feat: add DisableCooling configuration to manage quota cooldown behavior

feat: enhance tool call handling in OpenAI response conversion
feat: enhance quota management with backoff levels and cooldown logic
2026-02-02 12:30:50 +08:00 · 2025-10-21 21:51:30 +08:00 · 2025-10-21 20:04:24 +08:00 · 2025-10-21 18:44:28 +08:00 · 2025-10-21 11:22:24 +08:00 · 2025-10-21 09:01:58 +08:00
45 changed files with 1955 additions and 894 deletions
--- a/README.md
+++ b/README.md
@@ -797,6 +797,10 @@ Those projects are based on CLIProxyAPI:

 Native macOS menu bar app to use your Claude Code & ChatGPT subscriptions with AI coding tools - no API keys needed

+### [Subtitle Translator](https://github.com/VjayC/SRT-Subtitle-Translator-Validator)
+
+Browser-based tool to translate SRT subtitles using your Gemini subscription via CLIProxyAPI with automatic validation/error correction - no API keys needed
+
 > [!NOTE]  
 > If you developed a project based on CLIProxyAPI, please open a PR to add it to this list.

--- a/README_CN.md
+++ b/README_CN.md
@@ -807,6 +807,10 @@ docker run --rm -p 8317:8317 -v /path/to/your/config.yaml:/CLIProxyAPI/config.ya

 一个原生 macOS 菜单栏应用，让您可以使用 Claude Code & ChatGPT 订阅服务和 AI 编程工具，无需 API 密钥。

+### [Subtitle Translator](https://github.com/VjayC/SRT-Subtitle-Translator-Validator)
+
+一款基于浏览器的 SRT 字幕翻译工具，可通过 CLI 代理 API 使用您的 Gemini 订阅。内置自动验证与错误修正功能，无需 API 密钥。
+
 > [!NOTE]  
 > 如果你开发了基于 CLIProxyAPI 的项目，请提交一个 PR（拉取请求）将其添加到此列表中。

--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -20,12 +20,14 @@ import (
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/cmd"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/logging"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/managementasset"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/store"
 	_ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/usage"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
+	coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 	log "github.com/sirupsen/logrus"
 )

@@ -147,6 +149,7 @@ func main() {
 		}
 		return "", false
 	}
+	writableBase := util.WritablePath()
 	if value, ok := lookupEnv("PGSTORE_DSN", "pgstore_dsn"); ok {
 		usePostgresStore = true
 		pgStoreDSN = value
@@ -158,6 +161,13 @@ func main() {
 		if value, ok := lookupEnv("PGSTORE_LOCAL_PATH", "pgstore_local_path"); ok {
 			pgStoreLocalPath = value
 		}
+		if pgStoreLocalPath == "" {
+			if writableBase != "" {
+				pgStoreLocalPath = writableBase
+			} else {
+				pgStoreLocalPath = wd
+			}
+		}
 		useGitStore = false
 	}
 	if value, ok := lookupEnv("GITSTORE_GIT_URL", "gitstore_git_url"); ok {
@@ -229,11 +239,14 @@ func main() {
 			log.Infof("postgres-backed token store enabled, workspace path: %s", pgStoreInst.WorkDir())
 		}
 	} else if useObjectStore {
-		objectStoreRoot := objectStoreLocalPath
-		if objectStoreRoot == "" {
-			objectStoreRoot = wd
+		if objectStoreLocalPath == "" {
+			if writableBase != "" {
+				objectStoreLocalPath = writableBase
+			} else {
+				objectStoreLocalPath = wd
+			}
 		}
-		objectStoreRoot = filepath.Join(objectStoreRoot, "objectstore")
+		objectStoreRoot := filepath.Join(objectStoreLocalPath, "objectstore")
 		resolvedEndpoint := strings.TrimSpace(objectStoreEndpoint)
 		useSSL := true
 		if strings.Contains(resolvedEndpoint, "://") {
@@ -289,7 +302,11 @@ func main() {
 		}
 	} else if useGitStore {
 		if gitStoreLocalPath == "" {
-			gitStoreLocalPath = wd
+			if writableBase != "" {
+				gitStoreLocalPath = writableBase
+			} else {
+				gitStoreLocalPath = wd
+			}
 		}
 		gitStoreRoot = filepath.Join(gitStoreLocalPath, "gitstore")
 		authDir := filepath.Join(gitStoreRoot, "auths")
@@ -361,6 +378,7 @@ func main() {
 		}
 	}
 	usage.SetStatisticsEnabled(cfg.UsageStatisticsEnabled)
+	coreauth.SetQuotaCooldownDisabled(cfg.DisableCooling)

 	if err = logging.ConfigureLogOutput(cfg.LoggingToFile); err != nil {
 		log.Fatalf("failed to configure log output: %v", err)
@@ -376,6 +394,7 @@ func main() {
 	} else {
 		cfg.AuthDir = resolvedAuthDir
 	}
+	managementasset.SetCurrentConfig(cfg)

 	// Create login options to be used in authentication flows.
 	options := &cmd.LoginOptions{
@@ -419,6 +438,7 @@ func main() {
 			return
 		}
 		// Start the main proxy service
+		managementasset.StartAutoUpdater(context.Background(), configFilePath)
 		cmd.StartService(cfg, configFilePath, password)
 	}
 }
--- a/internal/api/handlers/management/config_basic.go
+++ b/internal/api/handlers/management/config_basic.go
@@ -1,13 +1,126 @@
 package management

 import (
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+
 	"github.com/gin-gonic/gin"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"gopkg.in/yaml.v3"
 )

 func (h *Handler) GetConfig(c *gin.Context) {
 	c.JSON(200, h.cfg)
 }

+func (h *Handler) GetConfigYAML(c *gin.Context) {
+	data, err := os.ReadFile(h.configFilePath)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "read_failed", "message": err.Error()})
+		return
+	}
+	var node yaml.Node
+	if err := yaml.Unmarshal(data, &node); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "parse_failed", "message": err.Error()})
+		return
+	}
+	c.Header("Content-Type", "application/yaml; charset=utf-8")
+	c.Header("Vary", "format, Accept")
+	enc := yaml.NewEncoder(c.Writer)
+	enc.SetIndent(2)
+	_ = enc.Encode(&node)
+	_ = enc.Close()
+}
+
+func WriteConfig(path string, data []byte) error {
+	f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
+	if err != nil {
+		return err
+	}
+	if _, err := f.Write(data); err != nil {
+		f.Close()
+		return err
+	}
+	if err := f.Sync(); err != nil {
+		f.Close()
+		return err
+	}
+	return f.Close()
+}
+
+func (h *Handler) PutConfigYAML(c *gin.Context) {
+	body, err := io.ReadAll(c.Request.Body)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": "cannot read request body"})
+		return
+	}
+	var cfg config.Config
+	if err := yaml.Unmarshal(body, &cfg); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": err.Error()})
+		return
+	}
+	// Validate config using LoadConfigOptional with optional=false to enforce parsing
+	tmpDir := filepath.Dir(h.configFilePath)
+	tmpFile, err := os.CreateTemp(tmpDir, "config-validate-*.yaml")
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": err.Error()})
+		return
+	}
+	tempFile := tmpFile.Name()
+	if _, err := tmpFile.Write(body); err != nil {
+		tmpFile.Close()
+		os.Remove(tempFile)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": err.Error()})
+		return
+	}
+	if err := tmpFile.Close(); err != nil {
+		os.Remove(tempFile)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": err.Error()})
+		return
+	}
+	defer os.Remove(tempFile)
+	_, err = config.LoadConfigOptional(tempFile, false)
+	if err != nil {
+		c.JSON(http.StatusUnprocessableEntity, gin.H{"error": "invalid_config", "message": err.Error()})
+		return
+	}
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	if WriteConfig(h.configFilePath, body) != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": "failed to write config"})
+		return
+	}
+	// Reload into handler to keep memory in sync
+	newCfg, err := config.LoadConfig(h.configFilePath)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "reload_failed", "message": err.Error()})
+		return
+	}
+	h.cfg = newCfg
+	c.JSON(http.StatusOK, gin.H{"ok": true, "changed": []string{"config"}})
+}
+
+// GetConfigFile returns the raw config.yaml file bytes without re-encoding.
+// It preserves comments and original formatting/styles.
+func (h *Handler) GetConfigFile(c *gin.Context) {
+	data, err := os.ReadFile(h.configFilePath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			c.JSON(http.StatusNotFound, gin.H{"error": "not_found", "message": "config file not found"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "read_failed", "message": err.Error()})
+		return
+	}
+	c.Header("Content-Type", "application/yaml; charset=utf-8")
+	c.Header("Cache-Control", "no-store")
+	c.Header("X-Content-Type-Options", "nosniff")
+	// Write raw bytes as-is
+	_, _ = c.Writer.Write(data)
+}
+
 // Debug
 func (h *Handler) GetDebug(c *gin.Context) { c.JSON(200, gin.H{"debug": h.cfg.Debug}) }
 func (h *Handler) PutDebug(c *gin.Context) { h.updateBoolField(c, func(v bool) { h.cfg.Debug = v }) }
--- a/internal/api/handlers/management/logs.go
+++ b/internal/api/handlers/management/logs.go
@@ -13,6 +13,7 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 )

 const (
@@ -145,6 +146,9 @@ func (h *Handler) logDirectory() string {
 	if h.logDir != "" {
 		return h.logDir
 	}
+	if base := util.WritablePath(); base != "" {
+		return filepath.Join(base, "logs")
+	}
 	if h.configFilePath != "" {
 		dir := filepath.Dir(h.configFilePath)
 		if dir != "" && dir != "." {
--- a/internal/api/handlers/management/usage.go
+++ b/internal/api/handlers/management/usage.go
@@ -13,5 +13,8 @@ func (h *Handler) GetUsageStatistics(c *gin.Context) {
 	if h != nil && h.usageStats != nil {
 		snapshot = h.usageStats.Snapshot()
 	}
-	c.JSON(http.StatusOK, gin.H{"usage": snapshot})
+	c.JSON(http.StatusOK, gin.H{
+		"usage":           snapshot,
+		"failed_requests": snapshot.FailureCount,
+	})
 }
--- a/internal/api/server.go
+++ b/internal/api/server.go
@@ -52,7 +52,11 @@ type serverOptionConfig struct {
 type ServerOption func(*serverOptionConfig)

 func defaultRequestLoggerFactory(cfg *config.Config, configPath string) logging.RequestLogger {
-	return logging.NewFileRequestLogger(cfg.RequestLog, "logs", filepath.Dir(configPath))
+	configDir := filepath.Dir(configPath)
+	if base := util.WritablePath(); base != "" {
+		return logging.NewFileRequestLogger(cfg.RequestLog, filepath.Join(base, "logs"), configDir)
+	}
+	return logging.NewFileRequestLogger(cfg.RequestLog, "logs", configDir)
 }

 // WithMiddleware appends additional Gin middleware during server construction.
@@ -228,12 +232,18 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk
 	// Save initial YAML snapshot
 	s.oldConfigYaml, _ = yaml.Marshal(cfg)
 	s.applyAccessConfig(nil, cfg)
+	managementasset.SetCurrentConfig(cfg)
+	auth.SetQuotaCooldownDisabled(cfg.DisableCooling)
 	// Initialize management handler
 	s.mgmt = managementHandlers.NewHandler(cfg, configFilePath, authManager)
 	if optionState.localPassword != "" {
 		s.mgmt.SetLocalPassword(optionState.localPassword)
 	}
-	s.mgmt.SetLogDirectory(filepath.Join(s.currentPath, "logs"))
+	logDir := filepath.Join(s.currentPath, "logs")
+	if base := util.WritablePath(); base != "" {
+		logDir = filepath.Join(base, "logs")
+	}
+	s.mgmt.SetLogDirectory(logDir)
 	s.localPassword = optionState.localPassword

 	// Setup routes
@@ -376,6 +386,8 @@ func (s *Server) registerManagementRoutes() {
 	{
 		mgmt.GET("/usage", s.mgmt.GetUsageStatistics)
 		mgmt.GET("/config", s.mgmt.GetConfig)
+		mgmt.PUT("/config.yaml", s.mgmt.PutConfigYAML)
+		mgmt.GET("/config.yaml", s.mgmt.GetConfigFile)

 		mgmt.GET("/debug", s.mgmt.GetDebug)
 		mgmt.PUT("/debug", s.mgmt.PutDebug)
@@ -705,6 +717,15 @@ func (s *Server) UpdateClients(cfg *config.Config) {
 		}
 	}

+	if oldCfg == nil || oldCfg.DisableCooling != cfg.DisableCooling {
+		auth.SetQuotaCooldownDisabled(cfg.DisableCooling)
+		if oldCfg != nil {
+			log.Debugf("disable_cooling updated from %t to %t", oldCfg.DisableCooling, cfg.DisableCooling)
+		} else {
+			log.Debugf("disable_cooling toggled to %t", cfg.DisableCooling)
+		}
+	}
+
 	// Update log level dynamically when debug flag changes
 	if oldCfg == nil || oldCfg.Debug != cfg.Debug {
 		util.SetLogLevel(cfg)
@@ -749,6 +770,7 @@ func (s *Server) UpdateClients(cfg *config.Config) {

 	s.applyAccessConfig(oldCfg, cfg)
 	s.cfg = cfg
+	managementasset.SetCurrentConfig(cfg)
 	// Save YAML snapshot for next comparison
 	s.oldConfigYaml, _ = yaml.Marshal(cfg)
 	s.handlers.UpdateClients(&cfg.SDKConfig)
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -34,6 +34,9 @@ type Config struct {
 	// UsageStatisticsEnabled toggles in-memory usage aggregation; when false, usage data is discarded.
 	UsageStatisticsEnabled bool `yaml:"usage-statistics-enabled" json:"usage-statistics-enabled"`

+	// DisableCooling disables quota cooldown scheduling when true.
+	DisableCooling bool `yaml:"disable-cooling" json:"disable-cooling"`
+
 	// QuotaExceeded defines the behavior when a quota is exceeded.
 	QuotaExceeded QuotaExceeded `yaml:"quota-exceeded" json:"quota-exceeded"`

@@ -183,6 +186,7 @@ func LoadConfigOptional(configFile string, optional bool) (*Config, error) {
 	// Set defaults before unmarshal so that absent keys keep defaults.
 	cfg.LoggingToFile = false
 	cfg.UsageStatisticsEnabled = false
+	cfg.DisableCooling = false
 	if err = yaml.Unmarshal(data, &cfg); err != nil {
 		if optional {
 			// In cloud deploy mode, if YAML parsing fails, return empty config instead of error.
--- a/internal/logging/global_logger.go
+++ b/internal/logging/global_logger.go
@@ -10,6 +10,7 @@ import (
 	"sync"

 	"github.com/gin-gonic/gin"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	log "github.com/sirupsen/logrus"
 	"gopkg.in/natefinch/lumberjack.v2"
 )
@@ -72,7 +73,10 @@ func ConfigureLogOutput(loggingToFile bool) error {
 	defer writerMu.Unlock()

 	if loggingToFile {
-		const logDir = "logs"
+		logDir := "logs"
+		if base := util.WritablePath(); base != "" {
+			logDir = filepath.Join(base, "logs")
+		}
 		if err := os.MkdirAll(logDir, 0o755); err != nil {
 			return fmt.Errorf("logging: failed to create log directory: %w", err)
 		}
--- a/internal/logging/request_logger.go
+++ b/internal/logging/request_logger.go
@@ -16,6 +16,7 @@ import (
 	"time"

 	"github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 )

 // RequestLogger defines the interface for logging HTTP requests and responses.
@@ -328,9 +329,19 @@ func (l *FileRequestLogger) formatLogContent(url, method string, headers map[str
 	// Request info
 	content.WriteString(l.formatRequestInfo(url, method, headers, body))

-	content.WriteString("=== API REQUEST ===\n")
-	content.Write(apiRequest)
-	content.WriteString("\n\n")
+	if len(apiRequest) > 0 {
+		if bytes.HasPrefix(apiRequest, []byte("=== API REQUEST")) {
+			content.Write(apiRequest)
+			if !bytes.HasSuffix(apiRequest, []byte("\n")) {
+				content.WriteString("\n")
+			}
+		} else {
+			content.WriteString("=== API REQUEST ===\n")
+			content.Write(apiRequest)
+			content.WriteString("\n")
+		}
+		content.WriteString("\n")
+	}

 	for i := 0; i < len(apiResponseErrors); i++ {
 		content.WriteString("=== API ERROR RESPONSE ===\n")
@@ -339,9 +350,19 @@ func (l *FileRequestLogger) formatLogContent(url, method string, headers map[str
 		content.WriteString("\n\n")
 	}

-	content.WriteString("=== API RESPONSE ===\n")
-	content.Write(apiResponse)
-	content.WriteString("\n\n")
+	if len(apiResponse) > 0 {
+		if bytes.HasPrefix(apiResponse, []byte("=== API RESPONSE")) {
+			content.Write(apiResponse)
+			if !bytes.HasSuffix(apiResponse, []byte("\n")) {
+				content.WriteString("\n")
+			}
+		} else {
+			content.WriteString("=== API RESPONSE ===\n")
+			content.Write(apiResponse)
+			content.WriteString("\n")
+		}
+		content.WriteString("\n")
+	}

 	// Response section
 	content.WriteString("=== RESPONSE ===\n")
@@ -465,7 +486,8 @@ func (l *FileRequestLogger) formatRequestInfo(url, method string, headers map[st
 	content.WriteString("=== HEADERS ===\n")
 	for key, values := range headers {
 		for _, value := range values {
-			content.WriteString(fmt.Sprintf("%s: %s\n", key, value))
+			masked := util.MaskSensitiveHeaderValue(key, value)
+			content.WriteString(fmt.Sprintf("%s: %s\n", key, masked))
 		}
 	}
 	content.WriteString("\n")
--- a/internal/managementasset/updater.go
+++ b/internal/managementasset/updater.go
@@ -13,8 +13,10 @@ import (
 	"path/filepath"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"

+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config"
 	log "github.com/sirupsen/logrus"
@@ -33,8 +35,83 @@ const ManagementFileName = managementAssetName
 var (
 	lastUpdateCheckMu   sync.Mutex
 	lastUpdateCheckTime time.Time
+
+	currentConfigPtr    atomic.Pointer[config.Config]
+	disableControlPanel atomic.Bool
+	schedulerOnce       sync.Once
+	schedulerConfigPath atomic.Value
 )

+// SetCurrentConfig stores the latest configuration snapshot for management asset decisions.
+func SetCurrentConfig(cfg *config.Config) {
+	if cfg == nil {
+		currentConfigPtr.Store(nil)
+		return
+	}
+
+	prevDisabled := disableControlPanel.Load()
+	currentConfigPtr.Store(cfg)
+	disableControlPanel.Store(cfg.RemoteManagement.DisableControlPanel)
+
+	if prevDisabled && !cfg.RemoteManagement.DisableControlPanel {
+		lastUpdateCheckMu.Lock()
+		lastUpdateCheckTime = time.Time{}
+		lastUpdateCheckMu.Unlock()
+	}
+}
+
+// StartAutoUpdater launches a background goroutine that periodically ensures the management asset is up to date.
+// It respects the disable-control-panel flag on every iteration and supports hot-reloaded configurations.
+func StartAutoUpdater(ctx context.Context, configFilePath string) {
+	configFilePath = strings.TrimSpace(configFilePath)
+	if configFilePath == "" {
+		log.Debug("management asset auto-updater skipped: empty config path")
+		return
+	}
+
+	schedulerConfigPath.Store(configFilePath)
+
+	schedulerOnce.Do(func() {
+		go runAutoUpdater(ctx)
+	})
+}
+
+func runAutoUpdater(ctx context.Context) {
+	if ctx == nil {
+		ctx = context.Background()
+	}
+
+	ticker := time.NewTicker(updateCheckInterval)
+	defer ticker.Stop()
+
+	runOnce := func() {
+		cfg := currentConfigPtr.Load()
+		if cfg == nil {
+			log.Debug("management asset auto-updater skipped: config not yet available")
+			return
+		}
+		if disableControlPanel.Load() {
+			log.Debug("management asset auto-updater skipped: control panel disabled")
+			return
+		}
+
+		configPath, _ := schedulerConfigPath.Load().(string)
+		staticDir := StaticDir(configPath)
+		EnsureLatestManagementHTML(ctx, staticDir, cfg.ProxyURL)
+	}
+
+	runOnce()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case <-ticker.C:
+			runOnce()
+		}
+	}
+}
+
 func newHTTPClient(proxyURL string) *http.Client {
 	client := &http.Client{Timeout: 15 * time.Second}

@@ -64,6 +141,10 @@ func StaticDir(configFilePath string) string {
 		return cleaned
 	}

+	if writable := util.WritablePath(); writable != "" {
+		return filepath.Join(writable, "static")
+	}
+
 	configFilePath = strings.TrimSpace(configFilePath)
 	if configFilePath == "" {
 		return ""
@@ -105,6 +186,11 @@ func EnsureLatestManagementHTML(ctx context.Context, staticDir string, proxyURL
 		ctx = context.Background()
 	}

+	if disableControlPanel.Load() {
+		log.Debug("management asset sync skipped: control panel disabled by configuration")
+		return
+	}
+
 	staticDir = strings.TrimSpace(staticDir)
 	if staticDir == "" {
 		log.Debug("management asset sync skipped: empty static directory")
--- a/internal/runtime/executor/cache_helpers.go
+++ b/internal/runtime/executor/cache_helpers.go
@@ -0,0 +1,10 @@
+package executor
+
+import "time"
+
+type codexCache struct {
+	ID     string
+	Expire time.Time
+}
+
+var codexCacheMap = map[string]codexCache{}
--- a/internal/runtime/executor/claude_executor.go
+++ b/internal/runtime/executor/claude_executor.go
@@ -36,13 +36,14 @@ func (e *ClaudeExecutor) Identifier() string { return "claude" }

 func (e *ClaudeExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error { return nil }

-func (e *ClaudeExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
+func (e *ClaudeExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) {
 	apiKey, baseURL := claudeCreds(auth)

 	if baseURL == "" {
 		baseURL = "https://api.anthropic.com"
 	}
 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)
 	from := opts.SourceFormat
 	to := sdktranslator.FromString("claude")
 	// Use streaming translation to preserve function calling, except for claude.
@@ -54,42 +55,63 @@ func (e *ClaudeExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, r
 	}

 	url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL)
-	recordAPIRequest(ctx, e.cfg, body)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		return resp, err
 	}
 	applyClaudeHeaders(httpReq, apiKey, false)
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
 	defer func() {
-		if errClose := resp.Body.Close(); errClose != nil {
+		if errClose := httpResp.Body.Close(); errClose != nil {
 			log.Errorf("response body close error: %v", errClose)
 		}
 	}()
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		b, _ := io.ReadAll(resp.Body)
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(b))
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return resp, err
 	}
-	reader := io.Reader(resp.Body)
+	reader := io.Reader(httpResp.Body)
 	var decoder *zstd.Decoder
-	if hasZSTDEcoding(resp.Header.Get("Content-Encoding")) {
-		decoder, err = zstd.NewReader(resp.Body)
+	if hasZSTDEcoding(httpResp.Header.Get("Content-Encoding")) {
+		decoder, err = zstd.NewReader(httpResp.Body)
 		if err != nil {
-			return cliproxyexecutor.Response{}, fmt.Errorf("failed to initialize zstd decoder: %w", err)
+			recordAPIResponseError(ctx, e.cfg, err)
+			return resp, fmt.Errorf("failed to initialize zstd decoder: %w", err)
 		}
 		reader = decoder
 		defer decoder.Close()
 	}
 	data, err := io.ReadAll(reader)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
 	appendAPIResponseChunk(ctx, e.cfg, data)
 	if stream {
@@ -104,49 +126,77 @@ func (e *ClaudeExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, r
 	}
 	var param any
 	out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, data, &param)
-	return cliproxyexecutor.Response{Payload: []byte(out)}, nil
+	resp = cliproxyexecutor.Response{Payload: []byte(out)}
+	return resp, nil
 }

-func (e *ClaudeExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (<-chan cliproxyexecutor.StreamChunk, error) {
+func (e *ClaudeExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (stream <-chan cliproxyexecutor.StreamChunk, err error) {
 	apiKey, baseURL := claudeCreds(auth)

 	if baseURL == "" {
 		baseURL = "https://api.anthropic.com"
 	}
 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)
 	from := opts.SourceFormat
 	to := sdktranslator.FromString("claude")
 	body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true)
 	body, _ = sjson.SetRawBytes(body, "system", []byte(misc.ClaudeCodeInstructions))

 	url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL)
-	recordAPIRequest(ctx, e.cfg, body)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
 	if err != nil {
 		return nil, err
 	}
 	applyClaudeHeaders(httpReq, apiKey, true)
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return nil, err
 	}
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		defer func() { _ = resp.Body.Close() }()
-		b, _ := io.ReadAll(resp.Body)
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return nil, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(b))
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("response body close error: %v", errClose)
+		}
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return nil, err
 	}
 	out := make(chan cliproxyexecutor.StreamChunk)
+	stream = out
 	go func() {
 		defer close(out)
-		defer func() { _ = resp.Body.Close() }()
+		defer func() {
+			if errClose := httpResp.Body.Close(); errClose != nil {
+				log.Errorf("response body close error: %v", errClose)
+			}
+		}()

 		// If from == to (Claude → Claude), directly forward the SSE stream without translation
 		if from == to {
-			scanner := bufio.NewScanner(resp.Body)
+			scanner := bufio.NewScanner(httpResp.Body)
 			buf := make([]byte, 20_971_520)
 			scanner.Buffer(buf, 20_971_520)
 			for scanner.Scan() {
@@ -161,14 +211,16 @@ func (e *ClaudeExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.A
 				cloned[len(line)] = '\n'
 				out <- cliproxyexecutor.StreamChunk{Payload: cloned}
 			}
-			if err = scanner.Err(); err != nil {
-				out <- cliproxyexecutor.StreamChunk{Err: err}
+			if errScan := scanner.Err(); errScan != nil {
+				recordAPIResponseError(ctx, e.cfg, errScan)
+				reporter.publishFailure(ctx)
+				out <- cliproxyexecutor.StreamChunk{Err: errScan}
 			}
 			return
 		}

 		// For other formats, use translation
-		scanner := bufio.NewScanner(resp.Body)
+		scanner := bufio.NewScanner(httpResp.Body)
 		buf := make([]byte, 20_971_520)
 		scanner.Buffer(buf, 20_971_520)
 		var param any
@@ -183,11 +235,13 @@ func (e *ClaudeExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.A
 				out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}
 			}
 		}
-		if err = scanner.Err(); err != nil {
-			out <- cliproxyexecutor.StreamChunk{Err: err}
+		if errScan := scanner.Err(); errScan != nil {
+			recordAPIResponseError(ctx, e.cfg, errScan)
+			reporter.publishFailure(ctx)
+			out <- cliproxyexecutor.StreamChunk{Err: errScan}
 		}
 	}()
-	return out, nil
+	return stream, nil
 }

 func (e *ClaudeExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
@@ -208,16 +262,33 @@ func (e *ClaudeExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Aut
 	}

 	url := fmt.Sprintf("%s/v1/messages/count_tokens?beta=true", baseURL)
-	recordAPIRequest(ctx, e.cfg, body)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
 	if err != nil {
 		return cliproxyexecutor.Response{}, err
 	}
 	applyClaudeHeaders(httpReq, apiKey, false)
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
 	resp, err := httpClient.Do(httpReq)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return cliproxyexecutor.Response{}, err
 	}
 	defer func() {
@@ -225,6 +296,7 @@ func (e *ClaudeExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Aut
 			log.Errorf("response body close error: %v", errClose)
 		}
 	}()
+	recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone())
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		b, _ := io.ReadAll(resp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
@@ -235,6 +307,7 @@ func (e *ClaudeExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Aut
 	if hasZSTDEcoding(resp.Header.Get("Content-Encoding")) {
 		decoder, err = zstd.NewReader(resp.Body)
 		if err != nil {
+			recordAPIResponseError(ctx, e.cfg, err)
 			return cliproxyexecutor.Response{}, fmt.Errorf("failed to initialize zstd decoder: %w", err)
 		}
 		reader = decoder
@@ -242,6 +315,7 @@ func (e *ClaudeExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Aut
 	}
 	data, err := io.ReadAll(reader)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return cliproxyexecutor.Response{}, err
 	}
 	appendAPIResponseChunk(ctx, e.cfg, data)
--- a/internal/runtime/executor/codex_executor.go
+++ b/internal/runtime/executor/codex_executor.go
@@ -39,13 +39,14 @@ func (e *CodexExecutor) Identifier() string { return "codex" }

 func (e *CodexExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error { return nil }

-func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
+func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) {
 	apiKey, baseURL := codexCreds(auth)

 	if baseURL == "" {
 		baseURL = "https://chatgpt.com/backend-api/codex"
 	}
 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	from := opts.SourceFormat
 	to := sdktranslator.FromString("codex")
@@ -78,29 +79,75 @@ func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, re
 	body, _ = sjson.SetBytes(body, "stream", true)
 	body, _ = sjson.DeleteBytes(body, "previous_response_id")

+	additionalHeaders := make(map[string]string)
+	if from == "claude" {
+		userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id")
+		if userIDResult.Exists() {
+			var cache codexCache
+			var hasKey bool
+			key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String())
+			if cache, hasKey = codexCacheMap[key]; !hasKey || cache.Expire.Before(time.Now()) {
+				cache = codexCache{
+					ID:     uuid.New().String(),
+					Expire: time.Now().Add(1 * time.Hour),
+				}
+				codexCacheMap[key] = cache
+			}
+			additionalHeaders["Conversation_id"] = cache.ID
+			additionalHeaders["Session_id"] = cache.ID
+			body, _ = sjson.SetBytes(body, "prompt_cache_key", cache.ID)
+		}
+	}
+
 	url := strings.TrimSuffix(baseURL, "/") + "/responses"
-	recordAPIRequest(ctx, e.cfg, body)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		return resp, err
 	}
 	applyCodexHeaders(httpReq, auth, apiKey)
-
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	for k, v := range additionalHeaders {
+		httpReq.Header.Set(k, v)
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})
 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
-	defer func() { _ = resp.Body.Close() }()
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		b, _ := io.ReadAll(resp.Body)
+	defer func() {
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("codex executor: close response body error: %v", errClose)
+		}
+	}()
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(b))
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return resp, err
 	}
-	data, err := io.ReadAll(resp.Body)
+	data, err := io.ReadAll(httpResp.Body)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
 	appendAPIResponseChunk(ctx, e.cfg, data)

@@ -121,18 +168,21 @@ func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, re

 		var param any
 		out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, line, &param)
-		return cliproxyexecutor.Response{Payload: []byte(out)}, nil
+		resp = cliproxyexecutor.Response{Payload: []byte(out)}
+		return resp, nil
 	}
-	return cliproxyexecutor.Response{}, statusErr{code: 408, msg: "stream error: stream disconnected before completion: stream closed before response.completed"}
+	err = statusErr{code: 408, msg: "stream error: stream disconnected before completion: stream closed before response.completed"}
+	return resp, err
 }

-func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (<-chan cliproxyexecutor.StreamChunk, error) {
+func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (stream <-chan cliproxyexecutor.StreamChunk, err error) {
 	apiKey, baseURL := codexCreds(auth)

 	if baseURL == "" {
 		baseURL = "https://chatgpt.com/backend-api/codex"
 	}
 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	from := opts.SourceFormat
 	to := sdktranslator.FromString("codex")
@@ -164,31 +214,84 @@ func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Au

 	body, _ = sjson.DeleteBytes(body, "previous_response_id")

+	additionalHeaders := make(map[string]string)
+	if from == "claude" {
+		userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id")
+		if userIDResult.Exists() {
+			var cache codexCache
+			var hasKey bool
+			key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String())
+			if cache, hasKey = codexCacheMap[key]; !hasKey || cache.Expire.Before(time.Now()) {
+				cache = codexCache{
+					ID:     uuid.New().String(),
+					Expire: time.Now().Add(1 * time.Hour),
+				}
+				codexCacheMap[key] = cache
+			}
+			additionalHeaders["Conversation_id"] = cache.ID
+			additionalHeaders["Session_id"] = cache.ID
+			body, _ = sjson.SetBytes(body, "prompt_cache_key", cache.ID)
+		}
+	}
+
 	url := strings.TrimSuffix(baseURL, "/") + "/responses"
-	recordAPIRequest(ctx, e.cfg, body)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
 	if err != nil {
 		return nil, err
 	}
 	applyCodexHeaders(httpReq, auth, apiKey)
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	for k, v := range additionalHeaders {
+		httpReq.Header.Set(k, v)
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return nil, err
 	}
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		defer func() { _ = resp.Body.Close() }()
-		b, _ := io.ReadAll(resp.Body)
-		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return nil, statusErr{code: resp.StatusCode, msg: string(b)}
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		data, readErr := io.ReadAll(httpResp.Body)
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("codex executor: close response body error: %v", errClose)
+		}
+		if readErr != nil {
+			recordAPIResponseError(ctx, e.cfg, readErr)
+			return nil, readErr
+		}
+		appendAPIResponseChunk(ctx, e.cfg, data)
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(data))
+		err = statusErr{code: httpResp.StatusCode, msg: string(data)}
+		return nil, err
 	}
 	out := make(chan cliproxyexecutor.StreamChunk)
+	stream = out
 	go func() {
 		defer close(out)
-		defer func() { _ = resp.Body.Close() }()
-		scanner := bufio.NewScanner(resp.Body)
+		defer func() {
+			if errClose := httpResp.Body.Close(); errClose != nil {
+				log.Errorf("codex executor: close response body error: %v", errClose)
+			}
+		}()
+		scanner := bufio.NewScanner(httpResp.Body)
 		buf := make([]byte, 20_971_520)
 		scanner.Buffer(buf, 20_971_520)
 		var param any
@@ -210,11 +313,13 @@ func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Au
 				out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}
 			}
 		}
-		if err = scanner.Err(); err != nil {
-			out <- cliproxyexecutor.StreamChunk{Err: err}
+		if errScan := scanner.Err(); errScan != nil {
+			recordAPIResponseError(ctx, e.cfg, errScan)
+			reporter.publishFailure(ctx)
+			out <- cliproxyexecutor.StreamChunk{Err: errScan}
 		}
 	}()
-	return out, nil
+	return stream, nil
 }

 func (e *CodexExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
--- a/internal/runtime/executor/gemini_cli_executor.go
+++ b/internal/runtime/executor/gemini_cli_executor.go
@@ -51,12 +51,13 @@ func (e *GeminiCLIExecutor) Identifier() string { return "gemini-cli" }

 func (e *GeminiCLIExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error { return nil }

-func (e *GeminiCLIExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
+func (e *GeminiCLIExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) {
 	tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		return resp, err
 	}
 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	from := opts.SourceFormat
 	to := sdktranslator.FromString("gemini-cli")
@@ -83,6 +84,11 @@ func (e *GeminiCLIExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth
 	httpClient := newHTTPClient(ctx, e.cfg, auth, 0)
 	respCtx := context.WithValue(ctx, "alt", opts.Alt)

+	var authID, authLabel, authType, authValue string
+	authID = auth.ID
+	authLabel = auth.Label
+	authType, authValue = auth.AccountInfo()
+
 	var lastStatus int
 	var lastBody []byte

@@ -99,7 +105,8 @@ func (e *GeminiCLIExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth

 		tok, errTok := tokenSource.Token()
 		if errTok != nil {
-			return cliproxyexecutor.Response{}, errTok
+			err = errTok
+			return resp, err
 		}
 		updateGeminiCLITokenMetadata(auth, baseTokenData, tok)

@@ -108,48 +115,81 @@ func (e *GeminiCLIExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth
 			url = url + fmt.Sprintf("?$alt=%s", opts.Alt)
 		}

-		recordAPIRequest(ctx, e.cfg, payload)
 		reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
 		if errReq != nil {
-			return cliproxyexecutor.Response{}, errReq
+			err = errReq
+			return resp, err
 		}
 		reqHTTP.Header.Set("Content-Type", "application/json")
 		reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken)
 		applyGeminiCLIHeaders(reqHTTP)
 		reqHTTP.Header.Set("Accept", "application/json")
+		recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+			URL:       url,
+			Method:    http.MethodPost,
+			Headers:   reqHTTP.Header.Clone(),
+			Body:      payload,
+			Provider:  e.Identifier(),
+			AuthID:    authID,
+			AuthLabel: authLabel,
+			AuthType:  authType,
+			AuthValue: authValue,
+		})

-		resp, errDo := httpClient.Do(reqHTTP)
+		httpResp, errDo := httpClient.Do(reqHTTP)
 		if errDo != nil {
-			return cliproxyexecutor.Response{}, errDo
+			recordAPIResponseError(ctx, e.cfg, errDo)
+			err = errDo
+			return resp, err
+		}
+
+		data, errRead := io.ReadAll(httpResp.Body)
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("gemini cli executor: close response body error: %v", errClose)
+		}
+		recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+		if errRead != nil {
+			recordAPIResponseError(ctx, e.cfg, errRead)
+			err = errRead
+			return resp, err
 		}
-		data, _ := io.ReadAll(resp.Body)
-		_ = resp.Body.Close()
 		appendAPIResponseChunk(ctx, e.cfg, data)
-		if resp.StatusCode >= 200 && resp.StatusCode < 300 {
+		if httpResp.StatusCode >= 200 && httpResp.StatusCode < 300 {
 			reporter.publish(ctx, parseGeminiCLIUsage(data))
 			var param any
 			out := sdktranslator.TranslateNonStream(respCtx, to, from, attemptModel, bytes.Clone(opts.OriginalRequest), payload, data, &param)
-			return cliproxyexecutor.Response{Payload: []byte(out)}, nil
+			resp = cliproxyexecutor.Response{Payload: []byte(out)}
+			return resp, nil
 		}
-		lastStatus = resp.StatusCode
-		lastBody = data
-		if resp.StatusCode != 429 {
-			break
+
+		lastStatus = httpResp.StatusCode
+		lastBody = append([]byte(nil), data...)
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(data))
+		if httpResp.StatusCode == 429 {
+			continue
 		}
+
+		err = statusErr{code: httpResp.StatusCode, msg: string(data)}
+		return resp, err
 	}

 	if len(lastBody) > 0 {
 		appendAPIResponseChunk(ctx, e.cfg, lastBody)
 	}
-	return cliproxyexecutor.Response{}, statusErr{code: lastStatus, msg: string(lastBody)}
+	if lastStatus == 0 {
+		lastStatus = 429
+	}
+	err = statusErr{code: lastStatus, msg: string(lastBody)}
+	return resp, err
 }

-func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (<-chan cliproxyexecutor.StreamChunk, error) {
+func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (stream <-chan cliproxyexecutor.StreamChunk, err error) {
 	tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth)
 	if err != nil {
 		return nil, err
 	}
 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	from := opts.SourceFormat
 	to := sdktranslator.FromString("gemini-cli")
@@ -170,6 +210,11 @@ func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyaut
 	httpClient := newHTTPClient(ctx, e.cfg, auth, 0)
 	respCtx := context.WithValue(ctx, "alt", opts.Alt)

+	var authID, authLabel, authType, authValue string
+	authID = auth.ID
+	authLabel = auth.Label
+	authType, authValue = auth.AccountInfo()
+
 	var lastStatus int
 	var lastBody []byte

@@ -181,7 +226,8 @@ func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyaut

 		tok, errTok := tokenSource.Token()
 		if errTok != nil {
-			return nil, errTok
+			err = errTok
+			return nil, err
 		}
 		updateGeminiCLITokenMetadata(auth, baseTokenData, tok)

@@ -192,37 +238,64 @@ func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyaut
 			url = url + fmt.Sprintf("?$alt=%s", opts.Alt)
 		}

-		recordAPIRequest(ctx, e.cfg, payload)
 		reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
 		if errReq != nil {
-			return nil, errReq
+			err = errReq
+			return nil, err
 		}
 		reqHTTP.Header.Set("Content-Type", "application/json")
 		reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken)
 		applyGeminiCLIHeaders(reqHTTP)
 		reqHTTP.Header.Set("Accept", "text/event-stream")
+		recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+			URL:       url,
+			Method:    http.MethodPost,
+			Headers:   reqHTTP.Header.Clone(),
+			Body:      payload,
+			Provider:  e.Identifier(),
+			AuthID:    authID,
+			AuthLabel: authLabel,
+			AuthType:  authType,
+			AuthValue: authValue,
+		})

-		resp, errDo := httpClient.Do(reqHTTP)
+		httpResp, errDo := httpClient.Do(reqHTTP)
 		if errDo != nil {
-			return nil, errDo
+			recordAPIResponseError(ctx, e.cfg, errDo)
+			err = errDo
+			return nil, err
 		}
-		if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-			data, _ := io.ReadAll(resp.Body)
-			_ = resp.Body.Close()
+		recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+		if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+			data, errRead := io.ReadAll(httpResp.Body)
+			if errClose := httpResp.Body.Close(); errClose != nil {
+				log.Errorf("gemini cli executor: close response body error: %v", errClose)
+			}
+			if errRead != nil {
+				recordAPIResponseError(ctx, e.cfg, errRead)
+				err = errRead
+				return nil, err
+			}
 			appendAPIResponseChunk(ctx, e.cfg, data)
-			lastStatus = resp.StatusCode
-			lastBody = data
-			log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(data))
-			if resp.StatusCode == 429 {
+			lastStatus = httpResp.StatusCode
+			lastBody = append([]byte(nil), data...)
+			log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(data))
+			if httpResp.StatusCode == 429 {
 				continue
 			}
-			return nil, statusErr{code: resp.StatusCode, msg: string(data)}
+			err = statusErr{code: httpResp.StatusCode, msg: string(data)}
+			return nil, err
 		}

 		out := make(chan cliproxyexecutor.StreamChunk)
+		stream = out
 		go func(resp *http.Response, reqBody []byte, attempt string) {
 			defer close(out)
-			defer func() { _ = resp.Body.Close() }()
+			defer func() {
+				if errClose := resp.Body.Close(); errClose != nil {
+					log.Errorf("gemini cli executor: close response body error: %v", errClose)
+				}
+			}()
 			if opts.Alt == "" {
 				scanner := bufio.NewScanner(resp.Body)
 				buf := make([]byte, 20_971_520)
@@ -247,6 +320,8 @@ func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyaut
 					out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])}
 				}
 				if errScan := scanner.Err(); errScan != nil {
+					recordAPIResponseError(ctx, e.cfg, errScan)
+					reporter.publishFailure(ctx)
 					out <- cliproxyexecutor.StreamChunk{Err: errScan}
 				}
 				return
@@ -254,6 +329,8 @@ func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyaut

 			data, errRead := io.ReadAll(resp.Body)
 			if errRead != nil {
+				recordAPIResponseError(ctx, e.cfg, errRead)
+				reporter.publishFailure(ctx)
 				out <- cliproxyexecutor.StreamChunk{Err: errRead}
 				return
 			}
@@ -269,15 +346,19 @@ func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyaut
 			for i := range segments {
 				out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])}
 			}
-		}(resp, append([]byte(nil), payload...), attemptModel)
+		}(httpResp, append([]byte(nil), payload...), attemptModel)

-		return out, nil
+		return stream, nil
 	}

+	if len(lastBody) > 0 {
+		appendAPIResponseChunk(ctx, e.cfg, lastBody)
+	}
 	if lastStatus == 0 {
 		lastStatus = 429
 	}
-	return nil, statusErr{code: lastStatus, msg: string(lastBody)}
+	err = statusErr{code: lastStatus, msg: string(lastBody)}
+	return nil, err
 }

 func (e *GeminiCLIExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
@@ -297,6 +378,13 @@ func (e *GeminiCLIExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.
 	httpClient := newHTTPClient(ctx, e.cfg, auth, 0)
 	respCtx := context.WithValue(ctx, "alt", opts.Alt)

+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+
 	var lastStatus int
 	var lastBody []byte

@@ -322,7 +410,6 @@ func (e *GeminiCLIExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.
 			url = url + fmt.Sprintf("?$alt=%s", opts.Alt)
 		}

-		recordAPIRequest(ctx, e.cfg, payload)
 		reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
 		if errReq != nil {
 			return cliproxyexecutor.Response{}, errReq
@@ -331,13 +418,30 @@ func (e *GeminiCLIExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.
 		reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken)
 		applyGeminiCLIHeaders(reqHTTP)
 		reqHTTP.Header.Set("Accept", "application/json")
+		recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+			URL:       url,
+			Method:    http.MethodPost,
+			Headers:   reqHTTP.Header.Clone(),
+			Body:      payload,
+			Provider:  e.Identifier(),
+			AuthID:    authID,
+			AuthLabel: authLabel,
+			AuthType:  authType,
+			AuthValue: authValue,
+		})

 		resp, errDo := httpClient.Do(reqHTTP)
 		if errDo != nil {
+			recordAPIResponseError(ctx, e.cfg, errDo)
 			return cliproxyexecutor.Response{}, errDo
 		}
-		data, _ := io.ReadAll(resp.Body)
+		data, errRead := io.ReadAll(resp.Body)
 		_ = resp.Body.Close()
+		recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone())
+		if errRead != nil {
+			recordAPIResponseError(ctx, e.cfg, errRead)
+			return cliproxyexecutor.Response{}, errRead
+		}
 		appendAPIResponseChunk(ctx, e.cfg, data)
 		if resp.StatusCode >= 200 && resp.StatusCode < 300 {
 			count := gjson.GetBytes(data, "totalTokens").Int()
@@ -345,16 +449,13 @@ func (e *GeminiCLIExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.
 			return cliproxyexecutor.Response{Payload: []byte(translated)}, nil
 		}
 		lastStatus = resp.StatusCode
-		lastBody = data
+		lastBody = append([]byte(nil), data...)
 		if resp.StatusCode == 429 {
 			continue
 		}
 		break
 	}

-	if len(lastBody) > 0 {
-		appendAPIResponseChunk(ctx, e.cfg, lastBody)
-	}
 	if lastStatus == 0 {
 		lastStatus = 429
 	}
--- a/internal/runtime/executor/gemini_executor.go
+++ b/internal/runtime/executor/gemini_executor.go
@@ -68,10 +68,11 @@ func (e *GeminiExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) e
 // Returns:
 //   - cliproxyexecutor.Response: The response from the API
 //   - error: An error if the request fails
-func (e *GeminiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
+func (e *GeminiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) {
 	apiKey, bearer := geminiCreds(auth)

 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	// Official Gemini API via API key or OAuth bearer
 	from := opts.SourceFormat
@@ -96,10 +97,9 @@ func (e *GeminiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, r

 	body, _ = sjson.DeleteBytes(body, "session_id")

-	recordAPIRequest(ctx, e.cfg, body)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		return resp, err
 	}
 	httpReq.Header.Set("Content-Type", "application/json")
 	if apiKey != "" {
@@ -107,34 +107,61 @@ func (e *GeminiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, r
 	} else if bearer != "" {
 		httpReq.Header.Set("Authorization", "Bearer "+bearer)
 	}
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
-	defer func() { _ = resp.Body.Close() }()
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		b, _ := io.ReadAll(resp.Body)
+	defer func() {
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("gemini executor: close response body error: %v", errClose)
+		}
+	}()
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(b))
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return resp, err
 	}
-	data, err := io.ReadAll(resp.Body)
+	data, err := io.ReadAll(httpResp.Body)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
 	appendAPIResponseChunk(ctx, e.cfg, data)
 	reporter.publish(ctx, parseGeminiUsage(data))
 	var param any
 	out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, data, &param)
-	return cliproxyexecutor.Response{Payload: []byte(out)}, nil
+	resp = cliproxyexecutor.Response{Payload: []byte(out)}
+	return resp, nil
 }

-func (e *GeminiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (<-chan cliproxyexecutor.StreamChunk, error) {
+func (e *GeminiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (stream <-chan cliproxyexecutor.StreamChunk, err error) {
 	apiKey, bearer := geminiCreds(auth)

 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	from := opts.SourceFormat
 	to := sdktranslator.FromString("gemini")
@@ -154,7 +181,6 @@ func (e *GeminiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.A

 	body, _ = sjson.DeleteBytes(body, "session_id")

-	recordAPIRequest(ctx, e.cfg, body)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
 	if err != nil {
 		return nil, err
@@ -165,24 +191,51 @@ func (e *GeminiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.A
 	} else {
 		httpReq.Header.Set("Authorization", "Bearer "+bearer)
 	}
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return nil, err
 	}
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		defer func() { _ = resp.Body.Close() }()
-		b, _ := io.ReadAll(resp.Body)
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return nil, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(b))
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("gemini executor: close response body error: %v", errClose)
+		}
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return nil, err
 	}
 	out := make(chan cliproxyexecutor.StreamChunk)
+	stream = out
 	go func() {
 		defer close(out)
-		defer func() { _ = resp.Body.Close() }()
-		scanner := bufio.NewScanner(resp.Body)
+		defer func() {
+			if errClose := httpResp.Body.Close(); errClose != nil {
+				log.Errorf("gemini executor: close response body error: %v", errClose)
+			}
+		}()
+		scanner := bufio.NewScanner(httpResp.Body)
 		buf := make([]byte, 20_971_520)
 		scanner.Buffer(buf, 20_971_520)
 		var param any
@@ -201,11 +254,13 @@ func (e *GeminiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.A
 		for i := range lines {
 			out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])}
 		}
-		if err = scanner.Err(); err != nil {
-			out <- cliproxyexecutor.StreamChunk{Err: err}
+		if errScan := scanner.Err(); errScan != nil {
+			recordAPIResponseError(ctx, e.cfg, errScan)
+			reporter.publishFailure(ctx)
+			out <- cliproxyexecutor.StreamChunk{Err: errScan}
 		}
 	}()
-	return out, nil
+	return stream, nil
 }

 func (e *GeminiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
@@ -224,7 +279,6 @@ func (e *GeminiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Aut
 	translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig")

 	url := fmt.Sprintf("%s/%s/models/%s:%s", glEndpoint, glAPIVersion, req.Model, "countTokens")
-	recordAPIRequest(ctx, e.cfg, translatedReq)

 	requestBody := bytes.NewReader(translatedReq)

@@ -238,16 +292,36 @@ func (e *GeminiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Aut
 	} else {
 		httpReq.Header.Set("Authorization", "Bearer "+bearer)
 	}
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      translatedReq,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
 	resp, err := httpClient.Do(httpReq)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return cliproxyexecutor.Response{}, err
 	}
 	defer func() { _ = resp.Body.Close() }()
+	recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone())

 	data, err := io.ReadAll(resp.Body)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return cliproxyexecutor.Response{}, err
 	}
 	appendAPIResponseChunk(ctx, e.cfg, data)
--- a/internal/runtime/executor/iflow_executor.go
+++ b/internal/runtime/executor/iflow_executor.go
@@ -12,6 +12,7 @@ import (

 	iflowauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/iflow"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
 	cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor"
 	sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator"
@@ -40,67 +41,96 @@ func (e *IFlowExecutor) Identifier() string { return "iflow" }
 func (e *IFlowExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error { return nil }

 // Execute performs a non-streaming chat completion request.
-func (e *IFlowExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
+func (e *IFlowExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) {
 	apiKey, baseURL := iflowCreds(auth)
 	if strings.TrimSpace(apiKey) == "" {
-		return cliproxyexecutor.Response{}, fmt.Errorf("iflow executor: missing api key")
+		err = fmt.Errorf("iflow executor: missing api key")
+		return resp, err
 	}
 	if baseURL == "" {
 		baseURL = iflowauth.DefaultAPIBaseURL
 	}

 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	from := opts.SourceFormat
 	to := sdktranslator.FromString("openai")
 	body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), false)

 	endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint
-	recordAPIRequest(ctx, e.cfg, body)

 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body))
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		return resp, err
 	}
 	applyIFlowHeaders(httpReq, apiKey, false)
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       endpoint,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
-	defer func() { _ = resp.Body.Close() }()
+	defer func() {
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("iflow executor: close response body error: %v", errClose)
+		}
+	}()
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())

-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		b, _ := io.ReadAll(resp.Body)
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("iflow request error: status %d body %s", resp.StatusCode, string(b))
-		return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("iflow request error: status %d body %s", httpResp.StatusCode, string(b))
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return resp, err
 	}

-	data, err := io.ReadAll(resp.Body)
+	data, err := io.ReadAll(httpResp.Body)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
 	appendAPIResponseChunk(ctx, e.cfg, data)
 	reporter.publish(ctx, parseOpenAIUsage(data))

 	var param any
 	out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, data, &param)
-	return cliproxyexecutor.Response{Payload: []byte(out)}, nil
+	resp = cliproxyexecutor.Response{Payload: []byte(out)}
+	return resp, nil
 }

 // ExecuteStream performs a streaming chat completion request.
-func (e *IFlowExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (<-chan cliproxyexecutor.StreamChunk, error) {
+func (e *IFlowExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (stream <-chan cliproxyexecutor.StreamChunk, err error) {
 	apiKey, baseURL := iflowCreds(auth)
 	if strings.TrimSpace(apiKey) == "" {
-		return nil, fmt.Errorf("iflow executor: missing api key")
+		err = fmt.Errorf("iflow executor: missing api key")
+		return nil, err
 	}
 	if baseURL == "" {
 		baseURL = iflowauth.DefaultAPIBaseURL
 	}

 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	from := opts.SourceFormat
 	to := sdktranslator.FromString("openai")
@@ -113,34 +143,60 @@ func (e *IFlowExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Au
 	}

 	endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint
-	recordAPIRequest(ctx, e.cfg, body)

 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body))
 	if err != nil {
 		return nil, err
 	}
 	applyIFlowHeaders(httpReq, apiKey, true)
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       endpoint,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return nil, err
 	}

-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		defer func() { _ = resp.Body.Close() }()
-		b, _ := io.ReadAll(resp.Body)
-		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("iflow streaming error: status %d body %s", resp.StatusCode, string(b))
-		return nil, statusErr{code: resp.StatusCode, msg: string(b)}
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		data, _ := io.ReadAll(httpResp.Body)
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("iflow executor: close response body error: %v", errClose)
+		}
+		appendAPIResponseChunk(ctx, e.cfg, data)
+		log.Debugf("iflow streaming error: status %d body %s", httpResp.StatusCode, string(data))
+		err = statusErr{code: httpResp.StatusCode, msg: string(data)}
+		return nil, err
 	}

 	out := make(chan cliproxyexecutor.StreamChunk)
+	stream = out
 	go func() {
 		defer close(out)
-		defer func() { _ = resp.Body.Close() }()
+		defer func() {
+			if errClose := httpResp.Body.Close(); errClose != nil {
+				log.Errorf("iflow executor: close response body error: %v", errClose)
+			}
+		}()

-		scanner := bufio.NewScanner(resp.Body)
+		scanner := bufio.NewScanner(httpResp.Body)
 		buf := make([]byte, 20_971_520)
 		scanner.Buffer(buf, 20_971_520)
 		var param any
@@ -155,12 +211,14 @@ func (e *IFlowExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Au
 				out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}
 			}
 		}
-		if err := scanner.Err(); err != nil {
-			out <- cliproxyexecutor.StreamChunk{Err: err}
+		if errScan := scanner.Err(); errScan != nil {
+			recordAPIResponseError(ctx, e.cfg, errScan)
+			reporter.publishFailure(ctx)
+			out <- cliproxyexecutor.StreamChunk{Err: errScan}
 		}
 	}()

-	return out, nil
+	return stream, nil
 }

 // CountTokens is not implemented for iFlow.
@@ -176,18 +234,28 @@ func (e *IFlowExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*
 	}

 	refreshToken := ""
+	oldAccessToken := ""
 	if auth.Metadata != nil {
 		if v, ok := auth.Metadata["refresh_token"].(string); ok {
 			refreshToken = strings.TrimSpace(v)
 		}
+		if v, ok := auth.Metadata["access_token"].(string); ok {
+			oldAccessToken = strings.TrimSpace(v)
+		}
 	}
 	if refreshToken == "" {
 		return auth, nil
 	}

+	// Log the old access token (masked) before refresh
+	if oldAccessToken != "" {
+		log.Debugf("iflow executor: refreshing access token, old: %s", util.HideAPIKey(oldAccessToken))
+	}
+
 	svc := iflowauth.NewIFlowAuth(e.cfg)
 	tokenData, err := svc.RefreshTokens(ctx, refreshToken)
 	if err != nil {
+		log.Errorf("iflow executor: token refresh failed: %v", err)
 		return nil, err
 	}

@@ -205,6 +273,9 @@ func (e *IFlowExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*
 	auth.Metadata["type"] = "iflow"
 	auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339)

+	// Log the new access token (masked) after successful refresh
+	log.Debugf("iflow executor: token refresh successful, new: %s", util.HideAPIKey(tokenData.AccessToken))
+
 	if auth.Attributes == nil {
 		auth.Attributes = make(map[string]string)
 	}
--- a/internal/runtime/executor/logging_helpers.go
+++ b/internal/runtime/executor/logging_helpers.go
@@ -3,19 +3,144 @@ package executor
 import (
 	"bytes"
 	"context"
+	"fmt"
+	"net/http"
+	"sort"
+	"strings"
+	"time"

 	"github.com/gin-gonic/gin"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 )

-// recordAPIRequest stores the upstream request payload in Gin context for request logging.
-func recordAPIRequest(ctx context.Context, cfg *config.Config, payload []byte) {
-	if cfg == nil || !cfg.RequestLog || len(payload) == 0 {
+const (
+	apiAttemptsKey = "API_UPSTREAM_ATTEMPTS"
+	apiRequestKey  = "API_REQUEST"
+	apiResponseKey = "API_RESPONSE"
+)
+
+// upstreamRequestLog captures the outbound upstream request details for logging.
+type upstreamRequestLog struct {
+	URL       string
+	Method    string
+	Headers   http.Header
+	Body      []byte
+	Provider  string
+	AuthID    string
+	AuthLabel string
+	AuthType  string
+	AuthValue string
+}
+
+type upstreamAttempt struct {
+	index                int
+	request              string
+	response             *strings.Builder
+	responseIntroWritten bool
+	statusWritten        bool
+	headersWritten       bool
+	bodyStarted          bool
+	bodyHasContent       bool
+	errorWritten         bool
+}
+
+// recordAPIRequest stores the upstream request metadata in Gin context for request logging.
+func recordAPIRequest(ctx context.Context, cfg *config.Config, info upstreamRequestLog) {
+	if cfg == nil || !cfg.RequestLog {
 		return
 	}
-	if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil {
-		ginCtx.Set("API_REQUEST", bytes.Clone(payload))
+	ginCtx := ginContextFrom(ctx)
+	if ginCtx == nil {
+		return
 	}
+
+	attempts := getAttempts(ginCtx)
+	index := len(attempts) + 1
+
+	builder := &strings.Builder{}
+	builder.WriteString(fmt.Sprintf("=== API REQUEST %d ===\n", index))
+	builder.WriteString(fmt.Sprintf("Timestamp: %s\n", time.Now().Format(time.RFC3339Nano)))
+	if info.URL != "" {
+		builder.WriteString(fmt.Sprintf("Upstream URL: %s\n", info.URL))
+	} else {
+		builder.WriteString("Upstream URL: <unknown>\n")
+	}
+	if info.Method != "" {
+		builder.WriteString(fmt.Sprintf("HTTP Method: %s\n", info.Method))
+	}
+	if auth := formatAuthInfo(info); auth != "" {
+		builder.WriteString(fmt.Sprintf("Auth: %s\n", auth))
+	}
+	builder.WriteString("\nHeaders:\n")
+	writeHeaders(builder, info.Headers)
+	builder.WriteString("\nBody:\n")
+	if len(info.Body) > 0 {
+		builder.WriteString(string(bytes.Clone(info.Body)))
+	} else {
+		builder.WriteString("<empty>")
+	}
+	builder.WriteString("\n\n")
+
+	attempt := &upstreamAttempt{
+		index:    index,
+		request:  builder.String(),
+		response: &strings.Builder{},
+	}
+	attempts = append(attempts, attempt)
+	ginCtx.Set(apiAttemptsKey, attempts)
+	updateAggregatedRequest(ginCtx, attempts)
+}
+
+// recordAPIResponseMetadata captures upstream response status/header information for the latest attempt.
+func recordAPIResponseMetadata(ctx context.Context, cfg *config.Config, status int, headers http.Header) {
+	if cfg == nil || !cfg.RequestLog {
+		return
+	}
+	ginCtx := ginContextFrom(ctx)
+	if ginCtx == nil {
+		return
+	}
+	attempts, attempt := ensureAttempt(ginCtx)
+	ensureResponseIntro(attempt)
+
+	if status > 0 && !attempt.statusWritten {
+		attempt.response.WriteString(fmt.Sprintf("Status: %d\n", status))
+		attempt.statusWritten = true
+	}
+	if !attempt.headersWritten {
+		attempt.response.WriteString("Headers:\n")
+		writeHeaders(attempt.response, headers)
+		attempt.headersWritten = true
+		attempt.response.WriteString("\n")
+	}
+
+	updateAggregatedResponse(ginCtx, attempts)
+}
+
+// recordAPIResponseError adds an error entry for the latest attempt when no HTTP response is available.
+func recordAPIResponseError(ctx context.Context, cfg *config.Config, err error) {
+	if cfg == nil || !cfg.RequestLog || err == nil {
+		return
+	}
+	ginCtx := ginContextFrom(ctx)
+	if ginCtx == nil {
+		return
+	}
+	attempts, attempt := ensureAttempt(ginCtx)
+	ensureResponseIntro(attempt)
+
+	if attempt.bodyStarted && !attempt.bodyHasContent {
+		// Ensure body does not stay empty marker if error arrives first.
+		attempt.bodyStarted = false
+	}
+	if attempt.errorWritten {
+		attempt.response.WriteString("\n")
+	}
+	attempt.response.WriteString(fmt.Sprintf("Error: %s\n", err.Error()))
+	attempt.errorWritten = true
+
+	updateAggregatedResponse(ginCtx, attempts)
 }

 // appendAPIResponseChunk appends an upstream response chunk to Gin context for request logging.
@@ -27,15 +152,171 @@ func appendAPIResponseChunk(ctx context.Context, cfg *config.Config, chunk []byt
 	if len(data) == 0 {
 		return
 	}
-	if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil {
-		if existing, exists := ginCtx.Get("API_RESPONSE"); exists {
-			if prev, okBytes := existing.([]byte); okBytes {
-				prev = append(prev, data...)
-				prev = append(prev, []byte("\n\n")...)
-				ginCtx.Set("API_RESPONSE", prev)
-				return
-			}
+	ginCtx := ginContextFrom(ctx)
+	if ginCtx == nil {
+		return
+	}
+	attempts, attempt := ensureAttempt(ginCtx)
+	ensureResponseIntro(attempt)
+
+	if !attempt.headersWritten {
+		attempt.response.WriteString("Headers:\n")
+		writeHeaders(attempt.response, nil)
+		attempt.headersWritten = true
+		attempt.response.WriteString("\n")
+	}
+	if !attempt.bodyStarted {
+		attempt.response.WriteString("Body:\n")
+		attempt.bodyStarted = true
+	}
+	if attempt.bodyHasContent {
+		attempt.response.WriteString("\n\n")
+	}
+	attempt.response.WriteString(string(data))
+	attempt.bodyHasContent = true
+
+	updateAggregatedResponse(ginCtx, attempts)
+}
+
+func ginContextFrom(ctx context.Context) *gin.Context {
+	ginCtx, _ := ctx.Value("gin").(*gin.Context)
+	return ginCtx
+}
+
+func getAttempts(ginCtx *gin.Context) []*upstreamAttempt {
+	if ginCtx == nil {
+		return nil
+	}
+	if value, exists := ginCtx.Get(apiAttemptsKey); exists {
+		if attempts, ok := value.([]*upstreamAttempt); ok {
+			return attempts
+		}
+	}
+	return nil
+}
+
+func ensureAttempt(ginCtx *gin.Context) ([]*upstreamAttempt, *upstreamAttempt) {
+	attempts := getAttempts(ginCtx)
+	if len(attempts) == 0 {
+		attempt := &upstreamAttempt{
+			index:    1,
+			request:  "=== API REQUEST 1 ===\n<missing>\n\n",
+			response: &strings.Builder{},
+		}
+		attempts = []*upstreamAttempt{attempt}
+		ginCtx.Set(apiAttemptsKey, attempts)
+		updateAggregatedRequest(ginCtx, attempts)
+	}
+	return attempts, attempts[len(attempts)-1]
+}
+
+func ensureResponseIntro(attempt *upstreamAttempt) {
+	if attempt == nil || attempt.response == nil || attempt.responseIntroWritten {
+		return
+	}
+	attempt.response.WriteString(fmt.Sprintf("=== API RESPONSE %d ===\n", attempt.index))
+	attempt.response.WriteString(fmt.Sprintf("Timestamp: %s\n", time.Now().Format(time.RFC3339Nano)))
+	attempt.response.WriteString("\n")
+	attempt.responseIntroWritten = true
+}
+
+func updateAggregatedRequest(ginCtx *gin.Context, attempts []*upstreamAttempt) {
+	if ginCtx == nil {
+		return
+	}
+	var builder strings.Builder
+	for _, attempt := range attempts {
+		builder.WriteString(attempt.request)
+	}
+	ginCtx.Set(apiRequestKey, []byte(builder.String()))
+}
+
+func updateAggregatedResponse(ginCtx *gin.Context, attempts []*upstreamAttempt) {
+	if ginCtx == nil {
+		return
+	}
+	var builder strings.Builder
+	for idx, attempt := range attempts {
+		if attempt == nil || attempt.response == nil {
+			continue
+		}
+		responseText := attempt.response.String()
+		if responseText == "" {
+			continue
+		}
+		builder.WriteString(responseText)
+		if !strings.HasSuffix(responseText, "\n") {
+			builder.WriteString("\n")
+		}
+		if idx < len(attempts)-1 {
+			builder.WriteString("\n")
+		}
+	}
+	ginCtx.Set(apiResponseKey, []byte(builder.String()))
+}
+
+func writeHeaders(builder *strings.Builder, headers http.Header) {
+	if builder == nil {
+		return
+	}
+	if len(headers) == 0 {
+		builder.WriteString("<none>\n")
+		return
+	}
+	keys := make([]string, 0, len(headers))
+	for key := range headers {
+		keys = append(keys, key)
+	}
+	sort.Strings(keys)
+	for _, key := range keys {
+		values := headers[key]
+		if len(values) == 0 {
+			builder.WriteString(fmt.Sprintf("%s:\n", key))
+			continue
+		}
+		for _, value := range values {
+			masked := util.MaskSensitiveHeaderValue(key, value)
+			builder.WriteString(fmt.Sprintf("%s: %s\n", key, masked))
 		}
-		ginCtx.Set("API_RESPONSE", data)
 	}
 }
+
+func formatAuthInfo(info upstreamRequestLog) string {
+	var parts []string
+	if trimmed := strings.TrimSpace(info.Provider); trimmed != "" {
+		parts = append(parts, fmt.Sprintf("provider=%s", trimmed))
+	}
+	if trimmed := strings.TrimSpace(info.AuthID); trimmed != "" {
+		parts = append(parts, fmt.Sprintf("auth_id=%s", trimmed))
+	}
+	if trimmed := strings.TrimSpace(info.AuthLabel); trimmed != "" {
+		parts = append(parts, fmt.Sprintf("label=%s", trimmed))
+	}
+
+	authType := strings.ToLower(strings.TrimSpace(info.AuthType))
+	authValue := strings.TrimSpace(info.AuthValue)
+	switch authType {
+	case "api_key":
+		if authValue != "" {
+			parts = append(parts, fmt.Sprintf("type=api_key value=%s", util.HideAPIKey(authValue)))
+		} else {
+			parts = append(parts, "type=api_key")
+		}
+	case "oauth":
+		if authValue != "" {
+			parts = append(parts, fmt.Sprintf("type=oauth account=%s", authValue))
+		} else {
+			parts = append(parts, "type=oauth")
+		}
+	default:
+		if authType != "" {
+			if authValue != "" {
+				parts = append(parts, fmt.Sprintf("type=%s value=%s", authType, authValue))
+			} else {
+				parts = append(parts, fmt.Sprintf("type=%s", authType))
+			}
+		}
+	}
+
+	return strings.Join(parts, ", ")
+}
--- a/internal/runtime/executor/openai_compat_executor.go
+++ b/internal/runtime/executor/openai_compat_executor.go
@@ -38,12 +38,15 @@ func (e *OpenAICompatExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.A
 	return nil
 }

-func (e *OpenAICompatExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
+func (e *OpenAICompatExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) {
+	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)
+
 	baseURL, apiKey := e.resolveCredentials(auth)
 	if baseURL == "" {
-		return cliproxyexecutor.Response{}, statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"}
+		err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"}
+		return
 	}
-	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)

 	// Translate inbound request to OpenAI format
 	from := opts.SourceFormat
@@ -54,47 +57,75 @@ func (e *OpenAICompatExecutor) Execute(ctx context.Context, auth *cliproxyauth.A
 	}

 	url := strings.TrimSuffix(baseURL, "/") + "/chat/completions"
-	recordAPIRequest(ctx, e.cfg, translated)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated))
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		return resp, err
 	}
 	httpReq.Header.Set("Content-Type", "application/json")
 	if apiKey != "" {
 		httpReq.Header.Set("Authorization", "Bearer "+apiKey)
 	}
 	httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat")
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      translated,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
-	defer func() { _ = resp.Body.Close() }()
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		b, _ := io.ReadAll(resp.Body)
+	defer func() {
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("openai compat executor: close response body error: %v", errClose)
+		}
+	}()
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(b))
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return resp, err
 	}
-	body, err := io.ReadAll(resp.Body)
+	body, err := io.ReadAll(httpResp.Body)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
 	appendAPIResponseChunk(ctx, e.cfg, body)
 	reporter.publish(ctx, parseOpenAIUsage(body))
 	// Translate response back to source format when needed
 	var param any
 	out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), translated, body, &param)
-	return cliproxyexecutor.Response{Payload: []byte(out)}, nil
+	resp = cliproxyexecutor.Response{Payload: []byte(out)}
+	return resp, nil
 }

-func (e *OpenAICompatExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (<-chan cliproxyexecutor.StreamChunk, error) {
+func (e *OpenAICompatExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (stream <-chan cliproxyexecutor.StreamChunk, err error) {
+	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)
+
 	baseURL, apiKey := e.resolveCredentials(auth)
 	if baseURL == "" {
-		return nil, statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"}
+		err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"}
+		return nil, err
 	}
-	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
 	from := opts.SourceFormat
 	to := sdktranslator.FromString("openai")
 	translated := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true)
@@ -103,7 +134,6 @@ func (e *OpenAICompatExecutor) ExecuteStream(ctx context.Context, auth *cliproxy
 	}

 	url := strings.TrimSuffix(baseURL, "/") + "/chat/completions"
-	recordAPIRequest(ctx, e.cfg, translated)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated))
 	if err != nil {
 		return nil, err
@@ -115,24 +145,51 @@ func (e *OpenAICompatExecutor) ExecuteStream(ctx context.Context, auth *cliproxy
 	httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat")
 	httpReq.Header.Set("Accept", "text/event-stream")
 	httpReq.Header.Set("Cache-Control", "no-cache")
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      translated,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return nil, err
 	}
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		defer func() { _ = resp.Body.Close() }()
-		b, _ := io.ReadAll(resp.Body)
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return nil, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(b))
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("openai compat executor: close response body error: %v", errClose)
+		}
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return nil, err
 	}
 	out := make(chan cliproxyexecutor.StreamChunk)
+	stream = out
 	go func() {
 		defer close(out)
-		defer func() { _ = resp.Body.Close() }()
-		scanner := bufio.NewScanner(resp.Body)
+		defer func() {
+			if errClose := httpResp.Body.Close(); errClose != nil {
+				log.Errorf("openai compat executor: close response body error: %v", errClose)
+			}
+		}()
+		scanner := bufio.NewScanner(httpResp.Body)
 		buf := make([]byte, 20_971_520)
 		scanner.Buffer(buf, 20_971_520)
 		var param any
@@ -152,11 +209,13 @@ func (e *OpenAICompatExecutor) ExecuteStream(ctx context.Context, auth *cliproxy
 				out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}
 			}
 		}
-		if err = scanner.Err(); err != nil {
-			out <- cliproxyexecutor.StreamChunk{Err: err}
+		if errScan := scanner.Err(); errScan != nil {
+			recordAPIResponseError(ctx, e.cfg, errScan)
+			reporter.publishFailure(ctx)
+			out <- cliproxyexecutor.StreamChunk{Err: errScan}
 		}
 	}()
-	return out, nil
+	return stream, nil
 }

 func (e *OpenAICompatExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
--- a/internal/runtime/executor/qwen_executor.go
+++ b/internal/runtime/executor/qwen_executor.go
@@ -38,56 +38,83 @@ func (e *QwenExecutor) Identifier() string { return "qwen" }

 func (e *QwenExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error { return nil }

-func (e *QwenExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
+func (e *QwenExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) {
 	token, baseURL := qwenCreds(auth)

 	if baseURL == "" {
 		baseURL = "https://portal.qwen.ai/v1"
 	}
 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	from := opts.SourceFormat
 	to := sdktranslator.FromString("openai")
 	body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), false)

 	url := strings.TrimSuffix(baseURL, "/") + "/chat/completions"
-	recordAPIRequest(ctx, e.cfg, body)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		return resp, err
 	}
 	applyQwenHeaders(httpReq, token, false)
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
-	defer func() { _ = resp.Body.Close() }()
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		b, _ := io.ReadAll(resp.Body)
+	defer func() {
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("qwen executor: close response body error: %v", errClose)
+		}
+	}()
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(b))
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return resp, err
 	}
-	data, err := io.ReadAll(resp.Body)
+	data, err := io.ReadAll(httpResp.Body)
 	if err != nil {
-		return cliproxyexecutor.Response{}, err
+		recordAPIResponseError(ctx, e.cfg, err)
+		return resp, err
 	}
 	appendAPIResponseChunk(ctx, e.cfg, data)
 	reporter.publish(ctx, parseOpenAIUsage(data))
 	var param any
 	out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, data, &param)
-	return cliproxyexecutor.Response{Payload: []byte(out)}, nil
+	resp = cliproxyexecutor.Response{Payload: []byte(out)}
+	return resp, nil
 }

-func (e *QwenExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (<-chan cliproxyexecutor.StreamChunk, error) {
+func (e *QwenExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (stream <-chan cliproxyexecutor.StreamChunk, err error) {
 	token, baseURL := qwenCreds(auth)

 	if baseURL == "" {
 		baseURL = "https://portal.qwen.ai/v1"
 	}
 	reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
+	defer reporter.trackFailure(ctx, &err)

 	from := opts.SourceFormat
 	to := sdktranslator.FromString("openai")
@@ -102,30 +129,56 @@ func (e *QwenExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Aut
 	body, _ = sjson.SetBytes(body, "stream_options.include_usage", true)

 	url := strings.TrimSuffix(baseURL, "/") + "/chat/completions"
-	recordAPIRequest(ctx, e.cfg, body)
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
 	if err != nil {
 		return nil, err
 	}
 	applyQwenHeaders(httpReq, token, true)
+	var authID, authLabel, authType, authValue string
+	if auth != nil {
+		authID = auth.ID
+		authLabel = auth.Label
+		authType, authValue = auth.AccountInfo()
+	}
+	recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
+		URL:       url,
+		Method:    http.MethodPost,
+		Headers:   httpReq.Header.Clone(),
+		Body:      body,
+		Provider:  e.Identifier(),
+		AuthID:    authID,
+		AuthLabel: authLabel,
+		AuthType:  authType,
+		AuthValue: authValue,
+	})

 	httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
-	resp, err := httpClient.Do(httpReq)
+	httpResp, err := httpClient.Do(httpReq)
 	if err != nil {
+		recordAPIResponseError(ctx, e.cfg, err)
 		return nil, err
 	}
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		defer func() { _ = resp.Body.Close() }()
-		b, _ := io.ReadAll(resp.Body)
+	recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		b, _ := io.ReadAll(httpResp.Body)
 		appendAPIResponseChunk(ctx, e.cfg, b)
-		log.Debugf("request error, error status: %d, error body: %s", resp.StatusCode, string(b))
-		return nil, statusErr{code: resp.StatusCode, msg: string(b)}
+		log.Debugf("request error, error status: %d, error body: %s", httpResp.StatusCode, string(b))
+		if errClose := httpResp.Body.Close(); errClose != nil {
+			log.Errorf("qwen executor: close response body error: %v", errClose)
+		}
+		err = statusErr{code: httpResp.StatusCode, msg: string(b)}
+		return nil, err
 	}
 	out := make(chan cliproxyexecutor.StreamChunk)
+	stream = out
 	go func() {
 		defer close(out)
-		defer func() { _ = resp.Body.Close() }()
-		scanner := bufio.NewScanner(resp.Body)
+		defer func() {
+			if errClose := httpResp.Body.Close(); errClose != nil {
+				log.Errorf("qwen executor: close response body error: %v", errClose)
+			}
+		}()
+		scanner := bufio.NewScanner(httpResp.Body)
 		buf := make([]byte, 20_971_520)
 		scanner.Buffer(buf, 20_971_520)
 		var param any
@@ -140,11 +193,17 @@ func (e *QwenExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Aut
 				out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}
 			}
 		}
-		if err = scanner.Err(); err != nil {
-			out <- cliproxyexecutor.StreamChunk{Err: err}
+		doneChunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, bytes.Clone([]byte("[DONE]")), &param)
+		for i := range doneChunks {
+			out <- cliproxyexecutor.StreamChunk{Payload: []byte(doneChunks[i])}
+		}
+		if errScan := scanner.Err(); errScan != nil {
+			recordAPIResponseError(ctx, e.cfg, errScan)
+			reporter.publishFailure(ctx)
+			out <- cliproxyexecutor.StreamChunk{Err: errScan}
 		}
 	}()
-	return out, nil
+	return stream, nil
 }

 func (e *QwenExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
--- a/internal/runtime/executor/usage_helpers.go
+++ b/internal/runtime/executor/usage_helpers.go
@@ -41,6 +41,23 @@ func newUsageReporter(ctx context.Context, provider, model string, auth *cliprox
 }

 func (r *usageReporter) publish(ctx context.Context, detail usage.Detail) {
+	r.publishWithOutcome(ctx, detail, false)
+}
+
+func (r *usageReporter) publishFailure(ctx context.Context) {
+	r.publishWithOutcome(ctx, usage.Detail{}, true)
+}
+
+func (r *usageReporter) trackFailure(ctx context.Context, errPtr *error) {
+	if r == nil || errPtr == nil {
+		return
+	}
+	if *errPtr != nil {
+		r.publishFailure(ctx)
+	}
+}
+
+func (r *usageReporter) publishWithOutcome(ctx context.Context, detail usage.Detail, failed bool) {
 	if r == nil {
 		return
 	}
@@ -50,7 +67,7 @@ func (r *usageReporter) publish(ctx context.Context, detail usage.Detail) {
 			detail.TotalTokens = total
 		}
 	}
-	if detail.InputTokens == 0 && detail.OutputTokens == 0 && detail.ReasoningTokens == 0 && detail.CachedTokens == 0 && detail.TotalTokens == 0 {
+	if detail.InputTokens == 0 && detail.OutputTokens == 0 && detail.ReasoningTokens == 0 && detail.CachedTokens == 0 && detail.TotalTokens == 0 && !failed {
 		return
 	}
 	r.once.Do(func() {
@@ -61,6 +78,7 @@ func (r *usageReporter) publish(ctx context.Context, detail usage.Detail) {
 			APIKey:      r.apiKey,
 			AuthID:      r.authID,
 			RequestedAt: r.requestedAt,
+			Failed:      failed,
 			Detail:      detail,
 		})
 	})
--- a/internal/translator/codex/claude/codex_claude_response.go
+++ b/internal/translator/codex/claude/codex_claude_response.go
@@ -7,7 +7,6 @@
 package claude

 import (
-	"bufio"
 	"bytes"
 	"context"
 	"encoding/json"
@@ -180,56 +179,58 @@ func ConvertCodexResponseToClaude(_ context.Context, _ string, originalRequestRa
 // Returns:
 //   - string: A Claude Code-compatible JSON response containing all message content and metadata
 func ConvertCodexResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, _ []byte, rawJSON []byte, _ *any) string {
-	scanner := bufio.NewScanner(bytes.NewReader(rawJSON))
-	buffer := make([]byte, 20_971_520)
-	scanner.Buffer(buffer, 20_971_520)
 	revNames := buildReverseMapFromClaudeOriginalShortToOriginal(originalRequestRawJSON)

-	for scanner.Scan() {
-		line := scanner.Bytes()
-		if !bytes.HasPrefix(line, dataTag) {
-			continue
-		}
-		payload := bytes.TrimSpace(line[len(dataTag):])
-		if len(payload) == 0 {
-			continue
-		}
+	rootResult := gjson.ParseBytes(rawJSON)
+	if rootResult.Get("type").String() != "response.completed" {
+		return ""
+	}

-		rootResult := gjson.ParseBytes(payload)
-		if rootResult.Get("type").String() != "response.completed" {
-			continue
-		}
+	responseData := rootResult.Get("response")
+	if !responseData.Exists() {
+		return ""
+	}

-		responseData := rootResult.Get("response")
-		if !responseData.Exists() {
-			continue
-		}
+	response := map[string]interface{}{
+		"id":            responseData.Get("id").String(),
+		"type":          "message",
+		"role":          "assistant",
+		"model":         responseData.Get("model").String(),
+		"content":       []interface{}{},
+		"stop_reason":   nil,
+		"stop_sequence": nil,
+		"usage": map[string]interface{}{
+			"input_tokens":  responseData.Get("usage.input_tokens").Int(),
+			"output_tokens": responseData.Get("usage.output_tokens").Int(),
+		},
+	}

-		response := map[string]interface{}{
-			"id":            responseData.Get("id").String(),
-			"type":          "message",
-			"role":          "assistant",
-			"model":         responseData.Get("model").String(),
-			"content":       []interface{}{},
-			"stop_reason":   nil,
-			"stop_sequence": nil,
-			"usage": map[string]interface{}{
-				"input_tokens":  responseData.Get("usage.input_tokens").Int(),
-				"output_tokens": responseData.Get("usage.output_tokens").Int(),
-			},
-		}
+	var contentBlocks []interface{}
+	hasToolCall := false

-		var contentBlocks []interface{}
-		hasToolCall := false
-
-		if output := responseData.Get("output"); output.Exists() && output.IsArray() {
-			output.ForEach(func(_, item gjson.Result) bool {
-				switch item.Get("type").String() {
-				case "reasoning":
-					thinkingBuilder := strings.Builder{}
-					if summary := item.Get("summary"); summary.Exists() {
-						if summary.IsArray() {
-							summary.ForEach(func(_, part gjson.Result) bool {
+	if output := responseData.Get("output"); output.Exists() && output.IsArray() {
+		output.ForEach(func(_, item gjson.Result) bool {
+			switch item.Get("type").String() {
+			case "reasoning":
+				thinkingBuilder := strings.Builder{}
+				if summary := item.Get("summary"); summary.Exists() {
+					if summary.IsArray() {
+						summary.ForEach(func(_, part gjson.Result) bool {
+							if txt := part.Get("text"); txt.Exists() {
+								thinkingBuilder.WriteString(txt.String())
+							} else {
+								thinkingBuilder.WriteString(part.String())
+							}
+							return true
+						})
+					} else {
+						thinkingBuilder.WriteString(summary.String())
+					}
+				}
+				if thinkingBuilder.Len() == 0 {
+					if content := item.Get("content"); content.Exists() {
+						if content.IsArray() {
+							content.ForEach(func(_, part gjson.Result) bool {
 								if txt := part.Get("text"); txt.Exists() {
 									thinkingBuilder.WriteString(txt.String())
 								} else {
@@ -238,114 +239,96 @@ func ConvertCodexResponseToClaudeNonStream(_ context.Context, _ string, original
 								return true
 							})
 						} else {
-							thinkingBuilder.WriteString(summary.String())
+							thinkingBuilder.WriteString(content.String())
 						}
 					}
-					if thinkingBuilder.Len() == 0 {
-						if content := item.Get("content"); content.Exists() {
-							if content.IsArray() {
-								content.ForEach(func(_, part gjson.Result) bool {
-									if txt := part.Get("text"); txt.Exists() {
-										thinkingBuilder.WriteString(txt.String())
-									} else {
-										thinkingBuilder.WriteString(part.String())
-									}
-									return true
-								})
-							} else {
-								thinkingBuilder.WriteString(content.String())
-							}
-						}
-					}
-					if thinkingBuilder.Len() > 0 {
-						contentBlocks = append(contentBlocks, map[string]interface{}{
-							"type":     "thinking",
-							"thinking": thinkingBuilder.String(),
-						})
-					}
-				case "message":
-					if content := item.Get("content"); content.Exists() {
-						if content.IsArray() {
-							content.ForEach(func(_, part gjson.Result) bool {
-								if part.Get("type").String() == "output_text" {
-									text := part.Get("text").String()
-									if text != "" {
-										contentBlocks = append(contentBlocks, map[string]interface{}{
-											"type": "text",
-											"text": text,
-										})
-									}
-								}
-								return true
-							})
-						} else {
-							text := content.String()
-							if text != "" {
-								contentBlocks = append(contentBlocks, map[string]interface{}{
-									"type": "text",
-									"text": text,
-								})
-							}
-						}
-					}
-				case "function_call":
-					hasToolCall = true
-					name := item.Get("name").String()
-					if original, ok := revNames[name]; ok {
-						name = original
-					}
-
-					toolBlock := map[string]interface{}{
-						"type":  "tool_use",
-						"id":    item.Get("call_id").String(),
-						"name":  name,
-						"input": map[string]interface{}{},
-					}
-
-					if argsStr := item.Get("arguments").String(); argsStr != "" {
-						var args interface{}
-						if err := json.Unmarshal([]byte(argsStr), &args); err == nil {
-							toolBlock["input"] = args
-						}
-					}
-
-					contentBlocks = append(contentBlocks, toolBlock)
 				}
-				return true
-			})
-		}
+				if thinkingBuilder.Len() > 0 {
+					contentBlocks = append(contentBlocks, map[string]interface{}{
+						"type":     "thinking",
+						"thinking": thinkingBuilder.String(),
+					})
+				}
+			case "message":
+				if content := item.Get("content"); content.Exists() {
+					if content.IsArray() {
+						content.ForEach(func(_, part gjson.Result) bool {
+							if part.Get("type").String() == "output_text" {
+								text := part.Get("text").String()
+								if text != "" {
+									contentBlocks = append(contentBlocks, map[string]interface{}{
+										"type": "text",
+										"text": text,
+									})
+								}
+							}
+							return true
+						})
+					} else {
+						text := content.String()
+						if text != "" {
+							contentBlocks = append(contentBlocks, map[string]interface{}{
+								"type": "text",
+								"text": text,
+							})
+						}
+					}
+				}
+			case "function_call":
+				hasToolCall = true
+				name := item.Get("name").String()
+				if original, ok := revNames[name]; ok {
+					name = original
+				}

-		if len(contentBlocks) > 0 {
-			response["content"] = contentBlocks
-		}
+				toolBlock := map[string]interface{}{
+					"type":  "tool_use",
+					"id":    item.Get("call_id").String(),
+					"name":  name,
+					"input": map[string]interface{}{},
+				}

-		if stopReason := responseData.Get("stop_reason"); stopReason.Exists() && stopReason.String() != "" {
-			response["stop_reason"] = stopReason.String()
-		} else if hasToolCall {
-			response["stop_reason"] = "tool_use"
-		} else {
-			response["stop_reason"] = "end_turn"
-		}
+				if argsStr := item.Get("arguments").String(); argsStr != "" {
+					var args interface{}
+					if err := json.Unmarshal([]byte(argsStr), &args); err == nil {
+						toolBlock["input"] = args
+					}
+				}

-		if stopSequence := responseData.Get("stop_sequence"); stopSequence.Exists() && stopSequence.String() != "" {
-			response["stop_sequence"] = stopSequence.Value()
-		}
-
-		if responseData.Get("usage.input_tokens").Exists() || responseData.Get("usage.output_tokens").Exists() {
-			response["usage"] = map[string]interface{}{
-				"input_tokens":  responseData.Get("usage.input_tokens").Int(),
-				"output_tokens": responseData.Get("usage.output_tokens").Int(),
+				contentBlocks = append(contentBlocks, toolBlock)
 			}
-		}
-
-		responseJSON, err := json.Marshal(response)
-		if err != nil {
-			return ""
-		}
-		return string(responseJSON)
+			return true
+		})
 	}

-	return ""
+	if len(contentBlocks) > 0 {
+		response["content"] = contentBlocks
+	}
+
+	if stopReason := responseData.Get("stop_reason"); stopReason.Exists() && stopReason.String() != "" {
+		response["stop_reason"] = stopReason.String()
+	} else if hasToolCall {
+		response["stop_reason"] = "tool_use"
+	} else {
+		response["stop_reason"] = "end_turn"
+	}
+
+	if stopSequence := responseData.Get("stop_sequence"); stopSequence.Exists() && stopSequence.String() != "" {
+		response["stop_sequence"] = stopSequence.Value()
+	}
+
+	if responseData.Get("usage.input_tokens").Exists() || responseData.Get("usage.output_tokens").Exists() {
+		response["usage"] = map[string]interface{}{
+			"input_tokens":  responseData.Get("usage.input_tokens").Int(),
+			"output_tokens": responseData.Get("usage.output_tokens").Int(),
+		}
+	}
+
+	responseJSON, err := json.Marshal(response)
+	if err != nil {
+		return ""
+	}
+	return string(responseJSON)
 }

 // buildReverseMapFromClaudeOriginalShortToOriginal builds a map[short]original from original Claude request tools.
--- a/internal/translator/codex/gemini/codex_gemini_response.go
+++ b/internal/translator/codex/gemini/codex_gemini_response.go
@@ -5,7 +5,6 @@
 package gemini

 import (
-	"bufio"
 	"bytes"
 	"context"
 	"encoding/json"
@@ -152,159 +151,146 @@ func ConvertCodexResponseToGemini(_ context.Context, modelName string, originalR
 // Returns:
 //   - string: A Gemini-compatible JSON response containing all message content and metadata
 func ConvertCodexResponseToGeminiNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string {
-	scanner := bufio.NewScanner(bytes.NewReader(rawJSON))
-	buffer := make([]byte, 20_971_520)
-	scanner.Buffer(buffer, 20_971_520)
-	for scanner.Scan() {
-		line := scanner.Bytes()
-		// log.Debug(string(line))
-		if !bytes.HasPrefix(line, dataTag) {
-			continue
-		}
-		rawJSON = bytes.TrimSpace(rawJSON[5:])
+	rootResult := gjson.ParseBytes(rawJSON)

-		rootResult := gjson.ParseBytes(rawJSON)
-
-		// Verify this is a response.completed event
-		if rootResult.Get("type").String() != "response.completed" {
-			continue
-		}
-
-		// Base Gemini response template for non-streaming
-		template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}`
-
-		// Set model version
-		template, _ = sjson.Set(template, "modelVersion", modelName)
-
-		// Set response metadata from the completed response
-		responseData := rootResult.Get("response")
-		if responseData.Exists() {
-			// Set response ID
-			if responseId := responseData.Get("id"); responseId.Exists() {
-				template, _ = sjson.Set(template, "responseId", responseId.String())
-			}
-
-			// Set creation time
-			if createdAt := responseData.Get("created_at"); createdAt.Exists() {
-				template, _ = sjson.Set(template, "createTime", time.Unix(createdAt.Int(), 0).Format(time.RFC3339Nano))
-			}
-
-			// Set usage metadata
-			if usage := responseData.Get("usage"); usage.Exists() {
-				inputTokens := usage.Get("input_tokens").Int()
-				outputTokens := usage.Get("output_tokens").Int()
-				totalTokens := inputTokens + outputTokens
-
-				template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens)
-				template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens)
-				template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens)
-			}
-
-			// Process output content to build parts array
-			var parts []interface{}
-			hasToolCall := false
-			var pendingFunctionCalls []interface{}
-
-			flushPendingFunctionCalls := func() {
-				if len(pendingFunctionCalls) > 0 {
-					// Add all pending function calls as individual parts
-					// This maintains the original Gemini API format while ensuring consecutive calls are grouped together
-					for _, fc := range pendingFunctionCalls {
-						parts = append(parts, fc)
-					}
-					pendingFunctionCalls = nil
-				}
-			}
-
-			if output := responseData.Get("output"); output.Exists() && output.IsArray() {
-				output.ForEach(func(key, value gjson.Result) bool {
-					itemType := value.Get("type").String()
-
-					switch itemType {
-					case "reasoning":
-						// Flush any pending function calls before adding non-function content
-						flushPendingFunctionCalls()
-
-						// Add thinking content
-						if content := value.Get("content"); content.Exists() {
-							part := map[string]interface{}{
-								"thought": true,
-								"text":    content.String(),
-							}
-							parts = append(parts, part)
-						}
-
-					case "message":
-						// Flush any pending function calls before adding non-function content
-						flushPendingFunctionCalls()
-
-						// Add regular text content
-						if content := value.Get("content"); content.Exists() && content.IsArray() {
-							content.ForEach(func(_, contentItem gjson.Result) bool {
-								if contentItem.Get("type").String() == "output_text" {
-									if text := contentItem.Get("text"); text.Exists() {
-										part := map[string]interface{}{
-											"text": text.String(),
-										}
-										parts = append(parts, part)
-									}
-								}
-								return true
-							})
-						}
-
-					case "function_call":
-						// Collect function call for potential merging with consecutive ones
-						hasToolCall = true
-						functionCall := map[string]interface{}{
-							"functionCall": map[string]interface{}{
-								"name": func() string {
-									n := value.Get("name").String()
-									rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON)
-									if orig, ok := rev[n]; ok {
-										return orig
-									}
-									return n
-								}(),
-								"args": map[string]interface{}{},
-							},
-						}
-
-						// Parse and set arguments
-						if argsStr := value.Get("arguments").String(); argsStr != "" {
-							argsResult := gjson.Parse(argsStr)
-							if argsResult.IsObject() {
-								var args map[string]interface{}
-								if err := json.Unmarshal([]byte(argsStr), &args); err == nil {
-									functionCall["functionCall"].(map[string]interface{})["args"] = args
-								}
-							}
-						}
-
-						pendingFunctionCalls = append(pendingFunctionCalls, functionCall)
-					}
-					return true
-				})
-
-				// Handle any remaining pending function calls at the end
-				flushPendingFunctionCalls()
-			}
-
-			// Set the parts array
-			if len(parts) > 0 {
-				template, _ = sjson.SetRaw(template, "candidates.0.content.parts", mustMarshalJSON(parts))
-			}
-
-			// Set finish reason based on whether there were tool calls
-			if hasToolCall {
-				template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP")
-			} else {
-				template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP")
-			}
-		}
-		return template
+	// Verify this is a response.completed event
+	if rootResult.Get("type").String() != "response.completed" {
+		return ""
 	}
-	return ""
+
+	// Base Gemini response template for non-streaming
+	template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}`
+
+	// Set model version
+	template, _ = sjson.Set(template, "modelVersion", modelName)
+
+	// Set response metadata from the completed response
+	responseData := rootResult.Get("response")
+	if responseData.Exists() {
+		// Set response ID
+		if responseId := responseData.Get("id"); responseId.Exists() {
+			template, _ = sjson.Set(template, "responseId", responseId.String())
+		}
+
+		// Set creation time
+		if createdAt := responseData.Get("created_at"); createdAt.Exists() {
+			template, _ = sjson.Set(template, "createTime", time.Unix(createdAt.Int(), 0).Format(time.RFC3339Nano))
+		}
+
+		// Set usage metadata
+		if usage := responseData.Get("usage"); usage.Exists() {
+			inputTokens := usage.Get("input_tokens").Int()
+			outputTokens := usage.Get("output_tokens").Int()
+			totalTokens := inputTokens + outputTokens
+
+			template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens)
+			template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens)
+			template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens)
+		}
+
+		// Process output content to build parts array
+		var parts []interface{}
+		hasToolCall := false
+		var pendingFunctionCalls []interface{}
+
+		flushPendingFunctionCalls := func() {
+			if len(pendingFunctionCalls) > 0 {
+				// Add all pending function calls as individual parts
+				// This maintains the original Gemini API format while ensuring consecutive calls are grouped together
+				for _, fc := range pendingFunctionCalls {
+					parts = append(parts, fc)
+				}
+				pendingFunctionCalls = nil
+			}
+		}
+
+		if output := responseData.Get("output"); output.Exists() && output.IsArray() {
+			output.ForEach(func(key, value gjson.Result) bool {
+				itemType := value.Get("type").String()
+
+				switch itemType {
+				case "reasoning":
+					// Flush any pending function calls before adding non-function content
+					flushPendingFunctionCalls()
+
+					// Add thinking content
+					if content := value.Get("content"); content.Exists() {
+						part := map[string]interface{}{
+							"thought": true,
+							"text":    content.String(),
+						}
+						parts = append(parts, part)
+					}
+
+				case "message":
+					// Flush any pending function calls before adding non-function content
+					flushPendingFunctionCalls()
+
+					// Add regular text content
+					if content := value.Get("content"); content.Exists() && content.IsArray() {
+						content.ForEach(func(_, contentItem gjson.Result) bool {
+							if contentItem.Get("type").String() == "output_text" {
+								if text := contentItem.Get("text"); text.Exists() {
+									part := map[string]interface{}{
+										"text": text.String(),
+									}
+									parts = append(parts, part)
+								}
+							}
+							return true
+						})
+					}
+
+				case "function_call":
+					// Collect function call for potential merging with consecutive ones
+					hasToolCall = true
+					functionCall := map[string]interface{}{
+						"functionCall": map[string]interface{}{
+							"name": func() string {
+								n := value.Get("name").String()
+								rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON)
+								if orig, ok := rev[n]; ok {
+									return orig
+								}
+								return n
+							}(),
+							"args": map[string]interface{}{},
+						},
+					}
+
+					// Parse and set arguments
+					if argsStr := value.Get("arguments").String(); argsStr != "" {
+						argsResult := gjson.Parse(argsStr)
+						if argsResult.IsObject() {
+							var args map[string]interface{}
+							if err := json.Unmarshal([]byte(argsStr), &args); err == nil {
+								functionCall["functionCall"].(map[string]interface{})["args"] = args
+							}
+						}
+					}
+
+					pendingFunctionCalls = append(pendingFunctionCalls, functionCall)
+				}
+				return true
+			})
+
+			// Handle any remaining pending function calls at the end
+			flushPendingFunctionCalls()
+		}
+
+		// Set the parts array
+		if len(parts) > 0 {
+			template, _ = sjson.SetRaw(template, "candidates.0.content.parts", mustMarshalJSON(parts))
+		}
+
+		// Set finish reason based on whether there were tool calls
+		if hasToolCall {
+			template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP")
+		} else {
+			template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP")
+		}
+	}
+	return template
 }

 // buildReverseMapFromGeminiOriginal builds a map[short]original from original Gemini request tools.
--- a/internal/translator/gemini-cli/claude/gemini-cli_claude_request.go
+++ b/internal/translator/gemini-cli/claude/gemini-cli_claude_request.go
@@ -11,7 +11,6 @@ import (
 	"strings"

 	client "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces"
-	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
@@ -36,18 +35,6 @@ import (
 //   - []byte: The transformed request data in Gemini CLI API format
 func ConvertClaudeRequestToCLI(modelName string, inputRawJSON []byte, _ bool) []byte {
 	rawJSON := bytes.Clone(inputRawJSON)
-	var pathsToDelete []string
-	root := gjson.ParseBytes(rawJSON)
-	util.Walk(root, "", "additionalProperties", &pathsToDelete)
-	util.Walk(root, "", "$schema", &pathsToDelete)
-
-	var err error
-	for _, p := range pathsToDelete {
-		rawJSON, err = sjson.DeleteBytes(rawJSON, p)
-		if err != nil {
-			continue
-		}
-	}
 	rawJSON = bytes.Replace(rawJSON, []byte(`"url":{"type":"string","format":"uri",`), []byte(`"url":{"type":"string",`), -1)

 	// system instruction
@@ -99,7 +86,7 @@ func ConvertClaudeRequestToCLI(modelName string, inputRawJSON []byte, _ bool) []
 						functionName := contentResult.Get("name").String()
 						functionArgs := contentResult.Get("input").String()
 						var args map[string]any
-						if err = json.Unmarshal([]byte(functionArgs), &args); err == nil {
+						if err := json.Unmarshal([]byte(functionArgs), &args); err == nil {
 							clientContent.Parts = append(clientContent.Parts, client.Part{FunctionCall: &client.FunctionCall{Name: functionName, Args: args}})
 						}
 					} else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "tool_result" {
@@ -136,18 +123,10 @@ func ConvertClaudeRequestToCLI(modelName string, inputRawJSON []byte, _ bool) []
 			inputSchemaResult := toolResult.Get("input_schema")
 			if inputSchemaResult.Exists() && inputSchemaResult.IsObject() {
 				inputSchema := inputSchemaResult.Raw
-				// Use comprehensive schema sanitization for Gemini API compatibility
-				if sanitizedSchema, sanitizeErr := util.SanitizeSchemaForGemini(inputSchema); sanitizeErr == nil {
-					inputSchema = sanitizedSchema
-				} else {
-					// Fallback to basic cleanup if sanitization fails
-					inputSchema, _ = sjson.Delete(inputSchema, "additionalProperties")
-					inputSchema, _ = sjson.Delete(inputSchema, "$schema")
-				}
 				tool, _ := sjson.Delete(toolResult.Raw, "input_schema")
-				tool, _ = sjson.SetRaw(tool, "parameters", inputSchema)
+				tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema)
 				var toolDeclaration any
-				if err = json.Unmarshal([]byte(tool), &toolDeclaration); err == nil {
+				if err := json.Unmarshal([]byte(tool), &toolDeclaration); err == nil {
 					tools[0].FunctionDeclarations = append(tools[0].FunctionDeclarations, toolDeclaration)
 				}
 			}
--- a/internal/translator/gemini-cli/gemini/gemini-cli_gemini_request.go
+++ b/internal/translator/gemini-cli/gemini/gemini-cli_gemini_request.go
@@ -10,6 +10,7 @@ import (
 	"encoding/json"
 	"fmt"

+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	log "github.com/sirupsen/logrus"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
@@ -78,6 +79,24 @@ func ConvertGeminiRequestToGeminiCLI(_ string, inputRawJSON []byte, _ bool) []by
 		})
 	}

+	toolsResult := gjson.GetBytes(rawJSON, "request.tools")
+	if toolsResult.Exists() && toolsResult.IsArray() {
+		toolResults := toolsResult.Array()
+		for i := 0; i < len(toolResults); i++ {
+			functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations", i))
+			if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() {
+				functionDeclarationsResults := functionDeclarationsResult.Array()
+				for j := 0; j < len(functionDeclarationsResults); j++ {
+					parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j))
+					if parametersResult.Exists() {
+						strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("request.tools.%d.function_declarations.%d.parametersJsonSchema", i, j))
+						rawJSON = []byte(strJson)
+					}
+				}
+			}
+		}
+	}
+
 	return rawJSON
 }

--- a/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go
+++ b/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go
@@ -26,21 +26,6 @@ import (
 //   - []byte: The transformed request data in Gemini CLI API format
 func ConvertOpenAIRequestToGeminiCLI(modelName string, inputRawJSON []byte, _ bool) []byte {
 	rawJSON := bytes.Clone(inputRawJSON)
-	var pathsToDelete []string
-	root := gjson.ParseBytes(rawJSON)
-	util.Walk(root, "", "additionalProperties", &pathsToDelete)
-	util.Walk(root, "", "$schema", &pathsToDelete)
-	util.Walk(root, "", "ref", &pathsToDelete)
-	util.Walk(root, "", "strict", &pathsToDelete)
-
-	var err error
-	for _, p := range pathsToDelete {
-		rawJSON, err = sjson.DeleteBytes(rawJSON, p)
-		if err != nil {
-			continue
-		}
-	}
-
 	// Base envelope
 	out := []byte(`{"project":"","request":{"contents":[],"generationConfig":{"thinkingConfig":{"include_thoughts":true}}},"model":"gemini-2.5-pro"}`)

@@ -265,22 +250,13 @@ func ConvertOpenAIRequestToGeminiCLI(modelName string, inputRawJSON []byte, _ bo
 			if t.Get("type").String() == "function" {
 				fn := t.Get("function")
 				if fn.Exists() && fn.IsObject() {
-					out, _ = sjson.SetRawBytes(out, fdPath+".-1", []byte(fn.Raw))
+					parametersJsonSchema, _ := util.RenameKey(fn.Raw, "parameters", "parametersJsonSchema")
+					out, _ = sjson.SetRawBytes(out, fdPath+".-1", []byte(parametersJsonSchema))
 				}
 			}
 		}
 	}

-	var pathsToType []string
-	root = gjson.ParseBytes(out)
-	util.Walk(root, "", "type", &pathsToType)
-	for _, p := range pathsToType {
-		typeResult := gjson.GetBytes(out, p)
-		if strings.ToLower(typeResult.String()) == "select" {
-			out, _ = sjson.SetBytes(out, p, "STRING")
-		}
-	}
-
 	return out
 }

--- a/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go
+++ b/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go
--- a/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go
+++ b/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go
--- a/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go
+++ b/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go
--- a/internal/translator/gemini/claude/gemini_claude_request.go
+++ b/internal/translator/gemini/claude/gemini_claude_request.go
@@ -11,7 +11,6 @@ import (
 	"strings"

 	client "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces"
-	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
@@ -29,18 +28,6 @@ import (
 //   - []byte: The transformed request in Gemini CLI format.
 func ConvertClaudeRequestToGemini(modelName string, inputRawJSON []byte, _ bool) []byte {
 	rawJSON := bytes.Clone(inputRawJSON)
-	var pathsToDelete []string
-	root := gjson.ParseBytes(rawJSON)
-	util.Walk(root, "", "additionalProperties", &pathsToDelete)
-	util.Walk(root, "", "$schema", &pathsToDelete)
-
-	var err error
-	for _, p := range pathsToDelete {
-		rawJSON, err = sjson.DeleteBytes(rawJSON, p)
-		if err != nil {
-			continue
-		}
-	}
 	rawJSON = bytes.Replace(rawJSON, []byte(`"url":{"type":"string","format":"uri",`), []byte(`"url":{"type":"string",`), -1)

 	// system instruction
@@ -92,7 +79,7 @@ func ConvertClaudeRequestToGemini(modelName string, inputRawJSON []byte, _ bool)
 						functionName := contentResult.Get("name").String()
 						functionArgs := contentResult.Get("input").String()
 						var args map[string]any
-						if err = json.Unmarshal([]byte(functionArgs), &args); err == nil {
+						if err := json.Unmarshal([]byte(functionArgs), &args); err == nil {
 							clientContent.Parts = append(clientContent.Parts, client.Part{FunctionCall: &client.FunctionCall{Name: functionName, Args: args}})
 						}
 					} else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "tool_result" {
@@ -129,18 +116,10 @@ func ConvertClaudeRequestToGemini(modelName string, inputRawJSON []byte, _ bool)
 			inputSchemaResult := toolResult.Get("input_schema")
 			if inputSchemaResult.Exists() && inputSchemaResult.IsObject() {
 				inputSchema := inputSchemaResult.Raw
-				// Use comprehensive schema sanitization for Gemini API compatibility
-				if sanitizedSchema, sanitizeErr := util.SanitizeSchemaForGemini(inputSchema); sanitizeErr == nil {
-					inputSchema = sanitizedSchema
-				} else {
-					// Fallback to basic cleanup if sanitization fails
-					inputSchema, _ = sjson.Delete(inputSchema, "additionalProperties")
-					inputSchema, _ = sjson.Delete(inputSchema, "$schema")
-				}
 				tool, _ := sjson.Delete(toolResult.Raw, "input_schema")
-				tool, _ = sjson.SetRaw(tool, "parameters", inputSchema)
+				tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema)
 				var toolDeclaration any
-				if err = json.Unmarshal([]byte(tool), &toolDeclaration); err == nil {
+				if err := json.Unmarshal([]byte(tool), &toolDeclaration); err == nil {
 					tools[0].FunctionDeclarations = append(tools[0].FunctionDeclarations, toolDeclaration)
 				}
 			}
--- a/internal/translator/gemini/gemini-cli/gemini_gemini-cli_request.go
+++ b/internal/translator/gemini/gemini-cli/gemini_gemini-cli_request.go
@@ -7,7 +7,9 @@ package geminiCLI

 import (
 	"bytes"
+	"fmt"

+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
@@ -24,5 +26,24 @@ func ConvertGeminiCLIRequestToGemini(_ string, inputRawJSON []byte, _ bool) []by
 		rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw))
 		rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction")
 	}
+
+	toolsResult := gjson.GetBytes(rawJSON, "tools")
+	if toolsResult.Exists() && toolsResult.IsArray() {
+		toolResults := toolsResult.Array()
+		for i := 0; i < len(toolResults); i++ {
+			functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations", i))
+			if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() {
+				functionDeclarationsResults := functionDeclarationsResult.Array()
+				for j := 0; j < len(functionDeclarationsResults); j++ {
+					parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j))
+					if parametersResult.Exists() {
+						strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("tools.%d.function_declarations.%d.parametersJsonSchema", i, j))
+						rawJSON = []byte(strJson)
+					}
+				}
+			}
+		}
+	}
+
 	return rawJSON
 }
--- a/internal/translator/gemini/gemini/gemini_gemini_request.go
+++ b/internal/translator/gemini/gemini/gemini_gemini_request.go
@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"fmt"

+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
@@ -24,6 +25,24 @@ func ConvertGeminiRequestToGemini(_ string, inputRawJSON []byte, _ bool) []byte
 		return rawJSON
 	}

+	toolsResult := gjson.GetBytes(rawJSON, "tools")
+	if toolsResult.Exists() && toolsResult.IsArray() {
+		toolResults := toolsResult.Array()
+		for i := 0; i < len(toolResults); i++ {
+			functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations", i))
+			if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() {
+				functionDeclarationsResults := functionDeclarationsResult.Array()
+				for j := 0; j < len(functionDeclarationsResults); j++ {
+					parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j))
+					if parametersResult.Exists() {
+						strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("tools.%d.function_declarations.%d.parametersJsonSchema", i, j))
+						rawJSON = []byte(strJson)
+					}
+				}
+			}
+		}
+	}
+
 	// Walk contents and fix roles
 	out := rawJSON
 	prevRole := ""
--- a/internal/translator/gemini/openai/chat-completions/gemini_openai_request.go
+++ b/internal/translator/gemini/openai/chat-completions/gemini_openai_request.go
@@ -26,21 +26,6 @@ import (
 //   - []byte: The transformed request data in Gemini API format
 func ConvertOpenAIRequestToGemini(modelName string, inputRawJSON []byte, _ bool) []byte {
 	rawJSON := bytes.Clone(inputRawJSON)
-	var pathsToDelete []string
-	root := gjson.ParseBytes(rawJSON)
-	util.Walk(root, "", "additionalProperties", &pathsToDelete)
-	util.Walk(root, "", "$schema", &pathsToDelete)
-	util.Walk(root, "", "ref", &pathsToDelete)
-	util.Walk(root, "", "strict", &pathsToDelete)
-
-	var err error
-	for _, p := range pathsToDelete {
-		rawJSON, err = sjson.DeleteBytes(rawJSON, p)
-		if err != nil {
-			continue
-		}
-	}
-
 	// Base envelope
 	out := []byte(`{"contents":[],"generationConfig":{"thinkingConfig":{"include_thoughts":true}}}`)

@@ -290,22 +275,13 @@ func ConvertOpenAIRequestToGemini(modelName string, inputRawJSON []byte, _ bool)
 			if t.Get("type").String() == "function" {
 				fn := t.Get("function")
 				if fn.Exists() && fn.IsObject() {
-					out, _ = sjson.SetRawBytes(out, fdPath+".-1", []byte(fn.Raw))
+					parametersJsonSchema, _ := util.RenameKey(fn.Raw, "parameters", "parametersJsonSchema")
+					out, _ = sjson.SetRawBytes(out, fdPath+".-1", []byte(parametersJsonSchema))
 				}
 			}
 		}
 	}

-	var pathsToType []string
-	root = gjson.ParseBytes(out)
-	util.Walk(root, "", "type", &pathsToType)
-	for _, p := range pathsToType {
-		typeResult := gjson.GetBytes(out, p)
-		if strings.ToLower(typeResult.String()) == "select" {
-			out, _ = sjson.SetBytes(out, p, "STRING")
-		}
-	}
-
 	return out
 }

--- a/internal/translator/gemini/openai/responses/gemini_openai-responses_request.go
+++ b/internal/translator/gemini/openai/responses/gemini_openai-responses_request.go
@@ -150,7 +150,7 @@ func ConvertOpenAIResponsesRequestToGemini(modelName string, inputRawJSON []byte
 					if outputResult.IsObject() {
 						functionResponse, _ = sjson.SetRaw(functionResponse, "functionResponse.response.content", outputResult.String())
 					} else {
-						functionResponse, _ = sjson.Set(functionResponse, "functionResponse.response.content", outputResult.String())
+						functionResponse, _ = sjson.Set(functionResponse, "functionResponse.response.content", output)
 					}
 				}

@@ -168,7 +168,7 @@ func ConvertOpenAIResponsesRequestToGemini(modelName string, inputRawJSON []byte

 		tools.ForEach(func(_, tool gjson.Result) bool {
 			if tool.Get("type").String() == "function" {
-				funcDecl := `{"name":"","description":"","parameters":{}}`
+				funcDecl := `{"name":"","description":"","parametersJsonSchema":{}}`

 				if name := tool.Get("name"); name.Exists() {
 					funcDecl, _ = sjson.Set(funcDecl, "name", name.String())
@@ -192,7 +192,7 @@ func ConvertOpenAIResponsesRequestToGemini(modelName string, inputRawJSON []byte
 					}
 					// Set the overall type to OBJECT
 					cleaned, _ = sjson.Set(cleaned, "type", "OBJECT")
-					funcDecl, _ = sjson.SetRaw(funcDecl, "parameters", cleaned)
+					funcDecl, _ = sjson.SetRaw(funcDecl, "parametersJsonSchema", cleaned)
 				}

 				geminiTools, _ = sjson.SetRaw(geminiTools, "0.functionDeclarations.-1", funcDecl)
@@ -261,6 +261,5 @@ func ConvertOpenAIResponsesRequestToGemini(modelName string, inputRawJSON []byte
 			out, _ = sjson.Set(out, "generationConfig.thinkingConfig.thinkingBudget", -1)
 		}
 	}
-
 	return []byte(out)
 }
--- a/internal/translator/openai/claude/openai_claude_response.go
+++ b/internal/translator/openai/claude/openai_claude_response.go
@@ -466,7 +466,7 @@ func ConvertOpenAIResponseToClaudeNonStream(_ context.Context, _ string, origina
 		},
 	}

-	var contentBlocks []interface{}
+	contentBlocks := make([]interface{}, 0)
 	hasToolCall := false

 	if choices := root.Get("choices"); choices.Exists() && choices.IsArray() && len(choices.Array()) > 0 {
@@ -477,80 +477,90 @@ func ConvertOpenAIResponseToClaudeNonStream(_ context.Context, _ string, origina
 		}

 		if message := choice.Get("message"); message.Exists() {
-			if contentArray := message.Get("content"); contentArray.Exists() && contentArray.IsArray() {
-				var textBuilder strings.Builder
-				var thinkingBuilder strings.Builder
+			if contentResult := message.Get("content"); contentResult.Exists() {
+				if contentResult.IsArray() {
+					var textBuilder strings.Builder
+					var thinkingBuilder strings.Builder

-				flushText := func() {
-					if textBuilder.Len() == 0 {
-						return
+					flushText := func() {
+						if textBuilder.Len() == 0 {
+							return
+						}
+						contentBlocks = append(contentBlocks, map[string]interface{}{
+							"type": "text",
+							"text": textBuilder.String(),
+						})
+						textBuilder.Reset()
 					}
-					contentBlocks = append(contentBlocks, map[string]interface{}{
-						"type": "text",
-						"text": textBuilder.String(),
-					})
-					textBuilder.Reset()
-				}

-				flushThinking := func() {
-					if thinkingBuilder.Len() == 0 {
-						return
+					flushThinking := func() {
+						if thinkingBuilder.Len() == 0 {
+							return
+						}
+						contentBlocks = append(contentBlocks, map[string]interface{}{
+							"type":     "thinking",
+							"thinking": thinkingBuilder.String(),
+						})
+						thinkingBuilder.Reset()
 					}
-					contentBlocks = append(contentBlocks, map[string]interface{}{
-						"type":     "thinking",
-						"thinking": thinkingBuilder.String(),
-					})
-					thinkingBuilder.Reset()
-				}

-				for _, item := range contentArray.Array() {
-					typeStr := item.Get("type").String()
-					switch typeStr {
-					case "text":
-						flushThinking()
-						textBuilder.WriteString(item.Get("text").String())
-					case "tool_calls":
-						flushThinking()
-						flushText()
-						toolCalls := item.Get("tool_calls")
-						if toolCalls.IsArray() {
-							toolCalls.ForEach(func(_, tc gjson.Result) bool {
-								hasToolCall = true
-								toolUse := map[string]interface{}{
-									"type": "tool_use",
-									"id":   tc.Get("id").String(),
-									"name": tc.Get("function.name").String(),
-								}
+					for _, item := range contentResult.Array() {
+						typeStr := item.Get("type").String()
+						switch typeStr {
+						case "text":
+							flushThinking()
+							textBuilder.WriteString(item.Get("text").String())
+						case "tool_calls":
+							flushThinking()
+							flushText()
+							toolCalls := item.Get("tool_calls")
+							if toolCalls.IsArray() {
+								toolCalls.ForEach(func(_, tc gjson.Result) bool {
+									hasToolCall = true
+									toolUse := map[string]interface{}{
+										"type": "tool_use",
+										"id":   tc.Get("id").String(),
+										"name": tc.Get("function.name").String(),
+									}

-								argsStr := util.FixJSON(tc.Get("function.arguments").String())
-								if argsStr != "" {
-									var parsed interface{}
-									if err := json.Unmarshal([]byte(argsStr), &parsed); err == nil {
-										toolUse["input"] = parsed
+									argsStr := util.FixJSON(tc.Get("function.arguments").String())
+									if argsStr != "" {
+										var parsed interface{}
+										if err := json.Unmarshal([]byte(argsStr), &parsed); err == nil {
+											toolUse["input"] = parsed
+										} else {
+											toolUse["input"] = map[string]interface{}{}
+										}
 									} else {
 										toolUse["input"] = map[string]interface{}{}
 									}
-								} else {
-									toolUse["input"] = map[string]interface{}{}
-								}

-								contentBlocks = append(contentBlocks, toolUse)
-								return true
-							})
+									contentBlocks = append(contentBlocks, toolUse)
+									return true
+								})
+							}
+						case "reasoning":
+							flushText()
+							if thinking := item.Get("text"); thinking.Exists() {
+								thinkingBuilder.WriteString(thinking.String())
+							}
+						default:
+							flushThinking()
+							flushText()
 						}
-					case "reasoning":
-						flushText()
-						if thinking := item.Get("text"); thinking.Exists() {
-							thinkingBuilder.WriteString(thinking.String())
-						}
-					default:
-						flushThinking()
-						flushText()
+					}
+
+					flushThinking()
+					flushText()
+				} else if contentResult.Type == gjson.String {
+					textContent := contentResult.String()
+					if textContent != "" {
+						contentBlocks = append(contentBlocks, map[string]interface{}{
+							"type": "text",
+							"text": textContent,
+						})
 					}
 				}
-
-				flushThinking()
-				flushText()
 			}

 			if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() {
--- a/internal/translator/openai/gemini/openai_gemini_response.go
+++ b/internal/translator/openai/gemini/openai_gemini_response.go
@@ -141,35 +141,46 @@ func ConvertOpenAIResponseToGemini(_ context.Context, _ string, originalRequestR
 					toolIndex := int(toolCall.Get("index").Int())
 					toolID := toolCall.Get("id").String()
 					toolType := toolCall.Get("type").String()
+					function := toolCall.Get("function")

-					if toolType == "function" {
-						function := toolCall.Get("function")
-						functionName := function.Get("name").String()
-						functionArgs := function.Get("arguments").String()
+					// Skip non-function tool calls explicitly marked as other types.
+					if toolType != "" && toolType != "function" {
+						return true
+					}

-						// Initialize accumulator if needed
-						if _, exists := (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex]; !exists {
-							(*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex] = &ToolCallAccumulator{
-								ID:   toolID,
-								Name: functionName,
-							}
-						}
+					// OpenAI streaming deltas may omit the type field while still carrying function data.
+					if !function.Exists() {
+						return true
+					}

-						// Update ID if provided
-						if toolID != "" {
-							(*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex].ID = toolID
-						}
+					functionName := function.Get("name").String()
+					functionArgs := function.Get("arguments").String()

-						// Update name if provided
-						if functionName != "" {
-							(*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex].Name = functionName
-						}
-
-						// Accumulate arguments
-						if functionArgs != "" {
-							(*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex].Arguments.WriteString(functionArgs)
+					// Initialize accumulator if needed so later deltas without type can append arguments.
+					if _, exists := (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex]; !exists {
+						(*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex] = &ToolCallAccumulator{
+							ID:   toolID,
+							Name: functionName,
 						}
 					}
+
+					acc := (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex]
+
+					// Update ID if provided
+					if toolID != "" {
+						acc.ID = toolID
+					}
+
+					// Update name if provided
+					if functionName != "" {
+						acc.Name = functionName
+					}
+
+					// Accumulate arguments
+					if functionArgs != "" {
+						acc.Arguments.WriteString(functionArgs)
+					}
+
 					return true
 				})

--- a/internal/usage/logger_plugin.go
+++ b/internal/usage/logger_plugin.go
@@ -91,6 +91,7 @@ type RequestDetail struct {
 	Timestamp time.Time  `json:"timestamp"`
 	Source    string     `json:"source"`
 	Tokens    TokenStats `json:"tokens"`
+	Failed    bool       `json:"failed"`
 }

 // TokenStats captures the token usage breakdown for a request.
@@ -165,7 +166,11 @@ func (s *RequestStatistics) Record(ctx context.Context, record coreusage.Record)
 	if statsKey == "" {
 		statsKey = resolveAPIIdentifier(ctx, record)
 	}
-	success := resolveSuccess(ctx)
+	failed := record.Failed
+	if !failed {
+		failed = !resolveSuccess(ctx)
+	}
+	success := !failed
 	modelName := record.Model
 	if modelName == "" {
 		modelName = "unknown"
@@ -193,6 +198,7 @@ func (s *RequestStatistics) Record(ctx context.Context, record coreusage.Record)
 		Timestamp: timestamp,
 		Source:    record.Source,
 		Tokens:    detail,
+		Failed:    failed,
 	})

 	s.requestsByDay[dayKey]++
--- a/internal/util/provider.go
+++ b/internal/util/provider.go
@@ -4,6 +4,8 @@
 package util

 import (
+	"strings"
+
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
 )
@@ -141,3 +143,48 @@ func HideAPIKey(apiKey string) string {
 	}
 	return apiKey
 }
+
+// maskAuthorizationHeader masks the Authorization header value while preserving the auth type prefix.
+// Common formats: "Bearer <token>", "Basic <credentials>", "ApiKey <key>", etc.
+// It preserves the prefix (e.g., "Bearer ") and only masks the token/credential part.
+//
+// Parameters:
+//   - value: The Authorization header value
+//
+// Returns:
+//   - string: The masked Authorization value with prefix preserved
+func MaskAuthorizationHeader(value string) string {
+	parts := strings.SplitN(strings.TrimSpace(value), " ", 2)
+	if len(parts) < 2 {
+		return HideAPIKey(value)
+	}
+	return parts[0] + " " + HideAPIKey(parts[1])
+}
+
+// MaskSensitiveHeaderValue masks sensitive header values while preserving expected formats.
+//
+// Behavior by header key (case-insensitive):
+//   - "Authorization": Preserve the auth type prefix (e.g., "Bearer ") and mask only the credential part.
+//   - Headers containing "api-key": Mask the entire value using HideAPIKey.
+//   - Others: Return the original value unchanged.
+//
+// Parameters:
+//   - key:   The HTTP header name to inspect (case-insensitive matching).
+//   - value: The header value to mask when sensitive.
+//
+// Returns:
+//   - string: The masked value according to the header type; unchanged if not sensitive.
+func MaskSensitiveHeaderValue(key, value string) string {
+	lowerKey := strings.ToLower(strings.TrimSpace(key))
+	switch {
+	case lowerKey == "authorization":
+		return MaskAuthorizationHeader(value)
+	case strings.Contains(lowerKey, "api-key"),
+		strings.Contains(lowerKey, "apikey"),
+		strings.Contains(lowerKey, "token"),
+		strings.Contains(lowerKey, "secret"):
+		return HideAPIKey(value)
+	default:
+		return value
+	}
+}
--- a/internal/util/translator.go
+++ b/internal/util/translator.go
@@ -212,161 +212,3 @@ func FixJSON(input string) string {

 	return out.String()
 }
-
-// SanitizeSchemaForGemini removes JSON Schema fields that are incompatible with Gemini API
-// to prevent "Proto field is not repeating, cannot start list" errors.
-//
-// Parameters:
-//   - schemaJSON: The JSON schema string to sanitize
-//
-// Returns:
-//   - string: The sanitized schema string
-//   - error: An error if the operation fails
-//
-// This function removes the following incompatible fields:
-// - additionalProperties: Not supported in Gemini function declarations
-// - $schema: JSON Schema meta-schema identifier, not needed for API
-// - allOf/anyOf/oneOf: Union type constructs not supported
-// - exclusiveMinimum/exclusiveMaximum: Advanced validation constraints
-// - patternProperties: Advanced property pattern matching
-// - dependencies: Property dependencies not supported
-// - type arrays: Converts ["string", "null"] to just "string"
-func SanitizeSchemaForGemini(schemaJSON string) (string, error) {
-	// Remove top-level incompatible fields
-	fieldsToRemove := []string{
-		"additionalProperties",
-		"$schema",
-		"allOf",
-		"anyOf",
-		"oneOf",
-		"exclusiveMinimum",
-		"exclusiveMaximum",
-		"patternProperties",
-		"dependencies",
-	}
-
-	result := schemaJSON
-	var err error
-
-	for _, field := range fieldsToRemove {
-		result, err = sjson.Delete(result, field)
-		if err != nil {
-			continue // Continue even if deletion fails
-		}
-	}
-
-	// Handle type arrays by converting them to single types
-	result = sanitizeTypeFields(result)
-
-	// Recursively clean nested objects
-	result = cleanNestedSchemas(result)
-
-	return result, nil
-}
-
-// sanitizeTypeFields converts type arrays to single types for Gemini compatibility
-func sanitizeTypeFields(jsonStr string) string {
-	// Parse the JSON to find all "type" fields
-	parsed := gjson.Parse(jsonStr)
-	result := jsonStr
-
-	// Walk through all paths to find type fields
-	var typeFields []string
-	walkForTypeFields(parsed, "", &typeFields)
-
-	// Process each type field
-	for _, path := range typeFields {
-		typeValue := gjson.Get(result, path)
-		if typeValue.IsArray() {
-			// Convert array to single type (prioritize string, then others)
-			arr := typeValue.Array()
-			if len(arr) > 0 {
-				var preferredType string
-				for _, t := range arr {
-					typeStr := t.String()
-					if typeStr == "string" {
-						preferredType = "string"
-						break
-					} else if typeStr == "number" || typeStr == "integer" {
-						preferredType = typeStr
-					} else if preferredType == "" {
-						preferredType = typeStr
-					}
-				}
-				if preferredType != "" {
-					result, _ = sjson.Set(result, path, preferredType)
-				}
-			}
-		}
-	}
-
-	return result
-}
-
-// walkForTypeFields recursively finds all "type" field paths in the JSON
-func walkForTypeFields(value gjson.Result, path string, paths *[]string) {
-	switch value.Type {
-	case gjson.JSON:
-		value.ForEach(func(key, val gjson.Result) bool {
-			var childPath string
-			if path == "" {
-				childPath = key.String()
-			} else {
-				childPath = path + "." + key.String()
-			}
-			if key.String() == "type" {
-				*paths = append(*paths, childPath)
-			}
-			walkForTypeFields(val, childPath, paths)
-			return true
-		})
-	default:
-
-	}
-}
-
-// cleanNestedSchemas recursively removes incompatible fields from nested schema objects
-func cleanNestedSchemas(jsonStr string) string {
-	fieldsToRemove := []string{"allOf", "anyOf", "oneOf", "exclusiveMinimum", "exclusiveMaximum"}
-
-	// Find all nested paths that might contain these fields
-	var pathsToClean []string
-	parsed := gjson.Parse(jsonStr)
-	findNestedSchemaPaths(parsed, "", fieldsToRemove, &pathsToClean)
-
-	result := jsonStr
-	// Remove fields from all found paths
-	for _, path := range pathsToClean {
-		result, _ = sjson.Delete(result, path)
-	}
-
-	return result
-}
-
-// findNestedSchemaPaths recursively finds paths containing incompatible schema fields
-func findNestedSchemaPaths(value gjson.Result, path string, fieldsToFind []string, paths *[]string) {
-	switch value.Type {
-	case gjson.JSON:
-		value.ForEach(func(key, val gjson.Result) bool {
-			var childPath string
-			if path == "" {
-				childPath = key.String()
-			} else {
-				childPath = path + "." + key.String()
-			}
-
-			// Check if this key is one we want to remove
-			for _, field := range fieldsToFind {
-				if key.String() == field {
-					*paths = append(*paths, childPath)
-					break
-				}
-			}
-
-			findNestedSchemaPaths(val, childPath, fieldsToFind, paths)
-			return true
-		})
-	default:
-
-	}
-}
--- a/internal/util/util.go
+++ b/internal/util/util.go
@@ -84,3 +84,17 @@ func CountAuthFiles(authDir string) int {
 	}
 	return count
 }
+
+// WritablePath returns the cleaned WRITABLE_PATH environment variable when it is set.
+// It accepts both uppercase and lowercase variants for compatibility with existing conventions.
+func WritablePath() string {
+	for _, key := range []string{"WRITABLE_PATH", "writable_path"} {
+		if value, ok := os.LookupEnv(key); ok {
+			trimmed := strings.TrimSpace(value)
+			if trimmed != "" {
+				return filepath.Clean(trimmed)
+			}
+		}
+	}
+	return ""
+}
--- a/internal/watcher/watcher.go
+++ b/internal/watcher/watcher.go
@@ -1192,6 +1192,9 @@ func buildConfigChangeDetails(oldCfg, newCfg *config.Config) []string {
 	if oldCfg.UsageStatisticsEnabled != newCfg.UsageStatisticsEnabled {
 		changes = append(changes, fmt.Sprintf("usage-statistics-enabled: %t -> %t", oldCfg.UsageStatisticsEnabled, newCfg.UsageStatisticsEnabled))
 	}
+	if oldCfg.DisableCooling != newCfg.DisableCooling {
+		changes = append(changes, fmt.Sprintf("disable-cooling: %t -> %t", oldCfg.DisableCooling, newCfg.DisableCooling))
+	}
 	if oldCfg.RequestLog != newCfg.RequestLog {
 		changes = append(changes, fmt.Sprintf("request-log: %t -> %t", oldCfg.RequestLog, newCfg.RequestLog))
 	}
--- a/sdk/auth/iflow.go
+++ b/sdk/auth/iflow.go
@@ -26,7 +26,7 @@ func (a *IFlowAuthenticator) Provider() string { return "iflow" }

 // RefreshLead indicates how soon before expiry a refresh should be attempted.
 func (a *IFlowAuthenticator) RefreshLead() *time.Duration {
-	d := 3 * time.Hour
+	d := 24 * time.Hour
 	return &d
 }

--- a/sdk/cliproxy/auth/manager.go
+++ b/sdk/cliproxy/auth/manager.go
@@ -8,6 +8,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"

 	"github.com/google/uuid"
@@ -40,8 +41,17 @@ const (
 	refreshCheckInterval  = 5 * time.Second
 	refreshPendingBackoff = time.Minute
 	refreshFailureBackoff = 5 * time.Minute
+	quotaBackoffBase      = time.Second
+	quotaBackoffMax       = 30 * time.Minute
 )

+var quotaCooldownDisabled atomic.Bool
+
+// SetQuotaCooldownDisabled toggles quota cooldown scheduling globally.
+func SetQuotaCooldownDisabled(disable bool) {
+	quotaCooldownDisabled.Store(disable)
+}
+
 // Result captures execution outcome used to adjust auth state.
 type Result struct {
 	// AuthID references the auth that produced this result.
@@ -532,9 +542,18 @@ func (m *Manager) MarkResult(ctx context.Context, result Result) {
 					suspendReason = "payment_required"
 					shouldSuspendModel = true
 				case 429:
-					next := now.Add(30 * time.Minute)
+					cooldown, nextLevel := nextQuotaCooldown(state.Quota.BackoffLevel)
+					var next time.Time
+					if cooldown > 0 {
+						next = now.Add(cooldown)
+					}
 					state.NextRetryAfter = next
-					state.Quota = QuotaState{Exceeded: true, Reason: "quota", NextRecoverAt: next}
+					state.Quota = QuotaState{
+						Exceeded:      true,
+						Reason:        "quota",
+						NextRecoverAt: next,
+						BackoffLevel:  nextLevel,
+					}
 					suspendReason = "quota"
 					shouldSuspendModel = true
 					setModelQuota = true
@@ -608,6 +627,7 @@ func updateAggregatedAvailability(auth *Auth, now time.Time) {
 	earliestRetry := time.Time{}
 	quotaExceeded := false
 	quotaRecover := time.Time{}
+	maxBackoffLevel := 0
 	for _, state := range auth.ModelStates {
 		if state == nil {
 			continue
@@ -636,6 +656,9 @@ func updateAggregatedAvailability(auth *Auth, now time.Time) {
 			if quotaRecover.IsZero() || (!state.Quota.NextRecoverAt.IsZero() && state.Quota.NextRecoverAt.Before(quotaRecover)) {
 				quotaRecover = state.Quota.NextRecoverAt
 			}
+			if state.Quota.BackoffLevel > maxBackoffLevel {
+				maxBackoffLevel = state.Quota.BackoffLevel
+			}
 		}
 	}
 	auth.Unavailable = allUnavailable
@@ -648,10 +671,12 @@ func updateAggregatedAvailability(auth *Auth, now time.Time) {
 		auth.Quota.Exceeded = true
 		auth.Quota.Reason = "quota"
 		auth.Quota.NextRecoverAt = quotaRecover
+		auth.Quota.BackoffLevel = maxBackoffLevel
 	} else {
 		auth.Quota.Exceeded = false
 		auth.Quota.Reason = ""
 		auth.Quota.NextRecoverAt = time.Time{}
+		auth.Quota.BackoffLevel = 0
 	}
 }

@@ -685,6 +710,7 @@ func clearAuthStateOnSuccess(auth *Auth, now time.Time) {
 	auth.Quota.Exceeded = false
 	auth.Quota.Reason = ""
 	auth.Quota.NextRecoverAt = time.Time{}
+	auth.Quota.BackoffLevel = 0
 	auth.LastError = nil
 	auth.NextRetryAfter = time.Time{}
 	auth.UpdatedAt = now
@@ -734,8 +760,14 @@ func applyAuthFailureState(auth *Auth, resultErr *Error, now time.Time) {
 		auth.StatusMessage = "quota exhausted"
 		auth.Quota.Exceeded = true
 		auth.Quota.Reason = "quota"
-		auth.Quota.NextRecoverAt = now.Add(30 * time.Minute)
-		auth.NextRetryAfter = auth.Quota.NextRecoverAt
+		cooldown, nextLevel := nextQuotaCooldown(auth.Quota.BackoffLevel)
+		var next time.Time
+		if cooldown > 0 {
+			next = now.Add(cooldown)
+		}
+		auth.Quota.NextRecoverAt = next
+		auth.Quota.BackoffLevel = nextLevel
+		auth.NextRetryAfter = next
 	case 408, 500, 502, 503, 504:
 		auth.StatusMessage = "transient upstream error"
 		auth.NextRetryAfter = now.Add(1 * time.Minute)
@@ -746,6 +778,24 @@ func applyAuthFailureState(auth *Auth, resultErr *Error, now time.Time) {
 	}
 }

+// nextQuotaCooldown returns the next cooldown duration and updated backoff level for repeated quota errors.
+func nextQuotaCooldown(prevLevel int) (time.Duration, int) {
+	if prevLevel < 0 {
+		prevLevel = 0
+	}
+	if quotaCooldownDisabled.Load() {
+		return 0, prevLevel
+	}
+	cooldown := quotaBackoffBase * time.Duration(1<<prevLevel)
+	if cooldown < quotaBackoffBase {
+		cooldown = quotaBackoffBase
+	}
+	if cooldown >= quotaBackoffMax {
+		return quotaBackoffMax, prevLevel
+	}
+	return cooldown, prevLevel + 1
+}
+
 // List returns all auth entries currently known by the manager.
 func (m *Manager) List() []*Auth {
 	m.mu.RLock()
--- a/sdk/cliproxy/auth/types.go
+++ b/sdk/cliproxy/auth/types.go
@@ -65,6 +65,8 @@ type QuotaState struct {
 	Reason string `json:"reason,omitempty"`
 	// NextRecoverAt is when the credential may become available again.
 	NextRecoverAt time.Time `json:"next_recover_at"`
+	// BackoffLevel stores the progressive cooldown exponent used for rate limits.
+	BackoffLevel int `json:"backoff_level,omitempty"`
 }

 // ModelState captures the execution state for a specific model under an auth entry.
--- a/sdk/cliproxy/usage/manager.go
+++ b/sdk/cliproxy/usage/manager.go
@@ -16,6 +16,7 @@ type Record struct {
 	AuthID      string
 	Source      string
 	RequestedAt time.Time
+	Failed      bool
 	Detail      Detail
 }
Author	SHA1	Message	Date
Luis Pater	9678be7aa4	feat: add DisableCooling configuration to manage quota cooldown behavior	2025-10-21 21:51:30 +08:00
Luis Pater	243bf5c108	feat: enhance tool call handling in OpenAI response conversion	2025-10-21 20:04:24 +08:00
Luis Pater	3569e5779a	feat: enhance quota management with backoff levels and cooldown logic	2025-10-21 18:44:28 +08:00
Luis Pater	20985d1a10	Refactor executor error handling and usage reporting - Updated the Execute methods in various executors (GeminiCLIExecutor, GeminiExecutor, IFlowExecutor, OpenAICompatExecutor, QwenExecutor) to return a response and error as named return values for improved clarity. - Enhanced error handling by deferring failure tracking in usage reporters, ensuring that failures are reported correctly. - Improved response body handling by ensuring proper closure and error logging for HTTP responses across all executors. - Added failure tracking and reporting in the usage reporter to capture unsuccessful requests. - Updated the usage logging structure to include a 'Failed' field for better tracking of request outcomes. - Adjusted the logic in the RequestStatistics and Record methods to accommodate the new failure tracking mechanism.	2025-10-21 11:22:24 +08:00
Luis Pater	67f553806b	feat: implement management asset configuration and auto-updater	2025-10-21 09:01:58 +08:00
Luis Pater	29044312a4	docs: add Subtitle Translator tool to README files	2025-10-21 02:48:08 +08:00
Luis Pater	5b3fc092ee	Merge pull request #151 from VjayC/add-subtitle-translator docs: add Subtitle Translator to projects list	2025-10-21 02:44:50 +08:00
Vijay Chimmi	792e8d09d7	docs: add Subtitle Translator to projects list	2025-10-20 11:29:18 -07:00
Luis Pater	eadccb229f	Fixed: #148 feat(executor): add initial cache_helpers.go file	2025-10-20 10:17:29 +08:00
Luis Pater	fed6f3ecd7	Merge pull request #147 from router-for-me/config feat(mgmt): support YAML config retrieval and updates via /config.yaml	2025-10-19 22:26:38 +08:00
hkfires	f8dcd707a6	feat(mgmt): support YAML config retrieval and updates via /config.yaml	2025-10-19 21:56:29 +08:00
Luis Pater	0e91e95287	Merge pull request #145 from router-for-me/path feat: prefer util.WritablePath() for logs and local storage	2025-10-19 20:50:44 +08:00
Luis Pater	c5dcbc1c1a	Merge pull request #146 from router-for-me/iflow feat(iflow): add masked token logs; increase refresh lead to 24h	2025-10-19 20:49:40 +08:00
hkfires	4504ba5329	feat(iflow): add masked token logs; increase refresh lead to 24h	2025-10-19 10:56:29 +08:00
hkfires	d16599fa1d	feat: prefer util.WritablePath() for logs and local storage	2025-10-19 10:19:55 +08:00
Luis Pater	674393ec12	Merge pull request #139 from router-for-me/log feat(logging): centralize sensitive header masking	2025-10-18 22:25:28 +08:00
hkfires	9f45806106	feat(logging): centralize sensitive header masking	2025-10-18 17:16:00 +08:00
Luis Pater	307ae76ed4	refactor: streamline ConvertCodexResponseToGeminiNonStream by removing unnecessary buffer and improving response handling	2025-10-18 16:08:30 +08:00
Luis Pater	735b21394c	Fixed: #137 refactor: simplify ConvertCodexResponseToClaudeNonStream by removing bufio.Scanner usage and restructuring response parsing logic	2025-10-18 06:22:42 +08:00
Luis Pater	9cdef937af	fix: initialize contentBlocks with an empty slice and improve content handling in ConvertOpenAIResponseToClaudeNonStream	2025-10-17 08:47:09 +08:00
Luis Pater	3dd0844b98	Enhance logging for API requests and responses across executors - Added detailed logging of upstream request metadata including URL, method, headers, and body for Codex, Gemini, IFlow, OpenAI Compat, and Qwen executors. - Implemented error logging for API response failures to capture errors during HTTP requests. - Introduced structured logging for authentication details (AuthID, AuthLabel, AuthType, AuthValue) to improve traceability. - Updated response logging to include status codes and headers for better debugging. - Ensured that all executors consistently log API interactions to facilitate monitoring and troubleshooting.	2025-10-17 04:12:38 +08:00
Luis Pater	4477c729a4	Fixed: #129 #123 #102 #97 feat: add all protocols request and response translation for Gemini and Gemini CLI compatibility	2025-10-17 02:11:29 +08:00