@jsonstudio/rcc 0.89.942 → 0.89.1083

package/dist/docs/daemon-admin-ui.html

@@ -0,0 +1,958 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <title>RouteCodex Daemon Admin</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <style>
+      :root {
+        --bg: #070a14;
+        --panel: rgba(255, 255, 255, 0.05);
+        --panel-2: rgba(255, 255, 255, 0.03);
+        --border: rgba(255, 255, 255, 0.08);
+        --text: rgba(255, 255, 255, 0.92);
+        --muted: rgba(255, 255, 255, 0.62);
+        --accent: #4ea1ff;
+        --ok: #4cd964;
+        --warn: #ffb547;
+        --err: #ff5f5f;
+        --radius: 12px;
+      }
+
+      * {
+        box-sizing: border-box;
+      }
+
+      body {
+        margin: 0;
+        font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI",
+          sans-serif;
+        background: radial-gradient(circle at 25% 0, #131a36 0, var(--bg) 50%, #03040a 100%);
+        color: var(--text);
+      }
+
+      .container {
+        max-width: 1120px;
+        margin: 22px auto 40px;
+        padding: 0 16px;
+      }
+
+      .card {
+        border: 1px solid var(--border);
+        background: linear-gradient(180deg, var(--panel), var(--panel-2));
+        border-radius: var(--radius);
+        padding: 14px;
+        box-shadow: 0 12px 30px rgba(0, 0, 0, 0.35);
+      }
+
+      header {
+        display: flex;
+        align-items: center;
+        justify-content: space-between;
+        gap: 14px;
+        margin-bottom: 14px;
+      }
+
+      .title h1 {
+        margin: 0;
+        font-size: 16px;
+        font-weight: 650;
+      }
+
+      .title p {
+        margin: 3px 0 0;
+        font-size: 12px;
+        color: var(--muted);
+      }
+
+      .statusline {
+        display: flex;
+        align-items: center;
+        gap: 10px;
+        flex-wrap: wrap;
+      }
+
+      .pill {
+        display: inline-flex;
+        align-items: center;
+        gap: 8px;
+        border: 1px solid var(--border);
+        background: rgba(255, 255, 255, 0.03);
+        border-radius: 999px;
+        padding: 4px 10px;
+        font-size: 12px;
+        color: var(--muted);
+      }
+
+      .dot {
+        width: 8px;
+        height: 8px;
+        border-radius: 999px;
+        background: var(--warn);
+      }
+
+      .dot.ok {
+        background: var(--ok);
+      }
+
+      .dot.err {
+        background: var(--err);
+      }
+
+      .row {
+        display: flex;
+        gap: 10px;
+        flex-wrap: wrap;
+        align-items: center;
+      }
+
+      label {
+        font-size: 12px;
+        color: var(--muted);
+      }
+
+      input[type="text"],
+      input[type="password"],
+      select,
+      textarea {
+        border: 1px solid var(--border);
+        background: rgba(0, 0, 0, 0.25);
+        color: var(--text);
+        border-radius: 10px;
+        padding: 8px 10px;
+        font-size: 12px;
+        outline: none;
+      }
+
+      textarea {
+        width: 100%;
+        min-height: 220px;
+        font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono",
+          "Courier New", monospace;
+        line-height: 1.45;
+      }
+
+      button {
+        border: 1px solid var(--border);
+        background: rgba(255, 255, 255, 0.04);
+        color: var(--text);
+        border-radius: 10px;
+        padding: 8px 10px;
+        font-size: 12px;
+        cursor: pointer;
+      }
+
+      button.primary {
+        border-color: rgba(78, 161, 255, 0.55);
+        background: rgba(78, 161, 255, 0.14);
+      }
+
+      button.danger {
+        border-color: rgba(255, 95, 95, 0.55);
+        background: rgba(255, 95, 95, 0.14);
+      }
+
+      .tabs {
+        display: flex;
+        gap: 6px;
+        margin: 14px 0 10px;
+      }
+
+      .tab {
+        padding: 8px 12px;
+        border-radius: 999px;
+        border: 1px solid var(--border);
+        background: rgba(255, 255, 255, 0.02);
+        color: var(--muted);
+      }
+
+      .tab.active {
+        color: var(--text);
+        border-color: rgba(78, 161, 255, 0.55);
+        background: rgba(78, 161, 255, 0.12);
+      }
+
+      .grid {
+        display: grid;
+        grid-template-columns: minmax(0, 1fr) minmax(0, 1fr);
+        gap: 12px;
+      }
+
+      @media (max-width: 980px) {
+        .grid {
+          grid-template-columns: minmax(0, 1fr);
+        }
+      }
+
+      .section-title {
+        font-size: 13px;
+        font-weight: 650;
+        margin: 0 0 6px;
+      }
+
+      .section-sub {
+        margin: 0 0 10px;
+        font-size: 12px;
+        color: var(--muted);
+      }
+
+      .table {
+        width: 100%;
+        border-collapse: collapse;
+        border-radius: 12px;
+        overflow: hidden;
+        border: 1px solid var(--border);
+      }
+
+      .table th,
+      .table td {
+        padding: 8px 10px;
+        font-size: 12px;
+        border-bottom: 1px solid rgba(255, 255, 255, 0.06);
+        vertical-align: top;
+      }
+
+      .table th {
+        text-align: left;
+        color: var(--muted);
+        font-weight: 600;
+        background: rgba(255, 255, 255, 0.03);
+      }
+
+      .mono {
+        font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono",
+          "Courier New", monospace;
+        color: var(--muted);
+      }
+
+      .notice {
+        border: 1px solid rgba(255, 181, 71, 0.35);
+        background: rgba(255, 181, 71, 0.08);
+        border-radius: 12px;
+        padding: 10px 12px;
+        font-size: 12px;
+        color: rgba(255, 255, 255, 0.82);
+      }
+
+      .log {
+        white-space: pre-wrap;
+        font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono",
+          "Courier New", monospace;
+        font-size: 12px;
+        line-height: 1.45;
+        color: rgba(255, 255, 255, 0.84);
+        background: rgba(0, 0, 0, 0.25);
+        border: 1px solid rgba(255, 255, 255, 0.08);
+        border-radius: 12px;
+        padding: 10px 12px;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="container">
+      <div class="card">
+        <header>
+          <div class="title">
+            <h1>RouteCodex Daemon Admin</h1>
+            <p>
+              Local-only UI. Writes to <span class="mono">~/.routecodex/config.json</span>; restart
+              required to apply routing/provider changes.
+            </p>
+          </div>
+          <div class="statusline">
+            <div class="pill"><span id="statusDot" class="dot"></span><span id="statusText">connecting…</span></div>
+            <div class="pill"><span class="mono" id="serverId">serverId: —</span></div>
+          </div>
+        </header>
+
+        <div class="row" style="margin-bottom: 10px;">
+          <label for="apiKeyInput">Server API Key (optional)</label>
+          <input
+            id="apiKeyInput"
+            type="password"
+            placeholder="x-api-key / Authorization: Bearer …"
+            style="flex: 1; min-width: 260px;"
+          />
+          <button id="saveApiKeyBtn" class="primary">Save</button>
+          <button id="clearApiKeyBtn">Clear</button>
+          <span class="mono" id="apiKeyHint"></span>
+        </div>
+
+        <div class="tabs">
+          <button class="tab active" data-tab="providers">Provider Pool</button>
+          <button class="tab" data-tab="credentials">Auth Provider Pool</button>
+          <button class="tab" data-tab="routing">Runtime Routing Pool</button>
+        </div>
+
+        <section id="panelProviders" data-panel="providers">
+          <div class="grid">
+            <div class="card" style="box-shadow: none;">
+              <p class="section-title">Providers in <span class="mono">virtualrouter.providers</span></p>
+              <p class="section-sub">
+                API keys are stored as authfiles and referenced with <span class="mono">authfile-…</span>. The UI never reads or returns secrets.
+              </p>
+              <div class="row" style="margin-bottom: 10px;">
+                <button id="refreshProvidersBtn" class="primary">Refresh</button>
+                <button id="newProviderBtn">New provider…</button>
+              </div>
+              <table class="table">
+                <thead>
+                  <tr>
+                    <th>id</th>
+                    <th>type</th>
+                    <th>enabled</th>
+                    <th>baseURL</th>
+                    <th>models</th>
+                    <th>auth</th>
+                    <th></th>
+                  </tr>
+                </thead>
+                <tbody id="providersTbody"></tbody>
+              </table>
+            </div>
+
+            <div class="card" style="box-shadow: none;">
+              <p class="section-title" id="providerEditorTitle">Provider editor</p>
+              <p class="section-sub">
+                Edit provider JSON (secrets are not allowed inline). Save writes to disk and creates a backup.
+              </p>
+
+              <div class="notice" style="margin-bottom: 10px;">
+                If you use <span class="mono">httpserver.apikey</span>, set it above so API calls don’t return 401. The HTML page is always local-only.
+              </div>
+
+              <div class="row" style="margin-bottom: 10px;">
+                <label for="providerIdInput">provider id</label>
+                <input id="providerIdInput" type="text" placeholder="e.g. tab, glm, qwen" style="width: 240px;" />
+                <label for="providerPreset">preset</label>
+                <select id="providerPreset">
+                  <option value="responses">responses (OpenAI /v1/responses)</option>
+                  <option value="openai">openai (OpenAI /v1/chat/completions)</option>
+                  <option value="openai-standard">openai-standard</option>
+                  <option value="iflow">iflow (cookieFile)</option>
+                  <option value="custom" selected>custom (start empty)</option>
+                </select>
+              </div>
+
+              <div class="row" style="margin-bottom: 10px;">
+                <label for="authMode">auth</label>
+                <select id="authMode">
+                  <option value="apikey">apikey (store as authfile)</option>
+                  <option value="oauth">oauth (alias-only + authorize in Auth tab)</option>
+                  <option value="cookie">cookieFile</option>
+                  <option value="none">none</option>
+                </select>
+              </div>
+
+              <div id="authApikeyBox" class="card" style="box-shadow:none; padding: 10px; margin-bottom: 10px;">
+                <p class="section-title" style="margin-bottom: 8px;">API key</p>
+                <div class="row" style="margin-bottom: 8px;">
+                  <label for="apikeyAliasInput">alias</label>
+                  <input id="apikeyAliasInput" type="text" placeholder="default" style="width: 220px;" />
+                  <label for="apikeyValueInput">apiKey</label>
+                  <input
+                    id="apikeyValueInput"
+                    type="password"
+                    placeholder="will be written to ~/.routecodex/auth/*.key"
+                    style="flex: 1; min-width: 260px;"
+                  />
+                </div>
+                <div class="row">
+                  <span class="mono" id="apikeySecretRefOut"></span>
+                  <button id="createApiKeyCredentialBtn">Create authfile</button>
+                </div>
+              </div>
+
+              <div id="authOauthBox" class="card" style="box-shadow:none; padding: 10px; margin-bottom: 10px; display:none;">
+                <p class="section-title" style="margin-bottom: 8px;">OAuth</p>
+                <p class="section-sub" style="margin-bottom: 8px;">
+                  Use Auth tab to authorize. Here we only reference <span class="mono">tokenFile</span> as an alias.
+                </p>
+                <div class="row">
+                  <label for="oauthTypeInput">auth.type</label>
+                  <input
+                    id="oauthTypeInput"
+                    type="text"
+                    placeholder="qwen-oauth / iflow-oauth / gemini-cli-oauth / antigravity-oauth"
+                    style="flex: 1; min-width: 260px;"
+                  />
+                  <label for="oauthAliasInput">tokenFile alias</label>
+                  <input id="oauthAliasInput" type="text" placeholder="default" style="width: 240px;" />
+                </div>
+              </div>
+
+              <div id="authCookieBox" class="card" style="box-shadow:none; padding: 10px; margin-bottom: 10px; display:none;">
+                <p class="section-title" style="margin-bottom: 8px;">Cookie file</p>
+                <div class="row">
+                  <label for="cookieFileInput">cookieFile</label>
+                  <input
+                    id="cookieFileInput"
+                    type="text"
+                    placeholder="~/.routecodex/auth/iflow-work.cookie"
+                    style="flex: 1; min-width: 280px;"
+                  />
+                </div>
+              </div>
+
+              <textarea
+                id="providerJsonEditor"
+                spellcheck="false"
+                placeholder="{\n  \"enabled\": true,\n  \"type\": \"responses\",\n  \"baseURL\": \"https://...\",\n  \"auth\": { \"type\": \"apikey\", \"apiKey\": \"authfile-...\" }\n}"
+              ></textarea>
+
+              <div class="row" style="margin-top: 10px;">
+                <button id="loadProviderBtn">Load</button>
+                <button id="applyPresetBtn">Apply preset</button>
+                <button id="saveProviderBtn" class="primary">Save</button>
+                <button id="deleteProviderBtn" class="danger">Delete</button>
+              </div>
+
+              <div id="providerOpLog" class="log" style="margin-top: 10px; display:none;"></div>
+            </div>
+          </div>
+        </section>
+
+        <section id="panelCredentials" data-panel="credentials" style="display:none;">
+          <div class="grid">
+            <div class="card" style="box-shadow:none;">
+              <p class="section-title">Credentials</p>
+              <p class="section-sub">
+                Token files + API key authfiles in <span class="mono">~/.routecodex/auth</span>.
+              </p>
+              <div class="row" style="margin-bottom: 10px;">
+                <button id="refreshCredentialsBtn" class="primary">Refresh</button>
+              </div>
+              <table class="table">
+                <thead>
+                  <tr>
+                    <th>kind</th>
+                    <th>provider</th>
+                    <th>alias</th>
+                    <th>status</th>
+                    <th>expires</th>
+                    <th>secretRef</th>
+                  </tr>
+                </thead>
+                <tbody id="credentialsTbody"></tbody>
+              </table>
+            </div>
+
+            <div class="card" style="box-shadow:none;">
+              <p class="section-title">OAuth / Browser settings</p>
+              <p class="section-sub">
+                Set <span class="mono">ROUTECODEX_OAUTH_BROWSER</span> via config so “Authorize” can auto-open with Camoufox.
+              </p>
+              <div class="row" style="margin-bottom: 10px;">
+                <label for="oauthBrowserSelect">oauthBrowser</label>
+                <select id="oauthBrowserSelect">
+                  <option value="default">default</option>
+                  <option value="camoufox">camoufox</option>
+                </select>
+                <button id="saveOauthBrowserBtn" class="primary">Save</button>
+              </div>
+
+              <p class="section-title" style="margin-top: 10px;">Authorize OAuth</p>
+              <div class="row" style="margin-bottom: 10px;">
+                <label for="oauthProviderSelect">provider</label>
+                <select id="oauthProviderSelect">
+                  <option value="qwen">qwen</option>
+                  <option value="iflow">iflow</option>
+                  <option value="gemini-cli">gemini-cli</option>
+                  <option value="antigravity">antigravity</option>
+                </select>
+                <label for="oauthAuthAliasInput">alias</label>
+                <input id="oauthAuthAliasInput" type="text" placeholder="default" style="width: 240px;" />
+              </div>
+              <div class="row" style="margin-bottom: 10px;">
+                <label><input id="oauthOpenBrowser" type="checkbox" checked /> open browser</label>
+                <label><input id="oauthForceReauth" type="checkbox" /> force reauthorize</label>
+                <button id="oauthAuthorizeBtn" class="primary">Authorize</button>
+              </div>
+
+              <div id="credentialOpLog" class="log" style="display:none;"></div>
+            </div>
+          </div>
+        </section>
+
+        <section id="panelRouting" data-panel="routing" style="display:none;">
+          <div class="grid">
+            <div class="card" style="box-shadow:none;">
+              <p class="section-title">Routing editor</p>
+              <p class="section-sub">Edits <span class="mono">virtualrouter.routing</span> in user config.</p>
+              <div class="row" style="margin-bottom: 10px;">
+                <button id="loadRoutingBtn" class="primary">Load</button>
+                <button id="saveRoutingBtn" class="primary">Save</button>
+              </div>
+              <textarea id="routingEditor" spellcheck="false" placeholder="{\n  \"default\": [...]\n}"></textarea>
+              <div id="routingOpLog" class="log" style="margin-top: 10px; display:none;"></div>
+            </div>
+
+            <div class="card" style="box-shadow:none;">
+              <p class="section-title">Runtime providers</p>
+              <p class="section-sub">
+                What the running process currently has loaded (restart required after edits).
+              </p>
+              <div class="row" style="margin-bottom: 10px;">
+                <button id="refreshRuntimesBtn" class="primary">Refresh</button>
+              </div>
+              <table class="table">
+                <thead>
+                  <tr>
+                    <th>providerKey</th>
+                    <th>runtimeKey</th>
+                    <th>family</th>
+                    <th>protocol</th>
+                    <th>series</th>
+                  </tr>
+                </thead>
+                <tbody id="runtimesTbody"></tbody>
+              </table>
+            </div>
+          </div>
+        </section>
+      </div>
+    </div>
+
+    <script>
+      const $ = (id) => document.getElementById(id);
+
+      function setLog(id, value) {
+        const el = $(id);
+        if (!el) return;
+        el.style.display = value ? "block" : "none";
+        el.textContent = value || "";
+      }
+
+      function getApiKey() {
+        try {
+          return sessionStorage.getItem("routecodex:apikey") || "";
+        } catch {
+          return "";
+        }
+      }
+
+      function setApiKey(value) {
+        try {
+          if (!value) sessionStorage.removeItem("routecodex:apikey");
+          else sessionStorage.setItem("routecodex:apikey", value);
+        } catch {}
+      }
+
+      async function apiFetch(path, opts = {}) {
+        const headers = new Headers(opts.headers || {});
+        const apiKey = getApiKey();
+        if (apiKey) headers.set("x-api-key", apiKey);
+        if (!headers.has("content-type") && opts.body) headers.set("content-type", "application/json");
+        const res = await fetch(path, { ...opts, headers });
+        const text = await res.text();
+        let json = null;
+        try {
+          json = text ? JSON.parse(text) : null;
+        } catch {
+          json = null;
+        }
+        if (!res.ok) {
+          const msg =
+            (json && json.error && (json.error.message || json.error.code)) ||
+            `HTTP ${res.status} ${res.statusText}`;
+          const err = new Error(msg);
+          err.status = res.status;
+          err.payload = json;
+          throw err;
+        }
+        return json;
+      }
+
+      function selectTab(name) {
+        document.querySelectorAll(".tab").forEach((btn) => {
+          btn.classList.toggle("active", btn.getAttribute("data-tab") === name);
+        });
+        const panels = [
+          { name: "providers", el: $("panelProviders") },
+          { name: "credentials", el: $("panelCredentials") },
+          { name: "routing", el: $("panelRouting") }
+        ];
+        for (const p of panels) p.el.style.display = p.name === name ? "block" : "none";
+      }
+
+      function presetFor(type) {
+        if (type === "responses") {
+          return {
+            enabled: true,
+            type: "responses",
+            baseURL: "https://api.openai.com/v1",
+            auth: { type: "apikey", apiKey: "authfile-REPLACE_ME" },
+            responses: { process: "chat", streaming: "always" },
+            config: { responses: { process: "chat", streaming: "always" } },
+            models: {}
+          };
+        }
+        if (type === "openai") {
+          return {
+            enabled: true,
+            type: "openai",
+            baseURL: "https://api.openai.com/v1",
+            auth: { type: "apikey", apiKey: "authfile-REPLACE_ME" },
+            models: {}
+          };
+        }
+        if (type === "openai-standard") {
+          return {
+            enabled: true,
+            type: "openai-standard",
+            baseURL: "https://api.openai.com/v1",
+            auth: { type: "apikey", apiKey: "authfile-REPLACE_ME" },
+            models: {}
+          };
+        }
+        if (type === "iflow") {
+          return {
+            enabled: true,
+            type: "iflow",
+            baseURL: "https://apis.iflow.cn/v1",
+            compatibilityProfile: "chat:iflow",
+            auth: { type: "iflow-cookie", cookieFile: "~/.routecodex/auth/iflow-work.cookie" },
+            models: {}
+          };
+        }
+        return {
+          enabled: true,
+          type: "responses",
+          baseURL: "",
+          auth: { type: "apikey", apiKey: "authfile-REPLACE_ME" },
+          models: {}
+        };
+      }
+
+      async function refreshStatus() {
+        try {
+          const data = await apiFetch("/daemon/status");
+          $("serverId").textContent = `serverId: ${data.serverId || "—"}`;
+          $("statusText").textContent = "connected";
+          $("statusDot").classList.add("ok");
+          $("statusDot").classList.remove("err");
+        } catch (e) {
+          $("statusText").textContent = e && e.status === 401 ? "401 (set API key above)" : "disconnected";
+          $("statusDot").classList.remove("ok");
+          $("statusDot").classList.add("err");
+        }
+      }
+
+      async function refreshProviders() {
+        const body = $("providersTbody");
+        body.innerHTML = "";
+        try {
+          const data = await apiFetch("/config/providers");
+          for (const p of data.providers || []) {
+            const tr = document.createElement("tr");
+            tr.innerHTML = `
+              <td class="mono">${p.id || ""}</td>
+              <td>${p.type || ""}</td>
+              <td>${String(p.enabled)}</td>
+              <td class="mono">${p.baseURL || ""}</td>
+              <td>${p.modelCount || 0}</td>
+              <td>${p.authType || ""}</td>
+              <td>
+                <button data-action="edit" data-id="${p.id}">Edit</button>
+                <button data-action="delete" data-id="${p.id}" class="danger">Delete</button>
+              </td>
+            `;
+            body.appendChild(tr);
+          }
+        } catch (e) {
+          const tr = document.createElement("tr");
+          tr.innerHTML = `<td colspan="7" class="mono">Failed to load: ${e.message}</td>`;
+          body.appendChild(tr);
+        }
+      }
+
+      async function loadProvider(id) {
+        setLog("providerOpLog", "");
+        try {
+          const data = await apiFetch(`/config/providers/${encodeURIComponent(id)}`);
+          $("providerIdInput").value = id;
+          $("providerJsonEditor").value = JSON.stringify(data.provider || {}, null, 2);
+          $("providerEditorTitle").textContent = `Provider editor: ${id}`;
+        } catch (e) {
+          setLog("providerOpLog", `Load failed: ${e.message}`);
+        }
+      }
+
+      async function saveProvider() {
+        setLog("providerOpLog", "");
+        const id = ($("providerIdInput").value || "").trim();
+        if (!id) {
+          setLog("providerOpLog", "provider id is required");
+          return;
+        }
+        try {
+          const provider = JSON.parse($("providerJsonEditor").value || "{}");
+          const result = await apiFetch(`/config/providers/${encodeURIComponent(id)}`, {
+            method: "PUT",
+            body: JSON.stringify({ provider })
+          });
+          setLog("providerOpLog", `Saved. Path: ${result.path || "—"}\nRestart required to apply.`);
+          await refreshProviders();
+        } catch (e) {
+          setLog("providerOpLog", `Save failed: ${e.message}`);
+        }
+      }
+
+      async function deleteProvider(id) {
+        setLog("providerOpLog", "");
+        if (!id) {
+          setLog("providerOpLog", "provider id is required");
+          return;
+        }
+        if (!confirm(`Delete provider "${id}" from user config?`)) return;
+        try {
+          const result = await apiFetch(`/config/providers/${encodeURIComponent(id)}`, { method: "DELETE" });
+          setLog("providerOpLog", `Deleted. Path: ${result.path || "—"}\nRestart required to apply.`);
+          await refreshProviders();
+        } catch (e) {
+          setLog("providerOpLog", `Delete failed: ${e.message}`);
+        }
+      }
+
+      async function createApiKeyCredential() {
+        setLog("providerOpLog", "");
+        $("apikeySecretRefOut").textContent = "";
+        const provider = ($("providerIdInput").value || "").trim();
+        const alias = ($("apikeyAliasInput").value || "default").trim() || "default";
+        const apiKey = ($("apikeyValueInput").value || "").trim();
+        if (!provider) {
+          setLog("providerOpLog", "provider id is required before creating an authfile");
+          return null;
+        }
+        if (!apiKey) {
+          setLog("providerOpLog", "apiKey is required");
+          return null;
+        }
+        try {
+          const out = await apiFetch("/daemon/credentials/apikey", {
+            method: "POST",
+            body: JSON.stringify({ provider, alias, apiKey })
+          });
+          $("apikeySecretRefOut").textContent = `secretRef: ${out.secretRef}`;
+          return out.secretRef;
+        } catch (e) {
+          setLog("providerOpLog", `Create authfile failed: ${e.message}`);
+          return null;
+        }
+      }
+
+      function applyPresetToEditor() {
+        const preset = $("providerPreset").value;
+        const base = presetFor(preset);
+        const authMode = $("authMode").value;
+        if (authMode === "none") {
+          delete base.auth;
+        }
+        if (authMode === "cookie") {
+          base.auth = {
+            type: "iflow-cookie",
+            cookieFile: ($("cookieFileInput").value || "").trim() || "~/.routecodex/auth/iflow.cookie"
+          };
+        }
+        if (authMode === "oauth") {
+          const t = ($("oauthTypeInput").value || "").trim() || "qwen-oauth";
+          const alias = ($("oauthAliasInput").value || "default").trim() || "default";
+          base.auth = { type: t, tokenFile: alias };
+        }
+        if (authMode === "apikey") {
+          const secretRef = ($("apikeySecretRefOut").textContent || "").replace(/^secretRef:\\s*/i, "").trim();
+          base.auth = { type: "apikey", apiKey: secretRef || "authfile-REPLACE_ME" };
+        }
+        $("providerJsonEditor").value = JSON.stringify(base, null, 2);
+      }
+
+      function updateAuthModeUi() {
+        const mode = $("authMode").value;
+        $("authApikeyBox").style.display = mode === "apikey" ? "block" : "none";
+        $("authOauthBox").style.display = mode === "oauth" ? "block" : "none";
+        $("authCookieBox").style.display = mode === "cookie" ? "block" : "none";
+      }
+
+      async function refreshCredentials() {
+        const body = $("credentialsTbody");
+        body.innerHTML = "";
+        try {
+          const items = await apiFetch("/daemon/credentials");
+          for (const c of items || []) {
+            const tr = document.createElement("tr");
+            const exp = c.expiresInSec == null ? "—" : `${c.expiresInSec}s`;
+            tr.innerHTML = `
+              <td>${c.kind}</td>
+              <td class="mono">${c.provider}</td>
+              <td class="mono">${c.alias}</td>
+              <td>${c.status}</td>
+              <td class="mono">${exp}</td>
+              <td class="mono">${c.secretRef || "—"}</td>
+            `;
+            body.appendChild(tr);
+          }
+        } catch (e) {
+          const tr = document.createElement("tr");
+          tr.innerHTML = `<td colspan="6" class="mono">Failed to load: ${e.message}</td>`;
+          body.appendChild(tr);
+        }
+      }
+
+      async function loadSettings() {
+        try {
+          const data = await apiFetch("/config/settings");
+          const v = (data.oauthBrowser || "default").toLowerCase();
+          $("oauthBrowserSelect").value = v === "camoufox" ? "camoufox" : "default";
+        } catch {}
+      }
+
+      async function saveSettings() {
+        setLog("credentialOpLog", "");
+        const oauthBrowser = $("oauthBrowserSelect").value;
+        try {
+          const out = await apiFetch("/config/settings", {
+            method: "PUT",
+            body: JSON.stringify({ oauthBrowser })
+          });
+          setLog("credentialOpLog", `Saved oauthBrowser=${out.oauthBrowser}.`);
+        } catch (e) {
+          setLog("credentialOpLog", `Save failed: ${e.message}`);
+        }
+      }
+
+      async function authorizeOauth() {
+        setLog("credentialOpLog", "");
+        const provider = $("oauthProviderSelect").value;
+        const alias = ($("oauthAuthAliasInput").value || "default").trim() || "default";
+        const openBrowser = $("oauthOpenBrowser").checked;
+        const forceReauthorize = $("oauthForceReauth").checked;
+        try {
+          const out = await apiFetch("/daemon/oauth/authorize", {
+            method: "POST",
+            body: JSON.stringify({ provider, alias, openBrowser, forceReauthorize })
+          });
+          setLog("credentialOpLog", `OK. tokenFile: ${out.tokenFile || "—"}`);
+          await refreshCredentials();
+        } catch (e) {
+          setLog("credentialOpLog", `Authorize failed: ${e.message}`);
+        }
+      }
+
+      async function loadRouting() {
+        setLog("routingOpLog", "");
+        try {
+          const out = await apiFetch("/config/routing");
+          $("routingEditor").value = JSON.stringify(out.routing || {}, null, 2);
+          setLog("routingOpLog", `Loaded. Path: ${out.path || "—"}`);
+        } catch (e) {
+          setLog("routingOpLog", `Load failed: ${e.message}`);
+        }
+      }
+
+      async function saveRouting() {
+        setLog("routingOpLog", "");
+        try {
+          const routing = JSON.parse($("routingEditor").value || "{}");
+          const out = await apiFetch("/config/routing", {
+            method: "PUT",
+            body: JSON.stringify({ routing })
+          });
+          setLog("routingOpLog", `Saved. Path: ${out.path || "—"}\nRestart required to apply.`);
+        } catch (e) {
+          setLog("routingOpLog", `Save failed: ${e.message}`);
+        }
+      }
+
+      async function refreshRuntimes() {
+        const body = $("runtimesTbody");
+        body.innerHTML = "";
+        try {
+          const items = await apiFetch("/providers/runtimes");
+          for (const r of items || []) {
+            const tr = document.createElement("tr");
+            tr.innerHTML = `
+              <td class="mono">${r.providerKey || ""}</td>
+              <td class="mono">${r.runtimeKey || ""}</td>
+              <td>${r.family || ""}</td>
+              <td>${r.protocol || ""}</td>
+              <td>${r.series || ""}</td>
+            `;
+            body.appendChild(tr);
+          }
+        } catch (e) {
+          const tr = document.createElement("tr");
+          tr.innerHTML = `<td colspan="5" class="mono">Failed to load: ${e.message}</td>`;
+          body.appendChild(tr);
+        }
+      }
+
+      // Bind events
+      document.querySelectorAll(".tab").forEach((btn) => {
+        btn.addEventListener("click", () => selectTab(btn.getAttribute("data-tab")));
+      });
+
+      $("saveApiKeyBtn").addEventListener("click", () => {
+        const value = ($("apiKeyInput").value || "").trim();
+        setApiKey(value);
+        $("apiKeyHint").textContent = value ? "saved (session only)" : "";
+      });
+      $("clearApiKeyBtn").addEventListener("click", () => {
+        setApiKey("");
+        $("apiKeyInput").value = "";
+        $("apiKeyHint").textContent = "";
+      });
+
+      $("refreshProvidersBtn").addEventListener("click", refreshProviders);
+      $("newProviderBtn").addEventListener("click", () => {
+        $("providerEditorTitle").textContent = "Provider editor (new)";
+        $("providerIdInput").value = "";
+        $("providerJsonEditor").value = JSON.stringify(presetFor($("providerPreset").value), null, 2);
+        setLog("providerOpLog", "");
+      });
+      $("providersTbody").addEventListener("click", async (ev) => {
+        const btn = ev.target.closest("button");
+        if (!btn) return;
+        const id = btn.getAttribute("data-id");
+        const action = btn.getAttribute("data-action");
+        if (action === "edit") await loadProvider(id);
+        if (action === "delete") await deleteProvider(id);
+      });
+      $("loadProviderBtn").addEventListener("click", async () => {
+        const id = ($("providerIdInput").value || "").trim();
+        if (id) await loadProvider(id);
+      });
+      $("applyPresetBtn").addEventListener("click", applyPresetToEditor);
+      $("saveProviderBtn").addEventListener("click", saveProvider);
+      $("deleteProviderBtn").addEventListener("click", async () => {
+        const id = ($("providerIdInput").value || "").trim();
+        await deleteProvider(id);
+      });
+      $("createApiKeyCredentialBtn").addEventListener("click", createApiKeyCredential);
+
+      $("authMode").addEventListener("change", updateAuthModeUi);
+      updateAuthModeUi();
+
+      $("refreshCredentialsBtn").addEventListener("click", refreshCredentials);
+      $("saveOauthBrowserBtn").addEventListener("click", saveSettings);
+      $("oauthAuthorizeBtn").addEventListener("click", authorizeOauth);
+
+      $("loadRoutingBtn").addEventListener("click", loadRouting);
+      $("saveRoutingBtn").addEventListener("click", saveRouting);
+      $("refreshRuntimesBtn").addEventListener("click", refreshRuntimes);
+
+      // Init
+      (async () => {
+        const savedKey = getApiKey();
+        if (savedKey) {
+          $("apiKeyHint").textContent = "saved (session only)";
+          $("apiKeyInput").value = savedKey;
+        }
+        await refreshStatus();
+        await refreshProviders();
+        await refreshCredentials();
+        await loadSettings();
+      })();
+    </script>
+  </body>
+</html>
+