- Add comprehensive PROJECT_REVIEW.md with development experience summary
- Update DEV_GUIDE.md with standardized conventions and best practices
- Move audit reports to docs/reports/ and update .gitignore
- Document Windows compatibility issues and solutions
- Add PR checklist and testing standards
- config: add optional configPaths parameter to load() for test isolation
(tests now use t.TempDir() to avoid interference from D:\app\data)
- handler: fix stubAccountRepoForHandler.ListByPlatform to return accounts
(was returning nil, nil causing "no available accounts" errors)
- logger: fix Sync() blocking on Windows pipes by closing write end first
(also add Reset() function to close lumberjack file handles for cleanup)
- Add fallback pricing for 10 Chinese AI providers (DeepSeek, Qwen, GLM,
Moonshot, Doubao, MiniMax, ERNIE, Spark, Hunyuan, Yi) with 38 test cases
- Add 32 Chinese model entries to pricing JSON (qwen-long, qwq-32b,
glm-4-air, spark-max/pro/lite, hunyuan-pro/standard/lite, etc.)
- Add 6 Chinese API domains to SSRF allowlist
- Fix XSS vulnerability in HomeView.vue with DOMPurify sanitization
- Change DB SSL default from 'disable' to 'prefer' with security comment
- Replace hardcoded admin password in config.example.yaml
- Enable @typescript-eslint/no-explicit-any as warning
- Add vite-plugin-compression for gzip production builds
- Add Prettier and EditorConfig configurations
- Fix missing context import in sticky_session_test.go
- Add context parameter to shouldClearStickySession in tests
- Return 501 NotImplemented for TestCredentials
- Remove unused user variable in redeem_service
- Add comment for context.Background goroutine in promo_service
- Uncomment sora_client_handler tests (17 skipped tests)
- Add math/rand usage comment in request_transformer
- Fix ModelError.Error() to use fmt.Sprintf
- Add NotImplemented error type to errors package
- Optimize SSE defaultMaxLineSize from 500MB to 10MB
P0 fixes:
- ModelError.Is(): use exact matching instead of substring contains()
- shouldClearStickySession: add context param for cancellation/tracing
P1 fixes:
- TODO stubs: return 501 Not Implemented errors
- validateInstanceSignature: deduplicate to shared validateCodeSignature()
- Error messages: standardize to English only
- http.go: remove pseudo if-else with duplicate branches
P0 fixes:
- ModelError.Is(): use exact matching instead of substring contains()
- shouldClearStickySession: add context param for cancellation/tracing
P1 fixes:
- TODO stubs: return 501 Not Implemented errors
- validateInstanceSignature: deduplicate to shared validateCodeSignature()
- Error messages: standardize to English only
- http.go: remove pseudo if-else with duplicate branches
