diff --git a/backend/internal/service/openai_gateway_service.go b/backend/internal/service/openai_gateway_service.go
index 893a29ed..b2434192 100644
--- a/backend/internal/service/openai_gateway_service.go
+++ b/backend/internal/service/openai_gateway_service.go
@@ -292,7 +292,7 @@ func logCodexCLIOnlyDetection(ctx context.Context, account *Account, apiKeyID in
 	}
 	log := logger.FromContext(ctx).With(fields...)
 	if result.Matched {
-		log.Info("OpenAI codex_cli_only 检测通过")
+		log.Warn("OpenAI codex_cli_only 允许官方客户端请求")
 		return
 	}
 	log.Warn("OpenAI codex_cli_only 拒绝非官方客户端请求")
diff --git a/backend/internal/service/openai_gateway_service_codex_cli_only_test.go b/backend/internal/service/openai_gateway_service_codex_cli_only_test.go
index 74e186c2..69c319d8 100644
--- a/backend/internal/service/openai_gateway_service_codex_cli_only_test.go
+++ b/backend/internal/service/openai_gateway_service_codex_cli_only_test.go
@@ -99,3 +99,23 @@ func TestLogCodexCLIOnlyDetection_NilSafety(t *testing.T) {
 		logCodexCLIOnlyDetection(context.Background(), nil, 0, CodexClientRestrictionDetectionResult{Enabled: false, Matched: false, Reason: "disabled"})
 	})
 }
+
+func TestLogCodexCLIOnlyDetection_LogsBothMatchedAndRejected(t *testing.T) {
+	logSink, restore := captureStructuredLog(t)
+	defer restore()
+
+	account := &Account{ID: 1001}
+	logCodexCLIOnlyDetection(context.Background(), account, 2002, CodexClientRestrictionDetectionResult{
+		Enabled: true,
+		Matched: true,
+		Reason:  CodexClientRestrictionReasonMatchedUA,
+	})
+	logCodexCLIOnlyDetection(context.Background(), account, 2002, CodexClientRestrictionDetectionResult{
+		Enabled: true,
+		Matched: false,
+		Reason:  CodexClientRestrictionReasonNotMatchedUA,
+	})
+
+	require.True(t, logSink.ContainsMessage("OpenAI codex_cli_only 允许官方客户端请求"))
+	require.True(t, logSink.ContainsMessage("OpenAI codex_cli_only 拒绝非官方客户端请求"))
+}