids := r.DecodeFileIDs()
+		urls := make([]string, 0, len(fids))
+		for i := range fids {
+			urls = append(urls, BuildProxyURL(r.TaskID, i, 24*time.Hour))
+		}
+		out = append(out, rowOut{
+			AdminTaskRow:     r,
+			ResultURLsParsed: urls,
+		})
+	}
+
+	resp.OK(c, gin.H{
+		"list":      out,
+		"total":     total,
+		"page":      page,
+		"page_size": size,
+	})
+}
diff --git a/internal/image/dao.go b/internal/image/dao.go
new file mode 100644
index 00000000..31efc7f1
--- /dev/null
+++ b/internal/image/dao.go
@@ -0,0 +1,257 @@
+package image
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+)
+
+// ErrNotFound 未找到任务。
+var ErrNotFound = errors.New("image: task not found")
+
+// DAO image_tasks 表访问对象。
+type DAO struct{ db *sqlx.DB }
+
+// NewDAO 构造。
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+// Create 插入新任务。
+func (d *DAO) Create(ctx context.Context, t *Task) error {
+	res, err := d.db.ExecContext(ctx, `
+INSERT INTO image_tasks
+  (task_id, user_id, key_id, model_id, account_id, prompt, n, size, upscale, status,
+   conversation_id, file_ids, result_urls, error, estimated_credit, credit_cost,
+   created_at)
+VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW())`,
+		t.TaskID, t.UserID, t.KeyID, t.ModelID, t.AccountID,
+		t.Prompt, t.N, t.Size, ValidateUpscale(t.Upscale),
+		nullEmpty(t.Status, StatusQueued),
+		t.ConversationID, nullJSON(t.FileIDs), nullJSON(t.ResultURLs),
+		t.Error, t.EstimatedCredit, t.CreditCost,
+	)
+	if err != nil {
+		return fmt.Errorf("image dao create: %w", err)
+	}
+	id, _ := res.LastInsertId()
+	t.ID = uint64(id)
+	return nil
+}
+
+// MarkRunning 标记为运行中(记录起始时间 + account_id)。
+func (d *DAO) MarkRunning(ctx context.Context, taskID string, accountID uint64) error {
+	_, err := d.db.ExecContext(ctx, `
+UPDATE image_tasks
+   SET status='running', account_id=?, started_at=NOW()
+ WHERE task_id=? AND status IN ('queued','dispatched')`, accountID, taskID)
+	return err
+}
+
+// SetAccount 在 runOnce 拿到账号 lease 后立刻写入 account_id。
+// 独立出来是因为 MarkRunning 只在 status=queued/dispatched 时生效,
+// 而调度完成后 status 已经是 running,需要一个幂等的小方法。
+// 图片代理端点按 task_id 查账号时依赖这个字段。
+func (d *DAO) SetAccount(ctx context.Context, taskID string, accountID uint64) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE image_tasks SET account_id = ? WHERE task_id = ?`, accountID, taskID)
+	return err
+}
+
+// MarkSuccess 更新成功状态。
+func (d *DAO) MarkSuccess(ctx context.Context, taskID, convID string, fileIDs, resultURLs []string, creditCost int64) error {
+	fidB, _ := json.Marshal(fileIDs)
+	urlB, _ := json.Marshal(resultURLs)
+	_, err := d.db.ExecContext(ctx, `
+UPDATE image_tasks
+   SET status='success',
+       conversation_id=?,
+       file_ids=?,
+       result_urls=?,
+       credit_cost=?,
+       finished_at=NOW()
+ WHERE task_id=?`, convID, fidB, urlB, creditCost, taskID)
+	return err
+}
+
+// UpdateCost 仅更新 credit_cost(Runner 成功后由网关层调用)。
+func (d *DAO) UpdateCost(ctx context.Context, taskID string, cost int64) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE image_tasks SET credit_cost = ? WHERE task_id = ?`, cost, taskID)
+	return err
+}
+
+// MarkFailed 更新失败状态(带错误码)。
+func (d *DAO) MarkFailed(ctx context.Context, taskID, errorCode string) error {
+	_, err := d.db.ExecContext(ctx, `
+UPDATE image_tasks
+   SET status='failed', error=?, finished_at=NOW()
+ WHERE task_id=?`, truncate(errorCode, 500), taskID)
+	return err
+}
+
+// Get 根据对外 task_id 查询。
+func (d *DAO) Get(ctx context.Context, taskID string) (*Task, error) {
+	var t Task
+	err := d.db.GetContext(ctx, &t, `
+SELECT id, task_id, user_id, key_id, model_id, account_id, prompt, n, size, upscale, status,
+       conversation_id, file_ids, result_urls, error, estimated_credit, credit_cost,
+       created_at, started_at, finished_at
+  FROM image_tasks
+ WHERE task_id = ?`, taskID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &t, nil
+}
+
+// MyTaskFilter 当前用户图片任务筛选条件。
+type MyTaskFilter struct {
+	Status    string
+	Keyword   string
+	CreatedAt *time.Time
+	CreatedTo *time.Time
+}
+
+// ListByUser 按用户分页。
+func (d *DAO) ListByUser(ctx context.Context, userID uint64, f MyTaskFilter, limit, offset int) ([]Task, error) {
+	if limit <= 0 {
+		limit = 20
+	}
+	where := []string{"user_id = ?"}
+	args := []interface{}{userID}
+	if f.Status != "" {
+		where = append(where, "status = ?")
+		args = append(args, f.Status)
+	}
+	if f.Keyword != "" {
+		where = append(where, "prompt LIKE ?")
+		args = append(args, "%"+f.Keyword+"%")
+	}
+	if f.CreatedAt != nil {
+		where = append(where, "created_at >= ?")
+		args = append(args, *f.CreatedAt)
+	}
+	if f.CreatedTo != nil {
+		where = append(where, "created_at <= ?")
+		args = append(args, *f.CreatedTo)
+	}
+	var out []Task
+	err := d.db.SelectContext(ctx, &out, `
+SELECT id, task_id, user_id, key_id, model_id, account_id, prompt, n, size, upscale, status,
+       conversation_id, file_ids, result_urls, error, estimated_credit, credit_cost,
+       created_at, started_at, finished_at
+  FROM image_tasks
+ WHERE `+strings.Join(where, " AND ")+`
+ ORDER BY id DESC
+ LIMIT ? OFFSET ?`, append(args, limit, offset)...)
+	return out, err
+}
+
+// AdminTaskRow 是管理员视角的生成记录行,JOIN 了 users 表的邮箱。
+type AdminTaskRow struct {
+	Task
+	UserEmail string `db:"user_email" json:"user_email"`
+}
+
+// AdminTaskFilter 管理员查询过滤条件。
+type AdminTaskFilter struct {
+	UserID  uint64
+	Keyword string // 模糊匹配 prompt / email
+	Status  string
+}
+
+// ListAdmin 全局分页(admin)。
+func (d *DAO) ListAdmin(ctx context.Context, f AdminTaskFilter, limit, offset int) ([]AdminTaskRow, int64, error) {
+	if limit <= 0 {
+		limit = 20
+	}
+	where := "1=1"
+	args := []interface{}{}
+	if f.UserID > 0 {
+		where += " AND t.user_id = ?"
+		args = append(args, f.UserID)
+	}
+	if f.Status != "" {
+		where += " AND t.status = ?"
+		args = append(args, f.Status)
+	}
+	if f.Keyword != "" {
+		like := "%" + f.Keyword + "%"
+		where += " AND (t.prompt LIKE ? OR u.email LIKE ?)"
+		args = append(args, like, like)
+	}
+
+	var total int64
+	countSQL := `SELECT COUNT(*) FROM image_tasks t LEFT JOIN users u ON u.id=t.user_id WHERE ` + where
+	if err := d.db.GetContext(ctx, &total, countSQL, args...); err != nil {
+		return nil, 0, err
+	}
+
+	listSQL := `
+SELECT t.id, t.task_id, t.user_id, t.key_id, t.model_id, t.account_id,
+       t.prompt, t.n, t.size, t.upscale, t.status,
+       t.conversation_id, t.file_ids, t.result_urls, t.error,
+       t.estimated_credit, t.credit_cost,
+       t.created_at, t.started_at, t.finished_at,
+       COALESCE(u.email, '') AS user_email
+  FROM image_tasks t
+  LEFT JOIN users u ON u.id = t.user_id
+ WHERE ` + where + `
+ ORDER BY t.id DESC
+ LIMIT ? OFFSET ?`
+	args = append(args, limit, offset)
+	var out []AdminTaskRow
+	err := d.db.SelectContext(ctx, &out, listSQL, args...)
+	return out, total, err
+}
+
+// DecodeFileIDs 把 JSON 列解出字符串数组。
+func (t *Task) DecodeFileIDs() []string {
+	var out []string
+	if len(t.FileIDs) > 0 {
+		_ = json.Unmarshal(t.FileIDs, &out)
+	}
+	return out
+}
+
+// DecodeResultURLs 把 JSON 列解出字符串数组。
+func (t *Task) DecodeResultURLs() []string {
+	var out []string
+	if len(t.ResultURLs) > 0 {
+		_ = json.Unmarshal(t.ResultURLs, &out)
+	}
+	return out
+}
+
+// ---- helpers ----
+
+func nullEmpty(s, fallback string) string {
+	if s == "" {
+		return fallback
+	}
+	return s
+}
+
+func nullJSON(b []byte) interface{} {
+	if len(b) == 0 {
+		return nil
+	}
+	return b
+}
+
+func truncate(s string, max int) string {
+	if len(s) <= max {
+		return s
+	}
+	return s[:max]
+}
+
+var _ = time.Now // keep import
diff --git a/internal/image/me_handler.go b/internal/image/me_handler.go
new file mode 100644
index 00000000..845f07d3
--- /dev/null
+++ b/internal/image/me_handler.go
@@ -0,0 +1,159 @@
+package image
+
+import (
+	"errors"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// MeHandler 面向当前用户的图片任务只读接口(JWT 鉴权)。
+// 与 /v1/images/tasks/:id(API Key 鉴权)共享同一张 image_tasks 表,
+// 只是入口改到 /api/me/images/* 便于前端面板调用。
+type MeHandler struct{ dao *DAO }
+
+// NewMeHandler 构造。
+func NewMeHandler(dao *DAO) *MeHandler { return &MeHandler{dao: dao} }
+
+// taskView 是对外返回的视图结构,解码 JSON 列 + 隐藏内部字段。
+type taskView struct {
+	ID             uint64     `json:"id"`
+	TaskID         string     `json:"task_id"`
+	UserID         uint64     `json:"user_id"`
+	ModelID        uint64     `json:"model_id"`
+	AccountID      uint64     `json:"account_id"`
+	Prompt         string     `json:"prompt"`
+	N              int        `json:"n"`
+	Size           string     `json:"size"`
+	Upscale        string     `json:"upscale,omitempty"`
+	Status         string     `json:"status"`
+	ConversationID string     `json:"conversation_id,omitempty"`
+	Error          string     `json:"error,omitempty"`
+	CreditCost     int64      `json:"credit_cost"`
+	ImageURLs      []string   `json:"image_urls"`
+	FileIDs        []string   `json:"file_ids,omitempty"`
+	CreatedAt      time.Time  `json:"created_at"`
+	StartedAt      *time.Time `json:"started_at,omitempty"`
+	FinishedAt     *time.Time `json:"finished_at,omitempty"`
+}
+
+func toView(t *Task) taskView {
+	fids := t.DecodeFileIDs()
+	for i, id := range fids {
+		fids[i] = strings.TrimPrefix(id, "sed:")
+	}
+
+	// 生成代理 URL 而不是直接返回上游 URL（防止 403）
+	urls := make([]string, 0, len(fids))
+	for i := range fids {
+		urls = append(urls, BuildProxyURL(t.TaskID, i, 24*time.Hour))
+	}
+
+	return taskView{
+		ID: t.ID, TaskID: t.TaskID, UserID: t.UserID, ModelID: t.ModelID,
+		AccountID: t.AccountID, Prompt: t.Prompt, N: t.N, Size: t.Size,
+		Upscale: t.Upscale,
+		Status:  t.Status, ConversationID: t.ConversationID, Error: t.Error,
+		CreditCost: t.CreditCost, ImageURLs: urls, FileIDs: fids,
+		CreatedAt: t.CreatedAt, StartedAt: t.StartedAt, FinishedAt: t.FinishedAt,
+	}
+}
+
+// GET /api/me/images/tasks
+// 查询参数:limit(默认 20,上限 100), offset, status, keyword, start_at, end_at
+func (h *MeHandler) List(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "not logged in")
+		return
+	}
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "20"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	if limit <= 0 {
+		limit = 20
+	}
+	if limit > 100 {
+		limit = 100
+	}
+	if offset < 0 {
+		offset = 0
+	}
+	filter := MyTaskFilter{
+		Status:  strings.TrimSpace(c.Query("status")),
+		Keyword: strings.TrimSpace(c.Query("keyword")),
+	}
+	if startAt := strings.TrimSpace(c.Query("start_at")); startAt != "" {
+		tm, err := parseFilterTime(startAt)
+		if err != nil {
+			resp.Fail(c, resp.CodeBadRequest, "start_at 格式错误，期望 2006-01-02 15:04:05")
+			return
+		}
+		filter.CreatedAt = &tm
+	}
+	if endAt := strings.TrimSpace(c.Query("end_at")); endAt != "" {
+		tm, err := parseFilterTime(endAt)
+		if err != nil {
+			resp.Fail(c, resp.CodeBadRequest, "end_at 格式错误，期望 2006-01-02 15:04:05")
+			return
+		}
+		filter.CreatedTo = &tm
+	}
+	tasks, err := h.dao.ListByUser(c.Request.Context(), uid, filter, limit, offset)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	items := make([]taskView, 0, len(tasks))
+	for i := range tasks {
+		items = append(items, toView(&tasks[i]))
+	}
+	resp.OK(c, gin.H{"items": items, "limit": limit, "offset": offset})
+}
+
+func parseFilterTime(s string) (time.Time, error) {
+	loc := time.Local
+	layouts := []string{
+		"2006-01-02 15:04:05",
+		time.RFC3339,
+		"2006-01-02",
+	}
+	for _, layout := range layouts {
+		if t, err := time.ParseInLocation(layout, s, loc); err == nil {
+			return t, nil
+		}
+	}
+	return time.Time{}, errors.New("invalid time")
+}
+
+// GET /api/me/images/tasks/:id
+func (h *MeHandler) Get(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "not logged in")
+		return
+	}
+	id := c.Param("id")
+	if id == "" {
+		resp.Fail(c, 40000, "task id required")
+		return
+	}
+	t, err := h.dao.Get(c.Request.Context(), id)
+	if err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.Fail(c, 40400, "task not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	if t.UserID != uid {
+		resp.Fail(c, 40400, "task not found")
+		return
+	}
+	resp.OK(c, toView(t))
+}
diff --git a/internal/image/model.go b/internal/image/model.go
new file mode 100644
index 00000000..ea6ae22d
--- /dev/null
+++ b/internal/image/model.go
@@ -0,0 +1,83 @@
+// Package image 异步生图任务的数据模型、DAO 以及同步 Runner。
+//
+// M3 首版采用「同步直出 + 异步查询」混合路线:
+//
+//   * /v1/images/generations 默认是同步(wait_for_result=true),请求直接
+//     阻塞到图片生成完成再返回。由网关层的 goroutine pool 承接并发(目标
+//     1000 并发),每个任务落库 + 走一次完整的上游协议链路。
+//   * /v1/images/tasks/:id 可作为异步查询入口,客户端也可设
+//     wait_for_result=false 拿到 task_id 后自行轮询(适合移动端/脚本)。
+//
+// 这样能复用现有的 Account + Proxy + 计费 + 限流路径,不引入额外的 Redis
+// Stream 基础设施;等并发压力上来后再把 Runner 接到 Stream 消费者即可。
+package image
+
+import "time"
+
+// 任务状态。
+const (
+	StatusQueued     = "queued"     // 已入库,等调度
+	StatusDispatched = "dispatched" // 已拿到 lease,未开始跑上游
+	StatusRunning    = "running"    // 上游 SSE 已发起
+	StatusSuccess    = "success"
+	StatusFailed     = "failed"
+)
+
+// 错误码(短字符串,便于排查 & 计费对账)。
+const (
+	ErrUnknown          = "unknown"
+	ErrNoAccount        = "no_available_account"
+	ErrAuthRequired     = "auth_required"
+	ErrRateLimited      = "rate_limited"
+	ErrNetworkTransient = "network_transient" // 瞬态网络错误(EOF / reset),可自动重试
+	ErrPOWTimeout       = "pow_timeout"
+	ErrPOWFailed        = "pow_failed"
+	ErrTurnstile        = "turnstile_required"
+	ErrUpstream         = "upstream_error"
+	ErrPollTimeout      = "poll_timeout"
+	ErrDownload         = "download_failed"
+	ErrInvalidResponse  = "invalid_response"
+)
+
+// Task 对应 image_tasks 表。
+type Task struct {
+	ID              uint64     `db:"id"               json:"id"`
+	TaskID          string     `db:"task_id"          json:"task_id"`
+	UserID          uint64     `db:"user_id"          json:"user_id"`
+	KeyID           uint64     `db:"key_id"           json:"key_id"`
+	ModelID         uint64     `db:"model_id"         json:"model_id"`
+	AccountID       uint64     `db:"account_id"       json:"account_id"`
+	Prompt          string     `db:"prompt"           json:"prompt"`
+	N               int        `db:"n"                json:"n"`
+	Size            string     `db:"size"             json:"size"`
+	Upscale         string     `db:"upscale"          json:"upscale"`
+	Status          string     `db:"status"           json:"status"`
+	ConversationID  string     `db:"conversation_id"  json:"conversation_id"`
+	FileIDs         []byte     `db:"file_ids"         json:"-"`
+	ResultURLs      []byte     `db:"result_urls"      json:"-"`
+	Error           string     `db:"error"            json:"error"`
+	EstimatedCredit int64      `db:"estimated_credit" json:"estimated_credit"`
+	CreditCost      int64      `db:"credit_cost"      json:"credit_cost"`
+	CreatedAt       time.Time  `db:"created_at"       json:"created_at"`
+	StartedAt       *time.Time `db:"started_at"       json:"started_at"`
+	FinishedAt      *time.Time `db:"finished_at"      json:"finished_at"`
+}
+
+// Result 是 Runner 返回给网关/客户端的生图结果。
+type Result struct {
+	TaskID         string         `json:"task_id"`
+	Status         string         `json:"status"`
+	ConversationID string         `json:"conversation_id,omitempty"`
+	Images         []ResultImage  `json:"images,omitempty"`
+	ErrorCode      string         `json:"error_code,omitempty"`
+	ErrorMessage   string         `json:"error_message,omitempty"`
+	CreditCost     int64          `json:"credit_cost"`
+}
+
+// ResultImage 单张生图。
+type ResultImage struct {
+	URL         string `json:"url"`          // 上游签名直链(短期有效,通常 15 分钟)
+	FileID      string `json:"file_id"`      // chatgpt.com file-service id(纯 id,不含 sed:)
+	IsSediment  bool   `json:"is_sediment,omitempty"`
+	ContentType string `json:"content_type,omitempty"`
+}
diff --git a/internal/image/proxy_url.go b/internal/image/proxy_url.go
new file mode 100644
index 00000000..6464bb78
--- /dev/null
+++ b/internal/image/proxy_url.go
@@ -0,0 +1,53 @@
+package image
+
+import (
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"time"
+)
+
+// imageProxySecret 进程级随机密钥,用于 HMAC 签名图片 URL。
+// 进程重启后旧的签名 URL 全部失效,这是故意的(防止长期有效的 URL 泄漏)。
+var imageProxySecret []byte
+
+func init() {
+	imageProxySecret = make([]byte, 32)
+	if _, err := rand.Read(imageProxySecret); err != nil {
+		for i := range imageProxySecret {
+			imageProxySecret[i] = byte(i*31 + 7)
+		}
+	}
+}
+
+// BuildProxyURL 生成代理 URL。返回绝对 path(不含 host)。
+func BuildProxyURL(taskID string, idx int, ttl time.Duration) string {
+	if ttl <= 0 {
+		ttl = 24 * time.Hour
+	}
+	expMs := time.Now().Add(ttl).UnixMilli()
+	sig := computeImgSig(taskID, idx, expMs)
+	return fmt.Sprintf("/p/img/%s/%d?exp=%d&sig=%s", taskID, idx, expMs, sig)
+}
+
+// ComputeImgSig 计算图片 URL 签名（供 gateway 验证使用）。
+func ComputeImgSig(taskID string, idx int, expMs int64) string {
+	return computeImgSig(taskID, idx, expMs)
+}
+
+func computeImgSig(taskID string, idx int, expMs int64) string {
+	mac := hmac.New(sha256.New, imageProxySecret)
+	fmt.Fprintf(mac, "%s|%d|%d", taskID, idx, expMs)
+	return hex.EncodeToString(mac.Sum(nil))[:24]
+}
+
+// VerifyImgSig 验证图片 URL 签名。
+func VerifyImgSig(taskID string, idx int, expMs int64, sig string) bool {
+	if expMs < time.Now().UnixMilli() {
+		return false
+	}
+	want := computeImgSig(taskID, idx, expMs)
+	return hmac.Equal([]byte(sig), []byte(want))
+}
diff --git a/internal/image/runner.go b/internal/image/runner.go
new file mode 100644
index 00000000..de2628c1
--- /dev/null
+++ b/internal/image/runner.go
@@ -0,0 +1,565 @@
+package image
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/scheduler"
+	"github.com/432539/gpt2api/internal/upstream/chatgpt"
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// QuotaDecrementor 允许 Runner 在生图成功后立即扣减账号剩余额度,
+// 无需等待下一次后台探测即可在前端看到正确数字。
+type QuotaDecrementor interface {
+	DecrQuota(ctx context.Context, accountID uint64, n int) error
+}
+
+// Runner 单次/多次生图的执行器。封装完整的 chatgpt.com 协议链路:
+//
+//	ChatRequirements → PrepareFConversation → StreamFConversation (SSE) →
+//	ParseImageSSE → (需要时) PollConversationForImages → ImageDownloadURL
+//
+// IMG2 已正式上线,不再做"灰度命中判定 / preview_only 换账号重试"这些节流操作,
+// 拿到任意 file-service / sediment 引用即算成功,以速度和效率优先。
+type Runner struct {
+	sched     *scheduler.Scheduler
+	dao       *DAO
+	quotaDecr QuotaDecrementor // 生图成功后立即扣减账号额度(可空,空时跳过)
+}
+
+// NewRunner 构造 Runner。
+func NewRunner(sched *scheduler.Scheduler, dao *DAO) *Runner {
+	return &Runner{sched: sched, dao: dao}
+}
+
+// SetQuotaDecrementor 注入额度扣减器。
+func (r *Runner) SetQuotaDecrementor(qd QuotaDecrementor) { r.quotaDecr = qd }
+
+// ReferenceImage 是图生图/编辑的一张参考图输入。
+// 只需要提供原始字节 + 可选的文件名,Runner 会在运行时调用 chatgpt Client 上传。
+type ReferenceImage struct {
+	Data     []byte
+	FileName string // 可选,未填时按长度 + 嗅探扩展名生成
+}
+
+// RunOptions 是单次生图的输入。
+type RunOptions struct {
+	TaskID            string
+	UserID            uint64
+	KeyID             uint64
+	ModelID           uint64
+	UpstreamModel     string           // 默认 "auto"(由上游根据 system_hints 挑选图像模型)
+	Prompt            string
+	N                 int              // 期望返回的图片张数;够数 Poll 就立即返回(速度优先)
+	MaxAttempts       int              // 跨账号重试次数,仅用于无账号/限流等硬错误,默认 1
+	PerAttemptTimeout time.Duration    // 单次尝试总超时,默认 6min(覆盖 SSE + PollMaxWait + 缓冲)
+	PollMaxWait       time.Duration    // SSE 没直出时,轮询 conversation 的最长等待,默认 300s
+	References        []ReferenceImage // 图生图/编辑:参考图
+}
+
+// RunResult 是单次生图的输出。
+type RunResult struct {
+	Status         string   // success / failed
+	ConversationID string
+	AccountID      uint64
+	FileIDs        []string // chatgpt.com 侧的原始 ref("sed:" 前缀表示 sediment)
+	SignedURLs     []string // 直接可访问的签名 URL(15 分钟有效)
+	ContentTypes   []string
+	ErrorCode      string
+	ErrorMessage   string
+	Attempts       int // 跨账号尝试次数(runOnce 次数)
+	DurationMs     int64
+}
+
+// Run 执行生图。会同步阻塞直到完成/失败;调用方自行做超时控制(传 ctx)。
+//
+// N > 1 时并发启动 N 个独立 goroutine,每个各自走完整链路出 1 张图,
+// 最终合并结果——比向单一会话请求 N 张快得多(ChatGPT f/conversation 每轮只产 1 张)。
+func (r *Runner) Run(ctx context.Context, opt RunOptions) *RunResult {
+	start := time.Now()
+	if opt.MaxAttempts <= 0 {
+		opt.MaxAttempts = 1
+	}
+	if opt.PerAttemptTimeout <= 0 {
+		opt.PerAttemptTimeout = 6 * time.Minute
+	}
+	if opt.PollMaxWait <= 0 {
+		opt.PollMaxWait = 300 * time.Second
+	}
+	if opt.UpstreamModel == "" {
+		opt.UpstreamModel = "auto"
+	}
+	if opt.N <= 0 {
+		opt.N = 1
+	}
+
+	result := &RunResult{Status: StatusFailed, ErrorCode: ErrUnknown}
+
+	// 仅当有 DAO 和 taskID 时才落库
+	if r.dao != nil && opt.TaskID != "" {
+		_ = r.dao.MarkRunning(ctx, opt.TaskID, 0)
+	}
+
+	if opt.N > 1 {
+		// 并发模式:N 个 goroutine 各独立出 1 张
+		r.runParallel(ctx, opt, start, result)
+	} else {
+		// 串行模式(原逻辑):带跨账号重试
+		for attempt := 1; attempt <= opt.MaxAttempts; attempt++ {
+			result.Attempts = attempt
+			if err := ctx.Err(); err != nil {
+				result.ErrorCode = ErrUnknown
+				result.ErrorMessage = err.Error()
+				break
+			}
+
+			attemptCtx, cancel := context.WithTimeout(ctx, opt.PerAttemptTimeout)
+			ok, status, err := r.runOnce(attemptCtx, opt, result)
+			cancel()
+
+			if ok {
+				result.Status = StatusSuccess
+				result.ErrorCode = ""
+				result.ErrorMessage = ""
+				break
+			}
+			if err != nil {
+				result.ErrorMessage = err.Error()
+			}
+			result.ErrorCode = status
+
+			if attempt >= opt.MaxAttempts {
+				break
+			}
+			retryable := status == ErrRateLimited || status == ErrNoAccount ||
+				status == ErrAuthRequired || status == ErrNetworkTransient
+			if !retryable {
+				break
+			}
+			logger.L().Info("image runner retry with another account",
+				zap.String("task_id", opt.TaskID),
+				zap.String("reason", status),
+				zap.Int("attempt", attempt))
+		}
+	}
+
+	result.DurationMs = time.Since(start).Milliseconds()
+
+	// 落库
+	if r.dao != nil && opt.TaskID != "" {
+		if result.Status == StatusSuccess {
+			_ = r.dao.MarkSuccess(ctx, opt.TaskID, result.ConversationID,
+				result.FileIDs, result.SignedURLs, 0 /* credit_cost 由网关负责写 */)
+			if r.quotaDecr != nil && result.AccountID > 0 {
+				n := len(result.FileIDs)
+				if n == 0 {
+					n = opt.N
+				}
+				_ = r.quotaDecr.DecrQuota(context.Background(), result.AccountID, n)
+			}
+		} else {
+			_ = r.dao.MarkFailed(ctx, opt.TaskID, result.ErrorCode)
+		}
+	}
+	return result
+}
+
+// runParallel 并发启动 opt.N 个独立请求,每个各出 1 张图,最终合并到 result。
+// 只要有 ≥1 张成功就算整体成功;全部失败才返回失败。
+// 各 goroutine 不写 DAO(TaskID 置空),写库由外层 Run 统一完成。
+func (r *Runner) runParallel(ctx context.Context, opt RunOptions, start time.Time, result *RunResult) {
+	type subResult struct {
+		ok         bool
+		fileIDs    []string
+		signedURLs []string
+		convID     string
+		accountID  uint64
+		errCode    string
+		errMsg     string
+	}
+
+	n := opt.N
+	ch := make(chan subResult, n)
+
+	// 子任务:单张、不写 DAO
+	subOpt := opt
+	subOpt.N = 1
+	subOpt.TaskID = "" // 禁用 DAO,避免多 goroutine 互相覆盖
+
+	var wg sync.WaitGroup
+	for i := 0; i < n; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			sub := &RunResult{Status: StatusFailed, ErrorCode: ErrUnknown}
+			attemptCtx, cancel := context.WithTimeout(ctx, opt.PerAttemptTimeout)
+			defer cancel()
+			ok, status, err := r.runOnce(attemptCtx, subOpt, sub)
+			msg := ""
+			if err != nil {
+				msg = err.Error()
+			}
+			if !ok && status == "" {
+				status = sub.ErrorCode
+			}
+			ch <- subResult{
+				ok:         ok,
+				fileIDs:    sub.FileIDs,
+				signedURLs: sub.SignedURLs,
+				convID:     sub.ConversationID,
+				accountID:  sub.AccountID,
+				errCode:    status,
+				errMsg:     msg,
+			}
+		}()
+	}
+
+	// 等待全部完成后关闭 channel
+	go func() { wg.Wait(); close(ch) }()
+
+	var (
+		successCount  int
+		lastErrCode   string
+		lastErrMsg    string
+	)
+	for sr := range ch {
+		if sr.ok {
+			successCount++
+			result.FileIDs = append(result.FileIDs, sr.fileIDs...)
+			result.SignedURLs = append(result.SignedURLs, sr.signedURLs...)
+			if result.ConversationID == "" {
+				result.ConversationID = sr.convID
+			}
+			if result.AccountID == 0 {
+				result.AccountID = sr.accountID
+			}
+		} else {
+			lastErrCode = sr.errCode
+			lastErrMsg = sr.errMsg
+		}
+	}
+	result.Attempts = n
+
+	if successCount > 0 {
+		result.Status = StatusSuccess
+		result.ErrorCode = ""
+		result.ErrorMessage = ""
+		logger.L().Info("image runner parallel done",
+			zap.String("task_id", opt.TaskID),
+			zap.Int("requested", n),
+			zap.Int("succeeded", successCount),
+			zap.Int("got_images", len(result.FileIDs)),
+		)
+	} else {
+		result.ErrorCode = lastErrCode
+		result.ErrorMessage = lastErrMsg
+		logger.L().Warn("image runner parallel all failed",
+			zap.String("task_id", opt.TaskID),
+			zap.Int("requested", n),
+			zap.String("last_err", lastErrCode),
+		)
+	}
+}
+
+// runOnce 一次完整的尝试。返回 (ok, errorCode, err)。
+// result 会被就地更新(ConversationID / FileIDs / SignedURLs / AccountID 等)。
+func (r *Runner) runOnce(ctx context.Context, opt RunOptions, result *RunResult) (bool, string, error) {
+	// 1) 调度账号
+	lease, err := r.sched.Dispatch(ctx, "image")
+	if err != nil {
+		if errors.Is(err, scheduler.ErrNoAvailable) {
+			return false, ErrNoAccount, err
+		}
+		return false, ErrUnknown, err
+	}
+	defer func() {
+		_ = lease.Release(context.Background())
+	}()
+	result.AccountID = lease.Account.ID
+	// 立刻把 account_id 写回 image_tasks,供后续图片代理端点按 task_id 解出 AT。
+	// MarkRunning 在 status=running 时 WHERE 不命中,所以用专门的 SetAccount。
+	if r.dao != nil && opt.TaskID != "" {
+		_ = r.dao.SetAccount(ctx, opt.TaskID, lease.Account.ID)
+	}
+
+	// 2) 构造上游 client
+	cli, err := chatgpt.New(chatgpt.Options{
+		AuthToken: lease.AuthToken,
+		DeviceID:  lease.DeviceID,
+		SessionID: lease.SessionID,
+		ProxyURL:  lease.ProxyURL,
+		Cookies:   "", // 目前不从 oai_account_cookies 加载,后续 M3+ 再做
+	})
+	if err != nil {
+		return false, ErrUnknown, fmt.Errorf("chatgpt client: %w", err)
+	}
+
+	// 3) ChatRequirements + POW(新两步 sentinel 流程,solver 未配置时内部自动
+	// 回退到单步接口)
+	cr, err := cli.ChatRequirementsV2(ctx)
+	if err != nil {
+		return false, r.classifyUpstream(err), err
+	}
+	var proofToken string
+	if cr.Proofofwork.Required {
+		proofCtx, cancel := context.WithTimeout(ctx, 8*time.Second)
+		ch := make(chan string, 1)
+		go func() { ch <- cr.SolveProof(chatgpt.DefaultUserAgent) }()
+		select {
+		case <-proofCtx.Done():
+			cancel()
+			r.sched.MarkWarned(context.Background(), lease.Account.ID)
+			return false, ErrPOWTimeout, proofCtx.Err()
+		case proofToken = <-ch:
+			cancel()
+		}
+		if proofToken == "" {
+			r.sched.MarkWarned(context.Background(), lease.Account.ID)
+			return false, ErrPOWFailed, errors.New("pow solver returned empty")
+		}
+	}
+	// Turnstile 是"建议性"信号:即使服务端声明 required,只要 chat_token + proof_token
+	// 齐全,绝大多数账号的 f/conversation 仍然会正常下发图片结果。与 chat 流程(gateway/chat.go)
+	// 保持一致——只打 warn,不阻断;真正拿不到 IMG2 终稿时由后续 poll 逻辑判定为失败。
+	if cr.Turnstile.Required {
+		logger.L().Warn("image turnstile required, continue anyway",
+			zap.Uint64("account_id", lease.Account.ID))
+	}
+
+	// 4) 不再调用 /backend-api/conversation/init:
+	// 浏览器实测路径是 prepare → chat-requirements → f/conversation 三步,init 是
+	// 过时/冗余调用,在免费账号上还会返回 404 让整条链路 fail。system_hints=picture_v2
+	// 会通过 f/conversation 的 payload 字段传达。
+
+	// 4.5) 图生图:上传参考图。任何一张失败都直接整体 fail(上游后续会对不上 attachment)。
+	var refs []*chatgpt.UploadedFile
+	if len(opt.References) > 0 {
+		for idx, r0 := range opt.References {
+			upCtx, cancel := context.WithTimeout(ctx, 60*time.Second)
+			up, err := cli.UploadFile(upCtx, r0.Data, r0.FileName)
+			cancel()
+			if err != nil {
+				logger.L().Warn("image runner upload reference failed",
+					zap.Int("idx", idx), zap.Error(err))
+				if ue, ok := err.(*chatgpt.UpstreamError); ok && ue.IsRateLimited() {
+					r.sched.MarkRateLimited(context.Background(), lease.Account.ID)
+					return false, ErrRateLimited, err
+				}
+				return false, ErrUpstream, fmt.Errorf("upload reference %d: %w", idx, err)
+			}
+			refs = append(refs, up)
+		}
+		logger.L().Info("image runner references uploaded",
+			zap.String("task_id", opt.TaskID), zap.Int("count", len(refs)))
+	}
+
+	// 注意:新会话不要本地生成 conversation_id,上游会 404。
+	// 真正的 conv_id 由 SSE 的 resume_conversation_token / sseResult.ConversationID 返回。
+	var convID string
+	parentID := uuid.NewString()
+	messageID := uuid.NewString()
+
+	// 统一把 model 强制为 "auto":对齐参考实现(只通过 system_hints=["picture_v2"]
+	// 区分图像任务)。
+	// 注意:免费账号(persona=chatgpt-freeaccount)也可以生成图片,只要 daily_image_quota > 0。
+	// 不再按 persona 拒绝请求;persona 仅做日志记录。
+	upstreamModel := "auto"
+	if opt.UpstreamModel != "" && opt.UpstreamModel != "auto" {
+		if cr.IsFreeAccount() {
+			logger.L().Info("image: free account, force upstream model to auto",
+				zap.Uint64("account_id", lease.Account.ID),
+				zap.String("requested_model", opt.UpstreamModel))
+		} else {
+			upstreamModel = opt.UpstreamModel
+		}
+	}
+
+	// 5) 单轮 picture_v2:SSE 里直接给图就走 SSE 结果,没给就短轮询补一下。
+	// IMG2 已正式上线,不再区分"终稿 / 预览",拿到就用,追求速度。
+	convOpt := chatgpt.ImageConvOpts{
+		Prompt:        opt.Prompt,
+		UpstreamModel: upstreamModel,
+		ConvID:        convID,
+		ParentMsgID:   parentID,
+		MessageID:     messageID,
+		ChatToken:     cr.Token,
+		ProofToken:    proofToken,
+		References:    refs,
+	}
+
+	// Prepare(conduit_token;拿不到也能降级继续)
+	if ct, err := cli.PrepareFConversation(ctx, convOpt); err == nil {
+		convOpt.ConduitToken = ct
+	} else if ue, ok := err.(*chatgpt.UpstreamError); ok && ue.IsRateLimited() {
+		r.sched.MarkRateLimited(context.Background(), lease.Account.ID)
+		return false, ErrRateLimited, err
+	}
+
+	// f/conversation SSE
+	stream, err := cli.StreamFConversation(ctx, convOpt)
+	if err != nil {
+		code := r.classifyUpstream(err)
+		if code == ErrRateLimited {
+			r.sched.MarkRateLimited(context.Background(), lease.Account.ID)
+		}
+		return false, code, err
+	}
+	sseResult := chatgpt.ParseImageSSE(stream)
+	if sseResult.ConversationID != "" {
+		convID = sseResult.ConversationID
+		result.ConversationID = convID
+	}
+
+	logger.L().Info("image runner SSE parsed",
+		zap.String("task_id", opt.TaskID),
+		zap.Uint64("account_id", lease.Account.ID),
+		zap.String("conv_id", convID),
+		zap.String("finish_type", sseResult.FinishType),
+		zap.String("image_gen_task_id", sseResult.ImageGenTaskID),
+		zap.Int("sse_fids", len(sseResult.FileIDs)),
+		zap.Strings("sse_fids_list", sseResult.FileIDs),
+		zap.Int("sse_sids", len(sseResult.SedimentIDs)),
+		zap.Strings("sse_sids_list", sseResult.SedimentIDs),
+	)
+
+	// 聚合 SSE 阶段的所有引用:file-service 优先,sediment 补位
+	var fileRefs []string
+	fileRefs = append(fileRefs, sseResult.FileIDs...)
+	for _, s := range sseResult.SedimentIDs {
+		fileRefs = append(fileRefs, "sed:"+s)
+	}
+
+	// SSE 已经把期望数量的图带回来了 → 直接下载,跳过 Poll,省时间
+	if len(fileRefs) >= opt.N {
+		logger.L().Info("image runner enough refs from SSE, skip polling",
+			zap.String("task_id", opt.TaskID),
+			zap.Uint64("account_id", lease.Account.ID),
+			zap.String("conv_id", convID),
+			zap.Int("refs", len(fileRefs)),
+			zap.Strings("refs_list", fileRefs),
+		)
+	} else {
+		// SSE 没给够(常见于 IMG2 只走 tool 消息场景)→ 短轮询补齐。
+		// 单轮新会话,不需要 baseline:conversation 里出现的每条 image_gen tool 消息
+		// 都是本次请求的产物。
+		pollOpt := chatgpt.PollOpts{
+			ExpectedN: opt.N,
+			MaxWait:   opt.PollMaxWait,
+		}
+		status, fids, sids := cli.PollConversationForImages(ctx, convID, pollOpt)
+		logger.L().Info("image runner poll done",
+			zap.String("task_id", opt.TaskID),
+			zap.Uint64("account_id", lease.Account.ID),
+			zap.String("conv_id", convID),
+			zap.String("poll_status", string(status)),
+			zap.Int("poll_fids", len(fids)),
+			zap.Strings("poll_fids_list", fids),
+			zap.Int("poll_sids", len(sids)),
+			zap.Strings("poll_sids_list", sids),
+		)
+		switch status {
+		case chatgpt.PollStatusSuccess:
+			// 去重合并:SSE 捕获的 sediment 可能在 mapping 里再被 Poll 扫一次
+			seen := make(map[string]struct{}, len(fileRefs))
+			for _, r := range fileRefs {
+				seen[r] = struct{}{}
+			}
+			for _, f := range fids {
+				if _, ok := seen[f]; ok {
+					continue
+				}
+				seen[f] = struct{}{}
+				fileRefs = append(fileRefs, f)
+			}
+			for _, s := range sids {
+				key := "sed:" + s
+				if _, ok := seen[key]; ok {
+					continue
+				}
+				seen[key] = struct{}{}
+				fileRefs = append(fileRefs, key)
+			}
+		case chatgpt.PollStatusTimeout:
+			return false, ErrPollTimeout, errors.New("poll timeout without any image")
+		default:
+			return false, ErrUpstream, errors.New("poll error")
+		}
+	}
+
+	if len(fileRefs) == 0 {
+		return false, ErrUpstream, errors.New("no image ref produced")
+	}
+
+	// 6) 对每个 ref 取签名 URL
+	var signedURLs []string
+	var contentTypes []string
+	for _, ref := range fileRefs {
+		url, err := cli.ImageDownloadURL(ctx, convID, ref)
+		if err != nil {
+			logger.L().Warn("image runner download url failed",
+				zap.String("ref", ref), zap.Error(err))
+			continue
+		}
+		signedURLs = append(signedURLs, url)
+		contentTypes = append(contentTypes, "image/png")
+	}
+	if len(signedURLs) == 0 {
+		return false, ErrDownload, errors.New("all download urls failed")
+	}
+
+	logger.L().Info("image runner result summary",
+		zap.String("task_id", opt.TaskID),
+		zap.Uint64("account_id", lease.Account.ID),
+		zap.String("conv_id", convID),
+		zap.Int("refs", len(fileRefs)),
+		zap.Strings("refs_list", fileRefs),
+		zap.Int("signed_count", len(signedURLs)),
+	)
+
+	result.FileIDs = fileRefs
+	result.SignedURLs = signedURLs
+	result.ContentTypes = contentTypes
+	return true, "", nil
+}
+
+// classifyUpstream 把上游错误转成内部 error code。
+func (r *Runner) classifyUpstream(err error) string {
+	if err == nil {
+		return ""
+	}
+	var ue *chatgpt.UpstreamError
+	if errors.As(err, &ue) {
+		if ue.IsRateLimited() {
+			return ErrRateLimited
+		}
+		if ue.IsUnauthorized() {
+			return ErrAuthRequired
+		}
+		return ErrUpstream
+	}
+	msg := err.Error()
+	if strings.Contains(msg, "deadline exceeded") {
+		return ErrPollTimeout
+	}
+	// uTLS 握手被对端强制关闭 (EOF / connection reset) 属于瞬态网络故障,允许重试。
+	if strings.Contains(msg, "EOF") ||
+		strings.Contains(msg, "connection reset") ||
+		strings.Contains(msg, "connection refused") ||
+		strings.Contains(msg, "broken pipe") {
+		return ErrNetworkTransient
+	}
+	return ErrUpstream
+}
+
+// GenerateTaskID 生成对外 task_id。
+func GenerateTaskID() string {
+	return "img_" + strings.ReplaceAll(uuid.NewString(), "-", "")[:24]
+}
diff --git a/internal/image/thumb.go b/internal/image/thumb.go
new file mode 100644
index 00000000..46ae6075
--- /dev/null
+++ b/internal/image/thumb.go
@@ -0,0 +1,87 @@
+package image
+
+import (
+	"bytes"
+	"fmt"
+	stdimage "image"
+	"image/jpeg"
+
+	"golang.org/x/image/draw"
+)
+
+const (
+	DefaultThumbMaxBytes = 10 * 1024
+	minThumbSide         = 96
+)
+
+var (
+	thumbWidths    = []int{512, 448, 384, 320, 288, 256, 224, 192, 160, 128, 96}
+	thumbQualities = []int{55, 45, 35, 28, 22, 16, 10, 5}
+)
+
+// MakeThumbJPEG 把原图压缩成 JPEG 缩略图，尽量控制在 maxBytes 内。
+func MakeThumbJPEG(srcBytes []byte, maxBytes int) ([]byte, string, error) {
+	if maxBytes <= 0 {
+		maxBytes = DefaultThumbMaxBytes
+	}
+	src, _, err := stdimage.Decode(bytes.NewReader(srcBytes))
+	if err != nil {
+		return nil, "", fmt.Errorf("thumb decode: %w", err)
+	}
+
+	b := src.Bounds()
+	sw, sh := b.Dx(), b.Dy()
+	if sw <= 0 || sh <= 0 {
+		return nil, "", fmt.Errorf("thumb decode: invalid size %dx%d", sw, sh)
+	}
+
+	var best []byte
+	for _, maxW := range thumbWidths {
+		tw, th := fitThumb(sw, sh, maxW)
+		dst := stdimage.NewRGBA(stdimage.Rect(0, 0, tw, th))
+		draw.CatmullRom.Scale(dst, dst.Bounds(), src, b, draw.Over, nil)
+
+		for _, q := range thumbQualities {
+			buf := bytes.NewBuffer(make([]byte, 0, maxBytes))
+			if err := jpeg.Encode(buf, dst, &jpeg.Options{Quality: q}); err != nil {
+				return nil, "", fmt.Errorf("thumb jpeg encode: %w", err)
+			}
+			out := buf.Bytes()
+			if len(out) <= maxBytes {
+				return out, "image/jpeg", nil
+			}
+			if len(best) == 0 || len(out) < len(best) {
+				best = append(best[:0], out...)
+			}
+		}
+	}
+
+	if len(best) > 0 {
+		return best, "image/jpeg", nil
+	}
+	return nil, "", fmt.Errorf("thumb jpeg encode: no output")
+}
+
+func fitThumb(sw, sh, maxW int) (int, int) {
+	if maxW < minThumbSide {
+		maxW = minThumbSide
+	}
+	if sw <= maxW {
+		if sw < minThumbSide {
+			return minThumbSide, max(minThumbSide, sh*minThumbSide/max(sw, 1))
+		}
+		return sw, sh
+	}
+	th := sh * maxW / sw
+	if th < minThumbSide {
+		th = minThumbSide
+	}
+	return maxW, th
+}
+
+func max(a, b int) int {
+	if a > b {
+		return a
+	}
+	return b
+}
diff --git a/internal/image/upscale.go b/internal/image/upscale.go
new file mode 100644
index 00000000..796d5d90
--- /dev/null
+++ b/internal/image/upscale.go
@@ -0,0 +1,218 @@
+package image
+
+import (
+	"bytes"
+	"container/list"
+	"errors"
+	"fmt"
+	gimage "image"
+	"image/png"
+	"runtime"
+	"sync"
+
+	_ "image/gif"
+	_ "image/jpeg"
+
+	"golang.org/x/image/draw"
+
+	_ "golang.org/x/image/webp" // 上游 CDN 偶发 webp,标准库解不了,这里 blank import 注册
+)
+
+// Upscale 档位 —— 对外只暴露三档:空字符串 / "2k" / "4k"。
+//
+// 采用"长边目标像素"策略(避免不同比例出图的长边被裁),短边按原比例等比缩放:
+//   - 2K:长边 2560
+//   - 4K:长边 3840
+//
+// 算法固定为 Catmull-Rom(biquintic),本地 CPU 运算,不需要模型 / 不调用任何外部服务。
+// 这是"传统插值放大",不是 AI 超分 —— 只会更平滑,不会补出新的毛发 / 纹理 / 细节。
+const (
+	UpscaleNone = ""
+	Upscale2K   = "2k"
+	Upscale4K   = "4k"
+)
+
+// ValidateUpscale 规整前端 / 上游传入的档位字符串,非法值一律视为空(原图)。
+func ValidateUpscale(s string) string {
+	switch s {
+	case Upscale2K, Upscale4K:
+		return s
+	default:
+		return UpscaleNone
+	}
+}
+
+// longSideOf 返回档位对应的"长边目标像素"。0 表示不放大。
+func longSideOf(scale string) int {
+	switch scale {
+	case Upscale2K:
+		return 2560
+	case Upscale4K:
+		return 3840
+	default:
+		return 0
+	}
+}
+
+// ErrUpscaleDecode 当原始字节解码失败(既不是主流 PNG/JPEG/GIF 也不是 webp)时返回。
+var ErrUpscaleDecode = errors.New("image upscale: decode source failed")
+
+// DoUpscale 对给定字节做 Catmull-Rom 放大并重新编码为 PNG。
+//
+//   - 输入:src 任意主流位图字节(PNG / JPEG / GIF / WEBP)。
+//   - scale:"" 表示直接原样返回(零开销);"2k" / "4k" 会做实际放大。
+//   - 若原图长边已经 ≥ 目标长边,直接返回原字节(不放大,不重编码,避免白白损失 JPEG 细节)。
+//
+// 返回 (输出字节, 输出 content-type, error)。输出 content-type 在做了实际放大时固定为 image/png。
+func DoUpscale(src []byte, scale string) ([]byte, string, error) {
+	scale = ValidateUpscale(scale)
+	target := longSideOf(scale)
+	if target == 0 || len(src) == 0 {
+		return src, "", nil
+	}
+
+	// image.Decode 已经注册了 png/jpeg/gif(上面 blank import),webp 来自 x/image/webp。
+	srcImg, _, err := gimage.Decode(bytes.NewReader(src))
+	if err != nil {
+		return nil, "", fmt.Errorf("%w: %v", ErrUpscaleDecode, err)
+	}
+
+	b := srcImg.Bounds()
+	sw, sh := b.Dx(), b.Dy()
+	if sw <= 0 || sh <= 0 {
+		return nil, "", ErrUpscaleDecode
+	}
+
+	// 原图长边已经 ≥ 目标,放弃放大以免重复损失质量
+	long := sw
+	if sh > long {
+		long = sh
+	}
+	if long >= target {
+		return src, "", nil
+	}
+
+	// 等比缩,长边对齐 target
+	var dw, dh int
+	if sw >= sh {
+		dw = target
+		dh = int(float64(sh) * float64(target) / float64(sw))
+		if dh < 1 {
+			dh = 1
+		}
+	} else {
+		dh = target
+		dw = int(float64(sw) * float64(target) / float64(sh))
+		if dw < 1 {
+			dw = 1
+		}
+	}
+
+	dst := gimage.NewRGBA(gimage.Rect(0, 0, dw, dh))
+	draw.CatmullRom.Scale(dst, dst.Bounds(), srcImg, b, draw.Src, nil)
+
+	var buf bytes.Buffer
+	// BestSpeed 显著快于默认 DefaultCompression(4K 下大约 3~5x),
+	// 文件体积多约 15~25%,对 PNG 4K 出图场景来说值得:交互感优先。
+	enc := png.Encoder{CompressionLevel: png.BestSpeed}
+	if err := enc.Encode(&buf, dst); err != nil {
+		return nil, "", fmt.Errorf("image upscale: png encode: %w", err)
+	}
+	return buf.Bytes(), "image/png", nil
+}
+
+// ---------------- 并发闸 + LRU 缓存 ----------------
+
+// UpscaleCache 进程内 LRU 字节缓存,附带一个并发信号量限制同时计算的数量。
+//
+// 设计动机:
+//   - 同一张图第一次按 scale=4k 请求时需要跑 decode + Catmull-Rom + png encode,
+//     合计约 0.5~2s;命中缓存后毫秒级返回,交互体验差异巨大。
+//   - 并发闸避免 4K 请求风暴把 CPU 打满,影响生图主流程。
+type UpscaleCache struct {
+	mu       sync.Mutex
+	items    map[string]*list.Element
+	order    *list.List
+	maxBytes int64
+	curBytes int64
+
+	sem chan struct{}
+}
+
+type upscaleEntry struct {
+	key         string
+	data        []byte
+	contentType string
+}
+
+// NewUpscaleCache 初始化 LRU。maxBytes ≤ 0 时使用默认 512MB;并发上限默认 NumCPU。
+//
+// 默认 512MB 足够放 ~50 张 4K PNG,对面板"刚生成 + 回头再看"的场景命中率很高。
+func NewUpscaleCache(maxBytes int64, concurrency int) *UpscaleCache {
+	if maxBytes <= 0 {
+		maxBytes = 512 * 1024 * 1024
+	}
+	if concurrency <= 0 {
+		concurrency = runtime.NumCPU()
+		if concurrency < 2 {
+			concurrency = 2
+		}
+	}
+	return &UpscaleCache{
+		items:    make(map[string]*list.Element),
+		order:    list.New(),
+		maxBytes: maxBytes,
+		sem:      make(chan struct{}, concurrency),
+	}
+}
+
+// Get 命中时返回 (data, ct, true);未命中返回 false。命中会把条目移到 LRU 尾(最新)。
+func (c *UpscaleCache) Get(key string) ([]byte, string, bool) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	el, ok := c.items[key]
+	if !ok {
+		return nil, "", false
+	}
+	c.order.MoveToBack(el)
+	e := el.Value.(*upscaleEntry)
+	return e.data, e.contentType, true
+}
+
+// Put 写入缓存,超过容量时从头(最老)淘汰直到合规。
+func (c *UpscaleCache) Put(key string, data []byte, contentType string) {
+	if len(data) == 0 || int64(len(data)) > c.maxBytes {
+		return // 单条就能撑爆缓存的直接放弃
+	}
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if el, ok := c.items[key]; ok {
+		old := el.Value.(*upscaleEntry)
+		c.curBytes -= int64(len(old.data))
+		old.data = data
+		old.contentType = contentType
+		c.curBytes += int64(len(data))
+		c.order.MoveToBack(el)
+		return
+	}
+	e := &upscaleEntry{key: key, data: data, contentType: contentType}
+	el := c.order.PushBack(e)
+	c.items[key] = el
+	c.curBytes += int64(len(data))
+	for c.curBytes > c.maxBytes {
+		front := c.order.Front()
+		if front == nil {
+			break
+		}
+		old := front.Value.(*upscaleEntry)
+		c.order.Remove(front)
+		delete(c.items, old.key)
+		c.curBytes -= int64(len(old.data))
+	}
+}
+
+// Acquire 占用一格并发配额;请与 Release 成对使用。
+func (c *UpscaleCache) Acquire() { c.sem <- struct{}{} }
+
+// Release 释放一格。
+func (c *UpscaleCache) Release() { <-c.sem }
diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
new file mode 100644
index 00000000..db78339e
--- /dev/null
+++ b/internal/middleware/auth.go
@@ -0,0 +1,104 @@
+package middleware
+
+import (
+	"strings"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/rbac"
+	pkgjwt "github.com/432539/gpt2api/pkg/jwt"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+const (
+	CtxUserID = "user_id"
+	CtxRole   = "role"
+)
+
+// JWTAuth 校验 Bearer JWT,把 user_id / role 注入 context。
+func JWTAuth(jm *pkgjwt.Manager) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		hdr := c.GetHeader("Authorization")
+		if !strings.HasPrefix(hdr, "Bearer ") {
+			resp.Unauthorized(c, "missing bearer token")
+			return
+		}
+		tokenStr := strings.TrimSpace(strings.TrimPrefix(hdr, "Bearer "))
+		claims, err := jm.Verify(tokenStr)
+		if err != nil {
+			resp.Unauthorized(c, "invalid token: "+err.Error())
+			return
+		}
+		c.Set(CtxUserID, claims.UserID)
+		c.Set(CtxRole, claims.Role)
+		c.Next()
+	}
+}
+
+// RequireAdmin 在 JWTAuth 之后使用,校验 role==admin。
+func RequireAdmin() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if !rbac.IsAdmin(Role(c)) {
+			resp.Forbidden(c, "admin only")
+			return
+		}
+		c.Next()
+	}
+}
+
+// RequirePerm 要求当前角色拥有指定的任一权限(OR 语义)。
+// 匿名或无 JWT 的请求(UserID==0)直接 401 以防止权限检查逻辑被绕过。
+func RequirePerm(perms ...rbac.Permission) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if UserID(c) == 0 {
+			resp.Unauthorized(c, "not authenticated")
+			return
+		}
+		role := Role(c)
+		if !rbac.HasAny(role, perms...) {
+			resp.Forbidden(c, "insufficient permission")
+			return
+		}
+		c.Next()
+	}
+}
+
+// RequireAllPerms 要求拥有全部权限(AND 语义,罕用)。
+func RequireAllPerms(perms ...rbac.Permission) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if UserID(c) == 0 {
+			resp.Unauthorized(c, "not authenticated")
+			return
+		}
+		role := Role(c)
+		if !rbac.HasAll(role, perms...) {
+			resp.Forbidden(c, "insufficient permission")
+			return
+		}
+		c.Next()
+	}
+}
+
+// UserID 从 context 取 user_id,找不到返回 0。
+func UserID(c *gin.Context) uint64 {
+	v, ok := c.Get(CtxUserID)
+	if !ok {
+		return 0
+	}
+	if uid, ok := v.(uint64); ok {
+		return uid
+	}
+	return 0
+}
+
+// Role 从 context 取 role,未登录返回空串。
+func Role(c *gin.Context) string {
+	v, ok := c.Get(CtxRole)
+	if !ok {
+		return ""
+	}
+	if s, ok := v.(string); ok {
+		return s
+	}
+	return ""
+}
diff --git a/internal/middleware/cors.go b/internal/middleware/cors.go
new file mode 100644
index 00000000..48ee5db0
--- /dev/null
+++ b/internal/middleware/cors.go
@@ -0,0 +1,41 @@
+package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+)
+
+// CORS 简易跨域中间件。
+func CORS(origins []string) gin.HandlerFunc {
+	allow := make(map[string]struct{}, len(origins))
+	allowAll := false
+	for _, o := range origins {
+		if o == "*" {
+			allowAll = true
+		}
+		allow[strings.TrimRight(o, "/")] = struct{}{}
+	}
+	return func(c *gin.Context) {
+		origin := c.GetHeader("Origin")
+		if origin != "" {
+			if allowAll {
+				c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
+			} else if _, ok := allow[strings.TrimRight(origin, "/")]; ok {
+				c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
+			}
+			c.Writer.Header().Set("Vary", "Origin")
+			c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+			c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
+			c.Writer.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Request-Id")
+			c.Writer.Header().Set("Access-Control-Expose-Headers", "X-Request-Id")
+			c.Writer.Header().Set("Access-Control-Max-Age", "86400")
+		}
+		if c.Request.Method == http.MethodOptions {
+			c.AbortWithStatus(http.StatusNoContent)
+			return
+		}
+		c.Next()
+	}
+}
diff --git a/internal/middleware/logger.go b/internal/middleware/logger.go
new file mode 100644
index 00000000..389a887f
--- /dev/null
+++ b/internal/middleware/logger.go
@@ -0,0 +1,59 @@
+package middleware
+
+import (
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// AccessLog 打印每一次 HTTP 访问的结构化日志。
+func AccessLog() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		start := time.Now()
+		c.Next()
+		cost := time.Since(start)
+
+		log := logger.L()
+		fields := []zap.Field{
+			zap.String("method", c.Request.Method),
+			zap.String("path", c.Request.URL.Path),
+			zap.String("query", c.Request.URL.RawQuery),
+			zap.Int("status", c.Writer.Status()),
+			zap.Duration("cost", cost),
+			zap.String("ip", c.ClientIP()),
+			zap.String("ua", c.Request.UserAgent()),
+			zap.String("request_id", getString(c, "request_id")),
+		}
+		if uid, ok := c.Get("user_id"); ok {
+			fields = append(fields, zap.Any("user_id", uid))
+		}
+		if kid, ok := c.Get("key_id"); ok {
+			fields = append(fields, zap.Any("key_id", kid))
+		}
+		if errs := c.Errors.ByType(gin.ErrorTypePrivate).String(); errs != "" {
+			fields = append(fields, zap.String("err", errs))
+		}
+
+		status := c.Writer.Status()
+		switch {
+		case status >= 500:
+			log.Error("http", fields...)
+		case status >= 400:
+			log.Warn("http", fields...)
+		default:
+			log.Info("http", fields...)
+		}
+	}
+}
+
+func getString(c *gin.Context, key string) string {
+	if v, ok := c.Get(key); ok {
+		if s, ok := v.(string); ok {
+			return s
+		}
+	}
+	return ""
+}
diff --git a/internal/middleware/recover.go b/internal/middleware/recover.go
new file mode 100644
index 00000000..da6e0ad9
--- /dev/null
+++ b/internal/middleware/recover.go
@@ -0,0 +1,29 @@
+package middleware
+
+import (
+	"runtime/debug"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/pkg/logger"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// Recover 捕获 panic,写入日志并返回 500。
+func Recover() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		defer func() {
+			if r := recover(); r != nil {
+				logger.L().Error("panic recovered",
+					zap.Any("err", r),
+					zap.ByteString("stack", debug.Stack()),
+					zap.String("path", c.Request.URL.Path),
+					zap.String("request_id", getString(c, "request_id")),
+				)
+				resp.Internal(c, "internal server error")
+			}
+		}()
+		c.Next()
+	}
+}
diff --git a/internal/middleware/request_id.go b/internal/middleware/request_id.go
new file mode 100644
index 00000000..cff0bd5e
--- /dev/null
+++ b/internal/middleware/request_id.go
@@ -0,0 +1,21 @@
+package middleware
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+const HeaderRequestID = "X-Request-Id"
+
+// RequestID 为每个请求生成/透传 request_id,写入 context 和响应头。
+func RequestID() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		rid := c.GetHeader(HeaderRequestID)
+		if rid == "" {
+			rid = uuid.NewString()
+		}
+		c.Set("request_id", rid)
+		c.Writer.Header().Set(HeaderRequestID, rid)
+		c.Next()
+	}
+}
diff --git a/internal/model/admin_handler.go b/internal/model/admin_handler.go
new file mode 100644
index 00000000..72e85719
--- /dev/null
+++ b/internal/model/admin_handler.go
@@ -0,0 +1,265 @@
+package model
+
+import (
+	"errors"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	mysqlDrv "github.com/go-sql-driver/mysql"
+
+	"github.com/432539/gpt2api/internal/audit"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// slug 正则:字母开头,可含字母/数字/点/短横/下划线,2~64 位。
+var slugRe = regexp.MustCompile(`^[A-Za-z][A-Za-z0-9._\-]{1,63}$`)
+
+// AdminHandler 管理员视角的模型 CRUD。
+// 写路径:成功后刷 Registry + 落审计。
+type AdminHandler struct {
+	dao      *DAO
+	registry *Registry
+	auditDAO *audit.DAO
+}
+
+// NewAdminHandler registry 与 auditDAO 可为 nil(不做缓存刷新/审计)。
+func NewAdminHandler(dao *DAO, registry *Registry, auditDAO *audit.DAO) *AdminHandler {
+	return &AdminHandler{dao: dao, registry: registry, auditDAO: auditDAO}
+}
+
+// ---- 请求体 ----
+
+// upsertReq 创建 / 更新共用的入参。Slug 在更新时会被忽略。
+type upsertReq struct {
+	Slug                string `json:"slug"`
+	Type                string `json:"type"`
+	UpstreamModelSlug   string `json:"upstream_model_slug"`
+	InputPricePer1M     int64  `json:"input_price_per_1m"`
+	OutputPricePer1M    int64  `json:"output_price_per_1m"`
+	CacheReadPricePer1M int64  `json:"cache_read_price_per_1m"`
+	ImagePricePerCall   int64  `json:"image_price_per_call"`
+	Description         string `json:"description"`
+	Enabled             *bool  `json:"enabled,omitempty"`
+}
+
+func (r *upsertReq) validate(forCreate bool) error {
+	r.Slug = strings.TrimSpace(r.Slug)
+	r.UpstreamModelSlug = strings.TrimSpace(r.UpstreamModelSlug)
+	r.Type = strings.TrimSpace(strings.ToLower(r.Type))
+
+	if forCreate {
+		if !slugRe.MatchString(r.Slug) {
+			return errors.New("slug 非法:需字母开头,2-64 位字母/数字/点/下划线/短横")
+		}
+	}
+	if r.Type != TypeChat && r.Type != TypeImage {
+		return errors.New("type 只能为 chat 或 image")
+	}
+	if r.UpstreamModelSlug == "" {
+		return errors.New("upstream_model_slug 不能为空")
+	}
+	for _, v := range []int64{
+		r.InputPricePer1M, r.OutputPricePer1M,
+		r.CacheReadPricePer1M, r.ImagePricePerCall,
+	} {
+		if v < 0 {
+			return errors.New("价格不能为负数")
+		}
+	}
+	if r.Type == TypeChat && r.InputPricePer1M == 0 && r.OutputPricePer1M == 0 {
+		return errors.New("chat 模型至少配置 input 或 output 价格")
+	}
+	if r.Type == TypeImage && r.ImagePricePerCall == 0 {
+		return errors.New("image 模型需要配置 image_price_per_call")
+	}
+	if len(r.Description) > 255 {
+		return errors.New("description 超过 255 字")
+	}
+	return nil
+}
+
+// GET /api/admin/models
+// 返回所有(含禁用)模型定义。
+func (h *AdminHandler) List(c *gin.Context) {
+	rows, err := h.dao.List(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"items": rows, "total": len(rows)})
+}
+
+// POST /api/admin/models
+func (h *AdminHandler) Create(c *gin.Context) {
+	var req upsertReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	if err := req.validate(true); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	enabled := true
+	if req.Enabled != nil {
+		enabled = *req.Enabled
+	}
+	m := &Model{
+		Slug: req.Slug, Type: req.Type,
+		UpstreamModelSlug:   req.UpstreamModelSlug,
+		InputPricePer1M:     req.InputPricePer1M,
+		OutputPricePer1M:    req.OutputPricePer1M,
+		CacheReadPricePer1M: req.CacheReadPricePer1M,
+		ImagePricePerCall:   req.ImagePricePerCall,
+		Description:         req.Description,
+		Enabled:             enabled,
+	}
+	if err := h.dao.Create(c.Request.Context(), m); err != nil {
+		if isDupSlug(err) {
+			resp.BadRequest(c, "slug 已存在")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	h.reloadRegistry(c)
+	audit.Record(c, h.auditDAO, "models.create", strconv.FormatUint(m.ID, 10), gin.H{
+		"slug": m.Slug, "type": m.Type,
+	})
+	resp.OK(c, m)
+}
+
+// PUT /api/admin/models/:id
+func (h *AdminHandler) Update(c *gin.Context) {
+	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err != nil || id == 0 {
+		resp.BadRequest(c, "invalid id")
+		return
+	}
+	var req upsertReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	if err := req.validate(false); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	cur, err := h.dao.GetByID(c.Request.Context(), id)
+	if err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "model not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	cur.Type = req.Type
+	cur.UpstreamModelSlug = req.UpstreamModelSlug
+	cur.InputPricePer1M = req.InputPricePer1M
+	cur.OutputPricePer1M = req.OutputPricePer1M
+	cur.CacheReadPricePer1M = req.CacheReadPricePer1M
+	cur.ImagePricePerCall = req.ImagePricePerCall
+	cur.Description = req.Description
+	if req.Enabled != nil {
+		cur.Enabled = *req.Enabled
+	}
+	if err := h.dao.Update(c.Request.Context(), cur); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	h.reloadRegistry(c)
+	audit.Record(c, h.auditDAO, "models.update", strconv.FormatUint(id, 10), gin.H{
+		"slug": cur.Slug,
+	})
+	resp.OK(c, cur)
+}
+
+// PATCH /api/admin/models/:id/enabled  body: {"enabled":true|false}
+func (h *AdminHandler) SetEnabled(c *gin.Context) {
+	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err != nil || id == 0 {
+		resp.BadRequest(c, "invalid id")
+		return
+	}
+	var body struct {
+		Enabled bool `json:"enabled"`
+	}
+	if err := c.ShouldBindJSON(&body); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	if err := h.dao.SetEnabled(c.Request.Context(), id, body.Enabled); err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "model not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	h.reloadRegistry(c)
+	audit.Record(c, h.auditDAO, "models.set_enabled", strconv.FormatUint(id, 10), gin.H{
+		"enabled": body.Enabled,
+	})
+	resp.OK(c, gin.H{"id": id, "enabled": body.Enabled})
+}
+
+// DELETE /api/admin/models/:id
+func (h *AdminHandler) Delete(c *gin.Context) {
+	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err != nil || id == 0 {
+		resp.BadRequest(c, "invalid id")
+		return
+	}
+	if err := h.dao.SoftDelete(c.Request.Context(), id); err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "model not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	h.reloadRegistry(c)
+	audit.Record(c, h.auditDAO, "models.delete", strconv.FormatUint(id, 10), nil)
+	resp.OK(c, gin.H{"deleted": id})
+}
+
+// GET /api/me/models
+// 普通用户视角,只返回 enabled 模型,用于「生成面板」下拉选择。
+func (h *AdminHandler) ListEnabledForMe(c *gin.Context) {
+	rows, err := h.dao.ListEnabled(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	type simple struct {
+		ID          uint64 `json:"id"`
+		Slug        string `json:"slug"`
+		Type        string `json:"type"`
+		Description string `json:"description"`
+	}
+	out := make([]simple, 0, len(rows))
+	for _, m := range rows {
+		out = append(out, simple{
+			ID: m.ID, Slug: m.Slug, Type: m.Type, Description: m.Description,
+		})
+	}
+	resp.OK(c, gin.H{"items": out, "total": len(out)})
+}
+
+// ---- 内部 ----
+
+func (h *AdminHandler) reloadRegistry(c *gin.Context) {
+	if h.registry == nil {
+		return
+	}
+	_ = h.registry.Reload(c.Request.Context())
+}
+
+// isDupSlug 判定 MySQL 1062 Duplicate entry。
+func isDupSlug(err error) bool {
+	var me *mysqlDrv.MySQLError
+	return errors.As(err, &me) && me.Number == 1062
+}
diff --git a/internal/model/dao.go b/internal/model/dao.go
new file mode 100644
index 00000000..bebf83a8
--- /dev/null
+++ b/internal/model/dao.go
@@ -0,0 +1,139 @@
+package model
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+
+	"github.com/jmoiron/sqlx"
+)
+
+var ErrNotFound = errors.New("model: not found")
+
+type DAO struct{ db *sqlx.DB }
+
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+func (d *DAO) GetBySlug(ctx context.Context, slug string) (*Model, error) {
+	var m Model
+	err := d.db.GetContext(ctx, &m,
+		`SELECT * FROM models WHERE slug = ? AND deleted_at IS NULL`, slug)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &m, err
+}
+
+func (d *DAO) ListEnabled(ctx context.Context) ([]*Model, error) {
+	rows := make([]*Model, 0, 16)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM models WHERE enabled = 1 AND deleted_at IS NULL ORDER BY id ASC`)
+	return rows, err
+}
+
+func (d *DAO) List(ctx context.Context) ([]*Model, error) {
+	rows := make([]*Model, 0, 16)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM models WHERE deleted_at IS NULL ORDER BY id ASC`)
+	return rows, err
+}
+
+// GetByID 按主键查。
+func (d *DAO) GetByID(ctx context.Context, id uint64) (*Model, error) {
+	var m Model
+	err := d.db.GetContext(ctx, &m,
+		`SELECT * FROM models WHERE id = ? AND deleted_at IS NULL`, id)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &m, err
+}
+
+// Create 插入一条新模型。slug 唯一冲突由上层判断(返回 MySQL 1062)。
+func (d *DAO) Create(ctx context.Context, m *Model) error {
+	res, err := d.db.ExecContext(ctx, `
+INSERT INTO models
+  (slug, type, upstream_model_slug, input_price_per_1m, output_price_per_1m,
+   cache_read_price_per_1m, image_price_per_call, description, enabled)
+VALUES (?,?,?,?,?,?,?,?,?)`,
+		m.Slug, m.Type, m.UpstreamModelSlug,
+		m.InputPricePer1M, m.OutputPricePer1M, m.CacheReadPricePer1M,
+		m.ImagePricePerCall, m.Description, m.Enabled,
+	)
+	if err != nil {
+		return err
+	}
+	id, _ := res.LastInsertId()
+	m.ID = uint64(id)
+	return nil
+}
+
+// Update 按 id 全量更新(不改 slug;改 slug 走单独接口更安全)。
+func (d *DAO) Update(ctx context.Context, m *Model) error {
+	res, err := d.db.ExecContext(ctx, `
+UPDATE models SET
+  type = ?, upstream_model_slug = ?,
+  input_price_per_1m = ?, output_price_per_1m = ?,
+  cache_read_price_per_1m = ?, image_price_per_call = ?,
+  description = ?, enabled = ?
+WHERE id = ? AND deleted_at IS NULL`,
+		m.Type, m.UpstreamModelSlug,
+		m.InputPricePer1M, m.OutputPricePer1M, m.CacheReadPricePer1M,
+		m.ImagePricePerCall, m.Description, m.Enabled,
+		m.ID,
+	)
+	if err != nil {
+		return err
+	}
+	n, _ := res.RowsAffected()
+	if n == 0 {
+		return ErrNotFound
+	}
+	return nil
+}
+
+// SetEnabled 开关。
+func (d *DAO) SetEnabled(ctx context.Context, id uint64, enabled bool) error {
+	res, err := d.db.ExecContext(ctx,
+		`UPDATE models SET enabled = ? WHERE id = ? AND deleted_at IS NULL`,
+		enabled, id)
+	if err != nil {
+		return err
+	}
+	n, _ := res.RowsAffected()
+	if n == 0 {
+		return ErrNotFound
+	}
+	return nil
+}
+
+// SoftDelete 软删除:打 deleted_at,释放 slug 供后续复用。
+// 由于 uk_slug 是 UNIQUE,复用 slug 需要把已删除行的 slug 改名。
+func (d *DAO) SoftDelete(ctx context.Context, id uint64) error {
+	res, err := d.db.ExecContext(ctx, `
+UPDATE models
+   SET deleted_at = NOW(),
+       enabled    = 0,
+       slug       = CONCAT(slug, '#del', id)
+ WHERE id = ? AND deleted_at IS NULL`, id)
+	if err != nil {
+		return err
+	}
+	n, _ := res.RowsAffected()
+	if n == 0 {
+		return ErrNotFound
+	}
+	return nil
+}
+
+// GroupRatio 返回指定 model + group 的有效倍率(没有覆盖则返回 1.0)。
+func (d *DAO) GroupRatio(ctx context.Context, modelID, groupID uint64) (float64, error) {
+	var r float64
+	err := d.db.GetContext(ctx, &r,
+		`SELECT ratio FROM billing_ratios WHERE model_id = ? AND group_id = ?`,
+		modelID, groupID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return 1.0, nil
+	}
+	return r, err
+}
diff --git a/internal/model/model.go b/internal/model/model.go
new file mode 100644
index 00000000..20286065
--- /dev/null
+++ b/internal/model/model.go
@@ -0,0 +1,29 @@
+package model
+
+import (
+	"database/sql"
+	"time"
+)
+
+// 模型类型。
+const (
+	TypeChat  = "chat"
+	TypeImage = "image"
+)
+
+// Model 对应 models 表。
+type Model struct {
+	ID                    uint64       `db:"id" json:"id"`
+	Slug                  string       `db:"slug" json:"slug"`
+	Type                  string       `db:"type" json:"type"`
+	UpstreamModelSlug     string       `db:"upstream_model_slug" json:"upstream_model_slug"`
+	InputPricePer1M       int64        `db:"input_price_per_1m" json:"input_price_per_1m"`
+	OutputPricePer1M      int64        `db:"output_price_per_1m" json:"output_price_per_1m"`
+	CacheReadPricePer1M   int64        `db:"cache_read_price_per_1m" json:"cache_read_price_per_1m"`
+	ImagePricePerCall     int64        `db:"image_price_per_call" json:"image_price_per_call"`
+	Description           string       `db:"description" json:"description"`
+	Enabled               bool         `db:"enabled" json:"enabled"`
+	CreatedAt             time.Time    `db:"created_at" json:"created_at"`
+	UpdatedAt             time.Time    `db:"updated_at" json:"updated_at"`
+	DeletedAt             sql.NullTime `db:"deleted_at" json:"-"`
+}
diff --git a/internal/model/registry.go b/internal/model/registry.go
new file mode 100644
index 00000000..ae6f0825
--- /dev/null
+++ b/internal/model/registry.go
@@ -0,0 +1,95 @@
+package model
+
+import (
+	"context"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+// Registry 模型配置的进程内缓存,TTL=30s。
+// 热点路径:API Key 校验/计费都会查模型,绝不能每次打 DB。
+type Registry struct {
+	dao *DAO
+
+	mu      sync.RWMutex
+	bySlug  map[string]*Model
+	loadedAt time.Time
+	ttl      time.Duration
+
+	refreshing atomic.Bool
+}
+
+func NewRegistry(dao *DAO) *Registry {
+	return &Registry{dao: dao, bySlug: map[string]*Model{}, ttl: 30 * time.Second}
+}
+
+// Preload 启动时预热。
+func (r *Registry) Preload(ctx context.Context) error {
+	return r.refresh(ctx)
+}
+
+// Reload 外部触发强制刷新(管理端写后调用,保证下一次请求立刻看到新数据)。
+func (r *Registry) Reload(ctx context.Context) error {
+	return r.refresh(ctx)
+}
+
+func (r *Registry) refresh(ctx context.Context) error {
+	list, err := r.dao.List(ctx)
+	if err != nil {
+		return err
+	}
+	m := make(map[string]*Model, len(list))
+	for _, v := range list {
+		m[v.Slug] = v
+	}
+	r.mu.Lock()
+	r.bySlug = m
+	r.loadedAt = time.Now()
+	r.mu.Unlock()
+	return nil
+}
+
+// BySlug 返回 slug 对应模型。命中缓存则 O(1),过期则异步刷新。
+func (r *Registry) BySlug(ctx context.Context, slug string) (*Model, error) {
+	r.mu.RLock()
+	m, ok := r.bySlug[slug]
+	expired := time.Since(r.loadedAt) > r.ttl
+	r.mu.RUnlock()
+
+	if ok && !expired {
+		return m, nil
+	}
+	if expired && r.refreshing.CompareAndSwap(false, true) {
+		go func() {
+			defer r.refreshing.Store(false)
+			_ = r.refresh(context.Background())
+		}()
+	}
+	if ok {
+		return m, nil
+	}
+	return r.dao.GetBySlug(ctx, slug)
+}
+
+// List 返回所有模型(直接查 DB,管理端用)。
+func (r *Registry) List(ctx context.Context) ([]*Model, error) {
+	return r.dao.List(ctx)
+}
+
+// ListEnabled 返回已启用模型(/v1/models 用)。
+func (r *Registry) ListEnabled(ctx context.Context) ([]*Model, error) {
+	r.mu.RLock()
+	expired := time.Since(r.loadedAt) > r.ttl
+	cached := make([]*Model, 0, len(r.bySlug))
+	for _, v := range r.bySlug {
+		if v.Enabled && !v.DeletedAt.Valid {
+			cached = append(cached, v)
+		}
+	}
+	r.mu.RUnlock()
+	if !expired && len(cached) > 0 {
+		return cached, nil
+	}
+	return r.dao.ListEnabled(ctx)
+}
diff --git a/internal/proxy/dao.go b/internal/proxy/dao.go
new file mode 100644
index 00000000..e8a3f169
--- /dev/null
+++ b/internal/proxy/dao.go
@@ -0,0 +1,100 @@
+package proxy
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+)
+
+var ErrNotFound = errors.New("proxy: not found")
+
+type DAO struct{ db *sqlx.DB }
+
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+func (d *DAO) Create(ctx context.Context, p *Proxy) (uint64, error) {
+	res, err := d.db.ExecContext(ctx,
+		`INSERT INTO proxies (scheme, host, port, username, password_enc, country, isp, health_score, enabled, remark)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		p.Scheme, p.Host, p.Port, p.Username, p.PasswordEnc,
+		p.Country, p.ISP, p.HealthScore, p.Enabled, p.Remark,
+	)
+	if err != nil {
+		return 0, err
+	}
+	id, _ := res.LastInsertId()
+	return uint64(id), nil
+}
+
+func (d *DAO) GetByID(ctx context.Context, id uint64) (*Proxy, error) {
+	var p Proxy
+	err := d.db.GetContext(ctx, &p,
+		`SELECT * FROM proxies WHERE id = ? AND deleted_at IS NULL`, id)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &p, err
+}
+
+func (d *DAO) List(ctx context.Context, offset, limit int) ([]*Proxy, int64, error) {
+	var total int64
+	if err := d.db.GetContext(ctx, &total,
+		`SELECT COUNT(*) FROM proxies WHERE deleted_at IS NULL`); err != nil {
+		return nil, 0, err
+	}
+	rows := make([]*Proxy, 0, limit)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM proxies WHERE deleted_at IS NULL ORDER BY id DESC LIMIT ? OFFSET ?`,
+		limit, offset)
+	return rows, total, err
+}
+
+// ListAllEnabled 返回所有启用且未删除的代理,用于后台健康探测。
+func (d *DAO) ListAllEnabled(ctx context.Context) ([]*Proxy, error) {
+	rows := make([]*Proxy, 0, 64)
+	err := d.db.SelectContext(ctx, &rows,
+		`SELECT * FROM proxies WHERE deleted_at IS NULL AND enabled = 1 ORDER BY id ASC`)
+	return rows, err
+}
+
+func (d *DAO) Update(ctx context.Context, p *Proxy) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE proxies
+         SET scheme=?, host=?, port=?, username=?, password_enc=?, country=?, isp=?,
+             enabled=?, remark=?
+         WHERE id = ? AND deleted_at IS NULL`,
+		p.Scheme, p.Host, p.Port, p.Username, p.PasswordEnc, p.Country, p.ISP,
+		p.Enabled, p.Remark, p.ID,
+	)
+	return err
+}
+
+func (d *DAO) SoftDelete(ctx context.Context, id uint64) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE proxies SET deleted_at = ? WHERE id = ?`, time.Now(), id)
+	return err
+}
+
+// FindByEndpoint 按 scheme+host+port+username 精确查存活记录,用于批量导入去重。
+func (d *DAO) FindByEndpoint(ctx context.Context, scheme, host string, port int, username string) (*Proxy, error) {
+	var p Proxy
+	err := d.db.GetContext(ctx, &p, `
+SELECT * FROM proxies
+ WHERE scheme = ? AND host = ? AND port = ? AND username = ?
+   AND deleted_at IS NULL
+ LIMIT 1`, scheme, host, port, username)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &p, err
+}
+
+func (d *DAO) UpdateHealth(ctx context.Context, id uint64, score int, lastErr string) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE proxies SET health_score=?, last_probe_at=?, last_error=? WHERE id=?`,
+		score, time.Now(), lastErr, id)
+	return err
+}
diff --git a/internal/proxy/handler.go b/internal/proxy/handler.go
new file mode 100644
index 00000000..ebd3a01c
--- /dev/null
+++ b/internal/proxy/handler.go
@@ -0,0 +1,201 @@
+package proxy
+
+import (
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+type Handler struct {
+	svc    *Service
+	prober *Prober
+}
+
+func NewHandler(s *Service) *Handler { return &Handler{svc: s} }
+
+// SetProber 在 Prober 初始化完成后注入(避免循环依赖)。未设置时探测接口返回 503。
+func (h *Handler) SetProber(p *Prober) { h.prober = p }
+
+// POST /api/admin/proxies
+func (h *Handler) Create(c *gin.Context) {
+	var req CreateInput
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	p, err := h.svc.Create(c.Request.Context(), req)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, p)
+}
+
+// GET /api/admin/proxies
+func (h *Handler) List(c *gin.Context) {
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	if page < 1 {
+		page = 1
+	}
+	size, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	if size < 1 || size > 100 {
+		size = 20
+	}
+	list, total, err := h.svc.List(c.Request.Context(), (page-1)*size, size)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"list": list, "total": total, "page": page, "page_size": size})
+}
+
+// GET /api/admin/proxies/:id
+func (h *Handler) Get(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	p, err := h.svc.Get(c.Request.Context(), id)
+	if err != nil {
+		resp.NotFound(c, err.Error())
+		return
+	}
+	resp.OK(c, p)
+}
+
+// PATCH /api/admin/proxies/:id
+func (h *Handler) Update(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	var req UpdateInput
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	p, err := h.svc.Update(c.Request.Context(), id, req)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, p)
+}
+
+// POST /api/admin/proxies/import
+// Body: { text, enabled, country, isp, remark, overwrite }
+// 支持每行一个 proxy URL,详见 service.parseProxyLine 的注释。
+func (h *Handler) Import(c *gin.Context) {
+	var req struct {
+		Text      string `json:"text"`
+		Enabled   *bool  `json:"enabled,omitempty"`
+		Country   string `json:"country"`
+		ISP       string `json:"isp"`
+		Remark    string `json:"remark"`
+		Overwrite bool   `json:"overwrite"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	if len(req.Text) == 0 {
+		resp.BadRequest(c, "请至少粘贴一行代理 URL")
+		return
+	}
+	if len(req.Text) > 256*1024 {
+		resp.BadRequest(c, "导入内容过大(最多 256KB)")
+		return
+	}
+	enabled := true
+	if req.Enabled != nil {
+		enabled = *req.Enabled
+	}
+	results, err := h.svc.ImportBatch(c.Request.Context(), req.Text, ImportDefaults{
+		Enabled: enabled, Country: req.Country, ISP: req.ISP,
+		Remark: req.Remark, Overwrite: req.Overwrite,
+	})
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	// 统计
+	var created, updated, skipped, invalid int
+	for _, r := range results {
+		switch r.Status {
+		case "created":
+			created++
+		case "updated":
+			updated++
+		case "skipped":
+			skipped++
+		case "invalid":
+			invalid++
+		}
+	}
+	resp.OK(c, gin.H{
+		"items":    results,
+		"created":  created,
+		"updated":  updated,
+		"skipped":  skipped,
+		"invalid":  invalid,
+		"total":    len(results),
+	})
+}
+
+// POST /api/admin/proxies/:id/probe
+// 同步探测单条代理,返回 { ok, latency_ms, error, tried_at, health_score }。
+func (h *Handler) Probe(c *gin.Context) {
+	if h.prober == nil {
+		resp.BadRequest(c, "代理探测器未初始化")
+		return
+	}
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	res, err := h.prober.ProbeByID(c.Request.Context(), id)
+	if err != nil {
+		resp.NotFound(c, err.Error())
+		return
+	}
+	// 读回最新的 proxy 以返回更新后的 health_score
+	p, _ := h.svc.Get(c.Request.Context(), id)
+	resp.OK(c, gin.H{
+		"ok":           res.OK,
+		"latency_ms":   res.LatencyMs,
+		"error":        res.Error,
+		"tried_at":     res.TriedAt,
+		"health_score": func() int { if p != nil { return p.HealthScore }; return 0 }(),
+	})
+}
+
+// POST /api/admin/proxies/probe-all
+// 同步探测所有启用的代理,返回完整结果数组(含统计)。
+func (h *Handler) ProbeAll(c *gin.Context) {
+	if h.prober == nil {
+		resp.BadRequest(c, "代理探测器未初始化")
+		return
+	}
+	results, err := h.prober.ProbeAll(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	ok, bad := 0, 0
+	for _, r := range results {
+		if r.OK {
+			ok++
+		} else {
+			bad++
+		}
+	}
+	resp.OK(c, gin.H{
+		"total":   len(results),
+		"ok":      ok,
+		"bad":     bad,
+		"items":   results,
+	})
+}
+
+// DELETE /api/admin/proxies/:id
+func (h *Handler) Delete(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err := h.svc.Delete(c.Request.Context(), id); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"deleted": id})
+}
diff --git a/internal/proxy/model.go b/internal/proxy/model.go
new file mode 100644
index 00000000..ef7b0de4
--- /dev/null
+++ b/internal/proxy/model.go
@@ -0,0 +1,65 @@
+package proxy
+
+import (
+	"database/sql"
+	"time"
+)
+
+// Proxy 对应 proxies 表。
+// password 在表里是加密存储的(AES-256-GCM),这里只暴露密文字段,
+// 取明文时通过 Service.Decrypt。
+type Proxy struct {
+	ID           uint64       `db:"id" json:"id"`
+	Scheme       string       `db:"scheme" json:"scheme"`
+	Host         string       `db:"host" json:"host"`
+	Port         int          `db:"port" json:"port"`
+	Username     string       `db:"username" json:"username"`
+	PasswordEnc  string       `db:"password_enc" json:"-"`
+	Country      string       `db:"country" json:"country"`
+	ISP          string       `db:"isp" json:"isp"`
+	HealthScore  int          `db:"health_score" json:"health_score"`
+	LastProbeAt  sql.NullTime `db:"last_probe_at" json:"last_probe_at,omitempty"`
+	LastError    string       `db:"last_error" json:"last_error,omitempty"`
+	Enabled      bool         `db:"enabled" json:"enabled"`
+	Remark       string       `db:"remark" json:"remark"`
+	CreatedAt    time.Time    `db:"created_at" json:"created_at"`
+	UpdatedAt    time.Time    `db:"updated_at" json:"updated_at"`
+	DeletedAt    sql.NullTime `db:"deleted_at" json:"-"`
+}
+
+// URL 返回代理 URL(解密后由 Service 组装)。
+func (p *Proxy) URLWithPassword(password string) string {
+	if p.Username == "" {
+		return p.Scheme + "://" + host(p.Host, p.Port)
+	}
+	if password == "" {
+		return p.Scheme + "://" + p.Username + "@" + host(p.Host, p.Port)
+	}
+	return p.Scheme + "://" + p.Username + ":" + password + "@" + host(p.Host, p.Port)
+}
+
+func host(h string, port int) string {
+	return h + ":" + itoa(port)
+}
+
+func itoa(i int) string {
+	if i == 0 {
+		return "0"
+	}
+	neg := i < 0
+	if neg {
+		i = -i
+	}
+	var buf [20]byte
+	bp := len(buf)
+	for i > 0 {
+		bp--
+		buf[bp] = byte('0' + i%10)
+		i /= 10
+	}
+	if neg {
+		bp--
+		buf[bp] = '-'
+	}
+	return string(buf[bp:])
+}
diff --git a/internal/proxy/prober.go b/internal/proxy/prober.go
new file mode 100644
index 00000000..1b8f4fdb
--- /dev/null
+++ b/internal/proxy/prober.go
@@ -0,0 +1,432 @@
+package proxy
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+	"sync"
+	"time"
+
+	"go.uber.org/zap"
+)
+
+// defaultProbeTargets 是用户 `proxy.probe_target_url` 留空时后台轮询的**候选链**。
+//
+// 设计目标:
+//   - 三个**不同厂商**的轻量接口,被同一条代理同时 Block 的概率极低
+//   - 响应体都 < 1 KB,走 2xx/3xx(非 204 也接受,见 probe 里 status 判断)
+//   - HTTPS / HTTP 混合,避免遇到 TLS MITM / 明文被劫持都能暴露其中一类问题
+//   - 任意 1 个通过即判代理可用,全部失败才标失败 → 根治"gstatic 被 ISP/代理屏蔽就误判代理挂掉"
+//
+// 顺序有讲究:响应小且稳定的放前面,拿到 200 就短路。
+var defaultProbeTargets = []string{
+	"https://api.ipify.org/?format=json",
+	"https://www.cloudflare.com/cdn-cgi/trace",
+	"http://httpbin.org/ip",
+}
+
+// ProbeSettings 探测器配置提供者(从 settings.Service 注入)。
+// 所有字段都支持热更新:循环每轮结束都会重新读取。
+type ProbeSettings interface {
+	ProbeEnabled() bool
+	ProbeIntervalSec() int // 两轮探测之间的间隔(秒);<= 0 视为关闭
+	ProbeTimeoutSec() int  // 单次探测超时(秒)
+	ProbeTargetURL() string
+	ProbeConcurrency() int // 并发 worker 数;<=0 默认 8
+}
+
+// ProbeResult 单次探测结果。
+type ProbeResult struct {
+	ProxyID   uint64        `json:"proxy_id"`
+	OK        bool          `json:"ok"`
+	LatencyMs int           `json:"latency_ms"`
+	Error     string        `json:"error,omitempty"`
+	TriedAt   time.Time     `json:"tried_at"`
+	Duration  time.Duration `json:"-"`
+}
+
+// Prober 周期性对启用的代理发起连通性探测,刷新 health_score/last_probe_at/last_error。
+//
+// 评分策略:
+//   - 成功  → score = min(100, score + 10),清空 last_error
+//   - 失败  → score = max(0,   score - 20),记录简短 error
+type Prober struct {
+	svc      *Service
+	settings ProbeSettings
+	log      *zap.Logger
+
+	// 手动触发通道:发送 <id> 探测单个(0 表示全部)
+	kickCh chan uint64
+}
+
+func NewProber(svc *Service, settings ProbeSettings, log *zap.Logger) *Prober {
+	return &Prober{
+		svc:      svc,
+		settings: settings,
+		log:      log,
+		kickCh:   make(chan uint64, 32),
+	}
+}
+
+// Run 后台循环探测,受 ctx 控制。建议作为独立 goroutine 启动。
+func (p *Prober) Run(ctx context.Context) {
+	// 启动后先睡 5 秒,避开启动峰值。
+	select {
+	case <-ctx.Done():
+		return
+	case <-time.After(5 * time.Second):
+	}
+
+	for {
+		interval := time.Duration(p.settings.ProbeIntervalSec()) * time.Second
+		if !p.settings.ProbeEnabled() || interval <= 0 {
+			// 关闭状态下也要相应 kick 和 ctx,用小节拍轮询配置。
+			select {
+			case <-ctx.Done():
+				return
+			case id := <-p.kickCh:
+				p.runOnce(ctx, id)
+			case <-time.After(30 * time.Second):
+			}
+			continue
+		}
+
+		p.runOnce(ctx, 0)
+
+		select {
+		case <-ctx.Done():
+			return
+		case id := <-p.kickCh:
+			p.runOnce(ctx, id)
+		case <-time.After(interval):
+		}
+	}
+}
+
+// Kick 触发一次立即探测。id=0 表示全部启用的代理;否则只探一条。
+// 非阻塞(通道满时直接丢弃,避免调用者卡住)。
+func (p *Prober) Kick(id uint64) {
+	select {
+	case p.kickCh <- id:
+	default:
+	}
+}
+
+// ProbeOne 对单条代理做一次同步探测(不写库)。对外暴露用于手动测试。
+func (p *Prober) ProbeOne(ctx context.Context, pr *Proxy) ProbeResult {
+	return p.probe(ctx, pr)
+}
+
+// ProbeByID 手动触发单条探测并写库,返回结果。
+func (p *Prober) ProbeByID(ctx context.Context, id uint64) (ProbeResult, error) {
+	pr, err := p.svc.Get(ctx, id)
+	if err != nil {
+		return ProbeResult{}, err
+	}
+	res := p.probe(ctx, pr)
+	p.applyResult(ctx, pr, res)
+	return res, nil
+}
+
+// ProbeAll 手动触发对所有启用代理的并发探测并写库,返回结果列表。
+func (p *Prober) ProbeAll(ctx context.Context) ([]ProbeResult, error) {
+	list, err := p.svc.dao.ListAllEnabled(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return p.probeBatch(ctx, list), nil
+}
+
+// ---------- 内部实现 ----------
+
+func (p *Prober) runOnce(ctx context.Context, only uint64) {
+	var list []*Proxy
+	var err error
+	if only == 0 {
+		list, err = p.svc.dao.ListAllEnabled(ctx)
+	} else {
+		pr, gerr := p.svc.Get(ctx, only)
+		if gerr == nil {
+			list = []*Proxy{pr}
+		}
+		err = gerr
+	}
+	if err != nil {
+		p.log.Warn("prober: list failed", zap.Error(err))
+		return
+	}
+	if len(list) == 0 {
+		return
+	}
+	results := p.probeBatch(ctx, list)
+	ok, bad := 0, 0
+	for _, r := range results {
+		if r.OK {
+			ok++
+		} else {
+			bad++
+		}
+	}
+	p.log.Info("prober: round finished",
+		zap.Int("total", len(results)), zap.Int("ok", ok), zap.Int("bad", bad))
+}
+
+func (p *Prober) probeBatch(ctx context.Context, list []*Proxy) []ProbeResult {
+	conc := p.settings.ProbeConcurrency()
+	if conc <= 0 {
+		conc = 8
+	}
+	if conc > len(list) {
+		conc = len(list)
+	}
+
+	results := make([]ProbeResult, len(list))
+	sem := make(chan struct{}, conc)
+	var wg sync.WaitGroup
+
+	for i, pr := range list {
+		wg.Add(1)
+		sem <- struct{}{}
+		go func(i int, pr *Proxy) {
+			defer wg.Done()
+			defer func() { <-sem }()
+			r := p.probe(ctx, pr)
+			p.applyResult(ctx, pr, r)
+			results[i] = r
+		}(i, pr)
+	}
+	wg.Wait()
+	return results
+}
+
+// probe 做一次真实 HTTP(S) 请求。只组装结果,不写库。
+//
+// 目标选择:
+//   - 管理员在「系统设置 → 代理探测目标 URL」配置了非空值 → 只试那一个(遵从运维意图)
+//   - 留空 → 按 defaultProbeTargets 顺序轮询,任意 1 个 2xx/3xx 即判成功,全部失败才算失败
+func (p *Prober) probe(ctx context.Context, pr *Proxy) ProbeResult {
+	out := ProbeResult{ProxyID: pr.ID, TriedAt: time.Now()}
+
+	proxyURL, err := p.svc.BuildURL(pr)
+	if err != nil {
+		out.Error = "密码解密失败:" + err.Error()
+		return out
+	}
+	u, err := url.Parse(proxyURL)
+	if err != nil {
+		out.Error = "代理 URL 格式错误:" + err.Error()
+		return out
+	}
+
+	timeout := time.Duration(p.settings.ProbeTimeoutSec()) * time.Second
+	if timeout <= 0 {
+		timeout = 10 * time.Second
+	}
+
+	targets := p.candidateTargets()
+	var triedErrs []string
+	for _, target := range targets {
+		ok, lat, perr := p.probeOneTarget(ctx, u, target, timeout)
+		if ok {
+			out.OK = true
+			out.LatencyMs = lat
+			out.Duration = time.Duration(lat) * time.Millisecond
+			return out
+		}
+		triedErrs = append(triedErrs,
+			fmt.Sprintf("%s → %s", shortTargetHost(target), shortenErr(perr)))
+	}
+
+	// 所有候选都失败
+	switch len(triedErrs) {
+	case 0:
+		out.Error = "未配置任何探测目标"
+	case 1:
+		// 单目标(用户显式配置)直接透出友好文案,不要加 "1 个候选全部失败" 的啰嗦前缀
+		out.Error = firstErrMsg(triedErrs[0])
+	default:
+		out.Error = fmt.Sprintf("%d 个探测目标均不通(任一通过即判可用);%s",
+			len(triedErrs), strings.Join(triedErrs, "; "))
+	}
+	return out
+}
+
+// candidateTargets 返回本次需要轮询的目标 URL 列表。
+//   - 用户配置了非空 probe_target_url → 尊重配置,只用那一个
+//   - 配置为空 → 走内置候选链 defaultProbeTargets
+func (p *Prober) candidateTargets() []string {
+	if t := strings.TrimSpace(p.settings.ProbeTargetURL()); t != "" {
+		return []string{t}
+	}
+	return defaultProbeTargets
+}
+
+// probeOneTarget 对单个目标 URL 做一次 HTTP GET。
+// 返回:(是否 2xx/3xx, 延迟毫秒, 若失败的底层 error)。
+func (p *Prober) probeOneTarget(ctx context.Context, proxyU *url.URL, target string, timeout time.Duration) (bool, int, error) {
+	transport := &http.Transport{
+		Proxy:                 http.ProxyURL(proxyU),
+		DialContext:           (&net.Dialer{Timeout: timeout}).DialContext,
+		TLSHandshakeTimeout:   timeout,
+		ResponseHeaderTimeout: timeout,
+		ExpectContinueTimeout: 1 * time.Second,
+		DisableKeepAlives:     true,
+	}
+	client := &http.Client{
+		Transport: transport,
+		Timeout:   timeout,
+	}
+
+	reqCtx, cancel := context.WithTimeout(ctx, timeout)
+	defer cancel()
+
+	req, err := http.NewRequestWithContext(reqCtx, http.MethodGet, target, nil)
+	if err != nil {
+		return false, 0, fmt.Errorf("build request: %w", err)
+	}
+	req.Header.Set("User-Agent", "gpt2api-proxy-prober/1.0")
+
+	start := time.Now()
+	resp, err := client.Do(req)
+	lat := int(time.Since(start) / time.Millisecond)
+	if err != nil {
+		return false, lat, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 200 && resp.StatusCode < 400 {
+		return true, lat, nil
+	}
+	return false, lat, fmt.Errorf("目标站返回异常状态码 %d", resp.StatusCode)
+}
+
+// shortTargetHost 给错误摘要用,把 URL 压成 "host" 短字符串。
+func shortTargetHost(target string) string {
+	if u, err := url.Parse(target); err == nil && u.Host != "" {
+		return u.Host
+	}
+	return target
+}
+
+// firstErrMsg 去掉 `host → ` 前缀,把单目标错误回到纯文案形态。
+func firstErrMsg(line string) string {
+	if i := strings.Index(line, " → "); i >= 0 && i+len(" → ") < len(line) {
+		return line[i+len(" → "):]
+	}
+	return line
+}
+
+func (p *Prober) applyResult(ctx context.Context, pr *Proxy, r ProbeResult) {
+	score := pr.HealthScore
+	lastErr := ""
+	if r.OK {
+		score += 10
+		if score > 100 {
+			score = 100
+		}
+	} else {
+		score -= 20
+		if score < 0 {
+			score = 0
+		}
+		lastErr = r.Error
+		if len(lastErr) > 200 {
+			lastErr = lastErr[:200]
+		}
+	}
+	if err := p.svc.dao.UpdateHealth(ctx, pr.ID, score, lastErr); err != nil {
+		p.log.Warn("prober: update health failed",
+			zap.Uint64("proxy_id", pr.ID), zap.Error(err))
+	}
+}
+
+// shortenErr 把网络错误压成一行、对前端友好的中文字符串。
+// 兜底会带上简短的英文原文,便于排障。
+func shortenErr(err error) string {
+	if err == nil {
+		return ""
+	}
+	s := err.Error()
+	low := strings.ToLower(s)
+
+	switch {
+	// 超时 / 主动取消
+	case errors.Is(err, context.DeadlineExceeded),
+		strings.Contains(low, "deadline exceeded"),
+		strings.Contains(low, "i/o timeout"),
+		strings.Contains(low, "timeout awaiting"),
+		strings.Contains(low, "request canceled") && strings.Contains(low, "timeout"):
+		return "连接超时(探测超时)"
+
+	// 407 代理鉴权失败 —— 用户名/密码错误最常见
+	case strings.Contains(s, "Proxy Authentication Required"),
+		strings.Contains(low, "407"):
+		return "代理鉴权失败(407,请核对用户名/密码)"
+
+	// DNS 解析失败 —— 细分代理自身域名 vs 目标站域名
+	case strings.Contains(low, "proxyconnect") && strings.Contains(low, "no such host"):
+		return "DNS 解析失败:代理域名无法解析(宿主梯子/DNS 污染,可在 docker-compose 里给 server 指定公共 DNS 如 8.8.8.8)"
+	case strings.Contains(low, "no such host"),
+		strings.Contains(low, "lookup ") && strings.Contains(low, "no such"):
+		return "DNS 解析失败(域名不存在或 DNS 被污染)"
+
+	// 各类拒绝 / 不可达
+	case strings.Contains(low, "connection refused"):
+		return "目标拒绝连接(connection refused)"
+	case strings.Contains(low, "network is unreachable"):
+		return "网络不可达"
+	case strings.Contains(low, "no route to host"):
+		return "无法路由到目标主机"
+	case strings.Contains(low, "host is down"):
+		return "目标主机不可达"
+
+	// 连接在握手/发送中被对端断开 —— 原因有多种,不要把结论钉死在"鉴权错误"
+	case strings.Contains(low, "connection reset by peer"):
+		return "对端重置连接(目标站限流、代理线路抖动或鉴权都可能,换个探测目标再看)"
+	case strings.Contains(low, "broken pipe"):
+		return "连接已断开(broken pipe;代理线路抖动可能性大)"
+	case strings.Contains(low, "unexpected eof"),
+		low == "eof",
+		strings.HasSuffix(low, ": eof"),
+		strings.Contains(low, "remotedisconnected"),
+		strings.Contains(low, "connection closed"):
+		// 注意:HTTPS 握手前被对端 RST/FIN 很多情形都会报 EOF,不要单一归因为"鉴权失败"。
+		// 常见原因按概率排序:
+		//   1) 目标站对此出口 IP / UA / ALPN 做了限制(比如 gstatic 在部分区域直接丢包)
+		//   2) 代理自身到目标站的链路抖动 / 节点降级
+		//   3) 代理鉴权失败(较少见,多数情况 407 就返回了)
+		// 所以文案里把"鉴权"降到最后,给运维留个排障方向。
+		return "连接被对端提前关闭(EOF);可能原因:① 目标站限制此出口 IP ② 代理线路抖动 ③ 鉴权失败。建议在「系统设置」把探测目标留空以走内置候选链"
+
+	// 代理协议问题
+	case strings.Contains(low, "proxyconnect tcp"):
+		return "代理握手失败(请检查 host:port/scheme)"
+	case strings.Contains(low, "malformed http response"):
+		return "代理响应非 HTTP(scheme 可能写错)"
+	case strings.Contains(low, "socks"):
+		return "SOCKS 代理握手失败"
+
+	// TLS
+	case strings.Contains(low, "tls:"),
+		strings.Contains(low, "x509:"),
+		strings.Contains(low, "certificate"):
+		return "TLS/证书错误"
+
+	// 其它 —— 给中文前缀 + 简短原文,方便排障
+	default:
+		// 截断 "Get \"...\": " 等 net/http 前缀
+		if i := strings.Index(s, "\": "); i > 0 && i < len(s)-3 {
+			s = s[i+3:]
+		} else if i := strings.Index(s, ": "); i > 0 && i < len(s)-2 {
+			s = s[i+2:]
+		}
+		if len(s) > 140 {
+			s = s[:140] + "…"
+		}
+		return "探测失败:" + s
+	}
+}
diff --git a/internal/proxy/service.go b/internal/proxy/service.go
new file mode 100644
index 00000000..e061e969
--- /dev/null
+++ b/internal/proxy/service.go
@@ -0,0 +1,326 @@
+package proxy
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/432539/gpt2api/pkg/crypto"
+)
+
+// Service 封装代理 CRUD + 密码加解密。
+type Service struct {
+	dao    *DAO
+	cipher *crypto.AESGCM
+}
+
+func NewService(dao *DAO, cipher *crypto.AESGCM) *Service {
+	return &Service{dao: dao, cipher: cipher}
+}
+
+// CreateInput 是 Create 的入参(明文 password)。
+type CreateInput struct {
+	Scheme   string `json:"scheme"`
+	Host     string `json:"host"`
+	Port     int    `json:"port"`
+	Username string `json:"username"`
+	Password string `json:"password"`
+	Country  string `json:"country"`
+	ISP      string `json:"isp"`
+	Enabled  bool   `json:"enabled"`
+	Remark   string `json:"remark"`
+}
+
+// UpdateInput 是 Update 的入参;Password 为空时不改密。
+type UpdateInput struct {
+	Scheme   string `json:"scheme"`
+	Host     string `json:"host"`
+	Port     int    `json:"port"`
+	Username string `json:"username"`
+	Password string `json:"password"` // 空串表示不改
+	Country  string `json:"country"`
+	ISP      string `json:"isp"`
+	Enabled  bool   `json:"enabled"`
+	Remark   string `json:"remark"`
+}
+
+func (s *Service) Create(ctx context.Context, in CreateInput) (*Proxy, error) {
+	if in.Scheme == "" {
+		in.Scheme = "http"
+	}
+	if in.Host == "" || in.Port == 0 {
+		return nil, errors.New("host 和 port 不能为空")
+	}
+	var enc string
+	if in.Password != "" {
+		v, err := s.cipher.EncryptString(in.Password)
+		if err != nil {
+			return nil, err
+		}
+		enc = v
+	}
+	p := &Proxy{
+		Scheme: in.Scheme, Host: in.Host, Port: in.Port,
+		Username: in.Username, PasswordEnc: enc,
+		Country: in.Country, ISP: in.ISP,
+		HealthScore: 100, Enabled: in.Enabled, Remark: in.Remark,
+	}
+	id, err := s.dao.Create(ctx, p)
+	if err != nil {
+		return nil, err
+	}
+	return s.dao.GetByID(ctx, id)
+}
+
+func (s *Service) Update(ctx context.Context, id uint64, in UpdateInput) (*Proxy, error) {
+	p, err := s.dao.GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	if in.Scheme != "" {
+		p.Scheme = in.Scheme
+	}
+	if in.Host != "" {
+		p.Host = in.Host
+	}
+	if in.Port != 0 {
+		p.Port = in.Port
+	}
+	p.Username = in.Username
+	p.Country = in.Country
+	p.ISP = in.ISP
+	p.Enabled = in.Enabled
+	p.Remark = in.Remark
+	if in.Password != "" {
+		enc, err := s.cipher.EncryptString(in.Password)
+		if err != nil {
+			return nil, err
+		}
+		p.PasswordEnc = enc
+	}
+	if err := s.dao.Update(ctx, p); err != nil {
+		return nil, err
+	}
+	return p, nil
+}
+
+func (s *Service) Delete(ctx context.Context, id uint64) error {
+	return s.dao.SoftDelete(ctx, id)
+}
+
+func (s *Service) Get(ctx context.Context, id uint64) (*Proxy, error) {
+	return s.dao.GetByID(ctx, id)
+}
+
+func (s *Service) List(ctx context.Context, offset, limit int) ([]*Proxy, int64, error) {
+	return s.dao.List(ctx, offset, limit)
+}
+
+// ---------- 批量导入 ----------
+
+// ImportDefaults 批量导入时的公共默认值。
+type ImportDefaults struct {
+	Enabled   bool
+	Country   string
+	ISP       string
+	Remark    string
+	Overwrite bool // true 时遇到已存在记录更新密码/备注;false 直接 skip
+}
+
+// ImportLineResult 单行结果。Status ∈ "created" | "updated" | "skipped" | "invalid"。
+type ImportLineResult struct {
+	Line   int    `json:"line"`
+	Raw    string `json:"raw"`              // 原始输入(密码会被 *** 掉)
+	Status string `json:"status"`
+	ID     uint64 `json:"id,omitempty"`
+	Error  string `json:"error,omitempty"`
+}
+
+// ImportBatch 解析多行代理 URL,逐条入库。
+// 支持格式:
+//
+//	scheme://user:pass@host:port
+//	scheme://host:port               (无鉴权)
+//	user:pass@host:port              (无 scheme,默认 http)
+//	host:port                        (无 scheme 无鉴权,默认 http)
+//
+// 以 # 或 // 开头的行视为注释跳过。空行跳过。
+func (s *Service) ImportBatch(ctx context.Context, text string, defaults ImportDefaults) ([]ImportLineResult, error) {
+	lines := strings.Split(strings.ReplaceAll(text, "\r\n", "\n"), "\n")
+	out := make([]ImportLineResult, 0, len(lines))
+
+	for i, raw := range lines {
+		line := strings.TrimSpace(raw)
+		if line == "" || strings.HasPrefix(line, "#") || strings.HasPrefix(line, "//") {
+			continue
+		}
+		r := ImportLineResult{Line: i + 1, Raw: maskPassword(line)}
+
+		in, err := parseProxyLine(line)
+		if err != nil {
+			r.Status = "invalid"
+			r.Error = err.Error()
+			out = append(out, r)
+			continue
+		}
+		// 合并公共默认值
+		in.Enabled = defaults.Enabled
+		if in.Country == "" {
+			in.Country = defaults.Country
+		}
+		if in.ISP == "" {
+			in.ISP = defaults.ISP
+		}
+		if in.Remark == "" {
+			in.Remark = defaults.Remark
+		}
+
+		// 查重:同 scheme+host+port+username 若已存在 → update / skip
+		existing, err := s.dao.FindByEndpoint(ctx, in.Scheme, in.Host, in.Port, in.Username)
+		if err != nil && !errors.Is(err, ErrNotFound) {
+			r.Status = "invalid"
+			r.Error = err.Error()
+			out = append(out, r)
+			continue
+		}
+		if existing != nil {
+			if !defaults.Overwrite {
+				r.Status = "skipped"
+				r.ID = existing.ID
+				r.Error = "已存在同 scheme+host:port+用户名 的代理,跳过"
+				out = append(out, r)
+				continue
+			}
+			// 覆盖模式:保留 id/health_score,更新其他字段
+			existing.Scheme = in.Scheme
+			existing.Host = in.Host
+			existing.Port = in.Port
+			existing.Username = in.Username
+			existing.Country = in.Country
+			existing.ISP = in.ISP
+			existing.Enabled = in.Enabled
+			existing.Remark = in.Remark
+			if in.Password != "" {
+				enc, encErr := s.cipher.EncryptString(in.Password)
+				if encErr != nil {
+					r.Status = "invalid"
+					r.Error = encErr.Error()
+					out = append(out, r)
+					continue
+				}
+				existing.PasswordEnc = enc
+			}
+			if err := s.dao.Update(ctx, existing); err != nil {
+				r.Status = "invalid"
+				r.Error = err.Error()
+				out = append(out, r)
+				continue
+			}
+			r.Status = "updated"
+			r.ID = existing.ID
+			out = append(out, r)
+			continue
+		}
+
+		// 新建
+		p, err := s.Create(ctx, in)
+		if err != nil {
+			r.Status = "invalid"
+			r.Error = err.Error()
+			out = append(out, r)
+			continue
+		}
+		r.Status = "created"
+		r.ID = p.ID
+		out = append(out, r)
+	}
+	return out, nil
+}
+
+// parseProxyLine 解析一行代理串为 CreateInput(不含 Enabled/Remark 默认值)。
+func parseProxyLine(line string) (CreateInput, error) {
+	var out CreateInput
+	trim := strings.TrimSpace(line)
+	if trim == "" {
+		return out, errors.New("空行")
+	}
+	// 补全 scheme,让 net/url 能正确解析 user/pass
+	if !strings.Contains(trim, "://") {
+		trim = "http://" + trim
+	}
+	u, err := url.Parse(trim)
+	if err != nil {
+		return out, fmt.Errorf("URL 格式错误:%w", err)
+	}
+	scheme := strings.ToLower(u.Scheme)
+	switch scheme {
+	case "http", "https", "socks5", "socks5h":
+		// ok
+	default:
+		return out, fmt.Errorf("不支持的协议 %q(仅支持 http/https/socks5)", u.Scheme)
+	}
+	host := u.Hostname()
+	if host == "" {
+		return out, errors.New("缺少 host")
+	}
+	portStr := u.Port()
+	if portStr == "" {
+		return out, errors.New("缺少 port")
+	}
+	port, err := strconv.Atoi(portStr)
+	if err != nil || port < 1 || port > 65535 {
+		return out, fmt.Errorf("端口 %q 非法(需 1~65535)", portStr)
+	}
+	out.Scheme = scheme
+	out.Host = host
+	out.Port = port
+	if u.User != nil {
+		out.Username = u.User.Username()
+		if pw, ok := u.User.Password(); ok {
+			out.Password = pw
+		}
+	}
+	return out, nil
+}
+
+// maskPassword 把 user:pass@ 里的 pass 替换成 ***,用于 result.raw 回显。
+func maskPassword(line string) string {
+	i := strings.Index(line, "://")
+	head := ""
+	rest := line
+	if i >= 0 {
+		head = line[:i+3]
+		rest = line[i+3:]
+	}
+	at := strings.Index(rest, "@")
+	if at < 0 {
+		return line
+	}
+	cred := rest[:at]
+	tail := rest[at:]
+	colon := strings.Index(cred, ":")
+	if colon < 0 {
+		return line
+	}
+	return head + cred[:colon] + ":***" + tail
+}
+
+// DecryptPassword 解密代理密码。
+func (s *Service) DecryptPassword(p *Proxy) (string, error) {
+	if p.PasswordEnc == "" {
+		return "", nil
+	}
+	return s.cipher.DecryptString(p.PasswordEnc)
+}
+
+// BuildURL 返回完整代理 URL(含明文密码)。
+func (s *Service) BuildURL(p *Proxy) (string, error) {
+	pw, err := s.DecryptPassword(p)
+	if err != nil {
+		return "", err
+	}
+	return p.URLWithPassword(pw), nil
+}
diff --git a/internal/ratelimit/limiter.go b/internal/ratelimit/limiter.go
new file mode 100644
index 00000000..980bfc61
--- /dev/null
+++ b/internal/ratelimit/limiter.go
@@ -0,0 +1,62 @@
+// Package ratelimit 封装 API Key / 用户分组的 RPM / TPM 限流。
+//
+// 两层分桶:
+//   rpm:<key_id>   - 每分钟请求次数(capacity=RPM)
+//   tpm:<key_id>   - 每分钟 token 额度(capacity=TPM)
+//
+// RPM 在网关入口预检;TPM 先按估算值扣,结算时按实际值"补差"。
+// 依赖 pkg/ratelimit 的 TokenBucket 原语。
+package ratelimit
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	pkgrl "github.com/432539/gpt2api/pkg/ratelimit"
+)
+
+// Limiter 是"按 Key 维度"的限流服务。
+type Limiter struct {
+	tb *pkgrl.TokenBucket
+}
+
+func New(tb *pkgrl.TokenBucket) *Limiter { return &Limiter{tb: tb} }
+
+// AllowRPM 消费 1 个 RPM 令牌。capacity<=0 表示不限。
+func (l *Limiter) AllowRPM(ctx context.Context, keyID uint64, capacity int) (bool, float64, error) {
+	if capacity <= 0 {
+		return true, 0, nil
+	}
+	key := fmt.Sprintf("rl:rpm:k:%d", keyID)
+	refill := float64(capacity) / 60.0
+	return l.tb.Allow(ctx, key, int64(capacity), 1, refill)
+}
+
+// AllowTPM 预扣 tokens,若额度不足返回 false。capacity<=0 不限。
+func (l *Limiter) AllowTPM(ctx context.Context, keyID uint64, capacity int64, tokens int64) (bool, float64, error) {
+	if capacity <= 0 || tokens <= 0 {
+		return true, 0, nil
+	}
+	key := fmt.Sprintf("rl:tpm:k:%d", keyID)
+	refill := float64(capacity) / 60.0
+	return l.tb.Allow(ctx, key, capacity, tokens, refill)
+}
+
+// AdjustTPM 结算时对 TPM 做补差:delta>0 扣更多、delta<0 还一些。
+// 补扣失败不报错(只是计费记录偏差,下一分钟会回填)。
+func (l *Limiter) AdjustTPM(ctx context.Context, keyID uint64, capacity int64, delta int64) {
+	if capacity <= 0 || delta == 0 {
+		return
+	}
+	key := fmt.Sprintf("rl:tpm:k:%d", keyID)
+	refill := float64(capacity) / 60.0
+	if delta > 0 {
+		_, _, _ = l.tb.Allow(ctx, key, capacity, delta, refill)
+		return
+	}
+	// delta<0:把多扣的还回桶。用 negative cost 不安全,
+	// 改用"加 tokens"Lua 回退;简单起见直接 PEXPIRE 不管(下次请求会按过期重建)。
+	_ = ctx
+	_ = time.Second
+}
diff --git a/internal/rbac/menu.go b/internal/rbac/menu.go
new file mode 100644
index 00000000..294f9c54
--- /dev/null
+++ b/internal/rbac/menu.go
@@ -0,0 +1,106 @@
+package rbac
+
+// Menu 是一棵静态菜单树,前端按当前用户角色可见子集渲染。
+//
+// 每一项菜单都绑定一个或多个权限;只要用户拥有其中任意一个,该项就出现。
+// 未绑定权限的菜单(Perms 为 nil)对所有已登录用户可见。
+//
+// 重要:菜单只是 UI 暗示,后端接口必须独立做 `middleware.RequirePerm(...)`。
+type Menu struct {
+	Key      string       `json:"key"`                // 唯一标识,前端路由用
+	Title    string       `json:"title"`              // 显示名(简体中文)
+	Icon     string       `json:"icon,omitempty"`     // Element Plus 图标名
+	Path     string       `json:"path,omitempty"`     // 前端路由路径
+	Perms    []Permission `json:"-"`                  // 必需权限(any);空=仅需已登录
+	Children []Menu       `json:"children,omitempty"` // 子菜单
+}
+
+// menuTree 静态全量菜单树。对应前端路由。
+var menuTree = []Menu{
+	// ---- 普通用户区 ----
+	{
+		Key: "personal", Title: "个人中心", Icon: "User", Path: "/personal",
+		Children: []Menu{
+			{Key: "personal.dashboard", Title: "总览", Icon: "House", Path: "/personal/dashboard",
+				Perms: []Permission{PermSelfProfile}},
+			{Key: "personal.keys", Title: "API Keys", Icon: "Key", Path: "/personal/keys",
+				Perms: []Permission{PermSelfKey}},
+			{Key: "personal.usage", Title: "使用记录", Icon: "Histogram", Path: "/personal/usage",
+				Perms: []Permission{PermSelfUsage}},
+			{Key: "personal.billing", Title: "账单与充值", Icon: "Wallet", Path: "/personal/billing",
+				Perms: []Permission{PermSelfRecharge}},
+			{Key: "personal.play", Title: "在线体验", Icon: "MagicStick", Path: "/personal/play",
+				Perms: []Permission{PermSelfImage, PermSelfUsage}},
+			{Key: "personal.docs", Title: "接口文档", Icon: "Document", Path: "/personal/docs",
+				Perms: []Permission{PermSelfUsage, PermSelfImage}},
+		},
+	},
+	// ---- 管理员区 ----
+	{
+		Key: "admin", Title: "后台管理", Icon: "Setting", Path: "/admin",
+		Perms: []Permission{PermUserRead, PermAccountRead, PermProxyRead,
+			PermUsageReadAll, PermSystemBackup}, // 任一 admin 权限即可看到大入口
+		Children: []Menu{
+			{Key: "admin.users", Title: "用户管理", Icon: "UserFilled", Path: "/admin/users",
+				Perms: []Permission{PermUserRead}},
+			{Key: "admin.credits", Title: "积分管理", Icon: "Coin", Path: "/admin/credits",
+				Perms: []Permission{PermUserCredit}},
+			{Key: "admin.recharges", Title: "充值订单", Icon: "CreditCard", Path: "/admin/recharges",
+				Perms: []Permission{PermRechargeManage}},
+			{Key: "admin.accounts", Title: "GPT账号", Icon: "Connection", Path: "/admin/accounts",
+				Perms: []Permission{PermAccountRead}},
+			{Key: "admin.proxies", Title: "代理管理", Icon: "Guide", Path: "/admin/proxies",
+				Perms: []Permission{PermProxyRead}},
+			{Key: "admin.models", Title: "模型配置", Icon: "Box", Path: "/admin/models",
+				Perms: []Permission{PermModelRead, PermModelWrite}},
+			{Key: "admin.channels", Title: "上游渠道", Icon: "Share", Path: "/admin/channels",
+				Perms: []Permission{PermChannelRead, PermChannelWrite}},
+			{Key: "admin.groups", Title: "用户分组", Icon: "OfficeBuilding", Path: "/admin/groups",
+				Perms: []Permission{PermGroupWrite}},
+			{Key: "admin.usage", Title: "用量统计", Icon: "DataAnalysis", Path: "/admin/usage",
+				Perms: []Permission{PermUsageReadAll}},
+			{Key: "admin.keys", Title: "全局 Keys", Icon: "Key", Path: "/admin/keys",
+				Perms: []Permission{PermKeyReadAll}},
+			{Key: "admin.image-tasks", Title: "生成记录", Icon: "Picture", Path: "/admin/image-tasks",
+				Perms: []Permission{PermUsageReadAll}},
+			{Key: "admin.audit", Title: "审计日志", Icon: "Document", Path: "/admin/audit",
+				Perms: []Permission{PermAuditRead}},
+			{Key: "admin.backup", Title: "数据备份", Icon: "FolderOpened", Path: "/admin/backup",
+				Perms: []Permission{PermSystemBackup}},
+			{Key: "admin.settings", Title: "系统设置", Icon: "Tools", Path: "/admin/settings",
+				Perms: []Permission{PermSystemSetting}},
+		},
+	},
+}
+
+// MenuForRole 按角色过滤菜单树。节点没有可见子节点时递归裁剪。
+func MenuForRole(role string) []Menu {
+	return filterMenus(menuTree, role)
+}
+
+func filterMenus(src []Menu, role string) []Menu {
+	out := make([]Menu, 0, len(src))
+	for _, m := range src {
+		// 复制一份避免对源数据做任何写入
+		copied := m
+		copied.Children = filterMenus(m.Children, role)
+
+		// 可见性规则:
+		//   - 无 Perms 限制 → 所有已登录可见(但若有 children,仍要求 children 非空)
+		//   - 有 Perms → 必须 role 拥有其中任一权限
+		visible := true
+		if len(copied.Perms) > 0 {
+			visible = HasAny(role, copied.Perms...)
+		}
+		// 无子节点 + 不可见 → 跳过
+		// 有子节点但 children 被裁成 0 → 如果自己也不可见,跳过
+		if !visible && len(copied.Children) == 0 {
+			continue
+		}
+		if len(m.Children) > 0 && len(copied.Children) == 0 && !visible {
+			continue
+		}
+		out = append(out, copied)
+	}
+	return out
+}
diff --git a/internal/rbac/permission.go b/internal/rbac/permission.go
new file mode 100644
index 00000000..859a3dee
--- /dev/null
+++ b/internal/rbac/permission.go
@@ -0,0 +1,158 @@
+// Package rbac 基于角色的访问控制。
+//
+// 设计原则(为避免权限漏洞):
+//
+//  1. **最小权限**:普通用户默认仅拥有 self:* 权限,只能读/写自己的资源。
+//  2. **菜单和权限分离**:菜单只是 UI 提示,实际访问每条 API 都必须单独做
+//     `middleware.RequirePerm(...)`。前端隐藏菜单 != 后端拒绝访问。
+//  3. **资源粒度兜底**:涉及用户资源(api keys / usage 等)的接口必须
+//     再做 `resource.user_id == ctx.user_id` 二次校验,防越权。
+//  4. **高危写操作(恢复数据库 / 删除账号 / 调整积分 / 超管操作)**要求
+//     `X-Admin-Confirm` header 携带明文密码二次验证。
+//  5. **审计**:所有 admin 路径的写操作通过 `audit.Middleware` 自动落库。
+//
+// 本文件只定义权限常量和预设角色。运行时不依赖数据库存角色绑定,
+// 角色→权限映射由代码硬编码,避免运维失误导致提权漏洞。
+// 未来需要多租户/自定义角色时再引入 `role_permissions` 表即可平滑升级。
+package rbac
+
+// Role 角色常量。和 users.role 字段对齐。
+const (
+	RoleUser  = "user"
+	RoleAdmin = "admin"
+)
+
+// Permission 形如 "resource:action"。命名遵守小写 + 冒号分隔。
+// 所有自定义权限都在这里集中声明,便于检索。
+type Permission string
+
+const (
+	// --- 普通用户(self) ---
+	PermSelfProfile = Permission("self:profile")       // 看/改自己资料
+	PermSelfKey     = Permission("self:key")           // 管自己 API Key
+	PermSelfUsage   = Permission("self:usage")         // 查自己 usage/账单
+	PermSelfRecharge = Permission("self:recharge")     // 充值/查自己订单
+	PermSelfImage    = Permission("self:image")        // 自己生图任务
+
+	// --- 管理员(admin) ---
+	// 用户管理
+	PermUserRead   = Permission("user:read")
+	PermUserWrite  = Permission("user:write")  // 创建/编辑/禁用/重置密码
+	PermUserCredit = Permission("user:credit") // 调整积分(高危)
+
+	// API Key(跨用户)
+	PermKeyReadAll  = Permission("key:read_all")
+	PermKeyWriteAll = Permission("key:write_all")
+
+	// 账号池 / 代理池 / 模型
+	PermAccountRead  = Permission("account:read")
+	PermAccountWrite = Permission("account:write")
+	PermProxyRead    = Permission("proxy:read")
+	PermProxyWrite   = Permission("proxy:write")
+	PermModelRead    = Permission("model:read")
+	PermModelWrite   = Permission("model:write")
+
+	// 上游渠道(OpenAI/Gemini 等外置供应商) + 模型映射
+	PermChannelRead  = Permission("channel:read")
+	PermChannelWrite = Permission("channel:write")
+
+	// 分组 / 计费
+	PermGroupWrite     = Permission("group:write")
+	PermRechargeManage = Permission("recharge:manage")
+
+	// 统计 / 审计
+	PermUsageReadAll = Permission("usage:read_all")
+	PermStatsReadAll = Permission("stats:read_all")
+	PermAuditRead    = Permission("audit:read")
+
+	// 系统
+	PermSystemSetting = Permission("system:setting") // 改系统配置
+	PermSystemBackup  = Permission("system:backup")  // 数据库备份/恢复(超高危)
+)
+
+// rolePermissions 是角色到权限集合的静态映射。
+// 启动时被加载到 `permSet`,所有权限检查走 set-lookup。
+var rolePermissions = map[string][]Permission{
+	RoleUser: {
+		PermSelfProfile,
+		PermSelfKey,
+		PermSelfUsage,
+		PermSelfRecharge,
+		PermSelfImage,
+	},
+	RoleAdmin: {
+		// admin 继承 user 所有 self 权限(admin 自己也有 api key 等)
+		PermSelfProfile, PermSelfKey, PermSelfUsage, PermSelfRecharge, PermSelfImage,
+
+		PermUserRead, PermUserWrite, PermUserCredit,
+		PermKeyReadAll, PermKeyWriteAll,
+		PermAccountRead, PermAccountWrite,
+		PermProxyRead, PermProxyWrite,
+		PermModelRead, PermModelWrite,
+		PermChannelRead, PermChannelWrite,
+		PermGroupWrite, PermRechargeManage,
+		PermUsageReadAll, PermStatsReadAll, PermAuditRead,
+		PermSystemSetting, PermSystemBackup,
+	},
+}
+
+// permSet 预计算的角色→权限集合(O(1) 查询)。
+var permSet map[string]map[Permission]struct{}
+
+func init() {
+	permSet = make(map[string]map[Permission]struct{}, len(rolePermissions))
+	for role, perms := range rolePermissions {
+		set := make(map[Permission]struct{}, len(perms))
+		for _, p := range perms {
+			set[p] = struct{}{}
+		}
+		permSet[role] = set
+	}
+}
+
+// Has 返回 role 是否拥有某权限。未知角色一律返回 false。
+func Has(role string, perm Permission) bool {
+	set, ok := permSet[role]
+	if !ok {
+		return false
+	}
+	_, ok = set[perm]
+	return ok
+}
+
+// HasAny 任一权限成立即 true。
+func HasAny(role string, perms ...Permission) bool {
+	for _, p := range perms {
+		if Has(role, p) {
+			return true
+		}
+	}
+	return false
+}
+
+// HasAll 所有权限都成立才 true。
+func HasAll(role string, perms ...Permission) bool {
+	for _, p := range perms {
+		if !Has(role, p) {
+			return false
+		}
+	}
+	return true
+}
+
+// ListPermissions 返回 role 的权限清单(用于 /api/me 返回前端用作提示)。
+// 返回副本,调用方可自由修改。
+func ListPermissions(role string) []Permission {
+	set, ok := permSet[role]
+	if !ok {
+		return nil
+	}
+	out := make([]Permission, 0, len(set))
+	for p := range set {
+		out = append(out, p)
+	}
+	return out
+}
+
+// IsAdmin 语义快捷方式。
+func IsAdmin(role string) bool { return role == RoleAdmin }
diff --git a/internal/recharge/admin_handler.go b/internal/recharge/admin_handler.go
new file mode 100644
index 00000000..dd89f37e
--- /dev/null
+++ b/internal/recharge/admin_handler.go
@@ -0,0 +1,159 @@
+package recharge
+
+import (
+	"context"
+	"errors"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// PasswordVerifier 是"校验某 user 是否知道自己密码"的能力。
+// auth.Service 隐式实现了这个接口,避免 recharge 直接依赖 auth。
+type PasswordVerifier interface {
+	VerifyPassword(ctx context.Context, userID uint64, password string) error
+}
+
+// AdminHandler 提供管理员侧:套餐 CRUD + 订单查看 + 手工入账。
+type AdminHandler struct {
+	svc  *Service
+	auth PasswordVerifier
+}
+
+func NewAdminHandler(svc *Service, auth PasswordVerifier) *AdminHandler {
+	return &AdminHandler{svc: svc, auth: auth}
+}
+
+// confirmAdmin:从 X-Admin-Confirm header 取明文密码,对当前 admin 再做一次校验。
+// 与 user 包同名函数语义一致。
+func (h *AdminHandler) confirmAdmin(c *gin.Context) error {
+	pwd := c.GetHeader("X-Admin-Confirm")
+	if pwd == "" {
+		return errors.New("X-Admin-Confirm header required for this destructive operation")
+	}
+	actor := middleware.UserID(c)
+	if actor == 0 {
+		return errors.New("not authenticated")
+	}
+	return h.auth.VerifyPassword(c.Request.Context(), actor, pwd)
+}
+
+// GET /api/admin/recharge/packages
+func (h *AdminHandler) ListPackages(c *gin.Context) {
+	rows, err := h.svc.AdminListPackages(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"items": rows, "total": len(rows)})
+}
+
+type pkgReq struct {
+	Name        string `json:"name" binding:"required,max=64"`
+	PriceCNY    int    `json:"price_cny" binding:"required,min=1"`
+	Credits     int64  `json:"credits" binding:"required,min=0"`
+	Bonus       int64  `json:"bonus" binding:"min=0"`
+	Description string `json:"description" binding:"max=255"`
+	Sort        int    `json:"sort"`
+	Enabled     bool   `json:"enabled"`
+}
+
+// POST /api/admin/recharge/packages
+func (h *AdminHandler) CreatePackage(c *gin.Context) {
+	var req pkgReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	p := &Package{
+		Name:        req.Name,
+		PriceCNY:    req.PriceCNY,
+		Credits:     req.Credits,
+		Bonus:       req.Bonus,
+		Description: req.Description,
+		Sort:        req.Sort,
+		Enabled:     req.Enabled,
+	}
+	id, err := h.svc.AdminCreatePackage(c.Request.Context(), p)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	p.ID = id
+	resp.OK(c, p)
+}
+
+// PATCH /api/admin/recharge/packages/:id
+func (h *AdminHandler) UpdatePackage(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	var req pkgReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	p := &Package{
+		ID:          id,
+		Name:        req.Name,
+		PriceCNY:    req.PriceCNY,
+		Credits:     req.Credits,
+		Bonus:       req.Bonus,
+		Description: req.Description,
+		Sort:        req.Sort,
+		Enabled:     req.Enabled,
+	}
+	if err := h.svc.AdminUpdatePackage(c.Request.Context(), p); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, p)
+}
+
+// DELETE /api/admin/recharge/packages/:id
+func (h *AdminHandler) DeletePackage(c *gin.Context) {
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err := h.svc.AdminDeletePackage(c.Request.Context(), id); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"ok": true})
+}
+
+// GET /api/admin/recharge/orders
+func (h *AdminHandler) ListOrders(c *gin.Context) {
+	uid, _ := strconv.ParseUint(c.Query("user_id"), 10, 64)
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	rows, total, err := h.svc.AdminListOrders(c.Request.Context(),
+		ListFilter{UserID: uid, Status: c.Query("status")}, offset, limit)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"items": rows, "total": total, "limit": limit, "offset": offset})
+}
+
+// POST /api/admin/recharge/orders/:id/force-paid
+// 管理员应急入账。需要 X-Admin-Confirm。
+func (h *AdminHandler) ForcePaid(c *gin.Context) {
+	if err := h.confirmAdmin(c); err != nil {
+		resp.Forbidden(c, err.Error())
+		return
+	}
+	actorID := middleware.UserID(c)
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err := h.svc.AdminForcePaid(c.Request.Context(), id, actorID); err != nil {
+		switch {
+		case errors.Is(err, ErrOrderStateInvalid):
+			resp.Conflict(c, "订单状态不是 pending")
+		case errors.Is(err, ErrNotFound):
+			resp.NotFound(c, "订单不存在")
+		default:
+			resp.Internal(c, err.Error())
+		}
+		return
+	}
+	resp.OK(c, gin.H{"ok": true})
+}
diff --git a/internal/recharge/dao.go b/internal/recharge/dao.go
new file mode 100644
index 00000000..2f325306
--- /dev/null
+++ b/internal/recharge/dao.go
@@ -0,0 +1,187 @@
+package recharge
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+)
+
+var ErrNotFound = errors.New("recharge: not found")
+
+type DAO struct{ db *sqlx.DB }
+
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+// DB 暴露 *sqlx.DB 以便 Service 自己开事务入账。
+func (d *DAO) DB() *sqlx.DB { return d.db }
+
+// ---------- Packages ----------
+
+func (d *DAO) ListPackages(ctx context.Context, onlyEnabled bool) ([]Package, error) {
+	where := ""
+	if onlyEnabled {
+		where = "WHERE enabled = 1"
+	}
+	rows := make([]Package, 0, 8)
+	err := d.db.SelectContext(ctx, &rows,
+		fmt.Sprintf(`SELECT * FROM recharge_packages %s ORDER BY sort ASC, id ASC`, where))
+	return rows, err
+}
+
+func (d *DAO) GetPackage(ctx context.Context, id uint64) (*Package, error) {
+	var p Package
+	err := d.db.GetContext(ctx, &p,
+		`SELECT * FROM recharge_packages WHERE id = ?`, id)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &p, err
+}
+
+func (d *DAO) CreatePackage(ctx context.Context, p *Package) (uint64, error) {
+	res, err := d.db.ExecContext(ctx,
+		`INSERT INTO recharge_packages (name, price_cny, credits, bonus, description, sort, enabled)
+         VALUES (?, ?, ?, ?, ?, ?, ?)`,
+		p.Name, p.PriceCNY, p.Credits, p.Bonus, p.Description, p.Sort, p.Enabled)
+	if err != nil {
+		return 0, err
+	}
+	id, _ := res.LastInsertId()
+	return uint64(id), nil
+}
+
+func (d *DAO) UpdatePackage(ctx context.Context, p *Package) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE recharge_packages SET name=?, price_cny=?, credits=?, bonus=?,
+                description=?, sort=?, enabled=? WHERE id=?`,
+		p.Name, p.PriceCNY, p.Credits, p.Bonus, p.Description, p.Sort, p.Enabled, p.ID)
+	return err
+}
+
+func (d *DAO) DeletePackage(ctx context.Context, id uint64) error {
+	_, err := d.db.ExecContext(ctx,
+		`DELETE FROM recharge_packages WHERE id = ?`, id)
+	return err
+}
+
+// ---------- Orders ----------
+
+func (d *DAO) CreateOrder(ctx context.Context, o *Order) (uint64, error) {
+	res, err := d.db.ExecContext(ctx,
+		`INSERT INTO recharge_orders
+           (out_trade_no, user_id, package_id, price_cny, credits, bonus,
+            channel, pay_method, status, trade_no, pay_url, client_ip, remark)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		o.OutTradeNo, o.UserID, o.PackageID, o.PriceCNY, o.Credits, o.Bonus,
+		o.Channel, o.PayMethod, o.Status, o.TradeNo, o.PayURL, o.ClientIP, o.Remark)
+	if err != nil {
+		return 0, err
+	}
+	id, _ := res.LastInsertId()
+	o.ID = uint64(id)
+	return o.ID, nil
+}
+
+func (d *DAO) GetByOutTradeNo(ctx context.Context, outTradeNo string) (*Order, error) {
+	var o Order
+	err := d.db.GetContext(ctx, &o,
+		`SELECT * FROM recharge_orders WHERE out_trade_no = ?`, outTradeNo)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &o, err
+}
+
+func (d *DAO) GetByID(ctx context.Context, id uint64) (*Order, error) {
+	var o Order
+	err := d.db.GetContext(ctx, &o,
+		`SELECT * FROM recharge_orders WHERE id = ?`, id)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &o, err
+}
+
+// ListFilter 用于 admin / user 端订单列表过滤。
+type ListFilter struct {
+	UserID uint64
+	Status string
+	Since  time.Time
+	Until  time.Time
+}
+
+func (d *DAO) List(ctx context.Context, f ListFilter, offset, limit int) ([]Order, int64, error) {
+	if limit <= 0 || limit > 200 {
+		limit = 50
+	}
+	if offset < 0 {
+		offset = 0
+	}
+	where := []string{"1=1"}
+	args := []any{}
+	if f.UserID > 0 {
+		where = append(where, "user_id = ?")
+		args = append(args, f.UserID)
+	}
+	if f.Status != "" {
+		where = append(where, "status = ?")
+		args = append(args, f.Status)
+	}
+	if !f.Since.IsZero() {
+		where = append(where, "created_at >= ?")
+		args = append(args, f.Since)
+	}
+	if !f.Until.IsZero() {
+		where = append(where, "created_at < ?")
+		args = append(args, f.Until)
+	}
+	ws := strings.Join(where, " AND ")
+
+	rows := make([]Order, 0, limit)
+	if err := d.db.SelectContext(ctx, &rows,
+		fmt.Sprintf(`SELECT * FROM recharge_orders WHERE %s ORDER BY id DESC LIMIT ? OFFSET ?`, ws),
+		append(args, limit, offset)...); err != nil {
+		return nil, 0, err
+	}
+	var total int64
+	if err := d.db.GetContext(ctx, &total,
+		fmt.Sprintf(`SELECT COUNT(*) FROM recharge_orders WHERE %s`, ws), args...); err != nil {
+		return nil, 0, err
+	}
+	return rows, total, nil
+}
+
+// SumPaidTodayCNY 统计当前用户"今日(DB 服务器时区)"已支付订单总金额(分)。
+// 用于每日充值上限判定。
+func (d *DAO) SumPaidTodayCNY(ctx context.Context, userID uint64) (int64, error) {
+	var sum sql.NullInt64
+	err := d.db.GetContext(ctx, &sum,
+		`SELECT COALESCE(SUM(price_cny), 0) FROM recharge_orders
+           WHERE user_id = ? AND status = 'paid' AND paid_at >= CURDATE()`, userID)
+	if err != nil {
+		return 0, err
+	}
+	return sum.Int64, nil
+}
+
+// ExpirePending 把所有创建超过 minutes 分钟的 pending 订单置为 expired。
+// 返回被更新的行数。用于 cleanup 定时任务 / 管理员手工触发。
+func (d *DAO) ExpirePending(ctx context.Context, minutes int) (int64, error) {
+	if minutes <= 0 {
+		minutes = 30
+	}
+	res, err := d.db.ExecContext(ctx,
+		`UPDATE recharge_orders
+           SET status = 'expired'
+         WHERE status = 'pending' AND created_at < (NOW() - INTERVAL ? MINUTE)`, minutes)
+	if err != nil {
+		return 0, err
+	}
+	n, _ := res.RowsAffected()
+	return n, nil
+}
diff --git a/internal/recharge/handler.go b/internal/recharge/handler.go
new file mode 100644
index 00000000..6223debf
--- /dev/null
+++ b/internal/recharge/handler.go
@@ -0,0 +1,133 @@
+package recharge
+
+import (
+	"errors"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// Handler 实现用户/公开 端点。
+type Handler struct{ svc *Service }
+
+func NewHandler(svc *Service) *Handler { return &Handler{svc: svc} }
+
+// GET /api/recharge/packages
+// 返回已启用的套餐 + 通道状态。未登录也可访问(方便前端登录页展示定价)。
+func (h *Handler) ListPackages(c *gin.Context) {
+	pkgs, err := h.svc.ListEnabledPackages(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{
+		"items":          pkgs,
+		"enabled":        h.svc.Enabled() && h.svc.AdminEnabled(),
+		"channel_ready":  h.svc.Enabled(),
+		"admin_enabled":  h.svc.AdminEnabled(),
+		"min_cny":        h.svc.MinAmountCNY(),
+		"max_cny":        h.svc.MaxAmountCNY(),
+		"daily_limit":    h.svc.DailyLimitCNY(),
+		"expire_minutes": h.svc.OrderExpireMinutes(),
+	})
+}
+
+// POST /api/recharge/orders
+// body: { package_id, pay_type }
+func (h *Handler) CreateOrder(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "unauthorized")
+		return
+	}
+	var req struct {
+		PackageID uint64 `json:"package_id" binding:"required"`
+		PayType   string `json:"pay_type"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	o, err := h.svc.Create(c.Request.Context(), CreateInput{
+		UserID:    uid,
+		PackageID: req.PackageID,
+		PayType:   req.PayType,
+		ClientIP:  c.ClientIP(),
+	})
+	if err != nil {
+		switch {
+		case errors.Is(err, ErrChannelDisabled):
+			resp.Fail(c, 40301, "支付通道未配置,请联系管理员")
+		case errors.Is(err, ErrRechargeDisabled):
+			resp.Forbidden(c, "管理员已关闭充值")
+		case errors.Is(err, ErrAmountOutOfRange):
+			resp.BadRequest(c, "该套餐金额不在允许的充值范围内")
+		case errors.Is(err, ErrDailyLimitExceeded):
+			resp.BadRequest(c, "已达到今日累计充值上限")
+		case errors.Is(err, ErrPackageUnavailable), errors.Is(err, ErrNotFound):
+			resp.NotFound(c, "套餐不存在或已下架")
+		default:
+			resp.Internal(c, err.Error())
+		}
+		return
+	}
+	resp.OK(c, o)
+}
+
+// GET /api/recharge/orders
+func (h *Handler) ListMyOrders(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "unauthorized")
+		return
+	}
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "20"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	rows, total, err := h.svc.ListUserOrders(c.Request.Context(), uid, c.Query("status"), offset, limit)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"items": rows, "total": total, "limit": limit, "offset": offset})
+}
+
+// POST /api/recharge/orders/:id/cancel
+func (h *Handler) CancelOrder(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "unauthorized")
+		return
+	}
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err := h.svc.CancelByUser(c.Request.Context(), uid, id); err != nil {
+		switch {
+		case errors.Is(err, ErrOrderStateInvalid):
+			resp.Conflict(c, "订单状态不可取消")
+		case errors.Is(err, ErrOrderNotFound), errors.Is(err, ErrNotFound):
+			resp.NotFound(c, "订单不存在")
+		default:
+			resp.Internal(c, err.Error())
+		}
+		return
+	}
+	resp.OK(c, gin.H{"ok": true})
+}
+
+// ---------- 公开的回调入口(不鉴权,走签名校验) ----------
+
+// POST /api/public/epay/notify
+// GET  /api/public/epay/notify
+// 按上游 ePay 规范,**响应必须是裸 "success"/"fail" 字符串**,不要被 resp 包装。
+func (h *Handler) EPayNotify(c *gin.Context) {
+	if err := c.Request.ParseForm(); err != nil {
+		c.String(200, "fail")
+		return
+	}
+	// ePay 可能 GET 也可能 POST,合并两种 values
+	form := c.Request.Form
+	text, _ := h.svc.HandleNotify(c.Request.Context(), form)
+	c.String(200, text)
+}
diff --git a/internal/recharge/model.go b/internal/recharge/model.go
new file mode 100644
index 00000000..01713485
--- /dev/null
+++ b/internal/recharge/model.go
@@ -0,0 +1,66 @@
+// Package recharge 负责充值套餐管理 + 下单 + 支付回调 + 入账 的全流程。
+//
+// 核心不变式:
+//  1. 订单从 pending -> (paid|expired|cancelled|failed),状态只前进,不倒退。
+//  2. paid 的订单**只能由经过签名校验的异步回调**触发,且整个入账 (UPDATE 订单 + INSERT credit_log + UPDATE users.credit_balance)
+//     必须包在单独一个事务里,保证不会"钱到了但积分没加"。
+//  3. 同一订单号的回调**幂等**:重复回调只返回 success,不再入账。
+//  4. 签名校验失败的回调直接吞掉,且记录 warn 日志,不要暴露详情给上游。
+package recharge
+
+import "time"
+
+// OrderStatus 订单状态。
+const (
+	StatusPending   = "pending"
+	StatusPaid      = "paid"
+	StatusExpired   = "expired"
+	StatusCancelled = "cancelled"
+	StatusFailed    = "failed"
+)
+
+// ChannelEPay 是目前唯一支持的支付通道标识。
+// 预留多通道扩展字段,未来加微信/支付宝原生时只需在 pkg/ePay 同级目录加 adapter。
+const (
+	ChannelEPay = "epay"
+)
+
+// Package 对应 recharge_packages 表。
+type Package struct {
+	ID          uint64    `db:"id" json:"id"`
+	Name        string    `db:"name" json:"name"`
+	PriceCNY    int       `db:"price_cny" json:"price_cny"` // 分
+	Credits     int64     `db:"credits" json:"credits"`     // 厘
+	Bonus       int64     `db:"bonus" json:"bonus"`         // 厘
+	Description string    `db:"description" json:"description"`
+	Sort        int       `db:"sort" json:"sort"`
+	Enabled     bool      `db:"enabled" json:"enabled"`
+	CreatedAt   time.Time `db:"created_at" json:"created_at"`
+	UpdatedAt   time.Time `db:"updated_at" json:"updated_at"`
+}
+
+// Order 对应 recharge_orders 表。
+// NotifyRaw / Remark 等非核心字段对用户 API 返回时会被剥掉。
+type Order struct {
+	ID          uint64     `db:"id" json:"id"`
+	OutTradeNo  string     `db:"out_trade_no" json:"out_trade_no"`
+	UserID      uint64     `db:"user_id" json:"user_id"`
+	PackageID   uint64     `db:"package_id" json:"package_id"`
+	PriceCNY    int        `db:"price_cny" json:"price_cny"`
+	Credits     int64      `db:"credits" json:"credits"`
+	Bonus       int64      `db:"bonus" json:"bonus"`
+	Channel     string     `db:"channel" json:"channel"`
+	PayMethod   string     `db:"pay_method" json:"pay_method"`
+	Status      string     `db:"status" json:"status"`
+	TradeNo     string     `db:"trade_no" json:"trade_no"`
+	PaidAt      *time.Time `db:"paid_at" json:"paid_at,omitempty"`
+	PayURL      string     `db:"pay_url" json:"pay_url,omitempty"`
+	ClientIP    string     `db:"client_ip" json:"-"`
+	NotifyRaw   *string    `db:"notify_raw" json:"-"`
+	Remark      string     `db:"remark" json:"remark,omitempty"`
+	CreatedAt   time.Time  `db:"created_at" json:"created_at"`
+	UpdatedAt   time.Time  `db:"updated_at" json:"updated_at"`
+}
+
+// TotalCredits 返回订单最终应到账的积分(基础 + 赠送)。
+func (o *Order) TotalCredits() int64 { return o.Credits + o.Bonus }
diff --git a/internal/recharge/service.go b/internal/recharge/service.go
new file mode 100644
index 00000000..36ae186d
--- /dev/null
+++ b/internal/recharge/service.go
@@ -0,0 +1,384 @@
+package recharge
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"net/url"
+
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/internal/billing"
+	"github.com/432539/gpt2api/internal/config"
+	"github.com/432539/gpt2api/internal/settings"
+	"github.com/432539/gpt2api/internal/user"
+	"github.com/432539/gpt2api/pkg/epay"
+	"github.com/432539/gpt2api/pkg/mailer"
+)
+
+var (
+	ErrPackageUnavailable  = errors.New("recharge: package not available")
+	ErrChannelDisabled     = errors.New("recharge: pay channel disabled")
+	ErrOrderNotFound       = errors.New("recharge: order not found")
+	ErrOrderStateInvalid   = errors.New("recharge: order state invalid")
+	ErrRechargeDisabled    = errors.New("recharge: recharge is disabled by admin")
+	ErrAmountOutOfRange    = errors.New("recharge: amount out of allowed range")
+	ErrDailyLimitExceeded  = errors.New("recharge: daily limit exceeded")
+)
+
+// Service 协调下单、回调入账、查询。
+type Service struct {
+	dao     *DAO
+	billing *billing.Engine
+	users   *user.DAO
+	signer  *epay.Signer
+	cfg     config.EPayConfig
+	mail    *mailer.Mailer
+	baseURL string // app.base_url 用于邮件里的链接
+	log     *zap.Logger
+
+	// settings 可为 nil(兼容旧调用方);为 nil 时使用硬编码兜底
+	settings *settings.Service
+}
+
+// SetSettings 注入系统设置,用于下单时的开关/金额/日上限/过期分钟。
+func (s *Service) SetSettings(ss *settings.Service) { s.settings = ss }
+
+// NewService 构造 Service。
+// ePayCfg.GatewayURL 为空时 Service.Enabled()==false,所有下单请求会被拒绝。
+func NewService(dao *DAO, bill *billing.Engine, users *user.DAO,
+	ePayCfg config.EPayConfig, mail *mailer.Mailer, baseURL string, log *zap.Logger,
+) *Service {
+	return &Service{
+		dao:     dao,
+		billing: bill,
+		users:   users,
+		signer:  epay.NewSigner(ePayCfg.PID, ePayCfg.Key, ePayCfg.SignType),
+		cfg:     ePayCfg,
+		mail:    mail,
+		baseURL: baseURL,
+		log:     log.With(zap.String("mod", "recharge")),
+	}
+}
+
+// Enabled 表示 epay 通道是否已配置完整(运维侧)。
+func (s *Service) Enabled() bool {
+	return s.cfg.GatewayURL != "" && s.cfg.PID != "" && s.cfg.Key != ""
+}
+
+// AdminEnabled 表示"管理员是否允许充值入口"(业务侧开关)。未注入 settings 视为允许。
+func (s *Service) AdminEnabled() bool {
+	if s.settings == nil {
+		return true
+	}
+	return s.settings.RechargeEnabled()
+}
+
+func (s *Service) MinAmountCNY() int64 {
+	if s.settings == nil {
+		return 0
+	}
+	return s.settings.RechargeMinCNY()
+}
+func (s *Service) MaxAmountCNY() int64 {
+	if s.settings == nil {
+		return 0
+	}
+	return s.settings.RechargeMaxCNY()
+}
+func (s *Service) DailyLimitCNY() int64 {
+	if s.settings == nil {
+		return 0
+	}
+	return s.settings.RechargeDailyLimitCNY()
+}
+func (s *Service) OrderExpireMinutes() int {
+	if s.settings == nil {
+		return 30
+	}
+	return s.settings.RechargeOrderExpireMin()
+}
+
+// ---------- Package 读 ----------
+
+func (s *Service) ListEnabledPackages(ctx context.Context) ([]Package, error) {
+	return s.dao.ListPackages(ctx, true)
+}
+
+// ---------- 下单 ----------
+
+// CreateInput 用户下单参数。
+type CreateInput struct {
+	UserID    uint64
+	PackageID uint64
+	// PayType 可选,决定 epay 网关跳出来默认哪种二维码。
+	// "" 让收银台自选;常见值 "alipay" / "wxpay"。
+	PayType  string
+	ClientIP string
+}
+
+// Create 创建订单并生成跳转 URL。
+func (s *Service) Create(ctx context.Context, in CreateInput) (*Order, error) {
+	if !s.Enabled() {
+		return nil, ErrChannelDisabled
+	}
+	// 充值总开关(settings 未注入时视为允许,兼容旧行为)
+	if s.settings != nil && !s.settings.RechargeEnabled() {
+		return nil, ErrRechargeDisabled
+	}
+	pkg, err := s.dao.GetPackage(ctx, in.PackageID)
+	if err != nil {
+		return nil, err
+	}
+	if !pkg.Enabled {
+		return nil, ErrPackageUnavailable
+	}
+
+	// 金额范围(分)+ 单用户每日累计上限校验
+	if s.settings != nil {
+		price := int64(pkg.PriceCNY)
+		if min := s.settings.RechargeMinCNY(); min > 0 && price < min {
+			return nil, ErrAmountOutOfRange
+		}
+		if max := s.settings.RechargeMaxCNY(); max > 0 && price > max {
+			return nil, ErrAmountOutOfRange
+		}
+		if cap := s.settings.RechargeDailyLimitCNY(); cap > 0 {
+			already, err := s.dao.SumPaidTodayCNY(ctx, in.UserID)
+			if err != nil {
+				return nil, err
+			}
+			if already+price > cap {
+				return nil, ErrDailyLimitExceeded
+			}
+		}
+	}
+
+	outTradeNo := genTradeNo()
+	extra := map[string]string{}
+	if in.PayType != "" {
+		extra["type"] = in.PayType
+	}
+	payURL, err := s.signer.BuildPayURL(
+		s.cfg.GatewayURL, outTradeNo, pkg.Name,
+		pkg.PriceCNY, s.cfg.NotifyURL, s.cfg.ReturnURL, extra,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	o := &Order{
+		OutTradeNo: outTradeNo,
+		UserID:     in.UserID,
+		PackageID:  pkg.ID,
+		PriceCNY:   pkg.PriceCNY,
+		Credits:    pkg.Credits,
+		Bonus:      pkg.Bonus,
+		Channel:    ChannelEPay,
+		PayMethod:  in.PayType,
+		Status:     StatusPending,
+		PayURL:     payURL,
+		ClientIP:   in.ClientIP,
+		Remark:     pkg.Name,
+	}
+	if _, err := s.dao.CreateOrder(ctx, o); err != nil {
+		return nil, err
+	}
+	return o, nil
+}
+
+// CancelByUser 用户主动取消 pending 订单。
+// 已支付订单不允许取消。
+func (s *Service) CancelByUser(ctx context.Context, userID, orderID uint64) error {
+	o, err := s.dao.GetByID(ctx, orderID)
+	if err != nil {
+		return err
+	}
+	if o.UserID != userID {
+		return ErrOrderNotFound // 越权一律按 not-found 处理,防枚举
+	}
+	if o.Status != StatusPending {
+		return ErrOrderStateInvalid
+	}
+	_, err = s.dao.DB().ExecContext(ctx,
+		`UPDATE recharge_orders SET status = ? WHERE id = ? AND status = ?`,
+		StatusCancelled, orderID, StatusPending)
+	return err
+}
+
+// ---------- 回调入账 ----------
+
+// HandleNotify 异步回调处理。返回 (上游期望文本, error)。
+//  - 上游期望文本:按 epay 规范,无论"成功/已处理"都必须回 "success";
+//    只有完全没处理 / 有异常时才允许回其它内容,以触发上游重发。
+//  - 我们出于幂等,收到一笔**已入账**的订单再次回调,也回 "success"。
+func (s *Service) HandleNotify(ctx context.Context, form url.Values) (string, error) {
+	pl, err := s.signer.ParseNotify(form)
+	if err != nil {
+		s.log.Warn("notify signature invalid",
+			zap.String("out_trade_no", form.Get("out_trade_no")))
+		return "fail", err
+	}
+	o, err := s.dao.GetByOutTradeNo(ctx, pl.OutTradeNo)
+	if err != nil {
+		s.log.Warn("notify order not found",
+			zap.String("out_trade_no", pl.OutTradeNo))
+		return "fail", err
+	}
+
+	// 幂等
+	if o.Status == StatusPaid {
+		return "success", nil
+	}
+	if pl.TradeStatus != "TRADE_SUCCESS" {
+		// 上游可能先发一笔"等待付款"之类中间状态,这里简单回 success,后续覆盖。
+		return "success", nil
+	}
+
+	// 金额二次校验:money 是 "元",priceCNY 是 "分"
+	if err := verifyAmount(pl.Money, o.PriceCNY); err != nil {
+		s.log.Warn("notify amount mismatch",
+			zap.String("out_trade_no", pl.OutTradeNo),
+			zap.String("got_money", pl.Money),
+			zap.Int("want_fen", o.PriceCNY))
+		return "fail", err
+	}
+
+	if err := s.settle(ctx, o, pl); err != nil {
+		s.log.Error("notify settle failed",
+			zap.String("out_trade_no", pl.OutTradeNo),
+			zap.Error(err))
+		return "fail", err
+	}
+	return "success", nil
+}
+
+// settle 单次入账:更新订单为 paid + billing.Recharge 增加积分。
+// 这里用两段式:先在 recharge 事务内把订单 CAS 成 paid,再调用 billing。
+// billing 内部自己开事务,两段失败时会在日志里留痕(极罕见,需要人工对账)。
+func (s *Service) settle(ctx context.Context, o *Order, pl *epay.NotifyPayload) error {
+	// CAS: pending -> paid,避免双发回调重复入账
+	res, err := s.dao.DB().ExecContext(ctx,
+		`UPDATE recharge_orders
+           SET status = ?, trade_no = ?, pay_method = ?, paid_at = NOW(),
+               notify_raw = ?
+         WHERE id = ? AND status = ?`,
+		StatusPaid, pl.TradeNo, pl.Type, rawDump(pl.Raw), o.ID, StatusPending)
+	if err != nil {
+		return err
+	}
+	n, _ := res.RowsAffected()
+	if n == 0 {
+		// 并发下已被另一条回调处理过
+		return nil
+	}
+
+	refID := fmt.Sprintf("order:%s", o.OutTradeNo)
+	remark := fmt.Sprintf("充值:%s", o.Remark)
+	total := o.TotalCredits()
+	if err := s.billing.Recharge(ctx, o.UserID, total, refID, remark); err != nil {
+		// 钱到了但积分没加 —— 回滚到 pending 等待人工介入
+		s.log.Error("BILLING FAILED AFTER PAID, needs manual intervention",
+			zap.String("out_trade_no", o.OutTradeNo), zap.Error(err))
+		return err
+	}
+
+	// 异步邮件通知(失败不影响主流程)
+	if s.mail != nil && !s.mail.Disabled() {
+		if u, err := s.users.GetByID(ctx, o.UserID); err == nil && u.Email != "" {
+			subject, html := mailer.RenderPaid(u.Nickname, o.OutTradeNo, o.PriceCNY, o.Credits, o.Bonus, nowUTC())
+			s.mail.Send(mailer.Message{To: u.Email, Subject: subject, HTML: html})
+		}
+	}
+	return nil
+}
+
+// ---------- admin/ Package 写 ----------
+
+func (s *Service) AdminCreatePackage(ctx context.Context, p *Package) (uint64, error) {
+	return s.dao.CreatePackage(ctx, p)
+}
+func (s *Service) AdminUpdatePackage(ctx context.Context, p *Package) error {
+	return s.dao.UpdatePackage(ctx, p)
+}
+func (s *Service) AdminDeletePackage(ctx context.Context, id uint64) error {
+	return s.dao.DeletePackage(ctx, id)
+}
+func (s *Service) AdminListPackages(ctx context.Context) ([]Package, error) {
+	return s.dao.ListPackages(ctx, false)
+}
+
+// ---------- Orders 读 ----------
+
+func (s *Service) ListUserOrders(ctx context.Context, userID uint64, status string, offset, limit int) ([]Order, int64, error) {
+	return s.dao.List(ctx, ListFilter{UserID: userID, Status: status}, offset, limit)
+}
+
+func (s *Service) AdminListOrders(ctx context.Context, f ListFilter, offset, limit int) ([]Order, int64, error) {
+	return s.dao.List(ctx, f, offset, limit)
+}
+
+// AdminForcePaid 管理员手工将 pending 订单置为已支付并入账(发卡出错时的应急通道)。
+func (s *Service) AdminForcePaid(ctx context.Context, orderID uint64, actorID uint64) error {
+	o, err := s.dao.GetByID(ctx, orderID)
+	if err != nil {
+		return err
+	}
+	if o.Status != StatusPending {
+		return ErrOrderStateInvalid
+	}
+	res, err := s.dao.DB().ExecContext(ctx,
+		`UPDATE recharge_orders
+           SET status = ?, paid_at = NOW(), trade_no = IFNULL(NULLIF(trade_no,''), ?)
+         WHERE id = ? AND status = ?`,
+		StatusPaid, fmt.Sprintf("manual-%d", actorID), orderID, StatusPending)
+	if err != nil {
+		return err
+	}
+	if n, _ := res.RowsAffected(); n == 0 {
+		return ErrOrderStateInvalid
+	}
+	refID := fmt.Sprintf("order:%s", o.OutTradeNo)
+	remark := fmt.Sprintf("管理员手工入账:%s by admin=%d", o.Remark, actorID)
+	return s.billing.Recharge(ctx, o.UserID, o.TotalCredits(), refID, remark)
+}
+
+// ---------- helpers ----------
+
+// genTradeNo 生成 32 位小写 hex。用 crypto/rand 防撞(绝对不会用 time-based)。
+func genTradeNo() string {
+	var b [16]byte
+	_, _ = rand.Read(b[:])
+	return hex.EncodeToString(b[:])
+}
+
+// rawDump 把回调原文拼成 "k=v&k=v",方便排查。不参与签名。
+func rawDump(m map[string]string) *string {
+	if len(m) == 0 {
+		return nil
+	}
+	v := url.Values{}
+	for k, vv := range m {
+		v.Set(k, vv)
+	}
+	s := v.Encode()
+	return &s
+}
+
+// verifyAmount 把 "12.00" 和 1200(分) 对比。
+func verifyAmount(money string, wantFen int) error {
+	var f float64
+	if _, err := fmt.Sscanf(money, "%f", &f); err != nil {
+		return fmt.Errorf("invalid money: %w", err)
+	}
+	got := int(f*100 + 0.5)
+	if got != wantFen {
+		return fmt.Errorf("amount mismatch: got %d fen, want %d", got, wantFen)
+	}
+	return nil
+}
+
+// nowUTC 抽离以便单测 stub。
+var nowUTC = defaultNowUTC
diff --git a/internal/recharge/time.go b/internal/recharge/time.go
new file mode 100644
index 00000000..b6e562d9
--- /dev/null
+++ b/internal/recharge/time.go
@@ -0,0 +1,5 @@
+package recharge
+
+import "time"
+
+func defaultNowUTC() time.Time { return time.Now().UTC() }
diff --git a/internal/scheduler/scheduler.go b/internal/scheduler/scheduler.go
new file mode 100644
index 00000000..07c1606c
--- /dev/null
+++ b/internal/scheduler/scheduler.go
@@ -0,0 +1,347 @@
+// Package scheduler 负责 chatgpt.com 账号的并发安全调度。
+//
+// 核心规则(参考 RISK_AND_SAAS.md):
+//   1. 一号一锁:同账号同时只允许 1 个请求占用(Redis SETNX)。
+//   2. 最小间隔:同账号相邻请求 >= min_interval_sec。
+//   3. 每日配额:today_used_count < daily_image_quota * daily_usage_ratio。
+//   4. 状态机:healthy -> warned -> throttled -> suspicious -> dead,冷却过期自动恢复。
+//   5. 选择策略:status=healthy + cooldown 到期 + last_used_at 最早的优先。
+package scheduler
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/google/uuid"
+
+	"github.com/432539/gpt2api/internal/account"
+	"github.com/432539/gpt2api/internal/config"
+	"github.com/432539/gpt2api/internal/proxy"
+	"github.com/432539/gpt2api/pkg/lock"
+	"github.com/432539/gpt2api/pkg/logger"
+
+	"go.uber.org/zap"
+)
+
+// ErrNoAvailable 没有任何账号可用。
+var ErrNoAvailable = errors.New("scheduler: no available account")
+
+// Lease 代表一次账号占用的租约。
+type Lease struct {
+	Account     *account.Account
+	AuthToken   string // 已解密
+	ProxyURL    string // 已带密码
+	ProxyID     uint64
+	DeviceID    string
+	SessionID   string // oai_session_id(按账号稳定)
+	lockKey     string
+	lockToken   string
+	releaseFunc func(context.Context) error
+}
+
+// Release 释放锁并更新账号 last_used_at / today_used。
+func (l *Lease) Release(ctx context.Context) error {
+	if l.releaseFunc != nil {
+		return l.releaseFunc(ctx)
+	}
+	return nil
+}
+
+// RuntimeParams 调度器运行期可热更的参数。
+//   - 由外部 settings.Service 提供回调,每次读都取最新值;
+//   - 回调未注入时回退到 cfg 的静态值。
+type RuntimeParams struct {
+	// 为 nil 时 Scheduler 使用 cfg 里的静态值。
+	DailyUsageRatio func() float64
+	Cooldown429Sec  func() int
+	WarnedPauseHrs  func() int
+	// QueueWaitSec 拿不到空闲账号时最长排队等待秒数,≤0 表示不排队(老语义)。
+	QueueWaitSec func() int
+}
+
+// Scheduler 账号调度器。
+type Scheduler struct {
+	accSvc   *account.Service
+	proxySvc *proxy.Service
+	lock     *lock.RedisLock
+	cfg      config.SchedulerConfig
+	rt       RuntimeParams
+}
+
+func New(
+	accSvc *account.Service,
+	proxySvc *proxy.Service,
+	rl *lock.RedisLock,
+	cfg config.SchedulerConfig,
+) *Scheduler {
+	if cfg.LockTTLSec <= 0 {
+		cfg.LockTTLSec = 180
+	}
+	if cfg.MinIntervalSec <= 0 {
+		cfg.MinIntervalSec = 5
+	}
+	if cfg.DailyUsageRatio <= 0 {
+		cfg.DailyUsageRatio = 0.8
+	}
+	if cfg.Cooldown429Sec <= 0 {
+		cfg.Cooldown429Sec = 300
+	}
+	return &Scheduler{accSvc: accSvc, proxySvc: proxySvc, lock: rl, cfg: cfg}
+}
+
+// SetRuntime 注入运行期可热更的参数。建议在 main 里一次性设置:
+//
+//	sched.SetRuntime(scheduler.RuntimeParams{
+//	    DailyUsageRatio: settingsSvc.DailyUsageRatio,
+//	    Cooldown429Sec:  settingsSvc.Cooldown429Sec,
+//	    WarnedPauseHrs:  settingsSvc.WarnedPauseHours,
+//	})
+func (s *Scheduler) SetRuntime(p RuntimeParams) { s.rt = p }
+
+// 下面三个 getter 用于内部调用,保证"有回调用回调,否则用 cfg"。
+func (s *Scheduler) dailyUsageRatio() float64 {
+	if s.rt.DailyUsageRatio != nil {
+		if v := s.rt.DailyUsageRatio(); v > 0 && v <= 1 {
+			return v
+		}
+	}
+	return s.cfg.DailyUsageRatio
+}
+func (s *Scheduler) cooldown429() time.Duration {
+	if s.rt.Cooldown429Sec != nil {
+		if v := s.rt.Cooldown429Sec(); v > 0 {
+			return time.Duration(v) * time.Second
+		}
+	}
+	return time.Duration(s.cfg.Cooldown429Sec) * time.Second
+}
+func (s *Scheduler) warnedPause() time.Duration {
+	if s.rt.WarnedPauseHrs != nil {
+		if v := s.rt.WarnedPauseHrs(); v > 0 {
+			return time.Duration(v) * time.Hour
+		}
+	}
+	return time.Duration(s.cfg.WarnedPauseHours) * time.Hour
+}
+
+// queueWait 拿不到账号时的最长排队等待时间。
+// 返回 0 表示关闭排队(立即返回 ErrNoAvailable)。
+func (s *Scheduler) queueWait() time.Duration {
+	if s.rt.QueueWaitSec != nil {
+		if v := s.rt.QueueWaitSec(); v >= 0 {
+			return time.Duration(v) * time.Second
+		}
+	}
+	return 120 * time.Second
+}
+
+// Dispatch 为本次请求挑选一个账号并加锁。调用方必须 defer lease.Release(ctx)。
+//
+// 语义(一号一任务 + 排队):
+//   - 同账号同时只允许 1 个请求持有 Redis 锁(acct:lock:{id},SETNX+TTL)。
+//   - 扫一遍所有 candidate 都被锁住 / 不满足 min_interval / 日配额时,
+//     不立即返回失败,而是按指数退避轮询重试,直到拿到锁或超过 queueWait。
+//   - queueWait=0 时退化为老语义(扫一次,失败即返回 ErrNoAvailable)。
+func (s *Scheduler) Dispatch(ctx context.Context, modelType string) (*Lease, error) {
+	deadline := time.Now().Add(s.queueWait())
+
+	const (
+		minBackoff = 200 * time.Millisecond
+		maxBackoff = 2 * time.Second
+	)
+	backoff := minBackoff
+
+	attempt := 0
+	start := time.Now()
+
+	for {
+		attempt++
+		lease, err := s.tryDispatchOnce(ctx, modelType)
+		if err == nil {
+			if attempt > 1 {
+				logger.L().Info("scheduler queued dispatch ok",
+					zap.Int("attempt", attempt),
+					zap.Duration("waited", time.Since(start)),
+					zap.Uint64("account_id", lease.Account.ID))
+			}
+			return lease, nil
+		}
+		if !errors.Is(err, ErrNoAvailable) {
+			return nil, err
+		}
+
+		// 所有候选都忙或不就绪:排队等待。
+		if !time.Now().Before(deadline) {
+			return nil, ErrNoAvailable
+		}
+		wait := backoff
+		if remain := time.Until(deadline); remain < wait {
+			wait = remain
+		}
+		if wait <= 0 {
+			return nil, ErrNoAvailable
+		}
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case <-time.After(wait):
+		}
+		// 指数退避(×1.5)
+		backoff += backoff / 2
+		if backoff > maxBackoff {
+			backoff = maxBackoff
+		}
+	}
+}
+
+// tryDispatchOnce 扫一遍 candidate,尝试为其中一个加锁;
+// 全部 candidate 都被锁 / 不满足 min_interval / 日配额时返回 ErrNoAvailable。
+func (s *Scheduler) tryDispatchOnce(ctx context.Context, modelType string) (*Lease, error) {
+	limit := 30
+	dao := s.accSvc.DAO()
+	candidates, err := dao.ListDispatchable(ctx, limit)
+	if err != nil {
+		return nil, fmt.Errorf("scheduler list: %w", err)
+	}
+	if len(candidates) == 0 {
+		return nil, ErrNoAvailable
+	}
+
+	now := time.Now()
+	minInterval := time.Duration(s.cfg.MinIntervalSec) * time.Second
+
+	for _, acc := range candidates {
+		if acc.LastUsedAt.Valid && now.Sub(acc.LastUsedAt.Time) < minInterval {
+			continue
+		}
+		if acc.DailyImageQuota > 0 {
+			usedToday := 0
+			if acc.TodayUsedDate.Valid && sameDay(acc.TodayUsedDate.Time, now) {
+				usedToday = acc.TodayUsedCount
+			}
+			max := int(float64(acc.DailyImageQuota) * s.dailyUsageRatio())
+			if max > 0 && usedToday >= max {
+				continue
+			}
+		}
+		lease, err := s.tryLock(ctx, acc)
+		if err == nil {
+			return lease, nil
+		}
+		if errors.Is(err, lock.ErrNotAcquired) {
+			// 被别的请求占用,下一个候选
+			continue
+		}
+		logger.L().Warn("scheduler tryLock error",
+			zap.Uint64("account_id", acc.ID), zap.Error(err))
+	}
+	return nil, ErrNoAvailable
+}
+
+func (s *Scheduler) tryLock(ctx context.Context, acc *account.Account) (*Lease, error) {
+	key := fmt.Sprintf("acct:lock:%d", acc.ID)
+	token := uuid.NewString()
+	ttl := time.Duration(s.cfg.LockTTLSec) * time.Second
+	if err := s.lock.Acquire(ctx, key, token, ttl); err != nil {
+		return nil, err
+	}
+
+	authToken, err := s.accSvc.DecryptAuthToken(acc)
+	if err != nil {
+		_ = s.lock.Release(ctx, key, token)
+		return nil, fmt.Errorf("decrypt auth_token: %w", err)
+	}
+
+	// 首次使用时为账号补发一个持久化的 oai_device_id(导入时常为空)。
+	// chatgpt.com 要求请求头带 oai-device-id,等同于浏览器首访拿到的 oai-did cookie;
+	// 一次生成后持久化,账号绑定的"设备身份"保持稳定,避免每次换 id 触发风控。
+	deviceID := acc.OAIDeviceID
+	if deviceID == "" {
+		gen := uuid.NewString()
+		if fixed, err := s.accSvc.DAO().EnsureDeviceID(ctx, acc.ID, gen); err == nil && fixed != "" {
+			deviceID = fixed
+			acc.OAIDeviceID = fixed
+		} else {
+			deviceID = gen
+		}
+	}
+
+	// oai_session_id:真实浏览器是"每打开页面生成一次"。为了保持账号行为稳定
+	// (风控倾向于把频繁变换 session_id 的账号识别为脚本),我们按账号持久化,
+	// 与 device_id 同策略。
+	sessionID := acc.OAISessionID
+	if sessionID == "" {
+		gen := uuid.NewString()
+		if fixed, err := s.accSvc.DAO().EnsureSessionID(ctx, acc.ID, gen); err == nil && fixed != "" {
+			sessionID = fixed
+			acc.OAISessionID = fixed
+		} else {
+			sessionID = gen
+		}
+	}
+
+	var proxyURL string
+	var proxyID uint64
+	if b, _ := s.accSvc.GetBinding(ctx, acc.ID); b != nil {
+		p, err := s.proxySvc.Get(ctx, b.ProxyID)
+		if err == nil && p != nil && p.Enabled {
+			if u, err := s.proxySvc.BuildURL(p); err == nil {
+				proxyURL = u
+				proxyID = p.ID
+			}
+		}
+	}
+
+	accCopy := acc
+	lease := &Lease{
+		Account:   accCopy,
+		AuthToken: authToken,
+		ProxyURL:  proxyURL,
+		ProxyID:   proxyID,
+		DeviceID:  deviceID,
+		SessionID: sessionID,
+		lockKey:   key,
+		lockToken: token,
+	}
+	lease.releaseFunc = func(c context.Context) error {
+		today := truncateDay(time.Now())
+		_ = s.accSvc.DAO().MarkUsed(c, accCopy.ID, today)
+		return s.lock.Release(c, key, token)
+	}
+	return lease, nil
+}
+
+// MarkRateLimited 上游 429:标记账号冷却并降级状态。
+func (s *Scheduler) MarkRateLimited(ctx context.Context, accountID uint64) {
+	cooldown := time.Now().Add(s.cooldown429())
+	_ = s.accSvc.DAO().SetStatus(ctx, accountID, account.StatusThrottled, &cooldown)
+}
+
+// MarkWarned 上游返回 suspicious 横幅时降级。
+func (s *Scheduler) MarkWarned(ctx context.Context, accountID uint64) {
+	pause := time.Now().Add(s.warnedPause())
+	_ = s.accSvc.DAO().SetStatus(ctx, accountID, account.StatusWarned, &pause)
+}
+
+// MarkDead 账号彻底不可用(403/token 失效)。
+func (s *Scheduler) MarkDead(ctx context.Context, accountID uint64) {
+	_ = s.accSvc.DAO().SetStatus(ctx, accountID, account.StatusDead, nil)
+}
+
+// RestoreHealthy 调度成功后回归健康(仅对 throttled 且冷却到期有效,
+// 简单起见此处不强检查,由管理员按需恢复)。
+func (s *Scheduler) RestoreHealthy(ctx context.Context, accountID uint64) {
+	_ = s.accSvc.DAO().SetStatus(ctx, accountID, account.StatusHealthy, nil)
+}
+
+// ------ helpers ------
+
+func truncateDay(t time.Time) time.Time {
+	return time.Date(t.Year(), t.Month(), t.Day(), 0, 0, 0, 0, t.Location())
+}
+
+func sameDay(a, b time.Time) bool {
+	return a.Year() == b.Year() && a.Month() == b.Month() && a.Day() == b.Day()
+}
diff --git a/internal/server/router.go b/internal/server/router.go
new file mode 100644
index 00000000..a9686feb
--- /dev/null
+++ b/internal/server/router.go
@@ -0,0 +1,388 @@
+package server
+
+import (
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/account"
+	"github.com/432539/gpt2api/internal/apikey"
+	"github.com/432539/gpt2api/internal/audit"
+	"github.com/432539/gpt2api/internal/auth"
+	"github.com/432539/gpt2api/internal/backup"
+	"github.com/432539/gpt2api/internal/channel"
+	"github.com/432539/gpt2api/internal/config"
+	"github.com/432539/gpt2api/internal/gateway"
+	"github.com/432539/gpt2api/internal/image"
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/internal/model"
+	"github.com/432539/gpt2api/internal/proxy"
+	"github.com/432539/gpt2api/internal/rbac"
+	"github.com/432539/gpt2api/internal/recharge"
+	"github.com/432539/gpt2api/internal/settings"
+	"github.com/432539/gpt2api/internal/usage"
+	"github.com/432539/gpt2api/internal/user"
+	pkgjwt "github.com/432539/gpt2api/pkg/jwt"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// Deps 汇集路由依赖。
+type Deps struct {
+	Config *config.Config
+	JWT    *pkgjwt.Manager
+
+	AuthH *auth.Handler
+	UserH *user.Handler
+
+	KeySvc     *apikey.Service
+	KeyH       *apikey.Handler
+	ProxyH     *proxy.Handler
+	AccountH   *account.Handler
+	ChannelH   *channel.Handler
+
+	GatewayH *gateway.Handler
+	ImagesH  *gateway.ImagesHandler
+
+	BackupH      *backup.Handler
+	AuditH       *audit.Handler
+	AuditDAO     *audit.DAO
+	AdminUserH   *user.AdminHandler
+	AdminGroupH  *user.AdminGroupHandler
+
+	AdminModelH *model.AdminHandler
+	AdminKeyH   *apikey.AdminHandler
+	AdminUsageH *usage.AdminHandler
+
+	// 生成面板:当前用户视角的 usage / image 只读接口
+	MeUsageH *usage.MeHandler
+	MeImageH *image.MeHandler
+
+	AdminImageH *image.AdminHandler
+
+	RechargeH      *recharge.Handler
+	AdminRechargeH *recharge.AdminHandler
+
+	SettingsH *settings.Handler
+}
+
+// New 构建 gin.Engine 并挂载所有路由。
+func New(d *Deps) *gin.Engine {
+	if d.Config.App.Env == "prod" {
+		gin.SetMode(gin.ReleaseMode)
+	}
+
+	r := gin.New()
+	r.Use(
+		middleware.RequestID(),
+		middleware.Recover(),
+		middleware.AccessLog(),
+		middleware.CORS(d.Config.Security.CORSOrigins),
+	)
+
+	r.GET("/healthz", func(c *gin.Context) { resp.OK(c, gin.H{"status": "ok"}) })
+	r.GET("/readyz", func(c *gin.Context) { resp.OK(c, gin.H{"status": "ok"}) })
+
+	// ---- 内部管理 API(JWT) ----
+	api := r.Group("/api")
+	{
+		authGrp := api.Group("/auth")
+		{
+			authGrp.POST("/register", d.AuthH.Register)
+			authGrp.POST("/login", d.AuthH.Login)
+			authGrp.POST("/refresh", d.AuthH.Refresh)
+		}
+
+		authed := api.Group("", middleware.JWTAuth(d.JWT))
+		{
+			authed.GET("/me", d.UserH.Me)
+			authed.GET("/me/menu", d.UserH.Menu)
+
+			// 用户端 API Key 管理(需 self:key 权限,普通用户/管理员都持有)
+			keys := authed.Group("/keys", middleware.RequirePerm(rbac.PermSelfKey))
+			{
+				keys.POST("", d.KeyH.Create)
+				keys.GET("", d.KeyH.List)
+				keys.PATCH("/:id", d.KeyH.Update)
+				keys.DELETE("/:id", d.KeyH.Delete)
+			}
+
+			// 充值(自己的订单、下单、取消)
+			if d.RechargeH != nil {
+				rg := authed.Group("/recharge", middleware.RequirePerm(rbac.PermSelfRecharge))
+				{
+					rg.GET("/packages", d.RechargeH.ListPackages)
+					rg.POST("/orders", d.RechargeH.CreateOrder)
+					rg.GET("/orders", d.RechargeH.ListMyOrders)
+					rg.POST("/orders/:id/cancel", d.RechargeH.CancelOrder)
+				}
+			}
+
+			// 生成面板:当前用户的用量明细(文字 token) + 图片任务历史
+			if d.MeUsageH != nil {
+				ug := authed.Group("/me/usage", middleware.RequirePerm(rbac.PermSelfUsage))
+				{
+					ug.GET("/logs", d.MeUsageH.Logs)
+					ug.GET("/stats", d.MeUsageH.Stats)
+				}
+			}
+			// 当前用户的积分流水(只读)
+			authed.GET("/me/credit-logs",
+				middleware.RequirePerm(rbac.PermSelfUsage), d.UserH.CreditLogs)
+			if d.MeImageH != nil {
+				ig := authed.Group("/me/images", middleware.RequirePerm(rbac.PermSelfImage))
+				{
+					ig.GET("/tasks", d.MeImageH.List)
+					ig.GET("/tasks/:id", d.MeImageH.Get)
+				}
+			}
+			if d.AdminModelH != nil {
+				// 普通用户视角的 enabled 模型列表(用于面板下拉)
+				authed.GET("/me/models", d.AdminModelH.ListEnabledForMe)
+			}
+
+			// ---- 在线体验:复用 /v1 handler,但入口是 JWT 鉴权 + 自动映射内部 key ----
+			if d.GatewayH != nil && d.KeySvc != nil {
+				pg := authed.Group("/me/playground", gateway.JWTAsPlaygroundKey(d.KeySvc))
+				{
+					pg.POST("/chat", d.GatewayH.ChatCompletions)
+					if d.ImagesH != nil {
+						pg.POST("/image", gateway.PlaygroundImagePreflight(), d.ImagesH.ImageGenerations)
+						pg.POST("/image-edit", gateway.PlaygroundImagePreflight(), d.ImagesH.ImageEdits)
+					}
+				}
+			}
+		}
+
+		// 公开接口(无需 JWT)
+		pub := api.Group("/public")
+		if d.SettingsH != nil {
+			pub.GET("/site-info", d.SettingsH.Public)
+		}
+		if d.RechargeH != nil {
+			pub.POST("/epay/notify", d.RechargeH.EPayNotify)
+			pub.GET("/epay/notify", d.RechargeH.EPayNotify)
+		}
+
+		// admin 全组强制 RequireAdmin;所有写操作再通过 audit.Middleware 自动落审计。
+		adminMW := []gin.HandlerFunc{
+			middleware.JWTAuth(d.JWT),
+			middleware.RequireAdmin(),
+		}
+		if d.AuditDAO != nil {
+			adminMW = append(adminMW, audit.Middleware(d.AuditDAO))
+		}
+		admin := api.Group("/admin", adminMW...)
+		{
+			admin.GET("/ping", func(c *gin.Context) { resp.OK(c, gin.H{"msg": "admin pong"}) })
+
+			// 代理池
+			pg := admin.Group("/proxies", middleware.RequirePerm(rbac.PermProxyRead, rbac.PermProxyWrite))
+			{
+				pg.POST("", middleware.RequirePerm(rbac.PermProxyWrite), d.ProxyH.Create)
+				pg.POST("/import", middleware.RequirePerm(rbac.PermProxyWrite), d.ProxyH.Import)
+				pg.POST("/probe-all", middleware.RequirePerm(rbac.PermProxyWrite), d.ProxyH.ProbeAll)
+				pg.GET("", d.ProxyH.List)
+				pg.GET("/:id", d.ProxyH.Get)
+				pg.POST("/:id/probe", middleware.RequirePerm(rbac.PermProxyWrite), d.ProxyH.Probe)
+				pg.PATCH("/:id", middleware.RequirePerm(rbac.PermProxyWrite), d.ProxyH.Update)
+				pg.DELETE("/:id", middleware.RequirePerm(rbac.PermProxyWrite), d.ProxyH.Delete)
+			}
+
+			// 账号池
+			ag := admin.Group("/accounts", middleware.RequirePerm(rbac.PermAccountRead, rbac.PermAccountWrite))
+			{
+				ag.POST("", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.Create)
+				ag.POST("/import", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.Import)
+				ag.POST("/import-tokens", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.ImportTokens)
+				ag.POST("/refresh-all", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.RefreshAll)
+				ag.POST("/probe-quota-all", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.ProbeQuotaAll)
+				ag.POST("/bulk-delete", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.BulkDelete)
+				ag.GET("/auto-refresh", d.AccountH.GetAutoRefresh)
+				ag.PUT("/auto-refresh", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.SetAutoRefresh)
+				ag.GET("/quota-summary", d.AccountH.QuotaSummary)
+				ag.GET("", d.AccountH.List)
+				ag.GET("/:id", d.AccountH.Get)
+				ag.GET("/:id/secrets", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.GetSecrets)
+				ag.PATCH("/:id", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.Update)
+				ag.DELETE("/:id", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.Delete)
+				ag.POST("/:id/refresh", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.Refresh)
+				ag.POST("/:id/probe-quota", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.ProbeQuota)
+				ag.POST("/:id/bind-proxy", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.BindProxy)
+				ag.DELETE("/:id/bind-proxy", middleware.RequirePerm(rbac.PermAccountWrite), d.AccountH.UnbindProxy)
+			}
+
+			// ---- 用户管理 ----
+			if d.AdminUserH != nil {
+				ug := admin.Group("/users", middleware.RequirePerm(rbac.PermUserRead, rbac.PermUserWrite))
+				{
+					ug.GET("", d.AdminUserH.List)
+					ug.POST("", middleware.RequirePerm(rbac.PermUserWrite), d.AdminUserH.Create)
+					ug.GET("/:id", d.AdminUserH.Get)
+					ug.PATCH("/:id", middleware.RequirePerm(rbac.PermUserWrite), d.AdminUserH.Update)
+					ug.POST("/:id/reset-password",
+						middleware.RequirePerm(rbac.PermUserWrite), d.AdminUserH.ResetPassword)
+					ug.DELETE("/:id", middleware.RequirePerm(rbac.PermUserWrite), d.AdminUserH.Delete)
+					// 积分调账
+					ug.POST("/:id/credits/adjust",
+						middleware.RequirePerm(rbac.PermUserCredit), d.AdminUserH.Adjust)
+					ug.GET("/:id/credit-logs",
+						middleware.RequirePerm(rbac.PermUsageReadAll), d.AdminUserH.CreditLogs)
+				}
+
+				// ---- 积分管理(全局视图) ----
+				cg := admin.Group("/credits", middleware.RequirePerm(rbac.PermUserCredit))
+				{
+					cg.GET("/summary", d.AdminUserH.CreditsSummary)
+					cg.GET("/logs", d.AdminUserH.CreditLogsGlobal)
+					cg.POST("/adjust", d.AdminUserH.AdjustByUser)
+				}
+			}
+
+			// ---- 用户分组 ----
+			if d.AdminGroupH != nil {
+				gg := admin.Group("/groups", middleware.RequirePerm(rbac.PermGroupWrite))
+				{
+					gg.GET("", d.AdminGroupH.List)
+					gg.POST("", d.AdminGroupH.Create)
+					gg.PUT("/:id", d.AdminGroupH.Update)
+					gg.DELETE("/:id", d.AdminGroupH.Delete)
+				}
+			}
+
+			// 审计日志只读
+			if d.AuditH != nil {
+				auditG := admin.Group("/audit", middleware.RequirePerm(rbac.PermAuditRead))
+				auditG.GET("/logs", d.AuditH.List)
+			}
+
+			// 生成记录(管理员全局视图)
+			if d.AdminImageH != nil {
+				admin.GET("/image-tasks", middleware.RequirePerm(rbac.PermUsageReadAll), d.AdminImageH.List)
+			}
+
+			// ---- 上游渠道(OpenAI/Gemini 兼容) ----
+			if d.ChannelH != nil {
+				cg := admin.Group("/channels",
+					middleware.RequirePerm(rbac.PermChannelRead, rbac.PermChannelWrite))
+				{
+					cg.GET("", d.ChannelH.List)
+					cg.POST("", middleware.RequirePerm(rbac.PermChannelWrite), d.ChannelH.Create)
+					cg.GET("/:id", d.ChannelH.Get)
+					cg.PATCH("/:id", middleware.RequirePerm(rbac.PermChannelWrite), d.ChannelH.Update)
+					cg.DELETE("/:id", middleware.RequirePerm(rbac.PermChannelWrite), d.ChannelH.Delete)
+					cg.POST("/:id/test", middleware.RequirePerm(rbac.PermChannelWrite), d.ChannelH.Test)
+					cg.GET("/:id/mappings", d.ChannelH.ListMappings)
+					cg.POST("/:id/mappings",
+						middleware.RequirePerm(rbac.PermChannelWrite), d.ChannelH.CreateMapping)
+				}
+				// 映射单条操作:另起一组,避免和 /channels/:id 冲突。
+				mg := admin.Group("/channel-mappings",
+					middleware.RequirePerm(rbac.PermChannelRead, rbac.PermChannelWrite))
+				{
+					mg.PATCH("/:mid",
+						middleware.RequirePerm(rbac.PermChannelWrite), d.ChannelH.UpdateMapping)
+					mg.DELETE("/:mid",
+						middleware.RequirePerm(rbac.PermChannelWrite), d.ChannelH.DeleteMapping)
+				}
+			}
+
+			// ---- 模型配置 ----
+			if d.AdminModelH != nil {
+				mg := admin.Group("/models",
+					middleware.RequirePerm(rbac.PermModelRead, rbac.PermModelWrite))
+				{
+					mg.GET("", d.AdminModelH.List)
+					// 下面的写路径额外加一层 model:write,防读权限账号写入
+					mg.POST("",
+						middleware.RequirePerm(rbac.PermModelWrite),
+						d.AdminModelH.Create)
+					mg.PUT("/:id",
+						middleware.RequirePerm(rbac.PermModelWrite),
+						d.AdminModelH.Update)
+					mg.PATCH("/:id/enabled",
+						middleware.RequirePerm(rbac.PermModelWrite),
+						d.AdminModelH.SetEnabled)
+					mg.DELETE("/:id",
+						middleware.RequirePerm(rbac.PermModelWrite),
+						d.AdminModelH.Delete)
+				}
+			}
+
+			// ---- 全局 API Keys(跨用户) ----
+			if d.AdminKeyH != nil {
+				kg := admin.Group("/keys", middleware.RequirePerm(rbac.PermKeyReadAll, rbac.PermKeyWriteAll))
+				{
+					kg.GET("", d.AdminKeyH.List)
+					kg.PATCH("/:id", middleware.RequirePerm(rbac.PermKeyWriteAll), d.AdminKeyH.SetEnabled)
+				}
+			}
+
+			// ---- 用量聚合 / 日志 ----
+			if d.AdminUsageH != nil {
+				ug := admin.Group("/usage", middleware.RequirePerm(rbac.PermUsageReadAll, rbac.PermStatsReadAll))
+				{
+					ug.GET("/stats", d.AdminUsageH.Stats)
+					ug.GET("/logs", d.AdminUsageH.Logs)
+				}
+			}
+
+			// ---- 充值套餐 + 订单 ----
+			if d.AdminRechargeH != nil {
+				rg := admin.Group("/recharge", middleware.RequirePerm(rbac.PermRechargeManage))
+				{
+					rg.GET("/packages", d.AdminRechargeH.ListPackages)
+					rg.POST("/packages", d.AdminRechargeH.CreatePackage)
+					rg.PATCH("/packages/:id", d.AdminRechargeH.UpdatePackage)
+					rg.DELETE("/packages/:id", d.AdminRechargeH.DeletePackage)
+					rg.GET("/orders", d.AdminRechargeH.ListOrders)
+					rg.POST("/orders/:id/force-paid", d.AdminRechargeH.ForcePaid)
+				}
+			}
+
+			// 系统设置(站点 / 注册 / SMTP 测试 等)
+			if d.SettingsH != nil {
+				sg := admin.Group("/settings", middleware.RequirePerm(rbac.PermSystemSetting))
+				{
+					sg.GET("", d.SettingsH.List)
+					sg.PUT("", d.SettingsH.Update)
+					sg.POST("/reload", d.SettingsH.Reload)
+					sg.POST("/test-email", d.SettingsH.TestMail)
+				}
+			}
+
+			// 数据库备份/恢复(超高危,细粒度权限 + handler 内二次密码)
+			if d.BackupH != nil {
+				bg := admin.Group("/system/backup", middleware.RequirePerm(rbac.PermSystemBackup))
+				{
+					bg.GET("", d.BackupH.List)
+					bg.POST("", d.BackupH.Create)
+					bg.GET("/:id/download", d.BackupH.Download)
+					bg.DELETE("/:id", d.BackupH.Delete)
+					bg.POST("/:id/restore", d.BackupH.Restore)
+					bg.POST("/upload", d.BackupH.Upload)
+				}
+			}
+		}
+	}
+
+	// ---- OpenAI 兼容网关(API Key) ----
+	v1 := r.Group("/v1", apikey.Middleware(d.KeySvc, false))
+	{
+		v1.GET("/models", d.GatewayH.ListModels)
+		v1.POST("/chat/completions", d.GatewayH.ChatCompletions)
+
+		if d.ImagesH != nil {
+			v1.POST("/images/generations", d.ImagesH.ImageGenerations)
+			v1.POST("/images/edits", d.ImagesH.ImageEdits)
+			v1.GET("/images/tasks/:id", d.ImagesH.ImageTask)
+		}
+	}
+
+	// ---- 图片代理(签名 URL,无需 API Key,对 <img src> 友好)----
+	if d.ImagesH != nil {
+		r.GET("/p/img/:task_id/:idx", d.ImagesH.ImageProxy)
+	}
+
+	// ---- 前端 SPA(可选;找不到 dist 就跳过) ----
+	mountSPA(r)
+
+	return r
+}
diff --git a/internal/server/spa.go b/internal/server/spa.go
new file mode 100644
index 00000000..a95be9d4
--- /dev/null
+++ b/internal/server/spa.go
@@ -0,0 +1,107 @@
+package server
+
+import (
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+)
+
+// mountSPA 把前端 Vite 产物(web/dist)挂到 `/` 上,并实现 SPA 回退(deep link 刷新)。
+//
+// 路径选择优先级:
+//  1. 环境变量 GPT2API_WEB_DIR
+//  2. 容器默认:/app/web/dist
+//  3. 源码工作目录:./web/dist
+//  4. 都不存在则什么都不挂(退化为纯 API)
+//
+// 注意:
+//   - 只有 GET/HEAD 的 NoRoute 请求才会被 fallback 到 index.html。其它方法保持 404。
+//   - 明确排除 /api/、/v1/、/healthz、/readyz 等 API 前缀,避免打包问题把接口 404 掩盖成 index.html。
+func mountSPA(r *gin.Engine) bool {
+	dir := resolveWebDir()
+	if dir == "" {
+		return false
+	}
+	indexPath := filepath.Join(dir, "index.html")
+	if _, err := os.Stat(indexPath); err != nil {
+		return false
+	}
+
+	// 自动挂载 dist/ 根下的所有子目录为静态资源(/assets、/screenshots、未来可能的 /img 等),
+	// 避免"加了 public/xxx 但后端忘注册 → 请求被 NoRoute 吞成 index.html"的坑。
+	// 同时把所有根层普通文件(favicon、robots.txt、manifest 等)也一并注册。
+	// 注意:index.html 不走 StaticFile,单独由 r.GET("/") 处理。
+	entries, _ := os.ReadDir(dir)
+	for _, ent := range entries {
+		name := ent.Name()
+		if name == "" || name == "." || name == ".." {
+			continue
+		}
+		full := filepath.Join(dir, name)
+		if ent.IsDir() {
+			r.Static("/"+name, full)
+		} else if name != "index.html" {
+			r.StaticFile("/"+name, full)
+		}
+	}
+
+	// 根路径直接返回 index.html,而不是 404。
+	r.GET("/", func(c *gin.Context) { c.File(indexPath) })
+
+	// NoRoute 兜底:仅对 GET/HEAD 且不在 API 前缀下的请求返回 index.html,
+	// 让前端 vue-router 接管 deep link。
+	r.NoRoute(func(c *gin.Context) {
+		if c.Request.Method != http.MethodGet && c.Request.Method != http.MethodHead {
+			c.Status(http.StatusNotFound)
+			return
+		}
+		p := c.Request.URL.Path
+		for _, prefix := range apiPrefixes {
+			if strings.HasPrefix(p, prefix) {
+				c.Status(http.StatusNotFound)
+				return
+			}
+		}
+		c.File(indexPath)
+	})
+	return true
+}
+
+// API 前缀白名单:凡是命中这里的请求不做 SPA fallback。
+var apiPrefixes = []string{
+	"/api/",
+	"/v1/",
+	"/healthz",
+	"/readyz",
+	"/assets/",
+}
+
+func resolveWebDir() string {
+	if d := os.Getenv("GPT2API_WEB_DIR"); d != "" {
+		if isDir(d) {
+			return d
+		}
+	}
+	candidates := []string{
+		"/app/web/dist",
+		"./web/dist",
+	}
+	for _, d := range candidates {
+		if isDir(d) {
+			abs, _ := filepath.Abs(d)
+			return abs
+		}
+	}
+	return ""
+}
+
+func isDir(p string) bool {
+	st, err := os.Stat(p)
+	if err != nil {
+		return false
+	}
+	return st.IsDir()
+}
diff --git a/internal/settings/dao.go b/internal/settings/dao.go
new file mode 100644
index 00000000..16486533
--- /dev/null
+++ b/internal/settings/dao.go
@@ -0,0 +1,59 @@
+package settings
+
+import (
+	"context"
+	"strings"
+
+	"github.com/jmoiron/sqlx"
+)
+
+// DAO 访问 system_settings 表。
+type DAO struct {
+	db *sqlx.DB
+}
+
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+type row struct {
+	K string `db:"k"`
+	V string `db:"v"`
+}
+
+// LoadAll 全量读。启动时以及 Set 后无需调用(Set 内部维护)。
+func (d *DAO) LoadAll(ctx context.Context) (map[string]string, error) {
+	var rows []row
+	if err := d.db.SelectContext(ctx, &rows, "SELECT `k`, COALESCE(`v`, '') AS `v` FROM `system_settings`"); err != nil {
+		return nil, err
+	}
+	m := make(map[string]string, len(rows))
+	for _, r := range rows {
+		m[r.K] = r.V
+	}
+	return m, nil
+}
+
+// SetMany 用事务批量 upsert,未列出的 key 不动。
+// 调用方负责白名单校验。
+func (d *DAO) SetMany(ctx context.Context, kv map[string]string) error {
+	if len(kv) == 0 {
+		return nil
+	}
+	tx, err := d.db.BeginTxx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	const q = "INSERT INTO `system_settings` (`k`, `v`) VALUES (?, ?) " +
+		"ON DUPLICATE KEY UPDATE `v` = VALUES(`v`)"
+	for k, v := range kv {
+		k = strings.TrimSpace(k)
+		if k == "" {
+			continue
+		}
+		if _, err := tx.ExecContext(ctx, q, k, v); err != nil {
+			return err
+		}
+	}
+	return tx.Commit()
+}
diff --git a/internal/settings/handler.go b/internal/settings/handler.go
new file mode 100644
index 00000000..9d540dd9
--- /dev/null
+++ b/internal/settings/handler.go
@@ -0,0 +1,139 @@
+package settings
+
+import (
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/audit"
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/mailer"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// Handler 系统设置 HTTP 接口。
+//   - List    GET  /api/admin/settings          管理员读取所有 key
+//   - Update  PUT  /api/admin/settings          管理员批量更新
+//   - Reload  POST /api/admin/settings/reload   从 DB 强制重载缓存(应急)
+//   - TestMail POST /api/admin/settings/test-email 管理员给任意地址发一封测试邮件
+//   - Public  GET  /api/public/site-info        匿名可访问,返回 Public=true 的子集
+type Handler struct {
+	svc      *Service
+	mail     *mailer.Mailer
+	auditDAO *audit.DAO
+}
+
+func NewHandler(svc *Service, mail *mailer.Mailer, adao *audit.DAO) *Handler {
+	return &Handler{svc: svc, mail: mail, auditDAO: adao}
+}
+
+// itemView 给前端使用的完整条目(带 schema,便于统一渲染)。
+type itemView struct {
+	Key      string `json:"key"`
+	Value    string `json:"value"`
+	Type     string `json:"type"`
+	Category string `json:"category"`
+	Label    string `json:"label"`
+	Desc     string `json:"desc"`
+}
+
+// List GET /api/admin/settings
+func (h *Handler) List(c *gin.Context) {
+	snap := h.svc.Snapshot()
+	items := make([]itemView, 0, len(Defs))
+	for _, d := range Defs {
+		items = append(items, itemView{
+			Key: d.Key, Value: snap[d.Key], Type: d.Type,
+			Category: d.Category, Label: d.Label, Desc: d.Desc,
+		})
+	}
+	resp.OK(c, gin.H{"items": items})
+}
+
+// Update PUT /api/admin/settings
+// body: { "items": { "site.name": "...", "auth.allow_register": "true", ... } }
+type updateReq struct {
+	Items map[string]string `json:"items"`
+}
+
+func (h *Handler) Update(c *gin.Context) {
+	var req updateReq
+	if err := c.ShouldBindJSON(&req); err != nil || len(req.Items) == 0 {
+		resp.BadRequest(c, "items required")
+		return
+	}
+	// 白名单过滤 + 类型轻校验(严重错误直接拒,warning 放行由前端提示)
+	for k, v := range req.Items {
+		if !IsAllowedKey(k) {
+			resp.BadRequest(c, "unknown key: "+k)
+			return
+		}
+		if def, _ := DefByKey(k); def.Type == "int" {
+			if v == "" {
+				req.Items[k] = "0"
+				continue
+			}
+			if _, err := parseInt64(v); err != nil {
+				resp.BadRequest(c, k+" must be integer")
+				return
+			}
+		}
+	}
+	if err := h.svc.Set(c.Request.Context(), req.Items); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	if h.auditDAO != nil {
+		actor := middleware.UserID(c)
+		if actor > 0 {
+			_ = h.auditDAO.Insert(c.Request.Context(), &audit.Log{
+				ActorID: actor,
+				Action:  "settings.update",
+				Method:  c.Request.Method,
+				Path:    c.FullPath(),
+				Target:  sprintKeys(req.Items),
+				IP:      c.ClientIP(),
+				UA:      c.Request.UserAgent(),
+			})
+		}
+	}
+	resp.OK(c, gin.H{"updated": len(req.Items)})
+}
+
+// Reload POST /api/admin/settings/reload
+func (h *Handler) Reload(c *gin.Context) {
+	if err := h.svc.Reload(c.Request.Context()); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"reloaded": true})
+}
+
+// TestMail POST /api/admin/settings/test-email
+// body: { "to": "foo@bar.com" }
+type testMailReq struct {
+	To string `json:"to" binding:"required,email"`
+}
+
+func (h *Handler) TestMail(c *gin.Context) {
+	var req testMailReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, "invalid email: "+err.Error())
+		return
+	}
+	if h.mail == nil || h.mail.Disabled() {
+		resp.Fail(c, resp.CodeBadRequest, "SMTP not configured: fill host/user/pass in config and restart")
+		return
+	}
+	subject := "[" + h.svc.SiteName() + "] SMTP test email"
+	html := `<p>This is a <b>test email</b> sent from ` + h.svc.SiteName() + ` admin console.</p>` +
+		`<p>If you see this, your SMTP configuration works.</p>`
+	if err := h.mail.SendSync(mailer.Message{To: req.To, Subject: subject, HTML: html}); err != nil {
+		resp.Fail(c, resp.CodeInternal, "send failed: "+err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"sent": true, "to": req.To})
+}
+
+// Public GET /api/public/site-info
+func (h *Handler) Public(c *gin.Context) {
+	resp.OK(c, h.svc.PublicSnapshot())
+}
diff --git a/internal/settings/model.go b/internal/settings/model.go
new file mode 100644
index 00000000..888a5873
--- /dev/null
+++ b/internal/settings/model.go
@@ -0,0 +1,182 @@
+// Package settings 系统设置(KV)。
+//
+// 设计要点:
+//   - 存储:system_settings(k PRIMARY KEY, v TEXT)
+//   - 缓存:启动时从 DB 全量加载到内存 map,Set 时写库 + 原子替换缓存
+//   - 读取:全应用都通过 Service.GetXxx 读,纳秒级;写入只有管理员能触发
+//   - 热更:无需重启,改完立即对后续请求生效
+//   - 白名单:所有允许的 key 都在 Keys 表里声明,未声明的 key 写入会被拒绝,
+//     避免前端/客户端乱写键污染表
+package settings
+
+import "strings"
+
+// Keys 允许的全部 key + 类型 schema(类型仅用于校验/解析)。
+// 默认值仅在 DB 里缺失时使用(migration 已种子化,通常不会用到)。
+type KeyDef struct {
+	Key      string
+	Type     string // "string" | "bool" | "int" | "float" | "email" | "url"
+	Category string // "site" | "auth" | "defaults" | "gateway" | "billing" | "mail"
+	Default  string
+	Label    string
+	Desc     string
+	Public   bool // true 则 /api/public/site-info 会返回给匿名访问者
+}
+
+// ---- key 常量 ----
+const (
+	// 通用
+	SiteName         = "site.name"
+	SiteDescription  = "site.description"
+	SiteLogoURL      = "site.logo_url"
+	SiteFooter       = "site.footer"
+	SiteContactEmail = "site.contact_email"
+	SiteDocsURL      = "site.docs_url"
+	SiteAPIBaseURL   = "site.api_base_url"
+	UIDefaultPageSize = "ui.default_page_size"
+
+	// 安全与认证
+	AuthAllowRegister       = "auth.allow_register"
+	AuthRequireEmailVerify  = "auth.require_email_verify"
+	AuthEmailDomainWhitelist = "auth.email_domain_whitelist"
+	AuthPasswordMinLength   = "auth.password_min_length"
+	AuthInviteCodeRequired  = "auth.invite_code_required"
+	Auth2FAEnabled          = "auth.2fa_enabled"
+	AuthJWTAccessTTLSec     = "auth.jwt_access_ttl_sec"
+	AuthJWTRefreshTTLSec    = "auth.jwt_refresh_ttl_sec"
+
+	// 用户默认值(旧 auth.* 保留兼容)
+	AuthDefaultGroupID       = "auth.default_group_id"
+	AuthSignupBonusCredits   = "auth.signup_bonus_credits"
+	LimitDefaultRPM          = "limit.default_rpm"
+	LimitDefaultTPM          = "limit.default_tpm"
+	KeyDefaultDailyQuota     = "key.default_daily_quota_credits"
+	KeyMaxPerUser            = "key.max_per_user"
+
+	// 网关与调度
+	GatewayUpstreamTimeoutSec = "gateway.upstream_timeout_sec"
+	GatewaySSEReadTimeoutSec  = "gateway.sse_read_timeout_sec"
+	GatewayCooldown429Sec     = "gateway.cooldown_429_sec"
+	GatewayWarnedPauseHours   = "gateway.warned_pause_hours"
+	GatewayDailyUsageRatio    = "gateway.daily_usage_ratio"
+	GatewayRetryOnFailure     = "gateway.retry_on_failure"
+	GatewayRetryMax           = "gateway.retry_max"
+	GatewayDispatchQueueWaitSec = "gateway.dispatch_queue_wait_sec"
+
+	// 代理管理(健康探测)
+	ProxyProbeEnabled     = "proxy.probe_enabled"
+	ProxyProbeIntervalSec = "proxy.probe_interval_sec"
+	ProxyProbeTimeoutSec  = "proxy.probe_timeout_sec"
+	ProxyProbeTargetURL   = "proxy.probe_target_url"
+	ProxyProbeConcurrency = "proxy.probe_concurrency"
+
+	// 账号刷新 & 额度探测
+	AccountRefreshEnabled        = "account.refresh_enabled"
+	AccountRefreshIntervalSec    = "account.refresh_interval_sec"
+	AccountRefreshAheadSec       = "account.refresh_ahead_sec"
+	AccountRefreshConcurrency    = "account.refresh_concurrency"
+	AccountQuotaProbeEnabled     = "account.quota_probe_enabled"
+	AccountQuotaProbeIntervalSec = "account.quota_probe_interval_sec"
+	AccountDefaultClientID       = "account.default_client_id"
+
+	// 计费与充值
+	BillingCreditPerCNY         = "billing.credit_per_cny"
+	BillingNotifyAdminOnAdjust  = "billing.notify_admin_on_adjust"
+	RechargeEnabled             = "recharge.enabled"
+	RechargeMinCNY              = "recharge.min_cny"
+	RechargeMaxCNY              = "recharge.max_cny"
+	RechargeDailyLimitCNY       = "recharge.daily_limit_cny"
+	RechargeOrderExpireMinutes  = "recharge.order_expire_minutes"
+
+	// 邮件
+	MailEnabledDisplay = "mail.enabled_display"
+)
+
+// Defs 所有合法 key 的 schema。前端编辑页按 category + order 展示。
+var Defs = []KeyDef{
+	// ---------- 通用 ----------
+	{Key: SiteName, Type: "string", Category: "site", Default: "GPT2API", Label: "站点名称", Desc: "展示在顶栏和登录页大标题", Public: true},
+	{Key: SiteDescription, Type: "string", Category: "site", Default: "企业级 OpenAI 兼容网关", Label: "副标题", Desc: "登录页宣传语", Public: true},
+	{Key: SiteLogoURL, Type: "url", Category: "site", Default: "", Label: "Logo URL", Desc: "空则使用默认图标", Public: true},
+	{Key: SiteFooter, Type: "string", Category: "site", Default: "", Label: "页脚文案", Desc: "版权/备案号等(纯文本)", Public: true},
+	{Key: SiteContactEmail, Type: "email", Category: "site", Default: "", Label: "联系邮箱", Desc: "对外展示的客服邮箱", Public: true},
+	{Key: SiteDocsURL, Type: "url", Category: "site", Default: "", Label: "文档链接", Desc: "留空则前端隐藏「文档」入口", Public: true},
+	{Key: SiteAPIBaseURL, Type: "url", Category: "site", Default: "", Label: "API Base URL", Desc: "展示给用户的 /v1 入口;留空=当前站点地址", Public: true},
+	{Key: UIDefaultPageSize, Type: "int", Category: "site", Default: "20", Label: "默认每页条数", Desc: "后台表格默认分页(5~100)"},
+
+	// ---------- 安全与认证 ----------
+	{Key: AuthAllowRegister, Type: "bool", Category: "auth", Default: "true", Label: "开放注册", Desc: "关闭后仅管理员可创建用户", Public: true},
+	{Key: AuthRequireEmailVerify, Type: "bool", Category: "auth", Default: "false", Label: "邮箱验证", Desc: "注册时必须验证邮箱(预留;尚未实装)"},
+	{Key: AuthEmailDomainWhitelist, Type: "string", Category: "auth", Default: "", Label: "邮箱域名白名单", Desc: "逗号分隔,如 qq.com,gmail.com;留空=不限"},
+	{Key: AuthPasswordMinLength, Type: "int", Category: "auth", Default: "6", Label: "密码最小长度", Desc: "注册/改密时强制校验(6~64)"},
+	{Key: AuthInviteCodeRequired, Type: "bool", Category: "auth", Default: "false", Label: "邀请码注册", Desc: "必须邀请码才能注册(预留)"},
+	{Key: Auth2FAEnabled, Type: "bool", Category: "auth", Default: "false", Label: "二次验证 2FA", Desc: "允许用户绑定 TOTP(预留)"},
+	{Key: AuthJWTAccessTTLSec, Type: "int", Category: "auth", Default: "7200", Label: "Access Token TTL(秒)", Desc: "默认 7200(2 小时);改后新发 token 生效"},
+	{Key: AuthJWTRefreshTTLSec, Type: "int", Category: "auth", Default: "604800", Label: "Refresh Token TTL(秒)", Desc: "默认 604800(7 天)"},
+
+	// ---------- 用户默认值 ----------
+	{Key: AuthDefaultGroupID, Type: "int", Category: "defaults", Default: "1", Label: "默认分组 ID", Desc: "新用户自动加入的分组(对应 user_groups.id)"},
+	{Key: AuthSignupBonusCredits, Type: "int", Category: "defaults", Default: "0", Label: "注册赠送积分", Desc: "单位:厘,10000 = 1 积分"},
+	{Key: LimitDefaultRPM, Type: "int", Category: "defaults", Default: "60", Label: "默认 RPM", Desc: "未被 key/group 覆盖时生效"},
+	{Key: LimitDefaultTPM, Type: "int", Category: "defaults", Default: "60000", Label: "默认 TPM", Desc: ""},
+	{Key: KeyDefaultDailyQuota, Type: "int", Category: "defaults", Default: "0", Label: "API Key 默认日配额", Desc: "单位:厘;0=不限"},
+	{Key: KeyMaxPerUser, Type: "int", Category: "defaults", Default: "20", Label: "单用户最多 Key 数", Desc: "0=不限"},
+
+	// ---------- 网关与调度 ----------
+	{Key: GatewayUpstreamTimeoutSec, Type: "int", Category: "gateway", Default: "60", Label: "上游请求超时(秒)", Desc: "非流式请求上游响应超时"},
+	{Key: GatewaySSEReadTimeoutSec, Type: "int", Category: "gateway", Default: "120", Label: "SSE 读超时(秒)", Desc: "流式响应无数据时的中断阈值"},
+	{Key: GatewayCooldown429Sec, Type: "int", Category: "gateway", Default: "300", Label: "429 冷却(秒)", Desc: "账号遇 429 后暂停调度"},
+	{Key: GatewayWarnedPauseHours, Type: "int", Category: "gateway", Default: "24", Label: "风险暂停(小时)", Desc: "账号被识别为 warned 时的暂停时长"},
+	{Key: GatewayDailyUsageRatio, Type: "float", Category: "gateway", Default: "0.8", Label: "日用比例阈值", Desc: "0.0~1.0;超过后降低调度优先级"},
+	{Key: GatewayRetryOnFailure, Type: "bool", Category: "gateway", Default: "true", Label: "失败自动重试", Desc: "遇到可恢复错误时切换账号重试"},
+	{Key: GatewayRetryMax, Type: "int", Category: "gateway", Default: "1", Label: "最大重试次数", Desc: "0~3"},
+	{Key: GatewayDispatchQueueWaitSec, Type: "int", Category: "gateway", Default: "120", Label: "账号排队等待上限(秒)", Desc: "并发大于账号数时,请求会在队列里等空闲账号;超过此秒数仍拿不到才返回 no_available_account。0=不排队,立即失败"},
+
+	// ---------- 代理管理(健康探测) ----------
+	{Key: ProxyProbeEnabled, Type: "bool", Category: "gateway", Default: "true", Label: "代理探测开关", Desc: "开启后后台定时对启用的代理做连通性探测,更新健康分"},
+	{Key: ProxyProbeIntervalSec, Type: "int", Category: "gateway", Default: "300", Label: "代理探测间隔(秒)", Desc: "两轮探测之间的间隔,建议 ≥ 60"},
+	{Key: ProxyProbeTimeoutSec, Type: "int", Category: "gateway", Default: "10", Label: "代理探测超时(秒)", Desc: "单条代理一次探测的超时时间"},
+	{Key: ProxyProbeTargetURL, Type: "url", Category: "gateway", Default: "", Label: "代理探测目标 URL", Desc: "返回 2xx/3xx 视为成功。**留空(推荐)**时走内置候选链(api.ipify.org / cloudflare cdn-cgi/trace / httpbin.org),任意一个通过即判代理可用;填单一 URL 则只用该地址(代理若恰好被该站限制会被误判为失败)"},
+	{Key: ProxyProbeConcurrency, Type: "int", Category: "gateway", Default: "8", Label: "代理探测并发", Desc: "同时探测的代理数(1~64)"},
+
+	// ---------- 账号池(AT 刷新 / 额度探测) ----------
+	{Key: AccountRefreshEnabled, Type: "bool", Category: "gateway", Default: "true", Label: "账号 AT 自动刷新", Desc: "后台定时扫账号,即将过期的 AT 自动用 RT/ST 刷新"},
+	{Key: AccountRefreshIntervalSec, Type: "int", Category: "gateway", Default: "120", Label: "账号刷新扫描间隔(秒)", Desc: "多久扫一次,建议 60~300"},
+	{Key: AccountRefreshAheadSec, Type: "int", Category: "gateway", Default: "900", Label: "账号预刷新提前量(秒)", Desc: "距离过期多少秒内就触发刷新,建议 ≥ 300"},
+	{Key: AccountRefreshConcurrency, Type: "int", Category: "gateway", Default: "4", Label: "账号刷新并发", Desc: "同时刷新的账号数(1~32)"},
+	{Key: AccountQuotaProbeEnabled, Type: "bool", Category: "gateway", Default: "true", Label: "账号额度自动探测", Desc: "后台定期查询账号的图片剩余额度"},
+	{Key: AccountQuotaProbeIntervalSec, Type: "int", Category: "gateway", Default: "18000", Label: "额度探测最小间隔(秒)", Desc: "同一账号两次探测的最小间隔,默认 **18000=5 小时**;当账号剩余额度=0 且已过重置时间时,会忽略此间隔立即补探一次,以第一时间反映真实恢复额度"},
+	{Key: AccountDefaultClientID, Type: "string", Category: "gateway", Default: "app_EMoamEEZ73f0CkXaXp7hrann", Label: "导入账号默认 client_id", Desc: "JSON 未指定时使用的 OAuth client_id"},
+
+	// ---------- 计费与充值 ----------
+	{Key: BillingCreditPerCNY, Type: "int", Category: "billing", Default: "10000", Label: "1 元 = N 积分·厘", Desc: "展示用换算;默认 10000"},
+	{Key: BillingNotifyAdminOnAdjust, Type: "bool", Category: "billing", Default: "false", Label: "调账邮件通知", Desc: "管理员调账时邮件通知超管(预留)"},
+	{Key: RechargeEnabled, Type: "bool", Category: "billing", Default: "true", Label: "启用充值", Desc: "关闭后前端隐藏充值菜单,下单接口返回 403", Public: true},
+	{Key: RechargeMinCNY, Type: "int", Category: "billing", Default: "100", Label: "最低金额(分)", Desc: "100 = 1 元"},
+	{Key: RechargeMaxCNY, Type: "int", Category: "billing", Default: "0", Label: "最高金额(分)", Desc: "0=不限"},
+	{Key: RechargeDailyLimitCNY, Type: "int", Category: "billing", Default: "0", Label: "单用户每日上限(分)", Desc: "0=不限;按今日已支付订单金额累计"},
+	{Key: RechargeOrderExpireMinutes, Type: "int", Category: "billing", Default: "30", Label: "订单有效期(分钟)", Desc: "到期未支付自动取消"},
+
+	// ---------- 邮件 ----------
+	{Key: MailEnabledDisplay, Type: "string", Category: "mail", Default: "auto", Label: "邮件开关展示", Desc: "auto/true/false;实际是否发邮件由 SMTP 配置决定"},
+}
+
+// DefByKey 快速查一条 schema。
+func DefByKey(k string) (KeyDef, bool) {
+	for _, d := range Defs {
+		if d.Key == k {
+			return d, true
+		}
+	}
+	return KeyDef{}, false
+}
+
+// IsAllowedKey 白名单判定。
+func IsAllowedKey(k string) bool {
+	k = strings.TrimSpace(k)
+	if k == "" {
+		return false
+	}
+	_, ok := DefByKey(k)
+	return ok
+}
diff --git a/internal/settings/service.go b/internal/settings/service.go
new file mode 100644
index 00000000..1401d603
--- /dev/null
+++ b/internal/settings/service.go
@@ -0,0 +1,328 @@
+package settings
+
+import (
+	"context"
+	"errors"
+	"strconv"
+	"strings"
+	"sync"
+)
+
+// Service 带内存缓存的只读/可写访问层。
+// 所有读走本地 map,写走 DB + 原子替换缓存。
+type Service struct {
+	dao   *DAO
+	mu    sync.RWMutex
+	cache map[string]string // 最新快照;不直接暴露,通过 GetXxx 读
+}
+
+var ErrUnknownKey = errors.New("settings: unknown key")
+
+func NewService(dao *DAO) *Service {
+	return &Service{dao: dao, cache: map[string]string{}}
+}
+
+// Reload 启动时 / 手动触发时调用。
+func (s *Service) Reload(ctx context.Context) error {
+	m, err := s.dao.LoadAll(ctx)
+	if err != nil {
+		return err
+	}
+	// 补齐 Defs 默认值(DB 里缺某个 key 时)
+	for _, d := range Defs {
+		if _, ok := m[d.Key]; !ok {
+			m[d.Key] = d.Default
+		}
+	}
+	s.mu.Lock()
+	s.cache = m
+	s.mu.Unlock()
+	return nil
+}
+
+// Snapshot 拷贝当前所有设置(不含未登记 key)。
+func (s *Service) Snapshot() map[string]string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	out := make(map[string]string, len(s.cache))
+	for _, d := range Defs {
+		if v, ok := s.cache[d.Key]; ok {
+			out[d.Key] = v
+		} else {
+			out[d.Key] = d.Default
+		}
+	}
+	return out
+}
+
+// PublicSnapshot 只返回 Defs 中 Public=true 的条目,面向匿名访问。
+func (s *Service) PublicSnapshot() map[string]string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	out := make(map[string]string)
+	for _, d := range Defs {
+		if !d.Public {
+			continue
+		}
+		if v, ok := s.cache[d.Key]; ok {
+			out[d.Key] = v
+		} else {
+			out[d.Key] = d.Default
+		}
+	}
+	return out
+}
+
+// Set 批量写入并刷新缓存;未在 Defs 白名单中的 key 会被过滤。
+func (s *Service) Set(ctx context.Context, in map[string]string) error {
+	filtered := make(map[string]string, len(in))
+	for k, v := range in {
+		if !IsAllowedKey(k) {
+			continue
+		}
+		filtered[k] = strings.TrimSpace(v)
+	}
+	if len(filtered) == 0 {
+		return nil
+	}
+	if err := s.dao.SetMany(ctx, filtered); err != nil {
+		return err
+	}
+	s.mu.Lock()
+	for k, v := range filtered {
+		s.cache[k] = v
+	}
+	s.mu.Unlock()
+	return nil
+}
+
+// --- typed getters ---
+
+func (s *Service) GetString(key string) string {
+	s.mu.RLock()
+	v, ok := s.cache[key]
+	s.mu.RUnlock()
+	if ok {
+		return v
+	}
+	if d, ok := DefByKey(key); ok {
+		return d.Default
+	}
+	return ""
+}
+
+func (s *Service) GetBool(key string) bool {
+	v := strings.ToLower(strings.TrimSpace(s.GetString(key)))
+	return v == "1" || v == "true" || v == "yes" || v == "on"
+}
+
+func (s *Service) GetInt(key string) int64 {
+	n, _ := strconv.ParseInt(strings.TrimSpace(s.GetString(key)), 10, 64)
+	return n
+}
+
+func (s *Service) GetFloat(key string) float64 {
+	f, _ := strconv.ParseFloat(strings.TrimSpace(s.GetString(key)), 64)
+	return f
+}
+
+// --- convenience helpers (业务语义) ---
+// 所有 helper 都保证返回"安全"的业务默认(例如不让 0/负值落到业务路径)。
+
+// -- site --
+func (s *Service) SiteName() string { return firstNonEmpty(s.GetString(SiteName), "GPT2API") }
+
+// -- auth --
+func (s *Service) AllowRegister() bool { return s.GetBool(AuthAllowRegister) }
+func (s *Service) DefaultGroupID() uint64 {
+	n := s.GetInt(AuthDefaultGroupID)
+	if n <= 0 {
+		n = 1
+	}
+	return uint64(n)
+}
+func (s *Service) SignupBonusCredits() int64 {
+	n := s.GetInt(AuthSignupBonusCredits)
+	if n < 0 {
+		return 0
+	}
+	return n
+}
+func (s *Service) PasswordMinLength() int {
+	n := int(s.GetInt(AuthPasswordMinLength))
+	if n < 1 {
+		n = 6
+	}
+	if n > 128 {
+		n = 128
+	}
+	return n
+}
+
+// EmailDomainWhitelist 返回允许注册的小写域名集合;空集表示"不限"。
+func (s *Service) EmailDomainWhitelist() map[string]struct{} {
+	raw := strings.TrimSpace(s.GetString(AuthEmailDomainWhitelist))
+	if raw == "" {
+		return nil
+	}
+	out := make(map[string]struct{})
+	for _, seg := range strings.Split(raw, ",") {
+		d := strings.ToLower(strings.TrimSpace(seg))
+		d = strings.TrimPrefix(d, "@")
+		if d != "" {
+			out[d] = struct{}{}
+		}
+	}
+	if len(out) == 0 {
+		return nil
+	}
+	return out
+}
+
+// JWTAccessTTL / JWTRefreshTTL 返回秒;<=0 的配置会回退到 1h / 7d。
+func (s *Service) JWTAccessTTLSec() int {
+	n := int(s.GetInt(AuthJWTAccessTTLSec))
+	if n <= 0 {
+		return 3600
+	}
+	return n
+}
+func (s *Service) JWTRefreshTTLSec() int {
+	n := int(s.GetInt(AuthJWTRefreshTTLSec))
+	if n <= 0 {
+		return 7 * 24 * 3600
+	}
+	return n
+}
+
+// -- key defaults --
+func (s *Service) KeyDefaultDailyQuota() int64 { n := s.GetInt(KeyDefaultDailyQuota); if n < 0 { return 0 }; return n }
+func (s *Service) KeyMaxPerUser() int          { return int(s.GetInt(KeyMaxPerUser)) }
+
+// -- gateway --
+func (s *Service) GatewayUpstreamTimeoutSec() int { n := int(s.GetInt(GatewayUpstreamTimeoutSec)); if n <= 0 { return 60 }; return n }
+func (s *Service) GatewaySSEReadTimeoutSec() int  { n := int(s.GetInt(GatewaySSEReadTimeoutSec));  if n <= 0 { return 120 }; return n }
+func (s *Service) Cooldown429Sec() int            { n := int(s.GetInt(GatewayCooldown429Sec));     if n <= 0 { return 300 }; return n }
+func (s *Service) WarnedPauseHours() int          { n := int(s.GetInt(GatewayWarnedPauseHours));   if n <= 0 { return 24 }; return n }
+func (s *Service) DailyUsageRatio() float64 {
+	f := s.GetFloat(GatewayDailyUsageRatio)
+	if f <= 0 || f > 1 {
+		return 0.8
+	}
+	return f
+}
+func (s *Service) RetryOnFailure() bool { return s.GetBool(GatewayRetryOnFailure) }
+func (s *Service) RetryMax() int {
+	n := int(s.GetInt(GatewayRetryMax))
+	if n < 0 {
+		return 0
+	}
+	if n > 3 {
+		return 3
+	}
+	return n
+}
+
+// DispatchQueueWaitSec 账号池忙时请求的最长排队时间。
+//   - 0   ⇒ 不排队(立即返回 no_available_account)
+//   - 负数 / 未设置 ⇒ 回退默认 120
+func (s *Service) DispatchQueueWaitSec() int {
+	n := int(s.GetInt(GatewayDispatchQueueWaitSec))
+	if n < 0 {
+		return 120
+	}
+	return n
+}
+
+// -- proxy probe --
+func (s *Service) ProbeEnabled() bool { return s.GetBool(ProxyProbeEnabled) }
+func (s *Service) ProbeIntervalSec() int {
+	n := int(s.GetInt(ProxyProbeIntervalSec))
+	if n <= 0 {
+		return 300
+	}
+	return n
+}
+func (s *Service) ProbeTimeoutSec() int {
+	n := int(s.GetInt(ProxyProbeTimeoutSec))
+	if n <= 0 {
+		return 10
+	}
+	return n
+}
+// ProbeTargetURL 返回管理员配置的探测目标原值。
+// 留空不再在此层硬塞 gstatic,而是把"空"的语义向下透传给 Prober,
+// 由 Prober 走内置候选链(见 defaultProbeTargets)。
+func (s *Service) ProbeTargetURL() string {
+	return strings.TrimSpace(s.GetString(ProxyProbeTargetURL))
+}
+func (s *Service) ProbeConcurrency() int {
+	n := int(s.GetInt(ProxyProbeConcurrency))
+	if n <= 0 {
+		return 8
+	}
+	if n > 64 {
+		return 64
+	}
+	return n
+}
+
+// -- account refresh / quota probe --
+func (s *Service) AccountRefreshEnabled() bool { return s.GetBool(AccountRefreshEnabled) }
+func (s *Service) AccountRefreshIntervalSec() int {
+	n := int(s.GetInt(AccountRefreshIntervalSec))
+	if n <= 0 {
+		return 120
+	}
+	return n
+}
+func (s *Service) AccountRefreshAheadSec() int {
+	n := int(s.GetInt(AccountRefreshAheadSec))
+	if n <= 0 {
+		return 900
+	}
+	return n
+}
+func (s *Service) AccountRefreshConcurrency() int {
+	n := int(s.GetInt(AccountRefreshConcurrency))
+	if n <= 0 {
+		return 4
+	}
+	if n > 32 {
+		return 32
+	}
+	return n
+}
+func (s *Service) AccountQuotaProbeEnabled() bool { return s.GetBool(AccountQuotaProbeEnabled) }
+func (s *Service) AccountQuotaProbeIntervalSec() int {
+	n := int(s.GetInt(AccountQuotaProbeIntervalSec))
+	if n <= 0 {
+		return 18000 // 5h
+	}
+	return n
+}
+func (s *Service) AccountDefaultClientID() string {
+	return firstNonEmpty(s.GetString(AccountDefaultClientID), "app_EMoamEEZ73f0CkXaXp7hrann")
+}
+
+// -- billing / recharge --
+func (s *Service) RechargeEnabled() bool    { return s.GetBool(RechargeEnabled) }
+func (s *Service) RechargeMinCNY() int64    { n := s.GetInt(RechargeMinCNY); if n < 0 { return 0 }; return n }
+func (s *Service) RechargeMaxCNY() int64    { n := s.GetInt(RechargeMaxCNY); if n < 0 { return 0 }; return n }
+func (s *Service) RechargeDailyLimitCNY() int64 { n := s.GetInt(RechargeDailyLimitCNY); if n < 0 { return 0 }; return n }
+func (s *Service) RechargeOrderExpireMin() int {
+	n := int(s.GetInt(RechargeOrderExpireMinutes))
+	if n <= 0 {
+		return 30
+	}
+	return n
+}
+
+func firstNonEmpty(vs ...string) string {
+	for _, v := range vs {
+		if strings.TrimSpace(v) != "" {
+			return v
+		}
+	}
+	return ""
+}
diff --git a/internal/settings/util.go b/internal/settings/util.go
new file mode 100644
index 00000000..a67a6c87
--- /dev/null
+++ b/internal/settings/util.go
@@ -0,0 +1,22 @@
+package settings
+
+import (
+	"sort"
+	"strconv"
+	"strings"
+)
+
+func parseInt64(s string) (int64, error) {
+	return strconv.ParseInt(strings.TrimSpace(s), 10, 64)
+}
+
+// sprintKeys 把更新过的 key 列表拼成审计 detail,避免把用户明文值写进审计日志
+// (比如未来可能加入密钥字段)。
+func sprintKeys(m map[string]string) string {
+	keys := make([]string, 0, len(m))
+	for k := range m {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+	return "updated=" + strings.Join(keys, ",")
+}
diff --git a/internal/upstream/adapter/adapter.go b/internal/upstream/adapter/adapter.go
new file mode 100644
index 00000000..ddb3fa0b
--- /dev/null
+++ b/internal/upstream/adapter/adapter.go
@@ -0,0 +1,104 @@
+// Package adapter 定义"上游供应商"的统一抽象。
+//
+// 之前 gateway 直接 hardcode 了 chatgpt.com 的调用栈(Bootstrap / chat-
+// requirements / conversation/prepare / conversation/SSE),无法复用到
+// OpenAI、Gemini、Anthropic 这些第三方 API。
+//
+// 这里把"给定请求 → 返回 OpenAI 兼容响应"这个核心动作抽成 Adapter 接口,
+// 由 channel.Router 按本地模型挑选适配器并调用。每个适配器内部自行处理:
+//   - 请求体转换(例如 OpenAI → Gemini generateContent)
+//   - 鉴权(Bearer / x-goog-api-key / ...)
+//   - 流式协议转换(Gemini 走非流式 → OpenAI SSE chunk)
+//
+// 目前仅实现 openai / gemini 的 text + image;video 预留模态位,
+// 后续单独接入。
+package adapter
+
+import (
+	"context"
+	"io"
+
+	"github.com/432539/gpt2api/internal/upstream/chatgpt"
+)
+
+// ChatRequest 统一的 chat 请求体,尽量向 OpenAI 格式靠拢。
+type ChatRequest struct {
+	Model       string                `json:"model"`
+	Messages    []chatgpt.ChatMessage `json:"messages"`
+	Stream      bool                  `json:"stream"`
+	Temperature float64               `json:"temperature,omitempty"`
+	TopP        float64               `json:"top_p,omitempty"`
+	MaxTokens   int                   `json:"max_tokens,omitempty"`
+}
+
+// ChatChunk 流式输出的单个片段。
+// FinishReason 非空时表示流结束,Usage 会在最后一个 chunk 带上(如上游未提供则估算)。
+type ChatChunk struct {
+	Delta        string
+	FinishReason string
+	Usage        *ChatUsage
+	Err          error
+}
+
+type ChatUsage struct {
+	PromptTokens     int
+	CompletionTokens int
+	TotalTokens      int
+}
+
+// ChatStream 适配器返回的统一 chunk 通道。调用方需 Drain 直到通道关闭。
+type ChatStream = <-chan ChatChunk
+
+// ImageRequest 统一的图片生成请求。
+type ImageRequest struct {
+	Model  string `json:"model"`
+	Prompt string `json:"prompt"`
+	N      int    `json:"n,omitempty"`
+	Size   string `json:"size,omitempty"`   // 1024x1024 / 512x512 / auto
+	Format string `json:"format,omitempty"` // url / b64_json
+}
+
+type ImageResult struct {
+	// URLs 与 B64s 至少填一个;URL 由适配器直接给出(OpenAI 返回的签名 URL / Gemini 的
+	// File API URI)。如果供应商只给出 base64,可以填 B64s,gateway 会按需落盘并生成签名 URL。
+	URLs []string
+	B64s []string
+}
+
+// Adapter 代表一个具体的上游供应商适配器实例(openai / gemini / ...)。
+//
+// 一个渠道(Channel)对应一个 Adapter 实例。上层根据本地模型 + 模态从渠道路由器
+// 取 Adapter,再调用对应方法。
+type Adapter interface {
+	// Type 返回适配器类型(openai / gemini),用于日志。
+	Type() string
+	// UpstreamFor 把本地模型 slug 转成上游模型(由渠道绑定的 Mapping 决定,
+	// 通常由路由层填好传下来)。
+	Chat(ctx context.Context, upstreamModel string, req *ChatRequest) (ChatStream, error)
+	ImageGenerate(ctx context.Context, upstreamModel string, req *ImageRequest) (*ImageResult, error)
+	// Ping 发一次轻量校验请求,用于"测试连接"。
+	Ping(ctx context.Context) error
+}
+
+// VideoCapable 可选接口:后续 Gemini Veo / OpenAI Sora 接入时实现它。
+type VideoCapable interface {
+	VideoGenerate(ctx context.Context, upstreamModel string, prompt string) (*VideoResult, error)
+}
+
+type VideoResult struct {
+	URL string
+}
+
+// drainCloser 用于适配器内部快速把 stream 关掉。
+type drainCloser interface {
+	io.Closer
+}
+
+// Params 构造适配器时需要的共用参数。
+type Params struct {
+	BaseURL  string
+	APIKey   string
+	TimeoutS int
+	// Extra 预留透传 JSON(例如 gemini 可能需要 project / location)。
+	Extra string
+}
diff --git a/internal/upstream/adapter/gemini.go b/internal/upstream/adapter/gemini.go
new file mode 100644
index 00000000..43b776b4
--- /dev/null
+++ b/internal/upstream/adapter/gemini.go
@@ -0,0 +1,423 @@
+package adapter
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+)
+
+// geminiAdapter 兼容 Google Generative Language API v1beta。
+//
+// 协议差异要点:
+//   1. 鉴权用 query param ?key=xxx 或 header X-Goog-Api-Key: xxx。
+//   2. Chat 接口路径:
+//        POST /v1beta/models/{model}:generateContent        (非流式)
+//        POST /v1beta/models/{model}:streamGenerateContent  (流式)
+//      流式默认返回 JSON 数组(每个元素是一个 GenerateContentResponse),
+//      配合 ?alt=sse 才能拿到 text/event-stream。
+//   3. 消息体结构:{ contents: [{role, parts:[{text}]}] }。
+//      role 只接受 "user" / "model"(把 OpenAI assistant → model,system 拼
+//      到 systemInstruction 或第一条 user 里)。
+//   4. 图片生成走 imagen-4:generateContent 或 gemini-2.5-flash-image-preview,
+//      返回 inlineData base64。
+//
+// 本适配器把 Gemini 响应实时转换成 OpenAI 风格 ChatChunk 输出,调用方无感。
+type geminiAdapter struct {
+	baseURL string
+	apiKey  string
+	client  *http.Client
+}
+
+func NewGemini(p Params) *geminiAdapter {
+	base := strings.TrimRight(p.BaseURL, "/")
+	// 允许用户填 https://generativelanguage.googleapis.com 或已带 /v1beta。
+	base = strings.TrimSuffix(base, "/v1beta")
+	timeout := time.Duration(p.TimeoutS) * time.Second
+	if timeout <= 0 {
+		timeout = 120 * time.Second
+	}
+	return &geminiAdapter{
+		baseURL: base,
+		apiKey:  p.APIKey,
+		client:  &http.Client{Timeout: timeout},
+	}
+}
+
+func (a *geminiAdapter) Type() string { return "gemini" }
+
+// geminiContent 对应 { contents: [{ role, parts: [{ text }] }] }。
+type geminiContent struct {
+	Role  string       `json:"role,omitempty"`
+	Parts []geminiPart `json:"parts"`
+}
+
+type geminiPart struct {
+	Text       string            `json:"text,omitempty"`
+	InlineData *geminiInlineData `json:"inlineData,omitempty"`
+}
+
+type geminiInlineData struct {
+	MimeType string `json:"mimeType"`
+	Data     string `json:"data"`
+}
+
+// buildGeminiPayload 把 OpenAI 风格 messages 转成 Gemini contents。
+// system 角色合并进 systemInstruction 字段。
+func buildGeminiPayload(req *ChatRequest) map[string]any {
+	var contents []geminiContent
+	var systemParts []geminiPart
+
+	for _, m := range req.Messages {
+		switch m.Role {
+		case "system":
+			systemParts = append(systemParts, geminiPart{Text: m.Content})
+		case "assistant":
+			contents = append(contents, geminiContent{
+				Role:  "model",
+				Parts: []geminiPart{{Text: m.Content}},
+			})
+		default: // "user" / tool / function 统一当 user
+			contents = append(contents, geminiContent{
+				Role:  "user",
+				Parts: []geminiPart{{Text: m.Content}},
+			})
+		}
+	}
+
+	payload := map[string]any{
+		"contents": contents,
+	}
+	if len(systemParts) > 0 {
+		payload["systemInstruction"] = geminiContent{Parts: systemParts}
+	}
+	// generationConfig
+	genCfg := map[string]any{}
+	if req.Temperature > 0 {
+		genCfg["temperature"] = req.Temperature
+	}
+	if req.TopP > 0 {
+		genCfg["topP"] = req.TopP
+	}
+	if req.MaxTokens > 0 {
+		genCfg["maxOutputTokens"] = req.MaxTokens
+	}
+	if len(genCfg) > 0 {
+		payload["generationConfig"] = genCfg
+	}
+	return payload
+}
+
+// Chat 请求 Gemini。
+//
+// 说明关于"接受这个延迟":Gemini 流式接口(streamGenerateContent)默认
+// 返回 JSON 数组,而不是真正的 SSE。为把它转换成 OpenAI SSE chunk,本实现
+// 会实时流式解析上游 JSON 数组元素并逐个吐出 ChatChunk。
+//   - 若用户请求 stream=true:走 streamGenerateContent?alt=sse
+//   - 若用户请求 stream=false:走 generateContent 一次性返回
+func (a *geminiAdapter) Chat(ctx context.Context, upstreamModel string, req *ChatRequest) (ChatStream, error) {
+	path := "/v1beta/models/" + upstreamModel
+	if req.Stream {
+		path += ":streamGenerateContent?alt=sse"
+	} else {
+		path += ":generateContent"
+	}
+	body, _ := json.Marshal(buildGeminiPayload(req))
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		a.baseURL+path, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set("X-Goog-Api-Key", a.apiKey)
+
+	resp, err := a.client.Do(httpReq)
+	if err != nil {
+		return nil, fmt.Errorf("gemini: request: %w", err)
+	}
+	if resp.StatusCode >= 400 {
+		return nil, upstreamErr(resp)
+	}
+
+	ch := make(chan ChatChunk, 16)
+	if req.Stream {
+		go parseGeminiSSE(resp.Body, ch)
+	} else {
+		go parseGeminiNonStream(resp.Body, ch)
+	}
+	return ch, nil
+}
+
+// geminiGenResp 是单次 generateContent 响应 / SSE 单条 data 的结构。
+type geminiGenResp struct {
+	Candidates []struct {
+		Content struct {
+			Parts []geminiPart `json:"parts"`
+			Role  string       `json:"role"`
+		} `json:"content"`
+		FinishReason string `json:"finishReason"`
+	} `json:"candidates"`
+	UsageMetadata *struct {
+		PromptTokenCount     int `json:"promptTokenCount"`
+		CandidatesTokenCount int `json:"candidatesTokenCount"`
+		TotalTokenCount      int `json:"totalTokenCount"`
+	} `json:"usageMetadata"`
+}
+
+// parseGeminiSSE 解析 ?alt=sse 的返回流,每条 data: {...} 对应一次 chunk。
+func parseGeminiSSE(body io.ReadCloser, ch chan<- ChatChunk) {
+	defer body.Close()
+	defer close(ch)
+
+	reader := newLineReader(body)
+	var lastUsage *ChatUsage
+
+	for {
+		line, err := reader.readLine()
+		if err != nil {
+			if !errors.Is(err, io.EOF) {
+				ch <- ChatChunk{Err: err}
+			}
+			break
+		}
+		if line == "" || !strings.HasPrefix(line, "data:") {
+			continue
+		}
+		data := strings.TrimSpace(strings.TrimPrefix(line, "data:"))
+		if data == "" || data == "[DONE]" {
+			continue
+		}
+		var obj geminiGenResp
+		if err := json.Unmarshal([]byte(data), &obj); err != nil {
+			continue
+		}
+		if obj.UsageMetadata != nil {
+			lastUsage = &ChatUsage{
+				PromptTokens:     obj.UsageMetadata.PromptTokenCount,
+				CompletionTokens: obj.UsageMetadata.CandidatesTokenCount,
+				TotalTokens:      obj.UsageMetadata.TotalTokenCount,
+			}
+		}
+		for _, cand := range obj.Candidates {
+			for _, p := range cand.Content.Parts {
+				if p.Text != "" {
+					ch <- ChatChunk{Delta: p.Text}
+				}
+			}
+			if cand.FinishReason != "" {
+				ch <- ChatChunk{FinishReason: mapGeminiFinish(cand.FinishReason)}
+			}
+		}
+	}
+	if lastUsage != nil {
+		ch <- ChatChunk{Usage: lastUsage}
+	}
+}
+
+// parseGeminiNonStream 读取 generateContent 一次性 JSON 响应。
+func parseGeminiNonStream(body io.ReadCloser, ch chan<- ChatChunk) {
+	defer body.Close()
+	defer close(ch)
+
+	var obj geminiGenResp
+	if err := json.NewDecoder(body).Decode(&obj); err != nil {
+		ch <- ChatChunk{Err: fmt.Errorf("gemini: decode: %w", err)}
+		return
+	}
+	var text strings.Builder
+	finish := "stop"
+	for _, cand := range obj.Candidates {
+		for _, p := range cand.Content.Parts {
+			text.WriteString(p.Text)
+		}
+		if cand.FinishReason != "" {
+			finish = mapGeminiFinish(cand.FinishReason)
+		}
+	}
+	ch <- ChatChunk{Delta: text.String(), FinishReason: finish}
+	if obj.UsageMetadata != nil {
+		ch <- ChatChunk{Usage: &ChatUsage{
+			PromptTokens:     obj.UsageMetadata.PromptTokenCount,
+			CompletionTokens: obj.UsageMetadata.CandidatesTokenCount,
+			TotalTokens:      obj.UsageMetadata.TotalTokenCount,
+		}}
+	}
+}
+
+// mapGeminiFinish 把 Gemini 的 finishReason 归一到 OpenAI 风格。
+func mapGeminiFinish(r string) string {
+	switch r {
+	case "STOP":
+		return "stop"
+	case "MAX_TOKENS":
+		return "length"
+	case "SAFETY", "RECITATION", "PROHIBITED_CONTENT", "BLOCKLIST":
+		return "content_filter"
+	default:
+		return strings.ToLower(r)
+	}
+}
+
+// ImageGenerate 支持两种 Gemini 图像模型:
+//   - imagen-4.0-generate-001 这类 imagen-*:predict 接口(真正的图像生成)
+//   - gemini-2.5-flash-image-preview 等多模态模型走 generateContent,响应里
+//     包含 inlineData(base64)。
+//
+// 这里按 upstreamModel 名字自动分发。
+func (a *geminiAdapter) ImageGenerate(ctx context.Context, upstreamModel string, req *ImageRequest) (*ImageResult, error) {
+	if strings.HasPrefix(upstreamModel, "imagen") {
+		return a.imagenGenerate(ctx, upstreamModel, req)
+	}
+	return a.geminiImageGenerate(ctx, upstreamModel, req)
+}
+
+// imagenGenerate 走 /v1beta/models/{model}:predict,专门给 imagen-* 用。
+func (a *geminiAdapter) imagenGenerate(ctx context.Context, upstreamModel string, req *ImageRequest) (*ImageResult, error) {
+	n := req.N
+	if n <= 0 {
+		n = 1
+	}
+	payload := map[string]any{
+		"instances": []map[string]any{
+			{"prompt": req.Prompt},
+		},
+		"parameters": map[string]any{
+			"sampleCount": n,
+		},
+	}
+	body, _ := json.Marshal(payload)
+	url := a.baseURL + "/v1beta/models/" + upstreamModel + ":predict"
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set("X-Goog-Api-Key", a.apiKey)
+
+	resp, err := a.client.Do(httpReq)
+	if err != nil {
+		return nil, fmt.Errorf("gemini: imagen: %w", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode >= 400 {
+		return nil, upstreamErr(resp)
+	}
+	var obj struct {
+		Predictions []struct {
+			BytesBase64Encoded string `json:"bytesBase64Encoded"`
+		} `json:"predictions"`
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&obj); err != nil {
+		return nil, err
+	}
+	r := &ImageResult{}
+	for _, p := range obj.Predictions {
+		if p.BytesBase64Encoded != "" {
+			r.B64s = append(r.B64s, p.BytesBase64Encoded)
+		}
+	}
+	if len(r.B64s) == 0 {
+		return nil, errors.New("gemini imagen: empty response")
+	}
+	return r, nil
+}
+
+// geminiImageGenerate 走 gemini-*-image 多模态模型,请求 generateContent,
+// 响应里 parts 会含 inlineData(base64)。
+func (a *geminiAdapter) geminiImageGenerate(ctx context.Context, upstreamModel string, req *ImageRequest) (*ImageResult, error) {
+	payload := map[string]any{
+		"contents": []geminiContent{
+			{Role: "user", Parts: []geminiPart{{Text: req.Prompt}}},
+		},
+	}
+	body, _ := json.Marshal(payload)
+	url := a.baseURL + "/v1beta/models/" + upstreamModel + ":generateContent"
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set("X-Goog-Api-Key", a.apiKey)
+
+	resp, err := a.client.Do(httpReq)
+	if err != nil {
+		return nil, fmt.Errorf("gemini: image: %w", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode >= 400 {
+		return nil, upstreamErr(resp)
+	}
+	var obj geminiGenResp
+	if err := json.NewDecoder(resp.Body).Decode(&obj); err != nil {
+		return nil, err
+	}
+	r := &ImageResult{}
+	for _, cand := range obj.Candidates {
+		for _, p := range cand.Content.Parts {
+			if p.InlineData != nil && p.InlineData.Data != "" {
+				r.B64s = append(r.B64s, p.InlineData.Data)
+			}
+		}
+	}
+	if len(r.B64s) == 0 {
+		return nil, errors.New("gemini image: empty response")
+	}
+	return r, nil
+}
+
+// Ping 探活:GET /v1beta/models?pageSize=1。
+func (a *geminiAdapter) Ping(ctx context.Context) error {
+	url := a.baseURL + "/v1beta/models?pageSize=1"
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+	if err != nil {
+		return err
+	}
+	httpReq.Header.Set("X-Goog-Api-Key", a.apiKey)
+	resp, err := a.client.Do(httpReq)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode >= 400 {
+		return upstreamErr(resp)
+	}
+	return nil
+}
+
+// ---- helpers ----
+
+// lineReader 是个精简的按行读取器,兼容 SSE 场景(遇到 \n 就返回一行)。
+type lineReader struct {
+	r   io.Reader
+	buf []byte
+}
+
+func newLineReader(r io.Reader) *lineReader { return &lineReader{r: r, buf: make([]byte, 0, 4096)} }
+
+func (l *lineReader) readLine() (string, error) {
+	for {
+		if idx := bytes.IndexByte(l.buf, '\n'); idx >= 0 {
+			line := string(bytes.TrimRight(l.buf[:idx], "\r"))
+			l.buf = l.buf[idx+1:]
+			return line, nil
+		}
+		tmp := make([]byte, 4096)
+		n, err := l.r.Read(tmp)
+		if n > 0 {
+			l.buf = append(l.buf, tmp[:n]...)
+		}
+		if err != nil {
+			if len(l.buf) > 0 {
+				line := string(bytes.TrimRight(l.buf, "\r"))
+				l.buf = nil
+				return line, nil
+			}
+			return "", err
+		}
+	}
+}
diff --git a/internal/upstream/adapter/openai.go b/internal/upstream/adapter/openai.go
new file mode 100644
index 00000000..bb819ff5
--- /dev/null
+++ b/internal/upstream/adapter/openai.go
@@ -0,0 +1,274 @@
+package adapter
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+)
+
+// openaiAdapter 兼容 OpenAI /v1/chat/completions、/v1/images/generations。
+//
+// 许多第三方中转/聚合站(one-api、new-api、deepseek 官方、moonshot 官方、
+// kimi 兼容端点等)都遵循 OpenAI 接口规范,差别只在 BaseURL 和 APIKey。
+// 因此这个适配器同时适用:BaseURL 允许带或不带 /v1 后缀,我们做一次规整。
+type openaiAdapter struct {
+	baseURL string
+	apiKey  string
+	client  *http.Client
+}
+
+// NewOpenAI 构造一个 OpenAI 兼容适配器。
+func NewOpenAI(p Params) *openaiAdapter {
+	base := strings.TrimRight(p.BaseURL, "/")
+	// 自动去尾部的 /v1,底下拼接时再补;用户填 https://api.openai.com 和
+	// https://api.openai.com/v1 都要能用。
+	base = strings.TrimSuffix(base, "/v1")
+	timeout := time.Duration(p.TimeoutS) * time.Second
+	if timeout <= 0 {
+		timeout = 120 * time.Second
+	}
+	return &openaiAdapter{
+		baseURL: base,
+		apiKey:  p.APIKey,
+		client:  &http.Client{Timeout: timeout},
+	}
+}
+
+func (a *openaiAdapter) Type() string { return "openai" }
+
+func (a *openaiAdapter) endpoint(path string) string {
+	return a.baseURL + "/v1" + path
+}
+
+// Chat 发起 OpenAI /v1/chat/completions。流式和非流式都转成统一的 ChatStream。
+func (a *openaiAdapter) Chat(ctx context.Context, upstreamModel string, req *ChatRequest) (ChatStream, error) {
+	payload := map[string]any{
+		"model":    upstreamModel,
+		"messages": req.Messages,
+		"stream":   req.Stream,
+	}
+	if req.Temperature > 0 {
+		payload["temperature"] = req.Temperature
+	}
+	if req.TopP > 0 {
+		payload["top_p"] = req.TopP
+	}
+	if req.MaxTokens > 0 {
+		payload["max_tokens"] = req.MaxTokens
+	}
+	body, _ := json.Marshal(payload)
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		a.endpoint("/chat/completions"), bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set("Authorization", "Bearer "+a.apiKey)
+	if req.Stream {
+		httpReq.Header.Set("Accept", "text/event-stream")
+	}
+
+	resp, err := a.client.Do(httpReq)
+	if err != nil {
+		return nil, fmt.Errorf("openai: request: %w", err)
+	}
+	if resp.StatusCode >= 400 {
+		return nil, upstreamErr(resp)
+	}
+
+	ch := make(chan ChatChunk, 16)
+	if req.Stream {
+		go parseOpenAISSE(resp.Body, ch)
+	} else {
+		go parseOpenAINonStream(resp.Body, ch)
+	}
+	return ch, nil
+}
+
+// parseOpenAISSE 解析 text/event-stream 响应,每行 data: {...}。
+func parseOpenAISSE(body io.ReadCloser, ch chan<- ChatChunk) {
+	defer body.Close()
+	defer close(ch)
+
+	sc := bufio.NewScanner(body)
+	// SSE 单行可能很长,扩大 buffer。
+	buf := make([]byte, 0, 64*1024)
+	sc.Buffer(buf, 4*1024*1024)
+
+	var lastUsage *ChatUsage
+
+	for sc.Scan() {
+		line := sc.Text()
+		if line == "" {
+			continue
+		}
+		if !strings.HasPrefix(line, "data:") {
+			continue
+		}
+		data := strings.TrimSpace(strings.TrimPrefix(line, "data:"))
+		if data == "[DONE]" {
+			break
+		}
+		var obj struct {
+			Choices []struct {
+				Delta struct {
+					Content string `json:"content"`
+				} `json:"delta"`
+				FinishReason *string `json:"finish_reason"`
+			} `json:"choices"`
+			Usage *struct {
+				PromptTokens     int `json:"prompt_tokens"`
+				CompletionTokens int `json:"completion_tokens"`
+				TotalTokens      int `json:"total_tokens"`
+			} `json:"usage"`
+		}
+		if err := json.Unmarshal([]byte(data), &obj); err != nil {
+			continue
+		}
+		if obj.Usage != nil {
+			lastUsage = &ChatUsage{
+				PromptTokens:     obj.Usage.PromptTokens,
+				CompletionTokens: obj.Usage.CompletionTokens,
+				TotalTokens:      obj.Usage.TotalTokens,
+			}
+		}
+		for _, c := range obj.Choices {
+			chunk := ChatChunk{Delta: c.Delta.Content}
+			if c.FinishReason != nil {
+				chunk.FinishReason = *c.FinishReason
+			}
+			ch <- chunk
+		}
+	}
+
+	if lastUsage != nil {
+		ch <- ChatChunk{Usage: lastUsage}
+	}
+	if err := sc.Err(); err != nil && !errors.Is(err, io.EOF) {
+		ch <- ChatChunk{Err: err}
+	}
+}
+
+// parseOpenAINonStream 读整个 JSON 响应,一次吐成 delta + finish_reason。
+func parseOpenAINonStream(body io.ReadCloser, ch chan<- ChatChunk) {
+	defer body.Close()
+	defer close(ch)
+
+	var obj struct {
+		Choices []struct {
+			Message struct {
+				Content string `json:"content"`
+			} `json:"message"`
+			FinishReason string `json:"finish_reason"`
+		} `json:"choices"`
+		Usage struct {
+			PromptTokens     int `json:"prompt_tokens"`
+			CompletionTokens int `json:"completion_tokens"`
+			TotalTokens      int `json:"total_tokens"`
+		} `json:"usage"`
+	}
+	if err := json.NewDecoder(body).Decode(&obj); err != nil {
+		ch <- ChatChunk{Err: fmt.Errorf("openai: decode non-stream: %w", err)}
+		return
+	}
+	if len(obj.Choices) == 0 {
+		ch <- ChatChunk{FinishReason: "stop"}
+		return
+	}
+	c := obj.Choices[0]
+	ch <- ChatChunk{Delta: c.Message.Content, FinishReason: c.FinishReason}
+	ch <- ChatChunk{Usage: &ChatUsage{
+		PromptTokens:     obj.Usage.PromptTokens,
+		CompletionTokens: obj.Usage.CompletionTokens,
+		TotalTokens:      obj.Usage.TotalTokens,
+	}}
+}
+
+// ImageGenerate 调用 /v1/images/generations(DALL·E 3 / gpt-image-1 等)。
+func (a *openaiAdapter) ImageGenerate(ctx context.Context, upstreamModel string, req *ImageRequest) (*ImageResult, error) {
+	n := req.N
+	if n <= 0 {
+		n = 1
+	}
+	size := req.Size
+	if size == "" {
+		size = "1024x1024"
+	}
+	payload := map[string]any{
+		"model":  upstreamModel,
+		"prompt": req.Prompt,
+		"n":      n,
+		"size":   size,
+	}
+	body, _ := json.Marshal(payload)
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		a.endpoint("/images/generations"), bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set("Authorization", "Bearer "+a.apiKey)
+
+	resp, err := a.client.Do(httpReq)
+	if err != nil {
+		return nil, fmt.Errorf("openai: image request: %w", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode >= 400 {
+		return nil, upstreamErr(resp)
+	}
+	var obj struct {
+		Data []struct {
+			URL    string `json:"url"`
+			B64    string `json:"b64_json"`
+		} `json:"data"`
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&obj); err != nil {
+		return nil, fmt.Errorf("openai: image decode: %w", err)
+	}
+	r := &ImageResult{}
+	for _, d := range obj.Data {
+		if d.URL != "" {
+			r.URLs = append(r.URLs, d.URL)
+		}
+		if d.B64 != "" {
+			r.B64s = append(r.B64s, d.B64)
+		}
+	}
+	if len(r.URLs) == 0 && len(r.B64s) == 0 {
+		return nil, errors.New("openai: empty image response")
+	}
+	return r, nil
+}
+
+// Ping 发一次 /v1/models 探活。大部分兼容站都实现了这个端点。
+func (a *openaiAdapter) Ping(ctx context.Context) error {
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodGet,
+		a.endpoint("/models"), nil)
+	if err != nil {
+		return err
+	}
+	httpReq.Header.Set("Authorization", "Bearer "+a.apiKey)
+	resp, err := a.client.Do(httpReq)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode >= 400 {
+		return upstreamErr(resp)
+	}
+	return nil
+}
+
+// upstreamErr 读取响应 body 做简要错误归纳。
+func upstreamErr(resp *http.Response) error {
+	data, _ := io.ReadAll(io.LimitReader(resp.Body, 8*1024))
+	return fmt.Errorf("upstream %d: %s", resp.StatusCode, strings.TrimSpace(string(data)))
+}
diff --git a/internal/upstream/adapter/registry.go b/internal/upstream/adapter/registry.go
new file mode 100644
index 00000000..f28dd5d7
--- /dev/null
+++ b/internal/upstream/adapter/registry.go
@@ -0,0 +1,15 @@
+package adapter
+
+import "fmt"
+
+// New 按 type 构造对应适配器。
+func New(typ string, p Params) (Adapter, error) {
+	switch typ {
+	case "openai":
+		return NewOpenAI(p), nil
+	case "gemini":
+		return NewGemini(p), nil
+	default:
+		return nil, fmt.Errorf("adapter: unsupported type %q", typ)
+	}
+}
diff --git a/internal/upstream/chatgpt/client.go b/internal/upstream/chatgpt/client.go
new file mode 100644
index 00000000..4556879a
--- /dev/null
+++ b/internal/upstream/chatgpt/client.go
@@ -0,0 +1,526 @@
+// Package chatgpt 封装 chatgpt.com 的反向工程调用。
+//
+// 本包不关心调度与计费,只负责一次 HTTP 往返。
+// 调用方(网关)负责:调度器拿 Lease -> 构造 Client -> 发请求 -> 转译响应。
+package chatgpt
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/cookiejar"
+	"net/url"
+	"strings"
+	"time"
+
+	"go.uber.org/zap"
+	"golang.org/x/net/publicsuffix"
+
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+func loggerL() *zap.Logger { return logger.L() }
+
+// 固定请求头(模拟 Chrome 124;客户端版本号可按需更新)。
+const (
+	// UA 对齐 HAR 抓包(Edge 143 / Chromium 143 on Windows 11);必须与
+	// commonHeaders 里的 Sec-Ch-Ua-* 完整套件自洽,否则上游认为指纹冲突。
+	DefaultUserAgent      = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 Edg/143.0.0.0"
+	DefaultClientVersion  = "prod-be885abbfcfe7b1f511e88b3003d9ee44757fbad"
+	DefaultClientBuildNum = "5955942"
+	DefaultLanguage       = "zh-CN"
+	BaseURL               = "https://chatgpt.com"
+)
+
+// Options 构造 Client 的参数。
+type Options struct {
+	BaseURL       string
+	AuthToken     string // 完整 Bearer token(已解密)
+	DeviceID      string
+	SessionID     string
+	ProxyURL      string        // http(s)://user:pass@host:port,为空则直连
+	Timeout       time.Duration // HTTP 总超时,默认 120s
+	SSETimeout    time.Duration // SSE 首 byte 超时,默认 60s
+	Cookies       string        // JSON 字符串(可选),格式 [{"name":"x","value":"y","domain":".chatgpt.com"}]
+	UserAgent     string
+	ClientVersion string
+	Language      string
+
+	// TurnstileSolver 可选。为 nil 时 ChatRequirementsV2 会回退到单步
+	// chat-requirements 流程(TurnstileRequired=true 时直接忽略)。
+	TurnstileSolver TurnstileSolver
+}
+
+// Client 一个账号/代理/device 一次请求的上游客户端。可多次复用(建议 1 次请求 1 个)。
+type Client struct {
+	opts Options
+	hc   *http.Client
+}
+
+// New 构造客户端。
+func New(opt Options) (*Client, error) {
+	if opt.AuthToken == "" {
+		return nil, errors.New("auth_token required")
+	}
+	if opt.DeviceID == "" {
+		return nil, errors.New("device_id required")
+	}
+	if opt.BaseURL == "" {
+		opt.BaseURL = BaseURL
+	}
+	if opt.Timeout == 0 {
+		opt.Timeout = 120 * time.Second
+	}
+	if opt.SSETimeout == 0 {
+		opt.SSETimeout = 60 * time.Second
+	}
+	if opt.UserAgent == "" {
+		opt.UserAgent = DefaultUserAgent
+	}
+	if opt.ClientVersion == "" {
+		opt.ClientVersion = DefaultClientVersion
+	}
+	if opt.Language == "" {
+		opt.Language = DefaultLanguage
+	}
+
+	// 直接用标准 net/http 会被 Cloudflare 按 JA3/JA4 指纹识别出不是浏览器(403 拦截页);
+	// 这里换成 utls-based RoundTripper,ClientHello 伪装成 Chrome 120。
+	// Proxy(HTTP / HTTPS CONNECT)在 transport 内部处理,不再走 http.ProxyURL。
+	tr, err := NewUTLSTransport(opt.ProxyURL, 30*time.Second)
+	if err != nil {
+		return nil, fmt.Errorf("init utls transport: %w", err)
+	}
+
+	jar, _ := cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List})
+	hc := &http.Client{
+		Transport: tr,
+		Timeout:   opt.Timeout, // SSE 场景会关闭该 timeout(见 StreamConversation)
+		Jar:       jar,
+	}
+	if opt.Cookies != "" {
+		_ = loadCookies(jar, opt.BaseURL, opt.Cookies)
+	}
+	return &Client{opts: opt, hc: hc}, nil
+}
+
+// loadCookies 把 JSON cookies 加载到 jar。
+func loadCookies(jar http.CookieJar, base, raw string) error {
+	var list []struct {
+		Name   string `json:"name"`
+		Value  string `json:"value"`
+		Domain string `json:"domain"`
+		Path   string `json:"path"`
+	}
+	if err := json.Unmarshal([]byte(raw), &list); err != nil {
+		return err
+	}
+	u, err := url.Parse(base)
+	if err != nil {
+		return err
+	}
+	cs := make([]*http.Cookie, 0, len(list))
+	for _, c := range list {
+		if c.Name == "" || c.Value == "" {
+			continue
+		}
+		path := c.Path
+		if path == "" {
+			path = "/"
+		}
+		cs = append(cs, &http.Cookie{Name: c.Name, Value: c.Value, Domain: c.Domain, Path: path})
+	}
+	jar.SetCookies(u, cs)
+	return nil
+}
+
+// commonHeaders 设置所有 chatgpt.com 请求通用的头。
+//
+// 对齐真实浏览器(Edge 143 @ Windows)抓包:除了 PoW/turnstile 这类 sentinel 头
+// 由具体端点自己加,其他客户端指纹头、Oai-* 头、sec-ch-ua 完整套件、
+// X-Openai-Target-Path/Route 都在这里统一设置。X-Oai-Turn-Trace-Id 是"每 turn 一个"
+// 的 UUID,由具体发送函数(StreamFChat / StreamFConversation)自己随机生成,
+// 这里只填固定的。
+//
+// 真正的指纹差异在 HTTP/2 SETTINGS frame(JA4H),已在 utls_transport.go 中用
+// forceH1 强制走 http/1.1 规避。
+func (c *Client) commonHeaders(req *http.Request) {
+	req.Header.Set("Authorization", "Bearer "+c.opts.AuthToken)
+	req.Header.Set("User-Agent", c.opts.UserAgent)
+	req.Header.Set("Origin", c.opts.BaseURL)
+	req.Header.Set("Referer", c.opts.BaseURL+"/")
+	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6")
+	// 不设置 Accept-Encoding:Go net/http 会自动加 `Accept-Encoding: gzip` 并透明解压。
+	// 若主动声明 br/zstd,Go 不会解压,body 会是压缩字节,SSE / JSON 解析全坏。
+	// sec-ch-ua 完整套件(Edge 143 on Windows 11):真实浏览器每次都会带这整套,
+	// 少其中任何一项都可能触发 bot 指纹识别。保持与 DefaultUserAgent 对齐。
+	req.Header.Set("Sec-Ch-Ua", `"Microsoft Edge";v="143", "Chromium";v="143", "Not A(Brand";v="24"`)
+	req.Header.Set("Sec-Ch-Ua-Arch", `"x86"`)
+	req.Header.Set("Sec-Ch-Ua-Bitness", `"64"`)
+	req.Header.Set("Sec-Ch-Ua-Full-Version", `"143.0.3650.96"`)
+	req.Header.Set("Sec-Ch-Ua-Full-Version-List",
+		`"Microsoft Edge";v="143.0.3650.96", "Chromium";v="143.0.7499.147", "Not A(Brand";v="24.0.0.0"`)
+	req.Header.Set("Sec-Ch-Ua-Mobile", "?0")
+	req.Header.Set("Sec-Ch-Ua-Model", `""`)
+	req.Header.Set("Sec-Ch-Ua-Platform", `"Windows"`)
+	req.Header.Set("Sec-Ch-Ua-Platform-Version", `"19.0.0"`)
+	req.Header.Set("Sec-Fetch-Dest", "empty")
+	req.Header.Set("Sec-Fetch-Mode", "cors")
+	req.Header.Set("Sec-Fetch-Site", "same-origin")
+	req.Header.Set("Cache-Control", "no-cache")
+	req.Header.Set("Pragma", "no-cache")
+	req.Header.Set("Priority", "u=1, i")
+	// Oai-* 头:真实浏览器每请求必带。
+	req.Header.Set("Oai-Device-Id", c.opts.DeviceID)
+	if c.opts.SessionID != "" {
+		req.Header.Set("Oai-Session-Id", c.opts.SessionID)
+	}
+	req.Header.Set("Oai-Language", c.opts.Language)
+	req.Header.Set("Oai-Client-Version", c.opts.ClientVersion)
+	req.Header.Set("Oai-Client-Build-Number", DefaultClientBuildNum)
+	// X-Openai-Target-Path / Route:真实浏览器每请求必带,值就是请求 URL 的 path
+	// (不含 query)。Route 通常是带占位符的形式(例如 /files/download/{file_id}),
+	// 但后端对两个字段都是相等比较,填成 Path 也不触发 400;先统一 Path,以后
+	// 发现特定端点报错再单独覆盖。
+	if p := req.URL.Path; p != "" {
+		req.Header.Set("X-Openai-Target-Path", p)
+		req.Header.Set("X-Openai-Target-Route", p)
+	}
+	// Accept 默认值在各 endpoint 函数里会覆盖(比如 SSE 设成 text/event-stream)。
+	if req.Header.Get("Accept") == "" {
+		req.Header.Set("Accept", "*/*")
+	}
+}
+
+// UpstreamError 是一次 chatgpt.com 请求失败的结构化错误。
+type UpstreamError struct {
+	Status  int
+	Message string
+	Body    string
+}
+
+func (e *UpstreamError) Error() string {
+	return fmt.Sprintf("chatgpt upstream %d: %s", e.Status, e.Message)
+}
+
+// IsRateLimited 对应 HTTP 429 / 资源耗尽。
+func (e *UpstreamError) IsRateLimited() bool { return e.Status == 429 }
+
+// IsUnauthorized 对应 401 / 403(token 失效 / 风控封号)。
+func (e *UpstreamError) IsUnauthorized() bool { return e.Status == 401 || e.Status == 403 }
+
+// ChatRequirementsResp 对应响应(仅摘取关键字段)。
+type ChatRequirementsResp struct {
+	Token string `json:"token"` // chat_token
+	// Persona 常见取值:"chatgpt-freeaccount"(免费号)/ "chatgpt-paid"(Plus/Team)
+	//              / "chatgpt-noauth"(未登录)
+	// 免费号对高级模型(gpt-5 等)会静默不生成,必须把 upstream model 退化到 "auto"
+	// 由上游自己挑,否则 SSE 只会拿到一条 hidden system preamble 就结束。
+	Persona     string `json:"persona"`
+	Proofofwork struct {
+		Required   bool   `json:"required"`
+		Seed       string `json:"seed"`
+		Difficulty string `json:"difficulty"`
+	} `json:"proofofwork"`
+	Turnstile struct {
+		Required bool `json:"required"`
+	} `json:"turnstile"`
+}
+
+// IsFreeAccount 判断当前账号是否为免费号(persona=chatgpt-freeaccount)。
+func (r *ChatRequirementsResp) IsFreeAccount() bool {
+	return r.Persona == "chatgpt-freeaccount"
+}
+
+// SolveProof 求解 POW,返回要放进 `Openai-Sentinel-Proof-Token` 的字符串。
+// 若 Proofofwork.Required=false,返回空串。
+func (r *ChatRequirementsResp) SolveProof(userAgent string) string {
+	if !r.Proofofwork.Required {
+		return ""
+	}
+	return SolveProofToken(r.Proofofwork.Seed, r.Proofofwork.Difficulty, userAgent)
+}
+
+// Bootstrap 模拟浏览器首次打开 chatgpt.com 的 GET /,让 cookie jar 收下
+// Cloudflare 的 `__cf_bm` / `_cfuvid` 与 OpenAI 的 `oai-did` 等 cookie。
+//
+// 关键作用:没有这些 cookie 时,chat-requirements 会直接要求 Turnstile(即使
+// Bearer 合法),所以建议在每次新建 Client 后先调一次 Bootstrap,或者在
+// ChatRequirements 内部第一次请求前自动调一次。
+// 多次调用是幂等的(HTTP 200/3xx 均视为成功)。
+func (c *Client) Bootstrap(ctx context.Context) error {
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, c.opts.BaseURL+"/", nil)
+	if err != nil {
+		return err
+	}
+	req.Header.Set("User-Agent", c.opts.UserAgent)
+	req.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8")
+	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6")
+	req.Header.Set("Sec-Ch-Ua", `"Microsoft Edge";v="143", "Chromium";v="143", "Not A(Brand";v="24"`)
+	req.Header.Set("Sec-Ch-Ua-Mobile", "?0")
+	req.Header.Set("Sec-Ch-Ua-Platform", `"Windows"`)
+	req.Header.Set("Sec-Fetch-Dest", "document")
+	req.Header.Set("Sec-Fetch-Mode", "navigate")
+	req.Header.Set("Sec-Fetch-Site", "none")
+	req.Header.Set("Sec-Fetch-User", "?1")
+	req.Header.Set("Upgrade-Insecure-Requests", "1")
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return fmt.Errorf("bootstrap GET /: %w", err)
+	}
+	defer res.Body.Close()
+	_, _ = io.Copy(io.Discard, res.Body)
+	if res.StatusCode >= 500 {
+		return &UpstreamError{Status: res.StatusCode, Message: "bootstrap failed"}
+	}
+	return nil
+}
+
+// ChatRequirements 取 chat_token。
+// 请求体必须带 `p` = 客户端预算的 requirements_token(前缀 gAAAAAC,固定难度 0fffff)。
+// 否则上游会返回空 token 或 403。
+func (c *Client) ChatRequirements(ctx context.Context) (*ChatRequirementsResp, error) {
+	// 首次请求前顺手做一次浏览器首访,拿 __cf_bm / oai-did,避免 Turnstile。
+	// jar 已经持有过则这次 GET 其实是 200,代价就是一个 RTT,可以接受。
+	if err := c.Bootstrap(ctx); err != nil {
+		// 拿不到 cookie 不致命,继续往下走;真不行再让 chat-requirements 自己报错。
+		_ = err
+	}
+	reqToken := NewPOWConfig(c.opts.UserAgent).RequirementsToken()
+	body, _ := json.Marshal(map[string]string{"p": reqToken})
+	req, err := http.NewRequestWithContext(ctx,
+		http.MethodPost,
+		c.opts.BaseURL+"/backend-api/sentinel/chat-requirements",
+		strings.NewReader(string(body)))
+	if err != nil {
+		return nil, err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Content-Type", "application/json")
+
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	buf, _ := io.ReadAll(res.Body)
+	if res.StatusCode >= 400 {
+		return nil, &UpstreamError{Status: res.StatusCode, Message: "chat-requirements failed", Body: string(buf)}
+	}
+	var out ChatRequirementsResp
+	if err := json.Unmarshal(buf, &out); err != nil {
+		return nil, fmt.Errorf("decode chat-requirements: %w", err)
+	}
+	// 诊断用:打印完整 body(含 turnstile / proofofwork / arkose 字段)。
+	// 稳定后可改成 Debug 或删除。
+	if logger := loggerL(); logger != nil {
+		bodyStr := string(buf)
+		if len(bodyStr) > 800 {
+			bodyStr = bodyStr[:800] + "..."
+		}
+		logger.Info("chat-requirements raw body",
+			zap.String("body", bodyStr),
+			zap.Bool("turnstile_required", out.Turnstile.Required),
+			zap.Bool("pow_required", out.Proofofwork.Required),
+			zap.String("token_prefix", truncatePrefix(out.Token, 16)))
+	}
+	return &out, nil
+}
+
+func truncatePrefix(s string, n int) string {
+	if len(s) <= n {
+		return s
+	}
+	return s[:n] + "..."
+}
+
+// ChatRequirementsPrepareResp 是 /sentinel/chat-requirements/prepare 的响应。
+//
+// 浏览器在每个 turn 前先调 prepare 拿到 challenge(turnstile.dx + pow.seed/difficulty),
+// 本地计算后再调 finalize 拿最终 chat-requirements-token。我们 Go 端没法解
+// turnstile(Cloudflare 混淆 JS + WASM),所以 solver 未配置时需要回退到老的
+// 单步 /sentinel/chat-requirements 端点(见 ChatRequirementsV2)。
+type ChatRequirementsPrepareResp struct {
+	Persona      string `json:"persona"`
+	PrepareToken string `json:"prepare_token"`
+	Turnstile    struct {
+		Required bool   `json:"required"`
+		DX       string `json:"dx"`
+	} `json:"turnstile"`
+	Proofofwork struct {
+		Required   bool   `json:"required"`
+		Seed       string `json:"seed"`
+		Difficulty string `json:"difficulty"`
+	} `json:"proofofwork"`
+}
+
+// ChatRequirementsPrepare 调 /backend-api/sentinel/chat-requirements/prepare。
+// 请求体里的 `p` 字段仍是 18 元素 PoW(前缀 gAAAAAC),和老的单步接口同款。
+func (c *Client) ChatRequirementsPrepare(ctx context.Context) (*ChatRequirementsPrepareResp, error) {
+	reqToken := NewPOWConfig(c.opts.UserAgent).RequirementsToken()
+	body, _ := json.Marshal(map[string]string{"p": reqToken})
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		c.opts.BaseURL+"/backend-api/sentinel/chat-requirements/prepare",
+		strings.NewReader(string(body)))
+	if err != nil {
+		return nil, err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Content-Type", "application/json")
+
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	buf, _ := io.ReadAll(res.Body)
+	if res.StatusCode >= 400 {
+		return nil, &UpstreamError{Status: res.StatusCode, Message: "chat-requirements/prepare failed", Body: string(buf)}
+	}
+	var out ChatRequirementsPrepareResp
+	if err := json.Unmarshal(buf, &out); err != nil {
+		return nil, fmt.Errorf("decode chat-requirements/prepare: %w", err)
+	}
+	return &out, nil
+}
+
+// ChatRequirementsFinalize 调 /backend-api/sentinel/chat-requirements/finalize。
+// 入参:prepare_token(来自 Prepare),proofofwork(本地解,13 元素),
+// turnstileResp(通常由 TurnstileSolver 提供;没有则传空串,上游可能拒绝)。
+// 返回最终的 chat-requirements-token。
+func (c *Client) ChatRequirementsFinalize(
+	ctx context.Context,
+	prepareToken, proofofwork, turnstileResp string,
+) (string, string, error) {
+	payload := map[string]interface{}{
+		"prepare_token": prepareToken,
+	}
+	if proofofwork != "" {
+		payload["proofofwork"] = proofofwork
+	}
+	if turnstileResp != "" {
+		payload["turnstile"] = turnstileResp
+	}
+	body, _ := json.Marshal(payload)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		c.opts.BaseURL+"/backend-api/sentinel/chat-requirements/finalize",
+		strings.NewReader(string(body)))
+	if err != nil {
+		return "", "", err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Content-Type", "application/json")
+
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return "", "", err
+	}
+	defer res.Body.Close()
+	buf, _ := io.ReadAll(res.Body)
+	if res.StatusCode >= 400 {
+		return "", "", &UpstreamError{Status: res.StatusCode, Message: "chat-requirements/finalize failed", Body: string(buf)}
+	}
+	var out struct {
+		Persona string `json:"persona"`
+		Token   string `json:"token"`
+	}
+	if err := json.Unmarshal(buf, &out); err != nil {
+		return "", "", fmt.Errorf("decode chat-requirements/finalize: %w", err)
+	}
+	return out.Token, out.Persona, nil
+}
+
+// ChatRequirementsV2 是 sentinel 协议的新统一入口。
+//
+// 路由逻辑:
+//  1. 先调 /prepare 拿 challenge;
+//  2. 若返回 turnstile.required=false,直接把 prepare_token 走 finalize 拿最终 token;
+//  3. 若 turnstile.required=true:
+//     a. 当 opts.TurnstileSolver != nil → solver.Solve(dx),然后走 finalize;
+//     b. 当 solver 为 nil → **回退到老的单步 chat-requirements**,保持向后兼容。
+//
+// 返回值与老的 ChatRequirements 保持一致,方便调用方无痛切换。
+//
+// 调用前请先 Bootstrap()。
+func (c *Client) ChatRequirementsV2(ctx context.Context) (*ChatRequirementsResp, error) {
+	prep, err := c.ChatRequirementsPrepare(ctx)
+	if err != nil {
+		// prepare 本身失败时,不再尝试 finalize,直接回退到单步接口。
+		// 这样新协议上游未开启时也不会阻塞业务。
+		if logger := loggerL(); logger != nil {
+			logger.Warn("chat-requirements/prepare failed, fallback to single-step",
+				zap.Error(err))
+		}
+		return c.ChatRequirements(ctx)
+	}
+
+	// 组装回退用的伪 Resp(即使后面走 finalize,也要把这些字段透传出去)
+	resp := &ChatRequirementsResp{Persona: prep.Persona}
+	resp.Turnstile.Required = prep.Turnstile.Required
+	resp.Proofofwork.Required = prep.Proofofwork.Required
+	resp.Proofofwork.Seed = prep.Proofofwork.Seed
+	resp.Proofofwork.Difficulty = prep.Proofofwork.Difficulty
+
+	// 本地解 PoW(header 里用的 proof_token 与 finalize 里的 proofofwork 同款)
+	var proof string
+	if prep.Proofofwork.Required {
+		proof = SolveProofToken(prep.Proofofwork.Seed, prep.Proofofwork.Difficulty, c.opts.UserAgent)
+	}
+
+	// Turnstile 路由
+	var turnstileResp string
+	if prep.Turnstile.Required {
+		if c.opts.TurnstileSolver != nil {
+			sCtx, cancel := context.WithTimeout(ctx, 30*time.Second)
+			defer cancel()
+			out, solveErr := c.opts.TurnstileSolver.Solve(sCtx, prep.Turnstile.DX)
+			if solveErr != nil || out == "" {
+				if logger := loggerL(); logger != nil {
+					logger.Warn("turnstile solver failed, fallback to single-step chat-requirements",
+						zap.Error(solveErr))
+				}
+				return c.ChatRequirements(ctx)
+			}
+			turnstileResp = out
+		} else {
+			// 没配 solver,直接回退单步
+			if logger := loggerL(); logger != nil {
+				logger.Info("turnstile required but no solver configured, fallback to single-step")
+			}
+			return c.ChatRequirements(ctx)
+		}
+	}
+
+	// finalize 拿真正 token
+	token, persona, err := c.ChatRequirementsFinalize(ctx, prep.PrepareToken, proof, turnstileResp)
+	if err != nil {
+		if logger := loggerL(); logger != nil {
+			logger.Warn("chat-requirements/finalize failed, fallback to single-step",
+				zap.Error(err))
+		}
+		return c.ChatRequirements(ctx)
+	}
+	resp.Token = token
+	if persona != "" {
+		resp.Persona = persona
+	}
+	if logger := loggerL(); logger != nil {
+		logger.Info("chat-requirements two-step ok",
+			zap.String("persona", resp.Persona),
+			zap.Bool("turnstile_required", prep.Turnstile.Required),
+			zap.Bool("pow_required", prep.Proofofwork.Required),
+			zap.Int("token_len", len(token)),
+		)
+	}
+	return resp, nil
+}
+
+// SSEEvent 单条 SSE 数据。
+type SSEEvent struct {
+	Event string
+	Data  []byte
+	Err   error
+}
diff --git a/internal/upstream/chatgpt/conversation.go b/internal/upstream/chatgpt/conversation.go
new file mode 100644
index 00000000..26d249ce
--- /dev/null
+++ b/internal/upstream/chatgpt/conversation.go
@@ -0,0 +1,203 @@
+package chatgpt
+
+import (
+	"bufio"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+// ChatMessage 是 OpenAI 风格的一条消息。
+type ChatMessage struct {
+	Role    string `json:"role"`
+	Content string `json:"content"`
+}
+
+// ConversationOpts 是 StreamConversation 的参数。
+type ConversationOpts struct {
+	Model         string        // 上游模型 slug(如 auto / gpt-4o / o4-mini)
+	Messages      []ChatMessage // OpenAI 风格消息
+	ParentMsgID   string        // 可选,为空自动生成
+	ConvID        string        // 可选,为空则新会话
+	ProofToken    string        // 可选,POW 解出后填入
+	ChatToken     string        // 必传(来自 ChatRequirements)
+	ReadTimeout   time.Duration // SSE 读超时(单次事件间隔),默认 60s
+}
+
+// conversationPayload 对齐 chatgpt.com 请求体(文本模式)。
+type conversationPayload struct {
+	Action                     string                 `json:"action"`
+	Messages                   []upstreamMsg          `json:"messages"`
+	ParentMessageID            string                 `json:"parent_message_id"`
+	ConversationID             string                 `json:"conversation_id,omitempty"`
+	Model                      string                 `json:"model"`
+	TimezoneOffsetMin          int                    `json:"timezone_offset_min"`
+	Suggestions                []string               `json:"suggestions"`
+	HistoryAndTrainingDisabled bool                   `json:"history_and_training_disabled"`
+	ConversationMode           map[string]interface{} `json:"conversation_mode"`
+	ForceParagen               bool                   `json:"force_paragen"`
+	ForceParagenModelSlug      string                 `json:"force_paragen_model_slug"`
+	ForceNulligen              bool                   `json:"force_nulligen"`
+	ForceRateLimit             bool                   `json:"force_rate_limit"`
+	WebsocketRequestID         string                 `json:"websocket_request_id"`
+	ClientContextualInfo       map[string]interface{} `json:"client_contextual_info,omitempty"`
+	PluginIDs                  []string               `json:"plugin_ids,omitempty"`
+}
+
+type upstreamMsg struct {
+	ID       string            `json:"id"`
+	Author   upstreamAuthor    `json:"author"`
+	Content  upstreamContent   `json:"content"`
+	Metadata map[string]any    `json:"metadata,omitempty"`
+	CreateTime float64 `json:"create_time,omitempty"`
+}
+
+type upstreamAuthor struct {
+	Role string `json:"role"`
+}
+
+type upstreamContent struct {
+	ContentType string   `json:"content_type"`
+	Parts       []string `json:"parts"`
+}
+
+// StreamConversation 向 /backend-api/conversation 发 SSE,返回事件 channel。
+// 调用方必须消费完 channel(或 cancel ctx)以释放连接。
+func (c *Client) StreamConversation(ctx context.Context, opt ConversationOpts) (<-chan SSEEvent, error) {
+	if opt.ChatToken == "" {
+		return nil, errors.New("chat_token required")
+	}
+	if opt.Model == "" {
+		opt.Model = "auto"
+	}
+	if opt.ParentMsgID == "" {
+		opt.ParentMsgID = uuid.NewString()
+	}
+	if opt.ReadTimeout == 0 {
+		opt.ReadTimeout = c.opts.SSETimeout
+	}
+
+	payload := conversationPayload{
+		Action:                     "next",
+		Model:                      opt.Model,
+		ParentMessageID:            opt.ParentMsgID,
+		ConversationID:             opt.ConvID,
+		TimezoneOffsetMin:          -480, // UTC+8
+		HistoryAndTrainingDisabled: false,
+		ConversationMode:           map[string]interface{}{"kind": "primary_assistant"},
+		WebsocketRequestID:         uuid.NewString(),
+	}
+	for _, m := range opt.Messages {
+		payload.Messages = append(payload.Messages, upstreamMsg{
+			ID:      uuid.NewString(),
+			Author:  upstreamAuthor{Role: m.Role},
+			Content: upstreamContent{ContentType: "text", Parts: []string{m.Content}},
+			CreateTime: float64(time.Now().Unix()),
+		})
+	}
+
+	body, _ := json.Marshal(payload)
+	req, err := http.NewRequestWithContext(ctx,
+		http.MethodPost,
+		c.opts.BaseURL+"/backend-api/conversation",
+		strings.NewReader(string(body)))
+	if err != nil {
+		return nil, err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "text/event-stream")
+	req.Header.Set("Openai-Sentinel-Chat-Requirements-Token", opt.ChatToken)
+	if opt.ProofToken != "" {
+		req.Header.Set("Openai-Sentinel-Proof-Token", opt.ProofToken)
+	}
+
+	// 对 SSE 请求取消客户端整体 timeout,改为 per-event 读超时控制。
+	localClient := *c.hc
+	localClient.Timeout = 0
+
+	res, err := localClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	if res.StatusCode >= 400 {
+		buf, _ := io.ReadAll(res.Body)
+		res.Body.Close()
+		return nil, &UpstreamError{Status: res.StatusCode, Message: "conversation failed", Body: string(buf)}
+	}
+
+	out := make(chan SSEEvent, 32)
+	go parseSSE(res.Body, out, opt.ReadTimeout)
+	return out, nil
+}
+
+// parseSSE 读取 SSE 流,把每个 data: 事件推入 channel。
+// chatgpt.com 的事件格式:
+//   event: delta\n
+//   data: {"p":"...","o":"append","v":"..."}\n\n
+//
+//   data: [DONE]\n\n
+func parseSSE(r io.ReadCloser, out chan<- SSEEvent, _ time.Duration) {
+	defer r.Close()
+	defer close(out)
+
+	rd := bufio.NewReaderSize(r, 32*1024)
+	var event string
+	var dataBuf strings.Builder
+
+	flush := func() {
+		if dataBuf.Len() == 0 {
+			event = ""
+			return
+		}
+		data := strings.TrimRight(dataBuf.String(), "\n")
+		dataBuf.Reset()
+		out <- SSEEvent{Event: event, Data: []byte(data)}
+		event = ""
+	}
+
+	for {
+		line, err := rd.ReadString('\n')
+		if err != nil {
+			if err != io.EOF {
+				out <- SSEEvent{Err: fmt.Errorf("sse read: %w", err)}
+			} else {
+				flush()
+			}
+			return
+		}
+		line = strings.TrimRight(line, "\r\n")
+		if line == "" {
+			// 事件边界
+			flush()
+			continue
+		}
+		if strings.HasPrefix(line, ":") {
+			// 注释/心跳,忽略
+			continue
+		}
+		if strings.HasPrefix(line, "event:") {
+			event = strings.TrimSpace(strings.TrimPrefix(line, "event:"))
+			continue
+		}
+		if strings.HasPrefix(line, "data:") {
+			s := strings.TrimPrefix(line, "data:")
+			if len(s) > 0 && s[0] == ' ' {
+				s = s[1:]
+			}
+			if dataBuf.Len() > 0 {
+				dataBuf.WriteByte('\n')
+			}
+			dataBuf.WriteString(s)
+			continue
+		}
+		// 其他行忽略
+	}
+}
diff --git a/internal/upstream/chatgpt/fchat.go b/internal/upstream/chatgpt/fchat.go
new file mode 100644
index 00000000..6e397e5d
--- /dev/null
+++ b/internal/upstream/chatgpt/fchat.go
@@ -0,0 +1,252 @@
+// fchat.go —— 文字聊天走 /backend-api/f/conversation 新协议。
+//
+// 背景:chatgpt.com 近期新账号在老 /backend-api/conversation 端点上会直接
+// 回一条 author=system、content 为空、status=finished_successfully 的消息,
+// 等同于"被静默拒绝"。对齐浏览器抓包与社区维护的 OpenaiChat provider,
+// 文字聊天正确顺序是:
+//
+//	1. GET /                            → 拿 __cf_bm / oai-did / _cfuvid cookie
+//	2. sentinel/chat-requirements       → 拿 chat_token + proofofwork 挑战
+//	3. f/conversation/prepare           → 带 chat_token(!) + proof_token,拿 conduit_token
+//	4. f/conversation (SSE)             → 带 chat_token + proof_token + conduit_token
+//
+// 要点:prepare 必须在 chat-requirements 之后,并且要把 `openai-sentinel-chat-
+// requirements-token` 带进 header。不调用 /backend-api/conversation/init,
+// 该端点在免费/新账号上会直接 404。
+
+package chatgpt
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+// FChatOpts 是 StreamFChat 的入参。
+type FChatOpts struct {
+	UpstreamModel string        // 默认 "auto"
+	Messages      []ChatMessage // OpenAI 风格
+	ChatToken     string        // 必传(StreamFChat 时,PrepareFChat 不需要)
+	ProofToken    string        // 可选
+	ConduitToken  string        // 可选(PrepareFChat 返回)
+	ConvID        string        // 复用会话时传
+	ParentMsgID   string        // 复用会话时传 GetConversationHead 结果
+	SSETimeout    time.Duration // 默认 120s
+}
+
+// PrepareFChat 对 /backend-api/f/conversation/prepare 发一条文字 prepare,返回 conduit_token。
+//
+// payload 严格对齐浏览器抓包(HAR 中 /f/conversation/prepare 请求):
+//   - client_prepare_state: "success"
+//   - fork_from_shared_post: false
+//   - partial_query: 一条完整的 user message(id+author+content),不是空字符串
+//   - system_hints: []  ← text 通路是空数组(注意:image 通路是 ["picture_v2"])
+//   - client_contextual_info: { "app_name": "chatgpt.com" }  ← prepare 只带 app_name
+//
+// header 带 Openai-Sentinel-Chat-Requirements-Token(必须)+ 可选 Proof-Token。
+func (c *Client) PrepareFChat(ctx context.Context, opt FChatOpts) (string, error) {
+	if opt.ChatToken == "" {
+		return "", errors.New("chat_token required for prepare")
+	}
+	if opt.UpstreamModel == "" {
+		opt.UpstreamModel = "auto"
+	}
+	if len(opt.Messages) == 0 {
+		return "", errors.New("messages required")
+	}
+	if opt.ParentMsgID == "" {
+		opt.ParentMsgID = uuid.NewString()
+	}
+
+	// partial_query 用最后一条 user message。浏览器的做法是"用户一输完字就发
+	// prepare",此时还没 send,所以 partial_query = 当前正在输入的内容。
+	var userPart string
+	for i := len(opt.Messages) - 1; i >= 0; i-- {
+		if opt.Messages[i].Role == "user" {
+			userPart = opt.Messages[i].Content
+			break
+		}
+	}
+
+	payload := map[string]interface{}{
+		"action":                "next",
+		"fork_from_shared_post": false,
+		"parent_message_id":     opt.ParentMsgID,
+		"model":                 opt.UpstreamModel,
+		"client_prepare_state":  "success",
+		"timezone_offset_min":   -480,
+		"timezone":              "Asia/Shanghai",
+		"conversation_mode":     map[string]string{"kind": "primary_assistant"},
+		"system_hints":          []string{},
+		"partial_query": map[string]interface{}{
+			"id":     uuid.NewString(),
+			"author": map[string]string{"role": "user"},
+			"content": map[string]interface{}{
+				"content_type": "text",
+				"parts":        []string{userPart},
+			},
+		},
+		"supports_buffering":  true,
+		"supported_encodings": []string{"v1"},
+		"client_contextual_info": map[string]interface{}{
+			"app_name": "chatgpt.com",
+		},
+	}
+	if opt.ConvID != "" {
+		payload["conversation_id"] = opt.ConvID
+	}
+	body, _ := json.Marshal(payload)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		c.opts.BaseURL+"/backend-api/f/conversation/prepare",
+		strings.NewReader(string(body)))
+	if err != nil {
+		return "", err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "*/*")
+	req.Header.Set("Openai-Sentinel-Chat-Requirements-Token", opt.ChatToken)
+	if opt.ProofToken != "" {
+		req.Header.Set("Openai-Sentinel-Proof-Token", opt.ProofToken)
+	}
+
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer res.Body.Close()
+	buf, _ := io.ReadAll(res.Body)
+	if res.StatusCode >= 400 {
+		return "", &UpstreamError{Status: res.StatusCode, Message: "f/conversation/prepare failed", Body: string(buf)}
+	}
+	var out struct {
+		ConduitToken string `json:"conduit_token"`
+	}
+	_ = json.Unmarshal(buf, &out)
+	return out.ConduitToken, nil
+}
+
+// StreamFChat 发起一次文字 f/conversation SSE。
+// 调用前请确保:新会话场景先调用 InitConversation(ctx)(空 system_hints)。
+func (c *Client) StreamFChat(ctx context.Context, opt FChatOpts) (<-chan SSEEvent, error) {
+	if opt.ChatToken == "" {
+		return nil, errors.New("chat_token required")
+	}
+	if opt.UpstreamModel == "" {
+		opt.UpstreamModel = "auto"
+	}
+	if len(opt.Messages) == 0 {
+		return nil, errors.New("messages required")
+	}
+	if opt.ParentMsgID == "" {
+		opt.ParentMsgID = uuid.NewString()
+	}
+	if opt.SSETimeout == 0 {
+		opt.SSETimeout = 120 * time.Second
+	}
+
+	// messages[].metadata 严格对齐 HAR 抓包的 **text 通路**:
+	//   developer_mode_connector_ids / selected_sources / selected_github_repos /
+	//   selected_all_github_repos / serialization_metadata
+	// 其中 **selected_sources 只有 text 通路有,image 通路没有**;反之
+	// system_hints: ["picture_v2"] 只有 image 通路有,text 完全不写这个 key。
+	// 写错会导致上游认为客户端类型不匹配,触发 silent rejection。
+	msgs := make([]map[string]interface{}, 0, len(opt.Messages))
+	for _, m := range opt.Messages {
+		msgs = append(msgs, map[string]interface{}{
+			"id":          uuid.NewString(),
+			"author":      map[string]string{"role": m.Role},
+			"create_time": float64(time.Now().UnixMilli()) / 1000.0,
+			"content":     map[string]interface{}{"content_type": "text", "parts": []string{m.Content}},
+			"metadata": map[string]interface{}{
+				"developer_mode_connector_ids": []interface{}{},
+				"selected_sources":             []interface{}{},
+				"selected_github_repos":        []interface{}{},
+				"selected_all_github_repos":    false,
+				"serialization_metadata": map[string]interface{}{
+					"custom_symbol_offsets": []interface{}{},
+				},
+			},
+		})
+	}
+
+	// 顶层 payload 对齐 HAR /f/conversation 抓包(text 通路):
+	//   client_prepare_state: "sent"            ← prepare 已发过一次
+	//   system_hints: []                         ← text 空数组
+	//   force_parallel_switch: "auto"            ← 必带
+	//   client_contextual_info: 7 个字段 + app_name
+	payload := map[string]interface{}{
+		"action":                   "next",
+		"messages":                 msgs,
+		"parent_message_id":        opt.ParentMsgID,
+		"model":                    opt.UpstreamModel,
+		"client_prepare_state":     "sent",
+		"timezone_offset_min":      -480,
+		"timezone":                 "Asia/Shanghai",
+		"conversation_mode":        map[string]string{"kind": "primary_assistant"},
+		"enable_message_followups": true,
+		"system_hints":             []string{},
+		"supports_buffering":       true,
+		"supported_encodings":      []string{"v1"},
+		"client_contextual_info": map[string]interface{}{
+			"is_dark_mode":      false,
+			"time_since_loaded": 1200,
+			"page_height":       1072,
+			"page_width":        1724,
+			"pixel_ratio":       1.2,
+			"screen_height":     1440,
+			"screen_width":      2560,
+			"app_name":          "chatgpt.com",
+		},
+		"paragen_cot_summary_display_override": "allow",
+		"force_parallel_switch":                "auto",
+	}
+	// 只有已有会话才带 conversation_id;新会话完全不带这个 key(对齐浏览器抓包)。
+	if opt.ConvID != "" {
+		payload["conversation_id"] = opt.ConvID
+	}
+	body, _ := json.Marshal(payload)
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		c.opts.BaseURL+"/backend-api/f/conversation",
+		strings.NewReader(string(body)))
+	if err != nil {
+		return nil, err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "text/event-stream")
+	// X-Oai-Turn-Trace-Id:真实浏览器每 turn 一个新 UUID。风控会据此做请求配对
+	// (prepare 与 finalize / f-prepare 与 f-conversation 的 trace 对得上)。
+	req.Header.Set("X-Oai-Turn-Trace-Id", uuid.NewString())
+	req.Header.Set("Openai-Sentinel-Chat-Requirements-Token", opt.ChatToken)
+	if opt.ProofToken != "" {
+		req.Header.Set("Openai-Sentinel-Proof-Token", opt.ProofToken)
+	}
+	if opt.ConduitToken != "" {
+		req.Header.Set("X-Conduit-Token", opt.ConduitToken)
+	}
+
+	local := *c.hc
+	local.Timeout = 0
+
+	res, err := local.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	if res.StatusCode >= 400 {
+		buf, _ := io.ReadAll(res.Body)
+		res.Body.Close()
+		return nil, &UpstreamError{Status: res.StatusCode, Message: "f/conversation(chat) failed", Body: string(buf)}
+	}
+	out := make(chan SSEEvent, 64)
+	go parseSSE(res.Body, out, opt.SSETimeout)
+	return out, nil
+}
+
diff --git a/internal/upstream/chatgpt/files.go b/internal/upstream/chatgpt/files.go
new file mode 100644
index 00000000..931f14e4
--- /dev/null
+++ b/internal/upstream/chatgpt/files.go
@@ -0,0 +1,265 @@
+// files.go —— chatgpt.com 文件上传协议,图生图/图像编辑的前置步骤。
+//
+// 三步协议(对齐 chatgpt.com 浏览器真实抓包):
+//
+//  1. POST /backend-api/files
+//     body: {file_name, file_size, use_case: "multimodal"}
+//     resp: {file_id, upload_url, status: "success"}
+//
+//  2. PUT <upload_url>                 (Azure Blob SAS URL)
+//     headers: Content-Type / x-ms-blob-type: BlockBlob / x-ms-version: 2020-04-08 / Origin
+//     body: 原始字节
+//
+//  3. POST /backend-api/files/{file_id}/uploaded
+//     body: {}
+//     resp: {status: "success", download_url, ...}
+//
+// 上传完成后,在 f/conversation.messages 里:
+//   - content 从 text 变 multimodal_text;parts 前面加上
+//     {"asset_pointer": "file-service://<file_id>", "height":.., "width":.., "size_bytes":..}
+//   - metadata.attachments 加一项 {id, mimeType, name, size, height?, width?}
+//
+// 注意:upload_url 指向 Azure,不要走同一个 chatgpt.com 代理/utls transport,
+// 这里用单独的一个 http.Client(沿用 Client 内部的 Transport 走代理,但不带 Auth/Oai-* 头)。
+
+package chatgpt
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"image"
+	_ "image/gif"  // register decoders
+	_ "image/jpeg" //
+	_ "image/png"  //
+	"io"
+	"net/http"
+	"strings"
+	"time"
+)
+
+// UploadedFile 是三步上传后沉淀的"可 attach 给 messages"的元数据。
+// 字段命名对齐 chatgpt.com 的 attachment payload,序列化时直接当 map 用。
+type UploadedFile struct {
+	FileID      string `json:"file_id"`
+	FileName    string `json:"file_name"`
+	FileSize    int    `json:"file_size"`
+	MimeType    string `json:"mime_type"`
+	UseCase     string `json:"use_case"`          // 图片: multimodal, 文件: my_files
+	Width       int    `json:"width,omitempty"`   // 仅图片
+	Height      int    `json:"height,omitempty"`  // 仅图片
+	DownloadURL string `json:"download_url"`      // POST /uploaded 返回,通常不直接用
+}
+
+// UploadFile 执行完整三步上传。调用方传入原始字节 + 建议的文件名即可。
+// 识别到 image/* 时会尝试 Decode 拿到宽高(Decode 失败不致命,按 0 处理)。
+//
+// 实践经验:步骤 1、3 走 chatgpt.com(uTLS / 代理 / auth 头),步骤 2 走 Azure,
+// 用同一条 http.Client 但是请求头手动裁剪;Azure 的 SAS URL 本身带鉴权。
+func (c *Client) UploadFile(ctx context.Context, data []byte, fileName string) (*UploadedFile, error) {
+	if len(data) == 0 {
+		return nil, errors.New("empty file data")
+	}
+	mime, ext := sniffMime(data)
+	useCase := "multimodal"
+	if !strings.HasPrefix(mime, "image/") {
+		useCase = "my_files"
+	}
+	if fileName == "" {
+		fileName = fmt.Sprintf("file-%d%s", len(data), ext)
+	}
+
+	out := &UploadedFile{
+		FileName: fileName,
+		FileSize: len(data),
+		MimeType: mime,
+		UseCase:  useCase,
+	}
+	if strings.HasPrefix(mime, "image/") {
+		if img, _, err := image.DecodeConfig(bytes.NewReader(data)); err == nil {
+			out.Width = img.Width
+			out.Height = img.Height
+		}
+	}
+
+	// ---- Step 1: POST /backend-api/files ----
+	step1Body := map[string]interface{}{
+		"file_name": fileName,
+		"file_size": len(data),
+		"use_case":  useCase,
+	}
+	if out.Width > 0 && out.Height > 0 {
+		step1Body["height"] = out.Height
+		step1Body["width"] = out.Width
+	}
+	b1, _ := json.Marshal(step1Body)
+	req1, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		c.opts.BaseURL+"/backend-api/files",
+		bytes.NewReader(b1))
+	if err != nil {
+		return nil, err
+	}
+	c.commonHeaders(req1)
+	req1.Header.Set("Content-Type", "application/json")
+	req1.Header.Set("Accept", "application/json")
+	res1, err := c.hc.Do(req1)
+	if err != nil {
+		return nil, fmt.Errorf("create file: %w", err)
+	}
+	defer res1.Body.Close()
+	buf1, _ := io.ReadAll(res1.Body)
+	if res1.StatusCode >= 400 {
+		return nil, &UpstreamError{Status: res1.StatusCode, Message: "create file failed", Body: string(buf1)}
+	}
+	var step1Resp struct {
+		FileID    string `json:"file_id"`
+		UploadURL string `json:"upload_url"`
+		Status    string `json:"status"`
+	}
+	if err := json.Unmarshal(buf1, &step1Resp); err != nil {
+		return nil, fmt.Errorf("decode create-file resp: %w (body=%s)", err, truncateStr(string(buf1), 200))
+	}
+	if step1Resp.FileID == "" || step1Resp.UploadURL == "" {
+		return nil, fmt.Errorf("create-file empty: %s", truncateStr(string(buf1), 200))
+	}
+	out.FileID = step1Resp.FileID
+
+	// chatgpt 浏览器行为:step1 和 step2 之间会 sleep 一小会儿,避免 Azure 那边
+	// 还没完成 SAS 分发。参考实现是 1s,这里保守点给 500ms。
+	select {
+	case <-time.After(500 * time.Millisecond):
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	}
+
+	// ---- Step 2: PUT upload_url (Azure Blob) ----
+	req2, err := http.NewRequestWithContext(ctx, http.MethodPut, step1Resp.UploadURL, bytes.NewReader(data))
+	if err != nil {
+		return nil, err
+	}
+	req2.Header.Set("Content-Type", mime)
+	req2.Header.Set("x-ms-blob-type", "BlockBlob")
+	req2.Header.Set("x-ms-version", "2020-04-08")
+	req2.Header.Set("Origin", c.opts.BaseURL)
+	req2.Header.Set("User-Agent", c.opts.UserAgent)
+	req2.Header.Set("Accept", "application/json, text/plain, */*")
+	req2.Header.Set("Accept-Language", "en-US,en;q=0.8")
+	req2.Header.Set("Referer", c.opts.BaseURL+"/")
+	res2, err := c.hc.Do(req2)
+	if err != nil {
+		return nil, fmt.Errorf("upload PUT: %w", err)
+	}
+	defer res2.Body.Close()
+	if res2.StatusCode >= 400 {
+		buf2, _ := io.ReadAll(res2.Body)
+		return nil, &UpstreamError{Status: res2.StatusCode, Message: "upload PUT failed", Body: string(buf2)}
+	}
+	_, _ = io.Copy(io.Discard, res2.Body)
+
+	// ---- Step 3: POST /backend-api/files/{file_id}/uploaded ----
+	req3, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		c.opts.BaseURL+"/backend-api/files/"+step1Resp.FileID+"/uploaded",
+		strings.NewReader("{}"))
+	if err != nil {
+		return nil, err
+	}
+	c.commonHeaders(req3)
+	req3.Header.Set("Content-Type", "application/json")
+	req3.Header.Set("Accept", "application/json")
+	res3, err := c.hc.Do(req3)
+	if err != nil {
+		return nil, fmt.Errorf("register uploaded: %w", err)
+	}
+	defer res3.Body.Close()
+	buf3, _ := io.ReadAll(res3.Body)
+	if res3.StatusCode >= 400 {
+		return nil, &UpstreamError{Status: res3.StatusCode, Message: "register uploaded failed", Body: string(buf3)}
+	}
+	var step3Resp struct {
+		Status      string `json:"status"`
+		DownloadURL string `json:"download_url"`
+	}
+	_ = json.Unmarshal(buf3, &step3Resp)
+	out.DownloadURL = step3Resp.DownloadURL
+
+	return out, nil
+}
+
+// Attachment 是 messages[*].metadata.attachments[*] 的序列化对象。
+type Attachment struct {
+	ID       string `json:"id"`
+	MimeType string `json:"mimeType"`
+	Name     string `json:"name"`
+	Size     int    `json:"size"`
+	Width    int    `json:"width,omitempty"`
+	Height   int    `json:"height,omitempty"`
+}
+
+// ToAttachment 把一个已上传的 file 转成 messages.metadata.attachments 里的条目。
+func (u *UploadedFile) ToAttachment() Attachment {
+	a := Attachment{ID: u.FileID, MimeType: u.MimeType, Name: u.FileName, Size: u.FileSize}
+	if u.UseCase == "multimodal" {
+		a.Width = u.Width
+		a.Height = u.Height
+	}
+	return a
+}
+
+// AssetPointerPart 是 messages[*].content.parts 里的一项(图片),
+// 用于把 file-service:// 挂到多模态消息最前面。
+type AssetPointerPart struct {
+	ContentType  string `json:"content_type,omitempty"` // "image_asset_pointer"
+	AssetPointer string `json:"asset_pointer"`
+	Width        int    `json:"width,omitempty"`
+	Height       int    `json:"height,omitempty"`
+	SizeBytes    int    `json:"size_bytes,omitempty"`
+}
+
+// ToAssetPointerPart 返回 multimodal_text.parts 里 insert 在 prompt 前的那一项。
+func (u *UploadedFile) ToAssetPointerPart() AssetPointerPart {
+	return AssetPointerPart{
+		ContentType:  "image_asset_pointer",
+		AssetPointer: "file-service://" + u.FileID,
+		Width:        u.Width,
+		Height:       u.Height,
+		SizeBytes:    u.FileSize,
+	}
+}
+
+// sniffMime 用前 512 字节识别 mime 和推荐扩展名。
+// net/http 的 DetectContentType 已足够覆盖 png/jpg/gif/webp 的主流场景。
+func sniffMime(data []byte) (mime, ext string) {
+	n := 512
+	if len(data) < n {
+		n = len(data)
+	}
+	mime = http.DetectContentType(data[:n])
+	// DetectContentType 可能附带 charset,去掉
+	if i := strings.Index(mime, ";"); i >= 0 {
+		mime = strings.TrimSpace(mime[:i])
+	}
+	switch {
+	case strings.EqualFold(mime, "image/jpeg"):
+		ext = ".jpg"
+	case strings.EqualFold(mime, "image/png"):
+		ext = ".png"
+	case strings.EqualFold(mime, "image/gif"):
+		ext = ".gif"
+	case strings.EqualFold(mime, "image/webp"):
+		ext = ".webp"
+	case strings.EqualFold(mime, "application/pdf"):
+		ext = ".pdf"
+	default:
+		ext = ""
+	}
+	return
+}
+
+func truncateStr(s string, n int) string {
+	if len(s) <= n {
+		return s
+	}
+	return s[:n] + "..."
+}
diff --git a/internal/upstream/chatgpt/image.go b/internal/upstream/chatgpt/image.go
new file mode 100644
index 00000000..33d140e9
--- /dev/null
+++ b/internal/upstream/chatgpt/image.go
@@ -0,0 +1,737 @@
+// Package chatgpt - 图像生成协议
+//
+// 完整链路(和文字聊天共用 f/conversation,只通过 system_hints=["picture_v2"] 区分):
+//
+//	0. (可选) GET /                              → 拿 oai-did cookie
+//	1. POST /backend-api/f/conversation/prepare      → conduit_token
+//	2. POST /backend-api/sentinel/chat-requirements → chat_token + 可选 POW 挑战
+//	3. POST /backend-api/f/conversation (SSE)         → 边解析边收 file-service://
+//	4. SSE 没直出 file-service 时轮询 GET /backend-api/conversation/{id}
+//	   任何一条 tool 消息出现 file-service / sediment asset_pointer 即算成功,
+//	   够 N 张立即返回;IMG2 已正式上线,不再做"灰度命中判定"。
+//	5. GET /backend-api/files/{fid}/download                   → 签名 URL(file-service)
+//	   GET /backend-api/conversation/{cid}/attachment/{sid}/download → 签名 URL(sediment)
+//	6. GET 签名 URL → 图片字节
+//
+// 注意:不要调用 /backend-api/conversation/init——这是老客户端路径,在免费账号上会
+// 直接 404 让整条链路失败,上游把 picture_v2 路由完全交给 f/conversation 的 payload。
+package chatgpt
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"regexp"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+// ImageConvOpts 是图像会话的入参。
+type ImageConvOpts struct {
+	Prompt         string          // 用户提示词(已处理完的,含可选 CLARITY_SUFFIX)
+	UpstreamModel  string          // 默认 "gpt-5-3"
+	ConvID         string          // 复用会话时填,空则新建
+	ParentMsgID    string          // 复用会话时从 GetConversationHead 取;新会话随机
+	MessageID      string          // 可选,留空自动生成
+	ChatToken      string          // 必传,来自 ChatRequirements
+	ProofToken     string          // 可选
+	ConduitToken   string          // 可选,来自 PrepareFConversation
+	TimezoneOffset int             // 默认 -480(Asia/Shanghai)
+	SSETimeout     time.Duration   // 默认 120s
+	References     []*UploadedFile // 图生图/编辑:已上传的参考图,会插到 prompt 前面
+}
+
+// InitConversation 对应 /backend-api/conversation/init。
+// 新会话必须调用,否则后续 /f/conversation 会 404。
+// systemHints 为空串数组表示文字聊天;图像场景传 []string{"picture_v2"}。
+func (c *Client) InitConversation(ctx context.Context, systemHints ...string) error {
+	if systemHints == nil {
+		systemHints = []string{}
+	}
+	payload := map[string]interface{}{
+		"gizmo_id":                nil,
+		"requested_default_model": nil,
+		"conversation_id":         nil,
+		"timezone_offset_min":     -480,
+		"system_hints":            systemHints,
+	}
+	body, _ := json.Marshal(payload)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		c.opts.BaseURL+"/backend-api/conversation/init",
+		strings.NewReader(string(body)))
+	if err != nil {
+		return err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "*/*")
+
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	if res.StatusCode >= 400 {
+		buf, _ := io.ReadAll(res.Body)
+		return &UpstreamError{Status: res.StatusCode, Message: "conversation/init failed", Body: string(buf)}
+	}
+	_, _ = io.Copy(io.Discard, res.Body)
+	return nil
+}
+
+// PrepareFConversation 对应 /backend-api/f/conversation/prepare,返回 conduit_token。
+//
+// payload 对齐 HAR 抓包 /f/conversation/prepare(image 通路):
+//   - client_prepare_state: "success"
+//   - fork_from_shared_post: false
+//   - partial_query: 完整的 user message(id+author+content,包含当前 prompt)
+//   - system_hints: ["picture_v2"]   ← image 通路特有
+//   - client_contextual_info: { "app_name": "chatgpt.com" }   ← prepare 阶段只带 app_name
+func (c *Client) PrepareFConversation(ctx context.Context, opt ImageConvOpts) (string, error) {
+	if opt.UpstreamModel == "" {
+		opt.UpstreamModel = "auto"
+	}
+	if opt.MessageID == "" {
+		opt.MessageID = uuid.NewString()
+	}
+	payload := map[string]interface{}{
+		"action":                "next",
+		"fork_from_shared_post": false,
+		"parent_message_id":     opt.ParentMsgID,
+		"model":                 opt.UpstreamModel,
+		"client_prepare_state":  "success",
+		"timezone_offset_min":   -480,
+		"timezone":              "Asia/Shanghai",
+		"conversation_mode":     map[string]string{"kind": "primary_assistant"},
+		"system_hints":          []string{"picture_v2"},
+		"partial_query": map[string]interface{}{
+			"id":     uuid.NewString(),
+			"author": map[string]string{"role": "user"},
+			"content": map[string]interface{}{
+				"content_type": "text",
+				"parts":        []string{opt.Prompt},
+			},
+		},
+		"supports_buffering":  true,
+		"supported_encodings": []string{"v1"},
+		"client_contextual_info": map[string]interface{}{
+			"app_name": "chatgpt.com",
+		},
+	}
+	// 只有已有会话才带 conversation_id;新会话不带这个 key(对齐浏览器抓包,
+	// 带陌生 UUID 上游会 404)
+	if opt.ConvID != "" {
+		payload["conversation_id"] = opt.ConvID
+	}
+	body, _ := json.Marshal(payload)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		c.opts.BaseURL+"/backend-api/f/conversation/prepare",
+		strings.NewReader(string(body)))
+	if err != nil {
+		return "", err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "*/*")
+	req.Header.Set("Openai-Sentinel-Chat-Requirements-Token", opt.ChatToken)
+	if opt.ProofToken != "" {
+		req.Header.Set("Openai-Sentinel-Proof-Token", opt.ProofToken)
+	}
+
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer res.Body.Close()
+	buf, _ := io.ReadAll(res.Body)
+	if res.StatusCode >= 400 {
+		return "", &UpstreamError{Status: res.StatusCode, Message: "f/conversation/prepare failed", Body: string(buf)}
+	}
+	var out struct {
+		ConduitToken string `json:"conduit_token"`
+	}
+	_ = json.Unmarshal(buf, &out)
+	return out.ConduitToken, nil
+}
+
+// StreamFConversation 对应 /backend-api/f/conversation(图像走和文字同一端点)。
+//
+// payload 字段集参考社区维护的 OpenaiChat provider(它在免费/付费账号上实测可用):
+// 不带 client_prepare_state / force_parallel_switch;message.metadata 只带
+// serialization_metadata + system_hints(有图时再补 attachments)。
+func (c *Client) StreamFConversation(ctx context.Context, opt ImageConvOpts) (<-chan SSEEvent, error) {
+	if opt.UpstreamModel == "" {
+		opt.UpstreamModel = "auto"
+	}
+	if opt.MessageID == "" {
+		opt.MessageID = uuid.NewString()
+	}
+	if opt.ParentMsgID == "" {
+		opt.ParentMsgID = uuid.NewString()
+	}
+	if opt.TimezoneOffset == 0 {
+		opt.TimezoneOffset = -480
+	}
+	if opt.SSETimeout == 0 {
+		opt.SSETimeout = 180 * time.Second
+	}
+
+	// 构造 messages[0] 的 content 与 metadata,按是否有 reference 图决定 multimodal_text。
+	// metadata 严格对齐 HAR 抓包的 **image 通路**:
+	//   developer_mode_connector_ids: []
+	//   selected_github_repos: []
+	//   selected_all_github_repos: false
+	//   system_hints: ["picture_v2"]            ← image 通路特有
+	//   serialization_metadata.custom_symbol_offsets: []
+	// 注意:image 通路 **不带 selected_sources**(那是 text 通路专属)。写错会让
+	// 上游识别为"客户端类型不匹配",触发 silent rejection。
+	msgContent := map[string]interface{}{"content_type": "text", "parts": []string{opt.Prompt}}
+	msgMeta := map[string]interface{}{
+		"developer_mode_connector_ids": []interface{}{},
+		"selected_github_repos":        []interface{}{},
+		"selected_all_github_repos":    false,
+		"system_hints":                 []string{"picture_v2"},
+		"serialization_metadata": map[string]interface{}{
+			"custom_symbol_offsets": []interface{}{},
+		},
+	}
+	if len(opt.References) > 0 {
+		parts := make([]interface{}, 0, len(opt.References)+1)
+		atts := make([]Attachment, 0, len(opt.References))
+		for _, u := range opt.References {
+			if u == nil || u.FileID == "" {
+				continue
+			}
+			parts = append(parts, u.ToAssetPointerPart())
+			atts = append(atts, u.ToAttachment())
+		}
+		parts = append(parts, opt.Prompt)
+		msgContent = map[string]interface{}{
+			"content_type": "multimodal_text",
+			"parts":        parts,
+		}
+		msgMeta["attachments"] = atts
+	}
+
+	// 顶层 payload 对齐 HAR /f/conversation(image 通路):
+	//   client_prepare_state: "sent"
+	//   system_hints: ["picture_v2"]
+	//   force_parallel_switch: "auto"            ← 必带
+	//   client_contextual_info: 7 个字段 + app_name
+	payload := map[string]interface{}{
+		"action": "next",
+		"messages": []map[string]interface{}{{
+			"id":          opt.MessageID,
+			"author":      map[string]string{"role": "user"},
+			"create_time": float64(time.Now().UnixMilli()) / 1000.0,
+			"content":     msgContent,
+			"metadata":    msgMeta,
+		}},
+		"parent_message_id":        opt.ParentMsgID,
+		"model":                    opt.UpstreamModel,
+		"client_prepare_state":     "sent",
+		"timezone_offset_min":      opt.TimezoneOffset,
+		"timezone":                 "Asia/Shanghai",
+		"conversation_mode":        map[string]string{"kind": "primary_assistant"},
+		"enable_message_followups": true,
+		"system_hints":             []string{"picture_v2"},
+		"supports_buffering":       true,
+		"supported_encodings":      []string{"v1"},
+		"client_contextual_info": map[string]interface{}{
+			"is_dark_mode":      false,
+			"time_since_loaded": 1200,
+			"page_height":       1072,
+			"page_width":        1724,
+			"pixel_ratio":       1.2,
+			"screen_height":     1440,
+			"screen_width":      2560,
+			"app_name":          "chatgpt.com",
+		},
+		"paragen_cot_summary_display_override": "allow",
+		"force_parallel_switch":                "auto",
+	}
+	// 新会话不带 conversation_id(对齐浏览器抓包);已有会话才带
+	if opt.ConvID != "" {
+		payload["conversation_id"] = opt.ConvID
+	}
+	body, _ := json.Marshal(payload)
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		c.opts.BaseURL+"/backend-api/f/conversation",
+		strings.NewReader(string(body)))
+	if err != nil {
+		return nil, err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "text/event-stream")
+	// X-Oai-Turn-Trace-Id:每 turn 一个新 UUID。见 fchat.go 说明。
+	req.Header.Set("X-Oai-Turn-Trace-Id", uuid.NewString())
+	req.Header.Set("Openai-Sentinel-Chat-Requirements-Token", opt.ChatToken)
+	if opt.ProofToken != "" {
+		req.Header.Set("Openai-Sentinel-Proof-Token", opt.ProofToken)
+	}
+	if opt.ConduitToken != "" {
+		req.Header.Set("X-Conduit-Token", opt.ConduitToken)
+	}
+
+	local := *c.hc
+	local.Timeout = 0 // 由 ctx 控制
+
+	res, err := local.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	if res.StatusCode >= 400 {
+		buf, _ := io.ReadAll(res.Body)
+		res.Body.Close()
+		return nil, &UpstreamError{Status: res.StatusCode, Message: "f/conversation failed", Body: string(buf)}
+	}
+	out := make(chan SSEEvent, 64)
+	go parseSSE(res.Body, out, opt.SSETimeout)
+	return out, nil
+}
+
+// ImageSSEResult 是 ParseImageSSE 的扫描结果。
+type ImageSSEResult struct {
+	ConversationID string   // SSE 里捕获到的新会话 id(可能和入参不同)
+	FileIDs        []string // file-service:// 引用(直出灰度图就在这里)
+	SedimentIDs    []string // sediment:// 引用(通常是预览,需要轮询)
+	FinishType     string   // finish_details.type(interrupted/stop/...)
+	ImageGenTaskID string
+}
+
+var (
+	reFileRef = regexp.MustCompile(`file-service://([A-Za-z0-9_-]+)`)
+	reSedRef  = regexp.MustCompile(`sediment://([A-Za-z0-9_-]+)`)
+)
+
+// ParseImageSSE 消费 SSE 事件流,把图像相关的字段提取出来。
+// 调用方可以根据返回的 FileIDs 判断是否已灰度直出。
+func ParseImageSSE(stream <-chan SSEEvent) ImageSSEResult {
+	var r ImageSSEResult
+	seenFile := map[string]struct{}{}
+	seenSed := map[string]struct{}{}
+
+	for ev := range stream {
+		if ev.Err != nil {
+			return r
+		}
+		data := ev.Data
+		if len(data) == 0 {
+			continue
+		}
+		if string(data) == "[DONE]" {
+			return r
+		}
+		// 文本正则先扫一遍(比 JSON 解析更健壮)
+		for _, m := range reFileRef.FindAllSubmatch(data, -1) {
+			fid := string(m[1])
+			if _, ok := seenFile[fid]; !ok {
+				seenFile[fid] = struct{}{}
+				r.FileIDs = append(r.FileIDs, fid)
+			}
+		}
+		for _, m := range reSedRef.FindAllSubmatch(data, -1) {
+			sid := string(m[1])
+			if _, ok := seenSed[sid]; !ok {
+				seenSed[sid] = struct{}{}
+				r.SedimentIDs = append(r.SedimentIDs, sid)
+			}
+		}
+
+		var obj map[string]interface{}
+		if err := json.Unmarshal(data, &obj); err != nil {
+			continue
+		}
+		if v, ok := obj["v"].(map[string]interface{}); ok {
+			if cid, ok := v["conversation_id"].(string); ok && cid != "" && r.ConversationID == "" {
+				r.ConversationID = cid
+			}
+			if msg, ok := v["message"].(map[string]interface{}); ok {
+				if meta, ok := msg["metadata"].(map[string]interface{}); ok {
+					if tid, ok := meta["image_gen_task_id"].(string); ok {
+						r.ImageGenTaskID = tid
+					}
+					if fd, ok := meta["finish_details"].(map[string]interface{}); ok {
+						if ft, ok := fd["type"].(string); ok {
+							r.FinishType = ft
+						}
+					}
+				}
+			}
+		}
+	}
+	return r
+}
+
+// ImageToolMsg 是 conversation.mapping 里一条 IMG2 tool 消息的关键字段。
+type ImageToolMsg struct {
+	MessageID    string
+	CreateTime   float64
+	ModelSlug    string
+	Recipient    string
+	AuthorName   string
+	ImageGenTitle string
+	FileIDs      []string // file-service
+	SedimentIDs  []string // sediment
+}
+
+// GetConversationMapping 读取会话全量 mapping(轮询用)。
+func (c *Client) GetConversationMapping(ctx context.Context, convID string) (map[string]interface{}, error) {
+	if convID == "" {
+		return nil, fmt.Errorf("conv_id required")
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet,
+		c.opts.BaseURL+"/backend-api/conversation/"+convID, nil)
+	if err != nil {
+		return nil, err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Accept", "*/*")
+
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	buf, _ := io.ReadAll(res.Body)
+	if res.StatusCode >= 400 {
+		return nil, &UpstreamError{Status: res.StatusCode, Message: "conversation get failed", Body: string(buf)}
+	}
+	var out map[string]interface{}
+	if err := json.Unmarshal(buf, &out); err != nil {
+		return nil, fmt.Errorf("decode conversation: %w", err)
+	}
+	return out, nil
+}
+
+// ExtractImageToolMsgs 从 conversation.mapping 里提取所有 IMG2 tool 消息。
+func ExtractImageToolMsgs(mapping map[string]interface{}) []ImageToolMsg {
+	out := make([]ImageToolMsg, 0, 4)
+	for mid, raw := range mapping {
+		node, _ := raw.(map[string]interface{})
+		if node == nil {
+			continue
+		}
+		msg, _ := node["message"].(map[string]interface{})
+		if msg == nil {
+			continue
+		}
+		author, _ := msg["author"].(map[string]interface{})
+		meta, _ := msg["metadata"].(map[string]interface{})
+		content, _ := msg["content"].(map[string]interface{})
+		if author == nil || meta == nil || content == nil {
+			continue
+		}
+		if s, _ := author["role"].(string); s != "tool" {
+			continue
+		}
+		if s, _ := meta["async_task_type"].(string); s != "image_gen" {
+			continue
+		}
+		if s, _ := content["content_type"].(string); s != "multimodal_text" {
+			continue
+		}
+
+		tm := ImageToolMsg{MessageID: mid}
+		if v, ok := msg["create_time"].(float64); ok {
+			tm.CreateTime = v
+		}
+		if v, ok := meta["model_slug"].(string); ok {
+			tm.ModelSlug = v
+		}
+		if v, ok := msg["recipient"].(string); ok {
+			tm.Recipient = v
+		}
+		if v, ok := author["name"].(string); ok {
+			tm.AuthorName = v
+		}
+		if v, ok := meta["image_gen_title"].(string); ok {
+			tm.ImageGenTitle = v
+		}
+
+		parts, _ := content["parts"].([]interface{})
+		seenF := map[string]struct{}{}
+		seenS := map[string]struct{}{}
+		extractAsset := func(text string) {
+			for _, m := range reFileRef.FindAllStringSubmatch(text, -1) {
+				if _, ok := seenF[m[1]]; !ok {
+					seenF[m[1]] = struct{}{}
+					tm.FileIDs = append(tm.FileIDs, m[1])
+				}
+			}
+			for _, m := range reSedRef.FindAllStringSubmatch(text, -1) {
+				if _, ok := seenS[m[1]]; !ok {
+					seenS[m[1]] = struct{}{}
+					tm.SedimentIDs = append(tm.SedimentIDs, m[1])
+				}
+			}
+		}
+		for _, p := range parts {
+			switch v := p.(type) {
+			case map[string]interface{}:
+				if aid, _ := v["asset_pointer"].(string); aid != "" {
+					extractAsset(aid)
+				}
+			case string:
+				extractAsset(v)
+			}
+		}
+		out = append(out, tm)
+	}
+	sort.Slice(out, func(i, j int) bool { return out[i].CreateTime < out[j].CreateTime })
+	return out
+}
+
+// PollOpts 控制 PollConversationForImages 的等待策略。
+//
+// IMG2 正式上线后不再做灰度命中判定,逻辑极简化:
+//   - 任一 tool 消息里出现 file-service / sediment asset_pointer → 立即算成功
+//   - 够 ExpectedN 张就立即返回,不等多余的
+//   - 没够数继续轮询,到 MaxWait 仍有至少 1 张也算成功(速度优先)
+//   - 全程没拿到图才是 timeout
+type PollOpts struct {
+	BaselineToolIDs map[string]struct{} // 发送前已存在的 tool 消息 id,本次回合只看新增
+	ExpectedN       int                 // 期望返回的图片张数,够了立即短路,默认 1
+	MaxWait         time.Duration       // 总超时,默认 300s(上游渲染慢时兜底补齐)
+	Interval        time.Duration       // 轮询间隔,默认 3s
+}
+
+// PollStatus 是 PollConversationForImages 的结果状态。
+type PollStatus string
+
+const (
+	PollStatusSuccess PollStatus = "success" // 至少拿到 1 张图
+	PollStatusTimeout PollStatus = "timeout" // 等到 MaxWait 仍然 0 张
+	PollStatusError   PollStatus = "error"   // 上游错误(429 熔断 / ctx 取消)
+)
+
+// PollConversationForImages 轮询会话直到图片可用。
+//
+// 返回 (status, file_ids, sediment_ids)。status=success 时 file_ids/sediment_ids 至少一个非空。
+// file-service 优先(优先级更高),sediment 作为补充一并带出,调用方自行决定用几张。
+func (c *Client) PollConversationForImages(ctx context.Context, convID string, opt PollOpts) (PollStatus, []string, []string) {
+	if opt.ExpectedN <= 0 {
+		opt.ExpectedN = 1
+	}
+	if opt.MaxWait <= 0 {
+		opt.MaxWait = 300 * time.Second
+	}
+	if opt.Interval <= 0 {
+		opt.Interval = 3 * time.Second
+	}
+	baseline := opt.BaselineToolIDs
+
+	deadline := time.Now().Add(opt.MaxWait)
+
+	// 累计全程看到的 fid/sid,循环外可用(超时兜底:有图就算成功)
+	var (
+		allFile        []string
+		allSed         []string
+		seenFile       = map[string]struct{}{}
+		seenSed        = map[string]struct{}{}
+		consecutive429 int
+	)
+
+	for time.Now().Before(deadline) {
+		select {
+		case <-ctx.Done():
+			return PollStatusError, nil, nil
+		default:
+		}
+
+		mapping, err := c.getMappingRaw(ctx, convID)
+		if err != nil {
+			if ue, ok := err.(*UpstreamError); ok && ue.Status == 429 {
+				consecutive429++
+				if consecutive429 >= 3 {
+					return PollStatusError, nil, nil
+				}
+				sleep(ctx, 10*time.Second)
+				continue
+			}
+			sleep(ctx, opt.Interval)
+			continue
+		}
+		consecutive429 = 0
+
+		msgs := ExtractImageToolMsgs(mapping)
+		// baseline diff:只看本回合新增 tool 消息
+		var newMsgs []ImageToolMsg
+		if len(baseline) > 0 {
+			for _, m := range msgs {
+				if _, ok := baseline[m.MessageID]; !ok {
+					newMsgs = append(newMsgs, m)
+				}
+			}
+		} else {
+			newMsgs = msgs
+		}
+
+		// 跨 tool 消息聚合 fid/sid。IMG2 一次调用可能先出 sediment 预览再补
+		// file-service 终稿,或同一条消息里带 N 张 file id;这里都累计起来。
+		for _, m := range newMsgs {
+			for _, f := range m.FileIDs {
+				if _, ok := seenFile[f]; !ok {
+					seenFile[f] = struct{}{}
+					allFile = append(allFile, f)
+				}
+			}
+			for _, s := range m.SedimentIDs {
+				if _, ok := seenSed[s]; !ok {
+					seenSed[s] = struct{}{}
+					allSed = append(allSed, s)
+				}
+			}
+		}
+
+		// 够 N 张立即短路返回(file-service 优先占配额,sediment 补位)
+		if len(allFile)+len(allSed) >= opt.ExpectedN {
+			return PollStatusSuccess, allFile, allSed
+		}
+
+		sleep(ctx, opt.Interval)
+	}
+
+	// 超时兜底:只要拿到过至少 1 张,就算成功(速度优先,不等齐 N)
+	if len(allFile)+len(allSed) > 0 {
+		return PollStatusSuccess, allFile, allSed
+	}
+	return PollStatusTimeout, nil, nil
+}
+
+// getMappingRaw 拉 conversation 并返回 mapping。
+func (c *Client) getMappingRaw(ctx context.Context, convID string) (map[string]interface{}, error) {
+	full, err := c.GetConversationMapping(ctx, convID)
+	if err != nil {
+		return nil, err
+	}
+	mapping, _ := full["mapping"].(map[string]interface{})
+	if mapping == nil {
+		mapping = map[string]interface{}{}
+	}
+	return mapping, nil
+}
+
+// GetConversationHead 返回会话最新叶子消息 id(current_node),复用会话时做 parent_message_id。
+func (c *Client) GetConversationHead(ctx context.Context, convID string) (string, error) {
+	full, err := c.GetConversationMapping(ctx, convID)
+	if err != nil {
+		return "", err
+	}
+	head, _ := full["current_node"].(string)
+	if head == "" {
+		return "", fmt.Errorf("current_node missing")
+	}
+	return head, nil
+}
+
+// ImageDownloadURL 取单张图的签名下载 URL。
+// fileRef 可以是:
+//   - "xxxxxx"      → /backend-api/files/{fid}/download(file-service)
+//   - "sed:xxxxxx"  → /backend-api/conversation/{cid}/attachment/{fid}/download(需要 convID)
+func (c *Client) ImageDownloadURL(ctx context.Context, convID, fileRef string) (string, error) {
+	var apiURL string
+	if strings.HasPrefix(fileRef, "sed:") {
+		if convID == "" {
+			return "", fmt.Errorf("conv_id required for sediment")
+		}
+		fid := strings.TrimPrefix(fileRef, "sed:")
+		apiURL = fmt.Sprintf("%s/backend-api/conversation/%s/attachment/%s/download",
+			c.opts.BaseURL, url.PathEscape(convID), url.PathEscape(fid))
+	} else {
+		apiURL = fmt.Sprintf("%s/backend-api/files/%s/download",
+			c.opts.BaseURL, url.PathEscape(fileRef))
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, apiURL, nil)
+	if err != nil {
+		return "", err
+	}
+	c.commonHeaders(req)
+	req.Header.Set("Accept", "*/*")
+
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer res.Body.Close()
+	buf, _ := io.ReadAll(res.Body)
+	if res.StatusCode >= 400 {
+		return "", &UpstreamError{Status: res.StatusCode, Message: "files/download failed", Body: string(buf)}
+	}
+	var out struct {
+		DownloadURL string `json:"download_url"`
+		Status      string `json:"status"`
+		FileName    string `json:"file_name"`
+	}
+	if err := json.Unmarshal(buf, &out); err != nil {
+		return "", fmt.Errorf("decode files/download: %w", err)
+	}
+	if out.DownloadURL == "" {
+		return "", fmt.Errorf("empty download_url (status=%s)", out.Status)
+	}
+	return out.DownloadURL, nil
+}
+
+// FetchImage 下载指定 URL 的图片字节(调用 ImageDownloadURL 返回的签名 URL)。
+// 返回 (bytes, content_type)。超过 maxBytes 的响应会被截断报错。
+//
+// 鉴权策略:
+//   - files.oaiusercontent.com / cdn.oaistatic.com 等**预签名直链**:不带 Authorization,
+//     它们依赖 URL 自带的 sig 参数鉴权;带 Bearer 反而会被某些 CDN 因"双鉴权"400。
+//   - chatgpt.com/backend-api/estuary/... (sediment 回源 URL):**必须** 带 Authorization:
+//     Bearer 和完整 Oai-* 头,否则上游 403。这就是 IMG2 sediment 图 502 的根因。
+func (c *Client) FetchImage(ctx context.Context, signedURL string, maxBytes int64) ([]byte, string, error) {
+	if maxBytes <= 0 {
+		maxBytes = 16 * 1024 * 1024 // 16MB 默认
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, signedURL, nil)
+	if err != nil {
+		return nil, "", err
+	}
+
+	// 判断是否需要完整 chatgpt 鉴权头:以 BaseURL(通常 https://chatgpt.com)开头的
+	// estuary / attachment 回源 URL 必须带 Bearer + Oai-* 头;外部 CDN 直链不带。
+	needAuth := strings.HasPrefix(signedURL, c.opts.BaseURL+"/")
+	if needAuth {
+		c.commonHeaders(req)
+		req.Header.Set("Accept", "image/*,*/*;q=0.8")
+	} else {
+		req.Header.Set("User-Agent", c.opts.UserAgent)
+	}
+
+	res, err := c.hc.Do(req)
+	if err != nil {
+		return nil, "", err
+	}
+	defer res.Body.Close()
+	if res.StatusCode >= 400 {
+		return nil, "", &UpstreamError{Status: res.StatusCode, Message: "fetch image failed"}
+	}
+	ct := res.Header.Get("Content-Type")
+	body, err := io.ReadAll(io.LimitReader(res.Body, maxBytes+1))
+	if err != nil {
+		return nil, ct, err
+	}
+	if int64(len(body)) > maxBytes {
+		return nil, ct, fmt.Errorf("image exceeds max bytes (%d)", maxBytes)
+	}
+	return body, ct, nil
+}
+
+// sleep 可取消的 sleep。
+func sleep(ctx context.Context, d time.Duration) {
+	t := time.NewTimer(d)
+	defer t.Stop()
+	select {
+	case <-ctx.Done():
+	case <-t.C:
+	}
+}
diff --git a/internal/upstream/chatgpt/pow.go b/internal/upstream/chatgpt/pow.go
new file mode 100644
index 00000000..624ee2d4
--- /dev/null
+++ b/internal/upstream/chatgpt/pow.go
@@ -0,0 +1,270 @@
+// Package chatgpt — POW 算法迁移自 gen_image.py
+//
+// chatgpt.com sentinel 使用两种 POW token:
+//
+//   1. RequirementsToken  → 客户端主动生成,塞进 /sentinel/chat-requirements
+//      请求体的 `p` 字段。前缀 "gAAAAAC"。固定难度 "0fffff"。
+//      config 是 18 元素数组,迭代 config[3] 与 config[9]。
+//
+//   2. ProofToken         → 服务端返回 `proofofwork.required=true` + seed + difficulty,
+//      客户端本地求解后放进 Header `openai-sentinel-proof-token`。
+//      前缀 "gAAAAAB"。config 是 13 元素数组,只迭代 config[3]。
+//
+// 两者共享同一个判定函数:SHA3-512(seed + base64(config_json)) 的前 N 字节
+// 按字节序 <= bytes.fromhex(difficulty)。若不满足则 config[3] += 1 重试。
+package chatgpt
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"math/rand"
+	"strconv"
+	"strings"
+	"sync/atomic"
+	"time"
+
+	"golang.org/x/crypto/sha3"
+)
+
+// TurnstileSolver 负责把 /sentinel/chat-requirements/prepare 返回的 `turnstile.dx`
+// 挑战字符串,解算成 /sentinel/chat-requirements/finalize 需要的 turnstile
+// response 字符串。
+//
+// 说明:OpenAI 的 turnstile 是基于 Cloudflare turnstile 衍生的自定义 challenge,
+// dx 是混淆 JS + WebAssembly 的输入,response 是执行结果。纯 Go 无法还原,
+// 解算必须委托给外部服务(2captcha/capsolver/自建 headless 浏览器等)。
+//
+// 没有 solver 时,Client.ChatRequirementsV2 会自动回退到老的单步
+// chat-requirements 流程(Turnstile=true 直接忽略)。
+type TurnstileSolver interface {
+	Solve(ctx context.Context, dx string) (string, error)
+}
+
+const (
+	powPrefixRequirements = "gAAAAAC"
+	powPrefixProof        = "gAAAAAB"
+
+	requirementsDifficulty = "0fffff"
+
+	maxRequirementsIter = 500_000
+	maxProofIter        = 100_000
+
+	powFallback = "gAAAAABwQ8Lk5FbGpA2NcR9dShT6gYjU7VxZ4D"
+)
+
+var (
+	powCores   = []int{16, 24, 32}
+	powScreens = []int{3000, 4000, 6000}
+
+	powNavKeys = []string{
+		"webdriver−false", "vendor−Google Inc.", "cookieEnabled−true",
+		"pdfViewerEnabled−true", "hardwareConcurrency−32",
+		"language−zh-CN", "mimeTypes−[object MimeTypeArray]",
+		"userAgentData−[object NavigatorUAData]",
+	}
+	powWinKeys = []string{
+		"innerWidth", "innerHeight", "devicePixelRatio", "screen",
+		"chrome", "location", "history", "navigator",
+	}
+
+	powReactListeners = []string{"_reactListeningcfilawjnerp", "_reactListening9ne2dfo1i47"}
+	powProofEvents    = []string{"alert", "ontransitionend", "onprogress"}
+
+	// perfCounter 模拟浏览器 performance.counter() 的单调递增(亚秒级)。
+	perfCounter uint64
+)
+
+// POWConfig 是 18 元素的客户端指纹数组(requirements_token 用)。
+type POWConfig struct {
+	userAgent string
+	arr       [18]interface{}
+}
+
+// NewPOWConfig 构造一个随机化的客户端指纹,用于 requirements + proof 两种场景。
+func NewPOWConfig(userAgent string) *POWConfig {
+	if userAgent == "" {
+		userAgent = DefaultUserAgent
+	}
+	//nolint:gosec // 非加密用途
+	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	now := time.Now().UTC()
+	timeStr := now.Format("Mon Jan 02 2006 15:04:05") + " GMT+0000 (UTC)"
+	perf := float64(atomic.AddUint64(&perfCounter, 1)) + rng.Float64()
+
+	c := &POWConfig{userAgent: userAgent}
+	c.arr = [18]interface{}{
+		powCores[rng.Intn(len(powCores))] + powScreens[rng.Intn(len(powScreens))], // 0
+		timeStr,                 // 1
+		nil,                     // 2
+		rng.Float64(),           // 3 - 迭代会覆盖
+		userAgent,               // 4
+		nil,                     // 5
+		"dpl=1440a687921de39ff5ee56b92807faaadce73f13", // 6
+		"en-US",             // 7
+		"en-US,zh-CN",       // 8
+		0,                   // 9 - 迭代会覆盖
+		powNavKeys[rng.Intn(len(powNavKeys))], // 10
+		"location",          // 11
+		powWinKeys[rng.Intn(len(powWinKeys))], // 12
+		perf,                // 13
+		randomUUID(rng),     // 14
+		"",                  // 15
+		8,                   // 16
+		now.Unix(),          // 17
+	}
+	return c
+}
+
+// RequirementsToken 生成 /sentinel/chat-requirements 的 "p" 字段值。
+// 对齐 gen_image.py.get_requirements_token:固定难度 0fffff,前缀 gAAAAAC。
+func (c *POWConfig) RequirementsToken() string {
+	//nolint:gosec
+	seed := strconv.FormatFloat(rand.Float64(), 'f', -1, 64)
+	b64, ok := c.solveRequirements(seed, requirementsDifficulty)
+	if !ok {
+		return powPrefixRequirements + powFallback +
+			base64.StdEncoding.EncodeToString([]byte(`"`+seed+`"`))
+	}
+	return powPrefixRequirements + b64
+}
+
+// solveRequirements 高性能迭代:预拼 JSON 的三段字节前缀,只在内循环拼 d1/d2。
+// 严格对齐 gen_image.py._generate_answer。
+func (c *POWConfig) solveRequirements(seed, difficulty string) (string, bool) {
+	target, err := hex.DecodeString(difficulty)
+	if err != nil {
+		return "", false
+	}
+	diffLen := len(difficulty) // 字符数(与 Python 对齐)
+
+	// 预拼 p1/p2/p3。config[3] 和 config[9] 位置留给迭代器。
+	arr := c.arr
+	// p1 = json(arr[:3])[:-1] + ","
+	head, _ := json.Marshal([]interface{}{arr[0], arr[1], arr[2]})
+	p1 := append(head[:len(head)-1:len(head)-1], ',')
+
+	mid, _ := json.Marshal([]interface{}{arr[4], arr[5], arr[6], arr[7], arr[8]})
+	// p2 = "," + json(arr[4:9])[1:-1] + ","
+	p2 := make([]byte, 0, len(mid)+2)
+	p2 = append(p2, ',')
+	p2 = append(p2, mid[1:len(mid)-1]...)
+	p2 = append(p2, ',')
+
+	tail, _ := json.Marshal([]interface{}{
+		arr[10], arr[11], arr[12], arr[13], arr[14], arr[15], arr[16], arr[17],
+	})
+	// p3 = "," + json(arr[10:])[1:]  => "," + "element1,...,elementN]"
+	p3 := make([]byte, 0, len(tail)+1)
+	p3 = append(p3, ',')
+	p3 = append(p3, tail[1:]...)
+
+	hasher := sha3.New512()
+	seedB := []byte(seed)
+	buf := make([]byte, 0, len(p1)+32+len(p2)+16+len(p3))
+	b64buf := make([]byte, base64.StdEncoding.EncodedLen(cap(buf)))
+
+	for i := 0; i < maxRequirementsIter; i++ {
+		d1 := strconv.Itoa(i)
+		d2 := strconv.Itoa(i >> 1)
+
+		buf = buf[:0]
+		buf = append(buf, p1...)
+		buf = append(buf, d1...)
+		buf = append(buf, p2...)
+		buf = append(buf, d2...)
+		buf = append(buf, p3...)
+
+		n := base64.StdEncoding.EncodedLen(len(buf))
+		if cap(b64buf) < n {
+			b64buf = make([]byte, n)
+		}
+		b64buf = b64buf[:n]
+		base64.StdEncoding.Encode(b64buf, buf)
+
+		hasher.Reset()
+		hasher.Write(seedB)
+		hasher.Write(b64buf)
+		sum := hasher.Sum(nil)
+
+		// Python: h[:diff_len] <= target
+		// diff_len 是字符数(6),target 是字节(3)。Python bytes cmp 按短的逐字节比较。
+		// 这里保持等价:取 min(len(target), len(sum)) 字节比较。
+		n2 := diffLen
+		if n2 > len(sum) {
+			n2 = len(sum)
+		}
+		cmpLen := n2
+		if cmpLen > len(target) {
+			cmpLen = len(target)
+		}
+		if bytes.Compare(sum[:cmpLen], target[:cmpLen]) <= 0 {
+			return string(b64buf), true
+		}
+	}
+	return "", false
+}
+
+// SolveProofToken 按服务端挑战求解 proof token(header 用,前缀 gAAAAAB)。
+// 迁移自 gen_image.py.generate_proof_token 的轻量 13 元素 config。
+func SolveProofToken(seed, difficulty, userAgent string) string {
+	if seed == "" || difficulty == "" {
+		return ""
+	}
+	if userAgent == "" {
+		userAgent = DefaultUserAgent
+	}
+	//nolint:gosec
+	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	screen := powScreens[rng.Intn(len(powScreens))] * (1 << rng.Intn(3)) // *1/2/4
+
+	timeStr := time.Now().UTC().Format("Mon, 02 Jan 2006 15:04:05 GMT")
+
+	proofConfig := []interface{}{
+		screen, // 0
+		timeStr,
+		nil,
+		0, // 3 - 迭代
+		userAgent,
+		"https://tcr9i.chat.openai.com/v2/35536E1E-65B4-4D96-9D97-6ADB7EFF8147/api.js",
+		"dpl=1440a687921de39ff5ee56b92807faaadce73f13",
+		"en",
+		"en-US",
+		nil,
+		"plugins−[object PluginArray]",
+		powReactListeners[rng.Intn(len(powReactListeners))],
+		powProofEvents[rng.Intn(len(powProofEvents))],
+	}
+
+	diffLen := len(difficulty)
+	hasher := sha3.New512()
+	for i := 0; i < maxProofIter; i++ {
+		proofConfig[3] = i
+		raw, err := json.Marshal(proofConfig)
+		if err != nil {
+			continue
+		}
+		b64 := base64.StdEncoding.EncodeToString(raw)
+		hasher.Reset()
+		hasher.Write([]byte(seed + b64))
+		sum := hasher.Sum(nil)
+		hexStr := hex.EncodeToString(sum)
+		if strings.Compare(hexStr[:diffLen], difficulty) <= 0 {
+			return powPrefixProof + b64
+		}
+	}
+	return powPrefixProof + powFallback +
+		base64.StdEncoding.EncodeToString([]byte(`"`+seed+`"`))
+}
+
+func randomUUID(rng *rand.Rand) string {
+	var b [16]byte
+	_, _ = rng.Read(b[:])
+	b[6] = (b[6] & 0x0f) | 0x40
+	b[8] = (b[8] & 0x3f) | 0x80
+	return fmt.Sprintf("%08x-%04x-%04x-%04x-%012x",
+		b[0:4], b[4:6], b[6:8], b[8:10], b[10:16])
+}
diff --git a/internal/upstream/chatgpt/utls_transport.go b/internal/upstream/chatgpt/utls_transport.go
new file mode 100644
index 00000000..7d559ab2
--- /dev/null
+++ b/internal/upstream/chatgpt/utls_transport.go
@@ -0,0 +1,307 @@
+package chatgpt
+
+import (
+	"bufio"
+	"context"
+	"crypto/tls"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+	"sync"
+	"time"
+
+	utls "github.com/refraction-networking/utls"
+	"golang.org/x/net/http2"
+)
+
+// NewUTLSTransport 返回一个带 uTLS 浏览器指纹伪装的 http.RoundTripper。
+//
+// chatgpt.com 前置的 Cloudflare 会按 TLS ClientHello 的 JA3/JA4 指纹识别客户端;
+// Go 标准 crypto/tls 的指纹会被直接拒绝(返回 403 HTML 拦截页)。这里用
+// refraction-networking/utls 把 ClientHello 换成 Chrome 120 模板,让 Cloudflare
+// 认为是真 Chrome。
+//
+// 同时支持通过 HTTP(S) 代理走 CONNECT 隧道。
+//
+// 行为要点:
+//   - ALPN 协商到 h2 时走内部 http2.Transport,http/1.1 时走标准 http.Transport
+//   - 首次 h2 失败且为协议级错误(例如 ALPN 回退到 h1)时自动切 h1 重试
+//   - 连接不做跨请求复用的特殊处理,依赖各子 transport 自身的空闲池
+//
+// proxyURL 只支持 http/https,socks5 需要走另一条路径(当前账号池均为 HTTP 代理)。
+func NewUTLSTransport(proxyURL string, idleTimeout time.Duration) (http.RoundTripper, error) {
+	if idleTimeout <= 0 {
+		idleTimeout = 30 * time.Second
+	}
+	rt := &utlsRoundTripper{
+		dialer:      &net.Dialer{Timeout: 30 * time.Second, KeepAlive: 30 * time.Second},
+		idleTimeout: idleTimeout,
+	}
+	if strings.TrimSpace(proxyURL) != "" {
+		u, err := url.Parse(proxyURL)
+		if err != nil {
+			return nil, fmt.Errorf("invalid proxy url: %w", err)
+		}
+		switch strings.ToLower(u.Scheme) {
+		case "http", "https":
+			rt.proxyURL = u
+		case "socks5", "socks5h":
+			return nil, fmt.Errorf("socks5 proxy is not supported by utls transport yet")
+		default:
+			return nil, fmt.Errorf("unsupported proxy scheme %q", u.Scheme)
+		}
+	}
+	rt.h1 = &http.Transport{
+		DialTLSContext:        rt.dialTLS,
+		MaxIdleConnsPerHost:   4,
+		IdleConnTimeout:       idleTimeout,
+		TLSHandshakeTimeout:   15 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+		ForceAttemptHTTP2:     false,
+	}
+	rt.h2 = &http2.Transport{
+		DialTLSContext: func(ctx context.Context, network, addr string, cfg *tls.Config) (net.Conn, error) {
+			return rt.dialTLS(ctx, network, addr)
+		},
+		ReadIdleTimeout: idleTimeout,
+		AllowHTTP:       false,
+	}
+	return rt, nil
+}
+
+// forceH1 如果为 true,ALPN 只请求 http/1.1 且 RoundTrip 完全跳过 h2。
+//
+// 为什么要这个开关:
+// chatgpt.com + Cloudflare 近期加强了 JA4H(HTTP/2 SETTINGS frame 指纹)识别。
+// Go 的 golang.org/x/net/http2.Transport 发出的 SETTINGS frame 顺序/参数跟
+// Chrome 不同,即使 TLS ClientHello 用 uTLS 伪装成 Chrome,h2 层依然会被识别
+// 为自动化客户端,触发"Unusual activity has been detected"硬风控。
+//
+// 参考实现 gen_image.py 用 curl-cffi(impersonate chrome131),那个库同时伪装
+// TLS + HTTP/2 指纹。本 transport 暂未接 tls-client,
+// 作为权宜之计:强制 http/1.1,上游对 h1 的指纹检测更宽松。
+var forceH1 = true
+
+type utlsRoundTripper struct {
+	proxyURL    *url.URL
+	dialer      *net.Dialer
+	idleTimeout time.Duration
+
+	mu sync.Mutex
+	h1 *http.Transport
+	h2 *http2.Transport
+}
+
+// RoundTrip 先尝试 h2(chatgpt.com 默认),仅在明确是协议级错误时回退到 h1。
+//
+// 当 forceH1 = true 时,完全跳过 h2(避免 JA4H 识别),直接走 h1 transport。
+func (rt *utlsRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	if forceH1 {
+		return rt.h1.RoundTrip(req)
+	}
+	// SSE / chunked body 场景:不能让 h2 transport 吃掉 Connection: close 之类的 h1 头
+	// 这里 chatgpt.com 都能用 h2 处理 SSE,优先 h2.
+	resp, err := rt.h2.RoundTrip(req)
+	if err == nil {
+		return resp, nil
+	}
+	if isH2Retryable(err) {
+		return rt.h1.RoundTrip(req)
+	}
+	return nil, err
+}
+
+// CloseIdleConnections 关闭两个子 transport 的空闲连接(http.Client 会调用)。
+func (rt *utlsRoundTripper) CloseIdleConnections() {
+	rt.mu.Lock()
+	h1, h2 := rt.h1, rt.h2
+	rt.mu.Unlock()
+	if h1 != nil {
+		h1.CloseIdleConnections()
+	}
+	if h2 != nil {
+		h2.CloseIdleConnections()
+	}
+}
+
+// dialTLS 建立到 addr 的 TCP(可能走代理 CONNECT),再用 utls 做 Chrome 指纹的 TLS 握手。
+// 返回的 net.Conn 实际是 *utls.UConn,ALPN 结果由握手自动确定。
+func (rt *utlsRoundTripper) dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, err
+	}
+	raw, err := rt.dialRaw(ctx, addr)
+	if err != nil {
+		return nil, err
+	}
+	// forceH1:ALPN 只请求 http/1.1,避免 HTTP/2 SETTINGS 指纹被识别。
+	// 否则按常规先 h2 再 h1 fallback。
+	alpn := []string{"h2", "http/1.1"}
+	if forceH1 {
+		alpn = []string{"http/1.1"}
+	}
+	// InsecureSkipVerify 说明:
+	//   1. 部分商业 HTTP 代理会做 SSL Inspection(MITM):对目标域名重签一张自签名证书
+	//      转发给客户端。这张证书不在系统 CA 列表里,导致 uTLS 证书验证失败。
+	//   2. 我们的安全边界在代理本身:流量已经走 CONNECT 隧道通过已信任的代理;
+	//      对 chatgpt.com 再做证书 pin 没有额外意义。
+	//   3. 即使不配置代理,直连场景下 chatgpt.com 用的是正规 DigiCert 证书,
+	//      实际不会触发此标志,行为与之前相同。
+	uconn := utls.UClient(raw, &utls.Config{
+		ServerName:         host,
+		NextProtos:         alpn,
+		MinVersion:         tls.VersionTLS12,
+		InsecureSkipVerify: true, //nolint:gosec
+	}, utls.HelloChrome_131)
+
+	// 关键:utls 的预设 HelloID(HelloChrome_131 等)里 ALPNExtension 的值
+	// 是按 Chrome 原样硬编码的 ["h2", "http/1.1"],Config.NextProtos 对预设
+	// HelloID 不生效。forceH1 场景下必须显式覆盖 Extension 里的值,
+	// 否则服务器仍按 h2 协商,后续 h1.Transport 会读到 HTTP/2 SETTINGS frame
+	// 报 `malformed HTTP response "\x00\x00\x12\x04..."`。
+	if forceH1 {
+		if err := uconn.BuildHandshakeState(); err != nil {
+			_ = raw.Close()
+			return nil, fmt.Errorf("utls build state: %w", err)
+		}
+		for _, ext := range uconn.Extensions {
+			if alpnExt, ok := ext.(*utls.ALPNExtension); ok {
+				alpnExt.AlpnProtocols = []string{"http/1.1"}
+			}
+		}
+	}
+
+	if err := uconn.HandshakeContext(ctx); err != nil {
+		_ = raw.Close()
+		return nil, fmt.Errorf("utls handshake %s: %w", host, err)
+	}
+
+	// 二次保险:如果服务器忽略我们的 ALPN(比如某些商业代理)还是协商到 h2,
+	// 直接断开,避免 h1.Transport 读到 SETTINGS frame 的脏字节。
+	if forceH1 {
+		np := uconn.ConnectionState().NegotiatedProtocol
+		if np != "" && np != "http/1.1" {
+			_ = uconn.Close()
+			return nil, fmt.Errorf("alpn negotiated %q, expected http/1.1", np)
+		}
+	}
+	return uconn, nil
+}
+
+// dialRaw 返回一个已经"到对端 host:port"的 TCP 通道。若配置了 HTTP 代理,先
+// 连到代理再发 CONNECT。
+func (rt *utlsRoundTripper) dialRaw(ctx context.Context, addr string) (net.Conn, error) {
+	if rt.proxyURL == nil {
+		return rt.dialer.DialContext(ctx, "tcp", addr)
+	}
+	proxyAddr := rt.proxyURL.Host
+	if !strings.Contains(proxyAddr, ":") {
+		if strings.EqualFold(rt.proxyURL.Scheme, "https") {
+			proxyAddr += ":443"
+		} else {
+			proxyAddr += ":80"
+		}
+	}
+	conn, err := rt.dialer.DialContext(ctx, "tcp", proxyAddr)
+	if err != nil {
+		return nil, fmt.Errorf("dial proxy %s: %w", proxyAddr, err)
+	}
+	// HTTPS 代理本身要先 TLS 握手(走标准 tls,不需伪装指纹,代理一般不卡 JA3)。
+	// 部分商业代理使用私有 CA 或自签名证书,标准 CA 库无法验证;
+	// InsecureSkipVerify 只作用于「到代理服务器」这一段,不影响后续 uTLS 握手
+	// 对 chatgpt.com 的证书验证(两段是独立的 TLS 连接)。
+	if strings.EqualFold(rt.proxyURL.Scheme, "https") {
+		tlsConn := tls.Client(conn, &tls.Config{
+			ServerName:         rt.proxyURL.Hostname(),
+			InsecureSkipVerify: true, //nolint:gosec
+		})
+		if err := tlsConn.HandshakeContext(ctx); err != nil {
+			_ = conn.Close()
+			return nil, fmt.Errorf("tls handshake to https proxy: %w", err)
+		}
+		conn = tlsConn
+	}
+	// CONNECT addr
+	connectReq := &http.Request{
+		Method: http.MethodConnect,
+		URL:    &url.URL{Opaque: addr},
+		Host:   addr,
+		Header: make(http.Header),
+	}
+	connectReq.Header.Set("User-Agent", DefaultUserAgent)
+	if u := rt.proxyURL.User; u != nil {
+		pw, _ := u.Password()
+		connectReq.Header.Set("Proxy-Authorization", "Basic "+
+			base64.StdEncoding.EncodeToString([]byte(u.Username()+":"+pw)))
+	}
+	if err := connectReq.Write(conn); err != nil {
+		_ = conn.Close()
+		return nil, fmt.Errorf("write CONNECT: %w", err)
+	}
+	br := bufio.NewReader(conn)
+	resp, err := http.ReadResponse(br, connectReq)
+	if err != nil {
+		_ = conn.Close()
+		return nil, fmt.Errorf("read CONNECT response: %w", err)
+	}
+	if resp.StatusCode != http.StatusOK {
+		_ = conn.Close()
+		return nil, fmt.Errorf("proxy CONNECT %s → %s", addr, resp.Status)
+	}
+	// br 里可能已经预读了握手后的第一批字节,必须把它包进 conn 返回,否则 TLS 握手会少字节
+	if n := br.Buffered(); n > 0 {
+		peeked, _ := br.Peek(n)
+		return &bufConn{Conn: conn, rd: bufio.NewReaderSize(io.MultiReader(peeked2Reader(peeked), conn), 4096)}, nil
+	}
+	return conn, nil
+}
+
+// isH2Retryable 判断 h2 错误是否可以降级到 h1 重试。
+func isH2Retryable(err error) bool {
+	if err == nil {
+		return false
+	}
+	s := err.Error()
+	// 常见 h2 → h1 协商失败或 HTTP_1_1_REQUIRED
+	return strings.Contains(s, "HTTP_1_1_REQUIRED") ||
+		strings.Contains(s, "http2: unsupported scheme") ||
+		strings.Contains(s, "bad protocol") ||
+		strings.Contains(s, "remote error: tls: no application protocol") ||
+		strings.Contains(s, "http2: server sent GOAWAY") ||
+		errors.Is(err, http2.ErrNoCachedConn)
+}
+
+// bufConn 让预读过的字节流继续可读,同时保留 net.Conn 的其他方法(Close/LocalAddr 等)。
+type bufConn struct {
+	net.Conn
+	rd *bufio.Reader
+}
+
+func (b *bufConn) Read(p []byte) (int, error) { return b.rd.Read(p) }
+
+// peeked2Reader 把一段已 Peek 的字节封装成 io.Reader。独立函数是为了避免
+// 直接把 bufio.Reader 塞进 io.MultiReader 时,它内部还能继续读原 conn 的字节
+// 而造成重复读。
+func peeked2Reader(peeked []byte) io.Reader {
+	return &readOnceBuf{buf: peeked}
+}
+
+type readOnceBuf struct {
+	buf []byte
+	off int
+}
+
+func (r *readOnceBuf) Read(p []byte) (int, error) {
+	if r.off >= len(r.buf) {
+		return 0, io.EOF
+	}
+	n := copy(p, r.buf[r.off:])
+	r.off += n
+	return n, nil
+}
diff --git a/internal/usage/admin_handler.go b/internal/usage/admin_handler.go
new file mode 100644
index 00000000..7f7d6c20
--- /dev/null
+++ b/internal/usage/admin_handler.go
@@ -0,0 +1,103 @@
+package usage
+
+import (
+	"strconv"
+	"time"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// AdminHandler 提供 /api/admin/usage/* 的只读聚合/列表接口。
+type AdminHandler struct{ qdao *QueryDAO }
+
+func NewAdminHandler(qdao *QueryDAO) *AdminHandler { return &AdminHandler{qdao: qdao} }
+
+// filterFromQuery 解析通用 query 参数到 Filter。
+// 约定:since/until 使用 RFC3339 或 YYYY-MM-DD;不传即无限制。
+func filterFromQuery(c *gin.Context) Filter {
+	uid64, _ := strconv.ParseUint(c.Query("user_id"), 10, 64)
+	mid64, _ := strconv.ParseUint(c.Query("model_id"), 10, 64)
+	kid64, _ := strconv.ParseUint(c.Query("key_id"), 10, 64)
+	aid64, _ := strconv.ParseUint(c.Query("account_id"), 10, 64)
+
+	return Filter{
+		UserID:    uid64,
+		KeyID:     kid64,
+		ModelID:   mid64,
+		AccountID: aid64,
+		Type:      c.Query("type"),
+		Status:    c.Query("status"),
+		Since:     parseFlexTime(c.Query("since")),
+		Until:     parseFlexTime(c.Query("until")),
+	}
+}
+
+func parseFlexTime(s string) time.Time {
+	if s == "" {
+		return time.Time{}
+	}
+	if t, err := time.Parse(time.RFC3339, s); err == nil {
+		return t
+	}
+	if t, err := time.Parse("2006-01-02", s); err == nil {
+		return t
+	}
+	return time.Time{}
+}
+
+// GET /api/admin/usage/stats
+// 返回综合聚合:overall + daily 折线 + top model + top user(可控 top_n)
+func (h *AdminHandler) Stats(c *gin.Context) {
+	f := filterFromQuery(c)
+	days, _ := strconv.Atoi(c.DefaultQuery("days", "14"))
+	topN, _ := strconv.Atoi(c.DefaultQuery("top_n", "10"))
+
+	overall, err := h.qdao.Overall(c.Request.Context(), f)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	daily, err := h.qdao.Daily(c.Request.Context(), f, days)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	byModel, err := h.qdao.ByModel(c.Request.Context(), f, topN)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	byUser, err := h.qdao.ByUser(c.Request.Context(), f, topN)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{
+		"overall":  overall,
+		"daily":    daily,
+		"by_model": byModel,
+		"by_user":  byUser,
+	})
+}
+
+// GET /api/admin/usage/logs
+// 返回原始日志分页。
+func (h *AdminHandler) Logs(c *gin.Context) {
+	f := filterFromQuery(c)
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+
+	rows, total, err := h.qdao.List(c.Request.Context(), f, offset, limit)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{
+		"items":  rows,
+		"total":  total,
+		"limit":  limit,
+		"offset": offset,
+	})
+}
diff --git a/internal/usage/logger.go b/internal/usage/logger.go
new file mode 100644
index 00000000..f3b8d945
--- /dev/null
+++ b/internal/usage/logger.go
@@ -0,0 +1,161 @@
+// Package usage 实现 usage_logs 的异步批量写入。
+//
+// 设计目标:
+//   1. 网关请求落盘不在关键路径上(同步 INSERT 会拖垮高并发)。
+//   2. Channel 缓冲 + 定时 flush + 批量 INSERT。
+//   3. 丢弃策略:channel 满时异步降级到 Warn 日志,不阻塞调用方。
+//
+// 参数(默认):
+//   - buffer: 8192 条
+//   - batch : 500 条
+//   - flush : 200ms
+package usage
+
+import (
+	"context"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+	"go.uber.org/zap"
+
+	"github.com/432539/gpt2api/pkg/logger"
+)
+
+// Options 可选参数。
+type Options struct {
+	Buffer       int
+	Batch        int
+	FlushInterval time.Duration
+}
+
+// Logger 异步写入器。
+type Logger struct {
+	db     *sqlx.DB
+	ch     chan *Log
+	opt    Options
+	closed chan struct{}
+	wg     sync.WaitGroup
+}
+
+// New 创建并启动后台 flusher。调用方在进程退出前应 Close。
+func New(db *sqlx.DB, opt Options) *Logger {
+	if opt.Buffer <= 0 {
+		opt.Buffer = 8192
+	}
+	if opt.Batch <= 0 {
+		opt.Batch = 500
+	}
+	if opt.FlushInterval <= 0 {
+		opt.FlushInterval = 200 * time.Millisecond
+	}
+	l := &Logger{
+		db:     db,
+		ch:     make(chan *Log, opt.Buffer),
+		opt:    opt,
+		closed: make(chan struct{}),
+	}
+	l.wg.Add(1)
+	go l.loop()
+	return l
+}
+
+// Write 非阻塞投递一条日志。channel 满时降级到 Warn 日志并丢弃。
+func (l *Logger) Write(row *Log) {
+	if row == nil {
+		return
+	}
+	if row.CreatedAt.IsZero() {
+		row.CreatedAt = time.Now()
+	}
+	select {
+	case l.ch <- row:
+	default:
+		logger.L().Warn("usage_logs channel full, dropping entry",
+			zap.String("request_id", row.RequestID))
+	}
+}
+
+// Close 停止后台 flusher,并把剩余 buffer 落盘。
+func (l *Logger) Close() {
+	close(l.closed)
+	l.wg.Wait()
+}
+
+func (l *Logger) loop() {
+	defer l.wg.Done()
+	tick := time.NewTicker(l.opt.FlushInterval)
+	defer tick.Stop()
+
+	batch := make([]*Log, 0, l.opt.Batch)
+	flush := func() {
+		if len(batch) == 0 {
+			return
+		}
+		if err := l.bulkInsert(batch); err != nil {
+			logger.L().Error("usage_logs bulk insert", zap.Error(err),
+				zap.Int("rows", len(batch)))
+		}
+		batch = batch[:0]
+	}
+
+	for {
+		select {
+		case <-l.closed:
+			// drain
+			for {
+				select {
+				case row := <-l.ch:
+					batch = append(batch, row)
+					if len(batch) >= l.opt.Batch {
+						flush()
+					}
+				default:
+					flush()
+					return
+				}
+			}
+		case row := <-l.ch:
+			batch = append(batch, row)
+			if len(batch) >= l.opt.Batch {
+				flush()
+			}
+		case <-tick.C:
+			flush()
+		}
+	}
+}
+
+func (l *Logger) bulkInsert(rows []*Log) error {
+	if len(rows) == 0 {
+		return nil
+	}
+	// 每条 18 个占位符,MySQL max_allowed_packet 一般够用。
+	const cols = 18
+	var b strings.Builder
+	b.WriteString(`INSERT INTO usage_logs
+        (user_id, key_id, model_id, account_id, request_id, type,
+         input_tokens, output_tokens, cache_read_tokens, cache_write_tokens,
+         image_count, credit_cost, duration_ms, status, error_code, ip, ua, created_at)
+        VALUES `)
+
+	args := make([]interface{}, 0, len(rows)*cols)
+	for i, r := range rows {
+		if i > 0 {
+			b.WriteByte(',')
+		}
+		b.WriteString("(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)")
+		args = append(args,
+			r.UserID, r.KeyID, r.ModelID, r.AccountID, r.RequestID, r.Type,
+			r.InputTokens, r.OutputTokens, r.CacheReadTokens, r.CacheWriteTokens,
+			r.ImageCount, r.CreditCost, r.DurationMs, r.Status, r.ErrorCode,
+			r.IP, r.UA, r.CreatedAt,
+		)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+	_, err := l.db.ExecContext(ctx, b.String(), args...)
+	return err
+}
diff --git a/internal/usage/me_handler.go b/internal/usage/me_handler.go
new file mode 100644
index 00000000..625324d3
--- /dev/null
+++ b/internal/usage/me_handler.go
@@ -0,0 +1,93 @@
+package usage
+
+import (
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// MeHandler 面向当前用户的 usage 只读接口。
+// 与 AdminHandler 的区别:强制注入 UserID = 当前登录用户,
+// 客户端不能越权查看他人数据。
+type MeHandler struct{ qdao *QueryDAO }
+
+// NewMeHandler 构造。
+func NewMeHandler(qdao *QueryDAO) *MeHandler { return &MeHandler{qdao: qdao} }
+
+// filterFromMeQuery 与 admin 版一致,但强制 UserID = current。
+func filterFromMeQuery(c *gin.Context, userID uint64) Filter {
+	f := Filter{
+		UserID: userID,
+		Type:   c.Query("type"),
+		Status: c.Query("status"),
+		Since:  parseFlexTime(c.Query("since")),
+		Until:  parseFlexTime(c.Query("until")),
+	}
+	if mid, err := strconv.ParseUint(c.Query("model_id"), 10, 64); err == nil {
+		f.ModelID = mid
+	}
+	if kid, err := strconv.ParseUint(c.Query("key_id"), 10, 64); err == nil {
+		f.KeyID = kid
+	}
+	return f
+}
+
+// GET /api/me/usage/logs
+// 返回当前用户的原始日志分页。
+func (h *MeHandler) Logs(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "not logged in")
+		return
+	}
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	if limit > 200 {
+		limit = 200
+	}
+	f := filterFromMeQuery(c, uid)
+	rows, total, err := h.qdao.List(c.Request.Context(), f, offset, limit)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"items": rows, "total": total, "limit": limit, "offset": offset})
+}
+
+// GET /api/me/usage/stats
+// 返回当前用户的整体汇总 + 最近 N 天折线 + 模型 TOP N。
+// 不包括按用户聚合(当前用户视角下无意义)。
+func (h *MeHandler) Stats(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "not logged in")
+		return
+	}
+	days, _ := strconv.Atoi(c.DefaultQuery("days", "14"))
+	topN, _ := strconv.Atoi(c.DefaultQuery("top_n", "5"))
+	f := filterFromMeQuery(c, uid)
+
+	overall, err := h.qdao.Overall(c.Request.Context(), f)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	daily, err := h.qdao.Daily(c.Request.Context(), f, days)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	byModel, err := h.qdao.ByModel(c.Request.Context(), f, topN)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{
+		"overall":  overall,
+		"daily":    daily,
+		"by_model": byModel,
+	})
+}
diff --git a/internal/usage/model.go b/internal/usage/model.go
new file mode 100644
index 00000000..f1288e0d
--- /dev/null
+++ b/internal/usage/model.go
@@ -0,0 +1,37 @@
+package usage
+
+import "time"
+
+// Type 业务类型。
+const (
+	TypeChat  = "chat"
+	TypeImage = "image"
+)
+
+// Status 请求结果。
+const (
+	StatusSuccess = "success"
+	StatusFailed  = "failed"
+)
+
+// Log 对应 usage_logs 表一行。
+type Log struct {
+	UserID           uint64    `db:"user_id"`
+	KeyID            uint64    `db:"key_id"`
+	ModelID          uint64    `db:"model_id"`
+	AccountID        uint64    `db:"account_id"`
+	RequestID        string    `db:"request_id"`
+	Type             string    `db:"type"`
+	InputTokens      int       `db:"input_tokens"`
+	OutputTokens     int       `db:"output_tokens"`
+	CacheReadTokens  int       `db:"cache_read_tokens"`
+	CacheWriteTokens int       `db:"cache_write_tokens"`
+	ImageCount       int       `db:"image_count"`
+	CreditCost       int64     `db:"credit_cost"`
+	DurationMs       int       `db:"duration_ms"`
+	Status           string    `db:"status"`
+	ErrorCode        string    `db:"error_code"`
+	IP               string    `db:"ip"`
+	UA               string    `db:"ua"`
+	CreatedAt        time.Time `db:"created_at"`
+}
diff --git a/internal/usage/query_dao.go b/internal/usage/query_dao.go
new file mode 100644
index 00000000..0cd9e6e3
--- /dev/null
+++ b/internal/usage/query_dao.go
@@ -0,0 +1,288 @@
+package usage
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+)
+
+// QueryDAO 提供 usage_logs 的只读查询/聚合能力。
+// 与 logger 的写入路径解耦,单独维护。
+type QueryDAO struct{ db *sqlx.DB }
+
+func NewQueryDAO(db *sqlx.DB) *QueryDAO { return &QueryDAO{db: db} }
+
+// Filter 是列表/聚合的公共过滤条件。
+// 所有字段都可选;非零才参与 WHERE。
+type Filter struct {
+	UserID    uint64
+	KeyID     uint64
+	ModelID   uint64
+	AccountID uint64
+	Type      string // "chat" | "image"
+	Status    string
+	Since     time.Time
+	Until     time.Time
+}
+
+// ItemRow 列表返回行(含部分展开字段,省一次 JOIN)。
+type ItemRow struct {
+	ID               uint64    `db:"id" json:"id"`
+	UserID           uint64    `db:"user_id" json:"user_id"`
+	KeyID            uint64    `db:"key_id" json:"key_id"`
+	ModelID          uint64    `db:"model_id" json:"model_id"`
+	ModelSlug        string    `db:"model_slug" json:"model_slug"`
+	AccountID        uint64    `db:"account_id" json:"account_id"`
+	RequestID        string    `db:"request_id" json:"request_id"`
+	Type             string    `db:"type" json:"type"`
+	InputTokens      int       `db:"input_tokens" json:"input_tokens"`
+	OutputTokens     int       `db:"output_tokens" json:"output_tokens"`
+	CacheReadTokens  int       `db:"cache_read_tokens" json:"cache_read_tokens"`
+	CacheWriteTokens int       `db:"cache_write_tokens" json:"cache_write_tokens"`
+	ImageCount       int       `db:"image_count" json:"image_count"`
+	CreditCost       int64     `db:"credit_cost" json:"credit_cost"`
+	DurationMs       int       `db:"duration_ms" json:"duration_ms"`
+	Status           string    `db:"status" json:"status"`
+	ErrorCode        string    `db:"error_code" json:"error_code"`
+	IP               string    `db:"ip" json:"ip"`
+	CreatedAt        time.Time `db:"created_at" json:"created_at"`
+}
+
+// ModelStat 按模型聚合。
+type ModelStat struct {
+	ModelID      uint64 `db:"model_id" json:"model_id"`
+	ModelSlug    string `db:"model_slug" json:"model_slug"`
+	Type         string `db:"type" json:"type"`
+	Requests     int64  `db:"requests" json:"requests"`
+	Failures     int64  `db:"failures" json:"failures"`
+	InputTokens  int64  `db:"input_tokens" json:"input_tokens"`
+	OutputTokens int64  `db:"output_tokens" json:"output_tokens"`
+	ImageCount   int64  `db:"image_count" json:"image_count"`
+	CreditCost   int64  `db:"credit_cost" json:"credit_cost"`
+	AvgDurMs     int64  `db:"avg_dur_ms" json:"avg_dur_ms"`
+}
+
+// UserStat 按用户聚合。
+type UserStat struct {
+	UserID     uint64 `db:"user_id" json:"user_id"`
+	Email      string `db:"email" json:"email"`
+	Requests   int64  `db:"requests" json:"requests"`
+	Failures   int64  `db:"failures" json:"failures"`
+	CreditCost int64  `db:"credit_cost" json:"credit_cost"`
+}
+
+// DailyPoint 按天聚合,用于图表。
+type DailyPoint struct {
+	Day          string `db:"day" json:"day"`
+	Requests     int64  `db:"requests" json:"requests"`
+	Failures     int64  `db:"failures" json:"failures"`
+	InputTokens  int64  `db:"input_tokens" json:"input_tokens"`
+	OutputTokens int64  `db:"output_tokens" json:"output_tokens"`
+	ImageCount   int64  `db:"image_count" json:"image_count"`
+	CreditCost   int64  `db:"credit_cost" json:"credit_cost"`
+}
+
+// Overall 整体汇总。
+type Overall struct {
+	Requests     int64 `db:"requests" json:"requests"`
+	Failures     int64 `db:"failures" json:"failures"`
+	ChatRequests int64 `db:"chat_requests" json:"chat_requests"`
+	ImageImages  int64 `db:"image_images" json:"image_images"`
+	InputTokens  int64 `db:"input_tokens" json:"input_tokens"`
+	OutputTokens int64 `db:"output_tokens" json:"output_tokens"`
+	CreditCost   int64 `db:"credit_cost" json:"credit_cost"`
+}
+
+const imageCountExpr = `CASE
+  WHEN u.type <> 'image' THEN 0
+  WHEN u.image_count > 0 THEN u.image_count
+  WHEN u.status = 'success' THEN 1
+  ELSE 0
+END`
+
+// ---------- 内部 ----------
+
+// buildWhere 根据 filter 生成 WHERE 片段 + 参数列表。
+// 永远至少返回 "WHERE 1=1" 以便调用方直接 `+` 其它条件。
+func (d *QueryDAO) buildWhere(f Filter) (string, []any) {
+	b := strings.Builder{}
+	b.WriteString("WHERE 1=1")
+	args := make([]any, 0, 6)
+	if f.UserID > 0 {
+		b.WriteString(" AND u.user_id = ?")
+		args = append(args, f.UserID)
+	}
+	if f.KeyID > 0 {
+		b.WriteString(" AND u.key_id = ?")
+		args = append(args, f.KeyID)
+	}
+	if f.ModelID > 0 {
+		b.WriteString(" AND u.model_id = ?")
+		args = append(args, f.ModelID)
+	}
+	if f.AccountID > 0 {
+		b.WriteString(" AND u.account_id = ?")
+		args = append(args, f.AccountID)
+	}
+	if f.Type != "" {
+		b.WriteString(" AND u.type = ?")
+		args = append(args, f.Type)
+	}
+	if f.Status != "" {
+		b.WriteString(" AND u.status = ?")
+		args = append(args, f.Status)
+	}
+	if !f.Since.IsZero() {
+		b.WriteString(" AND u.created_at >= ?")
+		args = append(args, f.Since)
+	}
+	if !f.Until.IsZero() {
+		b.WriteString(" AND u.created_at < ?")
+		args = append(args, f.Until)
+	}
+	return b.String(), args
+}
+
+// List 分页查询原始日志。
+func (d *QueryDAO) List(ctx context.Context, f Filter, offset, limit int) ([]ItemRow, int64, error) {
+	where, args := d.buildWhere(f)
+	if limit <= 0 || limit > 200 {
+		limit = 50
+	}
+	if offset < 0 {
+		offset = 0
+	}
+
+	q := fmt.Sprintf(`
+SELECT u.id, u.user_id, u.key_id, u.model_id,
+       COALESCE(m.slug, '') AS model_slug,
+       u.account_id, u.request_id, u.type,
+       u.input_tokens, u.output_tokens, u.cache_read_tokens, u.cache_write_tokens,
+       u.image_count, u.credit_cost, u.duration_ms, u.status, u.error_code, u.ip,
+       u.created_at
+FROM usage_logs u
+LEFT JOIN models m ON m.id = u.model_id
+%s
+ORDER BY u.id DESC
+LIMIT ? OFFSET ?`, where)
+
+	rows := make([]ItemRow, 0, limit)
+	err := d.db.SelectContext(ctx, &rows, q, append(args, limit, offset)...)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	countQ := fmt.Sprintf(`SELECT COUNT(*) FROM usage_logs u %s`, where)
+	var total int64
+	if err := d.db.GetContext(ctx, &total, countQ, args...); err != nil {
+		return nil, 0, err
+	}
+	return rows, total, nil
+}
+
+// Overall 汇总。
+func (d *QueryDAO) Overall(ctx context.Context, f Filter) (Overall, error) {
+	where, args := d.buildWhere(f)
+	q := fmt.Sprintf(`
+SELECT COUNT(*)                                                                AS requests,
+       COALESCE(SUM(CASE WHEN u.status = 'failed' THEN 1 ELSE 0 END), 0)       AS failures,
+       COALESCE(SUM(CASE WHEN u.type   = 'chat'   THEN 1 ELSE 0 END), 0)       AS chat_requests,
+       COALESCE(SUM(`+imageCountExpr+`), 0)                                    AS image_images,
+       COALESCE(SUM(u.input_tokens),  0)                                       AS input_tokens,
+       COALESCE(SUM(u.output_tokens), 0)                                       AS output_tokens,
+       COALESCE(SUM(u.credit_cost),   0)                                       AS credit_cost
+FROM usage_logs u %s`, where)
+
+	var out Overall
+	if err := d.db.GetContext(ctx, &out, q, args...); err != nil {
+		return out, err
+	}
+	return out, nil
+}
+
+// ByModel 按模型聚合。
+func (d *QueryDAO) ByModel(ctx context.Context, f Filter, limit int) ([]ModelStat, error) {
+	where, args := d.buildWhere(f)
+	if limit <= 0 {
+		limit = 50
+	}
+	q := fmt.Sprintf(`
+SELECT u.model_id,
+       COALESCE(m.slug, '')                                AS model_slug,
+       COALESCE(MAX(u.type), '')                           AS type,
+       COUNT(*)                                            AS requests,
+       COALESCE(SUM(CASE WHEN u.status='failed' THEN 1 ELSE 0 END), 0) AS failures,
+       COALESCE(SUM(u.input_tokens),  0)                   AS input_tokens,
+       COALESCE(SUM(u.output_tokens), 0)                   AS output_tokens,
+       COALESCE(SUM(`+imageCountExpr+`), 0)                AS image_count,
+       COALESCE(SUM(u.credit_cost),   0)                   AS credit_cost,
+       /* AVG 返回 DECIMAL(driver 会给 []uint8),必须 CAST 回整数才能 scan 进 int64 */
+       COALESCE(CAST(AVG(u.duration_ms) AS SIGNED), 0)     AS avg_dur_ms
+FROM usage_logs u
+LEFT JOIN models m ON m.id = u.model_id
+%s
+GROUP BY u.model_id, m.slug
+ORDER BY requests DESC
+LIMIT ?`, where)
+
+	rows := make([]ModelStat, 0, limit)
+	err := d.db.SelectContext(ctx, &rows, q, append(args, limit)...)
+	return rows, err
+}
+
+// ByUser 按用户聚合。只给管理员用,会 JOIN users。
+func (d *QueryDAO) ByUser(ctx context.Context, f Filter, limit int) ([]UserStat, error) {
+	where, args := d.buildWhere(f)
+	if limit <= 0 {
+		limit = 50
+	}
+	q := fmt.Sprintf(`
+SELECT u.user_id,
+       COALESCE(us.email, '')                              AS email,
+       COUNT(*)                                            AS requests,
+       COALESCE(SUM(CASE WHEN u.status='failed' THEN 1 ELSE 0 END), 0) AS failures,
+       COALESCE(SUM(u.credit_cost),   0)                   AS credit_cost
+FROM usage_logs u
+LEFT JOIN users us ON us.id = u.user_id
+%s
+GROUP BY u.user_id, us.email
+ORDER BY credit_cost DESC
+LIMIT ?`, where)
+
+	rows := make([]UserStat, 0, limit)
+	err := d.db.SelectContext(ctx, &rows, q, append(args, limit)...)
+	return rows, err
+}
+
+// Daily 按天聚合最近 N 天。
+func (d *QueryDAO) Daily(ctx context.Context, f Filter, days int) ([]DailyPoint, error) {
+	if days <= 0 || days > 180 {
+		days = 14
+	}
+	// 强制把 since 限制到 days 窗口内
+	since := time.Now().AddDate(0, 0, -days+1).Truncate(24 * time.Hour)
+	if f.Since.IsZero() || f.Since.Before(since) {
+		f.Since = since
+	}
+	where, args := d.buildWhere(f)
+
+	q := fmt.Sprintf(`
+SELECT DATE_FORMAT(u.created_at, '%%Y-%%m-%%d')            AS day,
+       COUNT(*)                                            AS requests,
+       COALESCE(SUM(CASE WHEN u.status='failed' THEN 1 ELSE 0 END), 0) AS failures,
+       COALESCE(SUM(u.input_tokens),  0)                   AS input_tokens,
+       COALESCE(SUM(u.output_tokens), 0)                   AS output_tokens,
+       COALESCE(SUM(`+imageCountExpr+`), 0)                AS image_count,
+       COALESCE(SUM(u.credit_cost),   0)                   AS credit_cost
+FROM usage_logs u
+%s
+GROUP BY day
+ORDER BY day ASC`, where)
+
+	rows := make([]DailyPoint, 0, days)
+	err := d.db.SelectContext(ctx, &rows, q, args...)
+	return rows, err
+}
diff --git a/internal/user/admin_dao.go b/internal/user/admin_dao.go
new file mode 100644
index 00000000..c8744577
--- /dev/null
+++ b/internal/user/admin_dao.go
@@ -0,0 +1,402 @@
+package user
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+)
+
+// ListFilter admin 查询用户列表的过滤条件。
+type ListFilter struct {
+	Keyword string // 模糊匹配 email/nickname
+	Role    string // "" / "user" / "admin"
+	Status  string // "" / "active" / "banned"
+	GroupID uint64 // 0 表示全部
+}
+
+// ListPage admin 分页列出用户。返回结果带最大值兜底,limit 超过 500 强制 500。
+func (d *DAO) ListPage(ctx context.Context, f ListFilter, limit, offset int) ([]User, int64, error) {
+	if limit <= 0 {
+		limit = 20
+	}
+	if limit > 500 {
+		limit = 500
+	}
+	if offset < 0 {
+		offset = 0
+	}
+
+	where := []string{"deleted_at IS NULL"}
+	args := []interface{}{}
+
+	if f.Keyword != "" {
+		where = append(where, "(email LIKE ? OR nickname LIKE ?)")
+		kw := "%" + f.Keyword + "%"
+		args = append(args, kw, kw)
+	}
+	if f.Role != "" {
+		where = append(where, "role = ?")
+		args = append(args, f.Role)
+	}
+	if f.Status != "" {
+		where = append(where, "status = ?")
+		args = append(args, f.Status)
+	}
+	if f.GroupID > 0 {
+		where = append(where, "group_id = ?")
+		args = append(args, f.GroupID)
+	}
+
+	whereSQL := "WHERE " + strings.Join(where, " AND ")
+
+	var total int64
+	if err := d.db.GetContext(ctx, &total,
+		`SELECT COUNT(*) FROM users `+whereSQL, args...); err != nil {
+		return nil, 0, err
+	}
+
+	var items []User
+	argsWithLimit := append(args, limit, offset)
+	if err := d.db.SelectContext(ctx, &items,
+		`SELECT id, email, password_hash, nickname, group_id, role, status,
+                credit_balance, credit_frozen, version, last_login_at, last_login_ip,
+                created_at, updated_at, deleted_at
+           FROM users `+whereSQL+`
+          ORDER BY id DESC
+          LIMIT ? OFFSET ?`, argsWithLimit...); err != nil {
+		return nil, 0, err
+	}
+	return items, total, nil
+}
+
+// UpdatePatch 用于 admin 更新用户基础字段(允许仅传部分)。
+// 注意:不允许通过这个方法改 credit_balance / credit_frozen(走 billing.AdminAdjust)。
+type UpdatePatch struct {
+	Nickname *string
+	Role     *string
+	Status   *string
+	GroupID  *uint64
+}
+
+// Update 执行 UpdatePatch;每个非 nil 字段才会被更新。返回受影响行数。
+func (d *DAO) Update(ctx context.Context, id uint64, p UpdatePatch) (int64, error) {
+	sets := []string{}
+	args := []interface{}{}
+
+	if p.Nickname != nil {
+		sets = append(sets, "nickname = ?")
+		args = append(args, *p.Nickname)
+	}
+	if p.Role != nil {
+		if *p.Role != "user" && *p.Role != "admin" {
+			return 0, fmt.Errorf("invalid role: %s", *p.Role)
+		}
+		sets = append(sets, "role = ?")
+		args = append(args, *p.Role)
+	}
+	if p.Status != nil {
+		if *p.Status != "active" && *p.Status != "banned" {
+			return 0, fmt.Errorf("invalid status: %s", *p.Status)
+		}
+		sets = append(sets, "status = ?")
+		args = append(args, *p.Status)
+	}
+	if p.GroupID != nil {
+		sets = append(sets, "group_id = ?")
+		args = append(args, *p.GroupID)
+	}
+	if len(sets) == 0 {
+		return 0, nil
+	}
+	sets = append(sets, "version = version + 1")
+	q := "UPDATE users SET " + strings.Join(sets, ", ") + " WHERE id = ? AND deleted_at IS NULL"
+	args = append(args, id)
+
+	res, err := d.db.ExecContext(ctx, q, args...)
+	if err != nil {
+		return 0, err
+	}
+	n, _ := res.RowsAffected()
+	return n, nil
+}
+
+// ResetPassword 覆盖 password_hash。hash 由上层用 bcrypt 生成。
+func (d *DAO) ResetPassword(ctx context.Context, id uint64, hash string) error {
+	res, err := d.db.ExecContext(ctx,
+		`UPDATE users SET password_hash = ?, version = version + 1
+          WHERE id = ? AND deleted_at IS NULL`, hash, id)
+	if err != nil {
+		return err
+	}
+	n, _ := res.RowsAffected()
+	if n == 0 {
+		return ErrNotFound
+	}
+	return nil
+}
+
+// SoftDelete 将用户标记为删除(并不物理删除,也不回收其 api keys/usage 等)。
+// 被删除的用户无法登录,api key 按策略可单独吊销。
+func (d *DAO) SoftDelete(ctx context.Context, id uint64) error {
+	res, err := d.db.ExecContext(ctx,
+		`UPDATE users SET deleted_at = NOW(), status = 'banned', version = version + 1
+          WHERE id = ? AND deleted_at IS NULL`, id)
+	if err != nil {
+		return err
+	}
+	n, _ := res.RowsAffected()
+	if n == 0 {
+		return ErrNotFound
+	}
+	return nil
+}
+
+// ---- user_groups CRUD(admin) ----
+
+// ListGroups 列出全部分组(无分页,分组总量很少)。
+func (d *DAO) ListGroups(ctx context.Context) ([]Group, error) {
+	var out []Group
+	err := d.db.SelectContext(ctx, &out,
+		`SELECT id, name, ratio, daily_limit_credits, rpm_limit, tpm_limit, remark, created_at, updated_at
+           FROM user_groups WHERE deleted_at IS NULL ORDER BY id ASC`)
+	return out, err
+}
+
+// CreateGroup 插入用户分组,返回自增 id。
+func (d *DAO) CreateGroup(ctx context.Context, g *Group) (uint64, error) {
+	if g.Name == "" {
+		return 0, errors.New("group name required")
+	}
+	if g.Ratio <= 0 {
+		g.Ratio = 1.0
+	}
+	res, err := d.db.ExecContext(ctx, `
+INSERT INTO user_groups (name, ratio, daily_limit_credits, rpm_limit, tpm_limit, remark)
+VALUES (?,?,?,?,?,?)`,
+		g.Name, g.Ratio, g.DailyLimitCredits, g.RPMLimit, g.TPMLimit, g.Remark)
+	if err != nil {
+		return 0, err
+	}
+	id, _ := res.LastInsertId()
+	return uint64(id), nil
+}
+
+// UpdateGroup 更新分组字段(全量覆盖);id 不存在返回 ErrNotFound。
+func (d *DAO) UpdateGroup(ctx context.Context, g *Group) error {
+	res, err := d.db.ExecContext(ctx, `
+UPDATE user_groups
+   SET name = ?, ratio = ?, daily_limit_credits = ?, rpm_limit = ?, tpm_limit = ?, remark = ?
+ WHERE id = ? AND deleted_at IS NULL`,
+		g.Name, g.Ratio, g.DailyLimitCredits, g.RPMLimit, g.TPMLimit, g.Remark, g.ID)
+	if err != nil {
+		return err
+	}
+	n, _ := res.RowsAffected()
+	if n == 0 {
+		return ErrNotFound
+	}
+	return nil
+}
+
+// DeleteGroup 软删除。调用方应先确保没有用户挂在这个 group 下。
+func (d *DAO) DeleteGroup(ctx context.Context, id uint64) error {
+	// 禁止删除 id=1(默认 default 分组)
+	if id == 1 {
+		return errors.New("default group cannot be deleted")
+	}
+	var used int
+	if err := d.db.GetContext(ctx, &used,
+		`SELECT COUNT(*) FROM users WHERE group_id = ? AND deleted_at IS NULL`, id); err != nil {
+		return err
+	}
+	if used > 0 {
+		return fmt.Errorf("group in use by %d users", used)
+	}
+	res, err := d.db.ExecContext(ctx,
+		`UPDATE user_groups SET deleted_at = NOW() WHERE id = ? AND deleted_at IS NULL`, id)
+	if err != nil {
+		return err
+	}
+	n, _ := res.RowsAffected()
+	if n == 0 {
+		return ErrNotFound
+	}
+	return nil
+}
+
+// ---- credit_transactions (admin) ----
+
+// CreditLog 用于返回流水列表的简化结构。
+type CreditLog struct {
+	ID           uint64 `db:"id" json:"id"`
+	UserID       uint64 `db:"user_id" json:"user_id"`
+	KeyID        uint64 `db:"key_id" json:"key_id"`
+	Type         string `db:"type" json:"type"`
+	Amount       int64  `db:"amount" json:"amount"`
+	BalanceAfter int64  `db:"balance_after" json:"balance_after"`
+	RefID        string `db:"ref_id" json:"ref_id"`
+	Remark       string `db:"remark" json:"remark"`
+	CreatedAt    string `db:"created_at" json:"created_at"`
+}
+
+// CreditLogWithUser 全局流水列表的返回结构:带上用户 email/nickname 以便前端展示。
+type CreditLogWithUser struct {
+	ID           uint64 `db:"id" json:"id"`
+	UserID       uint64 `db:"user_id" json:"user_id"`
+	UserEmail    string `db:"user_email" json:"user_email"`
+	UserNickname string `db:"user_nickname" json:"user_nickname"`
+	KeyID        uint64 `db:"key_id" json:"key_id"`
+	Type         string `db:"type" json:"type"`
+	Amount       int64  `db:"amount" json:"amount"`
+	BalanceAfter int64  `db:"balance_after" json:"balance_after"`
+	RefID        string `db:"ref_id" json:"ref_id"`
+	Remark       string `db:"remark" json:"remark"`
+	CreatedAt    string `db:"created_at" json:"created_at"`
+}
+
+// CreditLogFilter 全局流水过滤条件。
+type CreditLogFilter struct {
+	UserID   uint64 // 0=全部
+	Keyword  string // 匹配 email/nickname(需 JOIN users)
+	Type     string // "" / consume / recharge / refund / redeem / admin_adjust / freeze / unfreeze
+	Sign     string // "" / in(>0) / out(<0)
+	StartAt  string // "YYYY-MM-DD HH:MM:SS" 或空
+	EndAt    string // 同上
+}
+
+// ListCreditLogsGlobal 供"积分管理"页面使用:可按用户/关键字/类型/方向/时间过滤。
+func (d *DAO) ListCreditLogsGlobal(ctx context.Context, f CreditLogFilter, limit, offset int) ([]CreditLogWithUser, int64, error) {
+	if limit <= 0 {
+		limit = 50
+	}
+	if limit > 500 {
+		limit = 500
+	}
+	if offset < 0 {
+		offset = 0
+	}
+
+	where := []string{"1=1"}
+	args := []interface{}{}
+
+	if f.UserID > 0 {
+		where = append(where, "ct.user_id = ?")
+		args = append(args, f.UserID)
+	}
+	if kw := strings.TrimSpace(f.Keyword); kw != "" {
+		like := "%" + kw + "%"
+		where = append(where, "(u.email LIKE ? OR u.nickname LIKE ?)")
+		args = append(args, like, like)
+	}
+	if t := strings.TrimSpace(f.Type); t != "" {
+		where = append(where, "ct.type = ?")
+		args = append(args, t)
+	}
+	switch strings.ToLower(strings.TrimSpace(f.Sign)) {
+	case "in":
+		where = append(where, "ct.amount > 0")
+	case "out":
+		where = append(where, "ct.amount < 0")
+	}
+	if s := strings.TrimSpace(f.StartAt); s != "" {
+		where = append(where, "ct.created_at >= ?")
+		args = append(args, s)
+	}
+	if s := strings.TrimSpace(f.EndAt); s != "" {
+		where = append(where, "ct.created_at <= ?")
+		args = append(args, s)
+	}
+	ws := strings.Join(where, " AND ")
+
+	var total int64
+	if err := d.db.GetContext(ctx, &total, fmt.Sprintf(`
+SELECT COUNT(*)
+  FROM credit_transactions ct
+  LEFT JOIN users u ON u.id = ct.user_id
+ WHERE %s`, ws), args...); err != nil {
+		return nil, 0, err
+	}
+
+	argsPaged := append(args, limit, offset)
+	var out []CreditLogWithUser
+	err := d.db.SelectContext(ctx, &out, fmt.Sprintf(`
+SELECT ct.id, ct.user_id,
+       COALESCE(u.email,    '') AS user_email,
+       COALESCE(u.nickname, '') AS user_nickname,
+       ct.key_id, ct.type, ct.amount, ct.balance_after, ct.ref_id, ct.remark,
+       DATE_FORMAT(ct.created_at, '%%Y-%%m-%%d %%H:%%i:%%s') AS created_at
+  FROM credit_transactions ct
+  LEFT JOIN users u ON u.id = ct.user_id
+ WHERE %s
+ ORDER BY ct.id DESC
+ LIMIT ? OFFSET ?`, ws), argsPaged...)
+	return out, total, err
+}
+
+// CreditSummary 流水统计摘要。amount 单位:credit·厘。
+type CreditSummary struct {
+	InToday      int64 `db:"in_today"      json:"in_today"`
+	OutToday     int64 `db:"out_today"     json:"out_today"`
+	In7Days      int64 `db:"in_7days"      json:"in_7days"`
+	Out7Days     int64 `db:"out_7days"     json:"out_7days"`
+	InTotal      int64 `db:"in_total"      json:"in_total"`
+	OutTotal     int64 `db:"out_total"     json:"out_total"`
+	TotalBalance int64 `db:"total_balance" json:"total_balance"`
+}
+
+// CreditSummary 聚合:近今日 / 近 7 天 / 累计 入账 + 消耗,以及全站剩余余额。
+func (d *DAO) CreditSummary(ctx context.Context) (CreditSummary, error) {
+	var s CreditSummary
+	err := d.db.GetContext(ctx, &s, `
+SELECT
+  COALESCE(SUM(CASE WHEN amount > 0 AND DATE(created_at) = CURDATE() THEN amount ELSE 0 END), 0) AS in_today,
+  COALESCE(-SUM(CASE WHEN amount < 0 AND DATE(created_at) = CURDATE() THEN amount ELSE 0 END), 0) AS out_today,
+  COALESCE(SUM(CASE WHEN amount > 0 AND created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY) THEN amount ELSE 0 END), 0) AS in_7days,
+  COALESCE(-SUM(CASE WHEN amount < 0 AND created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY) THEN amount ELSE 0 END), 0) AS out_7days,
+  COALESCE(SUM(CASE WHEN amount > 0 THEN amount ELSE 0 END), 0) AS in_total,
+  COALESCE(-SUM(CASE WHEN amount < 0 THEN amount ELSE 0 END), 0) AS out_total,
+  0 AS total_balance
+FROM credit_transactions`)
+	if err != nil {
+		return s, err
+	}
+	if err := d.db.GetContext(ctx, &s.TotalBalance,
+		`SELECT COALESCE(SUM(credit_balance), 0) FROM users WHERE deleted_at IS NULL`); err != nil {
+		return s, err
+	}
+	return s, nil
+}
+
+// ListCreditLogs 按 user_id 分页查询流水。actorID=0 查全部。
+func (d *DAO) ListCreditLogs(ctx context.Context, userID uint64, limit, offset int) ([]CreditLog, int64, error) {
+	if limit <= 0 {
+		limit = 50
+	}
+	if limit > 500 {
+		limit = 500
+	}
+
+	args := []interface{}{}
+	where := "WHERE 1=1"
+	if userID > 0 {
+		where += " AND user_id = ?"
+		args = append(args, userID)
+	}
+
+	var total int64
+	if err := d.db.GetContext(ctx, &total,
+		`SELECT COUNT(*) FROM credit_transactions `+where, args...); err != nil {
+		return nil, 0, err
+	}
+
+	argsPaged := append(args, limit, offset)
+	var out []CreditLog
+	err := d.db.SelectContext(ctx, &out, `
+SELECT id, user_id, key_id, type, amount, balance_after, ref_id, remark,
+       DATE_FORMAT(created_at,'%Y-%m-%d %H:%i:%s') AS created_at
+  FROM credit_transactions `+where+`
+ ORDER BY id DESC
+ LIMIT ? OFFSET ?`, argsPaged...)
+	return out, total, err
+}
diff --git a/internal/user/admin_group_handler.go b/internal/user/admin_group_handler.go
new file mode 100644
index 00000000..56a3a5cb
--- /dev/null
+++ b/internal/user/admin_group_handler.go
@@ -0,0 +1,117 @@
+package user
+
+import (
+	"errors"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/audit"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// AdminGroupHandler 管理员视角下的用户分组 CRUD。
+type AdminGroupHandler struct {
+	dao      *DAO
+	auditDAO *audit.DAO
+}
+
+// NewAdminGroupHandler 构造。
+func NewAdminGroupHandler(dao *DAO, auditDAO *audit.DAO) *AdminGroupHandler {
+	return &AdminGroupHandler{dao: dao, auditDAO: auditDAO}
+}
+
+// groupReq 创建/更新分组的 body。
+type groupReq struct {
+	Name              string  `json:"name" binding:"required,min=2,max=64"`
+	Ratio             float64 `json:"ratio" binding:"required,gt=0"`
+	DailyLimitCredits int64   `json:"daily_limit_credits"`
+	RPMLimit          int     `json:"rpm_limit"`
+	TPMLimit          int64   `json:"tpm_limit"`
+	Remark            string  `json:"remark"`
+}
+
+// List GET /api/admin/groups
+func (h *AdminGroupHandler) List(c *gin.Context) {
+	items, err := h.dao.ListGroups(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"items": items, "total": len(items)})
+}
+
+// Create POST /api/admin/groups
+func (h *AdminGroupHandler) Create(c *gin.Context) {
+	var req groupReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	g := &Group{
+		Name:              req.Name,
+		Ratio:             req.Ratio,
+		DailyLimitCredits: req.DailyLimitCredits,
+		RPMLimit:          req.RPMLimit,
+		TPMLimit:          req.TPMLimit,
+		Remark:            req.Remark,
+	}
+	id, err := h.dao.CreateGroup(c.Request.Context(), g)
+	if err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	g.ID = id
+	audit.Record(c, h.auditDAO, "groups.create", strconv.FormatUint(id, 10), g)
+	resp.OK(c, g)
+}
+
+// Update PUT /api/admin/groups/:id
+func (h *AdminGroupHandler) Update(c *gin.Context) {
+	id, ok := parseID(c)
+	if !ok {
+		return
+	}
+	var req groupReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	g := &Group{
+		ID:                id,
+		Name:              req.Name,
+		Ratio:             req.Ratio,
+		DailyLimitCredits: req.DailyLimitCredits,
+		RPMLimit:          req.RPMLimit,
+		TPMLimit:          req.TPMLimit,
+		Remark:            req.Remark,
+	}
+	if err := h.dao.UpdateGroup(c.Request.Context(), g); err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "group not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "groups.update", strconv.FormatUint(id, 10), g)
+	resp.OK(c, g)
+}
+
+// Delete DELETE /api/admin/groups/:id
+func (h *AdminGroupHandler) Delete(c *gin.Context) {
+	id, ok := parseID(c)
+	if !ok {
+		return
+	}
+	if err := h.dao.DeleteGroup(c.Request.Context(), id); err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "group not found")
+			return
+		}
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "groups.delete", strconv.FormatUint(id, 10), nil)
+	resp.OK(c, gin.H{"deleted": id})
+}
diff --git a/internal/user/admin_handler.go b/internal/user/admin_handler.go
new file mode 100644
index 00000000..5c24cf49
--- /dev/null
+++ b/internal/user/admin_handler.go
@@ -0,0 +1,462 @@
+package user
+
+import (
+	"context"
+	"errors"
+	"strconv"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/audit"
+	"github.com/432539/gpt2api/internal/billing"
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// PasswordService 由 auth 包实现。通过接口解耦,避免 user<->auth 循环依赖。
+type PasswordService interface {
+	HashPassword(plain string) (string, error)
+	VerifyPassword(ctx context.Context, userID uint64, password string) error
+}
+
+// AdminHandler 管理员视角下的用户管理接口。
+type AdminHandler struct {
+	dao      *DAO
+	auth     PasswordService
+	billing  *billing.Engine
+	auditDAO *audit.DAO
+}
+
+// NewAdminHandler 构造。
+func NewAdminHandler(dao *DAO, authSvc PasswordService, bill *billing.Engine, auditDAO *audit.DAO) *AdminHandler {
+	return &AdminHandler{dao: dao, auth: authSvc, billing: bill, auditDAO: auditDAO}
+}
+
+// List GET /api/admin/users
+func (h *AdminHandler) List(c *gin.Context) {
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "20"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	groupID, _ := strconv.ParseUint(c.Query("group_id"), 10, 64)
+
+	items, total, err := h.dao.ListPage(c.Request.Context(), ListFilter{
+		Keyword: c.Query("q"),
+		Role:    c.Query("role"),
+		Status:  c.Query("status"),
+		GroupID: groupID,
+	}, limit, offset)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"items": items, "total": total, "limit": limit, "offset": offset})
+}
+
+// createReq POST /api/admin/users 的 body。
+// 密码最短长度在 handler 里强校验 6 位,与自助注册保持一致;
+// 不再走 settings 的 PasswordMinLength(管理员手动建号路径,不关心开放注册开关)。
+type createReq struct {
+	Email          string `json:"email" binding:"required,email"`
+	Password       string `json:"password" binding:"required,min=6"`
+	Nickname       string `json:"nickname"`
+	Role           string `json:"role"`     // user | admin,默认 user
+	Status         string `json:"status"`   // active | banned,默认 active
+	GroupID        uint64 `json:"group_id"` // 默认 1
+	InitialCredits int64  `json:"initial_credits"`
+}
+
+// Create POST /api/admin/users
+// 由管理员直接创建用户,绕过"开放注册"开关和邮箱域名白名单。
+// 当 initial_credits > 0 时会用 billing.AdminAdjust 入账,写 credit_logs。
+func (h *AdminHandler) Create(c *gin.Context) {
+	var req createReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+
+	email := strings.ToLower(strings.TrimSpace(req.Email))
+	if email == "" {
+		resp.BadRequest(c, "email required")
+		return
+	}
+	role := strings.ToLower(strings.TrimSpace(req.Role))
+	if role == "" {
+		role = "user"
+	}
+	if role != "user" && role != "admin" {
+		resp.BadRequest(c, "role must be user or admin")
+		return
+	}
+	status := strings.ToLower(strings.TrimSpace(req.Status))
+	if status == "" {
+		status = "active"
+	}
+	if status != "active" && status != "banned" {
+		resp.BadRequest(c, "status must be active or banned")
+		return
+	}
+	groupID := req.GroupID
+	if groupID == 0 {
+		groupID = 1
+	}
+
+	ctx := c.Request.Context()
+	if n, err := h.dao.CountByEmail(ctx, email); err != nil {
+		resp.Internal(c, err.Error())
+		return
+	} else if n > 0 {
+		resp.BadRequest(c, "邮箱已存在")
+		return
+	}
+
+	hash, err := h.auth.HashPassword(req.Password)
+	if err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+
+	u := &User{
+		Email:         email,
+		PasswordHash:  hash,
+		Nickname:      strings.TrimSpace(req.Nickname),
+		GroupID:       groupID,
+		Role:          role,
+		Status:        status,
+		CreditBalance: 0,
+	}
+	id, err := h.dao.Create(ctx, u)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	u.ID = id
+
+	// 初始积分(可选):走 billing 正规入账,写 credit_logs。失败不回滚账号(符合
+	// 既有注册赠送的风格),但在审计里单独记一条。
+	if req.InitialCredits > 0 && h.billing != nil {
+		actor := middleware.UserID(c)
+		if _, err := h.billing.AdminAdjust(ctx, id, actor,
+			req.InitialCredits, "admin_create", "created by admin"); err != nil {
+			audit.Record(c, h.auditDAO, "users.create.credit_failed",
+				strconv.FormatUint(id, 10),
+				gin.H{"delta": req.InitialCredits, "error": err.Error()})
+		}
+	}
+
+	audit.Record(c, h.auditDAO, "users.create", strconv.FormatUint(id, 10),
+		gin.H{"email": email, "role": role, "status": status,
+			"group_id": groupID, "initial_credits": req.InitialCredits})
+	resp.OK(c, gin.H{
+		"id":              id,
+		"email":           u.Email,
+		"role":            u.Role,
+		"status":          u.Status,
+		"group_id":        u.GroupID,
+		"initial_credits": req.InitialCredits,
+	})
+}
+
+// Get GET /api/admin/users/:id
+func (h *AdminHandler) Get(c *gin.Context) {
+	id, ok := parseID(c)
+	if !ok {
+		return
+	}
+	u, err := h.dao.GetByID(c.Request.Context(), id)
+	if err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "user not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, u)
+}
+
+// updateReq PATCH /api/admin/users/:id 的 body。全部字段可选。
+type updateReq struct {
+	Nickname *string `json:"nickname,omitempty"`
+	Role     *string `json:"role,omitempty"`
+	Status   *string `json:"status,omitempty"`
+	GroupID  *uint64 `json:"group_id,omitempty"`
+}
+
+// Update PATCH /api/admin/users/:id
+func (h *AdminHandler) Update(c *gin.Context) {
+	id, ok := parseID(c)
+	if !ok {
+		return
+	}
+	var req updateReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	// 防自我锁死:不允许把自己从 admin 改成 user(避免最后一个 admin 流失)
+	actor := middleware.UserID(c)
+	if req.Role != nil && *req.Role != "admin" && id == actor {
+		resp.BadRequest(c, "cannot downgrade your own admin role")
+		return
+	}
+
+	n, err := h.dao.Update(c.Request.Context(), id, UpdatePatch{
+		Nickname: req.Nickname,
+		Role:     req.Role,
+		Status:   req.Status,
+		GroupID:  req.GroupID,
+	})
+	if err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	if n == 0 {
+		resp.NotFound(c, "user not found")
+		return
+	}
+	audit.Record(c, h.auditDAO, "users.update", strconv.FormatUint(id, 10), req)
+	resp.OK(c, gin.H{"updated": n})
+}
+
+// resetPwdReq 重置密码的 body。
+type resetPwdReq struct {
+	NewPassword   string `json:"new_password" binding:"required,min=6"`
+	AdminPassword string `json:"admin_password" binding:"required"`
+}
+
+// ResetPassword POST /api/admin/users/:id/reset-password
+// 高危:必须提供 admin_password(或 X-Admin-Confirm header)。
+func (h *AdminHandler) ResetPassword(c *gin.Context) {
+	id, ok := parseID(c)
+	if !ok {
+		return
+	}
+	var req resetPwdReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	actor := middleware.UserID(c)
+	if err := h.auth.VerifyPassword(c.Request.Context(), actor, req.AdminPassword); err != nil {
+		resp.Forbidden(c, "admin password mismatch")
+		return
+	}
+	hash, err := h.auth.HashPassword(req.NewPassword)
+	if err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	if err := h.dao.ResetPassword(c.Request.Context(), id, hash); err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "user not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "users.reset_password", strconv.FormatUint(id, 10), nil)
+	resp.OK(c, gin.H{"ok": true})
+}
+
+// Delete DELETE /api/admin/users/:id (软删除)
+// 禁止删除自己;高危,需二次密码。
+func (h *AdminHandler) Delete(c *gin.Context) {
+	id, ok := parseID(c)
+	if !ok {
+		return
+	}
+	actor := middleware.UserID(c)
+	if id == actor {
+		resp.BadRequest(c, "cannot delete yourself")
+		return
+	}
+	if err := confirmAdmin(c, h.auth); err != nil {
+		resp.Forbidden(c, err.Error())
+		return
+	}
+	if err := h.dao.SoftDelete(c.Request.Context(), id); err != nil {
+		if errors.Is(err, ErrNotFound) {
+			resp.NotFound(c, "user not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "users.delete", strconv.FormatUint(id, 10), nil)
+	resp.OK(c, gin.H{"deleted": id})
+}
+
+// adjustReq 调账 body。
+type adjustReq struct {
+	Delta  int64  `json:"delta" binding:"required"` // 可正可负,单位 credit(厘)
+	Remark string `json:"remark" binding:"required,min=1,max=200"`
+	RefID  string `json:"ref_id"`
+}
+
+// Adjust POST /api/admin/users/:id/credits/adjust
+// 需 user:credit 权限 + 二次密码(X-Admin-Confirm 或 body.admin_password)。
+func (h *AdminHandler) Adjust(c *gin.Context) {
+	id, ok := parseID(c)
+	if !ok {
+		return
+	}
+	var req adjustReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	if req.Delta == 0 {
+		resp.BadRequest(c, "delta must not be zero")
+		return
+	}
+	if err := confirmAdmin(c, h.auth); err != nil {
+		resp.Forbidden(c, err.Error())
+		return
+	}
+
+	actor := middleware.UserID(c)
+	balance, err := h.billing.AdminAdjust(c.Request.Context(), id, actor, req.Delta, req.RefID, req.Remark)
+	if err != nil {
+		audit.Record(c, h.auditDAO, "users.credit.adjust.failed",
+			strconv.FormatUint(id, 10), gin.H{"delta": req.Delta, "error": err.Error()})
+		if errors.Is(err, billing.ErrInsufficient) {
+			resp.BadRequest(c, "积分不足")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "users.credit.adjust", strconv.FormatUint(id, 10),
+		gin.H{"delta": req.Delta, "balance_after": balance, "remark": req.Remark, "ref_id": req.RefID})
+	resp.OK(c, gin.H{"balance_after": balance, "delta": req.Delta})
+}
+
+// CreditLogs GET /api/admin/users/:id/credit-logs
+func (h *AdminHandler) CreditLogs(c *gin.Context) {
+	id, ok := parseID(c)
+	if !ok {
+		return
+	}
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	items, total, err := h.dao.ListCreditLogs(c.Request.Context(), id, limit, offset)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{"items": items, "total": total, "limit": limit, "offset": offset})
+}
+
+// ---- 积分管理(全局视图) ----
+
+// CreditLogsGlobal GET /api/admin/credits/logs
+// 查询全站流水,支持 user_id/keyword(匹配 email/nickname)/type/sign/start_at/end_at 过滤。
+func (h *AdminHandler) CreditLogsGlobal(c *gin.Context) {
+	userID, _ := strconv.ParseUint(c.DefaultQuery("user_id", "0"), 10, 64)
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+
+	f := CreditLogFilter{
+		UserID:  userID,
+		Keyword: c.Query("keyword"),
+		Type:    c.Query("type"),
+		Sign:    c.Query("sign"),
+		StartAt: c.Query("start_at"),
+		EndAt:   c.Query("end_at"),
+	}
+	items, total, err := h.dao.ListCreditLogsGlobal(c.Request.Context(), f, limit, offset)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{
+		"items":  items,
+		"total":  total,
+		"limit":  limit,
+		"offset": offset,
+	})
+}
+
+// CreditsSummary GET /api/admin/credits/summary
+// 返回今日/7 天/累计 入账/消耗 以及全站总余额。
+func (h *AdminHandler) CreditsSummary(c *gin.Context) {
+	s, err := h.dao.CreditSummary(c.Request.Context())
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, s)
+}
+
+// AdjustByUser POST /api/admin/credits/adjust
+// 以 body.user_id 指定用户进行调账,相当于 /users/:id/credits/adjust 的全局入口。
+func (h *AdminHandler) AdjustByUser(c *gin.Context) {
+	var req struct {
+		UserID uint64 `json:"user_id" binding:"required"`
+		Delta  int64  `json:"delta"   binding:"required"`
+		Remark string `json:"remark"  binding:"required,min=1,max=200"`
+		RefID  string `json:"ref_id"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		resp.BadRequest(c, err.Error())
+		return
+	}
+	if req.Delta == 0 {
+		resp.BadRequest(c, "delta 不能为 0")
+		return
+	}
+	if err := confirmAdmin(c, h.auth); err != nil {
+		resp.Forbidden(c, err.Error())
+		return
+	}
+	actor := middleware.UserID(c)
+	balance, err := h.billing.AdminAdjust(c.Request.Context(), req.UserID, actor, req.Delta, req.RefID, req.Remark)
+	if err != nil {
+		audit.Record(c, h.auditDAO, "users.credit.adjust.failed",
+			strconv.FormatUint(req.UserID, 10),
+			gin.H{"delta": req.Delta, "error": err.Error()})
+		if errors.Is(err, billing.ErrInsufficient) {
+			resp.BadRequest(c, "余额不足")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	audit.Record(c, h.auditDAO, "users.credit.adjust",
+		strconv.FormatUint(req.UserID, 10),
+		gin.H{"delta": req.Delta, "balance_after": balance, "remark": req.Remark, "ref_id": req.RefID})
+	resp.OK(c, gin.H{"balance_after": balance, "delta": req.Delta})
+}
+
+// ---- helpers ----
+
+func parseID(c *gin.Context) (uint64, bool) {
+	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err != nil || id == 0 {
+		resp.BadRequest(c, "invalid id")
+		return 0, false
+	}
+	return id, true
+}
+
+// confirmAdmin 从 header X-Admin-Confirm 里拿密码做二次校验。
+// 如果 handler 自己读到了 body.admin_password,传入 bodyPwd 参数优先使用。
+func confirmAdmin(c *gin.Context, authSvc PasswordService) error {
+	pwd := c.GetHeader("X-Admin-Confirm")
+	if pwd == "" {
+		// 回退:从 body/form 尝试
+		pwd = c.PostForm("admin_password")
+	}
+	if pwd == "" {
+		return errors.New("X-Admin-Confirm header required for this destructive operation")
+	}
+	actor := middleware.UserID(c)
+	if actor == 0 {
+		return errors.New("not authenticated")
+	}
+	if err := authSvc.VerifyPassword(c.Request.Context(), actor, pwd); err != nil {
+		return errors.New("admin password mismatch")
+	}
+	return nil
+}
diff --git a/internal/user/cache.go b/internal/user/cache.go
new file mode 100644
index 00000000..a9e08f37
--- /dev/null
+++ b/internal/user/cache.go
@@ -0,0 +1,79 @@
+package user
+
+import (
+	"context"
+	"sync"
+	"time"
+)
+
+// GroupCache 提供 "userID → Group" 的 30s TTL 缓存。
+// 网关/限流/计费每次请求都会用到分组的 ratio / rpm_limit / tpm_limit,
+// 每次打 DB 开销不小,这里做一层轻量 LRU-less 缓存即可(规模 <10K 用户)。
+type GroupCache struct {
+	dao *DAO
+	ttl time.Duration
+
+	mu    sync.RWMutex
+	users map[uint64]userEntry
+	groups map[uint64]groupEntry
+}
+
+type userEntry struct {
+	groupID uint64
+	at      time.Time
+}
+
+type groupEntry struct {
+	group *Group
+	at    time.Time
+}
+
+func NewGroupCache(dao *DAO, ttl time.Duration) *GroupCache {
+	if ttl <= 0 {
+		ttl = 30 * time.Second
+	}
+	return &GroupCache{
+		dao:    dao,
+		ttl:    ttl,
+		users:  make(map[uint64]userEntry),
+		groups: make(map[uint64]groupEntry),
+	}
+}
+
+// OfUser 返回 userID 所在分组。首次未命中会回查 users + user_groups 两张表。
+func (c *GroupCache) OfUser(ctx context.Context, userID uint64) (*Group, error) {
+	now := time.Now()
+
+	c.mu.RLock()
+	ue, uok := c.users[userID]
+	c.mu.RUnlock()
+
+	var groupID uint64
+	if uok && now.Sub(ue.at) <= c.ttl {
+		groupID = ue.groupID
+	} else {
+		u, err := c.dao.GetByID(ctx, userID)
+		if err != nil {
+			return nil, err
+		}
+		groupID = u.GroupID
+		c.mu.Lock()
+		c.users[userID] = userEntry{groupID: groupID, at: now}
+		c.mu.Unlock()
+	}
+
+	c.mu.RLock()
+	ge, gok := c.groups[groupID]
+	c.mu.RUnlock()
+	if gok && now.Sub(ge.at) <= c.ttl {
+		return ge.group, nil
+	}
+	g, err := c.dao.GetGroup(ctx, groupID)
+	if err != nil {
+		return nil, err
+	}
+	c.mu.Lock()
+	c.groups[groupID] = groupEntry{group: g, at: now}
+	c.mu.Unlock()
+	return g, nil
+}
diff --git a/internal/user/dao.go b/internal/user/dao.go
new file mode 100644
index 00000000..eb26826a
--- /dev/null
+++ b/internal/user/dao.go
@@ -0,0 +1,95 @@
+package user
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+)
+
+// ErrNotFound 表示记录不存在。
+var ErrNotFound = errors.New("user: not found")
+
+// DAO 封装 users / user_groups 表访问。
+type DAO struct {
+	db *sqlx.DB
+}
+
+func NewDAO(db *sqlx.DB) *DAO { return &DAO{db: db} }
+
+// ---- user_groups ----
+
+func (d *DAO) GetGroup(ctx context.Context, id uint64) (*Group, error) {
+	var g Group
+	err := d.db.GetContext(ctx, &g,
+		`SELECT id, name, ratio, daily_limit_credits, rpm_limit, tpm_limit, remark, created_at, updated_at
+         FROM user_groups WHERE id = ? AND deleted_at IS NULL`, id)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &g, err
+}
+
+// ---- users ----
+
+func (d *DAO) GetByID(ctx context.Context, id uint64) (*User, error) {
+	var u User
+	err := d.db.GetContext(ctx, &u,
+		`SELECT * FROM users WHERE id = ? AND deleted_at IS NULL`, id)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &u, err
+}
+
+func (d *DAO) GetByEmail(ctx context.Context, email string) (*User, error) {
+	var u User
+	err := d.db.GetContext(ctx, &u,
+		`SELECT * FROM users WHERE email = ? AND deleted_at IS NULL`, email)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrNotFound
+	}
+	return &u, err
+}
+
+// Create 插入新用户,返回自增 id。
+func (d *DAO) Create(ctx context.Context, u *User) (uint64, error) {
+	res, err := d.db.ExecContext(ctx,
+		`INSERT INTO users (email, password_hash, nickname, group_id, role, status, credit_balance)
+         VALUES (?, ?, ?, ?, ?, ?, ?)`,
+		u.Email, u.PasswordHash, u.Nickname, u.GroupID, u.Role, u.Status, u.CreditBalance,
+	)
+	if err != nil {
+		return 0, err
+	}
+	id, err := res.LastInsertId()
+	return uint64(id), err
+}
+
+// UpdateLoginInfo 更新最近登录时间与 IP。
+func (d *DAO) UpdateLoginInfo(ctx context.Context, id uint64, ip string) error {
+	_, err := d.db.ExecContext(ctx,
+		`UPDATE users SET last_login_at = ?, last_login_ip = ? WHERE id = ?`,
+		time.Now(), ip, id,
+	)
+	return err
+}
+
+// CountByEmail 用于注册时快速判重。
+func (d *DAO) CountByEmail(ctx context.Context, email string) (int, error) {
+	var n int
+	err := d.db.GetContext(ctx, &n,
+		`SELECT COUNT(*) FROM users WHERE email = ? AND deleted_at IS NULL`, email)
+	return n, err
+}
+
+// CountAll 返回当前有效用户总数(不含软删)。
+// 主要用途:"首位注册用户自动成为 admin" 的判定。
+func (d *DAO) CountAll(ctx context.Context) (int, error) {
+	var n int
+	err := d.db.GetContext(ctx, &n,
+		`SELECT COUNT(*) FROM users WHERE deleted_at IS NULL`)
+	return n, err
+}
diff --git a/internal/user/handler.go b/internal/user/handler.go
new file mode 100644
index 00000000..e6e0a06d
--- /dev/null
+++ b/internal/user/handler.go
@@ -0,0 +1,95 @@
+package user
+
+import (
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/432539/gpt2api/internal/middleware"
+	"github.com/432539/gpt2api/internal/rbac"
+	"github.com/432539/gpt2api/pkg/resp"
+)
+
+// Handler 用户相关接口。
+type Handler struct {
+	dao *DAO
+}
+
+func NewHandler(dao *DAO) *Handler { return &Handler{dao: dao} }
+
+// Me 当前登录用户信息。响应同时包含该用户拥有的权限清单(用于前端路由守卫)。
+func (h *Handler) Me(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "not logged in")
+		return
+	}
+	u, err := h.dao.GetByID(c.Request.Context(), uid)
+	if err != nil {
+		if err == ErrNotFound {
+			resp.NotFound(c, "user not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	// 以 DB 中的 role 为准(避免 JWT 中旧 role 泄漏带来的提权)。
+	perms := rbac.ListPermissions(u.Role)
+	resp.OK(c, gin.H{
+		"user":        u,
+		"role":        u.Role,
+		"permissions": perms,
+	})
+}
+
+// Menu 返回当前用户可见的菜单树。仅依据 DB 中的 role 计算,前端直接渲染。
+func (h *Handler) Menu(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "not logged in")
+		return
+	}
+	u, err := h.dao.GetByID(c.Request.Context(), uid)
+	if err != nil {
+		if err == ErrNotFound {
+			resp.NotFound(c, "user not found")
+			return
+		}
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{
+		"role":        u.Role,
+		"menu":        rbac.MenuForRole(u.Role),
+		"permissions": rbac.ListPermissions(u.Role),
+	})
+}
+
+// CreditLogs GET /api/me/credit-logs
+// 当前登录用户的积分流水(只读、强制 user_id = 当前用户)。
+func (h *Handler) CreditLogs(c *gin.Context) {
+	uid := middleware.UserID(c)
+	if uid == 0 {
+		resp.Unauthorized(c, "not logged in")
+		return
+	}
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+	offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+	if limit <= 0 || limit > 200 {
+		limit = 50
+	}
+	if offset < 0 {
+		offset = 0
+	}
+	items, total, err := h.dao.ListCreditLogs(c.Request.Context(), uid, limit, offset)
+	if err != nil {
+		resp.Internal(c, err.Error())
+		return
+	}
+	resp.OK(c, gin.H{
+		"items":  items,
+		"total":  total,
+		"limit":  limit,
+		"offset": offset,
+	})
+}
diff --git a/internal/user/model.go b/internal/user/model.go
new file mode 100644
index 00000000..537c3118
--- /dev/null
+++ b/internal/user/model.go
@@ -0,0 +1,38 @@
+package user
+
+import (
+	"database/sql"
+	"time"
+)
+
+// User 对应 users 表。
+type User struct {
+	ID            uint64        `db:"id" json:"id"`
+	Email         string        `db:"email" json:"email"`
+	PasswordHash  string        `db:"password_hash" json:"-"`
+	Nickname      string        `db:"nickname" json:"nickname"`
+	GroupID       uint64        `db:"group_id" json:"group_id"`
+	Role          string        `db:"role" json:"role"`
+	Status        string        `db:"status" json:"status"`
+	CreditBalance int64         `db:"credit_balance" json:"credit_balance"`
+	CreditFrozen  int64         `db:"credit_frozen" json:"credit_frozen"`
+	Version       uint64        `db:"version" json:"-"`
+	LastLoginAt   sql.NullTime  `db:"last_login_at" json:"last_login_at,omitempty"`
+	LastLoginIP   string        `db:"last_login_ip" json:"last_login_ip,omitempty"`
+	CreatedAt     time.Time     `db:"created_at" json:"created_at"`
+	UpdatedAt     time.Time     `db:"updated_at" json:"updated_at"`
+	DeletedAt     sql.NullTime  `db:"deleted_at" json:"-"`
+}
+
+// Group 对应 user_groups 表。
+type Group struct {
+	ID                 uint64    `db:"id" json:"id"`
+	Name               string    `db:"name" json:"name"`
+	Ratio              float64   `db:"ratio" json:"ratio"`
+	DailyLimitCredits  int64     `db:"daily_limit_credits" json:"daily_limit_credits"`
+	RPMLimit           int       `db:"rpm_limit" json:"rpm_limit"`
+	TPMLimit           int64     `db:"tpm_limit" json:"tpm_limit"`
+	Remark             string    `db:"remark" json:"remark"`
+	CreatedAt          time.Time `db:"created_at" json:"created_at"`
+	UpdatedAt          time.Time `db:"updated_at" json:"updated_at"`
+}
diff --git a/legacy/gen_image.py b/legacy/gen_image.py
new file mode 100644
index 00000000..794a1c42
--- /dev/null
+++ b/legacy/gen_image.py
@@ -0,0 +1,1034 @@
+"""
+ChatGPT 图片生成 —— 纯协议版（参考 gpt4free）
+
+关键流程：
+  1. GET chatgpt.com/  → 拿 oai-did cookie
+  2. POST /backend-api/sentinel/chat-requirements
+         body:{"p": get_requirements_token(config)}
+     → 返回 chat_token + 可选 proofofwork / turnstile 挑战
+  3. 若 proofofwork required → 本地 SHA3-512 暴力解
+  4. POST /backend-api/f/conversation (SSE)
+     header:
+        openai-sentinel-chat-requirements-token: chat_token
+        openai-sentinel-proof-token: proof_token
+  5. 解析 SSE → 拿 file_id → 下载图片
+
+用法: python gen_image.py "提示词"
+"""
+import sys, json, time, base64, hashlib, random, os, uuid
+from datetime import datetime, timezone
+from typing import Optional
+from curl_cffi.requests import Session
+
+# ── 配置 ──────────────────────────────────────────────────────────────────────
+AUTH_TOKEN = "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE5MzQ0ZTY1LWJiYzktNDRkMS1hOWQwLWY5NTdiMDc5YmQwZSIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiaHR0cHM6Ly9hcGkub3BlbmFpLmNvbS92MSJdLCJjbGllbnRfaWQiOiJhcHBfWDh6WTZ2VzJwUTl0UjNkRTduSzFqTDVnSCIsImV4cCI6MTc3NjU3NzQ2MSwiaHR0cHM6Ly9hcGkub3BlbmFpLmNvbS9hdXRoIjp7ImNoYXRncHRfYWNjb3VudF9pZCI6Ijk4MTQ3NzUzLTU1ODUtNGI5NS04ZjQ3LWI0YjRmMzJkYTdhOCIsImNoYXRncHRfYWNjb3VudF91c2VyX2lkIjoidXNlci15czE3U3pJQ2k5UjB1ODNvRDZmd0VmYlpfXzk4MTQ3NzUzLTU1ODUtNGI5NS04ZjQ3LWI0YjRmMzJkYTdhOCIsImNoYXRncHRfY29tcHV0ZV9yZXNpZGVuY3kiOiJub19jb25zdHJhaW50IiwiY2hhdGdwdF9wbGFuX3R5cGUiOiJmcmVlIiwiY2hhdGdwdF91c2VyX2lkIjoidXNlci15czE3U3pJQ2k5UjB1ODNvRDZmd0VmYloiLCJ1c2VyX2lkIjoidXNlci15czE3U3pJQ2k5UjB1ODNvRDZmd0VmYloifSwiaHR0cHM6Ly9hcGkub3BlbmFpLmNvbS9wcm9maWxlIjp7ImVtYWlsIjoicXE0MzI1MzlAcHJvdG9uLm1lIiwiZW1haWxfdmVyaWZpZWQiOnRydWV9LCJpYXQiOjE3NzU3MTM0NjEsImlzcyI6Imh0dHBzOi8vYXV0aC5vcGVuYWkuY29tIiwianRpIjoiN2UxYWM5MTctODIxZi00ZTRmLWJlMTctNzJjYTEzYTI5Mzk0IiwibmJmIjoxNzc1NzEzNDYxLCJwd2RfYXV0aF90aW1lIjoxNzcwMjg5MDE0NTM1LCJzY3AiOlsib3BlbmlkIiwiZW1haWwiLCJwcm9maWxlIiwib2ZmbGluZV9hY2Nlc3MiLCJtb2RlbC5yZXF1ZXN0IiwibW9kZWwucmVhZCIsIm9yZ2FuaXphdGlvbi5yZWFkIiwib3JnYW5pemF0aW9uLndyaXRlIl0sInNlc3Npb25faWQiOiJhdXRoc2Vzc18zZTdFbHF2MFIyR2tQcVF4QzJ3ZzVieEQiLCJzbCI6dHJ1ZSwic3ViIjoiYXV0aDB8NjRjZGVkOTllY2QxNTQ0OTI5NzE1NDkyIn0.r9iGZ8V27MuG30AB3o8SJFxnC64hSOYMlFAZbgqm1nzcFhox95EdX492XdP0--HuFO2HXJvxGjVUt3MGnRthCX2blOoO0tB5UhroGOxnPMtepSfghR3-cg8pLTEISdInKLMfuR616BVISbrfMIIdef0bi-Vfww_-J6ZhAlnX93xTZRTZBATuYAA3EXwjI0dwPycfuwtSY2db2CwPqYOm73CPiDmmCo1eLaKw9mB_QbRY6NdApuHNosLsYmsq5KxX0QgQC7MxfLnz5tnT_hK8g9T0lfWyARyIsa-MqJs6XlOCmpjIrWM985w2qW0xEMsoT3Nul5CL0Lwxje_86BU1hhDBCb2AKqqTe3rFiMQTDo_G6tEX-d8OeWLsCXYwgjaSlVv5QsYZzi2M4R2C_HLi8YL7744QxfAmwie3HVpFZFI4sQX9LcmyD_-S6-zBQxJwOO4haQGk_wTRHtsM_x5lK_7iTEjjufsEurnIB5P7jVtxAZS1rBnii5FOxi3ut20Ze0S9SWv7mNF5oX60VlPTMY4kHNOCf4gQ6eD4cFO-n1msb31p3dvqZTQ5NVWKGULgWC2E_REVWLkYtIzUc3qQbzDaJNDzNjpZiQYiiVHxVFftILrxyohS2QxFAs6S0oQ3rTvwtFQakn4SSh0g492394jmCq8YwkgmYdVRqGXTbq4"
+
+PROXY      = None  # 为 None 则走本机默认路由；需要代理时填 "http://user:pass@host:port"
+                   # 或把 PROXY_TEMPLATE 填上 → 运行时自动抽活出口
+# 本机已开 Mihomo/Clash Verge TUN 模式，直连即可由 TUN 透明转发出国。
+# 如果 arxlabs 等外部代理恢复可用想再启用，把下面这行取消注释即可：
+# PROXY_TEMPLATE = "http://p9mx1124350-region-Rand-sid-{sid}-t-1:iy2lmzpy@us.arxlabs.io:3010"
+PROXY_TEMPLATE = None
+BASE_URL   = "https://chatgpt.com"
+OUTPUT_DIR = r"C:\Users\Administrator\Documents\gpt2api_images"
+
+# 固定复用的会话 ID：如果有值就在该会话里追加消息；
+# 设为 None 则每次都走"新建会话"流程（init → prepare → send），每次重新洗灰度桶。
+# 上一个会话 69e1c678 被我们密集轮询打到限流坏了，换成用户抓包里成功过灰度的新会话。
+FIXED_CONVERSATION_ID = "69e2205a-b5e4-83e8-8e6a-74d8b0c1941c"
+
+# 灰度未命中时的最大重试次数。每次重试会开新 session（新 oai-did / chat_token）。
+MAX_ATTEMPTS = 8
+
+# 用户指定必加的一句（只追加这一句，不要加其他多余的英文约束）。
+# 只在提示词包含要渲染的文字（对话、标语、字幕等）时才追加，纯画面不加。
+CLARITY_SUFFIX = "\n\nclean readable Chinese text, prioritize text clarity over image details"
+
+# 判断提示词是否需要渲染文字的启发式：包含常见"要出字"的关键词、引号、或
+# 冒号后面紧跟中文等。需要时才追加 CLARITY_SUFFIX。
+_TEXT_HINT_KWS = (
+    "文字", "对话", "台词", "旁白", "标语", "字幕", "标题", "文案",
+    "招牌", "横幅", "海报文字", "弹幕", "气泡", "字体",
+    "text:", "caption", "subtitle", "title:", "label", "banner", "poster text",
+)
+_TEXT_HINT_CHARS = ('"', "'", "“", "”", "‘", "’", "「", "」", "『", "』", "：", ":")
+
+def needs_text_rendering(prompt: str) -> bool:
+    p = prompt.lower()
+    if any(kw.lower() in p for kw in _TEXT_HINT_KWS):
+        return True
+    # 中文/英文引号里有内容（长度 >= 2 的）才算需要文字
+    import re
+    if re.search(r'["“‘「『][^"”’」』]{2,}["”’」』]', prompt):
+        return True
+    return False
+
+UA = ("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 "
+      "(KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36")
+
+# ── 日志 ──────────────────────────────────────────────────────────────────────
+def log(msg, level="INFO"):
+    ts = datetime.now().strftime("%H:%M:%S")
+    icon = "✓" if level=="OK" else "✗" if level=="ERR" else "·"
+    print(f"[{ts}] {icon} {msg}", flush=True)
+
+# ── POW 算法（迁移自 gpt4free/openai/proofofwork.py + new.py） ─────────────────
+_CORES   = [16, 24, 32]
+_SCREENS = [3000, 4000, 6000]
+_MAX_ATTEMPTS = 500000
+
+_NAV_KEYS = [
+    "webdriver−false", "vendor−Google Inc.", "cookieEnabled−true",
+    "pdfViewerEnabled−true", "hardwareConcurrency−32",
+    "language−zh-CN", "mimeTypes−[object MimeTypeArray]",
+    "userAgentData−[object NavigatorUAData]",
+]
+_WIN_KEYS = ["innerWidth", "innerHeight", "devicePixelRatio", "screen",
+             "chrome", "location", "history", "navigator"]
+
+def _parse_time() -> str:
+    now = datetime.now(timezone.utc)
+    return now.strftime("%a, %d %b %Y %H:%M:%S GMT")
+
+def _pow_config(user_agent: str) -> list:
+    import time as _t
+    return [
+        random.choice(_CORES) + random.choice(_SCREENS),
+        datetime.now(timezone.utc).strftime("%a %b %d %Y %H:%M:%S") + " GMT+0000 (UTC)",
+        None,
+        random.random(),
+        user_agent,
+        None,
+        "dpl=1440a687921de39ff5ee56b92807faaadce73f13",
+        "en-US",
+        "en-US,zh-CN",
+        0,
+        random.choice(_NAV_KEYS),
+        "location",
+        random.choice(_WIN_KEYS),
+        _t.perf_counter(),
+        str(uuid.uuid4()),
+        "",
+        8,
+        int(_t.time()),
+    ]
+
+def _generate_answer(seed: str, difficulty: str, config: list):
+    diff_len = len(difficulty)
+    seed_enc = seed.encode()
+    p1 = (json.dumps(config[:3],  separators=(',',':'), ensure_ascii=False)[:-1] + ',').encode()
+    p2 = (',' + json.dumps(config[4:9], separators=(',',':'), ensure_ascii=False)[1:-1] + ',').encode()
+    p3 = (',' + json.dumps(config[10:], separators=(',',':'), ensure_ascii=False)[1:]).encode()
+    target = bytes.fromhex(difficulty)
+    for i in range(_MAX_ATTEMPTS):
+        d1 = str(i).encode()
+        d2 = str(i >> 1).encode()
+        b64 = base64.b64encode(p1 + d1 + p2 + d2 + p3)
+        h = hashlib.sha3_512(seed_enc + b64).digest()
+        if h[:diff_len] <= target:
+            return b64.decode(), True
+    fb = 'wQ8Lk5FbGpA2NcR9dShT6gYjU7VxZ4D' + base64.b64encode(f'"{seed}"'.encode()).decode()
+    return fb, False
+
+def get_requirements_token(config: list) -> str:
+    seed = format(random.random())
+    ans, ok = _generate_answer(seed, "0fffff", config)
+    return "gAAAAAC" + ans
+
+def generate_proof_token(required: bool, seed: str, difficulty: str,
+                         user_agent: str, proof_config: list) -> Optional[str]:
+    if not required:
+        return None
+    # gpt4free 另一种老 config（更轻量），备用
+    if proof_config is None:
+        scr = random.choice([3008, 4010, 6000]) * random.choice([1, 2, 4])
+        proof_config = [
+            scr, _parse_time(), None, 0, user_agent,
+            "https://tcr9i.chat.openai.com/v2/35536E1E-65B4-4D96-9D97-6ADB7EFF8147/api.js",
+            "dpl=1440a687921de39ff5ee56b92807faaadce73f13", "en", "en-US",
+            None,
+            "plugins−[object PluginArray]",
+            random.choice(["_reactListeningcfilawjnerp", "_reactListening9ne2dfo1i47"]),
+            random.choice(["alert", "ontransitionend", "onprogress"]),
+        ]
+    diff_len = len(difficulty)
+    for i in range(100000):
+        proof_config[3] = i
+        j = json.dumps(proof_config)
+        b64 = base64.b64encode(j.encode()).decode()
+        h = hashlib.sha3_512((seed + b64).encode()).digest()
+        if h.hex()[:diff_len] <= difficulty:
+            return "gAAAAAB" + b64
+    fb = base64.b64encode(f'"{seed}"'.encode()).decode()
+    return "gAAAAABwQ8Lk5FbGpA2NcR9dShT6gYjU7VxZ4D" + fb
+
+# ── Session 工厂 ─────────────────────────────────────────────────────────────
+def _probe_proxy(max_tries: int = 20) -> Optional[str]:
+    """随机抽 sid，找一个能到达 chatgpt.com 的出口。返回完整 proxy url。"""
+    import random, string
+    log("实时抽代理出口（chatgpt.com 可达）...")
+    for i in range(max_tries):
+        sid = "".join(random.choices(string.ascii_letters + string.digits, k=8))
+        px  = PROXY_TEMPLATE.format(sid=sid)
+        try:
+            s = Session(impersonate="chrome131", verify=False, proxy=px, timeout=12)
+            r = s.get(BASE_URL + "/", timeout=15)
+            if r.status_code == 200 and "oai-did" in str(r.cookies):
+                try:
+                    info = Session(impersonate="chrome131", verify=False, proxy=px).get(
+                        "https://ipinfo.io/json", timeout=10).json()
+                    geo = f"{info.get('country','?')} {info.get('org','')[:30]}"
+                except Exception:
+                    geo = "?"
+                log(f"  sid={sid} → 200 ({geo})", "OK")
+                return px
+        except Exception:
+            pass
+        log(f"  sid={sid} 不可用")
+    log("所有 sid 都不可用", "ERR")
+    return None
+
+def new_session(proxy_override: Optional[str] = None) -> Session:
+    kw = {"impersonate": "chrome131", "verify": False}
+    chosen = proxy_override or PROXY
+    if chosen:
+        kw["proxy"] = chosen
+    s = Session(**kw)
+    s.headers.update({
+        "user-agent":      UA,
+        "accept-language": "en-US,en;q=0.9",
+        "origin":          BASE_URL,
+        "referer":         BASE_URL + "/",
+        "accept":          "*/*",
+        "sec-ch-ua":       '"Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"',
+        "sec-ch-ua-mobile":   "?0",
+        "sec-ch-ua-platform": '"Windows"',
+        "sec-fetch-dest":  "empty",
+        "sec-fetch-mode":  "cors",
+        "sec-fetch-site":  "same-origin",
+    })
+    return s
+
+def _http_retry(fn, retries=5, delay=2.0, label="", retry_on_status=()):
+    """不稳定代理下的简单重试包装。
+    retry_on_status：对指定的 HTTP 状态码（如 429/502/503/504）也触发重试。
+    """
+    last_exc = None
+    last_resp = None
+    for i in range(retries):
+        try:
+            r = fn()
+        except Exception as e:
+            last_exc = e
+            log(f"  {label} 第{i+1}次失败: {type(e).__name__}: {str(e)[:80]}")
+            time.sleep(delay)
+            continue
+        # 如果指定状态码要重试（典型 429）
+        if retry_on_status and getattr(r, "status_code", 0) in retry_on_status:
+            last_resp = r
+            wait = delay * (2 ** i)  # 退避
+            log(f"  {label} 第{i+1}次 → {r.status_code}，等 {wait:.0f}s 后重试")
+            time.sleep(wait)
+            continue
+        return r
+    if last_resp is not None:
+        return last_resp
+    raise last_exc
+
+# ── Step 1: oai-did ──────────────────────────────────────────────────────────
+def bootstrap(s: Session) -> str:
+    log("访问首页拿 oai-did cookie...")
+    r = _http_retry(lambda: s.get(BASE_URL + "/", timeout=30), retries=5, label="GET /")
+    log(f"  GET / → {r.status_code}", "OK" if r.ok else "ERR")
+    did = r.cookies.get("oai-did")
+    if not did:
+        # 从 cookie jar 里找
+        for c in s.cookies.jar if hasattr(s.cookies, "jar") else []:
+            name = getattr(c, "name", getattr(c, "key", ""))
+            if name == "oai-did":
+                did = c.value
+                break
+    if not did:
+        did = str(uuid.uuid4())
+        log(f"  未拿到 oai-did，随机生成: {did}")
+    else:
+        log(f"  oai-did = {did}", "OK")
+    return did
+
+# ── Step 1.5: 取已有会话的 current_node（复用固定 conv_id 时用） ───────────────
+def get_conversation_head(s: Session, did: str, conv_id: str) -> Optional[str]:
+    """
+    返回会话最新叶子消息 id（current_node），作为下一条消息的 parent_message_id。
+    失败时返回 None，调用方可自行生成随机 parent。
+    """
+    log(f"拉取会话 {conv_id[:8]}... 当前 head...")
+    try:
+        r = _http_retry(lambda: s.get(
+            BASE_URL + f"/backend-api/conversation/{conv_id}",
+            headers={
+                "Authorization": f"Bearer {AUTH_TOKEN}",
+                "oai-device-id": did,
+                "accept":        "*/*",
+                "accept-language":"zh-CN,zh;q=0.9,en;q=0.8",
+                "oai-language":  "zh-CN",
+                "origin":        BASE_URL,
+                "referer":       BASE_URL + f"/c/{conv_id}",
+            },
+            timeout=30,
+        ), retries=5, delay=4.0, label="GET conversation",
+           retry_on_status=(429, 502, 503, 504))
+    except Exception as e:
+        log(f"  拉取会话失败: {e}", "ERR")
+        return None
+    if not r.ok:
+        log(f"  → {r.status_code}: {r.text[:200]}", "ERR")
+        return None
+    try:
+        js = r.json()
+    except Exception:
+        log("  会话响应不是 JSON", "ERR")
+        return None
+    head = js.get("current_node")
+    mapping = js.get("mapping") or {}
+    log(f"  current_node = {head}  (mapping 消息数 {len(mapping)})", "OK" if head else "ERR")
+    return head
+
+# ── Step 2: /backend-api/sentinel/chat-requirements ──────────────────────────
+def get_chat_requirements(s: Session, did: str) -> tuple[str, Optional[dict]]:
+    log("请求 chat-requirements...")
+    cfg = _pow_config(UA)
+    req_token = get_requirements_token(cfg)
+    r = _http_retry(lambda: s.post(
+        BASE_URL + "/backend-api/sentinel/chat-requirements",
+        headers={
+            "Authorization": f"Bearer {AUTH_TOKEN}",
+            "oai-device-id": did,
+            "content-type":  "application/json",
+        },
+        json={"p": req_token},
+        timeout=30,
+    ), retries=5, label="chat-requirements")
+    log(f"  → {r.status_code}", "OK" if r.ok else "ERR")
+    if not r.ok:
+        log(f"  body: {r.text[:400]}", "ERR")
+        r.raise_for_status()
+    data = r.json()
+    chat_token = data["token"]
+    pow_info   = data.get("proofofwork") or {}
+    log(f"  chat_token len={len(chat_token)}  pow_required={pow_info.get('required', False)}", "OK")
+    return chat_token, pow_info
+
+# ── Step 2.4: /backend-api/conversation/init（新会话必做）──────────────────────
+def init_new_conversation(s: Session, did: str) -> bool:
+    """
+    新会话场景下，/f/conversation 之前必须先调用 /conversation/init，
+    让服务端为即将创建的会话注册一下路由/限流上下文。
+    请求体对齐 HAR（_har_body_3_init.json）。
+    """
+    log("/conversation/init（新会话注册）...")
+    headers = {
+        "Authorization":  f"Bearer {AUTH_TOKEN}",
+        "accept":         "*/*",
+        "accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
+        "cache-control":  "no-cache",
+        "pragma":         "no-cache",
+        "priority":       "u=1, i",
+        "content-type":   "application/json",
+        "oai-device-id":  did,
+        "oai-language":   "zh-CN",
+        "oai-client-build-number": "5955942",
+        "oai-client-version":      "prod-be885abbfcfe7b1f511e88b3003d9ee44757fbad",
+        "origin":         BASE_URL,
+        "referer":        BASE_URL + "/",
+    }
+    payload = {
+        "gizmo_id":               None,
+        "requested_default_model":None,
+        "conversation_id":        None,
+        "timezone_offset_min":    -480,
+        "system_hints":           ["picture_v2"],
+    }
+    try:
+        r = _http_retry(lambda: s.post(
+            BASE_URL + "/backend-api/conversation/init",
+            headers=headers, json=payload, timeout=30,
+        ), retries=4, delay=3.0, label="conversation/init",
+           retry_on_status=(429, 502, 503, 504))
+    except Exception as e:
+        log(f"  init 失败: {e}", "ERR")
+        return False
+    if not r.ok:
+        log(f"  init → {r.status_code}: {r.text[:200]}", "ERR")
+        return False
+    log(f"  init → 200 OK", "OK")
+    return True
+
+# ── Step 2.5: /backend-api/f/conversation/prepare（灰度分桶关键） ─────────────
+def prepare_fconversation(s: Session, did: str, chat_token: str, proof_token: Optional[str],
+                          conv_id: str, parent_id: str, msg_id: str, prompt: str) -> Optional[str]:
+    """
+    浏览器真实流程里 conversation 前必须先 prepare。
+    返回的 conduit_token 决定本次会话被路由到哪个集群（可能和新 IMG2 灰度相关）。
+    """
+    log("/f/conversation/prepare 预热（拿 conduit_token）...")
+    headers = {
+        "Authorization":  f"Bearer {AUTH_TOKEN}",
+        "accept":         "*/*",
+        "accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
+        "cache-control":  "no-cache",
+        "pragma":         "no-cache",
+        "priority":       "u=1, i",
+        "content-type":   "application/json",
+        "oai-device-id":  did,
+        "oai-language":   "zh-CN",
+        "oai-client-build-number": "5955942",
+        "oai-client-version":      "prod-be885abbfcfe7b1f511e88b3003d9ee44757fbad",
+        "origin":         BASE_URL,
+        "referer":        BASE_URL + "/",
+        "openai-sentinel-chat-requirements-token": chat_token,
+    }
+    if proof_token:
+        headers["openai-sentinel-proof-token"] = proof_token
+
+    payload = {
+        "action":              "next",
+        "fork_from_shared_post": False,
+        "conversation_id":     conv_id,
+        "parent_message_id":   parent_id,
+        "model":               "gpt-5-3",
+        "client_prepare_state":"none",
+        "timezone_offset_min": -480,
+        "timezone":            "Asia/Shanghai",
+        "conversation_mode":   {"kind": "primary_assistant"},
+        "system_hints":        ["picture_v2"],
+        "partial_query": {
+            "id":      msg_id,
+            "author":  {"role": "user"},
+            "content": {"content_type": "text", "parts": [prompt]},
+        },
+        "supports_buffering":  True,
+        "supported_encodings": ["v1"],
+        "client_contextual_info": {"app_name": "chatgpt.com"},
+    }
+    try:
+        r = _http_retry(lambda: s.post(
+            BASE_URL + "/backend-api/f/conversation/prepare",
+            headers=headers, json=payload, timeout=30,
+        ), retries=4, label="f/conversation/prepare")
+    except Exception as e:
+        log(f"  prepare 失败（可降级直跑）: {e}", "ERR")
+        return None
+    if not r.ok:
+        log(f"  prepare → {r.status_code}: {r.text[:300]}", "ERR")
+        return None
+    js = r.json() or {}
+    ct = js.get("conduit_token")
+    if ct:
+        log(f"  conduit_token 已获取 len={len(ct)}", "OK")
+    else:
+        log(f"  prepare 响应无 conduit_token: {str(js)[:200]}", "ERR")
+    return ct
+
+# ── Step 3: f/conversation SSE ───────────────────────────────────────────────
+def send_conversation(s: Session, did: str, chat_token: str, proof_token: Optional[str],
+                      conv_id: str, parent_id: str, msg_id: str, prompt: str,
+                      conduit_token: Optional[str] = None):
+    log("发送生图对话请求（SSE）...")
+    headers = {
+        "Authorization":  f"Bearer {AUTH_TOKEN}",
+        "accept":         "text/event-stream",
+        "accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
+        "cache-control":  "no-cache",
+        "pragma":         "no-cache",
+        "priority":       "u=1, i",
+        "content-type":   "application/json",
+        "oai-device-id":  did,
+        "oai-language":   "zh-CN",
+        "oai-client-build-number": "5955942",
+        "oai-client-version":      "prod-be885abbfcfe7b1f511e88b3003d9ee44757fbad",
+        "origin":         BASE_URL,
+        "referer":        BASE_URL + "/",
+        "openai-sentinel-chat-requirements-token": chat_token,
+    }
+    if proof_token:
+        headers["openai-sentinel-proof-token"] = proof_token
+    if conduit_token:
+        headers["x-conduit-token"] = conduit_token
+
+    payload = {
+        "action": "next",
+        "messages": [{
+            "id":          msg_id,
+            "author":      {"role": "user"},
+            "create_time": time.time(),
+            "content":     {"content_type": "text", "parts": [prompt]},
+            "metadata": {
+                "developer_mode_connector_ids": [],
+                "selected_github_repos":        [],
+                "selected_all_github_repos":    False,
+                "system_hints":                 ["picture_v2"],
+                "serialization_metadata":       {"custom_symbol_offsets": []},
+            },
+        }],
+        "conversation_id":          conv_id,
+        "parent_message_id":        parent_id,
+        "model":                    "gpt-5-3",
+        "client_prepare_state":     "sent",
+        "timezone_offset_min":      -480,
+        "timezone":                 "Asia/Shanghai",
+        "conversation_mode":        {"kind": "primary_assistant"},
+        "enable_message_followups": True,
+        "system_hints":             ["picture_v2"],
+        "supports_buffering":       True,
+        "supported_encodings":      ["v1"],
+        "client_contextual_info": {
+            "is_dark_mode":       False,
+            "time_since_loaded":  random.randint(500, 3000),
+            "page_height":        1072,
+            "page_width":         1724,
+            "pixel_ratio":        1.2,
+            "screen_height":      1440,
+            "screen_width":       2560,
+            "app_name":           "chatgpt.com",
+        },
+        "paragen_cot_summary_display_override": "allow",
+        "force_parallel_switch": "auto",
+    }
+
+    r = _http_retry(lambda: s.post(
+        BASE_URL + "/backend-api/f/conversation",
+        headers=headers, json=payload,
+        stream=True, timeout=180,
+    ), retries=5, label="f/conversation")
+    if not r.ok:
+        body = r.text
+        log(f"  SSE 失败 {r.status_code}: {body[:400]}", "ERR")
+        r.raise_for_status()
+    log("  SSE 连接成功", "OK")
+    return r
+
+# ── Step 4: 解析 SSE，收集 file-service 引用 ─────────────────────────────────
+def parse_sse(resp) -> dict:
+    new_conv_id   = None
+    file_ids      = []
+    tool_text     = ""
+    collecting    = False
+    finish_reason = None
+
+    import re as _re
+    file_pat = _re.compile(r"file-service://([A-Za-z0-9_-]+)")
+    sediment_pat = _re.compile(r"sediment://([A-Za-z0-9_-]+)")
+
+    def handle(data: str):
+        nonlocal new_conv_id, tool_text, collecting, finish_reason
+        for m in file_pat.finditer(data):
+            fid = m.group(1)
+            if fid not in file_ids:
+                file_ids.append(fid)
+                log(f"  发现图片: file-service://{fid[:16]}...", "OK")
+        for m in sediment_pat.finditer(data):
+            fid = m.group(1)
+            if ("sed:" + fid) not in file_ids:
+                file_ids.append("sed:" + fid)
+                log(f"  发现图片: sediment://{fid[:16]}...", "OK")
+
+        try:
+            obj = json.loads(data)
+        except Exception:
+            return
+        if not isinstance(obj, dict):
+            return
+
+        if isinstance(obj.get("v"), dict):
+            cid = obj["v"].get("conversation_id")
+            if cid and not new_conv_id:
+                new_conv_id = cid
+                log(f"  conversation_id={cid}", "OK")
+            msg = obj["v"].get("message", {})
+            if isinstance(msg, dict):
+                meta = msg.get("metadata", {}) or {}
+                if meta.get("image_gen_task_id"):
+                    log(f"  image_gen_task_id={meta['image_gen_task_id']}", "OK")
+                if meta.get("finish_details"):
+                    finish_reason = meta["finish_details"].get("type")
+                c = msg.get("content", {}) or {}
+                if c.get("content_type") == "code":
+                    collecting = True
+                    tool_text = c.get("text", "") or ""
+        elif isinstance(obj.get("v"), list) and collecting:
+            for p in obj["v"]:
+                if isinstance(p, dict) and p.get("p", "").endswith("/content/text") and p.get("o") == "append":
+                    tool_text += p.get("v", "")
+
+    try:
+        for raw in resp.iter_lines():
+            if not raw:
+                continue
+            if isinstance(raw, bytes):
+                raw = raw.decode("utf-8", errors="replace")
+            raw = raw.strip()
+            if not raw.startswith("data:"):
+                continue
+            data = raw[5:].strip()
+            if data in ("[DONE]", ""):
+                break
+            handle(data)
+    except Exception as e:
+        log(f"  SSE 中断（可能代理超时）: {type(e).__name__}: {str(e)[:100]}", "ERR")
+
+    if tool_text.strip():
+        log(f"  工具调用参数: {tool_text.strip()[:180]}", "OK")
+    if finish_reason:
+        log(f"  finish_reason={finish_reason}")
+    return {"conversation_id": new_conv_id, "file_ids": file_ids}
+
+# ── Step 4.5: 轮询 conversation 详情抓最终图片 ───────────────────────────────
+def _extract_img2_tool_ids(mapping: dict) -> set:
+    """返回会话里所有 IMG2 tool 消息的 id 集合（不含 asset_pointer，仅用于 diff）"""
+    ids = set()
+    for mid, node in mapping.items():
+        msg  = (node or {}).get("message") or {}
+        auth = msg.get("author") or {}
+        meta = msg.get("metadata") or {}
+        cont = msg.get("content") or {}
+        if (auth.get("role") == "tool"
+            and meta.get("async_task_type") == "image_gen"
+            and cont.get("content_type") == "multimodal_text"):
+            ids.add(mid)
+    return ids
+
+def fetch_tool_baseline(s: Session, did: str, conv_id: str) -> set:
+    """
+    发送前拉一次 conversation，记录已有 IMG2 tool 消息 id 集合，作为 baseline。
+    poll 阶段用 current - baseline 识别本次新增的 tool 消息。
+    """
+    log(f"拉取 baseline（会话 {conv_id[:8]}... 已有 tool 消息）...")
+    try:
+        r = _http_retry(lambda: s.get(
+            BASE_URL + f"/backend-api/conversation/{conv_id}",
+            headers={
+                "Authorization": f"Bearer {AUTH_TOKEN}",
+                "oai-device-id": did,
+                "accept":        "*/*",
+                "accept-language":"zh-CN,zh;q=0.9,en;q=0.8",
+                "oai-language":  "zh-CN",
+                "origin":        BASE_URL,
+                "referer":       BASE_URL + f"/c/{conv_id}",
+            },
+            timeout=30,
+        ), retries=5, delay=4.0, label="GET conv(baseline)",
+           retry_on_status=(429, 502, 503, 504))
+    except Exception as e:
+        log(f"  baseline 拉取失败: {e}", "ERR")
+        return set()
+    if not r.ok:
+        log(f"  baseline → {r.status_code}", "ERR")
+        return set()
+    try:
+        js = r.json()
+    except Exception:
+        return set()
+    ids = _extract_img2_tool_ids(js.get("mapping") or {})
+    log(f"  baseline: {len(ids)} 条历史 IMG2 tool 消息", "OK")
+    return ids
+
+def poll_conversation_for_images(s: Session, did: str, conv_id: str,
+                                 baseline_tool_ids: Optional[set] = None,
+                                 max_wait: int = 900, interval: float = 6.0,
+                                 stable_rounds: int = 4,
+                                 preview_wait_secs: float = 30.0):
+    """
+    轮询 conversation，等本次回合的图片稳定。返回 (status, ids)。
+    - status:
+        "img2"         → 命中灰度桶，返回 IMG2 最新那条 tool 消息的 ids
+        "preview_only" → 只出现 1 条 tool 消息，且自第一条 tool 消息出现起
+                         经过 preview_wait_secs 秒仍无第 2 条 → 判非灰度，ids 为空
+        "timeout"      → 超时，返回兜底（通常为空）
+    - 识别规则（实验确认的金标准）：
+        灰度桶会产出 **≥ 2 条 tool 消息**（先 preview，后 IMG2 最终）；
+        非灰度只产出 1 条。
+        实际观察：若进了灰度，第 2 条通常在第 1 条出现后 5–30 秒内就会冒出；
+        所以 30 秒仍是 1 条，基本可以判定非灰度，立即重试比死等划算。
+    """
+    log(f"轮询 conversation（max_wait={max_wait}s, interval={interval}s, "
+        f"stable_rounds={stable_rounds}, preview_wait={preview_wait_secs}s, "
+        f"baseline={len(baseline_tool_ids or [])}）...")
+    import re as _re
+    fpat = _re.compile(r"file-service://([A-Za-z0-9_-]+)")
+    spat = _re.compile(r"sediment://([A-Za-z0-9_-]+)")
+    baseline = baseline_tool_ids or set()
+
+    t0 = time.time()
+    last_sed_sig = None
+    stable_count = 0
+    last_sed = []
+    seen_any_tool = False  # 本次回合是否已观察到至少一条新的 IMG2 tool 消息
+    first_tool_ts: Optional[float] = None  # 第一条新 tool 消息首次出现的时间
+    consecutive_429 = 0
+
+    while time.time() - t0 < max_wait:
+        try:
+            r = _http_retry(lambda: s.get(
+                f"{BASE_URL}/backend-api/conversation/{conv_id}",
+                headers={"Authorization": f"Bearer {AUTH_TOKEN}", "oai-device-id": did},
+                timeout=30,
+            ), retries=3, delay=5.0, label="GET conv",
+               retry_on_status=(429, 502, 503, 504))
+        except Exception as e:
+            log(f"  轮询失败: {e}", "ERR")
+            time.sleep(interval)
+            continue
+
+        if r.status_code == 429:
+            consecutive_429 += 1
+            log(f"  轮询被 429 限流（连续 {consecutive_429} 次）", "ERR")
+            if consecutive_429 >= 3:
+                log("  连续 3 次 429 → 本次 attempt 中止，交外层退避重试", "ERR")
+                return ("error", [])
+            time.sleep(10)
+            continue
+        consecutive_429 = 0
+        if r.status_code != 200:
+            time.sleep(interval)
+            continue
+
+        try:
+            js = r.json()
+        except Exception:
+            time.sleep(interval)
+            continue
+
+        # 第一次收到完整 mapping 就 dump 一份供调试
+        try:
+            dbg = os.path.join(OUTPUT_DIR, f"_conv_{conv_id[:8]}.json")
+            if not os.path.exists(dbg):
+                os.makedirs(OUTPUT_DIR, exist_ok=True)
+                with open(dbg, "w", encoding="utf-8") as f:
+                    json.dump(js, f, ensure_ascii=False, indent=2)
+                log(f"  [debug] conversation 已 dump: {dbg}")
+        except Exception:
+            pass
+
+        mapping = js.get("mapping") or {}
+        # baseline diff：只看本次回合新出现的 IMG2 tool 消息。
+        # 如果 baseline 为空，就看全部（新建会话场景）。
+        all_tool_ids = _extract_img2_tool_ids(mapping)
+        new_tool_ids = all_tool_ids - baseline if baseline else all_tool_ids
+
+        # 采集每条 tool 消息的详细元数据，用于区分"快速预览 vs IMG2 最终"
+        # tool_records: [{mid, create_time, model_slug, recipient, is_img2_signature, file_ids, sed_ids}]
+        tool_records = []
+        final_ids, sed_ids = [], []
+        for mid in new_tool_ids:
+            m = mapping.get(mid) or {}
+            msg     = m.get("message") or {}
+            author  = msg.get("author") or {}
+            content = msg.get("content") or {}
+            meta    = msg.get("metadata") or {}
+
+            is_img2 = (
+                author.get("role") == "tool"
+                and meta.get("async_task_type") == "image_gen"
+                and content.get("content_type") == "multimodal_text"
+            )
+            if not is_img2:
+                continue
+            seen_any_tool = True
+
+            rec_fids, rec_sids = [], []
+            for p in (content.get("parts") or []):
+                if isinstance(p, dict):
+                    aid = p.get("asset_pointer") or ""
+                    for hit in fpat.finditer(aid):
+                        fid = hit.group(1)
+                        if fid not in rec_fids: rec_fids.append(fid)
+                        if fid not in final_ids: final_ids.append(fid)
+                    for hit in spat.finditer(aid):
+                        fid = hit.group(1)
+                        if fid not in rec_sids: rec_sids.append(fid)
+                        if fid not in sed_ids: sed_ids.append(fid)
+                elif isinstance(p, str):
+                    for hit in fpat.finditer(p):
+                        fid = hit.group(1)
+                        if fid not in rec_fids: rec_fids.append(fid)
+                        if fid not in final_ids: final_ids.append(fid)
+
+            tool_records.append({
+                "mid": mid,
+                "create_time": msg.get("create_time") or 0,
+                "model_slug": meta.get("model_slug") or author.get("metadata", {}).get("model_slug"),
+                "recipient":  msg.get("recipient") or meta.get("recipient"),
+                "author_name": author.get("name"),
+                "image_gen_title": meta.get("image_gen_title"),
+                "gizmo_id": meta.get("gizmo_id"),
+                "file_ids": rec_fids,
+                "sed_ids":  rec_sids,
+            })
+
+        # 按 create_time 排序（最早 → 最新）
+        tool_records.sort(key=lambda r: r["create_time"] or 0)
+        last_sed = sed_ids
+
+        # 最终高清直出（优先）—— file-service 一出就是 IMG2 终稿（灰度桶）
+        if final_ids:
+            for rec in tool_records:
+                if rec["file_ids"]:
+                    log(f"  [IMG2-final] mid={rec['mid'][:8]} "
+                        f"model={rec['model_slug']} recipient={rec['recipient']} "
+                        f"name={rec['author_name']} → file-service x{len(rec['file_ids'])}", "OK")
+            # file-service 直出一定是灰度 IMG2
+            return ("img2", final_ids)
+
+        # 本次回合还没出现任何 tool 消息时继续等（复用会话场景尤其重要）
+        if not seen_any_tool:
+            log("  等待本次回合的 tool 消息出现...")
+            time.sleep(interval)
+            continue
+
+        elapsed = time.time() - t0
+        n_tool = len(tool_records)
+        # 记录第 1 条 tool 消息首次出现时间
+        if n_tool >= 1 and first_tool_ts is None:
+            first_tool_ts = time.time()
+            log(f"  ▶ 第 1 条 tool 消息首次出现，开始 {preview_wait_secs:.0f}s 窗口等第 2 条（IMG2）")
+
+        sig = tuple(sorted(sed_ids))
+
+        # ── 分支 A：已经有 2+ 条 tool 消息 → 灰度命中，按 stable_rounds 等最新那条稳定
+        if n_tool >= 2:
+            if sed_ids and sig == last_sed_sig:
+                stable_count += 1
+                log(f"  sed 稳定 {stable_count}/{stable_rounds} "
+                    f"（IMG2, tool x{n_tool}, sed x{len(sed_ids)}, {elapsed:.0f}s）")
+                if stable_count >= stable_rounds:
+                    keep = tool_records[-1]
+                    log(f"  ✓ 命中灰度，{n_tool} 条 tool → 只保留最新一条（IMG2 终稿）", "OK")
+                    for i, r in enumerate(tool_records[:-1]):
+                        log(f"    [丢弃预览 #{i+1}] mid={r['mid'][:8]} t={r['create_time']} "
+                            f"name={r['author_name']} sed={len(r['sed_ids'])} file={len(r['file_ids'])}")
+                    log(f"    [保留最新  ] mid={keep['mid'][:8]} t={keep['create_time']} "
+                        f"name={keep['author_name']} sed={len(keep['sed_ids'])} file={len(keep['file_ids'])}")
+                    out = []
+                    for fid in keep["file_ids"]:
+                        log(f"  最终图片: file-service://{fid[:20]}...", "OK")
+                        out.append(fid)
+                    for fid in keep["sed_ids"]:
+                        log(f"  最终图片: sediment://{fid[:20]}...", "OK")
+                        out.append("sed:" + fid)
+                    return ("img2", out)
+            else:
+                if sig != last_sed_sig:
+                    log(f"  sed 变化: {len(sed_ids)}张 (已等 {elapsed:.0f}s, tool x{n_tool})")
+                stable_count = 0
+                last_sed_sig = sig
+
+        # ── 分支 B：只有 1 条 tool 消息 → 看时间窗口，窗口内若冒出第 2 条就走分支 A
+        elif n_tool == 1 and first_tool_ts is not None:
+            since_first = time.time() - first_tool_ts
+            log(f"  窗口中等 IMG2 第 2 条 tool: {since_first:.0f}/{preview_wait_secs:.0f}s "
+                f"(sed x{len(sed_ids)}, {elapsed:.0f}s)")
+            if since_first >= preview_wait_secs:
+                only = tool_records[0]
+                log(f"  ✗ 第 1 条 tool 出现 {since_first:.0f}s 后仍无第 2 条 "
+                    f"(mid={only['mid'][:8]} name={only['author_name']}) "
+                    f"→ 判定非灰度预览，需重试", "ERR")
+                return ("preview_only", [])
+
+        time.sleep(interval)
+
+    # 超时兜底
+    n_tool = len(tool_records)
+    if n_tool >= 2:
+        keep = tool_records[-1]
+        log(f"  超时但已有 {n_tool} 条 tool 消息，取最新一条作 IMG2", "ERR")
+        out = ([x for x in keep["file_ids"]] +
+               ["sed:" + x for x in keep["sed_ids"]])
+        return ("img2", out)
+    if last_sed:
+        log(f"  超时，只有 1 条 tool 消息 → 视为非灰度预览（不保存），请重试", "ERR")
+        return ("preview_only", [])
+    log("  轮询超时，未发现图片", "ERR")
+    return ("timeout", [])
+
+# ── Step 5: 下载图片 ─────────────────────────────────────────────────────────
+def download_images(s: Session, did: str, conv_id: Optional[str], file_ids: list) -> list:
+    os.makedirs(OUTPUT_DIR, exist_ok=True)
+    hdrs = {"Authorization": f"Bearer {AUTH_TOKEN}", "oai-device-id": did}
+    saved = []
+
+    for raw in file_ids[:8]:
+        is_sed = raw.startswith("sed:")
+        fid = raw[4:] if is_sed else raw
+        if is_sed and conv_id:
+            url = f"{BASE_URL}/backend-api/conversation/{conv_id}/attachment/{fid}/download"
+        else:
+            url = f"{BASE_URL}/backend-api/files/{fid}/download"
+        try:
+            r = s.get(url, headers=hdrs, timeout=30)
+            if not r.ok:
+                log(f"  {fid[:16]}... 取下载地址失败 {r.status_code}", "ERR")
+                continue
+            durl = r.json().get("download_url")
+            if not durl:
+                log(f"  {fid[:16]}... 无 download_url", "ERR")
+                continue
+            img = s.get(durl, timeout=60)
+            if img.ok and len(img.content) > 2000:
+                path = os.path.join(OUTPUT_DIR, f"{fid[-12:]}.png")
+                with open(path, "wb") as f:
+                    f.write(img.content)
+                log(f"已保存: {path} ({len(img.content)//1024} KB)", "OK")
+                saved.append(path)
+        except Exception as e:
+            log(f"  下载 {fid[:16]}... 出错: {e}", "ERR")
+    return saved
+
+# ── 单次执行 ─────────────────────────────────────────────────────────────────
+def run_once(prompt: str):
+    """执行一次完整流程。返回 (status, files)。
+    status ∈ {"img2", "preview_only", "timeout", "error"}
+    """
+    active_proxy = PROXY
+    if not active_proxy and PROXY_TEMPLATE:
+        active_proxy = _probe_proxy()
+        if not active_proxy:
+            log("无可用代理出口", "ERR")
+            return ("error", [])
+    s = new_session(active_proxy)
+
+    try:
+        did = bootstrap(s)
+        chat_token, pow_info = get_chat_requirements(s, did)
+
+        proof_token = None
+        if pow_info.get("required"):
+            log("本地计算 proof-of-work...")
+            t0 = time.time()
+            proof_token = generate_proof_token(
+                required=True,
+                seed=pow_info["seed"],
+                difficulty=pow_info["difficulty"],
+                user_agent=UA,
+                proof_config=_pow_config(UA),
+            )
+            log(f"  proof_token len={len(proof_token or '')}  耗时 {time.time()-t0:.2f}s", "OK")
+
+        baseline_tool_ids: set = set()
+        if FIXED_CONVERSATION_ID:
+            head = get_conversation_head(s, did, FIXED_CONVERSATION_ID)
+            if not head:
+                # 拉固定会话 head 失败（多为 429 限流），直接本次失败让外层退避重试，
+                # 千万不要降级到一个全新的废弃 uuid —— 那会让 /f/conversation 直接 404。
+                log("复用会话拉 head 失败 → 本次尝试中止，交由外层退避重试", "ERR")
+                return ("error", [])
+            conv_id = FIXED_CONVERSATION_ID
+            par_id  = head
+            log(f"复用会话 {conv_id}  parent={par_id}", "OK")
+            baseline_tool_ids = fetch_tool_baseline(s, did, conv_id)
+        else:
+            # 新会话：必须先 /conversation/init 注册，否则 /f/conversation 会 404
+            if not init_new_conversation(s, did):
+                return ("error", [])
+            conv_id = str(uuid.uuid4())
+            par_id  = str(uuid.uuid4())
+            log(f"新建会话 {conv_id}  parent={par_id}", "OK")
+        msg_id  = str(uuid.uuid4())
+
+        conduit_token = prepare_fconversation(
+            s, did, chat_token, proof_token, conv_id, par_id, msg_id, prompt
+        )
+
+        t0 = time.time()
+        resp = send_conversation(
+            s, did, chat_token, proof_token, conv_id, par_id, msg_id, prompt,
+            conduit_token=conduit_token,
+        )
+        result = parse_sse(resp)
+        log(f"SSE 总耗时 {time.time()-t0:.1f}s")
+
+        actual_conv = result.get("conversation_id") or conv_id
+        sse_ids = result.get("file_ids", [])
+        has_final = any(not x.startswith("sed:") for x in sse_ids)
+
+        if actual_conv and not has_final:
+            status, polled = poll_conversation_for_images(
+                s, did, actual_conv,
+                baseline_tool_ids=baseline_tool_ids,
+            )
+            file_ids = polled
+        elif has_final:
+            status = "img2"  # file-service 直出就是灰度
+            file_ids = sse_ids
+        else:
+            status = "preview_only"
+            file_ids = []
+
+        if status != "img2":
+            return (status, [])
+
+        files = download_images(s, did, actual_conv, file_ids)
+        return ("img2", files)
+    except Exception as e:
+        log(f"异常: {e}", "ERR")
+        import traceback
+        traceback.print_exc()
+        return ("error", [])
+
+
+# ── Main ─────────────────────────────────────────────────────────────────────
+def main():
+    prompt = " ".join(sys.argv[1:]) if len(sys.argv) > 1 else ""
+    if not prompt:
+        try:
+            prompt = input("请输入提示词: ").strip()
+        except EOFError:
+            prompt = ""
+    if not prompt:
+        prompt = "一只可爱的橘猫坐在窗台上，阳光照进来，写实风格"
+    if needs_text_rendering(prompt) and CLARITY_SUFFIX.strip() not in prompt:
+        prompt += CLARITY_SUFFIX
+        log("检测到文字渲染需求 → 已追加文字清晰度约束")
+    else:
+        log("纯画面提示词 → 跳过文字清晰度 suffix")
+
+    print(f"\n{'='*64}")
+    log(f"提示词: {prompt[:100]}{'...' if len(prompt)>100 else ''}")
+    log(f"代理: {PROXY.split('@')[-1] if PROXY else '本机默认路由' if not PROXY_TEMPLATE else '自动抽出口'}")
+    print(f"{'='*64}\n")
+
+    t_all = time.time()
+    for attempt in range(1, MAX_ATTEMPTS + 1):
+        print(f"\n{'─'*64}")
+        log(f"◆ 尝试 {attempt}/{MAX_ATTEMPTS}")
+        print(f"{'─'*64}")
+        t0 = time.time()
+        status, files = run_once(prompt)
+        dt = time.time() - t0
+
+        if status == "img2":
+            print(f"\n{'='*64}")
+            log(f"✓ 命中灰度（IMG2），{len(files)} 张 → {OUTPUT_DIR}", "OK")
+            log(f"  本次 {dt:.0f}s，总计 {time.time()-t_all:.0f}s（用了 {attempt} 次尝试）")
+            print(f"{'='*64}\n")
+            return
+
+        reason = {"preview_only": "非灰度快速预览（只 1 条 tool 消息）",
+                  "timeout":      "轮询超时",
+                  "error":        "出错（多为账号级 429 限流）"}[status]
+        # 账号级 429 恢复慢：preview_only 退避 40s，error（429）退避 90s 指数上升
+        if status == "error":
+            backoff = min(180, 60 + attempt * 15)
+        else:
+            backoff = 40
+        if attempt < MAX_ATTEMPTS:
+            log(f"× 第 {attempt} 次: {reason}（{dt:.0f}s），等 {backoff}s 冷却后开新 session 重试", "ERR")
+            time.sleep(backoff)
+        else:
+            log(f"× 第 {attempt} 次: {reason}（{dt:.0f}s），已达上限", "ERR")
+
+    print(f"\n{'='*64}")
+    log(f"全部 {MAX_ATTEMPTS} 次尝试都未命中灰度，总计 {time.time()-t_all:.0f}s", "ERR")
+    print(f"{'='*64}\n")
+
+if __name__ == "__main__":
+    main()
diff --git a/pkg/crypto/aes.go b/pkg/crypto/aes.go
new file mode 100644
index 00000000..a630fb31
--- /dev/null
+++ b/pkg/crypto/aes.go
@@ -0,0 +1,78 @@
+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+)
+
+// AESGCM 用于加密敏感字段(AT / cookies / 代理密码)。
+// 密钥是 hex 字符串,必须 64 字符(= 32 字节 AES-256 密钥)。
+type AESGCM struct {
+	aead cipher.AEAD
+}
+
+func NewAESGCM(hexKey string) (*AESGCM, error) {
+	if len(hexKey) != 64 {
+		return nil, fmt.Errorf("aes key must be 64 hex chars (32 bytes), got %d", len(hexKey))
+	}
+	key, err := hex.DecodeString(hexKey)
+	if err != nil {
+		return nil, fmt.Errorf("decode hex key: %w", err)
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, fmt.Errorf("new cipher: %w", err)
+	}
+	aead, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, fmt.Errorf("new gcm: %w", err)
+	}
+	return &AESGCM{aead: aead}, nil
+}
+
+// Encrypt 返回 base64(nonce || ciphertext_with_tag)。
+func (a *AESGCM) Encrypt(plaintext []byte) (string, error) {
+	nonce := make([]byte, a.aead.NonceSize())
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		return "", err
+	}
+	ct := a.aead.Seal(nil, nonce, plaintext, nil)
+	out := make([]byte, 0, len(nonce)+len(ct))
+	out = append(out, nonce...)
+	out = append(out, ct...)
+	return base64.StdEncoding.EncodeToString(out), nil
+}
+
+// Decrypt 接受 Encrypt 返回的 base64 字符串。
+func (a *AESGCM) Decrypt(b64 string) ([]byte, error) {
+	raw, err := base64.StdEncoding.DecodeString(b64)
+	if err != nil {
+		return nil, fmt.Errorf("decode base64: %w", err)
+	}
+	ns := a.aead.NonceSize()
+	if len(raw) < ns+a.aead.Overhead() {
+		return nil, errors.New("ciphertext too short")
+	}
+	nonce, ct := raw[:ns], raw[ns:]
+	pt, err := a.aead.Open(nil, nonce, ct, nil)
+	if err != nil {
+		return nil, fmt.Errorf("aead open: %w", err)
+	}
+	return pt, nil
+}
+
+// EncryptString / DecryptString 方便字符串字段使用。
+func (a *AESGCM) EncryptString(s string) (string, error) { return a.Encrypt([]byte(s)) }
+func (a *AESGCM) DecryptString(b64 string) (string, error) {
+	b, err := a.Decrypt(b64)
+	if err != nil {
+		return "", err
+	}
+	return string(b), nil
+}
diff --git a/pkg/epay/epay.go b/pkg/epay/epay.go
new file mode 100644
index 00000000..fc5b6b42
--- /dev/null
+++ b/pkg/epay/epay.go
@@ -0,0 +1,150 @@
+// Package epay 实现与通用「易支付 / 码支付」类系统的对接协议。
+//
+// 协议概述(MD5 签名):
+//  1. 下单:用户点"充值" -> 后端创建订单 -> 用 GET 参数跳转到 epay.gatewayUrl。
+//     下单参数:pid / out_trade_no / notify_url / return_url / name / money / sign / sign_type
+//     sign 计算:除 sign/sign_type 外所有非空参数按 key ASCII 升序,拼成 k1=v1&k2=v2...
+//     末尾直接拼接 key(注意不再加 &),md5 后转小写。
+//  2. 异步通知:POST form(也可能是 GET,按 header Content-Type 判断),
+//     校验 sign 同上。trade_status == "TRADE_SUCCESS" 时标记订单已支付。
+//  3. 返回文本 "success"(必须原样,不能带换行、HTML),否则上游会无限重试。
+//
+// 这里刻意不耦合 http handler,由调用方组装 URL / 解析参数,方便单测。
+package epay
+
+import (
+	"crypto/md5"
+	"encoding/hex"
+	"errors"
+	"net/url"
+	"sort"
+	"strconv"
+	"strings"
+)
+
+// Signer 持有商户信息。
+type Signer struct {
+	PID      string
+	Key      string
+	SignType string // 目前只支持 MD5
+}
+
+func NewSigner(pid, key, signType string) *Signer {
+	if signType == "" {
+		signType = "MD5"
+	}
+	return &Signer{PID: pid, Key: key, SignType: signType}
+}
+
+// Sign 计算签名。params 不应包含 sign / sign_type 两个字段。
+// 为空值会被跳过(和上游习惯保持一致)。
+func (s *Signer) Sign(params map[string]string) string {
+	keys := make([]string, 0, len(params))
+	for k, v := range params {
+		if k == "sign" || k == "sign_type" {
+			continue
+		}
+		if v == "" {
+			continue
+		}
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	b := strings.Builder{}
+	for i, k := range keys {
+		if i > 0 {
+			b.WriteByte('&')
+		}
+		b.WriteString(k)
+		b.WriteByte('=')
+		b.WriteString(params[k])
+	}
+	b.WriteString(s.Key)
+	sum := md5.Sum([]byte(b.String()))
+	return hex.EncodeToString(sum[:])
+}
+
+// Verify 用上游传来的签名和本地 key 重新计算比对。
+func (s *Signer) Verify(params map[string]string, got string) bool {
+	if got == "" {
+		return false
+	}
+	want := s.Sign(params)
+	return strings.EqualFold(want, got)
+}
+
+// BuildPayURL 构造跳转给用户浏览器的完整 URL。
+// gatewayURL 形如 https://pay.example.com/submit.php
+// extra 可以添加自定义字段(如 "type" 指定 alipay|wxpay),为 nil 就让上游收银台显示选择。
+func (s *Signer) BuildPayURL(gatewayURL, outTradeNo, name string, priceCNYFen int,
+	notifyURL, returnURL string, extra map[string]string,
+) (string, error) {
+	if gatewayURL == "" {
+		return "", errors.New("epay: gateway url empty")
+	}
+	// money 需要传"元",最多 2 位小数
+	money := strconv.FormatFloat(float64(priceCNYFen)/100.0, 'f', 2, 64)
+
+	p := map[string]string{
+		"pid":          s.PID,
+		"out_trade_no": outTradeNo,
+		"name":         name,
+		"money":        money,
+		"notify_url":   notifyURL,
+		"return_url":   returnURL,
+		"sign_type":    s.SignType,
+	}
+	for k, v := range extra {
+		if v != "" && k != "sign" && k != "sign_type" {
+			p[k] = v
+		}
+	}
+	p["sign"] = s.Sign(p)
+
+	u, err := url.Parse(gatewayURL)
+	if err != nil {
+		return "", err
+	}
+	q := u.Query()
+	for k, v := range p {
+		q.Set(k, v)
+	}
+	u.RawQuery = q.Encode()
+	return u.String(), nil
+}
+
+// NotifyPayload 抽象一次回调的关键字段。
+type NotifyPayload struct {
+	OutTradeNo  string            // 商户订单号
+	TradeNo     string            // 易支付交易号
+	TradeStatus string            // "TRADE_SUCCESS" / 其它
+	Name        string
+	Money       string // 元(字符串)
+	Type        string // alipay / wxpay / ...
+	Raw         map[string]string // 原始参数,便于落库排查
+}
+
+// ParseNotify 解析回调表单/Query 到 NotifyPayload,并校验签名。
+// 签名失败返回 errInvalidSign(调用方打 warn 日志即可)。
+var ErrInvalidSign = errors.New("epay: invalid sign")
+
+func (s *Signer) ParseNotify(form url.Values) (*NotifyPayload, error) {
+	params := map[string]string{}
+	for k := range form {
+		params[k] = form.Get(k)
+	}
+	sign := params["sign"]
+	if !s.Verify(params, sign) {
+		return nil, ErrInvalidSign
+	}
+	return &NotifyPayload{
+		OutTradeNo:  params["out_trade_no"],
+		TradeNo:     params["trade_no"],
+		TradeStatus: params["trade_status"],
+		Name:        params["name"],
+		Money:       params["money"],
+		Type:        params["type"],
+		Raw:         params,
+	}, nil
+}
diff --git a/pkg/jwt/jwt.go b/pkg/jwt/jwt.go
new file mode 100644
index 00000000..9118f724
--- /dev/null
+++ b/pkg/jwt/jwt.go
@@ -0,0 +1,141 @@
+package jwt
+
+import (
+	"errors"
+	"fmt"
+	"time"
+
+	jwtv5 "github.com/golang-jwt/jwt/v5"
+)
+
+// Claims 是 JWT 的 payload。
+type Claims struct {
+	UserID uint64 `json:"uid"`
+	Role   string `json:"role"`
+	jwtv5.RegisteredClaims
+}
+
+// TokenPair 登录/刷新返回的双 token。
+type TokenPair struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	ExpiresIn    int    `json:"expires_in"`
+	TokenType    string `json:"token_type"`
+}
+
+// Config 依赖注入配置。
+type Config struct {
+	Secret        string
+	Issuer        string
+	AccessTTLSec  int
+	RefreshTTLSec int
+}
+
+// Manager 负责签发与校验 access / refresh token。
+// 通过 SetTTLProvider 可以让签发时使用的 TTL 来自外部热源(例如 system_settings)。
+type Manager struct {
+	secret      []byte
+	issuer      string
+	accessTTL   time.Duration
+	refreshTTL  time.Duration
+	ttlProvider func() (accessSec int, refreshSec int) // 可为 nil
+}
+
+func NewManager(c Config) *Manager {
+	return &Manager{
+		secret:     []byte(c.Secret),
+		issuer:     c.Issuer,
+		accessTTL:  time.Duration(c.AccessTTLSec) * time.Second,
+		refreshTTL: time.Duration(c.RefreshTTLSec) * time.Second,
+	}
+}
+
+// SetTTLProvider 注入一个热更 TTL 回调。回调返回秒;<=0 的值会被忽略(回退到启动时配置)。
+func (m *Manager) SetTTLProvider(fn func() (accessSec int, refreshSec int)) {
+	m.ttlProvider = fn
+}
+
+// currentTTLs 优先使用 provider 返回的值,否则用构造期固定值。
+func (m *Manager) currentTTLs() (time.Duration, time.Duration) {
+	access := m.accessTTL
+	refresh := m.refreshTTL
+	if m.ttlProvider != nil {
+		a, r := m.ttlProvider()
+		if a > 0 {
+			access = time.Duration(a) * time.Second
+		}
+		if r > 0 {
+			refresh = time.Duration(r) * time.Second
+		}
+	}
+	return access, refresh
+}
+
+// Issue 签发一对 token。
+func (m *Manager) Issue(userID uint64, role string) (*TokenPair, error) {
+	now := time.Now()
+	accessTTL, refreshTTL := m.currentTTLs()
+	access, err := m.signWithTTL(userID, role, "access", now, accessTTL)
+	if err != nil {
+		return nil, err
+	}
+	refresh, err := m.signWithTTL(userID, role, "refresh", now, refreshTTL)
+	if err != nil {
+		return nil, err
+	}
+	return &TokenPair{
+		AccessToken:  access,
+		RefreshToken: refresh,
+		ExpiresIn:    int(accessTTL.Seconds()),
+		TokenType:    "Bearer",
+	}, nil
+}
+
+func (m *Manager) signWithTTL(userID uint64, role, typ string, now time.Time, ttl time.Duration) (string, error) {
+	claims := Claims{
+		UserID: userID,
+		Role:   role,
+		RegisteredClaims: jwtv5.RegisteredClaims{
+			Issuer:    m.issuer,
+			Subject:   fmt.Sprintf("%d", userID),
+			Audience:  jwtv5.ClaimStrings{typ},
+			IssuedAt:  jwtv5.NewNumericDate(now),
+			ExpiresAt: jwtv5.NewNumericDate(now.Add(ttl)),
+			NotBefore: jwtv5.NewNumericDate(now),
+		},
+	}
+	tok := jwtv5.NewWithClaims(jwtv5.SigningMethodHS256, claims)
+	return tok.SignedString(m.secret)
+}
+
+// Verify 验证 access token 并返回 claims。
+func (m *Manager) Verify(tokenString string) (*Claims, error) {
+	tok, err := jwtv5.ParseWithClaims(tokenString, &Claims{}, func(t *jwtv5.Token) (interface{}, error) {
+		if _, ok := t.Method.(*jwtv5.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
+		}
+		return m.secret, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	claims, ok := tok.Claims.(*Claims)
+	if !ok || !tok.Valid {
+		return nil, errors.New("invalid token")
+	}
+	return claims, nil
+}
+
+// VerifyRefresh 验证 refresh token(多一步 audience 校验)。
+func (m *Manager) VerifyRefresh(tokenString string) (*Claims, error) {
+	claims, err := m.Verify(tokenString)
+	if err != nil {
+		return nil, err
+	}
+	for _, aud := range claims.Audience {
+		if aud == "refresh" {
+			return claims, nil
+		}
+	}
+	return nil, errors.New("not a refresh token")
+}
diff --git a/pkg/lock/redis_lock.go b/pkg/lock/redis_lock.go
new file mode 100644
index 00000000..649f59a1
--- /dev/null
+++ b/pkg/lock/redis_lock.go
@@ -0,0 +1,67 @@
+package lock
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/redis/go-redis/v9"
+)
+
+// ErrNotAcquired 表示未抢到锁(资源被占用)。
+var ErrNotAcquired = errors.New("lock: not acquired")
+
+// RedisLock 是一个简单的 Redis 分布式锁,用于账号池「一号一锁」。
+// 通过 SET NX + token 实现原子获取与安全释放。
+type RedisLock struct {
+	client *redis.Client
+}
+
+func NewRedisLock(client *redis.Client) *RedisLock { return &RedisLock{client: client} }
+
+// Acquire 尝试抢锁。成功返回 token(释放时必须提供);失败返回 ErrNotAcquired。
+func (l *RedisLock) Acquire(ctx context.Context, key, token string, ttl time.Duration) error {
+	ok, err := l.client.SetNX(ctx, key, token, ttl).Result()
+	if err != nil {
+		return err
+	}
+	if !ok {
+		return ErrNotAcquired
+	}
+	return nil
+}
+
+// 释放锁使用 Lua 保证 CAS 语义(只有持有者才能删)。
+var releaseScript = redis.NewScript(`
+if redis.call("GET", KEYS[1]) == ARGV[1] then
+    return redis.call("DEL", KEYS[1])
+else
+    return 0
+end
+`)
+
+// Release 释放锁。若当前持有者不是 token,不会误删。
+func (l *RedisLock) Release(ctx context.Context, key, token string) error {
+	_, err := releaseScript.Run(ctx, l.client, []string{key}, token).Result()
+	if err != nil && !errors.Is(err, redis.Nil) {
+		return err
+	}
+	return nil
+}
+
+// Refresh 续期(仅当前持有者才能续)。
+var refreshScript = redis.NewScript(`
+if redis.call("GET", KEYS[1]) == ARGV[1] then
+    return redis.call("PEXPIRE", KEYS[1], ARGV[2])
+else
+    return 0
+end
+`)
+
+func (l *RedisLock) Refresh(ctx context.Context, key, token string, ttl time.Duration) error {
+	_, err := refreshScript.Run(ctx, l.client, []string{key}, token, ttl.Milliseconds()).Result()
+	if err != nil && !errors.Is(err, redis.Nil) {
+		return err
+	}
+	return nil
+}
diff --git a/pkg/logger/logger.go b/pkg/logger/logger.go
new file mode 100644
index 00000000..97b42567
--- /dev/null
+++ b/pkg/logger/logger.go
@@ -0,0 +1,74 @@
+package logger
+
+import (
+	"fmt"
+	"os"
+	"sync"
+
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+)
+
+var (
+	global *zap.Logger
+	once   sync.Once
+)
+
+// Init 初始化全局日志。format=console|json,output=stdout|<file path>.
+func Init(level, format, output string) error {
+	var initErr error
+	once.Do(func() {
+		lvl := zapcore.InfoLevel
+		if err := lvl.UnmarshalText([]byte(level)); err != nil {
+			initErr = fmt.Errorf("invalid log level %q: %w", level, err)
+			return
+		}
+
+		encCfg := zap.NewProductionEncoderConfig()
+		encCfg.TimeKey = "ts"
+		encCfg.EncodeTime = zapcore.ISO8601TimeEncoder
+		encCfg.EncodeDuration = zapcore.StringDurationEncoder
+		encCfg.EncodeLevel = zapcore.CapitalLevelEncoder
+
+		var encoder zapcore.Encoder
+		if format == "json" {
+			encoder = zapcore.NewJSONEncoder(encCfg)
+		} else {
+			encCfg.EncodeLevel = zapcore.CapitalColorLevelEncoder
+			encoder = zapcore.NewConsoleEncoder(encCfg)
+		}
+
+		var ws zapcore.WriteSyncer
+		if output == "" || output == "stdout" {
+			ws = zapcore.AddSync(os.Stdout)
+		} else {
+			f, err := os.OpenFile(output, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644)
+			if err != nil {
+				initErr = fmt.Errorf("open log file %q: %w", output, err)
+				return
+			}
+			ws = zapcore.AddSync(f)
+		}
+
+		core := zapcore.NewCore(encoder, ws, lvl)
+		global = zap.New(core, zap.AddCaller(), zap.AddStacktrace(zapcore.ErrorLevel))
+	})
+	return initErr
+}
+
+// L 返回全局 logger。
+func L() *zap.Logger {
+	if global == nil {
+		// 兜底:未初始化时返回开发 logger,避免 panic。
+		l, _ := zap.NewDevelopment()
+		return l
+	}
+	return global
+}
+
+// Sync 刷新缓冲。
+func Sync() {
+	if global != nil {
+		_ = global.Sync()
+	}
+}
diff --git a/pkg/mailer/mailer.go b/pkg/mailer/mailer.go
new file mode 100644
index 00000000..7d0cd37e
--- /dev/null
+++ b/pkg/mailer/mailer.go
@@ -0,0 +1,198 @@
+// Package mailer 提供最小可用的 SMTP 发信能力。
+//
+// 设计:
+//   - 使用标准库 net/smtp + crypto/tls,零外部依赖。
+//   - 支持 465 隐式 TLS 与 587 STARTTLS。
+//   - 异步发送(一个 worker 协程),内部有 100 大小的 buffered chan,
+//     chan 满时直接丢弃并打 warn 日志,绝不阻塞业务主流程。
+//   - Enabled=false 时全部 Send 变成 no-op。
+package mailer
+
+import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"mime"
+	"net"
+	"net/smtp"
+	"strconv"
+	"sync"
+	"time"
+
+	"go.uber.org/zap"
+)
+
+// Config 与 config.SMTPConfig 对齐。
+type Config struct {
+	Host     string
+	Port     int
+	Username string
+	Password string
+	From     string
+	FromName string
+	UseTLS   bool
+}
+
+// Message 是一次发送。
+type Message struct {
+	To      string
+	Subject string
+	HTML    string
+}
+
+// Mailer 可被多个业务复用。
+type Mailer struct {
+	cfg    Config
+	ch     chan Message
+	log    *zap.Logger
+	wg     sync.WaitGroup
+	closed chan struct{}
+	once   sync.Once
+}
+
+// Disabled 表示当前 mailer 未配置。
+func (m *Mailer) Disabled() bool { return m == nil || m.cfg.Host == "" }
+
+// New 构造 Mailer 并启动后台协程。
+// host 为空时返回一个 disabled 的实例(Send 成 no-op)。
+func New(cfg Config, log *zap.Logger) *Mailer {
+	m := &Mailer{
+		cfg:    cfg,
+		ch:     make(chan Message, 100),
+		log:    log.With(zap.String("mod", "mailer")),
+		closed: make(chan struct{}),
+	}
+	if !m.Disabled() {
+		m.wg.Add(1)
+		go m.loop()
+	}
+	return m
+}
+
+func (m *Mailer) loop() {
+	defer m.wg.Done()
+	for msg := range m.ch {
+		if err := m.send(msg); err != nil {
+			m.log.Warn("smtp send failed",
+				zap.String("to", msg.To),
+				zap.String("subject", msg.Subject),
+				zap.Error(err))
+		}
+	}
+	close(m.closed)
+}
+
+// SendSync 同步发送,直接把错误抛给调用方。
+// 专供"测试发送"等需要立即反馈结果的场景;业务路径请继续用 Send。
+func (m *Mailer) SendSync(msg Message) error {
+	if m.Disabled() {
+		return errors.New("mailer disabled: SMTP not configured")
+	}
+	return m.send(msg)
+}
+
+// Send 非阻塞投递。
+// chan 满时打 warn 并丢弃(邮件不是主业务路径)。
+func (m *Mailer) Send(msg Message) {
+	if m.Disabled() {
+		return
+	}
+	select {
+	case m.ch <- msg:
+	default:
+		m.log.Warn("mail queue full, drop message",
+			zap.String("to", msg.To), zap.String("subject", msg.Subject))
+	}
+}
+
+func (m *Mailer) Close() {
+	if m.Disabled() {
+		return
+	}
+	m.once.Do(func() {
+		close(m.ch)
+	})
+	select {
+	case <-m.closed:
+	case <-time.After(5 * time.Second):
+		m.log.Warn("mailer close timeout")
+	}
+	m.wg.Wait()
+}
+
+func (m *Mailer) send(msg Message) error {
+	if msg.To == "" || msg.Subject == "" {
+		return errors.New("mailer: to/subject empty")
+	}
+	addr := net.JoinHostPort(m.cfg.Host, strconv.Itoa(m.cfg.Port))
+
+	fromHeader := m.cfg.From
+	if m.cfg.FromName != "" {
+		fromHeader = fmt.Sprintf("%s <%s>", m.cfg.FromName, m.cfg.From)
+	}
+
+	headers := map[string]string{
+		"From":         fromHeader,
+		"To":           msg.To,
+		"Subject":      encodeSubject(msg.Subject),
+		"MIME-Version": "1.0",
+		"Content-Type": `text/html; charset="UTF-8"`,
+	}
+	var buf []byte
+	for k, v := range headers {
+		buf = append(buf, []byte(k+": "+v+"\r\n")...)
+	}
+	buf = append(buf, []byte("\r\n")...)
+	buf = append(buf, []byte(msg.HTML)...)
+
+	auth := smtp.PlainAuth("", m.cfg.Username, m.cfg.Password, m.cfg.Host)
+
+	if m.cfg.UseTLS {
+		// 465:隐式 TLS —— 先 TLS 再 SMTP 握手
+		return sendTLS(addr, m.cfg.Host, auth, m.cfg.From, msg.To, buf)
+	}
+	// 587:明文起 STARTTLS
+	return smtp.SendMail(addr, auth, m.cfg.From, []string{msg.To}, buf)
+}
+
+// sendTLS 实现 SMTPS(465) 隐式 TLS。
+func sendTLS(addr, host string, auth smtp.Auth, from, to string, body []byte) error {
+	conn, err := tls.Dial("tcp", addr, &tls.Config{ServerName: host})
+	if err != nil {
+		return fmt.Errorf("tls dial: %w", err)
+	}
+	c, err := smtp.NewClient(conn, host)
+	if err != nil {
+		return fmt.Errorf("smtp client: %w", err)
+	}
+	defer c.Close()
+
+	if ok, _ := c.Extension("AUTH"); ok {
+		if err := c.Auth(auth); err != nil {
+			return fmt.Errorf("smtp auth: %w", err)
+		}
+	}
+	if err := c.Mail(from); err != nil {
+		return fmt.Errorf("smtp mail: %w", err)
+	}
+	if err := c.Rcpt(to); err != nil {
+		return fmt.Errorf("smtp rcpt: %w", err)
+	}
+	w, err := c.Data()
+	if err != nil {
+		return fmt.Errorf("smtp data: %w", err)
+	}
+	if _, err := w.Write(body); err != nil {
+		return fmt.Errorf("smtp write: %w", err)
+	}
+	if err := w.Close(); err != nil {
+		return fmt.Errorf("smtp close: %w", err)
+	}
+	return c.Quit()
+}
+
+// encodeSubject 把 UTF-8 标题按 RFC 2047 封装,避免中文乱码。
+// 对全 ASCII 的标题保持原样,对含非 ASCII 的用 Q-encoded。
+func encodeSubject(s string) string {
+	return mime.QEncoding.Encode("UTF-8", s)
+}
diff --git a/pkg/mailer/templates.go b/pkg/mailer/templates.go
new file mode 100644
index 00000000..a6d8dbed
--- /dev/null
+++ b/pkg/mailer/templates.go
@@ -0,0 +1,84 @@
+package mailer
+
+import (
+	"fmt"
+	"strings"
+	"time"
+)
+
+// 下面是预置模板。为了不引入 text/template 的运行时开销,直接用 fmt.Sprintf。
+// 如果后续要可运营化,再切到 template + DB 配置。
+
+const baseCSS = `<style>
+body{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Helvetica,Arial,sans-serif;background:#f5f7fa;margin:0;padding:24px;color:#333}
+.card{max-width:560px;margin:0 auto;background:#fff;border-radius:10px;padding:28px;box-shadow:0 2px 10px rgba(0,0,0,.05)}
+h1{font-size:20px;margin:0 0 12px;color:#222}
+.hi{color:#666;font-size:14px;margin-bottom:18px}
+.box{background:#f2f8ff;border-left:4px solid #409eff;padding:14px 16px;border-radius:4px;margin:14px 0}
+.muted{color:#999;font-size:12px;margin-top:18px}
+table{width:100%;border-collapse:collapse;margin:8px 0}
+td{padding:6px 0;font-size:14px}
+td.l{color:#666;width:120px}
+td.v{color:#222;font-weight:500}
+</style>`
+
+// RenderWelcome 注册欢迎邮件。
+func RenderWelcome(nickname, email, baseURL string) (subject, html string) {
+	subject = "欢迎加入 GPT2API"
+	if nickname == "" {
+		nickname = email
+	}
+	if baseURL == "" {
+		baseURL = "/"
+	}
+	html = fmt.Sprintf(`<!doctype html><html><head><meta charset="utf-8">%s</head><body>
+<div class="card">
+  <h1>欢迎,%s</h1>
+  <div class="hi">你的 GPT2API 账号已开通,账号 <b>%s</b>。</div>
+  <div class="box">
+    <b>新手指引</b><br/>
+    · 到 <b>个人中心 → API Key</b> 创建一把 sk- 开头的 key<br/>
+    · 把 base_url 指向 <code>%s/v1</code> 即可用 OpenAI SDK 调用<br/>
+    · 首次注册会赠送试用积分,可在 <b>账单</b> 里看到明细
+  </div>
+  <div class="muted">如果这不是你本人的操作,请直接忽略本邮件。</div>
+</div>
+</body></html>`, baseCSS, htmlEscape(nickname), htmlEscape(email), htmlEscape(baseURL))
+	return
+}
+
+// RenderPaid 充值成功邮件。
+func RenderPaid(nickname, outTradeNo string, priceCNYFen int, credits, bonus int64, paidAt time.Time) (subject, html string) {
+	subject = "充值成功通知"
+	if nickname == "" {
+		nickname = "用户"
+	}
+	price := fmt.Sprintf("¥ %.2f", float64(priceCNYFen)/100.0)
+	ts := paidAt.Format("2006-01-02 15:04:05")
+	html = fmt.Sprintf(`<!doctype html><html><head><meta charset="utf-8">%s</head><body>
+<div class="card">
+  <h1>充值成功 ✔</h1>
+  <div class="hi">Hi %s,你本次的充值已到账。</div>
+  <table>
+    <tr><td class="l">订单号</td><td class="v"><code>%s</code></td></tr>
+    <tr><td class="l">实付金额</td><td class="v">%s</td></tr>
+    <tr><td class="l">到账积分</td><td class="v">%d 厘 (基础) + %d 厘 (赠送)</td></tr>
+    <tr><td class="l">支付时间</td><td class="v">%s</td></tr>
+  </table>
+  <div class="muted">如有疑问请联系客服并提供订单号。本邮件由系统自动发送。</div>
+</div>
+</body></html>`, baseCSS, htmlEscape(nickname), htmlEscape(outTradeNo), price, credits, bonus, ts)
+	return
+}
+
+// htmlEscape 防注入。
+func htmlEscape(s string) string {
+	r := strings.NewReplacer(
+		"&", "&amp;",
+		"<", "&lt;",
+		">", "&gt;",
+		`"`, "&quot;",
+		"'", "&#39;",
+	)
+	return r.Replace(s)
+}
diff --git a/pkg/ratelimit/token_bucket.go b/pkg/ratelimit/token_bucket.go
new file mode 100644
index 00000000..0efc635a
--- /dev/null
+++ b/pkg/ratelimit/token_bucket.go
@@ -0,0 +1,73 @@
+package ratelimit
+
+import (
+	"context"
+	"strconv"
+	"time"
+
+	"github.com/redis/go-redis/v9"
+)
+
+// TokenBucket 基于 Redis 的令牌桶限流器。
+// 使用 Lua 脚本保证原子性,适合 RPM / TPM 场景。
+type TokenBucket struct {
+	client *redis.Client
+}
+
+func NewTokenBucket(c *redis.Client) *TokenBucket { return &TokenBucket{client: c} }
+
+// script 参数:
+//   KEYS[1] = bucket key
+//   ARGV[1] = capacity(桶容量)
+//   ARGV[2] = refill_rate(每秒回填令牌数)
+//   ARGV[3] = now_ms(当前毫秒)
+//   ARGV[4] = cost(本次消费)
+// 返回:{allowed(0/1), remaining(字符串)}
+var script = redis.NewScript(`
+local key = KEYS[1]
+local capacity = tonumber(ARGV[1])
+local refill = tonumber(ARGV[2])
+local now = tonumber(ARGV[3])
+local cost = tonumber(ARGV[4])
+
+local bucket = redis.call("HMGET", key, "tokens", "ts")
+local tokens = tonumber(bucket[1])
+local ts = tonumber(bucket[2])
+if tokens == nil then
+    tokens = capacity
+    ts = now
+end
+
+local delta = (now - ts) / 1000.0 * refill
+tokens = math.min(capacity, tokens + delta)
+
+local allowed = 0
+if tokens >= cost then
+    tokens = tokens - cost
+    allowed = 1
+end
+
+redis.call("HMSET", key, "tokens", tostring(tokens), "ts", now)
+redis.call("PEXPIRE", key, math.ceil(capacity / math.max(refill, 0.001) * 2000))
+
+return {allowed, tostring(tokens)}
+`)
+
+// Allow 尝试消费 cost 个令牌。返回 (是否允许, 剩余令牌)。
+func (t *TokenBucket) Allow(ctx context.Context, key string, capacity, cost int64, refillPerSec float64) (bool, float64, error) {
+	nowMs := time.Now().UnixMilli()
+	res, err := script.Run(ctx, t.client, []string{key}, capacity, refillPerSec, nowMs, cost).Slice()
+	if err != nil {
+		return false, 0, err
+	}
+	allowedI, _ := res[0].(int64)
+	allowed := allowedI == 1
+	var remaining float64
+	switch v := res[1].(type) {
+	case string:
+		remaining, _ = strconv.ParseFloat(v, 64)
+	case int64:
+		remaining = float64(v)
+	}
+	return allowed, remaining, nil
+}
diff --git a/pkg/resp/resp.go b/pkg/resp/resp.go
new file mode 100644
index 00000000..87c2ed62
--- /dev/null
+++ b/pkg/resp/resp.go
@@ -0,0 +1,70 @@
+package resp
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+// 统一响应结构。HTTP status 只用于框架级错误(401/403/404/500);
+// 业务错误一律走 code,HTTP 200。
+type Body struct {
+	Code    int         `json:"code"`
+	Message string      `json:"message"`
+	Data    interface{} `json:"data,omitempty"`
+	TraceID string      `json:"trace_id,omitempty"`
+}
+
+const (
+	CodeOK           = 0
+	CodeBadRequest   = 40000
+	CodeUnauthorized = 40100
+	CodeForbidden    = 40300
+	CodeNotFound     = 40400
+	CodeConflict     = 40900
+	CodePaymentRequired = 40200
+	CodeRateLimited  = 42900
+	CodeInternal     = 50000
+	CodeUpstream     = 50200
+)
+
+func OK(c *gin.Context, data interface{}) {
+	c.JSON(http.StatusOK, Body{Code: CodeOK, Message: "ok", Data: data, TraceID: traceID(c)})
+}
+
+func Fail(c *gin.Context, code int, msg string) {
+	httpStatus := http.StatusOK
+	switch code {
+	case CodeUnauthorized:
+		httpStatus = http.StatusUnauthorized
+	case CodeForbidden:
+		httpStatus = http.StatusForbidden
+	case CodeNotFound:
+		httpStatus = http.StatusNotFound
+	case CodeRateLimited:
+		httpStatus = http.StatusTooManyRequests
+	case CodePaymentRequired:
+		httpStatus = http.StatusPaymentRequired
+	case CodeInternal, CodeUpstream:
+		httpStatus = http.StatusInternalServerError
+	}
+	c.AbortWithStatusJSON(httpStatus, Body{Code: code, Message: msg, TraceID: traceID(c)})
+}
+
+func BadRequest(c *gin.Context, msg string) { Fail(c, CodeBadRequest, msg) }
+func Unauthorized(c *gin.Context, msg string) { Fail(c, CodeUnauthorized, msg) }
+func Forbidden(c *gin.Context, msg string) { Fail(c, CodeForbidden, msg) }
+func NotFound(c *gin.Context, msg string) { Fail(c, CodeNotFound, msg) }
+func Conflict(c *gin.Context, msg string) { Fail(c, CodeConflict, msg) }
+func Internal(c *gin.Context, msg string) { Fail(c, CodeInternal, msg) }
+func PaymentRequired(c *gin.Context, msg string) { Fail(c, CodePaymentRequired, msg) }
+func RateLimited(c *gin.Context, msg string) { Fail(c, CodeRateLimited, msg) }
+
+func traceID(c *gin.Context) string {
+	if v, ok := c.Get("request_id"); ok {
+		if s, ok := v.(string); ok {
+			return s
+		}
+	}
+	return ""
+}
diff --git a/scripts/README.md b/scripts/README.md
new file mode 100644
index 00000000..bce9b92a
--- /dev/null
+++ b/scripts/README.md
@@ -0,0 +1,82 @@
+# scripts
+
+运维/自测辅助脚本集合。
+
+> **⚠️ 注意** 本目录下所有 `--admin-email` / `--admin-pass` / `--user-email` / `--user-pass` 以及
+> 形如 `admin@smoke.test`、`Admin123456`、`User123456` 这样的字面量,都是**冒烟脚本自己创建测试账号时用的临时凭证**,
+> 它们 **不是** 部署后的默认管理员账号密码。
+>
+> GPT2API 本身不内置任何默认账号 —— **首位访问 `/register` 的用户自动成为 admin**(见根目录 README.md 的部署说明)。
+
+## smoke.mjs · e2e 冒烟
+
+对已启动的后端(本地 `go run` 或 `docker compose up -d`)做一轮端到端闭环自检。
+
+### 覆盖用例
+
+
+| #   | 用例                       | 说明                                                      |
+| --- | ------------------------ | ------------------------------------------------------- |
+| 1   | `/healthz`               | 后端可达                                                    |
+| 2   | 首位用户自动 admin             | 若 users 表为空,register 的第一个账号自动拿到 admin 角色                |
+| 3   | 普通用户注册 / 登录              |                                                         |
+| 4   | `/api/me`、`/api/me/menu` | 断言 admin/user 各自的 role、permissions、menu 非空              |
+| 5   | API Keys CRUD            | 用户视角 create / list / patch(禁用)/ delete                  |
+| 6   | 越权校验                     | user token 访问 `/api/admin/*` 应 401/403;匿名访问 admin 应 401 |
+| 7   | Admin 用户 / 分组列表          |                                                         |
+| 8   | 调账 `+delta`              | 正确密码过,错误密码被拒(403),流水可查,用户余额同步                           |
+| 9   | 审计日志                     | 含 `users.credit.adjust` 等动作                             |
+| 10  | 备份链路                     | 创建 → 列表包含 → 下载 → 删除(二次密码);宿主缺 `mysqldump` 时跳过           |
+
+
+### 用法
+
+前置条件:Node ≥ 18(原生 fetch / FormData),后端已启动。
+
+```bash
+cd scripts
+npm run smoke
+```
+
+或直接指定参数:
+
+```bash
+node scripts/smoke.mjs \
+  --base http://localhost:8080 \
+  --admin-email admin@smoke.test \
+  --admin-pass  Admin123456 \
+  --user-email  user@smoke.test \
+  --user-pass   User123456
+```
+
+- `--keep true` 保留脚本创建的 Key、备份文件(便于后续手动验证)
+- 环境变量 `GPT2API_BASE` 可覆盖 `--base`
+
+### 退出码
+
+- `0` 全部通过
+- `1` 至少一条 FAIL
+- `2` 脚本级异常(如 `/healthz` 不可达)
+
+### 复跑行为
+
+脚本是幂等的——已经存在的账号走登录路径,已经存在的 key 不影响新建。但它假设 "首位用户 = admin" 那步只在空库时成立,所以:
+
+- 对全新库:能完整跑通
+- 对已经跑过的库:要么复用相同 admin 账号(`--admin-email` 指向那个),要么清空 users 表再跑
+
+### 与 CI 配合
+
+GitHub Actions 示例骨架:
+
+```yaml
+- name: docker compose up
+  run: docker compose -f deploy/docker-compose.yml up -d --wait
+
+- name: wait backend
+  run: curl --retry 30 --retry-delay 2 --retry-connrefused http://localhost:8080/healthz
+
+- name: smoke
+  run: node scripts/smoke.mjs --base http://localhost:8080
+```
+
diff --git a/scripts/dev-down.ps1 b/scripts/dev-down.ps1
deleted file mode 100644
index 96655313..00000000
--- a/scripts/dev-down.ps1
+++ /dev/null
@@ -1,34 +0,0 @@
-<#
-.SYNOPSIS
-  Stop KleinAI local dev dependency containers (MySQL / Redis).
-
-.DESCRIPTION
-  - Default: docker compose down, keeps volumes
-  - With -Volumes: also removes data volumes (DB will re-init next up)
-
-.EXAMPLE
-  pwsh ./scripts/dev-down.ps1
-  pwsh ./scripts/dev-down.ps1 -Volumes
-#>
-
-[CmdletBinding()]
-param(
-  [switch]$Volumes
-)
-
-$ErrorActionPreference = 'Stop'
-$ROOT = Split-Path -Parent $PSScriptRoot
-
-Push-Location (Join-Path $ROOT 'deploy')
-try {
-  if ($Volumes) {
-    Write-Host 'stopping containers and removing volumes ...' -ForegroundColor Yellow
-    docker compose -f docker-compose.dev.yml down -v
-  } else {
-    Write-Host 'stopping containers (volumes preserved) ...' -ForegroundColor Yellow
-    docker compose -f docker-compose.dev.yml down
-  }
-} finally {
-  Pop-Location
-}
-Write-Host 'done.' -ForegroundColor Green
diff --git a/scripts/dev-up.ps1 b/scripts/dev-up.ps1
deleted file mode 100644
index 65c5ae1c..00000000
--- a/scripts/dev-up.ps1
+++ /dev/null
@@ -1,134 +0,0 @@
-<#
-.SYNOPSIS
-  KleinAI - bring up local dev environment.
-
-.DESCRIPTION
-  - Start docker compose dev stack: MySQL(13306) + Redis(16379)
-  - Wait for MySQL healthy
-  - Spawn 4 backend cmd windows (api / admin / openai / worker)
-  - Print frontend dev hints
-
-.EXAMPLE
-  pwsh ./scripts/dev-up.ps1
-  powershell.exe -ExecutionPolicy Bypass -File ./scripts/dev-up.ps1
-#>
-
-[CmdletBinding()]
-param(
-  [switch]$NoBackend
-)
-
-$ErrorActionPreference = 'Stop'
-$ROOT = Split-Path -Parent $PSScriptRoot
-
-Write-Host '==============================================' -ForegroundColor Cyan
-Write-Host ' KleinAI dev environment' -ForegroundColor Cyan
-Write-Host '==============================================' -ForegroundColor Cyan
-
-# ---------- 1. docker compose ----------
-Write-Host ''
-Write-Host '[1/4] starting MySQL + Redis containers ...' -ForegroundColor Yellow
-Push-Location (Join-Path $ROOT 'deploy')
-try {
-  docker compose -f docker-compose.dev.yml up -d
-  if ($LASTEXITCODE -ne 0) { throw 'docker compose up failed' }
-} finally {
-  Pop-Location
-}
-
-# ---------- 2. wait mysql ----------
-Write-Host ''
-Write-Host '[2/4] waiting for MySQL to become healthy ...' -ForegroundColor Yellow
-$ready = $false
-for ($i = 1; $i -le 60; $i++) {
-  $state = docker inspect --format '{{json .State.Health.Status}}' klein-mysql-dev 2>$null
-  if ($state -match 'healthy') {
-    Write-Host ('  -> healthy after ' + $i + 's') -ForegroundColor Green
-    $ready = $true
-    break
-  }
-  Start-Sleep -Seconds 1
-}
-if (-not $ready) {
-  Write-Warning 'MySQL did not become healthy in 60s. Run: docker logs klein-mysql-dev'
-}
-
-# ---------- 3. backend env ----------
-$envFile = Join-Path $ROOT 'backend/.env.local'
-if (-not (Test-Path $envFile)) {
-  Write-Host ''
-  Write-Host '[3/4] copying backend/.env.example -> backend/.env.local ...' -ForegroundColor Yellow
-  Copy-Item (Join-Path $ROOT 'backend/.env.example') $envFile
-  Write-Host '  -> created backend/.env.local (edit later if needed)' -ForegroundColor Green
-} else {
-  Write-Host ''
-  Write-Host '[3/4] backend/.env.local already exists, keep as is.' -ForegroundColor Yellow
-}
-
-# ---------- 4. backend cmd ----------
-if (-not $NoBackend) {
-  Write-Host ''
-  Write-Host '[4/4] launching 4 backend cmd processes (each in its own window) ...' -ForegroundColor Yellow
-
-  $shellExe = 'powershell.exe'
-  if (Get-Command pwsh -ErrorAction SilentlyContinue) { $shellExe = 'pwsh' }
-
-  $cmds = @(
-    @{ Name = 'api';    Path = './cmd/api' },
-    @{ Name = 'admin';  Path = './cmd/admin' },
-    @{ Name = 'openai'; Path = './cmd/openai' },
-    @{ Name = 'worker'; Path = './cmd/worker' }
-  )
-
-  $backendPath = (Join-Path $ROOT 'backend').Replace('\','/')
-
-  foreach ($c in $cmds) {
-    $title = 'klein-' + $c.Name
-    $bodyLines = @(
-      ('$Host.UI.RawUI.WindowTitle = "' + $title + '"'),
-      ('Set-Location "' + $backendPath + '"'),
-      'Get-Content .env.local | ForEach-Object {',
-      '  if ($_ -match "^[^#].*?=") {',
-      '    $kv = $_ -split "=", 2',
-      '    [Environment]::SetEnvironmentVariable($kv[0].Trim(), $kv[1].Trim())',
-      '  }',
-      '}',
-      ('Write-Host ">>> klein ' + $c.Name + '" -ForegroundColor Cyan'),
-      ('go run ' + $c.Path)
-    )
-    $body = $bodyLines -join "`n"
-    Start-Process $shellExe -ArgumentList @('-NoLogo','-NoExit','-ExecutionPolicy','Bypass','-Command', $body) | Out-Null
-    Start-Sleep -Milliseconds 600
-  }
-
-  Write-Host '  -> 4 backend windows spawned' -ForegroundColor Green
-} else {
-  Write-Host ''
-  Write-Host '[4/4] -NoBackend specified, skipping backend launch.' -ForegroundColor DarkGray
-}
-
-# ---------- 5. frontend hint ----------
-Write-Host ''
-Write-Host '----------------------------------------------' -ForegroundColor Cyan
-Write-Host ' Next steps - frontend dev servers' -ForegroundColor Cyan
-Write-Host '----------------------------------------------' -ForegroundColor Cyan
-Write-Host @'
-
-  user app (Vite 5173):
-    cd frontend
-    pnpm install                          # first time only
-    pnpm --filter @kleinai/user dev
-
-  admin app (Vite 5174):
-    cd frontend
-    pnpm --filter @kleinai/admin dev
-
-  Open in browser:
-    user      : http://localhost:5173
-    admin     : http://localhost:5174     (default admin / admin123)
-    openai v1 : http://localhost:17200/v1/images/generations
-
-  Stop dependency containers:
-    pwsh ./scripts/dev-down.ps1
-
-'@ -ForegroundColor White
diff --git a/scripts/package.json b/scripts/package.json
new file mode 100644
index 00000000..4293f8f9
--- /dev/null
+++ b/scripts/package.json
@@ -0,0 +1,13 @@
+{
+  "name": "gpt2api-scripts",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "smoke": "node smoke.mjs",
+    "smoke:docker": "node smoke.mjs --base http://localhost:8080"
+  }
+}
diff --git a/scripts/run-backend.ps1 b/scripts/run-backend.ps1
deleted file mode 100644
index 8161b39c..00000000
--- a/scripts/run-backend.ps1
+++ /dev/null
@@ -1,28 +0,0 @@
-<#
-.SYNOPSIS
-  Helper: load backend/.env.local then run one go cmd.
-
-.EXAMPLE
-  pwsh ./scripts/run-backend.ps1 ./cmd/api
-#>
-param(
-  [Parameter(Mandatory = $true)][string]$CmdPath
-)
-$ErrorActionPreference = 'Stop'
-$ROOT = Split-Path -Parent $PSScriptRoot
-Set-Location (Join-Path $ROOT 'backend')
-$envFile = Join-Path $ROOT 'backend/.env.local'
-if (-not (Test-Path $envFile)) { throw "missing $envFile" }
-Get-Content $envFile | ForEach-Object {
-  $line = $_.Trim()
-  if (-not $line -or $line.StartsWith('#')) { return }
-  $idx = $line.IndexOf('=')
-  if ($idx -lt 1) { return }
-  $k = $line.Substring(0, $idx).Trim()
-  $v = $line.Substring($idx + 1).Trim()
-  $hash = $v.IndexOf(' #')
-  if ($hash -gt 0) { $v = $v.Substring(0, $hash).Trim() }
-  [Environment]::SetEnvironmentVariable($k, $v)
-}
-Write-Host ">>> launching $CmdPath" -ForegroundColor Cyan
-go run $CmdPath
diff --git a/scripts/smoke.mjs b/scripts/smoke.mjs
new file mode 100644
index 00000000..35ddfea5
--- /dev/null
+++ b/scripts/smoke.mjs
@@ -0,0 +1,417 @@
+#!/usr/bin/env node
+/**
+ * GPT2API · e2e 冒烟脚本
+ *
+ * 覆盖:
+ *   1. /healthz
+ *   2. 首位用户注册 -> 自动 admin
+ *   3. 普通用户注册(user2)
+ *   4. admin + user2 登录、/api/me、/api/me/menu
+ *   5. API Keys CRUD(user2 视角)
+ *   6. 越权校验:user2 访问 /api/admin/* -> 401/403
+ *   7. Admin 用户列表 / 分组列表
+ *   8. Admin 调账(X-Admin-Confirm 二次密码)+ 流水校验
+ *   9. 审计日志包含本次关键动作
+ *  10. 备份:立即创建 -> 列表 -> 下载(存盘) -> 删除(二次密码)
+ *      mysqldump 不可用时自动跳过该组用例,不判失败
+ *
+ * 使用:
+ *   node scripts/smoke.mjs \
+ *     --base http://localhost:8080 \
+ *     --admin-email   admin@smoke.test \
+ *     --admin-pass    Admin123456 \
+ *     --user-email    user@smoke.test \
+ *     --user-pass     User123456
+ *
+ * 或直接 `npm run smoke` (在 web/package.json 也注册了)。
+ *
+ * ⚠️ 上面的 admin@smoke.test / Admin123456 / user@smoke.test / User123456
+ *    只是本脚本自己要创建的"测试账号"的默认参数,**不是** GPT2API 部署后的默认凭证。
+ *    正式部署没有任何内置账号,首位注册者自动成为 admin(见根 README.md)。
+ *
+ * 要求:
+ *   - Node >= 18(用到全局 fetch / FormData / Blob / AbortController)
+ *   - 后端 gpt2api 已启动,MySQL / Redis 连接正常
+ *   - 为了实现"首位用户 = admin",脚本期望 users 表为空;若不空,仍会尝试登录既有 admin。
+ */
+
+import { argv, env, exit } from 'node:process'
+import { writeFile } from 'node:fs/promises'
+
+// ---------- 参数 ----------
+const args = parseArgs(argv.slice(2))
+const BASE = stripSlash(args['base'] || env.GPT2API_BASE || 'http://localhost:8080')
+const ADMIN_EMAIL = args['admin-email'] || `admin+${Date.now()}@smoke.test`
+const ADMIN_PASS  = args['admin-pass']  || 'Admin123456'
+const USER_EMAIL  = args['user-email']  || `user+${Date.now()}@smoke.test`
+const USER_PASS   = args['user-pass']   || 'User123456'
+const KEEP_USER   = args['keep'] === 'true'
+
+let pass = 0
+let fail = 0
+let skipped = 0
+const results = []
+
+function parseArgs(arr) {
+  const out = {}
+  for (let i = 0; i < arr.length; i++) {
+    const a = arr[i]
+    if (a.startsWith('--')) {
+      const k = a.slice(2)
+      const v = arr[i + 1] && !arr[i + 1].startsWith('--') ? arr[++i] : 'true'
+      out[k] = v
+    }
+  }
+  return out
+}
+
+function stripSlash(u) { return u.replace(/\/+$/, '') }
+
+const CYAN = '\x1b[36m'; const RED = '\x1b[31m'; const GREEN = '\x1b[32m'
+const YELLOW = '\x1b[33m'; const DIM = '\x1b[2m'; const RESET = '\x1b[0m'
+
+function step(title) { console.log(`\n${CYAN}▶ ${title}${RESET}`) }
+function ok(msg)     { pass++; results.push(['PASS', msg]); console.log(`  ${GREEN}✓${RESET} ${msg}`) }
+function bad(msg, extra) {
+  fail++; results.push(['FAIL', msg, extra])
+  console.log(`  ${RED}✗ ${msg}${RESET}`)
+  if (extra) console.log(`    ${DIM}${extra}${RESET}`)
+}
+function skip(msg, why) {
+  skipped++; results.push(['SKIP', msg, why])
+  console.log(`  ${YELLOW}○ ${msg}${RESET}  ${DIM}(${why})${RESET}`)
+}
+
+/**
+ * 统一 HTTP 调用。返回 { status, body } 或抛。
+ *   - body 是 JSON / Buffer(根据 Content-Type)
+ *   - 不会基于业务 code 报错;由调用方自行校验。
+ */
+async function call(method, path, { token, body, headers = {}, raw = false } = {}) {
+  const url = path.startsWith('http') ? path : BASE + path
+  const h = { ...headers }
+  if (token) h['Authorization'] = `Bearer ${token}`
+  let payload
+  if (body instanceof FormData) {
+    payload = body
+  } else if (body !== undefined) {
+    h['Content-Type'] = 'application/json'
+    payload = JSON.stringify(body)
+  }
+  const res = await fetch(url, { method, headers: h, body: payload })
+  const ct = res.headers.get('content-type') || ''
+  let data
+  if (raw) {
+    data = Buffer.from(await res.arrayBuffer())
+  } else if (ct.includes('application/json')) {
+    data = await res.json()
+  } else {
+    data = await res.text()
+  }
+  return { status: res.status, body: data, headers: res.headers }
+}
+
+function isEnvelope(v) { return v && typeof v === 'object' && 'code' in v && 'data' in v }
+function unwrap(r)     { return isEnvelope(r.body) ? r.body.data : r.body }
+function err(r)        { return isEnvelope(r.body) ? r.body.message : typeof r.body === 'string' ? r.body : JSON.stringify(r.body) }
+
+// ========== 1. 健康 ==========
+async function checkHealth() {
+  step('1. 健康检查')
+  try {
+    const r = await call('GET', '/healthz')
+    if (r.status === 200) ok(`/healthz 200 OK`)
+    else bad(`/healthz 非 200 (${r.status})`, err(r))
+  } catch (e) {
+    bad('/healthz 不可达', e.message)
+    throw new Error('后端未启动,终止')
+  }
+}
+
+// ========== 2. 注册 + 登录 ==========
+async function registerOrLogin(email, password) {
+  // 后端 409 语义返回 HTTP 200 + code=40900(业务错误),只有 401/403/500 才用 HTTP 状态。
+  const reg = await call('POST', '/api/auth/register', { body: { email, password, nickname: email.split('@')[0] } })
+  const code = reg.body?.code
+  if (code === 0) return { created: true, user: reg.body.data }
+  if (code === 40900) return { created: false, user: null }
+  throw new Error(`register 失败 status=${reg.status} code=${code}: ${err(reg)}`)
+}
+
+async function login(email, password) {
+  const r = await call('POST', '/api/auth/login', { body: { email, password } })
+  if (r.status !== 200 || r.body.code !== 0) {
+    throw new Error(`login 失败 ${r.status}: ${err(r)}`)
+  }
+  return r.body.data
+}
+
+let adminToken = ''
+let adminId = 0
+let userToken = ''
+let userId = 0
+
+async function setupAccounts() {
+  step('2. 账号 bootstrap(首位=admin,其次普通用户)')
+  const a = await registerOrLogin(ADMIN_EMAIL, ADMIN_PASS)
+  if (a.created) ok(`admin 注册成功: ${ADMIN_EMAIL}`)
+  else ok(`admin 已存在, 复用: ${ADMIN_EMAIL}`)
+
+  const adminLogin = await login(ADMIN_EMAIL, ADMIN_PASS)
+  adminToken = adminLogin.token.access_token
+  adminId = adminLogin.user.id
+  if (adminLogin.user.role !== 'admin') {
+    bad(`首位用户 role != admin (得到 ${adminLogin.user.role});若是复用老数据库,可手动升级该用户再重试`)
+    throw new Error('admin bootstrap 失败')
+  }
+  ok(`admin 登录 OK, id=${adminId}, role=admin`)
+
+  const u = await registerOrLogin(USER_EMAIL, USER_PASS)
+  if (u.created) ok(`普通用户注册成功: ${USER_EMAIL}`)
+  else ok(`普通用户已存在, 复用: ${USER_EMAIL}`)
+
+  const userLogin = await login(USER_EMAIL, USER_PASS)
+  userToken = userLogin.token.access_token
+  userId = userLogin.user.id
+  if (userLogin.user.role !== 'user') {
+    bad(`普通用户 role != user (得到 ${userLogin.user.role})`)
+  } else {
+    ok(`普通用户登录 OK, id=${userId}, role=user`)
+  }
+}
+
+// ========== 3. /me /menu ==========
+async function checkMe() {
+  step('3. /api/me 与 /api/me/menu')
+  for (const [name, token] of [['admin', adminToken], ['user', userToken]]) {
+    const me = await call('GET', '/api/me', { token })
+    const d = unwrap(me)
+    if (me.status === 200 && d?.user?.email) ok(`${name} /me 返回正常 (perms=${d.permissions?.length ?? 0})`)
+    else bad(`${name} /me 失败 ${me.status}`, err(me))
+
+    const menu = await call('GET', '/api/me/menu', { token })
+    const m = unwrap(menu)
+    if (menu.status === 200 && Array.isArray(m?.menu) && m.menu.length > 0) {
+      ok(`${name} /me/menu 返回 ${m.menu.length} 个顶级菜单`)
+    } else {
+      bad(`${name} /me/menu 异常`, err(menu))
+    }
+  }
+}
+
+// ========== 4. Key CRUD ==========
+let createdKeyId = 0
+let createdKeyPlain = ''
+async function checkKeyCRUD() {
+  step('4. API Keys CRUD(普通用户视角)')
+
+  const c = await call('POST', '/api/keys', { token: userToken, body: {
+    name: 'smoke-key', quota_limit: 0, rpm: 60, tpm: 60000,
+  }})
+  const cd = unwrap(c)
+  if (c.status === 200 && cd?.key?.startsWith('sk-')) {
+    createdKeyId = cd.record.id
+    createdKeyPlain = cd.key
+    ok(`创建 Key 成功, id=${createdKeyId}, 前缀=${cd.record.key_prefix}`)
+  } else {
+    bad('创建 Key 失败', err(c))
+    return
+  }
+
+  const l = await call('GET', '/api/keys', { token: userToken })
+  const ld = unwrap(l)
+  if (l.status === 200 && Array.isArray(ld?.list) && ld.list.length >= 1) {
+    ok(`列表 Keys 返回 ${ld.list.length} 条`)
+  } else {
+    bad('列表 Keys 异常', err(l))
+  }
+
+  const u = await call('PATCH', `/api/keys/${createdKeyId}`, { token: userToken, body: { enabled: false }})
+  if (u.status === 200 && u.body.code === 0) ok('禁用 Key 成功')
+  else bad('禁用 Key 失败', err(u))
+
+  // 清理(若未 --keep=true)
+  if (!KEEP_USER) {
+    const del = await call('DELETE', `/api/keys/${createdKeyId}`, { token: userToken })
+    if (del.status === 200) ok('删除 Key 成功')
+    else bad('删除 Key 失败', err(del))
+  }
+}
+
+// ========== 5. 越权 ==========
+async function checkForbidden() {
+  step('5. 越权:普通用户访问 admin 接口')
+  const paths = [
+    ['GET',  '/api/admin/users'],
+    ['GET',  '/api/admin/groups'],
+    ['GET',  '/api/admin/audit/logs'],
+    ['GET',  '/api/admin/system/backup'],
+  ]
+  for (const [m, p] of paths) {
+    const r = await call(m, p, { token: userToken })
+    if (r.status === 401 || r.status === 403) ok(`${m} ${p} -> ${r.status} (禁止访问 ✓)`)
+    else bad(`${m} ${p} 越权未被拦截 (得到 ${r.status})`)
+  }
+  // 匿名访问
+  const anon = await call('GET', '/api/admin/users')
+  if (anon.status === 401) ok('匿名访问 /api/admin/users -> 401 ✓')
+  else bad('匿名访问 admin 接口未被拦截', `got ${anon.status}`)
+}
+
+// ========== 6. Admin 用户/分组 ==========
+async function checkAdminUsers() {
+  step('6. Admin 用户列表 / 分组')
+  const ul = await call('GET', '/api/admin/users?limit=50', { token: adminToken })
+  const ud = unwrap(ul)
+  if (ul.status === 200 && Array.isArray(ud?.items) && ud.items.length >= 2) {
+    ok(`用户列表返回 ${ud.items.length} 条(total=${ud.total})`)
+  } else {
+    bad('用户列表异常', err(ul))
+  }
+
+  const gl = await call('GET', '/api/admin/groups', { token: adminToken })
+  const gd = unwrap(gl)
+  if (gl.status === 200 && Array.isArray(gd?.items)) {
+    ok(`分组列表返回 ${gd.items.length} 条`)
+  } else {
+    bad('分组列表异常', err(gl))
+  }
+}
+
+// ========== 7. Admin 调账 + 流水 ==========
+async function checkCreditAdjust() {
+  step('7. Admin 调账(加 10000 厘)+ 校验流水')
+  const delta = 10000
+  const adj = await call('POST', `/api/admin/users/${userId}/credits/adjust`, {
+    token: adminToken,
+    headers: { 'X-Admin-Confirm': ADMIN_PASS },
+    body: { delta, remark: 'smoke test topup', ref_id: `smoke-${Date.now()}` },
+  })
+  if (adj.status === 200 && adj.body.code === 0) {
+    ok(`调账成功,+${delta}`)
+  } else {
+    bad('调账失败', err(adj))
+    return
+  }
+
+  // 错误的二次密码应当被拒
+  const wrong = await call('POST', `/api/admin/users/${userId}/credits/adjust`, {
+    token: adminToken,
+    headers: { 'X-Admin-Confirm': 'wrong-password' },
+    body: { delta: 100, remark: 'should be rejected' },
+  })
+  if (wrong.status === 401 || wrong.status === 403) ok('错误 X-Admin-Confirm -> 被拒绝 ✓')
+  else bad('错误 X-Admin-Confirm 未被拒绝', `got ${wrong.status}`)
+
+  // 流水
+  const logs = await call('GET', `/api/admin/users/${userId}/credit-logs?limit=10`, { token: adminToken })
+  const ld = unwrap(logs)
+  if (logs.status === 200 && Array.isArray(ld?.items) && ld.items.some((x) => x.type === 'admin_adjust' && x.amount === delta)) {
+    ok(`流水中找到 admin_adjust 记录 (+${delta})`)
+  } else {
+    bad('流水校验失败', err(logs))
+  }
+
+  // me 余额变化
+  const me = await call('GET', '/api/me', { token: userToken })
+  const mu = unwrap(me)
+  if (me.status === 200 && mu?.user?.credit_balance >= delta) {
+    ok(`用户余额含本次入账 (余额=${mu.user.credit_balance})`)
+  } else {
+    bad('用户余额未反映调账', JSON.stringify(mu?.user ?? {}))
+  }
+}
+
+// ========== 8. 审计 ==========
+async function checkAudit() {
+  step('8. 审计日志包含关键操作')
+  const r = await call('GET', '/api/admin/audit/logs?limit=50', { token: adminToken })
+  const d = unwrap(r)
+  if (r.status !== 200 || !Array.isArray(d?.items)) {
+    bad('审计日志接口异常', err(r)); return
+  }
+  const actions = new Set(d.items.map((x) => x.action))
+  // 后端对每个 admin 写操作都会自动派生一条 action,同时 handler 再显式 Record 一条。
+  // 我们只要能找到"调账"相关的任意一条即可。
+  const anyMatch = [...actions].some((x) => /credit.*adjust|users\.credit/.test(x))
+  if (anyMatch) ok(`审计包含调账记录 (samples: ${[...actions].slice(0, 5).join(', ')})`)
+  else bad('审计未包含调账动作', `已见:${[...actions].slice(0, 10).join(', ')}`)
+}
+
+// ========== 9. 备份 ==========
+async function checkBackup() {
+  step('9. 数据库备份(需要后端容器/宿主装有 mysqldump)')
+  const create = await call('POST', '/api/admin/system/backup', {
+    token: adminToken, body: { include_data: true },
+  })
+  if (create.status !== 200 || create.body.code !== 0) {
+    const e = err(create)
+    if (/mysqldump|exec|not found|no such file/i.test(e)) {
+      skip('创建备份', `环境缺 mysqldump 或配置不可用:${e}`)
+      return
+    }
+    bad('创建备份失败', e); return
+  }
+  const cd = unwrap(create)
+  const backupId = cd.backup_id
+  ok(`创建备份成功, id=${backupId}, size=${cd.size_bytes ?? '?'}B`)
+
+  const list = await call('GET', '/api/admin/system/backup', { token: adminToken })
+  const ld = unwrap(list)
+  if (list.status === 200 && Array.isArray(ld?.items) && ld.items.some((x) => x.backup_id === backupId)) {
+    ok('备份列表包含刚创建的 ID')
+  } else {
+    bad('备份列表异常', err(list))
+  }
+
+  // 下载
+  const dl = await call('GET', `/api/admin/system/backup/${backupId}/download`, { token: adminToken, raw: true })
+  if (dl.status === 200 && dl.body.length > 0) {
+    const outPath = `smoke-backup-${backupId}.sql.gz`
+    try { await writeFile(outPath, dl.body); ok(`下载备份成功, 写入 ${outPath} (${dl.body.length} B)`) }
+    catch (e) { bad('写入下载文件失败', e.message) }
+  } else {
+    bad('下载备份失败', `status=${dl.status}`)
+  }
+
+  // 删除(高危:带二次密码)
+  const del = await call('DELETE', `/api/admin/system/backup/${backupId}`, {
+    token: adminToken, headers: { 'X-Admin-Confirm': ADMIN_PASS },
+  })
+  if (del.status === 200 && del.body.code === 0) ok('删除备份成功')
+  else bad('删除备份失败', err(del))
+}
+
+// ========== 主流程 ==========
+async function main() {
+  console.log(`${DIM}=== GPT2API smoke ===${RESET}`)
+  console.log(`base:  ${BASE}`)
+  console.log(`admin: ${ADMIN_EMAIL}`)
+  console.log(`user:  ${USER_EMAIL}`)
+
+  await checkHealth()
+  await setupAccounts()
+  await checkMe()
+  await checkKeyCRUD()
+  await checkForbidden()
+  await checkAdminUsers()
+  await checkCreditAdjust()
+  await checkAudit()
+  await checkBackup()
+
+  console.log(`\n${DIM}========================================${RESET}`)
+  console.log(`${GREEN}PASS${RESET}: ${pass}   ${RED}FAIL${RESET}: ${fail}   ${YELLOW}SKIP${RESET}: ${skipped}`)
+  if (fail > 0) {
+    console.log(`\n${RED}失败明细:${RESET}`)
+    for (const [tag, msg, extra] of results) {
+      if (tag === 'FAIL') console.log(`  · ${msg}${extra ? ` — ${extra}` : ''}`)
+    }
+    exit(1)
+  }
+  exit(0)
+}
+
+main().catch((e) => {
+  console.error(`\n${RED}脚本异常退出:${RESET} ${e.message}`)
+  exit(2)
+})
diff --git a/sql/migrations/20260417000001_init_schema.sql b/sql/migrations/20260417000001_init_schema.sql
new file mode 100644
index 00000000..7746da7a
--- /dev/null
+++ b/sql/migrations/20260417000001_init_schema.sql
@@ -0,0 +1,395 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- 用户分组
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `user_groups` (
+    `id`                 BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `name`               VARCHAR(64)     NOT NULL,
+    `ratio`              DECIMAL(6,4)    NOT NULL DEFAULT 1.0000 COMMENT '分组倍率,1.0 默认,VIP=0.8',
+    `daily_limit_credits` BIGINT         NOT NULL DEFAULT 0      COMMENT '0 表示不限',
+    `rpm_limit`          INT             NOT NULL DEFAULT 60,
+    `tpm_limit`          BIGINT          NOT NULL DEFAULT 60000,
+    `remark`             VARCHAR(255)    NOT NULL DEFAULT '',
+    `created_at`         DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`         DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    `deleted_at`         DATETIME        NULL,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_name` (`name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户分组';
+
+INSERT INTO `user_groups` (`name`, `ratio`, `rpm_limit`, `tpm_limit`, `remark`) VALUES
+    ('default', 1.0000,  60,  60000, '默认分组'),
+    ('vip',     0.8000, 300, 300000, 'VIP 分组,倍率 0.8'),
+    ('svip',    0.6000, 600, 600000, 'SVIP 分组,倍率 0.6')
+ON DUPLICATE KEY UPDATE `name` = VALUES(`name`);
+
+-- ============================================================
+-- 用户
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `users` (
+    `id`              BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `email`           VARCHAR(128)    NOT NULL,
+    `password_hash`   VARCHAR(128)    NOT NULL,
+    `nickname`        VARCHAR(64)     NOT NULL DEFAULT '',
+    `group_id`        BIGINT UNSIGNED NOT NULL DEFAULT 1,
+    `role`            VARCHAR(16)     NOT NULL DEFAULT 'user'  COMMENT 'user | admin',
+    `status`          VARCHAR(16)     NOT NULL DEFAULT 'active' COMMENT 'active | banned',
+    `credit_balance`  BIGINT          NOT NULL DEFAULT 0        COMMENT '积分余额(单位:厘)',
+    `credit_frozen`   BIGINT          NOT NULL DEFAULT 0        COMMENT '冻结积分',
+    `version`         BIGINT UNSIGNED NOT NULL DEFAULT 0        COMMENT '乐观锁版本号',
+    `last_login_at`   DATETIME        NULL,
+    `last_login_ip`   VARCHAR(64)     NOT NULL DEFAULT '',
+    `created_at`      DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`      DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    `deleted_at`      DATETIME        NULL,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_email` (`email`),
+    KEY `idx_group` (`group_id`),
+    KEY `idx_status` (`status`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户';
+
+-- ============================================================
+-- 下游 API KEY
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `api_keys` (
+    `id`              BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `user_id`         BIGINT UNSIGNED NOT NULL,
+    `name`            VARCHAR(64)     NOT NULL DEFAULT '',
+    `key_prefix`      VARCHAR(16)     NOT NULL COMMENT '前 8 位明文,用于展示/检索',
+    `key_hash`        VARCHAR(128)    NOT NULL COMMENT '完整 KEY 的 SHA-256',
+    `quota_limit`     BIGINT          NOT NULL DEFAULT 0 COMMENT '额度上限(厘),0=不限',
+    `quota_used`      BIGINT          NOT NULL DEFAULT 0,
+    `allowed_models`  JSON            NULL COMMENT 'null=全部允许,否则白名单',
+    `allowed_ips`     JSON            NULL,
+    `rpm`             INT             NOT NULL DEFAULT 0 COMMENT '0=继承分组',
+    `tpm`             BIGINT          NOT NULL DEFAULT 0,
+    `expires_at`      DATETIME        NULL,
+    `enabled`         TINYINT(1)      NOT NULL DEFAULT 1,
+    `last_used_at`    DATETIME        NULL,
+    `last_used_ip`    VARCHAR(64)     NOT NULL DEFAULT '',
+    `created_at`      DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`      DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    `deleted_at`      DATETIME        NULL,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_key_hash` (`key_hash`),
+    KEY `idx_user` (`user_id`),
+    KEY `idx_enabled` (`enabled`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='下游 API KEY';
+
+-- ============================================================
+-- 积分流水
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `credit_transactions` (
+    `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `user_id`        BIGINT UNSIGNED NOT NULL,
+    `key_id`         BIGINT UNSIGNED NOT NULL DEFAULT 0,
+    `type`           VARCHAR(32)     NOT NULL COMMENT 'consume | recharge | refund | redeem | admin_adjust | freeze | unfreeze',
+    `amount`         BIGINT          NOT NULL COMMENT '正值增加,负值减少',
+    `balance_after`  BIGINT          NOT NULL,
+    `ref_id`         VARCHAR(64)     NOT NULL DEFAULT '' COMMENT '关联业务单号(订单号/任务ID/请求ID)',
+    `remark`         VARCHAR(255)    NOT NULL DEFAULT '',
+    `created_at`     DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    KEY `idx_user_created` (`user_id`, `created_at`),
+    KEY `idx_key` (`key_id`),
+    KEY `idx_type` (`type`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='积分流水';
+
+-- ============================================================
+-- 代理池
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `proxies` (
+    `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `scheme`         VARCHAR(16)     NOT NULL DEFAULT 'http' COMMENT 'http | https | socks5',
+    `host`           VARCHAR(128)    NOT NULL,
+    `port`           INT             NOT NULL,
+    `username`       VARCHAR(128)    NOT NULL DEFAULT '',
+    `password_enc`   VARCHAR(512)    NOT NULL DEFAULT '' COMMENT '加密存储',
+    `country`        VARCHAR(8)      NOT NULL DEFAULT '',
+    `isp`            VARCHAR(64)     NOT NULL DEFAULT '',
+    `health_score`   INT             NOT NULL DEFAULT 100 COMMENT '0-100',
+    `last_probe_at`  DATETIME        NULL,
+    `last_error`     VARCHAR(255)    NOT NULL DEFAULT '',
+    `enabled`        TINYINT(1)      NOT NULL DEFAULT 1,
+    `remark`         VARCHAR(255)    NOT NULL DEFAULT '',
+    `created_at`     DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`     DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    `deleted_at`     DATETIME        NULL,
+    PRIMARY KEY (`id`),
+    KEY `idx_enabled_health` (`enabled`, `health_score`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='代理池';
+
+-- ============================================================
+-- chatgpt.com 账号池
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `oai_accounts` (
+    `id`                  BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `email`               VARCHAR(128)    NOT NULL,
+    `auth_token_enc`      TEXT            NOT NULL COMMENT 'AES-256-GCM 加密的 AT',
+    `refresh_token_enc`   TEXT            NULL,
+    `token_expires_at`    DATETIME        NULL,
+    `oai_session_id`      VARCHAR(128)    NOT NULL DEFAULT '',
+    `oai_device_id`       VARCHAR(64)     NOT NULL DEFAULT '' COMMENT '首次写死,不要换',
+    `plan_type`           VARCHAR(32)     NOT NULL DEFAULT 'plus' COMMENT 'free | plus | pro | team | enterprise',
+    `daily_image_quota`   INT             NOT NULL DEFAULT 100,
+    `status`              VARCHAR(16)     NOT NULL DEFAULT 'healthy' COMMENT 'healthy | warned | throttled | suspicious | dead',
+    `warned_at`           DATETIME        NULL,
+    `cooldown_until`      DATETIME        NULL,
+    `last_used_at`        DATETIME        NULL,
+    `today_used_count`    INT             NOT NULL DEFAULT 0,
+    `today_used_date`     DATE            NULL,
+    `notes`               VARCHAR(500)    NOT NULL DEFAULT '',
+    `created_at`          DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`          DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    `deleted_at`          DATETIME        NULL,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_email` (`email`),
+    KEY `idx_status_last_used` (`status`, `last_used_at`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='chatgpt.com 账号池';
+
+-- ============================================================
+-- 账号 cookies
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `oai_account_cookies` (
+    `account_id`     BIGINT UNSIGNED NOT NULL,
+    `cookie_json_enc` TEXT           NOT NULL,
+    `updated_at`     DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (`account_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='账号 cookies(加密)';
+
+-- ============================================================
+-- 账号-代理绑定(一号一出口)
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `account_proxy_bindings` (
+    `account_id`    BIGINT UNSIGNED NOT NULL,
+    `proxy_id`      BIGINT UNSIGNED NOT NULL,
+    `bound_at`      DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (`account_id`),
+    KEY `idx_proxy` (`proxy_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='账号-代理绑定';
+
+-- ============================================================
+-- 账号额度快照
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `account_quota_snapshots` (
+    `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `account_id`     BIGINT UNSIGNED NOT NULL,
+    `feature_name`   VARCHAR(64)     NOT NULL,
+    `remaining`      INT             NOT NULL DEFAULT 0,
+    `reset_after`    DATETIME        NULL,
+    `snapshot_at`    DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    KEY `idx_account_feature_time` (`account_id`, `feature_name`, `snapshot_at`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='账号额度快照';
+
+-- ============================================================
+-- 模型配置
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `models` (
+    `id`                      BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `slug`                    VARCHAR(64)     NOT NULL COMMENT '下游暴露名,例 gpt-5.1',
+    `type`                    VARCHAR(16)     NOT NULL COMMENT 'chat | image',
+    `upstream_model_slug`     VARCHAR(64)     NOT NULL COMMENT '上游 chatgpt.com 实际 slug',
+    `input_price_per_1m`      BIGINT          NOT NULL DEFAULT 0 COMMENT '每百万 token 积分价(厘)',
+    `output_price_per_1m`     BIGINT          NOT NULL DEFAULT 0,
+    `cache_read_price_per_1m` BIGINT          NOT NULL DEFAULT 0,
+    `image_price_per_call`    BIGINT          NOT NULL DEFAULT 0 COMMENT '每次生图积分价(厘)',
+    `description`             VARCHAR(255)    NOT NULL DEFAULT '',
+    `enabled`                 TINYINT(1)      NOT NULL DEFAULT 1,
+    `created_at`              DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`              DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    `deleted_at`              DATETIME        NULL,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_slug` (`slug`),
+    KEY `idx_type` (`type`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='模型配置';
+
+INSERT INTO `models` (`slug`, `type`, `upstream_model_slug`, `input_price_per_1m`, `output_price_per_1m`, `image_price_per_call`, `description`) VALUES
+    ('gpt-5',            'chat',  'gpt-5',            25000,  75000, 0, 'GPT-5 主力模型'),
+    ('gpt-5-mini',       'chat',  'gpt-5-mini',        5000,  15000, 0, 'GPT-5 轻量'),
+    ('gpt-5-codex-max',  'chat',  'gpt-5-codex-max',  50000, 150000, 0, '代码专用'),
+    ('gpt-image-1',      'image', 'auto',                 0,      0, 500000, '生图(每张 50 积分=5角)')
+ON DUPLICATE KEY UPDATE `slug` = VALUES(`slug`);
+
+-- ============================================================
+-- 分组-模型倍率覆盖
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `billing_ratios` (
+    `id`        BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `model_id`  BIGINT UNSIGNED NOT NULL,
+    `group_id`  BIGINT UNSIGNED NOT NULL,
+    `ratio`     DECIMAL(6,4)    NOT NULL DEFAULT 1.0000,
+    `created_at` DATETIME       NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at` DATETIME       NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_model_group` (`model_id`, `group_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='模型分组倍率';
+
+-- ============================================================
+-- 使用日志(当月;后续按月分表)
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `usage_logs` (
+    `id`                   BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `user_id`              BIGINT UNSIGNED NOT NULL,
+    `key_id`               BIGINT UNSIGNED NOT NULL DEFAULT 0,
+    `model_id`             BIGINT UNSIGNED NOT NULL,
+    `account_id`           BIGINT UNSIGNED NOT NULL DEFAULT 0,
+    `request_id`           VARCHAR(64)     NOT NULL,
+    `type`                 VARCHAR(16)     NOT NULL COMMENT 'chat | image',
+    `input_tokens`         INT             NOT NULL DEFAULT 0,
+    `output_tokens`        INT             NOT NULL DEFAULT 0,
+    `cache_read_tokens`    INT             NOT NULL DEFAULT 0,
+    `cache_write_tokens`   INT             NOT NULL DEFAULT 0,
+    `image_count`          INT             NOT NULL DEFAULT 0,
+    `credit_cost`          BIGINT          NOT NULL DEFAULT 0,
+    `duration_ms`          INT             NOT NULL DEFAULT 0,
+    `status`               VARCHAR(16)     NOT NULL COMMENT 'success | failed',
+    `error_code`           VARCHAR(64)     NOT NULL DEFAULT '',
+    `ip`                   VARCHAR(64)     NOT NULL DEFAULT '',
+    `ua`                   VARCHAR(255)    NOT NULL DEFAULT '',
+    `created_at`           DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    KEY `idx_user_time` (`user_id`, `created_at`),
+    KEY `idx_key_time` (`key_id`, `created_at`),
+    KEY `idx_model_time` (`model_id`, `created_at`),
+    KEY `idx_account_time` (`account_id`, `created_at`),
+    KEY `idx_request_id` (`request_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='使用日志';
+
+-- ============================================================
+-- 异步生图任务
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `image_tasks` (
+    `id`              BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `task_id`         VARCHAR(64)     NOT NULL,
+    `user_id`         BIGINT UNSIGNED NOT NULL,
+    `key_id`          BIGINT UNSIGNED NOT NULL DEFAULT 0,
+    `model_id`        BIGINT UNSIGNED NOT NULL,
+    `account_id`      BIGINT UNSIGNED NOT NULL DEFAULT 0,
+    `prompt`          TEXT            NOT NULL,
+    `n`               INT             NOT NULL DEFAULT 1,
+    `size`            VARCHAR(32)     NOT NULL DEFAULT '1024x1024',
+    `status`          VARCHAR(16)     NOT NULL DEFAULT 'queued' COMMENT 'queued | dispatched | running | success | failed',
+    `conversation_id` VARCHAR(64)     NOT NULL DEFAULT '',
+    `file_ids`        JSON            NULL,
+    `result_urls`     JSON            NULL,
+    `error`           VARCHAR(500)    NOT NULL DEFAULT '',
+    `estimated_credit` BIGINT         NOT NULL DEFAULT 0,
+    `credit_cost`     BIGINT          NOT NULL DEFAULT 0,
+    `created_at`      DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `started_at`      DATETIME        NULL,
+    `finished_at`     DATETIME        NULL,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_task_id` (`task_id`),
+    KEY `idx_user_time` (`user_id`, `created_at`),
+    KEY `idx_status` (`status`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='异步生图任务';
+
+-- ============================================================
+-- 充值订单
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `recharge_orders` (
+    `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `order_no`       VARCHAR(64)     NOT NULL,
+    `user_id`        BIGINT UNSIGNED NOT NULL,
+    `amount`         BIGINT          NOT NULL COMMENT 'RMB,单位:分',
+    `credits`        BIGINT          NOT NULL COMMENT '到账积分(厘)',
+    `channel`        VARCHAR(16)     NOT NULL COMMENT 'wechat | alipay | manual',
+    `epay_trade_no`  VARCHAR(64)     NOT NULL DEFAULT '',
+    `status`         VARCHAR(16)     NOT NULL DEFAULT 'pending' COMMENT 'pending | paid | cancelled | refunded',
+    `paid_at`        DATETIME        NULL,
+    `callback_raw`   TEXT            NULL,
+    `created_at`     DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`     DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_order_no` (`order_no`),
+    KEY `idx_user_time` (`user_id`, `created_at`),
+    KEY `idx_status` (`status`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='充值订单';
+
+-- ============================================================
+-- 兑换码
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `redeem_codes` (
+    `id`              BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `code`            VARCHAR(64)     NOT NULL,
+    `batch_id`        VARCHAR(32)     NOT NULL DEFAULT '',
+    `credits`         BIGINT          NOT NULL,
+    `used_by_user_id` BIGINT UNSIGNED NOT NULL DEFAULT 0,
+    `used_at`         DATETIME        NULL,
+    `expires_at`      DATETIME        NULL,
+    `created_at`      DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_code` (`code`),
+    KEY `idx_batch` (`batch_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='兑换码';
+
+-- ============================================================
+-- 系统配置(KV 热更新)
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `system_configs` (
+    `config_key`   VARCHAR(128) NOT NULL,
+    `config_value` TEXT         NOT NULL,
+    `remark`       VARCHAR(255) NOT NULL DEFAULT '',
+    `updated_at`   DATETIME     NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (`config_key`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='系统配置';
+
+-- ============================================================
+-- 公告
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `announcements` (
+    `id`        BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `title`     VARCHAR(128)    NOT NULL,
+    `content`   TEXT            NOT NULL,
+    `level`     VARCHAR(16)     NOT NULL DEFAULT 'info' COMMENT 'info | warn | danger',
+    `enabled`   TINYINT(1)      NOT NULL DEFAULT 1,
+    `start_at`  DATETIME        NULL,
+    `end_at`    DATETIME        NULL,
+    `created_at` DATETIME       NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at` DATETIME       NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    KEY `idx_enabled_time` (`enabled`, `start_at`, `end_at`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='公告';
+
+-- ============================================================
+-- 审计日志
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `audit_logs` (
+    `id`        BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `admin_id`  BIGINT UNSIGNED NOT NULL,
+    `action`    VARCHAR(64)     NOT NULL,
+    `target`    VARCHAR(128)    NOT NULL DEFAULT '',
+    `diff`      JSON            NULL,
+    `ip`        VARCHAR(64)     NOT NULL DEFAULT '',
+    `created_at` DATETIME       NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    KEY `idx_admin_time` (`admin_id`, `created_at`),
+    KEY `idx_action` (`action`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='审计日志';
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+DROP TABLE IF EXISTS `audit_logs`;
+DROP TABLE IF EXISTS `announcements`;
+DROP TABLE IF EXISTS `system_configs`;
+DROP TABLE IF EXISTS `redeem_codes`;
+DROP TABLE IF EXISTS `recharge_orders`;
+DROP TABLE IF EXISTS `image_tasks`;
+DROP TABLE IF EXISTS `usage_logs`;
+DROP TABLE IF EXISTS `billing_ratios`;
+DROP TABLE IF EXISTS `models`;
+DROP TABLE IF EXISTS `account_quota_snapshots`;
+DROP TABLE IF EXISTS `account_proxy_bindings`;
+DROP TABLE IF EXISTS `oai_account_cookies`;
+DROP TABLE IF EXISTS `oai_accounts`;
+DROP TABLE IF EXISTS `proxies`;
+DROP TABLE IF EXISTS `credit_transactions`;
+DROP TABLE IF EXISTS `api_keys`;
+DROP TABLE IF EXISTS `users`;
+DROP TABLE IF EXISTS `user_groups`;
+-- +goose StatementEnd
diff --git a/sql/migrations/20260417000002_seed_gpt_image_2.sql b/sql/migrations/20260417000002_seed_gpt_image_2.sql
new file mode 100644
index 00000000..e7e72df1
--- /dev/null
+++ b/sql/migrations/20260417000002_seed_gpt_image_2.sql
@@ -0,0 +1,44 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- GPT-Image-2 上线(上游 chatgpt.com 灰度模型 gpt-5-3,system_hints=picture_v2)
+--
+-- 协议参考 legacy/gen_image.py:init → prepare → f/conversation → poll → download
+-- 灰度命中判据:conversation.mapping 里 IMG2 tool 消息数 ≥ 2
+-- 价格:每次成功出图 50 积分(即 0.5 元,按 1 积分 = 0.01 元 + 100 倍放大存厘)
+-- ============================================================
+
+-- 旧的 gpt-image-1 占位记录禁用,不删除(可能有历史 usage_logs 外键软引用)
+UPDATE `models`
+   SET `enabled` = 0,
+       `description` = '[deprecated] 旧占位,请用 gpt-image-2'
+ WHERE `slug` = 'gpt-image-1';
+
+-- 新增 gpt-image-2(核心图像模型)
+INSERT INTO `models`
+    (`slug`, `type`, `upstream_model_slug`, `input_price_per_1m`, `output_price_per_1m`, `image_price_per_call`, `description`)
+VALUES
+    ('gpt-image-2', 'image', 'gpt-5-3', 0, 0, 500000, 'GPT-Image-2 高清生图(picture_v2 灰度)')
+ON DUPLICATE KEY UPDATE
+    `type`                 = VALUES(`type`),
+    `upstream_model_slug`  = VALUES(`upstream_model_slug`),
+    `image_price_per_call` = VALUES(`image_price_per_call`),
+    `description`          = VALUES(`description`),
+    `enabled`              = 1;
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+
+UPDATE `models`
+   SET `enabled` = 0
+ WHERE `slug` = 'gpt-image-2';
+
+UPDATE `models`
+   SET `enabled` = 1,
+       `description` = '生图(每张 50 积分=5角)'
+ WHERE `slug` = 'gpt-image-1';
+
+-- +goose StatementEnd
diff --git a/sql/migrations/20260417000003_rbac_audit_backup.sql b/sql/migrations/20260417000003_rbac_audit_backup.sql
new file mode 100644
index 00000000..bc7ed22f
--- /dev/null
+++ b/sql/migrations/20260417000003_rbac_audit_backup.sql
@@ -0,0 +1,57 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- 审计日志表
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `admin_audit_logs` (
+    `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `actor_id`     BIGINT UNSIGNED NOT NULL DEFAULT 0 COMMENT '操作者 user_id',
+    `actor_email`  VARCHAR(128)    NOT NULL DEFAULT '',
+    `action`       VARCHAR(128)    NOT NULL COMMENT '语义化 action,如 accounts.create',
+    `method`       VARCHAR(8)      NOT NULL,
+    `path`         VARCHAR(255)    NOT NULL,
+    `status_code`  INT             NOT NULL DEFAULT 0,
+    `ip`           VARCHAR(64)     NOT NULL DEFAULT '',
+    `ua`           VARCHAR(255)    NOT NULL DEFAULT '',
+    `target`       VARCHAR(128)    NOT NULL DEFAULT '' COMMENT '业务对象 id/slug',
+    `meta`         JSON            NULL,
+    `created_at`   DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    KEY `idx_actor_time` (`actor_id`, `created_at`),
+    KEY `idx_action_time` (`action`, `created_at`),
+    KEY `idx_created_at` (`created_at`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='管理员操作审计日志';
+
+-- ============================================================
+-- 数据库备份元数据
+--   实际 .sql.gz 文件落盘在 ${BACKUP_DIR},这里只存元数据。
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `backup_files` (
+    `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `backup_id`    VARCHAR(64)     NOT NULL COMMENT '对外 ID,形如 bk_20260417_120000',
+    `file_name`    VARCHAR(255)    NOT NULL,
+    `size_bytes`   BIGINT          NOT NULL DEFAULT 0,
+    `sha256`       CHAR(64)        NOT NULL DEFAULT '',
+    `trigger`      VARCHAR(16)     NOT NULL DEFAULT 'manual' COMMENT 'manual | cron | upload',
+    `status`       VARCHAR(16)     NOT NULL DEFAULT 'running' COMMENT 'running | ready | failed',
+    `error`        VARCHAR(500)    NOT NULL DEFAULT '',
+    `include_data` TINYINT(1)      NOT NULL DEFAULT 1 COMMENT '0=仅结构',
+    `created_by`   BIGINT UNSIGNED NOT NULL DEFAULT 0 COMMENT 'actor user_id',
+    `created_at`   DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `finished_at`  DATETIME        NULL,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_backup_id` (`backup_id`),
+    KEY `idx_status_time` (`status`, `created_at`),
+    KEY `idx_trigger_time` (`trigger`, `created_at`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='数据库备份索引';
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+
+DROP TABLE IF EXISTS `backup_files`;
+DROP TABLE IF EXISTS `admin_audit_logs`;
+
+-- +goose StatementEnd
diff --git a/sql/migrations/20260417000004_recharge.sql b/sql/migrations/20260417000004_recharge.sql
new file mode 100644
index 00000000..8521bc50
--- /dev/null
+++ b/sql/migrations/20260417000004_recharge.sql
@@ -0,0 +1,70 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- 充值套餐(管理员配置,用户充值时从中选取)
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `recharge_packages` (
+    `id`          BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `name`        VARCHAR(64)     NOT NULL COMMENT '套餐名,如 "100元套餐"',
+    `price_cny`   INT             NOT NULL COMMENT '售价,单位:分(人民币)',
+    `credits`     BIGINT          NOT NULL COMMENT '到账积分(厘)',
+    `bonus`       BIGINT          NOT NULL DEFAULT 0 COMMENT '赠送积分(厘)',
+    `description` VARCHAR(255)    NOT NULL DEFAULT '',
+    `sort`        INT             NOT NULL DEFAULT 0,
+    `enabled`     TINYINT(1)      NOT NULL DEFAULT 1,
+    `created_at`  DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`  DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    KEY `idx_enabled_sort` (`enabled`, `sort`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='充值套餐';
+
+INSERT INTO `recharge_packages` (`name`, `price_cny`, `credits`, `bonus`, `description`, `sort`) VALUES
+    ('¥ 10 体验包',   1000,   10000000,         0, '1000 积分,约 500 次 GPT-5-mini 对话', 10),
+    ('¥ 50 小礼包',   5000,   50000000,   5000000, '5000 积分 + 500 额外', 20),
+    ('¥ 100 标准包', 10000,  100000000,  15000000, '10000 积分 + 1500 额外(热销)', 30),
+    ('¥ 500 专业包', 50000,  500000000, 100000000, '50000 积分 + 10000 额外', 40)
+ON DUPLICATE KEY UPDATE `name` = VALUES(`name`);
+
+-- ============================================================
+-- 充值订单
+--   流程:pending(已创建,待用户跳转支付) ->
+--        paid(支付回调成功,积分已入账) /
+--        cancelled(用户手动取消) /
+--        failed(回调校验失败等)
+--   超时逻辑:30 分钟未支付自动标记为 expired(由后台 cleanup 任务扫)。
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `recharge_orders` (
+    `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `out_trade_no` CHAR(32)        NOT NULL COMMENT '本地订单号(UUID 去横线)',
+    `user_id`      BIGINT UNSIGNED NOT NULL,
+    `package_id`   BIGINT UNSIGNED NOT NULL DEFAULT 0,
+    `price_cny`    INT             NOT NULL COMMENT '实付金额(分)',
+    `credits`      BIGINT          NOT NULL COMMENT '基础到账积分(厘)',
+    `bonus`        BIGINT          NOT NULL DEFAULT 0,
+    `channel`      VARCHAR(16)     NOT NULL DEFAULT 'epay' COMMENT 'epay | manual | other',
+    `pay_method`   VARCHAR(16)     NOT NULL DEFAULT '' COMMENT 'alipay | wxpay | 等,下发回调填入',
+    `status`       VARCHAR(16)     NOT NULL DEFAULT 'pending' COMMENT 'pending | paid | expired | cancelled | failed',
+    `trade_no`     VARCHAR(64)     NOT NULL DEFAULT '' COMMENT '上游交易号,回调填入',
+    `paid_at`      DATETIME        NULL,
+    `pay_url`      VARCHAR(512)    NOT NULL DEFAULT '',
+    `client_ip`    VARCHAR(64)     NOT NULL DEFAULT '',
+    `notify_raw`   TEXT            NULL COMMENT '最近一次回调原文,方便排查',
+    `remark`       VARCHAR(255)    NOT NULL DEFAULT '',
+    `created_at`   DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`   DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_out_trade_no` (`out_trade_no`),
+    KEY `idx_user_time` (`user_id`, `created_at`),
+    KEY `idx_status_time` (`status`, `created_at`),
+    KEY `idx_trade_no` (`trade_no`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='充值订单';
+
+-- +goose StatementEnd
+
+
+-- +goose Down
+-- +goose StatementBegin
+DROP TABLE IF EXISTS `recharge_orders`;
+DROP TABLE IF EXISTS `recharge_packages`;
+-- +goose StatementEnd
diff --git a/sql/migrations/20260417000005_system_settings.sql b/sql/migrations/20260417000005_system_settings.sql
new file mode 100644
index 00000000..bf96a211
--- /dev/null
+++ b/sql/migrations/20260417000005_system_settings.sql
@@ -0,0 +1,41 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- 系统设置(KV 存储)
+--   由 internal/settings 维护,启动时加载到内存缓存,Set 时写 DB + 更新缓存。
+--   命名约定:snake_case + 分类前缀(site. / auth. / mail. / limit.)。
+--   所有值统一存为字符串;解析由 Go 侧按 schema 负责(bool / int / duration 等)。
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `system_settings` (
+    `k`           VARCHAR(64)  NOT NULL COMMENT '配置项 key,例 site.name',
+    `v`           TEXT         NULL     COMMENT '配置项值(字符串序列化)',
+    `description` VARCHAR(255) NOT NULL DEFAULT '',
+    `updated_at`  DATETIME     NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (`k`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='系统设置 KV';
+
+-- 默认值种子(已存在则保留原值不覆盖)
+INSERT INTO `system_settings` (`k`, `v`, `description`) VALUES
+    ('site.name',           'GPT2API',                '站点名称,展示在登录页/顶栏'),
+    ('site.description',    '企业级 OpenAI 兼容网关',  '登录页副标题'),
+    ('site.logo_url',       '',                        '站点 Logo URL,空则显示默认图标'),
+    ('site.footer',         '',                        '页脚版权/备案文本(支持纯文本)'),
+    ('site.contact_email',  '',                        '站点对外联系邮箱'),
+
+    ('auth.allow_register',        'true',  '是否开放用户自助注册'),
+    ('auth.default_group_id',      '1',     '新用户默认分组 ID(user_groups.id)'),
+    ('auth.signup_bonus_credits',  '0',     '新用户注册赠送积分(单位:厘;10000=1 积分)'),
+
+    ('limit.default_rpm',          '60',    '用户默认 RPM(未在 group/key 覆盖时生效)'),
+    ('limit.default_tpm',          '60000', '用户默认 TPM'),
+
+    ('mail.enabled_display',       'auto',  '邮件开关展示(auto/true/false),实际是否可用由 SMTP 配置决定')
+ON DUPLICATE KEY UPDATE `k` = VALUES(`k`);
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+DROP TABLE IF EXISTS `system_settings`;
+-- +goose StatementEnd
diff --git a/sql/migrations/20260418000001_settings_expand.sql b/sql/migrations/20260418000001_settings_expand.sql
new file mode 100644
index 00000000..7e58002a
--- /dev/null
+++ b/sql/migrations/20260418000001_settings_expand.sql
@@ -0,0 +1,54 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- 扩充 system_settings 的 key 种子:
+--   general(通用)、security(安全与认证)、defaults(用户默认值)、
+--   gateway(网关与调度)、billing(计费与充值)、mail(邮件)
+-- 采用"已存在则保留"语义,不覆盖用户已修改的值。
+-- ============================================================
+
+INSERT INTO `system_settings` (`k`, `v`, `description`) VALUES
+    -- ---------- 通用 ----------
+    ('site.docs_url',         '',       '对外文档链接;留空则前端隐藏"文档"入口'),
+    ('site.api_base_url',     '',       '展示给用户的 /v1 入口地址(支持反代;留空=当前站点地址)'),
+    ('ui.default_page_size',  '20',     '管理端表格默认分页大小(5~100)'),
+
+    -- ---------- 安全与认证 ----------
+    ('auth.require_email_verify',   'false', '新用户注册时是否必须验证邮箱(预留开关,实装后生效)'),
+    ('auth.email_domain_whitelist', '',      '允许注册的邮箱域名,逗号分隔(如 qq.com,gmail.com),留空=不限'),
+    ('auth.password_min_length',    '6',     '密码最小长度(6~64)'),
+    ('auth.invite_code_required',   'false', '是否必须使用邀请码注册(预留)'),
+    ('auth.2fa_enabled',            'false', '是否启用二次验证(预留)'),
+    ('auth.jwt_access_ttl_sec',     '7200',  'Access Token TTL(秒);修改后新发 token 生效'),
+    ('auth.jwt_refresh_ttl_sec',    '604800','Refresh Token TTL(秒);修改后新发 token 生效'),
+
+    -- ---------- 用户默认值(KEY 侧) ----------
+    ('key.default_daily_quota_credits', '0',  '新建 API Key 时默认每日配额(积分·厘);0=不限'),
+    ('key.max_per_user',                '20', '单用户最多可创建的 API Key 数(0=不限)'),
+
+    -- ---------- 网关与调度 ----------
+    ('gateway.upstream_timeout_sec', '60',   '上游非流式请求超时(秒)'),
+    ('gateway.sse_read_timeout_sec', '120',  '上游 SSE 流式读超时(秒)'),
+    ('gateway.cooldown_429_sec',     '300',  '账号 429 冷却(秒)'),
+    ('gateway.warned_pause_hours',   '24',   '风险警告账号暂停小时数'),
+    ('gateway.daily_usage_ratio',    '0.8',  '账号日用比例(0.0~1.0);超过后降低优先级'),
+    ('gateway.retry_on_failure',     'true', '失败时是否自动切换账号重试一次'),
+    ('gateway.retry_max',            '1',    '单次请求的最大重试次数(0~3)'),
+
+    -- ---------- 计费与充值 ----------
+    ('billing.credit_per_cny',       '10000','人民币/积分换算展示;默认 1 元 = 10000 积分·厘'),
+    ('billing.notify_admin_on_adjust','false','管理员调账时邮件通知超管(预留)'),
+    ('recharge.enabled',             'true', '充值入口总开关;关闭后前端隐藏充值菜单,下单接口返回 403'),
+    ('recharge.min_cny',             '100',  '单笔最低金额(分);如 100 = 1 元'),
+    ('recharge.max_cny',             '0',    '单笔最高金额(分);0=不限'),
+    ('recharge.daily_limit_cny',     '0',    '单用户每日累计上限(分);0=不限'),
+    ('recharge.order_expire_minutes','30',   '订单有效期(分钟);到期自动置为 canceled')
+ON DUPLICATE KEY UPDATE `k` = VALUES(`k`);
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+-- 不删除数据:这些条目即便删除对业务也无害,但保留可追溯。
+-- +goose StatementEnd
diff --git a/sql/migrations/20260418000002_models_catalog_expand.sql b/sql/migrations/20260418000002_models_catalog_expand.sql
new file mode 100644
index 00000000..535c5067
--- /dev/null
+++ b/sql/migrations/20260418000002_models_catalog_expand.sql
@@ -0,0 +1,75 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- 2026-04-18 扩展模型目录
+--
+-- 背景:账号池当前可用的上游模型(来自 /backend-api/models)远多于初始种子,
+--       把它们全部登记进 `models` 表,便于 billing / 路由 / UI 下拉统一使用。
+--
+-- 价格策略(积分-厘,1 积分 = 0.0001 元;下表均为每 1M token 价):
+--
+--   level          | input  | output | 备注
+--   ---------------+--------+--------+------------------------------------
+--   旗舰 5.x       |  25000 |  75000 | gpt-5 / gpt-5-x(非 mini / 非 thinking)
+--   Thinking       |  40000 | 120000 | 深度推理,计费更高
+--   o3             |  15000 |  60000 | reasoning 中档
+--   Mini / Instant |   5000 |  15000 | 轻量 / 快速
+--   研究 & Agent   |  30000 |  90000 | Deep Research / Agent
+--
+-- 所有价格都可以在「模型配置」页面实时调整,这里只是合理默认值。
+-- 已存在的同名 slug 会被 ON DUPLICATE KEY UPDATE 覆盖 upstream / description,
+-- 但保留原有价格和 enabled 状态,避免覆盖你之前的人工调整。
+-- ============================================================
+
+INSERT INTO `models`
+  (`slug`, `type`, `upstream_model_slug`,
+   `input_price_per_1m`, `output_price_per_1m`,
+   `cache_read_price_per_1m`, `image_price_per_call`,
+   `description`, `enabled`)
+VALUES
+  -- 旗舰 5.x
+  ('gpt-5-1',          'chat', 'gpt-5-1',          25000,  75000,  5000, 0, 'GPT-5.1',          1),
+  ('gpt-5-2',          'chat', 'gpt-5-2',          25000,  75000,  5000, 0, 'GPT-5.2',          1),
+  ('gpt-5-2-instant',  'chat', 'gpt-5-2-instant',  25000,  75000,  5000, 0, 'GPT-5.2 Instant',  1),
+  ('gpt-5-3',          'chat', 'gpt-5-3',          25000,  75000,  5000, 0, 'GPT-5.3',          1),
+  ('gpt-5-3-instant',  'chat', 'gpt-5-3-instant',  25000,  75000,  5000, 0, 'GPT-5.3 Instant',  1),
+
+  -- Thinking(深度推理档)
+  ('gpt-5-2-thinking', 'chat', 'gpt-5-2-thinking', 40000, 120000,  8000, 0, 'GPT-5.2 Thinking', 1),
+  ('gpt-5-4-thinking', 'chat', 'gpt-5-4-thinking', 40000, 120000,  8000, 0, 'GPT-5.4 Thinking', 1),
+
+  -- Mini / Instant
+  ('gpt-5-3-mini',     'chat', 'gpt-5-3-mini',      5000,  15000,  1000, 0, 'GPT-5.3 Mini',     1),
+  ('gpt-5-t-mini',     'chat', 'gpt-5-t-mini',      5000,  15000,  1000, 0, 'GPT-5 Thinking Mini',   1),
+  ('gpt-5-4-t-mini',   'chat', 'gpt-5-4-t-mini',    5000,  15000,  1000, 0, 'GPT-5.4 Thinking Mini', 1),
+
+  -- reasoning 中档
+  ('o3',               'chat', 'o3',               15000,  60000,  3000, 0, 'o3',               1),
+
+  -- 研究 / Agent
+  ('research',         'chat', 'research',         30000,  90000,  6000, 0, 'Deep Research',    1),
+  ('agent-mode',       'chat', 'agent-mode',       30000,  90000,  6000, 0, 'Agent',            1)
+ON DUPLICATE KEY UPDATE
+  `type`                = VALUES(`type`),
+  `upstream_model_slug` = VALUES(`upstream_model_slug`),
+  `description`         = VALUES(`description`)
+  -- 价格 / enabled 故意不覆盖,尊重人工配置
+  ;
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+
+-- Down 只下架本次新增的模型(不动 gpt-5 / gpt-5-mini / gpt-image-* 等老种子)
+UPDATE `models`
+   SET `enabled` = 0
+ WHERE `slug` IN (
+   'gpt-5-1','gpt-5-2','gpt-5-2-instant','gpt-5-3','gpt-5-3-instant',
+   'gpt-5-2-thinking','gpt-5-4-thinking',
+   'gpt-5-3-mini','gpt-5-t-mini','gpt-5-4-t-mini',
+   'o3','research','agent-mode'
+ );
+
+-- +goose StatementEnd
diff --git a/sql/migrations/20260418000003_proxy_probe_settings.sql b/sql/migrations/20260418000003_proxy_probe_settings.sql
new file mode 100644
index 00000000..ef53288b
--- /dev/null
+++ b/sql/migrations/20260418000003_proxy_probe_settings.sql
@@ -0,0 +1,22 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- 代理池健康探测相关的 system_settings key 种子。
+-- 已存在的 key 保留原值,不覆盖管理员已调整的设置。
+-- ============================================================
+
+INSERT INTO `system_settings` (`k`, `v`, `description`) VALUES
+    ('proxy.probe_enabled',      'true',                                     '代理池健康探测总开关;关闭后不再定时探测,health_score 停止刷新'),
+    ('proxy.probe_interval_sec', '300',                                      '两轮定时探测之间的间隔(秒),建议 ≥ 60'),
+    ('proxy.probe_timeout_sec',  '10',                                       '单条代理一次探测的超时时间(秒)'),
+    ('proxy.probe_target_url',   '',                                         '探测目标 URL;留空(推荐)走内置候选链(ipify/cloudflare/httpbin),任一 2xx/3xx 即判成功;填单一 URL 则只用该地址'),
+    ('proxy.probe_concurrency',  '8',                                        '同时进行探测的并发数(1~64)')
+ON DUPLICATE KEY UPDATE `k` = VALUES(`k`);
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+-- 不删除数据:保留历史配置便于回滚。
+-- +goose StatementEnd
diff --git a/sql/migrations/20260418000004_fix_recharge_orders.sql b/sql/migrations/20260418000004_fix_recharge_orders.sql
new file mode 100644
index 00000000..71d90e00
--- /dev/null
+++ b/sql/migrations/20260418000004_fix_recharge_orders.sql
@@ -0,0 +1,71 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- 修复 recharge_orders 表结构:
+--   init_schema (20260417000001) 里用的是旧列名(order_no/amount/epay_trade_no/callback_raw),
+--   后续 migration 20260417000004 用 CREATE TABLE IF NOT EXISTS,表已存在导致新结构未生效。
+--   结果就是 Go DAO 里 SELECT * 时报 `missing destination name order_no in *[]recharge.Order`。
+--
+-- 本迁移策略(幂等):
+--   1. 若当前 recharge_orders 不含新列 `out_trade_no`,视为"还是旧结构",
+--      把它 RENAME 成 recharge_orders_legacy_bak 保留数据(若备份表已存在则先删旧备份)。
+--   2. 然后 CREATE TABLE IF NOT EXISTS 建出新结构。
+--   3. 如果已经是新结构,上面两步都会是 no-op。
+-- ============================================================
+
+SET @has_new_col := (
+    SELECT COUNT(*)
+      FROM information_schema.COLUMNS
+     WHERE TABLE_SCHEMA = DATABASE()
+       AND TABLE_NAME   = 'recharge_orders'
+       AND COLUMN_NAME  = 'out_trade_no'
+);
+
+-- 旧结构:清理旧备份
+SET @sql1 := IF(@has_new_col = 0,
+    'DROP TABLE IF EXISTS `recharge_orders_legacy_bak`',
+    'DO 0');
+PREPARE s1 FROM @sql1; EXECUTE s1; DEALLOCATE PREPARE s1;
+
+-- 旧结构:重命名老表作为备份
+SET @sql2 := IF(@has_new_col = 0,
+    'RENAME TABLE `recharge_orders` TO `recharge_orders_legacy_bak`',
+    'DO 0');
+PREPARE s2 FROM @sql2; EXECUTE s2; DEALLOCATE PREPARE s2;
+
+-- 无论如何:确保新结构存在
+CREATE TABLE IF NOT EXISTS `recharge_orders` (
+    `id`           BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+    `out_trade_no` CHAR(32)        NOT NULL COMMENT '本地订单号(UUID 去横线)',
+    `user_id`      BIGINT UNSIGNED NOT NULL,
+    `package_id`   BIGINT UNSIGNED NOT NULL DEFAULT 0,
+    `price_cny`    INT             NOT NULL COMMENT '实付金额(分)',
+    `credits`      BIGINT          NOT NULL COMMENT '基础到账积分(厘)',
+    `bonus`        BIGINT          NOT NULL DEFAULT 0,
+    `channel`      VARCHAR(16)     NOT NULL DEFAULT 'epay',
+    `pay_method`   VARCHAR(16)     NOT NULL DEFAULT '',
+    `status`       VARCHAR(16)     NOT NULL DEFAULT 'pending',
+    `trade_no`     VARCHAR(64)     NOT NULL DEFAULT '',
+    `paid_at`      DATETIME        NULL,
+    `pay_url`      VARCHAR(512)    NOT NULL DEFAULT '',
+    `client_ip`    VARCHAR(64)     NOT NULL DEFAULT '',
+    `notify_raw`   TEXT            NULL,
+    `remark`       VARCHAR(255)    NOT NULL DEFAULT '',
+    `created_at`   DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `updated_at`   DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `uk_out_trade_no` (`out_trade_no`),
+    KEY `idx_user_time`   (`user_id`, `created_at`),
+    KEY `idx_status_time` (`status`, `created_at`),
+    KEY `idx_trade_no`    (`trade_no`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='充值订单';
+
+-- +goose StatementEnd
+
+
+-- +goose Down
+-- +goose StatementBegin
+-- 回滚不尝试恢复旧结构,只是删新表。旧数据仍在 recharge_orders_legacy_bak。
+DROP TABLE IF EXISTS `recharge_orders`;
+-- +goose StatementEnd
diff --git a/sql/migrations/20260418000005_accounts_expand.sql b/sql/migrations/20260418000005_accounts_expand.sql
new file mode 100644
index 00000000..43482e75
--- /dev/null
+++ b/sql/migrations/20260418000005_accounts_expand.sql
@@ -0,0 +1,72 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- oai_accounts 扩展:
+--   - session_token_enc:  ST(__Secure-next-auth.session-token)加密存储,可选
+--   - client_id:          OAuth client_id,RT → AT 刷新时必填
+--   - chatgpt_account_id: 账号在 chatgpt.com 的 uuid
+--   - account_type:       codex / chatgpt / plus / team / free
+--   - last_refresh_at:    最近一次 AT 刷新时间
+--   - last_refresh_source: rt / st / manual
+--   - refresh_error:      最近一次失败原因(中文友好)
+--   - image_quota_remaining / image_quota_total: 剩余 / 总量(-1 未知)
+--   - image_quota_reset_at / image_quota_updated_at: 重置 / 探测时间
+
+ALTER TABLE `oai_accounts`
+    ADD COLUMN `session_token_enc`      TEXT         NULL                                    AFTER `refresh_token_enc`,
+    ADD COLUMN `client_id`               VARCHAR(64)  NOT NULL DEFAULT 'app_EMoamEEZ73f0CkXaXp7hrann' AFTER `oai_device_id`,
+    ADD COLUMN `chatgpt_account_id`      VARCHAR(64)  NOT NULL DEFAULT ''                     AFTER `client_id`,
+    ADD COLUMN `account_type`            VARCHAR(32)  NOT NULL DEFAULT 'codex'                AFTER `chatgpt_account_id`,
+    ADD COLUMN `last_refresh_at`         DATETIME     NULL                                    AFTER `today_used_date`,
+    ADD COLUMN `last_refresh_source`     VARCHAR(8)   NOT NULL DEFAULT ''                     AFTER `last_refresh_at`,
+    ADD COLUMN `refresh_error`           VARCHAR(500) NOT NULL DEFAULT ''                     AFTER `last_refresh_source`,
+    ADD COLUMN `image_quota_remaining`   INT          NOT NULL DEFAULT -1                     AFTER `refresh_error`,
+    ADD COLUMN `image_quota_total`       INT          NOT NULL DEFAULT -1                     AFTER `image_quota_remaining`,
+    ADD COLUMN `image_quota_reset_at`    DATETIME     NULL                                    AFTER `image_quota_total`,
+    ADD COLUMN `image_quota_updated_at`  DATETIME     NULL                                    AFTER `image_quota_reset_at`;
+
+-- 补索引:按过期时间扫待刷新账号
+CREATE INDEX `idx_token_expires`     ON `oai_accounts` (`token_expires_at`);
+CREATE INDEX `idx_quota_updated_at`  ON `oai_accounts` (`image_quota_updated_at`);
+
+-- 新增 settings 默认值(账号刷新 / 额度探测)
+INSERT INTO `system_settings` (`k`, `v`, `description`) VALUES
+    ('account.refresh_enabled',          'true',                                 '账号 AccessToken 自动刷新总开关'),
+    ('account.refresh_interval_sec',     '120',                                  '后台扫描间隔(秒),判断哪些账号需要刷新'),
+    ('account.refresh_ahead_sec',        '900',                                  '距离过期多少秒内触发预刷新(建议 ≥ 300)'),
+    ('account.refresh_concurrency',      '4',                                    '同时刷新的账号数(1~32)'),
+    ('account.quota_probe_enabled',      'true',                                 '账号图片额度自动探测总开关'),
+    ('account.quota_probe_interval_sec', '18000',                                '额度探测最小间隔(秒);默认 18000=5h,剩余额度=0 且已过重置时间会忽略此间隔立即补探'),
+    ('account.default_client_id',        'app_EMoamEEZ73f0CkXaXp7hrann',         '导入账号时未指定 client_id 则使用此值')
+ON DUPLICATE KEY UPDATE `k` = VALUES(`k`);
+
+-- +goose StatementEnd
+
+
+-- +goose Down
+-- +goose StatementBegin
+ALTER TABLE `oai_accounts`
+    DROP INDEX `idx_quota_updated_at`,
+    DROP INDEX `idx_token_expires`,
+    DROP COLUMN `image_quota_updated_at`,
+    DROP COLUMN `image_quota_reset_at`,
+    DROP COLUMN `image_quota_total`,
+    DROP COLUMN `image_quota_remaining`,
+    DROP COLUMN `refresh_error`,
+    DROP COLUMN `last_refresh_source`,
+    DROP COLUMN `last_refresh_at`,
+    DROP COLUMN `account_type`,
+    DROP COLUMN `chatgpt_account_id`,
+    DROP COLUMN `client_id`,
+    DROP COLUMN `session_token_enc`;
+
+DELETE FROM `system_settings` WHERE `k` IN (
+    'account.refresh_enabled',
+    'account.refresh_interval_sec',
+    'account.refresh_ahead_sec',
+    'account.refresh_concurrency',
+    'account.quota_probe_enabled',
+    'account.quota_probe_interval_sec',
+    'account.default_client_id'
+);
+-- +goose StatementEnd
diff --git a/sql/migrations/20260423000001_proxy_probe_target_relax.sql b/sql/migrations/20260423000001_proxy_probe_target_relax.sql
new file mode 100644
index 00000000..1f9ea0bb
--- /dev/null
+++ b/sql/migrations/20260423000001_proxy_probe_target_relax.sql
@@ -0,0 +1,25 @@
+-- +goose Up
+-- +goose StatementBegin
+
+-- ============================================================
+-- 放宽代理探测目标:把仍停留在旧默认 gstatic 的记录清空,
+-- 让 Prober 走内置候选链(api.ipify.org / cloudflare / httpbin),
+-- 任意一个 2xx/3xx 即判代理可用,避免单一目标站被墙/限流时误判整条代理挂掉。
+--
+-- 仅在**用户从未改过**此配置(仍等于历史默认 gstatic)时清空;
+-- 管理员已自定义的目标(比如内网探测地址)不会被覆盖。
+-- 同步把描述文本更新为新的候选链说明。
+-- ============================================================
+
+UPDATE `system_settings`
+SET    `v` = '',
+       `description` = '探测目标 URL;留空(推荐)走内置候选链(ipify/cloudflare/httpbin),任一 2xx/3xx 即判成功;填单一 URL 则只用该地址'
+WHERE  `k` = 'proxy.probe_target_url'
+  AND  `v` = 'https://www.gstatic.com/generate_204';
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+-- 不做回滚:清空值是向后兼容的(prober 空值时自动走候选链),无需恢复旧默认。
+-- +goose StatementEnd
diff --git a/sql/migrations/20260423000002_quota_probe_5h.sql b/sql/migrations/20260423000002_quota_probe_5h.sql
new file mode 100644
index 00000000..bedee2c7
--- /dev/null
+++ b/sql/migrations/20260423000002_quota_probe_5h.sql
@@ -0,0 +1,27 @@
+-- +goose Up
+-- +goose StatementBegin
+--
+-- 账号图片额度探测间隔由 900s(15 分钟)调整为 18000s(5 小时):
+--   - chatgpt.com 的 rate_limits 接口本身按天/小时桶计算,15 分钟探测太频繁,
+--     对风控不友好,也没必要。改成 5h 常规轮询已经够用。
+--   - 关键补足:DAO 的 ListNeedProbeQuota 加了一个分支 —— 当账号剩余额度=0
+--     且已过 image_quota_reset_at,会忽略 5h 最小间隔立即补测,能第一时间
+--     反映账号"归零等重置 → 重置后满额"的恢复状态。
+--
+-- 只更新用户仍在使用默认值的场景(v='900'),手工改过的值保持不动。
+UPDATE `system_settings`
+SET    `v`           = '18000',
+       `description` = '额度探测最小间隔(秒);默认 18000=5h,剩余额度=0 且已过重置时间会忽略此间隔立即补探'
+WHERE  `k` = 'account.quota_probe_interval_sec'
+  AND  `v` = '900';
+-- +goose StatementEnd
+
+
+-- +goose Down
+-- +goose StatementBegin
+UPDATE `system_settings`
+SET    `v`           = '900',
+       `description` = '额度探测最小间隔(秒)'
+WHERE  `k` = 'account.quota_probe_interval_sec'
+  AND  `v` = '18000';
+-- +goose StatementEnd
diff --git a/sql/migrations/20260423000003_image_tasks_upscale.sql b/sql/migrations/20260423000003_image_tasks_upscale.sql
new file mode 100644
index 00000000..c2f5eea1
--- /dev/null
+++ b/sql/migrations/20260423000003_image_tasks_upscale.sql
@@ -0,0 +1,27 @@
+-- +goose Up
+-- +goose StatementBegin
+--
+-- 面板新增「4K 出图」能力。
+--
+-- 上游 chatgpt.com 生图原生只有 1024×1024 / 1792×1024 / 1024×1792 三档,
+-- 这里的 upscale 字段记录"拿到原图后希望由本服务做多大倍的本地放大"。
+-- 算法是 golang.org/x/image/draw.CatmullRom(biquintic 插值),属于传统算法,
+-- 不是 AI 超分:只会让画面更平滑、更大,不会补出新的细节或纹理。
+--
+-- 值:
+--   ''   原图直出(默认)
+--   '2k' 长边 2560 PNG
+--   '4k' 长边 3840 PNG
+--
+-- 放大执行时机:/v1/images/proxy/:task_id/:idx 首次被请求时,对单张图做
+-- decode + 放大 + PNG 重编码,并放进进程内 LRU 缓存(默认 512MB),之后
+-- 同一条代理 URL 的请求毫秒级命中,不会重复计算。
+ALTER TABLE `image_tasks`
+    ADD COLUMN `upscale` VARCHAR(8) NOT NULL DEFAULT '' AFTER `size`;
+-- +goose StatementEnd
+
+
+-- +goose Down
+-- +goose StatementBegin
+ALTER TABLE `image_tasks` DROP COLUMN `upscale`;
+-- +goose StatementEnd
diff --git a/sql/migrations/20260423000004_accounts_uk_email_soft_delete_aware.sql b/sql/migrations/20260423000004_accounts_uk_email_soft_delete_aware.sql
new file mode 100644
index 00000000..b9ea7bc5
--- /dev/null
+++ b/sql/migrations/20260423000004_accounts_uk_email_soft_delete_aware.sql
@@ -0,0 +1,50 @@
+-- +goose Up
+-- +goose StatementBegin
+--
+-- 修复:批量软删账号后再导入同 email 报 "Duplicate entry ... for key uk_email"。
+--
+-- 根因:原表 UNIQUE KEY uk_email (email) 对 email 列做了纯唯一约束,
+--       但业务上 DELETE 走软删(仅置 deleted_at),不物理删行,
+--       导致被删行仍占着这个 email 的唯一槽位,再导入同 email 立刻 1062。
+--
+-- MySQL 没有 Postgres 那种 partial unique index(WHERE deleted_at IS NULL),
+-- 标准绕法是:
+--   1) 加一个 STORED 生成列 active_email,值 = 活着时的 email / 软删后 NULL;
+--   2) 把唯一约束换到这个生成列上。
+-- MySQL 的唯一索引允许多个 NULL 共存,所以:
+--   * 活行:active_email = email → 唯一性生效(同一 email 不能同时存在两个活行)
+--   * 软删行:active_email = NULL → 互相不冲突,也不跟活行冲突
+--   * 再次导入同 email:允许成功(旧行的 email 已被"软删 → NULL"释放掉槽位)
+-- 业务代码无需改动。
+ALTER TABLE `oai_accounts`
+    DROP INDEX `uk_email`;
+-- +goose StatementEnd
+
+-- +goose StatementBegin
+ALTER TABLE `oai_accounts`
+    ADD COLUMN `active_email` VARCHAR(128)
+        GENERATED ALWAYS AS (CASE WHEN `deleted_at` IS NULL THEN `email` ELSE NULL END) STORED
+        COMMENT '活行=email / 软删行=NULL;供 uk_active_email 做"软删感知"的唯一约束';
+-- +goose StatementEnd
+
+-- +goose StatementBegin
+ALTER TABLE `oai_accounts`
+    ADD UNIQUE KEY `uk_active_email` (`active_email`);
+-- +goose StatementEnd
+
+
+-- +goose Down
+-- +goose StatementBegin
+ALTER TABLE `oai_accounts`
+    DROP INDEX `uk_active_email`;
+-- +goose StatementEnd
+
+-- +goose StatementBegin
+ALTER TABLE `oai_accounts`
+    DROP COLUMN `active_email`;
+-- +goose StatementEnd
+
+-- +goose StatementBegin
+ALTER TABLE `oai_accounts`
+    ADD UNIQUE KEY `uk_email` (`email`);
+-- +goose StatementEnd
diff --git a/sql/migrations/20260424000001_upstream_channels.sql b/sql/migrations/20260424000001_upstream_channels.sql
new file mode 100644
index 00000000..19d0660f
--- /dev/null
+++ b/sql/migrations/20260424000001_upstream_channels.sql
@@ -0,0 +1,61 @@
+-- +goose Up
+-- +goose StatementBegin
+--
+-- 上游渠道表:除内置的 ChatGPT 账号池外,管理员可在后台添加自定义上游渠道
+-- (OpenAI 兼容接口、Gemini 兼容接口等)。每个渠道有自己的 base_url、api_key、
+-- 倍率、优先级、健康状态。
+--
+-- 模型映射表:定义"本地模型 slug → 上游模型名"的映射关系,
+-- 一个本地模型可以映射到多个渠道(同一行 modality 标记走文字/图片/视频),
+-- 调度时按 priority + 渠道健康度挑选。
+--
+CREATE TABLE `upstream_channels` (
+  `id`               BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `name`             VARCHAR(64)    NOT NULL,
+  `type`             VARCHAR(32)    NOT NULL,              -- openai / gemini
+  `base_url`         VARCHAR(512)   NOT NULL,
+  `api_key_enc`      VARCHAR(2048)  NOT NULL,              -- AES-GCM base64
+  `enabled`          TINYINT(1)     NOT NULL DEFAULT 1,
+  `priority`         INT            NOT NULL DEFAULT 100,  -- 越小越优先
+  `weight`           INT            NOT NULL DEFAULT 1,    -- 同优先级内加权轮询
+  `timeout_s`        INT            NOT NULL DEFAULT 120,
+  `ratio`            DOUBLE         NOT NULL DEFAULT 1.0,  -- 渠道级倍率(乘算到最终计费)
+  `extra`            JSON           NULL,                  -- 自定义 header / proxy 等
+  `status`           VARCHAR(16)    NOT NULL DEFAULT 'healthy', -- healthy / unhealthy
+  `fail_count`       INT            NOT NULL DEFAULT 0,
+  `last_test_at`     DATETIME       NULL,
+  `last_test_ok`     TINYINT(1)     NULL,
+  `last_test_error`  VARCHAR(512)   NULL DEFAULT '',
+  `remark`           VARCHAR(256)   NOT NULL DEFAULT '',
+  `created_at`       DATETIME       NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `updated_at`       DATETIME       NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  `deleted_at`       DATETIME       NULL,
+  PRIMARY KEY (`id`),
+  KEY `idx_enabled_priority` (`enabled`, `priority`),
+  KEY `idx_type`             (`type`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE `channel_model_mappings` (
+  `id`             BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `channel_id`     BIGINT UNSIGNED NOT NULL,
+  `local_model`    VARCHAR(128)    NOT NULL,
+  `upstream_model` VARCHAR(128)    NOT NULL,
+  `modality`       VARCHAR(32)     NOT NULL DEFAULT 'text',   -- text / image / video
+  `enabled`        TINYINT(1)      NOT NULL DEFAULT 1,
+  `priority`       INT             NOT NULL DEFAULT 100,
+  `created_at`     DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `updated_at`     DATETIME        NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `uk_channel_local_modality` (`channel_id`, `local_model`, `modality`),
+  KEY `idx_local_model`  (`local_model`, `enabled`),
+  KEY `idx_channel`      (`channel_id`),
+  CONSTRAINT `fk_ch_mapping_channel` FOREIGN KEY (`channel_id`) REFERENCES `upstream_channels`(`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+-- +goose StatementEnd
+
+
+-- +goose Down
+-- +goose StatementBegin
+DROP TABLE IF EXISTS `channel_model_mappings`;
+DROP TABLE IF EXISTS `upstream_channels`;
+-- +goose StatementEnd
diff --git a/tools/convert_adobe_cookies.py b/tools/convert_adobe_cookies.py
deleted file mode 100644
index b6e3f7c3..00000000
--- a/tools/convert_adobe_cookies.py
+++ /dev/null
@@ -1,138 +0,0 @@
-#!/usr/bin/env python3
-"""
-Convert Adobe browser-export cookie JSONL into the import format used by gpt2api.
-
-Input format:
-  One JSON object per line, each with a "cookie" field containing full browser
-  cookies.
-
-Output format:
-  A JSON array of objects:
-    [{"cookie": "ims_sid=...; aux_sid=...; ...", "name": "adobe_001"}]
-
-The cookie field is normalized to match the working sample exactly:
-  ims_sid; aux_sid; fg; relay; ftrset; filter-profile-map; filter-profile-map-permanent
-"""
-
-from __future__ import annotations
-
-import argparse
-import json
-from collections import OrderedDict
-from pathlib import Path
-
-
-COOKIE_KEYS = [
-    "ims_sid",
-    "aux_sid",
-    "fg",
-    "relay",
-    "ftrset",
-    "filter-profile-map",
-    "filter-profile-map-permanent",
-]
-
-
-def parse_cookie(raw: str) -> OrderedDict[str, str]:
-    """Parse a Cookie header string, keeping the last value for duplicate keys."""
-    pairs: OrderedDict[str, str] = OrderedDict()
-    for part in raw.split(";"):
-        part = part.strip()
-        if not part or "=" not in part:
-            continue
-        key, value = part.split("=", 1)
-        pairs[key.strip()] = value.strip()
-    return pairs
-
-
-def convert_file(src: Path, out: Path, name_prefix: str) -> tuple[int, list[tuple[int, list[str]]]]:
-    items: list[dict[str, str]] = []
-    missing_rows: list[tuple[int, list[str]]] = []
-
-    for idx, line in enumerate(src.read_text(encoding="utf-8-sig").splitlines(), 1):
-        line = line.strip()
-        if not line:
-            continue
-
-        obj = json.loads(line)
-        raw_cookie = obj.get("cookie") or obj.get("Cookie") or ""
-        pairs = parse_cookie(raw_cookie)
-        missing = [key for key in COOKIE_KEYS if not pairs.get(key)]
-        if missing:
-            missing_rows.append((idx, missing))
-
-        cookie = "; ".join(f"{key}={pairs[key]}" for key in COOKIE_KEYS if pairs.get(key))
-        items.append(
-            {
-                "cookie": cookie,
-                "name": f"{name_prefix}_{idx:03d}",
-            }
-        )
-
-    out.write_text(json.dumps(items, ensure_ascii=False, indent=2), encoding="utf-8")
-    return len(items), missing_rows
-
-
-def verify(out: Path) -> dict[str, object]:
-    items = json.loads(out.read_text(encoding="utf-8-sig"))
-    wrong_rows = []
-    for idx, item in enumerate(items, 1):
-        keys = [
-            part.split("=", 1)[0].strip()
-            for part in item["cookie"].split(";")
-            if "=" in part
-        ]
-        if keys != COOKIE_KEYS:
-            wrong_rows.append((idx, keys))
-
-    text = out.read_text(encoding="utf-8")
-    return {
-        "count": len(items),
-        "wrong_structure": len(wrong_rows),
-        "has_opta": "Optanon" in text,
-        "has_gds": "gds=" in text,
-        "has_gas": "gas=" in text,
-        "has_mbox": "mbox=" in text,
-        "has_prod": "filter-profile-map-permanent_prod" in text,
-        "has_escaped_amp": "\\u0026" in text,
-        "first_keys": [
-            part.split("=", 1)[0].strip()
-            for part in items[0]["cookie"].split(";")
-            if "=" in part
-        ]
-        if items
-        else [],
-    }
-
-
-def main() -> int:
-    default_src = Path("C:/Users/Administrator/Desktop/12321/50\u4e2aadobe 4k.txt")
-    parser = argparse.ArgumentParser(description="Convert Adobe cookie JSONL to gpt2api import JSON.")
-    parser.add_argument("src", nargs="?", type=Path, default=default_src, help="source .txt/.jsonl file")
-    parser.add_argument("-o", "--out", type=Path, help="output .json file")
-    parser.add_argument("--name-prefix", default="adobe", help="generated account name prefix")
-    args = parser.parse_args()
-
-    src = args.src
-    out = args.out or src.with_name(src.stem + "_完全对齐.json")
-    count, missing_rows = convert_file(src, out, args.name_prefix)
-    report = verify(out)
-
-    print(f"wrote={count}")
-    print(f"out={out}")
-    print(f"missing_rows={len(missing_rows)}")
-    print(f"wrong_structure={report['wrong_structure']}")
-    print(f"first_keys={report['first_keys']}")
-    print(f"has_opta={report['has_opta']} has_gds={report['has_gds']} has_gas={report['has_gas']} has_mbox={report['has_mbox']} has_prod={report['has_prod']}")
-    print(f"has_escaped_amp={report['has_escaped_amp']}")
-
-    if missing_rows:
-        print("missing_examples=" + json.dumps(missing_rows[:5], ensure_ascii=False))
-        return 2
-    if report["wrong_structure"]:
-        return 3
-    return 0
-
-
-if __name__ == "__main__":
-    raise SystemExit(main())
diff --git a/web/.env.development b/web/.env.development
new file mode 100644
index 00000000..650b7e5f
--- /dev/null
+++ b/web/.env.development
@@ -0,0 +1,2 @@
+VITE_APP_TITLE=GPT2API 控制台
+VITE_API_BASE=http://localhost:8080
diff --git a/web/.env.production b/web/.env.production
new file mode 100644
index 00000000..07714cf5
--- /dev/null
+++ b/web/.env.production
@@ -0,0 +1,3 @@
+VITE_APP_TITLE=GPT2API 控制台
+# 生产通常把 /api 和 /v1 交给 nginx 反代到后端,前端走同源
+VITE_API_BASE=
diff --git a/web/.gitignore b/web/.gitignore
new file mode 100644
index 00000000..b55b3eb9
--- /dev/null
+++ b/web/.gitignore
@@ -0,0 +1,7 @@
+node_modules
+dist
+*.log
+.vite
+src/auto-imports.d.ts
+src/components.d.ts
+.DS_Store
diff --git a/web/README.md b/web/README.md
new file mode 100644
index 00000000..adc7b6ad
--- /dev/null
+++ b/web/README.md
@@ -0,0 +1,68 @@
+# GPT2API 控制台(前端)
+
+基于 Vue 3 + TypeScript + Vite + Element Plus 的管理台前端,为 `cmd/server` 提供:
+
+- 登录 / 注册 / 个人中心(Dashboard、API Keys)
+- 管理后台(用户、用户分组、审计日志、数据备份/恢复)
+- 其余模块(账号池、代理池、模型、充值、用量统计、全局 Keys、系统设置)已预留占位页
+
+## 快速开始
+
+```bash
+cd web
+npm install        # 或 pnpm install / yarn
+npm run dev        # http://localhost:5173
+```
+
+开发服务器通过 Vite 代理 `/api`、`/v1`、`/healthz` 到后端(默认 `http://localhost:8080`)。
+改成别的后端:在 `web/.env.development` 里调整 `VITE_API_BASE`。
+
+## 生产构建
+
+```bash
+npm run build       # 产物在 web/dist/
+npm run preview     # 本地静态预览
+```
+
+生产常见部署方式:把 `web/dist/` 交给 nginx,前端走同源,
+nginx 把 `/api/` 和 `/v1/` 反代到 Go 后端即可。`VITE_API_BASE` 留空表示同源。
+
+## 目录约定
+
+```
+src/
+  api/         后端 HTTP 客户端封装(auth/apikey/admin/backup…)
+  router/      路由表 + 权限守卫(meta.perm)
+  stores/      Pinia:user store(持久化 token + 角色 + 权限 + 菜单)
+  layouts/     BasicLayout(侧边栏/顶栏) + BlankLayout(登录等)
+  views/
+    auth/      登录 / 注册
+    personal/  个人中心页
+    admin/     管理员页
+  utils/       金额/字节/时间格式化
+  styles/      全局 scss
+  components/  公共组件(Placeholder 等)
+```
+
+## 权限模型
+
+- 登录后 `GET /api/me` 取 `user/role/permissions`,`GET /api/me/menu` 取菜单树。
+- 路由级:`route.meta.perm = 'foo:bar' | ['a','b']`,守卫里调用 `store.hasPerm()` 做前置校验。
+- UI 级:按钮的 `:disabled` / `v-if` 也会参考 `store.hasPerm()`。
+- 真正的权限校验在后端 `middleware.RequirePerm`,前端仅做体验优化,勿当安全边界。
+
+## 敏感操作(二次确认)
+
+下列操作会要求用户在浏览器里再输入一次管理员密码(通过 `X-Admin-Confirm` 头发送):
+
+- 重置他人密码 `POST /api/admin/users/:id/reset-password`
+- 删除用户 `DELETE /api/admin/users/:id`
+- 调账 `POST /api/admin/users/:id/credits/adjust`
+- 删除 / 恢复 / 上传备份 `/api/admin/system/backup/*`
+
+## 路线图
+
+- [ ] 个人:Usage / Billing / Images
+- [ ] Admin:账号池、代理池、模型、充值订单、用量统计、全局 Keys、系统设置
+- [ ] i18n(当前只提供简体中文)
+- [ ] 黑暗模式切换(Element Plus dark 已引入 css vars)
diff --git a/web/index.html b/web/index.html
new file mode 100644
index 00000000..47d5531b
--- /dev/null
+++ b/web/index.html
@@ -0,0 +1,19 @@
+<!doctype html>
+<html lang="zh-CN">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="color-scheme" content="light dark" />
+    <title>GPT2API 控制台</title>
+    <style>
+      html,body,#app{height:100%;margin:0;padding:0;background:#f5f7fa;}
+      body{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"PingFang SC","Hiragino Sans GB","Microsoft YaHei",sans-serif;}
+      .app-loading{display:flex;height:100%;align-items:center;justify-content:center;color:#606266;font-size:14px;}
+    </style>
+  </head>
+  <body>
+    <div id="app"><div class="app-loading">Loading…</div></div>
+    <script type="module" src="/src/main.ts"></script>
+  </body>
+</html>
diff --git a/web/package-lock.json b/web/package-lock.json
new file mode 100644
index 00000000..40fe1ae3
--- /dev/null
+++ b/web/package-lock.json
@@ -0,0 +1,3199 @@
+{
+  "name": "gpt2api-web",
+  "version": "0.1.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "gpt2api-web",
+      "version": "0.1.0",
+      "license": "MIT",
+      "dependencies": {
+        "@element-plus/icons-vue": "^2.3.1",
+        "@vueuse/core": "^10.9.0",
+        "axios": "^1.6.8",
+        "dayjs": "^1.11.10",
+        "element-plus": "^2.7.2",
+        "pinia": "^2.1.7",
+        "pinia-plugin-persistedstate": "^3.2.1",
+        "vue": "^3.4.21",
+        "vue-router": "^4.3.0"
+      },
+      "devDependencies": {
+        "@types/node": "^20.11.30",
+        "@vitejs/plugin-vue": "^5.0.4",
+        "sass": "^1.71.1",
+        "typescript": "~5.3.3",
+        "unplugin-auto-import": "^0.17.5",
+        "unplugin-vue-components": "^0.26.0",
+        "vite": "^5.2.0",
+        "vue-tsc": "^1.8.27"
+      }
+    },
+    "node_modules/@antfu/utils": {
+      "version": "0.7.10",
+      "resolved": "https://registry.npmmirror.com/@antfu/utils/-/utils-0.7.10.tgz",
+      "integrity": "sha512-+562v9k4aI80m1+VuMHehNJWLOFjBnXn3tdOitzD0il5b7smkSBal4+a3oKiQTbrwMmN/TBUMDvbdoWDehgOww==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@babel/helper-string-parser": {
+      "version": "7.27.1",
+      "resolved": "https://registry.npmmirror.com/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+      "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-validator-identifier": {
+      "version": "7.28.5",
+      "resolved": "https://registry.npmmirror.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+      "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/parser": {
+      "version": "7.29.2",
+      "resolved": "https://registry.npmmirror.com/@babel/parser/-/parser-7.29.2.tgz",
+      "integrity": "sha512-4GgRzy/+fsBa72/RZVJmGKPmZu9Byn8o4MoLpmNe1m8ZfYnz5emHLQz3U4gLud6Zwl0RZIcgiLD7Uq7ySFuDLA==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.29.0"
+      },
+      "bin": {
+        "parser": "bin/babel-parser.js"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@babel/types": {
+      "version": "7.29.0",
+      "resolved": "https://registry.npmmirror.com/@babel/types/-/types-7.29.0.tgz",
+      "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-string-parser": "^7.27.1",
+        "@babel/helper-validator-identifier": "^7.28.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@ctrl/tinycolor": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmmirror.com/@ctrl/tinycolor/-/tinycolor-4.2.0.tgz",
+      "integrity": "sha512-kzyuwOAQnXJNLS9PSyrk0CWk35nWJW/zl/6KvnTBMFK65gm7U1/Z5BqjxeapjZCIhQcM/DsrEmcbRwDyXyXK4A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@element-plus/icons-vue": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmmirror.com/@element-plus/icons-vue/-/icons-vue-2.3.2.tgz",
+      "integrity": "sha512-OzIuTaIfC8QXEPmJvB4Y4kw34rSXdCJzxcD1kFStBvr8bK6X1zQAYDo0CNMjojnfTqRQCJ0I7prlErcoRiET2A==",
+      "license": "MIT",
+      "peerDependencies": {
+        "vue": "^3.2.0"
+      }
+    },
+    "node_modules/@esbuild/aix-ppc64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz",
+      "integrity": "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/android-arm": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/android-arm/-/android-arm-0.21.5.tgz",
+      "integrity": "sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/android-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/android-arm64/-/android-arm64-0.21.5.tgz",
+      "integrity": "sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/android-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/android-x64/-/android-x64-0.21.5.tgz",
+      "integrity": "sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/darwin-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/darwin-arm64/-/darwin-arm64-0.21.5.tgz",
+      "integrity": "sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/darwin-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/darwin-x64/-/darwin-x64-0.21.5.tgz",
+      "integrity": "sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/freebsd-arm64/-/freebsd-arm64-0.21.5.tgz",
+      "integrity": "sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/freebsd-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/freebsd-x64/-/freebsd-x64-0.21.5.tgz",
+      "integrity": "sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/linux-arm": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/linux-arm/-/linux-arm-0.21.5.tgz",
+      "integrity": "sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/linux-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/linux-arm64/-/linux-arm64-0.21.5.tgz",
+      "integrity": "sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/linux-ia32": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/linux-ia32/-/linux-ia32-0.21.5.tgz",
+      "integrity": "sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/linux-loong64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/linux-loong64/-/linux-loong64-0.21.5.tgz",
+      "integrity": "sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/linux-mips64el": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/linux-mips64el/-/linux-mips64el-0.21.5.tgz",
+      "integrity": "sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/linux-ppc64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/linux-ppc64/-/linux-ppc64-0.21.5.tgz",
+      "integrity": "sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/linux-riscv64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/linux-riscv64/-/linux-riscv64-0.21.5.tgz",
+      "integrity": "sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/linux-s390x": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/linux-s390x/-/linux-s390x-0.21.5.tgz",
+      "integrity": "sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/linux-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/linux-x64/-/linux-x64-0.21.5.tgz",
+      "integrity": "sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/netbsd-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/netbsd-x64/-/netbsd-x64-0.21.5.tgz",
+      "integrity": "sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/openbsd-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/openbsd-x64/-/openbsd-x64-0.21.5.tgz",
+      "integrity": "sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/sunos-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/sunos-x64/-/sunos-x64-0.21.5.tgz",
+      "integrity": "sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/win32-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/win32-arm64/-/win32-arm64-0.21.5.tgz",
+      "integrity": "sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/win32-ia32": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/win32-ia32/-/win32-ia32-0.21.5.tgz",
+      "integrity": "sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@esbuild/win32-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/@esbuild/win32-x64/-/win32-x64-0.21.5.tgz",
+      "integrity": "sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@floating-ui/core": {
+      "version": "1.7.5",
+      "resolved": "https://registry.npmmirror.com/@floating-ui/core/-/core-1.7.5.tgz",
+      "integrity": "sha512-1Ih4WTWyw0+lKyFMcBHGbb5U5FtuHJuujoyyr5zTaWS5EYMeT6Jb2AuDeftsCsEuchO+mM2ij5+q9crhydzLhQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@floating-ui/utils": "^0.2.11"
+      }
+    },
+    "node_modules/@floating-ui/dom": {
+      "version": "1.7.6",
+      "resolved": "https://registry.npmmirror.com/@floating-ui/dom/-/dom-1.7.6.tgz",
+      "integrity": "sha512-9gZSAI5XM36880PPMm//9dfiEngYoC6Am2izES1FF406YFsjvyBMmeJ2g4SAju3xWwtuynNRFL2s9hgxpLI5SQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@floating-ui/core": "^1.7.5",
+        "@floating-ui/utils": "^0.2.11"
+      }
+    },
+    "node_modules/@floating-ui/utils": {
+      "version": "0.2.11",
+      "resolved": "https://registry.npmmirror.com/@floating-ui/utils/-/utils-0.2.11.tgz",
+      "integrity": "sha512-RiB/yIh78pcIxl6lLMG0CgBXAZ2Y0eVHqMPYugu+9U0AeT6YBeiJpf7lbdJNIugFP5SIjwNRgo4DhR1Qxi26Gg==",
+      "license": "MIT"
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.5.5",
+      "resolved": "https://registry.npmmirror.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz",
+      "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==",
+      "license": "MIT"
+    },
+    "node_modules/@nodelib/fs.scandir": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmmirror.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
+      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nodelib/fs.stat": "2.0.5",
+        "run-parallel": "^1.1.9"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@nodelib/fs.stat": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmmirror.com/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
+      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@nodelib/fs.walk": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmmirror.com/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
+      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nodelib/fs.scandir": "2.1.5",
+        "fastq": "^1.6.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@parcel/watcher": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher/-/watcher-2.5.6.tgz",
+      "integrity": "sha512-tmmZ3lQxAe/k/+rNnXQRawJ4NjxO2hqiOLTHvWchtGZULp4RyFeh6aU4XdOYBFe2KE1oShQTv4AblOs2iOrNnQ==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "detect-libc": "^2.0.3",
+        "is-glob": "^4.0.3",
+        "node-addon-api": "^7.0.0",
+        "picomatch": "^4.0.3"
+      },
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      },
+      "optionalDependencies": {
+        "@parcel/watcher-android-arm64": "2.5.6",
+        "@parcel/watcher-darwin-arm64": "2.5.6",
+        "@parcel/watcher-darwin-x64": "2.5.6",
+        "@parcel/watcher-freebsd-x64": "2.5.6",
+        "@parcel/watcher-linux-arm-glibc": "2.5.6",
+        "@parcel/watcher-linux-arm-musl": "2.5.6",
+        "@parcel/watcher-linux-arm64-glibc": "2.5.6",
+        "@parcel/watcher-linux-arm64-musl": "2.5.6",
+        "@parcel/watcher-linux-x64-glibc": "2.5.6",
+        "@parcel/watcher-linux-x64-musl": "2.5.6",
+        "@parcel/watcher-win32-arm64": "2.5.6",
+        "@parcel/watcher-win32-ia32": "2.5.6",
+        "@parcel/watcher-win32-x64": "2.5.6"
+      }
+    },
+    "node_modules/@parcel/watcher-android-arm64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-android-arm64/-/watcher-android-arm64-2.5.6.tgz",
+      "integrity": "sha512-YQxSS34tPF/6ZG7r/Ih9xy+kP/WwediEUsqmtf0cuCV5TPPKw/PQHRhueUo6JdeFJaqV3pyjm0GdYjZotbRt/A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-darwin-arm64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-darwin-arm64/-/watcher-darwin-arm64-2.5.6.tgz",
+      "integrity": "sha512-Z2ZdrnwyXvvvdtRHLmM4knydIdU9adO3D4n/0cVipF3rRiwP+3/sfzpAwA/qKFL6i1ModaabkU7IbpeMBgiVEA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-darwin-x64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-darwin-x64/-/watcher-darwin-x64-2.5.6.tgz",
+      "integrity": "sha512-HgvOf3W9dhithcwOWX9uDZyn1lW9R+7tPZ4sug+NGrGIo4Rk1hAXLEbcH1TQSqxts0NYXXlOWqVpvS1SFS4fRg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-freebsd-x64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-freebsd-x64/-/watcher-freebsd-x64-2.5.6.tgz",
+      "integrity": "sha512-vJVi8yd/qzJxEKHkeemh7w3YAn6RJCtYlE4HPMoVnCpIXEzSrxErBW5SJBgKLbXU3WdIpkjBTeUNtyBVn8TRng==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-arm-glibc": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-linux-arm-glibc/-/watcher-linux-arm-glibc-2.5.6.tgz",
+      "integrity": "sha512-9JiYfB6h6BgV50CCfasfLf/uvOcJskMSwcdH1PHH9rvS1IrNy8zad6IUVPVUfmXr+u+Km9IxcfMLzgdOudz9EQ==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-arm-musl": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-linux-arm-musl/-/watcher-linux-arm-musl-2.5.6.tgz",
+      "integrity": "sha512-Ve3gUCG57nuUUSyjBq/MAM0CzArtuIOxsBdQ+ftz6ho8n7s1i9E1Nmk/xmP323r2YL0SONs1EuwqBp2u1k5fxg==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-arm64-glibc": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-linux-arm64-glibc/-/watcher-linux-arm64-glibc-2.5.6.tgz",
+      "integrity": "sha512-f2g/DT3NhGPdBmMWYoxixqYr3v/UXcmLOYy16Bx0TM20Tchduwr4EaCbmxh1321TABqPGDpS8D/ggOTaljijOA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-arm64-musl": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-linux-arm64-musl/-/watcher-linux-arm64-musl-2.5.6.tgz",
+      "integrity": "sha512-qb6naMDGlbCwdhLj6hgoVKJl2odL34z2sqkC7Z6kzir8b5W65WYDpLB6R06KabvZdgoHI/zxke4b3zR0wAbDTA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-x64-glibc": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-linux-x64-glibc/-/watcher-linux-x64-glibc-2.5.6.tgz",
+      "integrity": "sha512-kbT5wvNQlx7NaGjzPFu8nVIW1rWqV780O7ZtkjuWaPUgpv2NMFpjYERVi0UYj1msZNyCzGlaCWEtzc+exjMGbQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-x64-musl": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-linux-x64-musl/-/watcher-linux-x64-musl-2.5.6.tgz",
+      "integrity": "sha512-1JRFeC+h7RdXwldHzTsmdtYR/Ku8SylLgTU/reMuqdVD7CtLwf0VR1FqeprZ0eHQkO0vqsbvFLXUmYm/uNKJBg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-win32-arm64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-win32-arm64/-/watcher-win32-arm64-2.5.6.tgz",
+      "integrity": "sha512-3ukyebjc6eGlw9yRt678DxVF7rjXatWiHvTXqphZLvo7aC5NdEgFufVwjFfY51ijYEWpXbqF5jtrK275z52D4Q==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-win32-ia32": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-win32-ia32/-/watcher-win32-ia32-2.5.6.tgz",
+      "integrity": "sha512-k35yLp1ZMwwee3Ez/pxBi5cf4AoBKYXj00CZ80jUz5h8prpiaQsiRPKQMxoLstNuqe2vR4RNPEAEcjEFzhEz/g==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-win32-x64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmmirror.com/@parcel/watcher-win32-x64/-/watcher-win32-x64-2.5.6.tgz",
+      "integrity": "sha512-hbQlYcCq5dlAX9Qx+kFb0FHue6vbjlf0FrNzSKdYK2APUf7tGfGxQCk2ihEREmbR6ZMc0MVAD5RIX/41gpUzTw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@popperjs/core": {
+      "name": "@sxzz/popperjs-es",
+      "version": "2.11.8",
+      "resolved": "https://registry.npmmirror.com/@sxzz/popperjs-es/-/popperjs-es-2.11.8.tgz",
+      "integrity": "sha512-wOwESXvvED3S8xBmcPWHs2dUuzrE4XiZeFu7e1hROIJkm02a49N120pmOXxY33sBb6hArItm5W5tcg1cBtV+HQ==",
+      "license": "MIT",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/popperjs"
+      }
+    },
+    "node_modules/@rollup/pluginutils": {
+      "version": "5.3.0",
+      "resolved": "https://registry.npmmirror.com/@rollup/pluginutils/-/pluginutils-5.3.0.tgz",
+      "integrity": "sha512-5EdhGZtnu3V88ces7s53hhfK5KSASnJZv8Lulpc04cWO3REESroJXg73DFsOmgbU2BhwV0E20bu2IDZb3VKW4Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "^1.0.0",
+        "estree-walker": "^2.0.2",
+        "picomatch": "^4.0.2"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0"
+      },
+      "peerDependenciesMeta": {
+        "rollup": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@rollup/rollup-android-arm-eabi": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.1.tgz",
+      "integrity": "sha512-d6FinEBLdIiK+1uACUttJKfgZREXrF0Qc2SmLII7W2AD8FfiZ9Wjd+rD/iRuf5s5dWrr1GgwXCvPqOuDquOowA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-android-arm64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.1.tgz",
+      "integrity": "sha512-YjG/EwIDvvYI1YvYbHvDz/BYHtkY4ygUIXHnTdLhG+hKIQFBiosfWiACWortsKPKU/+dUwQQCKQM3qrDe8c9BA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-arm64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.1.tgz",
+      "integrity": "sha512-mjCpF7GmkRtSJwon+Rq1N8+pI+8l7w5g9Z3vWj4T7abguC4Czwi3Yu/pFaLvA3TTeMVjnu3ctigusqWUfjZzvw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-x64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.1.tgz",
+      "integrity": "sha512-haZ7hJ1JT4e9hqkoT9R/19XW2QKqjfJVv+i5AGg57S+nLk9lQnJ1F/eZloRO3o9Scy9CM3wQ9l+dkXtcBgN5Ew==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-arm64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.1.tgz",
+      "integrity": "sha512-czw90wpQq3ZsAVBlinZjAYTKduOjTywlG7fEeWKUA7oCmpA8xdTkxZZlwNJKWqILlq0wehoZcJYfBvOyhPTQ6w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-x64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.1.tgz",
+      "integrity": "sha512-KVB2rqsxTHuBtfOeySEyzEOB7ltlB/ux38iu2rBQzkjbwRVlkhAGIEDiiYnO2kFOkJp+Z7pUXKyrRRFuFUKt+g==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.1.tgz",
+      "integrity": "sha512-L+34Qqil+v5uC0zEubW7uByo78WOCIrBvci69E7sFASRl0X7b/MB6Cqd1lky/CtcSVTydWa2WZwFuWexjS5o6g==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-musleabihf": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.1.tgz",
+      "integrity": "sha512-n83O8rt4v34hgFzlkb1ycniJh7IR5RCIqt6mz1VRJD6pmhRi0CXdmfnLu9dIUS6buzh60IvACM842Ffb3xd6Gg==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.1.tgz",
+      "integrity": "sha512-Nql7sTeAzhTAja3QXeAI48+/+GjBJ+QmAH13snn0AJSNL50JsDqotyudHyMbO2RbJkskbMbFJfIJKWA6R1LCJQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-musl": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.1.tgz",
+      "integrity": "sha512-+pUymDhd0ys9GcKZPPWlFiZ67sTWV5UU6zOJat02M1+PiuSGDziyRuI/pPue3hoUwm2uGfxdL+trT6Z9rxnlMA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.1.tgz",
+      "integrity": "sha512-VSvgvQeIcsEvY4bKDHEDWcpW4Yw7BtlKG1GUT4FzBUlEKQK0rWHYBqQt6Fm2taXS+1bXvJT6kICu5ZwqKCnvlQ==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-musl": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.1.tgz",
+      "integrity": "sha512-4LqhUomJqwe641gsPp6xLfhqWMbQV04KtPp7/dIp0nzPxAkNY1AbwL5W0MQpcalLYk07vaW9Kp1PBhdpZYYcEw==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.1.tgz",
+      "integrity": "sha512-tLQQ9aPvkBxOc/EUT6j3pyeMD6Hb8QF2BTBnCQWP/uu1lhc9AIrIjKnLYMEroIz/JvtGYgI9dF3AxHZNaEH0rw==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-musl": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.1.tgz",
+      "integrity": "sha512-RMxFhJwc9fSXP6PqmAz4cbv3kAyvD1etJFjTx4ONqFP9DkTkXsAMU4v3Vyc5BgzC+anz7nS/9tp4obsKfqkDHg==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.1.tgz",
+      "integrity": "sha512-QKgFl+Yc1eEk6MmOBfRHYF6lTxiiiV3/z/BRrbSiW2I7AFTXoBFvdMEyglohPj//2mZS4hDOqeB0H1ACh3sBbg==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-musl": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.1.tgz",
+      "integrity": "sha512-RAjXjP/8c6ZtzatZcA1RaQr6O1TRhzC+adn8YZDnChliZHviqIjmvFwHcxi4JKPSDAt6Uhf/7vqcBzQJy0PDJg==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-s390x-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.1.tgz",
+      "integrity": "sha512-wcuocpaOlaL1COBYiA89O6yfjlp3RwKDeTIA0hM7OpmhR1Bjo9j31G1uQVpDlTvwxGn2nQs65fBFL5UFd76FcQ==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.1.tgz",
+      "integrity": "sha512-77PpsFQUCOiZR9+LQEFg9GClyfkNXj1MP6wRnzYs0EeWbPcHs02AXu4xuUbM1zhwn3wqaizle3AEYg5aeoohhg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-musl": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.1.tgz",
+      "integrity": "sha512-5cIATbk5vynAjqqmyBjlciMJl1+R/CwX9oLk/EyiFXDWd95KpHdrOJT//rnUl4cUcskrd0jCCw3wpZnhIHdD9w==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-openbsd-x64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.1.tgz",
+      "integrity": "sha512-cl0w09WsCi17mcmWqqglez9Gk8isgeWvoUZ3WiJFYSR3zjBQc2J5/ihSjpl+VLjPqjQ/1hJRcqBfLjssREQILw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-openharmony-arm64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.1.tgz",
+      "integrity": "sha512-4Cv23ZrONRbNtbZa37mLSueXUCtN7MXccChtKpUnQNgF010rjrjfHx3QxkS2PI7LqGT5xXyYs1a7LbzAwT0iCA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-arm64-msvc": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.1.tgz",
+      "integrity": "sha512-i1okWYkA4FJICtr7KpYzFpRTHgy5jdDbZiWfvny21iIKky5YExiDXP+zbXzm3dUcFpkEeYNHgQ5fuG236JPq0g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-ia32-msvc": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.1.tgz",
+      "integrity": "sha512-u09m3CuwLzShA0EYKMNiFgcjjzwqtUMLmuCJLeZWjjOYA3IT2Di09KaxGBTP9xVztWyIWjVdsB2E9goMjZvTQg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.1.tgz",
+      "integrity": "sha512-k+600V9Zl1CM7eZxJgMyTUzmrmhB/0XZnF4pRypKAlAgxmedUA+1v9R+XOFv56W4SlHEzfeMtzujLJD22Uz5zg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-msvc": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.1.tgz",
+      "integrity": "sha512-lWMnixq/QzxyhTV6NjQJ4SFo1J6PvOX8vUx5Wb4bBPsEb+8xZ89Bz6kOXpfXj9ak9AHTQVQzlgzBEc1SyM27xQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@types/estree": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmmirror.com/@types/estree/-/estree-1.0.8.tgz",
+      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/lodash": {
+      "version": "4.17.24",
+      "resolved": "https://registry.npmmirror.com/@types/lodash/-/lodash-4.17.24.tgz",
+      "integrity": "sha512-gIW7lQLZbue7lRSWEFql49QJJWThrTFFeIMJdp3eH4tKoxm1OvEPg02rm4wCCSHS0cL3/Fizimb35b7k8atwsQ==",
+      "license": "MIT"
+    },
+    "node_modules/@types/lodash-es": {
+      "version": "4.17.12",
+      "resolved": "https://registry.npmmirror.com/@types/lodash-es/-/lodash-es-4.17.12.tgz",
+      "integrity": "sha512-0NgftHUcV4v34VhXm8QBSftKVXtbkBG3ViCjs6+eJ5a6y6Mi/jiFGPc1sC7QK+9BFhWrURE3EOggmWaSxL9OzQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/lodash": "*"
+      }
+    },
+    "node_modules/@types/node": {
+      "version": "20.19.39",
+      "resolved": "https://registry.npmmirror.com/@types/node/-/node-20.19.39.tgz",
+      "integrity": "sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~6.21.0"
+      }
+    },
+    "node_modules/@types/web-bluetooth": {
+      "version": "0.0.20",
+      "resolved": "https://registry.npmmirror.com/@types/web-bluetooth/-/web-bluetooth-0.0.20.tgz",
+      "integrity": "sha512-g9gZnnXVq7gM7v3tJCWV/qw7w+KeOlSHAhgF9RytFyifW6AF61hdT2ucrYhPq9hLs5JIryeupHV3qGk95dH9ow==",
+      "license": "MIT"
+    },
+    "node_modules/@vitejs/plugin-vue": {
+      "version": "5.2.4",
+      "resolved": "https://registry.npmmirror.com/@vitejs/plugin-vue/-/plugin-vue-5.2.4.tgz",
+      "integrity": "sha512-7Yx/SXSOcQq5HiiV3orevHUFn+pmMB4cgbEkDYgnkUWb0WfeQ/wa2yFv6D5ICiCQOVpjA7vYDXrC7AGO8yjDHA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.0.0 || >=20.0.0"
+      },
+      "peerDependencies": {
+        "vite": "^5.0.0 || ^6.0.0",
+        "vue": "^3.2.25"
+      }
+    },
+    "node_modules/@volar/language-core": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmmirror.com/@volar/language-core/-/language-core-1.11.1.tgz",
+      "integrity": "sha512-dOcNn3i9GgZAcJt43wuaEykSluAuOkQgzni1cuxLxTV0nJKanQztp7FxyswdRILaKH+P2XZMPRp2S4MV/pElCw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@volar/source-map": "1.11.1"
+      }
+    },
+    "node_modules/@volar/source-map": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmmirror.com/@volar/source-map/-/source-map-1.11.1.tgz",
+      "integrity": "sha512-hJnOnwZ4+WT5iupLRnuzbULZ42L7BWWPMmruzwtLhJfpDVoZLjNBxHDi2sY2bgZXCKlpU5XcsMFoYrsQmPhfZg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "muggle-string": "^0.3.1"
+      }
+    },
+    "node_modules/@volar/typescript": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmmirror.com/@volar/typescript/-/typescript-1.11.1.tgz",
+      "integrity": "sha512-iU+t2mas/4lYierSnoFOeRFQUhAEMgsFuQxoxvwn5EdQopw43j+J27a4lt9LMInx1gLJBC6qL14WYGlgymaSMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@volar/language-core": "1.11.1",
+        "path-browserify": "^1.0.1"
+      }
+    },
+    "node_modules/@vue/compiler-core": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/@vue/compiler-core/-/compiler-core-3.5.32.tgz",
+      "integrity": "sha512-4x74Tbtqnda8s/NSD6e1Dr5p1c8HdMU5RWSjMSUzb8RTcUQqevDCxVAitcLBKT+ie3o0Dl9crc/S/opJM7qBGQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.29.2",
+        "@vue/shared": "3.5.32",
+        "entities": "^7.0.1",
+        "estree-walker": "^2.0.2",
+        "source-map-js": "^1.2.1"
+      }
+    },
+    "node_modules/@vue/compiler-dom": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/@vue/compiler-dom/-/compiler-dom-3.5.32.tgz",
+      "integrity": "sha512-ybHAu70NtiEI1fvAUz3oXZqkUYEe5J98GjMDpTGl5iHb0T15wQYLR4wE3h9xfuTNA+Cm2f4czfe8B4s+CCH57Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/compiler-core": "3.5.32",
+        "@vue/shared": "3.5.32"
+      }
+    },
+    "node_modules/@vue/compiler-sfc": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/@vue/compiler-sfc/-/compiler-sfc-3.5.32.tgz",
+      "integrity": "sha512-8UYUYo71cP/0YHMO814TRZlPuUUw3oifHuMR7Wp9SNoRSrxRQnhMLNlCeaODNn6kNTJsjFoQ/kqIj4qGvya4Xg==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.29.2",
+        "@vue/compiler-core": "3.5.32",
+        "@vue/compiler-dom": "3.5.32",
+        "@vue/compiler-ssr": "3.5.32",
+        "@vue/shared": "3.5.32",
+        "estree-walker": "^2.0.2",
+        "magic-string": "^0.30.21",
+        "postcss": "^8.5.8",
+        "source-map-js": "^1.2.1"
+      }
+    },
+    "node_modules/@vue/compiler-ssr": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/@vue/compiler-ssr/-/compiler-ssr-3.5.32.tgz",
+      "integrity": "sha512-Gp4gTs22T3DgRotZ8aA/6m2jMR+GMztvBXUBEUOYOcST+giyGWJ4WvFd7QLHBkzTxkfOt8IELKNdpzITLbA2rw==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/compiler-dom": "3.5.32",
+        "@vue/shared": "3.5.32"
+      }
+    },
+    "node_modules/@vue/devtools-api": {
+      "version": "6.6.4",
+      "resolved": "https://registry.npmmirror.com/@vue/devtools-api/-/devtools-api-6.6.4.tgz",
+      "integrity": "sha512-sGhTPMuXqZ1rVOk32RylztWkfXTRhuS7vgAKv0zjqk8gbsHkJ7xfFf+jbySxt7tWObEJwyKaHMikV/WGDiQm8g==",
+      "license": "MIT"
+    },
+    "node_modules/@vue/language-core": {
+      "version": "1.8.27",
+      "resolved": "https://registry.npmmirror.com/@vue/language-core/-/language-core-1.8.27.tgz",
+      "integrity": "sha512-L8Kc27VdQserNaCUNiSFdDl9LWT24ly8Hpwf1ECy3aFb9m6bDhBGQYOujDm21N7EW3moKIOKEanQwe1q5BK+mA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@volar/language-core": "~1.11.1",
+        "@volar/source-map": "~1.11.1",
+        "@vue/compiler-dom": "^3.3.0",
+        "@vue/shared": "^3.3.0",
+        "computeds": "^0.0.1",
+        "minimatch": "^9.0.3",
+        "muggle-string": "^0.3.1",
+        "path-browserify": "^1.0.1",
+        "vue-template-compiler": "^2.7.14"
+      },
+      "peerDependencies": {
+        "typescript": "*"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@vue/reactivity": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/@vue/reactivity/-/reactivity-3.5.32.tgz",
+      "integrity": "sha512-/ORasxSGvZ6MN5gc+uE364SxFdJ0+WqVG0CENXaGW58TOCdrAW76WWaplDtECeS1qphvtBZtR+3/o1g1zL4xPQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/shared": "3.5.32"
+      }
+    },
+    "node_modules/@vue/runtime-core": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/@vue/runtime-core/-/runtime-core-3.5.32.tgz",
+      "integrity": "sha512-pDrXCejn4UpFDFmMd27AcJEbHaLemaE5o4pbb7sLk79SRIhc6/t34BQA7SGNgYtbMnvbF/HHOftYBgFJtUoJUQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/reactivity": "3.5.32",
+        "@vue/shared": "3.5.32"
+      }
+    },
+    "node_modules/@vue/runtime-dom": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/@vue/runtime-dom/-/runtime-dom-3.5.32.tgz",
+      "integrity": "sha512-1CDVv7tv/IV13V8Nip1k/aaObVbWqRlVCVezTwx3K07p7Vxossp5JU1dcPNhJk3w347gonIUT9jQOGutyJrSVQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/reactivity": "3.5.32",
+        "@vue/runtime-core": "3.5.32",
+        "@vue/shared": "3.5.32",
+        "csstype": "^3.2.3"
+      }
+    },
+    "node_modules/@vue/server-renderer": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/@vue/server-renderer/-/server-renderer-3.5.32.tgz",
+      "integrity": "sha512-IOjm2+JQwRFS7W28HNuJeXQle9KdZbODFY7hFGVtnnghF51ta20EWAZJHX+zLGtsHhaU6uC9BGPV52KVpYryMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/compiler-ssr": "3.5.32",
+        "@vue/shared": "3.5.32"
+      },
+      "peerDependencies": {
+        "vue": "3.5.32"
+      }
+    },
+    "node_modules/@vue/shared": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/@vue/shared/-/shared-3.5.32.tgz",
+      "integrity": "sha512-ksNyrmRQzWJJ8n3cRDuSF7zNNontuJg1YHnmWRJd2AMu8Ij2bqwiiri2lH5rHtYPZjj4STkNcgcmiQqlOjiYGg==",
+      "license": "MIT"
+    },
+    "node_modules/@vueuse/core": {
+      "version": "10.11.1",
+      "resolved": "https://registry.npmmirror.com/@vueuse/core/-/core-10.11.1.tgz",
+      "integrity": "sha512-guoy26JQktXPcz+0n3GukWIy/JDNKti9v6VEMu6kV2sYBsWuGiTU8OWdg+ADfUbHg3/3DlqySDe7JmdHrktiww==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/web-bluetooth": "^0.0.20",
+        "@vueuse/metadata": "10.11.1",
+        "@vueuse/shared": "10.11.1",
+        "vue-demi": ">=0.14.8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@vueuse/metadata": {
+      "version": "10.11.1",
+      "resolved": "https://registry.npmmirror.com/@vueuse/metadata/-/metadata-10.11.1.tgz",
+      "integrity": "sha512-IGa5FXd003Ug1qAZmyE8wF3sJ81xGLSqTqtQ6jaVfkeZ4i5kS2mwQF61yhVqojRnenVew5PldLyRgvdl4YYuSw==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@vueuse/shared": {
+      "version": "10.11.1",
+      "resolved": "https://registry.npmmirror.com/@vueuse/shared/-/shared-10.11.1.tgz",
+      "integrity": "sha512-LHpC8711VFZlDaYUXEBbFBCQ7GS3dVU9mjOhhMhXP6txTV4EhYQg/KGnQuvt/sPAtoUKq7VVUnL6mVtFoL42sA==",
+      "license": "MIT",
+      "dependencies": {
+        "vue-demi": ">=0.14.8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/acorn": {
+      "version": "8.16.0",
+      "resolved": "https://registry.npmmirror.com/acorn/-/acorn-8.16.0.tgz",
+      "integrity": "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/anymatch": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmmirror.com/anymatch/-/anymatch-3.1.3.tgz",
+      "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/anymatch/node_modules/picomatch": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmmirror.com/picomatch/-/picomatch-2.3.2.tgz",
+      "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/async-validator": {
+      "version": "4.2.5",
+      "resolved": "https://registry.npmmirror.com/async-validator/-/async-validator-4.2.5.tgz",
+      "integrity": "sha512-7HhHjtERjqlNbZtqNqy2rckN/SpOOlmDliet+lP7k+eKZEjPk3DgyeU9lIXLdeLz0uBbbVp+9Qdow9wJWgwwfg==",
+      "license": "MIT"
+    },
+    "node_modules/asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmmirror.com/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
+      "license": "MIT"
+    },
+    "node_modules/axios": {
+      "version": "1.15.0",
+      "resolved": "https://registry.npmmirror.com/axios/-/axios-1.15.0.tgz",
+      "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==",
+      "license": "MIT",
+      "dependencies": {
+        "follow-redirects": "^1.15.11",
+        "form-data": "^4.0.5",
+        "proxy-from-env": "^2.1.0"
+      }
+    },
+    "node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmmirror.com/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/binary-extensions": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmmirror.com/binary-extensions/-/binary-extensions-2.3.0.tgz",
+      "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/brace-expansion": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmmirror.com/brace-expansion/-/brace-expansion-2.1.0.tgz",
+      "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/braces": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmmirror.com/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fill-range": "^7.1.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmmirror.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/chokidar": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmmirror.com/chokidar/-/chokidar-4.0.3.tgz",
+      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "readdirp": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 14.16.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmmirror.com/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "license": "MIT",
+      "dependencies": {
+        "delayed-stream": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/computeds": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmmirror.com/computeds/-/computeds-0.0.1.tgz",
+      "integrity": "sha512-7CEBgcMjVmitjYo5q8JTJVra6X5mQ20uTThdK+0kR7UEaDrAWEQcRiBtWJzga4eRpP6afNwwLsX2SET2JhVB1Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/confbox": {
+      "version": "0.1.8",
+      "resolved": "https://registry.npmmirror.com/confbox/-/confbox-0.1.8.tgz",
+      "integrity": "sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/csstype": {
+      "version": "3.2.3",
+      "resolved": "https://registry.npmmirror.com/csstype/-/csstype-3.2.3.tgz",
+      "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==",
+      "license": "MIT"
+    },
+    "node_modules/dayjs": {
+      "version": "1.11.20",
+      "resolved": "https://registry.npmmirror.com/dayjs/-/dayjs-1.11.20.tgz",
+      "integrity": "sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ==",
+      "license": "MIT"
+    },
+    "node_modules/de-indent": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmmirror.com/de-indent/-/de-indent-1.0.2.tgz",
+      "integrity": "sha512-e/1zu3xH5MQryN2zdVaF0OrdNLUbvWxzMbi+iNA6Bky7l1RoP8a2fIbRocyHclXt/arDrrR6lL3TqFD9pMQTsg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/debug": {
+      "version": "4.4.3",
+      "resolved": "https://registry.npmmirror.com/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmmirror.com/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/detect-libc": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmmirror.com/detect-libc/-/detect-libc-2.1.2.tgz",
+      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/element-plus": {
+      "version": "2.13.7",
+      "resolved": "https://registry.npmmirror.com/element-plus/-/element-plus-2.13.7.tgz",
+      "integrity": "sha512-XdHATFZOyzVFL1DaHQ90IOJQSg9UnSAV+bhDW+YB5UoZ0Hxs50mwqjqfwXkuwpSag+VXXizVcErBR6Movo5daw==",
+      "license": "MIT",
+      "dependencies": {
+        "@ctrl/tinycolor": "^4.2.0",
+        "@element-plus/icons-vue": "^2.3.2",
+        "@floating-ui/dom": "^1.0.1",
+        "@popperjs/core": "npm:@sxzz/popperjs-es@^2.11.7",
+        "@types/lodash": "^4.17.20",
+        "@types/lodash-es": "^4.17.12",
+        "@vueuse/core": "12.0.0",
+        "async-validator": "^4.2.5",
+        "dayjs": "^1.11.19",
+        "lodash": "^4.17.23",
+        "lodash-es": "^4.17.23",
+        "lodash-unified": "^1.0.3",
+        "memoize-one": "^6.0.0",
+        "normalize-wheel-es": "^1.2.0",
+        "vue-component-type-helpers": "^3.2.4"
+      },
+      "peerDependencies": {
+        "vue": "^3.3.0"
+      }
+    },
+    "node_modules/element-plus/node_modules/@vueuse/core": {
+      "version": "12.0.0",
+      "resolved": "https://registry.npmmirror.com/@vueuse/core/-/core-12.0.0.tgz",
+      "integrity": "sha512-C12RukhXiJCbx4MGhjmd/gH52TjJsc3G0E0kQj/kb19H3Nt6n1CA4DRWuTdWWcaFRdlTe0npWDS942mvacvNBw==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/web-bluetooth": "^0.0.20",
+        "@vueuse/metadata": "12.0.0",
+        "@vueuse/shared": "12.0.0",
+        "vue": "^3.5.13"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/element-plus/node_modules/@vueuse/metadata": {
+      "version": "12.0.0",
+      "resolved": "https://registry.npmmirror.com/@vueuse/metadata/-/metadata-12.0.0.tgz",
+      "integrity": "sha512-Yzimd1D3sjxTDOlF05HekU5aSGdKjxhuhRFHA7gDWLn57PRbBIh+SF5NmjhJ0WRgF3my7T8LBucyxdFJjIfRJQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/element-plus/node_modules/@vueuse/shared": {
+      "version": "12.0.0",
+      "resolved": "https://registry.npmmirror.com/@vueuse/shared/-/shared-12.0.0.tgz",
+      "integrity": "sha512-3i6qtcq2PIio5i/vVYidkkcgvmTjCqrf26u+Fd4LhnbBmIT6FN8y6q/GJERp8lfcB9zVEfjdV0Br0443qZuJpw==",
+      "license": "MIT",
+      "dependencies": {
+        "vue": "^3.5.13"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/entities": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmmirror.com/entities/-/entities-7.0.1.tgz",
+      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmmirror.com/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-set-tostringtag": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmmirror.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
+      "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.6",
+        "has-tostringtag": "^1.0.2",
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/esbuild": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmmirror.com/esbuild/-/esbuild-0.21.5.tgz",
+      "integrity": "sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.21.5",
+        "@esbuild/android-arm": "0.21.5",
+        "@esbuild/android-arm64": "0.21.5",
+        "@esbuild/android-x64": "0.21.5",
+        "@esbuild/darwin-arm64": "0.21.5",
+        "@esbuild/darwin-x64": "0.21.5",
+        "@esbuild/freebsd-arm64": "0.21.5",
+        "@esbuild/freebsd-x64": "0.21.5",
+        "@esbuild/linux-arm": "0.21.5",
+        "@esbuild/linux-arm64": "0.21.5",
+        "@esbuild/linux-ia32": "0.21.5",
+        "@esbuild/linux-loong64": "0.21.5",
+        "@esbuild/linux-mips64el": "0.21.5",
+        "@esbuild/linux-ppc64": "0.21.5",
+        "@esbuild/linux-riscv64": "0.21.5",
+        "@esbuild/linux-s390x": "0.21.5",
+        "@esbuild/linux-x64": "0.21.5",
+        "@esbuild/netbsd-x64": "0.21.5",
+        "@esbuild/openbsd-x64": "0.21.5",
+        "@esbuild/sunos-x64": "0.21.5",
+        "@esbuild/win32-arm64": "0.21.5",
+        "@esbuild/win32-ia32": "0.21.5",
+        "@esbuild/win32-x64": "0.21.5"
+      }
+    },
+    "node_modules/escape-string-regexp": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmmirror.com/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz",
+      "integrity": "sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/estree-walker": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmmirror.com/estree-walker/-/estree-walker-2.0.2.tgz",
+      "integrity": "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==",
+      "license": "MIT"
+    },
+    "node_modules/exsolve": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmmirror.com/exsolve/-/exsolve-1.0.8.tgz",
+      "integrity": "sha512-LmDxfWXwcTArk8fUEnOfSZpHOJ6zOMUJKOtFLFqJLoKJetuQG874Uc7/Kki7zFLzYybmZhp1M7+98pfMqeX8yA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/fast-glob": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmmirror.com/fast-glob/-/fast-glob-3.3.3.tgz",
+      "integrity": "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nodelib/fs.stat": "^2.0.2",
+        "@nodelib/fs.walk": "^1.2.3",
+        "glob-parent": "^5.1.2",
+        "merge2": "^1.3.0",
+        "micromatch": "^4.0.8"
+      },
+      "engines": {
+        "node": ">=8.6.0"
+      }
+    },
+    "node_modules/fastq": {
+      "version": "1.20.1",
+      "resolved": "https://registry.npmmirror.com/fastq/-/fastq-1.20.1.tgz",
+      "integrity": "sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "reusify": "^1.0.4"
+      }
+    },
+    "node_modules/fill-range": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmmirror.com/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/follow-redirects": {
+      "version": "1.16.0",
+      "resolved": "https://registry.npmmirror.com/follow-redirects/-/follow-redirects-1.16.0.tgz",
+      "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==",
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/RubenVerborgh"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=4.0"
+      },
+      "peerDependenciesMeta": {
+        "debug": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/form-data": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmmirror.com/form-data/-/form-data-4.0.5.tgz",
+      "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
+      "license": "MIT",
+      "dependencies": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.8",
+        "es-set-tostringtag": "^2.1.0",
+        "hasown": "^2.0.2",
+        "mime-types": "^2.1.12"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmmirror.com/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmmirror.com/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmmirror.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "license": "MIT",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmmirror.com/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmmirror.com/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmmirror.com/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-tostringtag": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmmirror.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
+      "license": "MIT",
+      "dependencies": {
+        "has-symbols": "^1.0.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hasown": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmmirror.com/hasown/-/hasown-2.0.2.tgz",
+      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/he": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmmirror.com/he/-/he-1.2.0.tgz",
+      "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "he": "bin/he"
+      }
+    },
+    "node_modules/immutable": {
+      "version": "5.1.5",
+      "resolved": "https://registry.npmmirror.com/immutable/-/immutable-5.1.5.tgz",
+      "integrity": "sha512-t7xcm2siw+hlUM68I+UEOK+z84RzmN59as9DZ7P1l0994DKUWV7UXBMQZVxaoMSRQ+PBZbHCOoBt7a2wxOMt+A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmmirror.com/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "binary-extensions": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-core-module": {
+      "version": "2.16.1",
+      "resolved": "https://registry.npmmirror.com/is-core-module/-/is-core-module-2.16.1.tgz",
+      "integrity": "sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmmirror.com/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmmirror.com/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-extglob": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmmirror.com/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "node_modules/js-tokens": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmmirror.com/js-tokens/-/js-tokens-9.0.1.tgz",
+      "integrity": "sha512-mxa9E9ITFOt0ban3j6L5MpjwegGz6lBQmM1IJkWeBZGcMxto50+eWdjC/52xDbS2vy0k7vIMK0Fe2wfL9OQSpQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/local-pkg": {
+      "version": "0.5.1",
+      "resolved": "https://registry.npmmirror.com/local-pkg/-/local-pkg-0.5.1.tgz",
+      "integrity": "sha512-9rrA30MRRP3gBD3HTGnC6cDFpaE1kVDWxWgqWJUN0RvDNAo+Nz/9GxB+nHOH0ifbVFy0hSA1V6vFDvnx54lTEQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mlly": "^1.7.3",
+        "pkg-types": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/lodash": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmmirror.com/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
+      "license": "MIT"
+    },
+    "node_modules/lodash-es": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmmirror.com/lodash-es/-/lodash-es-4.18.1.tgz",
+      "integrity": "sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A==",
+      "license": "MIT"
+    },
+    "node_modules/lodash-unified": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmmirror.com/lodash-unified/-/lodash-unified-1.0.3.tgz",
+      "integrity": "sha512-WK9qSozxXOD7ZJQlpSqOT+om2ZfcT4yO+03FuzAHD0wF6S0l0090LRPDx3vhTTLZ8cFKpBn+IOcVXK6qOcIlfQ==",
+      "license": "MIT",
+      "peerDependencies": {
+        "@types/lodash-es": "*",
+        "lodash": "*",
+        "lodash-es": "*"
+      }
+    },
+    "node_modules/magic-string": {
+      "version": "0.30.21",
+      "resolved": "https://registry.npmmirror.com/magic-string/-/magic-string-0.30.21.tgz",
+      "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.5.5"
+      }
+    },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmmirror.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/memoize-one": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmmirror.com/memoize-one/-/memoize-one-6.0.0.tgz",
+      "integrity": "sha512-rkpe71W0N0c0Xz6QD0eJETuWAJGnJ9afsl1srmwPrI+yBCkge5EycXXbYRyvL29zZVUWQCY7InPRCv3GDXuZNw==",
+      "license": "MIT"
+    },
+    "node_modules/merge2": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmmirror.com/merge2/-/merge2-1.4.1.tgz",
+      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/micromatch": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmmirror.com/micromatch/-/micromatch-4.0.8.tgz",
+      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "braces": "^3.0.3",
+        "picomatch": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=8.6"
+      }
+    },
+    "node_modules/micromatch/node_modules/picomatch": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmmirror.com/picomatch/-/picomatch-2.3.2.tgz",
+      "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmmirror.com/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmmirror.com/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/minimatch": {
+      "version": "9.0.9",
+      "resolved": "https://registry.npmmirror.com/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/mlly": {
+      "version": "1.8.2",
+      "resolved": "https://registry.npmmirror.com/mlly/-/mlly-1.8.2.tgz",
+      "integrity": "sha512-d+ObxMQFmbt10sretNDytwt85VrbkhhUA/JBGm1MPaWJ65Cl4wOgLaB1NYvJSZ0Ef03MMEU/0xpPMXUIQ29UfA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "acorn": "^8.16.0",
+        "pathe": "^2.0.3",
+        "pkg-types": "^1.3.1",
+        "ufo": "^1.6.3"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmmirror.com/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/muggle-string": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmmirror.com/muggle-string/-/muggle-string-0.3.1.tgz",
+      "integrity": "sha512-ckmWDJjphvd/FvZawgygcUeQCxzvohjFO5RxTjj4eq8kw359gFF3E1brjfI+viLMxss5JrHTDRHZvu2/tuy0Qg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/nanoid": {
+      "version": "3.3.11",
+      "resolved": "https://registry.npmmirror.com/nanoid/-/nanoid-3.3.11.tgz",
+      "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "bin": {
+        "nanoid": "bin/nanoid.cjs"
+      },
+      "engines": {
+        "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1"
+      }
+    },
+    "node_modules/node-addon-api": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmmirror.com/node-addon-api/-/node-addon-api-7.1.1.tgz",
+      "integrity": "sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true
+    },
+    "node_modules/normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmmirror.com/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/normalize-wheel-es": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmmirror.com/normalize-wheel-es/-/normalize-wheel-es-1.2.0.tgz",
+      "integrity": "sha512-Wj7+EJQ8mSuXr2iWfnujrimU35R2W4FAErEyTmJoJ7ucwTn2hOUSsRehMb5RSYkxXGTM7Y9QpvPmp++w5ftoJw==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/path-browserify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/path-browserify/-/path-browserify-1.0.1.tgz",
+      "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmmirror.com/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/pathe": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmmirror.com/pathe/-/pathe-2.0.3.tgz",
+      "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/picocolors": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
+      "license": "ISC"
+    },
+    "node_modules/picomatch": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmmirror.com/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/pinia": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmmirror.com/pinia/-/pinia-2.3.1.tgz",
+      "integrity": "sha512-khUlZSwt9xXCaTbbxFYBKDc/bWAGWJjOgvxETwkTN7KRm66EeT1ZdZj6i2ceh9sP2Pzqsbc704r2yngBrxBVug==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/devtools-api": "^6.6.3",
+        "vue-demi": "^0.14.10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/posva"
+      },
+      "peerDependencies": {
+        "typescript": ">=4.4.4",
+        "vue": "^2.7.0 || ^3.5.11"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/pinia-plugin-persistedstate": {
+      "version": "3.2.3",
+      "resolved": "https://registry.npmmirror.com/pinia-plugin-persistedstate/-/pinia-plugin-persistedstate-3.2.3.tgz",
+      "integrity": "sha512-Cm819WBj/s5K5DGw55EwbXDtx+EZzM0YR5AZbq9XE3u0xvXwvX2JnWoFpWIcdzISBHqy9H1UiSIUmXyXqWsQRQ==",
+      "license": "MIT",
+      "peerDependencies": {
+        "pinia": "^2.0.0"
+      }
+    },
+    "node_modules/pkg-types": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmmirror.com/pkg-types/-/pkg-types-1.3.1.tgz",
+      "integrity": "sha512-/Jm5M4RvtBFVkKWRu2BLUTNP8/M2a+UwuAX+ae4770q1qVGtfjG+WTCupoZixokjmHiry8uI+dlY8KXYV5HVVQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "confbox": "^0.1.8",
+        "mlly": "^1.7.4",
+        "pathe": "^2.0.1"
+      }
+    },
+    "node_modules/postcss": {
+      "version": "8.5.10",
+      "resolved": "https://registry.npmmirror.com/postcss/-/postcss-8.5.10.tgz",
+      "integrity": "sha512-pMMHxBOZKFU6HgAZ4eyGnwXF/EvPGGqUr0MnZ5+99485wwW41kW91A4LOGxSHhgugZmSChL5AlElNdwlNgcnLQ==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "nanoid": "^3.3.11",
+        "picocolors": "^1.1.1",
+        "source-map-js": "^1.2.1"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      }
+    },
+    "node_modules/proxy-from-env": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmmirror.com/proxy-from-env/-/proxy-from-env-2.1.0.tgz",
+      "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/quansync": {
+      "version": "0.2.11",
+      "resolved": "https://registry.npmmirror.com/quansync/-/quansync-0.2.11.tgz",
+      "integrity": "sha512-AifT7QEbW9Nri4tAwR5M/uzpBuqfZf+zwaEM/QkzEjj7NBuFD2rBuy0K3dE+8wltbezDV7JMA0WfnCPYRSYbXA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/antfu"
+        },
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/sxzz"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/queue-microtask": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmmirror.com/queue-microtask/-/queue-microtask-1.2.3.tgz",
+      "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/readdirp": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmmirror.com/readdirp/-/readdirp-4.1.2.tgz",
+      "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.18.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/resolve": {
+      "version": "1.22.12",
+      "resolved": "https://registry.npmmirror.com/resolve/-/resolve-1.22.12.tgz",
+      "integrity": "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "is-core-module": "^2.16.1",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      },
+      "bin": {
+        "resolve": "bin/resolve"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/reusify": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmmirror.com/reusify/-/reusify-1.1.0.tgz",
+      "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "iojs": ">=1.0.0",
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/rollup": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmmirror.com/rollup/-/rollup-4.60.1.tgz",
+      "integrity": "sha512-VmtB2rFU/GroZ4oL8+ZqXgSA38O6GR8KSIvWmEFv63pQ0G6KaBH9s07PO8XTXP4vI+3UJUEypOfjkGfmSBBR0w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "1.0.8"
+      },
+      "bin": {
+        "rollup": "dist/bin/rollup"
+      },
+      "engines": {
+        "node": ">=18.0.0",
+        "npm": ">=8.0.0"
+      },
+      "optionalDependencies": {
+        "@rollup/rollup-android-arm-eabi": "4.60.1",
+        "@rollup/rollup-android-arm64": "4.60.1",
+        "@rollup/rollup-darwin-arm64": "4.60.1",
+        "@rollup/rollup-darwin-x64": "4.60.1",
+        "@rollup/rollup-freebsd-arm64": "4.60.1",
+        "@rollup/rollup-freebsd-x64": "4.60.1",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.60.1",
+        "@rollup/rollup-linux-arm-musleabihf": "4.60.1",
+        "@rollup/rollup-linux-arm64-gnu": "4.60.1",
+        "@rollup/rollup-linux-arm64-musl": "4.60.1",
+        "@rollup/rollup-linux-loong64-gnu": "4.60.1",
+        "@rollup/rollup-linux-loong64-musl": "4.60.1",
+        "@rollup/rollup-linux-ppc64-gnu": "4.60.1",
+        "@rollup/rollup-linux-ppc64-musl": "4.60.1",
+        "@rollup/rollup-linux-riscv64-gnu": "4.60.1",
+        "@rollup/rollup-linux-riscv64-musl": "4.60.1",
+        "@rollup/rollup-linux-s390x-gnu": "4.60.1",
+        "@rollup/rollup-linux-x64-gnu": "4.60.1",
+        "@rollup/rollup-linux-x64-musl": "4.60.1",
+        "@rollup/rollup-openbsd-x64": "4.60.1",
+        "@rollup/rollup-openharmony-arm64": "4.60.1",
+        "@rollup/rollup-win32-arm64-msvc": "4.60.1",
+        "@rollup/rollup-win32-ia32-msvc": "4.60.1",
+        "@rollup/rollup-win32-x64-gnu": "4.60.1",
+        "@rollup/rollup-win32-x64-msvc": "4.60.1",
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/run-parallel": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmmirror.com/run-parallel/-/run-parallel-1.2.0.tgz",
+      "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "queue-microtask": "^1.2.2"
+      }
+    },
+    "node_modules/sass": {
+      "version": "1.99.0",
+      "resolved": "https://registry.npmmirror.com/sass/-/sass-1.99.0.tgz",
+      "integrity": "sha512-kgW13M54DUB7IsIRM5LvJkNlpH+WhMpooUcaWGFARkF1Tc82v9mIWkCbCYf+MBvpIUBSeSOTilpZjEPr2VYE6Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chokidar": "^4.0.0",
+        "immutable": "^5.1.5",
+        "source-map-js": ">=0.6.2 <2.0.0"
+      },
+      "bin": {
+        "sass": "sass.js"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      },
+      "optionalDependencies": {
+        "@parcel/watcher": "^2.4.1"
+      }
+    },
+    "node_modules/scule": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmmirror.com/scule/-/scule-1.3.0.tgz",
+      "integrity": "sha512-6FtHJEvt+pVMIB9IBY+IcCJ6Z5f1iQnytgyfKMhDKgmzYG+TeH/wx1y3l27rshSbLiSanrR9ffZDrEsmjlQF2g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/semver": {
+      "version": "7.7.4",
+      "resolved": "https://registry.npmmirror.com/semver/-/semver-7.7.4.tgz",
+      "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/source-map-js": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmmirror.com/source-map-js/-/source-map-js-1.2.1.tgz",
+      "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/strip-literal": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmmirror.com/strip-literal/-/strip-literal-2.1.1.tgz",
+      "integrity": "sha512-631UJ6O00eNGfMiWG78ck80dfBab8X6IVFB51jZK5Icd7XAs60Z5y7QdSd/wGIklnWvRbUNloVzhOKKmutxQ6Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "js-tokens": "^9.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/supports-preserve-symlinks-flag": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmmirror.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
+      "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmmirror.com/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.3.3",
+      "resolved": "https://registry.npmmirror.com/typescript/-/typescript-5.3.3.tgz",
+      "integrity": "sha512-pXWcraxM0uxAS+tN0AG/BF2TyqmHO014Z070UsJ+pFvYuRSq8KH8DmWpnbXe0pEPDHXZV3FcAbJkijJ5oNEnWw==",
+      "devOptional": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/ufo": {
+      "version": "1.6.3",
+      "resolved": "https://registry.npmmirror.com/ufo/-/ufo-1.6.3.tgz",
+      "integrity": "sha512-yDJTmhydvl5lJzBmy/hyOAA0d+aqCBuwl818haVdYCRrWV84o7YyeVm4QlVHStqNrrJSTb6jKuFAVqAFsr+K3Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/undici-types": {
+      "version": "6.21.0",
+      "resolved": "https://registry.npmmirror.com/undici-types/-/undici-types-6.21.0.tgz",
+      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/unimport": {
+      "version": "3.14.6",
+      "resolved": "https://registry.npmmirror.com/unimport/-/unimport-3.14.6.tgz",
+      "integrity": "sha512-CYvbDaTT04Rh8bmD8jz3WPmHYZRG/NnvYVzwD6V1YAlvvKROlAeNDUBhkBGzNav2RKaeuXvlWYaa1V4Lfi/O0g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@rollup/pluginutils": "^5.1.4",
+        "acorn": "^8.14.0",
+        "escape-string-regexp": "^5.0.0",
+        "estree-walker": "^3.0.3",
+        "fast-glob": "^3.3.3",
+        "local-pkg": "^1.0.0",
+        "magic-string": "^0.30.17",
+        "mlly": "^1.7.4",
+        "pathe": "^2.0.1",
+        "picomatch": "^4.0.2",
+        "pkg-types": "^1.3.0",
+        "scule": "^1.3.0",
+        "strip-literal": "^2.1.1",
+        "unplugin": "^1.16.1"
+      }
+    },
+    "node_modules/unimport/node_modules/confbox": {
+      "version": "0.2.4",
+      "resolved": "https://registry.npmmirror.com/confbox/-/confbox-0.2.4.tgz",
+      "integrity": "sha512-ysOGlgTFbN2/Y6Cg3Iye8YKulHw+R2fNXHrgSmXISQdMnomY6eNDprVdW9R5xBguEqI954+S6709UyiO7B+6OQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/unimport/node_modules/estree-walker": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmmirror.com/estree-walker/-/estree-walker-3.0.3.tgz",
+      "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "^1.0.0"
+      }
+    },
+    "node_modules/unimport/node_modules/local-pkg": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmmirror.com/local-pkg/-/local-pkg-1.1.2.tgz",
+      "integrity": "sha512-arhlxbFRmoQHl33a0Zkle/YWlmNwoyt6QNZEIJcqNbdrsix5Lvc4HyyI3EnwxTYlZYc32EbYrQ8SzEZ7dqgg9A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mlly": "^1.7.4",
+        "pkg-types": "^2.3.0",
+        "quansync": "^0.2.11"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/unimport/node_modules/local-pkg/node_modules/pkg-types": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmmirror.com/pkg-types/-/pkg-types-2.3.0.tgz",
+      "integrity": "sha512-SIqCzDRg0s9npO5XQ3tNZioRY1uK06lA41ynBC1YmFTmnY6FjUjVt6s4LoADmwoig1qqD0oK8h1p/8mlMx8Oig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "confbox": "^0.2.2",
+        "exsolve": "^1.0.7",
+        "pathe": "^2.0.3"
+      }
+    },
+    "node_modules/unplugin": {
+      "version": "1.16.1",
+      "resolved": "https://registry.npmmirror.com/unplugin/-/unplugin-1.16.1.tgz",
+      "integrity": "sha512-4/u/j4FrCKdi17jaxuJA0jClGxB1AvU2hw/IuayPc4ay1XGaJs/rbb4v5WKwAjNifjmXK9PIFyuPiaK8azyR9w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "acorn": "^8.14.0",
+        "webpack-virtual-modules": "^0.6.2"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/unplugin-auto-import": {
+      "version": "0.17.8",
+      "resolved": "https://registry.npmmirror.com/unplugin-auto-import/-/unplugin-auto-import-0.17.8.tgz",
+      "integrity": "sha512-CHryj6HzJ+n4ASjzwHruD8arhbdl+UXvhuAIlHDs15Y/IMecG3wrf7FVg4pVH/DIysbq/n0phIjNHAjl7TG7Iw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@antfu/utils": "^0.7.10",
+        "@rollup/pluginutils": "^5.1.0",
+        "fast-glob": "^3.3.2",
+        "local-pkg": "^0.5.0",
+        "magic-string": "^0.30.10",
+        "minimatch": "^9.0.4",
+        "unimport": "^3.7.2",
+        "unplugin": "^1.11.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      },
+      "peerDependencies": {
+        "@nuxt/kit": "^3.2.2",
+        "@vueuse/core": "*"
+      },
+      "peerDependenciesMeta": {
+        "@nuxt/kit": {
+          "optional": true
+        },
+        "@vueuse/core": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/unplugin-vue-components": {
+      "version": "0.26.0",
+      "resolved": "https://registry.npmmirror.com/unplugin-vue-components/-/unplugin-vue-components-0.26.0.tgz",
+      "integrity": "sha512-s7IdPDlnOvPamjunVxw8kNgKNK8A5KM1YpK5j/p97jEKTjlPNrA0nZBiSfAKKlK1gWZuyWXlKL5dk3EDw874LQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@antfu/utils": "^0.7.6",
+        "@rollup/pluginutils": "^5.0.4",
+        "chokidar": "^3.5.3",
+        "debug": "^4.3.4",
+        "fast-glob": "^3.3.1",
+        "local-pkg": "^0.4.3",
+        "magic-string": "^0.30.3",
+        "minimatch": "^9.0.3",
+        "resolve": "^1.22.4",
+        "unplugin": "^1.4.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      },
+      "peerDependencies": {
+        "@babel/parser": "^7.15.8",
+        "@nuxt/kit": "^3.2.2",
+        "vue": "2 || 3"
+      },
+      "peerDependenciesMeta": {
+        "@babel/parser": {
+          "optional": true
+        },
+        "@nuxt/kit": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/unplugin-vue-components/node_modules/chokidar": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmmirror.com/chokidar/-/chokidar-3.6.0.tgz",
+      "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      },
+      "engines": {
+        "node": ">= 8.10.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/unplugin-vue-components/node_modules/local-pkg": {
+      "version": "0.4.3",
+      "resolved": "https://registry.npmmirror.com/local-pkg/-/local-pkg-0.4.3.tgz",
+      "integrity": "sha512-SFppqq5p42fe2qcZQqqEOiVRXl+WCP1MdT6k7BDEW1j++sp5fIY+/fdRQitvKgB5BrBcmrs5m/L0v2FrU5MY1g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/unplugin-vue-components/node_modules/picomatch": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmmirror.com/picomatch/-/picomatch-2.3.2.tgz",
+      "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/unplugin-vue-components/node_modules/readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmmirror.com/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "picomatch": "^2.2.1"
+      },
+      "engines": {
+        "node": ">=8.10.0"
+      }
+    },
+    "node_modules/vite": {
+      "version": "5.4.21",
+      "resolved": "https://registry.npmmirror.com/vite/-/vite-5.4.21.tgz",
+      "integrity": "sha512-o5a9xKjbtuhY6Bi5S3+HvbRERmouabWbyUcpXXUA1u+GNUKoROi9byOJ8M0nHbHYHkYICiMlqxkg1KkYmm25Sw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "^0.21.3",
+        "postcss": "^8.4.43",
+        "rollup": "^4.20.0"
+      },
+      "bin": {
+        "vite": "bin/vite.js"
+      },
+      "engines": {
+        "node": "^18.0.0 || >=20.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/vitejs/vite?sponsor=1"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      },
+      "peerDependencies": {
+        "@types/node": "^18.0.0 || >=20.0.0",
+        "less": "*",
+        "lightningcss": "^1.21.0",
+        "sass": "*",
+        "sass-embedded": "*",
+        "stylus": "*",
+        "sugarss": "*",
+        "terser": "^5.4.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
+        "less": {
+          "optional": true
+        },
+        "lightningcss": {
+          "optional": true
+        },
+        "sass": {
+          "optional": true
+        },
+        "sass-embedded": {
+          "optional": true
+        },
+        "stylus": {
+          "optional": true
+        },
+        "sugarss": {
+          "optional": true
+        },
+        "terser": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vue": {
+      "version": "3.5.32",
+      "resolved": "https://registry.npmmirror.com/vue/-/vue-3.5.32.tgz",
+      "integrity": "sha512-vM4z4Q9tTafVfMAK7IVzmxg34rSzTFMyIe0UUEijUCkn9+23lj0WRfA83dg7eQZIUlgOSGrkViIaCfqSAUXsMw==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/compiler-dom": "3.5.32",
+        "@vue/compiler-sfc": "3.5.32",
+        "@vue/runtime-dom": "3.5.32",
+        "@vue/server-renderer": "3.5.32",
+        "@vue/shared": "3.5.32"
+      },
+      "peerDependencies": {
+        "typescript": "*"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vue-component-type-helpers": {
+      "version": "3.2.6",
+      "resolved": "https://registry.npmmirror.com/vue-component-type-helpers/-/vue-component-type-helpers-3.2.6.tgz",
+      "integrity": "sha512-O02tnvIfOQVmnvoWwuSydwRoHjZVt8UEBR+2p4rT35p8GAy5VTlWP8o5qXfJR/GWCN0nVZoYWsVUvx2jwgdBmQ==",
+      "license": "MIT"
+    },
+    "node_modules/vue-demi": {
+      "version": "0.14.10",
+      "resolved": "https://registry.npmmirror.com/vue-demi/-/vue-demi-0.14.10.tgz",
+      "integrity": "sha512-nMZBOwuzabUO0nLgIcc6rycZEebF6eeUfaiQx9+WSk8e29IbLvPU9feI6tqW4kTo3hvoYAJkMh8n8D0fuISphg==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "vue-demi-fix": "bin/vue-demi-fix.js",
+        "vue-demi-switch": "bin/vue-demi-switch.js"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      },
+      "peerDependencies": {
+        "@vue/composition-api": "^1.0.0-rc.1",
+        "vue": "^3.0.0-0 || ^2.6.0"
+      },
+      "peerDependenciesMeta": {
+        "@vue/composition-api": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vue-router": {
+      "version": "4.6.4",
+      "resolved": "https://registry.npmmirror.com/vue-router/-/vue-router-4.6.4.tgz",
+      "integrity": "sha512-Hz9q5sa33Yhduglwz6g9skT8OBPii+4bFn88w6J+J4MfEo4KRRpmiNG/hHHkdbRFlLBOqxN8y8gf2Fb0MTUgVg==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/devtools-api": "^6.6.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/posva"
+      },
+      "peerDependencies": {
+        "vue": "^3.5.0"
+      }
+    },
+    "node_modules/vue-template-compiler": {
+      "version": "2.7.16",
+      "resolved": "https://registry.npmmirror.com/vue-template-compiler/-/vue-template-compiler-2.7.16.tgz",
+      "integrity": "sha512-AYbUWAJHLGGQM7+cNTELw+KsOG9nl2CnSv467WobS5Cv9uk3wFcnr1Etsz2sEIHEZvw1U+o9mRlEO6QbZvUPGQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "de-indent": "^1.0.2",
+        "he": "^1.2.0"
+      }
+    },
+    "node_modules/vue-tsc": {
+      "version": "1.8.27",
+      "resolved": "https://registry.npmmirror.com/vue-tsc/-/vue-tsc-1.8.27.tgz",
+      "integrity": "sha512-WesKCAZCRAbmmhuGl3+VrdWItEvfoFIPXOvUJkjULi+x+6G/Dy69yO3TBRJDr9eUlmsNAwVmxsNZxvHKzbkKdg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@volar/typescript": "~1.11.1",
+        "@vue/language-core": "1.8.27",
+        "semver": "^7.5.4"
+      },
+      "bin": {
+        "vue-tsc": "bin/vue-tsc.js"
+      },
+      "peerDependencies": {
+        "typescript": "*"
+      }
+    },
+    "node_modules/webpack-virtual-modules": {
+      "version": "0.6.2",
+      "resolved": "https://registry.npmmirror.com/webpack-virtual-modules/-/webpack-virtual-modules-0.6.2.tgz",
+      "integrity": "sha512-66/V2i5hQanC51vBQKPH4aI8NMAcBW59FVBs+rC7eGHupMyfn34q7rZIE+ETlJ+XTevqfUhVVBgSUNSW2flEUQ==",
+      "dev": true,
+      "license": "MIT"
+    }
+  }
+}
diff --git a/web/package.json b/web/package.json
new file mode 100644
index 00000000..a0b4b168
--- /dev/null
+++ b/web/package.json
@@ -0,0 +1,43 @@
+{
+  "name": "gpt2api-web",
+  "private": true,
+  "version": "0.1.0",
+  "type": "module",
+  "description": "gpt2api 控制台前端 · Vue 3 + Element Plus",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/432539/gpt2api.git",
+    "directory": "web"
+  },
+  "homepage": "https://github.com/432539/gpt2api#readme",
+  "bugs": {
+    "url": "https://github.com/432539/gpt2api/issues"
+  },
+  "license": "MIT",
+  "scripts": {
+    "dev": "vite",
+    "build": "vue-tsc --noEmit && vite build",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "@element-plus/icons-vue": "^2.3.1",
+    "@vueuse/core": "^10.9.0",
+    "axios": "^1.6.8",
+    "dayjs": "^1.11.10",
+    "element-plus": "^2.7.2",
+    "pinia": "^2.1.7",
+    "pinia-plugin-persistedstate": "^3.2.1",
+    "vue": "^3.4.21",
+    "vue-router": "^4.3.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.30",
+    "@vitejs/plugin-vue": "^5.0.4",
+    "sass": "^1.71.1",
+    "typescript": "~5.3.3",
+    "unplugin-auto-import": "^0.17.5",
+    "unplugin-vue-components": "^0.26.0",
+    "vite": "^5.2.0",
+    "vue-tsc": "^1.8.27"
+  }
+}
diff --git a/web/public/favicon.svg b/web/public/favicon.svg
new file mode 100644
index 00000000..3fd760d8
--- /dev/null
+++ b/web/public/favicon.svg
@@ -0,0 +1,11 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64">
+  <defs>
+    <linearGradient id="g" x1="0" x2="1" y1="0" y2="1">
+      <stop offset="0%" stop-color="#409EFF"/>
+      <stop offset="100%" stop-color="#67C23A"/>
+    </linearGradient>
+  </defs>
+  <rect width="64" height="64" rx="12" fill="url(#g)"/>
+  <text x="32" y="42" font-size="28" font-weight="700" fill="#fff" text-anchor="middle"
+        font-family="Arial, Helvetica, sans-serif">G2</text>
+</svg>
diff --git a/web/public/screenshots/playground-batch.png b/web/public/screenshots/playground-batch.png
new file mode 100644
index 00000000..3ec85275
Binary files /dev/null and b/web/public/screenshots/playground-batch.png differ
diff --git a/web/public/screenshots/playground-preview.png b/web/public/screenshots/playground-preview.png
new file mode 100644
index 00000000..9e76f256
Binary files /dev/null and b/web/public/screenshots/playground-preview.png differ
diff --git a/web/public/screenshots/playground-xiaoqiao.png b/web/public/screenshots/playground-xiaoqiao.png
new file mode 100644
index 00000000..03fce1c5
Binary files /dev/null and b/web/public/screenshots/playground-xiaoqiao.png differ
diff --git a/web/src/App.vue b/web/src/App.vue
new file mode 100644
index 00000000..954a6be4
--- /dev/null
+++ b/web/src/App.vue
@@ -0,0 +1,23 @@
+<script setup lang="ts">
+import { onMounted } from 'vue'
+import { useUserStore } from './stores/user'
+
+const userStore = useUserStore()
+
+// 冷启动时如果已有 access token,主动拉一次 /me,拿到最新 role/permissions。
+onMounted(async () => {
+  if (userStore.accessToken && !userStore.user) {
+    try {
+      await userStore.fetchMe()
+    } catch {
+      userStore.clear()
+    }
+  }
+})
+</script>
+
+<template>
+  <el-config-provider namespace="el">
+    <router-view />
+  </el-config-provider>
+</template>
diff --git a/web/src/api/accounts.ts b/web/src/api/accounts.ts
new file mode 100644
index 00000000..7a2410fa
--- /dev/null
+++ b/web/src/api/accounts.ts
@@ -0,0 +1,246 @@
+import { http } from './http'
+
+export interface Account {
+  id: number
+  email: string
+  client_id: string
+  chatgpt_account_id: string
+  account_type: string            // codex / chatgpt
+  oai_session_id: string
+  oai_device_id: string
+  plan_type: string               // plus / team / free / ...
+  daily_image_quota: number
+  status: string                  // healthy / warned / throttled / suspicious / dead
+  today_used_count: number
+  notes: string
+  token_expires_at?: { Time: string; Valid: boolean } | string | null
+  warned_at?:        { Time: string; Valid: boolean } | string | null
+  cooldown_until?:   { Time: string; Valid: boolean } | string | null
+  last_used_at?:     { Time: string; Valid: boolean } | string | null
+  today_used_date?:  { Time: string; Valid: boolean } | string | null
+
+  last_refresh_at?:  { Time: string; Valid: boolean } | string | null
+  last_refresh_source: string
+  refresh_error: string
+
+  image_quota_remaining: number
+  image_quota_total: number
+  image_quota_reset_at?:   { Time: string; Valid: boolean } | string | null
+  image_quota_updated_at?: { Time: string; Valid: boolean } | string | null
+
+  has_rt: boolean
+  has_st: boolean
+
+  created_at: string
+  updated_at: string
+}
+
+export interface Page<T> {
+  list: T[]; total: number; page: number; page_size: number
+}
+
+export function listAccounts(params: {
+  page?: number; page_size?: number; status?: string; keyword?: string
+} = {}) {
+  return http.get<any, Page<Account>>('/api/admin/accounts', { params })
+}
+
+export interface QuotaSummary {
+  total_remaining: number
+  total_capacity: number
+  active_accounts: number
+}
+
+export function getQuotaSummary() {
+  return http.get<any, QuotaSummary>('/api/admin/accounts/quota-summary')
+}
+
+export function getAccount(id: number) {
+  return http.get<any, Account>(`/api/admin/accounts/${id}`)
+}
+
+export interface AccountCreate {
+  email: string
+  auth_token: string
+  refresh_token?: string
+  session_token?: string
+  token_expires_at?: string
+  oai_session_id?: string
+  oai_device_id?: string
+  client_id?: string
+  chatgpt_account_id?: string
+  account_type?: string
+  plan_type?: string
+  daily_image_quota?: number
+  notes?: string
+  cookies?: string
+  proxy_id?: number
+}
+export interface AccountUpdate extends Partial<AccountCreate> {
+  status?: string
+}
+
+export function createAccount(body: AccountCreate) {
+  return http.post<any, Account>('/api/admin/accounts', body)
+}
+export function updateAccount(id: number, body: AccountUpdate) {
+  return http.patch<any, Account>(`/api/admin/accounts/${id}`, body)
+}
+export function deleteAccount(id: number) {
+  return http.delete<any, { deleted: number }>(`/api/admin/accounts/${id}`)
+}
+export function bindProxy(id: number, proxyID: number) {
+  return http.post(`/api/admin/accounts/${id}/bind-proxy`, { proxy_id: proxyID })
+}
+export function unbindProxy(id: number) {
+  return http.delete(`/api/admin/accounts/${id}/bind-proxy`)
+}
+
+// ---------- 批量导入 ----------
+export interface ImportLineResult {
+  index: number
+  email: string
+  status: 'created' | 'updated' | 'skipped' | 'failed'
+  reason?: string
+  id?: number
+}
+export interface ImportSummary {
+  total: number
+  created: number
+  updated: number
+  skipped: number
+  failed: number
+  results: ImportLineResult[]
+}
+
+/**
+ * 批量导入账号。
+ * 支持两种调用形态:
+ *   1) 纯文本 text(用户粘贴 JSON / JSONL),走 application/json
+ *   2) FormData files[](多文件上传),走 multipart/form-data
+ *
+ * 大量文件(>500 个)建议前端在客户端先分批合并 text 再用 json 发送,
+ * 避免一次 multipart 过大。
+ */
+export function importAccountsJSON(body: {
+  text: string
+  update_existing?: boolean
+  default_client_id?: string
+  default_proxy_id?: number
+}) {
+  return http.post<any, ImportSummary>('/api/admin/accounts/import', body)
+}
+
+export interface ImportTokensBody {
+  /** at=每行 AT;rt=每行 RT 需要 client_id;st=每行 ST */
+  mode: 'at' | 'rt' | 'st'
+  /** 字符串或字符串数组,后端都兼容 */
+  tokens: string | string[]
+  /** RT 模式必填;AT/ST 模式可选,传了也会记到账号上 */
+  client_id?: string
+  update_existing?: boolean
+  /** RT/ST 换 AT 时走的代理(chatgpt.com / auth.openai.com),强烈推荐 */
+  default_proxy_id?: number
+}
+
+export function importAccountsTokens(body: ImportTokensBody) {
+  return http.post<any, ImportSummary>('/api/admin/accounts/import-tokens', body)
+}
+
+export function importAccountsFiles(
+  files: File[],
+  opt: { update_existing?: boolean; default_client_id?: string; default_proxy_id?: number } = {}
+) {
+  const fd = new FormData()
+  for (const f of files) fd.append('files', f, f.name)
+  if (opt.update_existing !== undefined) fd.append('update_existing', String(opt.update_existing))
+  if (opt.default_client_id) fd.append('default_client_id', opt.default_client_id)
+  if (opt.default_proxy_id) fd.append('default_proxy_id', String(opt.default_proxy_id))
+  return http.post<any, ImportSummary>('/api/admin/accounts/import', fd, {
+    headers: { 'Content-Type': 'multipart/form-data' },
+  })
+}
+
+// ---------- 刷新 / 探测 ----------
+export interface RefreshResult {
+  account_id: number
+  email: string
+  ok: boolean
+  source: string            // rt / st / failed
+  expires_at?: string
+  error?: string
+  rt_rotated?: boolean
+  /** 新 AT 是否通过 chatgpt.com web 后端校验(/backend-api/me 返回 200) */
+  at_verified?: boolean
+  /** true 表示 RT 换出的 AT 被 chatgpt.com 以 401 拒绝(iOS 作用域),需要 Session Token */
+  web_unauthorized?: boolean
+}
+export interface RefreshAllResult {
+  total: number
+  success: number
+  failed: number
+  results: RefreshResult[]
+}
+
+export function refreshAccount(id: number) {
+  return http.post<any, RefreshResult>(`/api/admin/accounts/${id}/refresh`)
+}
+export function refreshAllAccounts() {
+  return http.post<any, RefreshAllResult>('/api/admin/accounts/refresh-all')
+}
+
+export interface QuotaResult {
+  account_id: number
+  email: string
+  ok: boolean
+  remaining: number
+  total: number
+  reset_at?: string
+  default_model?: string
+  blocked_features?: string[]
+  error?: string
+}
+export interface QuotaAllResult {
+  total: number
+  success: number
+  failed: number
+  results: QuotaResult[]
+}
+
+export function probeAccountQuota(id: number) {
+  return http.post<any, QuotaResult>(`/api/admin/accounts/${id}/probe-quota`)
+}
+export function probeAllAccountsQuota() {
+  return http.post<any, QuotaAllResult>('/api/admin/accounts/probe-quota-all')
+}
+
+// ---------- 自动刷新开关 ----------
+export interface AutoRefreshConfig {
+  enabled: boolean
+  ahead_sec: number
+  threshold?: string
+}
+export function getAutoRefresh() {
+  return http.get<any, AutoRefreshConfig>('/api/admin/accounts/auto-refresh')
+}
+export function setAutoRefresh(enabled: boolean) {
+  return http.put<any, AutoRefreshConfig>('/api/admin/accounts/auto-refresh', { enabled })
+}
+
+// ---------- 批量删除 ----------
+export type BulkDeleteScope = 'dead' | 'suspicious' | 'warned' | 'throttled' | 'all'
+export function bulkDeleteAccounts(scope: BulkDeleteScope) {
+  return http.post<any, { deleted: number; scope: string }>(
+    '/api/admin/accounts/bulk-delete', { scope },
+  )
+}
+
+// ---------- 获取 AT / RT / ST 明文(编辑弹窗回显) ----------
+export interface AccountSecrets {
+  auth_token: string
+  refresh_token: string
+  session_token: string
+}
+export function getAccountSecrets(id: number) {
+  return http.get<any, AccountSecrets>(`/api/admin/accounts/${id}/secrets`)
+}
diff --git a/web/src/api/admin.ts b/web/src/api/admin.ts
new file mode 100644
index 00000000..58ba8839
--- /dev/null
+++ b/web/src/api/admin.ts
@@ -0,0 +1,187 @@
+import { http } from './http'
+import type { UserInfo } from './auth'
+
+// ============ users ============
+export interface AdminUser extends UserInfo {
+  version?: number
+  last_login_ip?: string
+  updated_at?: string
+  deleted_at?: string | null
+}
+export interface Page<T> {
+  items: T[]
+  total: number
+  limit: number
+  offset: number
+}
+
+export interface UserFilter {
+  q?: string
+  role?: string
+  status?: string
+  group_id?: number
+  limit?: number
+  offset?: number
+}
+
+export function listUsers(f: UserFilter = {}): Promise<Page<AdminUser>> {
+  return http.get('/api/admin/users', { params: f })
+}
+
+export function getUser(id: number): Promise<AdminUser> {
+  return http.get(`/api/admin/users/${id}`)
+}
+
+export interface CreateUserReq {
+  email: string
+  password: string
+  nickname?: string
+  role?: 'user' | 'admin'
+  status?: 'active' | 'banned'
+  group_id?: number
+  initial_credits?: number
+}
+
+export function createUser(body: CreateUserReq) {
+  return http.post('/api/admin/users', body)
+}
+
+export function patchUser(id: number, body: Partial<Pick<AdminUser, 'nickname' | 'role' | 'status' | 'group_id'>>) {
+  return http.patch(`/api/admin/users/${id}`, body)
+}
+
+export function resetUserPassword(id: number, newPassword: string, adminPassword: string) {
+  return http.post(`/api/admin/users/${id}/reset-password`,
+    { new_password: newPassword, admin_password: adminPassword })
+}
+
+export function deleteUser(id: number, adminPassword: string) {
+  return http.delete(`/api/admin/users/${id}`, { headers: { 'X-Admin-Confirm': adminPassword } })
+}
+
+export interface AdjustReq {
+  delta: number
+  remark: string
+  ref_id?: string
+}
+
+export function adjustCredit(id: number, req: AdjustReq, adminPassword: string) {
+  return http.post(`/api/admin/users/${id}/credits/adjust`, req, {
+    headers: { 'X-Admin-Confirm': adminPassword },
+  })
+}
+
+export interface CreditLog {
+  id: number
+  user_id: number
+  key_id: number
+  type: string
+  amount: number
+  balance_after: number
+  ref_id: string
+  remark: string
+  created_at: string
+}
+
+export function listCreditLogs(userID: number, limit = 50, offset = 0): Promise<Page<CreditLog>> {
+  return http.get(`/api/admin/users/${userID}/credit-logs`, { params: { limit, offset } })
+}
+
+// ============ credits (全局) ============
+
+export interface CreditLogGlobal extends CreditLog {
+  user_email: string
+  user_nickname: string
+}
+
+export interface CreditLogFilter {
+  user_id?: number
+  keyword?: string
+  type?: string
+  sign?: '' | 'in' | 'out'
+  start_at?: string
+  end_at?: string
+  limit?: number
+  offset?: number
+}
+
+export function listCreditLogsGlobal(f: CreditLogFilter = {}): Promise<Page<CreditLogGlobal>> {
+  return http.get('/api/admin/credits/logs', { params: f })
+}
+
+export interface CreditsSummary {
+  in_today: number
+  out_today: number
+  in_7days: number
+  out_7days: number
+  in_total: number
+  out_total: number
+  total_balance: number
+}
+
+export function creditsSummary(): Promise<CreditsSummary> {
+  return http.get('/api/admin/credits/summary')
+}
+
+export function adjustCreditByUser(
+  req: { user_id: number; delta: number; remark: string; ref_id?: string },
+  adminPassword: string,
+) {
+  return http.post<any, { balance_after: number; delta: number }>(
+    '/api/admin/credits/adjust',
+    req,
+    { headers: { 'X-Admin-Confirm': adminPassword } },
+  )
+}
+
+// ============ groups ============
+
+export interface Group {
+  id: number
+  name: string
+  ratio: number
+  daily_limit_credits: number
+  rpm_limit: number
+  tpm_limit: number
+  remark: string
+  created_at?: string
+  updated_at?: string
+}
+
+export function listGroups(): Promise<{ items: Group[]; total: number }> {
+  return http.get('/api/admin/groups')
+}
+
+export function createGroup(g: Partial<Group>): Promise<Group> {
+  return http.post('/api/admin/groups', g)
+}
+
+export function updateGroup(id: number, g: Partial<Group>): Promise<Group> {
+  return http.put(`/api/admin/groups/${id}`, g)
+}
+
+export function deleteGroup(id: number): Promise<{ deleted: number }> {
+  return http.delete(`/api/admin/groups/${id}`)
+}
+
+// ============ audit ============
+export interface AuditLog {
+  id: number
+  actor_id: number
+  actor_email: string
+  action: string
+  method: string
+  path: string
+  status_code: number
+  ip: string
+  ua: string
+  target: string
+  meta?: string | Record<string, unknown> | null
+  created_at: string
+}
+
+export interface AuditFilter { actor_id?: number; action?: string; limit?: number; offset?: number }
+
+export function listAudit(f: AuditFilter = {}): Promise<{ items: AuditLog[]; total: number; limit: number; offset: number }> {
+  return http.get('/api/admin/audit/logs', { params: f })
+}
diff --git a/web/src/api/apikey.ts b/web/src/api/apikey.ts
new file mode 100644
index 00000000..611ab211
--- /dev/null
+++ b/web/src/api/apikey.ts
@@ -0,0 +1,54 @@
+import { http } from './http'
+
+export interface ApiKey {
+  id: number
+  user_id: number
+  name: string
+  key_prefix: string
+  quota_limit: number
+  quota_used: number
+  rpm: number
+  tpm: number
+  enabled: boolean
+  last_used_at?: { Time: string; Valid: boolean } | string | null
+  last_used_ip?: string
+  expires_at?: { Time: string; Valid: boolean } | string | null
+  created_at: string
+  updated_at: string
+  allowed_models?: { String: string; Valid: boolean } | null
+  allowed_ips?: { String: string; Valid: boolean } | null
+}
+
+export interface CreatedKey {
+  key: string           // 明文 key,仅此一次
+  record: ApiKey
+}
+
+export interface ListPage {
+  list: ApiKey[]
+  total: number
+  page: number
+  page_size: number
+}
+
+export function listKeys(page = 1, size = 20): Promise<ListPage> {
+  return http.get('/api/keys', { params: { page, page_size: size } })
+}
+
+export function createKey(req: Partial<Pick<ApiKey, 'name' | 'quota_limit' | 'rpm' | 'tpm'>> & {
+  expires_at?: string
+  allowed_models?: string[]
+  allowed_ips?: string[]
+}): Promise<CreatedKey> {
+  // 后端 ExpiresAt 是 time.Time,Go 对 zero time 的 JSON 是 "0001-01-01T00:00:00Z"
+  // 前端空值时传 0001-01-01T00:00:00Z 更稳;此处直接不传让后端零值
+  return http.post('/api/keys', req)
+}
+
+export function updateKey(id: number, req: Record<string, unknown>): Promise<ApiKey> {
+  return http.patch(`/api/keys/${id}`, req)
+}
+
+export function deleteKey(id: number): Promise<{ deleted: number }> {
+  return http.delete(`/api/keys/${id}`)
+}
diff --git a/web/src/api/auth.ts b/web/src/api/auth.ts
new file mode 100644
index 00000000..3aeb019e
--- /dev/null
+++ b/web/src/api/auth.ts
@@ -0,0 +1,66 @@
+import { http } from './http'
+
+export interface LoginReq {
+  email: string
+  password: string
+}
+
+export interface TokenPair {
+  access_token: string
+  refresh_token: string
+  expires_in?: number
+}
+
+export interface LoginResp {
+  user: UserInfo
+  token: TokenPair
+}
+
+export interface UserInfo {
+  id: number
+  email: string
+  nickname: string
+  role: string
+  status: string
+  group_id: number
+  credit_balance: number
+  credit_frozen: number
+  created_at?: string
+  last_login_at?: string
+}
+
+export function login(req: LoginReq): Promise<LoginResp> {
+  return http.post('/api/auth/login', req)
+}
+
+export function register(req: { email: string; password: string; nickname?: string }): Promise<UserInfo> {
+  return http.post('/api/auth/register', req)
+}
+
+export interface MeResp {
+  user: UserInfo
+  role: string
+  permissions: string[]
+}
+
+export function getMe(): Promise<MeResp> {
+  return http.get('/api/me')
+}
+
+export interface MenuItem {
+  key: string
+  title: string
+  icon?: string
+  path?: string
+  children?: MenuItem[]
+}
+
+export interface MenuResp {
+  role: string
+  menu: MenuItem[]
+  permissions: string[]
+}
+
+export function getMenu(): Promise<MenuResp> {
+  return http.get('/api/me/menu')
+}
diff --git a/web/src/api/backup.ts b/web/src/api/backup.ts
new file mode 100644
index 00000000..4119cded
--- /dev/null
+++ b/web/src/api/backup.ts
@@ -0,0 +1,73 @@
+import { http } from './http'
+
+export interface BackupFile {
+  id: number
+  backup_id: string
+  file_name: string
+  size_bytes: number
+  sha256: string
+  trigger: string        // manual | cron | upload
+  status: string         // running | ready | failed
+  error?: string
+  include_data: boolean
+  created_by: number
+  created_at: string
+  finished_at?: string | { Time: string; Valid: boolean }
+}
+
+export interface BackupListResp {
+  items: BackupFile[]
+  total: number
+  allow_restore: boolean
+  max_upload_mb: number
+}
+
+export function listBackups(limit = 50, offset = 0): Promise<BackupListResp> {
+  return http.get('/api/admin/system/backup', { params: { limit, offset } })
+}
+
+export function createBackup(includeData = true): Promise<BackupFile> {
+  return http.post('/api/admin/system/backup', { include_data: includeData })
+}
+
+export function deleteBackup(id: string, adminPassword: string): Promise<unknown> {
+  return http.delete(`/api/admin/system/backup/${id}`, {
+    headers: { 'X-Admin-Confirm': adminPassword },
+  })
+}
+
+export function restoreBackup(id: string, adminPassword: string): Promise<unknown> {
+  return http.post(`/api/admin/system/backup/${id}/restore`, {}, {
+    headers: { 'X-Admin-Confirm': adminPassword },
+  })
+}
+
+export function downloadBackup(id: string, fileName: string) {
+  return http.get(`/api/admin/system/backup/${id}/download`, { responseType: 'blob' })
+    .then((res: any) => {
+      const blob = res.data instanceof Blob ? res.data : new Blob([res])
+      const url = URL.createObjectURL(blob)
+      const a = document.createElement('a')
+      a.href = url
+      a.download = fileName
+      document.body.appendChild(a)
+      a.click()
+      a.remove()
+      URL.revokeObjectURL(url)
+    })
+}
+
+export function uploadBackup(file: File, adminPassword: string, onProgress?: (pct: number) => void) {
+  const fd = new FormData()
+  fd.append('file', file)
+  fd.append('admin_password', adminPassword)
+  return http.post('/api/admin/system/backup/upload', fd, {
+    headers: {
+      'Content-Type': 'multipart/form-data',
+      'X-Admin-Confirm': adminPassword,
+    },
+    onUploadProgress: (e) => {
+      if (e.total && onProgress) onProgress(Math.round((e.loaded / e.total) * 100))
+    },
+  })
+}
diff --git a/web/src/api/channels.ts b/web/src/api/channels.ts
new file mode 100644
index 00000000..5d6e67ad
--- /dev/null
+++ b/web/src/api/channels.ts
@@ -0,0 +1,88 @@
+import { http } from './http'
+
+export interface Channel {
+  id: number
+  name: string
+  type: 'openai' | 'gemini'
+  base_url: string
+  api_key_masked?: string
+  enabled: boolean
+  priority: number
+  weight: number
+  timeout_s: number
+  ratio: number
+  extra?: string
+  status: 'healthy' | 'unhealthy'
+  fail_count: number
+  last_test_at?: string
+  last_test_ok?: boolean
+  last_test_error?: string
+  remark: string
+  created_at: string
+  updated_at: string
+}
+
+export interface ChannelUpsert {
+  name: string
+  type: 'openai' | 'gemini'
+  base_url: string
+  api_key?: string
+  enabled: boolean
+  priority: number
+  weight: number
+  timeout_s: number
+  ratio: number
+  extra?: string
+  remark?: string
+}
+
+export interface Mapping {
+  id: number
+  channel_id: number
+  local_model: string
+  upstream_model: string
+  modality: 'text' | 'image' | 'video'
+  enabled: boolean
+  priority: number
+  created_at: string
+  updated_at: string
+}
+
+export interface MappingUpsert {
+  local_model: string
+  upstream_model: string
+  modality: 'text' | 'image' | 'video'
+  enabled: boolean
+  priority: number
+}
+
+export function listChannels(params: { page?: number; page_size?: number } = {}):
+  Promise<{ list: Channel[]; total: number; page: number; page_size: number }> {
+  return http.get('/api/admin/channels', { params })
+}
+export function createChannel(body: ChannelUpsert): Promise<Channel> {
+  return http.post('/api/admin/channels', body)
+}
+export function updateChannel(id: number, body: ChannelUpsert): Promise<Channel> {
+  return http.patch(`/api/admin/channels/${id}`, body)
+}
+export function deleteChannel(id: number) {
+  return http.delete(`/api/admin/channels/${id}`)
+}
+export function testChannel(id: number):
+  Promise<{ ok: boolean; latency_ms: number; error?: string }> {
+  return http.post(`/api/admin/channels/${id}/test`, {})
+}
+
+export function listMappings(channelID: number): Promise<{ list: Mapping[] }> {
+  return http.get(`/api/admin/channels/${channelID}/mappings`)
+}
+export function createMapping(channelID: number, body: MappingUpsert): Promise<Mapping> {
+  return http.post(`/api/admin/channels/${channelID}/mappings`, body)
+}
+export function updateMapping(mid: number, body: MappingUpsert): Promise<Mapping> {
+  return http.patch(`/api/admin/channel-mappings/${mid}`, body)
+}
+export function deleteMapping(mid: number) {
+  return http.delete(`/api/admin/channel-mappings/${mid}`)
+}
diff --git a/web/src/api/http.ts b/web/src/api/http.ts
new file mode 100644
index 00000000..55a6543e
--- /dev/null
+++ b/web/src/api/http.ts
@@ -0,0 +1,94 @@
+import axios, { AxiosError, type AxiosInstance, type AxiosRequestConfig } from 'axios'
+import { ElMessage } from 'element-plus'
+
+/**
+ * 统一响应结构,后端 `pkg/resp` 约定:
+ * {
+ *   code: 0,
+ *   message: "ok",
+ *   data: <T>
+ * }
+ * 非 0 code 认为是业务错误,会被拦截器统一抛出。
+ */
+export interface ApiEnvelope<T = any> {
+  code: number
+  message: string
+  data: T
+}
+
+const baseURL = import.meta.env.VITE_API_BASE || ''
+
+export const http: AxiosInstance = axios.create({
+  baseURL,
+  timeout: 30_000,
+})
+
+/** access token 持久化 key(Pinia store 也复用) */
+export const TOKEN_KEY = 'gpt2api.access'
+export const REFRESH_KEY = 'gpt2api.refresh'
+
+http.interceptors.request.use((config) => {
+  const token = localStorage.getItem(TOKEN_KEY)
+  if (token) {
+    config.headers = config.headers || {}
+    config.headers['Authorization'] = `Bearer ${token}`
+  }
+  return config
+})
+
+http.interceptors.response.use(
+  (response) => {
+    // 下载类接口直接透传 blob
+    const contentType = response.headers?.['content-type'] || ''
+    if (response.config.responseType === 'blob' || contentType.startsWith('application/gzip')) {
+      return response
+    }
+    const payload = response.data as ApiEnvelope
+    if (payload && typeof payload === 'object' && 'code' in payload) {
+      if (payload.code === 0) {
+        return payload.data as any
+      }
+      const msg = payload.message || `请求失败 (code=${payload.code})`
+      ElMessage.error(msg)
+      return Promise.reject(new Error(msg))
+    }
+    return response.data
+  },
+  (error: AxiosError<ApiEnvelope>) => {
+    const status = error.response?.status
+    const msg = error.response?.data?.message || error.message || '网络错误'
+    if (status === 401) {
+      // 登录接口 401 = 账号密码错误,不要清 token 也不要跳转,直接给明确提示。
+      // 后端返回的是英文 "invalid email or password",这里本地化为中文。
+      const reqUrl = (error.config?.url || '') as string
+      const isLoginEndpoint =
+        reqUrl.includes('/auth/login') || reqUrl.includes('/auth/register')
+      if (isLoginEndpoint) {
+        const friendly =
+          /invalid email or password/i.test(msg) ? '邮箱或密码错误' : msg || '登录失败'
+        ElMessage.error(friendly)
+      } else {
+        localStorage.removeItem(TOKEN_KEY)
+        localStorage.removeItem(REFRESH_KEY)
+        if (!window.location.pathname.startsWith('/login')) {
+          ElMessage.warning('登录已失效,请重新登录')
+          window.location.href = `/login?redirect=${encodeURIComponent(window.location.pathname)}`
+        } else {
+          // 极端情况:已经在 /login 但又收到 401(例如 me 接口),给一条兜底 toast,
+          // 避免用户看到"点了没反应"。
+          ElMessage.error(msg || '登录已失效')
+        }
+      }
+    } else if (status === 403) {
+      ElMessage.error(`无权限:${msg}`)
+    } else {
+      ElMessage.error(msg)
+    }
+    return Promise.reject(error)
+  },
+)
+
+/** 直接传入返回体的辅助类型工具 */
+export function request<T = any>(cfg: AxiosRequestConfig): Promise<T> {
+  return http.request(cfg) as unknown as Promise<T>
+}
diff --git a/web/src/api/me.ts b/web/src/api/me.ts
new file mode 100644
index 00000000..5c389650
--- /dev/null
+++ b/web/src/api/me.ts
@@ -0,0 +1,332 @@
+import { http } from './http'
+
+// ---------- models (enabled, for 面板下拉) ----------
+
+export interface SimpleModel {
+  id: number
+  slug: string
+  type: 'chat' | 'image' | string
+  description: string
+}
+
+export function listMyModels(): Promise<{ items: SimpleModel[]; total: number }> {
+  return http.get('/api/me/models')
+}
+
+// ===============================================================
+// 当前用户视角的用量 + 图片任务(供「生成面板」使用)
+// ===============================================================
+
+// ---------- usage ----------
+
+export interface UsageItem {
+  id: number
+  user_id: number
+  key_id: number
+  model_id: number
+  model_slug: string
+  account_id: number
+  request_id: string
+  type: 'chat' | 'image' | string
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  image_count: number
+  credit_cost: number
+  duration_ms: number
+  status: string
+  error_code: string
+  ip: string
+  created_at: string
+}
+
+export interface UsageOverall {
+  requests: number
+  failures: number
+  chat_requests: number
+  image_images: number
+  input_tokens: number
+  output_tokens: number
+  credit_cost: number
+}
+
+export interface UsageDaily {
+  day: string
+  requests: number
+  failures: number
+  input_tokens: number
+  output_tokens: number
+  image_count: number
+  credit_cost: number
+}
+
+export interface UsageModelStat {
+  model_id: number
+  model_slug: string
+  type: string
+  requests: number
+  failures: number
+  input_tokens: number
+  output_tokens: number
+  image_count: number
+  credit_cost: number
+  avg_dur_ms: number
+}
+
+export interface MyStatsResp {
+  overall: UsageOverall
+  daily: UsageDaily[]
+  by_model: UsageModelStat[]
+}
+
+export function listMyUsageLogs(params: {
+  type?: 'chat' | 'image' | ''
+  status?: string
+  since?: string
+  until?: string
+  limit?: number
+  offset?: number
+} = {}): Promise<{ items: UsageItem[]; total: number; limit: number; offset: number }> {
+  return http.get('/api/me/usage/logs', { params })
+}
+
+export function getMyUsageStats(params: {
+  days?: number
+  top_n?: number
+  type?: 'chat' | 'image' | ''
+  since?: string
+  until?: string
+} = {}): Promise<MyStatsResp> {
+  return http.get('/api/me/usage/stats', { params })
+}
+
+// ---------- credit logs (个人积分流水) ----------
+
+export interface MyCreditLog {
+  id: number
+  user_id: number
+  key_id: number
+  type: string
+  amount: number
+  balance_after: number
+  ref_id: string
+  remark: string
+  created_at: string
+}
+
+export function listMyCreditLogs(params: {
+  limit?: number
+  offset?: number
+} = {}): Promise<{ items: MyCreditLog[]; total: number; limit: number; offset: number }> {
+  return http.get('/api/me/credit-logs', { params })
+}
+
+// ---------- image tasks ----------
+
+export interface ImageTask {
+  id: number
+  task_id: string
+  user_id: number
+  model_id: number
+  account_id: number
+  prompt: string
+  n: number
+  size: string
+  status: 'queued' | 'dispatched' | 'running' | 'success' | 'failed' | string
+  conversation_id?: string
+  error?: string
+  credit_cost: number
+  image_urls: string[]
+  file_ids?: string[]
+  created_at: string
+  started_at?: string | null
+  finished_at?: string | null
+}
+
+export function listMyImageTasks(params: {
+  limit?: number
+  offset?: number
+  status?: string
+  keyword?: string
+  start_at?: string
+  end_at?: string
+} = {}): Promise<{ items: ImageTask[]; limit: number; offset: number }> {
+  return http.get('/api/me/images/tasks', { params })
+}
+
+export function getMyImageTask(taskID: string): Promise<ImageTask> {
+  return http.get(`/api/me/images/tasks/${taskID}`)
+}
+
+// ===============================================================
+// 在线体验(Playground)—— JWT 鉴权,内部代挂 __playground__ key
+// ===============================================================
+
+// 后端返回的 OpenAI 兼容 chat chunk(stream=true 时每行 data: {...})
+export interface ChatStreamDelta {
+  role?: string
+  content?: string
+}
+
+export interface ChatStreamChunk {
+  id?: string
+  model?: string
+  choices?: Array<{
+    index?: number
+    delta?: ChatStreamDelta
+    finish_reason?: string | null
+  }>
+}
+
+export interface PlayChatMessage {
+  role: 'system' | 'user' | 'assistant'
+  content: string
+}
+
+// streamPlayChat 直接用 fetch 读 SSE,因为 axios 不擅长流式。
+// 回调 onDelta 每接到一段 content 增量触发;流结束时 promise resolve。
+export async function streamPlayChat(
+  req: {
+    model: string
+    messages: PlayChatMessage[]
+    temperature?: number
+  },
+  onDelta: (text: string) => void,
+  signal?: AbortSignal,
+): Promise<void> {
+  const token = localStorage.getItem('gpt2api.access') || ''
+  const resp = await fetch('/api/me/playground/chat', {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${token}`,
+    },
+    body: JSON.stringify({ ...req, stream: true }),
+    signal,
+  })
+  if (!resp.ok || !resp.body) {
+    const text = await resp.text().catch(() => '')
+    throw new Error(`chat ${resp.status}: ${text || resp.statusText}`)
+  }
+  const reader = resp.body.getReader()
+  const decoder = new TextDecoder('utf-8')
+  let buffer = ''
+  while (true) {
+    const { done, value } = await reader.read()
+    if (done) break
+    buffer += decoder.decode(value, { stream: true })
+    // SSE 按 "\n\n" 分块,每块内的 "data:" 是 JSON 或 "[DONE]"
+    const blocks = buffer.split('\n\n')
+    buffer = blocks.pop() || ''
+    for (const block of blocks) {
+      for (const line of block.split('\n')) {
+        if (!line.startsWith('data:')) continue
+        const data = line.slice(5).trim()
+        if (!data || data === '[DONE]') continue
+        try {
+          const chunk: ChatStreamChunk = JSON.parse(data)
+          const delta = chunk.choices?.[0]?.delta?.content
+          if (delta) onDelta(delta)
+        } catch {
+          // 忽略解析失败的心跳
+        }
+      }
+    }
+  }
+}
+
+// 文生图 / 图生图(同步)。图生图走 reference_images 字段:
+//   - /playground/image      : 走 JSON,reference_images 是 data:URL 数组
+//   - /playground/image-edit : 走 multipart/form-data,直接传 File 对象
+export interface PlayImageRequest {
+  model: string
+  prompt: string
+  n?: number
+  size?: string
+  reference_images?: string[] // base64 data:image/png;base64,... 支持多张参考图
+  // 本地 Catmull-Rom 高清放大档位:"" 原图 / "2k" 长边 2560 / "4k" 长边 3840。
+  // 服务端仅保存标记,放大在图片代理 URL 首次被请求时做,PNG 输出并进程内缓存。
+  upscale?: '' | '2k' | '4k'
+}
+
+export interface PlayImageData {
+  url: string
+  file_id?: string
+  revised_prompt?: string
+}
+
+export interface PlayImageResponse {
+  created: number
+  task_id?: string
+  data: PlayImageData[]
+}
+
+// 注意:返回是"裸 OpenAI 结构",不走我们的 ApiEnvelope,所以用 fetch。
+export async function playGenerateImage(
+  req: PlayImageRequest,
+  signal?: AbortSignal,
+): Promise<PlayImageResponse> {
+  const token = localStorage.getItem('gpt2api.access') || ''
+  const resp = await fetch('/api/me/playground/image', {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${token}`,
+    },
+    body: JSON.stringify(req),
+    signal,
+  })
+  if (!resp.ok) {
+    let detail = ''
+    try {
+      const body = await resp.json()
+      detail = body?.error?.message || body?.message || ''
+    } catch {
+      /* ignore */
+    }
+    throw new Error(detail || `image ${resp.status}: ${resp.statusText}`)
+  }
+  return (await resp.json()) as PlayImageResponse
+}
+
+// playEditImage 走 /playground/image-edit,multipart/form-data,严格对齐 /v1/images/edits 规范。
+// files 数组是 File 对象(来自 <input type="file"> 或拖拽),至少 1 张,最多 4 张。
+export async function playEditImage(
+  model: string,
+  prompt: string,
+  files: File[],
+  opts?: { n?: number; size?: string; upscale?: '' | '2k' | '4k'; signal?: AbortSignal },
+): Promise<PlayImageResponse> {
+  if (!files.length) throw new Error('至少需要选择一张参考图')
+  const token = localStorage.getItem('gpt2api.access') || ''
+  const fd = new FormData()
+  fd.append('model', model)
+  fd.append('prompt', prompt)
+  if (opts?.n) fd.append('n', String(opts.n))
+  if (opts?.size) fd.append('size', opts.size)
+  if (opts?.upscale) fd.append('upscale', opts.upscale)
+  files.forEach((f, idx) => {
+    // OpenAI 规范:第一张用 `image`,后续用 `image[]`;服务端两个字段都认。
+    fd.append(idx === 0 ? 'image' : 'image[]', f, f.name)
+  })
+  const resp = await fetch('/api/me/playground/image-edit', {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${token}`,
+    },
+    body: fd,
+    signal: opts?.signal,
+  })
+  if (!resp.ok) {
+    let detail = ''
+    try {
+      const body = await resp.json()
+      detail = body?.error?.message || body?.message || ''
+    } catch {
+      /* ignore */
+    }
+    throw new Error(detail || `image-edit ${resp.status}: ${resp.statusText}`)
+  }
+  return (await resp.json()) as PlayImageResponse
+}
diff --git a/web/src/api/proxies.ts b/web/src/api/proxies.ts
new file mode 100644
index 00000000..bf32e687
--- /dev/null
+++ b/web/src/api/proxies.ts
@@ -0,0 +1,104 @@
+import { http } from './http'
+
+export interface Proxy {
+  id: number
+  scheme: string          // http / https / socks5
+  host: string
+  port: number
+  username: string
+  country: string
+  isp: string
+  health_score: number
+  last_probe_at?: { Time: string; Valid: boolean } | string | null
+  last_error?: string
+  enabled: boolean
+  remark: string
+  created_at: string
+  updated_at?: string
+}
+
+export interface Page<T> {
+  list: T[]; total: number; page: number; page_size: number
+}
+
+export interface ProxyCreate {
+  scheme: string
+  host: string
+  port: number
+  username?: string
+  password?: string       // 明文,后端会加密
+  country?: string
+  isp?: string
+  enabled?: boolean
+  remark?: string
+}
+export type ProxyUpdate = ProxyCreate
+
+export function listProxies(params: { page?: number; page_size?: number } = {}) {
+  return http.get<any, Page<Proxy>>('/api/admin/proxies', { params })
+}
+export function createProxy(body: ProxyCreate) {
+  return http.post<any, Proxy>('/api/admin/proxies', body)
+}
+export function updateProxy(id: number, body: ProxyUpdate) {
+  return http.patch<any, Proxy>(`/api/admin/proxies/${id}`, body)
+}
+export function deleteProxy(id: number) {
+  return http.delete<any, { deleted: number }>(`/api/admin/proxies/${id}`)
+}
+
+export interface ProxyImportLine {
+  line: number
+  raw: string
+  status: 'created' | 'updated' | 'skipped' | 'invalid'
+  id?: number
+  error?: string
+}
+export interface ProxyImportResp {
+  items: ProxyImportLine[]
+  created: number
+  updated: number
+  skipped: number
+  invalid: number
+  total: number
+}
+export function importProxies(body: {
+  text: string
+  enabled?: boolean
+  country?: string
+  isp?: string
+  remark?: string
+  overwrite?: boolean
+}) {
+  return http.post<any, ProxyImportResp>('/api/admin/proxies/import', body)
+}
+
+// 单条探测结果
+export interface ProbeOneResp {
+  ok: boolean
+  latency_ms: number
+  error?: string
+  tried_at: string
+  health_score: number
+}
+export function probeProxy(id: number) {
+  return http.post<any, ProbeOneResp>(`/api/admin/proxies/${id}/probe`)
+}
+
+// 全量探测
+export interface ProbeItem {
+  proxy_id: number
+  ok: boolean
+  latency_ms: number
+  error?: string
+  tried_at: string
+}
+export interface ProbeAllResp {
+  total: number
+  ok: number
+  bad: number
+  items: ProbeItem[]
+}
+export function probeAllProxies() {
+  return http.post<any, ProbeAllResp>('/api/admin/proxies/probe-all')
+}
diff --git a/web/src/api/recharge.ts b/web/src/api/recharge.ts
new file mode 100644
index 00000000..3294ea1d
--- /dev/null
+++ b/web/src/api/recharge.ts
@@ -0,0 +1,76 @@
+import { http } from './http'
+
+// 面向用户 + 管理员。端点拆成 user / admin 两组。
+
+export interface Package {
+  id: number
+  name: string
+  price_cny: number            // 分
+  credits: number              // 厘
+  bonus: number
+  description: string
+  sort: number
+  enabled: boolean
+  created_at: string
+  updated_at: string
+}
+
+export interface Order {
+  id: number
+  out_trade_no: string
+  user_id: number
+  package_id: number
+  price_cny: number
+  credits: number
+  bonus: number
+  channel: string
+  pay_method: string
+  status: 'pending' | 'paid' | 'expired' | 'cancelled' | 'failed'
+  trade_no: string
+  paid_at?: string | null
+  pay_url?: string
+  remark?: string
+  created_at: string
+  updated_at: string
+}
+
+// ---------- user ----------
+
+export function listMyPackages(): Promise<{ items: Package[]; enabled: boolean }> {
+  return http.get('/api/recharge/packages')
+}
+export function createOrder(packageId: number, payType?: string): Promise<Order> {
+  return http.post('/api/recharge/orders', { package_id: packageId, pay_type: payType })
+}
+export function listMyOrders(params: { status?: string; limit?: number; offset?: number } = {}):
+  Promise<{ items: Order[]; total: number; limit: number; offset: number }> {
+  return http.get('/api/recharge/orders', { params })
+}
+export function cancelMyOrder(id: number) {
+  return http.post(`/api/recharge/orders/${id}/cancel`)
+}
+
+// ---------- admin ----------
+
+export function adminListPackages(): Promise<{ items: Package[]; total: number }> {
+  return http.get('/api/admin/recharge/packages')
+}
+export function adminCreatePackage(p: Partial<Package>): Promise<Package> {
+  return http.post('/api/admin/recharge/packages', p)
+}
+export function adminUpdatePackage(id: number, p: Partial<Package>): Promise<Package> {
+  return http.patch(`/api/admin/recharge/packages/${id}`, p)
+}
+export function adminDeletePackage(id: number) {
+  return http.delete(`/api/admin/recharge/packages/${id}`)
+}
+export function adminListOrders(params: {
+  user_id?: number; status?: string; limit?: number; offset?: number
+} = {}): Promise<{ items: Order[]; total: number; limit: number; offset: number }> {
+  return http.get('/api/admin/recharge/orders', { params })
+}
+export function adminForcePaid(id: number, adminPassword: string) {
+  return http.post(`/api/admin/recharge/orders/${id}/force-paid`, null, {
+    headers: { 'X-Admin-Confirm': adminPassword },
+  })
+}
diff --git a/web/src/api/settings.ts b/web/src/api/settings.ts
new file mode 100644
index 00000000..0912a427
--- /dev/null
+++ b/web/src/api/settings.ts
@@ -0,0 +1,32 @@
+import { http } from './http'
+
+// 系统设置 KV 条目(管理端用,带 schema)。
+export interface SettingItem {
+  key: string
+  value: string
+  type: 'string' | 'bool' | 'int' | 'email' | 'url' | string
+  category: 'site' | 'auth' | 'limit' | 'mail' | string
+  label: string
+  desc: string
+}
+
+export function listSettings(): Promise<{ items: SettingItem[] }> {
+  return http.get('/api/admin/settings')
+}
+
+export function updateSettings(items: Record<string, string>): Promise<{ updated: number }> {
+  return http.put('/api/admin/settings', { items })
+}
+
+export function reloadSettings(): Promise<{ reloaded: boolean }> {
+  return http.post('/api/admin/settings/reload')
+}
+
+export function sendTestEmail(to: string): Promise<{ sent: boolean; to: string }> {
+  return http.post('/api/admin/settings/test-email', { to })
+}
+
+// 匿名公开接口:返回登录页需要的站点元信息(site.name 等)。
+export function fetchSiteInfo(): Promise<Record<string, string>> {
+  return http.get('/api/public/site-info')
+}
diff --git a/web/src/api/stats.ts b/web/src/api/stats.ts
new file mode 100644
index 00000000..8416fa21
--- /dev/null
+++ b/web/src/api/stats.ts
@@ -0,0 +1,134 @@
+import { http } from './http'
+
+export interface Model {
+  id: number
+  slug: string
+  type: string                          // chat | image
+  upstream_model_slug: string
+  input_price_per_1m: number
+  output_price_per_1m: number
+  cache_read_price_per_1m: number
+  image_price_per_call: number
+  description: string
+  enabled: boolean
+  created_at: string
+  updated_at: string
+}
+
+export function listModels(): Promise<{ items: Model[]; total: number }> {
+  return http.get('/api/admin/models')
+}
+
+export interface ModelUpsert {
+  slug?: string
+  type: 'chat' | 'image'
+  upstream_model_slug: string
+  input_price_per_1m: number
+  output_price_per_1m: number
+  cache_read_price_per_1m: number
+  image_price_per_call: number
+  description: string
+  enabled?: boolean
+}
+
+export function createModel(body: ModelUpsert): Promise<Model> {
+  return http.post('/api/admin/models', body)
+}
+export function updateModel(id: number, body: ModelUpsert): Promise<Model> {
+  return http.put(`/api/admin/models/${id}`, body)
+}
+export function setModelEnabled(id: number, enabled: boolean) {
+  return http.patch(`/api/admin/models/${id}/enabled`, { enabled })
+}
+export function deleteModel(id: number) {
+  return http.delete(`/api/admin/models/${id}`)
+}
+
+// ---------- usage stats ----------
+
+export interface Overall {
+  requests: number
+  failures: number
+  chat_requests: number
+  image_images: number
+  input_tokens: number
+  output_tokens: number
+  credit_cost: number
+}
+
+export interface DailyPoint {
+  day: string
+  requests: number
+  failures: number
+  input_tokens: number
+  output_tokens: number
+  image_count: number
+  credit_cost: number
+}
+
+export interface ModelStat {
+  model_id: number
+  model_slug: string
+  type: string
+  requests: number
+  failures: number
+  input_tokens: number
+  output_tokens: number
+  image_count: number
+  credit_cost: number
+  avg_dur_ms: number
+}
+
+export interface UserStat {
+  user_id: number
+  email: string
+  requests: number
+  failures: number
+  credit_cost: number
+}
+
+export interface StatsResp {
+  overall: Overall
+  daily: DailyPoint[]
+  by_model: ModelStat[]
+  by_user: UserStat[]
+}
+
+export function getUsageStats(params: {
+  days?: number; top_n?: number;
+  user_id?: number; model_id?: number;
+  type?: string; status?: string;
+  since?: string; until?: string;
+} = {}): Promise<StatsResp> {
+  return http.get('/api/admin/usage/stats', { params })
+}
+
+// ---------- admin keys ----------
+
+export interface AdminKeyRow {
+  id: number
+  user_id: number
+  user_email: string
+  name: string
+  key_prefix: string
+  quota_limit: number
+  quota_used: number
+  rpm: number
+  tpm: number
+  enabled: boolean
+  last_used_at?: any
+  last_used_ip?: string
+  expires_at?: any
+  created_at: string
+}
+
+export function listAdminKeys(params: {
+  q?: string; user_id?: number; enabled?: '1' | '0' | '';
+  limit?: number; offset?: number;
+} = {}): Promise<{ items: AdminKeyRow[]; total: number; limit: number; offset: number }> {
+  return http.get('/api/admin/keys', { params })
+}
+
+export function setAdminKeyEnabled(id: number, enabled: boolean) {
+  return http.patch(`/api/admin/keys/${id}`, { enabled })
+}
diff --git a/web/src/components/Placeholder.vue b/web/src/components/Placeholder.vue
new file mode 100644
index 00000000..3dd78436
--- /dev/null
+++ b/web/src/components/Placeholder.vue
@@ -0,0 +1,36 @@
+<script setup lang="ts">
+defineProps<{
+  title: string
+  subtitle?: string
+  api?: string      // 提示后端 API 路径
+}>()
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <el-empty :description="subtitle || '该模块的前端还在施工中'">
+        <template #image>
+          <el-icon :size="64" color="#c0c4cc"><Coffee /></el-icon>
+        </template>
+        <div class="title">{{ title }}</div>
+        <div v-if="api" class="hint">
+          后端接口:<code>{{ api }}</code>
+        </div>
+        <div class="hint">你可以通过 Postman / curl 直接调用,或在下个版本里等待 UI 完工。</div>
+      </el-empty>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.title { font-size: 18px; font-weight: 600; margin-top: 4px; }
+.hint { color: var(--el-text-color-secondary); margin-top: 6px; font-size: 13px; }
+code {
+  background: #f2f3f5;
+  padding: 2px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+}
+</style>
diff --git a/web/src/config/feature.ts b/web/src/config/feature.ts
new file mode 100644
index 00000000..7a6b48cd
--- /dev/null
+++ b/web/src/config/feature.ts
@@ -0,0 +1,11 @@
+// 前端 feature flag。
+//
+// 统一管理"功能是否对用户可见"的开关。以后要恢复文字模型的 UI,只需把
+// ENABLE_CHAT_MODEL 改回 true,所有相关页面(在线体验 / 接口文档 / 用量统计 /
+// 后台模型管理 …)会同时出现对应入口。
+//
+// 当前关闭原因:文字通路受 chatgpt.com 新 sentinel 协议影响,在 turnstile
+// solver 接入前静默拒绝率很高,先把用户入口隐藏掉,避免误用扣费。后端路由
+// (/v1/chat/completions / /api/me/playground/chat)保留,方便后续重新开启
+// 和调试使用。
+export const ENABLE_CHAT_MODEL = false
diff --git a/web/src/env.d.ts b/web/src/env.d.ts
new file mode 100644
index 00000000..57f4a004
--- /dev/null
+++ b/web/src/env.d.ts
@@ -0,0 +1,15 @@
+/// <reference types="vite/client" />
+
+interface ImportMetaEnv {
+  readonly VITE_APP_TITLE: string
+  readonly VITE_API_BASE: string
+}
+interface ImportMeta {
+  readonly env: ImportMetaEnv
+}
+
+declare module '*.vue' {
+  import type { DefineComponent } from 'vue'
+  const component: DefineComponent<{}, {}, any>
+  export default component
+}
diff --git a/web/src/layouts/BasicLayout.vue b/web/src/layouts/BasicLayout.vue
new file mode 100644
index 00000000..81aa775b
--- /dev/null
+++ b/web/src/layouts/BasicLayout.vue
@@ -0,0 +1,430 @@
+<script setup lang="ts">
+import { computed, onMounted, onUnmounted, ref, watch } from 'vue'
+import { useRoute, useRouter } from 'vue-router'
+import { storeToRefs } from 'pinia'
+import { useUserStore } from '@/stores/user'
+import { useUIStore } from '@/stores/ui'
+import { useSiteStore } from '@/stores/site'
+import { brandParts } from '@/utils/brand'
+import { APP_VERSION } from '@/version'
+import type { MenuItem } from '@/api/auth'
+
+const store = useUserStore()
+const ui = useUIStore()
+const site = useSiteStore()
+const router = useRouter()
+const route = useRoute()
+
+const siteName = computed(() => site.get('site.name', 'GPT2API'))
+const siteLogo = computed(() => site.get('site.logo_url', ''))
+const siteFooter = computed(() => site.get('site.footer', ''))
+
+const brand = brandParts()
+const brandRepoHref = `https://${brand.repo}`
+const brandQQHref = `https://qm.qq.com/q/${brand.qq}`
+
+const { menu, user, role, permissions } = storeToRefs(store)
+const collapsed = ref(false)      // 桌面端折叠状态
+const drawerOpen = ref(false)     // 移动端抽屉展开状态
+const isMobile = ref(false)
+const loadingMenu = ref(false)
+
+const MOBILE_BP = 768
+
+function checkMobile() {
+  const mobile = window.innerWidth < MOBILE_BP
+  if (mobile !== isMobile.value) {
+    isMobile.value = mobile
+    if (!mobile) drawerOpen.value = false  // 切换到桌面时自动关抽屉
+  }
+}
+
+// 顶栏汉堡按钮行为:移动端控制抽屉,桌面端控制折叠
+function toggleSidebar() {
+  if (isMobile.value) {
+    drawerOpen.value = !drawerOpen.value
+  } else {
+    collapsed.value = !collapsed.value
+  }
+}
+
+// 侧栏图标:移动端始终用 Menu 图标,桌面端跟随折叠状态
+const menuIcon = computed(() => {
+  if (isMobile.value) return 'Menu'
+  return collapsed.value ? 'Expand' : 'Fold'
+})
+
+// 侧栏实际是否折叠(移动端抽屉展开时不折叠)
+const sideCollapsed = computed(() => isMobile.value ? false : collapsed.value)
+
+// 侧栏宽度(桌面端动态;移动端固定 240px 由 CSS 管理)
+const asideWidth = computed(() => isMobile.value ? '0px' : (collapsed.value ? '64px' : '220px'))
+
+const activePath = computed(() => route.path)
+
+const titleMap = computed(() => {
+  const m = new Map<string, string>()
+  function walk(items: MenuItem[]) {
+    for (const it of items) {
+      if (it.path) m.set(it.path, it.title)
+      if (it.children) walk(it.children)
+    }
+  }
+  walk(menu.value)
+  return m
+})
+
+const currentTitle = computed(() => titleMap.value.get(activePath.value) || (route.meta.title as string) || '')
+
+async function loadMenu() {
+  if (menu.value.length > 0) return
+  loadingMenu.value = true
+  try {
+    await store.fetchMenu()
+  } finally {
+    loadingMenu.value = false
+  }
+}
+
+async function logout() {
+  await store.logout()
+  router.replace('/login')
+}
+
+function goto(path?: string) {
+  if (path) router.push(path)
+}
+
+// 路由切换时关闭移动端抽屉
+watch(() => route.path, () => {
+  if (isMobile.value) drawerOpen.value = false
+})
+
+onMounted(() => {
+  checkMobile()
+  window.addEventListener('resize', checkMobile)
+  loadMenu()
+})
+onUnmounted(() => window.removeEventListener('resize', checkMobile))
+watch(() => store.isLoggedIn, (v) => { if (v) loadMenu() })
+</script>
+
+<template>
+  <el-container class="layout-root">
+    <!-- 移动端遮罩层 -->
+    <transition name="overlay-fade">
+      <div v-if="isMobile && drawerOpen" class="sidebar-overlay" @click="drawerOpen = false" />
+    </transition>
+
+    <!-- 侧栏:桌面 inline / 移动端 fixed drawer -->
+    <el-aside
+      :width="asideWidth"
+      class="sidebar"
+      :class="{ 'sidebar-mobile': isMobile, 'sidebar-open': isMobile && drawerOpen }"
+    >
+      <div class="logo">
+        <img v-if="siteLogo" :src="siteLogo" class="logo-img" alt="logo" />
+        <span v-else class="mark">{{ (siteName[0] || 'G').toUpperCase() }}</span>
+        <span v-if="!sideCollapsed" class="title">{{ siteName }}</span>
+      </div>
+      <el-menu
+        :default-active="activePath"
+        :collapse="sideCollapsed"
+        background-color="transparent"
+        text-color="#cfd3dc"
+        active-text-color="#ffffff"
+        class="side-menu"
+        router
+      >
+        <template v-for="group in menu" :key="group.key">
+          <el-menu-item v-if="!group.children?.length && group.path" :index="group.path">
+            <el-icon v-if="group.icon"><component :is="group.icon" /></el-icon>
+            <template #title>{{ group.title }}</template>
+          </el-menu-item>
+          <el-sub-menu v-else-if="group.children?.length" :index="group.key">
+            <template #title>
+              <el-icon v-if="group.icon"><component :is="group.icon" /></el-icon>
+              <span>{{ group.title }}</span>
+            </template>
+            <el-menu-item
+              v-for="child in group.children"
+              :key="child.key"
+              :index="child.path!"
+            >
+              <el-icon v-if="child.icon"><component :is="child.icon" /></el-icon>
+              <template #title>{{ child.title }}</template>
+            </el-menu-item>
+          </el-sub-menu>
+        </template>
+      </el-menu>
+
+      <div class="sidebar-version" :class="{ collapsed: sideCollapsed }">
+        <span class="ver-text">{{ sideCollapsed ? APP_VERSION.replace('v','') : APP_VERSION }}</span>
+      </div>
+    </el-aside>
+
+    <el-container class="right-container">
+      <el-header class="topbar">
+        <div class="left">
+          <el-button link @click="toggleSidebar">
+            <el-icon :size="18"><component :is="menuIcon" /></el-icon>
+          </el-button>
+          <span class="crumb">{{ currentTitle }}</span>
+        </div>
+        <div class="right">
+          <el-tooltip :content="ui.isDark ? '切换到亮色' : '切换到暗色'" placement="bottom">
+            <el-button link class="theme-btn" @click="ui.toggleDark()">
+              <el-icon :size="18">
+                <component :is="ui.isDark ? 'Sunny' : 'Moon'" />
+              </el-icon>
+            </el-button>
+          </el-tooltip>
+          <el-dropdown trigger="click" @command="(c: string) => c === 'logout' ? logout() : goto(c)">
+            <span class="user-entry">
+              <el-avatar :size="28" style="background:#409eff">
+                {{ (user?.nickname || user?.email || 'U').slice(0, 1).toUpperCase() }}
+              </el-avatar>
+              <span class="nick">{{ user?.nickname || user?.email }}</span>
+              <el-tag v-if="role === 'admin' && !isMobile" type="warning" size="small">管理员</el-tag>
+              <el-icon><ArrowDown /></el-icon>
+            </span>
+            <template #dropdown>
+              <el-dropdown-menu>
+                <el-dropdown-item command="/personal/dashboard">
+                  <el-icon><User /></el-icon> 个人中心
+                </el-dropdown-item>
+                <el-dropdown-item command="/personal/billing">
+                  <el-icon><Wallet /></el-icon> 账单
+                </el-dropdown-item>
+                <el-dropdown-item divided command="logout">
+                  <el-icon><SwitchButton /></el-icon> 退出登录
+                </el-dropdown-item>
+              </el-dropdown-menu>
+            </template>
+          </el-dropdown>
+        </div>
+      </el-header>
+
+      <el-main class="main" v-loading="loadingMenu">
+        <router-view v-slot="{ Component }">
+          <transition name="fade" mode="out-in">
+            <component :is="Component" />
+          </transition>
+        </router-view>
+      </el-main>
+
+      <el-footer class="footer">
+        <div class="footer-line brand-line">
+          <b class="brand-name">{{ brand.brand }}</b>
+          <span class="sep">{{ brand.sep }}</span>
+          <span>{{ brand.qqLabel }}</span>
+          <a :href="brandQQHref" target="_blank" rel="noopener" class="footer-link">{{ brand.qq }}</a>
+          <span class="sep">{{ brand.sep }}</span>
+          <span>{{ brand.repoLabel }}</span>
+          <a :href="brandRepoHref" target="_blank" rel="noopener" class="footer-link">{{ brand.repo }}</a>
+          <span class="sep">{{ brand.sep }}</span>
+          <span>{{ brand.picLabel }}</span>
+          <a :href="brand.picUrl" target="_blank" rel="noopener" class="footer-link pic-link">{{ brand.picText }}</a>
+        </div>
+        <div v-if="siteFooter" class="footer-line footer-custom">{{ siteFooter }}</div>
+      </el-footer>
+    </el-container>
+  </el-container>
+</template>
+
+<style scoped lang="scss">
+// ─── 根容器 ──────────────────────────────────────────────────────────────────
+.layout-root { height: 100vh; overflow: hidden; }
+
+.right-container { min-width: 0; flex: 1; overflow: hidden; }
+
+// ─── 侧栏 ────────────────────────────────────────────────────────────────────
+.sidebar {
+  background: var(--gp-sidebar-bg);
+  transition: width .22s ease;
+  overflow-x: hidden;
+  display: flex !important;
+  flex-direction: column;
+  .side-menu {
+    flex: 1;
+    overflow-y: auto;
+    overflow-x: hidden;
+  }
+}
+
+// 移动端：侧栏脱离文档流变成 fixed overlay drawer
+.sidebar-mobile {
+  position: fixed !important;
+  left: 0;
+  top: 0;
+  height: 100vh;
+  width: 240px !important;  // 覆盖 :width 绑定
+  z-index: 1001;
+  transform: translateX(-100%);
+  transition: transform .25s ease, box-shadow .25s ease;
+  box-shadow: none;
+}
+.sidebar-mobile.sidebar-open {
+  transform: translateX(0);
+  box-shadow: 4px 0 24px rgba(0, 0, 0, 0.35);
+}
+
+// 移动端遮罩
+.sidebar-overlay {
+  position: fixed;
+  inset: 0;
+  background: rgba(0, 0, 0, 0.45);
+  z-index: 1000;
+}
+.overlay-fade-enter-active, .overlay-fade-leave-active { transition: opacity .25s; }
+.overlay-fade-enter-from, .overlay-fade-leave-to { opacity: 0; }
+
+// ─── Logo ─────────────────────────────────────────────────────────────────────
+.logo {
+  height: 60px;
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  padding: 0 16px;
+  color: #fff;
+  font-weight: 700;
+  letter-spacing: 1px;
+  flex-shrink: 0;
+  .logo-img {
+    width: 32px; height: 32px; border-radius: 8px;
+    object-fit: contain; background: #fff;
+  }
+  .mark {
+    display: inline-flex;
+    width: 32px; height: 32px;
+    border-radius: 8px;
+    background: linear-gradient(135deg,#409eff,#67c23a);
+    align-items: center; justify-content: center;
+    font-size: 14px;
+    flex-shrink: 0;
+  }
+  .title { font-size: 16px; white-space: nowrap; overflow: hidden; }
+}
+
+.side-menu {
+  border-right: none !important;
+  --el-menu-hover-bg-color: rgba(255,255,255,0.06);
+}
+
+// ─── 顶栏 ─────────────────────────────────────────────────────────────────────
+.topbar {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  height: 56px;
+  min-height: 56px;
+  background: var(--el-bg-color);
+  color: var(--el-text-color-primary);
+  border-bottom: 1px solid var(--el-border-color-light);
+  padding: 0 18px;
+  flex-shrink: 0;
+  .left { display: flex; align-items: center; gap: 10px; min-width: 0; }
+  .crumb {
+    font-size: 16px;
+    font-weight: 600;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+  }
+  .user-entry {
+    display: inline-flex;
+    align-items: center;
+    gap: 8px;
+    cursor: pointer;
+    color: var(--el-text-color-primary);
+    .nick {
+      font-size: 14px;
+      max-width: 120px;
+      overflow: hidden;
+      text-overflow: ellipsis;
+      white-space: nowrap;
+    }
+  }
+  .right {
+    display: inline-flex;
+    align-items: center;
+    gap: 10px;
+    flex-shrink: 0;
+  }
+  .theme-btn { padding: 0 6px; }
+}
+
+// ─── 主区 ─────────────────────────────────────────────────────────────────────
+.main {
+  background: var(--gp-bg);
+  padding: 0;
+  overflow-y: auto;
+  overflow-x: hidden;
+}
+
+// ─── 页脚 ─────────────────────────────────────────────────────────────────────
+.footer {
+  background: transparent;
+  text-align: center;
+  color: var(--el-text-color-secondary);
+  font-size: 12px;
+  padding: 6px 12px;
+  height: auto;
+  min-height: 36px;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  gap: 2px;
+  flex-shrink: 0;
+}
+.footer-line { line-height: 1.6; }
+.brand-line .brand-name {
+  color: var(--el-color-primary);
+  letter-spacing: 0.5px;
+  margin-right: 4px;
+}
+.brand-line .sep {
+  color: var(--el-text-color-disabled);
+  margin: 0 4px;
+  user-select: none;
+}
+.footer-custom { color: var(--el-text-color-placeholder); font-size: 11px; }
+.footer-link { color: var(--el-color-primary); text-decoration: none; margin: 0 2px; }
+.footer-link.pic-link { color: var(--el-color-success); }
+.footer-link:hover { text-decoration: underline; }
+
+// ─── 过渡 ─────────────────────────────────────────────────────────────────────
+.fade-enter-active, .fade-leave-active { transition: opacity .15s; }
+.fade-enter-from, .fade-leave-to { opacity: 0; }
+
+// ─── 版本号 ───────────────────────────────────────────────────────────────────
+.sidebar-version {
+  position: sticky;
+  bottom: 0;
+  padding: 10px 16px;
+  text-align: center;
+  border-top: 1px solid rgba(255,255,255,0.07);
+  background: var(--gp-sidebar-bg);
+  flex-shrink: 0;
+  .ver-text {
+    display: inline-block;
+    font-size: 11px;
+    color: rgba(255,255,255,0.28);
+    letter-spacing: 0.5px;
+    user-select: none;
+    white-space: nowrap;
+  }
+  &.collapsed .ver-text { font-size: 9px; letter-spacing: 0; }
+}
+
+// ─── 移动端补丁 ───────────────────────────────────────────────────────────────
+@media (max-width: 767px) {
+  .topbar {
+    padding: 0 12px;
+    .crumb { font-size: 14px; }
+    .nick { display: none; }
+  }
+  .footer { display: none; }  // 移动端页脚占空间,隐藏
+}
+</style>
diff --git a/web/src/layouts/BlankLayout.vue b/web/src/layouts/BlankLayout.vue
new file mode 100644
index 00000000..35e092a1
--- /dev/null
+++ b/web/src/layouts/BlankLayout.vue
@@ -0,0 +1,62 @@
+<script setup lang="ts">
+import { brandParts } from '@/utils/brand'
+
+const brand = brandParts()
+const brandRepoHref = `https://${brand.repo}`
+const brandQQHref = `https://qm.qq.com/q/${brand.qq}`
+</script>
+
+<template>
+  <div class="blank-layout">
+    <router-view />
+    <div class="blank-footer">
+      <b class="brand-name">{{ brand.brand }}</b>
+      <span class="sep">{{ brand.sep }}</span>
+      <span>{{ brand.qqLabel }}</span>
+      <a :href="brandQQHref" target="_blank" rel="noopener" class="footer-link">{{ brand.qq }}</a>
+      <span class="sep">{{ brand.sep }}</span>
+      <span>{{ brand.repoLabel }}</span>
+      <a :href="brandRepoHref" target="_blank" rel="noopener" class="footer-link">{{ brand.repo }}</a>
+      <span class="sep">{{ brand.sep }}</span>
+      <span>{{ brand.picLabel }}</span>
+      <a :href="brand.picUrl" target="_blank" rel="noopener" class="footer-link pic-link">{{ brand.picText }}</a>
+    </div>
+  </div>
+</template>
+
+<style scoped>
+.blank-layout {
+  min-height: 100vh;
+  position: relative;
+  padding-bottom: 40px;
+  box-sizing: border-box;
+}
+.blank-footer {
+  position: absolute;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  text-align: center;
+  padding: 10px 12px;
+  font-size: 12px;
+  color: var(--el-text-color-secondary, #909399);
+  line-height: 1.6;
+}
+.blank-footer .brand-name {
+  color: var(--el-color-primary, #409eff);
+  letter-spacing: 0.5px;
+  margin-right: 4px;
+}
+.blank-footer .sep {
+  color: var(--el-text-color-disabled, #c0c4cc);
+  margin: 0 4px;
+  user-select: none;
+}
+.footer-link {
+  color: var(--el-color-primary, #409eff);
+  text-decoration: none;
+  margin: 0 2px;
+}
+.footer-link.pic-link { color: var(--el-color-success, #67c23a); }
+.footer-link:hover { text-decoration: underline; }
+</style>
diff --git a/web/src/main.ts b/web/src/main.ts
new file mode 100644
index 00000000..3f09fc42
--- /dev/null
+++ b/web/src/main.ts
@@ -0,0 +1,37 @@
+import { createApp } from 'vue'
+import { createPinia } from 'pinia'
+import piniaPersist from 'pinia-plugin-persistedstate'
+import ElementPlus from 'element-plus'
+import 'element-plus/dist/index.css'
+import 'element-plus/theme-chalk/dark/css-vars.css'
+import zhCn from 'element-plus/es/locale/lang/zh-cn'
+import * as ElementIcons from '@element-plus/icons-vue'
+
+import App from './App.vue'
+import router from './router'
+import './styles/global.scss'
+import { useSiteStore } from './stores/site'
+import { printBrandToConsole, startBrandGuard } from './utils/brand'
+
+const app = createApp(App)
+
+const pinia = createPinia()
+pinia.use(piniaPersist)
+app.use(pinia)
+app.use(router)
+app.use(ElementPlus, { size: 'default', locale: zhCn })
+
+// 把 element icons 作为全局组件注册,模板里可直接 <el-icon><Setting /></el-icon>
+for (const [name, comp] of Object.entries(ElementIcons)) {
+  app.component(name, comp as never)
+}
+
+// 启动即异步拉取站点公开信息(匿名即可,失败静默),
+// 用于登录页 / 注册页 / 顶栏统一展示 site.name / logo / 是否允许注册 等。
+useSiteStore(pinia).refresh()
+
+// 版权水印 + 防篡改守卫(不要删除)
+printBrandToConsole()
+startBrandGuard()
+
+app.mount('#app')
diff --git a/web/src/router/index.ts b/web/src/router/index.ts
new file mode 100644
index 00000000..f212dee3
--- /dev/null
+++ b/web/src/router/index.ts
@@ -0,0 +1,135 @@
+import { createRouter, createWebHistory, type RouteRecordRaw } from 'vue-router'
+import BasicLayout from '@/layouts/BasicLayout.vue'
+import BlankLayout from '@/layouts/BlankLayout.vue'
+import { useUserStore } from '@/stores/user'
+
+/**
+ * 路由约定:
+ *
+ *   meta.public    true  不需要登录
+ *   meta.perm      string | string[]  需要任一权限
+ *   meta.title     浏览器标签标题
+ *
+ * 这是前端静态路由表。后端 /api/me/menu 返回的是 UI 菜单,两者并不强绑定:
+ * 即便菜单不显示,只要用户输入了正确 URL 且持有权限,也能访问对应页面。
+ * 真正的守门人在后端 middleware.RequirePerm,前端只是体验优化。
+ */
+const routes: RouteRecordRaw[] = [
+  // 首页:自带导航 + hero + 界面预览 + 技术栈 + 部署 + 完整 footer,
+  // 不套 BlankLayout(避免 BlankLayout 的简短广告 footer 和 Home 自身的 footer 重复)。
+  {
+    path: '/',
+    component: () => import('@/views/landing/Home.vue'),
+    meta: { public: true, title: 'GPT2API · ChatGPT 兼容 SaaS 网关 · IMG2 终稿直出 · 批量出图' },
+  },
+  {
+    path: '/',
+    component: BlankLayout,
+    meta: { public: true },
+    children: [
+      { path: 'login', component: () => import('@/views/auth/Login.vue'), meta: { public: true, title: '登录' } },
+      { path: 'register', component: () => import('@/views/auth/Register.vue'), meta: { public: true, title: '注册' } },
+    ],
+  },
+  {
+    path: '/personal',
+    component: BasicLayout,
+    redirect: '/personal/dashboard',
+    children: [
+      { path: 'dashboard', component: () => import('@/views/personal/Dashboard.vue'),
+        meta: { title: '个人总览', perm: 'self:profile' } },
+      { path: 'keys', component: () => import('@/views/personal/ApiKeys.vue'),
+        meta: { title: 'API Keys', perm: 'self:key' } },
+      { path: 'usage', component: () => import('@/views/personal/Usage.vue'),
+        meta: { title: '使用记录', perm: 'self:usage' } },
+      { path: 'billing', component: () => import('@/views/personal/Billing.vue'),
+        meta: { title: '账单与充值', perm: 'self:recharge' } },
+      { path: 'play', component: () => import('@/views/personal/OnlinePlay.vue'),
+        meta: { title: '在线体验', perm: ['self:image', 'self:usage'] } },
+      { path: 'docs', component: () => import('@/views/personal/ApiDocs.vue'),
+        meta: { title: '接口文档', perm: ['self:usage', 'self:image'] } },
+      // 旧路径兼容
+      { path: 'playground', redirect: '/personal/docs' },
+      { path: 'images', redirect: '/personal/play' },
+    ],
+  },
+  {
+    path: '/admin',
+    component: BasicLayout,
+    redirect: '/admin/users',
+    children: [
+      { path: 'users', component: () => import('@/views/admin/Users.vue'),
+        meta: { title: '用户管理', perm: 'user:read' } },
+      { path: 'credits', component: () => import('@/views/admin/Credits.vue'),
+        meta: { title: '积分管理', perm: 'user:credit' } },
+      { path: 'recharges', component: () => import('@/views/admin/Recharges.vue'),
+        meta: { title: '充值订单', perm: 'recharge:manage' } },
+      { path: 'accounts', component: () => import('@/views/admin/Accounts.vue'),
+        meta: { title: 'GPT账号', perm: 'account:read' } },
+      { path: 'proxies', component: () => import('@/views/admin/Proxies.vue'),
+        meta: { title: '代理管理', perm: 'proxy:read' } },
+      { path: 'models', component: () => import('@/views/admin/Models.vue'),
+        meta: { title: '模型配置', perm: ['model:read', 'model:write'] } },
+      { path: 'channels', component: () => import('@/views/admin/Channels.vue'),
+        meta: { title: '上游渠道', perm: ['channel:read', 'channel:write'] } },
+      { path: 'groups', component: () => import('@/views/admin/Groups.vue'),
+        meta: { title: '用户分组', perm: 'group:write' } },
+      { path: 'usage', component: () => import('@/views/admin/UsageStats.vue'),
+        meta: { title: '用量统计', perm: 'usage:read_all' } },
+      { path: 'keys', component: () => import('@/views/admin/AdminKeys.vue'),
+        meta: { title: '全局 Keys', perm: 'key:read_all' } },
+      { path: 'image-tasks', component: () => import('@/views/admin/ImageTasks.vue'),
+        meta: { title: '生成记录', perm: 'usage:read_all' } },
+      { path: 'audit', component: () => import('@/views/admin/Audit.vue'),
+        meta: { title: '审计日志', perm: 'audit:read' } },
+      { path: 'backup', component: () => import('@/views/admin/Backup.vue'),
+        meta: { title: '数据备份', perm: 'system:backup' } },
+      { path: 'settings', component: () => import('@/views/admin/Settings.vue'),
+        meta: { title: '系统设置', perm: 'system:setting' } },
+    ],
+  },
+  {
+    path: '/403',
+    component: () => import('@/views/Error403.vue'),
+    meta: { public: true, title: '403' },
+  },
+  {
+    path: '/:pathMatch(.*)*',
+    component: () => import('@/views/Error404.vue'),
+    meta: { public: true, title: '404' },
+  },
+]
+
+const router = createRouter({
+  history: createWebHistory(),
+  routes,
+})
+
+router.beforeEach(async (to) => {
+  const store = useUserStore()
+  const title = (to.meta.title as string) || 'GPT2API 控制台'
+  document.title = title
+
+  if (to.meta.public) return true
+
+  if (!store.isLoggedIn) {
+    return { path: '/login', query: { redirect: to.fullPath } }
+  }
+
+  // 还没拉过 me,先补一次(可能来自刷新)
+  if (!store.user || store.permissions.length === 0) {
+    try {
+      await store.fetchMe()
+    } catch {
+      return { path: '/login', query: { redirect: to.fullPath } }
+    }
+  }
+
+  const perm = to.meta.perm as string | string[] | undefined
+  if (perm && !store.hasPerm(perm)) {
+    return { path: '/403' }
+  }
+  return true
+})
+
+export default router
diff --git a/web/src/stores/site.ts b/web/src/stores/site.ts
new file mode 100644
index 00000000..723a79da
--- /dev/null
+++ b/web/src/stores/site.ts
@@ -0,0 +1,64 @@
+import { defineStore } from 'pinia'
+import { ref } from 'vue'
+import { fetchSiteInfo } from '@/api/settings'
+
+/**
+ * Site store 缓存站点公开信息:
+ *   site.name / site.description / site.logo_url / site.footer / site.contact_email
+ *   auth.allow_register   — 用于登录/注册页判定是否展示注册入口
+ *
+ * 页面启动时 refresh() 一次即可;管理员改完设置会再触发一次 refresh。
+ * 不依赖 token,匿名也能拿。
+ */
+export const useSiteStore = defineStore('site', () => {
+  const info = ref<Record<string, string>>({
+    'site.name': 'GPT2API',
+    'site.description': '企业级 OpenAI 兼容网关',
+    'site.logo_url': '',
+    'site.footer': '',
+    'site.contact_email': '',
+    'auth.allow_register': 'true',
+  })
+  const loaded = ref(false)
+
+  async function refresh() {
+    try {
+      const d = await fetchSiteInfo()
+      info.value = { ...info.value, ...d }
+    } catch {
+      // 静默失败,保持默认值。后端未起或权限中间件变化时,前端仍可渲染。
+    } finally {
+      loaded.value = true
+      applyDocumentTitle()
+      applyFavicon()
+    }
+  }
+
+  function applyDocumentTitle() {
+    const n = info.value['site.name'] || 'GPT2API'
+    document.title = `${n} 控制台`
+  }
+
+  function applyFavicon() {
+    const url = info.value['site.logo_url']
+    if (!url) return
+    let link = document.querySelector<HTMLLinkElement>('link[rel~="icon"]')
+    if (!link) {
+      link = document.createElement('link')
+      link.rel = 'icon'
+      document.head.appendChild(link)
+    }
+    link.href = url
+  }
+
+  function get(key: string, fallback = ''): string {
+    const v = info.value[key]
+    return v == null || v === '' ? fallback : v
+  }
+  function allowRegister(): boolean {
+    const v = (info.value['auth.allow_register'] || '').toLowerCase()
+    return v === 'true' || v === '1' || v === 'yes'
+  }
+
+  return { info, loaded, refresh, get, allowRegister }
+})
diff --git a/web/src/stores/ui.ts b/web/src/stores/ui.ts
new file mode 100644
index 00000000..0193a8c1
--- /dev/null
+++ b/web/src/stores/ui.ts
@@ -0,0 +1,21 @@
+import { defineStore } from 'pinia'
+import { useDark, useToggle } from '@vueuse/core'
+
+/**
+ * UI 偏好:黑暗模式切换。
+ * Element Plus 的 dark 模式通过在 <html> 上加 `class="dark"` 生效,
+ * 所以这里配置 useDark 去改根元素 class。
+ *
+ * 持久化:由 @vueuse 的 useStorage 接管(默认 key=vueuse-color-scheme)。
+ */
+export const useUIStore = defineStore('ui', () => {
+  const isDark = useDark({
+    selector: 'html',
+    attribute: 'class',
+    valueDark: 'dark',
+    valueLight: '',
+    storageKey: 'gpt2api.theme',
+  })
+  const toggleDark = useToggle(isDark)
+  return { isDark, toggleDark }
+})
diff --git a/web/src/stores/user.ts b/web/src/stores/user.ts
new file mode 100644
index 00000000..bdf380f2
--- /dev/null
+++ b/web/src/stores/user.ts
@@ -0,0 +1,100 @@
+import { defineStore } from 'pinia'
+import { computed, ref } from 'vue'
+import * as authApi from '@/api/auth'
+import { TOKEN_KEY, REFRESH_KEY } from '@/api/http'
+
+export const useUserStore = defineStore(
+  'user',
+  () => {
+    const accessToken = ref<string>(localStorage.getItem(TOKEN_KEY) || '')
+    const refreshToken = ref<string>(localStorage.getItem(REFRESH_KEY) || '')
+    const user = ref<authApi.UserInfo | null>(null)
+    const permissions = ref<string[]>([])
+    const role = ref<string>('')
+    const menu = ref<authApi.MenuItem[]>([])
+
+    const isLoggedIn = computed(() => !!accessToken.value)
+    const isAdmin = computed(() => role.value === 'admin')
+
+    function setTokens(tp: authApi.TokenPair) {
+      accessToken.value = tp.access_token
+      refreshToken.value = tp.refresh_token
+      localStorage.setItem(TOKEN_KEY, tp.access_token)
+      localStorage.setItem(REFRESH_KEY, tp.refresh_token)
+    }
+
+    async function login(email: string, password: string) {
+      const data = await authApi.login({ email, password })
+      setTokens(data.token)
+      user.value = data.user
+      // 登录后拉一次 me(得到 permissions),顺便拉 menu
+      await fetchMe()
+    }
+
+    async function register(email: string, password: string, nickname?: string) {
+      await authApi.register({ email, password, nickname })
+    }
+
+    async function fetchMe() {
+      const data = await authApi.getMe()
+      user.value = data.user
+      role.value = data.role
+      permissions.value = data.permissions || []
+    }
+
+    async function fetchMenu() {
+      const data = await authApi.getMenu()
+      menu.value = data.menu || []
+      role.value = data.role
+      permissions.value = data.permissions || []
+    }
+
+    function hasPerm(perm: string | string[]): boolean {
+      if (!perm) return true
+      const arr = Array.isArray(perm) ? perm : [perm]
+      if (arr.length === 0) return true
+      return arr.some((p) => permissions.value.includes(p))
+    }
+
+    function clear() {
+      accessToken.value = ''
+      refreshToken.value = ''
+      user.value = null
+      permissions.value = []
+      role.value = ''
+      menu.value = []
+      localStorage.removeItem(TOKEN_KEY)
+      localStorage.removeItem(REFRESH_KEY)
+    }
+
+    async function logout() {
+      clear()
+    }
+
+    return {
+      accessToken,
+      refreshToken,
+      user,
+      role,
+      permissions,
+      menu,
+      isLoggedIn,
+      isAdmin,
+      setTokens,
+      login,
+      register,
+      fetchMe,
+      fetchMenu,
+      hasPerm,
+      clear,
+      logout,
+    }
+  },
+  {
+    // 持久化 token 和 user,避免刷新后闪屏
+    persist: {
+      key: 'gpt2api.user-store',
+      paths: ['accessToken', 'refreshToken', 'user', 'role', 'permissions'],
+    },
+  },
+)
diff --git a/web/src/styles/global.scss b/web/src/styles/global.scss
new file mode 100644
index 00000000..32f9b7f9
--- /dev/null
+++ b/web/src/styles/global.scss
@@ -0,0 +1,233 @@
+:root {
+  --gp-bg: #f5f7fa;
+  --gp-sidebar-bg: #1f2330;
+  --gp-sidebar-active: #409eff;
+  --gp-card-shadow: 0 1px 4px rgba(0, 21, 41, 0.05);
+}
+
+html.dark {
+  --gp-bg: #0d1117;
+  --gp-sidebar-bg: #0b0e14;
+  --gp-card-shadow: 0 1px 4px rgba(0, 0, 0, 0.35);
+}
+
+html, body, #app {
+  height: 100%;
+  margin: 0;
+  padding: 0;
+}
+
+#app {
+  background: var(--gp-bg);
+}
+
+.page-title {
+  font-size: 18px;
+  font-weight: 600;
+  margin: 0 0 16px;
+  color: var(--el-text-color-primary);
+}
+
+.page-container {
+  padding: 20px;
+}
+
+.card-block {
+  background: var(--el-bg-color);
+  border-radius: 8px;
+  padding: 18px 20px;
+  box-shadow: var(--gp-card-shadow);
+  + .card-block { margin-top: 16px; }
+}
+
+.flex-between {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  gap: 12px;
+}
+.flex-wrap-gap {
+  display: flex;
+  gap: 12px;
+  flex-wrap: wrap;
+  align-items: center;
+}
+
+// 表格内按钮紧凑
+.el-table .el-button + .el-button { margin-left: 6px; }
+
+// ─── 移动端响应式 ─────────────────────────────────────────────────────────────
+
+// 表格容器:超宽时横向滚动
+.table-wrap {
+  width: 100%;
+  overflow-x: auto;
+  -webkit-overflow-scrolling: touch;
+}
+
+// 工具栏(搜索区 + 操作按钮):小屏自动换行
+.toolbar {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  flex-wrap: wrap;
+  margin-bottom: 16px;
+}
+
+@media (max-width: 767px) {
+  .page-container {
+    padding: 12px;
+  }
+
+  .card-block {
+    padding: 14px 12px;
+  }
+
+  .page-title {
+    font-size: 16px;
+    margin-bottom: 12px;
+  }
+
+  // 表格横向滚动
+  .el-table {
+    overflow-x: auto;
+    font-size: 13px;
+  }
+
+  // 操作列按钮纵向排列
+  .el-table .cell .el-button {
+    margin: 2px 0;
+    display: block;
+    width: 100%;
+  }
+
+  // 分页组件紧凑
+  .el-pagination {
+    justify-content: center;
+    flex-wrap: wrap;
+    gap: 4px;
+
+    .el-pagination__total,
+    .el-pagination__sizes {
+      display: none;
+    }
+  }
+
+  // 对话框全屏化
+  .el-dialog {
+    width: 95vw !important;
+    margin: 4vh auto !important;
+  }
+
+  // 表单标签换行
+  .el-form-item {
+    .el-form-item__label {
+      float: none;
+      display: block;
+      text-align: left;
+      padding-bottom: 4px;
+      line-height: 1.4;
+    }
+    .el-form-item__content {
+      margin-left: 0 !important;
+    }
+  }
+
+  // flex-between 在移动端改为换行
+  .flex-between {
+    flex-wrap: wrap;
+  }
+}
+
+/* ------------------------------------------------------------------
+ * 滚动条统一风格
+ *
+ *  - 全局:细细一条(8px),圆角,半透明灰
+ *  - 暗色主题自动加深
+ *  - 左侧深色 sidebar 用专属深色滚动条,避免白白一条贴在暗色面板上很突兀
+ *  - 覆盖范围:浏览器原生滚动(<main>、el-aside、el-table 等)+
+ *            Firefox 的 scrollbar-color / scrollbar-width
+ *
+ *  注意:Element Plus 的 el-select / el-scrollbar 用的是自绘的 bar,不受这里影响。
+ * ------------------------------------------------------------------ */
+
+/* Firefox */
+* {
+  scrollbar-width: thin;
+  scrollbar-color: rgba(144, 147, 153, 0.45) transparent;
+}
+
+/* WebKit / Blink(Chrome / Edge / Safari / Electron) */
+*::-webkit-scrollbar {
+  width: 8px;
+  height: 8px;
+}
+*::-webkit-scrollbar-track {
+  background: transparent;
+}
+*::-webkit-scrollbar-thumb {
+  background: rgba(144, 147, 153, 0.35);
+  border-radius: 999px;
+  border: 2px solid transparent;       /* 做成两侧留白的胶囊 */
+  background-clip: padding-box;
+  transition: background .2s;
+}
+*::-webkit-scrollbar-thumb:hover {
+  background: rgba(144, 147, 153, 0.65);
+  background-clip: padding-box;
+}
+*::-webkit-scrollbar-corner {
+  background: transparent;
+}
+
+/* 深色主题下再加深对比 */
+html.dark {
+  * { scrollbar-color: rgba(255, 255, 255, 0.22) transparent; }
+
+  *::-webkit-scrollbar-thumb {
+    background: rgba(255, 255, 255, 0.18);
+    background-clip: padding-box;
+  }
+  *::-webkit-scrollbar-thumb:hover {
+    background: rgba(255, 255, 255, 0.32);
+    background-clip: padding-box;
+  }
+}
+
+/* 左侧深色 sidebar:scrollbar 要比 body 更暗更隐形 */
+.el-aside.sidebar {
+  scrollbar-width: thin;
+  scrollbar-color: rgba(255, 255, 255, 0.18) transparent;
+
+  &::-webkit-scrollbar {
+    width: 6px;
+    height: 6px;
+  }
+  &::-webkit-scrollbar-thumb {
+    background: rgba(255, 255, 255, 0.14);
+    border-radius: 999px;
+    border: 1px solid transparent;
+    background-clip: padding-box;
+  }
+  &::-webkit-scrollbar-thumb:hover {
+    background: rgba(255, 255, 255, 0.30);
+    background-clip: padding-box;
+  }
+}
+
+/* Element Plus 自绘滚动条(下拉菜单 / 虚拟滚动)也统一一下粗细和颜色 */
+.el-scrollbar__bar {
+  &.is-vertical > .el-scrollbar__thumb,
+  &.is-horizontal > .el-scrollbar__thumb {
+    background-color: rgba(144, 147, 153, 0.45);
+    border-radius: 999px;
+  }
+  &.is-vertical { width: 6px; }
+  &.is-horizontal { height: 6px; }
+}
+html.dark .el-scrollbar__bar {
+  &.is-vertical > .el-scrollbar__thumb,
+  &.is-horizontal > .el-scrollbar__thumb {
+    background-color: rgba(255, 255, 255, 0.28);
+  }
+}
diff --git a/web/src/utils/brand.ts b/web/src/utils/brand.ts
new file mode 100644
index 00000000..c9b0ca5c
--- /dev/null
+++ b/web/src/utils/brand.ts
@@ -0,0 +1,157 @@
+// 品牌 / 广告水印。
+//
+// 这里的字符串经过 XOR + Base64 双层混淆,目的是阻止二次分发者用简单的全局搜索
+// (grep "382446" / "pic2api" / "432539" 等)把广告/版权一键删除。
+// 解码逻辑仅在浏览器运行时进行,渲染后才是可读明文。想要去掉,需要搞懂 _d 的
+// 解码、然后在多个调用点(footer / console watermark / 页面守卫)里同步替换 ——
+// 所以请尊重开源作者,保留这份署名。
+
+const _K = new Uint8Array([0x4f, 0x17, 0x9a, 0x3b])
+
+// 解码:Base64 → XOR → UTF-8
+function _d(enc: string): string {
+  const bin = atob(enc)
+  const u = new Uint8Array(bin.length)
+  for (let i = 0; i < bin.length; i++) u[i] = bin.charCodeAt(i) ^ _K[i % _K.length]
+  return new TextDecoder('utf-8').decode(u)
+}
+
+// 预计算片段(XOR-key=0x4F17 9A3B, Base64)
+const _F = {
+  BRAND: 'CEfOCQ5H0w==',
+  QQ_PREFIX: 'Hka63/WzfI7O8CSfbw==',
+  QQ_NUM: 'fC+oD3sh',
+  REPO_PREFIX: 'qqsa3fWHf6f/8ge7bw==',
+  REPO: 'KH7uUzp1tFggerUPfCWvCHY4/Us7JftLJg==',
+  PIC_PREFIX: 'qowk3MaQcpzJ/jiqqa0K3uujug==',
+  PIC_URL: 'J2PuSzwttRQ4YO0VP375CS5n8xUsePc=',
+  PIC_TEXT: 'P375CS5n8xUsePc=',
+  SEP: 'b9UtGw==',
+}
+
+// 缓存
+let _cache: Record<string, string> | null = null
+function _all(): Record<string, string> {
+  if (_cache) return _cache
+  const out: Record<string, string> = {}
+  for (const k of Object.keys(_F)) out[k] = _d((_F as Record<string, string>)[k])
+  _cache = out
+  return out
+}
+
+export interface BrandParts {
+  brand: string
+  qq: string
+  qqLabel: string
+  repo: string
+  repoLabel: string
+  picUrl: string
+  picText: string
+  picLabel: string
+  sep: string
+}
+
+export function brandParts(): BrandParts {
+  const p = _all()
+  return {
+    brand: p.BRAND,
+    qq: p.QQ_NUM,
+    qqLabel: p.QQ_PREFIX,
+    repo: p.REPO,
+    repoLabel: p.REPO_PREFIX,
+    picUrl: p.PIC_URL,
+    picText: p.PIC_TEXT,
+    picLabel: p.PIC_PREFIX,
+    sep: p.SEP,
+  }
+}
+
+// 纯文本广告(console 水印 / 老浏览器回退)
+export function brandPlainText(): string {
+  const p = brandParts()
+  return [
+    p.brand,
+    p.qqLabel + p.qq,
+    p.repoLabel + p.repo,
+    p.picLabel + p.picText,
+  ].join(p.sep)
+}
+
+// 控制台水印:启动一次,顺带多一处署名
+let _warned = false
+export function printBrandToConsole(): void {
+  if (_warned) return
+  _warned = true
+  try {
+    const p = brandParts()
+    // eslint-disable-next-line no-console
+    console.log(
+      `%c${p.brand}%c  ${p.qqLabel}${p.qq}  ${p.sep}  ${p.repoLabel}https://${p.repo}  ${p.sep}  ${p.picLabel}${p.picUrl}`,
+      'font-weight:700;color:#409eff;font-size:13px;',
+      'color:#909399;font-size:12px;',
+    )
+  } catch {
+    /* ignore */
+  }
+}
+
+// 简单完整性检查:确保 footer DOM 里包含 QQ 号、仓库地址、pic2api 三个关键片段;
+// 被删除时 1.5s 后自动重建一个沉底 div(最后的签名防线)。
+let _guardStarted = false
+export function startBrandGuard(): void {
+  if (_guardStarted || typeof window === 'undefined') return
+  _guardStarted = true
+  const check = () => {
+    try {
+      const p = brandParts()
+      const html = document.body?.innerText || ''
+      const ok =
+        html.indexOf(p.qq) >= 0 && html.indexOf(p.repo) >= 0 && html.indexOf(p.picText) >= 0
+      if (!ok) ensureShadowFooter()
+    } catch {
+      /* ignore */
+    }
+  }
+  // 页面挂载后 2s + 之后每 30s 巡检一次
+  setTimeout(check, 2000)
+  setInterval(check, 30000)
+}
+
+function ensureShadowFooter(): void {
+  const id = '__gpt2api_brand_guard__'
+  if (document.getElementById(id)) return
+  const p = brandParts()
+  const el = document.createElement('div')
+  el.id = id
+  el.style.cssText = [
+    'position:fixed',
+    'left:0',
+    'right:0',
+    'bottom:0',
+    'z-index:2147483646',
+    'padding:6px 16px',
+    'font-size:12px',
+    'line-height:1.6',
+    'color:#909399',
+    'background:rgba(255,255,255,0.92)',
+    'backdrop-filter:blur(6px)',
+    'border-top:1px solid rgba(0,0,0,0.06)',
+    'text-align:center',
+    'pointer-events:auto',
+  ].join(';')
+  el.innerHTML = [
+    `<b style="color:#409eff">${escapeHtml(p.brand)}</b>`,
+    `${escapeHtml(p.qqLabel)}<a href="https://qm.qq.com/q/${encodeURIComponent(p.qq)}" target="_blank" rel="noopener" style="color:#409eff;text-decoration:none">${escapeHtml(p.qq)}</a>`,
+    `${escapeHtml(p.repoLabel)}<a href="https://${encodeURIComponent(p.repo).replace(/%2F/g, '/')}" target="_blank" rel="noopener" style="color:#409eff;text-decoration:none">${escapeHtml(p.repo)}</a>`,
+    `${escapeHtml(p.picLabel)}<a href="${escapeHtml(p.picUrl)}" target="_blank" rel="noopener" style="color:#67c23a;text-decoration:none">${escapeHtml(p.picText)}</a>`,
+  ].join(escapeHtml(p.sep))
+  document.body.appendChild(el)
+}
+
+function escapeHtml(s: string): string {
+  return s
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+}
diff --git a/web/src/utils/format.ts b/web/src/utils/format.ts
new file mode 100644
index 00000000..77a4589f
--- /dev/null
+++ b/web/src/utils/format.ts
@@ -0,0 +1,116 @@
+/**
+ * 后端 credit 单位是"厘"(1 积分 = 10000 厘,方便做 token 等浮点成本)。
+ * 展示时统一转成 2 位小数的"积分"。
+ */
+export const CREDITS_PER_UNIT = 10_000
+
+export function formatCredit(v: number | null | undefined): string {
+  if (v == null) return '0'
+  const n = Number(v) / CREDITS_PER_UNIT
+  if (!Number.isFinite(n)) return '0'
+  return n.toFixed(2)
+}
+
+/** 单位:bytes → "xx.x MB" */
+export function formatBytes(b: number | null | undefined): string {
+  if (!b) return '0 B'
+  const units = ['B', 'KB', 'MB', 'GB', 'TB']
+  let v = b
+  let i = 0
+  while (v >= 1024 && i < units.length - 1) {
+    v /= 1024
+    i++
+  }
+  return `${v.toFixed(i === 0 ? 0 : 1)} ${units[i]}`
+}
+
+export function formatDateTime(v: string | { Time: string; Valid: boolean } | null | undefined): string {
+  if (!v) return '-'
+  const s = typeof v === 'string' ? v : v.Valid ? v.Time : ''
+  if (!s || s.startsWith('0001-')) return '-'
+  // 后端通常返回 RFC3339,裁剪成 YYYY-MM-DD HH:mm:ss
+  const d = new Date(s)
+  if (isNaN(d.getTime())) return s
+  const pad = (n: number) => String(n).padStart(2, '0')
+  return `${d.getFullYear()}-${pad(d.getMonth() + 1)}-${pad(d.getDate())} ${pad(d.getHours())}:${pad(d.getMinutes())}:${pad(d.getSeconds())}`
+}
+
+/**
+ * 紧凑时间格式:MM-DD HH:mm (不显示年份和秒,适合列表类展示)。
+ * 跨年的时间仍然按月-日展示,这个在后台审计 / 账号池等场景够用。
+ */
+export function formatDateShort(v: string | { Time: string; Valid: boolean } | null | undefined): string {
+  if (!v) return '-'
+  const s = typeof v === 'string' ? v : v.Valid ? v.Time : ''
+  if (!s || s.startsWith('0001-')) return '-'
+  const d = new Date(s)
+  if (isNaN(d.getTime())) return s
+  const pad = (n: number) => String(n).padStart(2, '0')
+  return `${pad(d.getMonth() + 1)}-${pad(d.getDate())} ${pad(d.getHours())}:${pad(d.getMinutes())}`
+}
+
+/** 后端 NullString/NullTime 的 Peel。兼容已经被序列化成裸字符串的情况。 */
+export function nullVal(
+  v: string | { Valid: boolean; String?: string; Time?: string } | null | undefined,
+): string {
+  if (v == null) return ''
+  if (typeof v === 'string') return v
+  if (!v.Valid) return ''
+  return v.String ?? v.Time ?? ''
+}
+
+/**
+ * 把网关 / 计费 / 上游返回的英文 error_code 翻译成中文提示。
+ *
+ * 英文 code 是稳定的机器标识(写进 DB / 返回给 OpenAI 客户端,不会改动),
+ * 前端在展示时做一次映射,人类可读。
+ */
+const ERROR_CODE_LABEL: Record<string, string> = {
+  // 计费/余额
+  insufficient_balance: '积分不足',
+  billing_error: '计费异常',
+
+  // 限流
+  rate_limit_rpm: '触发每分钟请求数限制 (RPM)',
+  rate_limit_tpm: '触发每分钟 Token 限制 (TPM)',
+  rate_limited: '请求过于频繁,稍后再试',
+  rpm_limit: '触发每分钟请求数限制 (RPM)',
+  tpm_limit: '触发每分钟 Token 限制 (TPM)',
+
+  // 模型权限/类型
+  model_not_allowed: '当前 Key 无权调用该模型',
+  model_not_found: '模型不存在或已下架',
+  model_disabled: '该模型已被禁用',
+  model_type_mismatch: '模型类型不匹配(如对话模型用于生图)',
+
+  // 请求校验
+  invalid_request_error: '请求参数有误',
+  invalid_request: '请求参数有误',
+  unauthorized: '未授权或 API Key 无效',
+  forbidden: '无权访问',
+  key_disabled: 'API Key 已被停用',
+  key_expired: 'API Key 已过期',
+  quota_exceeded: 'API Key 配额已用完',
+
+  // 功能未开启
+  image_not_wired: '图片能力未接入,请联系管理员',
+  feature_disabled: '该功能已被管理员关闭',
+
+  // 上游
+  upstream_error: '上游服务返回错误',
+  upstream_timeout: '上游响应超时',
+  upstream_unavailable: '上游暂不可用',
+  account_exhausted: '账号池暂无可用账号,请稍后重试',
+  account_cooldown: '账号冷却中,请稍后重试',
+  proxy_unhealthy: '代理不健康',
+
+  // 其它
+  internal_error: '服务器内部错误',
+  canceled: '请求已取消',
+}
+
+/** 已翻译的错误码展示(未命中时原样返回,方便排障)。 */
+export function formatErrorCode(code?: string | null): string {
+  if (!code) return ''
+  return ERROR_CODE_LABEL[code] || code
+}
diff --git a/web/src/version.ts b/web/src/version.ts
new file mode 100644
index 00000000..6def1fa4
--- /dev/null
+++ b/web/src/version.ts
@@ -0,0 +1,2 @@
+/** 应用版本号。每次发版 / git push 前在此处更新。 */
+export const APP_VERSION = 'v1.1.0'
diff --git a/web/src/views/Error403.vue b/web/src/views/Error403.vue
new file mode 100644
index 00000000..83e72cc6
--- /dev/null
+++ b/web/src/views/Error403.vue
@@ -0,0 +1,16 @@
+<script setup lang="ts">
+import { useRouter } from 'vue-router'
+const router = useRouter()
+</script>
+<template>
+  <div class="err-page">
+    <el-result icon="error" title="403" sub-title="你当前的角色没有访问此页面的权限。">
+      <template #extra>
+        <el-button @click="router.replace('/personal/dashboard')">回到个人中心</el-button>
+      </template>
+    </el-result>
+  </div>
+</template>
+<style scoped>
+.err-page{min-height:100vh;display:flex;align-items:center;justify-content:center;}
+</style>
diff --git a/web/src/views/Error404.vue b/web/src/views/Error404.vue
new file mode 100644
index 00000000..665d67e9
--- /dev/null
+++ b/web/src/views/Error404.vue
@@ -0,0 +1,16 @@
+<script setup lang="ts">
+import { useRouter } from 'vue-router'
+const router = useRouter()
+</script>
+<template>
+  <div class="err-page">
+    <el-result icon="warning" title="404" sub-title="页面不存在,或你没有访问它的权限。">
+      <template #extra>
+        <el-button type="primary" @click="router.replace('/')">返回首页</el-button>
+      </template>
+    </el-result>
+  </div>
+</template>
+<style scoped>
+.err-page{min-height:100vh;display:flex;align-items:center;justify-content:center;}
+</style>
diff --git a/web/src/views/admin/Accounts.vue b/web/src/views/admin/Accounts.vue
new file mode 100644
index 00000000..006ffac5
--- /dev/null
+++ b/web/src/views/admin/Accounts.vue
@@ -0,0 +1,1436 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted, computed } from 'vue'
+import { ElMessage, ElMessageBox, ElNotification } from 'element-plus'
+import { Upload } from '@element-plus/icons-vue'
+import * as accountApi from '@/api/accounts'
+import * as proxyApi from '@/api/proxies'
+import { formatDateShort } from '@/utils/format'
+
+// ========== 列表 & 筛选 ==========
+const loading = ref(false)
+const filter = reactive<{ status?: string; keyword?: string }>({ status: '', keyword: '' })
+const rows = ref<accountApi.Account[]>([])
+const total = ref(0)
+const pager = reactive({ page: 1, page_size: 10 })
+const proxies = ref<proxyApi.Proxy[]>([])
+
+async function fetchList() {
+  loading.value = true
+  try {
+    const data = await accountApi.listAccounts({
+      page: pager.page,
+      page_size: pager.page_size,
+      status: filter.status || undefined,
+      keyword: filter.keyword || undefined,
+    })
+    rows.value = data.list || []
+    total.value = data.total || 0
+  } catch (e: any) {
+    ElMessage.error(e?.message || '加载失败')
+  } finally {
+    loading.value = false
+  }
+}
+
+async function fetchProxies() {
+  try {
+    const d = await proxyApi.listProxies({ page: 1, page_size: 500 })
+    proxies.value = (d.list || []).filter((p) => p.enabled)
+  } catch {
+    /* noop */
+  }
+}
+
+function onSearch() {
+  pager.page = 1
+  fetchList()
+}
+function onReset() {
+  filter.status = ''
+  filter.keyword = ''
+  pager.page = 1
+  fetchList()
+}
+
+// ========== 自动刷新开关 ==========
+const autoRefreshEnabled = ref(false)
+const autoRefreshSaving = ref(false)
+
+async function loadAutoRefresh() {
+  try {
+    const cfg = await accountApi.getAutoRefresh()
+    autoRefreshEnabled.value = !!cfg.enabled
+  } catch {
+    /* noop */
+  }
+}
+async function onToggleAutoRefresh(val: boolean | string | number) {
+  const enabled = !!val
+  autoRefreshSaving.value = true
+  try {
+    await accountApi.setAutoRefresh(enabled)
+    autoRefreshEnabled.value = enabled
+    ElMessage.success(
+      enabled
+        ? '已开启自动刷新:AT 距离过期 < 1 天时自动续期,失效/可疑账号不刷新'
+        : '已关闭自动刷新',
+    )
+  } catch (e: any) {
+    // 回滚 UI
+    autoRefreshEnabled.value = !enabled
+    ElMessage.error(e?.message || '保存失败')
+  } finally {
+    autoRefreshSaving.value = false
+  }
+}
+
+// ========== 批量删除 ==========
+const BULK_DELETE_LABELS: Record<string, string> = {
+  dead:       '失效账号',
+  suspicious: '可疑 / 已封账号',
+  warned:     '风险账号',
+  throttled:  '限流账号',
+  all:        '全部账号',
+}
+async function onBulkDelete(scope: accountApi.BulkDeleteScope) {
+  const label = BULK_DELETE_LABELS[scope] || scope
+  try {
+    await ElMessageBox.confirm(
+      `确认将「${label}」全部删除?此操作会软删所有匹配条目,不可在当前界面恢复。`,
+      scope === 'all' ? '⚠ 删除全部账号' : '批量删除',
+      {
+        confirmButtonText: '删除',
+        cancelButtonText: '取消',
+        type: scope === 'all' ? 'error' : 'warning',
+      },
+    )
+  } catch { return }
+  try {
+    const r = await accountApi.bulkDeleteAccounts(scope)
+    ElMessage.success(`已删除 ${r.deleted} 个账号`)
+    pager.page = 1
+    fetchList()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '删除失败')
+  }
+}
+
+// ========== 日期工具(兼容 sql.NullTime 返回形态) ==========
+function asDate(v: any): string {
+  if (!v) return ''
+  if (typeof v === 'string') return v
+  if (typeof v === 'object') {
+    if ('Valid' in v && !v.Valid) return ''
+    if ('Time' in v) return v.Time
+  }
+  return ''
+}
+function fmtTime(v: any) {
+  const s = asDate(v)
+  return s ? formatDateShort(s) : '-'
+}
+
+// ========== 状态/类型展示 ==========
+type TagType = 'success' | 'warning' | 'info' | 'danger' | 'primary'
+const statusMap: Record<string, { label: string; type: TagType }> = {
+  healthy:    { label: '健康',   type: 'success' },
+  warned:     { label: '风险',   type: 'warning' },
+  throttled:  { label: '限流',   type: 'warning' },
+  suspicious: { label: '可疑',   type: 'info'    },
+  dead:       { label: '失效',   type: 'danger'  },
+}
+function statusText(s: string): string { return statusMap[s]?.label || s || '-' }
+function statusType(s: string): TagType { return statusMap[s]?.type || 'info' }
+
+function typeLabel(t: string) {
+  const map: Record<string, string> = { codex: 'Codex', chatgpt: 'ChatGPT', openai: 'OpenAI' }
+  return map[t] || t || '-'
+}
+
+// ========== 即将过期高亮 ==========
+function expiresClass(v: any): string {
+  const s = asDate(v)
+  if (!s) return 'muted'
+  const t = new Date(s).getTime()
+  if (Number.isNaN(t)) return 'muted'
+  const diffMin = (t - Date.now()) / 60000
+  if (diffMin < 0) return 'err'
+  if (diffMin < 30) return 'warn'
+  return ''
+}
+
+// ========== 新建 / 编辑 ==========
+const dlg = ref(false)
+const isEdit = ref(false)
+const submitting = ref(false)
+const formDefault = {
+  id: 0,
+  email: '',
+  auth_token: '',
+  refresh_token: '',
+  session_token: '',
+  token_expires_at: '',
+  oai_session_id: '',
+  oai_device_id: '',
+  client_id: 'app_EMoamEEZ73f0CkXaXp7hrann',
+  chatgpt_account_id: '',
+  account_type: 'codex',
+  plan_type: 'plus',
+  daily_image_quota: 100,
+  notes: '',
+  cookies: '',
+  proxy_id: 0,
+  status: 'healthy',
+}
+const form = reactive({ ...formDefault })
+
+function openCreate() {
+  isEdit.value = false
+  Object.assign(form, { ...formDefault })
+  dlg.value = true
+}
+
+const secretsLoading = ref(false)
+
+async function openEdit(row: accountApi.Account) {
+  isEdit.value = true
+  Object.assign(form, {
+    id: row.id,
+    email: row.email,
+    auth_token: '',
+    refresh_token: '',
+    session_token: '',
+    token_expires_at: asDate(row.token_expires_at),
+    oai_session_id: row.oai_session_id || '',
+    oai_device_id: row.oai_device_id || '',
+    client_id: row.client_id || formDefault.client_id,
+    chatgpt_account_id: row.chatgpt_account_id || '',
+    account_type: row.account_type || 'codex',
+    plan_type: row.plan_type || 'plus',
+    daily_image_quota: row.daily_image_quota || 100,
+    notes: row.notes || '',
+    cookies: '',
+    proxy_id: 0,
+    status: row.status || 'healthy',
+  })
+  dlg.value = true
+  // 异步拉取 AT / RT / ST 明文并回填,方便查看/修改
+  secretsLoading.value = true
+  try {
+    const s = await accountApi.getAccountSecrets(row.id)
+    form.auth_token    = s.auth_token    || ''
+    form.refresh_token = s.refresh_token || ''
+    form.session_token = s.session_token || ''
+  } catch (e: any) {
+    ElMessage.warning('未能加载 AT/RT/ST 明文,留空即不修改')
+  } finally {
+    secretsLoading.value = false
+  }
+}
+
+async function copyText(text: string, label: string) {
+  if (!text) { ElMessage.info('内容为空'); return }
+  try {
+    await navigator.clipboard.writeText(text)
+    ElMessage.success(`${label} 已复制`)
+  } catch {
+    ElMessage.error('复制失败,请手动选中复制')
+  }
+}
+
+async function submitForm() {
+  if (!form.email) { ElMessage.warning('请输入邮箱'); return }
+  submitting.value = true
+  try {
+    if (!isEdit.value) {
+      if (!form.auth_token) { ElMessage.warning('新建账号必须提供 access_token'); submitting.value = false; return }
+      // 过期时间选填:空字符串不要带上,后端 time.Time 不接受 ""。
+      // 不传时后端会自动从 AT(JWT)里的 exp 字段解析。
+      const createBody: any = { ...form }
+      if (!createBody.token_expires_at) delete createBody.token_expires_at
+      await accountApi.createAccount(createBody)
+      ElMessage.success('创建成功')
+    } else {
+      const body: any = {
+        email: form.email,
+        plan_type: form.plan_type,
+        daily_image_quota: form.daily_image_quota,
+        client_id: form.client_id,
+        chatgpt_account_id: form.chatgpt_account_id,
+        account_type: form.account_type,
+        notes: form.notes,
+        status: form.status,
+      }
+      if (form.auth_token)    body.auth_token    = form.auth_token
+      if (form.refresh_token) body.refresh_token = form.refresh_token
+      if (form.session_token) body.session_token = form.session_token
+      if (form.cookies)       body.cookies       = form.cookies
+      if (form.token_expires_at) body.token_expires_at = form.token_expires_at
+      await accountApi.updateAccount(form.id, body)
+      ElMessage.success('更新成功')
+    }
+    dlg.value = false
+    await fetchList()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '提交失败')
+  } finally {
+    submitting.value = false
+  }
+}
+
+async function onDelete(row: accountApi.Account) {
+  try {
+    await ElMessageBox.confirm(`确定删除账号「${row.email}」?该操作不可恢复。`, '删除确认', {
+      confirmButtonText: '删除', cancelButtonText: '取消', type: 'warning',
+    })
+  } catch { return }
+  try {
+    await accountApi.deleteAccount(row.id)
+    ElMessage.success('已删除')
+    fetchList()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '删除失败')
+  }
+}
+
+// ========== 绑定代理 ==========
+const bindDlg = ref(false)
+const bindForm = reactive({ id: 0, email: '', proxy_id: 0 })
+function openBind(row: accountApi.Account) {
+  bindForm.id = row.id
+  bindForm.email = row.email
+  bindForm.proxy_id = 0
+  bindDlg.value = true
+}
+async function submitBind() {
+  try {
+    if (bindForm.proxy_id > 0) {
+      await accountApi.bindProxy(bindForm.id, bindForm.proxy_id)
+      ElMessage.success('已绑定代理')
+    } else {
+      await accountApi.unbindProxy(bindForm.id)
+      ElMessage.success('已解绑')
+    }
+    bindDlg.value = false
+    fetchList()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '操作失败')
+  }
+}
+
+// ========== 刷新 / 探测(单条) ==========
+const refreshingIds = ref<Set<number>>(new Set())
+const probingIds = ref<Set<number>>(new Set())
+
+async function onRefreshOne(row: accountApi.Account) {
+  refreshingIds.value.add(row.id)
+  try {
+    const r = await accountApi.refreshAccount(row.id)
+    if (r.ok) {
+      if (r.at_verified === false) {
+        // RT 刷成功但新 AT 没通过 chatgpt.com web 校验,提示用户
+        ElMessage.warning(
+          `刷新成功(来源:${r.source.toUpperCase()}),但新 AT 未通过 chatgpt.com 校验,可能无法用于聊天/图像接口`
+        )
+      } else {
+        ElMessage.success(`刷新成功(来源:${r.source.toUpperCase()})`)
+      }
+    } else if (r.web_unauthorized) {
+      ElMessage.error(
+        r.error || 'RT 换出的 AT 被 chatgpt.com 拒绝,请为该账号补充 Session Token'
+      )
+    } else {
+      ElMessage.error(r.error || '刷新失败')
+    }
+    fetchList()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '刷新失败')
+  } finally {
+    refreshingIds.value.delete(row.id)
+  }
+}
+async function onProbeOne(row: accountApi.Account) {
+  probingIds.value.add(row.id)
+  try {
+    const r = await accountApi.probeAccountQuota(row.id)
+    if (r.ok) {
+      const parts: string[] = [`生图剩余 ${r.remaining}`]
+      if (r.default_model) parts.push(`模型 ${r.default_model}`)
+      if (r.blocked_features && r.blocked_features.length) {
+        parts.push(`受限:${r.blocked_features.join(',')}`)
+      }
+      ElMessage.success(parts.join(' · '))
+    } else {
+      ElMessage.error(r.error || '探测失败')
+    }
+    fetchList()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '探测失败')
+  } finally {
+    probingIds.value.delete(row.id)
+  }
+}
+
+// ========== 全部刷新 / 全部探测 ==========
+const batchRunning = ref<'none' | 'refresh' | 'probe'>('none')
+
+async function onRefreshAll() {
+  if (total.value === 0) { ElMessage.info('暂无账号'); return }
+  try {
+    await ElMessageBox.confirm(`将并发刷新全部账号(共 ${total.value} 个),可能耗时较久,是否继续?`, '批量刷新', {
+      confirmButtonText: '开始', cancelButtonText: '取消',
+    })
+  } catch { return }
+  batchRunning.value = 'refresh'
+  try {
+    const r = await accountApi.refreshAllAccounts()
+    ElNotification.success({
+      title: '批量刷新完成',
+      message: `成功 ${r.success} · 失败 ${r.failed} · 合计 ${r.total}`,
+      duration: 4000,
+    })
+    fetchList()
+    loadQuotaSummary()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '刷新失败')
+  } finally {
+    batchRunning.value = 'none'
+  }
+}
+
+async function onProbeAll() {
+  if (total.value === 0) { ElMessage.info('暂无账号'); return }
+  try {
+    await ElMessageBox.confirm(`将并发探测全部账号的图片额度(共 ${total.value} 个)?`, '批量探测', {
+      confirmButtonText: '开始', cancelButtonText: '取消',
+    })
+  } catch { return }
+  batchRunning.value = 'probe'
+  try {
+    const r = await accountApi.probeAllAccountsQuota()
+    ElNotification.success({
+      title: '批量探测完成',
+      message: `成功 ${r.success} · 失败 ${r.failed} · 合计 ${r.total}`,
+      duration: 4000,
+    })
+    fetchList()
+    loadQuotaSummary()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '探测失败')
+  } finally {
+    batchRunning.value = 'none'
+  }
+}
+
+// ========== 批量导入(多文件 + 分批) ==========
+// 4 种模式:
+//   - json: 文件/JSON 文本,原有行为
+//   - at:   一行一个 access_token
+//   - rt:   一行一个 refresh_token,必须提供 APPID(client_id)
+//   - st:   一行一个 session_token
+type ImportMode = 'json' | 'at' | 'rt' | 'st'
+const importDlg = ref(false)
+const importMode = ref<ImportMode>('json')
+const importForm = reactive({
+  files: [] as File[],
+  text: '',
+  tokens_text: '',
+  update_existing: true,
+  default_client_id: 'app_EMoamEEZ73f0CkXaXp7hrann',
+  default_proxy_id: 0,
+})
+const importing = ref(false)
+const importProgress = reactive({
+  running: false,
+  current: 0,
+  totalBatches: 0,
+  created: 0,
+  updated: 0,
+  skipped: 0,
+  failed: 0,
+})
+const importResult = ref<accountApi.ImportSummary | null>(null)
+const importLastErrors = ref<accountApi.ImportLineResult[]>([])
+
+function openImport() {
+  importMode.value = 'json'
+  importForm.files = []
+  importForm.text = ''
+  importForm.tokens_text = ''
+  importForm.update_existing = true
+  importForm.default_client_id = 'app_EMoamEEZ73f0CkXaXp7hrann'
+  importForm.default_proxy_id = 0
+  importResult.value = null
+  importLastErrors.value = []
+  importProgress.running = false
+  importProgress.current = 0
+  importProgress.totalBatches = 0
+  importProgress.created = 0
+  importProgress.updated = 0
+  importProgress.skipped = 0
+  importProgress.failed = 0
+  importDlg.value = true
+}
+
+// 当前 tokens 模式下,每行 token 的数量预览
+const tokenLineCount = computed(() => {
+  if (importMode.value === 'json') return 0
+  return importForm.tokens_text
+    .split(/\r?\n/)
+    .map((s) => s.trim())
+    .filter(Boolean).length
+})
+
+function onPickFiles(e: Event) {
+  const input = e.target as HTMLInputElement
+  if (!input.files) return
+  const arr = Array.from(input.files)
+  importForm.files.push(...arr)
+  input.value = ''
+}
+function onDropFiles(e: DragEvent) {
+  e.preventDefault()
+  if (!e.dataTransfer) return
+  const arr = Array.from(e.dataTransfer.files).filter((f) => f.name.endsWith('.json') || f.name.endsWith('.txt'))
+  importForm.files.push(...arr)
+}
+function removeFile(i: number) {
+  importForm.files.splice(i, 1)
+}
+function clearFiles() {
+  importForm.files = []
+}
+
+const totalFileSize = computed(() => importForm.files.reduce((s, f) => s + f.size, 0))
+function humanSize(n: number) {
+  if (n < 1024) return n + ' B'
+  if (n < 1024 * 1024) return (n / 1024).toFixed(1) + ' KB'
+  return (n / 1024 / 1024).toFixed(2) + ' MB'
+}
+
+/**
+ * 前端分批:
+ *   - 一批最多 BATCH_FILES 个文件或 BATCH_BYTES 字节,两者取先到者
+ *   - 每批通过 multipart 上传,后端会解析并 upsert
+ *   - 每批完成后更新进度,并 yield 事件循环
+ * 选 10000 个文件时会自动切分 ~50 批,每批 ~200 个
+ */
+const BATCH_FILES = 200
+const BATCH_BYTES = 8 * 1024 * 1024 // 8MB
+
+async function doImport() {
+  importLastErrors.value = []
+  importResult.value = null
+
+  // 情况 0:AT/RT/ST 纯 token 模式
+  if (importMode.value !== 'json') {
+    const mode = importMode.value
+    const tokens = importForm.tokens_text
+      .split(/\r?\n/)
+      .map((s) => s.trim())
+      .filter(Boolean)
+    if (tokens.length === 0) {
+      ElMessage.warning('请粘贴 token,每行一个')
+      return
+    }
+    if (mode === 'rt' && !importForm.default_client_id.trim()) {
+      ElMessage.warning('RT 模式必须填写 APPID(client_id)')
+      return
+    }
+    if ((mode === 'rt' || mode === 'st') && !importForm.default_proxy_id) {
+      try {
+        await ElMessageBox.confirm(
+          `${mode.toUpperCase()} 模式需要访问 chatgpt.com / auth.openai.com 换取 AT。未选择代理时会直连,国内网络大概率失败。确认继续吗?`,
+          '建议选一个代理',
+          { confirmButtonText: '继续直连', cancelButtonText: '取消', type: 'warning' },
+        )
+      } catch {
+        return
+      }
+    }
+    importing.value = true
+    importProgress.running = true
+    importProgress.current = 0
+    importProgress.totalBatches = 1
+    try {
+      const r = await accountApi.importAccountsTokens({
+        mode,
+        tokens,
+        client_id: importForm.default_client_id.trim() || undefined,
+        update_existing: importForm.update_existing,
+        default_proxy_id: importForm.default_proxy_id || undefined,
+      })
+      mergeSummary(r)
+      importResult.value = cloneAgg()
+      importLastErrors.value = r.results
+        .filter((x) => x.status === 'failed' || x.status === 'skipped')
+        .slice(0, 200)
+      const tip = `${mode.toUpperCase()} 导入完成:+${r.created} / ~${r.updated} / 跳过${r.skipped} / 失败${r.failed}`
+      if (r.failed > 0) ElNotification.warning({ title: '批量导入完成(部分失败)', message: tip })
+      else ElMessage.success(tip)
+    } catch (e: any) {
+      ElMessage.error(e?.message || '导入失败')
+    } finally {
+      importing.value = false
+      importProgress.running = false
+      fetchList()
+    }
+    return
+  }
+
+  // 情况一:纯文本导入(JSON 模式)
+  if (importForm.files.length === 0) {
+    if (!importForm.text.trim()) { ElMessage.warning('请选择 JSON 文件或粘贴 JSON 文本'); return }
+    importing.value = true
+    importProgress.running = true
+    importProgress.current = 0
+    importProgress.totalBatches = 1
+    try {
+      const r = await accountApi.importAccountsJSON({
+        text: importForm.text,
+        update_existing: importForm.update_existing,
+        default_client_id: importForm.default_client_id || undefined,
+        default_proxy_id: importForm.default_proxy_id || undefined,
+      })
+      mergeSummary(r)
+      importResult.value = cloneAgg()
+      importLastErrors.value = r.results.filter((x) => x.status === 'failed' || x.status === 'skipped').slice(0, 200)
+      ElMessage.success(`导入完成:+${r.created} / ~${r.updated} / 跳过${r.skipped} / 失败${r.failed}`)
+    } catch (e: any) {
+      ElMessage.error(e?.message || '导入失败')
+    } finally {
+      importing.value = false
+      importProgress.running = false
+      fetchList()
+    }
+    return
+  }
+
+  // 情况二:多文件分批
+  const batches: File[][] = []
+  let curBatch: File[] = []
+  let curBytes = 0
+  for (const f of importForm.files) {
+    if ((curBatch.length >= BATCH_FILES) || (curBytes + f.size > BATCH_BYTES && curBatch.length > 0)) {
+      batches.push(curBatch)
+      curBatch = []
+      curBytes = 0
+    }
+    curBatch.push(f)
+    curBytes += f.size
+  }
+  if (curBatch.length) batches.push(curBatch)
+
+  importing.value = true
+  importProgress.running = true
+  importProgress.current = 0
+  importProgress.totalBatches = batches.length
+  importProgress.created = 0
+  importProgress.updated = 0
+  importProgress.skipped = 0
+  importProgress.failed = 0
+  const errList: accountApi.ImportLineResult[] = []
+
+  try {
+    for (let i = 0; i < batches.length; i++) {
+      const b = batches[i]
+      try {
+        const r = await accountApi.importAccountsFiles(b, {
+          update_existing: importForm.update_existing,
+          default_client_id: importForm.default_client_id || undefined,
+          default_proxy_id: importForm.default_proxy_id || undefined,
+        })
+        mergeSummary(r)
+        for (const it of r.results) {
+          if ((it.status === 'failed' || it.status === 'skipped') && errList.length < 500) {
+            errList.push(it)
+          }
+        }
+      } catch (e: any) {
+        importProgress.failed += b.length
+        errList.push({ index: i, email: `[批次#${i + 1}]`, status: 'failed', reason: e?.message || '上传失败' })
+      }
+      importProgress.current = i + 1
+      // 让出事件循环,避免阻塞 UI
+      await new Promise((r) => setTimeout(r, 0))
+    }
+    importResult.value = cloneAgg()
+    importLastErrors.value = errList
+    ElNotification.success({
+      title: '批量导入完成',
+      message: `+${importProgress.created}  ~${importProgress.updated}  跳过 ${importProgress.skipped}  失败 ${importProgress.failed}`,
+      duration: 5000,
+    })
+  } finally {
+    importing.value = false
+    importProgress.running = false
+    fetchList()
+  }
+}
+
+function mergeSummary(r: accountApi.ImportSummary) {
+  importProgress.created += r.created
+  importProgress.updated += r.updated
+  importProgress.skipped += r.skipped
+  importProgress.failed  += r.failed
+}
+function cloneAgg(): accountApi.ImportSummary {
+  return {
+    total:   importProgress.created + importProgress.updated + importProgress.skipped + importProgress.failed,
+    created: importProgress.created,
+    updated: importProgress.updated,
+    skipped: importProgress.skipped,
+    failed:  importProgress.failed,
+    results: [],
+  }
+}
+
+// ========== 额度汇总 ==========
+const quotaSummary = ref<accountApi.QuotaSummary | null>(null)
+async function loadQuotaSummary() {
+  try {
+    quotaSummary.value = await accountApi.getQuotaSummary()
+  } catch { /* noop */ }
+}
+
+onMounted(() => {
+  fetchList()
+  fetchProxies()
+  loadAutoRefresh()
+  loadQuotaSummary()
+})
+</script>
+
+<template>
+  <div class="page-container">
+    <!-- 顶栏:标题 + 动作 -->
+    <div class="card-block hdr">
+      <div class="flex-between">
+        <div class="hdr-left">
+          <div style="display:flex;align-items:baseline;gap:12px;flex-wrap:wrap">
+            <h2 class="page-title" style="margin:0">GPT 账号池</h2>
+            <el-tag v-if="quotaSummary" type="success" size="small" style="font-size:13px">
+              当前剩余总额度&nbsp;<b>{{ quotaSummary.total_remaining }}</b>
+              &nbsp;/&nbsp;{{ quotaSummary.total_capacity }}
+              &nbsp;（{{ quotaSummary.active_accounts }} 个账号）
+            </el-tag>
+            <el-tag v-else type="info" size="small">额度统计加载中…</el-tag>
+          </div>
+          <div class="page-sub">
+            统一管理 ChatGPT Plus / Team / Codex 账号:JSON / AT / RT / ST 批量导入 · 自动刷新 · 图片额度探测 · 风控熔断轮转
+          </div>
+        </div>
+        <div class="actions">
+          <el-button :loading="batchRunning === 'probe'" :disabled="loading" @click="onProbeAll">
+            全部探测
+          </el-button>
+          <el-button :loading="batchRunning === 'refresh'" :disabled="loading" @click="onRefreshAll">
+            全部刷新
+          </el-button>
+          <el-dropdown trigger="click" @command="onBulkDelete">
+            <el-button>批量删除</el-button>
+            <template #dropdown>
+              <el-dropdown-menu>
+                <el-dropdown-item command="dead">删除失效账号</el-dropdown-item>
+                <el-dropdown-item command="suspicious">删除可疑/已封账号</el-dropdown-item>
+                <el-dropdown-item command="warned">删除风险账号</el-dropdown-item>
+                <el-dropdown-item command="throttled">删除限流账号</el-dropdown-item>
+                <el-dropdown-item divided command="all">
+                  <span style="color: var(--el-color-danger)">删除全部账号</span>
+                </el-dropdown-item>
+              </el-dropdown-menu>
+            </template>
+          </el-dropdown>
+          <el-button @click="openImport">批量导入</el-button>
+          <el-button type="primary" @click="openCreate">新建账号</el-button>
+        </div>
+      </div>
+    </div>
+
+    <!-- 筛选栏 -->
+    <div class="card-block">
+      <el-form :inline="true" size="default" class="filter-form" @submit.prevent="onSearch">
+        <el-form-item label="状态">
+          <el-select v-model="filter.status" placeholder="全部" clearable style="width: 140px">
+            <el-option label="全部" value="" />
+            <el-option label="健康" value="healthy" />
+            <el-option label="风险" value="warned" />
+            <el-option label="限流" value="throttled" />
+            <el-option label="可疑" value="suspicious" />
+            <el-option label="失效" value="dead" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="关键词">
+          <el-input
+            v-model="filter.keyword"
+            placeholder="邮箱 / 备注"
+            clearable
+            style="width: 260px"
+            @keyup.enter="onSearch"
+          />
+        </el-form-item>
+        <el-form-item>
+          <el-button type="primary" @click="onSearch">搜索</el-button>
+          <el-button @click="onReset">重置</el-button>
+        </el-form-item>
+        <el-form-item class="auto-refresh-item">
+          <el-tooltip
+            placement="top"
+            content="开启后:AT 距离过期 < 1 天的账号会被后台自动续期;状态为「失效 / 可疑」的账号不会刷新"
+          >
+            <el-checkbox
+              v-model="autoRefreshEnabled"
+              :disabled="autoRefreshSaving"
+              @change="onToggleAutoRefresh"
+            >
+              自动刷新 AT
+              <span class="auto-refresh-hint">(&lt; 1 天过期时)</span>
+            </el-checkbox>
+          </el-tooltip>
+        </el-form-item>
+      </el-form>
+    </div>
+
+    <!-- 表格 -->
+    <div class="card-block">
+      <el-table
+        v-loading="loading" :data="rows" stripe size="default" row-key="id"
+        table-layout="auto" style="width: 100%"
+      >
+        <el-table-column label="邮箱" min-width="200" show-overflow-tooltip>
+          <template #default="{ row }">
+            <el-tooltip
+              v-if="row.notes"
+              placement="top"
+              :content="row.notes"
+            >
+              <span class="email">{{ row.email }}</span>
+            </el-tooltip>
+            <span v-else class="email">{{ row.email }}</span>
+          </template>
+        </el-table-column>
+        <el-table-column label="类型" width="76">
+          <template #default="{ row }">
+            <el-tag size="small" effect="plain">{{ typeLabel(row.account_type) }}</el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="状态" width="76">
+          <template #default="{ row }">
+            <el-tag :type="statusType(row.status)" size="small">{{ statusText(row.status) }}</el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="凭证" width="86">
+          <template #default="{ row }">
+            <div class="creds">
+              <el-tooltip content="存在 Refresh Token,可用 RT 自动刷新 AT" placement="top">
+                <el-tag :type="row.has_rt ? 'success' : 'info'" size="small" effect="plain">
+                  {{ row.has_rt ? 'RT' : '—' }}
+                </el-tag>
+              </el-tooltip>
+              <el-tooltip content="存在 Session Token,可用 ST 回退刷新" placement="top">
+                <el-tag :type="row.has_st ? 'success' : 'info'" size="small" effect="plain">
+                  {{ row.has_st ? 'ST' : '—' }}
+                </el-tag>
+              </el-tooltip>
+            </div>
+          </template>
+        </el-table-column>
+        <el-table-column label="AT 过期" min-width="148" show-overflow-tooltip>
+          <template #default="{ row }">
+            <span :class="expiresClass(row.token_expires_at)">{{ fmtTime(row.token_expires_at) }}</span>
+          </template>
+        </el-table-column>
+        <el-table-column label="生图剩余" width="96" align="center">
+          <template #default="{ row }">
+            <template v-if="row.image_quota_remaining >= 0">
+              <el-tooltip
+                placement="top"
+                :disabled="!asDate(row.image_quota_reset_at)"
+                :content="'下次重置:' + fmtTime(row.image_quota_reset_at)"
+              >
+                <span class="quota"><b>{{ row.image_quota_remaining }}</b></span>
+              </el-tooltip>
+            </template>
+            <span v-else class="muted">未探测</span>
+          </template>
+        </el-table-column>
+        <el-table-column label="今日已用 / 上限" width="150" align="center">
+          <template #default="{ row }">
+            <el-tooltip placement="top">
+              <template #content>
+                <div style="line-height:1.8">
+                  <div>今日已用:{{ row.today_used_count }} 张</div>
+                  <div>
+                    账号真实额度:<b>
+                      <template v-if="row.image_quota_total > 0">
+                        {{ row.image_quota_total }}
+                      </template>
+                      <template v-else>待探测</template>
+                    </b>
+                    <span v-if="row.image_quota_remaining >= 0" style="color:#a1a5ad">
+                      (剩余 {{ row.image_quota_remaining }})
+                    </span>
+                  </div>
+                  <div style="color:#a1a5ad">熔断阈值(仅用于停止派发):{{ row.daily_image_quota }} / 日</div>
+                  <div v-if="row.image_quota_total <= 0" style="color:#f5a623">
+                    首次探测约 5 小时内完成;额度=0 时会忽略间隔立即补测。
+                  </div>
+                </div>
+              </template>
+              <span class="quota">
+                <b>{{ row.today_used_count }}</b>
+                <span class="muted"> / </span>
+                <template v-if="row.image_quota_total > 0">
+                  <b>{{ row.image_quota_total }}</b>
+                </template>
+                <template v-else>
+                  <span class="muted" style="font-style:italic">待探测</span>
+                </template>
+              </span>
+            </el-tooltip>
+          </template>
+        </el-table-column>
+        <el-table-column label="最近刷新" min-width="148" show-overflow-tooltip>
+          <template #default="{ row }">
+            <div class="refresh-cell">
+              <span>{{ fmtTime(row.last_refresh_at) }}</span>
+              <el-tag
+                v-if="row.last_refresh_source"
+                size="small" effect="plain"
+                :type="row.last_refresh_source === 'rt' ? 'success' : 'warning'"
+              >{{ row.last_refresh_source.toUpperCase() }}</el-tag>
+            </div>
+            <el-tooltip
+              v-if="row.refresh_error"
+              placement="top"
+              :content="row.refresh_error"
+            >
+              <div class="err">{{ row.refresh_error }}</div>
+            </el-tooltip>
+          </template>
+        </el-table-column>
+        <el-table-column label="操作" width="240" fixed="right">
+          <template #default="{ row }">
+            <el-button
+              link type="primary" size="small"
+              :loading="refreshingIds.has(row.id)"
+              @click="onRefreshOne(row)"
+            >刷新</el-button>
+            <el-button
+              link type="primary" size="small"
+              :loading="probingIds.has(row.id)"
+              @click="onProbeOne(row)"
+            >探测</el-button>
+            <el-button link type="primary" size="small" @click="openBind(row)">代理</el-button>
+            <el-button link type="primary" size="small" @click="openEdit(row)">编辑</el-button>
+            <el-button link type="danger"  size="small" @click="onDelete(row)">删除</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+
+      <div class="pager">
+        <el-pagination
+          v-model:current-page="pager.page"
+          v-model:page-size="pager.page_size"
+          :total="total"
+          :page-sizes="[10, 20, 50, 100, 200, 500, 1000]"
+          layout="total, sizes, prev, pager, next, jumper"
+          @current-change="fetchList"
+          @size-change="fetchList"
+        />
+      </div>
+    </div>
+
+    <!-- 新建 / 编辑弹窗 -->
+    <el-dialog v-model="dlg" :title="isEdit ? '编辑账号' : '新建账号'" width="720px" destroy-on-close>
+      <el-form label-width="120px" size="default">
+        <el-form-item label="邮箱">
+          <el-input v-model="form.email" placeholder="user@example.com" />
+        </el-form-item>
+        <el-form-item label="账号类型">
+          <el-select v-model="form.account_type" style="width: 180px">
+            <el-option label="Codex" value="codex" />
+            <el-option label="ChatGPT" value="chatgpt" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="Access Token">
+          <div class="token-field">
+            <el-input
+              v-model="form.auth_token"
+              type="textarea" :rows="3"
+              :placeholder="isEdit
+                ? (secretsLoading ? '正在加载当前 AT……' : '当前为空,粘贴新的 access_token 可更新')
+                : '粘贴 access_token(必填)'"
+              spellcheck="false"
+            />
+            <el-button
+              v-if="isEdit"
+              size="small" link
+              :disabled="!form.auth_token"
+              @click="copyText(form.auth_token, 'Access Token')"
+            >复制</el-button>
+          </div>
+        </el-form-item>
+        <el-form-item label="Refresh Token">
+          <div class="token-field">
+            <el-input
+              v-model="form.refresh_token"
+              type="textarea" :rows="2"
+              :placeholder="isEdit
+                ? (secretsLoading ? '正在加载当前 RT……' : '该账号暂无 Refresh Token')
+                : '可选;有 RT 则支持自动刷新'"
+              spellcheck="false"
+            />
+            <el-button
+              v-if="isEdit"
+              size="small" link
+              :disabled="!form.refresh_token"
+              @click="copyText(form.refresh_token, 'Refresh Token')"
+            >复制</el-button>
+          </div>
+        </el-form-item>
+        <el-form-item label="Session Token">
+          <div class="token-field">
+            <el-input
+              v-model="form.session_token"
+              type="textarea" :rows="2"
+              :placeholder="isEdit
+                ? (secretsLoading ? '正在加载当前 ST……' : '该账号暂无 Session Token')
+                : '可选;__Secure-next-auth.session-token 的值'"
+              spellcheck="false"
+            />
+            <el-button
+              v-if="isEdit"
+              size="small" link
+              :disabled="!form.session_token"
+              @click="copyText(form.session_token, 'Session Token')"
+            >复制</el-button>
+          </div>
+        </el-form-item>
+        <el-form-item label="Token 过期时间">
+          <el-date-picker
+            v-model="form.token_expires_at"
+            type="datetime" format="YYYY-MM-DD HH:mm:ss" value-format="YYYY-MM-DDTHH:mm:ssZ"
+            placeholder="留空则从 JWT 自动解析"
+            style="width: 260px"
+          />
+        </el-form-item>
+        <el-form-item label="Client ID">
+          <el-input v-model="form.client_id" />
+        </el-form-item>
+        <el-form-item label="ChatGPT AccountID">
+          <el-input v-model="form.chatgpt_account_id" placeholder="可选;JSON 里有则自动填充" />
+        </el-form-item>
+        <el-form-item label="套餐">
+          <el-select v-model="form.plan_type" style="width: 180px">
+            <el-option label="Plus"  value="plus" />
+            <el-option label="Team"  value="team" />
+            <el-option label="Free"  value="free" />
+            <el-option label="Codex" value="codex" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="熔断阈值(每日)">
+          <el-input-number v-model="form.daily_image_quota" :min="0" :max="10000" />
+          <div style="font-size:12px; color:#909399; margin-top:4px; line-height:1.5">
+            仅用于"消耗超过此值自动暂停派发"。真实图片上限由系统每 5 小时自动探测一次,
+            填 100 只是兜底熔断线,**不会**覆盖探测到的真实额度。
+          </div>
+        </el-form-item>
+        <el-form-item v-if="isEdit" label="状态">
+          <el-select v-model="form.status" style="width: 180px">
+            <el-option label="健康"  value="healthy" />
+            <el-option label="风险"  value="warned" />
+            <el-option label="限流"  value="throttled" />
+            <el-option label="可疑"  value="suspicious" />
+            <el-option label="失效"  value="dead" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="备注">
+          <el-input v-model="form.notes" type="textarea" :rows="2" />
+        </el-form-item>
+        <el-form-item v-if="!isEdit" label="绑定代理">
+          <el-select v-model="form.proxy_id" clearable placeholder="不绑定" style="width: 100%">
+            <el-option :value="0" label="不绑定" />
+            <el-option
+              v-for="p in proxies"
+              :key="p.id"
+              :label="`#${p.id} ${p.remark || p.host}:${p.port}`"
+              :value="p.id"
+            />
+          </el-select>
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="dlg = false">取消</el-button>
+        <el-button type="primary" :loading="submitting" @click="submitForm">确定</el-button>
+      </template>
+    </el-dialog>
+
+    <!-- 绑定代理弹窗 -->
+    <el-dialog v-model="bindDlg" title="绑定代理" width="420px">
+      <div style="margin-bottom: 10px; color: var(--el-text-color-secondary)">
+        账号:<b>{{ bindForm.email }}</b>
+      </div>
+      <el-select v-model="bindForm.proxy_id" clearable placeholder="选择代理(留空=解绑)" style="width: 100%">
+        <el-option :value="0" label="不绑定 / 解绑" />
+        <el-option
+          v-for="p in proxies"
+          :key="p.id"
+          :label="`#${p.id} ${p.remark || p.host}:${p.port}`"
+          :value="p.id"
+        />
+      </el-select>
+      <template #footer>
+        <el-button @click="bindDlg = false">取消</el-button>
+        <el-button type="primary" @click="submitBind">确定</el-button>
+      </template>
+    </el-dialog>
+
+    <!-- 批量导入弹窗 -->
+    <el-dialog v-model="importDlg" title="批量导入账号" width="760px" destroy-on-close>
+      <!-- 模式 tab -->
+      <el-tabs v-model="importMode" class="import-tabs">
+        <el-tab-pane label="JSON 文件" name="json" />
+        <el-tab-pane label="Access Token" name="at" />
+        <el-tab-pane label="Refresh Token" name="rt" />
+        <el-tab-pane label="Session Token" name="st" />
+      </el-tabs>
+
+      <!-- JSON 模式 -->
+      <template v-if="importMode === 'json'">
+        <div class="tip">
+          支持两种 JSON:<b>sub2api-account-*.json</b>(多账号)与 <b>token_*.json</b>(单账号)。
+          可一次选择多个文件,前端会按每批 {{ BATCH_FILES }} 个文件 / {{ humanSize(BATCH_BYTES) }} 自动分批上传,不会卡页面。
+        </div>
+
+        <!-- 文件选择 + 拖拽 -->
+        <div class="drop-zone" @dragover.prevent @drop="onDropFiles">
+          <el-icon class="drop-ic"><Upload /></el-icon>
+          <div class="drop-text">
+            把 JSON 文件拖到这里,或
+            <label class="link">
+              <input type="file" accept=".json,.txt,application/json" multiple hidden @change="onPickFiles" />
+              选择文件
+            </label>
+          </div>
+          <div class="drop-sub">
+            已选 <b>{{ importForm.files.length }}</b> 个文件
+            <span v-if="importForm.files.length > 0"> · 合计 {{ humanSize(totalFileSize) }}</span>
+          </div>
+        </div>
+
+        <div v-if="importForm.files.length" class="file-list">
+          <div class="file-list-head">
+            <span>{{ importForm.files.length }} 个文件</span>
+            <el-button link type="danger" size="small" @click="clearFiles">清空</el-button>
+          </div>
+          <div class="file-list-body">
+            <div v-for="(f, i) in importForm.files.slice(0, 50)" :key="i" class="file-row">
+              <span class="fname">{{ f.name }}</span>
+              <span class="fsize">{{ humanSize(f.size) }}</span>
+              <el-button link size="small" @click="removeFile(i)">×</el-button>
+            </div>
+            <div v-if="importForm.files.length > 50" class="muted" style="text-align:center;margin-top:6px">
+              ……另有 {{ importForm.files.length - 50 }} 个文件未展示
+            </div>
+          </div>
+        </div>
+
+        <el-divider content-position="left">或粘贴 JSON 文本</el-divider>
+        <el-input
+          v-model="importForm.text"
+          type="textarea" :rows="5"
+          placeholder="粘贴 sub2api 或 token_*.json 内容,多个 JSON 可以直接换行拼接(JSONL)"
+          spellcheck="false"
+        />
+      </template>
+
+      <!-- AT 模式 -->
+      <template v-else-if="importMode === 'at'">
+        <div class="tip">
+          一行一个 <b>access_token</b>(eyJ... 开头的 JWT)。
+          服务端会解析 JWT payload 里的 email 作为账号唯一键,若 AT 里没有 email 字段,该行会进入失败列表。
+        </div>
+        <el-input
+          v-model="importForm.tokens_text"
+          type="textarea" :rows="10"
+          placeholder="eyJhbGci...&#10;eyJhbGci...&#10;..."
+          spellcheck="false"
+        />
+        <div class="token-count">共 {{ tokenLineCount }} 行</div>
+      </template>
+
+      <!-- RT 模式 -->
+      <template v-else-if="importMode === 'rt'">
+        <div class="tip">
+          一行一个 <b>refresh_token</b>。系统会用你填写的 <b>APPID(client_id)</b> 向
+          <code>auth.openai.com/oauth/token</code> 换出 AT,再从 AT 解出 email 后入库。
+          <strong class="warn">需要选择代理,否则大概率超时。</strong>
+        </div>
+        <el-input
+          v-model="importForm.tokens_text"
+          type="textarea" :rows="9"
+          placeholder="v1.rt_...&#10;v1.rt_...&#10;..."
+          spellcheck="false"
+        />
+        <div class="token-count">共 {{ tokenLineCount }} 行</div>
+      </template>
+
+      <!-- ST 模式 -->
+      <template v-else-if="importMode === 'st'">
+        <div class="tip">
+          一行一个 <b>session_token</b>(浏览器 cookie 里的 <code>__Secure-next-auth.session-token</code>)。
+          系统会用它调 <code>chatgpt.com/api/auth/session</code> 换出 AT,再从 AT 解 email。
+          <strong class="warn">ST 模式必须有代理(chatgpt.com 国内不可直连)。</strong>
+        </div>
+        <el-input
+          v-model="importForm.tokens_text"
+          type="textarea" :rows="10"
+          placeholder="eyJhbGci...&#10;eyJhbGci...&#10;..."
+          spellcheck="false"
+        />
+        <div class="token-count">共 {{ tokenLineCount }} 行</div>
+      </template>
+
+      <div style="margin-top: 14px; display: flex; flex-wrap: wrap; gap: 14px; align-items: center">
+        <el-checkbox v-model="importForm.update_existing">邮箱已存在则更新 token</el-checkbox>
+        <div>
+          <span class="muted" style="margin-right: 6px">
+            {{ importMode === 'rt' ? 'APPID(client_id,必填)' : 'client_id' }}
+          </span>
+          <el-input
+            v-model="importForm.default_client_id"
+            size="small" style="width: 280px"
+            :placeholder="importMode === 'rt' ? 'app_xxxxxxxxxxxxxxxxxxxxxxxx(必填)' : '可选,默认 ChatGPT iOS'"
+          />
+        </div>
+        <div>
+          <span class="muted" style="margin-right: 6px">
+            {{ importMode === 'st' || importMode === 'rt' ? '代理(强烈推荐)' : '默认代理' }}
+          </span>
+          <el-select v-model="importForm.default_proxy_id" clearable size="small" style="width: 220px">
+            <el-option :value="0" label="不绑定" />
+            <el-option v-for="p in proxies" :key="p.id" :label="`#${p.id} ${p.remark || p.host}:${p.port}`" :value="p.id" />
+          </el-select>
+        </div>
+      </div>
+
+      <!-- 进度条 -->
+      <div v-if="importProgress.running || importResult" class="progress">
+        <div class="progress-head">
+          <span v-if="importProgress.running">
+            正在导入:第 <b>{{ importProgress.current }}</b> / {{ importProgress.totalBatches }} 批
+          </span>
+          <span v-else>
+            导入已完成
+          </span>
+          <span class="stat">
+            <el-tag type="success" size="small">+{{ importProgress.created }}</el-tag>
+            <el-tag type="warning" size="small">~{{ importProgress.updated }}</el-tag>
+            <el-tag type="info" size="small">跳过 {{ importProgress.skipped }}</el-tag>
+            <el-tag type="danger" size="small">失败 {{ importProgress.failed }}</el-tag>
+          </span>
+        </div>
+        <el-progress
+          :percentage="importProgress.totalBatches > 0
+            ? Math.round((importProgress.current / importProgress.totalBatches) * 100)
+            : 0"
+          :status="importProgress.running ? '' : (importProgress.failed > 0 ? 'warning' : 'success')"
+        />
+      </div>
+
+      <!-- 错误/跳过明细 -->
+      <div v-if="importLastErrors.length" class="err-list">
+        <div class="err-list-head">未成功明细({{ importLastErrors.length }})</div>
+        <el-table :data="importLastErrors" size="small" max-height="220">
+          <el-table-column prop="email" label="邮箱" min-width="200" />
+          <el-table-column label="状态" width="90">
+            <template #default="{ row }">
+              <el-tag size="small" :type="row.status === 'failed' ? 'danger' : 'info'">
+                {{ row.status === 'failed' ? '失败' : '跳过' }}
+              </el-tag>
+            </template>
+          </el-table-column>
+          <el-table-column prop="reason" label="原因" min-width="240" show-overflow-tooltip />
+        </el-table>
+      </div>
+
+      <template #footer>
+        <el-button :disabled="importing" @click="importDlg = false">关闭</el-button>
+        <el-button type="primary" :loading="importing" @click="doImport">
+          开始导入
+          <span v-if="importMode === 'json' && importForm.files.length > 0">
+            ({{ importForm.files.length }} 个文件)
+          </span>
+          <span v-else-if="importMode !== 'json' && tokenLineCount > 0">
+            ({{ tokenLineCount }} 条 {{ importMode.toUpperCase() }})
+          </span>
+        </el-button>
+      </template>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.hdr { margin-bottom: 14px !important; }
+.hdr-left .page-sub {
+  color: var(--el-text-color-secondary);
+  font-size: 13px;
+  margin-top: 4px;
+}
+.actions {
+  display: flex;
+  gap: 8px;
+  flex-wrap: wrap;
+}
+.flex-between {
+  display: flex; align-items: center; justify-content: space-between; gap: 16px;
+}
+
+.filter-form :deep(.el-form-item) { margin-bottom: 0; }
+.auto-refresh-item { margin-left: 4px; }
+.auto-refresh-hint {
+  color: var(--el-text-color-secondary);
+  font-size: 12px;
+  margin-left: 4px;
+}
+
+.email {
+  color: var(--el-text-color-primary);
+  overflow: hidden; text-overflow: ellipsis; white-space: nowrap;
+  display: inline-block; max-width: 100%;
+}
+
+.refresh-cell {
+  display: flex; align-items: center; gap: 6px;
+  overflow: hidden; text-overflow: ellipsis; white-space: nowrap;
+}
+
+.creds { display: flex; gap: 4px; }
+.quota b { color: var(--el-color-primary); font-weight: 600; }
+.muted { color: var(--el-text-color-secondary); }
+.warn  { color: var(--el-color-warning); font-weight: 500; }
+.err   {
+  color: var(--el-color-danger);
+  font-size: 12px;
+  white-space: nowrap; overflow: hidden; text-overflow: ellipsis;
+  margin-top: 2px;
+}
+
+.token-field {
+  display: flex; align-items: flex-start; gap: 8px; width: 100%;
+  :deep(.el-textarea) { flex: 1; }
+}
+
+.pager {
+  display: flex; justify-content: flex-end;
+  margin-top: 14px;
+}
+
+/* ====== 批量导入弹窗 ====== */
+.import-tabs {
+  margin-top: -8px;
+  margin-bottom: 10px;
+  :deep(.el-tabs__header) { margin-bottom: 12px; }
+}
+.tip {
+  color: var(--el-text-color-secondary);
+  font-size: 13px; line-height: 1.6;
+  background: var(--el-fill-color-light);
+  padding: 10px 12px;
+  border-radius: 8px;
+  margin-bottom: 12px;
+  code {
+    background: rgba(0, 0, 0, 0.06);
+    padding: 1px 6px;
+    border-radius: 4px;
+    font-family: inherit;
+  }
+  .warn {
+    color: var(--el-color-warning);
+    margin-left: 4px;
+  }
+}
+.token-count {
+  text-align: right;
+  font-size: 12px;
+  color: var(--el-text-color-secondary);
+  margin-top: 6px;
+}
+
+.drop-zone {
+  border: 1.5px dashed var(--el-border-color);
+  border-radius: 10px;
+  padding: 22px 14px;
+  text-align: center;
+  background: var(--el-fill-color-lighter);
+  transition: border-color 0.15s, background-color 0.15s;
+  &:hover {
+    border-color: var(--el-color-primary);
+    background: var(--el-color-primary-light-9);
+  }
+  .drop-ic {
+    font-size: 30px; color: var(--el-color-primary); margin-bottom: 6px;
+  }
+  .drop-text {
+    font-size: 14px;
+    color: var(--el-text-color-primary);
+    .link {
+      color: var(--el-color-primary);
+      cursor: pointer;
+      text-decoration: underline;
+      margin-left: 2px;
+    }
+  }
+  .drop-sub {
+    margin-top: 6px;
+    font-size: 12px;
+    color: var(--el-text-color-secondary);
+  }
+}
+
+.file-list {
+  margin-top: 10px;
+  border: 1px solid var(--el-border-color-lighter);
+  border-radius: 8px;
+  max-height: 200px;
+  overflow: auto;
+  padding: 8px 10px;
+  .file-list-head {
+    display: flex; justify-content: space-between; align-items: center;
+    padding-bottom: 4px;
+    color: var(--el-text-color-secondary);
+    font-size: 12px;
+    border-bottom: 1px dashed var(--el-border-color-lighter);
+    margin-bottom: 4px;
+  }
+  .file-row {
+    display: flex; align-items: center; justify-content: space-between;
+    padding: 4px 0;
+    font-size: 13px;
+    .fname { flex: 1; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+    .fsize { color: var(--el-text-color-secondary); margin: 0 8px; font-variant-numeric: tabular-nums; }
+  }
+}
+
+.progress {
+  margin-top: 16px;
+  padding: 12px 14px;
+  background: var(--el-fill-color-lighter);
+  border-radius: 8px;
+  .progress-head {
+    display: flex; justify-content: space-between; align-items: center;
+    margin-bottom: 6px;
+    .stat { display: flex; gap: 6px; }
+  }
+}
+
+.err-list {
+  margin-top: 12px;
+  .err-list-head {
+    color: var(--el-color-danger);
+    font-weight: 500;
+    margin-bottom: 6px;
+  }
+}
+</style>
diff --git a/web/src/views/admin/AdminKeys.vue b/web/src/views/admin/AdminKeys.vue
new file mode 100644
index 00000000..549b70ec
--- /dev/null
+++ b/web/src/views/admin/AdminKeys.vue
@@ -0,0 +1,171 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted, computed } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import * as statsApi from '@/api/stats'
+import { nullVal } from '@/utils/format'
+
+const loading = ref(false)
+const rows = ref<statsApi.AdminKeyRow[]>([])
+const total = ref(0)
+
+const filter = reactive({
+  q: '',
+  user_id: undefined as number | undefined,
+  enabled: '' as '' | '1' | '0',
+  limit: 20,
+  offset: 0,
+})
+
+async function load() {
+  loading.value = true
+  try {
+    const d = await statsApi.listAdminKeys({
+      q: filter.q || undefined,
+      user_id: filter.user_id || undefined,
+      enabled: filter.enabled || undefined,
+      limit: filter.limit,
+      offset: filter.offset,
+    })
+    rows.value = d.items
+    total.value = d.total
+  } finally { loading.value = false }
+}
+
+function reset() {
+  filter.q = ''
+  filter.user_id = undefined
+  filter.enabled = ''
+  filter.offset = 0
+  load()
+}
+
+async function toggle(row: statsApi.AdminKeyRow) {
+  const next = !row.enabled
+  await ElMessageBox.confirm(
+    `确认${next ? '启用' : '禁用'} #${row.id}${row.name}(用户 ${row.user_email})?`,
+    '操作确认',
+    { type: 'warning' },
+  )
+  await statsApi.setAdminKeyEnabled(row.id, next)
+  ElMessage.success('已更新')
+  load()
+}
+
+function usagePercent(r: statsApi.AdminKeyRow) {
+  if (!r.quota_limit) return 0
+  return Math.min(100, Math.round((r.quota_used / r.quota_limit) * 100))
+}
+
+const currentPage = computed<number>({
+  get() { return Math.floor(filter.offset / filter.limit) + 1 },
+  set(v) { filter.offset = (v - 1) * filter.limit },
+})
+
+onMounted(load)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <h2 class="page-title" style="margin:0">全局 API Key</h2>
+      <div style="color:var(--el-text-color-secondary);font-size:13px;margin:4px 0 10px">
+        跨用户查看和管控所有下游 Key,按名称 / 前缀 / 用户筛选,可直接禁用异常 Key。
+      </div>
+      <div class="flex-wrap-gap" style="margin:10px 0">
+        <el-input v-model="filter.q" placeholder="按名称 / prefix / 邮箱" style="width:240px" clearable
+                  @keyup.enter="load" />
+        <el-input-number v-model="filter.user_id" :min="1" placeholder="用户 ID" style="width:140px" />
+        <el-select v-model="filter.enabled" placeholder="状态" style="width:120px" clearable>
+          <el-option label="全部" value="" />
+          <el-option label="启用" value="1" />
+          <el-option label="禁用" value="0" />
+        </el-select>
+        <el-button type="primary" @click="load" :loading="loading">
+          <el-icon><Search /></el-icon> 查询
+        </el-button>
+        <el-button @click="reset">重置</el-button>
+      </div>
+
+      <el-table :data="rows" stripe v-loading="loading">
+        <el-table-column prop="id" label="ID" width="70" />
+        <el-table-column label="归属用户" min-width="200">
+          <template #default="{ row }">
+            <div><b>#{{ row.user_id }}</b></div>
+            <div style="font-size:12px;color:var(--el-text-color-secondary)">
+              {{ row.user_email || '—' }}
+            </div>
+          </template>
+        </el-table-column>
+        <el-table-column prop="name" label="名称" min-width="140" show-overflow-tooltip />
+        <el-table-column label="Prefix" width="130">
+          <template #default="{ row }"><code>{{ row.key_prefix }}</code></template>
+        </el-table-column>
+        <el-table-column label="额度" width="220">
+          <template #default="{ row }">
+            <div v-if="row.quota_limit > 0">
+              <el-progress :percentage="usagePercent(row)"
+                           :status="usagePercent(row) >= 90 ? 'exception' : undefined"
+                           :stroke-width="8" />
+              <div style="font-size:12px;color:var(--el-text-color-secondary);margin-top:2px">
+                {{ row.quota_used }} / {{ row.quota_limit }}
+              </div>
+            </div>
+            <span v-else style="color:var(--el-text-color-secondary)">不限</span>
+          </template>
+        </el-table-column>
+        <el-table-column label="限速" width="120">
+          <template #default="{ row }">
+            <div style="font-size:12px">rpm: {{ row.rpm || '∞' }}</div>
+            <div style="font-size:12px">tpm: {{ row.tpm || '∞' }}</div>
+          </template>
+        </el-table-column>
+        <el-table-column label="最近使用" width="170">
+          <template #default="{ row }">
+            <div style="font-size:12px">{{ nullVal(row.last_used_at) || '—' }}</div>
+            <div style="font-size:11px;color:var(--el-text-color-secondary)">
+              {{ row.last_used_ip || '' }}
+            </div>
+          </template>
+        </el-table-column>
+        <el-table-column label="状态" width="90">
+          <template #default="{ row }">
+            <el-tag :type="row.enabled ? 'success' : 'info'" size="small">
+              {{ row.enabled ? '启用' : '禁用' }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="操作" width="110" fixed="right">
+          <template #default="{ row }">
+            <el-button size="small" link :type="row.enabled ? 'danger' : 'primary'"
+                       @click="toggle(row)">
+              {{ row.enabled ? '禁用' : '启用' }}
+            </el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+
+      <el-pagination
+        style="margin-top:12px"
+        background
+        layout="total, prev, pager, next, sizes"
+        :total="total"
+        v-model:current-page="currentPage"
+        :page-sizes="[20, 50, 100]"
+        v-model:page-size="filter.limit"
+        @size-change="() => { filter.offset = 0; load() }"
+        @current-change="(p: number) => { filter.offset = (p - 1) * filter.limit; load() }"
+      />
+    </div>
+  </div>
+</template>
+
+<style scoped>
+code {
+  background: #f2f3f5;
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-size: 12px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+}
+:global(html.dark) code { background: #1d2026; }
+</style>
diff --git a/web/src/views/admin/Audit.vue b/web/src/views/admin/Audit.vue
new file mode 100644
index 00000000..1aba397e
--- /dev/null
+++ b/web/src/views/admin/Audit.vue
@@ -0,0 +1,109 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted } from 'vue'
+import * as adminApi from '@/api/admin'
+import { formatDateTime } from '@/utils/format'
+
+const loading = ref(false)
+const filter = reactive<adminApi.AuditFilter>({ action: '', actor_id: undefined, limit: 50, offset: 0 })
+const items = ref<adminApi.AuditLog[]>([])
+const total = ref(0)
+
+async function load() {
+  loading.value = true
+  try {
+    const d = await adminApi.listAudit({ ...filter, actor_id: filter.actor_id || undefined })
+    items.value = d.items
+    total.value = d.total
+  } finally { loading.value = false }
+}
+
+const detailDlg = ref(false)
+const detailRow = ref<adminApi.AuditLog | null>(null)
+function openDetail(row: adminApi.AuditLog) {
+  detailRow.value = row
+  detailDlg.value = true
+}
+
+onMounted(load)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <h2 class="page-title" style="margin:0">审计日志</h2>
+      <div style="color:var(--el-text-color-secondary);font-size:13px;margin:4px 0 12px">
+        记录全部管理员写操作(新增 / 修改 / 删除 / 调账 / 备份恢复),按 action 与操作者 ID 可精确回溯。
+      </div>
+      <el-form inline class="flex-wrap-gap" @submit.prevent="load">
+        <el-input v-model="filter.action" placeholder="action(如 users.update)" clearable style="width:220px" />
+        <el-input-number v-model="filter.actor_id" placeholder="操作者 ID" :min="0" style="width:170px" />
+        <el-button type="primary" @click="load"><el-icon><Search /></el-icon> 查询</el-button>
+      </el-form>
+
+      <el-table v-loading="loading" :data="items" stripe style="margin-top:12px">
+        <el-table-column prop="id" label="ID" width="80" />
+        <el-table-column label="操作者" min-width="200">
+          <template #default="{ row }">
+            <div>{{ row.actor_email || '-' }}</div>
+            <div style="font-size:12px;color:var(--el-text-color-secondary)">ID: {{ row.actor_id }}</div>
+          </template>
+        </el-table-column>
+        <el-table-column prop="action" label="Action" min-width="180" />
+        <el-table-column prop="method" label="Method" width="90" />
+        <el-table-column prop="path" label="Path" min-width="220" show-overflow-tooltip />
+        <el-table-column prop="status_code" label="Status" width="80" />
+        <el-table-column prop="target" label="Target" min-width="100" show-overflow-tooltip />
+        <el-table-column prop="ip" label="IP" width="120" />
+        <el-table-column label="时间" width="170">
+          <template #default="{ row }">{{ formatDateTime(row.created_at) }}</template>
+        </el-table-column>
+        <el-table-column label="" width="70" fixed="right">
+          <template #default="{ row }">
+            <el-button link type="primary" @click="openDetail(row)">详情</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+
+      <el-pagination style="margin-top:16px;display:flex;justify-content:flex-end"
+        :current-page="Math.floor((filter.offset || 0) / (filter.limit || 50)) + 1"
+        @current-change="(p: number) => { filter.offset = (p - 1) * (filter.limit || 50); load() }"
+        :page-size="filter.limit"
+        :total="total"
+        :page-sizes="[50, 100, 200]"
+        @size-change="(s: number) => { filter.limit = s; filter.offset = 0; load() }"
+        layout="total, sizes, prev, pager, next"
+      />
+    </div>
+
+    <el-dialog v-model="detailDlg" title="审计详情" width="620px">
+      <el-descriptions v-if="detailRow" :column="2" border size="small">
+        <el-descriptions-item label="ID">{{ detailRow.id }}</el-descriptions-item>
+        <el-descriptions-item label="时间">{{ formatDateTime(detailRow.created_at) }}</el-descriptions-item>
+        <el-descriptions-item label="Action">{{ detailRow.action }}</el-descriptions-item>
+        <el-descriptions-item label="Status">{{ detailRow.status_code }}</el-descriptions-item>
+        <el-descriptions-item label="Method">{{ detailRow.method }}</el-descriptions-item>
+        <el-descriptions-item label="Path">{{ detailRow.path }}</el-descriptions-item>
+        <el-descriptions-item label="Actor">{{ detailRow.actor_email }} (#{{ detailRow.actor_id }})</el-descriptions-item>
+        <el-descriptions-item label="IP">{{ detailRow.ip }}</el-descriptions-item>
+        <el-descriptions-item label="UA" :span="2">{{ detailRow.ua }}</el-descriptions-item>
+        <el-descriptions-item label="Target" :span="2">{{ detailRow.target || '-' }}</el-descriptions-item>
+        <el-descriptions-item label="Meta" :span="2">
+          <pre class="meta">{{ typeof detailRow.meta === 'string' ? detailRow.meta : JSON.stringify(detailRow.meta, null, 2) }}</pre>
+        </el-descriptions-item>
+      </el-descriptions>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.meta {
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+  background: #f7f8fa;
+  padding: 8px;
+  border-radius: 4px;
+  max-height: 280px;
+  overflow: auto;
+  margin: 0;
+}
+</style>
diff --git a/web/src/views/admin/Backup.vue b/web/src/views/admin/Backup.vue
new file mode 100644
index 00000000..43b14f3c
--- /dev/null
+++ b/web/src/views/admin/Backup.vue
@@ -0,0 +1,176 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import * as backupApi from '@/api/backup'
+import { formatBytes, formatDateTime } from '@/utils/format'
+
+const loading = ref(false)
+const items = ref<backupApi.BackupFile[]>([])
+const total = ref(0)
+const allowRestore = ref(false)
+const maxUploadMB = ref(512)
+const page = reactive({ limit: 50, offset: 0 })
+const creating = ref(false)
+
+async function load() {
+  loading.value = true
+  try {
+    const d = await backupApi.listBackups(page.limit, page.offset)
+    items.value = d.items
+    total.value = d.total
+    allowRestore.value = d.allow_restore
+    maxUploadMB.value = d.max_upload_mb
+  } finally { loading.value = false }
+}
+
+async function onCreate() {
+  creating.value = true
+  try {
+    await backupApi.createBackup(true)
+    ElMessage.success('备份已创建')
+    load()
+  } finally { creating.value = false }
+}
+
+function download(row: backupApi.BackupFile) {
+  return backupApi.downloadBackup(row.backup_id, row.file_name)
+}
+
+async function onDelete(row: backupApi.BackupFile) {
+  const { value: pwd } = await ElMessageBox.prompt(
+    `确认删除 ${row.file_name}?请输入管理员密码:`, '删除备份',
+    { inputType: 'password', confirmButtonText: '删除', cancelButtonText: '取消', type: 'warning' },
+  ).catch(() => ({ value: null }))
+  if (!pwd) return
+  await backupApi.deleteBackup(row.backup_id, pwd)
+  ElMessage.success('已删除')
+  load()
+}
+
+async function onRestore(row: backupApi.BackupFile) {
+  if (!allowRestore.value) return ElMessage.error('后端未启用恢复功能')
+  await ElMessageBox.confirm(
+    `恢复会覆盖当前数据库!此操作不可撤销。你已理解风险并希望继续?`,
+    '恢复数据库', { type: 'error', confirmButtonText: '我确认继续', cancelButtonText: '取消' },
+  )
+  const { value: pwd } = await ElMessageBox.prompt(
+    `最后一次确认:输入你的管理员密码。`, '恢复数据库',
+    { inputType: 'password', confirmButtonText: '执行恢复', cancelButtonText: '取消', type: 'error' },
+  ).catch(() => ({ value: null }))
+  if (!pwd) return
+  ElMessage.info('正在恢复,请稍候…')
+  await backupApi.restoreBackup(row.backup_id, pwd)
+  ElMessage.success('恢复成功,请刷新页面')
+}
+
+// ---- 上传 ----
+const uploadDlg = ref(false)
+const uploadFile = ref<File | null>(null)
+const uploadPwd = ref('')
+const uploadPct = ref(0)
+const uploading = ref(false)
+
+function pickFile(e: Event) {
+  const t = e.target as HTMLInputElement
+  uploadFile.value = t.files?.[0] || null
+}
+async function doUpload() {
+  if (!uploadFile.value) return ElMessage.warning('请选择 .sql.gz 文件')
+  if (!uploadPwd.value) return ElMessage.warning('请输入管理员密码')
+  uploading.value = true
+  uploadPct.value = 0
+  try {
+    await backupApi.uploadBackup(uploadFile.value, uploadPwd.value, (p) => (uploadPct.value = p))
+    ElMessage.success('上传成功')
+    uploadDlg.value = false
+    uploadFile.value = null
+    uploadPwd.value = ''
+    load()
+  } finally { uploading.value = false }
+}
+
+onMounted(load)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:12px">
+        <div>
+          <h2 class="page-title" style="margin:0">数据备份</h2>
+          <div style="color:var(--el-text-color-secondary);font-size:13px;margin-top:4px">
+            本地最多保留 {{ total }} 个备份文件,上传单文件上限
+            <el-tag size="small">{{ maxUploadMB }} MB</el-tag>
+            · 恢复功能:
+            <el-tag :type="allowRestore ? 'success' : 'info'" size="small">
+              {{ allowRestore ? '已启用' : '已禁用(需后端 backup.allow_restore=true)' }}
+            </el-tag>
+          </div>
+        </div>
+        <div class="flex-wrap-gap">
+          <el-button @click="uploadDlg = true"><el-icon><Upload /></el-icon> 上传</el-button>
+          <el-button type="primary" :loading="creating" @click="onCreate">
+            <el-icon><FolderAdd /></el-icon> 立即备份
+          </el-button>
+        </div>
+      </div>
+
+      <el-table v-loading="loading" :data="items" stripe>
+        <el-table-column prop="backup_id" label="ID" width="220" />
+        <el-table-column prop="file_name" label="文件" min-width="240" show-overflow-tooltip />
+        <el-table-column label="大小" width="100">
+          <template #default="{ row }">{{ formatBytes(row.size_bytes) }}</template>
+        </el-table-column>
+        <el-table-column label="来源" width="90">
+          <template #default="{ row }">
+            <el-tag size="small">{{ row.trigger }}</el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="状态" width="90">
+          <template #default="{ row }">
+            <el-tag :type="row.status === 'ready' ? 'success' : row.status === 'failed' ? 'danger' : 'info'"
+                    size="small">
+              {{ row.status }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="创建时间" width="170">
+          <template #default="{ row }">{{ formatDateTime(row.created_at) }}</template>
+        </el-table-column>
+        <el-table-column prop="sha256" label="SHA256" min-width="180" show-overflow-tooltip />
+        <el-table-column label="操作" width="240" fixed="right">
+          <template #default="{ row }">
+            <el-button size="small" link type="primary"
+                       :disabled="row.status !== 'ready'" @click="download(row)">下载</el-button>
+            <el-button size="small" link type="warning"
+                       :disabled="!allowRestore || row.status !== 'ready'" @click="onRestore(row)">恢复</el-button>
+            <el-button size="small" link type="danger" @click="onDelete(row)">删除</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+    </div>
+
+    <el-dialog v-model="uploadDlg" title="上传备份" width="460px">
+      <el-alert type="info" :closable="false" show-icon style="margin-bottom:12px"
+                title="仅接受 .sql.gz 格式;恢复仍需单独操作。" />
+      <el-form label-width="110px">
+        <el-form-item label="文件">
+          <input type="file" accept=".gz,.sql.gz" @change="pickFile" />
+          <div v-if="uploadFile" style="font-size:12px;margin-top:6px;color:var(--el-text-color-secondary)">
+            已选择 {{ uploadFile.name }} · {{ formatBytes(uploadFile.size) }}
+          </div>
+        </el-form-item>
+        <el-form-item label="管理员密码">
+          <el-input v-model="uploadPwd" type="password" show-password />
+        </el-form-item>
+        <el-form-item v-if="uploading" label="进度">
+          <el-progress :percentage="uploadPct" />
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="uploadDlg = false">取消</el-button>
+        <el-button type="primary" :loading="uploading" @click="doUpload">上传</el-button>
+      </template>
+    </el-dialog>
+  </div>
+</template>
diff --git a/web/src/views/admin/Channels.vue b/web/src/views/admin/Channels.vue
new file mode 100644
index 00000000..d91f78b1
--- /dev/null
+++ b/web/src/views/admin/Channels.vue
@@ -0,0 +1,461 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted, computed } from 'vue'
+import { ElMessage, ElMessageBox, type FormInstance, type FormRules } from 'element-plus'
+import { Plus } from '@element-plus/icons-vue'
+import * as channelsApi from '@/api/channels'
+import { useUserStore } from '@/stores/user'
+
+const userStore = useUserStore()
+const canWrite = computed(() => userStore.hasPerm('channel:write'))
+
+const loading = ref(false)
+const rows = ref<channelsApi.Channel[]>([])
+const total = ref(0)
+const page = ref(1)
+const pageSize = ref(20)
+
+async function load() {
+  loading.value = true
+  try {
+    const d = await channelsApi.listChannels({ page: page.value, page_size: pageSize.value })
+    rows.value = d.list
+    total.value = d.total
+  } finally { loading.value = false }
+}
+
+// ---------- 渠道增删改 ----------
+type EditState = 'create' | 'edit'
+const dlgVisible = ref(false)
+const dlgState = ref<EditState>('create')
+const dlgLoading = ref(false)
+const formRef = ref<FormInstance>()
+
+const emptyForm = (): channelsApi.ChannelUpsert & { id: number } => ({
+  id: 0,
+  name: '',
+  type: 'openai',
+  base_url: 'https://api.openai.com',
+  api_key: '',
+  enabled: true,
+  priority: 100,
+  weight: 1,
+  timeout_s: 120,
+  ratio: 1.0,
+  extra: '',
+  remark: '',
+})
+const form = reactive(emptyForm())
+
+const rules: FormRules = {
+  name: [{ required: true, message: '请输入渠道名', trigger: 'blur' }],
+  type: [{ required: true, message: '请选择类型', trigger: 'change' }],
+  base_url: [{ required: true, message: '请输入 base_url', trigger: 'blur' }],
+}
+
+function openCreate() {
+  Object.assign(form, emptyForm())
+  dlgState.value = 'create'
+  dlgVisible.value = true
+}
+function openEdit(row: channelsApi.Channel) {
+  Object.assign(form, {
+    id: row.id,
+    name: row.name,
+    type: row.type,
+    base_url: row.base_url,
+    api_key: '', // 不回填明文,空串表示不修改
+    enabled: row.enabled,
+    priority: row.priority,
+    weight: row.weight,
+    timeout_s: row.timeout_s,
+    ratio: row.ratio,
+    extra: row.extra || '',
+    remark: row.remark || '',
+  })
+  dlgState.value = 'edit'
+  dlgVisible.value = true
+}
+
+function onPickType(t: 'openai' | 'gemini') {
+  form.type = t
+  if (t === 'gemini') {
+    if (!form.base_url || form.base_url.startsWith('https://api.openai')) {
+      form.base_url = 'https://generativelanguage.googleapis.com'
+    }
+  } else {
+    if (!form.base_url || form.base_url.includes('googleapis')) {
+      form.base_url = 'https://api.openai.com'
+    }
+  }
+}
+
+async function submit() {
+  if (!formRef.value) return
+  const valid = await formRef.value.validate().catch(() => false)
+  if (!valid) return
+  const payload: channelsApi.ChannelUpsert = { ...form }
+  dlgLoading.value = true
+  try {
+    if (dlgState.value === 'create') {
+      await channelsApi.createChannel(payload)
+      ElMessage.success('创建成功')
+    } else {
+      await channelsApi.updateChannel(form.id, payload)
+      ElMessage.success('保存成功')
+    }
+    dlgVisible.value = false
+    load()
+  } finally { dlgLoading.value = false }
+}
+
+async function onDelete(row: channelsApi.Channel) {
+  await ElMessageBox.confirm(
+    `删除渠道 "${row.name}" 吗?相关模型映射会一并删除。`,
+    '删除确认', { type: 'warning' },
+  ).catch(() => null).then(async (r) => {
+    if (!r) return
+    await channelsApi.deleteChannel(row.id)
+    ElMessage.success('已删除')
+    load()
+  })
+}
+
+const testingId = ref(0)
+async function onTest(row: channelsApi.Channel) {
+  testingId.value = row.id
+  try {
+    const res = await channelsApi.testChannel(row.id)
+    if (res.ok) {
+      ElMessage.success(`连接正常(${res.latency_ms} ms)`)
+    } else {
+      ElMessage.error(`连接失败:${res.error || ''}`)
+    }
+    load()
+  } finally { testingId.value = 0 }
+}
+
+// ---------- 模型映射 ----------
+const mapDlgVisible = ref(false)
+const mapChannel = ref<channelsApi.Channel | null>(null)
+const mappings = ref<channelsApi.Mapping[]>([])
+const mapLoading = ref(false)
+
+async function openMappings(row: channelsApi.Channel) {
+  mapChannel.value = row
+  mapDlgVisible.value = true
+  await loadMappings()
+}
+
+async function loadMappings() {
+  if (!mapChannel.value) return
+  mapLoading.value = true
+  try {
+    const d = await channelsApi.listMappings(mapChannel.value.id)
+    mappings.value = d.list || []
+  } finally { mapLoading.value = false }
+}
+
+const mapForm = reactive<channelsApi.MappingUpsert>({
+  local_model: '',
+  upstream_model: '',
+  modality: 'text',
+  enabled: true,
+  priority: 100,
+})
+const mapEditingId = ref(0)
+
+function resetMapForm() {
+  mapForm.local_model = ''
+  mapForm.upstream_model = ''
+  mapForm.modality = 'text'
+  mapForm.enabled = true
+  mapForm.priority = 100
+  mapEditingId.value = 0
+}
+
+async function submitMapping() {
+  if (!mapChannel.value) return
+  if (!mapForm.local_model || !mapForm.upstream_model) {
+    ElMessage.warning('本地模型与上游模型名都不能为空')
+    return
+  }
+  try {
+    if (mapEditingId.value > 0) {
+      await channelsApi.updateMapping(mapEditingId.value, { ...mapForm })
+      ElMessage.success('已更新')
+    } else {
+      await channelsApi.createMapping(mapChannel.value.id, { ...mapForm })
+      ElMessage.success('已添加')
+    }
+    resetMapForm()
+    await loadMappings()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '保存失败')
+  }
+}
+
+function editMapping(m: channelsApi.Mapping) {
+  mapForm.local_model = m.local_model
+  mapForm.upstream_model = m.upstream_model
+  mapForm.modality = m.modality
+  mapForm.enabled = m.enabled
+  mapForm.priority = m.priority
+  mapEditingId.value = m.id
+}
+
+async function delMapping(m: channelsApi.Mapping) {
+  await ElMessageBox.confirm(`删除映射 ${m.local_model} → ${m.upstream_model} 吗?`,
+    '删除确认', { type: 'warning' }).catch(() => null).then(async (r) => {
+    if (!r) return
+    await channelsApi.deleteMapping(m.id)
+    await loadMappings()
+  })
+}
+
+onMounted(load)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:12px">
+        <div>
+          <h2 class="page-title" style="margin:0">上游渠道</h2>
+          <div style="color:var(--el-text-color-secondary);font-size:13px;margin-top:4px">
+            除内置 ChatGPT 账号池外的外置 API 渠道(OpenAI / Gemini 兼容)。
+            一个本地模型可映射到多个渠道以实现负载均衡与故障转移。
+          </div>
+        </div>
+        <el-button v-if="canWrite" type="primary" :icon="Plus" @click="openCreate">
+          新增渠道
+        </el-button>
+      </div>
+
+      <el-table v-loading="loading" :data="rows" stripe>
+        <el-table-column prop="id" label="ID" width="60" />
+        <el-table-column prop="name" label="名称" min-width="150" />
+        <el-table-column label="类型" width="100">
+          <template #default="{ row }">
+            <el-tag :type="row.type === 'openai' ? 'primary' : 'success'" size="small">
+              {{ row.type }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column prop="base_url" label="Base URL" min-width="240" show-overflow-tooltip>
+          <template #default="{ row }"><code>{{ row.base_url }}</code></template>
+        </el-table-column>
+        <el-table-column label="API Key" width="160">
+          <template #default="{ row }"><code>{{ row.api_key_masked }}</code></template>
+        </el-table-column>
+        <el-table-column label="优先级" width="80" prop="priority" />
+        <el-table-column label="倍率" width="80">
+          <template #default="{ row }">×{{ row.ratio }}</template>
+        </el-table-column>
+        <el-table-column label="状态" width="110">
+          <template #default="{ row }">
+            <el-tag
+              :type="row.status === 'healthy' ? 'success' : 'danger'"
+              size="small"
+            >
+              {{ row.status === 'healthy' ? '健康' : '异常' }}
+            </el-tag>
+            <el-tag
+              v-if="!row.enabled"
+              type="info"
+              size="small"
+              style="margin-left:6px"
+            >
+              已停用
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="最近探测" min-width="200">
+          <template #default="{ row }">
+            <div v-if="row.last_test_at" style="font-size:12px;line-height:1.5">
+              <div>{{ new Date(row.last_test_at).toLocaleString() }}</div>
+              <div v-if="!row.last_test_ok" style="color:var(--el-color-danger)">
+                {{ row.last_test_error || '失败' }}
+              </div>
+            </div>
+            <span v-else style="color:var(--el-text-color-secondary)">-</span>
+          </template>
+        </el-table-column>
+        <el-table-column label="操作" width="280" fixed="right">
+          <template #default="{ row }">
+            <el-button
+              size="small" link type="primary"
+              :loading="testingId === row.id"
+              @click="onTest(row)"
+            >测试</el-button>
+            <el-button
+              v-if="canWrite"
+              size="small" link type="primary"
+              @click="openMappings(row)"
+            >模型映射</el-button>
+            <el-button
+              v-if="canWrite"
+              size="small" link type="primary"
+              @click="openEdit(row)"
+            >编辑</el-button>
+            <el-button
+              v-if="canWrite"
+              size="small" link type="danger"
+              @click="onDelete(row)"
+            >删除</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+
+      <div style="margin-top:12px;text-align:right">
+        <el-pagination
+          v-model:current-page="page"
+          v-model:page-size="pageSize"
+          :total="total"
+          :page-sizes="[10, 20, 50]"
+          layout="total, sizes, prev, pager, next"
+          @current-change="load"
+          @size-change="load"
+          background
+        />
+      </div>
+    </div>
+
+    <!-- 新增 / 编辑弹窗 -->
+    <el-dialog
+      v-model="dlgVisible"
+      :title="dlgState === 'create' ? '新增渠道' : `编辑渠道 · ${form.name}`"
+      width="680px"
+      destroy-on-close
+    >
+      <el-form ref="formRef" :model="form" :rules="rules" label-width="120px">
+        <el-form-item label="名称" prop="name">
+          <el-input v-model="form.name" placeholder="自定义备注名,如 OpenAI-Main" />
+        </el-form-item>
+        <el-form-item label="类型" prop="type">
+          <el-radio-group :model-value="form.type" @update:model-value="(v: any) => onPickType(v)">
+            <el-radio-button label="openai">OpenAI 兼容</el-radio-button>
+            <el-radio-button label="gemini">Gemini 兼容</el-radio-button>
+          </el-radio-group>
+          <div class="hint">
+            OpenAI 兼容:DeepSeek / Moonshot / one-api 等都是这一类。<br>
+            Gemini 兼容:generativelanguage.googleapis.com 或其兼容代理。
+          </div>
+        </el-form-item>
+        <el-form-item label="Base URL" prop="base_url">
+          <el-input v-model="form.base_url" placeholder="例如 https://api.openai.com" />
+          <div class="hint">
+            OpenAI 类填到根,<code>/v1/...</code> 由系统自动拼接;Gemini 类填到
+            <code>https://...googleapis.com</code> 即可。
+          </div>
+        </el-form-item>
+        <el-form-item label="API Key">
+          <el-input
+            v-model="form.api_key"
+            type="password"
+            show-password
+            :placeholder="dlgState === 'edit' ? '留空表示不修改' : '请输入 API Key'"
+          />
+        </el-form-item>
+        <el-form-item label="优先级">
+          <el-input-number v-model="form.priority" :min="0" :max="1000" />
+          <div class="hint">越小越优先。同模型下按此值升序选取渠道。</div>
+        </el-form-item>
+        <el-form-item label="倍率">
+          <el-input-number v-model="form.ratio" :min="0.01" :step="0.1" :precision="2" />
+          <div class="hint">渠道级计费倍率。最终价格 = 模型定价 × 用户分组倍率 × 此渠道倍率。</div>
+        </el-form-item>
+        <el-form-item label="权重">
+          <el-input-number v-model="form.weight" :min="1" />
+          <div class="hint">(保留)同优先级内加权轮询,默认 1 即可。</div>
+        </el-form-item>
+        <el-form-item label="超时(秒)">
+          <el-input-number v-model="form.timeout_s" :min="10" :max="600" />
+        </el-form-item>
+        <el-form-item label="备注">
+          <el-input v-model="form.remark" maxlength="255" show-word-limit />
+        </el-form-item>
+        <el-form-item label="启用">
+          <el-switch v-model="form.enabled" />
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="dlgVisible = false">取消</el-button>
+        <el-button type="primary" :loading="dlgLoading" @click="submit">保存</el-button>
+      </template>
+    </el-dialog>
+
+    <!-- 模型映射弹窗 -->
+    <el-dialog
+      v-model="mapDlgVisible"
+      :title="`模型映射 · ${mapChannel?.name || ''}`"
+      width="760px"
+      @close="resetMapForm"
+    >
+      <div class="map-form-row">
+        <el-input v-model="mapForm.local_model" placeholder="本地模型 slug(如 gpt-4o)" style="width:180px" />
+        <el-input v-model="mapForm.upstream_model" placeholder="上游模型名(如 gpt-4o-mini / gemini-2.5-flash)" style="width:260px" />
+        <el-select v-model="mapForm.modality" style="width:110px">
+          <el-option label="文字" value="text" />
+          <el-option label="图片" value="image" />
+          <el-option label="视频" value="video" />
+        </el-select>
+        <el-input-number v-model="mapForm.priority" :min="0" :max="1000" style="width:100px" />
+        <el-switch v-model="mapForm.enabled" />
+        <el-button type="primary" :icon="Plus" @click="submitMapping">
+          {{ mapEditingId ? '更新' : '添加' }}
+        </el-button>
+        <el-button v-if="mapEditingId" @click="resetMapForm">取消编辑</el-button>
+      </div>
+      <div class="hint" style="margin-bottom:8px">
+        本地 slug 需先在「模型配置」中存在;同一个本地 slug 可以在多个渠道下映射,
+        调度时按渠道优先级 + 映射优先级挑选。
+      </div>
+      <el-table v-loading="mapLoading" :data="mappings" stripe size="small">
+        <el-table-column prop="id" label="ID" width="60" />
+        <el-table-column prop="local_model" label="本地模型" min-width="150">
+          <template #default="{ row }"><code>{{ row.local_model }}</code></template>
+        </el-table-column>
+        <el-table-column prop="upstream_model" label="上游模型" min-width="200">
+          <template #default="{ row }"><code>{{ row.upstream_model }}</code></template>
+        </el-table-column>
+        <el-table-column label="模态" width="80">
+          <template #default="{ row }">
+            <el-tag
+              size="small"
+              :type="row.modality === 'image' ? 'warning' : row.modality === 'video' ? 'danger' : 'primary'"
+            >{{ row.modality }}</el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="优先级" width="80" prop="priority" />
+        <el-table-column label="状态" width="80">
+          <template #default="{ row }">
+            <el-tag :type="row.enabled ? 'success' : 'info'" size="small">
+              {{ row.enabled ? '启用' : '停用' }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="操作" width="140">
+          <template #default="{ row }">
+            <el-button size="small" link type="primary" @click="editMapping(row)">编辑</el-button>
+            <el-button size="small" link type="danger" @click="delMapping(row)">删除</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped>
+code {
+  background: #f2f3f5;
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+}
+:global(html.dark) code { background: #1d2026; }
+.hint { font-size: 12px; color: var(--el-text-color-secondary); margin-top: 4px; line-height: 1.4; }
+.map-form-row {
+  display: flex; flex-wrap: wrap; gap: 8px; margin-bottom: 12px; align-items: center;
+}
+</style>
diff --git a/web/src/views/admin/Credits.vue b/web/src/views/admin/Credits.vue
new file mode 100644
index 00000000..89844e73
--- /dev/null
+++ b/web/src/views/admin/Credits.vue
@@ -0,0 +1,373 @@
+<script setup lang="ts">
+import { ref, reactive, computed, onMounted } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import * as adminApi from '@/api/admin'
+
+// -------- 统计摘要 --------
+const summary = ref<adminApi.CreditsSummary | null>(null)
+
+async function fetchSummary() {
+  try {
+    summary.value = await adminApi.creditsSummary()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '加载摘要失败')
+  }
+}
+
+/** credit 单位是"厘",10000 厘 = 1 积分。展示时转成积分,保留 2 位小数。 */
+function fmtCredits(milli: number | undefined | null) {
+  if (!milli) return '0'
+  const v = milli / 10000
+  return v.toLocaleString('zh-CN', { maximumFractionDigits: 2 })
+}
+
+// -------- 流水表格 --------
+const loading = ref(false)
+const rows = ref<adminApi.CreditLogGlobal[]>([])
+const total = ref(0)
+const pager = reactive({ limit: 20, offset: 0 })
+const page = computed({
+  get: () => Math.floor(pager.offset / pager.limit) + 1,
+  set: (v: number) => { pager.offset = (v - 1) * pager.limit },
+})
+
+const filter = reactive<adminApi.CreditLogFilter>({
+  user_id: undefined,
+  keyword: '',
+  type: '',
+  sign: '',
+  start_at: '',
+  end_at: '',
+})
+
+const timeRange = ref<[string, string] | null>(null)
+
+async function fetchLogs() {
+  loading.value = true
+  try {
+    const q: adminApi.CreditLogFilter = { ...filter, ...pager }
+    if (timeRange.value && timeRange.value.length === 2) {
+      q.start_at = timeRange.value[0]
+      q.end_at = timeRange.value[1]
+    } else {
+      delete q.start_at
+      delete q.end_at
+    }
+    if (!q.keyword) delete q.keyword
+    if (!q.user_id) delete q.user_id
+    if (!q.type) delete q.type
+    if (!q.sign) delete q.sign
+
+    const data = await adminApi.listCreditLogsGlobal(q)
+    rows.value = data.items || []
+    total.value = data.total || 0
+  } catch (e: any) {
+    ElMessage.error(e?.message || '加载流水失败')
+  } finally { loading.value = false }
+}
+
+function onSearch() {
+  pager.offset = 0
+  fetchLogs()
+}
+function onReset() {
+  filter.user_id = undefined
+  filter.keyword = ''
+  filter.type = ''
+  filter.sign = ''
+  timeRange.value = null
+  pager.offset = 0
+  fetchLogs()
+}
+
+// -------- 类型徽标 --------
+const TYPE_MAP: Record<string, { label: string; type: 'success' | 'warning' | 'info' | 'danger' | 'primary' }> = {
+  recharge:    { label: '充值',     type: 'success' },
+  redeem:      { label: '兑换码',   type: 'success' },
+  admin_adjust:{ label: '管理员调账', type: 'warning' },
+  refund:      { label: '退款',     type: 'info'    },
+  consume:     { label: '消费',     type: 'danger'  },
+  freeze:      { label: '冻结',     type: 'info'    },
+  unfreeze:    { label: '解冻',     type: 'primary' },
+}
+function typeTag(t: string) { return TYPE_MAP[t] || { label: t, type: 'info' as const } }
+
+// -------- 调账对话框 --------
+const adjDlg = ref(false)
+const adjLoading = ref(false)
+const adjForm = reactive({
+  user_id: null as number | null,
+  delta_credits: null as number | null, // 注意:前端填"积分",提交时 ×10000
+  remark: '',
+  ref_id: '',
+  admin_password: '',
+})
+
+function openAdjust(row?: adminApi.CreditLogGlobal) {
+  adjForm.user_id = row?.user_id ?? null
+  adjForm.delta_credits = null
+  adjForm.remark = ''
+  adjForm.ref_id = ''
+  adjForm.admin_password = ''
+  adjDlg.value = true
+}
+
+async function submitAdjust() {
+  if (!adjForm.user_id || adjForm.user_id <= 0) return ElMessage.warning('请填写有效的用户 ID')
+  if (!adjForm.delta_credits || adjForm.delta_credits === 0) return ElMessage.warning('调账积分不能为 0')
+  if (!adjForm.remark.trim()) return ElMessage.warning('请填写备注(便于稽核)')
+  if (!adjForm.admin_password) return ElMessage.warning('需要二次输入您当前账号的登录密码')
+
+  const delta = Math.round(adjForm.delta_credits * 10000) // 积分 → 厘
+  await ElMessageBox.confirm(
+    `确认对用户 #${adjForm.user_id} ${delta > 0 ? '增加' : '扣减'} ${Math.abs(adjForm.delta_credits)} 积分?此操作会写入审计日志。`,
+    '调账确认',
+    { type: 'warning', confirmButtonText: '确认调账', cancelButtonText: '取消' },
+  )
+
+  adjLoading.value = true
+  try {
+    const r = await adminApi.adjustCreditByUser({
+      user_id: adjForm.user_id,
+      delta,
+      remark: adjForm.remark,
+      ref_id: adjForm.ref_id || undefined,
+    }, adjForm.admin_password)
+    ElMessage.success(`调账成功 · 用户当前余额 ${fmtCredits(r.balance_after)} 积分`)
+    adjDlg.value = false
+    fetchSummary()
+    fetchLogs()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '调账失败')
+  } finally { adjLoading.value = false }
+}
+
+onMounted(() => {
+  fetchSummary()
+  fetchLogs()
+})
+</script>
+
+<template>
+  <div class="page-container">
+    <!-- 摘要卡片 -->
+    <div class="card-block summary-card">
+      <div class="summary-row">
+        <div class="sum-card income">
+          <div class="sum-title">今日新增</div>
+          <div class="sum-value">+ {{ fmtCredits(summary?.in_today) }}</div>
+          <div class="sum-sub">今日消费 - {{ fmtCredits(summary?.out_today) }}</div>
+        </div>
+        <div class="sum-card week">
+          <div class="sum-title">近 7 天新增</div>
+          <div class="sum-value">+ {{ fmtCredits(summary?.in_7days) }}</div>
+          <div class="sum-sub">近 7 天消费 - {{ fmtCredits(summary?.out_7days) }}</div>
+        </div>
+        <div class="sum-card total">
+          <div class="sum-title">累计入账</div>
+          <div class="sum-value">{{ fmtCredits(summary?.in_total) }}</div>
+          <div class="sum-sub">累计消费 {{ fmtCredits(summary?.out_total) }}</div>
+        </div>
+        <div class="sum-card balance">
+          <div class="sum-title">全站当前余额</div>
+          <div class="sum-value">{{ fmtCredits(summary?.total_balance) }}</div>
+          <div class="sum-sub">所有用户未消费积分总和</div>
+        </div>
+      </div>
+    </div>
+
+    <!-- 筛选 + 流水表格 -->
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:12px">
+        <div>
+          <h2 class="page-title" style="margin:0">积分流水</h2>
+          <div style="color:var(--el-text-color-secondary);font-size:13px;margin-top:4px">
+            展示全站所有积分账变(预扣 / 结算 / 充值 / 调账 / 退款),支持按用户 / 类型 / 方向 / 时间过滤,手动调账会自动写入审计日志。
+          </div>
+        </div>
+        <div>
+          <el-button type="primary" @click="openAdjust()">
+            <el-icon><Coin /></el-icon> 手动调账
+          </el-button>
+        </div>
+      </div>
+
+      <el-form :inline="true" :model="filter" class="filter-form">
+        <el-form-item label="用户 ID">
+          <el-input-number v-model="filter.user_id" :min="1" controls-position="right"
+            placeholder="用户 ID" style="width:160px" />
+        </el-form-item>
+        <el-form-item label="邮箱/昵称">
+          <el-input v-model="filter.keyword" placeholder="模糊匹配" clearable style="width:200px" />
+        </el-form-item>
+        <el-form-item label="类型">
+          <el-select v-model="filter.type" clearable placeholder="全部" style="width:150px">
+            <el-option v-for="(v, k) in TYPE_MAP" :key="k" :label="v.label" :value="k" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="方向">
+          <el-select v-model="filter.sign" clearable placeholder="全部" style="width:120px">
+            <el-option label="入账" value="in" />
+            <el-option label="出账" value="out" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="时间范围">
+          <el-date-picker v-model="timeRange" type="datetimerange"
+            value-format="YYYY-MM-DD HH:mm:ss"
+            start-placeholder="开始" end-placeholder="结束" clearable />
+        </el-form-item>
+        <el-form-item>
+          <el-button type="primary" @click="onSearch">
+            <el-icon><Search /></el-icon> 查询
+          </el-button>
+          <el-button @click="onReset">重置</el-button>
+        </el-form-item>
+      </el-form>
+
+      <el-table v-loading="loading" :data="rows" stripe class="log-table">
+        <el-table-column prop="created_at" label="时间" width="170" />
+        <el-table-column label="用户" min-width="200">
+          <template #default="{ row }">
+            <div class="cell-user">
+              <span class="uid">#{{ row.user_id }}</span>
+              <span class="uemail">{{ row.user_email || '-' }}</span>
+            </div>
+            <div class="unick">{{ row.user_nickname }}</div>
+          </template>
+        </el-table-column>
+        <el-table-column label="类型" width="110">
+          <template #default="{ row }">
+            <el-tag :type="typeTag(row.type).type" size="small">{{ typeTag(row.type).label }}</el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="变动" width="150" align="right">
+          <template #default="{ row }">
+            <span :class="row.amount > 0 ? 'amount-in' : 'amount-out'">
+              {{ row.amount > 0 ? '+' : '' }}{{ fmtCredits(row.amount) }}
+            </span>
+          </template>
+        </el-table-column>
+        <el-table-column label="余额" width="150" align="right">
+          <template #default="{ row }">{{ fmtCredits(row.balance_after) }}</template>
+        </el-table-column>
+        <el-table-column label="关联单号" width="180" show-overflow-tooltip>
+          <template #default="{ row }">
+            <code v-if="row.ref_id" class="ref">{{ row.ref_id }}</code>
+            <span v-else class="muted">-</span>
+          </template>
+        </el-table-column>
+        <el-table-column prop="remark" label="备注" min-width="200" show-overflow-tooltip />
+        <el-table-column label="操作" width="110" fixed="right">
+          <template #default="{ row }">
+            <el-button link type="primary" @click="openAdjust(row)">调账</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+
+      <el-pagination style="margin-top:16px;display:flex;justify-content:flex-end"
+        v-model:current-page="page"
+        v-model:page-size="pager.limit"
+        :total="total"
+        :page-sizes="[20, 50, 100, 200]"
+        layout="total, sizes, prev, pager, next"
+        @current-change="fetchLogs"
+        @size-change="() => { pager.offset = 0; fetchLogs() }"
+      />
+    </div>
+
+    <!-- 调账对话框 -->
+    <el-dialog v-model="adjDlg" title="手动调账" width="540px" @closed="() => { adjForm.admin_password = '' }">
+      <el-form :model="adjForm" label-width="100px">
+        <el-form-item label="目标用户 ID" required>
+          <el-input-number v-model="adjForm.user_id" :min="1" controls-position="right" style="width:100%" />
+        </el-form-item>
+        <el-form-item label="调账积分" required>
+          <el-input-number v-model="adjForm.delta_credits" :precision="2"
+            :step="100" controls-position="right" style="width:100%"
+            placeholder="正数=增加,负数=扣减" />
+          <div class="form-hint">单位:积分(1 积分 = 10000 厘,后端精度单位)。</div>
+        </el-form-item>
+        <el-form-item label="备注" required>
+          <el-input v-model="adjForm.remark" maxlength="200" show-word-limit
+            placeholder="请简要说明调账原因(写入审计日志)" />
+        </el-form-item>
+        <el-form-item label="关联单号">
+          <el-input v-model="adjForm.ref_id" placeholder="可选,如工单号、退款单号" />
+        </el-form-item>
+        <el-form-item label="管理员密码" required>
+          <el-input v-model="adjForm.admin_password" type="password" show-password
+            placeholder="请再次输入您当前账号的登录密码以二次确认" />
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="adjDlg = false">取消</el-button>
+        <el-button type="primary" :loading="adjLoading" @click="submitAdjust">确认调账</el-button>
+      </template>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped>
+.page-title { font-size: 18px; font-weight: 600; }
+
+/* ---- 摘要卡 ---- */
+.summary-card { padding-top: 16px; padding-bottom: 16px; }
+.summary-row {
+  display: grid;
+  grid-template-columns: repeat(4, 1fr);
+  gap: 16px;
+}
+.sum-card {
+  background: var(--el-fill-color-light);
+  border-radius: 8px;
+  padding: 16px 18px;
+  position: relative;
+  overflow: hidden;
+  transition: transform 0.15s, box-shadow 0.15s;
+}
+.sum-card:hover {
+  transform: translateY(-1px);
+  box-shadow: 0 2px 10px rgba(0, 0, 0, 0.05);
+}
+.sum-card::before {
+  content: '';
+  position: absolute;
+  top: 0; left: 0; right: 0;
+  height: 3px;
+}
+.sum-card.income::before   { background: var(--el-color-success); }
+.sum-card.week::before     { background: var(--el-color-primary); }
+.sum-card.total::before    { background: var(--el-color-warning); }
+.sum-card.balance::before  { background: var(--el-color-danger); }
+
+.sum-title { font-size: 13px; color: var(--el-text-color-secondary); }
+.sum-value { font-size: 24px; font-weight: 600; margin-top: 6px; color: var(--el-text-color-primary); line-height: 1.2; }
+.sum-sub   { font-size: 12px; color: var(--el-text-color-secondary); margin-top: 4px; }
+
+@media (max-width: 1100px) {
+  .summary-row { grid-template-columns: repeat(2, 1fr); }
+}
+
+/* ---- 筛选行 ---- */
+.filter-form { margin-bottom: 4px; }
+.filter-form :deep(.el-form-item) { margin-bottom: 10px; }
+
+/* ---- 表格 ---- */
+.log-table { margin-top: 4px; }
+.cell-user { display: flex; gap: 8px; align-items: baseline; }
+.uid { font-weight: 600; color: var(--el-text-color-primary); }
+.uemail { color: var(--el-text-color-regular); font-size: 13px; }
+.unick { font-size: 12px; color: var(--el-text-color-secondary); margin-top: 2px; }
+.amount-in  { color: var(--el-color-success); font-weight: 600; }
+.amount-out { color: var(--el-color-danger);  font-weight: 600; }
+.muted { color: var(--el-text-color-secondary); }
+.ref {
+  background: var(--el-fill-color-light);
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+}
+
+.form-hint { font-size: 12px; color: var(--el-text-color-secondary); line-height: 1.5; margin-top: 4px; }
+</style>
diff --git a/web/src/views/admin/Groups.vue b/web/src/views/admin/Groups.vue
new file mode 100644
index 00000000..a3a48127
--- /dev/null
+++ b/web/src/views/admin/Groups.vue
@@ -0,0 +1,123 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import * as adminApi from '@/api/admin'
+
+const loading = ref(false)
+const rows = ref<adminApi.Group[]>([])
+
+async function load() {
+  loading.value = true
+  try {
+    const d = await adminApi.listGroups()
+    rows.value = d.items
+  } finally { loading.value = false }
+}
+
+const dlg = ref(false)
+const isEdit = ref(false)
+const form = reactive<adminApi.Group>({
+  id: 0, name: '', ratio: 1, daily_limit_credits: 0,
+  rpm_limit: 60, tpm_limit: 60_000, remark: '',
+})
+function openCreate() {
+  isEdit.value = false
+  Object.assign(form, { id: 0, name: '', ratio: 1, daily_limit_credits: 0, rpm_limit: 60, tpm_limit: 60_000, remark: '' })
+  dlg.value = true
+}
+function openEdit(row: adminApi.Group) {
+  isEdit.value = true
+  Object.assign(form, row)
+  dlg.value = true
+}
+async function submit() {
+  if (!form.name || form.ratio <= 0) return ElMessage.warning('名称/倍率不合法')
+  const payload = {
+    name: form.name, ratio: form.ratio,
+    daily_limit_credits: form.daily_limit_credits,
+    rpm_limit: form.rpm_limit, tpm_limit: form.tpm_limit,
+    remark: form.remark,
+  }
+  if (isEdit.value) await adminApi.updateGroup(form.id, payload)
+  else await adminApi.createGroup(payload)
+  ElMessage.success('保存成功')
+  dlg.value = false
+  load()
+}
+async function onDelete(row: adminApi.Group) {
+  await ElMessageBox.confirm(`确认删除分组 "${row.name}"?仅当该分组下无用户时才可删除。`, '删除分组', {
+    type: 'warning', confirmButtonText: '删除', cancelButtonText: '取消',
+  })
+  await adminApi.deleteGroup(row.id)
+  ElMessage.success('已删除')
+  load()
+}
+
+onMounted(load)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:8px">
+        <div>
+          <h2 class="page-title" style="margin:0">用户分组</h2>
+          <div style="color:var(--el-text-color-secondary);font-size:13px;margin-top:4px">
+            给用户分组并设置计费倍率(×1.0 / ×1.5 / ×0.8 …),用于 VIP / 内部 / 渠道等差异化价格场景。
+          </div>
+        </div>
+        <el-button type="primary" @click="openCreate"><el-icon><Plus /></el-icon> 新建分组</el-button>
+      </div>
+      <el-table v-loading="loading" :data="rows" stripe>
+        <el-table-column prop="id" label="ID" width="70" />
+        <el-table-column prop="name" label="名称" width="140" />
+        <el-table-column label="倍率" width="110">
+          <template #default="{ row }">
+            <el-tag size="small">×{{ row.ratio }}</el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="日限额(厘)" min-width="140">
+          <template #default="{ row }">
+            {{ row.daily_limit_credits === 0 ? '不限' : row.daily_limit_credits }}
+          </template>
+        </el-table-column>
+        <el-table-column prop="rpm_limit" label="RPM" width="100" />
+        <el-table-column prop="tpm_limit" label="TPM" width="130" />
+        <el-table-column prop="remark" label="备注" min-width="200" show-overflow-tooltip />
+        <el-table-column label="操作" width="170" fixed="right">
+          <template #default="{ row }">
+            <el-button link type="primary" @click="openEdit(row)">编辑</el-button>
+            <el-button link type="danger" :disabled="row.id === 1" @click="onDelete(row)">删除</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+    </div>
+
+    <el-dialog v-model="dlg" :title="isEdit ? '编辑分组' : '新建分组'" width="500px">
+      <el-form :model="form" label-width="110px">
+        <el-form-item label="名称" required><el-input v-model="form.name" maxlength="64" /></el-form-item>
+        <el-form-item label="倍率">
+          <el-input-number v-model="form.ratio" :step="0.1" :min="0.1" :precision="2" />
+          <span style="margin-left:8px;color:var(--el-text-color-secondary);font-size:12px">
+            VIP 通常 0.8,SVIP 0.6
+          </span>
+        </el-form-item>
+        <el-form-item label="日限额">
+          <el-input-number v-model="form.daily_limit_credits" :min="0" :step="10000" style="width:100%" />
+          <div style="font-size:12px;color:var(--el-text-color-secondary)">0 表示不限,单位厘</div>
+        </el-form-item>
+        <el-form-item label="RPM">
+          <el-input-number v-model="form.rpm_limit" :min="1" :step="10" style="width:100%" />
+        </el-form-item>
+        <el-form-item label="TPM">
+          <el-input-number v-model="form.tpm_limit" :min="100" :step="1000" style="width:100%" />
+        </el-form-item>
+        <el-form-item label="备注"><el-input v-model="form.remark" type="textarea" :rows="2" /></el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="dlg = false">取消</el-button>
+        <el-button type="primary" @click="submit">保存</el-button>
+      </template>
+    </el-dialog>
+  </div>
+</template>
diff --git a/web/src/views/admin/ImageTasks.vue b/web/src/views/admin/ImageTasks.vue
new file mode 100644
index 00000000..0abb8c4d
--- /dev/null
+++ b/web/src/views/admin/ImageTasks.vue
@@ -0,0 +1,273 @@
+<script setup lang="ts">
+import { computed, ref, reactive, onMounted } from 'vue'
+import { ElMessage } from 'element-plus'
+import { http } from '@/api/http'
+import { formatDateTime } from '@/utils/format'
+
+interface TaskRow {
+  id: number
+  task_id: string
+  user_id: number
+  user_email: string
+  prompt: string
+  n: number
+  size: string
+  upscale: string
+  status: string
+  result_urls_parsed: string[]
+  error: string
+  credit_cost: number
+  estimated_credit: number
+  created_at: string
+  started_at?: string | null
+  finished_at?: string | null
+}
+
+const loading = ref(false)
+const rows = ref<TaskRow[]>([])
+const total = ref(0)
+const filter = reactive({
+  keyword: '',
+  status: '',
+  page: 1,
+  page_size: 20,
+})
+
+async function fetchList() {
+  loading.value = true
+  try {
+    const params: Record<string, any> = {
+      page: filter.page,
+      page_size: filter.page_size,
+    }
+    if (filter.keyword) params.keyword = filter.keyword
+    if (filter.status) params.status = filter.status
+    const d = await http.get<any, any>('/api/admin/image-tasks', { params })
+    rows.value = d.list || []
+    total.value = d.total || 0
+  } finally {
+    loading.value = false
+  }
+}
+
+function onSearch() {
+  filter.page = 1
+  fetchList()
+}
+function onReset() {
+  filter.keyword = ''
+  filter.status = ''
+  filter.page = 1
+  fetchList()
+}
+
+// 弹窗预览图片
+const previewDlg = ref(false)
+const previewRow = ref<TaskRow | null>(null)
+const previewIndex = ref(0)
+const activePreviewURL = computed(() => {
+  const urls = previewRow.value?.result_urls_parsed || []
+  return urls[previewIndex.value] || ''
+})
+function openPreview(row: TaskRow, index = 0) {
+  previewRow.value = row
+  previewIndex.value = index
+  previewDlg.value = true
+}
+function selectPreview(index: number) {
+  previewIndex.value = index
+}
+
+async function downloadURL(url: string, filename: string) {
+  const resp = await fetch(url, { credentials: 'include' })
+  if (!resp.ok) throw new Error(`download ${resp.status}`)
+  const blob = await resp.blob()
+  const href = URL.createObjectURL(blob)
+  const a = document.createElement('a')
+  a.href = href
+  a.download = filename
+  document.body.appendChild(a)
+  a.click()
+  document.body.removeChild(a)
+  URL.revokeObjectURL(href)
+}
+
+function safeName(s: string) {
+  return (s || 'image').replace(/[\\\\/:*?"<>|]/g, '_').slice(0, 24) || 'image'
+}
+
+async function downloadOne(row: TaskRow, index = 0) {
+  const url = row.result_urls_parsed?.[index]
+  if (!url) return
+  try {
+    await downloadURL(url, `${safeName(row.prompt)}-${row.task_id}-${index + 1}.jpg`)
+    ElMessage.success('开始下载')
+  } catch {
+    ElMessage.error('下载失败')
+  }
+}
+
+async function downloadBatch(row: TaskRow) {
+  const urls = row.result_urls_parsed || []
+  if (urls.length === 0) return
+  let ok = 0
+  for (let i = 0; i < urls.length; i += 1) {
+    try {
+      await downloadURL(urls[i], `${safeName(row.prompt)}-${row.task_id}-${i + 1}.jpg`)
+      ok += 1
+      await new Promise((resolve) => setTimeout(resolve, 120))
+    } catch {
+      // 跳过失败项，继续后续下载
+    }
+  }
+  ElMessage[ok > 0 ? 'success' : 'error'](ok > 0 ? `已触发 ${ok} 张下载` : '批量下载失败')
+}
+
+const statusColor: Record<string, 'success' | 'danger' | 'warning' | 'info' | 'primary'> = {
+  success: 'success',
+  failed: 'danger',
+  running: 'warning',
+  queued: 'info',
+  dispatched: 'info',
+}
+
+onMounted(fetchList)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <h2 class="page-title" style="margin:0">生成记录</h2>
+      <div style="color:var(--el-text-color-secondary);font-size:13px;margin:4px 0 14px">
+        全站图片生成任务历史,含用户、提示词、生成结果与耗时。
+      </div>
+
+      <el-form inline class="flex-wrap-gap" @submit.prevent="onSearch">
+        <el-input v-model="filter.keyword" placeholder="提示词 / 邮箱" clearable style="width:260px" />
+        <el-select v-model="filter.status" placeholder="状态" clearable style="width:130px">
+          <el-option label="成功" value="success" />
+          <el-option label="失败" value="failed" />
+          <el-option label="运行中" value="running" />
+          <el-option label="队列中" value="queued" />
+        </el-select>
+        <el-button type="primary" @click="onSearch"><el-icon><Search /></el-icon> 查询</el-button>
+        <el-button @click="onReset">重置</el-button>
+      </el-form>
+
+      <el-table v-loading="loading" :data="rows" stripe style="margin-top:12px" size="small">
+        <el-table-column prop="id" label="ID" width="72" />
+        <el-table-column label="用户" min-width="170">
+          <template #default="{ row }">
+            <div>{{ row.user_email || '-' }}</div>
+            <div style="font-size:11px;color:var(--el-text-color-secondary)">uid {{ row.user_id }}</div>
+          </template>
+        </el-table-column>
+        <el-table-column label="提示词" min-width="240" show-overflow-tooltip>
+          <template #default="{ row }">
+            <span>{{ row.prompt || '-' }}</span>
+          </template>
+        </el-table-column>
+        <el-table-column label="规格" width="110">
+          <template #default="{ row }">
+            <div>{{ row.size }}</div>
+            <div v-if="row.upscale" style="font-size:11px;color:var(--el-color-success)">{{ row.upscale }}</div>
+          </template>
+        </el-table-column>
+        <el-table-column label="状态" width="90">
+          <template #default="{ row }">
+            <el-tag :type="statusColor[row.status] || 'info'" size="small">{{ row.status }}</el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="结果" width="190">
+          <template #default="{ row }">
+            <div v-if="row.result_urls_parsed?.length" style="display:flex;gap:8px;align-items:center;flex-wrap:wrap">
+              <el-button
+                type="primary" link size="small"
+                @click="openPreview(row)"
+              >放大({{ row.result_urls_parsed.length }})</el-button>
+              <el-button
+                type="success" link size="small"
+                @click="downloadOne(row)"
+              >下载</el-button>
+              <el-button
+                v-if="row.result_urls_parsed.length > 1"
+                type="warning" link size="small"
+                @click="downloadBatch(row)"
+              >批量下载</el-button>
+            </div>
+            <span v-else-if="row.error" style="font-size:11px;color:var(--el-color-danger)" :title="row.error">失败</span>
+            <span v-else style="color:var(--el-text-color-secondary)">-</span>
+          </template>
+        </el-table-column>
+        <el-table-column label="积分" width="100">
+          <template #default="{ row }">
+            <div>{{ row.credit_cost }}</div>
+            <div style="font-size:11px;color:var(--el-text-color-secondary)">预估 {{ row.estimated_credit }}</div>
+          </template>
+        </el-table-column>
+        <el-table-column label="创建时间" width="160">
+          <template #default="{ row }">{{ formatDateTime(row.created_at) }}</template>
+        </el-table-column>
+        <el-table-column label="完成时间" width="160">
+          <template #default="{ row }">{{ row.finished_at ? formatDateTime(row.finished_at) : '-' }}</template>
+        </el-table-column>
+      </el-table>
+
+      <el-pagination
+        style="margin-top:16px;justify-content:flex-end;display:flex"
+        :current-page="filter.page"
+        @current-change="(p: number) => { filter.page = p; fetchList() }"
+        :page-size="filter.page_size"
+        @size-change="(s: number) => { filter.page_size = s; filter.page = 1; fetchList() }"
+        :total="total"
+        :page-sizes="[20, 50, 100]"
+        layout="total, sizes, prev, pager, next"
+      />
+    </div>
+
+    <!-- 图片预览弹窗 -->
+    <el-dialog v-model="previewDlg" title="生成结果预览" width="820px">
+      <div v-if="previewRow">
+        <div style="font-size:13px;color:var(--el-text-color-secondary);margin-bottom:10px;word-break:break-all">
+          {{ previewRow.prompt }}
+        </div>
+        <div style="display:flex;justify-content:flex-end;gap:8px;margin-bottom:12px">
+          <el-button size="small" type="success" @click="downloadOne(previewRow, previewIndex)">下载当前</el-button>
+          <el-button
+            v-if="previewRow.result_urls_parsed.length > 1"
+            size="small"
+            type="warning"
+            @click="downloadBatch(previewRow)"
+          >批量下载</el-button>
+        </div>
+        <div style="display:flex;align-items:center;justify-content:center;min-height:360px;background:var(--el-fill-color-lighter);border-radius:8px;padding:12px">
+          <img
+            v-if="activePreviewURL"
+            :src="activePreviewURL"
+            alt="preview"
+            style="max-width:100%;max-height:60vh;object-fit:contain;border-radius:6px"
+          />
+        </div>
+        <div style="display:flex;flex-wrap:wrap;gap:8px;margin-top:12px">
+          <div
+            v-for="(url, idx) in previewRow.result_urls_parsed"
+            :key="idx"
+            style="width:96px;height:96px;border-radius:6px;overflow:hidden;cursor:pointer;border:2px solid transparent"
+            :style="{ borderColor: idx === previewIndex ? 'var(--el-color-primary)' : 'transparent' }"
+            @click="selectPreview(idx)"
+          >
+            <el-image
+              :src="url"
+              fit="cover"
+              style="width:96px;height:96px"
+              lazy
+            />
+          </div>
+        </div>
+        <div v-if="previewRow.error" style="margin-top:12px;color:var(--el-color-danger);font-size:12px;word-break:break-all">
+          错误:{{ previewRow.error }}
+        </div>
+      </div>
+    </el-dialog>
+  </div>
+</template>
diff --git a/web/src/views/admin/Models.vue b/web/src/views/admin/Models.vue
new file mode 100644
index 00000000..6e23fad0
--- /dev/null
+++ b/web/src/views/admin/Models.vue
@@ -0,0 +1,304 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted, computed } from 'vue'
+import { ElMessage, ElMessageBox, type FormInstance, type FormRules } from 'element-plus'
+import { Plus } from '@element-plus/icons-vue'
+import * as statsApi from '@/api/stats'
+import { formatCredit } from '@/utils/format'
+import { useUserStore } from '@/stores/user'
+import { ENABLE_CHAT_MODEL } from '@/config/feature'
+
+const userStore = useUserStore()
+const canWrite = computed(() => userStore.hasPerm('model:write'))
+
+const loading = ref(false)
+const rows = ref<statsApi.Model[]>([])
+// feature flag 关掉时默认把筛选固定到 image,表格、弹窗里也就看不到 chat 模型;
+// 库里如果已经有 chat 模型历史数据,仍然保留,只是 UI 入口不暴露。
+const filterType = ref<string>(ENABLE_CHAT_MODEL ? '' : 'image')
+
+async function load() {
+  loading.value = true
+  try {
+    const d = await statsApi.listModels()
+    rows.value = d.items
+  } finally { loading.value = false }
+}
+
+const filteredRows = computed(() =>
+  filterType.value ? rows.value.filter((r) => r.type === filterType.value) : rows.value,
+)
+
+/**
+ * 价目说明:
+ *   chat  模型: input_price_per_1m / output_price_per_1m / cache_read_price_per_1m
+ *              单位"每百万 token 积分(厘)"。展示时换成"每 1M tokens"的积分值。
+ *   image 模型: image_price_per_call 每张图积分(厘)。
+ */
+function perMillion(c: number) { return formatCredit(c) }
+function perImage(c: number)   { return formatCredit(c) }
+
+// ---------- 新增 / 编辑 ----------
+type EditState = 'create' | 'edit'
+const dlgVisible = ref(false)
+const dlgState = ref<EditState>('create')
+const dlgLoading = ref(false)
+const formRef = ref<FormInstance>()
+
+const emptyForm = (): statsApi.ModelUpsert & { id: number } => ({
+  id: 0,
+  slug: '',
+  type: ENABLE_CHAT_MODEL ? 'chat' : 'image',
+  upstream_model_slug: '',
+  input_price_per_1m: 0,
+  output_price_per_1m: 0,
+  cache_read_price_per_1m: 0,
+  image_price_per_call: 0,
+  description: '',
+  enabled: true,
+})
+const form = reactive(emptyForm())
+
+const rules: FormRules = {
+  slug: [
+    { required: true, message: '请输入 slug', trigger: 'blur' },
+    { pattern: /^[A-Za-z][A-Za-z0-9._\-]{1,63}$/, message: '字母开头,2-64 位字母/数字/点/下划线/短横', trigger: 'blur' },
+  ],
+  type: [{ required: true, message: '请选择类型', trigger: 'change' }],
+  upstream_model_slug: [{ required: true, message: '上游 slug 必填', trigger: 'blur' }],
+}
+
+function openCreate() {
+  Object.assign(form, emptyForm())
+  dlgState.value = 'create'
+  dlgVisible.value = true
+}
+function openEdit(row: statsApi.Model) {
+  Object.assign(form, {
+    id: row.id,
+    slug: row.slug,
+    type: row.type as 'chat' | 'image',
+    upstream_model_slug: row.upstream_model_slug,
+    input_price_per_1m: row.input_price_per_1m,
+    output_price_per_1m: row.output_price_per_1m,
+    cache_read_price_per_1m: row.cache_read_price_per_1m,
+    image_price_per_call: row.image_price_per_call,
+    description: row.description,
+    enabled: row.enabled,
+  })
+  dlgState.value = 'edit'
+  dlgVisible.value = true
+}
+
+async function submit() {
+  if (!formRef.value) return
+  const valid = await formRef.value.validate().catch(() => false)
+  if (!valid) return
+  const payload: statsApi.ModelUpsert = {
+    slug: form.slug,
+    type: form.type,
+    upstream_model_slug: form.upstream_model_slug,
+    input_price_per_1m: form.input_price_per_1m,
+    output_price_per_1m: form.output_price_per_1m,
+    cache_read_price_per_1m: form.cache_read_price_per_1m,
+    image_price_per_call: form.image_price_per_call,
+    description: form.description,
+    enabled: form.enabled,
+  }
+  dlgLoading.value = true
+  try {
+    if (dlgState.value === 'create') {
+      await statsApi.createModel(payload)
+      ElMessage.success('新增成功')
+    } else {
+      await statsApi.updateModel(form.id, payload)
+      ElMessage.success('保存成功')
+    }
+    dlgVisible.value = false
+    load()
+  } finally { dlgLoading.value = false }
+}
+
+async function onToggleEnabled(row: statsApi.Model) {
+  try {
+    await statsApi.setModelEnabled(row.id, !row.enabled)
+    row.enabled = !row.enabled
+    ElMessage.success(row.enabled ? '已启用' : '已禁用')
+  } catch { /* 拦截器已提示 */ }
+}
+
+async function onDelete(row: statsApi.Model) {
+  await ElMessageBox.confirm(
+    `确定删除模型 "${row.slug}" 吗?已发生的用量日志不会被清除。`,
+    '删除确认',
+    { type: 'warning', confirmButtonText: '删除', cancelButtonText: '取消' },
+  ).catch(() => null).then(async (r) => {
+    if (!r) return
+    await statsApi.deleteModel(row.id)
+    ElMessage.success('已删除')
+    load()
+  })
+}
+
+onMounted(load)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:12px">
+        <div>
+          <h2 class="page-title" style="margin:0">模型配置</h2>
+          <div style="color:var(--el-text-color-secondary);font-size:13px;margin-top:4px">
+            定义对外 slug 与上游模型的映射关系,设置每张图 / 每 1M tokens 的计费倍率;所有价格单位为"积分(厘)",保存后实时生效。
+          </div>
+        </div>
+        <div class="flex-wrap-gap">
+          <el-radio-group v-model="filterType" size="small">
+            <el-radio-button v-if="ENABLE_CHAT_MODEL" label="">全部</el-radio-button>
+            <el-radio-button v-if="ENABLE_CHAT_MODEL" label="chat">对话</el-radio-button>
+            <el-radio-button label="image">生图</el-radio-button>
+          </el-radio-group>
+          <el-button
+            v-if="canWrite"
+            type="primary"
+            :icon="Plus"
+            @click="openCreate"
+          >新增模型</el-button>
+        </div>
+      </div>
+
+      <el-table v-loading="loading" :data="filteredRows" stripe>
+        <el-table-column prop="id" label="ID" width="70" />
+        <el-table-column prop="slug" label="对外 slug" min-width="170">
+          <template #default="{ row }">
+            <code>{{ row.slug }}</code>
+          </template>
+        </el-table-column>
+        <el-table-column label="类型" width="90">
+          <template #default="{ row }">
+            <el-tag :type="row.type === 'image' ? 'warning' : 'primary'" size="small">
+              {{ row.type === 'image' ? '生图' : '对话' }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column prop="upstream_model_slug" label="上游 slug" min-width="170" show-overflow-tooltip>
+          <template #default="{ row }"><code>{{ row.upstream_model_slug }}</code></template>
+        </el-table-column>
+        <el-table-column v-if="ENABLE_CHAT_MODEL" label="价目(chat)" min-width="220">
+          <template #default="{ row }">
+            <div v-if="row.type === 'chat'" style="font-size:12px;line-height:1.5">
+              <div>输入 <b>{{ perMillion(row.input_price_per_1m) }}</b> / 1M tok</div>
+              <div>输出 <b>{{ perMillion(row.output_price_per_1m) }}</b> / 1M tok</div>
+              <div v-if="row.cache_read_price_per_1m > 0">
+                缓存读 <b>{{ perMillion(row.cache_read_price_per_1m) }}</b> / 1M tok
+              </div>
+            </div>
+            <span v-else style="color:var(--el-text-color-secondary)">-</span>
+          </template>
+        </el-table-column>
+        <el-table-column label="价目(image)" width="160">
+          <template #default="{ row }">
+            <span v-if="row.type === 'image'">
+              <b>{{ perImage(row.image_price_per_call) }}</b> / 张
+            </span>
+            <span v-else style="color:var(--el-text-color-secondary)">-</span>
+          </template>
+        </el-table-column>
+        <el-table-column prop="description" label="说明" min-width="180" show-overflow-tooltip />
+        <el-table-column label="状态" width="90">
+          <template #default="{ row }">
+            <el-switch
+              v-if="canWrite"
+              :model-value="row.enabled"
+              inline-prompt
+              active-text="启"
+              inactive-text="停"
+              @change="onToggleEnabled(row)"
+            />
+            <el-tag v-else :type="row.enabled ? 'success' : 'info'" size="small">
+              {{ row.enabled ? '启用' : '禁用' }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column v-if="canWrite" label="操作" width="140" fixed="right">
+          <template #default="{ row }">
+            <el-button size="small" link type="primary" @click="openEdit(row)">编辑</el-button>
+            <el-button size="small" link type="danger" @click="onDelete(row)">删除</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+    </div>
+
+    <el-dialog
+      v-model="dlgVisible"
+      :title="dlgState === 'create' ? '新增模型' : `编辑模型 · ${form.slug}`"
+      width="640px"
+      destroy-on-close
+    >
+      <el-form ref="formRef" :model="form" :rules="rules" label-width="160px">
+        <el-form-item label="对外 slug" prop="slug">
+          <el-input
+            v-model="form.slug"
+            :disabled="dlgState === 'edit'"
+            placeholder="例如 gpt-5.1 / gpt-image-2"
+          />
+          <div class="hint">
+            创建后不可修改;这是
+            <template v-if="ENABLE_CHAT_MODEL">/v1/chat/completions 与 </template>
+            /v1/images/generations 中 model 字段传入的值。
+          </div>
+        </el-form-item>
+        <el-form-item label="类型" prop="type">
+          <el-radio-group v-model="form.type">
+            <el-radio-button v-if="ENABLE_CHAT_MODEL" label="chat">对话 chat</el-radio-button>
+            <el-radio-button label="image">生图 image</el-radio-button>
+          </el-radio-group>
+        </el-form-item>
+        <el-form-item label="上游 slug" prop="upstream_model_slug">
+          <el-input v-model="form.upstream_model_slug" placeholder="上游 chatgpt.com 实际模型名" />
+        </el-form-item>
+
+        <template v-if="form.type === 'chat'">
+          <el-form-item label="输入 / 1M tok(厘)">
+            <el-input-number v-model="form.input_price_per_1m" :min="0" :step="1000" style="width:100%" />
+          </el-form-item>
+          <el-form-item label="输出 / 1M tok(厘)">
+            <el-input-number v-model="form.output_price_per_1m" :min="0" :step="1000" style="width:100%" />
+          </el-form-item>
+          <el-form-item label="缓存读 / 1M tok(厘)">
+            <el-input-number v-model="form.cache_read_price_per_1m" :min="0" :step="1000" style="width:100%" />
+            <div class="hint">可选。0 表示不走缓存计价。</div>
+          </el-form-item>
+        </template>
+        <template v-else>
+          <el-form-item label="每张图(厘)">
+            <el-input-number v-model="form.image_price_per_call" :min="0" :step="100" style="width:100%" />
+          </el-form-item>
+        </template>
+
+        <el-form-item label="描述">
+          <el-input v-model="form.description" maxlength="255" show-word-limit />
+        </el-form-item>
+        <el-form-item label="启用">
+          <el-switch v-model="form.enabled" />
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="dlgVisible = false">取消</el-button>
+        <el-button type="primary" :loading="dlgLoading" @click="submit">保存</el-button>
+      </template>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped>
+code {
+  background: #f2f3f5;
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+}
+:global(html.dark) code { background: #1d2026; }
+.hint { font-size: 12px; color: var(--el-text-color-secondary); margin-top: 4px; line-height: 1.4; }
+</style>
diff --git a/web/src/views/admin/Proxies.vue b/web/src/views/admin/Proxies.vue
new file mode 100644
index 00000000..c6d20555
--- /dev/null
+++ b/web/src/views/admin/Proxies.vue
@@ -0,0 +1,394 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import * as proxyApi from '@/api/proxies'
+import { formatDateTime } from '@/utils/format'
+
+const loading = ref(false)
+const rows = ref<proxyApi.Proxy[]>([])
+const total = ref(0)
+const pager = reactive({ page: 1, page_size: 20 })
+
+async function fetchList() {
+  loading.value = true
+  try {
+    const data = await proxyApi.listProxies(pager)
+    rows.value = data.list
+    total.value = data.total
+  } finally { loading.value = false }
+}
+
+const dlg = ref(false)
+const isEdit = ref(false)
+const form = reactive<proxyApi.ProxyCreate & { id?: number }>({
+  id: 0, scheme: 'http', host: '', port: 0, username: '', password: '',
+  country: '', isp: '', enabled: true, remark: '',
+})
+
+function openCreate() {
+  isEdit.value = false
+  Object.assign(form, {
+    id: 0, scheme: 'http', host: '', port: 0, username: '', password: '',
+    country: '', isp: '', enabled: true, remark: '',
+  })
+  dlg.value = true
+}
+function openEdit(row: proxyApi.Proxy) {
+  isEdit.value = true
+  Object.assign(form, {
+    id: row.id, scheme: row.scheme, host: row.host, port: row.port,
+    username: row.username, password: '',
+    country: row.country, isp: row.isp, enabled: row.enabled, remark: row.remark,
+  })
+  dlg.value = true
+}
+
+async function submit() {
+  if (!form.host) return ElMessage.warning('host 不能为空')
+  if (!form.port) return ElMessage.warning('port 不能为空')
+  const payload: proxyApi.ProxyUpdate = {
+    scheme: form.scheme!,
+    host: form.host,
+    port: Number(form.port),
+    username: form.username || '',
+    password: form.password || '',
+    country: form.country || '',
+    isp: form.isp || '',
+    enabled: !!form.enabled,
+    remark: form.remark || '',
+  }
+  if (isEdit.value && form.id) await proxyApi.updateProxy(form.id, payload)
+  else await proxyApi.createProxy(payload)
+  ElMessage.success('保存成功')
+  dlg.value = false
+  fetchList()
+}
+
+async function toggleEnabled(row: proxyApi.Proxy) {
+  await proxyApi.updateProxy(row.id, {
+    scheme: row.scheme, host: row.host, port: row.port,
+    username: row.username, password: '',
+    country: row.country, isp: row.isp, remark: row.remark,
+    enabled: !row.enabled,
+  })
+  ElMessage.success(row.enabled ? '已禁用' : '已启用')
+  fetchList()
+}
+
+async function onDelete(row: proxyApi.Proxy) {
+  await ElMessageBox.confirm(`确认删除代理 ${row.host}:${row.port}?`, '删除代理', {
+    type: 'warning', confirmButtonText: '删除', cancelButtonText: '取消',
+  })
+  await proxyApi.deleteProxy(row.id)
+  ElMessage.success('已删除')
+  fetchList()
+}
+
+// ---------- 健康探测 ----------
+const probingIds = ref<Set<number>>(new Set())
+const probeAllLoading = ref(false)
+
+async function onProbe(row: proxyApi.Proxy) {
+  if (probingIds.value.has(row.id)) return
+  probingIds.value.add(row.id)
+  try {
+    const res = await proxyApi.probeProxy(row.id)
+    // 同步更新当前行,避免等列表刷新才看到反馈
+    row.health_score = res.health_score
+    row.last_probe_at = res.tried_at
+    row.last_error = res.ok ? '' : (res.error || 'failed')
+    if (res.ok) {
+      ElMessage.success(`连通正常 · ${res.latency_ms} ms`)
+    } else {
+      ElMessage.error(`探测失败:${res.error || 'unknown'}`)
+    }
+  } catch (e: any) {
+    ElMessage.error(e?.message || '探测失败')
+  } finally {
+    probingIds.value.delete(row.id)
+    // 重新 new 一份触发 reactive(因为直接修改 Set 内部,模板里 has() 不会响应)
+    probingIds.value = new Set(probingIds.value)
+  }
+}
+
+async function onProbeAll() {
+  await ElMessageBox.confirm(
+    '将对所有启用的代理发起连通性探测,耗时取决于代理数量。是否继续?',
+    '全部探测',
+    { type: 'info', confirmButtonText: '开始', cancelButtonText: '取消' },
+  )
+  probeAllLoading.value = true
+  try {
+    const res = await proxyApi.probeAllProxies()
+    ElMessage.success(`探测完成 · 共 ${res.total} · 通 ${res.ok} · 断 ${res.bad}`)
+    fetchList()
+  } catch (e: any) {
+    ElMessage.error(e?.message || '探测失败')
+  } finally {
+    probeAllLoading.value = false
+  }
+}
+
+// ---------- 批量导入 ----------
+const importDlg = ref(false)
+const importLoading = ref(false)
+const importForm = reactive({
+  text: '',
+  enabled: true,
+  country: '',
+  isp: '',
+  remark: '',
+  overwrite: false,
+})
+const importResult = ref<proxyApi.ProxyImportResp | null>(null)
+
+function openImport() {
+  Object.assign(importForm, {
+    text: '', enabled: true, country: '', isp: '', remark: '', overwrite: false,
+  })
+  importResult.value = null
+  importDlg.value = true
+}
+
+async function doImport() {
+  if (!importForm.text.trim()) return ElMessage.warning('请粘贴至少一行代理 URL')
+  importLoading.value = true
+  try {
+    importResult.value = await proxyApi.importProxies({
+      text: importForm.text,
+      enabled: importForm.enabled,
+      country: importForm.country,
+      isp: importForm.isp,
+      remark: importForm.remark,
+      overwrite: importForm.overwrite,
+    })
+    const r = importResult.value
+    ElMessage.success(
+      `完成 · 新增 ${r.created} · 更新 ${r.updated} · 跳过 ${r.skipped} · 无效 ${r.invalid}`,
+    )
+    fetchList()
+  } finally { importLoading.value = false }
+}
+
+function importStatusTag(s: string) {
+  switch (s) {
+    case 'created': return 'success'
+    case 'updated': return 'primary'
+    case 'skipped': return 'info'
+    default: return 'danger'
+  }
+}
+function importStatusText(s: string) {
+  return { created: '新增', updated: '更新', skipped: '跳过', invalid: '无效' }[s] || s
+}
+
+function healthColor(score: number) {
+  if (score >= 80) return 'success'
+  if (score >= 50) return 'warning'
+  return 'danger'
+}
+
+onMounted(fetchList)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:12px">
+        <div>
+          <h2 class="page-title" style="margin:0">代理管理</h2>
+          <div style="color:var(--el-text-color-secondary);font-size:13px;margin-top:4px">
+            维护 HTTP / SOCKS5 代理池,所有 GPT 账号都应绑定独立代理以分散风控指纹;健康分由定时探测自动维护,探测参数可在「系统设置 → 网关与调度」调整。
+          </div>
+        </div>
+        <div class="flex-wrap-gap">
+          <el-button :loading="probeAllLoading" @click="onProbeAll">
+            <el-icon><Promotion /></el-icon> 全部探测
+          </el-button>
+          <el-button @click="openImport"><el-icon><Upload /></el-icon> 批量导入</el-button>
+          <el-button type="primary" @click="openCreate"><el-icon><Plus /></el-icon> 新建代理</el-button>
+        </div>
+      </div>
+
+      <el-table v-loading="loading" :data="rows" stripe>
+        <el-table-column prop="id" label="ID" width="70" />
+        <el-table-column label="地址" min-width="220">
+          <template #default="{ row }">
+            <code>{{ row.scheme }}://{{ row.host }}:{{ row.port }}</code>
+            <div v-if="row.username" style="font-size:12px;color:var(--el-text-color-secondary)">
+              auth: {{ row.username }} / ******
+            </div>
+          </template>
+        </el-table-column>
+        <el-table-column label="区域" width="130">
+          <template #default="{ row }">
+            <div>{{ row.country || '-' }}</div>
+            <div style="font-size:12px;color:var(--el-text-color-secondary)">{{ row.isp || '' }}</div>
+          </template>
+        </el-table-column>
+        <el-table-column label="健康" width="150">
+          <template #default="{ row }">
+            <el-progress :percentage="Math.max(0, Math.min(100, row.health_score))"
+                         :status="row.health_score >= 80 ? 'success' : row.health_score >= 50 ? 'warning' : 'exception'" />
+            <el-tag v-if="row.last_error" :type="healthColor(row.health_score)" size="small" style="margin-top:4px">
+              {{ row.last_error.slice(0, 30) }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="最近探测" width="170">
+          <template #default="{ row }">{{ formatDateTime(row.last_probe_at) }}</template>
+        </el-table-column>
+        <el-table-column label="状态" width="90">
+          <template #default="{ row }">
+            <el-switch :model-value="row.enabled" @change="() => toggleEnabled(row)" />
+          </template>
+        </el-table-column>
+        <el-table-column prop="remark" label="备注" min-width="180" show-overflow-tooltip />
+        <el-table-column label="操作" width="200" fixed="right">
+          <template #default="{ row }">
+            <el-button link type="success" :loading="probingIds.has(row.id)" @click="onProbe(row)">探测</el-button>
+            <el-button link type="primary" @click="openEdit(row)">编辑</el-button>
+            <el-button link type="danger" @click="onDelete(row)">删除</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+
+      <el-pagination style="margin-top:16px;display:flex;justify-content:flex-end"
+        v-model:current-page="pager.page"
+        v-model:page-size="pager.page_size"
+        :total="total"
+        :page-sizes="[20, 50, 100]"
+        layout="total, sizes, prev, pager, next"
+        @current-change="fetchList"
+        @size-change="fetchList"
+      />
+    </div>
+
+    <el-dialog v-model="dlg" :title="isEdit ? '编辑代理' : '新建代理'" width="520px">
+      <el-form :model="form" label-width="100px">
+        <el-form-item label="协议">
+          <el-select v-model="form.scheme" style="width:100%">
+            <el-option label="http" value="http" />
+            <el-option label="https" value="https" />
+            <el-option label="socks5" value="socks5" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="Host" required><el-input v-model="form.host" placeholder="192.0.2.1" /></el-form-item>
+        <el-form-item label="Port" required>
+          <el-input-number v-model="form.port" :min="1" :max="65535" style="width:100%" />
+        </el-form-item>
+        <el-form-item label="用户名"><el-input v-model="form.username" autocomplete="off" /></el-form-item>
+        <el-form-item label="密码">
+          <el-input v-model="form.password" type="password" show-password autocomplete="new-password"
+                    :placeholder="isEdit ? '留空表示不改' : ''" />
+        </el-form-item>
+        <el-form-item label="国家/地区"><el-input v-model="form.country" placeholder="US / JP / HK …" /></el-form-item>
+        <el-form-item label="ISP"><el-input v-model="form.isp" /></el-form-item>
+        <el-form-item label="启用"><el-switch v-model="form.enabled" /></el-form-item>
+        <el-form-item label="备注"><el-input v-model="form.remark" type="textarea" :rows="2" /></el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="dlg = false">取消</el-button>
+        <el-button type="primary" @click="submit">保存</el-button>
+      </template>
+    </el-dialog>
+
+    <!-- 批量导入 -->
+    <el-dialog v-model="importDlg" title="批量导入代理" width="720px">
+      <el-form label-width="88px" @submit.prevent>
+        <el-form-item label="代理列表">
+          <el-input
+            v-model="importForm.text"
+            type="textarea"
+            :rows="10"
+            resize="vertical"
+            placeholder="每行一个,支持以下格式:
+http://user:pass@host:port
+https://host:port
+socks5://user:pass@host:port
+user:pass@host:port    (省略 scheme 默认 http)
+# 以 # 或 // 开头的行会被跳过"
+          />
+          <div class="import-hint">
+            支持 http / https / socks5。同一 scheme + host + port + username 视为已存在。
+          </div>
+        </el-form-item>
+        <el-form-item label="默认启用">
+          <el-switch v-model="importForm.enabled" />
+        </el-form-item>
+        <el-form-item label="国家/地区">
+          <el-input v-model="importForm.country" placeholder="如 US / HK,空则每条自行为空" style="max-width:240px" />
+        </el-form-item>
+        <el-form-item label="ISP">
+          <el-input v-model="importForm.isp" placeholder="如 Arxlabs" style="max-width:240px" />
+        </el-form-item>
+        <el-form-item label="备注">
+          <el-input v-model="importForm.remark" placeholder="将填到所有新增行的 remark" />
+        </el-form-item>
+        <el-form-item label="覆盖已有">
+          <el-switch v-model="importForm.overwrite" />
+          <span class="import-hint" style="margin-left:8px">
+            开启后:同 endpoint 已存在时更新密码/国家/ISP/备注;关闭则跳过。
+          </span>
+        </el-form-item>
+      </el-form>
+
+      <div v-if="importResult" class="import-result">
+        <div class="import-summary">
+          共 {{ importResult.total }} 行 ·
+          <el-tag type="success" effect="plain">新增 {{ importResult.created }}</el-tag>
+          <el-tag type="primary" effect="plain">更新 {{ importResult.updated }}</el-tag>
+          <el-tag type="info" effect="plain">跳过 {{ importResult.skipped }}</el-tag>
+          <el-tag type="danger" effect="plain">无效 {{ importResult.invalid }}</el-tag>
+        </div>
+        <el-table :data="importResult.items" size="small" max-height="260" border>
+          <el-table-column prop="line" label="行" width="60" />
+          <el-table-column label="状态" width="80">
+            <template #default="{ row }">
+              <el-tag :type="importStatusTag(row.status)" size="small">{{ importStatusText(row.status) }}</el-tag>
+            </template>
+          </el-table-column>
+          <el-table-column prop="raw" label="内容" show-overflow-tooltip />
+          <el-table-column prop="error" label="说明" show-overflow-tooltip />
+        </el-table>
+      </div>
+
+      <template #footer>
+        <el-button @click="importDlg = false">关闭</el-button>
+        <el-button type="primary" :loading="importLoading" @click="doImport">开始导入</el-button>
+      </template>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped>
+code {
+  background: #f2f3f5;
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+}
+.flex-wrap-gap {
+  display: inline-flex;
+  gap: 8px;
+}
+.import-hint {
+  font-size: 12px;
+  color: var(--el-text-color-secondary);
+  line-height: 1.5;
+  margin-top: 4px;
+}
+.import-result {
+  margin-top: 8px;
+}
+.import-summary {
+  display: flex;
+  gap: 8px;
+  align-items: center;
+  flex-wrap: wrap;
+  margin-bottom: 8px;
+  color: var(--el-text-color-regular);
+  font-size: 13px;
+}
+</style>
diff --git a/web/src/views/admin/Recharges.vue b/web/src/views/admin/Recharges.vue
new file mode 100644
index 00000000..dc9b1736
--- /dev/null
+++ b/web/src/views/admin/Recharges.vue
@@ -0,0 +1,287 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted, computed } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import * as rechargeApi from '@/api/recharge'
+import { formatCredit } from '@/utils/format'
+
+const tab = ref<'packages' | 'orders'>('packages')
+
+// ---------- packages ----------
+const packages = ref<rechargeApi.Package[]>([])
+const loadingPkg = ref(false)
+
+async function loadPackages() {
+  loadingPkg.value = true
+  try {
+    const d = await rechargeApi.adminListPackages()
+    packages.value = d.items
+  } finally { loadingPkg.value = false }
+}
+
+const pkgDialog = reactive({
+  visible: false,
+  mode: 'create' as 'create' | 'edit',
+  form: {
+    id: 0, name: '', price_cny: 100, credits: 1000000,
+    bonus: 0, description: '', sort: 0, enabled: true,
+  } as Partial<rechargeApi.Package>,
+})
+function openCreatePkg() {
+  pkgDialog.mode = 'create'
+  Object.assign(pkgDialog.form, {
+    id: 0, name: '', price_cny: 100, credits: 1000000, bonus: 0,
+    description: '', sort: 0, enabled: true,
+  })
+  pkgDialog.visible = true
+}
+function openEditPkg(p: rechargeApi.Package) {
+  pkgDialog.mode = 'edit'
+  Object.assign(pkgDialog.form, p)
+  pkgDialog.visible = true
+}
+async function savePkg() {
+  const f = pkgDialog.form
+  if (!f.name || (f.price_cny ?? 0) <= 0) {
+    ElMessage.warning('名称和金额不能为空')
+    return
+  }
+  if (pkgDialog.mode === 'create') {
+    await rechargeApi.adminCreatePackage(f)
+    ElMessage.success('已创建')
+  } else {
+    await rechargeApi.adminUpdatePackage(f.id!, f)
+    ElMessage.success('已保存')
+  }
+  pkgDialog.visible = false
+  loadPackages()
+}
+async function deletePkg(p: rechargeApi.Package) {
+  await ElMessageBox.confirm(`确认删除套餐【${p.name}】?该操作不可撤销`, '删除套餐', { type: 'warning' })
+  await rechargeApi.adminDeletePackage(p.id)
+  ElMessage.success('已删除')
+  loadPackages()
+}
+
+// ---------- orders ----------
+const orders = ref<rechargeApi.Order[]>([])
+const total = ref(0)
+const loadingOrd = ref(false)
+const filter = reactive({
+  user_id: undefined as number | undefined,
+  status: '' as '' | 'pending' | 'paid' | 'cancelled' | 'expired' | 'failed',
+  limit: 20,
+  offset: 0,
+})
+
+async function loadOrders() {
+  loadingOrd.value = true
+  try {
+    const d = await rechargeApi.adminListOrders({
+      user_id: filter.user_id || undefined,
+      status: filter.status || undefined,
+      limit: filter.limit,
+      offset: filter.offset,
+    })
+    orders.value = d.items
+    total.value = d.total
+  } finally { loadingOrd.value = false }
+}
+
+async function forcePaid(o: rechargeApi.Order) {
+  if (o.status !== 'pending') {
+    ElMessage.warning('只有 pending 状态可以手工入账')
+    return
+  }
+  const { value: pwd } = await ElMessageBox.prompt(
+    `请输入管理员密码以确认为订单 ${o.out_trade_no} 强制入账(不会调用上游收银台)。`,
+    '手工入账',
+    { type: 'warning', inputType: 'password', confirmButtonText: '确认入账', cancelButtonText: '取消' },
+  )
+  if (!pwd) return
+  await rechargeApi.adminForcePaid(o.id, pwd)
+  ElMessage.success('已入账')
+  loadOrders()
+}
+
+const statusColor: Record<string, 'success' | 'info' | 'warning' | 'danger'> = {
+  paid: 'success', pending: 'warning', cancelled: 'info', expired: 'info', failed: 'danger',
+}
+const statusLabel: Record<string, string> = {
+  paid: '已到账', pending: '待支付', cancelled: '已取消', expired: '已超时', failed: '失败',
+}
+
+const currentPage = computed<number>({
+  get() { return Math.floor(filter.offset / filter.limit) + 1 },
+  set(v) { filter.offset = (v - 1) * filter.limit; loadOrders() },
+})
+
+function priceYuan(fen: number) { return (fen / 100).toFixed(2) }
+
+onMounted(() => {
+  loadPackages()
+  loadOrders()
+})
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <el-tabs v-model="tab">
+        <el-tab-pane label="套餐管理" name="packages">
+          <div class="flex-between" style="margin-bottom:10px">
+            <div style="color:var(--el-text-color-secondary);font-size:13px">
+              普通用户在 <b>个人中心 → 账单</b> 看到的是启用中的套餐。价格单位:分,积分单位:厘。
+            </div>
+            <el-button type="primary" @click="openCreatePkg">
+              <el-icon><Plus /></el-icon> 新增套餐
+            </el-button>
+          </div>
+
+          <el-table :data="packages" stripe v-loading="loadingPkg">
+            <el-table-column prop="id" label="ID" width="70" />
+            <el-table-column prop="name" label="名称" min-width="160" />
+            <el-table-column label="价格" width="110">
+              <template #default="{ row }">¥ {{ priceYuan(row.price_cny) }}</template>
+            </el-table-column>
+            <el-table-column label="基础积分" width="120">
+              <template #default="{ row }">{{ formatCredit(row.credits) }}</template>
+            </el-table-column>
+            <el-table-column label="赠送" width="110">
+              <template #default="{ row }">{{ formatCredit(row.bonus) }}</template>
+            </el-table-column>
+            <el-table-column prop="sort" label="排序" width="80" />
+            <el-table-column label="状态" width="90">
+              <template #default="{ row }">
+                <el-tag :type="row.enabled ? 'success' : 'info'" size="small">
+                  {{ row.enabled ? '启用' : '停用' }}
+                </el-tag>
+              </template>
+            </el-table-column>
+            <el-table-column prop="description" label="描述" show-overflow-tooltip />
+            <el-table-column label="操作" width="140" fixed="right">
+              <template #default="{ row }">
+                <el-button size="small" link @click="openEditPkg(row)">编辑</el-button>
+                <el-button size="small" link type="danger" @click="deletePkg(row)">删除</el-button>
+              </template>
+            </el-table-column>
+          </el-table>
+        </el-tab-pane>
+
+        <el-tab-pane label="订单流水" name="orders">
+          <div class="flex-wrap-gap" style="margin:10px 0">
+            <el-input-number v-model="filter.user_id" :min="1" placeholder="用户 ID" style="width:140px" />
+            <el-select v-model="filter.status" placeholder="状态" clearable style="width:130px">
+              <el-option label="全部" value="" />
+              <el-option label="待支付" value="pending" />
+              <el-option label="已到账" value="paid" />
+              <el-option label="已取消" value="cancelled" />
+              <el-option label="已超时" value="expired" />
+              <el-option label="失败" value="failed" />
+            </el-select>
+            <el-button type="primary" @click="() => { filter.offset = 0; loadOrders() }" :loading="loadingOrd">
+              <el-icon><Search /></el-icon> 查询
+            </el-button>
+          </div>
+
+          <el-table :data="orders" stripe v-loading="loadingOrd">
+            <el-table-column label="订单号" min-width="180">
+              <template #default="{ row }"><code style="font-size:12px">{{ row.out_trade_no }}</code></template>
+            </el-table-column>
+            <el-table-column prop="user_id" label="用户 ID" width="90" />
+            <el-table-column label="金额" width="100">
+              <template #default="{ row }">¥ {{ priceYuan(row.price_cny) }}</template>
+            </el-table-column>
+            <el-table-column label="积分" width="140">
+              <template #default="{ row }">
+                {{ formatCredit(row.credits) }} + {{ formatCredit(row.bonus) }}
+              </template>
+            </el-table-column>
+            <el-table-column prop="pay_method" label="方式" width="90" />
+            <el-table-column label="状态" width="90">
+              <template #default="{ row }">
+                <el-tag :type="statusColor[row.status] || 'info'" size="small">
+                  {{ statusLabel[row.status] || row.status }}
+                </el-tag>
+              </template>
+            </el-table-column>
+            <el-table-column label="上游单号" min-width="160">
+              <template #default="{ row }">
+                <span style="font-size:12px">{{ row.trade_no || '—' }}</span>
+              </template>
+            </el-table-column>
+            <el-table-column label="支付时间" width="170">
+              <template #default="{ row }">{{ row.paid_at || '—' }}</template>
+            </el-table-column>
+            <el-table-column label="创建时间" width="170">
+              <template #default="{ row }">{{ row.created_at }}</template>
+            </el-table-column>
+            <el-table-column label="操作" width="130" fixed="right">
+              <template #default="{ row }">
+                <el-button v-if="row.status === 'pending'" size="small" link type="warning"
+                           @click="forcePaid(row)">手工入账</el-button>
+                <span v-else style="color:var(--el-text-color-placeholder)">—</span>
+              </template>
+            </el-table-column>
+          </el-table>
+
+          <el-pagination
+            style="margin-top:12px"
+            background
+            layout="total, prev, pager, next, sizes"
+            :total="total"
+            v-model:current-page="currentPage"
+            :page-sizes="[20, 50, 100]"
+            v-model:page-size="filter.limit"
+            @size-change="() => { filter.offset = 0; loadOrders() }"
+          />
+        </el-tab-pane>
+      </el-tabs>
+    </div>
+
+    <!-- 套餐编辑弹窗 -->
+    <el-dialog v-model="pkgDialog.visible"
+               :title="pkgDialog.mode === 'create' ? '新增套餐' : '编辑套餐'"
+               width="520px">
+      <el-form label-width="110px">
+        <el-form-item label="名称">
+          <el-input v-model="pkgDialog.form.name" />
+        </el-form-item>
+        <el-form-item label="售价(分)">
+          <el-input-number v-model="pkgDialog.form.price_cny" :min="1" style="width:220px" />
+          <span style="margin-left:8px;color:var(--el-text-color-secondary);font-size:13px">
+            = ¥ {{ ((pkgDialog.form.price_cny || 0) / 100).toFixed(2) }}
+          </span>
+        </el-form-item>
+        <el-form-item label="基础积分(厘)">
+          <el-input-number v-model="pkgDialog.form.credits" :min="0" style="width:220px" />
+        </el-form-item>
+        <el-form-item label="赠送积分(厘)">
+          <el-input-number v-model="pkgDialog.form.bonus" :min="0" style="width:220px" />
+        </el-form-item>
+        <el-form-item label="排序">
+          <el-input-number v-model="pkgDialog.form.sort" :min="0" />
+        </el-form-item>
+        <el-form-item label="状态">
+          <el-switch v-model="pkgDialog.form.enabled" />
+        </el-form-item>
+        <el-form-item label="描述">
+          <el-input v-model="pkgDialog.form.description" type="textarea" :rows="2" />
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="pkgDialog.visible = false">取消</el-button>
+        <el-button type="primary" @click="savePkg">保存</el-button>
+      </template>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped>
+code {
+  background: #f2f3f5;
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+}
+:global(html.dark) code { background: #1d2026; }
+</style>
diff --git a/web/src/views/admin/Settings.vue b/web/src/views/admin/Settings.vue
new file mode 100644
index 00000000..ffd36e0b
--- /dev/null
+++ b/web/src/views/admin/Settings.vue
@@ -0,0 +1,295 @@
+<script setup lang="ts">
+import { ref, computed, reactive, onMounted } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import {
+  Refresh,
+  Check,
+  Setting,
+  Lock,
+  User,
+  Connection,
+  Wallet,
+  Message as MailIcon,
+} from '@element-plus/icons-vue'
+import {
+  listSettings,
+  updateSettings,
+  reloadSettings,
+  sendTestEmail,
+  type SettingItem,
+} from '@/api/settings'
+import { useSiteStore } from '@/stores/site'
+
+const loading = ref(false)
+const saving = ref(false)
+const items = ref<SettingItem[]>([])
+// 本地编辑态,key -> value(string)
+const draft = reactive<Record<string, string>>({})
+
+const tabs = [
+  { name: 'site', label: '通用设置', icon: Setting },
+  { name: 'auth', label: '安全与认证', icon: Lock },
+  { name: 'defaults', label: '用户默认值', icon: User },
+  { name: 'gateway', label: '网关服务', icon: Connection },
+  { name: 'billing', label: '计费与充值', icon: Wallet },
+  { name: 'mail', label: '邮件设置', icon: MailIcon },
+] as const
+const activeTab = ref<(typeof tabs)[number]['name']>('site')
+
+const grouped = computed(() => {
+  const map: Record<string, SettingItem[]> = {
+    site: [], auth: [], defaults: [], gateway: [], billing: [], mail: [],
+  }
+  for (const it of items.value) {
+    // 旧 category "limit" 归并到 defaults 显示
+    const cat = it.category === 'limit' ? 'defaults' : it.category
+    ;(map[cat] ||= []).push(it)
+  }
+  for (const k of Object.keys(map)) map[k].sort((a, b) => a.key.localeCompare(b.key))
+  return map
+})
+
+const dirtyCount = computed(() => {
+  let n = 0
+  for (const it of items.value) {
+    if (String(draft[it.key] ?? '') !== String(it.value)) n++
+  }
+  return n
+})
+
+async function load() {
+  loading.value = true
+  try {
+    const d = await listSettings()
+    items.value = d.items
+    for (const it of d.items) draft[it.key] = it.value
+  } finally {
+    loading.value = false
+  }
+}
+
+function reset() {
+  for (const it of items.value) draft[it.key] = it.value
+  ElMessage.info('已重置为服务端当前值')
+}
+
+function isBool(it: SettingItem) { return it.type === 'bool' }
+function isInt(it: SettingItem) { return it.type === 'int' }
+function isFloat(it: SettingItem) { return it.type === 'float' }
+function inputType(it: SettingItem) {
+  if (it.type === 'email') return 'email'
+  if (it.type === 'url') return 'url'
+  return 'text'
+}
+
+async function save() {
+  const diff: Record<string, string> = {}
+  for (const it of items.value) {
+    const v = draft[it.key] ?? ''
+    if (String(v) !== String(it.value)) diff[it.key] = String(v)
+  }
+  if (Object.keys(diff).length === 0) {
+    ElMessage.info('没有需要保存的修改')
+    return
+  }
+  saving.value = true
+  try {
+    await updateSettings(diff)
+    ElMessage.success(`已保存 ${Object.keys(diff).length} 项`)
+    await load()
+    useSiteStore().refresh()
+  } finally {
+    saving.value = false
+  }
+}
+
+async function doReload() {
+  await ElMessageBox.confirm('从数据库强制重载最新值到内存缓存?', '确认', {
+    type: 'warning',
+  }).catch(() => 'cancel')
+  try {
+    await reloadSettings()
+    ElMessage.success('已重载')
+    await load()
+  } catch { /* 拦截器已处理 */ }
+}
+
+// ---- 邮件测试 ----
+const mailDlg = ref(false)
+const mailTo = ref('')
+const mailSending = ref(false)
+async function submitTestMail() {
+  if (!mailTo.value) {
+    ElMessage.warning('请输入收件邮箱')
+    return
+  }
+  mailSending.value = true
+  try {
+    await sendTestEmail(mailTo.value)
+    ElMessage.success('测试邮件已发出')
+    mailDlg.value = false
+  } catch { /* 拦截器已处理 */ } finally {
+    mailSending.value = false
+  }
+}
+
+onMounted(load)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block" v-loading="loading">
+      <!-- 顶部:标题 + 操作栏(始终可见) -->
+      <div class="flex-between settings-head">
+        <div>
+          <div class="page-title" style="margin:0">系统设置</div>
+          <div class="settings-subtitle">
+            所有修改在点击"保存修改"后立即生效,无需重启服务
+          </div>
+        </div>
+        <div class="flex-wrap-gap">
+          <el-button :icon="Refresh" @click="doReload">强制重载</el-button>
+          <el-button :icon="MailIcon" @click="mailDlg = true">发测试邮件</el-button>
+          <el-button :disabled="dirtyCount === 0" @click="reset">重置</el-button>
+          <el-button
+            type="primary"
+            :icon="Check"
+            :loading="saving"
+            @click="save"
+          >
+            保存修改<span v-if="dirtyCount > 0"> ({{ dirtyCount }})</span>
+          </el-button>
+        </div>
+      </div>
+
+      <el-tabs v-model="activeTab" class="settings-tabs">
+        <el-tab-pane v-for="t in tabs" :key="t.name" :name="t.name">
+          <template #label>
+            <span class="tab-label">
+              <el-icon><component :is="t.icon" /></el-icon>
+              <span>{{ t.label }}</span>
+            </span>
+          </template>
+
+          <div class="tab-body">
+            <el-empty
+              v-if="!grouped[t.name] || grouped[t.name].length === 0"
+              description="暂无可配置项"
+            />
+            <el-form
+              v-else
+              label-width="170px"
+              label-position="right"
+              class="setting-form"
+            >
+              <el-form-item
+                v-for="it in grouped[t.name]"
+                :key="it.key"
+                :label="it.label || it.key"
+              >
+                <div class="field-wrap">
+                  <el-switch
+                    v-if="isBool(it)"
+                    :model-value="draft[it.key] === 'true'"
+                    @update:model-value="(v) => (draft[it.key] = v ? 'true' : 'false')"
+                  />
+                  <el-input-number
+                    v-else-if="isInt(it)"
+                    :model-value="Number(draft[it.key] || 0)"
+                    :min="0"
+                    :controls-position="'right'"
+                    style="width: 240px"
+                    @update:model-value="(v) => (draft[it.key] = String(v ?? 0))"
+                  />
+                  <el-input-number
+                    v-else-if="isFloat(it)"
+                    :model-value="Number(draft[it.key] || 0)"
+                    :min="0"
+                    :max="1"
+                    :step="0.05"
+                    :precision="2"
+                    :controls-position="'right'"
+                    style="width: 240px"
+                    @update:model-value="(v) => (draft[it.key] = String(v ?? 0))"
+                  />
+                  <el-input
+                    v-else
+                    v-model="draft[it.key]"
+                    :placeholder="it.desc || it.label"
+                    :type="inputType(it)"
+                    clearable
+                    style="max-width: 520px"
+                  />
+                  <div v-if="it.desc" class="hint">{{ it.desc }}</div>
+                </div>
+              </el-form-item>
+            </el-form>
+          </div>
+        </el-tab-pane>
+      </el-tabs>
+    </div>
+
+    <!-- 测试邮件 -->
+    <el-dialog v-model="mailDlg" title="发送 SMTP 测试邮件" width="420px">
+      <el-form label-width="80px">
+        <el-form-item label="收件人">
+          <el-input v-model="mailTo" placeholder="your@mail.com" type="email" clearable />
+        </el-form-item>
+        <div style="font-size:12px;color:var(--el-text-color-secondary)">
+          使用 <code>configs/config.yaml</code> 的 SMTP 配置发送;未配置时会直接失败。
+        </div>
+      </el-form>
+      <template #footer>
+        <el-button @click="mailDlg = false">取消</el-button>
+        <el-button type="primary" :loading="mailSending" @click="submitTestMail">发送</el-button>
+      </template>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped>
+.settings-head {
+  margin-bottom: 4px;
+}
+.settings-subtitle {
+  font-size: 12px;
+  color: var(--el-text-color-secondary);
+  margin-top: 4px;
+}
+
+.settings-tabs {
+  margin-top: 8px;
+}
+.settings-tabs :deep(.el-tabs__header) {
+  margin-bottom: 16px;
+}
+.tab-label {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+}
+
+.tab-body {
+  padding-top: 4px;
+}
+.setting-form .el-form-item {
+  margin-bottom: 18px;
+}
+.field-wrap {
+  width: 100%;
+}
+.hint {
+  margin-top: 4px;
+  font-size: 12px;
+  color: var(--el-text-color-secondary);
+  line-height: 1.5;
+}
+
+@media (max-width: 640px) {
+  .setting-form :deep(.el-form-item__label) {
+    width: auto !important;
+    padding-right: 8px !important;
+    line-height: 1.5;
+  }
+}
+</style>
diff --git a/web/src/views/admin/UsageStats.vue b/web/src/views/admin/UsageStats.vue
new file mode 100644
index 00000000..82d08ef4
--- /dev/null
+++ b/web/src/views/admin/UsageStats.vue
@@ -0,0 +1,204 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted, computed } from 'vue'
+import * as statsApi from '@/api/stats'
+import { formatCredit } from '@/utils/format'
+import { ENABLE_CHAT_MODEL } from '@/config/feature'
+
+const loading = ref(false)
+const data = ref<statsApi.StatsResp | null>(null)
+const filter = reactive({ days: 14, type: '' as '' | 'chat' | 'image', status: '' as '' | 'success' | 'failed' })
+
+async function load() {
+  loading.value = true
+  try {
+    data.value = await statsApi.getUsageStats({
+      days: filter.days,
+      top_n: 10,
+      type: filter.type || undefined,
+      status: filter.status || undefined,
+    })
+  } finally { loading.value = false }
+}
+
+const overall = computed(() => data.value?.overall)
+const daily = computed(() => data.value?.daily || [])
+const byModel = computed(() => data.value?.by_model || [])
+const byUser = computed(() => data.value?.by_user || [])
+
+const maxDaily = computed(() => {
+  const m = daily.value.reduce((x, r) => Math.max(x, r.requests), 0)
+  return m === 0 ? 1 : m
+})
+
+function successRate(s?: statsApi.Overall) {
+  if (!s || s.requests === 0) return '—'
+  return `${(((s.requests - s.failures) / s.requests) * 100).toFixed(2)}%`
+}
+
+onMounted(load)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:12px">
+        <div>
+          <h2 class="page-title" style="margin:0">用量统计</h2>
+          <div style="color:var(--el-text-color-secondary);font-size:13px;margin-top:4px">
+            全站请求量 / 成功率 / Token 消耗 / 积分收入的聚合视图,支持按天、类型、状态切片,用于观察趋势与定位异常账号。
+          </div>
+        </div>
+        <div class="flex-wrap-gap">
+          <el-select v-model="filter.days" style="width:110px" @change="load">
+            <el-option :value="7"  label="近 7 天" />
+            <el-option :value="14" label="近 14 天" />
+            <el-option :value="30" label="近 30 天" />
+            <el-option :value="60" label="近 60 天" />
+            <el-option :value="90" label="近 90 天" />
+          </el-select>
+          <el-select v-model="filter.type" style="width:130px" clearable placeholder="类型" @change="load">
+            <el-option label="全部" value="" />
+            <el-option v-if="ENABLE_CHAT_MODEL" label="对话" value="chat" />
+            <el-option label="生图" value="image" />
+          </el-select>
+          <el-select v-model="filter.status" style="width:130px" clearable placeholder="状态" @change="load">
+            <el-option label="全部" value="" />
+            <el-option label="成功" value="success" />
+            <el-option label="失败" value="failed" />
+          </el-select>
+          <el-button @click="load" type="primary" :loading="loading">
+            <el-icon><Refresh /></el-icon> 刷新
+          </el-button>
+        </div>
+      </div>
+
+      <el-row :gutter="16" v-loading="loading">
+        <el-col :md="6" :sm="12"><el-card shadow="never" class="stat">
+          <div class="lbl">请求数</div>
+          <div class="val">{{ overall?.requests ?? 0 }}</div>
+          <div class="sub">失败 {{ overall?.failures ?? 0 }} · 成功率 {{ successRate(overall!) }}</div>
+        </el-card></el-col>
+        <el-col v-if="ENABLE_CHAT_MODEL" :md="6" :sm="12"><el-card shadow="never" class="stat">
+          <div class="lbl">对话请求</div>
+          <div class="val">{{ overall?.chat_requests ?? 0 }}</div>
+          <div class="sub">生图张数 {{ overall?.image_images ?? 0 }}</div>
+        </el-card></el-col>
+        <el-col v-else :md="6" :sm="12"><el-card shadow="never" class="stat">
+          <div class="lbl">生图张数</div>
+          <div class="val">{{ overall?.image_images ?? 0 }}</div>
+          <div class="sub">成功率 {{ successRate(overall!) }}</div>
+        </el-card></el-col>
+        <el-col :md="6" :sm="12"><el-card shadow="never" class="stat">
+          <div class="lbl">Token 消耗</div>
+          <div class="val">{{ (overall?.input_tokens ?? 0) + (overall?.output_tokens ?? 0) }}</div>
+          <div class="sub">输入 {{ overall?.input_tokens ?? 0 }} / 输出 {{ overall?.output_tokens ?? 0 }}</div>
+        </el-card></el-col>
+        <el-col :md="6" :sm="12"><el-card shadow="never" class="stat">
+          <div class="lbl">累计扣费</div>
+          <div class="val primary">{{ formatCredit(overall?.credit_cost) }} 分</div>
+          <div class="sub">单位:积分</div>
+        </el-card></el-col>
+      </el-row>
+    </div>
+
+    <div class="card-block">
+      <h3 style="margin:0 0 10px;font-size:14px">每日请求(纯 CSS 柱状图)</h3>
+      <div class="bars">
+        <div v-for="p in daily" :key="p.day" class="bar-cell">
+          <div class="bar-wrap">
+            <div class="bar" :style="{ height: ((p.requests / maxDaily) * 100) + '%' }" />
+            <div v-if="p.failures" class="bar-fail"
+                 :style="{ height: ((p.failures / maxDaily) * 100) + '%' }" />
+          </div>
+          <div class="bar-val">{{ p.requests }}</div>
+          <div class="bar-day">{{ p.day.slice(5) }}</div>
+        </div>
+        <el-empty v-if="daily.length === 0" description="无数据" />
+      </div>
+    </div>
+
+    <div class="card-block">
+      <h3 style="margin:0 0 10px;font-size:14px">Top 模型</h3>
+      <el-table :data="byModel" stripe size="small" v-loading="loading">
+        <el-table-column label="模型" min-width="180">
+          <template #default="{ row }">
+            <code>{{ row.model_slug || `#${row.model_id}` }}</code>
+          </template>
+        </el-table-column>
+        <el-table-column prop="type" label="类型" width="80">
+          <template #default="{ row }">
+            <el-tag size="small" :type="row.type === 'image' ? 'warning' : 'primary'">
+              {{ row.type || '-' }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column prop="requests" label="请求数" width="100" />
+        <el-table-column prop="failures" label="失败" width="80" />
+        <el-table-column prop="input_tokens" label="输入 tok" width="120" />
+        <el-table-column prop="output_tokens" label="输出 tok" width="120" />
+        <el-table-column prop="image_count" label="图数" width="80" />
+        <el-table-column label="扣费" width="130">
+          <template #default="{ row }">{{ formatCredit(row.credit_cost) }}</template>
+        </el-table-column>
+        <el-table-column prop="avg_dur_ms" label="平均耗时(ms)" width="130" />
+      </el-table>
+    </div>
+
+    <div class="card-block">
+      <h3 style="margin:0 0 10px;font-size:14px">Top 用户</h3>
+      <el-table :data="byUser" stripe size="small" v-loading="loading">
+        <el-table-column prop="user_id" label="ID" width="80" />
+        <el-table-column prop="email" label="邮箱" min-width="200" />
+        <el-table-column prop="requests" label="请求数" width="120" />
+        <el-table-column prop="failures" label="失败" width="100" />
+        <el-table-column label="扣费" width="140">
+          <template #default="{ row }">{{ formatCredit(row.credit_cost) }}</template>
+        </el-table-column>
+      </el-table>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.stat {
+  border-radius: 8px;
+  .lbl { font-size: 13px; color: var(--el-text-color-secondary); }
+  .val {
+    font-size: 26px; font-weight: 700; margin: 6px 0;
+    color: var(--el-text-color-primary);
+    &.primary { color: #409eff; }
+  }
+  .sub { font-size: 12px; color: var(--el-text-color-secondary); }
+}
+.bars {
+  display: flex; gap: 4px;
+  height: 160px;
+  align-items: flex-end;
+  .bar-cell {
+    flex: 1; display: flex; flex-direction: column; align-items: center;
+    min-width: 0;
+  }
+  .bar-wrap { position: relative; width: 100%; height: 100%; display: flex; align-items: flex-end; }
+  .bar {
+    width: 60%; margin: 0 auto;
+    background: linear-gradient(180deg, #409eff, #67c23a);
+    border-radius: 3px 3px 0 0;
+    min-height: 2px;
+    transition: height .3s;
+  }
+  .bar-fail {
+    position: absolute; bottom: 0; left: 20%; right: 20%;
+    background: #f56c6c; border-radius: 3px 3px 0 0;
+    opacity: 0.6;
+  }
+  .bar-val { font-size: 11px; color: var(--el-text-color-secondary); margin-top: 2px; }
+  .bar-day { font-size: 11px; color: var(--el-text-color-placeholder); }
+}
+code {
+  background: #f2f3f5;
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-size: 12px;
+}
+:global(html.dark) code { background: #1d2026; }
+</style>
diff --git a/web/src/views/admin/Users.vue b/web/src/views/admin/Users.vue
new file mode 100644
index 00000000..cfeb3826
--- /dev/null
+++ b/web/src/views/admin/Users.vue
@@ -0,0 +1,421 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted, computed } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import * as adminApi from '@/api/admin'
+import { formatCredit, formatDateTime } from '@/utils/format'
+import { useUserStore } from '@/stores/user'
+
+const store = useUserStore()
+
+const loading = ref(false)
+const filter = reactive<adminApi.UserFilter>({
+  q: '', role: '', status: '', group_id: undefined,
+  limit: 20, offset: 0,
+})
+const total = ref(0)
+const rows = ref<adminApi.AdminUser[]>([])
+const groups = ref<adminApi.Group[]>([])
+
+async function fetchList() {
+  loading.value = true
+  try {
+    const data = await adminApi.listUsers({
+      ...filter,
+      group_id: filter.group_id || undefined,
+    })
+    rows.value = data.items
+    total.value = data.total
+  } finally {
+    loading.value = false
+  }
+}
+
+async function fetchGroups() {
+  try {
+    const g = await adminApi.listGroups()
+    groups.value = g.items
+  } catch { /* noop */ }
+}
+
+function groupName(id: number) {
+  return groups.value.find((g) => g.id === id)?.name || `#${id}`
+}
+
+function resetFilter() {
+  filter.q = ''
+  filter.role = ''
+  filter.status = ''
+  filter.group_id = undefined
+  filter.offset = 0
+  fetchList()
+}
+
+// ---- 添加用户 ----
+const createDlg = ref(false)
+const createForm = reactive({
+  email: '',
+  password: '',
+  nickname: '',
+  role: 'user' as 'user' | 'admin',
+  status: 'active' as 'active' | 'banned',
+  group_id: 1,
+  initial_credits: 0,
+})
+function openCreate() {
+  createForm.email = ''
+  createForm.password = ''
+  createForm.nickname = ''
+  createForm.role = 'user'
+  createForm.status = 'active'
+  createForm.group_id = groups.value[0]?.id || 1
+  createForm.initial_credits = 0
+  createDlg.value = true
+}
+async function onCreateSubmit() {
+  const email = createForm.email.trim()
+  if (!email) return ElMessage.warning('请输入邮箱')
+  if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) return ElMessage.warning('邮箱格式不正确')
+  if (createForm.password.length < 6) return ElMessage.warning('密码至少 6 位')
+  await adminApi.createUser({
+    email,
+    password: createForm.password,
+    nickname: createForm.nickname.trim(),
+    role: createForm.role,
+    status: createForm.status,
+    group_id: createForm.group_id,
+    initial_credits: createForm.initial_credits > 0 ? createForm.initial_credits : undefined,
+  })
+  ElMessage.success('用户创建成功')
+  createDlg.value = false
+  filter.offset = 0
+  fetchList()
+}
+
+// ---- 编辑 ----
+const editDlg = ref(false)
+const editingRow = ref<adminApi.AdminUser | null>(null)
+const editForm = reactive({ nickname: '', role: '', status: '', group_id: 1 })
+
+function openEdit(row: adminApi.AdminUser) {
+  editingRow.value = row
+  editForm.nickname = row.nickname
+  editForm.role = row.role
+  editForm.status = row.status
+  editForm.group_id = row.group_id
+  editDlg.value = true
+}
+async function onSaveEdit() {
+  if (!editingRow.value) return
+  await adminApi.patchUser(editingRow.value.id, { ...editForm })
+  ElMessage.success('保存成功')
+  editDlg.value = false
+  fetchList()
+}
+
+// ---- 重置密码 ----
+const pwdDlg = ref(false)
+const pwdForm = reactive({ uid: 0, newPwd: '', adminPwd: '' })
+function openReset(row: adminApi.AdminUser) {
+  pwdForm.uid = row.id
+  pwdForm.newPwd = ''
+  pwdForm.adminPwd = ''
+  pwdDlg.value = true
+}
+async function onResetSubmit() {
+  if (pwdForm.newPwd.length < 6) return ElMessage.warning('新密码至少 6 位')
+  if (!pwdForm.adminPwd) return ElMessage.warning('请输入管理员密码')
+  await adminApi.resetUserPassword(pwdForm.uid, pwdForm.newPwd, pwdForm.adminPwd)
+  ElMessage.success('已重置')
+  pwdDlg.value = false
+}
+
+// ---- 调账 ----
+const adjustDlg = ref(false)
+const adjustForm = reactive({ uid: 0, delta: 0, remark: '', ref_id: '', adminPwd: '' })
+function openAdjust(row: adminApi.AdminUser) {
+  adjustForm.uid = row.id
+  adjustForm.delta = 0
+  adjustForm.remark = ''
+  adjustForm.ref_id = ''
+  adjustForm.adminPwd = ''
+  adjustDlg.value = true
+}
+async function onAdjustSubmit() {
+  if (!adjustForm.delta) return ElMessage.warning('金额不能为 0')
+  if (!adjustForm.remark) return ElMessage.warning('请填备注')
+  if (!adjustForm.adminPwd) return ElMessage.warning('请输入管理员密码')
+  await adminApi.adjustCredit(adjustForm.uid, {
+    delta: adjustForm.delta,
+    remark: adjustForm.remark,
+    ref_id: adjustForm.ref_id,
+  }, adjustForm.adminPwd)
+  ElMessage.success('调账成功')
+  adjustDlg.value = false
+  fetchList()
+}
+
+// ---- 删除 ----
+async function onDelete(row: adminApi.AdminUser) {
+  if (row.id === store.user?.id) return ElMessage.warning('不能删除自己')
+  const { value: pwd } = await ElMessageBox.prompt(
+    `确认删除用户 ${row.email}?此操作会将账号标记为已删除并封禁。请输入你的管理员密码:`,
+    '删除用户',
+    {
+      confirmButtonText: '删除',
+      cancelButtonText: '取消',
+      inputType: 'password',
+      type: 'warning',
+      inputPlaceholder: '管理员密码',
+    },
+  ).catch(() => ({ value: null }))
+  if (!pwd) return
+  await adminApi.deleteUser(row.id, pwd)
+  ElMessage.success('已删除')
+  fetchList()
+}
+
+// ---- 流水 ----
+const logsDlg = ref(false)
+const logs = ref<adminApi.CreditLog[]>([])
+const logLoading = ref(false)
+async function openLogs(row: adminApi.AdminUser) {
+  logsDlg.value = true
+  logLoading.value = true
+  try {
+    const data = await adminApi.listCreditLogs(row.id, 100, 0)
+    logs.value = data.items
+  } finally {
+    logLoading.value = false
+  }
+}
+
+const canEdit = computed(() => store.hasPerm('user:write'))
+const canCredit = computed(() => store.hasPerm('user:credit'))
+
+onMounted(() => { fetchGroups(); fetchList() })
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <h2 class="page-title" style="margin:0">用户管理</h2>
+      <div style="color:var(--el-text-color-secondary);font-size:13px;margin:4px 0 14px">
+        维护平台用户:角色分配、状态冻结、分组倍率、重置密码与积分调整入口。
+      </div>
+
+      <el-form inline class="flex-wrap-gap" @submit.prevent="fetchList">
+        <el-input v-model="filter.q" placeholder="邮箱 / 昵称" clearable style="width:220px" />
+        <el-select v-model="filter.role" placeholder="角色" clearable style="width:120px">
+          <el-option label="普通用户" value="user" />
+          <el-option label="管理员" value="admin" />
+        </el-select>
+        <el-select v-model="filter.status" placeholder="状态" clearable style="width:120px">
+          <el-option label="正常" value="active" />
+          <el-option label="已封禁" value="banned" />
+        </el-select>
+        <el-select v-model="filter.group_id" placeholder="分组" clearable style="width:150px">
+          <el-option v-for="g in groups" :key="g.id" :label="g.name" :value="g.id" />
+        </el-select>
+        <el-button type="primary" @click="fetchList"><el-icon><Search /></el-icon> 查询</el-button>
+        <el-button @click="resetFilter">重置</el-button>
+        <el-button type="success" @click="openCreate" :disabled="!canEdit">
+          <el-icon><Plus /></el-icon> 添加用户
+        </el-button>
+      </el-form>
+
+      <el-table v-loading="loading" :data="rows" stripe style="margin-top:12px">
+        <el-table-column prop="id" label="ID" width="70" />
+        <el-table-column prop="email" label="邮箱" min-width="200" />
+        <el-table-column prop="nickname" label="昵称" min-width="120" />
+        <el-table-column label="角色" width="90">
+          <template #default="{ row }">
+            <el-tag :type="row.role === 'admin' ? 'warning' : 'info'" size="small">
+              {{ row.role === 'admin' ? '管理员' : '普通' }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="状态" width="90">
+          <template #default="{ row }">
+            <el-tag :type="row.status === 'active' ? 'success' : 'info'" size="small">
+              {{ row.status === 'active' ? '正常' : '封禁' }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="分组" width="110">
+          <template #default="{ row }">{{ groupName(row.group_id) }}</template>
+        </el-table-column>
+        <el-table-column label="余额 / 冻结" min-width="160">
+          <template #default="{ row }">
+            <div>{{ formatCredit(row.credit_balance) }}</div>
+            <div style="font-size:12px;color:var(--el-text-color-secondary)">
+              冻结 {{ formatCredit(row.credit_frozen) }}
+            </div>
+          </template>
+        </el-table-column>
+        <el-table-column label="最近登录" min-width="160">
+          <template #default="{ row }">
+            <div style="font-size:12px">
+              <div>{{ formatDateTime(row.last_login_at) }}</div>
+              <div style="color:var(--el-text-color-secondary)">{{ row.last_login_ip || '-' }}</div>
+            </div>
+          </template>
+        </el-table-column>
+        <el-table-column label="操作" width="300" fixed="right">
+          <template #default="{ row }">
+            <el-button size="small" link type="primary" @click="openEdit(row)" :disabled="!canEdit">编辑</el-button>
+            <el-button size="small" link type="primary" @click="openReset(row)" :disabled="!canEdit">重置密码</el-button>
+            <el-button size="small" link type="warning" @click="openAdjust(row)" :disabled="!canCredit">调账</el-button>
+            <el-button size="small" link @click="openLogs(row)">流水</el-button>
+            <el-button size="small" link type="danger" @click="onDelete(row)" :disabled="!canEdit">删除</el-button>
+          </template>
+        </el-table-column>
+      </el-table>
+
+      <el-pagination
+        style="margin-top:16px;justify-content:flex-end;display:flex"
+        :current-page="Math.floor((filter.offset || 0) / (filter.limit || 20)) + 1"
+        @current-change="(p: number) => { filter.offset = (p - 1) * (filter.limit || 20); fetchList() }"
+        :page-size="filter.limit"
+        @size-change="(s: number) => { filter.limit = s; filter.offset = 0; fetchList() }"
+        :total="total"
+        :page-sizes="[20, 50, 100]"
+        layout="total, sizes, prev, pager, next"
+      />
+    </div>
+
+    <!-- 添加用户 -->
+    <el-dialog v-model="createDlg" title="添加用户" width="500px">
+      <el-alert type="info" :closable="false" show-icon style="margin-bottom:12px"
+                title="此入口由管理员直接建号,不受『开放注册开关』和『邮箱域名白名单』限制;新账号立即可用。" />
+      <el-form :model="createForm" label-width="100px">
+        <el-form-item label="邮箱" required>
+          <el-input v-model="createForm.email" placeholder="user@example.com" clearable />
+        </el-form-item>
+        <el-form-item label="初始密码" required>
+          <el-input v-model="createForm.password" type="password" show-password placeholder="≥ 6 位,可让用户首次登录后自行修改" />
+        </el-form-item>
+        <el-form-item label="昵称">
+          <el-input v-model="createForm.nickname" maxlength="40" show-word-limit />
+        </el-form-item>
+        <el-form-item label="角色">
+          <el-select v-model="createForm.role" style="width:100%">
+            <el-option label="普通用户" value="user" />
+            <el-option label="管理员" value="admin" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="状态">
+          <el-select v-model="createForm.status" style="width:100%">
+            <el-option label="正常" value="active" />
+            <el-option label="封禁" value="banned" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="分组">
+          <el-select v-model="createForm.group_id" style="width:100%">
+            <el-option v-for="g in groups" :key="g.id" :label="g.name" :value="g.id" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="初始积分">
+          <el-input-number v-model="createForm.initial_credits" :min="0" :step="10000" style="width:100%" />
+          <div style="font-size:12px;color:var(--el-text-color-secondary);margin-top:4px">
+            单位:厘(1 积分 = 10000 厘)。>0 时会走正规入账,写 credit_logs。
+          </div>
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="createDlg = false">取消</el-button>
+        <el-button type="primary" @click="onCreateSubmit">创建</el-button>
+      </template>
+    </el-dialog>
+
+    <!-- 编辑 -->
+    <el-dialog v-model="editDlg" title="编辑用户" width="480px">
+      <el-form :model="editForm" label-width="90px">
+        <el-form-item label="昵称"><el-input v-model="editForm.nickname" /></el-form-item>
+        <el-form-item label="角色">
+          <el-select v-model="editForm.role" style="width:100%">
+            <el-option label="普通用户" value="user" />
+            <el-option label="管理员" value="admin" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="状态">
+          <el-select v-model="editForm.status" style="width:100%">
+            <el-option label="正常" value="active" />
+            <el-option label="封禁" value="banned" />
+          </el-select>
+        </el-form-item>
+        <el-form-item label="分组">
+          <el-select v-model="editForm.group_id" style="width:100%">
+            <el-option v-for="g in groups" :key="g.id" :label="g.name" :value="g.id" />
+          </el-select>
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="editDlg = false">取消</el-button>
+        <el-button type="primary" @click="onSaveEdit">保存</el-button>
+      </template>
+    </el-dialog>
+
+    <!-- 重置密码 -->
+    <el-dialog v-model="pwdDlg" title="重置密码" width="420px">
+      <el-alert type="warning" :closable="false" show-icon style="margin-bottom:12px"
+                title="该操作会强制写入新密码,旧登录 token 仍短时可用,请提醒用户改密并退出重登。" />
+      <el-form label-width="110px">
+        <el-form-item label="新密码">
+          <el-input v-model="pwdForm.newPwd" type="password" show-password placeholder="≥ 6 位" />
+        </el-form-item>
+        <el-form-item label="管理员密码">
+          <el-input v-model="pwdForm.adminPwd" type="password" show-password placeholder="二次确认" />
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="pwdDlg = false">取消</el-button>
+        <el-button type="danger" @click="onResetSubmit">确认重置</el-button>
+      </template>
+    </el-dialog>
+
+    <!-- 调账 -->
+    <el-dialog v-model="adjustDlg" title="积分调账" width="440px">
+      <el-alert type="warning" :closable="false" show-icon style="margin-bottom:12px"
+                title="正数为加款,负数为扣款;扣款不会把余额扣成负数。单位:厘(1 积分 = 10000 厘)" />
+      <el-form label-width="110px">
+        <el-form-item label="金额(厘)">
+          <el-input-number v-model="adjustForm.delta" :step="10000" style="width:100%" />
+        </el-form-item>
+        <el-form-item label="备注">
+          <el-input v-model="adjustForm.remark" maxlength="200" show-word-limit />
+        </el-form-item>
+        <el-form-item label="关联单号">
+          <el-input v-model="adjustForm.ref_id" placeholder="选填,订单号/工单号" />
+        </el-form-item>
+        <el-form-item label="管理员密码">
+          <el-input v-model="adjustForm.adminPwd" type="password" show-password />
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="adjustDlg = false">取消</el-button>
+        <el-button type="warning" @click="onAdjustSubmit">确认</el-button>
+      </template>
+    </el-dialog>
+
+    <!-- 流水 -->
+    <el-dialog v-model="logsDlg" title="积分流水" width="820px">
+      <el-table v-loading="logLoading" :data="logs" max-height="480" size="small">
+        <el-table-column prop="id" label="ID" width="80" />
+        <el-table-column prop="type" label="类型" width="120" />
+        <el-table-column label="金额" width="140">
+          <template #default="{ row }">
+            <span :style="{color: row.amount >= 0 ? '#67c23a' : '#f56c6c'}">
+              {{ row.amount >= 0 ? '+' : '' }}{{ formatCredit(row.amount) }}
+            </span>
+          </template>
+        </el-table-column>
+        <el-table-column label="余额" width="110">
+          <template #default="{ row }">{{ formatCredit(row.balance_after) }}</template>
+        </el-table-column>
+        <el-table-column prop="ref_id" label="关联" min-width="120" />
+        <el-table-column prop="remark" label="备注" min-width="180" show-overflow-tooltip />
+        <el-table-column prop="created_at" label="时间" width="170" />
+      </el-table>
+    </el-dialog>
+  </div>
+</template>
diff --git a/web/src/views/auth/Login.vue b/web/src/views/auth/Login.vue
new file mode 100644
index 00000000..b8c7c60c
--- /dev/null
+++ b/web/src/views/auth/Login.vue
@@ -0,0 +1,183 @@
+<script setup lang="ts">
+import { reactive, ref, computed } from 'vue'
+import type { FormInstance } from 'element-plus'
+import { ElMessage } from 'element-plus'
+import { useRouter, useRoute } from 'vue-router'
+import { useUserStore } from '@/stores/user'
+import { useSiteStore } from '@/stores/site'
+
+const router = useRouter()
+const route = useRoute()
+const store = useUserStore()
+const site = useSiteStore()
+
+const siteName = computed(() => site.get('site.name', 'GPT2API'))
+const siteDesc = computed(() =>
+  site.get('site.description', '基于 chatgpt.com 的 OpenAI 兼容网关 · 多账号池 · IMG2 终稿直出 · 批量出图'),
+)
+const siteLogo = computed(() => site.get('site.logo_url', ''))
+const siteFooter = computed(() => site.get('site.footer', ''))
+const allowRegister = computed(() => site.allowRegister())
+
+const formRef = ref<FormInstance>()
+const loading = ref(false)
+
+const form = reactive({
+  email: '',
+  password: '',
+})
+
+const rules = {
+  email: [
+    { required: true, message: '请输入邮箱', trigger: 'blur' },
+    { type: 'email', message: '邮箱格式不正确', trigger: 'blur' },
+  ],
+  password: [
+    { required: true, message: '请输入密码', trigger: 'blur' },
+    { min: 6, message: '至少 6 位', trigger: 'blur' },
+  ],
+}
+
+async function onSubmit() {
+  if (!formRef.value) return
+  const ok = await formRef.value.validate().catch(() => false)
+  if (!ok) return
+  loading.value = true
+  try {
+    await store.login(form.email, form.password)
+    ElMessage.success('登录成功')
+    const redirect = (route.query.redirect as string) || '/personal/dashboard'
+    router.replace(redirect)
+  } catch {
+    // 错误已由 axios 拦截器 toast
+  } finally {
+    loading.value = false
+  }
+}
+</script>
+
+<template>
+  <div class="login-page">
+    <div class="hero">
+      <div class="brand">
+        <img v-if="siteLogo" :src="siteLogo" class="logo-img" alt="logo" />
+        <div v-else class="mark">{{ (siteName[0] || 'G').toUpperCase() }}</div>
+        <h1>{{ siteName }} 控制台</h1>
+      </div>
+      <p class="tagline">{{ siteDesc }}</p>
+      <ul class="features">
+        <li><el-icon><Lightning /></el-icon> 多账号池 / 多代理池 · IMG2 终稿直出 · 批量出图 · 高并发调度</li>
+        <li><el-icon><Lock /></el-icon> RBAC 权限 · 全链路审计 · 数据库一键备份 / 恢复</li>
+        <li><el-icon><Medal /></el-icon> 积分钱包 · 预扣结算 · 易支付接入 · 用量透明</li>
+      </ul>
+    </div>
+    <el-card class="form-card" shadow="hover">
+      <div class="form-title">欢迎回来</div>
+      <div class="form-sub">请使用管理员分配的账号登录</div>
+      <el-form
+        ref="formRef"
+        :model="form"
+        :rules="rules"
+        size="large"
+        label-position="top"
+        @submit.prevent="onSubmit"
+      >
+        <el-form-item label="邮箱" prop="email">
+          <el-input v-model="form.email" placeholder="you@example.com" autocomplete="username">
+            <template #prefix><el-icon><Message /></el-icon></template>
+          </el-input>
+        </el-form-item>
+        <el-form-item label="密码" prop="password">
+          <el-input v-model="form.password" type="password" show-password placeholder="至少 6 位"
+                    autocomplete="current-password" @keyup.enter="onSubmit">
+            <template #prefix><el-icon><Lock /></el-icon></template>
+          </el-input>
+        </el-form-item>
+        <el-button type="primary" :loading="loading" class="submit" @click="onSubmit">登录</el-button>
+        <div class="foot">
+          <template v-if="allowRegister">
+            还没有账号?<router-link to="/register">立即注册</router-link>
+          </template>
+          <template v-else>
+            <span class="muted">管理员已关闭自助注册,请联系管理员创建账号</span>
+          </template>
+        </div>
+      </el-form>
+    </el-card>
+    <div v-if="siteFooter" class="site-footer">{{ siteFooter }}</div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.login-page {
+  min-height: 100vh;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  flex-wrap: wrap;
+  gap: 60px;
+  padding: 40px 24px;
+  box-sizing: border-box;
+  background:
+    radial-gradient(1000px 400px at 10% 20%, #a5c9ff66, transparent),
+    radial-gradient(800px 400px at 90% 80%, #b1f1b288, transparent),
+    linear-gradient(135deg, #eef5ff, #f9fffb);
+}
+:global(html.dark) .login-page {
+  background:
+    radial-gradient(1000px 400px at 10% 20%, #1b3a6a99, transparent),
+    radial-gradient(800px 400px at 90% 80%, #1c4c2688, transparent),
+    linear-gradient(135deg, #0d1117, #0b1f17);
+}
+:global(html.dark) .hero .tagline,
+:global(html.dark) .hero .features { color: #cfd3dc; }
+:global(html.dark) .hero h1 { color: #f2f3f5; }
+.hero {
+  flex: 0 1 420px;
+  min-width: 0;
+  max-width: 420px;
+  .brand { display: flex; align-items: center; gap: 14px; }
+  .logo-img { width: 48px; height: 48px; border-radius: 12px; object-fit: contain; background: #fff; }
+  .mark {
+    width: 48px; height: 48px; border-radius: 12px;
+    display: inline-flex; align-items: center; justify-content: center;
+    color: #fff; font-weight: 700; font-size: 18px;
+    background: linear-gradient(135deg,#409eff,#67c23a);
+  }
+  h1 { font-size: 24px; margin: 0; color: #1f2330; }
+  .tagline { color: #606266; margin-top: 6px; }
+  .features {
+    list-style: none; padding: 0; margin: 28px 0 0; color: #303133;
+    li { display: flex; gap: 10px; align-items: center; margin-bottom: 12px; font-size: 14px; }
+  }
+}
+.site-footer {
+  position: absolute;
+  bottom: 12px; left: 0; right: 0;
+  text-align: center; font-size: 12px; color: #909399;
+}
+.foot .muted { color: #909399; }
+.form-card {
+  flex: 0 1 360px;
+  width: 100%;
+  max-width: 360px;
+  min-width: 0;
+  .form-title { font-size: 20px; font-weight: 700; margin-bottom: 4px; }
+  .form-sub { color: var(--el-text-color-secondary); margin-bottom: 18px; font-size: 13px; }
+  .submit { width: 100%; margin-top: 4px; }
+  .foot { margin-top: 16px; text-align: center; font-size: 13px; color: var(--el-text-color-secondary); }
+}
+
+// 平板:图文与表单上下堆叠
+@media (max-width: 960px) {
+  .login-page { gap: 28px; padding: 32px 20px; }
+  .hero { text-align: left; }
+}
+
+// 手机:隐藏左侧图文,表单占满
+@media (max-width: 640px) {
+  .login-page { padding: 24px 16px; gap: 0; }
+  .hero { display: none; }
+  .form-card { max-width: 100%; }
+}
+</style>
diff --git a/web/src/views/auth/Register.vue b/web/src/views/auth/Register.vue
new file mode 100644
index 00000000..1f59e87b
--- /dev/null
+++ b/web/src/views/auth/Register.vue
@@ -0,0 +1,124 @@
+<script setup lang="ts">
+import { reactive, ref, computed } from 'vue'
+import type { FormInstance } from 'element-plus'
+import { ElMessage } from 'element-plus'
+import { useRouter } from 'vue-router'
+import { useUserStore } from '@/stores/user'
+import { useSiteStore } from '@/stores/site'
+
+const router = useRouter()
+const store = useUserStore()
+const site = useSiteStore()
+
+const siteName = computed(() => site.get('site.name', 'GPT2API'))
+const allowRegister = computed(() => site.allowRegister())
+
+const formRef = ref<FormInstance>()
+const loading = ref(false)
+const form = reactive({ email: '', password: '', confirm: '', nickname: '' })
+
+const rules = {
+  email: [
+    { required: true, message: '请输入邮箱', trigger: 'blur' },
+    { type: 'email', message: '邮箱格式不正确', trigger: 'blur' },
+  ],
+  password: [
+    { required: true, message: '请输入密码', trigger: 'blur' },
+    { min: 6, max: 64, message: '6~64 位', trigger: 'blur' },
+  ],
+  confirm: [
+    { required: true, message: '请再次输入密码', trigger: 'blur' },
+    {
+      validator: (_r: unknown, v: string, cb: (e?: Error) => void) => {
+        if (v !== form.password) cb(new Error('两次密码不一致'))
+        else cb()
+      },
+      trigger: 'blur',
+    },
+  ],
+}
+
+async function onSubmit() {
+  if (!formRef.value) return
+  const ok = await formRef.value.validate().catch(() => false)
+  if (!ok) return
+  loading.value = true
+  try {
+    await store.register(form.email, form.password, form.nickname)
+    ElMessage.success('注册成功,正在登录…')
+    await store.login(form.email, form.password)
+    router.replace('/personal/dashboard')
+  } catch {
+    // toast 由拦截器处理
+  } finally {
+    loading.value = false
+  }
+}
+</script>
+
+<template>
+  <div class="register-page">
+    <el-card class="form-card" shadow="hover">
+      <div class="form-title">创建 {{ siteName }} 账号</div>
+      <div class="form-sub">免费注册,立即体验</div>
+      <el-alert
+        v-if="!allowRegister"
+        type="warning"
+        :closable="false"
+        title="当前站点已关闭自助注册"
+        description="请联系管理员开通账号,或改用已有账号登录。"
+        style="margin-bottom:16px"
+      />
+      <el-form ref="formRef" :model="form" :rules="rules" label-position="top" size="large"
+               :disabled="!allowRegister" @submit.prevent="onSubmit">
+        <el-form-item label="邮箱" prop="email">
+          <el-input v-model="form.email" placeholder="you@example.com" autocomplete="username" />
+        </el-form-item>
+        <el-form-item label="昵称" prop="nickname">
+          <el-input v-model="form.nickname" placeholder="选填" />
+        </el-form-item>
+        <el-form-item label="密码" prop="password">
+          <el-input v-model="form.password" type="password" show-password autocomplete="new-password" />
+        </el-form-item>
+        <el-form-item label="确认密码" prop="confirm">
+          <el-input v-model="form.confirm" type="password" show-password autocomplete="new-password"
+                    @keyup.enter="onSubmit" />
+        </el-form-item>
+        <el-button type="primary" class="submit" :loading="loading" :disabled="!allowRegister"
+                   @click="onSubmit">
+          注册
+        </el-button>
+        <div class="foot">
+          已有账号?<router-link to="/login">直接登录</router-link>
+        </div>
+      </el-form>
+    </el-card>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.register-page {
+  min-height: 100vh;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 40px 24px;
+  box-sizing: border-box;
+  background: linear-gradient(135deg,#eef5ff,#f9fffb);
+}
+:global(html.dark) .register-page {
+  background: linear-gradient(135deg,#0d1117,#0b1f17);
+}
+.form-card {
+  width: 100%;
+  max-width: 400px;
+}
+.form-title { font-size: 20px; font-weight: 700; margin-bottom: 4px; }
+.form-sub { color: var(--el-text-color-secondary); margin-bottom: 18px; font-size: 13px; }
+.submit { width: 100%; }
+.foot { margin-top: 16px; text-align: center; font-size: 13px; color: var(--el-text-color-secondary); }
+
+@media (max-width: 640px) {
+  .register-page { padding: 24px 16px; }
+}
+</style>
diff --git a/web/src/views/landing/Home.vue b/web/src/views/landing/Home.vue
new file mode 100644
index 00000000..76978440
--- /dev/null
+++ b/web/src/views/landing/Home.vue
@@ -0,0 +1,535 @@
+<script setup lang="ts">
+import { computed, onMounted, ref } from 'vue'
+import { useRouter } from 'vue-router'
+import { useUserStore } from '@/stores/user'
+import { useUIStore } from '@/stores/ui'
+import { useSiteStore } from '@/stores/site'
+import { brandParts } from '@/utils/brand'
+
+const router = useRouter()
+const user = useUserStore()
+const ui = useUIStore()
+const site = useSiteStore()
+
+const siteName = computed(() => site.get('site.name', 'GPT2API'))
+const siteLogo = computed(() => site.get('site.logo_url', ''))
+const allowRegister = computed(() => site.allowRegister())
+const loggedIn = computed(() => user.isLoggedIn)
+
+const brand = brandParts()
+const repoHref = `https://${brand.repo}`
+const qqHref = `https://qm.qq.com/q/${brand.qq}`
+
+function goPlay() {
+  if (loggedIn.value) router.push('/personal/play')
+  else router.push('/login?redirect=/personal/play')
+}
+function goDashboard() { router.push('/personal/dashboard') }
+function goLogin() { router.push('/login') }
+function goRegister() { router.push('/register') }
+function scrollTop() { window.scrollTo({ top: 0, behavior: 'smooth' }) }
+
+// 滚动监听,nav 加实体背景
+const scrolled = ref(false)
+onMounted(() => {
+  const onScroll = () => { scrolled.value = window.scrollY > 24 }
+  window.addEventListener('scroll', onScroll, { passive: true })
+  onScroll()
+})
+
+// 三张卖点卡,全部围绕"图"
+const features = [
+  {
+    icon: 'MagicStick',
+    color: '#409eff',
+    title: 'IMG2 正式版直出',
+    desc: '全面对齐 <code>picture_v2</code> 正式协议,SSE 够数即返回,60s 短轮询补齐。<b>速度优先 · 不悄悄重试</b>,出错第一时间暴露给调用方。',
+  },
+  {
+    icon: 'Picture',
+    color: '#a855f7',
+    title: '批量 · 多比例 · 预设',
+    desc: '10 种常用宽高比一键切换(21:9 / 16:9 / 4:3 / 1:1 / 9:16 …),<b>N 张批量成图</b>,提示词预设库,浏览器里直接出图。',
+  },
+  {
+    icon: 'Connection',
+    color: '#67c23a',
+    title: 'OpenAI 零改造接入',
+    desc: '<code>/v1/images/generations</code> · <code>/v1/images/edits</code> 原样对齐官方 SDK,<b>切网关只改 base_url</b>,一行代码即可接入。',
+  },
+]
+</script>
+
+<template>
+  <div class="landing" :class="{ dark: ui.isDark }">
+    <!-- ============= 顶部导航 ============= -->
+    <header class="nav" :class="{ scrolled }">
+      <div class="nav-inner">
+        <a class="logo" @click="scrollTop">
+          <img v-if="siteLogo" :src="siteLogo" class="logo-img" alt="logo" />
+          <span v-else class="logo-mark">{{ (siteName[0] || 'G').toUpperCase() }}</span>
+          <span class="logo-name">{{ siteName }}</span>
+        </a>
+        <nav class="menu">
+          <a :href="repoHref" target="_blank" rel="noopener">
+            GitHub <el-icon :size="13" class="ext"><TopRight /></el-icon>
+          </a>
+          <a :href="qqHref" target="_blank" rel="noopener">QQ 群 {{ brand.qq }}</a>
+        </nav>
+        <div class="nav-actions">
+          <el-button
+            link :title="ui.isDark ? '切换到亮色' : '切换到暗色'"
+            class="theme-btn" @click="ui.toggleDark()"
+          >
+            <el-icon :size="18"><component :is="ui.isDark ? 'Sunny' : 'Moon'" /></el-icon>
+          </el-button>
+          <template v-if="!loggedIn">
+            <el-button text class="btn-login" @click="goLogin">登录</el-button>
+            <el-button v-if="allowRegister" type="primary" round @click="goRegister">免费注册</el-button>
+          </template>
+          <template v-else>
+            <el-button type="primary" round @click="goDashboard">
+              进入控制台 <el-icon><ArrowRight /></el-icon>
+            </el-button>
+          </template>
+        </div>
+      </div>
+    </header>
+
+    <!-- ============= Hero:只讲 GPT IMAGE2 出图 ============= -->
+    <section id="hero" class="hero">
+      <div class="hero-bg"></div>
+      <div class="hero-inner">
+        <div class="hero-text">
+          <div class="eyebrow">
+            <span class="dot"></span>
+            gpt-image-2 · 官方级终稿直出
+          </div>
+          <h1 class="hero-title">
+            <span class="gradient-text">GPT IMAGE2</span><br/>
+            一键出高清终稿
+          </h1>
+          <p class="hero-sub">
+            基于 chatgpt.com 逆向的 <b>gpt-image-2</b> 网关<br/>
+            <b>IMG2 终稿直出</b> · 多比例 / 批量 N 张 / OpenAI SDK 零改造
+          </p>
+          <div class="hero-cta">
+            <el-button size="large" type="primary" round @click="goPlay">
+              <el-icon><VideoPlay /></el-icon> 立即体验在线生图
+            </el-button>
+            <el-button size="large" round plain tag="a" :href="repoHref" target="_blank">
+              <el-icon><Link /></el-icon> GitHub 仓库
+            </el-button>
+          </div>
+          <div class="hero-meta">
+            <a class="meta-link" :href="qqHref" target="_blank" rel="noopener">
+              <el-icon><Service /></el-icon> {{ brand.qqLabel }}{{ brand.qq }}
+            </a>
+            <span class="dot-sep">·</span>
+            <a class="meta-link" :href="brand.picUrl" target="_blank" rel="noopener">
+              <el-icon><PictureFilled /></el-icon> {{ brand.picLabel }}{{ brand.picText }}
+            </a>
+          </div>
+        </div>
+
+        <div class="hero-preview">
+          <div class="preview-glow"></div>
+          <div class="preview-frame">
+            <div class="frame-bar">
+              <span class="dot red"></span>
+              <span class="dot yellow"></span>
+              <span class="dot green"></span>
+              <span class="frame-url">/personal/play · gpt-image-2 终稿直出</span>
+            </div>
+            <img src="/screenshots/playground-xiaoqiao.png" alt="gpt-image-2 单次调用产出多张高清终稿" />
+          </div>
+        </div>
+      </div>
+    </section>
+
+    <!-- ============= 三张卖点卡(全围绕"图") ============= -->
+    <section class="section features">
+      <div class="feature-grid">
+        <div v-for="f in features" :key="f.title" class="feature-card">
+          <div class="feature-icon" :style="{ background: f.color + '1A', color: f.color }">
+            <el-icon :size="22"><component :is="f.icon" /></el-icon>
+          </div>
+          <div class="feature-title">{{ f.title }}</div>
+          <div class="feature-desc" v-html="f.desc"></div>
+        </div>
+      </div>
+      <div class="features-cta">
+        <el-button size="large" type="primary" round @click="goPlay">
+          立即开始出图 <el-icon><ArrowRight /></el-icon>
+        </el-button>
+      </div>
+    </section>
+
+    <!-- ============= Footer(极简) ============= -->
+    <footer class="footer">
+      <div class="footer-inner">
+        <span>© {{ new Date().getFullYear() }} {{ siteName }} · gpt-image-2 终稿直出网关</span>
+        <span class="sep">·</span>
+        <a :href="repoHref" target="_blank" rel="noopener">{{ brand.repoLabel }}{{ brand.repo }}</a>
+        <span class="sep">·</span>
+        <a :href="qqHref" target="_blank" rel="noopener">{{ brand.qqLabel }}{{ brand.qq }}</a>
+        <span class="sep">·</span>
+        <a :href="brand.picUrl" target="_blank" rel="noopener">{{ brand.picLabel }}{{ brand.picText }}</a>
+      </div>
+    </footer>
+  </div>
+</template>
+
+<style scoped lang="scss">
+// ========= 全局色变量(同时适配亮 / 暗) =========
+.landing {
+  --lp-bg: #ffffff;
+  --lp-bg-soft: #f7fbff;
+  --lp-text: #1f2330;
+  --lp-text-soft: #606266;
+  --lp-text-mute: #909399;
+  --lp-border: rgba(15, 23, 42, 0.08);
+  --lp-card: rgba(255, 255, 255, 0.65);
+  --lp-card-solid: #ffffff;
+  --lp-nav-bg: rgba(255, 255, 255, 0.72);
+  --lp-nav-border: rgba(15, 23, 42, 0.08);
+
+  min-height: 100vh;
+  background: var(--lp-bg);
+  color: var(--lp-text);
+  font-family: -apple-system, BlinkMacSystemFont, 'PingFang SC', 'Microsoft YaHei',
+               'Helvetica Neue', Arial, 'Segoe UI', sans-serif;
+  line-height: 1.6;
+  display: flex;
+  flex-direction: column;
+}
+.landing.dark {
+  --lp-bg: #0b1220;
+  --lp-bg-soft: #0f1a2e;
+  --lp-text: #e6e9ef;
+  --lp-text-soft: #b3b7c3;
+  --lp-text-mute: #7a8096;
+  --lp-border: rgba(255, 255, 255, 0.08);
+  --lp-card: rgba(255, 255, 255, 0.04);
+  --lp-card-solid: #111a2b;
+  --lp-nav-bg: rgba(15, 22, 38, 0.72);
+  --lp-nav-border: rgba(255, 255, 255, 0.07);
+}
+
+.gradient-text {
+  background: linear-gradient(135deg, #409eff 0%, #a855f7 55%, #67c23a 100%);
+  background-size: 200% 200%;
+  background-clip: text;
+  -webkit-background-clip: text;
+  color: transparent;
+  animation: grad-flow 6s ease-in-out infinite;
+}
+@keyframes grad-flow {
+  0%, 100% { background-position: 0% 50%; }
+  50%      { background-position: 100% 50%; }
+}
+
+// ========= 顶部导航 =========
+.nav {
+  position: sticky;
+  top: 0;
+  z-index: 50;
+  padding: 14px 0;
+  background: transparent;
+  border-bottom: 1px solid transparent;
+  transition: background .25s, border-color .25s, box-shadow .25s, padding .25s;
+  backdrop-filter: blur(0);
+}
+.nav.scrolled {
+  background: var(--lp-nav-bg);
+  border-bottom-color: var(--lp-nav-border);
+  backdrop-filter: saturate(180%) blur(12px);
+  -webkit-backdrop-filter: saturate(180%) blur(12px);
+  padding: 10px 0;
+  box-shadow: 0 4px 24px rgba(15, 23, 42, 0.04);
+}
+.nav-inner {
+  max-width: 1240px;
+  margin: 0 auto;
+  padding: 0 24px;
+  display: flex;
+  align-items: center;
+  gap: 28px;
+}
+.logo {
+  display: inline-flex;
+  align-items: center;
+  gap: 10px;
+  cursor: pointer;
+  text-decoration: none;
+  color: var(--lp-text);
+  .logo-img { width: 32px; height: 32px; border-radius: 8px; object-fit: contain; }
+  .logo-mark {
+    width: 32px; height: 32px; border-radius: 9px;
+    display: inline-flex; align-items: center; justify-content: center;
+    color: #fff; font-weight: 800; font-size: 15px;
+    background: linear-gradient(135deg, #409eff, #a855f7);
+    box-shadow: 0 4px 12px #409eff40;
+  }
+  .logo-name { font-size: 17px; font-weight: 700; letter-spacing: 0.3px; }
+}
+.menu {
+  display: flex;
+  gap: 22px;
+  flex: 1;
+  a {
+    color: var(--lp-text-soft);
+    font-size: 14px;
+    cursor: pointer;
+    text-decoration: none;
+    display: inline-flex;
+    align-items: center;
+    gap: 4px;
+    transition: color .2s;
+    .ext { opacity: .7; }
+  }
+  a:hover { color: #409eff; }
+}
+.nav-actions {
+  display: inline-flex;
+  align-items: center;
+  gap: 10px;
+  .theme-btn { padding: 4px 8px; }
+  .btn-login { font-weight: 600; }
+}
+
+// ========= Hero =========
+.hero {
+  position: relative;
+  overflow: hidden;
+  padding: 60px 24px 70px;
+}
+.hero-bg {
+  position: absolute;
+  inset: -10% -10% 0 -10%;
+  pointer-events: none;
+  background:
+    radial-gradient(900px 420px at 15% 25%, #a5c9ff66, transparent 60%),
+    radial-gradient(800px 420px at 85% 15%, #c084fc55, transparent 60%),
+    radial-gradient(600px 400px at 70% 90%, #b1f1b255, transparent 60%);
+  z-index: 0;
+}
+.landing.dark .hero-bg {
+  background:
+    radial-gradient(900px 420px at 15% 25%, #1b3a6a88, transparent 60%),
+    radial-gradient(800px 420px at 85% 15%, #4b2a7066, transparent 60%),
+    radial-gradient(600px 400px at 70% 90%, #1c4c2666, transparent 60%);
+}
+.hero-inner {
+  position: relative;
+  z-index: 1;
+  max-width: 1240px;
+  margin: 0 auto;
+  display: grid;
+  grid-template-columns: 1.1fr 1fr;
+  gap: 56px;
+  align-items: center;
+}
+.eyebrow {
+  display: inline-flex;
+  align-items: center;
+  gap: 8px;
+  padding: 6px 12px;
+  border-radius: 999px;
+  border: 1px solid var(--lp-border);
+  background: var(--lp-card);
+  backdrop-filter: blur(6px);
+  font-size: 12px;
+  color: var(--lp-text-soft);
+  .dot {
+    width: 6px; height: 6px; border-radius: 50%;
+    background: #67c23a;
+    box-shadow: 0 0 0 4px #67c23a33;
+  }
+}
+.hero-title {
+  font-size: clamp(40px, 5.4vw, 64px);
+  line-height: 1.1;
+  margin: 22px 0 18px;
+  font-weight: 800;
+  letter-spacing: -0.5px;
+}
+.hero-sub {
+  font-size: 16px;
+  color: var(--lp-text-soft);
+  margin: 0 0 26px;
+  b { color: var(--lp-text); font-weight: 600; }
+}
+.hero-cta {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 12px;
+  margin-bottom: 24px;
+}
+.hero-meta {
+  display: flex;
+  flex-wrap: wrap;
+  align-items: center;
+  gap: 8px;
+  font-size: 13px;
+  color: var(--lp-text-mute);
+  .meta-link {
+    display: inline-flex;
+    align-items: center;
+    gap: 4px;
+    color: var(--lp-text-soft);
+    text-decoration: none;
+    padding: 4px 10px;
+    border-radius: 6px;
+    transition: background .2s;
+  }
+  .meta-link:hover { background: var(--lp-card); color: #409eff; }
+  .dot-sep { color: var(--lp-text-mute); }
+}
+
+.hero-preview {
+  position: relative;
+  .preview-glow {
+    position: absolute;
+    inset: -30px;
+    background: radial-gradient(closest-side, #a855f744, transparent 70%);
+    filter: blur(20px);
+    pointer-events: none;
+  }
+  .preview-frame {
+    position: relative;
+    background: var(--lp-card-solid);
+    border: 1px solid var(--lp-border);
+    border-radius: 14px;
+    overflow: hidden;
+    box-shadow:
+      0 30px 60px -20px rgba(168, 85, 247, 0.35),
+      0 20px 40px rgba(15, 23, 42, 0.12);
+    transform: perspective(1200px) rotateY(-4deg) rotateX(2deg);
+    transition: transform .3s;
+  }
+  .preview-frame:hover {
+    transform: perspective(1200px) rotateY(0) rotateX(0);
+  }
+  .frame-bar {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    padding: 10px 14px;
+    border-bottom: 1px solid var(--lp-border);
+    background: var(--lp-bg-soft);
+    .dot {
+      width: 10px; height: 10px; border-radius: 50%;
+      &.red    { background: #ff5f57; }
+      &.yellow { background: #febc2e; }
+      &.green  { background: #28c840; }
+    }
+    .frame-url {
+      margin-left: 10px;
+      font-size: 12px;
+      color: var(--lp-text-mute);
+    }
+  }
+  img { display: block; width: 100%; height: auto; }
+}
+
+// ========= 三张卖点卡 =========
+.section {
+  padding: 40px 24px 60px;
+  position: relative;
+}
+.features {
+  background:
+    radial-gradient(800px 300px at 20% 10%, #409eff11, transparent 60%),
+    radial-gradient(800px 300px at 80% 90%, #a855f711, transparent 60%);
+}
+.feature-grid {
+  max-width: 1140px;
+  margin: 0 auto;
+  display: grid;
+  grid-template-columns: repeat(3, 1fr);
+  gap: 18px;
+}
+.feature-card {
+  background: var(--lp-card-solid);
+  border: 1px solid var(--lp-border);
+  border-radius: 14px;
+  padding: 26px 24px;
+  transition: transform .2s, box-shadow .2s, border-color .2s;
+}
+.feature-card:hover {
+  transform: translateY(-4px);
+  border-color: transparent;
+  box-shadow:
+    0 20px 40px -12px rgba(64, 158, 255, 0.22),
+    0 8px 24px rgba(15, 23, 42, 0.08);
+}
+.feature-icon {
+  width: 44px;
+  height: 44px;
+  border-radius: 12px;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  margin-bottom: 14px;
+}
+.feature-title {
+  font-size: 17px;
+  font-weight: 700;
+  margin-bottom: 8px;
+}
+.feature-desc {
+  font-size: 14px;
+  color: var(--lp-text-soft);
+  line-height: 1.75;
+  :deep(code) {
+    padding: 1px 6px;
+    border-radius: 4px;
+    background: rgba(64, 158, 255, 0.12);
+    color: #409eff;
+    font-family: 'JetBrains Mono', Menlo, Consolas, monospace;
+    font-size: 12px;
+  }
+  :deep(b) { color: var(--lp-text); font-weight: 600; }
+}
+.features-cta {
+  text-align: center;
+  margin-top: 40px;
+}
+
+// ========= Footer =========
+.footer {
+  margin-top: auto;
+  background: var(--lp-bg-soft);
+  border-top: 1px solid var(--lp-border);
+  padding: 22px 24px;
+}
+.footer-inner {
+  max-width: 1240px;
+  margin: 0 auto;
+  text-align: center;
+  font-size: 12.5px;
+  color: var(--lp-text-mute);
+  a { color: var(--lp-text-soft); text-decoration: none; margin: 0 2px; }
+  a:hover { color: #409eff; }
+  .sep { margin: 0 8px; color: var(--lp-border); }
+}
+
+// ========= 响应式 =========
+@media (max-width: 1100px) {
+  .hero-inner { grid-template-columns: 1fr; }
+  .hero-preview { order: 2; margin-top: 30px; }
+}
+@media (max-width: 900px) {
+  .feature-grid { grid-template-columns: 1fr; }
+}
+@media (max-width: 640px) {
+  .hero { padding: 36px 20px 48px; }
+  .section { padding: 28px 20px 48px; }
+  .nav-inner { gap: 12px; }
+  .nav-actions .btn-login { display: none; }
+  .menu { display: none; }
+  .hero-cta .el-button { width: 100%; }
+  .footer-inner { line-height: 2; }
+}
+</style>
diff --git a/web/src/views/personal/ApiDocs.vue b/web/src/views/personal/ApiDocs.vue
new file mode 100644
index 00000000..f0decdd7
--- /dev/null
+++ b/web/src/views/personal/ApiDocs.vue
@@ -0,0 +1,707 @@
+<script setup lang="ts">
+import { computed, onMounted, ref } from 'vue'
+import { ElMessage } from 'element-plus'
+import {
+  listMyModels,
+  listMyUsageLogs,
+  listMyImageTasks,
+  getMyUsageStats,
+  type SimpleModel,
+  type UsageItem,
+  type ImageTask,
+  type MyStatsResp,
+} from '@/api/me'
+import { formatCredit, formatDateTime, formatErrorCode } from '@/utils/format'
+import { ENABLE_CHAT_MODEL } from '@/config/feature'
+
+const activeTab = ref<'chat' | 'image'>(ENABLE_CHAT_MODEL ? 'chat' : 'image')
+
+const models = ref<SimpleModel[]>([])
+const chatModels = computed(() => models.value.filter((m) => m.type === 'chat'))
+const imageModels = computed(() => models.value.filter((m) => m.type === 'image'))
+
+const selectedChatModel = ref<string>('')
+const selectedImageModel = ref<string>('')
+
+// 原点:浏览器当前地址,用于 SDK 示例的 base_url
+const origin = computed(() => window.location.origin)
+
+// ---------- 当前用户汇总 ----------
+const stats = ref<MyStatsResp | null>(null)
+const statsLoading = ref(false)
+
+async function loadStats() {
+  statsLoading.value = true
+  try {
+    stats.value = await getMyUsageStats({ days: 14, top_n: 5 })
+  } finally {
+    statsLoading.value = false
+  }
+}
+
+// ---------- 文字历史(chat) ----------
+const chatLogs = ref<UsageItem[]>([])
+const chatPage = ref({ limit: 20, offset: 0, total: 0 })
+const chatLoading = ref(false)
+
+async function loadChatLogs() {
+  chatLoading.value = true
+  try {
+    const data = await listMyUsageLogs({
+      type: 'chat',
+      limit: chatPage.value.limit,
+      offset: chatPage.value.offset,
+    })
+    chatLogs.value = data.items
+    chatPage.value.total = data.total
+  } finally {
+    chatLoading.value = false
+  }
+}
+
+function chatPageChange(p: number) {
+  chatPage.value.offset = (p - 1) * chatPage.value.limit
+  loadChatLogs()
+}
+
+// ---------- 图片历史 ----------
+const imageTasks = ref<ImageTask[]>([])
+const imagePage = ref({ limit: 12, offset: 0 })
+const imageLoading = ref(false)
+const hasMoreImage = ref(false)
+const imageFilters = ref({
+  status: '',
+  keyword: '',
+  range: [] as string[],
+})
+const previewDialogVisible = ref(false)
+const previewImageURL = ref('')
+const previewImageTitle = ref('')
+
+async function loadImageTasks(reset = true) {
+  imageLoading.value = true
+  try {
+    if (reset) {
+      imagePage.value.offset = 0
+      imageTasks.value = []
+    }
+    const data = await listMyImageTasks({
+      limit: imagePage.value.limit,
+      offset: imagePage.value.offset,
+      status: imageFilters.value.status || undefined,
+      keyword: imageFilters.value.keyword.trim() || undefined,
+      start_at: imageFilters.value.range[0] || undefined,
+      end_at: imageFilters.value.range[1] || undefined,
+    })
+    if (reset) imageTasks.value = data.items
+    else imageTasks.value.push(...data.items)
+    hasMoreImage.value = data.items.length >= imagePage.value.limit
+  } finally {
+    imageLoading.value = false
+  }
+}
+
+function imageLoadMore() {
+  imagePage.value.offset += imagePage.value.limit
+  loadImageTasks(false)
+}
+
+function resetImageFilters() {
+  imageFilters.value.status = ''
+  imageFilters.value.keyword = ''
+  imageFilters.value.range = []
+  loadImageTasks(true)
+}
+
+// ---------- SDK 代码示例 ----------
+const chatCurl = computed(() => {
+  const model = selectedChatModel.value || 'gpt-5'
+  return `curl ${origin.value}/v1/chat/completions \\
+  -H "Authorization: Bearer \${YOUR_API_KEY}" \\
+  -H "Content-Type: application/json" \\
+  -d '{
+    "model": "${model}",
+    "stream": true,
+    "messages": [
+      {"role": "user", "content": "你好,介绍一下你自己"}
+    ]
+  }'`
+})
+
+const chatPython = computed(() => {
+  const model = selectedChatModel.value || 'gpt-5'
+  return `from openai import OpenAI
+
+client = OpenAI(
+    base_url="${origin.value}/v1",
+    api_key="\${YOUR_API_KEY}",
+)
+
+resp = client.chat.completions.create(
+    model="${model}",
+    messages=[{"role": "user", "content": "你好"}],
+    stream=True,
+)
+for chunk in resp:
+    print(chunk.choices[0].delta.content or "", end="")`
+})
+
+const imageCurl = computed(() => {
+  const model = selectedImageModel.value || 'gpt-image-2'
+  return `curl ${origin.value}/v1/images/generations \\
+  -H "Authorization: Bearer \${YOUR_API_KEY}" \\
+  -H "Content-Type: application/json" \\
+  -d '{
+    "model": "${model}",
+    "prompt": "A cute orange cat playing with yarn, studio ghibli style",
+    "n": 1,
+    "size": "1024x1024"
+  }'`
+})
+
+const imageCurlWithRef = computed(() => {
+  const model = selectedImageModel.value || 'gpt-image-2'
+  return `curl ${origin.value}/v1/images/generations \\
+  -H "Authorization: Bearer \${YOUR_API_KEY}" \\
+  -H "Content-Type: application/json" \\
+  -d '{
+    "model": "${model}",
+    "prompt": "根据参考图生成一个类似风格的图片",
+    "n": 1,
+    "size": "1024x1024",
+    "reference_images": [
+      "https://example.com/your-image.jpg"
+    ]
+  }'
+
+# 或使用 base64 编码的图片:
+# "reference_images": ["data:image/png;base64,iVBORw0KG..."]
+# 或纯 base64: ["iVBORw0KG..."]
+# 最多支持 4 张参考图,单张最大 20MB`
+})
+
+const imagePython = computed(() => {
+  const model = selectedImageModel.value || 'gpt-image-2'
+  return `from openai import OpenAI
+
+client = OpenAI(
+    base_url="${origin.value}/v1",
+    api_key="\${YOUR_API_KEY}",
+)
+
+resp = client.images.generate(
+    model="${model}",
+    prompt="A cute orange cat playing with yarn",
+    n=1,
+    size="1024x1024",
+)
+print(resp.data[0].url)`
+})
+
+const imagePythonRequests = computed(() => {
+  const model = selectedImageModel.value || 'gpt-image-2'
+  return `import requests
+
+url = "${origin.value}/v1/images/generations"
+headers = {
+    "Authorization": "Bearer YOUR_API_KEY",
+    "Content-Type": "application/json"
+}
+data = {
+    "model": "${model}",
+    "prompt": "A cute orange cat playing with yarn",
+    "n": 1,
+    "size": "1024x1024"
+}
+
+resp = requests.post(url, headers=headers, json=data)
+result = resp.json()
+print(result["data"][0]["url"])`
+})
+
+const imagePythonRequestsWithRef = computed(() => {
+  const model = selectedImageModel.value || 'gpt-image-2'
+  return `import requests
+
+url = "${origin.value}/v1/images/generations"
+headers = {
+    "Authorization": "Bearer YOUR_API_KEY",
+    "Content-Type": "application/json"
+}
+data = {
+    "model": "${model}",
+    "prompt": "根据参考图生成一个类似风格的图片",
+    "n": 1,
+    "size": "1024x1024",
+    "reference_images": [
+        "https://example.com/your-image.jpg"
+    ]
+}
+
+resp = requests.post(url, headers=headers, json=data)
+result = resp.json()
+print(result["data"][0]["url"])
+
+# 说明:
+# - reference_images 支持 HTTPS URL、data URL 或纯 base64
+# - 最多支持 4 张参考图,单张最大 20MB`
+})
+
+async function copy(text: string) {
+  try {
+    await navigator.clipboard.writeText(text)
+    ElMessage.success('已复制到剪贴板')
+  } catch {
+    ElMessage.error('复制失败,请手动选择文本')
+  }
+}
+
+// ---------- 状态标签 ----------
+function statusTag(s: string): 'success' | 'warning' | 'danger' | 'info' {
+  if (s === 'success') return 'success'
+  if (s === 'failed') return 'danger'
+  if (s === 'running' || s === 'dispatched' || s === 'queued') return 'warning'
+  return 'info'
+}
+
+function thumbURL(url: string): string {
+  if (!url) return url
+  return url.includes('?') ? `${url}&thumb_kb=10` : `${url}?thumb_kb=10`
+}
+
+function previewImage(url: string, title = '') {
+  if (!url) return
+  previewImageURL.value = url
+  previewImageTitle.value = title
+  previewDialogVisible.value = true
+}
+
+function downloadImage(url: string, prompt: string) {
+  if (!url) return
+  const link = document.createElement('a')
+  link.href = url
+  link.download = `${(prompt || 'image').slice(0, 24).replace(/[\\\\/:*?\"<>|]/g, '_') || 'image'}.jpg`
+  link.rel = 'noopener'
+  document.body.appendChild(link)
+  link.click()
+  document.body.removeChild(link)
+}
+
+// ---------- 初始化 ----------
+onMounted(async () => {
+  try {
+    const m = await listMyModels()
+    models.value = ENABLE_CHAT_MODEL
+      ? m.items
+      : m.items.filter((x) => x.type !== 'chat')
+    const firstChat = m.items.find((x) => x.type === 'chat')
+    const firstImage = m.items.find((x) => x.type === 'image')
+    if (firstChat) selectedChatModel.value = firstChat.slug
+    if (firstImage) selectedImageModel.value = firstImage.slug
+  } catch {
+    // 忽略
+  }
+  loadStats()
+  if (ENABLE_CHAT_MODEL) loadChatLogs()
+  loadImageTasks()
+})
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block hero">
+      <div>
+        <h2 class="page-title">接口文档 & 用量</h2>
+        <p class="desc">
+          <template v-if="ENABLE_CHAT_MODEL">
+            外部调用走 <code>/v1/chat/completions</code> 与 <code>/v1/images/generations</code>,
+          </template>
+          <template v-else>
+            外部调用走 <code>/v1/images/generations</code>,
+          </template>
+          下面给出 curl / Python SDK 代码片段;个人用量与图片任务汇总在这里。若想在浏览器里直接体验,请打开「在线体验」。
+        </p>
+      </div>
+      <div class="hero-stats" v-loading="statsLoading">
+        <div class="stat">
+          <div class="lbl">14 天请求</div>
+          <div class="val">{{ stats?.overall.requests ?? 0 }}</div>
+        </div>
+        <div v-if="ENABLE_CHAT_MODEL" class="stat">
+          <div class="lbl">文字 Token(in/out)</div>
+          <div class="val">{{ stats?.overall.input_tokens ?? 0 }} / {{ stats?.overall.output_tokens ?? 0 }}</div>
+        </div>
+        <div class="stat">
+          <div class="lbl">图片张数</div>
+          <div class="val">{{ stats?.overall.image_images ?? 0 }}</div>
+        </div>
+        <div class="stat">
+          <div class="lbl">14 天消耗积分</div>
+          <div class="val primary">{{ formatCredit(stats?.overall.credit_cost) }}</div>
+        </div>
+      </div>
+    </div>
+
+    <el-tabs v-model="activeTab" class="pg-tabs">
+      <!-- ================== 文字对话 ================== -->
+      <el-tab-pane v-if="ENABLE_CHAT_MODEL" label="对话生成(文字模型)" name="chat">
+        <div class="card-block">
+          <div class="row">
+            <div class="label">文字模型</div>
+            <el-select v-model="selectedChatModel" placeholder="选择模型" style="width: 320px">
+              <el-option
+                v-for="m in chatModels"
+                :key="m.id"
+                :label="`${m.slug}${m.description ? ' · ' + m.description : ''}`"
+                :value="m.slug"
+              />
+            </el-select>
+            <router-link to="/personal/keys">
+              <el-button text type="primary">没有 Key?去「API Keys」创建</el-button>
+            </router-link>
+          </div>
+
+          <el-tabs type="border-card" class="code-tabs">
+            <el-tab-pane label="curl">
+              <pre class="code"><code>{{ chatCurl }}</code></pre>
+              <el-button size="small" @click="copy(chatCurl)">复制 curl</el-button>
+            </el-tab-pane>
+            <el-tab-pane label="Python (OpenAI SDK)">
+              <pre class="code"><code>{{ chatPython }}</code></pre>
+              <el-button size="small" @click="copy(chatPython)">复制 Python</el-button>
+            </el-tab-pane>
+          </el-tabs>
+        </div>
+
+        <div class="card-block">
+          <div class="flex-between" style="margin-bottom: 10px">
+            <h3 class="section-title">文字调用历史</h3>
+            <el-button size="small" @click="loadChatLogs">刷新</el-button>
+          </div>
+          <el-table v-loading="chatLoading" :data="chatLogs" stripe size="small">
+            <el-table-column prop="created_at" label="时间" min-width="160">
+              <template #default="{ row }">{{ formatDateTime(row.created_at) }}</template>
+            </el-table-column>
+            <el-table-column prop="model_slug" label="模型" min-width="140" />
+            <el-table-column label="Token (in / out / cache)" min-width="170">
+              <template #default="{ row }">
+                {{ row.input_tokens }} / {{ row.output_tokens }}
+                <span v-if="row.cache_read_tokens" class="mute">/ {{ row.cache_read_tokens }}</span>
+              </template>
+            </el-table-column>
+            <el-table-column label="耗时" width="90">
+              <template #default="{ row }">{{ row.duration_ms }} ms</template>
+            </el-table-column>
+            <el-table-column label="状态" width="90">
+              <template #default="{ row }">
+                <el-tag :type="statusTag(row.status)" size="small">{{ row.status }}</el-tag>
+                <el-tooltip v-if="row.error_code" :content="formatErrorCode(row.error_code) + '(' + row.error_code + ')'">
+                  <el-icon style="margin-left:4px"><InfoFilled /></el-icon>
+                </el-tooltip>
+              </template>
+            </el-table-column>
+            <el-table-column label="扣费(积分)" width="110">
+              <template #default="{ row }">{{ formatCredit(row.credit_cost) }}</template>
+            </el-table-column>
+          </el-table>
+          <div class="pager">
+            <el-pagination
+              layout="prev, pager, next, total"
+              :total="chatPage.total"
+              :page-size="chatPage.limit"
+              :current-page="Math.floor(chatPage.offset / chatPage.limit) + 1"
+              @current-change="chatPageChange"
+            />
+          </div>
+        </div>
+      </el-tab-pane>
+
+      <!-- ================== 图片生成 ================== -->
+      <el-tab-pane label="图片生成(图片模型)" name="image">
+        <div class="card-block">
+          <div class="row">
+            <div class="label">图片模型</div>
+            <el-select v-model="selectedImageModel" placeholder="选择模型" style="width: 320px">
+              <el-option
+                v-for="m in imageModels"
+                :key="m.id"
+                :label="`${m.slug}${m.description ? ' · ' + m.description : ''}`"
+                :value="m.slug"
+              />
+            </el-select>
+          </div>
+
+          <el-tabs type="border-card" class="code-tabs">
+            <el-tab-pane label="curl">
+              <pre class="code"><code>{{ imageCurl }}</code></pre>
+              <el-button size="small" @click="copy(imageCurl)">复制 curl</el-button>
+            </el-tab-pane>
+            <el-tab-pane label="curl (带参考图)">
+              <pre class="code"><code>{{ imageCurlWithRef }}</code></pre>
+              <el-button size="small" @click="copy(imageCurlWithRef)">复制 curl</el-button>
+            </el-tab-pane>
+            <el-tab-pane label="Python (OpenAI SDK)">
+              <pre class="code"><code>{{ imagePython }}</code></pre>
+              <el-button size="small" @click="copy(imagePython)">复制 Python</el-button>
+            </el-tab-pane>
+            <el-tab-pane label="Python (requests)">
+              <pre class="code"><code>{{ imagePythonRequests }}</code></pre>
+              <el-button size="small" @click="copy(imagePythonRequests)">复制 Python</el-button>
+            </el-tab-pane>
+            <el-tab-pane label="Python (requests 带参考图)">
+              <pre class="code"><code>{{ imagePythonRequestsWithRef }}</code></pre>
+              <el-button size="small" @click="copy(imagePythonRequestsWithRef)">复制 Python</el-button>
+            </el-tab-pane>
+          </el-tabs>
+        </div>
+
+        <div class="card-block">
+          <div class="flex-between" style="margin-bottom: 10px">
+            <h3 class="section-title">图片任务历史</h3>
+            <el-button size="small" @click="loadImageTasks(true)">刷新</el-button>
+          </div>
+          <div class="img-filters">
+            <div class="img-filters__fields">
+              <el-input
+                v-model="imageFilters.keyword"
+                clearable
+                placeholder="搜索提示词"
+                class="filter-keyword"
+                @keyup.enter="loadImageTasks(true)"
+              />
+              <el-select
+                v-model="imageFilters.status"
+                clearable
+                placeholder="全部状态"
+                class="filter-status"
+              >
+                <el-option label="排队中" value="queued" />
+                <el-option label="已分发" value="dispatched" />
+                <el-option label="运行中" value="running" />
+                <el-option label="成功" value="success" />
+                <el-option label="失败" value="failed" />
+              </el-select>
+              <el-date-picker
+                v-model="imageFilters.range"
+                type="datetimerange"
+                unlink-panels
+                range-separator="至"
+                start-placeholder="开始时间"
+                end-placeholder="结束时间"
+                value-format="YYYY-MM-DD HH:mm:ss"
+                class="filter-range"
+              />
+            </div>
+            <div class="img-filters__actions">
+              <el-button type="primary" @click="loadImageTasks(true)">筛选</el-button>
+              <el-button @click="resetImageFilters">重置</el-button>
+            </div>
+          </div>
+          <div v-loading="imageLoading">
+            <div v-if="imageTasks.length === 0 && !imageLoading" class="empty">
+              暂无图片任务,复制上方代码调用一次即可生成记录。
+            </div>
+            <div class="grid">
+              <el-card
+                v-for="t in imageTasks"
+                :key="t.id"
+                shadow="hover"
+                class="img-card"
+              >
+                <div class="thumb">
+                  <img
+                    v-if="t.image_urls?.[0]"
+                    :src="thumbURL(t.image_urls[0])"
+                    :alt="t.prompt"
+                    @click="previewImage(t.image_urls[0], t.prompt)"
+                  />
+                  <div v-else class="thumb-ph">
+                    <el-icon :size="32"><PictureRounded /></el-icon>
+                    <div class="s">{{ t.status }}</div>
+                  </div>
+                </div>
+                <div class="meta">
+                  <div class="title" :title="t.prompt">{{ t.prompt || '(无 prompt)' }}</div>
+                  <div class="sub">
+                    <el-tag size="small" :type="statusTag(t.status)">{{ t.status }}</el-tag>
+                    <span>{{ t.size }}</span>
+                    <span class="mute">n={{ t.n }}</span>
+                  </div>
+                  <div class="foot">
+                    <span class="mute">{{ formatDateTime(t.created_at) }}</span>
+                    <span class="credit">{{ formatCredit(t.credit_cost) }} 积分</span>
+                  </div>
+                  <div v-if="t.image_urls?.[0]" class="actions">
+                    <el-button size="small" plain @click="previewImage(t.image_urls[0], t.prompt)">放大</el-button>
+                    <el-button size="small" type="primary" plain @click="downloadImage(t.image_urls[0], t.prompt)">下载</el-button>
+                  </div>
+                  <div v-if="t.error" class="err">{{ t.error }}</div>
+                </div>
+              </el-card>
+            </div>
+            <div v-if="hasMoreImage" class="pager">
+              <el-button @click="imageLoadMore">加载更多</el-button>
+            </div>
+          </div>
+        </div>
+      </el-tab-pane>
+    </el-tabs>
+
+    <el-dialog
+      v-model="previewDialogVisible"
+      width="min(92vw, 980px)"
+      top="5vh"
+      destroy-on-close
+      class="img-preview-dialog"
+    >
+      <template #header>
+        <div class="preview-title">{{ previewImageTitle || '图片预览' }}</div>
+      </template>
+      <div class="preview-wrap">
+        <img v-if="previewImageURL" :src="previewImageURL" :alt="previewImageTitle || 'preview'" class="preview-img" />
+      </div>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.page-container { padding: 16px; }
+.page-title { margin: 0; font-size: 20px; font-weight: 700; }
+.section-title { margin: 0; font-size: 16px; font-weight: 600; }
+.card-block {
+  background: var(--el-bg-color);
+  border: 1px solid var(--el-border-color-lighter);
+  border-radius: 8px;
+  padding: 16px;
+  margin-bottom: 16px;
+}
+.flex-between { display: flex; justify-content: space-between; align-items: center; }
+.hero {
+  display: flex; justify-content: space-between; gap: 24px; flex-wrap: wrap;
+  .desc { color: var(--el-text-color-secondary); margin-top: 4px; font-size: 13px; }
+  code {
+    background: var(--el-fill-color-light); padding: 1px 6px; border-radius: 4px; font-size: 12px;
+  }
+}
+.hero-stats {
+  display: flex; gap: 24px; flex-wrap: wrap;
+  .stat { min-width: 120px; }
+  .lbl { font-size: 12px; color: var(--el-text-color-secondary); }
+  .val { font-size: 22px; font-weight: 700; margin-top: 2px; }
+  .val.primary { color: #409eff; }
+}
+
+.pg-tabs { :deep(.el-tabs__header) { margin-bottom: 12px; } }
+.row {
+  display: flex; gap: 12px; align-items: center; flex-wrap: wrap; margin-bottom: 12px;
+  .label { font-weight: 600; min-width: 68px; }
+}
+.code-tabs {
+  :deep(.el-tabs__content) { padding: 12px; }
+}
+.code {
+  background: #1f2937; color: #e5e7eb; border-radius: 6px;
+  padding: 12px 14px; margin: 0 0 10px; font-size: 12px; line-height: 1.6;
+  overflow-x: auto; white-space: pre-wrap; word-break: break-word;
+  font-family: "SFMono-Regular", Consolas, "Liberation Mono", Menlo, monospace;
+}
+:global(html.dark) .code { background: #0f1115; }
+
+.mute { color: var(--el-text-color-secondary); }
+.pager { margin-top: 12px; display: flex; justify-content: flex-end; }
+.empty { padding: 24px 0; color: var(--el-text-color-secondary); text-align: center; }
+.img-filters {
+  display: flex;
+  align-items: center;
+  justify-content: flex-start;
+  gap: 12px;
+  flex-wrap: wrap;
+  margin-bottom: 12px;
+  padding: 12px;
+  background: var(--el-fill-color-extra-light);
+  border: 1px solid var(--el-border-color-lighter);
+  border-radius: 10px;
+}
+.img-filters__fields {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  flex-wrap: wrap;
+  flex: 0 1 auto;
+  min-width: auto;
+}
+.img-filters__actions {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  flex: 0 0 auto;
+}
+.filter-keyword { width: 220px; }
+.filter-status { width: 140px; }
+.filter-range { width: 300px; max-width: 300px; }
+.filter-range :deep(.el-range-editor.el-input__wrapper) { width: 100%; }
+.preview-title {
+  max-width: 100%;
+  font-size: 15px;
+  font-weight: 600;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+.preview-wrap {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  min-height: 320px;
+  max-height: 78vh;
+  overflow: auto;
+  background: var(--el-fill-color-lighter);
+  border-radius: 8px;
+}
+.preview-img {
+  max-width: 100%;
+  max-height: 76vh;
+  object-fit: contain;
+}
+
+.grid {
+  display: grid; grid-template-columns: repeat(auto-fill, minmax(240px, 1fr)); gap: 12px;
+}
+.img-card {
+  :deep(.el-card__body) { padding: 0; }
+  .thumb {
+    height: 180px; display: flex; align-items: center; justify-content: center;
+    background: var(--el-fill-color-lighter);
+    img { max-width: 100%; max-height: 100%; object-fit: contain; cursor: zoom-in; }
+  }
+  .thumb-ph { text-align: center; color: var(--el-text-color-secondary); .s { font-size: 12px; } }
+  .meta { padding: 10px 12px; }
+  .title {
+    font-size: 13px; font-weight: 600; margin-bottom: 6px;
+    overflow: hidden; white-space: nowrap; text-overflow: ellipsis;
+  }
+  .sub { display: flex; gap: 6px; font-size: 12px; align-items: center; color: var(--el-text-color-regular); }
+  .foot {
+    display: flex; justify-content: space-between; margin-top: 6px; font-size: 12px;
+    .credit { color: #e6a23c; font-weight: 600; }
+  }
+  .actions { display: flex; gap: 8px; margin-top: 10px; }
+  .err {
+    color: var(--el-color-danger); font-size: 12px; margin-top: 6px;
+    background: var(--el-color-danger-light-9); padding: 4px 6px; border-radius: 4px;
+    white-space: pre-wrap; word-break: break-word;
+  }
+}
+
+@media (max-width: 640px) {
+  .hero { flex-direction: column; }
+  .hero-stats { gap: 16px; }
+  .img-filters { align-items: stretch; }
+  .img-filters__fields,
+  .img-filters__actions { width: 100%; }
+  .filter-keyword,
+  .filter-status,
+  .filter-range { width: 100%; }
+  .img-filters__actions :deep(.el-button) { flex: 1; }
+}
+</style>
diff --git a/web/src/views/personal/ApiKeys.vue b/web/src/views/personal/ApiKeys.vue
new file mode 100644
index 00000000..9a6c634b
--- /dev/null
+++ b/web/src/views/personal/ApiKeys.vue
@@ -0,0 +1,243 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted, computed } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import * as keyApi from '@/api/apikey'
+import { formatCredit, formatDateTime, nullVal } from '@/utils/format'
+
+const loading = ref(false)
+const page = ref(1)
+const pageSize = ref(20)
+const total = ref(0)
+const list = ref<keyApi.ApiKey[]>([])
+
+const dialogVisible = ref(false)
+const submitting = ref(false)
+const form = reactive({
+  name: '',
+  quota_limit: 0,      // 0 = 无限
+  rpm: 0,
+  tpm: 0,
+  allowed_models: '' as string,   // 逗号分隔
+  allowed_ips: '' as string,
+})
+
+const showKeyDlg = ref(false)
+const createdKey = ref('')
+
+async function fetchList() {
+  loading.value = true
+  try {
+    const data = await keyApi.listKeys(page.value, pageSize.value)
+    list.value = data.list
+    total.value = data.total
+  } finally {
+    loading.value = false
+  }
+}
+
+function openCreate() {
+  Object.assign(form, { name: '', quota_limit: 0, rpm: 0, tpm: 0, allowed_models: '', allowed_ips: '' })
+  dialogVisible.value = true
+}
+
+async function onCreate() {
+  if (!form.name) {
+    ElMessage.warning('请输入 key 名称')
+    return
+  }
+  submitting.value = true
+  try {
+    const res = await keyApi.createKey({
+      name: form.name,
+      quota_limit: Number(form.quota_limit) || 0,
+      rpm: Number(form.rpm) || 0,
+      tpm: Number(form.tpm) || 0,
+      allowed_models: form.allowed_models
+        .split(',').map((s) => s.trim()).filter(Boolean),
+      allowed_ips: form.allowed_ips
+        .split(',').map((s) => s.trim()).filter(Boolean),
+    })
+    dialogVisible.value = false
+    createdKey.value = res.key
+    showKeyDlg.value = true
+    fetchList()
+  } finally {
+    submitting.value = false
+  }
+}
+
+async function onToggle(row: keyApi.ApiKey) {
+  await keyApi.updateKey(row.id, { enabled: !row.enabled })
+  ElMessage.success(row.enabled ? '已禁用' : '已启用')
+  fetchList()
+}
+
+async function onDelete(row: keyApi.ApiKey) {
+  await ElMessageBox.confirm(
+    `确认删除 key "${row.name}"?此操作不可撤销。`,
+    '删除 Key',
+    { confirmButtonText: '删除', cancelButtonText: '取消', type: 'warning' },
+  )
+  await keyApi.deleteKey(row.id)
+  ElMessage.success('已删除')
+  fetchList()
+}
+
+async function copyKey() {
+  try {
+    await navigator.clipboard.writeText(createdKey.value)
+    ElMessage.success('已复制到剪贴板')
+  } catch {
+    ElMessage.warning('请手动复制')
+  }
+}
+
+const remainingPct = (row: keyApi.ApiKey) => {
+  if (row.quota_limit <= 0) return 100
+  const left = Math.max(row.quota_limit - row.quota_used, 0)
+  return Math.min(Math.round((left / row.quota_limit) * 100), 100)
+}
+
+const hasData = computed(() => list.value.length > 0)
+
+onMounted(fetchList)
+</script>
+
+<template>
+  <div class="page-container">
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:16px">
+        <div>
+          <h2 class="page-title" style="margin:0">API Keys</h2>
+          <div style="color:var(--el-text-color-secondary);font-size:13px;margin-top:4px">
+            管理你的下游调用 Key,支持 RPM / TPM 限流、IP 白名单、模型白名单;Key 只在创建时完整展示一次,请妥善保存。
+          </div>
+        </div>
+        <el-button type="primary" @click="openCreate">
+          <el-icon><Plus /></el-icon> 新建 Key
+        </el-button>
+      </div>
+
+      <el-table v-loading="loading" :data="list" stripe>
+        <el-table-column prop="name" label="名称" min-width="140" />
+        <el-table-column label="前缀" width="120">
+          <template #default="{ row }">
+            <el-tag size="small">{{ row.key_prefix }}***</el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="额度(积分)" min-width="180">
+          <template #default="{ row }">
+            <template v-if="row.quota_limit > 0">
+              <div>{{ formatCredit(row.quota_used) }} / {{ formatCredit(row.quota_limit) }}</div>
+              <el-progress :percentage="remainingPct(row)"
+                           :status="remainingPct(row) < 20 ? 'exception' : remainingPct(row) < 50 ? 'warning' : 'success'"
+                           :show-text="false" style="margin-top:4px" />
+            </template>
+            <el-tag v-else type="info" size="small">无限</el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="RPM / TPM" width="130">
+          <template #default="{ row }">
+            <div style="font-size:12px">
+              <div>RPM: {{ row.rpm || '分组默认' }}</div>
+              <div>TPM: {{ row.tpm || '分组默认' }}</div>
+            </div>
+          </template>
+        </el-table-column>
+        <el-table-column label="允许模型" min-width="140">
+          <template #default="{ row }">
+            <el-tag v-if="!nullVal(row.allowed_models)" type="info" size="small">全部</el-tag>
+            <span v-else>{{ nullVal(row.allowed_models) }}</span>
+          </template>
+        </el-table-column>
+        <el-table-column label="状态" width="90">
+          <template #default="{ row }">
+            <el-tag :type="row.enabled ? 'success' : 'info'" size="small">
+              {{ row.enabled ? '启用' : '禁用' }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="最近使用" min-width="160">
+          <template #default="{ row }">
+            <div style="font-size:12px">
+              <div>{{ formatDateTime(row.last_used_at) }}</div>
+              <div v-if="row.last_used_ip" style="color:var(--el-text-color-secondary)">{{ row.last_used_ip }}</div>
+            </div>
+          </template>
+        </el-table-column>
+        <el-table-column label="操作" width="160" fixed="right">
+          <template #default="{ row }">
+            <el-button link type="primary" @click="onToggle(row)">
+              {{ row.enabled ? '禁用' : '启用' }}
+            </el-button>
+            <el-button link type="danger" @click="onDelete(row)">删除</el-button>
+          </template>
+        </el-table-column>
+        <template #empty>
+          <el-empty description="还没有 Key,点右上角新建一把吧" />
+        </template>
+      </el-table>
+
+      <el-pagination v-if="hasData"
+        style="margin-top:16px;justify-content:flex-end;display:flex"
+        v-model:current-page="page"
+        v-model:page-size="pageSize"
+        :page-sizes="[10, 20, 50]"
+        :total="total"
+        layout="total, sizes, prev, pager, next"
+        @current-change="fetchList"
+        @size-change="fetchList"
+      />
+    </div>
+
+    <el-dialog v-model="dialogVisible" title="新建 API Key" width="520px">
+      <el-form :model="form" label-width="110px" label-position="right">
+        <el-form-item label="名称" required>
+          <el-input v-model="form.name" placeholder="例如 prod-server-01" maxlength="64" show-word-limit />
+        </el-form-item>
+        <el-form-item label="额度(积分)">
+          <el-input-number v-model="form.quota_limit" :min="0" :step="100" />
+          <span style="margin-left:12px;color:var(--el-text-color-secondary);font-size:12px">0 表示无限</span>
+        </el-form-item>
+        <el-form-item label="RPM">
+          <el-input-number v-model="form.rpm" :min="0" :step="10" />
+          <span style="margin-left:12px;color:var(--el-text-color-secondary);font-size:12px">0 使用分组默认</span>
+        </el-form-item>
+        <el-form-item label="TPM">
+          <el-input-number v-model="form.tpm" :min="0" :step="1000" />
+        </el-form-item>
+        <el-form-item label="允许模型">
+          <el-input v-model="form.allowed_models" placeholder="逗号分隔,留空表示全部" />
+        </el-form-item>
+        <el-form-item label="IP 白名单">
+          <el-input v-model="form.allowed_ips" placeholder="逗号分隔,留空表示不限" />
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="dialogVisible = false">取消</el-button>
+        <el-button type="primary" :loading="submitting" @click="onCreate">创建</el-button>
+      </template>
+    </el-dialog>
+
+    <el-dialog v-model="showKeyDlg" title="请保存你的 Key" width="560px" :close-on-click-modal="false"
+               :close-on-press-escape="false">
+      <el-alert type="warning" :closable="false" show-icon
+                title="明文 Key 仅此一次展示,关闭后无法再次查看。" style="margin-bottom:12px" />
+      <el-input :model-value="createdKey" readonly class="key-display">
+        <template #append>
+          <el-button @click="copyKey"><el-icon><CopyDocument /></el-icon> 复制</el-button>
+        </template>
+      </el-input>
+      <template #footer>
+        <el-button type="primary" @click="showKeyDlg = false">我已保存</el-button>
+      </template>
+    </el-dialog>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.key-display :deep(input) {
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 13px;
+}
+</style>
diff --git a/web/src/views/personal/Billing.vue b/web/src/views/personal/Billing.vue
new file mode 100644
index 00000000..26690c6c
--- /dev/null
+++ b/web/src/views/personal/Billing.vue
@@ -0,0 +1,242 @@
+<script setup lang="ts">
+import { ref, reactive, onMounted, computed } from 'vue'
+import { ElMessage, ElMessageBox } from 'element-plus'
+import * as rechargeApi from '@/api/recharge'
+import { formatCredit } from '@/utils/format'
+import { useUserStore } from '@/stores/user'
+
+const userStore = useUserStore()
+const packages = ref<rechargeApi.Package[]>([])
+const channelEnabled = ref(false)
+const orders = ref<rechargeApi.Order[]>([])
+const total = ref(0)
+const paging = reactive({ limit: 10, offset: 0, status: '' as '' | 'pending' | 'paid' | 'cancelled' | 'expired' })
+const loadingPkg = ref(false)
+const loadingOrder = ref(false)
+
+async function loadPackages() {
+  loadingPkg.value = true
+  try {
+    const d = await rechargeApi.listMyPackages()
+    packages.value = d.items
+    channelEnabled.value = d.enabled
+  } finally { loadingPkg.value = false }
+}
+
+async function loadOrders() {
+  loadingOrder.value = true
+  try {
+    const d = await rechargeApi.listMyOrders({
+      limit: paging.limit,
+      offset: paging.offset,
+      status: paging.status || undefined,
+    })
+    orders.value = d.items
+    total.value = d.total
+  } finally { loadingOrder.value = false }
+}
+
+/**
+ * 下单 -> 打开 pay_url(上游收银台)
+ * 返回后用户点"刷新"即可拉到最新订单状态(支付回调已异步把 pending -> paid)。
+ */
+async function buy(pkg: rechargeApi.Package, payType?: string) {
+  if (!channelEnabled.value) {
+    ElMessage.warning('支付通道未配置,请联系管理员')
+    return
+  }
+  try {
+    const order = await rechargeApi.createOrder(pkg.id, payType)
+    if (!order.pay_url) {
+      ElMessage.error('支付链接生成失败')
+      return
+    }
+    window.open(order.pay_url, '_blank', 'noopener,noreferrer')
+    ElMessageBox.alert(
+      `订单号:${order.out_trade_no}\n\n支付完成后请返回本页并点击"刷新"按钮查看到账状态。`,
+      '已跳转支付',
+      { confirmButtonText: '去刷新订单', callback: () => { paging.offset = 0; loadOrders() } },
+    )
+  } catch (e: any) {
+    // Axios 拦截器已经 Toast 过,这里额外兜底
+    if (e?.message) ElMessage.error(e.message)
+  }
+}
+
+async function cancel(o: rechargeApi.Order) {
+  await ElMessageBox.confirm(`确认取消订单 ${o.out_trade_no}?`, '取消订单', { type: 'warning' })
+  await rechargeApi.cancelMyOrder(o.id)
+  ElMessage.success('已取消')
+  loadOrders()
+}
+
+const statusColor: Record<string, 'success' | 'info' | 'warning' | 'danger'> = {
+  paid: 'success', pending: 'warning', cancelled: 'info', expired: 'info', failed: 'danger',
+}
+const statusLabel: Record<string, string> = {
+  paid: '已到账', pending: '待支付', cancelled: '已取消', expired: '已超时', failed: '失败',
+}
+
+const currentPage = computed<number>({
+  get() { return Math.floor(paging.offset / paging.limit) + 1 },
+  set(v) { paging.offset = (v - 1) * paging.limit; loadOrders() },
+})
+
+function priceYuan(fen: number) { return (fen / 100).toFixed(2) }
+function openPayUrl(url: string) { window.open(url, '_blank', 'noopener,noreferrer') }
+
+onMounted(() => {
+  loadPackages()
+  loadOrders()
+})
+</script>
+
+<template>
+  <div class="page-container">
+    <!-- 当前余额 -->
+    <div class="card-block">
+      <div class="flex-between">
+        <div>
+          <div style="font-size:13px;color:var(--el-text-color-secondary)">当前可用积分</div>
+          <div style="font-size:32px;font-weight:700;color:#409eff;margin-top:6px">
+            {{ formatCredit(userStore.user?.credit_balance) }}
+          </div>
+          <div style="font-size:12px;color:var(--el-text-color-secondary)">
+            冻结 {{ formatCredit(userStore.user?.credit_frozen) }} 积分
+          </div>
+        </div>
+        <el-button @click="userStore.fetchMe()" size="small">
+          <el-icon><Refresh /></el-icon> 刷新余额
+        </el-button>
+      </div>
+    </div>
+
+    <!-- 套餐 -->
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:12px">
+        <h3 style="margin:0;font-size:15px">选择充值套餐</h3>
+        <el-tag v-if="!channelEnabled" type="warning" size="small">
+          支付通道未配置
+        </el-tag>
+      </div>
+      <el-empty v-if="!loadingPkg && packages.length === 0" description="暂无可用套餐" />
+      <el-row :gutter="16" v-loading="loadingPkg">
+        <el-col v-for="p in packages" :key="p.id" :md="8" :sm="12" :xs="24" style="margin-bottom:16px">
+          <el-card shadow="hover" class="pkg-card">
+            <div class="pkg-name">{{ p.name }}</div>
+            <div class="pkg-price">¥ <span>{{ priceYuan(p.price_cny) }}</span></div>
+            <div class="pkg-credit">
+              到账 <b>{{ formatCredit(p.credits) }}</b> 积分
+              <span v-if="p.bonus > 0" class="bonus">+赠送 {{ formatCredit(p.bonus) }}</span>
+            </div>
+            <div class="pkg-desc">{{ p.description || '—' }}</div>
+            <div class="pkg-actions">
+              <el-button type="primary" :disabled="!channelEnabled" @click="buy(p, 'alipay')">
+                支付宝
+              </el-button>
+              <el-button type="success" :disabled="!channelEnabled" @click="buy(p, 'wxpay')">
+                微信
+              </el-button>
+            </div>
+          </el-card>
+        </el-col>
+      </el-row>
+    </div>
+
+    <!-- 订单列表 -->
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:10px">
+        <h3 style="margin:0;font-size:15px">我的订单</h3>
+        <div class="flex-wrap-gap">
+          <el-select v-model="paging.status" placeholder="状态" clearable style="width:130px"
+                     @change="() => { paging.offset = 0; loadOrders() }">
+            <el-option label="全部" value="" />
+            <el-option label="待支付" value="pending" />
+            <el-option label="已到账" value="paid" />
+            <el-option label="已取消" value="cancelled" />
+            <el-option label="已超时" value="expired" />
+          </el-select>
+          <el-button @click="loadOrders" :loading="loadingOrder">
+            <el-icon><Refresh /></el-icon> 刷新
+          </el-button>
+        </div>
+      </div>
+
+      <el-table :data="orders" stripe v-loading="loadingOrder">
+        <el-table-column label="订单号" min-width="170">
+          <template #default="{ row }">
+            <code style="font-size:12px">{{ row.out_trade_no }}</code>
+          </template>
+        </el-table-column>
+        <el-table-column label="套餐" min-width="120">
+          <template #default="{ row }">{{ row.remark || `#${row.package_id}` }}</template>
+        </el-table-column>
+        <el-table-column label="金额" width="100">
+          <template #default="{ row }">¥ {{ priceYuan(row.price_cny) }}</template>
+        </el-table-column>
+        <el-table-column label="积分" width="130">
+          <template #default="{ row }">
+            {{ formatCredit(row.credits + row.bonus) }}
+          </template>
+        </el-table-column>
+        <el-table-column label="状态" width="90">
+          <template #default="{ row }">
+            <el-tag :type="statusColor[row.status] || 'info'" size="small">
+              {{ statusLabel[row.status] || row.status }}
+            </el-tag>
+          </template>
+        </el-table-column>
+        <el-table-column label="创建时间" width="170">
+          <template #default="{ row }">{{ row.created_at }}</template>
+        </el-table-column>
+        <el-table-column label="操作" width="200" fixed="right">
+          <template #default="{ row }">
+            <el-button v-if="row.status === 'pending' && row.pay_url" type="primary" link
+                       @click="() => openPayUrl(row.pay_url!)">继续支付</el-button>
+            <el-button v-if="row.status === 'pending'" type="danger" link @click="cancel(row)">
+              取消
+            </el-button>
+            <span v-if="row.status !== 'pending'" style="color:var(--el-text-color-placeholder)">—</span>
+          </template>
+        </el-table-column>
+      </el-table>
+
+      <el-pagination
+        style="margin-top:12px"
+        background
+        layout="total, prev, pager, next"
+        :total="total"
+        v-model:current-page="currentPage"
+        :page-size="paging.limit"
+      />
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.pkg-card {
+  border-radius: 10px;
+  transition: transform .15s;
+  &:hover { transform: translateY(-2px); }
+  .pkg-name { font-size: 16px; font-weight: 600; }
+  .pkg-price {
+    font-size: 14px; color: #f56c6c; margin: 8px 0 4px;
+    span { font-size: 28px; font-weight: 700; }
+  }
+  .pkg-credit {
+    font-size: 14px; color: var(--el-text-color-primary);
+    .bonus { color: #67c23a; font-weight: 600; margin-left: 6px; }
+  }
+  .pkg-desc {
+    font-size: 12px; color: var(--el-text-color-secondary);
+    margin: 10px 0; min-height: 36px;
+  }
+  .pkg-actions { display: flex; gap: 8px; }
+}
+code {
+  background: #f2f3f5;
+  padding: 1px 6px;
+  border-radius: 4px;
+}
+:global(html.dark) code { background: #1d2026; }
+</style>
diff --git a/web/src/views/personal/Dashboard.vue b/web/src/views/personal/Dashboard.vue
new file mode 100644
index 00000000..411543f6
--- /dev/null
+++ b/web/src/views/personal/Dashboard.vue
@@ -0,0 +1,799 @@
+<script setup lang="ts">
+import { computed, ref, onMounted, onBeforeUnmount } from 'vue'
+import { storeToRefs } from 'pinia'
+import { useRouter } from 'vue-router'
+import {
+  Refresh, Wallet, Key, ChatLineRound, PictureFilled,
+  DataAnalysis, Collection, Promotion,
+} from '@element-plus/icons-vue'
+import { useUserStore } from '@/stores/user'
+import { listKeys } from '@/api/apikey'
+import * as meApi from '@/api/me'
+import { formatCredit, formatDateTime, formatErrorCode } from '@/utils/format'
+
+const store = useUserStore()
+const { user } = storeToRefs(store)
+const router = useRouter()
+
+// ---------- 基本信息 ----------
+const balance = computed(() => formatCredit(user.value?.credit_balance))
+const frozen = computed(() => formatCredit(user.value?.credit_frozen))
+const greeting = computed(() => {
+  const h = new Date().getHours()
+  if (h < 6) return '夜深了'
+  if (h < 12) return '早上好'
+  if (h < 14) return '中午好'
+  if (h < 18) return '下午好'
+  return '晚上好'
+})
+
+// ---------- 数据:API Keys / 模型 / 统计 / 最近日志 / 账变 ----------
+const loading = ref(false)
+const keyTotal = ref(0)
+const keyActive = ref(0)
+const modelCount = ref(0)
+const stats14 = ref<meApi.MyStatsResp | null>(null)
+const stats1 = ref<meApi.MyStatsResp | null>(null)
+const recentLogs = ref<meApi.UsageItem[]>([])
+const recentCredits = ref<meApi.MyCreditLog[]>([])
+
+async function loadAll() {
+  loading.value = true
+  try {
+    await store.fetchMe()
+    const [keys, models, s14, s1, logs, credits] = await Promise.all([
+      listKeys(1, 100),
+      meApi.listMyModels(),
+      meApi.getMyUsageStats({ days: 14, top_n: 3 }),
+      meApi.getMyUsageStats({ days: 1, top_n: 1 }),
+      meApi.listMyUsageLogs({ limit: 6, offset: 0 }),
+      meApi.listMyCreditLogs({ limit: 3, offset: 0 }),
+    ])
+    keyTotal.value = keys.total
+    keyActive.value = keys.list.filter((k) => k.enabled).length
+    modelCount.value = models.total
+    stats14.value = s14
+    stats1.value = s1
+    recentLogs.value = logs.items
+    recentCredits.value = credits.items
+  } finally {
+    loading.value = false
+  }
+}
+
+// ---------- 派生指标 ----------
+const todayOverall = computed(() => stats1.value?.overall)
+const monthOverall = computed(() => stats14.value?.overall) // 近 14 天,作为"近期"展示
+const daily = computed(() => stats14.value?.daily || [])
+const topModels = computed(() => (stats14.value?.by_model || []).slice(0, 3))
+
+function successRate(o?: meApi.UsageOverall | null): string {
+  if (!o || o.requests === 0) return '—'
+  return `${(((o.requests - o.failures) / o.requests) * 100).toFixed(1)}%`
+}
+
+// ---------- 趋势图(SVG)—— 复用 Usage 页的思路,改成面积图+折线 ----------
+const chartWrap = ref<HTMLElement | null>(null)
+const chartW = ref(640)
+const chartH = 140
+const padT = 10
+const padB = 24
+const padL = 32
+const padR = 10
+const hoverIdx = ref(-1)
+
+let ro: ResizeObserver | null = null
+onMounted(async () => {
+  if (chartWrap.value && typeof ResizeObserver !== 'undefined') {
+    ro = new ResizeObserver((entries) => {
+      for (const e of entries) {
+        const w = e.contentRect.width
+        if (w > 0) chartW.value = Math.floor(w)
+      }
+    })
+    ro.observe(chartWrap.value)
+  }
+  await loadAll()
+})
+onBeforeUnmount(() => { ro?.disconnect() })
+
+function niceMax(v: number): number {
+  if (v <= 1) return 1
+  const exp = Math.pow(10, Math.floor(Math.log10(v)))
+  const n = v / exp
+  let m = 10
+  if (n <= 1) m = 1
+  else if (n <= 2) m = 2
+  else if (n <= 5) m = 5
+  return m * exp
+}
+const yMax = computed(() => niceMax(daily.value.reduce((x, r) => Math.max(x, r.requests), 0) || 1))
+const yTicks = computed(() => {
+  const m = yMax.value
+  return [0, m / 2, m].map((v) => Math.round(v))
+})
+const cellW = computed(() => {
+  const n = Math.max(daily.value.length, 1)
+  return (chartW.value - padL - padR) / n
+})
+function xCenter(i: number) { return padL + cellW.value * (i + 0.5) }
+function pointY(v: number) {
+  const innerH = chartH - padT - padB
+  return chartH - padB - (v / yMax.value) * innerH
+}
+
+// 折线 path
+const linePath = computed(() => {
+  if (!daily.value.length) return ''
+  return daily.value
+    .map((p, i) => `${i === 0 ? 'M' : 'L'}${xCenter(i).toFixed(1)},${pointY(p.requests).toFixed(1)}`)
+    .join(' ')
+})
+// 面积 path(折线 + 底边)
+const areaPath = computed(() => {
+  if (!daily.value.length) return ''
+  const n = daily.value.length
+  const baseY = chartH - padB
+  let d = `M${xCenter(0).toFixed(1)},${baseY.toFixed(1)}`
+  daily.value.forEach((p, i) => {
+    d += ` L${xCenter(i).toFixed(1)},${pointY(p.requests).toFixed(1)}`
+  })
+  d += ` L${xCenter(n - 1).toFixed(1)},${baseY.toFixed(1)} Z`
+  return d
+})
+
+const labelStep = computed(() => (daily.value.length > 10 ? 3 : 2))
+function shouldShowLabel(i: number) {
+  const n = daily.value.length
+  if (i === 0 || i === n - 1) return true
+  return i % labelStep.value === 0
+}
+
+const tipX = computed(() => (hoverIdx.value >= 0 ? xCenter(hoverIdx.value) : 0))
+const tipY = computed(() => (hoverIdx.value >= 0 ? pointY(daily.value[hoverIdx.value]?.requests || 0) : 0))
+const tipSide = computed<'left' | 'right'>(() => (tipX.value > chartW.value / 2 ? 'left' : 'right'))
+
+// ---------- TOP 模型横向条 ----------
+const maxTop = computed(() => topModels.value.reduce((x, r) => Math.max(x, r.requests), 0) || 1)
+
+// ---------- 最近请求/账变 辅助 ----------
+const statusMap: Record<string, { tag: 'success' | 'danger' | 'warning' | 'info'; label: string }> = {
+  success: { tag: 'success', label: '成功' },
+  failed: { tag: 'danger', label: '失败' },
+  partial: { tag: 'warning', label: '部分' },
+}
+function statusTag(s: string) { return statusMap[s]?.tag || 'info' }
+function statusLabel(s: string) { return statusMap[s]?.label || s || '-' }
+
+const creditTypeLabel: Record<string, string> = {
+  recharge: '充值', consume: '消费', refund: '退款',
+  adjust: '调账', bonus: '赠送', freeze: '冻结', unfreeze: '解冻',
+}
+
+// ---------- 导航 CTA ----------
+function go(p: string) { router.push(p) }
+</script>
+
+<template>
+  <div class="page-container" v-loading="loading">
+    <!-- ====== 顶部横幅 ====== -->
+    <div class="hero-card">
+      <div class="hero-main">
+        <div class="hero-greet">
+          <span class="wave">👋</span>
+          {{ greeting }},{{ user?.nickname || user?.email?.split('@')[0] || '同学' }}
+        </div>
+        <div class="hero-sub">
+          欢迎回到 <b>云芯 API</b> 控制台 ·
+          当前角色 <el-tag size="small" effect="plain">{{ store.role || '-' }}</el-tag>
+          <span v-if="user?.last_login_at" class="muted">
+            · 上次登录 {{ formatDateTime(user?.last_login_at) }}
+          </span>
+        </div>
+        <div class="hero-actions">
+          <el-button type="primary" :icon="Wallet" @click="go('/personal/billing')">
+            充值积分
+          </el-button>
+          <el-button :icon="Key" @click="go('/personal/keys')">
+            管理 API Key
+          </el-button>
+          <el-button :icon="ChatLineRound" @click="go('/personal/play')">
+            在线体验
+          </el-button>
+          <el-button text :icon="Refresh" :loading="loading" @click="loadAll">刷新</el-button>
+        </div>
+      </div>
+      <div class="hero-balance">
+        <div class="balance-label">可用积分</div>
+        <div class="balance-value">{{ balance }}</div>
+        <div class="balance-sub">冻结中 {{ frozen }}</div>
+      </div>
+    </div>
+
+    <!-- ====== 关键指标(6 张小卡) ====== -->
+    <el-row :gutter="16" class="kpis">
+      <el-col :lg="4" :md="8" :sm="12" :xs="12">
+        <div class="kpi primary">
+          <div class="kpi-icon"><el-icon><DataAnalysis /></el-icon></div>
+          <div class="kpi-body">
+            <div class="kpi-label">今日请求</div>
+            <div class="kpi-value">{{ todayOverall?.requests ?? 0 }}</div>
+            <div class="kpi-sub">成功率 {{ successRate(todayOverall) }}</div>
+          </div>
+        </div>
+      </el-col>
+      <el-col :lg="4" :md="8" :sm="12" :xs="12">
+        <div class="kpi success">
+          <div class="kpi-icon"><el-icon><Collection /></el-icon></div>
+          <div class="kpi-body">
+            <div class="kpi-label">近 14 天请求</div>
+            <div class="kpi-value">{{ monthOverall?.requests ?? 0 }}</div>
+            <div class="kpi-sub">失败 {{ monthOverall?.failures ?? 0 }}</div>
+          </div>
+        </div>
+      </el-col>
+      <el-col :lg="4" :md="8" :sm="12" :xs="12">
+        <div class="kpi info">
+          <div class="kpi-icon"><el-icon><ChatLineRound /></el-icon></div>
+          <div class="kpi-body">
+            <div class="kpi-label">Token 合计</div>
+            <div class="kpi-value">
+              {{ (monthOverall?.input_tokens ?? 0) + (monthOverall?.output_tokens ?? 0) }}
+            </div>
+            <div class="kpi-sub">
+              入 {{ monthOverall?.input_tokens ?? 0 }} / 出 {{ monthOverall?.output_tokens ?? 0 }}
+            </div>
+          </div>
+        </div>
+      </el-col>
+      <el-col :lg="4" :md="8" :sm="12" :xs="12">
+        <div class="kpi warning">
+          <div class="kpi-icon"><el-icon><PictureFilled /></el-icon></div>
+          <div class="kpi-body">
+            <div class="kpi-label">生图张数</div>
+            <div class="kpi-value">{{ monthOverall?.image_images ?? 0 }}</div>
+            <div class="kpi-sub">近 14 天</div>
+          </div>
+        </div>
+      </el-col>
+      <el-col :lg="4" :md="8" :sm="12" :xs="12">
+        <div class="kpi danger">
+          <div class="kpi-icon"><el-icon><Wallet /></el-icon></div>
+          <div class="kpi-body">
+            <div class="kpi-label">近 14 天扣费</div>
+            <div class="kpi-value">{{ formatCredit(monthOverall?.credit_cost) }}</div>
+            <div class="kpi-sub">单位:积分</div>
+          </div>
+        </div>
+      </el-col>
+      <el-col :lg="4" :md="8" :sm="12" :xs="12">
+        <div class="kpi purple">
+          <div class="kpi-icon"><el-icon><Key /></el-icon></div>
+          <div class="kpi-body">
+            <div class="kpi-label">API Key</div>
+            <div class="kpi-value">{{ keyTotal }}</div>
+            <div class="kpi-sub">启用 {{ keyActive }} · 可用模型 {{ modelCount }}</div>
+          </div>
+        </div>
+      </el-col>
+    </el-row>
+
+    <!-- ====== 趋势 + 热门模型 ====== -->
+    <el-row :gutter="16">
+      <el-col :lg="16" :md="14" :sm="24">
+        <div class="card-block">
+          <div class="flex-between" style="margin-bottom:10px">
+            <div>
+              <h3 class="page-title" style="margin:0;font-size:16px">请求趋势(近 14 天)</h3>
+              <div class="muted" style="margin-top:4px">悬停查看每日详情</div>
+            </div>
+            <el-button text :icon="Promotion" @click="go('/personal/usage')">
+              查看详情
+            </el-button>
+          </div>
+          <div ref="chartWrap" class="chart-wrap">
+            <el-empty
+              v-if="!loading && daily.length === 0"
+              description="暂无数据,先在「在线体验」发一条请求试试"
+              :image-size="80"
+              style="padding:24px 0"
+            />
+            <svg
+              v-else
+              class="chart-svg"
+              :viewBox="`0 0 ${chartW} ${chartH}`"
+              :style="{ height: chartH + 'px' }"
+              @mouseleave="hoverIdx = -1"
+            >
+              <defs>
+                <linearGradient id="dashAreaGrad" x1="0" y1="0" x2="0" y2="1">
+                  <stop offset="0%" stop-color="var(--el-color-primary)" stop-opacity="0.32" />
+                  <stop offset="100%" stop-color="var(--el-color-primary)" stop-opacity="0" />
+                </linearGradient>
+              </defs>
+
+              <!-- 网格 + y 刻度 -->
+              <g class="chart-axis">
+                <line
+                  v-for="(t, ti) in yTicks" :key="'ty' + ti"
+                  :x1="padL" :x2="chartW - padR"
+                  :y1="pointY(t)" :y2="pointY(t)"
+                  class="grid-line"
+                  :class="{ 'grid-zero': ti === 0 }"
+                />
+                <text
+                  v-for="(t, ti) in yTicks" :key="'tl' + ti"
+                  :x="padL - 6" :y="pointY(t) + 4"
+                  text-anchor="end" class="axis-tick"
+                >{{ t }}</text>
+              </g>
+
+              <!-- 面积 + 折线 -->
+              <path :d="areaPath" fill="url(#dashAreaGrad)" stroke="none" />
+              <path
+                :d="linePath"
+                fill="none"
+                stroke="var(--el-color-primary)"
+                stroke-width="2"
+                stroke-linejoin="round"
+                stroke-linecap="round"
+              />
+
+              <!-- 交互矩形 + 圆点 + 日期 -->
+              <g v-for="(p, i) in daily" :key="p.day">
+                <rect
+                  :x="padL + cellW * i" :y="padT"
+                  :width="cellW" :height="chartH - padT - padB"
+                  fill="transparent"
+                  @mouseenter="hoverIdx = i"
+                />
+                <circle
+                  :cx="xCenter(i)" :cy="pointY(p.requests)"
+                  :r="hoverIdx === i ? 4.5 : 2.5"
+                  class="dot"
+                  :class="{ active: hoverIdx === i }"
+                />
+                <text
+                  v-if="shouldShowLabel(i)"
+                  :x="xCenter(i)" :y="chartH - padB + 14"
+                  text-anchor="middle" class="axis-date"
+                >{{ p.day.slice(5) }}</text>
+              </g>
+
+              <!-- hover 指示 + tooltip -->
+              <line
+                v-if="hoverIdx >= 0"
+                :x1="tipX" :x2="tipX"
+                :y1="padT" :y2="chartH - padB"
+                class="hover-guide"
+              />
+              <foreignObject
+                v-if="hoverIdx >= 0"
+                :x="tipSide === 'right' ? tipX + 10 : tipX - 170"
+                :y="Math.max(padT, tipY - 60)"
+                width="160" height="72"
+              >
+                <div class="chart-tip">
+                  <div class="tip-day">{{ daily[hoverIdx]?.day }}</div>
+                  <div class="tip-row">
+                    <span class="tip-dot primary"></span>请求
+                    <b>{{ daily[hoverIdx]?.requests || 0 }}</b>
+                  </div>
+                  <div class="tip-row">
+                    <span class="tip-dot danger"></span>失败
+                    <b>{{ daily[hoverIdx]?.failures || 0 }}</b>
+                  </div>
+                </div>
+              </foreignObject>
+            </svg>
+          </div>
+        </div>
+      </el-col>
+
+      <el-col :lg="8" :md="10" :sm="24">
+        <div class="card-block">
+          <div class="flex-between" style="margin-bottom:10px">
+            <h3 class="page-title" style="margin:0;font-size:16px">热门模型</h3>
+            <span class="muted">近 14 天</span>
+          </div>
+          <div v-if="topModels.length === 0" class="muted" style="padding:16px 0;text-align:center">
+            暂无调用记录
+          </div>
+          <div v-else class="top-list">
+            <div v-for="(m, idx) in topModels" :key="m.model_id" class="top-row">
+              <div class="top-head">
+                <span class="top-rank" :class="'r' + (idx + 1)">{{ idx + 1 }}</span>
+                <code class="top-slug">{{ m.model_slug || `#${m.model_id}` }}</code>
+                <el-tag
+                  size="small"
+                  :type="m.type === 'image' ? 'warning' : 'primary'"
+                  effect="plain"
+                >{{ m.type || '-' }}</el-tag>
+                <span class="top-val">{{ m.requests }}</span>
+              </div>
+              <div class="top-bar">
+                <div
+                  class="top-bar-inner"
+                  :class="{ img: m.type === 'image' }"
+                  :style="{ width: ((m.requests / maxTop) * 100) + '%' }"
+                />
+              </div>
+              <div class="top-foot muted">
+                扣费 {{ formatCredit(m.credit_cost) }} · 平均 {{ m.avg_dur_ms || 0 }} ms
+              </div>
+            </div>
+          </div>
+        </div>
+      </el-col>
+    </el-row>
+
+    <!-- ====== 最近请求 + 最近账变 ====== -->
+    <el-row :gutter="16">
+      <el-col :lg="14" :md="14" :sm="24">
+        <div class="card-block">
+          <div class="flex-between" style="margin-bottom:10px">
+            <h3 class="page-title" style="margin:0;font-size:16px">最近请求</h3>
+            <el-button text @click="go('/personal/usage')">查看全部</el-button>
+          </div>
+          <el-table
+            :data="recentLogs"
+            stripe
+            size="small"
+            empty-text="暂无请求记录"
+            :show-header="recentLogs.length > 0"
+          >
+            <el-table-column prop="created_at" label="时间" width="150">
+              <template #default="{ row }">{{ formatDateTime(row.created_at) }}</template>
+            </el-table-column>
+            <el-table-column label="模型" min-width="140">
+              <template #default="{ row }">
+                <code>{{ row.model_slug || `#${row.model_id}` }}</code>
+              </template>
+            </el-table-column>
+            <el-table-column label="类型" width="72">
+              <template #default="{ row }">
+                <el-tag size="small" :type="row.type === 'image' ? 'warning' : 'primary'">
+                  {{ row.type || '-' }}
+                </el-tag>
+              </template>
+            </el-table-column>
+            <el-table-column label="状态" width="80">
+              <template #default="{ row }">
+                <el-tag size="small" :type="statusTag(row.status)">
+                  {{ statusLabel(row.status) }}
+                </el-tag>
+              </template>
+            </el-table-column>
+            <el-table-column label="扣费" width="100">
+              <template #default="{ row }">
+                <span class="cost">{{ formatCredit(row.credit_cost) }}</span>
+              </template>
+            </el-table-column>
+            <el-table-column label="错误" min-width="120">
+              <template #default="{ row }">
+                <el-tooltip v-if="row.error_code" :content="row.error_code" placement="top">
+                  <span class="err">{{ formatErrorCode(row.error_code) }}</span>
+                </el-tooltip>
+                <span v-else class="muted">-</span>
+              </template>
+            </el-table-column>
+          </el-table>
+        </div>
+      </el-col>
+
+      <el-col :lg="10" :md="10" :sm="24">
+        <div class="card-block">
+          <div class="flex-between" style="margin-bottom:10px">
+            <h3 class="page-title" style="margin:0;font-size:16px">最近账变</h3>
+            <el-button text @click="go('/personal/usage')">查看全部</el-button>
+          </div>
+          <div v-if="recentCredits.length === 0" class="muted" style="padding:16px 0;text-align:center">
+            暂无账变记录
+          </div>
+          <div v-else class="credit-list">
+            <div v-for="c in recentCredits" :key="c.id" class="credit-row">
+              <div class="cr-left">
+                <el-tag size="small" effect="plain">
+                  {{ creditTypeLabel[c.type] || c.type }}
+                </el-tag>
+                <div class="cr-remark">{{ c.remark || '-' }}</div>
+                <div class="cr-time muted">{{ formatDateTime(c.created_at) }}</div>
+              </div>
+              <div class="cr-right">
+                <div :class="['cr-amt', c.amount >= 0 ? 'in' : 'out']">
+                  {{ c.amount >= 0 ? '+' : '' }}{{ formatCredit(c.amount) }}
+                </div>
+                <div class="cr-bal muted">余额 {{ formatCredit(c.balance_after) }}</div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </el-col>
+    </el-row>
+
+  </div>
+</template>
+
+<style scoped lang="scss">
+.page-title { font-size: 18px; font-weight: 600; }
+.muted { color: var(--el-text-color-secondary); font-size: 13px; }
+
+/* 行与行之间留 12px 间距;每个 col 内部的 card-block 自身 padding 已够 */
+:deep(.el-row) { margin-bottom: 12px; }
+:deep(.el-row:last-child) { margin-bottom: 0; }
+:deep(.el-row .card-block) { margin: 0; padding: 14px 16px; height: 100%; box-sizing: border-box; }
+code {
+  background: var(--el-fill-color-light);
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+}
+
+/* ==== Hero ==== */
+.hero-card {
+  position: relative;
+  border-radius: 12px;
+  padding: 16px 22px;
+  color: #fff;
+  background:
+    radial-gradient(circle at 85% 20%, rgba(255, 255, 255, 0.18), transparent 60%),
+    linear-gradient(135deg, #4c6ef5 0%, #7c3aed 55%, #db2777 100%);
+  box-shadow: 0 6px 24px rgba(76, 110, 245, 0.25);
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  gap: 24px;
+  flex-wrap: wrap;
+  margin-bottom: 12px;
+  overflow: hidden;
+}
+.hero-card::after {
+  content: '';
+  position: absolute;
+  right: -60px; top: -60px;
+  width: 220px; height: 220px;
+  border-radius: 50%;
+  background: rgba(255, 255, 255, 0.08);
+  pointer-events: none;
+}
+.hero-main { flex: 1 1 360px; min-width: 0; }
+.hero-greet {
+  font-size: 20px;
+  font-weight: 600;
+  letter-spacing: 0.5px;
+  .wave { display: inline-block; transform: translateY(-1px); margin-right: 4px; }
+}
+.hero-sub {
+  margin-top: 6px;
+  font-size: 13px;
+  color: rgba(255, 255, 255, 0.82);
+  b { color: #fff; }
+  :deep(.el-tag) {
+    margin: 0 2px;
+    background: rgba(255, 255, 255, 0.18);
+    border-color: rgba(255, 255, 255, 0.35);
+    color: #fff;
+  }
+  .muted { color: rgba(255, 255, 255, 0.7); font-size: 12.5px; }
+}
+.hero-actions {
+  margin-top: 12px;
+  display: flex;
+  flex-wrap: wrap;
+  gap: 10px;
+  :deep(.el-button) { font-weight: 500; }
+  :deep(.el-button.is-text) {
+    color: rgba(255, 255, 255, 0.9);
+    &:hover { background: rgba(255, 255, 255, 0.12); color: #fff; }
+  }
+}
+.hero-balance {
+  min-width: 180px;
+  padding: 12px 20px;
+  background: rgba(255, 255, 255, 0.14);
+  border: 1px solid rgba(255, 255, 255, 0.25);
+  border-radius: 10px;
+  backdrop-filter: blur(6px);
+  text-align: right;
+  .balance-label { font-size: 12px; color: rgba(255, 255, 255, 0.8); }
+  .balance-value {
+    font-size: 26px;
+    font-weight: 700;
+    margin: 2px 0;
+    line-height: 1.15;
+    letter-spacing: 0.5px;
+  }
+  .balance-sub { font-size: 12px; color: rgba(255, 255, 255, 0.72); }
+}
+
+/* ==== KPI 卡 ==== */
+.kpis { margin-bottom: 12px; }
+.kpis .el-col { margin-bottom: 10px; }
+.kpi {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  padding: 10px 14px;
+  border-radius: 10px;
+  background: var(--el-bg-color);
+  border: 1px solid var(--el-border-color-lighter);
+  transition: transform 0.15s, box-shadow 0.15s, border-color 0.15s;
+  position: relative;
+  overflow: hidden;
+}
+.kpi:hover {
+  transform: translateY(-2px);
+  box-shadow: 0 6px 18px rgba(0, 0, 0, 0.06);
+  border-color: var(--el-border-color);
+}
+.kpi .kpi-icon {
+  width: 36px; height: 36px;
+  border-radius: 9px;
+  display: flex; align-items: center; justify-content: center;
+  font-size: 18px;
+  flex-shrink: 0;
+}
+.kpi .kpi-body { flex: 1; min-width: 0; }
+.kpi .kpi-label { font-size: 12px; color: var(--el-text-color-secondary); }
+.kpi .kpi-value {
+  font-size: 21px;
+  font-weight: 700;
+  line-height: 1.2;
+  margin: 1px 0;
+  color: var(--el-text-color-primary);
+}
+.kpi .kpi-sub {
+  font-size: 11.5px;
+  color: var(--el-text-color-secondary);
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+.kpi.primary .kpi-icon { background: rgba(64, 158, 255, 0.12); color: var(--el-color-primary); }
+.kpi.success .kpi-icon { background: rgba(103, 194, 58, 0.12); color: var(--el-color-success); }
+.kpi.info .kpi-icon    { background: rgba(144, 147, 153, 0.14); color: var(--el-color-info); }
+.kpi.warning .kpi-icon { background: rgba(230, 162, 60, 0.14); color: var(--el-color-warning); }
+.kpi.danger .kpi-icon  { background: rgba(245, 108, 108, 0.14); color: var(--el-color-danger); }
+.kpi.purple .kpi-icon  { background: rgba(124, 58, 237, 0.14); color: #7c3aed; }
+
+/* ==== 趋势图 ==== */
+.chart-wrap { width: 100%; min-height: 140px; }
+.chart-svg {
+  width: 100%;
+  display: block;
+  font-family: ui-sans-serif, system-ui, -apple-system, 'Segoe UI', sans-serif;
+  user-select: none;
+}
+.chart-svg .grid-line {
+  stroke: var(--el-border-color-lighter);
+  stroke-width: 1;
+  stroke-dasharray: 3 4;
+}
+.chart-svg .grid-line.grid-zero { stroke: var(--el-border-color); stroke-dasharray: none; }
+.chart-svg .axis-tick { fill: var(--el-text-color-placeholder); font-size: 10.5px; }
+.chart-svg .axis-date { fill: var(--el-text-color-secondary); font-size: 10.5px; }
+.chart-svg .dot {
+  fill: #fff;
+  stroke: var(--el-color-primary);
+  stroke-width: 2;
+  transition: r 0.15s;
+}
+.chart-svg .dot.active {
+  fill: var(--el-color-primary);
+  stroke: #fff;
+}
+.chart-svg .hover-guide {
+  stroke: var(--el-color-primary);
+  stroke-width: 1;
+  stroke-dasharray: 3 3;
+  opacity: 0.45;
+  pointer-events: none;
+}
+
+.chart-tip {
+  background: var(--el-bg-color);
+  border: 1px solid var(--el-border-color-light);
+  border-radius: 8px;
+  box-shadow: 0 4px 16px rgba(0, 0, 0, 0.08);
+  padding: 8px 10px;
+  font-size: 12px;
+  line-height: 1.6;
+  color: var(--el-text-color-primary);
+  pointer-events: none;
+}
+.chart-tip .tip-day { font-weight: 600; margin-bottom: 2px; }
+.chart-tip .tip-row { display: flex; align-items: center; }
+.chart-tip .tip-row b { margin-left: auto; font-weight: 600; }
+.chart-tip .tip-dot {
+  width: 8px; height: 8px; border-radius: 50%;
+  display: inline-block; margin-right: 6px;
+}
+.chart-tip .tip-dot.primary { background: var(--el-color-primary); }
+.chart-tip .tip-dot.danger { background: var(--el-color-danger); }
+
+/* ==== 热门模型横向条 ==== */
+.top-list { display: flex; flex-direction: column; gap: 12px; }
+.top-row { min-width: 0; }
+.top-head {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  margin-bottom: 6px;
+  font-size: 13px;
+}
+.top-rank {
+  width: 20px; height: 20px;
+  border-radius: 50%;
+  font-size: 11px;
+  font-weight: 700;
+  display: flex; align-items: center; justify-content: center;
+  background: var(--el-fill-color);
+  color: var(--el-text-color-secondary);
+  flex-shrink: 0;
+}
+.top-rank.r1 { background: #ffd43b; color: #7a5a00; }
+.top-rank.r2 { background: #ced4da; color: #495057; }
+.top-rank.r3 { background: #ffc9a5; color: #8a4708; }
+.top-slug {
+  flex: 1 1 auto;
+  min-width: 0;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+.top-val { font-weight: 600; color: var(--el-text-color-primary); }
+.top-bar {
+  height: 6px;
+  background: var(--el-fill-color-light);
+  border-radius: 4px;
+  overflow: hidden;
+}
+.top-bar-inner {
+  height: 100%;
+  background: linear-gradient(90deg, var(--el-color-primary), #7c3aed);
+  border-radius: 4px;
+  transition: width 0.3s;
+}
+.top-bar-inner.img {
+  background: linear-gradient(90deg, var(--el-color-warning), var(--el-color-danger));
+}
+.top-foot { font-size: 11.5px; margin-top: 4px; }
+
+/* ==== 最近请求表格 ==== */
+.cost { font-weight: 600; color: var(--el-color-danger); }
+.err { color: var(--el-color-danger); font-size: 12px; }
+
+/* ==== 最近账变列表 ==== */
+.credit-list { display: flex; flex-direction: column; }
+.credit-row {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  gap: 12px;
+  padding: 8px 2px;
+  border-bottom: 1px solid var(--el-border-color-lighter);
+}
+.credit-row:last-child { border-bottom: none; }
+.cr-left { min-width: 0; flex: 1; }
+.cr-remark {
+  margin-top: 4px;
+  font-size: 13px;
+  color: var(--el-text-color-regular);
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  max-width: 260px;
+}
+.cr-time { font-size: 11.5px; margin-top: 2px; }
+.cr-right { text-align: right; flex-shrink: 0; }
+.cr-amt {
+  font-weight: 700;
+  font-size: 15px;
+  font-variant-numeric: tabular-nums;
+}
+.cr-amt.in { color: var(--el-color-success); }
+.cr-amt.out { color: var(--el-color-danger); }
+.cr-bal { font-size: 11.5px; margin-top: 2px; }
+
+</style>
diff --git a/web/src/views/personal/OnlinePlay.vue b/web/src/views/personal/OnlinePlay.vue
new file mode 100644
index 00000000..bc90a92a
--- /dev/null
+++ b/web/src/views/personal/OnlinePlay.vue
@@ -0,0 +1,1547 @@
+<script setup lang="ts">
+import { computed, nextTick, onBeforeUnmount, onMounted, ref, watch } from 'vue'
+import { ElMessage } from 'element-plus'
+import { storeToRefs } from 'pinia'
+import { useUserStore } from '@/stores/user'
+import { formatCredit } from '@/utils/format'
+import {
+  listMyModels,
+  streamPlayChat,
+  playGenerateImage,
+  type SimpleModel,
+  type PlayChatMessage,
+  type PlayImageData,
+} from '@/api/me'
+import { ENABLE_CHAT_MODEL } from '@/config/feature'
+
+// ----------------------------------------------------
+// 用户 / 模型
+// ----------------------------------------------------
+const userStore = useUserStore()
+const { user } = storeToRefs(userStore)
+
+const balance = computed(() => formatCredit(user.value?.credit_balance))
+
+const models = ref<SimpleModel[]>([])
+const chatModels = computed(() => models.value.filter((m) => m.type === 'chat'))
+const imageModels = computed(() => models.value.filter((m) => m.type === 'image'))
+
+const selectedChatModel = ref('')
+const selectedImageModel = ref('')
+
+const currentChatDesc = computed(
+  () => chatModels.value.find((m) => m.slug === selectedChatModel.value)?.description || '',
+)
+const currentImageDesc = computed(
+  () => imageModels.value.find((m) => m.slug === selectedImageModel.value)?.description || '',
+)
+
+onMounted(async () => {
+  try {
+    await userStore.fetchMe()
+  } catch {
+    /* ignore */
+  }
+  try {
+    const m = await listMyModels()
+    // feature flag 关闭时,前端直接把 chat 类型的模型从列表过滤掉,
+    // 保证 chatModels / imageModels / selectedChatModel 等下游 state 都不会
+    // 拿到 chat 模型(即便模板里还有残留引用)。
+    models.value = ENABLE_CHAT_MODEL
+      ? m.items
+      : m.items.filter((x) => x.type !== 'chat')
+    const firstChat = m.items.find((x) => x.type === 'chat')
+    const firstImage = m.items.find((x) => x.type === 'image')
+    if (firstChat) selectedChatModel.value = firstChat.slug
+    if (firstImage) selectedImageModel.value = firstImage.slug
+  } catch {
+    // 静默;错误拦截器已提示
+  }
+})
+
+// ----------------------------------------------------
+// Tabs
+// ----------------------------------------------------
+const activeTab = ref<'chat' | 'text2img' | 'img2img'>(
+  ENABLE_CHAT_MODEL ? 'chat' : 'text2img',
+)
+
+// ====================================================
+// 对话(Chat)
+// ====================================================
+interface UIMessage {
+  id: number
+  role: 'user' | 'assistant' | 'system'
+  content: string
+  pending?: boolean
+  error?: boolean
+  at: number
+}
+
+let uid = 0
+
+const systemPrompt = ref('你是一个友好、博学、回答精准的中文助手。回答中若涉及代码请使用 Markdown 代码块。')
+const temperature = ref(0.7)
+const chatInput = ref('')
+const chatMsgs = ref<UIMessage[]>([])
+const chatSending = ref(false)
+const chatAbort = ref<AbortController | null>(null)
+const chatScroll = ref<HTMLElement | null>(null)
+const inputRef = ref<any>(null)
+
+const suggestions = [
+  { icon: '💡', title: '向我解释', sub: '量子纠缠到底是什么?' },
+  { icon: '✍️', title: '帮我写作', sub: '一段 200 字的产品发布文案' },
+  { icon: '🧑‍💻', title: '写段代码', sub: 'Go 实现令牌桶限流器' },
+  { icon: '🌏', title: '中英互译', sub: '把上面这段翻译为英文' },
+]
+
+function useSuggestion(s: typeof suggestions[number]) {
+  chatInput.value = `${s.title}:${s.sub}`
+  nextTick(() => inputRef.value?.focus?.())
+}
+
+async function scrollChat(force = false) {
+  await nextTick()
+  const el = chatScroll.value
+  if (!el) return
+  if (force) {
+    el.scrollTop = el.scrollHeight
+    return
+  }
+  const gap = el.scrollHeight - el.scrollTop - el.clientHeight
+  if (gap < 180) el.scrollTop = el.scrollHeight
+}
+
+async function sendChat() {
+  if (chatSending.value) return
+  const text = chatInput.value.trim()
+  if (!text) return
+  if (!selectedChatModel.value) {
+    ElMessage.warning('请选择一个文字模型')
+    return
+  }
+  const now = Date.now()
+  chatMsgs.value.push({ id: ++uid, role: 'user', content: text, at: now })
+  chatInput.value = ''
+  const assistant: UIMessage = { id: ++uid, role: 'assistant', content: '', pending: true, at: now }
+  chatMsgs.value.push(assistant)
+  await scrollChat(true)
+
+  const history: PlayChatMessage[] = []
+  if (systemPrompt.value.trim()) {
+    history.push({ role: 'system', content: systemPrompt.value.trim() })
+  }
+  for (const m of chatMsgs.value.slice(0, -1)) {
+    if (m.error) continue
+    history.push({ role: m.role as 'user' | 'assistant' | 'system', content: m.content })
+  }
+
+  chatSending.value = true
+  chatAbort.value = new AbortController()
+  try {
+    await streamPlayChat(
+      { model: selectedChatModel.value, messages: history, temperature: temperature.value },
+      (delta) => {
+        assistant.content += delta
+        assistant.pending = false
+        scrollChat()
+      },
+      chatAbort.value.signal,
+    )
+    assistant.pending = false
+    if (!assistant.content) assistant.content = '(无输出)'
+  } catch (err: unknown) {
+    assistant.pending = false
+    assistant.error = true
+    const msg = err instanceof Error ? err.message : String(err)
+    assistant.content = assistant.content || `请求失败:${msg}`
+    ElMessage.error(msg)
+  } finally {
+    chatSending.value = false
+    chatAbort.value = null
+    scrollChat()
+    userStore.fetchMe().catch(() => {})
+  }
+}
+
+function stopChat() {
+  chatAbort.value?.abort()
+}
+
+function resetChat() {
+  if (chatSending.value) stopChat()
+  chatMsgs.value = []
+}
+
+async function regenerate() {
+  if (chatSending.value) return
+  // 去掉最后一条 assistant,把最后一条 user 重发
+  let lastUserIdx = -1
+  for (let i = chatMsgs.value.length - 1; i >= 0; i--) {
+    if (chatMsgs.value[i].role === 'user') { lastUserIdx = i; break }
+  }
+  if (lastUserIdx < 0) return
+  const lastUserText = chatMsgs.value[lastUserIdx].content
+  chatMsgs.value = chatMsgs.value.slice(0, lastUserIdx)
+  chatInput.value = lastUserText
+  await sendChat()
+}
+
+function copyText(s: string) {
+  try {
+    navigator.clipboard.writeText(s)
+    ElMessage.success('已复制')
+  } catch {
+    ElMessage.warning('复制失败')
+  }
+}
+
+onBeforeUnmount(() => chatAbort.value?.abort())
+
+// ---------- 轻量 markdown 渲染(代码块 / 行内代码 / 粗体 / 链接) ----------
+function escapeHtml(s: string) {
+  return s
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&#39;')
+}
+
+function renderMarkdown(raw: string): string {
+  if (!raw) return ''
+  const parts: string[] = []
+  const blocks = raw.split(/```/g) // ``` 成对切分
+  for (let i = 0; i < blocks.length; i++) {
+    const chunk = blocks[i]
+    if (i % 2 === 1) {
+      // 代码块:首行可能是 lang
+      const nl = chunk.indexOf('\n')
+      let lang = ''
+      let code = chunk
+      if (nl >= 0) {
+        const head = chunk.slice(0, nl).trim()
+        if (/^[a-zA-Z0-9+_\-]{1,20}$/.test(head)) {
+          lang = head
+          code = chunk.slice(nl + 1)
+        }
+      }
+      parts.push(
+        `<pre class="mdk-pre" data-lang="${escapeHtml(lang || '')}"><code>${escapeHtml(
+          code.replace(/\n$/, ''),
+        )}</code></pre>`,
+      )
+    } else {
+      // 行内元素
+      let html = escapeHtml(chunk)
+      // 行内代码 `xxx`
+      html = html.replace(/`([^`\n]+)`/g, '<code class="mdk-ic">$1</code>')
+      // 粗体 **xxx**
+      html = html.replace(/\*\*([^*\n]+)\*\*/g, '<strong>$1</strong>')
+      // 自动链接
+      html = html.replace(
+        /(https?:\/\/[\w\-._~:/?#\[\]@!$&'()*+,;=%]+)/g,
+        '<a href="$1" target="_blank" rel="noopener">$1</a>',
+      )
+      // 换行
+      html = html.replace(/\n/g, '<br />')
+      parts.push(html)
+    }
+  }
+  return parts.join('')
+}
+
+// ====================================================
+// 文生图(Text2Img)
+// ====================================================
+
+// 10 档比例:对应上游 chatgpt.com 实际靠 prompt 第一行 "Make the aspect ratio X:Y , "
+// 控制画面比例。OpenAI 兼容 size 仅作占位,按宽高比就近映射到官方支持的三档。
+interface RatioOpt {
+  label: string      // 中文名:方形 / 宽屏 / 竖版 …
+  ratio: string      // 比例文本:1:1 / 21:9 …
+  w: number          // 宽
+  h: number          // 高
+  size: string       // 发给后端的 OpenAI size
+}
+const RATIOS: readonly RatioOpt[] = [
+  { label: '方形',   ratio: '1:1',  w: 1,  h: 1,  size: '1024x1024' },
+  { label: '横屏',   ratio: '5:4',  w: 5,  h: 4,  size: '1792x1024' },
+  { label: '故事',   ratio: '9:16', w: 9,  h: 16, size: '1024x1792' },
+  { label: '超宽屏', ratio: '21:9', w: 21, h: 9,  size: '1792x1024' },
+  { label: '宽屏',   ratio: '16:9', w: 16, h: 9,  size: '1792x1024' },
+  { label: '横屏',   ratio: '4:3',  w: 4,  h: 3,  size: '1792x1024' },
+  { label: '宽幅',   ratio: '3:2',  w: 3,  h: 2,  size: '1792x1024' },
+  { label: '标准',   ratio: '4:5',  w: 4,  h: 5,  size: '1024x1792' },
+  { label: '竖版',   ratio: '3:4',  w: 3,  h: 4,  size: '1024x1792' },
+  { label: '竖版',   ratio: '2:3',  w: 2,  h: 3,  size: '1024x1792' },
+] as const
+
+// 预览小框的尺寸(按比例缩放后的 CSS px),保证所有档都落在 ≤36x36 的方格内。
+function ratioBoxStyle(r: RatioOpt) {
+  const MAX = 36
+  const ar = r.w / r.h
+  const bw = ar >= 1 ? MAX : Math.round(MAX * ar)
+  const bh = ar >= 1 ? Math.round(MAX / ar) : MAX
+  return { width: `${bw}px`, height: `${bh}px` }
+}
+
+// 统一的 prompt 前缀同步工具:
+// - 若第一行已经是 "Make the aspect ratio X:Y ,",就把 X:Y 换成新的 ratio
+// - 否则把 "Make the aspect ratio {ratio} , " 插到最前面
+// - 用户手动删掉这行后不会再自动补回(只有再次切换比例时才重新插入)
+const RATIO_PREFIX_RE = /^\s*Make the aspect ratio\s+\S+\s*,\s*/i
+function applyRatioPrefix(prompt: string, ratio: string): string {
+  const prefix = `Make the aspect ratio ${ratio} , `
+  const lines = prompt.split(/\r?\n/)
+  if (lines.length > 0 && RATIO_PREFIX_RE.test(lines[0])) {
+    lines[0] = lines[0].replace(RATIO_PREFIX_RE, prefix)
+    return lines.join('\n')
+  }
+  return prefix + prompt
+}
+
+const t2iPrompt = ref('')
+const t2iRatio = ref<string>('1:1')
+const t2iSize = computed(() =>
+  RATIOS.find((r) => r.ratio === t2iRatio.value)?.size ?? '1024x1024',
+)
+const t2iN = ref(1)
+// 本地高清放大档位(空=原图 / '2k' / '4k')。
+// 仅在图片代理 URL 首次请求时触发 decode + Catmull-Rom + PNG 编码,
+// 进程内 LRU 缓存命中后毫秒级返回。
+type UpscaleLevel = '' | '2k' | '4k'
+const t2iUpscale = ref<UpscaleLevel>('')
+
+// 切换比例时,实时把 prompt 第一行同步成新的 "Make the aspect ratio X:Y , "
+watch(t2iRatio, (nv) => {
+  t2iPrompt.value = applyRatioPrefix(t2iPrompt.value, nv)
+})
+const t2iSending = ref(false)
+const t2iResult = ref<PlayImageData[]>([])
+const t2iError = ref('')
+const t2iAbort = ref<AbortController | null>(null)
+
+const imgExamples = [
+  '赛博朋克城市夜景,霓虹雨夜,电影感光影,8k',
+  '一只金色胖柴犬穿西装坐在办公桌前,油画质感',
+  '极简几何海报,蓝橙配色,主体是一只展翅的鹤',
+  '童话风格蘑菇屋,黄昏光线,柔和景深',
+]
+
+// 点击示例 prompt 时,自动把当前比例的前缀拼到最前面,保持和 ratio 同步
+function useT2iExample(p: string) {
+  t2iPrompt.value = applyRatioPrefix(p, t2iRatio.value)
+}
+
+async function sendText2Img() {
+  const prompt = t2iPrompt.value.trim()
+  if (!prompt) {
+    ElMessage.warning('请输入描述词 prompt')
+    return
+  }
+  if (!selectedImageModel.value) {
+    ElMessage.warning('请选择一个图片模型')
+    return
+  }
+  t2iSending.value = true
+  t2iError.value = ''
+  t2iResult.value = []
+  t2iAbort.value = new AbortController()
+  try {
+    const resp = await playGenerateImage(
+      {
+        model: selectedImageModel.value,
+        prompt,
+        n: t2iN.value,
+        size: t2iSize.value,
+        upscale: t2iUpscale.value || undefined,
+      },
+      t2iAbort.value.signal,
+    )
+    t2iResult.value = resp.data || []
+    if (t2iResult.value.length === 0) {
+      t2iError.value = '未产出图片,请重试或更换描述'
+    } else {
+      ElMessage.success(`生成成功,共 ${t2iResult.value.length} 张`)
+    }
+  } catch (err: unknown) {
+    const msg = err instanceof Error ? err.message : String(err)
+    t2iError.value = msg
+    ElMessage.error(msg)
+  } finally {
+    t2iSending.value = false
+    t2iAbort.value = null
+    userStore.fetchMe().catch(() => {})
+  }
+}
+
+function stopText2Img() {
+  t2iAbort.value?.abort()
+}
+
+function openInNewWindow(url: string) {
+  window.open(url, '_blank', 'noopener,noreferrer')
+}
+
+function downloadUrl(url: string) {
+  const a = document.createElement('a')
+  a.href = url
+  a.target = '_blank'
+  a.rel = 'noopener'
+  a.download = ''
+  document.body.appendChild(a)
+  a.click()
+  document.body.removeChild(a)
+}
+
+// ====================================================
+// 图生图(Img2Img)
+// ====================================================
+interface RefImage {
+  name: string
+  dataUrl: string
+  size: number
+}
+const refImages = ref<RefImage[]>([])
+const i2iPrompt = ref('')
+const i2iRatio = ref<string>('1:1')
+const i2iSize = computed(() =>
+  RATIOS.find((r) => r.ratio === i2iRatio.value)?.size ?? '1024x1024',
+)
+const i2iUpscale = ref<UpscaleLevel>('')
+watch(i2iRatio, (nv) => {
+  i2iPrompt.value = applyRatioPrefix(i2iPrompt.value, nv)
+})
+const i2iSending = ref(false)
+const i2iResult = ref<PlayImageData[]>([])
+const i2iError = ref('')
+const i2iAbort = ref<AbortController | null>(null)
+const MAX_REF_BYTES = 4 * 1024 * 1024 // 4MB
+
+function handleFilePick(e: Event) {
+  const input = e.target as HTMLInputElement
+  const files = input.files
+  if (!files) return
+  for (const file of Array.from(files)) {
+    if (file.size > MAX_REF_BYTES) {
+      ElMessage.warning(`${file.name} 超过 4MB 限制`)
+      continue
+    }
+    const reader = new FileReader()
+    reader.onload = () => {
+      refImages.value.push({
+        name: file.name,
+        dataUrl: String(reader.result || ''),
+        size: file.size,
+      })
+    }
+    reader.readAsDataURL(file)
+  }
+  input.value = ''
+}
+
+function removeRefImage(idx: number) {
+  refImages.value.splice(idx, 1)
+}
+
+async function sendImg2Img() {
+  if (refImages.value.length === 0) {
+    ElMessage.warning('请先上传至少一张参考图')
+    return
+  }
+  if (!i2iPrompt.value.trim()) {
+    ElMessage.warning('请描述希望的改动')
+    return
+  }
+  if (!selectedImageModel.value) {
+    ElMessage.warning('请选择一个图片模型')
+    return
+  }
+  i2iSending.value = true
+  i2iError.value = ''
+  i2iResult.value = []
+  i2iAbort.value = new AbortController()
+  try {
+    const resp = await playGenerateImage(
+      {
+        model: selectedImageModel.value,
+        prompt: i2iPrompt.value.trim(),
+        n: 1,
+        size: i2iSize.value,
+        reference_images: refImages.value.map((r) => r.dataUrl),
+        upscale: i2iUpscale.value || undefined,
+      },
+      i2iAbort.value.signal,
+    )
+    i2iResult.value = resp.data || []
+    if (i2iResult.value.length > 0) {
+      ElMessage.success(`生成成功,共 ${i2iResult.value.length} 张`)
+    }
+  } catch (err: unknown) {
+    const msg = err instanceof Error ? err.message : String(err)
+    i2iError.value = msg
+    ElMessage.error(msg)
+  } finally {
+    i2iSending.value = false
+    i2iAbort.value = null
+  }
+}
+
+// 代码块内的 "复制" 按钮(通过事件委托,避免每次重渲染都重新绑定)
+function onMsgClick(e: MouseEvent) {
+  const t = e.target as HTMLElement | null
+  if (!t) return
+  const btn = t.closest('.mdk-copy') as HTMLElement | null
+  if (!btn) return
+  const pre = btn.parentElement?.querySelector('code')
+  if (!pre) return
+  copyText(pre.textContent || '')
+}
+
+// input 自动聚焦(tab 切换后)
+watch(activeTab, (v) => {
+  if (v === 'chat') nextTick(() => inputRef.value?.focus?.())
+})
+</script>
+
+<template>
+  <div class="page-container playground">
+    <!-- ============ Hero(紧凑条) ============ -->
+    <div class="hero card-block">
+      <div class="hero-left">
+        <el-icon class="hero-ic"><MagicStick /></el-icon>
+        <div class="hero-txt">
+          <h2 class="hero-title">在线体验</h2>
+          <span class="hero-sub">
+            浏览器中直接调用 GPT {{ ENABLE_CHAT_MODEL ? '文字 / ' : '' }}图像模型 · 文生图 & 图生图 · 同一账号池、同一套计费,记录同步到「使用记录」
+          </span>
+        </div>
+      </div>
+      <div class="hero-stats">
+        <div class="mini-stat">
+          <span class="mini-num">{{ balance }}</span>
+          <span class="mini-lbl">积分</span>
+        </div>
+        <template v-if="ENABLE_CHAT_MODEL">
+          <span class="mini-dot" />
+          <div class="mini-stat">
+            <span class="mini-num">{{ chatModels.length }}</span>
+            <span class="mini-lbl">文字模型</span>
+          </div>
+        </template>
+        <span class="mini-dot" />
+        <div class="mini-stat">
+          <span class="mini-num">{{ imageModels.length }}</span>
+          <span class="mini-lbl">图片模型</span>
+        </div>
+      </div>
+    </div>
+
+    <!-- ============ Tabs ============ -->
+    <el-tabs v-model="activeTab" class="pg-tabs">
+      <!-- =================================================== -->
+      <!--                          Chat                         -->
+      <!-- =================================================== -->
+      <el-tab-pane v-if="ENABLE_CHAT_MODEL" name="chat">
+        <template #label>
+          <span class="tab-lbl"><el-icon><ChatDotRound /></el-icon> 对话</span>
+        </template>
+
+        <div class="chat-grid">
+          <!-- 左侧:模型 + System + 温度 -->
+          <aside class="card-block side">
+            <div class="side-row">
+              <label class="side-lbl">文字模型</label>
+              <el-select v-model="selectedChatModel" placeholder="选择文字模型" size="large" style="width:100%">
+                <el-option v-for="m in chatModels" :key="m.id" :label="m.slug" :value="m.slug">
+                  <div class="opt-row">
+                    <span class="opt-slug">{{ m.slug }}</span>
+                    <el-tag size="small" type="primary" effect="plain">chat</el-tag>
+                  </div>
+                </el-option>
+              </el-select>
+              <div v-if="currentChatDesc" class="side-hint">{{ currentChatDesc }}</div>
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">
+                Temperature
+                <span class="side-val">{{ temperature.toFixed(1) }}</span>
+              </label>
+              <el-slider v-model="temperature" :min="0" :max="2" :step="0.1" show-stops />
+              <div class="side-hint">越低越保守、越高越发散。默认 0.7</div>
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">System Prompt</label>
+              <el-input
+                v-model="systemPrompt"
+                type="textarea"
+                :rows="6"
+                resize="none"
+                placeholder="为助手设定人格与风格"
+              />
+            </div>
+
+            <el-button :disabled="chatMsgs.length === 0" @click="resetChat" class="side-btn">
+              <el-icon><Delete /></el-icon> 清空会话
+            </el-button>
+          </aside>
+
+          <!-- 右侧:聊天主区 -->
+          <section class="card-block chat-main">
+            <header class="chat-header">
+              <div class="chat-title">
+                <el-avatar :size="32" class="avatar-bot">
+                  <el-icon><Cpu /></el-icon>
+                </el-avatar>
+                <div>
+                  <div class="chat-model">{{ selectedChatModel || '未选择模型' }}</div>
+                  <div class="chat-sub">
+                    {{ chatSending ? '正在回复…' : (chatMsgs.length ? `${chatMsgs.length} 条消息` : '准备就绪') }}
+                  </div>
+                </div>
+              </div>
+              <div class="chat-tools">
+                <el-tooltip content="重试上一个问题" placement="top">
+                  <el-button
+                    :disabled="chatSending || chatMsgs.length === 0"
+                    circle
+                    @click="regenerate"
+                  >
+                    <el-icon><RefreshRight /></el-icon>
+                  </el-button>
+                </el-tooltip>
+              </div>
+            </header>
+
+            <div ref="chatScroll" class="chat-scroll" @click="onMsgClick">
+              <!-- 空态:建议卡 -->
+              <div v-if="chatMsgs.length === 0" class="welcome">
+                <div class="welcome-hi">
+                  👋 你好{{ user?.nickname ? ',' + user.nickname : '' }}
+                </div>
+                <div class="welcome-sub">选一个话题开始,或者直接在下方输入。</div>
+                <div class="suggest-grid">
+                  <div
+                    v-for="(s, i) in suggestions"
+                    :key="i"
+                    class="suggest-card"
+                    @click="useSuggestion(s)"
+                  >
+                    <div class="s-ic">{{ s.icon }}</div>
+                    <div class="s-t">{{ s.title }}</div>
+                    <div class="s-s">{{ s.sub }}</div>
+                  </div>
+                </div>
+              </div>
+
+              <!-- 消息列表 -->
+              <article
+                v-for="m in chatMsgs"
+                :key="m.id"
+                :class="['msg', m.role, m.error ? 'err' : '']"
+              >
+                <el-avatar :size="34" :class="m.role === 'user' ? 'avatar-user' : 'avatar-bot'">
+                  <el-icon v-if="m.role === 'user'"><User /></el-icon>
+                  <el-icon v-else><MagicStick /></el-icon>
+                </el-avatar>
+                <div class="msg-body">
+                  <div class="msg-head">
+                    <span class="who">{{ m.role === 'user' ? '我' : '助手' }}</span>
+                    <span v-if="!m.pending && m.content" class="copy-btn" @click="copyText(m.content)">
+                      <el-icon><CopyDocument /></el-icon> 复制
+                    </span>
+                  </div>
+                  <div class="msg-content">
+                    <div v-if="m.pending && !m.content" class="typing">
+                      <span></span><span></span><span></span>
+                    </div>
+                    <div
+                      v-else
+                      class="md"
+                      v-html="renderMarkdown(m.content)"
+                    />
+                  </div>
+                </div>
+              </article>
+            </div>
+
+            <!-- 输入条 -->
+            <div class="composer" :class="{ focused: !!chatInput }">
+              <el-input
+                ref="inputRef"
+                v-model="chatInput"
+                type="textarea"
+                :rows="1"
+                :autosize="{ minRows: 1, maxRows: 6 }"
+                resize="none"
+                placeholder="给助手发消息…  Enter 发送,Shift+Enter 换行"
+                @keydown.enter.exact.prevent="sendChat"
+              />
+              <div class="composer-tools">
+                <span class="hint">
+                  <el-icon><InfoFilled /></el-icon>
+                  按 Enter 发送
+                </span>
+                <div style="flex:1" />
+                <el-button v-if="chatSending" type="danger" @click="stopChat" round>
+                  <el-icon><VideoPause /></el-icon> 停止
+                </el-button>
+                <el-button
+                  v-else
+                  type="primary"
+                  :disabled="!chatInput.trim() || !selectedChatModel"
+                  @click="sendChat"
+                  round
+                >
+                  发送
+                  <el-icon style="margin-left:4px"><Promotion /></el-icon>
+                </el-button>
+              </div>
+            </div>
+          </section>
+        </div>
+      </el-tab-pane>
+
+      <!-- =================================================== -->
+      <!--                        文生图                         -->
+      <!-- =================================================== -->
+      <el-tab-pane name="text2img">
+        <template #label>
+          <span class="tab-lbl"><el-icon><Picture /></el-icon> 文生图</span>
+        </template>
+
+        <div class="img-grid">
+          <aside class="card-block side">
+            <div class="side-row">
+              <label class="side-lbl">图片模型</label>
+              <el-select v-model="selectedImageModel" placeholder="选择图片模型" size="large" style="width:100%">
+                <el-option v-for="m in imageModels" :key="m.id" :label="m.slug" :value="m.slug">
+                  <div class="opt-row">
+                    <span class="opt-slug">{{ m.slug }}</span>
+                    <el-tag size="small" type="warning" effect="plain">image</el-tag>
+                  </div>
+                </el-option>
+              </el-select>
+              <div v-if="currentImageDesc" class="side-hint">{{ currentImageDesc }}</div>
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">
+                画面比例
+                <span class="side-val">{{ t2iRatio }}</span>
+              </label>
+              <div class="ratio-row">
+                <button
+                  v-for="r in RATIOS"
+                  :key="r.ratio"
+                  :class="['ratio-btn', { active: t2iRatio === r.ratio }]"
+                  :title="`${r.label} · ${r.ratio}`"
+                  @click="t2iRatio = r.ratio"
+                >
+                  <div class="ratio-box" :style="ratioBoxStyle(r)" />
+                  <span class="ratio-name">{{ r.label }}</span>
+                  <span class="ratio-val-sm">{{ r.ratio }}</span>
+                </button>
+              </div>
+              <div class="side-hint">
+                选中后会把 <code class="hint-code">Make the aspect ratio {{ t2iRatio }} ,</code>
+                作为 prompt 第一行传给上游
+              </div>
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">张数 <span class="side-val">{{ t2iN }}</span></label>
+              <el-slider v-model="t2iN" :min="1" :max="4" show-stops />
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">
+                输出尺寸
+                <el-tooltip placement="top" effect="light">
+                  <template #content>
+                    <div style="max-width:260px;line-height:1.55;">
+                      上游原生出图为 1024 或 1792 px;选择 2K/4K 会在图片加载时用本地
+                      <b>Catmull-Rom 插值</b>放大并以 PNG 输出。<br>
+                      <span style="color:#a16207;">注意:这是传统算法放大,不是 AI 超分,</span>不会补出新的纹理或毛发,只会让画面更大更平滑。4K 首次加载约 +0.5~1.5s,之后命中缓存。
+                    </div>
+                  </template>
+                  <el-icon style="margin-left:4px;color:#94a3b8;cursor:help;"><InfoFilled /></el-icon>
+                </el-tooltip>
+              </label>
+              <el-radio-group v-model="t2iUpscale" size="small" class="upscale-group">
+                <el-radio-button label="">原图</el-radio-button>
+                <el-radio-button label="2k">2K 高清</el-radio-button>
+                <el-radio-button label="4k">4K 高清</el-radio-button>
+              </el-radio-group>
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">Prompt</label>
+              <el-input
+                v-model="t2iPrompt"
+                type="textarea"
+                :rows="5"
+                resize="none"
+                placeholder="描述画面的主体、风格、光线、构图…越具体效果越好"
+              />
+              <div class="chips">
+                <el-tag
+                  v-for="(p, i) in imgExamples"
+                  :key="i"
+                  effect="plain"
+                  round
+                  class="chip"
+                  @click="useT2iExample(p)"
+                >{{ p }}</el-tag>
+              </div>
+            </div>
+
+            <el-button v-if="t2iSending" type="danger" @click="stopText2Img" round class="side-btn">
+              <el-icon><VideoPause /></el-icon> 停止
+            </el-button>
+            <el-button
+              v-else
+              type="primary"
+              round
+              size="large"
+              :disabled="!t2iPrompt.trim() || !selectedImageModel"
+              @click="sendText2Img"
+              class="side-btn gen-btn"
+            >
+              <el-icon><MagicStick /></el-icon> 生成图片
+            </el-button>
+          </aside>
+
+          <section class="card-block img-main">
+            <div v-if="t2iSending" class="stage loading">
+              <div class="orb"><el-icon class="spin"><Loading /></el-icon></div>
+              <div class="stage-title">正在为你绘制…</div>
+              <div class="stage-sub">上游渲染通常需要 1-2 分钟,请保持页面打开</div>
+            </div>
+            <div v-else-if="t2iError" class="err-block">
+              <el-icon><WarningFilled /></el-icon>
+              {{ t2iError }}
+            </div>
+            <div v-else-if="t2iResult.length === 0" class="stage">
+              <div class="stage-art">🖼️</div>
+              <div class="stage-title">还没有图片</div>
+              <div class="stage-sub">在左侧填好 prompt 和参数,点击「生成图片」</div>
+            </div>
+            <div v-else class="result-wrap">
+              <div class="result-grid">
+                <div v-for="(img, idx) in t2iResult" :key="idx" class="img-cell">
+                  <img
+                    :src="img.url"
+                    :alt="`result-${idx}`"
+                    loading="lazy"
+                    class="img-thumb"
+                    @click="openInNewWindow(img.url)"
+                  />
+                  <div class="img-btns">
+                    <button class="img-btn" @click="openInNewWindow(img.url)">
+                      <el-icon><ZoomIn /></el-icon> 预览
+                    </button>
+                    <button class="img-btn" @click="downloadUrl(img.url)">
+                      <el-icon><Download /></el-icon> 下载
+                    </button>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </section>
+        </div>
+      </el-tab-pane>
+
+      <!-- =================================================== -->
+      <!--                        图生图                         -->
+      <!-- =================================================== -->
+      <el-tab-pane name="img2img">
+        <template #label>
+          <span class="tab-lbl"><el-icon><PictureFilled /></el-icon> 图生图</span>
+        </template>
+
+        <div class="img-grid">
+          <aside class="card-block side">
+            <div class="side-row">
+              <label class="side-lbl">图片模型</label>
+              <el-select v-model="selectedImageModel" placeholder="选择图片模型" size="large" style="width:100%">
+                <el-option v-for="m in imageModels" :key="m.id" :label="m.slug" :value="m.slug" />
+              </el-select>
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">参考图 <span class="side-val">{{ refImages.length }}/多</span></label>
+              <label class="upload-zone">
+                <el-icon class="up-ic"><UploadFilled /></el-icon>
+                <div class="up-t">点击选择 / 拖拽图片到这里</div>
+                <div class="up-s">最多多张,每张 ≤ 4MB</div>
+                <input type="file" accept="image/*" multiple @change="handleFilePick" />
+              </label>
+
+              <div v-if="refImages.length" class="ref-grid">
+                <div v-for="(r, idx) in refImages" :key="idx" class="ref-thumb">
+                  <img :src="r.dataUrl" :alt="r.name" />
+                  <div class="ref-x" @click="removeRefImage(idx)">
+                    <el-icon><Close /></el-icon>
+                  </div>
+                  <div class="ref-meta">{{ (r.size / 1024).toFixed(0) }} KB</div>
+                </div>
+              </div>
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">
+                输出比例
+                <span class="side-val">{{ i2iRatio }}</span>
+              </label>
+              <div class="ratio-row">
+                <button
+                  v-for="r in RATIOS"
+                  :key="r.ratio"
+                  :class="['ratio-btn', { active: i2iRatio === r.ratio }]"
+                  :title="`${r.label} · ${r.ratio}`"
+                  @click="i2iRatio = r.ratio"
+                >
+                  <div class="ratio-box" :style="ratioBoxStyle(r)" />
+                  <span class="ratio-name">{{ r.label }}</span>
+                  <span class="ratio-val-sm">{{ r.ratio }}</span>
+                </button>
+              </div>
+              <div class="side-hint">
+                切换后会把 <code class="hint-code">Make the aspect ratio {{ i2iRatio }} ,</code>
+                作为 prompt 第一行
+              </div>
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">
+                输出尺寸
+                <el-tooltip placement="top" effect="light">
+                  <template #content>
+                    <div style="max-width:260px;line-height:1.55;">
+                      上游原生出图为 1024 或 1792 px;选择 2K/4K 会在图片加载时用本地
+                      <b>Catmull-Rom 插值</b>放大并以 PNG 输出。<br>
+                      <span style="color:#a16207;">注意:这是传统算法放大,不是 AI 超分,</span>不会补出新的纹理或毛发,只会让画面更大更平滑。4K 首次加载约 +0.5~1.5s,之后命中缓存。
+                    </div>
+                  </template>
+                  <el-icon style="margin-left:4px;color:#94a3b8;cursor:help;"><InfoFilled /></el-icon>
+                </el-tooltip>
+              </label>
+              <el-radio-group v-model="i2iUpscale" size="small" class="upscale-group">
+                <el-radio-button label="">原图</el-radio-button>
+                <el-radio-button label="2k">2K 高清</el-radio-button>
+                <el-radio-button label="4k">4K 高清</el-radio-button>
+              </el-radio-group>
+            </div>
+
+            <div class="side-row">
+              <label class="side-lbl">希望如何改动</label>
+              <el-input
+                v-model="i2iPrompt"
+                type="textarea"
+                :rows="4"
+                resize="none"
+                placeholder="例:保持人物姿态,把背景换成赛博朋克夜景"
+              />
+            </div>
+
+            <el-button
+              type="primary"
+              round
+              size="large"
+              :loading="i2iSending"
+              :disabled="refImages.length === 0 || !i2iPrompt.trim()"
+              @click="sendImg2Img"
+              class="side-btn gen-btn"
+            >
+              <el-icon><MagicStick /></el-icon> 生成
+            </el-button>
+          </aside>
+
+          <section class="card-block img-main">
+            <div v-if="i2iError" class="err-block">
+              <el-icon><WarningFilled /></el-icon>
+              {{ i2iError }}
+            </div>
+            <div v-else-if="i2iSending" class="stage loading">
+              <div class="orb"><el-icon class="spin"><Loading /></el-icon></div>
+              <div class="stage-title">正在生成…</div>
+            </div>
+            <div v-else-if="i2iResult.length === 0" class="stage">
+              <div class="stage-art">🎨</div>
+              <div class="stage-title">还没有结果</div>
+              <div class="stage-sub">上传参考图 + 描述改动,然后点击「生成」</div>
+            </div>
+            <div v-else class="result-wrap">
+              <div class="result-grid">
+                <div v-for="(img, idx) in i2iResult" :key="idx" class="img-cell">
+                  <img
+                    :src="img.url"
+                    :alt="`result-${idx}`"
+                    class="img-thumb"
+                    @click="openInNewWindow(img.url)"
+                  />
+                  <div class="img-btns">
+                    <button class="img-btn" @click="openInNewWindow(img.url)">
+                      <el-icon><ZoomIn /></el-icon> 预览
+                    </button>
+                    <button class="img-btn" @click="downloadUrl(img.url)">
+                      <el-icon><Download /></el-icon> 下载
+                    </button>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </section>
+        </div>
+      </el-tab-pane>
+    </el-tabs>
+
+  </div>
+</template>
+
+<style scoped lang="scss">
+.playground { padding-bottom: 24px; }
+
+/* ====================== Hero(紧凑条) ====================== */
+.hero {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 16px;
+  padding: 12px 18px !important;
+  margin-bottom: 14px !important;
+}
+.hero-left {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  min-width: 0;
+  flex: 1;
+}
+.hero-ic {
+  width: 36px;
+  height: 36px;
+  border-radius: 10px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-size: 18px;
+  color: var(--el-color-primary);
+  background: var(--el-color-primary-light-9);
+  flex-shrink: 0;
+}
+.hero-txt {
+  display: flex;
+  align-items: baseline;
+  gap: 10px;
+  min-width: 0;
+  flex-wrap: wrap;
+}
+.hero-title {
+  margin: 0;
+  font-size: 16px;
+  font-weight: 600;
+  color: var(--el-text-color-primary);
+  white-space: nowrap;
+}
+.hero-sub {
+  font-size: 12.5px;
+  color: var(--el-text-color-secondary);
+  line-height: 1.5;
+}
+.hero-stats {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  flex-shrink: 0;
+}
+.mini-stat {
+  display: inline-flex;
+  align-items: baseline;
+  gap: 4px;
+  .mini-num {
+    font-size: 14px;
+    font-weight: 600;
+    color: var(--el-color-primary);
+  }
+  .mini-lbl {
+    font-size: 12px;
+    color: var(--el-text-color-secondary);
+  }
+}
+.mini-dot {
+  width: 3px; height: 3px; border-radius: 50%;
+  background: var(--el-border-color);
+}
+
+/* ====================== Tabs ====================== */
+.pg-tabs {
+  :deep(.el-tabs__header) { margin-bottom: 16px; }
+  :deep(.el-tabs__nav-wrap::after) { background: var(--el-border-color-lighter); }
+  :deep(.el-tabs__item) {
+    font-size: 14px;
+    font-weight: 500;
+    padding: 0 18px;
+  }
+  :deep(.el-tabs__item.is-active) { font-weight: 600; }
+}
+.tab-lbl { display: inline-flex; align-items: center; gap: 6px; }
+
+/* ====================== Side ====================== */
+.side { display: flex; flex-direction: column; gap: 16px; height: fit-content; position: sticky; top: 12px; }
+.side-row { display: flex; flex-direction: column; gap: 6px; }
+.side-lbl {
+  font-size: 12px;
+  color: var(--el-text-color-secondary);
+  font-weight: 500;
+  display: flex; justify-content: space-between; align-items: center;
+  letter-spacing: 0.3px;
+  text-transform: uppercase;
+}
+.side-val { font-weight: 600; color: var(--el-color-primary); letter-spacing: 0; text-transform: none; font-size: 13px; }
+.side-hint { font-size: 12px; color: var(--el-text-color-placeholder); line-height: 1.5; }
+.side-btn { margin-top: 4px; }
+.gen-btn { box-shadow: 0 6px 18px -6px rgba(64, 158, 255, 0.55); }
+.opt-row { display: flex; justify-content: space-between; align-items: center; gap: 8px; }
+
+/* ---- 输出尺寸(本地高清放大)单选组 ---- */
+.upscale-group { display: flex; width: 100%; }
+.upscale-group :deep(.el-radio-button) { flex: 1; }
+.upscale-group :deep(.el-radio-button__inner) {
+  width: 100%;
+  padding-left: 0;
+  padding-right: 0;
+  letter-spacing: 0.2px;
+}
+.opt-slug { font-family: ui-monospace, Menlo, Consolas, monospace; font-size: 13px; }
+
+/* ====================== Chat ====================== */
+.chat-grid {
+  display: grid;
+  grid-template-columns: 300px minmax(0, 1fr);
+  gap: 16px;
+  min-height: 620px;
+}
+.chat-main {
+  display: flex; flex-direction: column;
+  padding: 0;
+  overflow: hidden;
+  height: 720px;
+}
+.chat-header {
+  display: flex; justify-content: space-between; align-items: center;
+  padding: 12px 18px;
+  border-bottom: 1px solid var(--el-border-color-lighter);
+  background: linear-gradient(180deg, var(--el-bg-color) 0%, var(--el-fill-color-lighter) 100%);
+}
+.chat-title { display: flex; align-items: center; gap: 10px; }
+.chat-model { font-size: 14px; font-weight: 600; color: var(--el-text-color-primary); }
+.chat-sub { font-size: 12px; color: var(--el-text-color-secondary); margin-top: 2px; }
+.chat-tools { display: flex; gap: 6px; }
+
+.chat-scroll {
+  flex: 1;
+  overflow-y: auto;
+  padding: 22px 24px;
+  scroll-behavior: smooth;
+}
+
+/* ----- 欢迎 ----- */
+.welcome {
+  min-height: 100%;
+  display: flex; flex-direction: column; align-items: center; justify-content: center;
+  padding: 30px 20px;
+}
+.welcome-hi {
+  font-size: 24px; font-weight: 700;
+  color: var(--el-text-color-primary);
+  margin-bottom: 6px;
+}
+.welcome-sub { color: var(--el-text-color-secondary); margin-bottom: 22px; font-size: 14px; }
+.suggest-grid {
+  display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
+  gap: 12px;
+  width: 100%; max-width: 680px;
+}
+.suggest-card {
+  border: 1px solid var(--el-border-color-lighter);
+  border-radius: 12px;
+  padding: 14px 16px;
+  cursor: pointer;
+  background: var(--el-bg-color);
+  transition: all 0.2s;
+  .s-ic { font-size: 20px; margin-bottom: 4px; }
+  .s-t { font-size: 13px; font-weight: 600; color: var(--el-text-color-primary); }
+  .s-s { font-size: 12px; color: var(--el-text-color-secondary); margin-top: 4px; line-height: 1.5; }
+  &:hover {
+    border-color: var(--el-color-primary);
+    transform: translateY(-1px);
+    box-shadow: 0 6px 18px -8px rgba(64, 158, 255, 0.35);
+  }
+}
+
+/* ----- 消息 ----- */
+.msg {
+  display: flex;
+  gap: 12px;
+  padding: 14px 0;
+  border-bottom: 1px dashed var(--el-border-color-lighter);
+  animation: fadeIn 0.25s ease;
+  &:last-child { border-bottom: none; }
+  &.err .msg-content { color: var(--el-color-danger); }
+}
+@keyframes fadeIn {
+  from { opacity: 0; transform: translateY(4px); }
+  to   { opacity: 1; transform: translateY(0); }
+}
+.avatar-user {
+  background: var(--el-color-primary);
+  color: #fff;
+  flex-shrink: 0;
+}
+.avatar-bot {
+  background: var(--el-color-success);
+  color: #fff;
+  flex-shrink: 0;
+}
+.msg-body { flex: 1; min-width: 0; }
+.msg-head {
+  display: flex; align-items: center; justify-content: space-between;
+  margin-bottom: 4px;
+  .who { font-size: 12px; font-weight: 600; color: var(--el-text-color-secondary); }
+  .copy-btn {
+    font-size: 12px; color: var(--el-text-color-placeholder); cursor: pointer;
+    display: inline-flex; align-items: center; gap: 2px;
+    opacity: 0; transition: opacity 0.2s;
+    &:hover { color: var(--el-color-primary); }
+  }
+}
+.msg:hover .copy-btn { opacity: 1; }
+.msg-content {
+  font-size: 14px; line-height: 1.75;
+  color: var(--el-text-color-primary);
+  word-break: break-word;
+}
+
+/* markdown 渲染产物 */
+.md :deep(.mdk-pre) {
+  background: #0f172a;
+  color: #e2e8f0;
+  padding: 12px 14px;
+  border-radius: 10px;
+  overflow-x: auto;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12.5px;
+  line-height: 1.6;
+  margin: 8px 0;
+  position: relative;
+  &::before {
+    content: attr(data-lang);
+    position: absolute;
+    top: 6px; right: 10px;
+    font-size: 10px;
+    text-transform: uppercase;
+    letter-spacing: 1px;
+    color: #94a3b8;
+    opacity: 0.8;
+  }
+}
+.md :deep(.mdk-ic) {
+  background: var(--el-fill-color);
+  color: var(--el-color-primary);
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12.5px;
+}
+.md :deep(a) { color: var(--el-color-primary); text-decoration: none; }
+.md :deep(a:hover) { text-decoration: underline; }
+.md :deep(strong) { font-weight: 600; }
+
+/* typing 指示器 */
+.typing {
+  display: inline-flex; gap: 5px; padding: 4px 0;
+  span {
+    width: 7px; height: 7px; border-radius: 50%;
+    background: var(--el-color-primary);
+    animation: blink 1.4s infinite ease-in-out both;
+  }
+  span:nth-child(2) { animation-delay: 0.2s; }
+  span:nth-child(3) { animation-delay: 0.4s; }
+}
+@keyframes blink {
+  0%, 80%, 100% { opacity: 0.2; transform: scale(0.7); }
+  40% { opacity: 1; transform: scale(1); }
+}
+
+/* ----- 输入条 ----- */
+.composer {
+  padding: 12px 18px 16px;
+  border-top: 1px solid var(--el-border-color-lighter);
+  background: var(--el-bg-color);
+  transition: box-shadow 0.2s;
+  :deep(.el-textarea__inner) {
+    border-radius: 12px;
+    padding: 10px 14px;
+    font-size: 14px;
+    box-shadow: none;
+    border: 1px solid var(--el-border-color);
+    transition: border-color 0.2s, box-shadow 0.2s;
+    &:focus {
+      border-color: var(--el-color-primary);
+      box-shadow: 0 0 0 3px rgba(64, 158, 255, 0.15);
+    }
+  }
+}
+.composer-tools {
+  display: flex; align-items: center; gap: 8px; margin-top: 10px;
+  .hint {
+    display: inline-flex; align-items: center; gap: 4px;
+    font-size: 12px; color: var(--el-text-color-placeholder);
+  }
+}
+
+/* ====================== 图片面板 ====================== */
+.img-grid {
+  display: grid;
+  grid-template-columns: 340px minmax(0, 1fr);
+  gap: 16px;
+}
+/* img-main 高度随内容自适应，stage（空态/loading）保留最小高度 */
+.img-main { min-height: 0; }
+
+/* 比例按钮 —— 10 档预设,5 列 × 2 行 grid */
+.ratio-row {
+  display: grid;
+  grid-template-columns: repeat(5, 1fr);
+  gap: 6px;
+}
+.ratio-btn {
+  background: var(--el-bg-color);
+  border: 1px solid var(--el-border-color-lighter);
+  border-radius: 8px;
+  padding: 6px 2px 5px;
+  cursor: pointer;
+  display: flex; flex-direction: column; align-items: center;
+  gap: 3px;
+  font-size: 11px; color: var(--el-text-color-secondary);
+  transition: all 0.15s;
+  min-width: 0;
+  .ratio-box {
+    background: var(--el-fill-color-light);
+    border-radius: 2px;
+    border: 1px solid var(--el-border-color-lighter);
+    flex: 0 0 auto;
+    /* 固定一个 36px 高度的占位,避免不同比例下按钮整体高度抖动 */
+    margin: 2px 0;
+  }
+  .ratio-name {
+    font-size: 11px;
+    line-height: 1.2;
+    letter-spacing: 0;
+  }
+  .ratio-val-sm {
+    font-size: 10px;
+    color: var(--el-text-color-placeholder);
+    font-family: ui-monospace, Menlo, Consolas, monospace;
+    line-height: 1.2;
+  }
+  &:hover {
+    border-color: var(--el-color-primary);
+    color: var(--el-color-primary);
+    .ratio-val-sm { color: var(--el-color-primary); }
+  }
+  &.active {
+    border-color: var(--el-color-primary);
+    background: var(--el-color-primary-light-9);
+    color: var(--el-color-primary);
+    font-weight: 600;
+    .ratio-box {
+      background: var(--el-color-primary);
+      border-color: var(--el-color-primary);
+    }
+    .ratio-val-sm { color: var(--el-color-primary); font-weight: 600; }
+  }
+}
+
+/* ratio 说明文字里的内联代码样式 */
+.hint-code {
+  background: var(--el-fill-color);
+  color: var(--el-color-primary);
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 11.5px;
+}
+
+/* prompt chips */
+.chips { display: flex; flex-wrap: wrap; gap: 6px; margin-top: 8px; }
+.chip { cursor: pointer; max-width: 100%; overflow: hidden; text-overflow: ellipsis; }
+.chip:hover { background: var(--el-color-primary-light-9); color: var(--el-color-primary); }
+
+/* 上传区 */
+.upload-zone {
+  position: relative;
+  display: flex; flex-direction: column; align-items: center;
+  padding: 20px 12px;
+  border: 2px dashed var(--el-border-color);
+  border-radius: 12px;
+  cursor: pointer;
+  background: var(--el-fill-color-lighter);
+  transition: all 0.2s;
+  &:hover { border-color: var(--el-color-primary); background: var(--el-color-primary-light-9); }
+  .up-ic { font-size: 32px; color: var(--el-color-primary); }
+  .up-t { font-size: 13px; margin-top: 6px; color: var(--el-text-color-primary); }
+  .up-s { font-size: 11px; color: var(--el-text-color-placeholder); margin-top: 2px; }
+  input { position: absolute; inset: 0; opacity: 0; cursor: pointer; }
+}
+
+.ref-grid {
+  margin-top: 10px;
+  display: grid;
+  grid-template-columns: repeat(3, 1fr);
+  gap: 8px;
+}
+.ref-thumb {
+  position: relative;
+  aspect-ratio: 1;
+  border-radius: 8px;
+  overflow: hidden;
+  background: var(--el-fill-color-light);
+  img { width: 100%; height: 100%; object-fit: cover; display: block; }
+  .ref-x {
+    position: absolute; top: 4px; right: 4px;
+    width: 20px; height: 20px; border-radius: 50%;
+    background: rgba(0,0,0,0.55); color: #fff;
+    display: flex; align-items: center; justify-content: center;
+    cursor: pointer; font-size: 12px;
+    opacity: 0; transition: opacity 0.2s;
+  }
+  .ref-meta {
+    position: absolute; bottom: 0; left: 0; right: 0;
+    padding: 2px 6px;
+    background: linear-gradient(transparent, rgba(0,0,0,0.6));
+    color: #fff; font-size: 10px;
+    opacity: 0; transition: opacity 0.2s;
+  }
+  &:hover { .ref-x, .ref-meta { opacity: 1; } }
+}
+
+/* 主区 stage / 结果 */
+.stage {
+  min-height: 440px;
+  display: flex; flex-direction: column; align-items: center; justify-content: center;
+  text-align: center; color: var(--el-text-color-secondary); padding: 40px 24px;
+  .stage-art { font-size: 64px; margin-bottom: 16px; opacity: 0.7; }
+  .stage-title { font-size: 16px; font-weight: 600; color: var(--el-text-color-primary); }
+  .stage-sub { font-size: 13px; margin-top: 6px; }
+  &.loading { gap: 14px; }
+  .orb {
+    width: 72px; height: 72px; border-radius: 50%;
+    background: var(--el-color-primary-light-8);
+    display: flex; align-items: center; justify-content: center;
+    animation: pulseOrb 1.8s ease-in-out infinite;
+  }
+}
+@keyframes pulseOrb {
+  0%, 100% { transform: scale(1); box-shadow: 0 0 0 0 var(--el-color-primary-light-5); }
+  50%      { transform: scale(1.08); box-shadow: 0 0 0 14px rgba(64,158,255,0); }
+}
+.spin { font-size: 30px; animation: spin 1s linear infinite; color: var(--el-color-primary); }
+@keyframes spin { to { transform: rotate(360deg); } }
+
+.err-block {
+  background: var(--el-color-danger-light-9);
+  color: var(--el-color-danger);
+  padding: 12px 14px;
+  border-radius: 10px;
+  display: flex; align-items: center; gap: 8px;
+  white-space: pre-wrap; word-break: break-word;
+  border: 1px solid var(--el-color-danger-light-5);
+}
+
+/* 结果网格:1 张→铺满,2 张→各占一半,3-4 张→2 列自动换行 */
+.result-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(min(100%, 360px), 1fr));
+  gap: 14px;
+  padding: 4px;
+  align-items: start;
+}
+.img-cell {
+  border-radius: 12px;
+  overflow: hidden;
+  background: var(--el-fill-color-light);
+  box-shadow: 0 2px 8px rgba(0, 0, 0, 0.06);
+  transition: box-shadow 0.2s;
+  &:hover { box-shadow: 0 8px 24px rgba(0, 0, 0, 0.13); }
+}
+.img-thumb {
+  width: 100%;
+  height: auto;
+  display: block;
+  cursor: pointer;
+  transition: opacity 0.2s;
+  &:hover { opacity: 0.93; }
+}
+/* 图片下方固定按钮条 */
+.img-btns {
+  display: flex;
+  gap: 1px;
+  background: var(--el-border-color-lighter);
+}
+.img-btn {
+  flex: 1;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  gap: 5px;
+  padding: 8px 0;
+  font-size: 13px;
+  font-weight: 500;
+  color: var(--el-text-color-regular);
+  background: var(--el-bg-color);
+  border: none;
+  cursor: pointer;
+  transition: background 0.15s, color 0.15s;
+  &:hover {
+    background: var(--el-color-primary-light-9);
+    color: var(--el-color-primary);
+  }
+  &:first-child { border-radius: 0 0 0 12px; }
+  &:last-child  { border-radius: 0 0 12px 0; }
+}
+
+.result-wrap {
+  display: flex; flex-direction: column; gap: 10px;
+  padding: 4px;
+  .result-grid { padding: 0; }
+}
+
+/* ====================== Dark mode ====================== */
+:global(html.dark) .md :deep(.mdk-pre) {
+  background: #0b1020;
+  color: #cbd5e1;
+}
+
+/* ====================== Responsive ====================== */
+@media (max-width: 1100px) {
+  .chat-grid, .img-grid { grid-template-columns: 1fr; }
+  .side { position: static; }
+  .chat-main { height: 580px; }
+}
+@media (max-width: 720px) {
+  .hero {
+    flex-direction: column;
+    align-items: flex-start;
+    gap: 10px;
+  }
+  .hero-sub { display: none; }
+  .hero-stats { width: 100%; justify-content: flex-start; }
+}
+</style>
diff --git a/web/src/views/personal/Usage.vue b/web/src/views/personal/Usage.vue
new file mode 100644
index 00000000..2467c5f2
--- /dev/null
+++ b/web/src/views/personal/Usage.vue
@@ -0,0 +1,785 @@
+<script setup lang="ts">
+import { ref, reactive, computed, onMounted, onBeforeUnmount } from 'vue'
+import { Refresh } from '@element-plus/icons-vue'
+import * as meApi from '@/api/me'
+import { formatCredit, formatDateTime, formatErrorCode } from '@/utils/format'
+import { ENABLE_CHAT_MODEL } from '@/config/feature'
+
+// ==================== 概览 + 每日 + 模型 TOP ====================
+
+const statsLoading = ref(false)
+const stats = ref<meApi.MyStatsResp | null>(null)
+
+const statsFilter = reactive({
+  days: 14,
+  type: '' as '' | 'chat' | 'image',
+})
+
+async function loadStats() {
+  statsLoading.value = true
+  try {
+    stats.value = await meApi.getMyUsageStats({
+      days: statsFilter.days,
+      top_n: 8,
+      type: statsFilter.type || undefined,
+    })
+  } finally {
+    statsLoading.value = false
+  }
+}
+
+const overall = computed(() => stats.value?.overall)
+const daily = computed(() => stats.value?.daily || [])
+const byModel = computed(() => stats.value?.by_model || [])
+
+// ============ 每日请求图表(SVG)============
+// 自适应宽度:随容器大小重绘
+const chartWrap = ref<HTMLElement | null>(null)
+const chartW = ref(720)
+const chartH = 220               // 总高度
+const padT = 16                  // 上 padding
+const padB = 36                  // 下 padding(放日期标签)
+const padL = 40                  // 左 padding(放 y 轴刻度)
+const padR = 16                  // 右 padding
+const hoverIdx = ref(-1)
+
+// 监听容器尺寸
+let ro: ResizeObserver | null = null
+onMounted(() => {
+  if (chartWrap.value && typeof ResizeObserver !== 'undefined') {
+    ro = new ResizeObserver((entries) => {
+      for (const e of entries) {
+        const w = e.contentRect.width
+        if (w > 0) chartW.value = Math.floor(w)
+      }
+    })
+    ro.observe(chartWrap.value)
+  }
+})
+onBeforeUnmount(() => { ro?.disconnect() })
+
+// y 轴"好看"的最大值 —— 向上取整到 1/2/5/10 系列
+function niceMax(v: number): number {
+  if (v <= 1) return 1
+  const exp = Math.pow(10, Math.floor(Math.log10(v)))
+  const n = v / exp
+  let m = 10
+  if (n <= 1) m = 1
+  else if (n <= 2) m = 2
+  else if (n <= 5) m = 5
+  return m * exp
+}
+
+const maxRaw = computed(() => daily.value.reduce((x, r) => Math.max(x, r.requests), 0))
+const yMax = computed(() => niceMax(maxRaw.value || 1))
+const yTicks = computed(() => {
+  const m = yMax.value
+  const step = m / 4
+  return [0, step, step * 2, step * 3, m].map((v) => Math.round(v))
+})
+
+// x 轴每列中心点
+const cellW = computed(() => {
+  const n = Math.max(daily.value.length, 1)
+  return (chartW.value - padL - padR) / n
+})
+function xCenter(i: number) { return padL + cellW.value * (i + 0.5) }
+function barH(v: number) {
+  const innerH = chartH - padT - padB
+  return (v / yMax.value) * innerH
+}
+function barY(v: number) { return chartH - padB - barH(v) }
+
+// 柱条宽度:最多 22px,避免过宽;数据点少时也不至于巨粗
+const barW = computed(() => Math.min(22, Math.max(6, cellW.value * 0.55)))
+
+// x 轴日期标签显隔:超过 18 个点时每隔 2 个显示
+const labelStep = computed(() => (daily.value.length > 18 ? 2 : 1))
+function shouldShowLabel(i: number) {
+  const n = daily.value.length
+  if (i === n - 1) return true
+  return i % labelStep.value === 0
+}
+
+// 悬停 tooltip 坐标(跟随柱条,不跟鼠标,稳定)
+const tipX = computed(() => (hoverIdx.value >= 0 ? xCenter(hoverIdx.value) : 0))
+const tipY = computed(() => (hoverIdx.value >= 0 ? barY(daily.value[hoverIdx.value]?.requests || 0) : 0))
+const tipSide = computed<'left' | 'right'>(() => (tipX.value > chartW.value / 2 ? 'left' : 'right'))
+
+function onCellEnter(i: number) { hoverIdx.value = i }
+function onChartLeave() { hoverIdx.value = -1 }
+
+function successRate(s?: meApi.UsageOverall) {
+  if (!s || s.requests === 0) return '—'
+  return `${(((s.requests - s.failures) / s.requests) * 100).toFixed(2)}%`
+}
+
+// ==================== 明细 Tab(请求日志 / 积分流水) ====================
+
+const activeTab = ref<'logs' | 'credits'>('logs')
+
+// ---------- 请求日志 ----------
+const logLoading = ref(false)
+const logItems = ref<meApi.UsageItem[]>([])
+const logTotal = ref(0)
+const logFilter = reactive({
+  type: '' as '' | 'chat' | 'image',
+  status: '' as '' | 'success' | 'failed',
+  limit: 20,
+  offset: 0,
+})
+
+async function loadLogs() {
+  logLoading.value = true
+  try {
+    const d = await meApi.listMyUsageLogs({
+      type: logFilter.type || undefined,
+      status: logFilter.status || undefined,
+      limit: logFilter.limit,
+      offset: logFilter.offset,
+    })
+    logItems.value = d.items
+    logTotal.value = d.total
+  } finally {
+    logLoading.value = false
+  }
+}
+
+const logPage = computed<number>({
+  get: () => Math.floor(logFilter.offset / logFilter.limit) + 1,
+  set: (v) => {
+    logFilter.offset = (v - 1) * logFilter.limit
+    loadLogs()
+  },
+})
+
+function refreshLogs() {
+  logFilter.offset = 0
+  loadLogs()
+}
+
+const statusMap: Record<string, { tag: 'success' | 'danger' | 'warning' | 'info'; label: string }> = {
+  success: { tag: 'success', label: '成功' },
+  failed: { tag: 'danger', label: '失败' },
+  partial: { tag: 'warning', label: '部分' },
+}
+function statusTag(s: string) {
+  return statusMap[s]?.tag || 'info'
+}
+function statusLabel(s: string) {
+  return statusMap[s]?.label || s || '-'
+}
+
+// ---------- 积分流水 ----------
+const creditLoading = ref(false)
+const creditItems = ref<meApi.MyCreditLog[]>([])
+const creditTotal = ref(0)
+const creditFilter = reactive({ limit: 20, offset: 0 })
+
+async function loadCredits() {
+  creditLoading.value = true
+  try {
+    const d = await meApi.listMyCreditLogs({
+      limit: creditFilter.limit,
+      offset: creditFilter.offset,
+    })
+    creditItems.value = d.items
+    creditTotal.value = d.total
+  } finally {
+    creditLoading.value = false
+  }
+}
+
+const creditPage = computed<number>({
+  get: () => Math.floor(creditFilter.offset / creditFilter.limit) + 1,
+  set: (v) => {
+    creditFilter.offset = (v - 1) * creditFilter.limit
+    loadCredits()
+  },
+})
+
+const typeLabel: Record<string, string> = {
+  recharge: '充值',
+  consume: '消费',
+  refund: '退款',
+  adjust: '调账',
+  bonus: '赠送',
+  freeze: '冻结',
+  unfreeze: '解冻',
+}
+
+function onTabChange(v: string | number) {
+  if (v === 'credits' && creditItems.value.length === 0) loadCredits()
+}
+
+onMounted(() => {
+  loadStats()
+  loadLogs()
+})
+</script>
+
+<template>
+  <div class="page-container">
+    <!-- 顶部概览 -->
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:12px">
+        <div>
+          <h2 class="page-title" style="margin:0">使用记录</h2>
+          <div class="page-sub">
+            展示当前账号的请求量、生图张数、积分账变与调用明细,支持按天 / 类型 / 状态切片,仅本人可见。
+          </div>
+        </div>
+        <div class="flex-wrap-gap">
+          <el-select v-model="statsFilter.days" style="width:110px" @change="loadStats">
+            <el-option :value="7"  label="近 7 天" />
+            <el-option :value="14" label="近 14 天" />
+            <el-option :value="30" label="近 30 天" />
+            <el-option :value="60" label="近 60 天" />
+          </el-select>
+          <el-select v-model="statsFilter.type" style="width:120px" clearable placeholder="类型"
+                     @change="loadStats">
+            <el-option label="全部" value="" />
+            <el-option v-if="ENABLE_CHAT_MODEL" label="对话" value="chat" />
+            <el-option label="生图" value="image" />
+          </el-select>
+          <el-button :loading="statsLoading" type="primary" @click="loadStats">
+            <el-icon><Refresh /></el-icon> 刷新
+          </el-button>
+        </div>
+      </div>
+
+      <el-row :gutter="16" v-loading="statsLoading">
+        <el-col :md="6" :sm="12">
+          <div class="sum-card requests">
+            <div class="sum-title">请求数</div>
+            <div class="sum-value">{{ overall?.requests ?? 0 }}</div>
+            <div class="sum-sub">
+              失败 {{ overall?.failures ?? 0 }} · 成功率 {{ successRate(overall) }}
+            </div>
+          </div>
+        </el-col>
+        <el-col v-if="ENABLE_CHAT_MODEL" :md="6" :sm="12">
+          <div class="sum-card chat">
+            <div class="sum-title">对话请求</div>
+            <div class="sum-value">{{ overall?.chat_requests ?? 0 }}</div>
+            <div class="sum-sub">生图 {{ overall?.image_images ?? 0 }} 张</div>
+          </div>
+        </el-col>
+        <el-col v-else :md="6" :sm="12">
+          <div class="sum-card chat">
+            <div class="sum-title">生图张数</div>
+            <div class="sum-value">{{ overall?.image_images ?? 0 }}</div>
+            <div class="sum-sub">成功率 {{ successRate(overall) }}</div>
+          </div>
+        </el-col>
+        <el-col :md="6" :sm="12">
+          <div class="sum-card token">
+            <div class="sum-title">Token 合计</div>
+            <div class="sum-value">
+              {{ (overall?.input_tokens ?? 0) + (overall?.output_tokens ?? 0) }}
+            </div>
+            <div class="sum-sub">
+              输入 {{ overall?.input_tokens ?? 0 }} / 输出 {{ overall?.output_tokens ?? 0 }}
+            </div>
+          </div>
+        </el-col>
+        <el-col :md="6" :sm="12">
+          <div class="sum-card cost">
+            <div class="sum-title">累计扣费</div>
+            <div class="sum-value">{{ formatCredit(overall?.credit_cost) }}</div>
+            <div class="sum-sub">单位:积分</div>
+          </div>
+        </el-col>
+      </el-row>
+    </div>
+
+    <!-- 每日柱状 + 模型 TOP -->
+    <div class="card-block">
+      <div class="flex-between" style="margin-bottom:12px">
+        <div>
+          <h3 class="page-title" style="margin:0;font-size:16px">每日请求</h3>
+          <div class="muted" style="margin-top:4px">
+            近 {{ statsFilter.days }} 天趋势 · 悬停柱条查看详情
+          </div>
+        </div>
+        <div class="legend">
+          <span class="legend-dot requests"></span><span class="legend-label">请求总数</span>
+          <span class="legend-dot failures"></span><span class="legend-label">失败</span>
+        </div>
+      </div>
+
+      <div ref="chartWrap" class="chart-wrap" v-loading="statsLoading">
+        <el-empty
+          v-if="!statsLoading && daily.length === 0"
+          description="暂无数据"
+          :image-size="80"
+          style="padding:24px 0"
+        />
+        <svg
+          v-else
+          class="chart-svg"
+          :viewBox="`0 0 ${chartW} ${chartH}`"
+          :style="{ height: chartH + 'px' }"
+          @mouseleave="onChartLeave"
+        >
+          <!-- 渐变定义 -->
+          <defs>
+            <linearGradient id="barGradPrimary" x1="0" y1="0" x2="0" y2="1">
+              <stop offset="0%" stop-color="var(--el-color-primary)" stop-opacity="1" />
+              <stop offset="100%" stop-color="var(--el-color-primary)" stop-opacity="0.55" />
+            </linearGradient>
+            <linearGradient id="barGradDanger" x1="0" y1="0" x2="0" y2="1">
+              <stop offset="0%" stop-color="var(--el-color-danger)" stop-opacity="0.95" />
+              <stop offset="100%" stop-color="var(--el-color-danger)" stop-opacity="0.65" />
+            </linearGradient>
+          </defs>
+
+          <!-- y 轴网格 + 刻度 -->
+          <g class="chart-axis">
+            <line
+              v-for="(t, ti) in yTicks" :key="'ty' + ti"
+              :x1="padL" :x2="chartW - padR"
+              :y1="padT + (chartH - padT - padB) * (1 - t / yMax)"
+              :y2="padT + (chartH - padT - padB) * (1 - t / yMax)"
+              class="grid-line"
+              :class="{ 'grid-zero': ti === 0 }"
+            />
+            <text
+              v-for="(t, ti) in yTicks" :key="'tl' + ti"
+              :x="padL - 8"
+              :y="padT + (chartH - padT - padB) * (1 - t / yMax) + 4"
+              text-anchor="end"
+              class="axis-tick"
+            >{{ t }}</text>
+          </g>
+
+          <!-- 柱条 + 交互区 -->
+          <g
+            v-for="(p, i) in daily" :key="p.day"
+            class="bar-group"
+            :class="{ hover: hoverIdx === i }"
+            @mouseenter="onCellEnter(i)"
+          >
+            <!-- 整列透明交互矩形(扩大悬停命中区) -->
+            <rect
+              :x="padL + cellW * i" :y="padT"
+              :width="cellW"
+              :height="chartH - padT - padB"
+              class="bar-hit"
+            />
+            <!-- 成功柱 -->
+            <rect
+              :x="xCenter(i) - barW / 2"
+              :y="barY(p.requests)"
+              :width="barW"
+              :height="barH(p.requests)"
+              rx="3"
+              fill="url(#barGradPrimary)"
+              class="bar-rect"
+            />
+            <!-- 失败覆盖 -->
+            <rect
+              v-if="p.failures"
+              :x="xCenter(i) - barW / 2"
+              :y="barY(p.failures)"
+              :width="barW"
+              :height="barH(p.failures)"
+              rx="3"
+              fill="url(#barGradDanger)"
+              class="bar-rect bar-rect-fail"
+            />
+            <!-- x 轴日期 -->
+            <text
+              v-if="shouldShowLabel(i)"
+              :x="xCenter(i)"
+              :y="chartH - padB + 16"
+              text-anchor="middle"
+              class="axis-date"
+            >{{ p.day.slice(5) }}</text>
+          </g>
+
+          <!-- 悬停指示线 -->
+          <line
+            v-if="hoverIdx >= 0"
+            :x1="tipX" :x2="tipX"
+            :y1="padT" :y2="chartH - padB"
+            class="hover-guide"
+          />
+
+          <!-- 悬停 tooltip -->
+          <g v-if="hoverIdx >= 0" class="tip-group">
+            <foreignObject
+              :x="tipSide === 'right' ? tipX + 10 : tipX - 170"
+              :y="Math.max(padT, tipY - 58)"
+              width="160" height="70"
+            >
+              <div class="chart-tip">
+                <div class="tip-day">{{ daily[hoverIdx]?.day }}</div>
+                <div class="tip-row">
+                  <span class="tip-dot requests"></span>请求
+                  <b>{{ daily[hoverIdx]?.requests || 0 }}</b>
+                </div>
+                <div class="tip-row">
+                  <span class="tip-dot failures"></span>失败
+                  <b>{{ daily[hoverIdx]?.failures || 0 }}</b>
+                </div>
+              </div>
+            </foreignObject>
+          </g>
+        </svg>
+      </div>
+
+      <div style="margin-top:18px">
+        <h3 class="page-title" style="margin:0 0 10px;font-size:16px">模型 TOP</h3>
+        <el-table :data="byModel" stripe size="small" v-loading="statsLoading" empty-text="暂无数据">
+          <el-table-column label="模型" min-width="180">
+            <template #default="{ row }">
+              <code>{{ row.model_slug || `#${row.model_id}` }}</code>
+            </template>
+          </el-table-column>
+          <el-table-column prop="type" label="类型" width="80">
+            <template #default="{ row }">
+              <el-tag size="small" :type="row.type === 'image' ? 'warning' : 'primary'">
+                {{ row.type || '-' }}
+              </el-tag>
+            </template>
+          </el-table-column>
+          <el-table-column prop="requests" label="请求数" width="100" />
+          <el-table-column prop="failures" label="失败" width="80" />
+          <el-table-column prop="input_tokens" label="输入 tok" width="110" />
+          <el-table-column prop="output_tokens" label="输出 tok" width="110" />
+          <el-table-column prop="image_count" label="图数" width="80" />
+          <el-table-column label="扣费" width="120">
+            <template #default="{ row }">{{ formatCredit(row.credit_cost) }}</template>
+          </el-table-column>
+          <el-table-column prop="avg_dur_ms" label="平均耗时(ms)" width="130" />
+        </el-table>
+      </div>
+    </div>
+
+    <!-- 明细 Tabs -->
+    <div class="card-block">
+      <el-tabs v-model="activeTab" @tab-change="onTabChange">
+        <!-- ----- 请求日志 ----- -->
+        <el-tab-pane name="logs" label="请求日志">
+          <div class="flex-between" style="margin-bottom:12px">
+            <div class="flex-wrap-gap">
+              <el-select v-model="logFilter.type" style="width:120px" clearable placeholder="类型"
+                         @change="refreshLogs">
+                <el-option label="全部" value="" />
+                <el-option v-if="ENABLE_CHAT_MODEL" label="对话" value="chat" />
+                <el-option label="生图" value="image" />
+              </el-select>
+              <el-select v-model="logFilter.status" style="width:120px" clearable placeholder="状态"
+                         @change="refreshLogs">
+                <el-option label="全部" value="" />
+                <el-option label="成功" value="success" />
+                <el-option label="失败" value="failed" />
+              </el-select>
+            </div>
+            <el-button :loading="logLoading" @click="refreshLogs">
+              <el-icon><Refresh /></el-icon> 刷新
+            </el-button>
+          </div>
+
+          <el-table :data="logItems" stripe size="small" v-loading="logLoading" empty-text="暂无记录">
+            <el-table-column prop="created_at" label="时间" width="170">
+              <template #default="{ row }">{{ formatDateTime(row.created_at) }}</template>
+            </el-table-column>
+            <el-table-column label="模型" min-width="150">
+              <template #default="{ row }">
+                <code>{{ row.model_slug || `#${row.model_id}` }}</code>
+              </template>
+            </el-table-column>
+            <el-table-column label="类型" width="80">
+              <template #default="{ row }">
+                <el-tag size="small" :type="row.type === 'image' ? 'warning' : 'primary'">
+                  {{ row.type || '-' }}
+                </el-tag>
+              </template>
+            </el-table-column>
+            <el-table-column label="状态" width="90">
+              <template #default="{ row }">
+                <el-tag size="small" :type="statusTag(row.status)">
+                  {{ statusLabel(row.status) }}
+                </el-tag>
+              </template>
+            </el-table-column>
+            <el-table-column prop="input_tokens" label="输入 tok" width="95" />
+            <el-table-column prop="output_tokens" label="输出 tok" width="95" />
+            <el-table-column label="图数" width="70">
+              <template #default="{ row }">{{ row.image_count || 0 }}</template>
+            </el-table-column>
+            <el-table-column label="扣费" width="110">
+              <template #default="{ row }">
+                <span class="cost">{{ formatCredit(row.credit_cost) }}</span>
+              </template>
+            </el-table-column>
+            <el-table-column prop="duration_ms" label="耗时(ms)" width="100" />
+            <el-table-column label="Request ID" min-width="180">
+              <template #default="{ row }">
+                <span class="req-id" :title="row.request_id">{{ row.request_id || '-' }}</span>
+              </template>
+            </el-table-column>
+            <el-table-column label="错误" min-width="160">
+              <template #default="{ row }">
+                <el-tooltip v-if="row.error_code" :content="row.error_code" placement="top">
+                  <span class="err">{{ formatErrorCode(row.error_code) }}</span>
+                </el-tooltip>
+                <span v-else class="muted">-</span>
+              </template>
+            </el-table-column>
+          </el-table>
+
+          <div class="flex-end" style="margin-top:12px">
+            <el-pagination background layout="total, prev, pager, next, sizes"
+              :total="logTotal"
+              v-model:current-page="logPage"
+              v-model:page-size="logFilter.limit"
+              :page-sizes="[10, 20, 50, 100]"
+              @size-change="refreshLogs" />
+          </div>
+        </el-tab-pane>
+
+        <!-- ----- 积分流水 ----- -->
+        <el-tab-pane name="credits" label="积分流水">
+          <div class="flex-between" style="margin-bottom:12px">
+            <div class="muted">
+              展示账户所有账变:充值、消费、退款、管理员调账等。金额为正表示收入,负表示支出。
+            </div>
+            <el-button :loading="creditLoading" @click="loadCredits">
+              <el-icon><Refresh /></el-icon> 刷新
+            </el-button>
+          </div>
+
+          <el-table :data="creditItems" stripe size="small" v-loading="creditLoading" empty-text="暂无账变">
+            <el-table-column prop="created_at" label="时间" width="170">
+              <template #default="{ row }">{{ formatDateTime(row.created_at) }}</template>
+            </el-table-column>
+            <el-table-column label="类型" width="100">
+              <template #default="{ row }">
+                <el-tag size="small">{{ typeLabel[row.type] || row.type }}</el-tag>
+              </template>
+            </el-table-column>
+            <el-table-column label="金额" width="140">
+              <template #default="{ row }">
+                <span :class="row.amount >= 0 ? 'amount-in' : 'amount-out'">
+                  {{ row.amount >= 0 ? '+' : '' }}{{ formatCredit(row.amount) }}
+                </span>
+              </template>
+            </el-table-column>
+            <el-table-column label="余额" width="140">
+              <template #default="{ row }">{{ formatCredit(row.balance_after) }}</template>
+            </el-table-column>
+            <el-table-column label="Key" width="90">
+              <template #default="{ row }">
+                <span v-if="row.key_id">#{{ row.key_id }}</span>
+                <span v-else class="muted">-</span>
+              </template>
+            </el-table-column>
+            <el-table-column label="关联" min-width="160">
+              <template #default="{ row }">
+                <span v-if="row.ref_id" class="ref">{{ row.ref_id }}</span>
+                <span v-else class="muted">-</span>
+              </template>
+            </el-table-column>
+            <el-table-column prop="remark" label="备注" min-width="200" show-overflow-tooltip />
+          </el-table>
+
+          <div class="flex-end" style="margin-top:12px">
+            <el-pagination background layout="total, prev, pager, next, sizes"
+              :total="creditTotal"
+              v-model:current-page="creditPage"
+              v-model:page-size="creditFilter.limit"
+              :page-sizes="[10, 20, 50, 100]"
+              @size-change="loadCredits" />
+          </div>
+        </el-tab-pane>
+      </el-tabs>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.page-title { font-size: 18px; font-weight: 600; }
+.page-sub {
+  color: var(--el-text-color-secondary);
+  font-size: 13px;
+  margin-top: 4px;
+}
+.muted { color: var(--el-text-color-secondary); font-size: 13px; }
+
+.flex-end { display: flex; justify-content: flex-end; }
+
+/* ---- 概览小卡 ---- */
+.sum-card {
+  background: var(--el-fill-color-light);
+  border-radius: 8px;
+  padding: 16px 18px;
+  position: relative;
+  overflow: hidden;
+  transition: transform 0.15s, box-shadow 0.15s;
+}
+.sum-card:hover {
+  transform: translateY(-1px);
+  box-shadow: 0 2px 10px rgba(0, 0, 0, 0.05);
+}
+.sum-card::before {
+  content: '';
+  position: absolute;
+  top: 0; left: 0; right: 0;
+  height: 3px;
+}
+.sum-card.requests::before { background: var(--el-color-primary); }
+.sum-card.chat::before     { background: var(--el-color-success); }
+.sum-card.token::before    { background: var(--el-color-warning); }
+.sum-card.cost::before     { background: var(--el-color-danger); }
+
+.sum-title { font-size: 13px; color: var(--el-text-color-secondary); }
+.sum-value {
+  font-size: 26px;
+  font-weight: 700;
+  margin: 8px 0 4px;
+  color: var(--el-text-color-primary);
+  line-height: 1.15;
+}
+.sum-sub { font-size: 12px; color: var(--el-text-color-secondary); }
+
+/* ---- 图表图例 ---- */
+.legend {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  font-size: 12px;
+  color: var(--el-text-color-secondary);
+  flex-wrap: wrap;
+}
+.legend-dot {
+  width: 10px;
+  height: 10px;
+  border-radius: 50%;
+  display: inline-block;
+  margin-left: 8px;
+}
+.legend-dot.requests { background: var(--el-color-primary); }
+.legend-dot.failures { background: var(--el-color-danger); }
+.legend-label { margin-right: 4px; }
+
+/* ---- 每日请求 SVG 图表 ---- */
+.chart-wrap {
+  width: 100%;
+  min-height: 220px;
+  position: relative;
+}
+.chart-svg {
+  width: 100%;
+  display: block;
+  font-family: ui-sans-serif, system-ui, -apple-system, 'Segoe UI', sans-serif;
+  user-select: none;
+}
+
+/* 坐标轴刻度与网格 */
+.chart-svg .grid-line {
+  stroke: var(--el-border-color-lighter);
+  stroke-width: 1;
+  stroke-dasharray: 3 4;
+}
+.chart-svg .grid-line.grid-zero {
+  stroke: var(--el-border-color);
+  stroke-dasharray: none;
+}
+.chart-svg .axis-tick {
+  fill: var(--el-text-color-placeholder);
+  font-size: 11px;
+}
+.chart-svg .axis-date {
+  fill: var(--el-text-color-secondary);
+  font-size: 11px;
+}
+
+/* 柱条 */
+.chart-svg .bar-group { cursor: pointer; }
+.chart-svg .bar-hit { fill: transparent; }
+.chart-svg .bar-rect {
+  transition: opacity .15s;
+}
+.chart-svg .bar-group:hover .bar-hit {
+  fill: var(--el-fill-color-light);
+  opacity: 0.6;
+}
+.chart-svg .bar-group .bar-rect {
+  filter: drop-shadow(0 1px 1px rgba(0, 0, 0, 0.06));
+}
+.chart-svg .bar-group:not(.hover) .bar-rect {
+  opacity: 0.92;
+}
+
+/* hover 指示线 */
+.chart-svg .hover-guide {
+  stroke: var(--el-color-primary);
+  stroke-width: 1;
+  stroke-dasharray: 3 3;
+  opacity: 0.45;
+  pointer-events: none;
+}
+
+/* tooltip */
+.chart-tip {
+  background: var(--el-bg-color);
+  border: 1px solid var(--el-border-color-light);
+  border-radius: 8px;
+  box-shadow: 0 4px 16px rgba(0, 0, 0, 0.08);
+  padding: 8px 10px;
+  font-size: 12px;
+  line-height: 1.6;
+  color: var(--el-text-color-primary);
+  pointer-events: none;
+}
+.chart-tip .tip-day {
+  font-weight: 600;
+  margin-bottom: 2px;
+  color: var(--el-text-color-regular);
+}
+.chart-tip .tip-row { display: flex; align-items: center; }
+.chart-tip .tip-row b { margin-left: auto; font-weight: 600; }
+.chart-tip .tip-dot {
+  width: 8px;
+  height: 8px;
+  border-radius: 50%;
+  display: inline-block;
+  margin-right: 6px;
+}
+.chart-tip .tip-dot.requests { background: var(--el-color-primary); }
+.chart-tip .tip-dot.failures { background: var(--el-color-danger); }
+
+/* ---- 表格内细节 ---- */
+code {
+  background: var(--el-fill-color-light);
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+}
+.req-id {
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+  color: var(--el-text-color-regular);
+  display: inline-block;
+  max-width: 220px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  vertical-align: middle;
+}
+.err { color: var(--el-color-danger); font-size: 12px; }
+.cost { font-weight: 600; color: var(--el-color-danger); }
+.amount-in  { color: var(--el-color-success); font-weight: 600; }
+.amount-out { color: var(--el-color-danger);  font-weight: 600; }
+.ref {
+  background: var(--el-fill-color-light);
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-family: ui-monospace, Menlo, Consolas, monospace;
+  font-size: 12px;
+}
+</style>
diff --git a/web/tsconfig.json b/web/tsconfig.json
new file mode 100644
index 00000000..f6226537
--- /dev/null
+++ b/web/tsconfig.json
@@ -0,0 +1,31 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "useDefineForClassFields": true,
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "strict": true,
+    "noImplicitAny": true,
+    "jsx": "preserve",
+    "esModuleInterop": true,
+    "resolveJsonModule": true,
+    "allowSyntheticDefaultImports": true,
+    "isolatedModules": true,
+    "skipLibCheck": true,
+    "lib": ["ES2022", "DOM", "DOM.Iterable"],
+    "types": ["node", "element-plus/global"],
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["src/*"]
+    }
+  },
+  "include": [
+    "src/**/*.ts",
+    "src/**/*.tsx",
+    "src/**/*.vue",
+    "src/auto-imports.d.ts",
+    "src/components.d.ts",
+    "src/env.d.ts"
+  ],
+  "references": [{ "path": "./tsconfig.node.json" }]
+}
diff --git a/web/tsconfig.node.json b/web/tsconfig.node.json
new file mode 100644
index 00000000..42872c59
--- /dev/null
+++ b/web/tsconfig.node.json
@@ -0,0 +1,10 @@
+{
+  "compilerOptions": {
+    "composite": true,
+    "skipLibCheck": true,
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "allowSyntheticDefaultImports": true
+  },
+  "include": ["vite.config.ts"]
+}
diff --git a/web/vite.config.ts b/web/vite.config.ts
new file mode 100644
index 00000000..c0febcf5
--- /dev/null
+++ b/web/vite.config.ts
@@ -0,0 +1,67 @@
+import { defineConfig, loadEnv } from 'vite'
+import vue from '@vitejs/plugin-vue'
+import AutoImport from 'unplugin-auto-import/vite'
+import Components from 'unplugin-vue-components/vite'
+import { ElementPlusResolver } from 'unplugin-vue-components/resolvers'
+import path from 'node:path'
+
+export default defineConfig(({ mode }) => {
+  const env = loadEnv(mode, process.cwd(), '')
+  const apiBase = env.VITE_API_BASE || 'http://localhost:8080'
+  return {
+    resolve: {
+      alias: {
+        '@': path.resolve(__dirname, 'src'),
+      },
+    },
+    server: {
+      host: '0.0.0.0',
+      port: 5173,
+      proxy: {
+        // 开发期统一经本地代理,避免 CORS;生产由 nginx / ingress 承担
+        '/api': { target: apiBase, changeOrigin: true },
+        '/v1': { target: apiBase, changeOrigin: true },
+        '/healthz': { target: apiBase, changeOrigin: true },
+      },
+    },
+    plugins: [
+      vue(),
+      AutoImport({
+        imports: ['vue', 'vue-router', 'pinia', '@vueuse/core'],
+        resolvers: [ElementPlusResolver()],
+        dts: 'src/auto-imports.d.ts',
+      }),
+      Components({
+        resolvers: [ElementPlusResolver()],
+        dts: 'src/components.d.ts',
+      }),
+    ],
+    build: {
+      outDir: 'dist',
+      sourcemap: false,
+      chunkSizeWarningLimit: 700,
+      rollupOptions: {
+        output: {
+          /**
+           * 手工拆包,避免把 Element Plus 全量塞进 index.js。
+           * - element-plus:UI 组件库 + 图标,业务里几乎每页都用,拆出独立 chunk 以便浏览器长期缓存。
+           * - vue-core:vue / vue-router / pinia / @vueuse,运行时核心。
+           * - vendor:其它 node_modules(axios、dayjs 等)。
+           */
+          manualChunks(id) {
+            if (!id.includes('node_modules')) return
+            if (id.includes('element-plus') || id.includes('@element-plus')) return 'element-plus'
+            if (
+              id.includes('/vue/') ||
+              id.includes('/@vue/') ||
+              id.includes('/vue-router/') ||
+              id.includes('/pinia') ||
+              id.includes('/@vueuse/')
+            ) return 'vue-core'
+            return 'vendor'
+          },
+        },
+      },
+    },
+  }
+})