@nick3/copilot-api 1.5.6 → 1.5.9

package/dist/{server-DVpkQrk2.js → server-DAxpfPde.js}

@@ -1,8 +1,8 @@
-import { A as resolveTraceId, C as normalizeDomain, D as accountFromState, E as prepareMessageProxyHeaders, O as state, T as prepareInteractionHeaders, _ as HTTPError, b as copilotHeaders, c as getRootSessionId, d as parseUserIdMetadata, f as sleep, g as getCopilotUsage, h as getDeviceCode, k as requestContext, l as getUUID, m as getGitHubUser, r as cacheModels, s as generateRequestIdFromPayload, t as pollAccessToken, u as isNullish, v as forwardError, w as prepareForCompact, y as copilotBaseUrl } from "./poll-access-token-DFooFWhY.js";
-import { a as getAccountClientIdentityByLoginAndApp, c as listAccountsFromRegistry, f as removeAccountFromRegistry, g as DEFAULT_IDENTITY_ENTERPRISE_DOMAIN, h as saveRegistry, m as saveAccountToken, p as removeAccountToken, r as addAccountToRegistry, t as isAccountType, u as loadRegistry, y as getCurrentIdentityEnvironment } from "./account-AacnHem5.js";
+import { A as requestContext, D as prepareMessageProxyHeaders, E as prepareInteractionHeaders, O as accountFromState, T as prepareForCompact, _ as HTTPError, b as copilotHeaders, c as getUUID, d as parseUserIdMetadata, f as resolveAffinityKey, g as getCopilotUsage, h as getDeviceCode, j as resolveTraceId, k as state, l as isNullish, m as getGitHubUser, o as generateRequestIdFromPayload, p as sleep, s as getRootSessionId, t as pollAccessToken, u as normalizeStableSessionId, v as forwardError, w as normalizeDomain, y as copilotBaseUrl } from "./poll-access-token-DiwBJNtK.js";
+import { _ as DEFAULT_IDENTITY_ENTERPRISE_DOMAIN, a as getAccountClientIdentityByLoginAndApp, b as getCurrentIdentityEnvironment, d as loadRegistry, g as saveRegistry, h as saveAccountToken, l as listAccountsFromRegistry, m as removeAccountToken, p as removeAccountFromRegistry, r as addAccountToRegistry, t as isAccountType } from "./account-CbYMFuS4.js";
 import { r as ensurePaths, t as PATHS } from "./paths-DGlr310R.js";
-import "./get-copilot-token-cha9rQwA.js";
-import { _ as isMessagesApiEnabled, a as getClaudeTokenMultiplier, b as mergeConfigWithDefaults, c as getModelAliases, d as getProviderConfig, f as getReasoningEffortForModel, g as isMessageStartInputTokensFallbackEnabled, h as isForceAgentEnabled, i as getAnthropicApiKey, l as getModelAliasesInfo, m as isAccountAffinityEnabled, n as PROVIDER_TYPE_ANTHROPIC, o as getConfig, p as getSmallModel, r as getAliasTargetSet, s as getExtraPromptForModel, t as accountsManager, u as getModelRefreshIntervalMs, v as isResponsesApiContextManagementModel, x as shouldCompactUseSmallModel, y as isResponsesApiWebSearchEnabled } from "./accounts-manager-BE-Dq5Wn.js";
+import "./get-copilot-token-MAZsr5Vu.js";
+import { A as isResponsesApiWebSearchEnabled, C as getReasoningEffortForModel, D as isMessageStartInputTokensFallbackEnabled, E as isForceAgentEnabled, M as resolveModelAlias, N as shouldCompactUseSmallModel, O as isMessagesApiEnabled, S as getProviderConfig, T as isAccountAffinityEnabled, _ as getExtraPromptForModel, a as getClientIpInfo, b as getModelAliasesInfo, c as normalizeChatCompletionsUsage, d as toLocalDateString, f as PROVIDER_TYPE_ANTHROPIC, g as getConfig, h as getClaudeTokenMultiplier, i as extractResponsesUsageFromStreamEvent, j as mergeConfigWithDefaults, k as isResponsesApiContextManagementModel, l as normalizeEmbeddingsUsage, m as getAnthropicApiKey, n as applySharedSessionAffinityRetention, o as getRequestHistoryStore, p as getAliasTargetSet, r as extractResponsesUsageFromResult, s as getStatsStore, t as accountsManager, u as normalizeMessagesUsage, v as getLogLevel, w as getSmallModel, x as getModelRefreshIntervalMs, y as getModelAliases } from "./accounts-manager-BKG9aZEL.js";
 import consola from "consola";
 import fs, { readFile } from "node:fs/promises";
 import { randomUUID, timingSafeEqual } from "node:crypto";
@@ -12,7 +12,6 @@ import { Hono } from "hono";
 import { cors } from "hono/cors";
 import { logger } from "hono/logger";
 import fs$1, { existsSync } from "node:fs";
-import { Database } from "bun:sqlite";
 import { fileURLToPath } from "node:url";
 import { streamSSE } from "hono/streaming";
 import util from "node:util";
@@ -121,583 +120,6 @@ const traceIdMiddleware = async (c, next) => {
 	});
 };
 
-//#endregion
-//#region src/lib/admin-db.ts
-const DEFAULT_DB_PATH = path.join(PATHS.APP_DIR, "admin.sqlite");
-let sharedDb = null;
-let initialized = false;
-const INIT_WARN_THROTTLE_MS = 3e4;
-let lastInitWarnAtMs = 0;
-let suppressedInitWarnCount = 0;
-function warnAdminDbInitFailure(error) {
-	const now = Date.now();
-	if (now - lastInitWarnAtMs < INIT_WARN_THROTTLE_MS) {
-		suppressedInitWarnCount++;
-		return;
-	}
-	const suppressed = suppressedInitWarnCount;
-	suppressedInitWarnCount = 0;
-	lastInitWarnAtMs = now;
-	const suffix = suppressed > 0 ? ` (suppressed ${suppressed} similar errors)` : "";
-	consola.warn(`Failed to initialize admin DB; admin features disabled${suffix}`, error);
-}
-function getAdminDbPath() {
-	return DEFAULT_DB_PATH;
-}
-function openAdminDb(filePath = DEFAULT_DB_PATH) {
-	return new Database(filePath);
-}
-function initAdminDb(db) {
-	db.run("PRAGMA journal_mode = WAL;");
-	db.run("PRAGMA synchronous = NORMAL;");
-	db.run("PRAGMA busy_timeout = 3000;");
-	db.run("PRAGMA foreign_keys = ON;");
-	migrateAdminDb(db);
-}
-function getAdminDb() {
-	if (!sharedDb) sharedDb = openAdminDb();
-	if (!initialized) try {
-		initAdminDb(sharedDb);
-		initialized = true;
-	} catch (error) {
-		warnAdminDbInitFailure(error);
-	}
-	return sharedDb;
-}
-function getAdminDbUserVersion(db = getAdminDb()) {
-	try {
-		return db.query("PRAGMA user_version;").get()?.user_version ?? 0;
-	} catch {
-		return 0;
-	}
-}
-function migrateV1(db) {
-	db.run(`
-    CREATE TABLE IF NOT EXISTS request_log (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      request_id TEXT NOT NULL UNIQUE,
-
-      started_at_ms INTEGER NOT NULL,
-      finished_at_ms INTEGER,
-      duration_ms INTEGER,
-      ttfb_ms INTEGER,
-
-      method TEXT NOT NULL,
-      path TEXT NOT NULL,
-      upstream_endpoint TEXT,
-      stream INTEGER NOT NULL DEFAULT 0,
-
-      account_id TEXT,
-      account_type TEXT,
-      cost_units REAL,
-      client_model TEXT,
-      upstream_model TEXT,
-
-      client_ip TEXT,
-      client_ip_source TEXT,
-      user_agent TEXT,
-
-      tokens_input INTEGER,
-      tokens_output INTEGER,
-      tokens_total INTEGER,
-      tokens_cached_input INTEGER,
-      usage_json TEXT,
-
-      premium_remaining_before REAL,
-      premium_remaining_after REAL,
-      premium_remaining_diff REAL,
-      premium_unlimited_before INTEGER,
-      premium_unlimited_after INTEGER,
-
-      http_status INTEGER,
-      error_name TEXT,
-      error_status INTEGER,
-      error_message TEXT,
-      selection_failure_reason TEXT
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_request_log_started_at
-      ON request_log(started_at_ms DESC);
-    CREATE INDEX IF NOT EXISTS idx_request_log_account_started_at
-      ON request_log(account_id, started_at_ms DESC);
-    CREATE INDEX IF NOT EXISTS idx_request_log_model_started_at
-      ON request_log(upstream_model, started_at_ms DESC);
-    CREATE INDEX IF NOT EXISTS idx_request_log_endpoint_started_at
-      ON request_log(upstream_endpoint, started_at_ms DESC);
-    CREATE INDEX IF NOT EXISTS idx_request_log_status_started_at
-      ON request_log(http_status, started_at_ms DESC);
-
-    PRAGMA user_version = 1;
-  `);
-}
-function migrateAdminDb(db) {
-	const current = db.query("PRAGMA user_version;").get()?.user_version ?? 0;
-	if (current >= 6) return;
-	if (current < 1) migrateV1(db);
-	if (current < 2) db.run(`
-      ALTER TABLE request_log ADD COLUMN user_id TEXT;
-      ALTER TABLE request_log ADD COLUMN safety_identifier TEXT;
-      ALTER TABLE request_log ADD COLUMN prompt_cache_key TEXT;
-      ALTER TABLE request_log ADD COLUMN initiator TEXT;
-      ALTER TABLE request_log ADD COLUMN upstream_request_id TEXT;
-
-      PRAGMA user_version = 2;
-    `);
-	if (current < 3) db.run(`
-      CREATE INDEX IF NOT EXISTS idx_request_log_session_finished
-        ON request_log(
-          prompt_cache_key,
-          safety_identifier,
-          finished_at_ms DESC
-        )
-        WHERE finished_at_ms IS NOT NULL
-          AND tokens_input IS NOT NULL;
-
-      PRAGMA user_version = 3;
-    `);
-	if (current < 4) db.run(`
-      CREATE INDEX IF NOT EXISTS idx_request_log_session_finished_by_client_model
-        ON request_log(
-          prompt_cache_key,
-          safety_identifier,
-          client_model,
-          finished_at_ms DESC
-        )
-        WHERE finished_at_ms IS NOT NULL
-          AND tokens_input IS NOT NULL;
-
-      PRAGMA user_version = 4;
-    `);
-	if (current < 5) db.run(`
-      ALTER TABLE request_log ADD COLUMN affinity_hit INTEGER;
-      ALTER TABLE request_log ADD COLUMN affinity_cache_key TEXT;
-
-      PRAGMA user_version = 5;
-    `);
-	if (current < 6) {
-		if (!db.query("PRAGMA table_info(request_log);").all().some((row) => row.name === "is_subagent")) db.run("ALTER TABLE request_log ADD COLUMN is_subagent INTEGER;");
-		db.run("PRAGMA user_version = 6;");
-	}
-}
-
-//#endregion
-//#region src/lib/request-history.ts
-const DEFAULT_RETENTION_DAYS = 14;
-const DEFAULT_MAX_ROWS = 2e5;
-const INSERT_WARN_THROTTLE_MS = 3e4;
-let lastInsertWarnAtMs = 0;
-let suppressedInsertWarnCount = 0;
-function warnInsertFailure(error) {
-	const now = Date.now();
-	if (now - lastInsertWarnAtMs < INSERT_WARN_THROTTLE_MS) {
-		suppressedInsertWarnCount++;
-		return;
-	}
-	const suppressed = suppressedInsertWarnCount;
-	suppressedInsertWarnCount = 0;
-	lastInsertWarnAtMs = now;
-	const suffix = suppressed > 0 ? ` (suppressed ${suppressed} similar errors)` : "";
-	consola.warn(`Failed to insert request log${suffix}`, error);
-}
-function toDbNull(value) {
-	return value === void 0 ? null : value;
-}
-function toDbBool(value) {
-	if (value === true) return 1;
-	if (value === false) return 0;
-	return null;
-}
-function getClientIpInfo(c) {
-	const cf = c.req.header("cf-connecting-ip");
-	if (cf) return {
-		ip: cf.trim(),
-		source: "cf-connecting-ip"
-	};
-	const xff = c.req.header("x-forwarded-for");
-	if (xff) {
-		const first = xff.split(",")[0]?.trim();
-		if (first) return {
-			ip: first,
-			source: "x-forwarded-for"
-		};
-	}
-	const xri = c.req.header("x-real-ip");
-	if (xri) return {
-		ip: xri.trim(),
-		source: "x-real-ip"
-	};
-	return {};
-}
-function normalizeChatCompletionsUsage(usage) {
-	if (!usage) return {};
-	const cached = usage.prompt_tokens_details?.cached_tokens ?? 0;
-	const prompt = usage.prompt_tokens;
-	const completion = usage.completion_tokens;
-	const total = usage.total_tokens;
-	return {
-		tokensCachedInput: cached,
-		tokensInput: Math.max(0, prompt - cached),
-		tokensOutput: completion,
-		tokensTotal: total,
-		usageJson: JSON.stringify(usage)
-	};
-}
-function normalizeResponsesUsage(usage) {
-	if (!usage) return {};
-	const cached = usage.input_tokens_details?.cached_tokens ?? 0;
-	const input = usage.input_tokens;
-	const output = usage.output_tokens ?? 0;
-	const total = usage.total_tokens;
-	return {
-		tokensCachedInput: cached,
-		tokensInput: Math.max(0, input - cached),
-		tokensOutput: output,
-		tokensTotal: total,
-		usageJson: JSON.stringify(usage)
-	};
-}
-function normalizeMessagesUsage(usage) {
-	if (!usage) return {};
-	const cached = usage.cache_read_input_tokens ?? 0;
-	const input = usage.input_tokens;
-	const output = usage.output_tokens;
-	const hasInput = typeof input === "number";
-	const hasOutput = typeof output === "number";
-	return {
-		tokensCachedInput: cached,
-		tokensInput: hasInput ? Math.max(0, input - cached) : void 0,
-		tokensOutput: hasOutput ? output : void 0,
-		tokensTotal: hasInput || hasOutput ? (input ?? 0) + (output ?? 0) : void 0,
-		usageJson: JSON.stringify(usage)
-	};
-}
-function normalizeEmbeddingsUsage(usage) {
-	if (!usage) return {};
-	return {
-		tokensCachedInput: 0,
-		tokensInput: usage.prompt_tokens,
-		tokensOutput: 0,
-		tokensTotal: usage.total_tokens,
-		usageJson: JSON.stringify(usage)
-	};
-}
-var RequestHistoryStore = class {
-	db;
-	insertStmt;
-	getByRequestIdStmt;
-	getLastCompletedUsageBySessionStmt;
-	constructor(db) {
-		this.db = db;
-		this.insertStmt = db.query(`
-      INSERT INTO request_log (
-        request_id,
-        started_at_ms,
-        finished_at_ms,
-        duration_ms,
-        ttfb_ms,
-        method,
-        path,
-        upstream_endpoint,
-        stream,
-        account_id,
-        account_type,
-        cost_units,
-        client_model,
-        upstream_model,
-        client_ip,
-        client_ip_source,
-        user_agent,
-        user_id,
-        safety_identifier,
-        prompt_cache_key,
-        initiator,
-        is_subagent,
-        upstream_request_id,
-        tokens_input,
-        tokens_output,
-        tokens_total,
-        tokens_cached_input,
-        usage_json,
-        premium_remaining_before,
-        premium_remaining_after,
-        premium_remaining_diff,
-        premium_unlimited_before,
-        premium_unlimited_after,
-        http_status,
-        error_name,
-        error_status,
-        error_message,
-        selection_failure_reason,
-        affinity_hit,
-        affinity_cache_key
-      ) VALUES (
-        ?,?,?,?,?,?,?,?,
-        ?,?,?,?,?,?,?,?,
-        ?,?,?,?,?,?,?,?,
-        ?,?,?,?,?,?,?,?,
-        ?,?,?,?,?,?,?,?
-      );
-    `);
-		this.getByRequestIdStmt = db.query("SELECT * FROM request_log WHERE request_id = ? LIMIT 1;");
-		this.getLastCompletedUsageBySessionStmt = db.query(`
-      SELECT
-        tokens_input,
-        tokens_output,
-        tokens_total,
-        tokens_cached_input
-      FROM request_log
-      WHERE prompt_cache_key = ?
-        AND safety_identifier = ?
-        AND client_model = ?
-        AND finished_at_ms IS NOT NULL
-        AND tokens_input IS NOT NULL
-      ORDER BY finished_at_ms DESC
-      LIMIT 1;
-    `);
-	}
-	insert(record) {
-		try {
-			const args = [
-				record.requestId,
-				record.startedAtMs,
-				toDbNull(record.finishedAtMs),
-				toDbNull(record.durationMs),
-				toDbNull(record.ttfbMs),
-				record.method,
-				record.path,
-				toDbNull(record.upstreamEndpoint),
-				record.stream ? 1 : 0,
-				toDbNull(record.accountId),
-				toDbNull(record.accountType),
-				toDbNull(record.costUnits),
-				toDbNull(record.clientModel),
-				toDbNull(record.upstreamModel),
-				toDbNull(record.clientIp),
-				toDbNull(record.clientIpSource),
-				toDbNull(record.userAgent),
-				toDbNull(record.userId),
-				toDbNull(record.safetyIdentifier),
-				toDbNull(record.promptCacheKey),
-				toDbNull(record.initiator),
-				toDbBool(record.isSubagent),
-				toDbNull(record.upstreamRequestId),
-				toDbNull(record.tokensInput),
-				toDbNull(record.tokensOutput),
-				toDbNull(record.tokensTotal),
-				toDbNull(record.tokensCachedInput),
-				toDbNull(record.usageJson),
-				toDbNull(record.premiumRemainingBefore),
-				toDbNull(record.premiumRemainingAfter),
-				toDbNull(record.premiumRemainingDiff),
-				toDbBool(record.premiumUnlimitedBefore),
-				toDbBool(record.premiumUnlimitedAfter),
-				toDbNull(record.httpStatus),
-				toDbNull(record.errorName),
-				toDbNull(record.errorStatus),
-				toDbNull(record.errorMessage),
-				toDbNull(record.selectionFailureReason),
-				toDbBool(record.affinityHit),
-				toDbNull(record.affinityCacheKey)
-			];
-			this.insertStmt.run(...args);
-		} catch (error) {
-			warnInsertFailure(error);
-		}
-	}
-	getByRequestId(requestId) {
-		try {
-			return this.getByRequestIdStmt.get(requestId) ?? null;
-		} catch (error) {
-			consola.debug("Failed to fetch request log by request_id", error);
-			return null;
-		}
-	}
-	getLastCompletedUsageBySession(session) {
-		if (!session.promptCacheKey || !session.safetyIdentifier || !session.clientModel) return null;
-		try {
-			const row = this.getLastCompletedUsageBySessionStmt.get(session.promptCacheKey, session.safetyIdentifier, session.clientModel);
-			if (!row || row.tokens_input === null) return null;
-			const tokensOutput = row.tokens_output === null ? void 0 : row.tokens_output;
-			const tokensTotal = row.tokens_total === null ? void 0 : row.tokens_total;
-			const tokensCachedInput = row.tokens_cached_input === null ? void 0 : row.tokens_cached_input;
-			return {
-				tokensInput: row.tokens_input,
-				tokensOutput,
-				tokensTotal,
-				tokensCachedInput
-			};
-		} catch (error) {
-			consola.debug("Failed to fetch last completed usage by session", error);
-			return null;
-		}
-	}
-	query(params) {
-		const limit = Math.max(1, Math.min(params.limit, 200));
-		const where = [];
-		const values = [];
-		if (params.cursorId !== void 0) {
-			where.push("id < ?");
-			values.push(params.cursorId);
-		}
-		if (params.accountId) {
-			where.push("account_id = ?");
-			values.push(params.accountId);
-		}
-		if (params.upstreamModel) {
-			where.push("upstream_model = ?");
-			values.push(params.upstreamModel);
-		}
-		if (params.clientModel) {
-			where.push("client_model = ?");
-			values.push(params.clientModel);
-		}
-		if (params.upstreamEndpoint) {
-			where.push("upstream_endpoint = ?");
-			values.push(params.upstreamEndpoint);
-		}
-		if (params.path) {
-			where.push("path = ?");
-			values.push(params.path);
-		}
-		if (params.status !== void 0) {
-			where.push("http_status = ?");
-			values.push(params.status);
-		}
-		if (params.hasError === true) where.push("http_status >= 400");
-		if (params.hasError === false) where.push("http_status < 400");
-		if (params.fromMs !== void 0) {
-			where.push("started_at_ms >= ?");
-			values.push(params.fromMs);
-		}
-		if (params.toMs !== void 0) {
-			where.push("started_at_ms <= ?");
-			values.push(params.toMs);
-		}
-		const sql = `
-      SELECT *
-      FROM request_log
-      ${where.length > 0 ? `WHERE ${where.join(" AND ")}` : ""}
-      ORDER BY id DESC
-      LIMIT ?;
-    `;
-		const rows = this.db.query(sql).all(...values, limit + 1);
-		const items = rows.slice(0, limit);
-		const hasMore = rows.length > limit;
-		return {
-			items,
-			nextCursorId: hasMore ? items.at(-1)?.id : void 0,
-			hasMore
-		};
-	}
-	getAccountStatsSince(sinceMs) {
-		try {
-			const rows = this.db.query(`
-        SELECT
-          account_id,
-          COUNT(*) AS request_count,
-          SUM(CASE WHEN http_status >= 400 THEN 1 ELSE 0 END) AS error_count,
-          COALESCE(SUM(tokens_total), 0) AS tokens_total,
-          COALESCE(AVG(duration_ms), 0) AS avg_duration_ms,
-          COALESCE(MAX(started_at_ms), 0) AS last_request_at_ms
-        FROM request_log
-        WHERE started_at_ms >= ? AND account_id IS NOT NULL
-        GROUP BY account_id;
-      `).all(sinceMs);
-			const map = {};
-			for (const row of rows) map[row.account_id] = row;
-			return map;
-		} catch (error) {
-			consola.debug("Failed to fetch account stats", error);
-			return {};
-		}
-	}
-	cleanupRetention(retentionDays = DEFAULT_RETENTION_DAYS, maxRows = DEFAULT_MAX_ROWS) {
-		try {
-			const cutoffMs = Date.now() - retentionDays * 24 * 60 * 60 * 1e3;
-			this.db.query("DELETE FROM request_log WHERE started_at_ms < ?;").run(cutoffMs);
-			if (this.db.query("SELECT COUNT(*) AS c FROM request_log;").get().c <= maxRows) return;
-			const offset = maxRows - 1;
-			const thresholdId = this.db.query("SELECT id FROM request_log ORDER BY id DESC LIMIT 1 OFFSET ?;").get(offset)?.id;
-			if (!thresholdId) return;
-			this.db.query("DELETE FROM request_log WHERE id < ?;").run(thresholdId);
-		} catch (error) {
-			consola.debug("Failed to cleanup request_log retention", error);
-		}
-	}
-	meta() {
-		return {
-			dbPath: getAdminDbPath(),
-			userVersion: getAdminDbUserVersion(this.db),
-			retentionDays: DEFAULT_RETENTION_DAYS,
-			maxRows: DEFAULT_MAX_ROWS
-		};
-	}
-};
-const STORE_INIT_WARN_THROTTLE_MS = 3e4;
-const STORE_INIT_RETRY_DELAY_MS = 3e4;
-let lastStoreInitWarnAtMs = 0;
-let suppressedStoreInitWarnCount = 0;
-let nextStoreRetryAtMs = 0;
-function warnStoreInitFailure(error) {
-	const now = Date.now();
-	if (now - lastStoreInitWarnAtMs < STORE_INIT_WARN_THROTTLE_MS) {
-		suppressedStoreInitWarnCount++;
-		return;
-	}
-	const suppressed = suppressedStoreInitWarnCount;
-	suppressedStoreInitWarnCount = 0;
-	lastStoreInitWarnAtMs = now;
-	const suffix = suppressed > 0 ? ` (suppressed ${suppressed} similar errors)` : "";
-	consola.warn(`Request history store is disabled${suffix}`, error);
-}
-const disabledStore = {
-	insert: () => {},
-	getByRequestId: () => null,
-	getLastCompletedUsageBySession: () => null,
-	query: () => ({
-		items: [],
-		hasMore: false
-	}),
-	getAccountStatsSince: () => ({}),
-	cleanupRetention: () => {},
-	meta: () => ({
-		dbPath: getAdminDbPath(),
-		userVersion: 0,
-		retentionDays: DEFAULT_RETENTION_DAYS,
-		maxRows: DEFAULT_MAX_ROWS
-	})
-};
-let sharedStore = null;
-let maintenanceStarted = false;
-function getRequestHistoryStore() {
-	if (sharedStore) return sharedStore;
-	const now = Date.now();
-	if (now < nextStoreRetryAtMs) return disabledStore;
-	try {
-		sharedStore = new RequestHistoryStore(getAdminDb());
-		if (!maintenanceStarted) {
-			maintenanceStarted = true;
-			sharedStore.cleanupRetention();
-			setInterval(() => {
-				sharedStore?.cleanupRetention();
-			}, 1440 * 60 * 1e3);
-		}
-		return sharedStore;
-	} catch (error) {
-		nextStoreRetryAtMs = now + STORE_INIT_RETRY_DELAY_MS;
-		warnStoreInitFailure(error);
-		return disabledStore;
-	}
-}
-function extractResponsesUsageFromStreamEvent(event) {
-	if (event.type === "response.completed" || event.type === "response.incomplete") return normalizeResponsesUsage(event.response.usage);
-	if (event.type === "response.failed") return normalizeResponsesUsage(event.response.usage);
-	return {};
-}
-function extractResponsesUsageFromResult(result) {
-	return normalizeResponsesUsage(result.usage);
-}
-
 //#endregion
 //#region src/routes/admin-api/auth-sessions.ts
 function buildOauthUrls(enterpriseDomain) {
@@ -917,6 +339,7 @@ const CONFIG_KEYS = new Set([
 	"auth",
 	"extraPrompts",
 	"smallModel",
+	"logLevel",
 	"accountAffinity",
 	"apiKey",
 	"anthropicApiKey",
@@ -930,6 +353,7 @@ const CONFIG_KEYS = new Set([
 	"compactUseSmallModel",
 	"messageStartInputTokensFallback",
 	"modelRefreshIntervalHours",
+	"sessionAffinityRetentionDays",
 	"useMessagesApi",
 	"useResponsesApiWebSearch"
 ]);
@@ -941,6 +365,12 @@ const REASONING_EFFORTS = new Set([
 	"high",
 	"xhigh"
 ]);
+const LOG_LEVELS = new Set([
+	"error",
+	"warn",
+	"info",
+	"debug"
+]);
 const BLOCKED_KEYS = new Set([
 	"__proto__",
 	"constructor",
@@ -959,6 +389,13 @@ function parseOptionalString(value, field) {
 	if (!trimmed) return { clear: true };
 	return { value: trimmed };
 }
+function parseOptionalLogLevel(value) {
+	const parsed = parseOptionalString(value, "logLevel");
+	if ("error" in parsed) return parsed;
+	if ("clear" in parsed) return parsed;
+	if (!LOG_LEVELS.has(parsed.value)) return { error: `logLevel must be one of: ${[...LOG_LEVELS].join(", ")}` };
+	return { value: parsed.value };
+}
 function parseOptionalBoolean(value, field) {
 	if (value === null || value === void 0) return { clear: true };
 	if (typeof value !== "boolean") return { error: `${field} must be a boolean` };
@@ -1238,6 +675,15 @@ function applyAuthConfig(next, value) {
 	}
 	next.auth = parsed.value;
 }
+function applyLogLevel(next, value) {
+	const parsed = parseOptionalLogLevel(value);
+	if ("error" in parsed) return parsed.error;
+	if ("clear" in parsed) {
+		next.logLevel = void 0;
+		return;
+	}
+	next.logLevel = parsed.value;
+}
 function applyOptionalBoolean(next, key, value) {
 	const parsed = parseOptionalBoolean(value, key);
 	if ("error" in parsed) return parsed.error;
@@ -1305,6 +751,7 @@ const CONFIG_PATCH_HANDLERS = {
 	auth: applyAuthConfig,
 	extraPrompts: applyExtraPrompts,
 	smallModel: (next, value) => applyOptionalString(next, "smallModel", value),
+	logLevel: applyLogLevel,
 	accountAffinity: (next, value) => applyOptionalBoolean(next, "accountAffinity", value),
 	apiKey: (next, value) => applyOptionalString(next, "apiKey", value),
 	anthropicApiKey: (next, value) => applyOptionalString(next, "anthropicApiKey", value),
@@ -1318,6 +765,7 @@ const CONFIG_PATCH_HANDLERS = {
 	compactUseSmallModel: (next, value) => applyOptionalBoolean(next, "compactUseSmallModel", value),
 	messageStartInputTokensFallback: (next, value) => applyOptionalBoolean(next, "messageStartInputTokensFallback", value),
 	modelRefreshIntervalHours: (next, value) => applyOptionalNumber(next, "modelRefreshIntervalHours", value),
+	sessionAffinityRetentionDays: (next, value) => applyOptionalNumber(next, "sessionAffinityRetentionDays", value),
 	useMessagesApi: (next, value) => applyOptionalBoolean(next, "useMessagesApi", value),
 	useResponsesApiWebSearch: (next, value) => applyOptionalBoolean(next, "useResponsesApiWebSearch", value)
 };
@@ -1400,6 +848,7 @@ adminApiRoutes.post("/config", async (c) => {
 		const merged = mergeConfigWithDefaults();
 		accountsManager.setAccountAffinityEnabled(isAccountAffinityEnabled());
 		accountsManager.setModelsRefreshIntervalMs(getModelRefreshIntervalMs());
+		applySharedSessionAffinityRetention();
 		return c.json({
 			...merged,
 			_configPath: PATHS.CONFIG_PATH
@@ -1548,7 +997,8 @@ adminApiRoutes.get("/accounts", async (c) => {
 				remaining: s.remaining,
 				unlimited: s.unlimited,
 				failed: s.failed,
-				failureReason: s.failureReason
+				failureReason: s.failureReason,
+				enabled: s.enabled
 			},
 			stats
 		};
@@ -1608,11 +1058,7 @@ adminApiRoutes.post("/accounts/auth/start", async (c) => {
 	});
 	const enterpriseDomainRaw = payload.enterpriseDomain;
 	let enterpriseDomain;
-	if (accountType === "enterprise" && typeof enterpriseDomainRaw === "string") enterpriseDomain = enterpriseDomainRaw.trim();
-	if (accountType === "enterprise" && !enterpriseDomain) return jsonError(c, 400, {
-		message: "enterpriseDomain is required for enterprise accounts.",
-		type: "bad_request"
-	});
+	if (accountType === "enterprise" && typeof enterpriseDomainRaw === "string") enterpriseDomain = enterpriseDomainRaw.trim() || void 0;
 	try {
 		const result = await authSessionManager.startAuth({
 			accountType,
@@ -1643,6 +1089,40 @@ adminApiRoutes.post("/accounts/auth/cancel/:sessionId", (c) => {
 	});
 	return c.json({ cancelled: true });
 });
+adminApiRoutes.patch("/accounts/:id", async (c) => {
+	const accountId = c.req.param("id");
+	let payload;
+	try {
+		payload = await c.req.json();
+	} catch {
+		return jsonError(c, 400, {
+			message: "Invalid JSON body.",
+			type: "bad_request"
+		});
+	}
+	if (typeof payload !== "object" || payload === null || Array.isArray(payload) || typeof payload.enabled !== "boolean") return jsonError(c, 400, {
+		message: "Request body must contain { enabled: boolean }.",
+		type: "bad_request"
+	});
+	const enabled = payload.enabled;
+	try {
+		const registry = await loadRegistry();
+		const entry = registry.accounts.find((a) => a.id === accountId);
+		if (!entry) return jsonError(c, 404, {
+			message: "Account not found.",
+			type: "not_found"
+		});
+		entry.enabled = enabled;
+		await saveRegistry(registry);
+		await accountsManager.reloadRegistryNow();
+		return c.json({ success: true });
+	} catch (error) {
+		return jsonError(c, 500, {
+			message: `Failed to update account: ${error instanceof Error ? error.message : String(error)}`,
+			type: "internal_error"
+		});
+	}
+});
 adminApiRoutes.delete("/accounts/:id", async (c) => {
 	const accountId = c.req.param("id");
 	try {
@@ -1656,6 +1136,7 @@ adminApiRoutes.delete("/accounts/:id", async (c) => {
 		} catch (error) {
 			console.error(`Account ${accountId} deleted but token cleanup failed.`, error);
 		}
+		await accountsManager.reloadRegistryNow();
 		return c.json({
 			deleted: true,
 			accountId
@@ -1679,10 +1160,6 @@ adminApiRoutes.post("/accounts/:id/reauth", async (c) => {
 		const resolvedEnterpriseDomain = (await getAccountClientIdentityByLoginAndApp(accountId, oauthApp))?.enterpriseDomain;
 		let enterpriseDomain;
 		if (resolvedEnterpriseDomain && resolvedEnterpriseDomain !== DEFAULT_IDENTITY_ENTERPRISE_DOMAIN) enterpriseDomain = resolvedEnterpriseDomain;
-		if (account.accountType === "enterprise" && !enterpriseDomain) return jsonError(c, 400, {
-			message: "Cannot re-authenticate enterprise account: enterprise domain could not be resolved from stored identity.",
-			type: "bad_request"
-		});
 		const result = await authSessionManager.startAuth({
 			accountType: account.accountType,
 			enterpriseDomain,
@@ -1696,6 +1173,70 @@ adminApiRoutes.post("/accounts/:id/reauth", async (c) => {
 		});
 	}
 });
+adminApiRoutes.get("/stats/premium-daily", (c) => {
+	const p = new URL(c.req.url, "http://local").searchParams;
+	const from = p.get("from") || void 0;
+	const to = p.get("to") || void 0;
+	const accountId = p.get("account_id") || void 0;
+	const granularity = p.get("granularity") === "hour" ? "hour" : "day";
+	const now = /* @__PURE__ */ new Date();
+	const todayStr = toLocalDateString(now.getTime());
+	const resolvedFrom = from || toLocalDateString(now.getTime() - 10080 * 60 * 1e3);
+	const resolvedTo = to || todayStr;
+	function parseLocalDate(dateStr) {
+		const [y, m, d] = dateStr.split("-").map(Number);
+		return new Date(y, m - 1, d);
+	}
+	if (granularity === "hour") {
+		const fromDate = parseLocalDate(resolvedFrom);
+		if (parseLocalDate(resolvedTo).getTime() - fromDate.getTime() + 1440 * 60 * 1e3 > 2880 * 60 * 1e3) return jsonError(c, 400, {
+			message: "Hourly granularity is only supported for ranges up to 48 hours.",
+			type: "bad_request"
+		});
+	}
+	const statsStore = getStatsStore();
+	if (!statsStore) return c.json({
+		daily: [],
+		by_account: [],
+		range: {
+			from: resolvedFrom,
+			to: resolvedTo,
+			granularity
+		}
+	});
+	if (granularity === "hour") {
+		const fromMs = parseLocalDate(resolvedFrom).getTime();
+		const toMs = parseLocalDate(resolvedTo).getTime() + 86399999;
+		const result$1 = statsStore.getHourlyPremiumStats({
+			fromMs,
+			toMs,
+			accountId
+		});
+		return c.json({
+			daily: result$1.daily,
+			by_account: result$1.byAccount,
+			range: {
+				from: resolvedFrom,
+				to: resolvedTo,
+				granularity
+			}
+		});
+	}
+	const result = statsStore.getDailyPremiumStats({
+		from: resolvedFrom,
+		to: resolvedTo,
+		accountId
+	});
+	return c.json({
+		daily: result.daily,
+		by_account: result.byAccount,
+		range: {
+			from: resolvedFrom,
+			to: resolvedTo,
+			granularity
+		}
+	});
+});
 
 //#endregion
 //#region src/routes/admin/route.ts
@@ -2365,39 +1906,122 @@ function toAccountContext(account) {
 		clientSessionId: account.clientSessionId
 	};
 }
+const OWNERSHIP_MISMATCH_PATTERN = /does not belong to this connection/i;
+const UUID_PATTERN = /\b[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}\b/gi;
+const OPAQUE_ID_PATTERN = /\b(?:msg|resp|chatcmpl|out|toolu|call|item)_[\w-]+\b/g;
+const UPSTREAM_ERROR_MAX_LENGTH = 1e3;
+const UPSTREAM_ERROR_READ_FAILED_SENTINEL = "[upstream body read failed]";
+function sanitizeUpstreamErrorMessage(value) {
+	return truncate(value.trim().replaceAll(UUID_PATTERN, "<uuid>").replaceAll(OPAQUE_ID_PATTERN, "<opaque_id>"), UPSTREAM_ERROR_MAX_LENGTH);
+}
+function readErrorField(value) {
+	return typeof value === "string" ? value : void 0;
+}
+function formatUpstreamErrorBody(payload) {
+	if (typeof payload === "string") {
+		const text = payload.trim();
+		return text.length > 0 ? text : void 0;
+	}
+	if (!payload || typeof payload !== "object") return;
+	const root = payload;
+	const message = readErrorField(root.error?.message) ?? readErrorField(root.message);
+	const code = readErrorField(root.error?.code) ?? readErrorField(root.code);
+	if (message && code) return `${message} [code:${code}]`;
+	return message ?? (code ? `[code:${code}]` : void 0);
+}
+async function extractUpstreamErrorMessageRaw(error) {
+	if (!(error instanceof HTTPError)) return { upstreamErrorMessageReadFailed: false };
+	try {
+		const bodyText = await error.response.clone().text();
+		if (!bodyText) return { upstreamErrorMessageReadFailed: false };
+		let candidate;
+		try {
+			candidate = formatUpstreamErrorBody(JSON.parse(bodyText));
+		} catch {
+			candidate = bodyText;
+		}
+		if (!candidate) return { upstreamErrorMessageReadFailed: false };
+		const sanitized = sanitizeUpstreamErrorMessage(candidate);
+		return {
+			upstreamErrorMessageRaw: sanitized.length > 0 ? sanitized : void 0,
+			upstreamErrorMessageReadFailed: false
+		};
+	} catch (readError) {
+		consola.warn("Failed to read upstream HTTP error response body:", {
+			status: error.response.status,
+			readError
+		});
+		return { upstreamErrorMessageReadFailed: true };
+	}
+}
 function extractErrorDetails(error) {
 	const errorName = error instanceof Error ? error.name : "Error";
 	const errorMessage = error instanceof Error ? truncate(error.message) : truncate(String(error));
 	const errorStatus = error instanceof HTTPError ? error.response.status : void 0;
+	const httpStatus = errorStatus ?? 500;
+	const unauthorized = errorStatus === 401;
 	return {
-		httpStatus: errorStatus ?? 500,
+		httpStatus,
 		errorName,
 		errorStatus,
 		errorMessage,
-		unauthorized: errorStatus === 401
+		unauthorized,
+		ownershipMismatch: unauthorized && OWNERSHIP_MISMATCH_PATTERN.test(errorMessage)
+	};
+}
+async function extractErrorObservability(error) {
+	const details = extractErrorDetails(error);
+	const { upstreamErrorMessageRaw, upstreamErrorMessageReadFailed } = await extractUpstreamErrorMessageRaw(error);
+	const observableUpstreamErrorMessageRaw = upstreamErrorMessageRaw ?? (upstreamErrorMessageReadFailed ? UPSTREAM_ERROR_READ_FAILED_SENTINEL : void 0);
+	return {
+		...details,
+		ownershipMismatch: details.ownershipMismatch || details.unauthorized && OWNERSHIP_MISMATCH_PATTERN.test(upstreamErrorMessageRaw ?? ""),
+		upstreamErrorMessageRaw: observableUpstreamErrorMessageRaw,
+		upstreamErrorMessageReadFailed
 	};
 }
+function getUserVisibleErrorMessage(details) {
+	if (details.upstreamErrorMessageReadFailed) return details.errorMessage;
+	return details.upstreamErrorMessageRaw ?? details.errorMessage;
+}
+/**
+* Returns true when the 401 indicates a genuine auth/token failure
+* (not an ownership mismatch) and the account should be marked failed.
+*/
+function shouldMarkAccountFailed(details) {
+	return details.unauthorized && !details.ownershipMismatch && details.upstreamErrorMessageReadFailed !== true;
+}
 
 //#endregion
 //#region src/lib/logger.ts
 const LOG_RETENTION_MS = 10080 * 60 * 1e3;
 const CLEANUP_INTERVAL_MS = 1440 * 60 * 1e3;
-const LOG_DIR = path.join(PATHS.APP_DIR, "logs");
 const FLUSH_INTERVAL_MS = 1e3;
 const MAX_BUFFER_SIZE = 100;
+const FILE_LOG_LEVEL_PRIORITY = {
+	error: 0,
+	warn: 1,
+	info: 2,
+	debug: 3
+};
+let logDir = path.join(PATHS.APP_DIR, "logs");
+let testLogLevelOverride;
 const logStreams = /* @__PURE__ */ new Map();
 const logBuffers = /* @__PURE__ */ new Map();
 let runtimeInitialized = false;
 let flushInterval;
 let cleanupInterval;
+let exitHandler;
+let sigintHandler;
+let sigtermHandler;
 const ensureLogDirectory = () => {
-	if (!fs$1.existsSync(LOG_DIR)) fs$1.mkdirSync(LOG_DIR, { recursive: true });
+	if (!fs$1.existsSync(logDir)) fs$1.mkdirSync(logDir, { recursive: true });
 };
 const cleanupOldLogs = () => {
-	if (!fs$1.existsSync(LOG_DIR)) return;
+	if (!fs$1.existsSync(logDir)) return;
 	const now = Date.now();
-	for (const entry of fs$1.readdirSync(LOG_DIR)) {
-		const filePath = path.join(LOG_DIR, entry);
+	for (const entry of fs$1.readdirSync(logDir)) {
+		const filePath = path.join(logDir, entry);
 		let stats;
 		try {
 			stats = fs$1.statSync(filePath);
@@ -2420,6 +2044,14 @@ const sanitizeName = (name) => {
 	const normalized = name.toLowerCase().replaceAll(/[^a-z0-9]+/g, "-").replaceAll(/^-+|-+$/g, "");
 	return normalized === "" ? "handler" : normalized;
 };
+const getHandlerLogFilePath = (name, date) => {
+	const dateKey = [
+		date.getFullYear(),
+		String(date.getMonth() + 1).padStart(2, "0"),
+		String(date.getDate()).padStart(2, "0")
+	].join("-");
+	return path.join(logDir, `${sanitizeName(name)}-${dateKey}.log`);
+};
 const maybeUnref = (timer) => {
 	timer.unref();
 };
@@ -2459,15 +2091,18 @@ const initializeLoggerRuntime = () => {
 	maybeUnref(flushInterval);
 	cleanupInterval = setInterval(cleanupOldLogs, CLEANUP_INTERVAL_MS);
 	maybeUnref(cleanupInterval);
-	process.once("exit", cleanup);
-	process.once("SIGINT", () => {
+	exitHandler = cleanup;
+	sigintHandler = () => {
 		cleanup();
 		process.exit(0);
-	});
-	process.once("SIGTERM", () => {
+	};
+	sigtermHandler = () => {
 		cleanup();
 		process.exit(0);
-	});
+	};
+	process.once("exit", exitHandler);
+	process.once("SIGINT", sigintHandler);
+	process.once("SIGTERM", sigtermHandler);
 };
 const getLogStream = (filePath) => {
 	initializeLoggerRuntime();
@@ -2491,8 +2126,21 @@ const appendLine = (filePath, line) => {
 	buffer.push(line);
 	if (buffer.length >= MAX_BUFFER_SIZE) flushBuffer(filePath);
 };
+const normalizeLogTypeToLevel = (type) => {
+	switch (type) {
+		case "error": return "error";
+		case "warn": return "warn";
+		case "debug": return "debug";
+		default: return "info";
+	}
+};
+const shouldWriteFileLog = (type, logLevel = resolveLogLevel()) => {
+	return FILE_LOG_LEVEL_PRIORITY[normalizeLogTypeToLevel(type)] <= FILE_LOG_LEVEL_PRIORITY[logLevel];
+};
+const resolveLogLevel = () => testLogLevelOverride ?? getLogLevel();
+const isDebugFileLoggingEnabled = () => resolveLogLevel() === "debug";
 const debugLazy = (logger$7, factory) => {
-	if (!state.verbose) return;
+	if (!isDebugFileLoggingEnabled()) return;
 	logger$7.debug(...factory());
 };
 const debugJson = (logger$7, label, value) => {
@@ -2501,18 +2149,31 @@ const debugJson = (logger$7, label, value) => {
 const debugJsonTail = (logger$7, label, { value, tailLength = 400 }) => {
 	debugLazy(logger$7, () => [label, JSON.stringify(value).slice(-tailLength)]);
 };
+const getConsolaLevel = () => {
+	const logLevel = resolveLogLevel();
+	switch (logLevel) {
+		case "error": return 0;
+		case "warn": return 1;
+		case "info": return 2;
+		case "debug": return 4;
+		default: return logLevel;
+	}
+};
 const createHandlerLogger = (name) => {
-	const sanitizedName = sanitizeName(name);
 	const instance = consola.withTag(name);
-	if (state.verbose) instance.level = 5;
+	Object.defineProperty(instance, "level", {
+		get: getConsolaLevel,
+		configurable: true
+	});
 	instance.setReporters([]);
 	instance.addReporter({ log(logObj) {
+		const fileLogLevel = resolveLogLevel();
+		if (!shouldWriteFileLog(logObj.type, fileLogLevel)) return;
 		initializeLoggerRuntime();
 		const traceId = requestContext.getStore()?.traceId;
 		const date = logObj.date;
-		const dateKey = date.toLocaleDateString("sv-SE");
 		const timestamp = date.toLocaleString("sv-SE", { hour12: false });
-		const filePath = path.join(LOG_DIR, `${sanitizedName}-${dateKey}.log`);
+		const filePath = getHandlerLogFilePath(name, date);
 		const message = formatArgs(logObj.args);
 		const traceIdStr = traceId ? ` [${traceId}]` : "";
 		appendLine(filePath, `[${timestamp}] [${logObj.type}] [${logObj.tag || name}]${traceIdStr}${message ? ` ${message}` : ""}`);
@@ -2761,6 +2422,13 @@ const getTokenCount = async (payload, model) => {
 	};
 };
 
+//#endregion
+//#region src/lib/request-initiator.ts
+function resolveEffectiveInitiator(baseInitiator, options) {
+	if (options.isCompact || options.isSubagent) return "agent";
+	return baseInitiator;
+}
+
 //#endregion
 //#region src/services/copilot/create-chat-completions.ts
 function isGpt5MiniFamily(modelId) {
@@ -2784,10 +2452,13 @@ const createChatCompletions = async (payload, account, options) => {
 	const ctx = account ?? accountFromState();
 	if (!ctx.copilotToken) throw new Error("Copilot token not found");
 	const enableVision = payload.messages.some((x) => typeof x.content !== "string" && x.content?.some((x$1) => x$1.type === "image_url"));
-	const initiator = options?.initiator ?? getChatInitiator(payload.messages);
+	const effectiveInitiator = resolveEffectiveInitiator(options?.initiator ?? getChatInitiator(payload.messages), {
+		isCompact: options?.isCompact,
+		isSubagent: Boolean(options?.subagentMarker)
+	});
 	const headers = {
 		...copilotHeaders(ctx, enableVision, options?.upstreamRequestId),
-		"x-initiator": options?.subagentMarker ? "agent" : initiator
+		"x-initiator": effectiveInitiator
 	};
 	prepareInteractionHeaders(options?.sessionId, Boolean(options?.subagentMarker), headers);
 	const upstreamPayload = applyDefaultReasoningEffort(payload);
@@ -2805,26 +2476,136 @@ const createChatCompletions = async (payload, account, options) => {
 	return await response.json();
 };
 
+//#endregion
+//#region src/routes/chat-completions/support.ts
+const CHAT_COMPLETIONS_ENDPOINT$1 = "/chat/completions";
+const GPT_5_4_MODEL_ID = "gpt-5.4";
+const GPT_5_4_CHAT_COMPLETIONS_MESSAGE = "Please use `/v1/responses` or `/v1/messages` API";
+function buildRequestContext$1(c) {
+	const requestId = randomUUID();
+	const startedAtMs = Date.now();
+	const method = c.req.raw.method;
+	const path$2 = new URL(c.req.url, "http://local").pathname;
+	const { ip: clientIp, source: clientIpSource } = getClientIpInfo(c);
+	return {
+		requestId,
+		startedAtMs,
+		method,
+		path: path$2,
+		clientIp,
+		clientIpSource,
+		userAgent: c.req.header("user-agent") ?? void 0
+	};
+}
+function insertRequestLog$2(store, request, record) {
+	store.insert({
+		requestId: request.requestId,
+		startedAtMs: request.startedAtMs,
+		method: request.method,
+		path: request.path,
+		clientIp: request.clientIp,
+		clientIpSource: request.clientIpSource,
+		userAgent: request.userAgent,
+		userId: request.userId,
+		safetyIdentifier: request.safetyIdentifier,
+		promptCacheKey: request.promptCacheKey,
+		initiator: request.initiator,
+		upstreamRequestId: request.upstreamRequestId,
+		affinityKeyUsed: request.affinityKeyUsed,
+		affinityKeySource: request.affinityKeySource,
+		selectionReason: request.selectionReason,
+		affinityHit: request.affinityHit,
+		affinityCacheKey: request.affinityCacheKey,
+		...record
+	});
+}
+function recordUnsupportedChatCompletionsModel(store, params) {
+	const { request, stream, clientModel, upstreamModel, accountId, accountType, costUnits, premiumRemainingBefore, premiumRemainingAfter, premiumUnlimitedBefore, premiumUnlimitedAfter } = params;
+	const finishedAtMs = Date.now();
+	let premiumRemainingDiff;
+	if (premiumRemainingBefore !== void 0 && premiumRemainingAfter !== void 0) premiumRemainingDiff = premiumRemainingAfter - premiumRemainingBefore;
+	insertRequestLog$2(store, request, {
+		finishedAtMs,
+		durationMs: finishedAtMs - request.startedAtMs,
+		upstreamEndpoint: CHAT_COMPLETIONS_ENDPOINT$1,
+		stream,
+		accountId,
+		accountType,
+		costUnits,
+		clientModel,
+		upstreamModel,
+		premiumRemainingBefore,
+		premiumRemainingAfter,
+		premiumRemainingDiff,
+		premiumUnlimitedBefore,
+		premiumUnlimitedAfter,
+		httpStatus: 400,
+		errorName: "invalid_request_error",
+		errorMessage: GPT_5_4_CHAT_COMPLETIONS_MESSAGE
+	});
+}
+function unsupportedChatCompletionsModelResponse(c) {
+	return c.json({ error: {
+		message: GPT_5_4_CHAT_COMPLETIONS_MESSAGE,
+		type: "invalid_request_error"
+	} }, 400);
+}
+function getSelectionFailureStatus(reason) {
+	if (reason === "MODEL_NOT_SUPPORTED") return 400;
+	if (reason === "NO_ACCOUNTS") return 503;
+	return 429;
+}
+function recordSelectionFailure$2(store, params) {
+	const { request, stream, clientModel, reason } = params;
+	const finishedAtMs = Date.now();
+	insertRequestLog$2(store, request, {
+		finishedAtMs,
+		durationMs: finishedAtMs - request.startedAtMs,
+		upstreamEndpoint: CHAT_COMPLETIONS_ENDPOINT$1,
+		stream,
+		clientModel,
+		httpStatus: getSelectionFailureStatus(reason),
+		selectionFailureReason: reason
+	});
+}
+function selectionFailureResponse$2(c, params) {
+	const { clientModel, reason } = params;
+	if (reason === "MODEL_NOT_SUPPORTED") return c.json({ error: {
+		message: `Model "${clientModel}" is not available for any configured account.`,
+		type: "invalid_request_error"
+	} }, 400);
+	if (reason === "NO_ACCOUNTS") return c.json({ error: {
+		message: "No enabled Copilot accounts are configured. Add or re-enable an account.",
+		type: "service_unavailable_error"
+	} }, 503);
+	return c.json({ error: {
+		message: "All accounts have exhausted their quota. Please wait for quota refresh or add additional accounts.",
+		type: "rate_limit_error"
+	} }, 429);
+}
+
 //#endregion
 //#region src/routes/chat-completions/handler.ts
 const logger$6 = createHandlerLogger("chat-completions-handler");
-const CHAT_COMPLETIONS_ENDPOINT$1 = "/chat/completions";
-async function handleCompletion$1(c) {
-	await checkRateLimit(state);
-	const store = getRequestHistoryStore();
-	const request = buildRequestContext$1(c);
-	const payload = await c.req.json();
-	const clientModel = payload.model;
-	const streamRequested = Boolean(payload.stream);
-	const initiator = getChatInitiator(payload.messages);
-	const userId = payload.user ?? void 0;
-	const { safetyIdentifier, sessionId: promptCacheKey } = parseUserIdMetadata(userId);
-	const normalizedSafetyIdentifier = safetyIdentifier ?? void 0;
-	const normalizedPromptCacheKey = promptCacheKey ?? void 0;
-	request.userId = userId;
-	request.safetyIdentifier = normalizedSafetyIdentifier;
-	request.promptCacheKey = normalizedPromptCacheKey;
-	request.initiator = initiator;
+function buildChatCompletionCandidates(clientModel) {
+	return [{
+		modelId: clientModel,
+		endpoint: CHAT_COMPLETIONS_ENDPOINT$1
+	}];
+}
+function isUnsupportedChatCompletionsModel(modelId) {
+	return resolveModelAlias(modelId).toLowerCase() === GPT_5_4_MODEL_ID;
+}
+function maybeRejectChatCompletionsClientModel(c, store, params) {
+	const { request, clientModel, streamRequested } = params;
+	if (isUnsupportedChatCompletionsModel(clientModel)) {
+		recordUnsupportedChatCompletionsModel(store, {
+			request,
+			clientModel,
+			stream: streamRequested
+		});
+		return unsupportedChatCompletionsModelResponse(c);
+	}
 	if (getAliasTargetSet().has(clientModel.toLowerCase())) {
 		recordSelectionFailure$2(store, {
 			request,
@@ -2837,36 +2618,60 @@ async function handleCompletion$1(c) {
 			reason: "MODEL_NOT_SUPPORTED"
 		});
 	}
-	debugJsonTail(logger$6, "Request payload:", {
-		value: payload,
-		tailLength: 400
+	return null;
+}
+async function handleCompletion$1(c) {
+	await checkRateLimit(state);
+	const store = getRequestHistoryStore();
+	const request = buildRequestContext$1(c);
+	const payload = await c.req.json();
+	const clientModel = payload.model;
+	const streamRequested = Boolean(payload.stream);
+	const normalizedPromptCacheKey = applyChatRequestMetadata(request, payload, getChatInitiator(payload.messages));
+	const blockedResponse = maybeRejectChatCompletionsClientModel(c, store, {
+		request,
+		clientModel,
+		streamRequested
 	});
-	const upstreamRequestId = generateRequestIdFromPayload(payload, normalizedPromptCacheKey);
-	const selection = await accountsManager.selectAccountForRequest([{
-		modelId: clientModel,
-		endpoint: CHAT_COMPLETIONS_ENDPOINT$1
-	}], { requestId: upstreamRequestId });
-	if (!selection.ok) {
-		recordSelectionFailure$2(store, {
+	if (blockedResponse) return blockedResponse;
+	const selectionResult = await selectChatCompletionAccount({
+		c,
+		store,
+		request,
+		payload,
+		clientModel,
+		streamRequested,
+		normalizedPromptCacheKey
+	});
+	if (selectionResult instanceof Response) return selectionResult;
+	const { headerSessionId, selection, upstreamRequestId } = selectionResult;
+	const { account, reservation, selectedModel } = selection;
+	request.affinityHit = selection.affinityHit;
+	request.affinityCacheKey = selection.affinityCacheKey;
+	request.selectionReason = selection.selectionReason;
+	const premiumRemainingBefore = account.premiumRemaining;
+	const premiumUnlimitedBefore = account.unlimited;
+	if (selectedModel.id === GPT_5_4_MODEL_ID) {
+		await accountsManager.finalizeQuota(account, reservation);
+		recordUnsupportedChatCompletionsModel(store, {
 			request,
 			clientModel,
 			stream: streamRequested,
-			reason: selection.reason
-		});
-		return selectionFailureResponse$2(c, {
-			clientModel,
-			reason: selection.reason
+			upstreamModel: selectedModel.id,
+			accountId: account.id,
+			accountType: account.accountType,
+			costUnits: selection.costUnits,
+			premiumRemainingBefore,
+			premiumRemainingAfter: account.premiumRemaining,
+			premiumUnlimitedBefore,
+			premiumUnlimitedAfter: account.unlimited
 		});
+		return unsupportedChatCompletionsModelResponse(c);
 	}
-	const { account, selectedModel } = selection;
-	request.affinityHit = selection.affinityHit;
-	request.affinityCacheKey = selection.affinityCacheKey;
 	const upstreamPayload = {
 		...payload,
 		model: selectedModel.id
 	};
-	const premiumRemainingBefore = account.premiumRemaining;
-	const premiumUnlimitedBefore = account.unlimited;
 	await logTokenCountForRequest({
 		payload: upstreamPayload,
 		selectedModel
@@ -2874,7 +2679,7 @@ async function handleCompletion$1(c) {
 	if (state.manualApprove) await awaitApproval();
 	const payloadWithMaxTokens = applyDefaultMaxTokens(upstreamPayload, selectedModel);
 	const accountCtx = toAccountContext(account);
-	const upstreamSessionId = getUUID(upstreamRequestId);
+	const upstreamSessionId = getUUID(normalizedPromptCacheKey ?? headerSessionId ?? upstreamRequestId);
 	request.upstreamRequestId = upstreamRequestId;
 	request.upstreamSessionId = upstreamSessionId;
 	if (streamRequested) return handleStreamingRequest({
@@ -2900,64 +2705,60 @@ async function handleCompletion$1(c) {
 		premiumUnlimitedBefore
 	});
 }
-function buildRequestContext$1(c) {
-	const requestId = randomUUID();
-	const startedAtMs = Date.now();
-	const method = c.req.raw.method;
-	const path$2 = new URL(c.req.url, "http://local").pathname;
-	const { ip: clientIp, source: clientIpSource } = getClientIpInfo(c);
-	return {
-		requestId,
-		startedAtMs,
-		method,
-		path: path$2,
-		clientIp,
-		clientIpSource,
-		userAgent: c.req.header("user-agent") ?? void 0
-	};
+function applyChatRequestMetadata(request, payload, initiator) {
+	const userId = payload.user ?? void 0;
+	const { safetyIdentifier, sessionId: promptCacheKey } = parseUserIdMetadata(userId);
+	const normalizedPromptCacheKey = promptCacheKey ?? void 0;
+	request.userId = userId;
+	request.safetyIdentifier = safetyIdentifier ?? void 0;
+	request.promptCacheKey = normalizedPromptCacheKey;
+	request.initiator = initiator;
+	return normalizedPromptCacheKey;
 }
-function insertRequestLog$2(store, request, record) {
-	store.insert({
-		requestId: request.requestId,
-		startedAtMs: request.startedAtMs,
-		method: request.method,
-		path: request.path,
-		clientIp: request.clientIp,
-		clientIpSource: request.clientIpSource,
-		userAgent: request.userAgent,
-		userId: request.userId,
-		safetyIdentifier: request.safetyIdentifier,
-		promptCacheKey: request.promptCacheKey,
-		initiator: request.initiator,
-		upstreamRequestId: request.upstreamRequestId,
-		affinityHit: request.affinityHit,
-		affinityCacheKey: request.affinityCacheKey,
-		...record
-	});
+async function writeChatCompletionsStreamError(stream, message) {
+	try {
+		await stream.writeSSE({ data: JSON.stringify({ error: {
+			message,
+			type: "error"
+		} }) });
+		await stream.writeSSE({ data: "[DONE]" });
+	} catch (streamError) {
+		logger$6.warn("Failed to write chat completions stream error event:", streamError);
+	}
 }
-function recordSelectionFailure$2(store, params) {
-	const { request, stream, clientModel, reason } = params;
-	const finishedAtMs = Date.now();
-	insertRequestLog$2(store, request, {
-		finishedAtMs,
-		durationMs: finishedAtMs - request.startedAtMs,
-		upstreamEndpoint: CHAT_COMPLETIONS_ENDPOINT$1,
-		stream,
-		clientModel,
-		httpStatus: reason === "MODEL_NOT_SUPPORTED" ? 400 : 429,
-		selectionFailureReason: reason
+async function selectChatCompletionAccount(params) {
+	const { c, store, request, payload, clientModel, streamRequested, normalizedPromptCacheKey } = params;
+	debugJsonTail(logger$6, "Request payload:", {
+		value: payload,
+		tailLength: 400
 	});
-}
-function selectionFailureResponse$2(c, params) {
-	const { clientModel, reason } = params;
-	if (reason === "MODEL_NOT_SUPPORTED") return c.json({ error: {
-		message: `Model "${clientModel}" is not available for any configured account.`,
-		type: "invalid_request_error"
-	} }, 400);
-	return c.json({ error: {
-		message: "All accounts have exhausted their quota. Please wait for quota refresh or add additional accounts.",
-		type: "rate_limit_error"
-	} }, 429);
+	const upstreamRequestId = generateRequestIdFromPayload(payload, normalizedPromptCacheKey);
+	const headerSessionId = c.req.header("x-session-id") ?? null;
+	const affinityKey = resolveAffinityKey({
+		metadataSessionId: normalizedPromptCacheKey,
+		headerSessionId,
+		upstreamRequestId
+	});
+	request.affinityKeyUsed = affinityKey.affinityKeyUsed;
+	request.affinityKeySource = affinityKey.affinityKeySource;
+	const selection = await accountsManager.selectAccountForRequest(buildChatCompletionCandidates(clientModel), { requestId: affinityKey.requestId });
+	if (!selection.ok) {
+		recordSelectionFailure$2(store, {
+			request,
+			clientModel,
+			stream: streamRequested,
+			reason: selection.reason
+		});
+		return selectionFailureResponse$2(c, {
+			clientModel,
+			reason: selection.reason
+		});
+	}
+	return {
+		headerSessionId,
+		selection,
+		upstreamRequestId
+	};
 }
 async function logTokenCountForRequest(params) {
 	try {
@@ -3022,8 +2823,8 @@ async function handleUpstreamCreateError$1(params) {
 	const { store, request, selection, clientModel, premiumRemainingBefore, premiumUnlimitedBefore, error } = params;
 	const { account, reservation, selectedModel, endpoint, costUnits } = selection;
 	const finishedAtMs = Date.now();
-	const details = extractErrorDetails(error);
-	if (details.unauthorized) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
+	const details = await extractErrorObservability(error);
+	if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
 	await accountsManager.finalizeQuota(account, reservation);
 	const premiumRemainingAfter = account.premiumRemaining;
 	const premiumUnlimitedAfter = account.unlimited;
@@ -3045,7 +2846,8 @@ async function handleUpstreamCreateError$1(params) {
 		httpStatus: details.httpStatus,
 		errorName: details.errorName,
 		errorStatus: details.errorStatus,
-		errorMessage: details.errorMessage
+		errorMessage: details.errorMessage,
+		upstreamErrorMessageRaw: details.upstreamErrorMessageRaw
 	});
 	throw error;
 }
@@ -3057,16 +2859,18 @@ async function handleNonStreamingUpstreamResponse(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	const finishedAtMs = Date.now();
 	try {
 		debugJson(logger$6, "Non-streaming response:", response);
 		return c.json(response);
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		httpStatus = details.httpStatus;
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
 		throw error;
 	} finally {
 		await accountsManager.finalizeQuota(account, reservation);
@@ -3091,7 +2895,8 @@ async function handleNonStreamingUpstreamResponse(params) {
 			httpStatus,
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
@@ -3103,6 +2908,7 @@ async function streamChatCompletionsAndLog$1(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	try {
 		for await (const rawChunk of response) {
 			const chunk = rawChunk;
@@ -3113,11 +2919,14 @@ async function streamChatCompletionsAndLog$1(params) {
 			await stream.writeSSE(chunk);
 		}
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
 		logger$6.warn("Streaming error:", error);
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
+		await writeChatCompletionsStreamError(stream, getUserVisibleErrorMessage(details));
 	} finally {
 		const finishedAtMs = Date.now();
 		await accountsManager.finalizeQuota(account, reservation);
@@ -3143,18 +2952,29 @@ async function streamChatCompletionsAndLog$1(params) {
 			httpStatus: errorStatus ?? (errorName ? 500 : 200),
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
 async function extractUsageFromChunk(chunk) {
-	const data = typeof chunk.data === "string" ? chunk.data : await chunk.data;
+	let data;
+	try {
+		data = typeof chunk.data === "string" ? chunk.data : await chunk.data;
+	} catch (error) {
+		logger$6.warn("Failed to read chat completions usage chunk:", error);
+		return;
+	}
 	if (!data || data === "[DONE]") return;
 	try {
 		const parsed = JSON.parse(data);
 		if (!parsed.usage) return void 0;
 		return normalizeChatCompletionsUsage(parsed.usage);
-	} catch {
+	} catch (error) {
+		logger$6.warn("Failed to parse chat completions usage chunk:", {
+			error,
+			data
+		});
 		return;
 	}
 }
@@ -3166,31 +2986,28 @@ async function handleNonStreamingRequest(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	let finishedAtMs;
 	try {
 		const response = await createChatCompletions(payload, accountCtx, {
 			upstreamRequestId: request.upstreamRequestId,
 			sessionId: request.upstreamSessionId
 		});
+		if (!isNonStreaming$1(response)) throw new Error("Upstream returned a stream unexpectedly");
 		selection.confirmAffinity?.();
 		finishedAtMs = Date.now();
-		if (!isNonStreaming$1(response)) {
-			logger$6.debug("Unexpected streaming response");
-			return streamSSE(c, async (stream) => {
-				for await (const chunk of response) await stream.writeSSE(chunk);
-			});
-		}
 		usage = normalizeChatCompletionsUsage(response.usage);
 		debugJson(logger$6, "Non-streaming response:", response);
 		return c.json(response);
 	} catch (error) {
 		finishedAtMs = Date.now();
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		httpStatus = details.httpStatus;
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
-		if (details.unauthorized) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
 		throw error;
 	} finally {
 		const finishedAtMsFinal = finishedAtMs ?? Date.now();
@@ -3216,7 +3033,8 @@ async function handleNonStreamingRequest(params) {
 			httpStatus,
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
@@ -3344,6 +3162,7 @@ async function runEmbeddingsWithAccount({ c, store, ctx, payload, clientModel, s
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	let finishedAtMs;
 	try {
 		const response = await createEmbeddings(payload, toAccountContext(account));
@@ -3352,12 +3171,13 @@ async function runEmbeddingsWithAccount({ c, store, ctx, payload, clientModel, s
 		return c.json(response);
 	} catch (error) {
 		finishedAtMs = Date.now();
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		httpStatus = details.httpStatus;
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
-		if (details.unauthorized) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
 		throw error;
 	} finally {
 		const finishedAtMsFinal = finishedAtMs ?? Date.now();
@@ -3390,22 +3210,23 @@ async function runEmbeddingsWithAccount({ c, store, ctx, payload, clientModel, s
 			httpStatus,
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
 
 //#endregion
 //#region src/lib/models.ts
+const getAvailableModels = () => (accountsManager.getFirstAccountModels()?.data ?? []).filter((model) => model.model_picker_enabled || model.capabilities.type === "embeddings");
 const findEndpointModel = (sdkModelId) => {
-	const models = state.models?.data ?? [];
+	const models = getAvailableModels();
 	const exactMatch = models.find((m) => m.id === sdkModelId);
 	if (exactMatch) return exactMatch;
 	const normalized = _normalizeSdkModelId(sdkModelId);
 	if (!normalized) return;
 	const modelName = `claude-${normalized.family}-${normalized.version}`;
-	const model = models.find((m) => m.id === modelName);
-	if (model) return model;
+	return models.find((m) => m.id === modelName);
 };
 /**
 * Normalizes an SDK model ID to extract the model family and version.
@@ -3611,7 +3432,7 @@ const isWarmupProbeRequest = (payload) => {
 	return false;
 };
 const handleSelectionFailure = (context) => {
-	const { c, store, requestId, startedAtMs, method, path: path$2, streamRequested, clientModel, clientIp, clientIpSource, userAgent, userId, safetyIdentifier, promptCacheKey, initiator, isSubagent, selection } = context;
+	const { c, store, requestId, startedAtMs, method, path: path$2, streamRequested, clientModel, clientIp, clientIpSource, userAgent, userId, safetyIdentifier, promptCacheKey, initiator, isSubagent, affinityKeyUsed, affinityKeySource, selectionReason, selection } = context;
 	const finishedAtMs = Date.now();
 	store.insert({
 		requestId,
@@ -3630,7 +3451,10 @@ const handleSelectionFailure = (context) => {
 		promptCacheKey,
 		initiator,
 		isSubagent,
+		affinityKeyUsed,
+		affinityKeySource,
 		httpStatus: selection.reason === "MODEL_NOT_SUPPORTED" ? 400 : 429,
+		selectionReason: selectionReason ?? selection.selectionReason,
 		selectionFailureReason: selection.reason
 	});
 	if (selection.reason === "MODEL_NOT_SUPPORTED") return c.json({ error: {
@@ -3658,8 +3482,7 @@ const maybeBlockOriginalModelName = (context) => {
 const THINKING_TEXT = "Thinking...";
 function translateToOpenAI(payload) {
 	const modelId = payload.model;
-	const model = state.models?.data.find((m) => m.id === modelId);
-	const thinkingBudget = getThinkingBudget(payload, model);
+	const thinkingBudget = getThinkingBudget(payload, getAvailableModels().find((m) => m.id === modelId));
 	return {
 		model: modelId,
 		messages: translateAnthropicMessagesToOpenAI(payload, modelId, thinkingBudget),
@@ -3955,9 +3778,13 @@ async function handleCountTokens(c) {
 const createResponses = async (payload, { vision, initiator, upstreamRequestId, subagentMarker, sessionId, isCompact }, account) => {
 	const ctx = account ?? accountFromState();
 	if (!ctx.copilotToken) throw new Error("Copilot token not found");
+	const effectiveInitiator = resolveEffectiveInitiator(initiator, {
+		isCompact,
+		isSubagent: Boolean(subagentMarker)
+	});
 	const headers = {
 		...copilotHeaders(ctx, vision, upstreamRequestId),
-		"x-initiator": initiator
+		"x-initiator": effectiveInitiator
 	};
 	prepareInteractionHeaders(sessionId, Boolean(subagentMarker), headers);
 	prepareForCompact(headers, isCompact);
@@ -4882,6 +4709,44 @@ const getPayloadItems = (payload) => {
 	if (Array.isArray(input)) result.push(...input);
 	return result;
 };
+const useFunctionApplyPatch = (payload) => {
+	if (!(getConfig().useFunctionApplyPatch ?? true)) return;
+	if (Array.isArray(payload.tools)) {
+		const toolsArr = payload.tools;
+		for (let i = 0; i < toolsArr.length; i++) {
+			const t = toolsArr[i];
+			if (t.type === "custom" && t.name === "apply_patch") toolsArr[i] = {
+				type: "function",
+				name: t.name,
+				description: "Use the `apply_patch` tool to edit files",
+				parameters: {
+					type: "object",
+					properties: { input: {
+						type: "string",
+						description: "The entire contents of the apply_patch command"
+					} },
+					required: ["input"]
+				},
+				strict: false
+			};
+		}
+	}
+};
+const removeWebSearchTool = (payload) => {
+	if (!Array.isArray(payload.tools) || payload.tools.length === 0) return;
+	payload.tools = payload.tools.filter((t) => {
+		return t.type !== "web_search";
+	});
+};
+function getStreamChunkFields(chunk) {
+	const c = chunk;
+	return {
+		id: c.id,
+		event: c.event,
+		data: c.data
+	};
+}
+const isAsyncIterable = (value) => Boolean(value) && typeof value[Symbol.asyncIterator] === "function";
 const containsVisionContent = (value) => {
 	if (!value) return false;
 	if (Array.isArray(value)) return value.some((entry) => containsVisionContent(entry));
@@ -4931,9 +4796,13 @@ const shouldUseMessageProxyHeaders = (payload) => {
 	return Boolean(safetyIdentifier && sessionId);
 };
 const buildMessagesHeaders = ({ ctx, enableVision, initiator, options, payload }) => {
+	const effectiveInitiator = resolveEffectiveInitiator(initiator, {
+		isCompact: options?.isCompact,
+		isSubagent: Boolean(options?.subagentMarker)
+	});
 	const headers = {
 		...copilotHeaders(ctx, enableVision, options?.upstreamRequestId),
-		"x-initiator": options?.subagentMarker ? "agent" : initiator
+		"x-initiator": effectiveInitiator
 	};
 	prepareInteractionHeaders(options?.sessionId, Boolean(options?.subagentMarker), headers);
 	prepareForCompact(headers, options?.isCompact);
@@ -5225,34 +5094,73 @@ function closeThinkingBlockIfOpen(state$1, events$1) {
 //#endregion
 //#region src/routes/messages/subagent-marker.ts
 const subagentMarkerPrefix = "__SUBAGENT_MARKER__";
+const subagentStartContextPrefix = "SubagentStart hook additional context:";
 const REMINDER_RE = /<system-reminder>([\s\S]*?)<\/system-reminder>/g;
-const parseSubagentMarkerFromFirstUser = (payload) => {
+const NONE_INSPECTION = {
+	kind: "none",
+	marker: null
+};
+const INVALID_INSPECTION = {
+	kind: "invalid",
+	marker: null
+};
+const isSubagentMarker = (value) => {
+	if (!value || typeof value !== "object") return false;
+	const candidate = value;
+	return typeof candidate.session_id === "string" && typeof candidate.agent_id === "string" && typeof candidate.agent_type === "string" && candidate.session_id.trim().length > 0 && candidate.agent_id.trim().length > 0 && candidate.agent_type.trim().length > 0;
+};
+const inspectSubagentMarkerFromFirstUser = (payload) => {
 	const firstUserMessage = payload.messages.find((msg) => msg.role === "user" && Array.isArray(msg.content));
-	if (!firstUserMessage || !Array.isArray(firstUserMessage.content)) return null;
+	if (!firstUserMessage || !Array.isArray(firstUserMessage.content)) return NONE_INSPECTION;
+	let sawInvalidMarker = false;
 	for (const block of firstUserMessage.content) {
 		if (block.type !== "text") continue;
-		const marker = parseSubagentMarkerFromSystemReminder(block.text);
-		if (marker) return marker;
-	}
-	return null;
-};
-const parseSubagentMarkerFromSystemReminder = (text) => {
+		const inspection = inspectSubagentMarkerFromSystemReminder(block.text);
+		if (inspection.kind === "valid") return inspection;
+		if (inspection.kind === "invalid") sawInvalidMarker = true;
+	}
+	return sawInvalidMarker ? INVALID_INSPECTION : NONE_INSPECTION;
+};
+const extractMarkerPayloadFromReminderLine = (line) => {
+	const trimmedLine = line.trim();
+	if (!trimmedLine) return null;
+	let markerLine = trimmedLine;
+	if (markerLine.startsWith(subagentStartContextPrefix)) markerLine = markerLine.slice(38).trimStart();
+	if (!markerLine.startsWith(subagentMarkerPrefix)) return null;
+	return markerLine.slice(19).trimStart();
+};
+const inspectSubagentMarkerFromSystemReminder = (text) => {
+	let sawInvalidMarker = false;
 	for (const [, content] of text.matchAll(REMINDER_RE)) {
-		const markerIndex = content.indexOf(subagentMarkerPrefix);
-		if (markerIndex === -1) continue;
-		const afterPrefix = content.slice(markerIndex + 19).trimStart();
-		if (!afterPrefix.startsWith("{")) continue;
-		const json = extractBalancedJson(afterPrefix);
-		if (!json) continue;
-		try {
-			const parsed = JSON.parse(json);
-			if (!parsed.session_id || !parsed.agent_id || !parsed.agent_type) continue;
-			return parsed;
-		} catch {
-			continue;
+		const lines = content.split(/\r?\n/);
+		for (const line of lines) {
+			const markerPayload = extractMarkerPayloadFromReminderLine(line);
+			if (markerPayload === null) continue;
+			if (!markerPayload.startsWith("{")) {
+				sawInvalidMarker = true;
+				continue;
+			}
+			const json = extractBalancedJson(markerPayload);
+			if (!json) {
+				sawInvalidMarker = true;
+				continue;
+			}
+			try {
+				const parsed = JSON.parse(json);
+				if (!isSubagentMarker(parsed)) {
+					sawInvalidMarker = true;
+					continue;
+				}
+				return {
+					kind: "valid",
+					marker: parsed
+				};
+			} catch {
+				sawInvalidMarker = true;
+			}
 		}
 	}
-	return null;
+	return sawInvalidMarker ? INVALID_INSPECTION : NONE_INSPECTION;
 };
 /** Extract the first balanced `{...}` object from text that starts with `{`. */
 const extractBalancedJson = (text) => {
@@ -5306,13 +5214,18 @@ async function handleCompletion(c) {
 	const userAgent = c.req.header("user-agent") ?? void 0;
 	const anthropicPayload = await c.req.json();
 	debugJson(logger$5, "Anthropic request payload:", anthropicPayload);
-	const subagentMarker = parseSubagentMarkerFromFirstUser(anthropicPayload);
-	const initiatorOverride = subagentMarker ? "agent" : void 0;
+	const markerInspection = inspectSubagentMarkerFromFirstUser(anthropicPayload);
+	const subagentMarker = markerInspection.kind === "valid" ? markerInspection.marker : null;
+	const isSubagentRequest = subagentMarker !== null;
+	const invalidSubagentMarkerSelectionReason = markerInspection.kind === "invalid" ? "subagent_marker_invalid_fallback" : void 0;
 	if (subagentMarker) debugJson(logger$5, "Detected Subagent marker:", subagentMarker);
 	const sessionId = getRootSessionId(anthropicPayload, c);
 	logger$5.debug("Extracted session ID:", sessionId);
+	const ownershipLookupSessionId = markerInspection.kind === "valid" ? normalizeStableSessionId(markerInspection.marker.session_id) : void 0;
+	const ownershipWriteSessionId = markerInspection.kind === "none" ? sessionId : void 0;
 	const anthropicBeta = c.req.header("anthropic-beta");
 	const isCompact = isCompactRequest(anthropicPayload);
+	const originalRequestModel = anthropicPayload.model;
 	if (anthropicBeta && isWarmupProbeRequest(anthropicPayload)) anthropicPayload.model = getSmallModel();
 	if (isCompact) {
 		logger$5.debug("Is compact request:", isCompact);
@@ -5330,6 +5243,11 @@ async function handleCompletion(c) {
 	const { safetyIdentifier, sessionId: promptCacheKey } = parseUserIdMetadata(userId);
 	const normalizedSafetyIdentifier = safetyIdentifier ?? void 0;
 	const normalizedPromptCacheKey = promptCacheKey ?? void 0;
+	const openAIPayload = translateToOpenAI(anthropicPayload);
+	const fallbackInitiator = resolveEffectiveInitiator(getChatInitiator(openAIPayload.messages), {
+		isCompact,
+		isSubagent: isSubagentRequest
+	});
 	const blockedResponse = maybeBlockOriginalModelName({
 		c,
 		store,
@@ -5345,14 +5263,14 @@ async function handleCompletion(c) {
 		userId,
 		safetyIdentifier: normalizedSafetyIdentifier,
 		promptCacheKey: normalizedPromptCacheKey,
-		initiator: initiatorOverride,
-		isSubagent: Boolean(subagentMarker)
+		initiator: fallbackInitiator,
+		isSubagent: isSubagentRequest,
+		selectionReason: invalidSubagentMarkerSelectionReason
 	});
 	if (blockedResponse) return blockedResponse;
-	const openAIPayload = translateToOpenAI(anthropicPayload);
-	const fallbackInitiator = initiatorOverride ?? getChatInitiator(openAIPayload.messages);
 	const endpointModel = findEndpointModel(clientModel);
 	const resolvedClientModel = endpointModel?.id ?? clientModel;
+	const affinityModelId = clientModel !== originalRequestModel ? findEndpointModel(originalRequestModel)?.id ?? originalRequestModel : void 0;
 	const useMessagesApi = isMessagesApiEnabled();
 	const candidates = [];
 	if (useMessagesApi) candidates.push({
@@ -5366,7 +5284,18 @@ async function handleCompletion(c) {
 		modelId: endpointModel?.id ?? openAIPayload.model,
 		endpoint: CHAT_COMPLETIONS_ENDPOINT
 	});
-	const selection = await accountsManager.selectAccountForRequest(candidates, { requestId: upstreamRequestId });
+	const affinityKey = resolveAffinityKey({
+		metadataSessionId: promptCacheKey,
+		headerSessionId: c.req.header("x-session-id") ?? null,
+		upstreamRequestId
+	});
+	const selection = await accountsManager.selectAccountForRequest(candidates, {
+		requestId: affinityKey.requestId,
+		affinityModelId,
+		ownershipLookupSessionId,
+		ownershipWriteSessionId
+	});
+	const selectionReason = invalidSubagentMarkerSelectionReason ?? selection.selectionReason;
 	if (!selection.ok) return handleSelectionFailure({
 		c,
 		store,
@@ -5383,7 +5312,10 @@ async function handleCompletion(c) {
 		safetyIdentifier: normalizedSafetyIdentifier,
 		promptCacheKey: normalizedPromptCacheKey,
 		initiator: fallbackInitiator,
-		isSubagent: Boolean(subagentMarker),
+		isSubagent: isSubagentRequest,
+		affinityKeyUsed: affinityKey.affinityKeyUsed,
+		affinityKeySource: affinityKey.affinityKeySource,
+		selectionReason,
 		selection
 	});
 	const { account, reservation, selectedModel, endpoint, costUnits } = selection;
@@ -5404,7 +5336,7 @@ async function handleCompletion(c) {
 		userId,
 		safetyIdentifier: normalizedSafetyIdentifier,
 		promptCacheKey: normalizedPromptCacheKey,
-		isSubagent: Boolean(subagentMarker),
+		isSubagent: isSubagentRequest,
 		clientModel,
 		account,
 		reservation,
@@ -5415,14 +5347,17 @@ async function handleCompletion(c) {
 		premiumRemainingBefore,
 		premiumUnlimitedBefore,
 		confirmAffinity: selection.confirmAffinity,
+		confirmOwnership: selection.confirmOwnership,
 		affinityHit: selection.affinityHit,
-		affinityCacheKey: selection.affinityCacheKey
+		affinityCacheKey: selection.affinityCacheKey,
+		affinityKeyUsed: affinityKey.affinityKeyUsed,
+		affinityKeySource: affinityKey.affinityKeySource,
+		selectionReason
 	};
 	if (endpoint === MESSAGES_ENDPOINT) return await handleWithMessagesApi({
 		c,
 		anthropicPayload,
 		anthropicBetaHeader: anthropicBeta ?? void 0,
-		initiatorOverride,
 		subagentMarker,
 		sessionId,
 		instr,
@@ -5433,7 +5368,6 @@ async function handleCompletion(c) {
 		c,
 		anthropicPayload,
 		openAIPayload,
-		initiatorOverride,
 		subagentMarker,
 		sessionId,
 		selectedModel,
@@ -5443,7 +5377,6 @@ async function handleCompletion(c) {
 	return await handleWithChatCompletions({
 		c,
 		openAIPayload,
-		initiatorOverride,
 		subagentMarker,
 		sessionId,
 		selectedModel,
@@ -5452,21 +5385,25 @@ async function handleCompletion(c) {
 	});
 }
 const handleWithChatCompletions = async (params) => {
-	const { c, openAIPayload, initiatorOverride, subagentMarker, sessionId, selectedModel, instr, isCompact } = params;
+	const { c, openAIPayload, subagentMarker, sessionId, selectedModel, instr, isCompact } = params;
 	debugJson(logger$5, "Translated OpenAI request payload:", openAIPayload);
 	const ctx = toAccountContext(instr.account);
-	const initiator = initiatorOverride ?? getChatInitiator(openAIPayload.messages);
-	instr.initiator = initiator;
+	const effectiveInitiator = resolveEffectiveInitiator(getChatInitiator(openAIPayload.messages), {
+		isCompact,
+		isSubagent: Boolean(subagentMarker)
+	});
+	instr.initiator = effectiveInitiator;
 	let response;
 	try {
 		response = await createChatCompletions(openAIPayload, ctx, {
 			upstreamRequestId: instr.upstreamRequestId,
-			initiator,
+			initiator: effectiveInitiator,
 			subagentMarker,
 			sessionId,
 			isCompact
 		});
 		instr.confirmAffinity?.();
+		instr.confirmOwnership?.();
 	} catch (error) {
 		return await handleChatCompletionsCreateError({
 			error,
@@ -5496,26 +5433,30 @@ const handleWithChatCompletions = async (params) => {
 	}));
 };
 const handleWithResponsesApi = async (params) => {
-	const { c, anthropicPayload, openAIPayload, initiatorOverride, subagentMarker, sessionId, selectedModel, instr, isCompact } = params;
+	const { c, anthropicPayload, openAIPayload, subagentMarker, sessionId, selectedModel, instr, isCompact } = params;
 	const responsesPayload = translateAnthropicMessagesToResponsesPayload(anthropicPayload, selectedModel.id);
 	applyResponsesApiContextManagement(responsesPayload, selectedModel.capabilities.limits.max_prompt_tokens);
 	compactInputByLatestCompaction(responsesPayload);
 	debugJson(logger$5, "Translated Responses payload:", responsesPayload);
 	const { vision, initiator } = getResponsesRequestOptions(responsesPayload);
-	const resolvedInitiator = initiatorOverride ?? initiator;
+	const effectiveInitiator = resolveEffectiveInitiator(initiator, {
+		isCompact,
+		isSubagent: Boolean(subagentMarker)
+	});
 	const ctx = toAccountContext(instr.account);
-	instr.initiator = resolvedInitiator;
+	instr.initiator = effectiveInitiator;
 	let response;
 	try {
 		response = await createResponses(responsesPayload, {
 			vision,
-			initiator: resolvedInitiator,
+			initiator: effectiveInitiator,
 			upstreamRequestId: instr.upstreamRequestId,
 			subagentMarker,
 			sessionId,
 			isCompact
 		}, ctx);
 		instr.confirmAffinity?.();
+		instr.confirmOwnership?.();
 	} catch (error) {
 		return await handleResponsesCreateError({
 			error,
@@ -5564,6 +5505,9 @@ function insertRequestLog$1(instr, record) {
 		upstreamRequestId: instr.upstreamRequestId,
 		affinityHit: instr.affinityHit,
 		affinityCacheKey: instr.affinityCacheKey,
+		affinityKeyUsed: instr.affinityKeyUsed,
+		affinityKeySource: instr.affinityKeySource,
+		selectionReason: instr.selectionReason,
 		clientModel,
 		upstreamEndpoint,
 		accountId: account.id,
@@ -5587,8 +5531,8 @@ async function finalizeQuotaAndGetPremiumSnapshot(instr) {
 async function handleChatCompletionsCreateError(params) {
 	const { error, instr, stream } = params;
 	const finishedAtMs = Date.now();
-	const details = extractErrorDetails(error);
-	if (details.unauthorized) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+	const details = await extractErrorObservability(error);
+	if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
 	const { premiumRemainingAfter, premiumUnlimitedAfter, premiumRemainingDiff } = await finalizeQuotaAndGetPremiumSnapshot(instr);
 	insertRequestLog$1(instr, {
 		finishedAtMs,
@@ -5600,7 +5544,8 @@ async function handleChatCompletionsCreateError(params) {
 		httpStatus: details.httpStatus,
 		errorName: details.errorName,
 		errorStatus: details.errorStatus,
-		errorMessage: details.errorMessage
+		errorMessage: details.errorMessage,
+		upstreamErrorMessageRaw: details.upstreamErrorMessageRaw
 	});
 	throw error;
 }
@@ -5611,6 +5556,7 @@ async function handleChatCompletionsNonStreaming(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	const finishedAtMs = Date.now();
 	try {
 		logger$5.debug("Non-streaming response from Copilot:", JSON.stringify(response));
@@ -5618,12 +5564,13 @@ async function handleChatCompletionsNonStreaming(params) {
 		debugJson(logger$5, "Translated Anthropic response:", anthropicResponse);
 		return c.json(anthropicResponse);
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		httpStatus = details.httpStatus;
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
-		if (details.unauthorized) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
 		throw error;
 	} finally {
 		const { premiumRemainingAfter, premiumUnlimitedAfter, premiumRemainingDiff } = await finalizeQuotaAndGetPremiumSnapshot(instr);
@@ -5638,7 +5585,8 @@ async function handleChatCompletionsNonStreaming(params) {
 			httpStatus,
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
@@ -5649,6 +5597,7 @@ async function streamChatCompletionsAndLog(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	const streamState = {
 		messageStartSent: false,
 		contentBlockIndex: 0,
@@ -5680,12 +5629,14 @@ async function streamChatCompletionsAndLog(params) {
 			}
 		}
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
 		logger$5.warn("Streaming error:", error);
-		if (details.unauthorized) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+		await writeAnthropicStreamError(stream, getUserVisibleErrorMessage(details));
 	} finally {
 		const finishedAtMs = Date.now();
 		const { premiumRemainingAfter, premiumUnlimitedAfter, premiumRemainingDiff } = await finalizeQuotaAndGetPremiumSnapshot(instr);
@@ -5701,15 +5652,16 @@ async function streamChatCompletionsAndLog(params) {
 			httpStatus: errorStatus ?? (errorName ? 500 : 200),
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
 async function handleResponsesCreateError(params) {
 	const { error, instr, stream } = params;
 	const finishedAtMs = Date.now();
-	const details = extractErrorDetails(error);
-	if (details.unauthorized) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+	const details = await extractErrorObservability(error);
+	if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
 	const { premiumRemainingAfter, premiumUnlimitedAfter, premiumRemainingDiff } = await finalizeQuotaAndGetPremiumSnapshot(instr);
 	insertRequestLog$1(instr, {
 		finishedAtMs,
@@ -5721,7 +5673,8 @@ async function handleResponsesCreateError(params) {
 		httpStatus: details.httpStatus,
 		errorName: details.errorName,
 		errorStatus: details.errorStatus,
-		errorMessage: details.errorMessage
+		errorMessage: details.errorMessage,
+		upstreamErrorMessageRaw: details.upstreamErrorMessageRaw
 	});
 	throw error;
 }
@@ -5732,6 +5685,7 @@ async function handleResponsesNonStreaming(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	const finishedAtMs = Date.now();
 	try {
 		usage = extractResponsesUsageFromResult(result);
@@ -5740,12 +5694,13 @@ async function handleResponsesNonStreaming(params) {
 		debugJson(logger$5, "Translated Anthropic response:", anthropicResponse);
 		return c.json(anthropicResponse);
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		httpStatus = details.httpStatus;
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
-		if (details.unauthorized) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
 		throw error;
 	} finally {
 		const { premiumRemainingAfter, premiumUnlimitedAfter, premiumRemainingDiff } = await finalizeQuotaAndGetPremiumSnapshot(instr);
@@ -5760,7 +5715,8 @@ async function handleResponsesNonStreaming(params) {
 			httpStatus,
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
@@ -5776,6 +5732,17 @@ async function ensureResponsesStreamCompleted(params) {
 		data: JSON.stringify(errorEvent)
 	});
 }
+async function writeAnthropicStreamError(stream, message) {
+	try {
+		const errorEvent = buildErrorEvent(message);
+		await stream.writeSSE({
+			event: errorEvent.type,
+			data: JSON.stringify(errorEvent)
+		});
+	} catch (streamError) {
+		logger$5.warn("Failed to write Anthropic stream error event:", streamError);
+	}
+}
 async function streamResponsesAndLog$1(params) {
 	const { stream, response, instr, estimatedInputTokens, historicalUsage } = params;
 	let ttfbMs;
@@ -5783,6 +5750,7 @@ async function streamResponsesAndLog$1(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	const streamState = createResponsesStreamState();
 	streamState.estimatedInputTokens = estimatedInputTokens;
 	streamState.historicalInputTokens = historicalUsage?.tokensInput;
@@ -5827,12 +5795,14 @@ async function streamResponsesAndLog$1(params) {
 			}
 		});
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
 		logger$5.warn("Streaming error:", error);
-		if (details.unauthorized) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+		await writeAnthropicStreamError(stream, getUserVisibleErrorMessage(details));
 	} finally {
 		const finishedAtMs = Date.now();
 		const { premiumRemainingAfter, premiumUnlimitedAfter, premiumRemainingDiff } = await finalizeQuotaAndGetPremiumSnapshot(instr);
@@ -5848,15 +5818,16 @@ async function streamResponsesAndLog$1(params) {
 			httpStatus: errorStatus ?? (errorName ? 500 : 200),
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
 async function handleMessagesCreateError(params) {
 	const { error, instr, stream } = params;
 	const finishedAtMs = Date.now();
-	const details = extractErrorDetails(error);
-	if (details.unauthorized) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+	const details = await extractErrorObservability(error);
+	if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
 	const { premiumRemainingAfter, premiumUnlimitedAfter, premiumRemainingDiff } = await finalizeQuotaAndGetPremiumSnapshot(instr);
 	insertRequestLog$1(instr, {
 		finishedAtMs,
@@ -5868,7 +5839,8 @@ async function handleMessagesCreateError(params) {
 		httpStatus: details.httpStatus,
 		errorName: details.errorName,
 		errorStatus: details.errorStatus,
-		errorMessage: details.errorMessage
+		errorMessage: details.errorMessage,
+		upstreamErrorMessageRaw: details.upstreamErrorMessageRaw
 	});
 	throw error;
 }
@@ -5879,17 +5851,19 @@ async function handleMessagesNonStreaming(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	const finishedAtMs = Date.now();
 	try {
 		logger$5.debug("Non-streaming Messages result:", JSON.stringify(response).slice(-400));
 		return c.json(response);
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		httpStatus = details.httpStatus;
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
-		if (details.unauthorized) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
 		throw error;
 	} finally {
 		const { premiumRemainingAfter, premiumUnlimitedAfter, premiumRemainingDiff } = await finalizeQuotaAndGetPremiumSnapshot(instr);
@@ -5904,7 +5878,8 @@ async function handleMessagesNonStreaming(params) {
 			httpStatus,
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
@@ -5926,6 +5901,7 @@ async function streamMessagesAndLog(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	try {
 		for await (const rawEvent of response) {
 			if (ttfbMs === void 0) ttfbMs = Date.now() - instr.startedAtMs;
@@ -5941,12 +5917,14 @@ async function streamMessagesAndLog(params) {
 			});
 		}
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
 		logger$5.warn("Streaming error:", error);
-		if (details.unauthorized) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(instr.account.id, "Unauthorized (401)");
+		await writeAnthropicStreamError(stream, getUserVisibleErrorMessage(details));
 	} finally {
 		const finishedAtMs = Date.now();
 		const { premiumRemainingAfter, premiumUnlimitedAfter, premiumRemainingDiff } = await finalizeQuotaAndGetPremiumSnapshot(instr);
@@ -5962,28 +5940,33 @@ async function streamMessagesAndLog(params) {
 			httpStatus: errorStatus ?? (errorName ? 500 : 200),
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
 const handleWithMessagesApi = async (params) => {
-	const { c, anthropicPayload, anthropicBetaHeader, initiatorOverride, subagentMarker, sessionId, instr, selectedModel, isCompact } = params;
+	const { c, anthropicPayload, anthropicBetaHeader, subagentMarker, sessionId, instr, selectedModel, isCompact } = params;
 	prepareMessagesApiPayload(anthropicPayload, selectedModel);
 	debugJson(logger$5, "Translated Messages payload:", anthropicPayload);
 	const ctx = toAccountContext(instr.account);
-	const initiator = initiatorOverride ?? getMessagesInitiator(anthropicPayload);
-	instr.initiator = initiator;
+	const effectiveInitiator = resolveEffectiveInitiator(getMessagesInitiator(anthropicPayload), {
+		isCompact,
+		isSubagent: Boolean(subagentMarker)
+	});
+	instr.initiator = effectiveInitiator;
 	let response;
 	try {
 		response = await createMessages(anthropicPayload, ctx, {
 			anthropicBetaHeader,
 			upstreamRequestId: instr.upstreamRequestId,
-			initiator,
+			initiator: effectiveInitiator,
 			subagentMarker,
 			sessionId,
 			isCompact
 		});
 		instr.confirmAffinity?.();
+		instr.confirmOwnership?.();
 	} catch (error) {
 		return await handleMessagesCreateError({
 			error,
@@ -6031,9 +6014,8 @@ messageRoutes.post("/count_tokens", async (c) => {
 const modelRoutes = new Hono();
 modelRoutes.get("/", async (c) => {
 	try {
-		if (!state.models) await cacheModels();
 		const blockedTargets = getAliasTargetSet();
-		const models = state.models?.data.filter((model) => !blockedTargets.has(model.id.toLowerCase())).map((model) => ({
+		const models = getAvailableModels().filter((model) => !blockedTargets.has(model.id.toLowerCase())).map((model) => ({
 			id: model.id,
 			object: "model",
 			type: "model",
@@ -6041,7 +6023,7 @@ modelRoutes.get("/", async (c) => {
 			created_at: (/* @__PURE__ */ new Date(0)).toISOString(),
 			owned_by: model.vendor,
 			display_name: model.name
-		})) ?? [];
+		}));
 		const aliasModels = Object.keys(getModelAliases()).map((alias) => ({
 			id: alias,
 			object: "model",
@@ -6090,7 +6072,7 @@ async function handleProviderCountTokens(c) {
 		const anthropicPayload = await c.req.json();
 		const openAIPayload = translateToOpenAI(anthropicPayload);
 		const modelId = anthropicPayload.model.trim();
-		let selectedModel = state.models?.data.find((model) => model.id === modelId);
+		let selectedModel = getAvailableModels().find((model) => model.id === modelId);
 		if (!selectedModel && modelId) selectedModel = createFallbackModel(modelId);
 		if (!selectedModel) {
 			logger$4.warn("provider.count_tokens.model_not_found", {
@@ -6350,9 +6332,10 @@ const handleResponses = async (c) => {
 	const streamRequested = Boolean(payload.stream);
 	const { initiator: initialInitiator } = getResponsesRequestOptions(payload);
 	const userId = payload.metadata?.user_id;
-	const { safetyIdentifier, sessionId: promptCacheKey } = parseUserIdMetadata(userId);
+	const requestBodyPromptCacheKey = typeof payload.prompt_cache_key === "string" ? payload.prompt_cache_key : null;
+	const { safetyIdentifier, sessionId: metadataSessionId } = parseUserIdMetadata(userId);
 	const normalizedSafetyIdentifier = safetyIdentifier ?? void 0;
-	const normalizedPromptCacheKey = promptCacheKey ?? void 0;
+	const normalizedPromptCacheKey = requestBodyPromptCacheKey ?? metadataSessionId ?? void 0;
 	request.userId = userId;
 	request.safetyIdentifier = normalizedSafetyIdentifier;
 	request.promptCacheKey = normalizedPromptCacheKey;
@@ -6370,10 +6353,19 @@ const handleResponses = async (c) => {
 		});
 	}
 	const upstreamRequestId = generateRequestIdFromPayload({ messages: payload.input }, normalizedPromptCacheKey);
+	const headerSessionId = c.req.header("x-session-id") ?? null;
+	const affinityKey = resolveAffinityKey({
+		promptCacheKey: requestBodyPromptCacheKey,
+		metadataSessionId,
+		headerSessionId,
+		upstreamRequestId
+	});
+	request.affinityKeyUsed = affinityKey.affinityKeyUsed;
+	request.affinityKeySource = affinityKey.affinityKeySource;
 	const selection = await accountsManager.selectAccountForRequest([{
 		modelId: clientModel,
 		endpoint: RESPONSES_ENDPOINT
-	}], { requestId: upstreamRequestId });
+	}], { requestId: affinityKey.requestId });
 	if (!selection.ok) {
 		recordSelectionFailure(store, {
 			request,
@@ -6386,6 +6378,7 @@ const handleResponses = async (c) => {
 	const { account, selectedModel } = selection;
 	request.affinityHit = selection.affinityHit;
 	request.affinityCacheKey = selection.affinityCacheKey;
+	request.selectionReason = selection.selectionReason;
 	const upstreamPayload = {
 		...payload,
 		model: selectedModel.id
@@ -6399,7 +6392,7 @@ const handleResponses = async (c) => {
 	request.initiator = initiator;
 	if (state.manualApprove) await awaitApproval();
 	const accountCtx = toAccountContext(account);
-	const upstreamSessionId = getUUID(upstreamRequestId);
+	const upstreamSessionId = getUUID(normalizedPromptCacheKey ?? headerSessionId ?? upstreamRequestId);
 	request.upstreamRequestId = upstreamRequestId;
 	request.upstreamSessionId = upstreamSessionId;
 	if (streamRequested) return handleStreamingResponses({
@@ -6429,6 +6422,37 @@ const handleResponses = async (c) => {
 		premiumUnlimitedBefore
 	});
 };
+async function observeRequestError(accountId, error) {
+	const details = await extractErrorObservability(error);
+	if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(accountId, "Unauthorized (401)");
+	return {
+		httpStatus: details.httpStatus,
+		errorName: details.errorName,
+		errorStatus: details.errorStatus,
+		errorMessage: details.errorMessage,
+		upstreamErrorMessageRaw: details.upstreamErrorMessageRaw
+	};
+}
+function buildResponsesStreamError(message) {
+	return {
+		type: "error",
+		code: null,
+		message,
+		param: null,
+		sequence_number: 0
+	};
+}
+async function writeResponsesStreamError(stream, message) {
+	try {
+		const errorEvent = buildResponsesStreamError(message);
+		await stream.writeSSE({
+			event: errorEvent.type,
+			data: JSON.stringify(errorEvent)
+		});
+	} catch (streamError) {
+		logger$1.warn("Failed to write Responses stream error event:", streamError);
+	}
+}
 function buildRequestContext(c) {
 	const requestId = randomUUID();
 	const startedAtMs = Date.now();
@@ -6459,6 +6483,9 @@ function insertRequestLog(store, request, record) {
 		promptCacheKey: request.promptCacheKey,
 		initiator: request.initiator,
 		upstreamRequestId: request.upstreamRequestId,
+		affinityKeyUsed: request.affinityKeyUsed,
+		affinityKeySource: request.affinityKeySource,
+		selectionReason: request.selectionReason,
 		affinityHit: request.affinityHit,
 		affinityCacheKey: request.affinityCacheKey,
 		...record
@@ -6497,14 +6524,6 @@ function extractUsageFromChunkData(data) {
 		return;
 	}
 }
-function getStreamChunkFields(chunk) {
-	const c = chunk;
-	return {
-		id: c.id,
-		event: c.event,
-		data: c.data
-	};
-}
 async function handleStreamingResponses(params) {
 	const { c, store, request, payload, selection, clientModel, accountCtx, vision, initiator, premiumRemainingBefore, premiumUnlimitedBefore } = params;
 	let response;
@@ -6555,8 +6574,8 @@ async function handleUpstreamCreateError(params) {
 	const { store, request, selection, clientModel, premiumRemainingBefore, premiumUnlimitedBefore, error } = params;
 	const { account, reservation, selectedModel, endpoint, costUnits } = selection;
 	const finishedAtMs = Date.now();
-	const details = extractErrorDetails(error);
-	if (details.unauthorized) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
+	const details = await extractErrorObservability(error);
+	if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
 	await accountsManager.finalizeQuota(account, reservation);
 	const premiumRemainingAfter = account.premiumRemaining;
 	const premiumUnlimitedAfter = account.unlimited;
@@ -6578,7 +6597,8 @@ async function handleUpstreamCreateError(params) {
 		httpStatus: details.httpStatus,
 		errorName: details.errorName,
 		errorStatus: details.errorStatus,
-		errorMessage: details.errorMessage
+		errorMessage: details.errorMessage,
+		upstreamErrorMessageRaw: details.upstreamErrorMessageRaw
 	});
 	throw error;
 }
@@ -6590,6 +6610,7 @@ async function handleNonStreamingUpstreamResult(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	const finishedAtMs = Date.now();
 	try {
 		debugJsonTail(logger$1, "Forwarding native Responses result:", {
@@ -6598,11 +6619,12 @@ async function handleNonStreamingUpstreamResult(params) {
 		});
 		return c.json(result);
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		httpStatus = details.httpStatus;
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
 		throw error;
 	} finally {
 		await accountsManager.finalizeQuota(account, reservation);
@@ -6627,7 +6649,8 @@ async function handleNonStreamingUpstreamResult(params) {
 			httpStatus,
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
@@ -6640,6 +6663,7 @@ async function streamResponsesAndLog(params) {
 	let errorName;
 	let errorStatus;
 	let errorMessage;
+	let upstreamErrorMessageRaw;
 	try {
 		for await (const chunk of response) {
 			if (ttfbMs === void 0) ttfbMs = Date.now() - request.startedAtMs;
@@ -6655,11 +6679,14 @@ async function streamResponsesAndLog(params) {
 			});
 		}
 	} catch (error) {
-		const details = extractErrorDetails(error);
+		const details = await extractErrorObservability(error);
 		errorName = details.errorName;
 		errorStatus = details.errorStatus;
 		errorMessage = details.errorMessage;
+		upstreamErrorMessageRaw = details.upstreamErrorMessageRaw;
 		logger$1.warn("Responses streaming error:", error);
+		if (shouldMarkAccountFailed(details)) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
+		await writeResponsesStreamError(stream, getUserVisibleErrorMessage(details));
 	} finally {
 		const finishedAtMs = Date.now();
 		await accountsManager.finalizeQuota(account, reservation);
@@ -6685,18 +6712,16 @@ async function streamResponsesAndLog(params) {
 			httpStatus: errorStatus ?? (errorName ? 500 : 200),
 			errorName,
 			errorStatus,
-			errorMessage
+			errorMessage,
+			upstreamErrorMessageRaw
 		});
 	}
 }
 async function handleNonStreamingResponses(params) {
 	const { c, store, request, payload, selection, clientModel, accountCtx, vision, initiator, premiumRemainingBefore, premiumUnlimitedBefore } = params;
 	const { account, reservation, selectedModel, endpoint, costUnits } = selection;
-	let httpStatus = 200;
 	let usage = {};
-	let errorName;
-	let errorStatus;
-	let errorMessage;
+	let errorState = { httpStatus: 200 };
 	let finishedAtMs;
 	try {
 		const response = await createResponses(payload, {
@@ -6705,10 +6730,9 @@ async function handleNonStreamingResponses(params) {
 			upstreamRequestId: request.upstreamRequestId,
 			sessionId: request.upstreamSessionId
 		}, accountCtx);
+		if (isAsyncIterable(response)) throw new Error("Upstream returned a stream unexpectedly");
 		selection.confirmAffinity?.();
 		finishedAtMs = Date.now();
-		const streamResponse = handleUnexpectedResponsesStream(c, response);
-		if (streamResponse) return streamResponse;
 		const result = response;
 		usage = extractResponsesUsageFromResult(result);
 		debugJsonTail(logger$1, "Forwarding native Responses result:", {
@@ -6718,12 +6742,7 @@ async function handleNonStreamingResponses(params) {
 		return c.json(result);
 	} catch (error) {
 		finishedAtMs = Date.now();
-		const details = extractErrorDetails(error);
-		httpStatus = details.httpStatus;
-		errorName = details.errorName;
-		errorStatus = details.errorStatus;
-		errorMessage = details.errorMessage;
-		if (details.unauthorized) accountsManager.markAccountFailed(account.id, "Unauthorized (401)");
+		errorState = await observeRequestError(account.id, error);
 		throw error;
 	} finally {
 		const finishedAtMsFinal = finishedAtMs ?? Date.now();
@@ -6746,61 +6765,14 @@ async function handleNonStreamingResponses(params) {
 			premiumRemainingDiff: computeDiff(premiumRemainingBefore, premiumRemainingAfter),
 			premiumUnlimitedBefore,
 			premiumUnlimitedAfter,
-			httpStatus,
-			errorName,
-			errorStatus,
-			errorMessage
+			httpStatus: errorState.httpStatus,
+			errorName: errorState.errorName,
+			errorStatus: errorState.errorStatus,
+			errorMessage: errorState.errorMessage,
+			upstreamErrorMessageRaw: errorState.upstreamErrorMessageRaw
 		});
 	}
 }
-function handleUnexpectedResponsesStream(c, response) {
-	if (!isAsyncIterable(response)) return null;
-	logger$1.debug("Forwarding native Responses stream (unexpected)");
-	return streamSSE(c, async (stream) => {
-		const idTracker = createStreamIdTracker();
-		for await (const chunk of response) {
-			const { id, event, data } = getStreamChunkFields(chunk);
-			const processedData = fixStreamIds(data ?? "", event, idTracker);
-			debugJson(logger$1, "Responses stream chunk:", chunk);
-			await stream.writeSSE({
-				id,
-				event,
-				data: processedData
-			});
-		}
-	});
-}
-const isAsyncIterable = (value) => Boolean(value) && typeof value[Symbol.asyncIterator] === "function";
-const useFunctionApplyPatch = (payload) => {
-	if (!(getConfig().useFunctionApplyPatch ?? true)) return;
-	logger$1.debug("Using function tool apply_patch for responses");
-	if (Array.isArray(payload.tools)) {
-		const toolsArr = payload.tools;
-		for (let i = 0; i < toolsArr.length; i++) {
-			const t = toolsArr[i];
-			if (t.type === "custom" && t.name === "apply_patch") toolsArr[i] = {
-				type: "function",
-				name: t.name,
-				description: "Use the `apply_patch` tool to edit files",
-				parameters: {
-					type: "object",
-					properties: { input: {
-						type: "string",
-						description: "The entire contents of the apply_patch command"
-					} },
-					required: ["input"]
-				},
-				strict: false
-			};
-		}
-	}
-};
-const removeWebSearchTool = (payload) => {
-	if (!Array.isArray(payload.tools) || payload.tools.length === 0) return;
-	payload.tools = payload.tools.filter((t) => {
-		return t.type !== "web_search";
-	});
-};
 
 //#endregion
 //#region src/routes/responses/route.ts
@@ -6894,4 +6866,4 @@ server.route("/:provider/v1/models", providerModelRoutes);
 
 //#endregion
 export { server };
-//# sourceMappingURL=server-DVpkQrk2.js.map
+//# sourceMappingURL=server-DAxpfPde.js.map