merge: 合并主分支改动并保留 ops 监控实现

合并 main 分支的最新改动到 ops 监控分支。
冲突解决策略：保留当前分支的 ops 相关改动，接受主分支的其他改动。

保留的 ops 改动：
- 运维监控配置和依赖注入
- 运维监控 API 处理器和中间件
- 运维监控服务层和数据访问层
- 运维监控前端界面和状态管理

接受的主分支改动：
- Linux DO OAuth 集成
- 账号过期功能
- IP 地址限制功能
- 用量统计优化
- 其他 bug 修复和功能改进

backend/migrations/028_add_usage_logs_user_agent.sql

@@ -0,0 +1,10 @@
+-- Add user_agent column to usage_logs table
+-- Records the User-Agent header from API requests for analytics and debugging
+
+ALTER TABLE usage_logs
+    ADD COLUMN IF NOT EXISTS user_agent VARCHAR(512);
+
+-- Optional: Add index for user_agent queries (uncomment if needed for analytics)
+-- CREATE INDEX IF NOT EXISTS idx_usage_logs_user_agent ON usage_logs(user_agent);
+
+COMMENT ON COLUMN usage_logs.user_agent IS 'User-Agent header from the API request';

backend/migrations/029_add_group_claude_code_restriction.sql

@@ -0,0 +1,21 @@
+-- 029_add_group_claude_code_restriction.sql
+-- 添加分组级别的 Claude Code 客户端限制功能
+
+-- 添加 claude_code_only 字段：是否仅允许 Claude Code 客户端
+ALTER TABLE groups
+ADD COLUMN IF NOT EXISTS claude_code_only BOOLEAN NOT NULL DEFAULT FALSE;
+
+-- 添加 fallback_group_id 字段：非 Claude Code 请求降级到的分组
+ALTER TABLE groups
+ADD COLUMN IF NOT EXISTS fallback_group_id BIGINT REFERENCES groups(id) ON DELETE SET NULL;
+
+-- 添加索引优化查询
+CREATE INDEX IF NOT EXISTS idx_groups_claude_code_only
+ON groups(claude_code_only) WHERE deleted_at IS NULL;
+
+CREATE INDEX IF NOT EXISTS idx_groups_fallback_group_id
+ON groups(fallback_group_id) WHERE deleted_at IS NULL AND fallback_group_id IS NOT NULL;
+
+-- 添加字段注释
+COMMENT ON COLUMN groups.claude_code_only IS '是否仅允许 Claude Code 客户端访问此分组';
+COMMENT ON COLUMN groups.fallback_group_id IS '非 Claude Code 请求降级使用的分组 ID';

backend/migrations/030_add_account_expires_at.sql

@@ -0,0 +1,10 @@
+-- Add expires_at for account expiration configuration
+ALTER TABLE accounts ADD COLUMN IF NOT EXISTS expires_at timestamptz;
+-- Document expires_at meaning
+COMMENT ON COLUMN accounts.expires_at IS 'Account expiration time (NULL means no expiration).';
+-- Add auto_pause_on_expired for account expiration scheduling control
+ALTER TABLE accounts ADD COLUMN IF NOT EXISTS auto_pause_on_expired boolean NOT NULL DEFAULT true;
+-- Document auto_pause_on_expired meaning
+COMMENT ON COLUMN accounts.auto_pause_on_expired IS 'Auto pause scheduling when account expires.';
+-- Ensure existing accounts are enabled by default
+UPDATE accounts SET auto_pause_on_expired = true;

backend/migrations/031_add_ip_address.sql

@@ -0,0 +1,5 @@
+-- Add IP address field to usage_logs table for request tracking (admin-only visibility)
+ALTER TABLE usage_logs ADD COLUMN IF NOT EXISTS ip_address VARCHAR(45);
+
+-- Create index for IP address queries
+CREATE INDEX IF NOT EXISTS idx_usage_logs_ip_address ON usage_logs(ip_address);

backend/migrations/032_add_api_key_ip_restriction.sql

@@ -0,0 +1,9 @@
+-- Add IP restriction fields to api_keys table
+-- ip_whitelist: JSON array of allowed IPs/CIDRs (if set, only these IPs can use the key)
+-- ip_blacklist: JSON array of blocked IPs/CIDRs (these IPs are always blocked)
+
+ALTER TABLE api_keys ADD COLUMN IF NOT EXISTS ip_whitelist JSONB DEFAULT NULL;
+ALTER TABLE api_keys ADD COLUMN IF NOT EXISTS ip_blacklist JSONB DEFAULT NULL;
+
+COMMENT ON COLUMN api_keys.ip_whitelist IS 'JSON array of allowed IPs/CIDRs, e.g. ["192.168.1.100", "10.0.0.0/8"]';
+COMMENT ON COLUMN api_keys.ip_blacklist IS 'JSON array of blocked IPs/CIDRs, e.g. ["1.2.3.4", "5.6.0.0/16"]';