Merge pull request #183 from CJackHwang/dev

Merge pull request #182 from CJackHwang/codex/investigate-potential-issues

Fix account pool starvation when only one managed account has token

.github/workflows/release-artifacts.yml

@@ -79,7 +79,7 @@ jobs:
             CGO_ENABLED=0 GOOS="${GOOS}" GOARCH="${GOARCH}" \
               go build -trimpath -ldflags="-s -w -X ds2api/internal/version.BuildVersion=${BUILD_VERSION}" -o "${STAGE}/${BIN}" ./cmd/ds2api
 
-            cp config.example.json .env.example sha3_wasm_bg.7b9ca65ddd.wasm LICENSE README.MD README.en.md "${STAGE}/"
+            cp config.example.json .env.example internal/deepseek/assets/sha3_wasm_bg.7b9ca65ddd.wasm LICENSE README.MD README.en.md "${STAGE}/"
             cp -R static/admin "${STAGE}/static/admin"
 
             if [ "${GOOS}" = "windows" ]; then

API.en.md

@@ -587,6 +587,9 @@ Returns sanitized config.
 {
   "keys": ["k1", "k2"],
   "env_backed": false,
+  "env_source_present": true,
+  "env_writeback_enabled": true,
+  "config_path": "/data/config.json",
   "accounts": [
     {
       "identifier": "user@example.com",
@@ -629,24 +632,25 @@ Reads runtime settings and status, including:
 
 - `success`
 - `admin` (`has_password_hash`, `jwt_expire_hours`, `jwt_valid_after_unix`, `default_password_warning`)
-- `runtime` (`account_max_inflight`, `account_max_queue`, `global_max_inflight`)
+- `runtime` (`account_max_inflight`, `account_max_queue`, `global_max_inflight`, `token_refresh_interval_hours`)
-- `toolcall` / `responses` / `embeddings`
+- `responses` / `embeddings`
 - `auto_delete` (`sessions`)
 - `claude_mapping` / `model_aliases`
 - `env_backed`, `needs_vercel_sync`
+- `toolcall` policy is fixed to `feature_match + high` and is no longer returned or editable via settings
 
 ### `PUT /admin/settings`
 
 Hot-updates runtime settings. Supported fields:
 
 - `admin.jwt_expire_hours`
-- `runtime.account_max_inflight` / `runtime.account_max_queue` / `runtime.global_max_inflight`
+- `runtime.account_max_inflight` / `runtime.account_max_queue` / `runtime.global_max_inflight` / `runtime.token_refresh_interval_hours`
-- `toolcall.mode` / `toolcall.early_emit_confidence`
 - `responses.store_ttl_seconds`
 - `embeddings.provider`
 - `auto_delete.sessions`
 - `claude_mapping`
 - `model_aliases`
+- `toolcall` policy is fixed and is no longer writable through settings
 
 ### `POST /admin/settings/password`
 
@@ -669,7 +673,7 @@ Imports full config with:
 
 The request can send config directly, or wrapped as `{"config": {...}, "mode":"merge"}`.
 Query params `?mode=merge` / `?mode=replace` are also supported.
-Import accepts `keys`, `accounts`, `claude_mapping` / `claude_model_mapping`, `model_aliases`, `admin`, `runtime`, `toolcall`, `responses`, `embeddings`, and `auto_delete`.
+Import accepts `keys`, `accounts`, `claude_mapping` / `claude_model_mapping`, `model_aliases`, `admin`, `runtime`, `responses`, `embeddings`, and `auto_delete`; legacy `toolcall` fields are ignored.
 
 ### `GET /admin/config/export`
 

API.md

@@ -596,6 +596,9 @@ data: {"type":"message_stop"}
 {
   "keys": ["k1", "k2"],
   "env_backed": false,
+  "env_source_present": true,
+  "env_writeback_enabled": true,
+  "config_path": "/data/config.json",
   "accounts": [
     {
       "identifier": "user@example.com",
@@ -638,24 +641,25 @@ data: {"type":"message_stop"}
 
 - `success`
 - `admin`（`has_password_hash`、`jwt_expire_hours`、`jwt_valid_after_unix`、`default_password_warning`）
-- `runtime`（`account_max_inflight`、`account_max_queue`、`global_max_inflight`）
+- `runtime`（`account_max_inflight`、`account_max_queue`、`global_max_inflight`、`token_refresh_interval_hours`）
-- `toolcall` / `responses` / `embeddings`
+- `responses` / `embeddings`
 - `auto_delete`（`sessions`）
 - `claude_mapping` / `model_aliases`
 - `env_backed`、`needs_vercel_sync`
+- `toolcall` 策略已固定为 `feature_match + high`，不再通过 settings 返回或修改
 
 ### `PUT /admin/settings`
 
 热更新运行时设置。支持更新：
 
 - `admin.jwt_expire_hours`
-- `runtime.account_max_inflight` / `runtime.account_max_queue` / `runtime.global_max_inflight`
+- `runtime.account_max_inflight` / `runtime.account_max_queue` / `runtime.global_max_inflight` / `runtime.token_refresh_interval_hours`
-- `toolcall.mode` / `toolcall.early_emit_confidence`
 - `responses.store_ttl_seconds`
 - `embeddings.provider`
 - `auto_delete.sessions`
 - `claude_mapping`
 - `model_aliases`
+- `toolcall` 策略已固定，不再作为可写入字段
 
 ### `POST /admin/settings/password`
 
@@ -678,7 +682,7 @@ data: {"type":"message_stop"}
 
 请求可直接传配置对象，或使用 `{"config": {...}, "mode":"merge"}` 包裹格式。
 也支持在查询参数里传 `?mode=merge` / `?mode=replace`。
-导入时会接受 `keys`、`accounts`、`claude_mapping` / `claude_model_mapping`、`model_aliases`、`admin`、`runtime`、`toolcall`、`responses`、`embeddings`、`auto_delete` 等字段。
+导入时会接受 `keys`、`accounts`、`claude_mapping` / `claude_model_mapping`、`model_aliases`、`admin`、`runtime`、`responses`、`embeddings`、`auto_delete` 等字段；`toolcall` 相关字段会被忽略。
 
 ### `GET /admin/config/export`
 

Dockerfile

@@ -34,7 +34,7 @@ CMD ["/usr/local/bin/ds2api"]
 
 FROM runtime-base AS runtime-from-source
 COPY --from=go-builder /out/ds2api /usr/local/bin/ds2api
-COPY --from=go-builder /app/sha3_wasm_bg.7b9ca65ddd.wasm /app/sha3_wasm_bg.7b9ca65ddd.wasm
+COPY --from=go-builder /app/internal/deepseek/assets/sha3_wasm_bg.7b9ca65ddd.wasm /app/sha3_wasm_bg.7b9ca65ddd.wasm
 COPY --from=go-builder /app/config.example.json /app/config.example.json
 COPY --from=webui-builder /app/static/admin /app/static/admin
 

README.MD

@@ -8,7 +8,7 @@
 ![Stars](https://img.shields.io/github/stars/CJackHwang/ds2api.svg)
 ![Forks](https://img.shields.io/github/forks/CJackHwang/ds2api.svg)
 [![Release](https://img.shields.io/github/v/release/CJackHwang/ds2api?display_name=tag)](https://github.com/CJackHwang/ds2api/releases)
-[![Docker](https://img.shields.io/badge/docker-ready-blue.svg)](DEPLOY.md)
+[![Docker](https://img.shields.io/badge/docker-ready-blue.svg)](docs/DEPLOY.md)
 [![Deploy on Zeabur](https://zeabur.com/button.svg)](https://zeabur.com/templates/L4CFHP)
 [![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https://github.com/CJackHwang/ds2api)
 
@@ -166,8 +166,9 @@ go run ./cmd/ds2api
 ### 方式二：Docker 运行
 
 ```bash
-# 1. 准备环境变量文件
+# 1. 准备环境变量和配置文件
 cp .env.example .env
+cp config.example.json config.json
 
 # 2. 编辑 .env（至少设置 DS2API_ADMIN_KEY）
 #    DS2API_ADMIN_KEY=请替换为强密码
@@ -213,7 +214,7 @@ base64 < config.json | tr -d '\n'
 
 > **流式说明**：`/v1/chat/completions` 在 Vercel 上默认走 `api/chat-stream.js`（Node Runtime）以保证实时 SSE。鉴权、账号选择、会话/PoW 准备仍由 Go 内部 prepare 接口完成；流式响应（含 `tools`）在 Node 侧执行与 Go 对齐的输出组装与防泄漏处理。
 
-详细部署说明请参阅 [部署指南](DEPLOY.md)。
+详细部署说明请参阅 [部署指南](docs/DEPLOY.md)。
 
 ### 方式四：下载 Release 构建包
 
@@ -270,10 +271,6 @@ cp opencode.json.example opencode.json
   "compat": {
     "wide_input_strict_output": true
   },
-  "toolcall": {
-    "mode": "feature_match",
-    "early_emit_confidence": "high"
-  },
   "responses": {
     "store_ttl_seconds": 900
   },
@@ -290,7 +287,8 @@ cp opencode.json.example opencode.json
   "runtime": {
     "account_max_inflight": 2,
     "account_max_queue": 0,
-    "global_max_inflight": 0
+    "global_max_inflight": 0,
+    "token_refresh_interval_hours": 6
   },
   "auto_delete": {
     "sessions": false
@@ -303,12 +301,12 @@ cp opencode.json.example opencode.json
 - `token`：配置文件中即使填写也会在加载时被清空（不会从 `config.json` 读取 token）；实际 token 仅在运行时内存中维护并自动刷新
 - `model_aliases`：常见模型名（如 GPT/Codex/Claude）到 DeepSeek 模型的映射
 - `compat.wide_input_strict_output`：建议保持 `true`（当前实现默认宽进严出）
-- `toolcall`：固定采用特征匹配 + 高置信早发策略
+- `toolcall`：策略已固定为特征匹配 + 高置信早发，不再作为可配置项
 - `responses.store_ttl_seconds`：`/v1/responses/{id}` 的内存缓存 TTL
 - `embeddings.provider`：embedding 提供方（当前内置 `deterministic/mock/builtin`）
 - `claude_mapping`：字典中 `fast`/`slow` 后缀映射到对应 DeepSeek 模型（兼容读取 `claude_model_mapping`）
 - `admin`：管理后台设置（JWT 过期时间、密码哈希等），可通过 Admin Settings API 热更新
-- `runtime`：运行时参数（并发限制、队列大小），可通过 Admin Settings API 热更新；`account_max_queue=0`/`global_max_inflight=0` 表示按推荐值自动计算
+- `runtime`：运行时参数（并发限制、队列大小、托管账号 token 刷新间隔），可通过 Admin Settings API 热更新；`account_max_queue=0`/`global_max_inflight=0` 表示按推荐值自动计算，`token_refresh_interval_hours=6` 为默认强制重登间隔
 - `auto_delete.sessions`：是否在请求结束后自动清理 DeepSeek 会话（默认 `false`，可在 Settings 热更新）
 
 ### 环境变量
@@ -323,6 +321,7 @@ cp opencode.json.example opencode.json
 | `DS2API_CONFIG_PATH` | 配置文件路径 | `config.json` |
 | `DS2API_CONFIG_JSON` | 直接注入配置（JSON 或 Base64） | — |
 | `CONFIG_JSON` | 旧版兼容配置注入 | — |
+| `DS2API_ENV_WRITEBACK` | 环境变量模式下自动写回配置文件并切换文件模式（`1/true/yes/on`） | 关闭 |
 | `DS2API_WASM_PATH` | PoW WASM 文件路径 | 自动查找 |
 | `DS2API_STATIC_ADMIN_DIR` | 管理台静态文件目录 | `static/admin` |
 | `DS2API_AUTO_BUILD_WEBUI` | 启动时自动构建 WebUI | 本地开启，Vercel 关闭 |
@@ -345,6 +344,8 @@ cp opencode.json.example opencode.json
 | `VERCEL_TEAM_ID` | Vercel 团队 ID | — |
 | `DS2API_VERCEL_PROTECTION_BYPASS` | Vercel 部署保护绕过密钥（内部 Node→Go 调用） | — |
 
+> 提示：当检测到 `DS2API_CONFIG_JSON/CONFIG_JSON` 时，管理台会显示当前模式风险与自动持久化状态（含 `DS2API_CONFIG_PATH` 路径与模式切换说明）。
+
 ## 鉴权模式
 
 调用业务接口（`/v1/*`、`/anthropic/*`、Gemini 路由）时支持两种模式：
@@ -450,6 +451,7 @@ ds2api/
 ├── tests/
 │   ├── compat/              # 兼容性测试夹具与期望输出
 │   └── scripts/             # 统一测试脚本入口（unit/e2e）
+├── docs/                    # 部署 / 贡献 / 测试等辅助文档
 ├── static/admin/            # WebUI 构建产物（不提交到 Git）
 ├── .github/
 │   ├── workflows/           # GitHub Actions（质量门禁 + Release 自动构建）
@@ -469,9 +471,9 @@ ds2api/
 | 文档 | 说明 |
 | --- | --- |
 | [API.md](API.md) / [API.en.md](API.en.md) | API 接口文档（含请求/响应示例） |
-| [DEPLOY.md](DEPLOY.md) / [DEPLOY.en.md](DEPLOY.en.md) | 部署指南（本地/Docker/Vercel/systemd） |
+| [DEPLOY.md](docs/DEPLOY.md) / [DEPLOY.en.md](docs/DEPLOY.en.md) | 部署指南（本地/Docker/Vercel/systemd） |
-| [CONTRIBUTING.md](CONTRIBUTING.md) / [CONTRIBUTING.en.md](CONTRIBUTING.en.md) | 贡献指南 |
+| [CONTRIBUTING.md](docs/CONTRIBUTING.md) / [CONTRIBUTING.en.md](docs/CONTRIBUTING.en.md) | 贡献指南 |
-| [TESTING.md](TESTING.md) | 测试集使用指南 |
+| [TESTING.md](docs/TESTING.md) | 测试集使用指南 |
 
 ## 测试
 
@@ -501,7 +503,7 @@ npm ci --prefix webui && npm run build --prefix webui
 
 ## 测试
 
-详细测试指南请参阅 [TESTING.md](TESTING.md)。
+详细测试指南请参阅 [docs/TESTING.md](docs/TESTING.md)。
 
 ### 快速测试命令
 

README.en.md

@@ -8,7 +8,7 @@
 ![Stars](https://img.shields.io/github/stars/CJackHwang/ds2api.svg)
 ![Forks](https://img.shields.io/github/forks/CJackHwang/ds2api.svg)
 [![Release](https://img.shields.io/github/v/release/CJackHwang/ds2api?display_name=tag)](https://github.com/CJackHwang/ds2api/releases)
-[![Docker](https://img.shields.io/badge/docker-ready-blue.svg)](DEPLOY.en.md)
+[![Docker](https://img.shields.io/badge/docker-ready-blue.svg)](docs/DEPLOY.en.md)
 [![Deploy on Zeabur](https://zeabur.com/button.svg)](https://zeabur.com/templates/L4CFHP)
 [![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https://github.com/CJackHwang/ds2api)
 
@@ -166,8 +166,9 @@ Default URL: `http://localhost:5001`
 ### Option 2: Docker
 
 ```bash
-# 1. Prepare env file
+# 1. Prepare env file and config file
 cp .env.example .env
+cp config.example.json config.json
 
 # 2. Edit .env (at least set DS2API_ADMIN_KEY)
 #    DS2API_ADMIN_KEY=replace-with-a-strong-secret
@@ -213,7 +214,7 @@ base64 < config.json | tr -d '\n'
 
 > **Streaming note**: `/v1/chat/completions` on Vercel is routed to `api/chat-stream.js` (Node Runtime) for real-time SSE. Auth, account selection, and session/PoW preparation are still handled by the Go internal prepare endpoint; streaming output (including `tools`) is assembled on Node with Go-aligned anti-leak handling.
 
-For detailed deployment instructions, see the [Deployment Guide](DEPLOY.en.md).
+For detailed deployment instructions, see the [Deployment Guide](docs/DEPLOY.en.md).
 
 ### Option 4: Download Release Binaries
 
@@ -270,10 +271,6 @@ cp opencode.json.example opencode.json
   "compat": {
     "wide_input_strict_output": true
   },
-  "toolcall": {
-    "mode": "feature_match",
-    "early_emit_confidence": "high"
-  },
   "responses": {
     "store_ttl_seconds": 900
   },
@@ -290,7 +287,8 @@ cp opencode.json.example opencode.json
   "runtime": {
     "account_max_inflight": 2,
     "account_max_queue": 0,
-    "global_max_inflight": 0
+    "global_max_inflight": 0,
+    "token_refresh_interval_hours": 6
   },
   "auto_delete": {
     "sessions": false
@@ -303,12 +301,12 @@ cp opencode.json.example opencode.json
 - `token`: Even if set in `config.json`, it is cleared during load (DS2API does not read persisted tokens from config); runtime tokens are maintained/refreshed in memory only
 - `model_aliases`: Map common model names (GPT/Codex/Claude) to DeepSeek models
 - `compat.wide_input_strict_output`: Keep `true` (current default policy)
-- `toolcall`: Fixed to feature matching + high-confidence early emit
+- `toolcall`: Fixed to feature matching + high-confidence early emit, no longer configurable
 - `responses.store_ttl_seconds`: In-memory TTL for `/v1/responses/{id}`
 - `embeddings.provider`: Embeddings provider (`deterministic/mock/builtin` built-in)
 - `claude_mapping`: Maps `fast`/`slow` suffixes to corresponding DeepSeek models (still compatible with `claude_model_mapping`)
 - `admin`: Admin panel settings (JWT expiry, password hash, etc.), hot-reloadable via Admin Settings API
-- `runtime`: Runtime parameters (concurrency limits, queue sizes), hot-reloadable via Admin Settings API; `account_max_queue=0`/`global_max_inflight=0` means auto-calculate from recommended values
+- `runtime`: Runtime parameters (concurrency limits, queue sizes, managed token refresh interval), hot-reloadable via Admin Settings API; `account_max_queue=0`/`global_max_inflight=0` means auto-calculate from recommended values, `token_refresh_interval_hours=6` is the default forced re-login interval
 - `auto_delete.sessions`: Whether to auto-delete DeepSeek sessions after request completion (default `false`, hot-reloadable via Settings)
 
 ### Environment Variables
@@ -323,6 +321,7 @@ cp opencode.json.example opencode.json
 | `DS2API_CONFIG_PATH` | Config file path | `config.json` |
 | `DS2API_CONFIG_JSON` | Inline config (JSON or Base64) | — |
 | `CONFIG_JSON` | Legacy compatibility config input | — |
+| `DS2API_ENV_WRITEBACK` | Auto-write env-backed config to file and transition to file mode (`1/true/yes/on`) | Disabled |
 | `DS2API_WASM_PATH` | PoW WASM file path | Auto-detect |
 | `DS2API_STATIC_ADMIN_DIR` | Admin static assets dir | `static/admin` |
 | `DS2API_AUTO_BUILD_WEBUI` | Auto-build WebUI on startup | Enabled locally, disabled on Vercel |
@@ -342,6 +341,8 @@ cp opencode.json.example opencode.json
 | `VERCEL_TEAM_ID` | Vercel team ID | — |
 | `DS2API_VERCEL_PROTECTION_BYPASS` | Vercel deployment protection bypass for internal Node→Go calls | — |
 
+> Note: when `DS2API_CONFIG_JSON/CONFIG_JSON` is detected, the Admin UI shows mode risk and auto-persistence status (including `DS2API_CONFIG_PATH` and mode-transition hints).
+
 ## Authentication Modes
 
 For business endpoints (`/v1/*`, `/anthropic/*`, Gemini routes), DS2API supports two modes:
@@ -444,6 +445,7 @@ ds2api/
 ├── tests/
 │   ├── compat/              # Compatibility fixtures and expected outputs
 │   └── scripts/             # Unified test script entrypoints (unit/e2e)
+├── docs/                    # Deployment / contributing / testing docs
 ├── static/admin/            # WebUI build output (not committed to Git)
 ├── .github/
 │   ├── workflows/           # GitHub Actions (quality gates + release automation)
@@ -463,9 +465,9 @@ ds2api/
 | Document | Description |
 | --- | --- |
 | [API.md](API.md) / [API.en.md](API.en.md) | API reference with request/response examples |
-| [DEPLOY.md](DEPLOY.md) / [DEPLOY.en.md](DEPLOY.en.md) | Deployment guide (local/Docker/Vercel/systemd) |
+| [DEPLOY.md](docs/DEPLOY.md) / [DEPLOY.en.md](docs/DEPLOY.en.md) | Deployment guide (local/Docker/Vercel/systemd) |
-| [CONTRIBUTING.md](CONTRIBUTING.md) / [CONTRIBUTING.en.md](CONTRIBUTING.en.md) | Contributing guide |
+| [CONTRIBUTING.md](docs/CONTRIBUTING.md) / [CONTRIBUTING.en.md](docs/CONTRIBUTING.en.md) | Contributing guide |
-| [TESTING.md](TESTING.md) | Testsuite guide |
+| [TESTING.md](docs/TESTING.md) | Testsuite guide |
 
 ## Testing
 

VERSION

@@ -1 +1 @@
-2.4.1
+2.5.1

docs/DEPLOY.en.md

@@ -111,8 +111,9 @@ go build -o ds2api ./cmd/ds2api
 ### 2.1 Basic Steps
 
 ```bash
-# Copy env template
+# Copy env template and config file
 cp .env.example .env
+cp config.example.json config.json
 
 # Edit .env and set at least:
 #   DS2API_ADMIN_KEY=your-admin-key
@@ -248,6 +249,7 @@ VERCEL_TEAM_ID=team_xxxxxxxxxxxx   # optional for personal accounts
 | `DS2API_ACCOUNT_QUEUE_SIZE` | Alias (legacy compat) | — |
 | `DS2API_GLOBAL_MAX_INFLIGHT` | Global inflight limit | `recommended_concurrency` |
 | `DS2API_MAX_INFLIGHT` | Alias (legacy compat) | — |
+| `DS2API_ENV_WRITEBACK` | When `DS2API_CONFIG_JSON` is present, auto-write to `DS2API_CONFIG_PATH` and switch to file-backed mode after success (`1/true/yes/on`) | Disabled |
 | `DS2API_VERCEL_INTERNAL_SECRET` | Hybrid streaming internal auth | Falls back to `DS2API_ADMIN_KEY` |
 | `DS2API_VERCEL_STREAM_LEASE_TTL_SECONDS` | Stream lease TTL | `900` |
 | `VERCEL_TOKEN` | Vercel sync token | — |
@@ -456,8 +458,8 @@ server {
 # Copy compiled binary and related files to target directory
 sudo mkdir -p /opt/ds2api
 sudo cp ds2api config.json /opt/ds2api/
-# Optional: if you want to use an external WASM file (override embedded one)
+# Optional: if you want to use an external WASM file (override the embedded one, from a release package or build output)
-# sudo cp sha3_wasm_bg.7b9ca65ddd.wasm /opt/ds2api/
+# sudo cp /path/to/sha3_wasm_bg.7b9ca65ddd.wasm /opt/ds2api/
 sudo cp -r static/admin /opt/ds2api/static/admin
 ```
 

docs/DEPLOY.md

@@ -111,8 +111,9 @@ go build -o ds2api ./cmd/ds2api
 ### 2.1 基本步骤
 
 ```bash
-# 复制环境变量模板
+# 复制环境变量模板和配置文件
 cp .env.example .env
+cp config.example.json config.json
 
 # 编辑 .env（请改成你的强密码），至少设置：
 #   DS2API_ADMIN_KEY=your-admin-key
@@ -248,6 +249,7 @@ VERCEL_TEAM_ID=team_xxxxxxxxxxxx   # 个人账号可留空
 | `DS2API_ACCOUNT_QUEUE_SIZE` | 同上（兼容别名） | — |
 | `DS2API_GLOBAL_MAX_INFLIGHT` | 全局并发上限 | `recommended_concurrency` |
 | `DS2API_MAX_INFLIGHT` | 同上（兼容别名） | — |
+| `DS2API_ENV_WRITEBACK` | 检测到 `DS2API_CONFIG_JSON` 时自动写入 `DS2API_CONFIG_PATH`，并在成功后转为文件模式（`1/true/yes/on`） | 关闭 |
 | `DS2API_VERCEL_INTERNAL_SECRET` | 混合流式内部鉴权 | 回退用 `DS2API_ADMIN_KEY` |
 | `DS2API_VERCEL_STREAM_LEASE_TTL_SECONDS` | 流式 lease TTL | `900` |
 | `VERCEL_TOKEN` | Vercel 同步 token | — |
@@ -456,8 +458,8 @@ server {
 # 将编译好的二进制文件和相关文件复制到目标目录
 sudo mkdir -p /opt/ds2api
 sudo cp ds2api config.json /opt/ds2api/
-# 可选：若你希望使用外置 WASM 文件（覆盖内置版本）
+# 可选：若你希望使用外置 WASM 文件（覆盖内置版本，来自 release 包或构建产物）
-# sudo cp sha3_wasm_bg.7b9ca65ddd.wasm /opt/ds2api/
+# sudo cp /path/to/sha3_wasm_bg.7b9ca65ddd.wasm /opt/ds2api/
 sudo cp -r static/admin /opt/ds2api/static/admin
 ```
 

internal/account/pool_acquire.go

@@ -60,16 +60,10 @@ func (p *Pool) acquireLocked(target string, exclude map[string]bool) (config.Acc
 		return acc, true
 	}
 
-	if acc, ok := p.tryAcquire(exclude, true); ok {
+	return p.tryAcquire(exclude)
-		return acc, true
-	}
-	if acc, ok := p.tryAcquire(exclude, false); ok {
-		return acc, true
-	}
-	return config.Account{}, false
 }
 
-func (p *Pool) tryAcquire(exclude map[string]bool, requireToken bool) (config.Account, bool) {
+func (p *Pool) tryAcquire(exclude map[string]bool) (config.Account, bool) {
 	for i := 0; i < len(p.queue); i++ {
 		id := p.queue[i]
 		if exclude[id] || !p.canAcquireIDLocked(id) {
@@ -79,9 +73,6 @@ func (p *Pool) tryAcquire(exclude map[string]bool, requireToken bool) (config.Ac
 		if !ok {
 			continue
 		}
-		if requireToken && acc.Token == "" {
-			continue
-		}
 		p.inUse[id]++
 		p.bumpQueue(id)
 		return acc, true

internal/account/pool_test.go

@@ -215,6 +215,33 @@ func TestPoolDropsLegacyTokenOnlyAccountOnLoad(t *testing.T) {
 	}
 }
 
+func TestPoolAcquireRotatesIntoTokenlessAccounts(t *testing.T) {
+	t.Setenv("DS2API_ACCOUNT_MAX_INFLIGHT", "1")
+	t.Setenv("DS2API_ACCOUNT_CONCURRENCY", "")
+	t.Setenv("DS2API_ACCOUNT_MAX_QUEUE", "")
+	t.Setenv("DS2API_ACCOUNT_QUEUE_SIZE", "")
+	t.Setenv("DS2API_CONFIG_JSON", `{
+		"keys":["k1"],
+		"accounts":[
+			{"email":"acc1@example.com","token":"token1"},
+			{"email":"acc2@example.com","token":""},
+			{"email":"acc3@example.com","token":""}
+		]
+	}`)
+
+	pool := NewPool(config.LoadStore())
+	for i, want := range []string{"acc1@example.com", "acc2@example.com", "acc3@example.com"} {
+		acc, ok := pool.Acquire("", nil)
+		if !ok {
+			t.Fatalf("expected acquire success at step %d", i+1)
+		}
+		if got := acc.Identifier(); got != want {
+			t.Fatalf("unexpected account at step %d: got %q want %q", i+1, got, want)
+		}
+		pool.Release(acc.Identifier())
+	}
+}
+
 func TestPoolAcquireWaitQueuesAndSucceedsAfterRelease(t *testing.T) {
 	pool := newSingleAccountPoolForTest(t, "1")
 	first, ok := pool.Acquire("", nil)

internal/adapter/claude/handler_helpers_misc.go

@@ -0,0 +1,97 @@
+package claude
+
+import (
+	"fmt"
+	"strings"
+)
+
+func hasSystemMessage(messages []any) bool {
+	for _, m := range messages {
+		msg, ok := m.(map[string]any)
+		if ok && msg["role"] == "system" {
+			return true
+		}
+	}
+	return false
+}
+
+func extractClaudeToolNames(tools []any) []string {
+	out := make([]string, 0, len(tools))
+	for _, t := range tools {
+		m, ok := t.(map[string]any)
+		if !ok {
+			continue
+		}
+		name, _, _ := extractClaudeToolMeta(m)
+		if name != "" {
+			out = append(out, name)
+		}
+	}
+	return out
+}
+
+func extractClaudeToolMeta(m map[string]any) (string, string, any) {
+	name, _ := m["name"].(string)
+	desc, _ := m["description"].(string)
+	schemaObj := m["input_schema"]
+	if schemaObj == nil {
+		schemaObj = m["parameters"]
+	}
+
+	if fn, ok := m["function"].(map[string]any); ok {
+		if strings.TrimSpace(name) == "" {
+			name, _ = fn["name"].(string)
+		}
+		if strings.TrimSpace(desc) == "" {
+			desc, _ = fn["description"].(string)
+		}
+		if schemaObj == nil {
+			if v, ok := fn["input_schema"]; ok {
+				schemaObj = v
+			}
+		}
+		if schemaObj == nil {
+			if v, ok := fn["parameters"]; ok {
+				schemaObj = v
+			}
+		}
+	}
+	return strings.TrimSpace(name), strings.TrimSpace(desc), schemaObj
+}
+
+func toMessageMaps(v any) []map[string]any {
+	arr, ok := v.([]any)
+	if !ok {
+		return nil
+	}
+	out := make([]map[string]any, 0, len(arr))
+	for _, item := range arr {
+		if m, ok := item.(map[string]any); ok {
+			out = append(out, m)
+		}
+	}
+	return out
+}
+
+func extractMessageContent(v any) string {
+	switch x := v.(type) {
+	case string:
+		return x
+	case []any:
+		parts := make([]string, 0, len(x))
+		for _, it := range x {
+			parts = append(parts, fmt.Sprintf("%v", it))
+		}
+		return strings.Join(parts, "\n")
+	default:
+		return fmt.Sprintf("%v", x)
+	}
+}
+
+func cloneMap(in map[string]any) map[string]any {
+	out := make(map[string]any, len(in))
+	for k, v := range in {
+		out[k] = v
+	}
+	return out
+}

internal/adapter/claude/handler_util_test.go

@@ -93,8 +93,11 @@ func TestNormalizeClaudeMessagesToolUseToAssistantToolCalls(t *testing.T) {
 		t.Fatalf("expected call id preserved, got %#v", call)
 	}
 	content, _ := m["content"].(string)
-	if !containsStr(content, "search_web") || !containsStr(content, `"arguments":"{\"query\":\"latest\"}"`) {
+	if !containsStr(content, "<tool_calls>") || !containsStr(content, "<tool_name>search_web</tool_name>") {
-		t.Fatalf("expected assistant content to include serialized tool call for prompt roundtrip, got %q", content)
+		t.Fatalf("expected assistant content to include XML tool call history, got %q", content)
+	}
+	if !containsStr(content, `<parameters>{"query":"latest"}</parameters>`) {
+		t.Fatalf("expected assistant content to include serialized parameters, got %q", content)
 	}
 }
 
@@ -222,6 +225,47 @@ func TestNormalizeClaudeMessagesToolResultNonTextPayloadStringified(t *testing.T
 	}
 }
 
+func TestNormalizeClaudeMessagesBackfillsToolResultCallIDByName(t *testing.T) {
+	msgs := []any{
+		map[string]any{
+			"role": "assistant",
+			"content": []any{
+				map[string]any{
+					"type":  "tool_use",
+					"name":  "search_web",
+					"input": map[string]any{"query": "latest"},
+				},
+			},
+		},
+		map[string]any{
+			"role": "user",
+			"content": []any{
+				map[string]any{
+					"type":    "tool_result",
+					"name":    "search_web",
+					"content": "ok",
+				},
+			},
+		},
+	}
+
+	got := normalizeClaudeMessages(msgs)
+	if len(got) != 2 {
+		t.Fatalf("expected 2 messages, got %#v", got)
+	}
+	assistant, _ := got[0].(map[string]any)
+	tc, _ := assistant["tool_calls"].([]any)
+	call, _ := tc[0].(map[string]any)
+	callID, _ := call["id"].(string)
+	if !strings.HasPrefix(callID, "call_claude_") {
+		t.Fatalf("expected generated call id, got %#v", call)
+	}
+	toolMsg, _ := got[1].(map[string]any)
+	if toolMsg["tool_call_id"] != callID {
+		t.Fatalf("expected tool_result to reuse generated id, got %#v", toolMsg)
+	}
+}
+
 // ─── buildClaudeToolPrompt ───────────────────────────────────────────
 
 func TestBuildClaudeToolPromptSingleTool(t *testing.T) {
@@ -251,9 +295,6 @@ func TestBuildClaudeToolPromptSingleTool(t *testing.T) {
 	if !containsStr(prompt, "<tool_calls>") {
 		t.Fatalf("expected XML tool_calls format in prompt")
 	}
-	if containsStr(prompt, "TOOL_CALL_HISTORY") || containsStr(prompt, "TOOL_RESULT_HISTORY") {
-		t.Fatalf("expected legacy tool history markers removed from prompt")
-	}
 	if !containsStr(prompt, "TOOL CALL FORMAT") {
 		t.Fatalf("expected tool call format header in prompt")
 	}

internal/adapter/claude/handler_utils.go

@@ -5,11 +5,17 @@ import (
 	"fmt"
 	"strings"
 
+	"ds2api/internal/prompt"
 	"ds2api/internal/util"
 )
 
 func normalizeClaudeMessages(messages []any) []any {
 	out := make([]any, 0, len(messages))
+	state := &claudeToolCallState{
+		nameByID:       map[string]string{},
+		lastIDByName:   map[string]string{},
+		callIDSequence: 0,
+	}
 	for _, m := range messages {
 		msg, ok := m.(map[string]any)
 		if !ok {
@@ -43,7 +49,7 @@ func normalizeClaudeMessages(messages []any) []any {
 				case "tool_use":
 					if role == "assistant" {
 						flushText()
-						if toolMsg := normalizeClaudeToolUseToAssistant(b); toolMsg != nil {
+						if toolMsg := normalizeClaudeToolUseToAssistant(b, state); toolMsg != nil {
 							out = append(out, toolMsg)
 						}
 						continue
@@ -53,7 +59,7 @@ func normalizeClaudeMessages(messages []any) []any {
 					}
 				case "tool_result":
 					flushText()
-					if toolMsg := normalizeClaudeToolResultToToolMessage(b); toolMsg != nil {
+					if toolMsg := normalizeClaudeToolResultToToolMessage(b, state); toolMsg != nil {
 						out = append(out, toolMsg)
 					}
 				default:
@@ -118,7 +124,7 @@ func formatClaudeToolResultForPrompt(block map[string]any) string {
 	return string(b)
 }
 
-func normalizeClaudeToolUseToAssistant(block map[string]any) map[string]any {
+func normalizeClaudeToolUseToAssistant(block map[string]any, state *claudeToolCallState) map[string]any {
 	if block == nil {
 		return nil
 	}
@@ -126,13 +132,15 @@ func normalizeClaudeToolUseToAssistant(block map[string]any) map[string]any {
 	if name == "" {
 		return nil
 	}
-	callID := strings.TrimSpace(fmt.Sprintf("%v", block["id"]))
+	callID := safeStringValue(block["id"])
 	if callID == "" {
-		callID = strings.TrimSpace(fmt.Sprintf("%v", block["tool_use_id"]))
+		callID = safeStringValue(block["tool_use_id"])
 	}
 	if callID == "" {
-		callID = "call_claude"
+		callID = state.nextID()
 	}
+	state.nameByID[callID] = name
+	state.lastIDByName[strings.ToLower(name)] = callID
 	arguments := block["input"]
 	if arguments == nil {
 		arguments = map[string]any{}
@@ -153,29 +161,39 @@ func normalizeClaudeToolUseToAssistant(block map[string]any) map[string]any {
 	}
 	return map[string]any{
 		"role":       "assistant",
-		"content":    marshalCompactJSON(toolCalls),
+		"content":    prompt.FormatToolCallsForPrompt(toolCalls),
 		"tool_calls": toolCalls,
 	}
 }
 
-func normalizeClaudeToolResultToToolMessage(block map[string]any) map[string]any {
+func normalizeClaudeToolResultToToolMessage(block map[string]any, state *claudeToolCallState) map[string]any {
 	if block == nil {
 		return nil
 	}
-	toolCallID := strings.TrimSpace(fmt.Sprintf("%v", block["tool_use_id"]))
+	name := safeStringValue(block["name"])
+	toolCallID := safeStringValue(block["tool_use_id"])
 	if toolCallID == "" {
-		toolCallID = strings.TrimSpace(fmt.Sprintf("%v", block["tool_call_id"]))
+		toolCallID = safeStringValue(block["tool_call_id"])
 	}
 	if toolCallID == "" {
-		toolCallID = "call_claude"
+		if name != "" {
+			toolCallID = strings.TrimSpace(state.lastIDByName[strings.ToLower(name)])
+		}
+	}
+	if toolCallID == "" {
+		toolCallID = state.nextID()
 	}
 	out := map[string]any{
 		"role":         "tool",
 		"tool_call_id": toolCallID,
 		"content":      normalizeClaudeToolResultContent(block["content"]),
 	}
-	if name := strings.TrimSpace(fmt.Sprintf("%v", block["name"])); name != "" {
+	if name != "" {
 		out["name"] = name
+		state.nameByID[toolCallID] = name
+		state.lastIDByName[strings.ToLower(name)] = toolCallID
+	} else if inferred := strings.TrimSpace(state.nameByID[toolCallID]); inferred != "" {
+		out["name"] = inferred
 	}
 	return out
 }
@@ -205,94 +223,3 @@ func formatClaudeBlockRaw(block map[string]any) string {
 	}
 	return string(b)
 }
-
-func hasSystemMessage(messages []any) bool {
-	for _, m := range messages {
-		msg, ok := m.(map[string]any)
-		if ok && msg["role"] == "system" {
-			return true
-		}
-	}
-	return false
-}
-
-func extractClaudeToolNames(tools []any) []string {
-	out := make([]string, 0, len(tools))
-	for _, t := range tools {
-		m, ok := t.(map[string]any)
-		if !ok {
-			continue
-		}
-		name, _, _ := extractClaudeToolMeta(m)
-		if name != "" {
-			out = append(out, name)
-		}
-	}
-	return out
-}
-
-func extractClaudeToolMeta(m map[string]any) (string, string, any) {
-	name, _ := m["name"].(string)
-	desc, _ := m["description"].(string)
-	schemaObj := m["input_schema"]
-	if schemaObj == nil {
-		schemaObj = m["parameters"]
-	}
-
-	if fn, ok := m["function"].(map[string]any); ok {
-		if strings.TrimSpace(name) == "" {
-			name, _ = fn["name"].(string)
-		}
-		if strings.TrimSpace(desc) == "" {
-			desc, _ = fn["description"].(string)
-		}
-		if schemaObj == nil {
-			if v, ok := fn["input_schema"]; ok {
-				schemaObj = v
-			}
-		}
-		if schemaObj == nil {
-			if v, ok := fn["parameters"]; ok {
-				schemaObj = v
-			}
-		}
-	}
-	return strings.TrimSpace(name), strings.TrimSpace(desc), schemaObj
-}
-
-func toMessageMaps(v any) []map[string]any {
-	arr, ok := v.([]any)
-	if !ok {
-		return nil
-	}
-	out := make([]map[string]any, 0, len(arr))
-	for _, item := range arr {
-		if m, ok := item.(map[string]any); ok {
-			out = append(out, m)
-		}
-	}
-	return out
-}
-
-func extractMessageContent(v any) string {
-	switch x := v.(type) {
-	case string:
-		return x
-	case []any:
-		parts := make([]string, 0, len(x))
-		for _, it := range x {
-			parts = append(parts, fmt.Sprintf("%v", it))
-		}
-		return strings.Join(parts, "\n")
-	default:
-		return fmt.Sprintf("%v", x)
-	}
-}
-
-func cloneMap(in map[string]any) map[string]any {
-	out := make(map[string]any, len(in))
-	for k, v := range in {
-		out[k] = v
-	}
-	return out
-}

internal/adapter/claude/tool_call_state.go

@@ -0,0 +1,25 @@
+package claude
+
+import (
+	"fmt"
+	"strings"
+)
+
+type claudeToolCallState struct {
+	nameByID       map[string]string
+	lastIDByName   map[string]string
+	callIDSequence int
+}
+
+func (s *claudeToolCallState) nextID() string {
+	s.callIDSequence++
+	return fmt.Sprintf("call_claude_%d", s.callIDSequence)
+}
+
+func safeStringValue(v any) string {
+	s, ok := v.(string)
+	if !ok {
+		return ""
+	}
+	return strings.TrimSpace(s)
+}

internal/adapter/gemini/convert_messages.go

@@ -1,11 +1,20 @@
 package gemini
 
-import "strings"
+import (
+	"fmt"
+	"strings"
+)
 
 const maxGeminiRawPromptChars = 1024
 
 func geminiMessagesFromRequest(req map[string]any) []any {
 	out := make([]any, 0, 8)
+	toolCallCounter := 0
+	nextToolCallID := func() string {
+		toolCallCounter++
+		return fmt.Sprintf("call_gemini_%d", toolCallCounter)
+	}
+	lastToolCallIDByName := map[string]string{}
 	if sys := normalizeGeminiSystemInstruction(req["systemInstruction"]); strings.TrimSpace(sys) != "" {
 		out = append(out, map[string]any{
 			"role":    "system",
@@ -61,8 +70,11 @@ func geminiMessagesFromRequest(req map[string]any) []any {
 				if name := strings.TrimSpace(asString(fnCall["name"])); name != "" {
 					callID := strings.TrimSpace(asString(fnCall["id"]))
 					if callID == "" {
-						callID = "call_gemini"
+						if callID = strings.TrimSpace(asString(fnCall["call_id"])); callID == "" {
+							callID = nextToolCallID()
+						}
 					}
+					lastToolCallIDByName[strings.ToLower(name)] = callID
 					out = append(out, map[string]any{
 						"role": "assistant",
 						"tool_calls": []any{
@@ -91,7 +103,10 @@ func geminiMessagesFromRequest(req map[string]any) []any {
 					callID = strings.TrimSpace(asString(fnResp["tool_call_id"]))
 				}
 				if callID == "" {
-					callID = "call_gemini"
+					callID = strings.TrimSpace(lastToolCallIDByName[strings.ToLower(name)])
+				}
+				if callID == "" {
+					callID = nextToolCallID()
 				}
 				content := fnResp["response"]
 				if content == nil {

internal/adapter/gemini/convert_messages_test.go

@@ -82,3 +82,48 @@ func TestGeminiMessagesFromRequestPreservesUnknownPartAsRawJSONText(t *testing.T
 		t.Fatalf("expected raw base64 payload not to be embedded, got %q", content)
 	}
 }
+
+func TestGeminiMessagesFromRequestBackfillsFunctionResponseCallIDByName(t *testing.T) {
+	req := map[string]any{
+		"contents": []any{
+			map[string]any{
+				"role": "model",
+				"parts": []any{
+					map[string]any{
+						"functionCall": map[string]any{
+							"name": "search_web",
+							"args": map[string]any{"query": "docs"},
+						},
+					},
+				},
+			},
+			map[string]any{
+				"role": "user",
+				"parts": []any{
+					map[string]any{
+						"functionResponse": map[string]any{
+							"name":     "search_web",
+							"response": map[string]any{"ok": true},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	got := geminiMessagesFromRequest(req)
+	if len(got) != 2 {
+		t.Fatalf("expected two normalized messages, got %#v", got)
+	}
+	assistant, _ := got[0].(map[string]any)
+	tc, _ := assistant["tool_calls"].([]any)
+	call, _ := tc[0].(map[string]any)
+	callID, _ := call["id"].(string)
+	if !strings.HasPrefix(callID, "call_gemini_") {
+		t.Fatalf("expected generated call id prefix, got %#v", call)
+	}
+	toolMsg, _ := got[1].(map[string]any)
+	if toolMsg["tool_call_id"] != callID {
+		t.Fatalf("expected tool response to inherit generated call id, tool=%#v call=%#v", toolMsg, call)
+	}
+}

internal/adapter/openai/chat_stream_runtime.go

@@ -97,7 +97,7 @@ func (s *chatStreamRuntime) sendDone() {
 
 func (s *chatStreamRuntime) finalize(finishReason string) {
 	finalThinking := s.thinking.String()
-	finalText := sanitizeLeakedToolHistory(s.text.String())
+	finalText := sanitizeLeakedOutput(s.text.String())
 	detected := util.ParseStandaloneToolCallsDetailed(finalText, s.toolNames)
 	if len(detected.Calls) > 0 && !s.toolCallsDoneEmitted {
 		finishReason = "tool_calls"
@@ -141,7 +141,7 @@ func (s *chatStreamRuntime) finalize(finishReason string) {
 			if evt.Content == "" {
 				continue
 			}
-			cleaned := sanitizeLeakedToolHistory(evt.Content)
+			cleaned := sanitizeLeakedOutput(evt.Content)
 			if cleaned == "" {
 				continue
 			}
@@ -250,7 +250,7 @@ func (s *chatStreamRuntime) onParsed(parsed sse.LineResult) streamengine.ParsedD
 						continue
 					}
 					if evt.Content != "" {
-						cleaned := sanitizeLeakedToolHistory(evt.Content)
+						cleaned := sanitizeLeakedOutput(evt.Content)
 						if cleaned == "" {
 							continue
 						}

internal/adapter/openai/handler_chat.go

@@ -105,7 +105,7 @@ func (h *Handler) handleNonStream(w http.ResponseWriter, ctx context.Context, re
 	result := sse.CollectStream(resp, thinkingEnabled, true)
 
 	finalThinking := result.Thinking
-	finalText := sanitizeLeakedToolHistory(result.Text)
+	finalText := sanitizeLeakedOutput(result.Text)
 	respBody := openaifmt.BuildChatCompletion(completionID, model, finalPrompt, finalThinking, finalText, toolNames)
 	writeJSON(w, http.StatusOK, respBody)
 }

internal/adapter/openai/handler_toolcall_policy.go

@@ -1,19 +1,9 @@
 package openai
 
-import "strings"
-
 func (h *Handler) toolcallFeatureMatchEnabled() bool {
-	if h == nil || h.Store == nil {
+	return true
-		return true
-	}
-	mode := strings.TrimSpace(strings.ToLower(h.Store.ToolcallMode()))
-	return mode == "" || mode == "feature_match"
 }
 
 func (h *Handler) toolcallEarlyEmitHighConfidence() bool {
-	if h == nil || h.Store == nil {
+	return true
-		return true
-	}
-	level := strings.TrimSpace(strings.ToLower(h.Store.ToolcallEarlyEmitConfidence()))
-	return level == "" || level == "high"
 }

internal/adapter/openai/leaked_output_sanitize.go

@@ -0,0 +1,70 @@
+package openai
+
+import (
+	"regexp"
+)
+
+var emptyJSONFencePattern = regexp.MustCompile("(?is)```json\\s*```")
+var leakedToolCallArrayPattern = regexp.MustCompile(`(?is)\[\{\s*"function"\s*:\s*\{[\s\S]*?\}\s*,\s*"id"\s*:\s*"call[^"]*"\s*,\s*"type"\s*:\s*"function"\s*}\]`)
+var leakedToolResultBlobPattern = regexp.MustCompile(`(?is)<\s*\|\s*tool\s*\|\s*>\s*\{[\s\S]*?"tool_call_id"\s*:\s*"call[^"]*"\s*}`)
+
+// leakedMetaMarkerPattern matches DeepSeek special tokens in BOTH forms:
+//   - ASCII underscore: <｜end_of_sentence｜>
+//   - U+2581 variant:   <｜end▁of▁sentence｜>  (used in some DeepSeek outputs)
+var leakedMetaMarkerPattern = regexp.MustCompile(`(?i)<[｜\|]\s*(?:assistant|tool|end[_▁]of[_▁]sentence|end[_▁]of[_▁]thinking)\s*[｜\|]>`)
+
+// leakedAgentXMLBlockPatterns catch agent-style XML blocks that leak through
+// when the sieve fails to capture them. These are applied only to complete
+// wrapper blocks so standalone "<result>" examples in normal output remain
+// untouched.
+var leakedAgentXMLBlockPatterns = []*regexp.Regexp{
+	regexp.MustCompile(`(?is)<attempt_completion\b[^>]*>(.*?)</attempt_completion>`),
+	regexp.MustCompile(`(?is)<ask_followup_question\b[^>]*>(.*?)</ask_followup_question>`),
+	regexp.MustCompile(`(?is)<new_task\b[^>]*>(.*?)</new_task>`),
+}
+
+var leakedAgentWrapperTagPattern = regexp.MustCompile(`(?is)</?(?:attempt_completion|ask_followup_question|new_task)\b[^>]*>`)
+var leakedAgentWrapperPlusResultOpenPattern = regexp.MustCompile(`(?is)<(?:attempt_completion|ask_followup_question|new_task)\b[^>]*>\s*<result>`)
+var leakedAgentResultPlusWrapperClosePattern = regexp.MustCompile(`(?is)</result>\s*</(?:attempt_completion|ask_followup_question|new_task)\b[^>]*>`)
+var leakedAgentResultTagPattern = regexp.MustCompile(`(?is)</?result>`)
+
+func sanitizeLeakedOutput(text string) string {
+	if text == "" {
+		return text
+	}
+	out := emptyJSONFencePattern.ReplaceAllString(text, "")
+	out = leakedToolCallArrayPattern.ReplaceAllString(out, "")
+	out = leakedToolResultBlobPattern.ReplaceAllString(out, "")
+	out = leakedMetaMarkerPattern.ReplaceAllString(out, "")
+	out = sanitizeLeakedAgentXMLBlocks(out)
+	return out
+}
+
+func sanitizeLeakedAgentXMLBlocks(text string) string {
+	out := text
+	for _, pattern := range leakedAgentXMLBlockPatterns {
+		out = pattern.ReplaceAllStringFunc(out, func(match string) string {
+			submatches := pattern.FindStringSubmatch(match)
+			if len(submatches) < 2 {
+				return match
+			}
+			// Preserve the inner text so leaked agent instructions do not erase
+			// the actual answer, but strip the wrapper/result markup itself.
+			return leakedAgentResultTagPattern.ReplaceAllString(submatches[1], "")
+		})
+	}
+	// Fallback for truncated output streams: strip any dangling wrapper tags
+	// that were not part of a complete block replacement. If we detect leaked
+	// wrapper tags, strip only adjacent <result> tags to avoid exposing agent
+	// markup without altering unrelated user-visible <result> examples.
+	if leakedAgentWrapperTagPattern.MatchString(out) {
+		out = leakedAgentWrapperPlusResultOpenPattern.ReplaceAllStringFunc(out, func(match string) string {
+			return leakedAgentResultTagPattern.ReplaceAllString(match, "")
+		})
+		out = leakedAgentResultPlusWrapperClosePattern.ReplaceAllStringFunc(out, func(match string) string {
+			return leakedAgentResultTagPattern.ReplaceAllString(match, "")
+		})
+		out = leakedAgentWrapperTagPattern.ReplaceAllString(out, "")
+	}
+	return out
+}

internal/adapter/openai/leaked_output_sanitize_test.go

@@ -0,0 +1,68 @@
+package openai
+
+import "testing"
+
+func TestSanitizeLeakedOutputRemovesEmptyJSONFence(t *testing.T) {
+	raw := "before\n```json\n```\nafter"
+	got := sanitizeLeakedOutput(raw)
+	if got != "before\n\nafter" {
+		t.Fatalf("unexpected sanitized empty json fence: %q", got)
+	}
+}
+
+func TestSanitizeLeakedOutputRemovesLeakedWireToolCallAndResult(t *testing.T) {
+	raw := "开始\n[{\"function\":{\"arguments\":\"{\\\"command\\\":\\\"java -version\\\"}\",\"name\":\"exec\"},\"id\":\"callb9a321\",\"type\":\"function\"}]< | Tool | >{\"content\":\"openjdk version 21\",\"tool_call_id\":\"callb9a321\"}\n结束"
+	got := sanitizeLeakedOutput(raw)
+	if got != "开始\n\n结束" {
+		t.Fatalf("unexpected sanitize result for leaked wire format: %q", got)
+	}
+}
+
+func TestSanitizeLeakedOutputRemovesStandaloneMetaMarkers(t *testing.T) {
+	raw := "A<| end_of_sentence |><| Assistant |>B<| end_of_thinking |>C<｜end▁of▁thinking｜>D<｜end▁of▁sentence｜>E"
+	got := sanitizeLeakedOutput(raw)
+	if got != "ABCDE" {
+		t.Fatalf("unexpected sanitize result for meta markers: %q", got)
+	}
+}
+
+func TestSanitizeLeakedOutputRemovesAgentXMLLeaks(t *testing.T) {
+	raw := "Done.<attempt_completion><result>Some final answer</result></attempt_completion>"
+	got := sanitizeLeakedOutput(raw)
+	if got != "Done.Some final answer" {
+		t.Fatalf("unexpected sanitize result for agent XML leak: %q", got)
+	}
+}
+
+func TestSanitizeLeakedOutputPreservesStandaloneResultTags(t *testing.T) {
+	raw := "Example XML: <result>value</result>"
+	got := sanitizeLeakedOutput(raw)
+	if got != raw {
+		t.Fatalf("unexpected sanitize result for standalone result tag: %q", got)
+	}
+}
+
+func TestSanitizeLeakedOutputRemovesDanglingAgentXMLOpeningTags(t *testing.T) {
+	raw := "Done.<attempt_completion><result>Some final answer"
+	got := sanitizeLeakedOutput(raw)
+	if got != "Done.Some final answer" {
+		t.Fatalf("unexpected sanitize result for dangling opening tags: %q", got)
+	}
+}
+
+func TestSanitizeLeakedOutputRemovesDanglingAgentXMLClosingTags(t *testing.T) {
+	raw := "Done.Some final answer</result></attempt_completion>"
+	got := sanitizeLeakedOutput(raw)
+	if got != "Done.Some final answer" {
+		t.Fatalf("unexpected sanitize result for dangling closing tags: %q", got)
+	}
+}
+
+func TestSanitizeLeakedOutputPreservesUnrelatedResultTagsWhenWrapperLeaks(t *testing.T) {
+	raw := "Done.<attempt_completion><result>Some final answer\nExample XML: <result>value</result>"
+	got := sanitizeLeakedOutput(raw)
+	want := "Done.Some final answer\nExample XML: <result>value</result>"
+	if got != want {
+		t.Fatalf("unexpected sanitize result for mixed leaked wrapper + xml example: %q", got)
+	}
+}

internal/adapter/openai/message_normalize.go

@@ -1,7 +1,6 @@
 package openai
 
 import (
-	"encoding/json"
 	"strings"
 
 	"ds2api/internal/prompt"
@@ -55,7 +54,18 @@ func normalizeOpenAIMessagesForPrompt(raw []any, traceID string) []map[string]an
 }
 
 func buildAssistantContentForPrompt(msg map[string]any) string {
-	return strings.TrimSpace(normalizeOpenAIContentForPrompt(msg["content"]))
+	content := strings.TrimSpace(normalizeOpenAIContentForPrompt(msg["content"]))
+	toolHistory := prompt.FormatToolCallsForPrompt(msg["tool_calls"])
+	switch {
+	case content == "" && toolHistory == "":
+		return ""
+	case content == "":
+		return toolHistory
+	case toolHistory == "":
+		return content
+	default:
+		return content + "\n\n" + toolHistory
+	}
 }
 
 func buildToolContentForPrompt(msg map[string]any) string {
@@ -70,18 +80,6 @@ func normalizeOpenAIContentForPrompt(v any) string {
 	return prompt.NormalizeContent(v)
 }
 
-func normalizeToolArgumentString(raw string) string {
-	trimmed := strings.TrimSpace(raw)
-	if trimmed == "" {
-		return ""
-	}
-	if looksLikeConcatenatedJSON(trimmed) {
-		// Keep original payload to avoid silent argument rewrites.
-		return raw
-	}
-	return trimmed
-}
-
 func normalizeOpenAIRoleForPrompt(role string) string {
 	role = strings.ToLower(strings.TrimSpace(role))
 	if role == "developer" {
@@ -96,20 +94,3 @@ func asString(v any) string {
 	}
 	return ""
 }
-
-func looksLikeConcatenatedJSON(raw string) bool {
-	trimmed := strings.TrimSpace(raw)
-	if trimmed == "" {
-		return false
-	}
-	if strings.Contains(trimmed, "}{") || strings.Contains(trimmed, "][") {
-		return true
-	}
-	dec := json.NewDecoder(strings.NewReader(trimmed))
-	var first any
-	if err := dec.Decode(&first); err != nil {
-		return false
-	}
-	var second any
-	return dec.Decode(&second) == nil
-}

internal/adapter/openai/message_normalize_test.go

@@ -34,20 +34,23 @@ func TestNormalizeOpenAIMessagesForPrompt_AssistantToolCallsAndToolResult(t *tes
 	}
 
 	normalized := normalizeOpenAIMessagesForPrompt(raw, "")
-	if len(normalized) != 3 {
+	if len(normalized) != 4 {
-		t.Fatalf("expected 3 normalized messages with tool-call-only assistant turn omitted, got %d", len(normalized))
+		t.Fatalf("expected 4 normalized messages with assistant tool history preserved, got %d", len(normalized))
 	}
-	toolContent, _ := normalized[2]["content"].(string)
+	assistantContent, _ := normalized[2]["content"].(string)
-	if !strings.Contains(toolContent, `"temp":18`) {
+	if !strings.Contains(assistantContent, "<tool_calls>") {
-		t.Fatalf("tool result should be transparently forwarded, got %q", toolContent)
+		t.Fatalf("assistant tool history should be preserved in XML form, got %q", assistantContent)
 	}
-	if strings.Contains(toolContent, "[TOOL_RESULT_HISTORY]") {
+	if !strings.Contains(assistantContent, "<tool_name>get_weather</tool_name>") {
-		t.Fatalf("tool history marker should not be injected: %q", toolContent)
+		t.Fatalf("expected tool name in preserved history, got %q", assistantContent)
+	}
+	if !strings.Contains(normalized[3]["content"].(string), `"temp":18`) {
+		t.Fatalf("tool result should be transparently forwarded, got %#v", normalized[3]["content"])
 	}
 
 	prompt := util.MessagesPrepare(normalized)
-	if strings.Contains(prompt, "[TOOL_CALL_HISTORY]") || strings.Contains(prompt, "[TOOL_RESULT_HISTORY]") {
+	if !strings.Contains(prompt, "<tool_calls>") {
-		t.Fatalf("expected no synthetic history markers in prompt: %q", prompt)
+		t.Fatalf("expected preserved assistant tool history in prompt: %q", prompt)
 	}
 }
 
@@ -170,8 +173,15 @@ func TestNormalizeOpenAIMessagesForPrompt_AssistantMultipleToolCallsRemainSepara
 	}
 
 	normalized := normalizeOpenAIMessagesForPrompt(raw, "")
-	if len(normalized) != 0 {
+	if len(normalized) != 1 {
-		t.Fatalf("expected assistant tool_call-only message omitted, got %#v", normalized)
+		t.Fatalf("expected assistant tool_call-only message preserved, got %#v", normalized)
+	}
+	content, _ := normalized[0]["content"].(string)
+	if strings.Count(content, "<tool_call>") != 2 {
+		t.Fatalf("expected two preserved tool call blocks, got %q", content)
+	}
+	if !strings.Contains(content, "<tool_name>search_web</tool_name>") || !strings.Contains(content, "<tool_name>eval_javascript</tool_name>") {
+		t.Fatalf("expected both tool names in preserved history, got %q", content)
 	}
 }
 
@@ -192,8 +202,12 @@ func TestNormalizeOpenAIMessagesForPrompt_PreservesConcatenatedToolArguments(t *
 	}
 
 	normalized := normalizeOpenAIMessagesForPrompt(raw, "")
-	if len(normalized) != 0 {
+	if len(normalized) != 1 {
-		t.Fatalf("expected assistant tool_call-only content omitted, got %#v", normalized)
+		t.Fatalf("expected assistant tool_call-only content preserved, got %#v", normalized)
+	}
+	content, _ := normalized[0]["content"].(string)
+	if !strings.Contains(content, `{}{"query":"测试工具调用"}`) {
+		t.Fatalf("expected concatenated tool arguments preserved, got %q", content)
 	}
 }
 
@@ -215,7 +229,7 @@ func TestNormalizeOpenAIMessagesForPrompt_AssistantToolCallsMissingNameAreDroppe
 
 	normalized := normalizeOpenAIMessagesForPrompt(raw, "")
 	if len(normalized) != 0 {
-		t.Fatalf("expected assistant tool_calls without text omitted, got %#v", normalized)
+		t.Fatalf("expected assistant tool_calls without text to be dropped when name is missing, got %#v", normalized)
 	}
 }
 
@@ -237,8 +251,15 @@ func TestNormalizeOpenAIMessagesForPrompt_AssistantNilContentDoesNotInjectNullLi
 	}
 
 	normalized := normalizeOpenAIMessagesForPrompt(raw, "")
-	if len(normalized) != 0 {
+	if len(normalized) != 1 {
-		t.Fatalf("expected nil-content assistant tool_call-only message omitted, got %#v", normalized)
+		t.Fatalf("expected nil-content assistant tool_call-only message preserved, got %#v", normalized)
+	}
+	content, _ := normalized[0]["content"].(string)
+	if strings.Contains(content, "null") {
+		t.Fatalf("expected no null literal injection, got %q", content)
+	}
+	if !strings.Contains(content, "<tool_calls>") {
+		t.Fatalf("expected assistant tool history in normalized content, got %q", content)
 	}
 }
 

internal/adapter/openai/prompt_build_test.go

@@ -47,8 +47,11 @@ func TestBuildOpenAIFinalPrompt_HandlerPathIncludesToolRoundtripSemantics(t *tes
 	if !strings.Contains(finalPrompt, `"condition":"sunny"`) {
 		t.Fatalf("handler finalPrompt should preserve tool output content: %q", finalPrompt)
 	}
-	if strings.Contains(finalPrompt, "[TOOL_CALL_HISTORY]") || strings.Contains(finalPrompt, "[TOOL_RESULT_HISTORY]") {
+	if !strings.Contains(finalPrompt, "<tool_calls>") {
-		t.Fatalf("handler finalPrompt should not include synthetic history markers: %q", finalPrompt)
+		t.Fatalf("handler finalPrompt should preserve assistant tool history: %q", finalPrompt)
+	}
+	if !strings.Contains(finalPrompt, "<tool_name>get_weather</tool_name>") {
+		t.Fatalf("handler finalPrompt should include tool name history: %q", finalPrompt)
 	}
 }
 

internal/adapter/openai/responses_handler.go

@@ -113,7 +113,7 @@ func (h *Handler) handleResponsesNonStream(w http.ResponseWriter, resp *http.Res
 		return
 	}
 	result := sse.CollectStream(resp, thinkingEnabled, true)
-	sanitizedText := sanitizeLeakedToolHistory(result.Text)
+	sanitizedText := sanitizeLeakedOutput(result.Text)
 	textParsed := util.ParseStandaloneToolCallsDetailed(sanitizedText, toolNames)
 	logResponsesToolPolicyRejection(traceID, toolChoice, textParsed, "text")
 

internal/adapter/openai/responses_input_items.go

@@ -1,11 +1,11 @@
 package openai
 
 import (
-	"encoding/json"
 	"fmt"
 	"strings"
 
 	"ds2api/internal/config"
+	"ds2api/internal/prompt"
 )
 
 func normalizeResponsesInputItem(m map[string]any) map[string]any {
@@ -148,7 +148,7 @@ func normalizeResponsesInputItemWithState(m map[string]any, callNameByID map[str
 
 		functionPayload := map[string]any{
 			"name":      name,
-			"arguments": stringifyToolCallArguments(argsRaw),
+			"arguments": prompt.StringifyToolCallArguments(argsRaw),
 		}
 		call := map[string]any{
 			"type":     "function",
@@ -211,26 +211,3 @@ func normalizeResponsesFallbackPart(m map[string]any) string {
 	}
 	return strings.TrimSpace(fmt.Sprintf("%v", m))
 }
-
-func stringifyToolCallArguments(v any) string {
-	switch x := v.(type) {
-	case nil:
-		return "{}"
-	case string:
-		s := strings.TrimSpace(x)
-		if s == "" {
-			return "{}"
-		}
-		s = normalizeToolArgumentString(s)
-		if s == "" {
-			return "{}"
-		}
-		return s
-	default:
-		b, err := json.Marshal(x)
-		if err != nil || len(b) == 0 {
-			return "{}"
-		}
-		return string(b)
-	}
-}

internal/adapter/openai/responses_stream_runtime_core.go

@@ -97,7 +97,7 @@ func newResponsesStreamRuntime(
 
 func (s *responsesStreamRuntime) finalize() {
 	finalThinking := s.thinking.String()
-	finalText := sanitizeLeakedToolHistory(s.text.String())
+	finalText := sanitizeLeakedOutput(s.text.String())
 
 	if s.bufferToolContent {
 		s.processToolStreamEvents(flushToolSieve(&s.sieve, s.toolNames), true)
@@ -194,7 +194,7 @@ func (s *responsesStreamRuntime) onParsed(parsed sse.LineResult) streamengine.Pa
 			continue
 		}
 
-		cleanedText := sanitizeLeakedToolHistory(p.Text)
+		cleanedText := sanitizeLeakedOutput(p.Text)
 		if cleanedText == "" {
 			continue
 		}

internal/adapter/openai/tool_history_sanitize.go

@@ -1,32 +0,0 @@
-package openai
-
-import (
-	"regexp"
-)
-
-var leakedToolHistoryPattern = regexp.MustCompile(`(?is)\[TOOL_CALL_HISTORY\][\s\S]*?\[/TOOL_CALL_HISTORY\]|\[TOOL_RESULT_HISTORY\][\s\S]*?\[/TOOL_RESULT_HISTORY\]`)
-var emptyJSONFencePattern = regexp.MustCompile("(?is)```json\\s*```")
-var leakedToolCallArrayPattern = regexp.MustCompile(`(?is)\[\{\s*"function"\s*:\s*\{[\s\S]*?\}\s*,\s*"id"\s*:\s*"call[^"]*"\s*,\s*"type"\s*:\s*"function"\s*}\]`)
-var leakedToolResultBlobPattern = regexp.MustCompile(`(?is)<\s*\|\s*tool\s*\|\s*>\s*\{[\s\S]*?"tool_call_id"\s*:\s*"call[^"]*"\s*}`)
-
-// leakedMetaMarkerPattern matches DeepSeek special tokens in BOTH forms:
-//   - ASCII underscore: <｜end_of_sentence｜>
-//   - U+2581 variant:   <｜end▁of▁sentence｜>  (used in some DeepSeek outputs)
-var leakedMetaMarkerPattern = regexp.MustCompile(`(?i)<[｜\|]\s*(?:assistant|tool|end[_▁]of[_▁]sentence|end[_▁]of[_▁]thinking)\s*[｜\|]>`)
-
-// leakedAgentXMLPattern catches agent-style XML tags that leak through when
-// the sieve fails to capture them (e.g. incomplete blocks at stream end).
-var leakedAgentXMLPattern = regexp.MustCompile(`(?is)</?(?:attempt_completion|ask_followup_question|new_task|result)>`)
-
-func sanitizeLeakedToolHistory(text string) string {
-	if text == "" {
-		return text
-	}
-	out := leakedToolHistoryPattern.ReplaceAllString(text, "")
-	out = emptyJSONFencePattern.ReplaceAllString(out, "")
-	out = leakedToolCallArrayPattern.ReplaceAllString(out, "")
-	out = leakedToolResultBlobPattern.ReplaceAllString(out, "")
-	out = leakedMetaMarkerPattern.ReplaceAllString(out, "")
-	out = leakedAgentXMLPattern.ReplaceAllString(out, "")
-	return out
-}

internal/adapter/openai/tool_history_sanitize_test.go

@@ -1,130 +0,0 @@
-package openai
-
-import "testing"
-
-func TestSanitizeLeakedToolHistoryRemovesMarkerBlocks(t *testing.T) {
-	raw := "前缀\n[TOOL_CALL_HISTORY]\nfunction.name: exec\nfunction.arguments: {}\n[/TOOL_CALL_HISTORY]\n后缀"
-	got := sanitizeLeakedToolHistory(raw)
-	if got != "前缀\n\n后缀" {
-		t.Fatalf("unexpected sanitized content: %q", got)
-	}
-}
-
-func TestSanitizeLeakedToolHistoryPreservesChunkWhitespace(t *testing.T) {
-	cases := []struct {
-		name string
-		raw  string
-		want string
-	}{
-		{
-			name: "trailing space kept",
-			raw:  "Hello ",
-			want: "Hello ",
-		},
-		{
-			name: "leading newline kept",
-			raw:  "\nworld",
-			want: "\nworld",
-		},
-		{
-			name: "surrounding whitespace around marker is preserved",
-			raw:  "A \n[TOOL_RESULT_HISTORY]\nfunction.name: exec\nfunction.arguments: {}\n[/TOOL_RESULT_HISTORY]\n B",
-			want: "A \n\n B",
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.name, func(t *testing.T) {
-			got := sanitizeLeakedToolHistory(tc.raw)
-			if got != tc.want {
-				t.Fatalf("unexpected sanitize result, want %q got %q", tc.want, got)
-			}
-		})
-	}
-}
-
-func TestSanitizeLeakedToolHistoryRemovesEmptyJSONFence(t *testing.T) {
-	raw := "before\n```json\n```\nafter"
-	got := sanitizeLeakedToolHistory(raw)
-	if got != "before\n\nafter" {
-		t.Fatalf("unexpected sanitized empty json fence: %q", got)
-	}
-}
-
-func TestFlushToolSieveDropsToolHistoryLeak(t *testing.T) {
-	var state toolStreamSieveState
-	chunk := "[TOOL_CALL_HISTORY]\nstatus: already_called\nfunction.name: exec\nfunction.arguments: {}\n[/TOOL_CALL_HISTORY]"
-	evts := processToolSieveChunk(&state, chunk, []string{"exec"})
-	if len(evts) != 0 {
-		t.Fatalf("expected no immediate output before history block is complete, got %+v", evts)
-	}
-	flushed := flushToolSieve(&state, []string{"exec"})
-	if len(flushed) != 0 {
-		t.Fatalf("expected history block to be swallowed, got %+v", flushed)
-	}
-}
-
-func TestFlushToolSieveDropsToolResultHistoryLeak(t *testing.T) {
-	var state toolStreamSieveState
-	chunk := "[TOOL_RESULT_HISTORY]\nstatus: already_called\nfunction.name: exec\nfunction.arguments: {}\n[/TOOL_RESULT_HISTORY]"
-	evts := processToolSieveChunk(&state, chunk, []string{"exec"})
-	if len(evts) != 0 {
-		t.Fatalf("expected no immediate output before result history block is complete, got %+v", evts)
-	}
-	flushed := flushToolSieve(&state, []string{"exec"})
-	if len(flushed) != 0 {
-		t.Fatalf("expected result history block to be swallowed, got %+v", flushed)
-	}
-}
-
-func TestSanitizeLeakedToolHistoryRemovesLeakedWireToolCallAndResult(t *testing.T) {
-	raw := "开始\n[{\"function\":{\"arguments\":\"{\\\"command\\\":\\\"java -version\\\"}\",\"name\":\"exec\"},\"id\":\"callb9a321\",\"type\":\"function\"}]< | Tool | >{\"content\":\"openjdk version 21\",\"tool_call_id\":\"callb9a321\"}\n结束"
-	got := sanitizeLeakedToolHistory(raw)
-	if got != "开始\n\n结束" {
-		t.Fatalf("unexpected sanitize result for leaked wire format: %q", got)
-	}
-}
-
-func TestSanitizeLeakedToolHistoryRemovesStandaloneMetaMarkers(t *testing.T) {
-	raw := "A<| end_of_sentence |><| Assistant |>B<| end_of_thinking |>C<｜end▁of▁thinking｜>D<｜end▁of▁sentence｜>E"
-	got := sanitizeLeakedToolHistory(raw)
-	if got != "ABCDE" {
-		t.Fatalf("unexpected sanitize result for meta markers: %q", got)
-	}
-}
-
-func TestSanitizeLeakedToolHistoryRemovesAgentXMLLeaks(t *testing.T) {
-	raw := "Done.<attempt_completion><result>Some final answer</result></attempt_completion>"
-	got := sanitizeLeakedToolHistory(raw)
-	if got != "Done.Some final answer" {
-		t.Fatalf("unexpected sanitize result for agent XML leak: %q", got)
-	}
-}
-
-func TestProcessToolSieveChunkSplitsResultHistoryBoundary(t *testing.T) {
-	var state toolStreamSieveState
-	parts := []string{
-		"Hello ",
-		"[TOOL_RESULT_HISTORY]\nstatus: already_called\n",
-		"function.name: exec\nfunction.arguments: {}\n[/TOOL_RESULT_HISTORY]",
-		"world",
-	}
-	var events []toolStreamEvent
-	for _, p := range parts {
-		events = append(events, processToolSieveChunk(&state, p, []string{"exec"})...)
-	}
-	events = append(events, flushToolSieve(&state, []string{"exec"})...)
-
-	var text string
-	for _, evt := range events {
-		if evt.Content != "" {
-			text += evt.Content
-		}
-		if len(evt.ToolCalls) > 0 {
-			t.Fatalf("did not expect parsed tool calls from history leak: %+v", evt.ToolCalls)
-		}
-	}
-	if text != "Hello world" {
-		t.Fatalf("expected clean text output preserving boundary spaces, got %q", text)
-	}
-}

internal/adapter/openai/tool_sieve_core.go

@@ -183,7 +183,7 @@ func findToolSegmentStart(s string) int {
 		return -1
 	}
 	lower := strings.ToLower(s)
-	keywords := []string{"tool_calls", "\"function\"", "function.name:", "[tool_call_history]", "[tool_result_history]"}
+	keywords := []string{"tool_calls", "\"function\"", "function.name:", "\"tool_use\""}
 	bestKeyIdx := -1
 	for _, kw := range keywords {
 		idx := strings.Index(lower, kw)
@@ -191,6 +191,9 @@ func findToolSegmentStart(s string) int {
 			bestKeyIdx = idx
 		}
 	}
+	if fnKeyIdx := findQuotedFunctionCallKeyStart(s); fnKeyIdx >= 0 && (bestKeyIdx < 0 || fnKeyIdx < bestKeyIdx) {
+		bestKeyIdx = fnKeyIdx
+	}
 	// Also detect XML tool call tags.
 	for _, tag := range xmlToolTagsToDetect {
 		idx := strings.Index(lower, tag)
@@ -240,22 +243,22 @@ func consumeToolCapture(state *toolStreamSieveState, toolNames []string) (prefix
 
 	lower := strings.ToLower(captured)
 	keyIdx := -1
-	keywords := []string{"tool_calls", "\"function\"", "function.name:", "[tool_call_history]", "[tool_result_history]"}
+	keywords := []string{"tool_calls", "\"function\"", "function.name:", "\"tool_use\""}
 	for _, kw := range keywords {
 		idx := strings.Index(lower, kw)
 		if idx >= 0 && (keyIdx < 0 || idx < keyIdx) {
 			keyIdx = idx
 		}
 	}
+	if fnKeyIdx := findQuotedFunctionCallKeyStart(captured); fnKeyIdx >= 0 && (keyIdx < 0 || fnKeyIdx < keyIdx) {
+		keyIdx = fnKeyIdx
+	}
 
 	if keyIdx < 0 {
 		return "", nil, "", false
 	}
 	start := strings.LastIndex(captured[:keyIdx], "{")
 	if start < 0 {
-		if blockStart, blockEnd, ok := extractToolHistoryBlock(captured, keyIdx); ok {
-			return captured[:blockStart], nil, captured[blockEnd:], true
-		}
 		start = keyIdx
 	}
 	obj, end, ok := extractJSONObjectFrom(captured, start)

internal/adapter/openai/tool_sieve_functioncall.go

@@ -0,0 +1,100 @@
+package openai
+
+import "strings"
+
+func findQuotedFunctionCallKeyStart(s string) int {
+	lower := strings.ToLower(s)
+	quotedIdx := findFunctionCallKeyStart(lower, `"functioncall"`)
+	bareIdx := findFunctionCallKeyStart(lower, "functioncall")
+
+	// Prefer the quoted JSON key whenever we have a structural match.
+	// Bare-key detection is only for loose payloads where the quoted form
+	// is absent.
+	if quotedIdx >= 0 {
+		return quotedIdx
+	}
+	return bareIdx
+}
+
+func findFunctionCallKeyStart(lower, key string) int {
+	for from := 0; from < len(lower); {
+		rel := strings.Index(lower[from:], key)
+		if rel < 0 {
+			return -1
+		}
+		idx := from + rel
+		if isInsideJSONString(lower, idx) {
+			from = idx + 1
+			continue
+		}
+		if !hasJSONObjectContextPrefix(lower[:idx]) {
+			from = idx + 1
+			continue
+		}
+		if !hasJSONKeyBoundary(lower, idx, len(key)) {
+			from = idx + 1
+			continue
+		}
+		j := idx + len(key)
+		for j < len(lower) && (lower[j] == ' ' || lower[j] == '\t' || lower[j] == '\r' || lower[j] == '\n') {
+			j++
+		}
+		if j < len(lower) && lower[j] == ':' {
+			k := j + 1
+			for k < len(lower) && (lower[k] == ' ' || lower[k] == '\t' || lower[k] == '\r' || lower[k] == '\n') {
+				k++
+			}
+			if k < len(lower) && lower[k] != '{' {
+				from = idx + 1
+				continue
+			}
+			return idx
+		}
+		from = idx + 1
+	}
+	return -1
+}
+
+func isInsideJSONString(s string, idx int) bool {
+	inString := false
+	escaped := false
+	for i := 0; i < idx; i++ {
+		c := s[i]
+		if escaped {
+			escaped = false
+			continue
+		}
+		if c == '\\' && inString {
+			escaped = true
+			continue
+		}
+		if c == '"' {
+			inString = !inString
+		}
+	}
+	return inString
+}
+
+func hasJSONObjectContextPrefix(prefix string) bool {
+	return strings.LastIndex(prefix, "{") >= 0
+}
+
+func hasJSONKeyBoundary(s string, idx, keyLen int) bool {
+	if idx > 0 {
+		prev := s[idx-1]
+		if isLowerAlphaNumeric(prev) {
+			return false
+		}
+	}
+	if end := idx + keyLen; end < len(s) {
+		next := s[end]
+		if isLowerAlphaNumeric(next) {
+			return false
+		}
+	}
+	return true
+}
+
+func isLowerAlphaNumeric(b byte) bool {
+	return (b >= 'a' && b <= 'z') || (b >= '0' && b <= '9') || b == '_'
+}

internal/adapter/openai/tool_sieve_functioncall_test.go

@@ -0,0 +1,23 @@
+package openai
+
+import "testing"
+
+func TestFindQuotedFunctionCallKeyStart_PrefersEarlierBareKey(t *testing.T) {
+	input := `{functionCall:{"name":"a","arguments":"{}"},"message":"literal text: \"functionCall\": not a key"}`
+
+	got := findQuotedFunctionCallKeyStart(input)
+	want := 1
+	if got != want {
+		t.Fatalf("findQuotedFunctionCallKeyStart() = %d, want %d", got, want)
+	}
+}
+
+func TestFindQuotedFunctionCallKeyStart_PrefersEarlierQuotedKey(t *testing.T) {
+	input := `{"functionCall":{"name":"a","arguments":"{}"},"note":"functionCall appears in prose"}`
+
+	got := findQuotedFunctionCallKeyStart(input)
+	want := 1
+	if got != want {
+		t.Fatalf("findQuotedFunctionCallKeyStart() = %d, want %d", got, want)
+	}
+}

internal/adapter/openai/tool_sieve_jsonscan.go

@@ -44,31 +44,6 @@ func extractJSONObjectFrom(text string, start int) (string, int, bool) {
 	return "", 0, false
 }
 
-func extractToolHistoryBlock(captured string, keyIdx int) (start int, end int, ok bool) {
-	if keyIdx < 0 || keyIdx >= len(captured) {
-		return 0, 0, false
-	}
-	rest := strings.ToLower(captured[keyIdx:])
-	switch {
-	case strings.HasPrefix(rest, "[tool_call_history]"):
-		closeTag := "[/tool_call_history]"
-		closeIdx := strings.Index(rest, closeTag)
-		if closeIdx < 0 {
-			return 0, 0, false
-		}
-		return keyIdx, keyIdx + closeIdx + len(closeTag), true
-	case strings.HasPrefix(rest, "[tool_result_history]"):
-		closeTag := "[/tool_result_history]"
-		closeIdx := strings.Index(rest, closeTag)
-		if closeIdx < 0 {
-			return 0, 0, false
-		}
-		return keyIdx, keyIdx + closeIdx + len(closeTag), true
-	default:
-		return 0, 0, false
-	}
-}
-
 func trimWrappingJSONFence(prefix, suffix string) (string, string) {
 	trimmedPrefix := strings.TrimRight(prefix, " \t\r\n")
 	fenceIdx := strings.LastIndex(trimmedPrefix, "```")

internal/adapter/openai/tool_sieve_state.go

@@ -34,7 +34,8 @@ type toolCallDelta struct {
 	Arguments string
 }
 
-const toolSieveContextTailLimit = 256
+// Keep in sync with JS TOOL_SIEVE_CONTEXT_TAIL_LIMIT.
+const toolSieveContextTailLimit = 2048
 
 func (s *toolStreamSieveState) resetIncrementalToolState() {
 	s.disableDeltas = false

internal/adapter/openai/tool_sieve_xml_test.go

@@ -104,6 +104,7 @@ func TestFindToolSegmentStartDetectsXMLToolCalls(t *testing.T) {
 		want  int
 	}{
 		{"tool_calls_tag", "some text <tool_calls>\n", 10},
+		{"gemini_function_call_json", `some text {"functionCall":{"name":"search","args":{"q":"latest"}}}`, 10},
 		{"tool_call_tag", "prefix <tool_call>\n", 7},
 		{"invoke_tag", "text <invoke name=\"foo\">body</invoke>", 5},
 		{"function_call_tag", "<function_call name=\"foo\">body</function_call>", 0},
@@ -119,6 +120,81 @@ func TestFindToolSegmentStartDetectsXMLToolCalls(t *testing.T) {
 	}
 }
 
+func TestFindToolSegmentStartIgnoresFunctionCallProse(t *testing.T) {
+	input := "Please explain the functionCall API field and how clients should parse it."
+	if got := findToolSegmentStart(input); got != -1 {
+		t.Fatalf("expected no tool segment start for prose, got %d", got)
+	}
+}
+
+func TestFindToolSegmentStartDetectsQuotedFunctionCallKey(t *testing.T) {
+	input := `prefix {"functionCall": {"name":"search_web","args":{"query":"x"}}}`
+	want := strings.Index(input, "{")
+	if got := findToolSegmentStart(input); got != want {
+		t.Fatalf("expected JSON object start %d, got %d", want, got)
+	}
+}
+
+func TestFindToolSegmentStartDetectsLooseFunctionCallKey(t *testing.T) {
+	input := `prefix {functionCall: {"name":"search_web","args":{"query":"x"}}}`
+	want := strings.Index(input, "{")
+	if got := findToolSegmentStart(input); got != want {
+		t.Fatalf("expected JSON object start %d, got %d", want, got)
+	}
+}
+
+func TestFindToolSegmentStartPrefersQuotedFunctionCallOverEarlierBareProse(t *testing.T) {
+	input := `prefix {note} functionCall: docs hint {"functionCall":{"name":"search_web","args":{"query":"x"}}}`
+	want := strings.Index(input, `{"functionCall"`)
+	if got := findToolSegmentStart(input); got != want {
+		t.Fatalf("expected quoted functionCall JSON start %d, got %d", want, got)
+	}
+}
+
+func TestFindToolSegmentStartIgnoresLooseFunctionCallProse(t *testing.T) {
+	input := "Please explain why functionCall: is used in documentation examples."
+	if got := findToolSegmentStart(input); got != -1 {
+		t.Fatalf("expected no tool segment start for prose, got %d", got)
+	}
+}
+
+func TestProcessToolSieveDoesNotBufferFunctionCallProse(t *testing.T) {
+	var state toolStreamSieveState
+	chunk := "Please explain the functionCall API field and keep streaming this sentence."
+	events := processToolSieveChunk(&state, chunk, []string{"search_web"})
+	var text string
+	for _, evt := range events {
+		text += evt.Content
+		if len(evt.ToolCalls) > 0 {
+			t.Fatalf("expected no tool calls for prose, got %#v", evt.ToolCalls)
+		}
+	}
+	if text != chunk {
+		t.Fatalf("expected prose to pass through immediately, got %q", text)
+	}
+}
+
+func TestProcessToolSieveDetectsGeminiFunctionCallPayload(t *testing.T) {
+	var state toolStreamSieveState
+	events := processToolSieveChunk(&state, `{"functionCall":{"name":"search_web","args":{"query":"latest"}}}`, []string{"search_web"})
+	events = append(events, flushToolSieve(&state, []string{"search_web"})...)
+
+	var textContent string
+	var toolCalls int
+	for _, evt := range events {
+		if evt.Content != "" {
+			textContent += evt.Content
+		}
+		toolCalls += len(evt.ToolCalls)
+	}
+	if toolCalls != 1 {
+		t.Fatalf("expected one tool call from functionCall payload, got events=%#v", events)
+	}
+	if strings.Contains(strings.ToLower(textContent), "functioncall") {
+		t.Fatalf("functionCall json leaked into text content: %q", textContent)
+	}
+}
+
 func TestFindPartialXMLToolTagStart(t *testing.T) {
 	cases := []struct {
 		name  string

internal/adapter/openai/vercel_stream.go

@@ -93,18 +93,16 @@ func (h *Handler) handleVercelStreamPrepare(w http.ResponseWriter, r *http.Reque
 	}
 	leased = true
 	writeJSON(w, http.StatusOK, map[string]any{
-		"session_id":               sessionID,
+		"session_id":       sessionID,
-		"lease_id":                 leaseID,
+		"lease_id":         leaseID,
-		"model":                    stdReq.ResponseModel,
+		"model":            stdReq.ResponseModel,
-		"final_prompt":             stdReq.FinalPrompt,
+		"final_prompt":     stdReq.FinalPrompt,
-		"thinking_enabled":         stdReq.Thinking,
+		"thinking_enabled": stdReq.Thinking,
-		"search_enabled":           stdReq.Search,
+		"search_enabled":   stdReq.Search,
-		"tool_names":               stdReq.ToolNames,
+		"tool_names":       stdReq.ToolNames,
-		"toolcall_feature_match":   h.toolcallFeatureMatchEnabled(),
+		"deepseek_token":   a.DeepSeekToken,
-		"toolcall_early_emit_high": h.toolcallEarlyEmitHighConfidence(),
+		"pow_header":       powHeader,
-		"deepseek_token":           a.DeepSeekToken,
+		"payload":          payload,
-		"pow_header":               powHeader,
-		"payload":                  payload,
 	})
 }
 

internal/admin/deps.go

@@ -21,6 +21,9 @@ type ConfigStore interface {
 	Update(mutator func(*config.Config) error) error
 	ExportJSONAndBase64() (string, string, error)
 	IsEnvBacked() bool
+	IsEnvWritebackEnabled() bool
+	HasEnvConfigSource() bool
+	ConfigPath() string
 	SetVercelSync(hash string, ts int64) error
 	AdminPasswordHash() string
 	AdminJWTExpireHours() int
@@ -28,6 +31,7 @@ type ConfigStore interface {
 	RuntimeAccountMaxInflight() int
 	RuntimeAccountMaxQueue(defaultSize int) int
 	RuntimeGlobalMaxInflight(defaultSize int) int
+	RuntimeTokenRefreshIntervalHours() int
 	AutoDeleteSessions() bool
 }
 

internal/admin/handler_config_import.go

@@ -120,12 +120,6 @@ func (h *Handler) configImport(w http.ResponseWriter, r *http.Request) {
 					next.ModelAliases[k] = v
 				}
 			}
-			if strings.TrimSpace(incoming.Toolcall.Mode) != "" {
-				next.Toolcall.Mode = incoming.Toolcall.Mode
-			}
-			if strings.TrimSpace(incoming.Toolcall.EarlyEmitConfidence) != "" {
-				next.Toolcall.EarlyEmitConfidence = incoming.Toolcall.EarlyEmitConfidence
-			}
 			if incoming.Responses.StoreTTLSeconds > 0 {
 				next.Responses.StoreTTLSeconds = incoming.Responses.StoreTTLSeconds
 			}
@@ -150,6 +144,9 @@ func (h *Handler) configImport(w http.ResponseWriter, r *http.Request) {
 			if incoming.Runtime.GlobalMaxInflight > 0 {
 				next.Runtime.GlobalMaxInflight = incoming.Runtime.GlobalMaxInflight
 			}
+			if incoming.Runtime.TokenRefreshIntervalHours > 0 {
+				next.Runtime.TokenRefreshIntervalHours = incoming.Runtime.TokenRefreshIntervalHours
+			}
 		}
 
 		normalizeSettingsConfig(&next)

internal/admin/handler_config_read.go

@@ -8,9 +8,12 @@ import (
 func (h *Handler) getConfig(w http.ResponseWriter, _ *http.Request) {
 	snap := h.Store.Snapshot()
 	safe := map[string]any{
-		"keys":       snap.Keys,
+		"keys":                  snap.Keys,
-		"accounts":   []map[string]any{},
+		"accounts":              []map[string]any{},
-		"env_backed": h.Store.IsEnvBacked(),
+		"env_backed":            h.Store.IsEnvBacked(),
+		"env_source_present":    h.Store.HasEnvConfigSource(),
+		"env_writeback_enabled": h.Store.IsEnvWritebackEnabled(),
+		"config_path":           h.Store.ConfigPath(),
 		"claude_mapping": func() map[string]string {
 			if len(snap.ClaudeMapping) > 0 {
 				return snap.ClaudeMapping

internal/admin/handler_settings_parse.go

@@ -21,16 +21,15 @@ func boolFrom(v any) bool {
 	}
 }
 
-func parseSettingsUpdateRequest(req map[string]any) (*config.AdminConfig, *config.RuntimeConfig, *config.ToolcallConfig, *config.ResponsesConfig, *config.EmbeddingsConfig, *config.AutoDeleteConfig, map[string]string, map[string]string, error) {
+func parseSettingsUpdateRequest(req map[string]any) (*config.AdminConfig, *config.RuntimeConfig, *config.ResponsesConfig, *config.EmbeddingsConfig, *config.AutoDeleteConfig, map[string]string, map[string]string, error) {
 	var (
-		adminCfg       *config.AdminConfig
+		adminCfg      *config.AdminConfig
-		runtimeCfg     *config.RuntimeConfig
+		runtimeCfg    *config.RuntimeConfig
-		toolcallCfg    *config.ToolcallConfig
+		respCfg       *config.ResponsesConfig
-		respCfg        *config.ResponsesConfig
+		embCfg        *config.EmbeddingsConfig
-		embCfg         *config.EmbeddingsConfig
+		autoDeleteCfg *config.AutoDeleteConfig
-		autoDeleteCfg  *config.AutoDeleteConfig
+		claudeMap     map[string]string
-		claudeMap      map[string]string
+		aliasMap      map[string]string
-		aliasMap       map[string]string
 	)
 
 	if raw, ok := req["admin"].(map[string]any); ok {
@@ -38,7 +37,7 @@ func parseSettingsUpdateRequest(req map[string]any) (*config.AdminConfig, *confi
 		if v, exists := raw["jwt_expire_hours"]; exists {
 			n := intFrom(v)
 			if n < 1 || n > 720 {
-				return nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("admin.jwt_expire_hours must be between 1 and 720")
+				return nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("admin.jwt_expire_hours must be between 1 and 720")
 			}
 			cfg.JWTExpireHours = n
 		}
@@ -50,59 +49,43 @@ func parseSettingsUpdateRequest(req map[string]any) (*config.AdminConfig, *confi
 		if v, exists := raw["account_max_inflight"]; exists {
 			n := intFrom(v)
 			if n < 1 || n > 256 {
-				return nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("runtime.account_max_inflight must be between 1 and 256")
+				return nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("runtime.account_max_inflight must be between 1 and 256")
 			}
 			cfg.AccountMaxInflight = n
 		}
 		if v, exists := raw["account_max_queue"]; exists {
 			n := intFrom(v)
 			if n < 1 || n > 200000 {
-				return nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("runtime.account_max_queue must be between 1 and 200000")
+				return nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("runtime.account_max_queue must be between 1 and 200000")
 			}
 			cfg.AccountMaxQueue = n
 		}
 		if v, exists := raw["global_max_inflight"]; exists {
 			n := intFrom(v)
 			if n < 1 || n > 200000 {
-				return nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("runtime.global_max_inflight must be between 1 and 200000")
+				return nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("runtime.global_max_inflight must be between 1 and 200000")
 			}
 			cfg.GlobalMaxInflight = n
 		}
+		if v, exists := raw["token_refresh_interval_hours"]; exists {
+			n := intFrom(v)
+			if n < 1 || n > 720 {
+				return nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("runtime.token_refresh_interval_hours must be between 1 and 720")
+			}
+			cfg.TokenRefreshIntervalHours = n
+		}
 		if cfg.AccountMaxInflight > 0 && cfg.GlobalMaxInflight > 0 && cfg.GlobalMaxInflight < cfg.AccountMaxInflight {
-			return nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("runtime.global_max_inflight must be >= runtime.account_max_inflight")
+			return nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("runtime.global_max_inflight must be >= runtime.account_max_inflight")
 		}
 		runtimeCfg = cfg
 	}
 
-	if raw, ok := req["toolcall"].(map[string]any); ok {
-		cfg := &config.ToolcallConfig{}
-		if v, exists := raw["mode"]; exists {
-			mode := strings.ToLower(strings.TrimSpace(fmt.Sprintf("%v", v)))
-			switch mode {
-			case "feature_match", "off":
-				cfg.Mode = mode
-			default:
-				return nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("toolcall.mode must be feature_match or off")
-			}
-		}
-		if v, exists := raw["early_emit_confidence"]; exists {
-			level := strings.ToLower(strings.TrimSpace(fmt.Sprintf("%v", v)))
-			switch level {
-			case "high", "low", "off":
-				cfg.EarlyEmitConfidence = level
-			default:
-				return nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("toolcall.early_emit_confidence must be high, low or off")
-			}
-		}
-		toolcallCfg = cfg
-	}
-
 	if raw, ok := req["responses"].(map[string]any); ok {
 		cfg := &config.ResponsesConfig{}
 		if v, exists := raw["store_ttl_seconds"]; exists {
 			n := intFrom(v)
 			if n < 30 || n > 86400 {
-				return nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("responses.store_ttl_seconds must be between 30 and 86400")
+				return nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("responses.store_ttl_seconds must be between 30 and 86400")
 			}
 			cfg.StoreTTLSeconds = n
 		}
@@ -150,5 +133,5 @@ func parseSettingsUpdateRequest(req map[string]any) (*config.AdminConfig, *confi
 		autoDeleteCfg = cfg
 	}
 
-	return adminCfg, runtimeCfg, toolcallCfg, respCfg, embCfg, autoDeleteCfg, claudeMap, aliasMap, nil
+	return adminCfg, runtimeCfg, respCfg, embCfg, autoDeleteCfg, claudeMap, aliasMap, nil
 }

internal/admin/handler_settings_read.go

@@ -21,11 +21,11 @@ func (h *Handler) getSettings(w http.ResponseWriter, _ *http.Request) {
 			"default_password_warning": authn.UsingDefaultAdminKey(h.Store),
 		},
 		"runtime": map[string]any{
-			"account_max_inflight": h.Store.RuntimeAccountMaxInflight(),
+			"account_max_inflight":         h.Store.RuntimeAccountMaxInflight(),
-			"account_max_queue":    h.Store.RuntimeAccountMaxQueue(recommended),
+			"account_max_queue":            h.Store.RuntimeAccountMaxQueue(recommended),
-			"global_max_inflight":  h.Store.RuntimeGlobalMaxInflight(recommended),
+			"global_max_inflight":          h.Store.RuntimeGlobalMaxInflight(recommended),
+			"token_refresh_interval_hours": h.Store.RuntimeTokenRefreshIntervalHours(),
 		},
-		"toolcall":          snap.Toolcall,
 		"responses":         snap.Responses,
 		"embeddings":        snap.Embeddings,
 		"auto_delete":       snap.AutoDelete,

internal/admin/handler_settings_runtime.go

@@ -14,6 +14,9 @@ func validateMergedRuntimeSettings(current config.RuntimeConfig, incoming *confi
 		if incoming.GlobalMaxInflight > 0 {
 			merged.GlobalMaxInflight = incoming.GlobalMaxInflight
 		}
+		if incoming.TokenRefreshIntervalHours > 0 {
+			merged.TokenRefreshIntervalHours = incoming.TokenRefreshIntervalHours
+		}
 	}
 	return validateRuntimeSettings(merged)
 }

internal/admin/handler_settings_test.go

@@ -28,6 +28,25 @@ func TestGetSettingsDefaultPasswordWarning(t *testing.T) {
 	}
 }
 
+func TestGetSettingsIncludesTokenRefreshInterval(t *testing.T) {
+	h := newAdminTestHandler(t, `{
+		"keys":["k1"],
+		"runtime":{"token_refresh_interval_hours":9}
+	}`)
+	req := httptest.NewRequest(http.MethodGet, "/admin/settings", nil)
+	rec := httptest.NewRecorder()
+	h.getSettings(rec, req)
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String())
+	}
+	var body map[string]any
+	_ = json.Unmarshal(rec.Body.Bytes(), &body)
+	runtime, _ := body["runtime"].(map[string]any)
+	if got := intFrom(runtime["token_refresh_interval_hours"]); got != 9 {
+		t.Fatalf("expected token_refresh_interval_hours=9, got %d body=%v", got, body)
+	}
+}
+
 func TestUpdateSettingsValidation(t *testing.T) {
 	h := newAdminTestHandler(t, `{"keys":["k1"]}`)
 	payload := map[string]any{
@@ -44,6 +63,25 @@ func TestUpdateSettingsValidation(t *testing.T) {
 	}
 }
 
+func TestUpdateSettingsValidationRejectsTokenRefreshInterval(t *testing.T) {
+	h := newAdminTestHandler(t, `{"keys":["k1"]}`)
+	payload := map[string]any{
+		"runtime": map[string]any{
+			"token_refresh_interval_hours": 0,
+		},
+	}
+	b, _ := json.Marshal(payload)
+	req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b))
+	rec := httptest.NewRecorder()
+	h.updateSettings(rec, req)
+	if rec.Code != http.StatusBadRequest {
+		t.Fatalf("expected 400, got %d body=%s", rec.Code, rec.Body.String())
+	}
+	if !bytes.Contains(rec.Body.Bytes(), []byte("runtime.token_refresh_interval_hours")) {
+		t.Fatalf("expected token refresh validation detail, got %s", rec.Body.String())
+	}
+}
+
 func TestUpdateSettingsValidationWithMergedRuntimeSnapshot(t *testing.T) {
 	h := newAdminTestHandler(t, `{
 		"keys":["k1"],
@@ -126,6 +164,29 @@ func TestUpdateSettingsHotReloadRuntime(t *testing.T) {
 	}
 }
 
+func TestUpdateSettingsHotReloadTokenRefreshInterval(t *testing.T) {
+	h := newAdminTestHandler(t, `{
+		"keys":["k1"],
+		"runtime":{"token_refresh_interval_hours":6}
+	}`)
+
+	payload := map[string]any{
+		"runtime": map[string]any{
+			"token_refresh_interval_hours": 12,
+		},
+	}
+	b, _ := json.Marshal(payload)
+	req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b))
+	rec := httptest.NewRecorder()
+	h.updateSettings(rec, req)
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String())
+	}
+	if got := h.Store.RuntimeTokenRefreshIntervalHours(); got != 12 {
+		t.Fatalf("token_refresh_interval_hours=%d want=12", got)
+	}
+}
+
 func TestUpdateSettingsPasswordInvalidatesOldJWT(t *testing.T) {
 	hash := authn.HashAdminPassword("old-password")
 	h := newAdminTestHandler(t, `{"admin":{"password_hash":"`+hash+`"}}`)
@@ -207,6 +268,30 @@ func TestConfigImportMergeAndReplace(t *testing.T) {
 	}
 }
 
+func TestConfigImportAppliesTokenRefreshInterval(t *testing.T) {
+	h := newAdminTestHandler(t, `{"keys":["k1"]}`)
+
+	replace := map[string]any{
+		"mode": "replace",
+		"config": map[string]any{
+			"keys": []any{"k9"},
+			"runtime": map[string]any{
+				"token_refresh_interval_hours": 11,
+			},
+		},
+	}
+	replaceBytes, _ := json.Marshal(replace)
+	replaceReq := httptest.NewRequest(http.MethodPost, "/admin/config/import?mode=replace", bytes.NewReader(replaceBytes))
+	replaceRec := httptest.NewRecorder()
+	h.configImport(replaceRec, replaceReq)
+	if replaceRec.Code != http.StatusOK {
+		t.Fatalf("replace status=%d body=%s", replaceRec.Code, replaceRec.Body.String())
+	}
+	if got := h.Store.RuntimeTokenRefreshIntervalHours(); got != 11 {
+		t.Fatalf("token_refresh_interval_hours=%d want=11", got)
+	}
+}
+
 func TestConfigImportRejectsInvalidRuntimeBounds(t *testing.T) {
 	h := newAdminTestHandler(t, `{"keys":["k1"]}`)
 	payload := map[string]any{

internal/admin/handler_settings_write.go

@@ -17,7 +17,7 @@ func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	adminCfg, runtimeCfg, toolcallCfg, responsesCfg, embeddingsCfg, autoDeleteCfg, claudeMap, aliasMap, err := parseSettingsUpdateRequest(req)
+	adminCfg, runtimeCfg, responsesCfg, embeddingsCfg, autoDeleteCfg, claudeMap, aliasMap, err := parseSettingsUpdateRequest(req)
 	if err != nil {
 		writeJSON(w, http.StatusBadRequest, map[string]any{"detail": err.Error()})
 		return
@@ -45,13 +45,8 @@ func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) {
 			if runtimeCfg.GlobalMaxInflight > 0 {
 				c.Runtime.GlobalMaxInflight = runtimeCfg.GlobalMaxInflight
 			}
-		}
+			if runtimeCfg.TokenRefreshIntervalHours > 0 {
-		if toolcallCfg != nil {
+				c.Runtime.TokenRefreshIntervalHours = runtimeCfg.TokenRefreshIntervalHours
-			if strings.TrimSpace(toolcallCfg.Mode) != "" {
-				c.Toolcall.Mode = strings.TrimSpace(toolcallCfg.Mode)
-			}
-			if strings.TrimSpace(toolcallCfg.EarlyEmitConfidence) != "" {
-				c.Toolcall.EarlyEmitConfidence = strings.TrimSpace(toolcallCfg.EarlyEmitConfidence)
 			}
 		}
 		if responsesCfg != nil && responsesCfg.StoreTTLSeconds > 0 {

internal/admin/settings_validation.go

@@ -12,8 +12,6 @@ func normalizeSettingsConfig(c *config.Config) {
 		return
 	}
 	c.Admin.PasswordHash = strings.TrimSpace(c.Admin.PasswordHash)
-	c.Toolcall.Mode = strings.ToLower(strings.TrimSpace(c.Toolcall.Mode))
-	c.Toolcall.EarlyEmitConfidence = strings.ToLower(strings.TrimSpace(c.Toolcall.EarlyEmitConfidence))
 	c.Embeddings.Provider = strings.TrimSpace(c.Embeddings.Provider)
 }
 
@@ -27,20 +25,6 @@ func validateSettingsConfig(c config.Config) error {
 	if c.Responses.StoreTTLSeconds != 0 && (c.Responses.StoreTTLSeconds < 30 || c.Responses.StoreTTLSeconds > 86400) {
 		return fmt.Errorf("responses.store_ttl_seconds must be between 30 and 86400")
 	}
-	if mode := strings.TrimSpace(c.Toolcall.Mode); mode != "" {
-		switch mode {
-		case "feature_match", "off":
-		default:
-			return fmt.Errorf("toolcall.mode must be feature_match or off")
-		}
-	}
-	if level := strings.TrimSpace(c.Toolcall.EarlyEmitConfidence); level != "" {
-		switch level {
-		case "high", "low", "off":
-		default:
-			return fmt.Errorf("toolcall.early_emit_confidence must be high, low or off")
-		}
-	}
 	if c.Embeddings.Provider != "" && strings.TrimSpace(c.Embeddings.Provider) == "" {
 		return fmt.Errorf("embeddings.provider cannot be empty")
 	}
@@ -57,6 +41,9 @@ func validateRuntimeSettings(runtime config.RuntimeConfig) error {
 	if runtime.GlobalMaxInflight != 0 && (runtime.GlobalMaxInflight < 1 || runtime.GlobalMaxInflight > 200000) {
 		return fmt.Errorf("runtime.global_max_inflight must be between 1 and 200000")
 	}
+	if runtime.TokenRefreshIntervalHours != 0 && (runtime.TokenRefreshIntervalHours < 1 || runtime.TokenRefreshIntervalHours > 720) {
+		return fmt.Errorf("runtime.token_refresh_interval_hours must be between 1 and 720")
+	}
 	if runtime.AccountMaxInflight > 0 && runtime.GlobalMaxInflight > 0 && runtime.GlobalMaxInflight < runtime.AccountMaxInflight {
 		return fmt.Errorf("runtime.global_max_inflight must be >= runtime.account_max_inflight")
 	}

internal/auth/auth_edge_test.go

@@ -204,6 +204,45 @@ func TestSwitchAccountNilTriedAccounts(t *testing.T) {
 	r.Release(a)
 }
 
+func TestSwitchAccountSkipsLoginFailureAndContinues(t *testing.T) {
+	t.Setenv("DS2API_CONFIG_JSON", `{
+		"keys":["managed-key"],
+		"accounts":[
+			{"email":"acc1@test.com","password":"pwd","token":"t1"},
+			{"email":"acc2@test.com","password":"pwd"},
+			{"email":"acc3@test.com","password":"pwd","token":"t3"}
+		]
+	}`)
+	store := config.LoadStore()
+	pool := account.NewPool(store)
+	r := NewResolver(store, pool, func(_ context.Context, acc config.Account) (string, error) {
+		if acc.Email == "acc2@test.com" {
+			return "", errors.New("login failed")
+		}
+		return "new-token", nil
+	})
+
+	req, _ := http.NewRequest("POST", "/", nil)
+	req.Header.Set("Authorization", "Bearer managed-key")
+	a, err := r.Determine(req)
+	if err != nil {
+		t.Fatalf("determine failed: %v", err)
+	}
+	defer r.Release(a)
+	if a.AccountID != "acc1@test.com" {
+		t.Fatalf("expected first account, got %q", a.AccountID)
+	}
+	if !r.SwitchAccount(context.Background(), a) {
+		t.Fatal("expected switch to succeed after skipping failed account")
+	}
+	if a.AccountID != "acc3@test.com" {
+		t.Fatalf("expected fallback to third account, got %q", a.AccountID)
+	}
+	if !a.TriedAccounts["acc2@test.com"] {
+		t.Fatalf("expected failed account to be marked as tried")
+	}
+}
+
 // ─── Release edge cases ─────────────────────────────────────────────
 
 func TestReleaseNilAuth(t *testing.T) {

internal/auth/request.go

@@ -40,18 +40,16 @@ type Resolver struct {
 	Pool  *account.Pool
 	Login LoginFunc
 
-	mu                   sync.Mutex
+	mu               sync.Mutex
-	tokenRefreshedAt     map[string]time.Time
+	tokenRefreshedAt map[string]time.Time
-	tokenRefreshInterval time.Duration
 }
 
 func NewResolver(store *config.Store, pool *account.Pool, login LoginFunc) *Resolver {
 	return &Resolver{
-		Store:                store,
+		Store:            store,
-		Pool:                 pool,
+		Pool:             pool,
-		Login:                login,
+		Login:            login,
-		tokenRefreshedAt:     map[string]time.Time{},
+		tokenRefreshedAt: map[string]time.Time{},
-		tokenRefreshInterval: 6 * time.Hour,
 	}
 }
 
@@ -72,25 +70,53 @@ func (r *Resolver) Determine(req *http.Request) (*RequestAuth, error) {
 		}, nil
 	}
 	target := strings.TrimSpace(req.Header.Get("X-Ds2-Target-Account"))
-	acc, ok := r.Pool.AcquireWait(ctx, target, nil)
+	a, err := r.acquireManagedRequestAuth(ctx, callerID, target)
-	if !ok {
+	if err != nil {
-		return nil, ErrNoAccount
-	}
-	a := &RequestAuth{
-		UseConfigToken: true,
-		CallerID:       callerID,
-		AccountID:      acc.Identifier(),
-		Account:        acc,
-		TriedAccounts:  map[string]bool{},
-		resolver:       r,
-	}
-	if err := r.ensureManagedToken(ctx, a); err != nil {
-		r.Pool.Release(a.AccountID)
 		return nil, err
 	}
 	return a, nil
 }
 
+func (r *Resolver) acquireManagedRequestAuth(ctx context.Context, callerID, target string) (*RequestAuth, error) {
+	tried := map[string]bool{}
+	var lastEnsureErr error
+	for {
+		if target == "" && len(tried) >= len(r.Store.Accounts()) {
+			if lastEnsureErr != nil {
+				return nil, lastEnsureErr
+			}
+			return nil, ErrNoAccount
+		}
+		acc, ok := r.Pool.AcquireWait(ctx, target, tried)
+		if !ok {
+			if lastEnsureErr != nil {
+				return nil, lastEnsureErr
+			}
+			return nil, ErrNoAccount
+		}
+
+		a := &RequestAuth{
+			UseConfigToken: true,
+			CallerID:       callerID,
+			AccountID:      acc.Identifier(),
+			Account:        acc,
+			TriedAccounts:  tried,
+			resolver:       r,
+		}
+
+		if err := r.ensureManagedToken(ctx, a); err != nil {
+			lastEnsureErr = err
+			tried[a.AccountID] = true
+			r.Pool.Release(a.AccountID)
+			if target != "" {
+				return nil, err
+			}
+			continue
+		}
+		return a, nil
+	}
+}
+
 // DetermineCaller resolves caller identity without acquiring any pooled account.
 // Use this for local-cache lookup routes that only need tenant isolation.
 func (r *Resolver) DetermineCaller(req *http.Request) (*RequestAuth, error) {
@@ -166,16 +192,20 @@ func (r *Resolver) SwitchAccount(ctx context.Context, a *RequestAuth) bool {
 		a.TriedAccounts[a.AccountID] = true
 		r.Pool.Release(a.AccountID)
 	}
-	acc, ok := r.Pool.Acquire("", a.TriedAccounts)
+	for {
-	if !ok {
+		acc, ok := r.Pool.Acquire("", a.TriedAccounts)
-		return false
+		if !ok {
+			return false
+		}
+		a.Account = acc
+		a.AccountID = acc.Identifier()
+		if err := r.ensureManagedToken(ctx, a); err != nil {
+			a.TriedAccounts[a.AccountID] = true
+			r.Pool.Release(a.AccountID)
+			continue
+		}
+		return true
 	}
-	a.Account = acc
-	a.AccountID = acc.Identifier()
-	if err := r.ensureManagedToken(ctx, a); err != nil {
-		return false
-	}
-	return true
 }
 
 func (r *Resolver) Release(a *RequestAuth) {
@@ -232,10 +262,14 @@ func (r *Resolver) ensureManagedToken(ctx context.Context, a *RequestAuth) error
 }
 
 func (r *Resolver) shouldForceRefresh(accountID string) bool {
+	if r == nil || r.Store == nil {
+		return false
+	}
 	if strings.TrimSpace(accountID) == "" {
 		return false
 	}
-	if r.tokenRefreshInterval <= 0 {
+	intervalHours := r.Store.RuntimeTokenRefreshIntervalHours()
+	if intervalHours <= 0 {
 		return false
 	}
 	now := time.Now()
@@ -246,7 +280,7 @@ func (r *Resolver) shouldForceRefresh(accountID string) bool {
 		r.tokenRefreshedAt[accountID] = now
 		return false
 	}
-	return now.Sub(last) >= r.tokenRefreshInterval
+	return now.Sub(last) >= time.Duration(intervalHours)*time.Hour
 }
 
 func (r *Resolver) markTokenRefreshedNow(accountID string) {

internal/auth/request_test.go

@@ -2,6 +2,7 @@ package auth
 
 import (
 	"context"
+	"errors"
 	"net/http"
 	"sync/atomic"
 	"testing"
@@ -244,3 +245,153 @@ func TestDetermineManagedAccountForcesRefreshEverySixHours(t *testing.T) {
 		t.Fatalf("expected exactly one forced refresh login, got %d", got)
 	}
 }
+
+func TestDetermineManagedAccountUsesUpdatedRefreshInterval(t *testing.T) {
+	t.Setenv("DS2API_CONFIG_JSON", `{
+		"keys":["managed-key"],
+		"accounts":[{"email":"acc@example.com","password":"pwd","token":"seed-token"}],
+		"runtime":{"token_refresh_interval_hours":6}
+	}`)
+	store := config.LoadStore()
+	if err := store.UpdateAccountToken("acc@example.com", "seed-token"); err != nil {
+		t.Fatalf("update token failed: %v", err)
+	}
+	pool := account.NewPool(store)
+
+	var loginCount int32
+	resolver := NewResolver(store, pool, func(_ context.Context, _ config.Account) (string, error) {
+		n := atomic.AddInt32(&loginCount, 1)
+		return "fresh-token-" + string(rune('0'+n)), nil
+	})
+
+	req, _ := http.NewRequest(http.MethodPost, "/v1/chat/completions", nil)
+	req.Header.Set("x-api-key", "managed-key")
+
+	a1, err := resolver.Determine(req)
+	if err != nil {
+		t.Fatalf("determine failed: %v", err)
+	}
+	if a1.DeepSeekToken != "seed-token" {
+		t.Fatalf("expected initial token without forced refresh, got %q", a1.DeepSeekToken)
+	}
+	resolver.Release(a1)
+	if got := atomic.LoadInt32(&loginCount); got != 0 {
+		t.Fatalf("expected no login before runtime update, got %d", got)
+	}
+
+	if err := store.Update(func(c *config.Config) error {
+		c.Runtime.TokenRefreshIntervalHours = 1
+		return nil
+	}); err != nil {
+		t.Fatalf("update runtime failed: %v", err)
+	}
+
+	resolver.mu.Lock()
+	resolver.tokenRefreshedAt["acc@example.com"] = time.Now().Add(-2 * time.Hour)
+	resolver.mu.Unlock()
+
+	a2, err := resolver.Determine(req)
+	if err != nil {
+		t.Fatalf("determine after runtime update failed: %v", err)
+	}
+	defer resolver.Release(a2)
+	if a2.DeepSeekToken != "fresh-token-1" {
+		t.Fatalf("expected refreshed token after runtime update, got %q", a2.DeepSeekToken)
+	}
+	if got := atomic.LoadInt32(&loginCount); got != 1 {
+		t.Fatalf("expected exactly one login after runtime update, got %d", got)
+	}
+}
+
+func TestDetermineManagedAccountRetriesOtherAccountOnLoginFailure(t *testing.T) {
+	t.Setenv("DS2API_CONFIG_JSON", `{
+		"keys":["managed-key"],
+		"accounts":[
+			{"email":"bad@example.com","password":"pwd"},
+			{"email":"good@example.com","password":"pwd","token":"good-token"}
+		]
+	}`)
+	store := config.LoadStore()
+	pool := account.NewPool(store)
+	resolver := NewResolver(store, pool, func(_ context.Context, acc config.Account) (string, error) {
+		if acc.Email == "bad@example.com" {
+			return "", errors.New("stale account")
+		}
+		return "fresh-good-token", nil
+	})
+
+	req, _ := http.NewRequest(http.MethodPost, "/v1/chat/completions", nil)
+	req.Header.Set("x-api-key", "managed-key")
+
+	a, err := resolver.Determine(req)
+	if err != nil {
+		t.Fatalf("determine failed: %v", err)
+	}
+	defer resolver.Release(a)
+	if a.AccountID != "good@example.com" {
+		t.Fatalf("expected fallback to good account, got %q", a.AccountID)
+	}
+	if a.DeepSeekToken == "" {
+		t.Fatal("expected non-empty token from fallback account")
+	}
+	if !a.TriedAccounts["bad@example.com"] {
+		t.Fatalf("expected bad account to be tracked as tried")
+	}
+}
+
+func TestDetermineTargetAccountDoesNotFallbackOnLoginFailure(t *testing.T) {
+	t.Setenv("DS2API_CONFIG_JSON", `{
+		"keys":["managed-key"],
+		"accounts":[
+			{"email":"bad@example.com","password":"pwd"},
+			{"email":"good@example.com","password":"pwd","token":"good-token"}
+		]
+	}`)
+	store := config.LoadStore()
+	pool := account.NewPool(store)
+	resolver := NewResolver(store, pool, func(_ context.Context, acc config.Account) (string, error) {
+		if acc.Email == "bad@example.com" {
+			return "", errors.New("stale account")
+		}
+		return "fresh-good-token", nil
+	})
+
+	req, _ := http.NewRequest(http.MethodPost, "/v1/chat/completions", nil)
+	req.Header.Set("x-api-key", "managed-key")
+	req.Header.Set("X-Ds2-Target-Account", "bad@example.com")
+
+	_, err := resolver.Determine(req)
+	if err == nil {
+		t.Fatal("expected determine to fail for broken target account")
+	}
+}
+
+func TestDetermineManagedAccountReturnsLastEnsureErrorWhenAllFail(t *testing.T) {
+	t.Setenv("DS2API_CONFIG_JSON", `{
+		"keys":["managed-key"],
+		"accounts":[
+			{"email":"bad1@example.com","password":"pwd"},
+			{"email":"bad2@example.com","password":"pwd"}
+		]
+	}`)
+	store := config.LoadStore()
+	pool := account.NewPool(store)
+	ensureErr := errors.New("all credentials stale")
+	resolver := NewResolver(store, pool, func(_ context.Context, _ config.Account) (string, error) {
+		return "", ensureErr
+	})
+
+	req, _ := http.NewRequest(http.MethodPost, "/v1/chat/completions", nil)
+	req.Header.Set("x-api-key", "managed-key")
+
+	_, err := resolver.Determine(req)
+	if err == nil {
+		t.Fatal("expected determine to fail")
+	}
+	if !errors.Is(err, ensureErr) {
+		t.Fatalf("expected ensure error, got %v", err)
+	}
+	if errors.Is(err, ErrNoAccount) {
+		t.Fatalf("expected auth-style ensure error, got ErrNoAccount")
+	}
+}

internal/config/codec.go

@@ -32,15 +32,12 @@ func (c Config) MarshalJSON() ([]byte, error) {
 	if strings.TrimSpace(c.Admin.PasswordHash) != "" || c.Admin.JWTExpireHours > 0 || c.Admin.JWTValidAfterUnix > 0 {
 		m["admin"] = c.Admin
 	}
-	if c.Runtime.AccountMaxInflight > 0 || c.Runtime.AccountMaxQueue > 0 || c.Runtime.GlobalMaxInflight > 0 {
+	if c.Runtime.AccountMaxInflight > 0 || c.Runtime.AccountMaxQueue > 0 || c.Runtime.GlobalMaxInflight > 0 || c.Runtime.TokenRefreshIntervalHours > 0 {
 		m["runtime"] = c.Runtime
 	}
 	if c.Compat.WideInputStrictOutput != nil {
 		m["compat"] = c.Compat
 	}
-	if strings.TrimSpace(c.Toolcall.Mode) != "" || strings.TrimSpace(c.Toolcall.EarlyEmitConfidence) != "" {
-		m["toolcall"] = c.Toolcall
-	}
 	if c.Responses.StoreTTLSeconds > 0 {
 		m["responses"] = c.Responses
 	}
@@ -98,9 +95,7 @@ func (c *Config) UnmarshalJSON(b []byte) error {
 				return fmt.Errorf("invalid field %q: %w", k, err)
 			}
 		case "toolcall":
-			if err := json.Unmarshal(v, &c.Toolcall); err != nil {
+			// Legacy field ignored. Toolcall policy is fixed and no longer configurable.
-				return fmt.Errorf("invalid field %q: %w", k, err)
-			}
 		case "responses":
 			if err := json.Unmarshal(v, &c.Responses); err != nil {
 				return fmt.Errorf("invalid field %q: %w", k, err)
@@ -143,7 +138,6 @@ func (c Config) Clone() Config {
 		Compat: CompatConfig{
 			WideInputStrictOutput: cloneBoolPtr(c.Compat.WideInputStrictOutput),
 		},
-		Toolcall:         c.Toolcall,
 		Responses:        c.Responses,
 		Embeddings:       c.Embeddings,
 		AutoDelete:       c.AutoDelete,

internal/config/config.go

@@ -9,7 +9,6 @@ type Config struct {
 	Admin            AdminConfig       `json:"admin,omitempty"`
 	Runtime          RuntimeConfig     `json:"runtime,omitempty"`
 	Compat           CompatConfig      `json:"compat,omitempty"`
-	Toolcall         ToolcallConfig    `json:"toolcall,omitempty"`
 	Responses        ResponsesConfig   `json:"responses,omitempty"`
 	Embeddings       EmbeddingsConfig  `json:"embeddings,omitempty"`
 	AutoDelete       AutoDeleteConfig  `json:"auto_delete"`
@@ -62,14 +61,10 @@ type AdminConfig struct {
 }
 
 type RuntimeConfig struct {
-	AccountMaxInflight int `json:"account_max_inflight,omitempty"`
+	AccountMaxInflight        int `json:"account_max_inflight,omitempty"`
-	AccountMaxQueue    int `json:"account_max_queue,omitempty"`
+	AccountMaxQueue           int `json:"account_max_queue,omitempty"`
-	GlobalMaxInflight  int `json:"global_max_inflight,omitempty"`
+	GlobalMaxInflight         int `json:"global_max_inflight,omitempty"`
-}
+	TokenRefreshIntervalHours int `json:"token_refresh_interval_hours,omitempty"`
-
-type ToolcallConfig struct {
-	Mode                string `json:"mode,omitempty"`
-	EarlyEmitConfidence string `json:"early_emit_confidence,omitempty"`
 }
 
 type ResponsesConfig struct {

internal/config/config_edge_test.go

@@ -104,6 +104,9 @@ func TestConfigJSONRoundtrip(t *testing.T) {
 			"fast": "deepseek-chat",
 			"slow": "deepseek-reasoner",
 		},
+		Runtime: RuntimeConfig{
+			TokenRefreshIntervalHours: 12,
+		},
 		VercelSyncHash: "hash123",
 		VercelSyncTime: 1234567890,
 		AdditionalFields: map[string]any{
@@ -130,6 +133,9 @@ func TestConfigJSONRoundtrip(t *testing.T) {
 	if decoded.ClaudeMapping["fast"] != "deepseek-chat" {
 		t.Fatalf("unexpected claude mapping: %#v", decoded.ClaudeMapping)
 	}
+	if decoded.Runtime.TokenRefreshIntervalHours != 12 {
+		t.Fatalf("unexpected runtime refresh interval: %#v", decoded.Runtime.TokenRefreshIntervalHours)
+	}
 	if decoded.VercelSyncHash != "hash123" {
 		t.Fatalf("unexpected vercel sync hash: %q", decoded.VercelSyncHash)
 	}

internal/config/config_test.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"encoding/base64"
+	"errors"
 	"os"
 	"strings"
 	"testing"
@@ -79,6 +80,136 @@ func TestLoadStorePreservesFileBackedTokensForRuntime(t *testing.T) {
 	}
 }
 
+func TestEnvBackedStoreWritebackBootstrapsMissingConfigFile(t *testing.T) {
+	tmp, err := os.CreateTemp(t.TempDir(), "config-*.json")
+	if err != nil {
+		t.Fatalf("create temp config: %v", err)
+	}
+	path := tmp.Name()
+	_ = tmp.Close()
+	_ = os.Remove(path)
+
+	t.Setenv("DS2API_CONFIG_JSON", `{"keys":["k1"],"accounts":[{"email":"seed@example.com","password":"p"}]}`)
+	t.Setenv("CONFIG_JSON", "")
+	t.Setenv("DS2API_CONFIG_PATH", path)
+	t.Setenv("DS2API_ENV_WRITEBACK", "1")
+
+	store := LoadStore()
+	if store.IsEnvBacked() {
+		t.Fatalf("expected writeback bootstrap to become file-backed immediately")
+	}
+	if err := store.Update(func(c *Config) error {
+		c.Accounts = append(c.Accounts, Account{Email: "new@example.com", Password: "p2"})
+		return nil
+	}); err != nil {
+		t.Fatalf("update failed: %v", err)
+	}
+	content, err := os.ReadFile(path)
+	if err != nil {
+		t.Fatalf("read written config: %v", err)
+	}
+	if !strings.Contains(string(content), "seed@example.com") {
+		t.Fatalf("expected bootstrapped config to contain seed account, got: %s", content)
+	}
+	if !strings.Contains(string(content), "new@example.com") {
+		t.Fatalf("expected persisted config to contain added account, got: %s", content)
+	}
+
+	reloaded := LoadStore()
+	if reloaded.IsEnvBacked() {
+		t.Fatalf("expected reloaded store to prefer persisted config file")
+	}
+	accounts := reloaded.Accounts()
+	if len(accounts) != 2 {
+		t.Fatalf("expected 2 accounts after reload, got %d", len(accounts))
+	}
+}
+
+func TestEnvBackedStoreWritebackDoesNotBootstrapOnInvalidEnvJSON(t *testing.T) {
+	tmp, err := os.CreateTemp(t.TempDir(), "config-*.json")
+	if err != nil {
+		t.Fatalf("create temp config: %v", err)
+	}
+	path := tmp.Name()
+	_ = tmp.Close()
+	_ = os.Remove(path)
+
+	t.Setenv("DS2API_CONFIG_JSON", "{invalid-json")
+	t.Setenv("CONFIG_JSON", "")
+	t.Setenv("DS2API_CONFIG_PATH", path)
+	t.Setenv("DS2API_ENV_WRITEBACK", "1")
+
+	cfg, fromEnv, loadErr := loadConfig()
+	if loadErr == nil {
+		t.Fatalf("expected loadConfig error for invalid env json")
+	}
+	if !fromEnv {
+		t.Fatalf("expected fromEnv=true when parsing env config fails")
+	}
+	if len(cfg.Keys) != 0 || len(cfg.Accounts) != 0 {
+		t.Fatalf("expected empty config on parse failure, got keys=%d accounts=%d", len(cfg.Keys), len(cfg.Accounts))
+	}
+	if _, statErr := os.Stat(path); !errors.Is(statErr, os.ErrNotExist) {
+		t.Fatalf("expected no bootstrapped config file, stat err=%v", statErr)
+	}
+}
+
+func TestEnvBackedStoreWritebackFallsBackToPersistedFileOnInvalidEnvJSON(t *testing.T) {
+	tmp, err := os.CreateTemp(t.TempDir(), "config-*.json")
+	if err != nil {
+		t.Fatalf("create temp config: %v", err)
+	}
+	path := tmp.Name()
+	if _, err := tmp.WriteString(`{"keys":["file-key"],"accounts":[{"email":"persisted@example.com","password":"p"}]}`); err != nil {
+		t.Fatalf("write temp config: %v", err)
+	}
+	_ = tmp.Close()
+
+	t.Setenv("DS2API_CONFIG_JSON", "{invalid-json")
+	t.Setenv("CONFIG_JSON", "")
+	t.Setenv("DS2API_CONFIG_PATH", path)
+	t.Setenv("DS2API_ENV_WRITEBACK", "1")
+
+	cfg, fromEnv, loadErr := loadConfig()
+	if loadErr != nil {
+		t.Fatalf("expected fallback to persisted file, got error: %v", loadErr)
+	}
+	if fromEnv {
+		t.Fatalf("expected fallback to file-backed mode")
+	}
+	if len(cfg.Keys) != 1 || cfg.Keys[0] != "file-key" {
+		t.Fatalf("unexpected keys after fallback: %#v", cfg.Keys)
+	}
+	if len(cfg.Accounts) != 1 || cfg.Accounts[0].Email != "persisted@example.com" {
+		t.Fatalf("unexpected accounts after fallback: %#v", cfg.Accounts)
+	}
+}
+
+func TestRuntimeTokenRefreshIntervalHoursDefaultsToSix(t *testing.T) {
+	t.Setenv("DS2API_CONFIG_JSON", `{
+		"keys":["k1"],
+		"accounts":[{"email":"u@example.com","password":"p"}]
+	}`)
+
+	store := LoadStore()
+	if got := store.RuntimeTokenRefreshIntervalHours(); got != 6 {
+		t.Fatalf("expected default refresh interval 6, got %d", got)
+	}
+}
+
+func TestRuntimeTokenRefreshIntervalHoursUsesConfigValue(t *testing.T) {
+	t.Setenv("DS2API_CONFIG_JSON", `{
+		"keys":["k1"],
+		"accounts":[{"email":"u@example.com","password":"p"}],
+		"runtime":{"token_refresh_interval_hours":9}
+	}`)
+
+	store := LoadStore()
+	if got := store.RuntimeTokenRefreshIntervalHours(); got != 9 {
+		t.Fatalf("expected configured refresh interval 9, got %d", got)
+	}
+}
+
 func TestStoreUpdateAccountTokenKeepsIdentifierResolvable(t *testing.T) {
 	t.Setenv("DS2API_CONFIG_JSON", `{
 		"accounts":[{"email":"user@example.com","password":"p"}]

internal/config/store.go

@@ -40,12 +40,38 @@ func loadConfig() (Config, bool, error) {
 	}
 	if rawCfg != "" {
 		cfg, err := parseConfigString(rawCfg)
+		if err != nil {
+			if !IsVercel() && envWritebackEnabled() {
+				if fileCfg, fileErr := loadConfigFromFile(ConfigPath()); fileErr == nil {
+					return fileCfg, false, nil
+				}
+			}
+			return cfg, true, err
+		}
 		cfg.ClearAccountTokens()
 		cfg.DropInvalidAccounts()
+		if IsVercel() || !envWritebackEnabled() {
+			return cfg, true, err
+		}
+		content, fileErr := os.ReadFile(ConfigPath())
+		if fileErr == nil {
+			var fileCfg Config
+			if unmarshalErr := json.Unmarshal(content, &fileCfg); unmarshalErr == nil {
+				fileCfg.DropInvalidAccounts()
+				return fileCfg, false, err
+			}
+		}
+		if errors.Is(fileErr, os.ErrNotExist) {
+			if writeErr := writeConfigFile(ConfigPath(), cfg.Clone()); writeErr == nil {
+				return cfg, false, err
+			} else {
+				Logger.Warn("[config] env writeback bootstrap failed", "error", writeErr)
+			}
+		}
 		return cfg, true, err
 	}
 
-	content, err := os.ReadFile(ConfigPath())
+	cfg, err := loadConfigFromFile(ConfigPath())
 	if err != nil {
 		if IsVercel() {
 			// Vercel one-click deploy may start without a writable/present config file.
@@ -54,16 +80,6 @@ func loadConfig() (Config, bool, error) {
 		}
 		return Config{}, false, err
 	}
-	var cfg Config
-	if err := json.Unmarshal(content, &cfg); err != nil {
-		return Config{}, false, err
-	}
-	cfg.DropInvalidAccounts()
-	if strings.Contains(string(content), `"test_status"`) && !IsVercel() {
-		if b, err := json.MarshalIndent(cfg, "", "  "); err == nil {
-			_ = os.WriteFile(ConfigPath(), b, 0o644)
-		}
-	}
 	if IsVercel() {
 		// Vercel filesystem is ephemeral/read-only for runtime writes; avoid save errors.
 		return cfg, true, nil
@@ -71,6 +87,24 @@ func loadConfig() (Config, bool, error) {
 	return cfg, false, nil
 }
 
+func loadConfigFromFile(path string) (Config, error) {
+	content, err := os.ReadFile(path)
+	if err != nil {
+		return Config{}, err
+	}
+	var cfg Config
+	if err := json.Unmarshal(content, &cfg); err != nil {
+		return Config{}, err
+	}
+	cfg.DropInvalidAccounts()
+	if strings.Contains(string(content), `"test_status"`) && !IsVercel() {
+		if b, err := json.MarshalIndent(cfg, "", "  "); err == nil {
+			_ = os.WriteFile(path, b, 0o644)
+		}
+	}
+	return cfg, nil
+}
+
 func (s *Store) Snapshot() Config {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -177,7 +211,7 @@ func (s *Store) Update(mutator func(*Config) error) error {
 func (s *Store) Save() error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
-	if s.fromEnv {
+	if s.fromEnv && (IsVercel() || !envWritebackEnabled()) {
 		Logger.Info("[save_config] source from env, skip write")
 		return nil
 	}
@@ -187,11 +221,15 @@ func (s *Store) Save() error {
 	if err != nil {
 		return err
 	}
-	return os.WriteFile(s.path, b, 0o644)
+	if err := writeConfigBytes(s.path, b); err != nil {
+		return err
+	}
+	s.fromEnv = false
+	return nil
 }
 
 func (s *Store) saveLocked() error {
-	if s.fromEnv {
+	if s.fromEnv && (IsVercel() || !envWritebackEnabled()) {
 		Logger.Info("[save_config] source from env, skip write")
 		return nil
 	}
@@ -201,7 +239,11 @@ func (s *Store) saveLocked() error {
 	if err != nil {
 		return err
 	}
-	return os.WriteFile(s.path, b, 0o644)
+	if err := writeConfigBytes(s.path, b); err != nil {
+		return err
+	}
+	s.fromEnv = false
+	return nil
 }
 
 func (s *Store) IsEnvBacked() bool {

internal/config/store_accessors.go

@@ -43,23 +43,11 @@ func (s *Store) CompatWideInputStrictOutput() bool {
 }
 
 func (s *Store) ToolcallMode() string {
-	s.mu.RLock()
+	return "feature_match"
-	defer s.mu.RUnlock()
-	mode := strings.TrimSpace(strings.ToLower(s.cfg.Toolcall.Mode))
-	if mode == "" {
-		return "feature_match"
-	}
-	return mode
 }
 
 func (s *Store) ToolcallEarlyEmitConfidence() string {
-	s.mu.RLock()
+	return "high"
-	defer s.mu.RUnlock()
-	level := strings.TrimSpace(strings.ToLower(s.cfg.Toolcall.EarlyEmitConfidence))
-	if level == "" {
-		return "high"
-	}
-	return level
 }
 
 func (s *Store) ResponsesStoreTTLSeconds() int {
@@ -166,6 +154,15 @@ func (s *Store) RuntimeGlobalMaxInflight(defaultSize int) int {
 	return defaultSize
 }
 
+func (s *Store) RuntimeTokenRefreshIntervalHours() int {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	if s.cfg.Runtime.TokenRefreshIntervalHours > 0 {
+		return s.cfg.Runtime.TokenRefreshIntervalHours
+	}
+	return 6
+}
+
 func (s *Store) AutoDeleteSessions() bool {
 	s.mu.RLock()
 	defer s.mu.RUnlock()

internal/config/store_env_writeback.go

@@ -0,0 +1,51 @@
+package config
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+func envWritebackEnabled() bool {
+	v := strings.ToLower(strings.TrimSpace(os.Getenv("DS2API_ENV_WRITEBACK")))
+	return v == "1" || v == "true" || v == "yes" || v == "on"
+}
+
+func (s *Store) IsEnvWritebackEnabled() bool {
+	return envWritebackEnabled()
+}
+
+func (s *Store) HasEnvConfigSource() bool {
+	rawCfg := strings.TrimSpace(os.Getenv("DS2API_CONFIG_JSON"))
+	if rawCfg == "" {
+		rawCfg = strings.TrimSpace(os.Getenv("CONFIG_JSON"))
+	}
+	return rawCfg != ""
+}
+
+func (s *Store) ConfigPath() string {
+	return s.path
+}
+
+func writeConfigFile(path string, cfg Config) error {
+	persistCfg := cfg.Clone()
+	persistCfg.ClearAccountTokens()
+	b, err := json.MarshalIndent(persistCfg, "", "  ")
+	if err != nil {
+		return err
+	}
+	return writeConfigBytes(path, b)
+}
+
+func writeConfigBytes(path string, b []byte) error {
+	dir := filepath.Dir(path)
+	if dir == "." || dir == "" {
+		return os.WriteFile(path, b, 0o644)
+	}
+	if err := os.MkdirAll(dir, 0o755); err != nil {
+		return fmt.Errorf("mkdir config dir: %w", err)
+	}
+	return os.WriteFile(path, b, 0o644)
+}

internal/js/chat-stream/toolcall_policy.js

@@ -12,12 +12,10 @@ function resolveToolcallPolicy(prepBody, payloadTools) {
   if (toolNames.length === 0 && Array.isArray(payloadTools) && payloadTools.length > 0) {
     toolNames = ['__any_tool__'];
   }
-  const featureMatchEnabled = boolDefaultTrue(prepBody && prepBody.toolcall_feature_match);
-  const emitEarlyToolDeltas = featureMatchEnabled && boolDefaultTrue(prepBody && prepBody.toolcall_early_emit_high);
   return {
     toolNames,
     toolSieveEnabled: toolNames.length > 0,
-    emitEarlyToolDeltas,
+    emitEarlyToolDeltas: true,
   };
 }
 

internal/js/helpers/stream-tool-sieve/jsonscan.js

@@ -140,30 +140,6 @@ function extractJSONObjectFrom(text, start) {
   return { ok: false, end: 0 };
 }
 
-function extractToolHistoryBlock(captured, keyIdx) {
-  if (typeof captured !== 'string' || keyIdx < 0 || keyIdx >= captured.length) {
-    return { ok: false, start: 0, end: 0 };
-  }
-  const rest = captured.slice(keyIdx).toLowerCase();
-  if (rest.startsWith('[tool_call_history]')) {
-    const closeTag = '[/tool_call_history]';
-    const closeIdx = rest.indexOf(closeTag);
-    if (closeIdx < 0) {
-      return { ok: false, start: 0, end: 0 };
-    }
-    return { ok: true, start: keyIdx, end: keyIdx + closeIdx + closeTag.length };
-  }
-  if (rest.startsWith('[tool_result_history]')) {
-    const closeTag = '[/tool_result_history]';
-    const closeIdx = rest.indexOf(closeTag);
-    if (closeIdx < 0) {
-      return { ok: false, start: 0, end: 0 };
-    }
-    return { ok: true, start: keyIdx, end: keyIdx + closeIdx + closeTag.length };
-  }
-  return { ok: false, start: 0, end: 0 };
-}
-
 function trimWrappingJSONFence(prefix, suffix) {
   const rightTrimmedPrefix = (prefix || '').replace(/[ \t\r\n]+$/g, '');
   const fenceIdx = rightTrimmedPrefix.lastIndexOf('```');
@@ -192,6 +168,5 @@ module.exports = {
   parseJSONStringLiteral,
   skipSpaces,
   extractJSONObjectFrom,
-  extractToolHistoryBlock,
   trimWrappingJSONFence,
 };

internal/js/helpers/stream-tool-sieve/parse.js

@@ -237,7 +237,10 @@ function isLikelyJSONToolPayloadCandidate(text) {
     return false;
   }
   const lower = trimmed.toLowerCase();
-  return lower.includes('tool_calls') || lower.includes('"function"');
+  return lower.includes('tool_calls')
+    || lower.includes('"function"')
+    || lower.includes('functioncall')
+    || lower.includes('"tool_use"');
 }
 
 module.exports = {

internal/js/helpers/stream-tool-sieve/parse_payload.js

@@ -85,6 +85,8 @@ function extractToolCallObjects(text) {
   while (true) {
     const idxToolCalls = lower.indexOf('tool_calls', offset);
     const idxFunction = lower.indexOf('"function"', offset);
+    const idxFunctionCall = lower.indexOf('functioncall', offset);
+    const idxToolUse = lower.indexOf('"tool_use"', offset);
     let idx = -1;
     let matched = '';
     if (idxToolCalls >= 0 && (idxFunction < 0 || idxToolCalls <= idxFunction)) {
@@ -94,6 +96,14 @@ function extractToolCallObjects(text) {
       idx = idxFunction;
       matched = '"function"';
     }
+    if (idxFunctionCall >= 0 && (idx < 0 || idxFunctionCall < idx)) {
+      idx = idxFunctionCall;
+      matched = 'functioncall';
+    }
+    if (idxToolUse >= 0 && (idx < 0 || idxToolUse < idx)) {
+      idx = idxToolUse;
+      matched = '"tool_use"';
+    }
     if (idx < 0) {
       break;
     }
@@ -102,7 +112,10 @@ function extractToolCallObjects(text) {
       const obj = extractJSONObjectFrom(raw, start);
       if (obj.ok) {
         out.push(raw.slice(start, obj.end).trim());
-        offset = obj.end;
+        // Ensure forward progress even when the matched keyword is outside
+        // the extracted JSON object (e.g. closing XML wrapper tags containing
+        // "tool_calls" after an earlier JSON arguments object).
+        offset = Math.max(obj.end, idx + matched.length);
         idx = -1;
         break;
       }
@@ -324,6 +337,20 @@ function parseToolCallItem(m) {
   let name = toStringSafe(m.name);
   let inputRaw = m.input;
   let hasInput = Object.prototype.hasOwnProperty.call(m, 'input');
+  const fnCall = m.functionCall && typeof m.functionCall === 'object' ? m.functionCall : null;
+  if (fnCall) {
+    if (!name) {
+      name = toStringSafe(fnCall.name);
+    }
+    if (!hasInput && Object.prototype.hasOwnProperty.call(fnCall, 'args')) {
+      inputRaw = fnCall.args;
+      hasInput = true;
+    }
+    if (!hasInput && Object.prototype.hasOwnProperty.call(fnCall, 'arguments')) {
+      inputRaw = fnCall.arguments;
+      hasInput = true;
+    }
+  }
   const fn = m.function && typeof m.function === 'object' ? m.function : null;
 
   if (fn) {

internal/js/helpers/stream-tool-sieve/sieve.js

@@ -5,7 +5,7 @@ const {
   insideCodeFenceWithState,
 } = require('./state');
 const { parseStandaloneToolCallsDetailed } = require('./parse');
-const { extractJSONObjectFrom, extractToolHistoryBlock, trimWrappingJSONFence } = require('./jsonscan');
+const { extractJSONObjectFrom, trimWrappingJSONFence } = require('./jsonscan');
 const {
   TOOL_SEGMENT_KEYWORDS,
   XML_TOOL_SEGMENT_TAGS,
@@ -233,17 +233,6 @@ function consumeToolCapture(state, toolNames) {
   }
   const start = captured.slice(0, keyIdx).lastIndexOf('{');
   const actualStart = start >= 0 ? start : keyIdx;
-  if (start < 0) {
-    const history = extractToolHistoryBlock(captured, keyIdx);
-    if (history.ok) {
-      return {
-        ready: true,
-        prefix: captured.slice(0, history.start),
-        calls: [],
-        suffix: captured.slice(history.end),
-      };
-    }
-  }
   const obj = extractJSONObjectFrom(captured, actualStart);
   if (!obj.ok) {
     return { ready: false, prefix: '', calls: [], suffix: '' };

internal/js/helpers/stream-tool-sieve/state.js

@@ -1,6 +1,7 @@
 'use strict';
 
-const TOOL_SIEVE_CONTEXT_TAIL_LIMIT = 4096;
+// Keep in sync with Go toolSieveContextTailLimit.
+const TOOL_SIEVE_CONTEXT_TAIL_LIMIT = 2048;
 
 function createToolSieveState() {
   return {

internal/js/helpers/stream-tool-sieve/tool-keywords.js

@@ -4,8 +4,8 @@ const TOOL_SEGMENT_KEYWORDS = [
   'tool_calls',
   '"function"',
   'function.name:',
-  '[tool_call_history]',
+  'functioncall',
-  '[tool_result_history]',
+  '"tool_use"',
 ];
 
 const XML_TOOL_SEGMENT_TAGS = [

internal/prompt/tool_calls.go

@@ -0,0 +1,137 @@
+package prompt
+
+import (
+	"encoding/json"
+	"strings"
+)
+
+var promptXMLTextEscaper = strings.NewReplacer(
+	"&", "&",
+	"<", "&lt;",
+	">", "&gt;",
+)
+
+// FormatToolCallsForPrompt renders a tool_calls slice into the canonical
+// prompt-visible history block used across adapters.
+func FormatToolCallsForPrompt(raw any) string {
+	calls, ok := raw.([]any)
+	if !ok || len(calls) == 0 {
+		return ""
+	}
+
+	blocks := make([]string, 0, len(calls))
+	for _, item := range calls {
+		call, ok := item.(map[string]any)
+		if !ok {
+			continue
+		}
+		block := formatToolCallForPrompt(call)
+		if block != "" {
+			blocks = append(blocks, block)
+		}
+	}
+	if len(blocks) == 0 {
+		return ""
+	}
+	return "<tool_calls>\n" + strings.Join(blocks, "\n") + "\n</tool_calls>"
+}
+
+// StringifyToolCallArguments normalizes tool arguments into a compact string
+// while preserving raw concatenated payloads when they already look like model
+// output rather than a single JSON object.
+func StringifyToolCallArguments(v any) string {
+	switch x := v.(type) {
+	case nil:
+		return "{}"
+	case string:
+		s := strings.TrimSpace(x)
+		if s == "" {
+			return "{}"
+		}
+		s = normalizeToolArgumentString(s)
+		if s == "" {
+			return "{}"
+		}
+		return s
+	default:
+		b, err := json.Marshal(x)
+		if err != nil || len(b) == 0 {
+			return "{}"
+		}
+		return string(b)
+	}
+}
+
+func formatToolCallForPrompt(call map[string]any) string {
+	if call == nil {
+		return ""
+	}
+
+	name := strings.TrimSpace(asString(call["name"]))
+	fn, _ := call["function"].(map[string]any)
+	if name == "" && fn != nil {
+		name = strings.TrimSpace(asString(fn["name"]))
+	}
+	if name == "" {
+		return ""
+	}
+
+	argsRaw := call["arguments"]
+	if argsRaw == nil {
+		argsRaw = call["input"]
+	}
+	if argsRaw == nil && fn != nil {
+		argsRaw = fn["arguments"]
+		if argsRaw == nil {
+			argsRaw = fn["input"]
+		}
+	}
+
+	return "  <tool_call>\n" +
+		"    <tool_name>" + escapeXMLText(name) + "</tool_name>\n" +
+		"    <parameters>" + escapeXMLText(StringifyToolCallArguments(argsRaw)) + "</parameters>\n" +
+		"  </tool_call>"
+}
+
+func normalizeToolArgumentString(raw string) string {
+	trimmed := strings.TrimSpace(raw)
+	if trimmed == "" {
+		return ""
+	}
+	if looksLikeConcatenatedJSON(trimmed) {
+		// Keep the original payload to avoid silently rewriting model output.
+		return raw
+	}
+	return trimmed
+}
+
+func looksLikeConcatenatedJSON(raw string) bool {
+	trimmed := strings.TrimSpace(raw)
+	if trimmed == "" {
+		return false
+	}
+	if strings.Contains(trimmed, "}{") || strings.Contains(trimmed, "][") {
+		return true
+	}
+	dec := json.NewDecoder(strings.NewReader(trimmed))
+	var first any
+	if err := dec.Decode(&first); err != nil {
+		return false
+	}
+	var second any
+	return dec.Decode(&second) == nil
+}
+
+func asString(v any) string {
+	if s, ok := v.(string); ok {
+		return s
+	}
+	return ""
+}
+
+func escapeXMLText(v string) string {
+	if v == "" {
+		return ""
+	}
+	return promptXMLTextEscaper.Replace(v)
+}

internal/prompt/tool_calls_test.go

@@ -0,0 +1,41 @@
+package prompt
+
+import "testing"
+
+func TestStringifyToolCallArgumentsPreservesConcatenatedJSON(t *testing.T) {
+	got := StringifyToolCallArguments(`{}{"query":"测试工具调用"}`)
+	if got != `{}{"query":"测试工具调用"}` {
+		t.Fatalf("expected raw concatenated JSON to be preserved, got %q", got)
+	}
+}
+
+func TestFormatToolCallsForPromptXML(t *testing.T) {
+	got := FormatToolCallsForPrompt([]any{
+		map[string]any{
+			"id": "call_1",
+			"function": map[string]any{
+				"name":      "search_web",
+				"arguments": map[string]any{"query": "latest"},
+			},
+		},
+	})
+	if got == "" {
+		t.Fatal("expected non-empty formatted tool calls")
+	}
+	if got != "<tool_calls>\n  <tool_call>\n    <tool_name>search_web</tool_name>\n    <parameters>{\"query\":\"latest\"}</parameters>\n  </tool_call>\n</tool_calls>" {
+		t.Fatalf("unexpected formatted tool call XML: %q", got)
+	}
+}
+
+func TestFormatToolCallsForPromptEscapesXMLEntities(t *testing.T) {
+	got := FormatToolCallsForPrompt([]any{
+		map[string]any{
+			"name":      "search<&>",
+			"arguments": `{"q":"a < b && c > d"}`,
+		},
+	})
+	want := "<tool_calls>\n  <tool_call>\n    <tool_name>search&lt;&amp;&gt;</tool_name>\n    <parameters>{\"q\":\"a &lt; b &amp;&amp; c &gt; d\"}</parameters>\n  </tool_call>\n</tool_calls>"
+	if got != want {
+		t.Fatalf("unexpected escaped tool call XML: %q", got)
+	}
+}

internal/sse/content_filter_leak.go

@@ -0,0 +1,31 @@
+package sse
+
+import "strings"
+
+func filterLeakedContentFilterParts(parts []ContentPart) []ContentPart {
+	if len(parts) == 0 {
+		return parts
+	}
+	out := make([]ContentPart, 0, len(parts))
+	for _, p := range parts {
+		cleaned := stripLeakedContentFilterSuffix(p.Text)
+		if strings.TrimSpace(cleaned) == "" {
+			continue
+		}
+		p.Text = cleaned
+		out = append(out, p)
+	}
+	return out
+}
+
+func stripLeakedContentFilterSuffix(text string) string {
+	if text == "" {
+		return text
+	}
+	upperText := strings.ToUpper(text)
+	idx := strings.Index(upperText, "CONTENT_FILTER")
+	if idx < 0 {
+		return text
+	}
+	return strings.TrimRight(text[:idx], " \t\r\n")
+}

internal/sse/line.go

@@ -40,6 +40,7 @@ func ParseDeepSeekContentLine(raw []byte, thinkingEnabled bool, currentType stri
 		}
 	}
 	parts, finished, nextType := ParseSSEChunkForContent(chunk, thinkingEnabled, currentType)
+	parts = filterLeakedContentFilterParts(parts)
 	return LineResult{
 		Parsed:   true,
 		Stop:     finished,

internal/sse/line_test.go

@@ -35,3 +35,33 @@ func TestParseDeepSeekContentLineContent(t *testing.T) {
 		t.Fatalf("unexpected parts: %#v", res.Parts)
 	}
 }
+
+func TestParseDeepSeekContentLineStripsLeakedContentFilterSuffix(t *testing.T) {
+	res := ParseDeepSeekContentLine([]byte(`data: {"p":"response/content","v":"正常输出CONTENT_FILTER你好，这个问题我暂时无法回答"}`), false, "text")
+	if !res.Parsed || res.Stop {
+		t.Fatalf("expected parsed non-stop result: %#v", res)
+	}
+	if len(res.Parts) != 1 || res.Parts[0].Text != "正常输出" {
+		t.Fatalf("unexpected parts after filter: %#v", res.Parts)
+	}
+}
+
+func TestParseDeepSeekContentLineDropsPureLeakedContentFilterChunk(t *testing.T) {
+	res := ParseDeepSeekContentLine([]byte(`data: {"p":"response/content","v":"CONTENT_FILTER你好，这个问题我暂时无法回答"}`), false, "text")
+	if !res.Parsed || res.Stop {
+		t.Fatalf("expected parsed non-stop result: %#v", res)
+	}
+	if len(res.Parts) != 0 {
+		t.Fatalf("expected empty parts, got %#v", res.Parts)
+	}
+}
+
+func TestParseDeepSeekContentLineTrimsFromContentFilterKeyword(t *testing.T) {
+	res := ParseDeepSeekContentLine([]byte(`data: {"p":"response/content","v":"模型会在命中 CONTENT_FILTER 时返回拒绝原因。"}`), false, "text")
+	if !res.Parsed || res.Stop {
+		t.Fatalf("expected parsed non-stop result: %#v", res)
+	}
+	if len(res.Parts) != 1 || res.Parts[0].Text != "模型会在命中" {
+		t.Fatalf("unexpected parts after filter: %#v", res.Parts)
+	}
+}

internal/util/tool_prompt.go

@@ -1,5 +1,7 @@
 package util
 
+import "strings"
+
 // BuildToolCallInstructions generates the unified tool-calling instruction block
 // used by all adapters (OpenAI, Claude, Gemini). It uses attention-optimized
 // structure: rules → negative examples → positive examples → anchor.
@@ -19,7 +21,7 @@ func BuildToolCallInstructions(toolNames []string) string {
 			ex1 = n
 			used["ex1"] = true
 		// Write/execute-type tools
-		case !used["ex2"] && matchAny(n, "write_to_file", "apply_diff", "execute_command", "Write", "Edit", "MultiEdit", "Bash"):
+		case !used["ex2"] && matchAny(n, "write_to_file", "apply_diff", "execute_command", "exec_command", "Write", "Edit", "MultiEdit", "Bash"):
 			ex2 = n
 			used["ex2"] = true
 		// Interactive/meta tools
@@ -28,10 +30,13 @@ func BuildToolCallInstructions(toolNames []string) string {
 			used["ex3"] = true
 		}
 	}
+	ex1Params := exampleReadParams(ex1)
+	ex2Params := exampleWriteOrExecParams(ex2)
+	ex3Params := exampleInteractiveParams(ex3)
 
 	return `TOOL CALL FORMAT — FOLLOW EXACTLY:
 
-When calling tools, emit ONLY raw XML. No text before, no text after, no markdown fences.
+When calling tools, emit ONLY raw XML at the very end of your response. No text before, no text after, no markdown fences.
 
 <tool_calls>
   <tool_call>
@@ -47,6 +52,7 @@ RULES:
 4) Do NOT wrap the XML in markdown code fences (no triple backticks).
 5) After receiving a tool result, use it directly. Only call another tool if the result is insufficient.
 6) If you want to say something AND call a tool, output text first, then the XML block on its own.
+7) Parameters MUST use the exact field names from the selected tool schema.
 
 ❌ WRONG — Do NOT do these:
 Wrong 1 — mixed text and XML:
@@ -62,7 +68,7 @@ Example A — Single tool:
 <tool_calls>
   <tool_call>
     <tool_name>` + ex1 + `</tool_name>
-    <parameters>{"path":"src/main.go"}</parameters>
+    <parameters>` + ex1Params + `</parameters>
   </tool_call>
 </tool_calls>
 
@@ -70,11 +76,11 @@ Example B — Two tools in parallel:
 <tool_calls>
   <tool_call>
     <tool_name>` + ex1 + `</tool_name>
-    <parameters>{"path":"config.json"}</parameters>
+    <parameters>` + ex1Params + `</parameters>
   </tool_call>
   <tool_call>
     <tool_name>` + ex2 + `</tool_name>
-    <parameters>{"path":"output.txt","content":"Hello world"}</parameters>
+    <parameters>` + ex2Params + `</parameters>
   </tool_call>
 </tool_calls>
 
@@ -82,7 +88,7 @@ Example C — Tool with complex nested JSON parameters:
 <tool_calls>
   <tool_call>
     <tool_name>` + ex3 + `</tool_name>
-    <parameters>{"question":"Which approach do you prefer?","follow_up":[{"text":"Option A"},{"text":"Option B"}]}</parameters>
+    <parameters>` + ex3Params + `</parameters>
   </tool_call>
 </tool_calls>
 
@@ -97,3 +103,38 @@ func matchAny(name string, candidates ...string) bool {
 	}
 	return false
 }
+
+func exampleReadParams(name string) string {
+	switch strings.TrimSpace(name) {
+	case "Read":
+		return `{"file_path":"README.md"}`
+	case "Glob":
+		return `{"pattern":"**/*.go","path":"."}`
+	default:
+		return `{"path":"src/main.go"}`
+	}
+}
+
+func exampleWriteOrExecParams(name string) string {
+	switch strings.TrimSpace(name) {
+	case "Bash", "execute_command":
+		return `{"command":"pwd"}`
+	case "exec_command":
+		return `{"cmd":"pwd"}`
+	case "Edit":
+		return `{"file_path":"README.md","old_string":"foo","new_string":"bar"}`
+	case "MultiEdit":
+		return `{"file_path":"README.md","edits":[{"old_string":"foo","new_string":"bar"}]}`
+	default:
+		return `{"path":"output.txt","content":"Hello world"}`
+	}
+}
+
+func exampleInteractiveParams(name string) string {
+	switch strings.TrimSpace(name) {
+	case "Task":
+		return `{"description":"Investigate flaky tests","prompt":"Run targeted tests and summarize failures"}`
+	default:
+		return `{"question":"Which approach do you prefer?","follow_up":[{"text":"Option A"},{"text":"Option B"}]}`
+	}
+}

internal/util/tool_prompt_test.go

@@ -0,0 +1,26 @@
+package util
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestBuildToolCallInstructions_ExecCommandUsesCmdExample(t *testing.T) {
+	out := BuildToolCallInstructions([]string{"exec_command"})
+	if !strings.Contains(out, `<tool_name>exec_command</tool_name>`) {
+		t.Fatalf("expected exec_command in examples, got: %s", out)
+	}
+	if !strings.Contains(out, `<parameters>{"cmd":"pwd"}</parameters>`) {
+		t.Fatalf("expected cmd parameter example for exec_command, got: %s", out)
+	}
+}
+
+func TestBuildToolCallInstructions_ExecuteCommandUsesCommandExample(t *testing.T) {
+	out := BuildToolCallInstructions([]string{"execute_command"})
+	if !strings.Contains(out, `<tool_name>execute_command</tool_name>`) {
+		t.Fatalf("expected execute_command in examples, got: %s", out)
+	}
+	if !strings.Contains(out, `<parameters>{"command":"pwd"}</parameters>`) {
+		t.Fatalf("expected command parameter example for execute_command, got: %s", out)
+	}
+}

internal/util/toolcalls_candidates.go

@@ -64,7 +64,7 @@ func extractToolCallObjects(text string) []string {
 	lower := strings.ToLower(text)
 	out := []string{}
 	offset := 0
-	keywords := []string{"tool_calls", "\"function\"", "function.name:", "[tool_call_history]"}
+	keywords := []string{"tool_calls", "\"function\"", "function.name:", "functioncall", "\"tool_use\""}
 	for {
 		bestIdx := -1
 		matchedKeyword := ""

internal/util/toolcalls_parse.go

@@ -196,18 +196,6 @@ func parseToolCallsPayload(payload string) []ParsedToolCall {
 	return nil
 }
 
-func isLikelyJSONToolPayloadCandidate(candidate string) bool {
-	trimmed := strings.TrimSpace(candidate)
-	if trimmed == "" {
-		return false
-	}
-	if !(strings.HasPrefix(trimmed, "{") || strings.HasPrefix(trimmed, "[")) {
-		return false
-	}
-	lower := strings.ToLower(trimmed)
-	return strings.Contains(lower, "tool_calls") || strings.Contains(lower, "\"function\"")
-}
-
 func isLikelyChatMessageEnvelope(v map[string]any) bool {
 	if v == nil {
 		return false
@@ -234,62 +222,11 @@ func looksLikeToolCallSyntax(text string) bool {
 	lower := strings.ToLower(text)
 	return strings.Contains(lower, "tool_calls") ||
 		strings.Contains(lower, "\"function\"") ||
+		strings.Contains(lower, "functioncall") ||
+		strings.Contains(lower, "\"tool_use\"") ||
 		strings.Contains(lower, "<tool_call") ||
 		strings.Contains(lower, "<function_call") ||
 		strings.Contains(lower, "<function_name") ||
 		strings.Contains(lower, "<invoke") ||
 		strings.Contains(lower, "function.name:")
 }
-
-func parseToolCallList(v any) []ParsedToolCall {
-	items, ok := v.([]any)
-	if !ok {
-		return nil
-	}
-	out := make([]ParsedToolCall, 0, len(items))
-	for _, item := range items {
-		m, ok := item.(map[string]any)
-		if !ok {
-			continue
-		}
-		if tc, ok := parseToolCallItem(m); ok {
-			out = append(out, tc)
-		}
-	}
-	if len(out) == 0 {
-		return nil
-	}
-	return out
-}
-
-func parseToolCallItem(m map[string]any) (ParsedToolCall, bool) {
-	name, _ := m["name"].(string)
-	inputRaw, hasInput := m["input"]
-	if fn, ok := m["function"].(map[string]any); ok {
-		if name == "" {
-			name, _ = fn["name"].(string)
-		}
-		if !hasInput {
-			if v, ok := fn["arguments"]; ok {
-				inputRaw = v
-				hasInput = true
-			}
-		}
-	}
-	if !hasInput {
-		for _, key := range []string{"arguments", "args", "parameters", "params"} {
-			if v, ok := m[key]; ok {
-				inputRaw = v
-				hasInput = true
-				break
-			}
-		}
-	}
-	if strings.TrimSpace(name) == "" {
-		return ParsedToolCall{}, false
-	}
-	return ParsedToolCall{
-		Name:  strings.TrimSpace(name),
-		Input: parseToolCallInput(inputRaw),
-	}, true
-}

internal/util/toolcalls_parse_item.go

@@ -0,0 +1,88 @@
+package util
+
+import "strings"
+
+func isLikelyJSONToolPayloadCandidate(candidate string) bool {
+	trimmed := strings.TrimSpace(candidate)
+	if trimmed == "" {
+		return false
+	}
+	if !(strings.HasPrefix(trimmed, "{") || strings.HasPrefix(trimmed, "[")) {
+		return false
+	}
+	lower := strings.ToLower(trimmed)
+	return strings.Contains(lower, "tool_calls") ||
+		strings.Contains(lower, "\"function\"") ||
+		strings.Contains(lower, "functioncall") ||
+		strings.Contains(lower, "\"tool_use\"")
+}
+
+func parseToolCallList(v any) []ParsedToolCall {
+	items, ok := v.([]any)
+	if !ok {
+		return nil
+	}
+	out := make([]ParsedToolCall, 0, len(items))
+	for _, item := range items {
+		m, ok := item.(map[string]any)
+		if !ok {
+			continue
+		}
+		if tc, ok := parseToolCallItem(m); ok {
+			out = append(out, tc)
+		}
+	}
+	if len(out) == 0 {
+		return nil
+	}
+	return out
+}
+
+func parseToolCallItem(m map[string]any) (ParsedToolCall, bool) {
+	name, _ := m["name"].(string)
+	inputRaw, hasInput := m["input"]
+	if fnCall, ok := m["functionCall"].(map[string]any); ok {
+		if name == "" {
+			name, _ = fnCall["name"].(string)
+		}
+		if !hasInput {
+			if v, ok := fnCall["args"]; ok {
+				inputRaw = v
+				hasInput = true
+			}
+		}
+		if !hasInput {
+			if v, ok := fnCall["arguments"]; ok {
+				inputRaw = v
+				hasInput = true
+			}
+		}
+	}
+	if fn, ok := m["function"].(map[string]any); ok {
+		if name == "" {
+			name, _ = fn["name"].(string)
+		}
+		if !hasInput {
+			if v, ok := fn["arguments"]; ok {
+				inputRaw = v
+				hasInput = true
+			}
+		}
+	}
+	if !hasInput {
+		for _, key := range []string{"arguments", "args", "parameters", "params"} {
+			if v, ok := m[key]; ok {
+				inputRaw = v
+				hasInput = true
+				break
+			}
+		}
+	}
+	if strings.TrimSpace(name) == "" {
+		return ParsedToolCall{}, false
+	}
+	return ParsedToolCall{
+		Name:  strings.TrimSpace(name),
+		Input: parseToolCallInput(inputRaw),
+	}, true
+}

internal/util/toolcalls_test.go

@@ -271,6 +271,34 @@ func TestParseToolCallsSupportsInvokeFunctionCallStyle(t *testing.T) {
 	}
 }
 
+func TestParseToolCallsSupportsGeminiFunctionCallJSON(t *testing.T) {
+	text := `{"functionCall":{"name":"search_web","args":{"query":"latest"}}}`
+	calls := ParseToolCalls(text, []string{"search_web"})
+	if len(calls) != 1 {
+		t.Fatalf("expected 1 call, got %#v", calls)
+	}
+	if calls[0].Name != "search_web" {
+		t.Fatalf("expected search_web, got %q", calls[0].Name)
+	}
+	if calls[0].Input["query"] != "latest" {
+		t.Fatalf("expected query argument, got %#v", calls[0].Input)
+	}
+}
+
+func TestParseToolCallsSupportsClaudeToolUseJSON(t *testing.T) {
+	text := `{"type":"tool_use","name":"read_file","input":{"path":"README.md"}}`
+	calls := ParseToolCalls(text, []string{"read_file"})
+	if len(calls) != 1 {
+		t.Fatalf("expected 1 call, got %#v", calls)
+	}
+	if calls[0].Name != "read_file" {
+		t.Fatalf("expected read_file, got %q", calls[0].Name)
+	}
+	if calls[0].Input["path"] != "README.md" {
+		t.Fatalf("expected path argument, got %#v", calls[0].Input)
+	}
+}
+
 func TestParseToolCallsSupportsToolUseFunctionParameterStyle(t *testing.T) {
 	text := `<tool_use><function name="search_web"><parameter name="query">test</parameter></function></tool_use>`
 	calls := ParseToolCalls(text, []string{"search_web"})

internal/util/toolcalls_textkv_test.go

@@ -6,14 +6,12 @@ import (
 
 func TestParseTextKVToolCalls_Basic(t *testing.T) {
 	text := `
-[TOOL_CALL_HISTORY]
 status: already_called
 origin: assistant
 not_user_input: true
 tool_call_id: call_3fcd15235eb94f7eae3a8de5a9cfa36b
 function.name: execute_command
 function.arguments: {"command":"cd scripts && python check_syntax.py example.py","cwd":null,"timeout":30}
-[/TOOL_CALL_HISTORY]
 
 Some other text thinking...
 `

tests/node/chat-stream.test.js

@@ -34,7 +34,7 @@ test('resolveToolcallPolicy defaults to feature-match + early emit when prepare
   assert.equal(policy.emitEarlyToolDeltas, true);
 });
 
-test('resolveToolcallPolicy respects prepare flags and prepared tool names', () => {
+test('resolveToolcallPolicy ignores prepare flags and keeps early emit enabled', () => {
   const policy = resolveToolcallPolicy(
     {
       tool_names: [' prepped_tool ', '', null],
@@ -45,7 +45,7 @@ test('resolveToolcallPolicy respects prepare flags and prepared tool names', ()
   );
   assert.deepEqual(policy.toolNames, ['prepped_tool']);
   assert.equal(policy.toolSieveEnabled, true);
-  assert.equal(policy.emitEarlyToolDeltas, false);
+  assert.equal(policy.emitEarlyToolDeltas, true);
 });
 
 test('normalizePreparedToolNames filters empty values', () => {

tests/node/stream-tool-sieve.test.js

@@ -98,10 +98,8 @@ test('parseToolCalls ignores tool_call payloads that exist only inside fenced co
 
 test('parseToolCalls parses text-kv fallback payload', () => {
   const text = [
-    '[TOOL_CALL_HISTORY]',
     'function.name: execute_command',
     'function.arguments: {"command":"cd scripts && python check_syntax.py example.py","cwd":null,"timeout":30}',
-    '[/TOOL_CALL_HISTORY]',
     'Some other text thinking...',
   ].join('\n');
   const calls = parseToolCalls(text, ['execute_command']);
@@ -110,6 +108,24 @@ test('parseToolCalls parses text-kv fallback payload', () => {
   assert.equal(calls[0].input.command, 'cd scripts && python check_syntax.py example.py');
 });
 
+test('parseToolCalls supports Gemini functionCall JSON payload', () => {
+  const payload = JSON.stringify({
+    functionCall: { name: 'search_web', args: { query: 'latest' } },
+  });
+  const calls = parseToolCalls(payload, ['search_web']);
+  assert.deepEqual(calls, [{ name: 'search_web', input: { query: 'latest' } }]);
+});
+
+test('parseToolCalls supports Claude tool_use JSON payload', () => {
+  const payload = JSON.stringify({
+    type: 'tool_use',
+    name: 'read_file',
+    input: { path: 'README.md' },
+  });
+  const calls = parseToolCalls(payload, ['read_file']);
+  assert.deepEqual(calls, [{ name: 'read_file', input: { path: 'README.md' } }]);
+});
+
 test('parseToolCalls parses multiple text-kv fallback payloads', () => {
   const text = [
     'function.name: read_file',
@@ -229,6 +245,24 @@ test('sieve flushes incomplete captured XML tool blocks without leaking raw tags
   assert.equal(leakedText.includes('<tool_call'), false);
 });
 
+test('sieve captures XML wrapper tags with attributes without leaking wrapper text', () => {
+  const events = runSieve(
+    [
+      '前置正文H。',
+      '<tool_calls id="x"><tool_call><tool_name>read_file</tool_name><parameters>{"path":"README.MD"}</parameters></tool_call></tool_calls>',
+      '后置正文I。',
+    ],
+    ['read_file'],
+  );
+  const leakedText = collectText(events);
+  const hasToolCall = events.some((evt) => evt.type === 'tool_calls' && evt.calls?.length > 0);
+  assert.equal(hasToolCall, true);
+  assert.equal(leakedText.includes('前置正文H。'), true);
+  assert.equal(leakedText.includes('后置正文I。'), true);
+  assert.equal(leakedText.includes('<tool_calls id=\"x\">'), false);
+  assert.equal(leakedText.includes('</tool_calls>'), false);
+});
+
 test('sieve still intercepts large tool json payloads over previous capture limit', () => {
   const large = 'a'.repeat(9000);
   const payload = `{"tool_calls":[{"name":"read_file","input":{"path":"${large}"}}]}`;
@@ -254,54 +288,44 @@ test('sieve keeps plain text intact in tool mode when no tool call appears', ()
   assert.equal(leakedText, '你好，这是普通文本回复。请继续。');
 });
 
-test('sieve swallows leaked TOOL_CALL_HISTORY marker blocks', () => {
+test('sieve keeps plain "tool_calls" prose as text when no valid payload follows', () => {
   const events = runSieve(
-    [
+    ['前置。', '这里提到 tool_calls 只是解释，不是调用。', '后置。'],
-      '前置文本。',
+    ['read_file'],
-      '[TOOL_CALL_HISTORY]\nstatus: already_called\nfunction.name: exec\nfunction.arguments: {}\n[/TOOL_CALL_HISTORY]',
-      '后置文本。',
-    ],
-    ['exec'],
-  );
-  const leakedText = collectText(events);
-  const hasToolCall = events.some((evt) => evt.type === 'tool_calls');
-  assert.equal(hasToolCall, false);
-  assert.equal(leakedText.includes('前置文本。'), true);
-  assert.equal(leakedText.includes('后置文本。'), true);
-  assert.equal(leakedText.includes('[TOOL_CALL_HISTORY]'), false);
-});
-
-test('sieve swallows leaked TOOL_RESULT_HISTORY marker blocks', () => {
-  const events = runSieve(
-    [
-      '前置文本。',
-      '[TOOL_RESULT_HISTORY]\nstatus: already_called\nfunction.name: exec\nfunction.arguments: {}\n[/TOOL_RESULT_HISTORY]',
-      '后置文本。',
-    ],
-    ['exec'],
-  );
-  const leakedText = collectText(events);
-  const hasToolCall = events.some((evt) => evt.type === 'tool_calls');
-  assert.equal(hasToolCall, false);
-  assert.equal(leakedText.includes('前置文本。'), true);
-  assert.equal(leakedText.includes('后置文本。'), true);
-  assert.equal(leakedText.includes('[TOOL_RESULT_HISTORY]'), false);
-});
-
-test('sieve preserves text spacing when TOOL_RESULT_HISTORY spans chunks', () => {
-  const events = runSieve(
-    [
-      'Hello ',
-      '[TOOL_RESULT_HISTORY]\nstatus: already_called\n',
-      'function.name: exec\nfunction.arguments: {}\n[/TOOL_RESULT_HISTORY]',
-      'world',
-    ],
-    ['exec'],
   );
   const leakedText = collectText(events);
   const hasToolCall = events.some((evt) => evt.type === 'tool_calls' && evt.calls?.length > 0);
   assert.equal(hasToolCall, false);
-  assert.equal(leakedText, 'Hello world');
+  assert.equal(leakedText.includes('tool_calls'), true);
+  assert.equal(leakedText, '前置。这里提到 tool_calls 只是解释，不是调用。后置。');
+});
+
+test('sieve keeps numbered planning prose before a real tool payload (mobile-chat style)', () => {
+  const events = runSieve(
+    [
+      '好的，我会依次测试每个工具，先把所有工具都调用一遍，然后汇总结果给你看。\n\n1. 获取当前时间\n',
+      '{"tool_calls":[{"name":"get_current_time","input":{}}]}',
+    ],
+    ['get_current_time'],
+  );
+  const leakedText = collectText(events);
+  const finalCalls = events.filter((evt) => evt.type === 'tool_calls').flatMap((evt) => evt.calls || []);
+  assert.equal(finalCalls.length, 1);
+  assert.equal(finalCalls[0].name, 'get_current_time');
+  assert.equal(leakedText.includes('先把所有工具都调用一遍'), true);
+  assert.equal(leakedText.includes('1. 获取当前时间'), true);
+  assert.equal(leakedText.toLowerCase().includes('tool_calls'), false);
+});
+
+test('sieve keeps numbered planning prose when no tool payload follows', () => {
+  const events = runSieve(
+    ['好的，我会依次测试每个工具。\n\n1. 获取当前时间'],
+    ['get_current_time'],
+  );
+  const leakedText = collectText(events);
+  const hasToolCall = events.some((evt) => evt.type === 'tool_calls' && evt.calls?.length > 0);
+  assert.equal(hasToolCall, false);
+  assert.equal(leakedText, '好的，我会依次测试每个工具。\n\n1. 获取当前时间');
 });
 
 test('sieve emits unknown tool payload (no args) as executable tool call', () => {

vercel.json

@@ -4,7 +4,7 @@
   "outputDirectory": "static",
   "functions": {
     "api/chat-stream.js": {
-      "includeFiles": "**/sha3_wasm_bg.7b9ca65ddd.wasm",
+      "includeFiles": "internal/deepseek/assets/sha3_wasm_bg.7b9ca65ddd.wasm",
       "maxDuration": 300
     },
     "api/index.go": {

webui/src/features/account/AccountManagerContainer.jsx

@@ -64,6 +64,27 @@ export default function AccountManagerContainer({ config, onRefresh, onMessage,
 
     return (
         <div className="space-y-6">
+            {Boolean(config?.env_source_present) && (
+                <div className={`rounded-xl border px-4 py-3 text-sm ${
+                    config?.env_writeback_enabled
+                        ? (config?.env_backed ? 'border-amber-500/30 bg-amber-500/10 text-amber-600' : 'border-emerald-500/30 bg-emerald-500/10 text-emerald-600')
+                        : 'border-amber-500/30 bg-amber-500/10 text-amber-600'
+                }`}>
+                    <p className="font-medium">
+                        {config?.env_writeback_enabled
+                            ? (config?.env_backed
+                                ? t('accountManager.envModeWritebackPendingTitle')
+                                : t('accountManager.envModeWritebackActiveTitle'))
+                            : t('accountManager.envModeRiskTitle')}
+                    </p>
+                    <p className="mt-1 text-xs opacity-90">
+                        {config?.env_writeback_enabled
+                            ? t('accountManager.envModeWritebackDesc', { path: config?.config_path || 'config.json' })
+                            : t('accountManager.envModeRiskDesc')}
+                    </p>
+                </div>
+            )}
+
             <QueueCards queueStatus={queueStatus} t={t} />
 
             <ApiKeysPanel

webui/src/features/account/ApiKeysPanel.jsx

@@ -1,6 +1,31 @@
+import { useState } from 'react'
 import { Check, ChevronDown, Copy, Plus, Trash2 } from 'lucide-react'
 import clsx from 'clsx'
 
+function fallbackCopyText(text) {
+    const textArea = document.createElement('textarea')
+    textArea.value = text
+    textArea.setAttribute('readonly', '')
+    textArea.style.position = 'fixed'
+    textArea.style.top = '-9999px'
+    textArea.style.left = '-9999px'
+
+    document.body.appendChild(textArea)
+    textArea.focus()
+    textArea.select()
+
+    let copied = false
+    try {
+        copied = document.execCommand('copy')
+    } finally {
+        document.body.removeChild(textArea)
+    }
+
+    if (!copied) {
+        throw new Error('copy failed')
+    }
+}
+
 export default function ApiKeysPanel({
     t,
     config,
@@ -11,6 +36,31 @@ export default function ApiKeysPanel({
     setCopiedKey,
     onDeleteKey,
 }) {
+    const [failedKey, setFailedKey] = useState(null)
+
+    const handleCopyKey = async (key) => {
+        try {
+            if (navigator.clipboard?.writeText) {
+                await navigator.clipboard.writeText(key)
+            } else {
+                fallbackCopyText(key)
+            }
+            setCopiedKey(key)
+            setFailedKey(null)
+            setTimeout(() => setCopiedKey(null), 2000)
+        } catch {
+            try {
+                fallbackCopyText(key)
+                setCopiedKey(key)
+                setFailedKey(null)
+                setTimeout(() => setCopiedKey(null), 2000)
+            } catch {
+                setFailedKey(key)
+                setTimeout(() => setFailedKey(null), 2500)
+            }
+        }
+    }
+
     return (
         <div className="bg-card border border-border rounded-xl overflow-hidden shadow-sm">
             <div
@@ -42,28 +92,31 @@ export default function ApiKeysPanel({
                         config.keys.map((key, i) => (
                             <div key={i} className="p-4 flex items-center justify-between hover:bg-muted/50 transition-colors group">
                                 <div className="flex items-center gap-2">
-                                    <div className="font-mono text-sm bg-muted/50 px-3 py-1 rounded inline-block">
+                                    <button
+                                        onClick={() => handleCopyKey(key)}
+                                        className="font-mono text-sm bg-muted/50 px-3 py-1 rounded inline-block hover:bg-muted transition-colors"
+                                        title={t('accountManager.copyKeyTitle')}
+                                    >
                                         {key.slice(0, 16)}****
-                                    </div>
+                                    </button>
                                     {copiedKey === key && (
                                         <span className="text-xs text-green-500 animate-pulse">{t('accountManager.copied')}</span>
                                     )}
+                                    {failedKey === key && (
+                                        <span className="text-xs text-destructive">{t('accountManager.copyFailed')}</span>
+                                    )}
                                 </div>
                                 <div className="flex items-center gap-1">
                                     <button
-                                        onClick={() => {
+                                        onClick={() => handleCopyKey(key)}
-                                            navigator.clipboard.writeText(key)
+                                        className="p-2 text-muted-foreground hover:text-primary hover:bg-primary/10 rounded-md transition-colors"
-                                            setCopiedKey(key)
-                                            setTimeout(() => setCopiedKey(null), 2000)
-                                        }}
-                                        className="p-2 text-muted-foreground hover:text-primary hover:bg-primary/10 rounded-md transition-colors opacity-0 group-hover:opacity-100"
                                         title={t('accountManager.copyKeyTitle')}
                                     >
                                         {copiedKey === key ? <Check className="w-4 h-4 text-green-500" /> : <Copy className="w-4 h-4" />}
                                     </button>
                                     <button
                                         onClick={() => onDeleteKey(key)}
-                                        className="p-2 text-muted-foreground hover:text-destructive hover:bg-destructive/10 rounded-md transition-colors opacity-0 group-hover:opacity-100"
+                                        className="p-2 text-muted-foreground hover:text-destructive hover:bg-destructive/10 rounded-md transition-colors"
                                         title={t('accountManager.deleteKeyTitle')}
                                     >
                                         <Trash2 className="w-4 h-4" />

webui/src/features/settings/BehaviorSection.jsx

@@ -3,35 +3,6 @@ export default function BehaviorSection({ t, form, setForm }) {
         <div className="bg-card border border-border rounded-xl p-5 space-y-4">
             <h3 className="font-semibold">{t('settings.behaviorTitle')}</h3>
             <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
-                <label className="text-sm space-y-2">
-                    <span className="text-muted-foreground">{t('settings.toolcallMode')}</span>
-                    <select
-                        value={form.toolcall.mode}
-                        onChange={(e) => setForm((prev) => ({
-                            ...prev,
-                            toolcall: { ...prev.toolcall, mode: e.target.value },
-                        }))}
-                        className="w-full bg-background border border-border rounded-lg px-3 py-2"
-                    >
-                        <option value="feature_match">feature_match</option>
-                        <option value="off">off</option>
-                    </select>
-                </label>
-                <label className="text-sm space-y-2">
-                    <span className="text-muted-foreground">{t('settings.earlyEmitConfidence')}</span>
-                    <select
-                        value={form.toolcall.early_emit_confidence}
-                        onChange={(e) => setForm((prev) => ({
-                            ...prev,
-                            toolcall: { ...prev.toolcall, early_emit_confidence: e.target.value },
-                        }))}
-                        className="w-full bg-background border border-border rounded-lg px-3 py-2"
-                    >
-                        <option value="high">high</option>
-                        <option value="low">low</option>
-                        <option value="off">off</option>
-                    </select>
-                </label>
                 <label className="text-sm space-y-2">
                     <span className="text-muted-foreground">{t('settings.responsesTTL')}</span>
                     <input

webui/src/features/settings/RuntimeSection.jsx

@@ -2,7 +2,7 @@ export default function RuntimeSection({ t, form, setForm }) {
     return (
         <div className="bg-card border border-border rounded-xl p-5 space-y-4">
             <h3 className="font-semibold">{t('settings.runtimeTitle')}</h3>
-            <div className="grid grid-cols-1 md:grid-cols-3 gap-4">
+            <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4">
                 <label className="text-sm space-y-2">
                     <span className="text-muted-foreground">{t('settings.accountMaxInflight')}</span>
                     <input
@@ -42,6 +42,21 @@ export default function RuntimeSection({ t, form, setForm }) {
                         className="w-full bg-background border border-border rounded-lg px-3 py-2"
                     />
                 </label>
+                <label className="text-sm space-y-2">
+                    <span className="text-muted-foreground">{t('settings.tokenRefreshIntervalHours')}</span>
+                    <input
+                        type="number"
+                        min={1}
+                        max={720}
+                        step={1}
+                        value={form.runtime.token_refresh_interval_hours}
+                        onChange={(e) => setForm((prev) => ({
+                            ...prev,
+                            runtime: { ...prev.runtime, token_refresh_interval_hours: Number(e.target.value || 1) },
+                        }))}
+                        className="w-full bg-background border border-border rounded-lg px-3 py-2"
+                    />
+                </label>
             </div>
         </div>
     )

webui/src/features/settings/useSettingsForm.js

@@ -12,8 +12,7 @@ const MAX_AUTO_FETCH_FAILURES = 3
 
 const DEFAULT_FORM = {
     admin: { jwt_expire_hours: 24 },
-    runtime: { account_max_inflight: 2, account_max_queue: 10, global_max_inflight: 10 },
+    runtime: { account_max_inflight: 2, account_max_queue: 10, global_max_inflight: 10, token_refresh_interval_hours: 6 },
-    toolcall: { mode: 'feature_match', early_emit_confidence: 'high' },
     responses: { store_ttl_seconds: 900 },
     embeddings: { provider: '' },
     auto_delete: { sessions: false },
@@ -45,10 +44,7 @@ function fromServerForm(data) {
             account_max_inflight: Number(data.runtime?.account_max_inflight || 2),
             account_max_queue: Number(data.runtime?.account_max_queue || 10),
             global_max_inflight: Number(data.runtime?.global_max_inflight || 10),
-        },
+            token_refresh_interval_hours: Number(data.runtime?.token_refresh_interval_hours || 6),
-        toolcall: {
-            mode: data.toolcall?.mode || 'feature_match',
-            early_emit_confidence: data.toolcall?.early_emit_confidence || 'high',
         },
         responses: {
             store_ttl_seconds: Number(data.responses?.store_ttl_seconds || 900),
@@ -71,10 +67,7 @@ function toServerPayload(form) {
             account_max_inflight: Number(form.runtime.account_max_inflight),
             account_max_queue: Number(form.runtime.account_max_queue),
             global_max_inflight: Number(form.runtime.global_max_inflight),
-        },
+            token_refresh_interval_hours: Number(form.runtime.token_refresh_interval_hours),
-        toolcall: {
-            mode: String(form.toolcall.mode || '').trim(),
-            early_emit_confidence: String(form.toolcall.early_emit_confidence || '').trim(),
         },
         responses: { store_ttl_seconds: Number(form.responses.store_ttl_seconds) },
         embeddings: { provider: String(form.embeddings.provider || '').trim() },

webui/src/locales/en.json

@@ -105,6 +105,7 @@
         "apiKeysDesc": "Manage the API access key pool",
         "addKey": "Add key",
         "copied": "Copied",
+        "copyFailed": "Copy failed",
         "copyKeyTitle": "Copy key",
         "deleteKeyTitle": "Delete key",
         "noApiKeys": "No API keys found.",
@@ -138,7 +139,12 @@
         "sessionCount": "Sessions: {count}",
         "deleteAllSessions": "Delete all sessions",
         "deleteAllSessionsConfirm": "Are you sure you want to delete all sessions for this account? This action cannot be undone.",
-        "deleteAllSessionsSuccess": "Successfully deleted all sessions"
+        "deleteAllSessionsSuccess": "Successfully deleted all sessions",
+        "envModeRiskTitle": "Environment-variable config mode detected (persistence risk)",
+        "envModeRiskDesc": "Detected DS2API_CONFIG_JSON/CONFIG_JSON. If DS2API_ENV_WRITEBACK is not enabled, Admin UI edits are in-memory only and may be lost after restart.",
+        "envModeWritebackPendingTitle": "Env mode + auto-persistence enabled (pending file handoff)",
+        "envModeWritebackActiveTitle": "Env mode + auto-persistence active",
+        "envModeWritebackDesc": "The app will auto-create/write the config file and transition to file-backed mode. Current persistence path: {path}"
     },
     "apiTester": {
         "defaultMessage": "Hello, please introduce yourself in one sentence.",
@@ -222,13 +228,12 @@
         "passwordTooShort": "Password must be at least 4 characters.",
         "passwordUpdated": "Password updated. Please sign in again.",
         "passwordUpdateFailed": "Failed to update password.",
-        "runtimeTitle": "Concurrency & Queue",
+        "runtimeTitle": "Runtime",
         "accountMaxInflight": "Per-account max inflight",
         "accountMaxQueue": "Account max queue size",
         "globalMaxInflight": "Global max inflight",
+        "tokenRefreshIntervalHours": "Managed token refresh interval (hours)",
         "behaviorTitle": "Behavior",
-        "toolcallMode": "Toolcall mode",
-        "earlyEmitConfidence": "Early emit confidence",
         "responsesTTL": "Responses store TTL (seconds)",
         "embeddingsProvider": "Embeddings provider",
         "modelTitle": "Model mapping",

webui/src/locales/zh.json

@@ -105,6 +105,7 @@
         "apiKeysDesc": "管理 API 访问密钥池",
         "addKey": "添加密钥",
         "copied": "已复制",
+        "copyFailed": "复制失败",
         "copyKeyTitle": "复制密钥",
         "deleteKeyTitle": "删除密钥",
         "noApiKeys": "未找到 API 密钥",
@@ -138,7 +139,12 @@
         "sessionCount": "会话: {count}",
         "deleteAllSessions": "删除所有会话",
         "deleteAllSessionsConfirm": "确定要删除该账号的所有会话吗？此操作不可恢复。",
-        "deleteAllSessionsSuccess": "删除成功"
+        "deleteAllSessionsSuccess": "删除成功",
+        "envModeRiskTitle": "当前为环境变量配置模式（有持久化风险）",
+        "envModeRiskDesc": "检测到 DS2API_CONFIG_JSON/CONFIG_JSON。若未开启 DS2API_ENV_WRITEBACK，管理台改动仅在内存生效，重启可能丢失。",
+        "envModeWritebackPendingTitle": "环境变量模式 + 自动持久化已开启（等待落盘）",
+        "envModeWritebackActiveTitle": "环境变量模式 + 自动持久化已生效",
+        "envModeWritebackDesc": "程序会自动创建/写入配置文件并在后续切换为文件模式。当前持久化路径：{path}"
     },
     "apiTester": {
         "defaultMessage": "你好，请用一句话介绍你自己。",
@@ -222,13 +228,12 @@
         "passwordTooShort": "新密码至少 4 位",
         "passwordUpdated": "密码已更新，需重新登录",
         "passwordUpdateFailed": "密码更新失败",
-        "runtimeTitle": "并发与队列",
+        "runtimeTitle": "运行时设置",
         "accountMaxInflight": "每账号并发上限",
         "accountMaxQueue": "账号等待队列上限",
         "globalMaxInflight": "全局并发上限",
+        "tokenRefreshIntervalHours": "托管账号 Token 刷新间隔（小时）",
         "behaviorTitle": "行为设置",
-        "toolcallMode": "Toolcall 模式",
-        "earlyEmitConfidence": "早发置信度",
         "responsesTTL": "Responses 缓存 TTL（秒）",
         "embeddingsProvider": "Embeddings Provider",
         "modelTitle": "模型映射",