feat(channel-monitor): request templates with snapshot apply + headers/body override

Problem:
Upstream channels can reject monitor probes based on client fingerprint
(e.g. "only Claude Code clients allowed"). The monitor had no way to
customize the outgoing request to bypass such restrictions.

Solution:
Introduce reusable request templates that carry extra_headers plus an
optional body override; monitors reference a template and receive a
snapshot copy on apply. Template edits do NOT auto-propagate — users
must click "apply to associated monitors" to refresh snapshots, so a
bad template edit cannot instantly break all production monitors.

Data model (migration 112):
- channel_monitor_request_templates: id, name, provider, description,
  extra_headers jsonb, body_override_mode ('off'|'merge'|'replace'),
  body_override jsonb. Unique (provider, name).
- channel_monitors: +template_id (FK, ON DELETE SET NULL), +extra_headers,
  +body_override_mode, +body_override (the three runtime snapshot fields).

Checker (channel_monitor_checker.go):
- callProvider + runCheckForModel accept a CheckOptions carrying the
  snapshot fields. mergeHeaders applies user headers on top of adapter
  defaults (forbidden list: Host / Content-Length / Transfer-Encoding /
  Connection / Content-Encoding).
- buildRequestBody:
    off     -> adapter default body
    merge   -> shallow-merge over default; per-provider deny list
               (model/messages/contents) protects the challenge contract
    replace -> user body verbatim
- Replace mode skips challenge validation; instead HTTP 2xx + non-empty
  extracted response text = operational, empty = failed.
- 4 new unit tests cover all three modes + replace/empty-response case.

Admin API:
- /admin/channel-monitor-templates CRUD + /:id/apply (overwrite snapshot
  on all template_id=id monitors, returns affected count).
- channel_monitor request/response DTOs gain the 4 new fields.

Frontend:
- channelMonitorTemplate.ts API client.
- MonitorAdvancedRequestConfig.vue shared component for headers textarea
  + body mode radio + body JSON editor; used by both template and monitor
  forms.
- MonitorTemplateManagerDialog.vue: provider tabs, list/create/edit/
  delete/apply, live "associated monitors" count per row.
- MonitorFiltersBar: new 模板管理 button next to 新增监控.
- MonitorFormDialog: collapsible 高级 section with template dropdown
  (filtered by form.provider, clears on provider change) + embedded
  AdvancedRequestConfig. Picking a template copies its fields into the
  form (snapshot semantics mirrored on the client).
- i18n zh/en entries for all new copy.

chore: bump version to 0.1.114.32

backend/internal/service/channel_monitor_checker.go

@@ -37,9 +37,23 @@ func newSSRFSafeHTTPClient(timeout time.Duration) *http.Client {
 	return &http.Client{Timeout: timeout, Transport: tr}
 }
 
+// CheckOptions 承载一次检测的自定义入参。
+// 所有字段都是可选（零值即等价于"用默认行为"）。
+type CheckOptions struct {
+	// ExtraHeaders 用户自定义 HTTP 头（merge 到 adapter 默认 headers，用户优先）。
+	ExtraHeaders map[string]string
+	// BodyOverrideMode: off | merge | replace
+	BodyOverrideMode string
+	// BodyOverride 在 merge 模式下做浅合并（key 命中黑名单时静默丢弃），
+	// 在 replace 模式下直接当作完整 body。
+	BodyOverride map[string]any
+}
+
 // runCheckForModel 对单个 (provider, model) 做一次完整检测。
 // 不返回 error：所有失败都包装进 CheckResult.Status=error/failed。
-func runCheckForModel(ctx context.Context, provider, endpoint, apiKey, model string) *CheckResult {
+//
+// opts 承载模板 / 监控快照带来的自定义配置。nil 等同于 "off + 无 extra headers"。
+func runCheckForModel(ctx context.Context, provider, endpoint, apiKey, model string, opts *CheckOptions) *CheckResult {
 	res := &CheckResult{
 		Model:     model,
 		Status:    MonitorStatusError,
@@ -47,9 +61,10 @@ func runCheckForModel(ctx context.Context, provider, endpoint, apiKey, model str
 	}
 
 	challenge := generateChallenge()
+	mode := bodyOverrideMode(opts)
 
 	start := time.Now()
-	respText, rawBody, statusCode, err := callProvider(ctx, provider, endpoint, apiKey, model, challenge.Prompt)
+	respText, rawBody, statusCode, err := callProvider(ctx, provider, endpoint, apiKey, model, challenge.Prompt, opts)
 	latency := time.Since(start)
 	latencyMs := int(latency / time.Millisecond)
 	res.LatencyMs = &latencyMs
@@ -68,22 +83,47 @@ func runCheckForModel(ctx context.Context, provider, endpoint, apiKey, model str
 		return res
 	}
 
+	// Replace 模式：跳过 challenge 校验（用户 body 是静态的，challenge 没法嵌入）。
+	// 改用「HTTP 2xx + 响应文本（adapter.textPath 抽取）非空」作为 operational 判定。
+	// 响应文本为空则降级为 failed（视为上游回了 200 但没实际内容）。
+	if mode == MonitorBodyOverrideModeReplace {
+		if strings.TrimSpace(respText) == "" {
+			res.Status = MonitorStatusFailed
+			res.Message = truncateMessage("replace-mode: upstream returned 2xx with empty text")
+			return res
+		}
+		return finalizeOperationalOrDegraded(res, latency, latencyMs)
+	}
+
 	if !validateChallenge(respText, challenge.Expected) {
 		res.Status = MonitorStatusFailed
 		res.Message = truncateMessage(sanitizeErrorMessage(fmt.Sprintf("challenge mismatch (expected %s, got %q)", challenge.Expected, respText)))
 		return res
 	}
 
+	return finalizeOperationalOrDegraded(res, latency, latencyMs)
+}
+
+// finalizeOperationalOrDegraded 负责走到最后一步的 operational/degraded 判定。
+// 拆出来是为了让 runCheckForModel 不超过 30 行。
+func finalizeOperationalOrDegraded(res *CheckResult, latency time.Duration, latencyMs int) *CheckResult {
 	if latency >= monitorDegradedThreshold {
 		res.Status = MonitorStatusDegraded
 		res.Message = truncateMessage(fmt.Sprintf("slow response: %dms", latencyMs))
 		return res
 	}
-
 	res.Status = MonitorStatusOperational
 	return res
 }
 
+// bodyOverrideMode 归一取 opts.BodyOverrideMode，nil opts / 空串都视为 off。
+func bodyOverrideMode(opts *CheckOptions) string {
+	if opts == nil || opts.BodyOverrideMode == "" {
+		return MonitorBodyOverrideModeOff
+	}
+	return opts.BodyOverrideMode
+}
+
 // pingEndpointOrigin 对 endpoint 的 origin (scheme://host) 发起 HEAD 请求，返回耗时。
 // 失败时返回 nil（不影响主状态判定）。
 func pingEndpointOrigin(ctx context.Context, endpoint string) *int {
@@ -183,29 +223,109 @@ func isSupportedProvider(p string) bool {
 }
 
 // callProvider 通过 providerAdapters 分发到具体实现。
+// opts 承载用户的自定义 headers / body 覆盖（可为 nil）。
 //
 // 返回值：
 //   - extractedText: 按 textPath 抽出的成功文本，仅在 status 2xx 时有意义；非 2xx 时通常为空串
 //   - rawBody: 完整响应体的字符串形式（已被 monitorResponseMaxBytes 截断），用于错误路径保留上游真实回包
 //   - status: HTTP 状态码
 //   - err: 网络 / 序列化错误
-func callProvider(ctx context.Context, provider, endpoint, apiKey, model, prompt string) (extractedText, rawBody string, status int, err error) {
+func callProvider(ctx context.Context, provider, endpoint, apiKey, model, prompt string, opts *CheckOptions) (extractedText, rawBody string, status int, err error) {
 	adapter, ok := providerAdapters[provider]
 	if !ok {
 		return "", "", 0, fmt.Errorf("unsupported provider %q", provider)
 	}
-	body, err := adapter.buildBody(model, prompt)
+	body, err := buildRequestBody(adapter, provider, model, prompt, opts)
 	if err != nil {
-		return "", "", 0, fmt.Errorf("marshal body: %w", err)
+		return "", "", 0, err
 	}
+	headers := mergeHeaders(adapter.buildHeaders(apiKey), opts)
 	full := joinURL(endpoint, adapter.buildPath(model))
-	respBytes, status, err := postRawJSON(ctx, full, body, adapter.buildHeaders(apiKey))
+	respBytes, status, err := postRawJSON(ctx, full, body, headers)
 	if err != nil {
 		return "", "", status, err
 	}
 	return gjson.GetBytes(respBytes, adapter.textPath).String(), string(respBytes), status, nil
 }
 
+// mergeHeaders 把用户自定义 headers 合并到 adapter 默认 headers 上。
+// 用户值覆盖默认；命中黑名单（hop-by-hop / 由 http.Client 自管的）的 key 静默丢弃。
+func mergeHeaders(base map[string]string, opts *CheckOptions) map[string]string {
+	if opts == nil || len(opts.ExtraHeaders) == 0 {
+		return base
+	}
+	out := make(map[string]string, len(base)+len(opts.ExtraHeaders))
+	for k, v := range base {
+		out[k] = v
+	}
+	for k, v := range opts.ExtraHeaders {
+		if IsForbiddenHeaderName(k) {
+			continue
+		}
+		out[k] = v
+	}
+	return out
+}
+
+// buildRequestBody 根据 body_override_mode 构造请求 body。
+//
+//   - off:     adapter 默认 body
+//   - merge:   adapter 默认 body 与 BodyOverride 浅合并；BodyOverride 中命中
+//     bodyMergeKeyDenyList[provider] 的 key 会被静默丢弃，避免破坏 challenge / model 路由
+//   - replace: 直接 marshal BodyOverride 作为完整 body
+//
+// 任何 mode 返回的 []byte 都已经是合法 JSON，可直接送入 postRawJSON。
+func buildRequestBody(adapter providerAdapter, provider, model, prompt string, opts *CheckOptions) ([]byte, error) {
+	mode := bodyOverrideMode(opts)
+
+	if mode == MonitorBodyOverrideModeReplace {
+		if opts == nil || len(opts.BodyOverride) == 0 {
+			return nil, fmt.Errorf("replace mode: body_override is empty")
+		}
+		body, err := json.Marshal(opts.BodyOverride)
+		if err != nil {
+			return nil, fmt.Errorf("marshal body_override (replace): %w", err)
+		}
+		return body, nil
+	}
+
+	defaultBody, err := adapter.buildBody(model, prompt)
+	if err != nil {
+		return nil, fmt.Errorf("marshal default body: %w", err)
+	}
+	if mode != MonitorBodyOverrideModeMerge || opts == nil || len(opts.BodyOverride) == 0 {
+		return defaultBody, nil
+	}
+
+	var defaultMap map[string]any
+	if err := json.Unmarshal(defaultBody, &defaultMap); err != nil {
+		return nil, fmt.Errorf("unmarshal default body for merge: %w", err)
+	}
+	deny := bodyMergeKeyDenyList[provider]
+	for k, v := range opts.BodyOverride {
+		if deny[k] {
+			continue
+		}
+		defaultMap[k] = v
+	}
+	merged, err := json.Marshal(defaultMap)
+	if err != nil {
+		return nil, fmt.Errorf("marshal merged body: %w", err)
+	}
+	return merged, nil
+}
+
+// bodyMergeKeyDenyList 在 merge 模式下，禁止用户覆盖这些 provider-specific 的关键字段。
+// 思路抄 check-cx 的 EXCLUDED_METADATA_KEYS：保护 challenge / model 路由不被用户误伤。
+// 用户想动这些字段就用 replace 模式（已知会跳 challenge 校验）。
+//
+//nolint:gochecknoglobals // 静态查表，初始化后不变。
+var bodyMergeKeyDenyList = map[string]map[string]bool{
+	MonitorProviderOpenAI:    {"model": true, "messages": true, "stream": true},
+	MonitorProviderAnthropic: {"model": true, "messages": true},
+	MonitorProviderGemini:    {"contents": true},
+}
+
 // postRawJSON 发送 POST + 已序列化好的 JSON 字节，限制响应体大小，返回响应字节、HTTP status、错误。
 // adapter 自行 marshal 是为了精确控制字段顺序与类型，所以这里直接收 []byte 而不是 any。
 func postRawJSON(ctx context.Context, fullURL string, payload []byte, headers map[string]string) ([]byte, int, error) {

backend/internal/service/channel_monitor_checker_body_test.go

@@ -0,0 +1,173 @@
+//go:build unit
+
+package service
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+)
+
+// swapMonitorHTTPClient 临时替换 monitorHTTPClient 为不带 SSRF 校验的普通 client，
+// 让 httptest (127.0.0.1) 能连通。测试结束后恢复。
+func swapMonitorHTTPClient(t *testing.T) {
+	t.Helper()
+	orig := monitorHTTPClient
+	monitorHTTPClient = &http.Client{Timeout: 5 * time.Second}
+	t.Cleanup(func() { monitorHTTPClient = orig })
+}
+
+// captureHandler 把每次收到的请求 body 和 headers 存起来，测试断言用。
+type captureHandler struct {
+	lastBody    map[string]any
+	lastHeaders http.Header
+	respondText string // 写到 Anthropic content[0].text 里（校验用）
+	status      int
+}
+
+func (h *captureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	h.lastHeaders = r.Header.Clone()
+	defer func() { _ = r.Body.Close() }()
+	var parsed map[string]any
+	_ = json.NewDecoder(r.Body).Decode(&parsed)
+	h.lastBody = parsed
+
+	if h.status == 0 {
+		h.status = 200
+	}
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(h.status)
+	// 构造 Anthropic 格式的响应：content[0].text = h.respondText
+	_ = json.NewEncoder(w).Encode(map[string]any{
+		"content": []map[string]any{
+			{"type": "text", "text": h.respondText},
+		},
+	})
+}
+
+func setupFakeAnthropic(t *testing.T, handler *captureHandler) string {
+	t.Helper()
+	swapMonitorHTTPClient(t)
+	srv := httptest.NewServer(handler)
+	t.Cleanup(srv.Close)
+	return srv.URL
+}
+
+func TestRunCheckForModel_OffMode_PreservesDefaultBody(t *testing.T) {
+	h := &captureHandler{respondText: "the answer is 42"}
+	endpoint := setupFakeAnthropic(t, h)
+
+	// 跑一次 off 模式（opts=nil），确认默认 body 行为未变
+	_ = runCheckForModel(context.Background(), MonitorProviderAnthropic, endpoint, "sk-fake", "claude-x", nil)
+
+	if h.lastBody["model"] != "claude-x" {
+		t.Errorf("default body should contain model=claude-x, got %v", h.lastBody["model"])
+	}
+	if _, ok := h.lastBody["messages"]; !ok {
+		t.Error("default body should contain messages")
+	}
+	if h.lastHeaders.Get("x-api-key") != "sk-fake" {
+		t.Errorf("expected adapter's x-api-key header, got %q", h.lastHeaders.Get("x-api-key"))
+	}
+}
+
+func TestRunCheckForModel_MergeMode_UserFieldsWinButDenyListProtects(t *testing.T) {
+	h := &captureHandler{respondText: "the answer is 42"}
+	endpoint := setupFakeAnthropic(t, h)
+
+	opts := &CheckOptions{
+		BodyOverrideMode: MonitorBodyOverrideModeMerge,
+		BodyOverride: map[string]any{
+			"system":     "You are Claude Code...",
+			"max_tokens": float64(999),   // 应该覆盖默认 50
+			"model":      "hacked-model", // 应该被黑名单挡住，保留原 model
+			"messages":   []any{},        // 同上，被挡
+		},
+		ExtraHeaders: map[string]string{
+			"User-Agent":     "claude-cli/1.0",
+			"Content-Length": "999", // 黑名单
+			"x-custom":       "ok",
+		},
+	}
+	_ = runCheckForModel(context.Background(), MonitorProviderAnthropic, endpoint, "sk-fake", "claude-x", opts)
+
+	if h.lastBody["system"] != "You are Claude Code..." {
+		t.Errorf("merge mode should inject system, got %v", h.lastBody["system"])
+	}
+	// max_tokens 覆盖生效
+	if mt, ok := h.lastBody["max_tokens"].(float64); !ok || mt != 999 {
+		t.Errorf("merge mode should override max_tokens to 999, got %v", h.lastBody["max_tokens"])
+	}
+	// model 在黑名单 — 应该保留默认值
+	if h.lastBody["model"] != "claude-x" {
+		t.Errorf("model should be protected by deny list, got %v", h.lastBody["model"])
+	}
+	// messages 在黑名单 — 应该保留默认值（非空）
+	msgs, _ := h.lastBody["messages"].([]any)
+	if len(msgs) == 0 {
+		t.Error("messages should be protected by deny list (kept default, non-empty)")
+	}
+	// header 合并
+	if h.lastHeaders.Get("User-Agent") != "claude-cli/1.0" {
+		t.Errorf("extra User-Agent should override, got %q", h.lastHeaders.Get("User-Agent"))
+	}
+	if h.lastHeaders.Get("x-custom") != "ok" {
+		t.Errorf("extra custom header should be present, got %q", h.lastHeaders.Get("x-custom"))
+	}
+	// Content-Length 黑名单：会被 net/http 自动重算，但不应由用户的 "999" 决定。
+	// 我们无法直接断言丢弃（http.Client 总会填上），只断言请求成功即可。
+}
+
+func TestRunCheckForModel_ReplaceMode_FullBodyUsedAndChallengeSkipped(t *testing.T) {
+	// replace 模式下我们的 body 完全自定义，challenge 数学题不会出现在请求里，
+	// 上游也不会回正确答案 — 但只要 2xx + 响应文本非空，就算 operational
+	h := &captureHandler{respondText: "any non-empty text"}
+	endpoint := setupFakeAnthropic(t, h)
+
+	userBody := map[string]any{
+		"model":      "user-forced-model",
+		"messages":   []any{map[string]any{"role": "user", "content": "hi"}},
+		"max_tokens": float64(10),
+		"system":     "You are someone else",
+	}
+	opts := &CheckOptions{
+		BodyOverrideMode: MonitorBodyOverrideModeReplace,
+		BodyOverride:     userBody,
+	}
+	res := runCheckForModel(context.Background(), MonitorProviderAnthropic, endpoint, "sk-fake", "claude-x", opts)
+
+	// 请求 body = 用户提供的原样
+	if h.lastBody["model"] != "user-forced-model" {
+		t.Errorf("replace mode should use user's model, got %v", h.lastBody["model"])
+	}
+	if h.lastBody["system"] != "You are someone else" {
+		t.Errorf("replace mode should use user's system, got %v", h.lastBody["system"])
+	}
+	// challenge 虽然没命中，但由于 replace 模式跳过 challenge 校验 + 响应非空 → operational
+	if res.Status != MonitorStatusOperational {
+		t.Errorf("replace mode with 2xx + non-empty text should be operational, got status=%s message=%q",
+			res.Status, res.Message)
+	}
+}
+
+func TestRunCheckForModel_ReplaceMode_EmptyResponseIsFailed(t *testing.T) {
+	h := &captureHandler{respondText: ""} // 上游 200 但 content[0].text 为空
+	endpoint := setupFakeAnthropic(t, h)
+
+	opts := &CheckOptions{
+		BodyOverrideMode: MonitorBodyOverrideModeReplace,
+		BodyOverride:     map[string]any{"model": "x", "messages": []any{}},
+	}
+	res := runCheckForModel(context.Background(), MonitorProviderAnthropic, endpoint, "sk-fake", "claude-x", opts)
+
+	if res.Status != MonitorStatusFailed {
+		t.Errorf("replace mode with empty text should be failed, got status=%s", res.Status)
+	}
+	if !strings.Contains(res.Message, "replace-mode") {
+		t.Errorf("failure message should hint replace-mode, got %q", res.Message)
+	}
+}

backend/internal/service/channel_monitor_service.go

@@ -104,21 +104,31 @@ func (s *ChannelMonitorService) Create(ctx context.Context, p ChannelMonitorCrea
 	if err := validateCreateParams(p); err != nil {
 		return nil, err
 	}
+	if err := validateBodyModeParams(p.BodyOverrideMode, p.BodyOverride); err != nil {
+		return nil, err
+	}
+	if err := validateExtraHeaders(p.ExtraHeaders); err != nil {
+		return nil, err
+	}
 	encrypted, err := s.encryptor.Encrypt(p.APIKey)
 	if err != nil {
 		return nil, fmt.Errorf("encrypt api key: %w", err)
 	}
 	m := &ChannelMonitor{
-		Name:            strings.TrimSpace(p.Name),
-		Provider:        p.Provider,
-		Endpoint:        normalizeEndpoint(p.Endpoint),
-		APIKey:          encrypted, // 注意：传入 repository 时该字段为密文
-		PrimaryModel:    strings.TrimSpace(p.PrimaryModel),
-		ExtraModels:     normalizeModels(p.ExtraModels),
-		GroupName:       strings.TrimSpace(p.GroupName),
-		Enabled:         p.Enabled,
-		IntervalSeconds: p.IntervalSeconds,
-		CreatedBy:       p.CreatedBy,
+		Name:             strings.TrimSpace(p.Name),
+		Provider:         p.Provider,
+		Endpoint:         normalizeEndpoint(p.Endpoint),
+		APIKey:           encrypted, // 注意：传入 repository 时该字段为密文
+		PrimaryModel:     strings.TrimSpace(p.PrimaryModel),
+		ExtraModels:      normalizeModels(p.ExtraModels),
+		GroupName:        strings.TrimSpace(p.GroupName),
+		Enabled:          p.Enabled,
+		IntervalSeconds:  p.IntervalSeconds,
+		CreatedBy:        p.CreatedBy,
+		TemplateID:       p.TemplateID,
+		ExtraHeaders:     emptyHeadersIfNil(p.ExtraHeaders),
+		BodyOverrideMode: defaultBodyMode(p.BodyOverrideMode),
+		BodyOverride:     p.BodyOverride,
 	}
 	if err := s.repo.Create(ctx, m); err != nil {
 		return nil, fmt.Errorf("create channel monitor: %w", err)
@@ -272,12 +282,19 @@ func (s *ChannelMonitorService) runChecksConcurrent(ctx context.Context, m *Chan
 	// ping 共享一次，所有模型记录同一个 ping 延迟。
 	pingMs := pingEndpointOrigin(ctx, m.Endpoint)
 
+	// 所有模型共用同一份 CheckOptions（来自监控的快照字段）。
+	opts := &CheckOptions{
+		ExtraHeaders:     m.ExtraHeaders,
+		BodyOverrideMode: m.BodyOverrideMode,
+		BodyOverride:     m.BodyOverride,
+	}
+
 	var eg errgroup.Group
 	var mu sync.Mutex
 	for i, model := range models {
 		i, model := i, model
 		eg.Go(func() error {
-			r := runCheckForModel(ctx, m.Provider, m.Endpoint, m.APIKey, model)
+			r := runCheckForModel(ctx, m.Provider, m.Endpoint, m.APIKey, model, opts)
 			r.PingLatencyMs = pingMs
 			mu.Lock()
 			results[i] = r
@@ -476,5 +493,38 @@ func applyMonitorUpdate(existing *ChannelMonitor, p ChannelMonitorUpdateParams)
 		}
 		existing.IntervalSeconds = *p.IntervalSeconds
 	}
+	return applyMonitorAdvancedUpdate(existing, p)
+}
+
+// applyMonitorAdvancedUpdate 处理自定义请求快照相关字段，从 applyMonitorUpdate 拆出避免过长。
+func applyMonitorAdvancedUpdate(existing *ChannelMonitor, p ChannelMonitorUpdateParams) error {
+	if p.ClearTemplate {
+		existing.TemplateID = nil
+	} else if p.TemplateID != nil {
+		id := *p.TemplateID
+		existing.TemplateID = &id
+	}
+	if p.ExtraHeaders != nil {
+		if err := validateExtraHeaders(*p.ExtraHeaders); err != nil {
+			return err
+		}
+		existing.ExtraHeaders = emptyHeadersIfNil(*p.ExtraHeaders)
+	}
+	// BodyOverrideMode / BodyOverride 联合校验，和模板一致。
+	newMode := existing.BodyOverrideMode
+	newBody := existing.BodyOverride
+	if p.BodyOverrideMode != nil {
+		newMode = *p.BodyOverrideMode
+	}
+	if p.BodyOverride != nil {
+		newBody = *p.BodyOverride
+	}
+	if p.BodyOverrideMode != nil || p.BodyOverride != nil {
+		if err := validateBodyModeParams(newMode, newBody); err != nil {
+			return err
+		}
+		existing.BodyOverrideMode = defaultBodyMode(newMode)
+		existing.BodyOverride = newBody
+	}
 	return nil
 }

backend/internal/service/channel_monitor_template_service.go

@@ -0,0 +1,225 @@
+package service
+
+import (
+	"context"
+	"fmt"
+	"regexp"
+	"strings"
+)
+
+// ChannelMonitorRequestTemplateRepository 模板数据访问接口。
+type ChannelMonitorRequestTemplateRepository interface {
+	Create(ctx context.Context, t *ChannelMonitorRequestTemplate) error
+	GetByID(ctx context.Context, id int64) (*ChannelMonitorRequestTemplate, error)
+	Update(ctx context.Context, t *ChannelMonitorRequestTemplate) error
+	Delete(ctx context.Context, id int64) error
+	List(ctx context.Context, params ChannelMonitorRequestTemplateListParams) ([]*ChannelMonitorRequestTemplate, error)
+	// ApplyToMonitors 把模板当前的 extra_headers / body_override_mode / body_override
+	// 批量覆盖到所有 template_id = id 的监控上。返回被覆盖的监控数量。
+	ApplyToMonitors(ctx context.Context, id int64) (int64, error)
+	// CountAssociatedMonitors 统计 template_id = id 的监控数（用于 UI 展示「应用到 N 个配置」）。
+	CountAssociatedMonitors(ctx context.Context, id int64) (int64, error)
+}
+
+// ChannelMonitorRequestTemplateService 模板管理 service。
+type ChannelMonitorRequestTemplateService struct {
+	repo ChannelMonitorRequestTemplateRepository
+}
+
+// NewChannelMonitorRequestTemplateService 创建模板 service。
+func NewChannelMonitorRequestTemplateService(repo ChannelMonitorRequestTemplateRepository) *ChannelMonitorRequestTemplateService {
+	return &ChannelMonitorRequestTemplateService{repo: repo}
+}
+
+// ---------- CRUD ----------
+
+// List 按 provider 过滤（空串 = 全部），不分页（模板量级小）。
+func (s *ChannelMonitorRequestTemplateService) List(ctx context.Context, params ChannelMonitorRequestTemplateListParams) ([]*ChannelMonitorRequestTemplate, error) {
+	if params.Provider != "" {
+		if err := validateProvider(params.Provider); err != nil {
+			return nil, err
+		}
+	}
+	return s.repo.List(ctx, params)
+}
+
+// Get 返回单个模板。
+func (s *ChannelMonitorRequestTemplateService) Get(ctx context.Context, id int64) (*ChannelMonitorRequestTemplate, error) {
+	return s.repo.GetByID(ctx, id)
+}
+
+// Create 创建模板（会校验 headers 黑名单和 body 模式匹配）。
+func (s *ChannelMonitorRequestTemplateService) Create(ctx context.Context, p ChannelMonitorRequestTemplateCreateParams) (*ChannelMonitorRequestTemplate, error) {
+	if err := validateTemplateCreateParams(p); err != nil {
+		return nil, err
+	}
+	t := &ChannelMonitorRequestTemplate{
+		Name:             strings.TrimSpace(p.Name),
+		Provider:         p.Provider,
+		Description:      strings.TrimSpace(p.Description),
+		ExtraHeaders:     emptyHeadersIfNil(p.ExtraHeaders),
+		BodyOverrideMode: defaultBodyMode(p.BodyOverrideMode),
+		BodyOverride:     p.BodyOverride,
+	}
+	if err := s.repo.Create(ctx, t); err != nil {
+		return nil, fmt.Errorf("create template: %w", err)
+	}
+	return t, nil
+}
+
+// Update 更新模板（provider 不可改）。
+func (s *ChannelMonitorRequestTemplateService) Update(ctx context.Context, id int64, p ChannelMonitorRequestTemplateUpdateParams) (*ChannelMonitorRequestTemplate, error) {
+	existing, err := s.repo.GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	if err := applyTemplateUpdate(existing, p); err != nil {
+		return nil, err
+	}
+	if err := s.repo.Update(ctx, existing); err != nil {
+		return nil, fmt.Errorf("update template: %w", err)
+	}
+	return existing, nil
+}
+
+// Delete 删除模板。关联监控的 template_id 会被 SET NULL，监控保留快照继续跑。
+func (s *ChannelMonitorRequestTemplateService) Delete(ctx context.Context, id int64) error {
+	if err := s.repo.Delete(ctx, id); err != nil {
+		return fmt.Errorf("delete template: %w", err)
+	}
+	return nil
+}
+
+// ApplyToMonitors 把模板当前配置一键应用到所有关联监控。
+// 返回被影响的监控数。
+func (s *ChannelMonitorRequestTemplateService) ApplyToMonitors(ctx context.Context, id int64) (int64, error) {
+	if _, err := s.repo.GetByID(ctx, id); err != nil {
+		return 0, err
+	}
+	affected, err := s.repo.ApplyToMonitors(ctx, id)
+	if err != nil {
+		return 0, fmt.Errorf("apply template to monitors: %w", err)
+	}
+	return affected, nil
+}
+
+// CountAssociatedMonitors 返回关联监控数。
+func (s *ChannelMonitorRequestTemplateService) CountAssociatedMonitors(ctx context.Context, id int64) (int64, error) {
+	return s.repo.CountAssociatedMonitors(ctx, id)
+}
+
+// ---------- 校验 & 工具 ----------
+
+// validateTemplateCreateParams 聚合 create 入参校验，避免函数超过 30 行。
+func validateTemplateCreateParams(p ChannelMonitorRequestTemplateCreateParams) error {
+	if strings.TrimSpace(p.Name) == "" {
+		return ErrChannelMonitorTemplateMissingName
+	}
+	if err := validateProvider(p.Provider); err != nil {
+		return ErrChannelMonitorTemplateInvalidProvider
+	}
+	if err := validateBodyModeParams(p.BodyOverrideMode, p.BodyOverride); err != nil {
+		return err
+	}
+	if err := validateExtraHeaders(p.ExtraHeaders); err != nil {
+		return err
+	}
+	return nil
+}
+
+// applyTemplateUpdate 把 update params 中非 nil 字段应用到 existing 上。
+func applyTemplateUpdate(existing *ChannelMonitorRequestTemplate, p ChannelMonitorRequestTemplateUpdateParams) error {
+	if p.Name != nil {
+		name := strings.TrimSpace(*p.Name)
+		if name == "" {
+			return ErrChannelMonitorTemplateMissingName
+		}
+		existing.Name = name
+	}
+	if p.Description != nil {
+		existing.Description = strings.TrimSpace(*p.Description)
+	}
+	if p.ExtraHeaders != nil {
+		if err := validateExtraHeaders(*p.ExtraHeaders); err != nil {
+			return err
+		}
+		existing.ExtraHeaders = emptyHeadersIfNil(*p.ExtraHeaders)
+	}
+	// BodyOverrideMode / BodyOverride 联合校验：任一变化都用「更新后的值」做校验。
+	newMode := existing.BodyOverrideMode
+	newBody := existing.BodyOverride
+	if p.BodyOverrideMode != nil {
+		newMode = *p.BodyOverrideMode
+	}
+	if p.BodyOverride != nil {
+		newBody = *p.BodyOverride
+	}
+	if err := validateBodyModeParams(newMode, newBody); err != nil {
+		return err
+	}
+	existing.BodyOverrideMode = defaultBodyMode(newMode)
+	existing.BodyOverride = newBody
+	return nil
+}
+
+// validateBodyModeParams 校验 body_override_mode 合法，且 merge/replace 模式下 body_override 非空。
+func validateBodyModeParams(mode string, body map[string]any) error {
+	switch mode {
+	case "", MonitorBodyOverrideModeOff:
+		return nil
+	case MonitorBodyOverrideModeMerge, MonitorBodyOverrideModeReplace:
+		if len(body) == 0 {
+			return ErrChannelMonitorTemplateBodyRequired
+		}
+		return nil
+	default:
+		return ErrChannelMonitorTemplateInvalidBodyMode
+	}
+}
+
+// headerNameRegex 合法 header 名：RFC 7230 token（ASCII 可见字符减特殊符号）。
+var headerNameRegex = regexp.MustCompile(`^[A-Za-z0-9!#$%&'*+\-.^_` + "`" + `|~]+$`)
+
+// forbiddenHeaderNames hop-by-hop + HTTP 客户端自管的 header；禁止用户覆盖，
+// 否则会让 Go http.Client 行为异常（双重 Content-Length、连接复用错乱等）。
+var forbiddenHeaderNames = map[string]bool{
+	"host":              true,
+	"content-length":    true,
+	"content-encoding":  true,
+	"transfer-encoding": true,
+	"connection":        true,
+}
+
+// IsForbiddenHeaderName 对外暴露，checker 运行时也会再过滤一次做兜底。
+func IsForbiddenHeaderName(name string) bool {
+	return forbiddenHeaderNames[strings.ToLower(strings.TrimSpace(name))]
+}
+
+// validateExtraHeaders 校验 header 名字格式 + 黑名单。保存时就拒绝非法 header，早失败。
+func validateExtraHeaders(h map[string]string) error {
+	for k := range h {
+		if !headerNameRegex.MatchString(k) {
+			return ErrChannelMonitorTemplateHeaderInvalidName
+		}
+		if IsForbiddenHeaderName(k) {
+			return ErrChannelMonitorTemplateHeaderForbidden
+		}
+	}
+	return nil
+}
+
+// emptyHeadersIfNil 把 nil map 归一成空 map（repo 层写库时 JSONB 需要非 nil）。
+func emptyHeadersIfNil(h map[string]string) map[string]string {
+	if h == nil {
+		return map[string]string{}
+	}
+	return h
+}
+
+// defaultBodyMode 空串归一为 off。
+func defaultBodyMode(mode string) string {
+	if mode == "" {
+		return MonitorBodyOverrideModeOff
+	}
+	return mode
+}

backend/internal/service/channel_monitor_template_types.go

@@ -0,0 +1,74 @@
+package service
+
+import (
+	infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors"
+	"time"
+)
+
+// ChannelMonitorRequestTemplate 请求模板（service 层模型）。
+// 作用：把一组可复用的 headers + 可选 body 覆盖配置抽出来管理，
+// 被监控「应用」时以快照方式拷贝到监控本身的同名字段。
+type ChannelMonitorRequestTemplate struct {
+	ID               int64
+	Name             string
+	Provider         string
+	Description      string
+	ExtraHeaders     map[string]string
+	BodyOverrideMode string
+	BodyOverride     map[string]any
+	CreatedAt        time.Time
+	UpdatedAt        time.Time
+}
+
+// ChannelMonitorRequestTemplateListParams 列表过滤。
+type ChannelMonitorRequestTemplateListParams struct {
+	Provider string // 空 = 全部；非空则按 provider 过滤
+}
+
+// ChannelMonitorRequestTemplateCreateParams 创建参数。
+type ChannelMonitorRequestTemplateCreateParams struct {
+	Name             string
+	Provider         string
+	Description      string
+	ExtraHeaders     map[string]string
+	BodyOverrideMode string
+	BodyOverride     map[string]any
+}
+
+// ChannelMonitorRequestTemplateUpdateParams 更新参数（指针字段 = 不修改）。
+// 注意 Provider 不可修改：改 provider 会让已关联监控的 body 黑名单语义错乱。
+type ChannelMonitorRequestTemplateUpdateParams struct {
+	Name             *string
+	Description      *string
+	ExtraHeaders     *map[string]string
+	BodyOverrideMode *string
+	BodyOverride     *map[string]any
+}
+
+// 模板相关错误（命名与现有 ErrChannelMonitor* 风格保持一致）。
+var (
+	ErrChannelMonitorTemplateNotFound = infraerrors.NotFound(
+		"CHANNEL_MONITOR_TEMPLATE_NOT_FOUND", "channel monitor request template not found",
+	)
+	ErrChannelMonitorTemplateInvalidProvider = infraerrors.BadRequest(
+		"CHANNEL_MONITOR_TEMPLATE_INVALID_PROVIDER", "template provider must be one of openai/anthropic/gemini",
+	)
+	ErrChannelMonitorTemplateMissingName = infraerrors.BadRequest(
+		"CHANNEL_MONITOR_TEMPLATE_MISSING_NAME", "template name is required",
+	)
+	ErrChannelMonitorTemplateInvalidBodyMode = infraerrors.BadRequest(
+		"CHANNEL_MONITOR_TEMPLATE_INVALID_BODY_MODE", "body_override_mode must be one of off/merge/replace",
+	)
+	ErrChannelMonitorTemplateBodyRequired = infraerrors.BadRequest(
+		"CHANNEL_MONITOR_TEMPLATE_BODY_REQUIRED", "body_override is required when body_override_mode is merge or replace",
+	)
+	ErrChannelMonitorTemplateHeaderForbidden = infraerrors.BadRequest(
+		"CHANNEL_MONITOR_TEMPLATE_HEADER_FORBIDDEN", "header name is forbidden (hop-by-hop or computed by HTTP client)",
+	)
+	ErrChannelMonitorTemplateHeaderInvalidName = infraerrors.BadRequest(
+		"CHANNEL_MONITOR_TEMPLATE_HEADER_INVALID_NAME", "header name contains invalid characters",
+	)
+	ErrChannelMonitorTemplateProviderMismatch = infraerrors.BadRequest(
+		"CHANNEL_MONITOR_TEMPLATE_PROVIDER_MISMATCH", "monitor provider does not match template provider",
+	)
+)

backend/internal/service/channel_monitor_types.go

@@ -2,6 +2,19 @@ package service
 
 import "time"
 
+// MonitorBodyOverrideMode 自定义请求体处理模式。
+//
+//   - off     使用 adapter 默认 body（忽略 BodyOverride）
+//   - merge   adapter 默认 body 与 BodyOverride 浅合并（用户优先；
+//     model/messages/contents 等关键字段在 checker 黑名单内会被静默丢弃）
+//   - replace 完全用 BodyOverride 作为 body；跳过 challenge 校验，
+//     改成 HTTP 2xx + 响应非空即视为可用（用户负责构造 body）
+const (
+	MonitorBodyOverrideModeOff     = "off"
+	MonitorBodyOverrideModeMerge   = "merge"
+	MonitorBodyOverrideModeReplace = "replace"
+)
+
 // ChannelMonitor 渠道监控配置（service 层模型，不直接暴露 ent 类型）。
 type ChannelMonitor struct {
 	ID              int64
@@ -19,6 +32,12 @@ type ChannelMonitor struct {
 	CreatedAt       time.Time
 	UpdatedAt       time.Time
 
+	// 请求自定义快照（来自模板拷贝 or 用户手填，运行时直接读取）
+	TemplateID       *int64            // 仅用于 UI 分组 + 一键应用，运行时不用
+	ExtraHeaders     map[string]string // 与 adapter 默认 headers 合并，用户优先
+	BodyOverrideMode string            // off / merge / replace
+	BodyOverride     map[string]any    // 仅 mode != off 时使用
+
 	// APIKeyDecryptFailed 表示 APIKey 字段无法解密（密钥不一致或损坏）。
 	// 此时 APIKey 为空字符串，runner / RunCheck 必须跳过该监控并提示重填。
 	APIKeyDecryptFailed bool
@@ -35,16 +54,20 @@ type ChannelMonitorListParams struct {
 
 // ChannelMonitorCreateParams 创建参数。
 type ChannelMonitorCreateParams struct {
-	Name            string
-	Provider        string
-	Endpoint        string
-	APIKey          string
-	PrimaryModel    string
-	ExtraModels     []string
-	GroupName       string
-	Enabled         bool
-	IntervalSeconds int
-	CreatedBy       int64
+	Name             string
+	Provider         string
+	Endpoint         string
+	APIKey           string
+	PrimaryModel     string
+	ExtraModels      []string
+	GroupName        string
+	Enabled          bool
+	IntervalSeconds  int
+	CreatedBy        int64
+	TemplateID       *int64
+	ExtraHeaders     map[string]string
+	BodyOverrideMode string
+	BodyOverride     map[string]any
 }
 
 // ChannelMonitorUpdateParams 更新参数（指针字段表示"未提供则不更新"）。
@@ -58,6 +81,14 @@ type ChannelMonitorUpdateParams struct {
 	GroupName       *string
 	Enabled         *bool
 	IntervalSeconds *int
+	// 自定义快照字段：指针为 nil 表示不更新，非 nil 覆盖
+	// TemplateID *(*int64)：用 ** 表达三态：nil=不更新；&nil=清空；&&id=设为 id。
+	// 简化处理：用 ClearTemplate 显式标志 + TemplateID（普通指针）
+	TemplateID       *int64
+	ClearTemplate    bool // true 时无视 TemplateID，把监控的 template_id 置空
+	ExtraHeaders     *map[string]string
+	BodyOverrideMode *string
+	BodyOverride     *map[string]any
 }
 
 // CheckResult 单个模型一次检测的结果。

backend/internal/service/wire.go

@@ -472,6 +472,7 @@ var ProviderSet = wire.NewSet(
 	ProvideBalanceNotifyService,
 	ProvideChannelMonitorService,
 	ProvideChannelMonitorRunner,
+	NewChannelMonitorRequestTemplateService,
 )
 
 // ProvidePaymentConfigService wraps NewPaymentConfigService to accept the named